Netopia Router
Chapter 1 — Introduction.......................................................... 1-1
How to use this guide .................................................... 1-2
Netopia models.................................................... 1-3
Connecting to the Advanced Configuration screens ........... 1-4
Connecting a modem to the SmartPort ................... 1-4
Navigating through the Advanced Configuration
screens ........................................................................ 1-6
Keyboard navigation .............................................. 1-7
Chapter 2 — Configuring ISDN and Leased Line Connections....... 2-1
ISDN WAN Setup ........................................................... 2-2
ISDN line configuration ......................................... 2-2
Leased line WAN Setup .................................................. 2-5
Leased line configuration ...................................... 2-6
Connection profiles for ISDN and Leased lines ............... 2-13
Frame Relay configuration ................................... 2-31
Frame Relay DLCI configuration ........................... 2-34
Default profile.............................................................. 2-39
How the default profile works
for a switched circuit .......................................... 2-40
How the default profile works
for a permanent circuit ....................................... 2-45
Call acceptance scenarios .................................. 2-47
WAN IP Address Serving............................................... 2-48
Scheduled connections ................................................ 2-49
CSU Backup ................................................................ 2-55
Chapter 3 — Connecting Your Local Network .............................. 3-1
Overview........................................................................ 3-1
Reference Guide
Readying computers on your local network....................... 3-2
Connecting to a LocalTalk network—
for 400 series models .................................................... 3-3
Connecting to an Ethernet network.................................. 3-4
EtherWave ........................................................... 3-5
10Base-T............................................................. 3-7
Thick and Thin Ethernet ........................................ 3-8
Chapter 4 — IP Setup ............................................................... 4-1
Key Features of IP Network Address Translation ...... 4-1
Using NAT ..................................................................... 4-2
Associating port numbers with nodes .............................. 4-4
NAT guidelines ..................................................... 4-5
IP setup ........................................................................ 4-6
Static routes ...................................................... 4-11
IP address serving....................................................... 4-16
MacIP (Kip Forwarding) Options ........................... 4-22
Chapter 5 — IPX Setup .............................................................. 5-1
IPX Definitions ............................................................... 5-1
IPX setup............................................................. 5-4
IPX in the answer profile ....................................... 5-7
IPX filters ...................................................................... 5-8
IPX packet filters ................................................ 5-10
IPX packet filter sets .......................................... 5-11
IPX SAP filters .................................................... 5-14
IPX SAP filter sets .............................................. 5-16
IPX routing tables ........................................................ 5-19
Chapter 6 — AppleTalk Setup ..................................................... 6-1
AppleTalk networks ........................................................ 6-1
MacIP.................................................................. 6-4
AURP................................................................... 6-4
Routers and seeding ............................................ 6-5
AppleTalk Setup for Small Office models.......................... 6-7
AppleTalk Setup for Corporate models ............................. 6-9
EtherTalk Setup.................................................... 6-9
LocalTalk Setup.................................................. 6-11
AURP setup ....................................................... 6-12
Chapter 7 — Security................................................................ 7-1
Suggested security measures ......................................... 7-2
User accounts ............................................................... 7-2
Telnet access ................................................................ 7-5
About filters and filter set ............................................... 7-6
What’s a filter and what’s a filter set?.................... 7-6
How filter sets work.............................................. 7-6
How individual filters work..................................... 7-9
Design guidelines ............................................... 7-15
Working with IP filters and filter sets .............................. 7-16
Adding a filter set ............................................... 7-17
Viewing filter sets ............................................... 7-23
Modifying filter sets ............................................ 7-24
Deleting a filter set............................................. 7-24
A sample IP filter set .......................................... 7-25
Chapter 8 — Token Security Authentication ................................ 8-1
Securing network environments ...................................... 8-1
Using the SecurID token card ......................................... 8-2
Personal identification number (PIN) ...................... 8-2
Key Security Authentication Features of the Netopia
Router................................................................. 8-2
Security authentication components ................................ 8-3
Configuring the Netopia Router
for security authentication .............................................. 8-4
Initiating a connection call using
security authentication ................................................... 8-5
Reference Guide
Establishing a dial-on-demand (DOD)
connection call..................................................... 8-5
Establishing a manual connection call ................... 8-8
Troubleshooting............................................................. 8-9
Chapter 9 — Monitoring Tools ................................................... 9-1
Status overview............................................................. 9-1
General Status ..................................................... 9-2
Current Status ..................................................... 9-3
LED Status .......................................................... 9-4
Statistics ...................................................................... 9-5
Event Histories .............................................................. 9-9
Routing Tables ............................................................. 9-12
Call Accouting.............................................................. 9-15
SNMP ......................................................................... 9-17
sysObjectID and sysDescr................................... 9-18
The SNMP Setup screen ..................................... 9-19
SNMP traps ....................................................... 9-20
Chapter 10 — Utilities and Tests .............................................. 10-1
Setting the system date and time ................................. 10-2
Ping............................................................................ 10-3
Tracing a route ............................................................ 10-7
Upgrading the Netopia Router....................................... 10-8
Restarting the system.................................................. 10-8
Factory defaults ........................................................... 10-9
The ISDN loopback test................................................ 10-9
Console configuration................................................. 10-11
Transferring configuration and firmware files
with XMODEM............................................................ 10-12
Using the console port ..................................... 10-12
Using the SmartPort......................................... 10-13
Updating firmware ............................................ 10-14
Downloading configuration files ......................... 10-15
Uploading configuration files ............................. 10-16
Transferring configuration and firmware files
with TFTP .................................................................. 10-17
Updating firmware ............................................ 10-18
Downloading configuration files ......................... 10-19
Uploading configuration files ............................. 10-20
Appendix A — Troubleshooting .................................................. A-1
Power outages ..................................................... A-1
Configuration problems ......................................... A-1
Console connection problems ............................... A-2
ISDN problems..................................................... A-2
Frame Relay problems .......................................... A-4
Network problems ................................................ A-5
Internal termination switch ............................................. A-6
Technical support .......................................................... A-7
How to reach us ................................................... A-8
Appendix B — Understanding IP Addressing ............................... B-1
What is IP?.................................................................... B-1
About IP addressing ