Nortel BCM50a User Manual

Download

Page 1

BCM50a Integrated Router Configuration — Advanced

BCM50a

BCM50a Integrated Router

Document Number: N0115791

Document Version: 1.0

Date: September 2006

Page 2

recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel.

Trademarks

Nortel, Nortel (Logo), the Globemark, and This is the way, This is Nortel (Design mark) are trademarks of Nortel. Microsoft, MS, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. All other trademarks and registered trademarks are the property of their respective owners.

N0115791N0115791

Page 3

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

USA and Canada Authorized Distributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

EMEA (Europe, Middle East, Africa) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CALA (Caribbean & Latin America) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

APAC (Asia Pacific) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Technical Support - GNTS/GNPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Presales Support (CSAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Technical Support - CTAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Technical Support - CTAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Technical Support - GNTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Chapter 1

Getting to know your BCM50a Integrated Router. . . . . . . . . . . . . . . . . . . . 29

Introducing the BCM50a Integrated Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Physical features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

High-speed Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

ADSL standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Networking compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Four-Port switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Autonegotiating 10/100 Mb/s Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 32

BCM50a Integrated Router Configuration — Advanced

Page 4

4 Contents

Applications for the BCM50a Integrated Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Autosensing 10/100 Mb/s Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Time and date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Reset button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Nonphysical features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

IPSec VPN capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Nortel Contivity Client Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Brute force password guessing protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Content filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Universal Plug and Play (UPnP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Call scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Dynamic DNS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

IP Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

IP Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Central Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Traffic Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

DHCP (Dynamic Host Configuration Protocol) . . . . . . . . . . . . . . . . . . . . . . . . 36

Full network management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Logging and tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Upgrade BCM50a Integrated Router Firmware . . . . . . . . . . . . . . . . . . . . . . . 37

Embedded FTP and TFTP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Secure broadband internet access and VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Chapter 2

Introducing the SMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Introduction to the SMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

N0115791

Page 5

Contents 5

Initial screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Logging on to the SMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Navigating the SMT interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Main menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Changing the system password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

SMT menus at a glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

SMT menu 1 - general setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Introduction to general setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Configuring general setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Configuring dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 3

WAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Introduction to WAN setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

WAN setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Traffic redirect setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Chapter 4

LAN setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Introduction to LAN setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Accessing the LAN menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LAN port filter setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

TCP/IP and DHCP ethernet setup menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

IP Alias Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Chapter 5

Internet access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Internet access configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Basic setup complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Chapter 6

Remote Node setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Introduction to Remote Node setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Outgoing Authentication Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Nailed-Up Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

BCM50a Integrated Router Configuration — Advanced

Page 6

6 Contents

Remote Node setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Edit IP/Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Remote Node filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Editing ATM Layer Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Chapter 7

IP Static Route Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

IP Static Route Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Chapter 8

Dial-in User Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Dial-in User Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Remote Node profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Encapsulation and Multiplexing scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

VC-based Multiplexing (non-PPP Encapsulation) . . . . . . . . . . . . . . . . . . . . . . . . . 79

LLC-based Multiplexing or PPP Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Advance Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Chapter 9

Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Using NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

NAT setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Configuring a server behind NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

General NAT examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Configuring Trigger Port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

N0115791

SUA (Single User Account) Versus NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Applying NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Address Mapping Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

SUA Address Mapping Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

User-Defined Address Mapping Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Ordering your rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Internet access only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Example 2: Internet access with an inside server . . . . . . . . . . . . . . . . . . . . . . . . 105

Example 3: Multiple public IP addresses with inside servers . . . . . . . . . . . . . . . 106

Page 7

Contents 7

Chapter 10

Introducing the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Using SMT menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Activating the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Chapter 11

Filter configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Introduction to filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Filter Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Configuring a Filter Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Configuring a Filter Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring a TCP/IP Filter Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring a Generic Filter Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Example Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Filter Types and NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Firewall Versus Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Applying a Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Applying LAN Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Applying Remote Node Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Chapter 12

SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Chapter 13

System security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

System security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

System password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Configuring external RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Chapter 14

System information and diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Introduction to System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

BCM50a Integrated Router Configuration — Advanced

Page 8

8 Contents

System information and console port speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Log and trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Chapter 15

Firmware and configuration file maintenance . . . . . . . . . . . . . . . . . . . . . 161

Filename conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Backup configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Restore configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Uploading Firmware and Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Console port speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Syslog logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

CDR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Packet triggered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Filter log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

PPP log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Firewall log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Call-Triggering packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

WAN DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Backup configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Using the FTP command from the command line . . . . . . . . . . . . . . . . . . . . . . . . 163

Example of FTP commands from the command line . . . . . . . . . . . . . . . . . . . . . . 164

GUI-based FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

TFTP and FTP over WAN Management Limitations . . . . . . . . . . . . . . . . . . . . . . 164

Backup configuration using TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

TFTP command example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

GUI-based TFTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Restore Using FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Restore using FTP session example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Firmware file upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Configuration file upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

FTP file upload command from the DOS prompt example . . . . . . . . . . . . . . . . . 171

FTP Session Example of Firmware File Upload . . . . . . . . . . . . . . . . . . . . . . . . . 172

TFTP file upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

TFTP upload command example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

N0115791

Page 9

Contents 9

Chapter 16

System Maintenance menus 8 to 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Command Interpreter mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Command usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Call control support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Budget management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Call History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Time and Date setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Resetting the Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Chapter 17

Remote Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Remote Management Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Chapter 18

Call scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Appendix A

Setting up your computer IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Windows 95/98/Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Installing components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Verifying Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Windows 2000/NT/XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Verifying Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Macintosh OS 8/9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Verifying Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Macintosh OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Verifying settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Appendix B

BCM50a Integrated Router Configuration — Advanced

Page 10

10 Contents

Triangle Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

The Ideal Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

The Triangle Route Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

The Triangle Route Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

IP aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Appendix C

Importing certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Import BCM50a Integrated Router certificates into Netscape Navigator . . . . . . . . . . 209

Importing the BCM50a Integrated Router Certificate into Internet Explorer . . . . . . . . 210

Enrolling and Importing SSL Client Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Using a certificate when accessing the BCM50a Integrated Router example . . . . . . 223

Appendix D

PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

PPPoE in action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Benefits of PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Traditional dial-up scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

How PPPoE works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

BCM50a Integrated Router as a PPPoE client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Appendix E

Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Cable pin assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Appendix F

IP subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

IP addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

IP classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Subnet masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Example: two subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Example: four subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Example: eight subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Subnetting with Class A and Class B networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

N0115791

Page 11

Contents 11

Appendix G

Command Interpreter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Command usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Sys commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Exit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Ethernet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

IP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

IPSec commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Sys firewall commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Bandwidth management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Certificates commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Appendix H

NetBIOS filter commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Display NetBIOS filter settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

NetBIOS filter configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Example commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Appendix I

Enhanced DHCP option commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Enhanced DHCP option commands introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Specifying the Nortel BCM50 IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Nortel BCM50 DHCP server options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

BCM50 DHCP server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

BCM50 IP sets override setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Nortel i2004 IP phone options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

VoIP server settings assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

VLAN ID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Nortel WLAN handsets 2210 & 2211 phone options . . . . . . . . . . . . . . . . . . . . . . . . . 287

TFTP server IP address assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

WLAN IP Telephony Manager IP Address Assignment . . . . . . . . . . . . . . . . . . . 288

BCM50a Integrated Router Configuration — Advanced

Page 12

12 Contents

Appendix J

Log descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

VPN/IPSec logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

VPN responder IPSec log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Log commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Log command example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Appendix K

Brute force password guessing protection. . . . . . . . . . . . . . . . . . . . . . . . 309

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Configuring what you want the BCM50a Integrated Router to log . . . . . . . . . . . 306

Displaying logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

N0115791

Page 13

Figures

Figure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . . . . . . . 38

Figure 2 Initial screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Figure 3 SMT Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Figure 4 Main menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Figure 5 Menu 23.1 – System Security – Change Password . . . . . . . . . . . . . . . . . 43

Figure 6 SMT overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Figure 7 Menu 1 – General Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 8 Menu 1.1 – Configure Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Figure 9 Menu 2 – WAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Figure 10 Menu 2.2 – Traffic Redirect Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Figure 11 Menu 3 – LAN setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Figure 12 Menu 3.1 – LAN Port Filter Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Figure 13 Menu 3 – LAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Figure 14 Menu 3.2 – TCP/IP and DHCP Ethernet setup . . . . . . . . . . . . . . . . . . . . 59

Figure 15 Menu 3.2.1 – IP Alias setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Figure 16 Menu 4 – Internet Access Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Figure 17 Menu 11 – Remote Node Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Figure 18 Menu 11.1 – Remote Node Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Figure 19 Menu 11.3 – Remote Node Network Layer Options . . . . . . . . . . . . . . . . . 75

Figure 20 Menu 11.1.4 – Remote Node Filter (Ethernet Encapsulation) . . . . . . . . . 78

Figure 21 Menu 11.1.4 – Remote Node Filter (PPPoE or PPPoA Encapsulation) . . 78

Figure 22 Menu 11.6 for VC-based Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Figure 23 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation . . . . . . . . . 80

Figure 24 Menu 11.1 – Remote Node Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Figure 25 Menu 11.8 – Advance Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Figure 26 Menu 12 – IP Static Route Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Figure 27 Menu 12.1 – Edit IP Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Figure 28 Menu 14 – Dial-in User Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Figure 29 Menu 14.1 – Edit Dial-in User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

BCM50a Integrated Router Configuration — Advanced

Page 14

14 Figures

Figure 30 Menu 4 – Applying NAT for Internet Access . . . . . . . . . . . . . . . . . . . . . . . 90

Figure 31 Menu 11.3 – Applying NAT to the Remote Node . . . . . . . . . . . . . . . . . . . 91

Figure 32 Menu 15 – NAT Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Figure 33 Menu 15.1 – Address Mapping Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Figure 34 Menu 15.1.255 – SUA Address Mapping Rules . . . . . . . . . . . . . . . . . . . . 94

Figure 35 Menu 15.1.1: First Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Figure 36 Menu 15.1.1.1: Editing or configuring an individual rule in a set . . . . . . . 98

Figure 37 Menu 15.2 – NAT Server Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Figure 38 15.2.1 – NAT Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Figure 39 Menu 15.2 – NAT Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Figure 40 Multiple servers behind NAT example . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Figure 41 NAT Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Figure 42 Menu 4: Internet access & NAT example . . . . . . . . . . . . . . . . . . . . . . . . 104

Figure 43 NAT Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Figure 44 Menu 15.2: Specifying an inside server . . . . . . . . . . . . . . . . . . . . . . . . . 106

Figure 45 NAT example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Figure 46 Example 3: Menu 11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Figure 47 Example 3: Menu 15.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Figure 48 Example 3: Final Menu 15.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Figure 49 Example 3: Menu 15.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Figure 50 Menu 15.3 – Trigger Port Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Figure 51 Menu 21– Filter and Firewall Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Figure 52 Menu 21.2 – Firewall Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Figure 53 Outgoing packet filtering process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Figure 54 Filter rule process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Figure 55 Menu 21 – Filter and Firewall Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Figure 56 Menu 21.1– Filter Set Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Figure 57 Menu 21.1.1.1 – TCP/IP Filter Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Figure 58 Executing an IP filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Figure 59 Menu 21.1.1.1 – Generic Filter Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Figure 60 Telnet filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Figure 61 Example Filter: Menu 21.1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Figure 62 Example Filter Rules Summary: Menu 21.1.3 . . . . . . . . . . . . . . . . . . . . 133

Figure 63 Protocol and Device Filter Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Figure 64 Filtering LAN Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

N0115791

Page 15

Figures 15

Figure 65 Filtering Remote Node Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Figure 66 Menu 22 – SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Figure 67 Menu 23 – System security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Figure 68 Menu 23 – System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Figure 69 Menu 23.2 – System Security – RADIUS server . . . . . . . . . . . . . . . . . . 142

Figure 70 Menu 24 – System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Figure 71 Menu 24.1 – System Maintenance – Status . . . . . . . . . . . . . . . . . . . . . . 147

Figure 72 System Information and Console Port Speed . . . . . . . . . . . . . . . . . . . . 149

Figure 73 Menu 24.2.1 – System Maintenance – Information . . . . . . . . . . . . . . . . 150

Figure 74 Menu 24.2.2 – System Maintenance – Change Console Port Speed . . 151

Figure 75 Menu 24.3 – System Maintenance: Log and Trace . . . . . . . . . . . . . . . . 152

Figure 76 Menu 24.3.2 – System Maintenance: Syslog Logging . . . . . . . . . . . . . . 152

Figure 77 Call-Triggering packet example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Figure 78 Menu 24.4 – System Maintenance: Diagnostic . . . . . . . . . . . . . . . . . . . 158

Figure 79 WAN & LAN DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Figure 80 Menu 24.5 – System Maintenance – Backup Configuration . . . . . . . . . . 163

Figure 81 FTP Session Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Figure 82 Telnet into Menu 24.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Figure 83 Restore using FTP session example . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Figure 84 Telnet Into Menu 24.7.1 Upload System Firmware . . . . . . . . . . . . . . . . 170

Figure 85 Telnet Into Menu 24.7.2 System Maintenance . . . . . . . . . . . . . . . . . . . 170

Figure 86 FTP Session Example of Firmware File Upload . . . . . . . . . . . . . . . . . . . 172

Figure 87 Command mode in Menu 24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Figure 88 Call Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Figure 89 Budget Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Figure 90 Call History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Figure 91 Menu 24 – System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Figure 92 Menu 24.10 System Maintenance: Time and Date Setting . . . . . . . . . . 182

Figure 93 Menu 24.11 – Remote Management Control . . . . . . . . . . . . . . . . . . . . . 186

Figure 94 Menu 26 – Schedule Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Figure 95 Menu 26.1 – Schedule Set Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Figure 96 Applying Schedule Sets to a Remote Node (PPPoE) . . . . . . . . . . . . . . . 192

Figure 97 WIndows 95/98/Me: network: configuration . . . . . . . . . . . . . . . . . . . . . . 194

Figure 98 Windows 95/98/Me: TCP/IP properties: IP address . . . . . . . . . . . . . . . . 195

Figure 99 Windows 95/98/Me: TCP/IP Properties: DNS configuration . . . . . . . . . . 196

BCM50a Integrated Router Configuration — Advanced

Page 16

16 Figures

Figure 100 Windows XP: Start menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Figure 101 Windows XP: Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Figure 102 Windows XP: Control Panel: Network Connections: Properties . . . . . . . 198

Figure 103 Windows XP: Local Area Connection Properties . . . . . . . . . . . . . . . . . . 198

Figure 104 Windows XP: Advanced TCP/IP settings . . . . . . . . . . . . . . . . . . . . . . . . 199

Figure 105 Windows XP: Internet Protocol (TCP/IP) properties . . . . . . . . . . . . . . . . 200

Figure 106 Macintosh OS 8/9: Apple Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Figure 107 Macintosh OS 8/9: TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Figure 108 Macintosh OS X: Apple menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Figure 109 Macintosh OS X: Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Figure 110 Ideal Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Figure 111 Triangle Route Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Figure 112 IP Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Figure 113 Security Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Figure 114 Login Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Figure 115 Certificate General Information before Import . . . . . . . . . . . . . . . . . . . . 211

Figure 116 Certificate Import Wizard 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Figure 117 Certificate Import Wizard 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Figure 118 Certificate Import Wizard 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Figure 119 Root Certificate Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Figure 120 Certificate General Information after Import . . . . . . . . . . . . . . . . . . . . . . 215

Figure 121 BCM50a Integrated Router Trusted CA screen . . . . . . . . . . . . . . . . . . . 216

Figure 122 CA certificate example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Figure 123 Personal certificate import wizard 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Figure 124 Personal certificate import wizard 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Figure 125 Personal certificate import wizard 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Figure 126 Personal certificate import wizard 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Figure 127 Personal certificate import wizard 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Figure 128 Personal certificate import wizard 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Figure 129 Access the BCM50a Integrated Router via HTTPS . . . . . . . . . . . . . . . . 223

Figure 130 SSL client authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Figure 131 BCM50a Integrated Router secure login screen . . . . . . . . . . . . . . . . . . . 224

Figure 132 Single-PC per router hardware configuration . . . . . . . . . . . . . . . . . . . . . 226

Figure 133 BCM50a Integrated Router as a PPPoE Client . . . . . . . . . . . . . . . . . . . 227

Figure 134 Ethernet cable pin assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

N0115791

Page 17

Figures 17

Figure 135 NetBIOS Display Filter Settings Command Example . . . . . . . . . . . . . . . 280

Figure 136 Example VPN initiator IPSec log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Figure 137 Example VPN responder IPSec log . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

BCM50a Integrated Router Configuration — Advanced

Page 18

18 Figures

N0115791

Page 19

Tables

Table 1 Feature specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Table 2 Main menu commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 3 Main menu summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Table 4 General setup menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Table 5 Configure dynamic DNS menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Table 6 Menu 2 WAN setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Table 7 Menu 2.2 Traffic Redirect Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Table 8 DHCP Ethernet setup menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Table 9 LAN TCP/IP setup menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Table 10 IP Alias setup menu field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 11 Menu 4 Internet access setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Table 12 Menu 11.1 Remote Node Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 13 Menu 11.3 Remote Node Network Layer Options . . . . . . . . . . . . . . . . . . 75

Table 14 Menu 11.8 Advance Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Table 15 IP Static Route Menu Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Table 16 Menu 14.1- Edit Dial-in User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Table 17 Applying NAT in Menus 4 & 11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Table 18 SUA Address Mapping Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Table 19 Fields in menu 15.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Table 20 Menu 15.1.1.1: Editing or configuring an individual rule in a set . . . . . . . 98

Table 21 15.2.1: NAT Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Table 22 Menu 15.3: Trigger Port setup description . . . . . . . . . . . . . . . . . . . . . . . 112

Table 23 Abbreviations used in the Filter Rules Summary Menu . . . . . . . . . . . . . 122

Table 24 Rule abbreviations used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Table 25 TCP/IP Filter Rule Menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Table 26 Generic Filter Rule Menu fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Table 27 SNMP Configuration Menu Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Table 28 SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Table 29 Menu 23.2 System Security: RADIUS Server . . . . . . . . . . . . . . . . . . . . . 143

BCM50a Integrated Router Configuration — Advanced

Page 20

20 Tables

Table 30 Menu 24.1 System Maintenance: Status . . . . . . . . . . . . . . . . . . . . . . . . 147

Table 31 Menu 24.2.1 System Maintenance: Information . . . . . . . . . . . . . . . . . . . 150

Table 32 System Maintenance Menu Syslog Parameters . . . . . . . . . . . . . . . . . . . 152

Table 33 System Maintenance menu diagnostic . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Table 34 Filename Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Table 35 General commands for GUI-based FTP clients . . . . . . . . . . . . . . . . . . . 164

Table 36 General commands for GUI-based TFTP clients . . . . . . . . . . . . . . . . . . 166

Table 37 Budget management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Table 38 Call History Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Table 39 Time and Date Setting Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Table 40 Menu 24.11 – Remote Management control . . . . . . . . . . . . . . . . . . . . . 186

Table 41 Menu 26.1 Schedule Set Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Table 42 General specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Table 44 Allowed IP address range By class . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 43 Classes of IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 45 Natural Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Table 46 Alternative Subnet Mask Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Table 47 Subnet 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table 48 Subnet 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table 49 Subnet 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Table 50 Subnet 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Table 53 Eight subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 51 Subnet 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 52 Subnet 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 54 Class C subnet planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Table 55 Class B subnet planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Table 56 Sys commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Table 57 Exit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Table 58 Ether Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Table 59 IP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Table 60 IPSec commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Table 61 WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Table 62 Sys firewall commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Table 63 Bandwidth management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Table 64 Certificates commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

N0115791

Page 21

Tables 21

Table 65 NetBIOS filter default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Table 66 System error logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Table 67 System maintenance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Table 68 UPnP logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Table 69 Content filtering logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Table 70 Attack logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Table 71 Access logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Table 72 ACL setting notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Table 73 ICMP notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Table 74 Sys log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Table 75 Sample IKE key exchange logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Table 76 Sample IPSec logs during packet transmission . . . . . . . . . . . . . . . . . . . 302

Table 77 RFC-2408 ISAKMP payload types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Table 78 PKI logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Table 79 Certificate path verification failure reason codes . . . . . . . . . . . . . . . . . . 304

Table 80 Log categories and available settings . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Table 81 Brute force password guessing protection commands . . . . . . . . . . . . . . 309

BCM50a Integrated Router Configuration — Advanced

Page 22

22 Tables

N0115791

Page 23

Preface

Before you begin

This guide is designed to assist you with advanced configuration of your BCM50a Integrated Router for its various applications.

Note: This guide explains how to use the System Management Terminal (SMT) or the command interpreter interface to configure your BCM50a Integrated Router. See the basic manual for how to use the WebGUI to configure your BCM50a Integrated Router. Not all features can be configured through all interfaces.

The SMT parts of this manual contain background information solely on features not configurable by the WebGUI. The WebGUI parts of the basic manual contain background information on features configurable by the WebGUI and the SMT.

Text conventions

This guide uses the following text conventions:

Enter means for you to type one or more characters and press the [ENTER] key. Select or Choose means for you to use one of the predefined choices.

The SMT menu titles and labels are written in Bold Times New Roman font. Menu choices are written in Bold Arial font.

BCM50a Integrated Router Configuration — Advanced

Page 24

24 Preface

A single keystroke is written in Arial font and enclosed in square brackets, for instance, [ENTER] means the Enter key; [ESC] means the escape key and [SPACE BAR] means the space bar. [UP] and [DOWN] are the up and down arrow keys.

Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.

Related publications

For more information about using the BCM50a Integrated Router, refer to the following publications:

• BCM50a Integrated Router Configuration - Basics (

The basic manual covers how to use the WebGUI to configure your BCM50a Integrated Router.

• WebGUI Online Help

Embedded WebGUI help for descriptions of individual screens and supplementary information

Hard-copy technical manuals

You can print selected technical manuals and release notes free, directly from the Internet. Go to www.nortel.com/documentation. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe Reader to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at www.adobe.com to download a free copy of the Adobe Reader.

How to get help

N0115790)

N0115791

If you do not see an appropriate number in this list, go to www.nortel.com/cs.

Page 25

Preface 25

USA and Canada Authorized Distributors

Technical Support - GNTS/GNPS

Telephone:

1-800-4NORTEL (1-800-466-7835)

If you already have a PIN Code, you can enter Express Routing Code (ERC) 196#. If you do not yet have a PIN Code, or for general questions and first line support, you can enter ERC 338#.

Web Site:

www.nortel.com/cs

Presales Support (CSAN)

Telephone: 1-800-4NORTEL (1-800-466-7835)

Use Express Routing Code (ERC) 1063#

EMEA (Europe, Middle East, Africa)

Technical Support - CTAS

Telephone:

*European Free phone 00800 800 89009

European Alternative:

United Kingdom +44 (0)870-907-9009

Africa +27-11-808-4000

Israel 800-945-9779

Calls are not free from all countries in Europe, Middle East, or Africa.

Fax: 44-191-555-7980

E-mail:

emeahelp@nortel.com

BCM50a Integrated Router Configuration — Advanced

Page 26

26 Preface

CALA (Caribbean & Latin America)

Technical Support - CTAS

Telephone:

1-954-858-7777

E-mail:

csrmgmt@nortel.com

APAC (Asia Pacific)

Service Business Centre & Pre-Sales Help Desk:

+61-2-8870-5511 (Sydney)

Technical Support - GNTS

Telephone:

+612 8870 8800

Fax:

+612 8870 5569

E-mail:

asia_support@nortel.com

N0115791

Australia 1-800-NORTEL (1-800-667-835)

China

India 011-5154-2210

Indonesia 0018-036-1004

Japan 0120-332-533

Malaysia 1800-805-380

New Zealand 0800-449-716

Philippines

Singapore 800-616-2004

South Korea 0079-8611-2001

Taiwan

010-6510-7770

1800-1611-0063

0800-810-500

Page 27

Thailand 001-800-611-3007

Preface 27

Service Business Centre & Pre-Sales Help Desk

+61-2-8870-5511

BCM50a Integrated Router Configuration — Advanced

Page 28

28 Preface

N0115791

Page 29

Chapter 1 Getting to know your BCM50a Integrated Router

This chapter introduces the main features and applications of the BCM50a Integrated Router.

Introducing the BCM50a Integrated Router

The BCM50a Integrated Router is an ideal secure gateway for all data passing between the Internet and the Local Area Network (LAN).

Your BCM50a Integrated Router integrates high-speed 10/100 Megabits per second (Mb/s) autonegotiating LAN interfaces and a high-speed Asymmetrical Digital Subscriber Line Plus (ADSL2+) port into a single package. The BCM50a Integrated Router is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. By integrating Digital Subscriber Line (DSL) and Network Address Translation (NAT), the BCM50a Integrated Router provides easy installation and Internet access. By integrating firewall and Virtual Private Network (VPN) capabilities, the BCM50a Integrated Router is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.

Features

This section lists the key features of the BCM50a Integrated Router.

Table 1 Feature specifications

Feature Specification

Number of static routes 12

Number of NAT sessions 4096

BCM50a Integrated Router Configuration — Advanced

Page 30

30 Chapter 1 Getting to know your BCM50a Integrated Router

Table 1 Feature specifications

Feature Specification

Number of SUA (Single User Account) servers 12

Number of address mapping rules 10

Number of configurable VPN rules (gateway policies) 10

Number of configurable IPSec VPN IP policies (network policies) 60

Number of concurrent IKE (Internet Key Exchange) Phase 1 Security Associations: These correspond to the gateway policies.

Number of concurrent IPSec VPN tunnels (Phase 2 Security Associations): These correspond to the network policies and are also monitorable and manageable. For example, 5 IKE gateway policies could each use 12 IPSec tunnels for a total of 60 phase 2 IPSec VPN tunnels. This total includes both branch office tunnels and VPN client-termination tunnels.

Number of IP pools that can be used to assign IP addresses to remote users for VPN client termination

Number of configurable split networks for VPN client termination 16

Number of configurable inverse split networks for VPN client termination 16

Number of configurable subnets per split network for VPN client termination

Physical features

N0115791

High-speed Internet access

Your BCM50a Integrated Router supports ADSL2+ (Asymmetrical Digital Subscriber Line) for high transmission speeds and long connection distances.

ADSL standards

• Multimode standard (ANSI (American National Standards Institute) T1.413, Issue 2; G.dmt (G.992.1 Discrete Multitone Modulation)

• EOC (Embedded Operations Channel) specified in ITU-T (Telecommunication Standardization Sector of the International Telecommunications Union) G.992.1

• ADSL2 G.dmt.bis (G.992.3)

• ADSL2+ (G.992.5)

Page 31

Chapter 1 Getting to know your BCM50a Integrated Router 31

• Extended-reach ADSL (ER ADSL)

• SRA (Seamless Rate Adaptation)

• Autonegotiating rate adaptation

• ADSL physical connection ATM (Asynchronous Transfer Mode) AAL5 (Adaptation Layer type 5)·

• Multiprotocol over AAL5 (Request For Comments (RFC) 2684/1483)

• Support Point-to-Point-Protocol over ATM AAL5 (PPPoA) (RFC 2364)

• PPP over Ethernet support for DSL (Digital Subscriber Line) connection (RFC 2516)

• Support Virtual Circuit (VC) based and LLC (Logical Link Control) based multiplexing

• Support OAM (Operational, Administration and Maintenance) VC Hunt

• I.610 F4/F5 OAM

Networking compatibility

Your BCM50a Integrated Router is compatible with the major ADSL Digital Subscriber Line Access Multiplexer (DSLAM) providers, making configuration as simple as possible.

Multiplexing

The BCM50a Integrated Router supports VC-based and LLC-based multiplexing.

Encapsulation

The BCM50a Integrated Router supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC (Media Access Control) encapsulated routing (ENET encapsulation) as well as PPP over Ethernet (RFC 2516).

Four-Port switch

A combination of switch and router makes your BCM50a Integrated Router a cost-effective and viable network solution. You can connect up to four computers or phones to the BCM50a Integrated Router without the cost of a switch. Use a switch to add more than four computers or phones to your LAN.

BCM50a Integrated Router Configuration — Advanced

Page 32

32 Chapter 1 Getting to know your BCM50a Integrated Router

Autonegotiating 10/100 Mb/s Ethernet LAN

The LAN interfaces automatically detect if they are on a 10 or a 100 Mb/s Ethernet.

Autosensing 10/100 Mb/s Ethernet LAN

The LAN interfaces automatically adjust to either a crossover or straight through Ethernet cable.

Time and date

Using the BCM50a Integrated Router, you can get the current time and date from an external server when you turn on your BCM50a Integrated Router. You can also set the time manually.

Reset button

There is a 'Cold Reset Router' button that is accessible from the Element Manager Administration/Utilities/Reset page.Use this button to restore the factory default password to setup and the IP address to 192.168.1.1, subnet mask 255.255.255.0, and DHCP server enabled with a pool of 126 IP addresses starting at 192.168.1.2.

Nonphysical features

N0115791

IPSec VPN capability

Establish Virtual Private Network (VPN) tunnels to connect home or office computers to your company network using data encryption and the Internet; thus providing secure communications without the expense of leased site-to-site lines. VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

Nortel Contivity Client Termination

The BCM50a Integrated Router supports VPN connections from computers using Nortel Contivity VPN Client 3.0, 5.01, 5.11, 6.01, 6.02, or 7.01 software.

Page 33

Chapter 1 Getting to know your BCM50a Integrated Router 33

Certificates

The BCM50a Integrated Router can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.

SSH

The BCM50a Integrated Router uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted communication between two hosts over an unsecured network.

HTTPS

HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web sessions. Use HTTPS for secure WebGUI access to the BCM50a Integrated Router.

Firewall

The BCM50a Integrated Router has a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN (Wide Area Network) to the LAN is blocked unless it is initiated from the LAN. The BCM50a Integrated Router firewall supports TCP/UDP inspection, DoS detection and protection, real time alerts, reports and logs.

Brute force password guessing protection

The BCM50a Integrated Router has a special protection mechanism to discourage brute force password guessing attacks on the BCM50a Integrated Router management interfaces. You can specify a wait time that must expire before you can enter a fourth password after entering three incorrect passwords.

BCM50a Integrated Router Configuration — Advanced

Page 34

34 Chapter 1 Getting to know your BCM50a Integrated Router

Content filtering

The BCM50a Integrated Router can block web features such as ActiveX controls, Java applets, and cookies, as well as disable web proxies. The BCM50a Integrated Router can block specific URLs by using the keyword feature. The administrator can also define time periods and days during which content filtering is enabled.

Packet filtering

The packet filtering mechanism blocks unwanted traffic from entering or leaving your network.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the BCM50a Integrated Router and other UPnP-enabled devices can dynamically join a network, obtain an IP address, and convey its capabilities to other devices on the network.

Call scheduling

N0115791

Configure call time periods to restrict and allow access for users on remote nodes.

PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high-speed data networks through a familiar dial-up networking user interface.

Dynamic DNS support

With Dynamic DNS (Domain Name System) support, you can have a static host name alias for a dynamic IP address, so the host is more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

Page 35

Chapter 1 Getting to know your BCM50a Integrated Router 35

IP Multicast

The BCM50a Integrated Router can use IP multicast to deliver IP packets to a specific group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The BCM50a Integrated Router supports versions 1 and 2.

IP Alias

Using IP Alias, you can partition a physical network into logical networks over the same Ethernet interface. The BCM50a Integrated Router supports three logical LAN interfaces through its single physical Ethernet LAN interface with the BCM50a Integrated Router itself as the gateway for each LAN network.

Central Network Management

With Central Network Management (CNM), an enterprise or service provider network administrator can manage your BCM50a Integrated Router. The enterprise or service provider network administrator can configure your BCM50a Integrated Router, perform firmware upgrades, and do troubleshooting for you.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your BCM50a Integrated Router supports SNMP agent functionality, which means that a manager station can manage and monitor the BCM50a Integrated Router through the network. The BCM50a Integrated Router supports SNMP versions 1 and 2 (SNMPv1 and SNMPv2).

Network Address Translation (NAT)

NAT (Network Address Translation — NAT, RFC 1631) translate multiple IP addresses used within one network to different IP addresses known within another network.

BCM50a Integrated Router Configuration — Advanced

Page 36

36 Chapter 1 Getting to know your BCM50a Integrated Router

Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway when the BCM50a Integrated Router cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.

Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You can enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

DHCP (Dynamic Host Configuration Protocol)

With DHCP (Dynamic Host Configuration Protocol), individual client computers can obtain the TCP/IP configuration at start-up from a centralized DHCP server. The BCM50a Integrated Router has built in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway, and DNS servers to all systems that support the DHCP client. The BCM50a Integrated Router can also act as a surrogate DHCP server, where it relays IP address assignment from another DHCP server to the clients.

N0115791

Full network management

The embedded web configurator is an all platform, web based utility that you can use to easily manage and configure the BCM50a Integrated Router. Most functions of the BCM50a Integrated Router are also software configurable through the SMT (System Management Terminal) interface. The SMT is a menu driven interface that you can access over a Telnet connection.

Logging and tracing

The BCM50a Integrated Router supports the following logging and tracing functions to help with management:

• Built in message logging and packet tracing

• Unix syslog facility support

Page 37

Chapter 1 Getting to know your BCM50a Integrated Router 37

Upgrade BCM50a Integrated Router Firmware

The firmware of the BCM50a Integrated Router can be upgraded manually through the WebGUI.

Embedded FTP and TFTP Servers

The embedded FTP and TFTP servers enable fast firmware upgrades, as well as configuration file backups and restoration.

Applications for the BCM50a Integrated Router

Secure broadband internet access and VPN

The BCM50a Integrated Router provides broadband Internet access through ADSL. The BCM50a Integrated Router also provides IP address sharing and a firewall protected local network with traffic management.

The BCM50a Integrated Router VPN is an ideal, cost effective way to connect branch offices and business partners over the Internet without the need (and expense) of leased lines between sites. The LAN computers can share the VPN tunnels for secure connections to remote computers.

BCM50a Integrated Router Configuration — Advanced

Page 38

38 Chapter 1 Getting to know your BCM50a Integrated Router

Figure 1 Secure Internet Access and VPN Application

BCM50a Integrated Router

N0115791

Caution: Electro-static Discharge can disrupt the router. Use appropriate handling precautions to avoid ESD. Avoid touching the connectors on the router, particularly when it is in use.

Page 39

Chapter 2 Introducing the SMT

This chapter explains how to access the System Management Terminal and gives an overview of its menus.

Introduction to the SMT

The BCM50a Integrated Router SMT (System Management Terminal) is a menu-driven interface that you can access over a Telnet connection. This chapter shows you how to navigate the SMT, and how to configure SMT menus.

Initial screen

When you turn on your BCM50a Integrated Router, it performs several internal tests as well as line initialization.

After the tests, the BCM50a Integrated Router asks you to press

continue, as shown in Figure 2.

Figure 2 Initial screen

initialize ch =0, ethernet address: 00:A0:C5:22:1A:03 initialize ch =1, ethernet address: 00:A0:C5:22:1A:04 Press ENTER to continue...

Logging on to the SMT

The logon screen appears after you press [ENTER], prompting you to enter the username, as shown in Figure 3.

[ENTER] to

BCM50a Integrated Router Configuration — Advanced

Page 40

40 Chapter 2 Introducing the SMT

Type the username (“nnadmin “is the default) and press [ENTER].

The logon screen prompts you to enter the password.

Figure 3 SMT Login

Enter Username : XXXX

Enter Password : XXXX

Type the password (“PlsChgMe!” is the default) and press [ENTER]. As you type the password, the screen displays an X for each character you type.

Note that if there is no activity for longer than five minutes after you log on, your BCM50a Integrated Router will automatically log you off and display a blank screen. If you see a blank screen, press [ENTER] to bring up the logon screen again.

Navigating the SMT interface

The SMT is an interface that you use to configure your BCM50a Integrated Router.

Table 2 lists several operations you must be familiar with before attempting to

modify the configuration.

Table 2 Main menu commands

Operations Keystrokes Descriptions

Move down to another menu

Move up to a previous menu

Move to a “hidden” menu

N0115791

[ENTER] To move forward to a submenu, type in the

[ESC] Press the [ESC] key to move back to the

Press [SPACE BAR] to change No to Yes then press [ENTER].

number of the desired submenu and press [ENTER].

previous menu.

Fields beginning with “Edit” lead to hidden menus and have a default setting of No. Press [SPACE BAR] to change No to Yes, and then press [ENTER] to go to a “hidden” menu.

Page 41

Table 2 Main menu commands

Operations Keystrokes Descriptions

Chapter 2 Introducing the SMT 41

Move the cursor

Entering information

Required fields <? > All fields with the symbol <?> must be filled in

N/A fields <N/A> Some of the fields in the SMT will show a <N/A>.

Save your configuration

Exit the SMT Type 99, then press

[ENTER] or [UP] or [DOWN] arrow keys

Fill in, or press [SPACE BAR], then press [ENTER] to select from choices.

[ENTER] Save your configuration by pressing [ENTER] at

[ENTER].

Within a menu, press [ENTER] to move to the next field. You can also use the [UP] or [DOWN] arrow keys to move to the previous or the next fields, respectively.

When you are at the top of a menu, press the [UP] arrow key to move to the bottom of a menu.

There are two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing [SPACE BAR].

order be able to save the new configuration.

This symbol refers to an option that is Not Applicable.

the message “Press ENTER to confirm or ESC to cancel”. Saving the data on the screen will take you, in most cases, to the previous menu.

Make sure you save your settings in each screen that you configure.

Type 99 at the main menu prompt and press [ENTER] to exit the SMT interface.

Main menu

After you enter the password, the SMT displays the BCM50a Integrated Router Main Menu, as shown in Figure 4. Not all models have all the features shown.

BCM50a Integrated Router Configuration — Advanced

Page 42

42 Chapter 2 Introducing the SMT

Figure 4 Main menu

BCM50a Integrated Router Main Menu

Getting Started Advanced Management

1. General Setup

2. WAN Setup

3. LAN Setup

4. Internet Access Setup

Advanced Applications

11. Remote Node Setup

12. Static Routing Setup

14. Dial-in User Setup

15. NAT Setup

Enter Menu Selection Number:

21. Filter and Firewall Setup

22. SNMP Configuration

23. System Security

24. System Maintenance

26. Schedule Setup

99.Exit

Table 3 describes the fields in Figure 4.

Table 3 Main menu summary

No. Menu Title Function

N0115791

1 General Setup Use this menu to set up dynamic DNS and

administrative information.

2 WAN Setup Use this menu to configure the backup WAN

connection.

3 LAN Setup Use this menu to apply LAN filters, configure LAN

DHCP and TCP/IP settings.

4 Internet Access Setup Configure your Internet Access setup (Internet

address, gateway IP address, and logon) with this menu.

11 Remote Node Setup Use this menu to configure detailed remote node

settings (your ISP is also a remote node) as well as apply WAN filters.

12 Static Routing Setup Configure IP static routes in this menu.

14 Dial-in User Setup Use this menu to configure the Dial-in User

information.

15 NAT Setup Use this menu to configure Network Address

Translation.

21 Filter and Firewall Setup Configure filters, activate or deactivate the firewall,

and view the firewall log.

22 SNMP Configuration Use this menu to configure SNMP-related parameters.

Page 43

Table 3 Main menu summary

No. Menu Title Function

23 System Security Use this menu to change your password and enable

network user authentication.

24 System Maintenance From displaying system status to uploading firmware,

this menu provides comprehensive system maintenance.

26 Schedule Setup Use this menu to schedule outgoing calls.

99 Exit Use this menu to exit (necessary for remote

configuration).

Changing the system password

To change the BCM50a Integrated Router administrator password:.

1 From the main menu, enter 23 to display Menu 23 – System Security.

2 Enter 1 to display Menu 23.1 – System Security – Change Password.

Chapter 2 Introducing the SMT 43

Figure 5 Menu 23.1 – System Security – Change Password

Menu 23.1 – System Security – Change Password Old Password= **** New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL:

3 Type your existing system password in the Old Password field, and press

[ENTER].

4 Type your new system password in the New Password field (up to 30

characters), and press [ENTER].

5 Retype your new system password in the Retype to confirm field for

confirmation and press [ENTER].

Note that as you type a password, the screen displays an asterisk * for each character you type.

BCM50a Integrated Router Configuration — Advanced

Page 44

44 Chapter 2 Introducing the SMT

SMT menus at a glance

Figure 6 SMT overview

N0115791

Page 45

SMT menu 1 - general setup

Introduction to general setup

Menu 1 - general setup contains administrative and system-related information.

Configuring general setup

Enter 1 in the main menu to open Menu 1: general setup.

The Menu 1 - General Setup screen appears, as shown in Figure 7. Fill in the required fields.

Figure 7 Menu 1 – General Setup

Menu 1 - General Setup

System Name= ? Domain Name=

First System DNS Server= From ISP IP Address= N/A Second System DNS Server= From ISP IP Address= N/A Third System DNS Server= From ISP IP Address= N/A Edit Dynamic DNS= No

Route IP= Yes Bridge= No

Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

BCM50a Integrated Router Configuration — Advanced

Page 46

46 Chapter 2 SMT menu 1 - general setup

Table 4 describes the fields in Figure 7.

Table 4 General setup menu fields

Field Description Example

System name Choose a descriptive name for identification purposes.

Nortel recommends you enter your computer name in this field. This name can be up to 30 alphanumeric characters long. Spaces, dashes (-) and underscores (_) are accepted.

Domain name Enter the domain name (if you know it) here. If you leave

this field blank, the ISP assigns a domain name via DHCP. You can go to menu 24.8 and type sys domain name to see the current domain name used by your router.

The domain name entered by you is given priority over the ISP-assigned domain name. If you want to clear this field just press [SPACE BAR] and then [ENTER].

BCM50a Integrated Router

nortel.com

N0115791

Page 47

Chapter 2 SMT menu 1 - general setup 47

Table 4 General setup menu fields

Field Description Example

First system DNS server

Second system DNS server

Third system DNS server

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The BCM50a Integrated Router uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.

Press [SPACE BAR] and then [ENTER] to select an option. Select From ISP if your ISP dynamically assigns DNS server information (and the BCM50a Integrated Router's WAN IP address). The IP Address field below displays the (read-only) DNS server IP address that the ISP assigns. If you chose From ISP, but the BCM50a Integrated Router has a fixed WAN IP address, From ISP changes to None after you save your changes. If you select From ISP for the second or third DNS server, but the ISP does not provide a second or third IP address, From ISP changes to None after you save your changes.

Select User-Defined if you have the IP address of a DNS server. The IP address can be public or a private address on your local LAN. Enter the DNS server's IP address in the field to the right.

A User-Defined entry with the IP address set to 0.0.0.0 changes to None after you save your changes. A duplicate User-Defined entry changes to None after you save your changes.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

Select Private DNS if the DNS server has a private IP address and is located behind a VPN peer. Enter the DNS server IP address in the field to the right.

With a private DNS server, you must also configure the first DNS server entry in SMT menu 3.1 to use DNS Relay.

BCM50a Integrated Router Configuration — Advanced

Page 48

48 Chapter 2 SMT menu 1 - general setup

Table 4 General setup menu fields

Field Description Example

You must also configure a VPN branch office rule since the BCM50a Integrated Router uses a VPN tunnel when it relays DNS queries to the private DNS server. One of the rule’s IP policies must include the LAN IP address of the BCM50a Integrated Router as a local IP address and the IP address of the DNS server as a remote IP address.

A Private DNS entry with the IP address set to 0.0.0.0 changes to None after you click Apply. A duplicate Private DNS entry changes to None after you save your changes.

Edit dynamic DNS

Press [SPACE BAR] and then [ENTER] to select Yes or

No (default). Select Yes to configure Menu 1.1: Configure Dynamic DNS, discussed next.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

Configuring dynamic DNS

(default)

N0115791

To configure Dynamic DNS, go to Menu 1: General Setup and press [SPACE BAR] to select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1— Configure Dynamic DNS (Figure 8). Not all models have every field shown.

Page 49

Chapter 2 SMT menu 1 - general setup 49

Figure 8 Menu 1.1 – Configure Dynamic DNS

Menu 1.1 - Configure Dynamic DNS

Service Provider= WWW.DynDNS.ORG Active= No DDNS Type= DynamicDNS Host Name 1= Host Name 2= Host Name 3= Username= Password= ******** Enable Wildcard Option= No Enable Off Line Option= N/A IP Address Update Policy: DDNS Server Auto Detect IP Address= No Use Specified IP Address= No Use IP Address= N/A Press ENTER to confirm or ESC to cancel:

Follow the instructions in Table 5 to configure Dynamic DNS parameters.

Table 5 Configure dynamic DNS menu fields

Field Description Example

Service Provider This is the name of your Dynamic DNS service

provider.

Active Press [SPACE BAR] to select Yes and then press

www.dyndns.org (default)

Yes

[ENTER] to make dynamic DNS active.

DDNS Type Press [SPACE BAR] and then [ENTER] to select

DynamicDNS if you have a dynamic IP addresses.

DynamicDNS

(default) Select StaticDNS if you have a static IP addresses.

Select CustomDNS to have dyns.org provide DNS service for a domain name that you already have from a source other than dyndns.org.

Host1-3 Enter your host names in the fields provided. You

me.dyndns.org can specify up to two host names separated by a comma in each field.

EMAIL Enter your e-mail address. mail@mailserver

User Enter your username.

Password Enter the password assigned to you.

BCM50a Integrated Router Configuration — Advanced

Page 50

50 Chapter 2 SMT menu 1 - general setup

Table 5 Configure dynamic DNS menu fields

Field Description Example

Enable Wildcard Your BCM50a Integrated Router supports

DYNDNS Wildcard. Press [SPACE BAR] and then [ENTER] to select Yes or No This field is N/A when you choose DDNS client as your service provider.

Offline This field is only available when CustomDNS is

selected in the DDNS Type field. Press [SPACE BAR] and then [ENTER] to select Yes. When Yes is selected,

traffic is redirected to a URL that you have previously specified (see

details).

IP Address Update Policy:

DDNS Server Auto Detect IP Address

Use Specified IP Address

Use IP Address Enter the static public IP address if you select Yes

You can select Yes in either the DDNS Server Auto Detect IP Address field (recommended) or the Use Specified IP Address field, but not both.

With the DDNS Server Auto Detect IP Address and Use Specified IP Address fields both set to No, the DDNS server automatically updates the IP address of the host names with the BCM50a Integrated Router’s WAN IP address.

DDNS does not work with a private IP address. When both fields are set to No, the BCM50a Integrated Router must have a public WAN IP address in order for DDNS to work.

Press [SPACE BAR] to select Yes and then press [ENTER] to have the DDNS server automatically update the IP address of the host names with the public IP address that the BCM50a Integrated Router uses or is behind.

You can set this field to Yes whether the IP address is public or private, static or dynamic.

Press [SPACE BAR] to select Yes and then press [ENTER] to update the IP address of the host names to the IP address specified below.

Only select Yes if the BCM50a Integrated Router uses or is behind a static public IP address.

in the Use Specified IP Address field.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

http://www.dyndns.org/

www.dyndns.org for

Yes

N/A

N0115791

Page 51

Chapter 2 SMT menu 1 - general setup 51

The IP address updates when you reconfigure menu 1 or perform DHCP client renewal.

BCM50a Integrated Router Configuration — Advanced

Page 52

52 Chapter 2 SMT menu 1 - general setup

N0115791

Page 53

Chapter 3 WAN Setup

This chapter describes how to configure the WAN using Menu 2.

Introduction to WAN setup

This chapter explains how to configure the settings for your WAN port.

WAN setup

From the main menu, enter 2 to open Menu 2.

BCM50a Integrated Router Configuration — Advanced

Page 54

54 Chapter 3 WAN Setup

Figure 9 Menu 2 – WAN Setup

Menu 2 - WAN Setup

Route Selection: WAN Metric= 1 Traffic Redirect Metric= 14 Dial Backup Metric= N/A

Edit Traffic Redirect= No

Dial-Backup: Active= N/A

Port Speed= N/A AT Command String: Init= N/A Edit Advanced Setup= N/A

Press ENTER to Confirm or ESC to Cancel:

Table 6 describes the fields in Figure 9.

N0115791

Table 6 Menu 2 WAN setup

Field Description Example

Route Selection:

WAN Metric Traffic Redirect

Metric Dial Backup

Metric

The BCM50a Integrated Router uses the connection with the lowest metric value first.

The default WAN connection is 1 as your broadband connection through the WAN port must always be your preferred method of accessing the WAN.

The default priority of the routes is WAN, Traffic Redirect and then Dial Backup (dial backup does not apply to all BCM50a Integrated Router models):

You have two choices for an auxiliary connection, in the event that your regular WAN connection goes down. If Dial Backup is preferred to Traffic Redirect, then type 14 in the Dial Backup Metric field (and leave the Traffic Redirect Metric at the default of 15).

Page 55

Chapter 3 WAN Setup 55

Table 6 Menu 2 WAN setup

Field Description Example

Edit Traffic Redirect

Dial-Backup: Dial backup does not apply to all BCM50a Integrated

Active Use this field to turn the dial-backup feature on (Yes)

Port Speed Press [SPACE BAR] and then press [ENTER] to

AT Command String:

Init Enter the AT command string to initialize the WAN

Edit Advanced Setup

Press [SPACE BAR] to select Yes or No. Select No (default) if you do not want to configure this

feature. Select Yes and press [ENTER] to configure Menu 2.2

— Traffic Redirect Setup.

Router models.

or off (No).

select the speed of the connection between the dial backup port and the external device.

Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 b/s.

device. Consult the manual of the WAN device connected to your Dial Backup port for specific AT commands.

To edit the advanced setup for the Dial Backup port, move the cursor to this field; press the [SPACE BAR] to select Yes and then press [ENTER] to go to Menu

2.1 — Advanced Setup.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

115200

at&fs0=0

Yes

Traffic redirect setup

Configure parameters that determine when the BCM50a Integrated Router forwards WAN traffic to the backup gateway using Menu 2.2 - Traffic Redirect Setup.

BCM50a Integrated Router Configuration — Advanced

Page 56

56 Chapter 3 WAN Setup

Figure 10 Menu 2.2 – Traffic Redirect Setup

Active= No Configuration: Backup Gateway IP Address= 0.0.0.0 Metric= 15

Table 7 describes the fields in Figure 10.

Table 7 Menu 2.2 Traffic Redirect Setup

Field Description

Menu 2.2 - Traffic Redirect Setup

Press ENTER to Confirm or ESC to Cancel:

Active Press [SPACE BAR] and select Yes (to enable) or No (to disable)

traffic redirect setup. The default is No. If the Active field is Yes, you must configure every field in this screen

unless you are using PPPoE encapsulation (except Check WAN IP Address and Timeout).

If you do not configure these fields and are using PPPoE encapsulation, the BCM50a Integrated Router checks the PPPoE channel to determine if the WAN connection is down.

Configuration:

Backup Gateway IP Address

Enter the IP address of your backup gateway in dotted decimal notation.

The BCM50a Integrated Router automatically forwards traffic to this IP address if the Internet connection of the BCM50a Integrated Router terminates.

Metric This field sets the priority for this route among the routes the BCM50a

Integrated Router uses. The metric represents the cost of transmission. A router determines the

best route for transmission by choosing a path with the lowest cost. RIP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. The number must be between 1 and 15; a number greater than 15 means the link is down. The smaller the number, the lower the cost.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

N0115791

Page 57

Chapter 4 LAN setup

This chapter describes how to configure the LAN using Menu 3: LAN Setup.

Introduction to LAN setup

This section describes how to configure the BCM50a Integrated Router for LAN connections.

Accessing the LAN menus

From the main menu, enter 3 to open Menu 3 – LAN setup

Figure 11 Menu 3 – LAN setup.

Menu 3 - LAN Setup

1. LAN Port Filter Setup

2. TCP/IP and DHCP Setup

Enter Menu Selection Number:

LAN port filter setup

With Menu 3, you can specify the filter sets that you wish to apply to the LAN traffic. You seldom need to filter the LAN traffic, however, the filter sets are useful to block certain packets, reduce traffic, and prevent security breaches.

BCM50a Integrated Router Configuration — Advanced

Page 58

58 Chapter 4 LAN setup

Figure 12 Menu 3.1 – LAN Port Filter Setup

Menu 3.1 – LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel:

TCP/IP and DHCP ethernet setup menu

From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1155) and DHCP Ethernet setup.

Figure 13 Menu 3 – LAN Setup

Menu 3 - LAN Setup

1. LAN Port Filter Setup

2. TCP/IP and DHCP Setup

Enter Menu Selection Number:

From menu 3, select the submenu option TCP/IP and DHCP Setup and press

Menu 3.2: TCP/IP and DHCP Ethernet

N0115791

[ENTER]. The screen now displays

Setup

, as shown in Figure 14.

Page 59

Figure 14 Menu 3.2 – TCP/IP and DHCP Ethernet setup

Menu 3.2 - TCP/IP and DHCP Ethernet Setup

DHCP= Server TCP/IP Setup: Client IP Pool: Starting Address= 192.168.1.2 IP Address= 192.168.1.1 Size of Client IP Pool= 126 IP Subnet Mask= 255.255.255.0 First DNS Server= From ISP RIP Direction= None IP Address= N/A Version= N/A Second DNS Server= From ISP Multicast= None IP Address= N/A Edit IP Alias= No Third DNS Server= From ISP IP Address= N/A DHCP Server Address= N/A

Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

Follow the instructions in Table 8 to configure the DHCP fields.

Table 8 DHCP Ethernet setup menu fields

Field Description Example

Chapter 4 LAN setup 59

DHCP This field enables and disables the DHCP server.

If set to Server, your BCM50a Integrated Router will act as a DHCP server. If set to None, the DHCP server will be disabled.

Configuration:

Client IP Pool Starting Address

This field specifies the first of the contiguous addresses in the IP address pool.

BCM50a Integrated Router Configuration — Advanced

Server

192.168.1.2

Page 60

60 Chapter 4 LAN setup

Table 8 DHCP Ethernet setup menu fields

Field Description Example

Size of Client IP Pool

First DNS Server Second DNS Server Third DNS Server

This field specifies the size or count of the IP address pool.

The BCM50a Integrated Router passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients.

Select From ISP if your ISP dynamically assigns DNS server information (and the BCM50a Integrated Router's WAN IP address). The IP Address field below displays the (read-only) DNS server IP address that the ISP assigns. If you chose From ISP, but the BCM50a Integrated Router has a fixed WAN IP address, From ISP changes to None after you save your changes. If you chose From ISP for the second or third DNS server, but the ISP does not provide a second or third IP address, From ISP changes to None after you save your changes.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the IP Address field below. If you chose User-Defined, but leave the IP address set to

0.0.0.0, User-Defined changes to None after you save your changes. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you save your changes.

Select DNS Relay to have the BCM50a Integrated Router act as a DNS proxy. The BCM50a Integrated Router's LAN IP address displays in the IP Address field below (read-only). The BCM50a Integrated Router tells the DHCP clients on the LAN that the BCM50a Integrated Router itself is the DNS server. When a computer on the LAN sends a DNS query to the BCM50a Integrated Router, the BCM50a Integrated Router forwards the query to the BCM50a Integrated Router's system DNS server (configured in the SYSTEM General screen) and relays the response back to the computer. You can only select DNS Relay for one of the three servers; if you select DNS Relay for a second or third DNS server, that choice changes to None after you save your changes.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.

126

N0115791

Page 61

Chapter 4 LAN setup 61

Use the instructions in Table 9 to configure TCP/IP parameters for the LAN port.

Table 9 LAN TCP/IP setup menu fields

Field Description Example

TCP/IP Setup:

IP Address Enter the IP address of your BCM50a Integrated

Router in dotted decimal notation.

IP Subnet Mask Your BCM50a Integrated Router automatically

calculates the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the BCM50a Integrated Router.

RIP Direction Press [SPACE BAR] and then [ENTER] to select

the RIP direction. Options are: Both, In Only, Out Only or None.

Version Press [SPACE BAR] and then [ENTER] to select

the RIP version. Options are: RIP-1, RIP-2B or RIP-2M.

Multicast IGMP (Internet Group Multicast Protocol) is a

network-layer protocol used to establish membership in a Multicast group. The BCM50a Integrated Router supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2). Press [SPACE BAR] and then [ENTER] to enable IP Multicasting or select None (default) to disable it.

Edit IP Alias The BCM50a Integrated Router supports three

logical LAN interfaces via its single physical Ethernet interface with the BCM50a Integrated Router itself as the gateway for each LAN network. Press [SPACE BAR] to select Yes and then press [ENTER] to display menu 3.2.1.

192.168.1.1

(default)

255.255.255.0

Both

(default)

RIP-1

(default)

None

Yes

IP Alias Setup

You must use menu 3.2 to configure the first network. Move the cursor to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to

configure the second and third network.

Press [ENTER] to open Menu 3.2.1 - IP Alias Setup, as shown in Figure 15.

BCM50a Integrated Router Configuration — Advanced

Page 62

62 Chapter 4 LAN setup

Figure 15 Menu 3.2.1 – IP Alias setup

Menu 3.2.1 - IP Alias Setup

IP Alias 1= No

IP Address= N/A

IP Subnet Mask= N/A

RIP Direction= N/A

Version= N/A

Incoming protocol filters= N/A

Outgoing protocol filters= N/A

IP Alias 2= No

IP Address= N/A

IP Subnet Mask= N/A

RIP Direction= N/A

Version= N/A

Incoming protocol filters= N/A

Outgoing protocol filters= N/A

Enter here to CONFIRM or ESC to CANCEL:

Press Space Bar to Toggle.

Use the instructions in Table 10 to configure IP Alias parameters.s

Table 10 IP Alias setup menu field

Field Description Example

IP Alias Choose Yes to configure the LAN network for

the BCM50a Integrated Router.

IP Address Enter the IP address of your BCM50a

Integrated Router in dotted decimal notation.

IP Subnet Mask Your BCM50a Integrated Router automatically

calculates the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the BCM50a Integrated Router.

N0115791

Yes

192.168.1.1

255.255.255.0

Page 63

Chapter 4 LAN setup 63

Table 10 IP Alias setup menu field

Field Description Example

RIP Direction Press [SPACE BAR] and then [ENTER] to

select the RIP direction. Options are Both, In Only, Out Only or None.

Version Press [SPACE BAR] and then [ENTER] to

select the RIP version. Options are RIP-1, RIP-2B or RIP-2M.

Incoming Protocol Filters

Outgoing Protocol Filters

Enter the filter sets you wish to apply to the incoming traffic between this node and the BCM50a Integrated Router.

Enter the filter sets you wish to apply to the outgoing traffic between this node and the BCM50a Integrated Router.

None

RIP-1

BCM50a Integrated Router Configuration — Advanced

Page 64

64 Chapter 4 LAN setup

N0115791

Page 65

Chapter 5 Internet access

This chapter shows you how to configure your BCM50a Integrated Router for Internet access.

Internet access configuration

Using Menu 4 you can enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in Menu 11. Before you configure your BCM50a Integrated Router for Internet access, you must collect your Internet account information.

Use your Internet account information from your ISP to fill in this menu. Note that if you are using PPPoA or PPPoE encapsulation, the only ISP information you need is a logon name and password. You only need to know the Ethernet Encapsulation Gateway IP address if you are using ENET ENCAP encapsulation.

From the main menu, type 4 to display Menu 4 shown in the following figure.

BCM50a Integrated Router Configuration — Advanced

— Internet Access Setup, as

Page 66

66 Chapter 5 Internet access

Figure 16 Menu 4 – Internet Access Setup

ISP's Name= ChangeMe Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 8 VCI #= 35 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Dynamic IP Address= N/A Network Address Translation= SUA Only Address Mapping Set= N/A

Menu 4 - Internet Access Setup

Press ENTER to Confirm or ESC to Cancel:

Table 11 describes the fields in Figure 16.

Table 11 Menu 4 Internet access setup

Field Description Example

ISP’s Name Enter the name of your Internet Service Provider.

This information is for identification purposes only.

Encapsulation Press [SPACE BAR] to select the method of

encapsulation used by your ISP. Choices are PPPoE, PPPoA, RFC 1483, or ENET ENCAP.

Multiplexing Press [SPACE BAR] to select the method of

multiplexing used by your ISP. Choices are VC-based or LLC-based.

VPI # Enter the Virtual Path Identifier (VPI) that the

telephone company gives you.

VCI # Enter the Virtual Channel Identifier (VCI) that the

telephone company gives you.

My Login Configure the My Login and My Password fields for

PPPoA and PPPoE encapsulation only. Enter the username exactly as your ISP assigned.

My Password Enter the password associated with the logon name

above.

ENET ENCAP Gateway

Enter the gateway IP address supplied by your ISP when you are using ENET ENCAP encapsulation.

ChangeMe

ENET ENCAP

LLC-based

N/A

N0115791

Page 67

Chapter 5 Internet access 67

Table 11 Menu 4 Internet access setup (continued)

Field Description Example

Idle Timeout This value specifies the number of idle seconds that

elapse before the BCM50a Integrated Router automatically disconnects the PPPoE session.

IP Address Assignment

IP Address Enter the IP address supplied by your ISP, if

Network Address Translation

Address Mapping Set

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

Press [SPACE BAR] to select Static or Dynamic address assignment.

applicable.

Press [SPACE BAR] to select None, SUA Only or Full Feature. For more details about the single user account (SUA) feature, see “SUA (Single User

Account) Versus NAT” on page 89.

Type the numbers of mapping sets (1-8) to use with NAT. See the Chapter 9, “Network Address

Translation (NAT),” on page 89 for details.

Basic setup complete

You have successfully connected, installed, and set up your BCM50a Integrated Router to operate on your network, as well as access the Internet.

Dynamic

N/A

SUA Only

N/A

If all your settings are correct, your BCM50a Integrated Router can connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps.

Note: If the firewall is activated, the default policy can communicate with the Internet if the communication originates from the LAN, and blocks all traffic to the LAN that originates from the Internet.

You can deactivate the firewall in menu 21.2 or using the embedded WebGUI in the BCM50a Integrated Router. You can also define additional firewall rules or modify existing ones, but exercise extreme caution in doing so. For more information about the firewall, see BCM50a Integrated Router Configuration - Basics (N0115790).

BCM50a Integrated Router Configuration — Advanced

Page 68

68 Chapter 5 Internet access

N0115791

Page 69

Chapter 6 Remote Node setup

This chapter shows you how to configure a remote node.

Introduction to Remote Node setup

This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. When you use menu 4 to set up Internet access, you are configuring one of the remote nodes.

You first choose a remote node in Menu 11- Remote Node Setup. You can then edit that node’s profile in menu 11.1, as well as configure specific settings in three submenus: edit IP and bridge options in menu 11.3; edit ATM options in menu

11.6; and edit filter sets in menu 11.5.

Outgoing Authentication Protocol

Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons. However, some vendor’s implementation includes a specific authentication protocol in the user profile. It will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified. If you encounter a case where the peer disconnects right after a successful authentication, please make sure that you specify the correct authentication protocol when connecting to such an implementation.

BCM50a Integrated Router Configuration — Advanced

Page 70

70 Chapter 6 Remote Node setup

Nailed-Up Connection

A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The BCM50a Integrated Router does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the BCM50a Integrated Router will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.

Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern.

The following table describes the fields specific to PPPoE encapsulation.

Remote Node setup

This section describes the protocol-independent parameters for a remote node.

Remote Node profile

N0115791

To configure a remote node, follow these steps:

1 From the main menu, enter 11 to display Menu 11 - Remote Node Setup.

2 When menu 11 appears, as shown in the following figure, type the number of

the remote node that you want to configure.

Page 71

Chapter 6 Remote Node setup 71

Figure 17 Menu 11 – Remote Node Setup

Menu 11 - Remote Node Setup

1. ChangeMe (ISP, SUA)

2. -GUI (BACKUP_ISP, SUA)

Enter Node # to Edit:

Encapsulation and Multiplexing scenarios

For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your telephone company for information on encapsulation and multiplexing methods for LAN-to-LAN applications, for example between a branch office and corporate headquarters. There must be prior agreement on encapsulation and multiplexing methods because they cannot be automatically determined. What methods you use also depends on how many VCs you have and how many different network protocols you need. The extra overhead that ENET ENCAP encapsulation entails makes it a poor choice in a LAN-to-LAN application. Here are some examples of more suitable combinations in such an application.

• Scenario 1. One VC, Multiple Protocols

PPPoA (RFC-2364) encapsulation with VC-based multiplexing is the best combination because no extra protocol identifying headers are needed. The PPP protocol already contains this information.

• Scenario 2. One VC, One Protocol (IP)

BCM50a Integrated Router Configuration — Advanced

Page 72

72 Chapter 6 Remote Node setup

Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later.

• Scenario 3.Multiple VCs

If you have an equal number (or more) of VCs than the number of protocols, then select RFC-1483 encapsulation and VC-based multiplexing.

Figure 18 Menu 11.1 – Remote Node Profile

Menu 11.1 - Remote Node Profile

Rem Node Name= ChangeMe Route= IP Active= Yes Bridge= No

Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming: Telco Option: Rem Login= N/A Allocated Budget(min)= N/A Rem Password= N/A Period(hr)= N/A Outgoing: Schedule Sets= N/A My Login= N/A Nailed-Up Connection= N/A My Password= N/A Session Options: Authen= N/A Edit Filter Sets= No Idle Timeout(sec)= N/A

N0115791

Press ENTER to Confirm or ESC to Cancel:

Press Space Bar to Toggle.

Table 12 describes fields in Figure 18.

Table 12 Menu 11.1 Remote Node Profile

Field Description Example

Rem Node Name

Active Press [SPACE BAR] and then [ENTER] to select Yes to

Type a unique, descriptive name of up to eight characters for this node.

activate or No to deactivate this node. Inactive nodes are displayed with a minus sign “–“ in SMT menu 11.

myISP

Yes

Page 73

Chapter 6 Remote Node setup 73

Table 12 Menu 11.1 Remote Node Profile (continued)

Field Description Example

Encapsulation PPPoA refers to RFC-2364 (PPP Encapsulation over ATM

Adaptation Layer 5). If RFC-1483 (Multiprotocol Encapsulation over ATM

Adaptation Layer 5) of ENET ENCAP are selected, then the Rem Login, Rem Password, My Login, My Password and Authen fields are not applicable (N/A).

Multiplexing Press [SPACE BAR] and then [ENTER] to select the

method of multiplexing that your ISP uses, either VC-based or LLC-based.

Service Name When using PPPoE encapsulation, type the name of your

PPPoE service here.

Incoming:

Rem Login Type the login name that this remote node will use to call

your BCM50a Integrated Router. The login name and the Rem Password will be used to authenticate this node.

Rem Password

Outgoing:

My Login Type the login name assigned by your ISP when the

My Password Type the password assigned by your ISP when the BCM50a

Authen This field sets the authentication protocol used for outgoing

Route This field determines the protocol used in routing. Options

Bridge When bridging is enabled, your BCM50a Integrated Router

Edit IP/Bridge Press [SPACE BAR] to select Yes and press [ENTER] to

Type the password used when this remote node calls your BCM50a Integrated Router.

BCM50a Integrated Router calls this remote node.

Integrated Router calls this remote node.

calls. Options for this field are:

CHAP/PAP – Your BCM50a Integrated Router will accept either CHAP or PAP when requested by this remote node.

CHAP – accept CHAP (Challenge Handshake Authentication Protocol) only.

PAP – accept PAP (Password Authentication Protocol) only.

are IP and None.

will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. Select Yes to enable and No to disable.

display Menu 11.3 – Remote Node Network Layer Options.

ENET ENCAP

LLC-based

N/A

BCM50a Integrated Router Configuration — Advanced

Page 74

74 Chapter 6 Remote Node setup

Table 12 Menu 11.1 Remote Node Profile (continued)

Field Description Example

Edit ATM Options

Edit Advance Options

Telco Option

Allocated Budget (min)

Period (hr) This field is the time period that the budget should be reset.

Schedule Sets This field is only applicable for PPPoE and PPPoA

Nailed up Connection

Session Options

Edit Filter Sets

Idle Timeout (sec)

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

Press [SPACE BAR] to select Yes and press [ENTER] to display Menu 11.6 – Remote Node ATM Layer Options.

This field is only available when you select PPPoE in the Encapsulation field.

Press [SPACE BAR] to select Yes and press [ENTER] to display Menu 11.8 – Advance Setup Options. This field is not available on all models.

This sets a ceiling for outgoing call time for this remote node. The default for this field is 0 meaning no budget control.

For example, if we are allowed to call this remote node for a maximum of 10 minutes every hour, then the Allocated Budget is (10 minutes) and the Period (hr) is 1 (hour).

encapsulation. You can apply up to four schedule sets here. For more details please refer to the Call scheduling chapter.

This field is only applicable for PPPoE and PPPoA encapsulation. This field specifies if you want to make the connection to this remote node a nailed-up connection. More details are given earlier in this section.

Use [SPACE BAR] to choose Yes and press [ENTER] to open menu 11.5 to edit the filter sets. See the Remote Node

filter section for more details.

Type the number of seconds (0-9999) that can elapse when the BCM50a Integrated Router is idle (there is no traffic going to the remote node), before the BCM50a Integrated Router automatically disconnects the remote node. 0 means that the session will not timeout.

No (default)

Edit IP/Bridge

1 For the TCP/IP parameters, perform the following steps to edit Menu 11.3 –

Remote Node Network Layer Options as shown next.

N0115791

Page 75

Chapter 6 Remote Node setup 75

2 In menu 11.1, make sure IP is among the protocols in the Route field.

3 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select

Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network

Layer Options.

Figure 19 Menu 11.3 – Remote Node Network Layer Options

Menu 11.3 - Remote Node Network Layer Options

IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= N/A NAT= SUA Only Address Mapping Set= N/A Metric= 2 Private= No RIP Direction= None Version= RIP-1 Multicast= None

Enter here to CONFIRM or ESC to CANCEL:

Table 13 explains fields in Figure 19.

Table 13 Menu 11.3 Remote Node Network Layer Options

Field Description Example

IP Address Assignment

Rem IP Addr This is the IP address you entered in the previous menu.

Rem Subnet Mask

Press [SPACE BAR] and then [ENTER] to select Dynamic if the remote node is using a dynamically assigned IP address or Static if it is using a static (fixed) IP address. You will only be able to configure this in the ISP node (also the one you configure in menu 4),all other nodes are set to Static.

Type the subnet mask assigned to the remote node.

BCM50a Integrated Router Configuration — Advanced

Dynamic

Page 76

76 Chapter 6 Remote Node setup

Table 13 Menu 11.3 Remote Node Network Layer Options (continued)

Field Description Example

My WAN Addr Some implementations, especially UNIX derivatives,

require separate IP network numbers for the WAN and LAN links and each end to have a unique address within the WAN network number. In that case, type the IP address assigned to the WAN port of your BCM50a Integrated Router.

NOTE: Refers to local BCM50a Integrated Router address, not the remote router address.

NAT Press [SPACE BAR] and then [ENTER] to select Full

Address Mapping Set

Metric The metric represents the “cost” of transmission for

Private This determines if the BCM50a Integrated Router will

RIP Direction Press [SPACE BAR] and then [ENTER] to select the RIP

Version Press [SPACE BAR] and then [ENTER] to select the RIP

Feature if you have multiple public WAN IP addresses for your BCM50a Integrated Router.

Select SUA Only if you have just one public WAN IP address for your BCM50a Integrated Router. The SMT uses Address Mapping Set 255 (menu 15.1.255 - see

Figure 34).

Select None to disable NAT.

When Full Feature is selected in the NAT field, configure address mapping sets in menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Chapter 9,

“Network Address Translation (NAT),” on page 89 for

details) and type that number here. When SUA Only is selected in the NAT field, the SMT

uses NAT server set 1 in menu 15.2 (see Chapter 9,

“Network Address Translation (NAT),” on page 89 for

details).

routing purposes. IP routing uses hop count as the cost measurement, with a minimum of 1 for directly connected networks. Type a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.

include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast. If No, the route to this remote node will be propagated to other hosts through RIP broadcasts.

Direction. Options are Both, In Only, Out Only or None.

version. Options are RIP-1, RIP-2B or RIP-2M.

SUA Only

None

RIP-1

N0115791

Page 77

Chapter 6 Remote Node setup 77

Table 13 Menu 11.3 Remote Node Network Layer Options (continued)

Field Description Example

Multicast IGMP-v1 sets IGMP to version 1, IGMP-v2 sets IGMP to

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

Remote Node filter

Move the cursor to the field Edit Filter Sets in menu 11.1, and then press [SPACE BAR] to set the value to Yes. Press [ENTER] to open

Remote Node Filter.

Use menu 11.1.4 to specify the filter sets to apply to the incoming and outgoing traffic between this remote node and the BCM50a Integrated Router to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field. Note that spaces are accepted in this field. For more information on defining the filters, please refer to

Chapter 11, “Filter configuration. For PPPoE or PPPoA encapsulation, you have

the additional option of specifying remote node call filter sets.

None

version 2 and None disables IGMP.

Menu 11.1.4-

BCM50a Integrated Router Configuration — Advanced

Page 78

78 Chapter 6 Remote Node setup

Figure 20 Menu 11.1.4 – Remote Node Filter (Ethernet Encapsulation)

Menu 11.1.4 - Remote Node Filter

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

Enter here to CONFIRM or ESC to CANCEL:

Figure 21 Menu 11.1.4 – Remote Node Filter (PPPoE or PPPoA Encapsulation)

Menu 11.1.4 - Remote Node Filter

Input Filter Sets:

protocol filters=

Device filters=

Output Filter Sets:

protocol filters=

device filters=

Call Filter Sets:

protocol filters=

Device filters=

N0115791

Enter here to CONFIRM or ESC to CANCEL:

To configure the parameters for traffic redirect, see “Traffic redirect setup” on

page 55.

Page 79

Editing ATM Layer Options

Follow the steps shown next to edit Menu 11.6 – Remote Node ATM Layer Options.

In menu 11.1, move the cursor to the Edit ATM Options field and then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.6 – Remote Node ATM Layer Options.

There are two versions of menu 11.6 for the Contivity 251, depending on whether you chose VC-based/LLC-based multiplexing and PPP encapsulation in menu

11.1.

VC-based Multiplexing (non-PPP Encapsulation)

For VC-based multiplexing, by prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP. Separate VPI and VCI numbers must be specified for each protocol.

Figure 22 Menu 11.6 for VC-based Multiplexing

Chapter 6 Remote Node setup 79

Menu 11.6 - Remote Node ATM Layer Options

VPI/VCI (VC-Multiplexing)

VC Options for IP: VPI #= 8 VCI #= 35

Press ENTER to Confirm or ESC to Cancel:

Press Space Bar to Toggle.

VC Options for Bridge: VPI #= 1 VCI #= 36

LLC-based Multiplexing or PPP Encapsulation

For LLC-based multiplexing or PPP encapsulation, one VC carries multiple protocols with protocol identifying information being contained in each packet header.

BCM50a Integrated Router Configuration — Advanced

Page 80

80 Chapter 6 Remote Node setup

Figure 23 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation

VPI #= 8 VCI #= 35 ATM QoS Type= UBR

In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management of ATM traffic).

Advance Setup Options

In menu 11.1, select PPPoE in the Encapsulation field.

Menu 11.6 - Remote Node ATM Layer Options

VPI/VCI (LLC-Multiplexing or PPP-Encapsulation)

ENTER here to CONFIRM or ESC to CANCEL:

N0115791

Figure 24 Menu 11.1 – Remote Node Profile

Menu 11.1 - Remote Node Profile

Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= Edit Advance Options= Yes Incoming: Telco Option: Rem Login= Allocated Budget(min)= 0 Rem Password= ******** Period(hr)= 0 Outgoing: Schedule Sets= My Login= ChangeMe Nailed-Up Connection= No My Password= ******** Session Options: Authen= CHAP/PAP Edit Filter Sets= No Idle Timeout(sec)= 0

Press ENTER to Confirm or ESC to Cancel:

Page 81

Chapter 6 Remote Node setup 81

Move the cursor to the Edit Advance Options field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.8 – Advance Setup Options.

Figure 25 Menu 11.8 – Advance Setup Options

Menu 11.8 - Advance Setup Options

PPPoE pass-through = No

Press ENTER to Confirm or ESC to Cancel:

Table 14 describes the fields in Figure 25.

Table 14 Menu 11.8 Advance Setup Options

Field Description

PPPoE pass-through Press [SPACE BAR] to select Yes and press [ENTER] to enable

PPPoE pass through. In addition to the Contivity 251's built-in PPPoE client, you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Contivity 251. Each host can have a separate account and a public WAN IP address.

PPPoE pass through is an alternative to NAT for application where NAT is not appropriate.

Press [SPACE BAR] to select No and press [ENTER] to disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.

BCM50a Integrated Router Configuration — Advanced

Page 82

82 Chapter 6 Remote Node setup

N0115791

Page 83

Chapter 7 IP Static Route Setup

This chapter shows you how to configure static routes with your BCM50a Integrated Router.

IP Static Route Setup

Enter 12 from the main menu. Select one of the IP static routes as shown in

Figure 26 to configure IP static routes in menu 12. 1.

BCM50a Integrated Router Configuration — Advanced

Page 84

84 Chapter 7 IP Static Route Setup

Figure 26 Menu 12 – IP Static Route Setup

Menu 12 - IP Static Route Setup

1. Reserved

2. ________

3. ________

4. ________

5. ________

6. ________

7. ________

8. ________

9. ________

10. ________

11. ________

12. ________

Enter selection number:

N0115791

Now, enter the index number of the static route that you want to configure. The reserved entry is for the WAN interface and you cannot edit it here.

Page 85

Figure 27 Menu 12.1 – Edit IP Static Route

Menu 12.1 - Edit IP Static Route

Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No

Press ENTER to CONFIRM or ESC to CANCEL:

Table 15 describes the fields in Figure 27.

Table 15 IP Static Route Menu Fields

Field Description

Route # This is the index number of the static route that you chose in menu 12.

Route Name Enter a descriptive name for this route. This is for identification

Active This field allows you to activate or deactivate this static route.

Destination IP Address

IP Subnet Mask Enter the IP subnet mask for this destination.

Gateway IP Address

Metric Enter a number from 1 to 15 to set the priority for the route among the

Chapter 7 IP Static Route Setup 85

purposes only.

This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.

Enter the IP address of the gateway. The gateway is an immediate neighbor of your BCM50a Integrated Router that forwards the packet to the destination. On the LAN, the gateway must be a router on the same segment as your BCM50a Integrated Router; over the WAN, the gateway must be the IP address of one of the remote nodes.

BCM50a Integrated Router routes. The smaller the number, the higher priority the route has.

BCM50a Integrated Router Configuration — Advanced

Page 86

86 Chapter 7 IP Static Route Setup

Table 15 IP Static Route Menu Fields

Field Description

Private This parameter determines if the BCM50a Integrated Router includes

the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast. If No, the route to this remote node is propagated to other hosts through RIP broadcasts.

After you complete filling in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel.

N0115791

Page 87

Chapter 8 Dial-in User Setup

This chapter shows you how to create user accounts on the BCM50a Integrated Router.

Dial-in User Setup

By storing user profiles locally, your BCM50a Integrated Router can authenticate users without interacting with a network RADIUS server.

Follow the steps below to set up user profiles on your BCM50a Integrated Router.

From the main menu, enter 14 to display Menu 14 - Dial-in User Setup.

Figure 28 Menu 14 – Dial-in User Setup

Menu 14 - Dial-in User Setup

1. ________ 9. ________ 17. ________ 25. ________

2. ________ 10. ________ 18. ________ 26. ________

3. ________ 11. ________ 19. ________ 27. ________

4. ________ 12. ________ 20. ________ 28. ________

5. ________ 13. ________ 21. ________ 29. ________

6. ________ 14. ________ 22. ________ 30. ________

7. ________ 15. ________ 23. ________ 31. ________

8. ________ 16. ________ 24. ________ 32. ________

Enter Menu Selection Number:

Type a number and press [ENTER] to edit the user profile.

BCM50a Integrated Router Configuration — Advanced

Page 88

88 Chapter 8 Dial-in User Setup

Figure 29 Menu 14.1 – Edit Dial-in User

Menu 14.1 - Edit Dial-in User

User Name= test Active= Yes Password= ******** Press ENTER to Confirm or ESC to Cancel: Leave name field blank to delete profile

Table 16 describes the fields in Figure 29.

Table 16 Menu 14.1- Edit Dial-in User

Field Description

User Name Enter a username up to 31 alphanumeric characters long for this

Active Press [SPACE BAR] to select Yes and press [ENTER] to enable the

Password Enter a password up to 31 characters long for this user profile.

user profile. This field is case sensitive.

user profile.

After you complete this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.

N0115791

Page 89

Chapter 9 Network Address Translation (NAT)

This chapter discusses how to configure NAT on the BCM50a Integrated Router.

Using NAT

Note: You must create a firewall rule in addition to setting up SUA/

NAT, to allow traffic from the WAN to be forwarded through the BCM50a Integrated Router.

SUA (Single User Account) Versus NAT

SUA (Single User Account) is an implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. For a detailed description of NAT set for SUA, see“Address Mapping Sets” on page 92. The BCM50a Integrated Router also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.

Note: Choose SUA Only if you have just one public WAN IP address

for your BCM50a Integrated Router.

Choose Full Feature if you have multiple public WAN IP addresses for your BCM50a Integrated Router.

Applying NAT

You apply NAT via menus 4 or 11.3 (Figure 31 on page 91). Figure 30 shows you how to apply NAT for Internet access in menu 4. Enter 4 from the main menu to go to Menu 4 - Internet Access Setup.

BCM50a Integrated Router Configuration — Advanced

Page 90

90 Chapter 9 Network Address Translation (NAT)

Figure 30 Menu 4 – Applying NAT for Internet Access

ISP's Name= ChangeMe Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 8 VCI #= 35 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Dynamic IP Address= N/A

Network Address Translation= SUA Only

Address Mapping Set= N/A

Menu 4 - Internet Access Setup

Press ENTER to Confirm or ESC to Cancel:

Figure 31 shows how you apply NAT to the remote node in menu 11.1.

Enter 11 from the main menu.

Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes and then press [ENTER] to bring up Menu 11.3 - Remote Node Network Layer

Options.

N0115791

Page 91

Chapter 9 Network Address Translation (NAT) 91

Figure 31 Menu 11.3 – Applying NAT to the Remote Node

Menu 11.3 - Remote Node Network Layer Options

IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= SUA Only Address Mapping Set= N/A Metric= 15 Private= No RIP Direction= None Version= RIP-1 Multicast= None

Enter here to CONFIRM or ESC to CANCEL:

Press Space Bar to Toggle.

Table 17 describes the fields in Figure 31.

Table 17 Applying NAT in Menus 4 & 11.3

Field Description Options

Network Address Translation

When you select this option the SMT uses Address

Full Feature Mapping Set 1 (menu 15.1 - “Address Mapping Sets” on

page 92 for further discussion). Choose Full Feature if you

have multiple public WAN IP addresses for your BCM50a Integrated Router.

When you select Full Feature you must configure at least one address mapping set!

NAT is disabled when you select this option. None

When you select this option the SMT uses Address

SUA Only Mapping Set 255 (menu 15.1 - “Address Mapping Sets” on

page 92). Choose SUA Only if you have just one public

WAN IP address for your BCM50a Integrated Router.

BCM50a Integrated Router Configuration — Advanced

Page 92

92 Chapter 9 Network Address Translation (NAT)

NAT setup

Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN. You can see two NAT address mapping sets in menu 15.1. You can only configure Set 1. Set 255 is used for SUA. When you select Full Feature in menu 4 or 11.3, the SMT uses Set 1. When you select SUA Only, the SMT uses the pre-configured Set 255 (read only).

The server set is a list of LAN servers mapped to external ports. To use this set, a server rule must be set up inside the NAT address mapping set. To configure NAT, enter 15 from the main menu to bring up the screen shown in Figure 32.

Figure 32 Menu 15 – NAT Setup

Menu 15 — NAT Setup

1. Address Mapping Sets

2. Port Forwarding Setup

3. Trigger Port Setup

Address Mapping Sets

N0115791

Enter Menu Selection Number:

Note: Configure LAN IP addresses in NAT menus 15.1 and 15.2.

Enter 1 to bring up Menu 15.1—Address Mapping Sets.

Page 93

Figure 33 Menu 15.1 – Address Mapping Sets

Menu 15.1 — Address Mapping Sets

1. NAT_SET

255. SUA (read only)

Enter Menu Selection Number:

SUA Address Mapping Set

Enter 255 to display the screen shown in Figure 34 (see “SUA (Single User

Account) Versus NAT” on page 89). The fields in this menu cannot be changed.

Chapter 9 Network Address Translation (NAT) 93

BCM50a Integrated Router Configuration — Advanced

Page 94

94 Chapter 9 Network Address Translation (NAT)

Figure 34 Menu 15.1.255 – SUA Address Mapping Rules

Menu 15.1.255 - Address Mapping Rules

Set Name= SUA

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1

2. 0.0.0.0 Server

10.

Press ENTER to Confirm or ESC to Cancel:

Table 18 explains the fields in Figure 34.

Note: Menu 15.1.255 is read-only.

Table 18 SUA Address Mapping Rules

Field Description Example

Set Name This is the name of the set you selected in menu

15.1 or enter the name of a new set you want to create.

Idx This is the index or rule number. 1

Local Start IP Local Start IP is the starting local IP address (ILA). 0.0.0.0

N0115791

SUA

Page 95

Chapter 9 Network Address Translation (NAT) 95

Table 18 SUA Address Mapping Rules

Field Description Example

Local End IP Local End IP is the ending local IP address (ILA). If

the rule is for all local IPs, then the start IP is 0.0.0.0 and the end IP is 255.255.255.255.

Global Start IP This is the starting global IP address (IGA). If you

have a dynamic IP, enter 0.0.0.0 as the Global Start IP.

Global End IP This is the ending global IP address (IGA).

Type These are the mapping types discussed above. With

Server, you can specify multiple servers of different types behind NAT to this machine. Examples is found in the section “General NAT examples” on

page 103.

After you configure a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel.

255.255.255.255

0.0.0.0

Server

User-Defined Address Mapping Sets

Go to menu 15.1. Enter 1 to bring up the menu shown in figure below. Look at the differences from the previous menu. Note the extra Action and Select Rule fields means you can configure rules in this screen. Note also that the [?] in the Set Name field means that this is a required field and you must enter a name for the set.

Note: The entire set is deleted if you leave the Set Name field blank and press [ENTER] at the bottom of the screen.

BCM50a Integrated Router Configuration — Advanced

Page 96

96 Chapter 9 Network Address Translation (NAT)

Figure 35 Menu 15.1.1: First Set

Menu 15.1.1 - Address Mapping Rules

Set Name= NAT_SET

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

10.

Action= Edit Select Rule=

Press ENTER to Confirm or ESC to Cancel:

Note: The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed on the screen shown in Figure 36.

Ordering your rules

Ordering your rules is important because the BCM50a Integrated Router applies the rules in the order that you specify. When a rule matches the current packet, the BCM50a Integrated Router takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule,

N0115791

Page 97

Chapter 9 Network Address Translation (NAT) 97

your configured rule is pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9.

If you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rule 5 becomes rule 4, old rule 6 becomes rule 5 and old rule 7 becomes rule 6.

Table 19 Fields in menu 15.1.1

Field Description Example

Set Name Enter a name for this set of rules. This is a required field. If

this field is left blank, the entire set is deleted.

Action The default is Edit. Edit means you want to edit a selected

rule (see following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule are then moved down by one rule. Delete means to delete the selected rule and all the rules after the selected one advance one rule. None disables the Select Rule item.

Select Rule When you choose Edit, Insert Before or Delete in the

previous field, the cursor jumps to this field so you can select the rule to apply the action in question.

NAT_SET

Edit

Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken.

Selecting Edit in the Action field and then selecting a rule brings up the menu shown in Figure 36, Menu 15.1.1.1

- Address Mapping Rule in which you can

edit an individual rule and configure the Type, Local and Global Start/End IPs.

Note: An IP End address must be numerically greater than its corresponding IP Start address.

BCM50a Integrated Router Configuration — Advanced

Page 98

98 Chapter 9 Network Address Translation (NAT)

Figure 36 Menu 15.1.1.1: Editing or configuring an individual rule in a set

Menu 15.1.1.1 Address Mapping Rule

Type= One-to-One

Local IP:

Start=

End = N/A

Global IP:

Start=

End = N/A

Press ENTER to Confirm or ESC to Cancel:

N0115791

Table 20 describes the fields in Figure 36.

Table 20 Menu 15.1.1.1: Editing or configuring an individual rule in a set

Field Description Example

Type Press [SPACE BAR] and then [ENTER] to select from a total

of five types. If you choose Server, you can specify multiple servers of different types behind NAT to this computer. See

“Example 3: Multiple public IP addresses with inside servers” on page 106 for an example.

Local IP

Only local IP fields are N/A for server; Global IP fields must be set for Server.

Start

Enter the starting local IP address (ILA). 0.0.0.0

End Enter the ending local IP address (ILA). If the rule is for all

local IPs, then put the Start IP as 0.0.0.0 and the End IP as

255.255.255.255. This field is N/A for One-to-One and Server types.

One-to-On

N/A

Page 99

Chapter 9 Network Address Translation (NAT) 99

Table 20 Menu 15.1.1.1: Editing or configuring an individual rule in a set

Field Description Example

Global IP Start

End Enter the ending global IP address (IGA). This field is N/A for

Enter the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global IP Start. Note that

Global IP Start can be set to 0.0.0.0 only if the types are Many-to-One or Server.

One-to-One, Many-to-One and Server types.

After you finish configuring a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel.

0.0.0.0

N/A

Configuring a server behind NAT

Note: If you do not assign a Default Server IP address, the BCM50a Integrated Router

discards all packets received for ports that are not specified here or in the remote management setup.

Follow these steps to configure a server behind NAT:

1 Enter 15 in the main menu to go to Menu 15 - NAT Setup.

2 Enter 2 to go to Menu 15.2 - NAT Server Setup.

BCM50a Integrated Router Configuration — Advanced

Page 100

100 Chapter 9 Network Address Translation (NAT)

Figure 37 Menu 15.2 – NAT Server Sets

Menu 15.2 - NAT Server Setup

Default Server: 0.0.0.0 Rule Act. Start Port End Port IP Address

----------------------------------------------------- 001 No 0 0 0.0.0.0 002 No 0 0 0.0.0.0 003 No 0 0 0.0.0.0 004 No 0 0 0.0.0.0 005 No 0 0 0.0.0.0 006 No 0 0 0.0.0.0 007 No 0 0 0.0.0.0 008 No 0 0 0.0.0.0 009 No 0 0 0.0.0.0 010 No 0 0 0.0.0.0

Select Command= None Select Rule= N/A Press ENTER to Confirm or ESC to Cancel:

3 Select Edit Rule in the Select Command field; type the index number of the

NAT server you want to configure in the Select Rule field and press [ENTER] to open Menu 15.2.1 - NAT Server Configuration (see the next figure).

N0115791

Nortel BCM50a User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Figures

Tables

Preface

Before you begin

Text conventions

Related publications

Hard-copy technical manuals

How to get help

USA and Canada Authorized Distributors

EMEA (Europe, Middle East, Africa)

CALA (Caribbean & Latin America)

APAC (Asia Pacific)

Introducing the BCM50a Integrated Router

Features

Physical features

Nonphysical features

Applications for the BCM50a Integrated Router

Secure broadband internet access and VPN

Introduction to the SMT

Initial screen

Logging on to the SMT

Navigating the SMT interface

Main menu

Changing the system password

SMT menus at a glance

SMT menu 1 - general setup

Introduction to general setup

Configuring general setup

Configuring dynamic DNS

Introduction to WAN setup

WAN setup

Traffic redirect setup

Introduction to LAN setup

Accessing the LAN menus

LAN port filter setup

TCP/IP and DHCP ethernet setup menu

IP Alias Setup

Internet access configuration

Basic setup complete

Introduction to Remote Node setup

Outgoing Authentication Protocol

Nailed-Up Connection

Remote Node setup

Remote Node profile

Encapsulation and Multiplexing scenarios

Edit IP/Bridge

Remote Node filter

Editing ATM Layer Options

VC-based Multiplexing (non-PPP Encapsulation)

LLC-based Multiplexing or PPP Encapsulation

Advance Setup Options

IP Static Route Setup

Dial-in User Setup

Using NAT

SUA (Single User Account) Versus NAT

Applying NAT

NAT setup

Address Mapping Sets

Configuring a server behind NAT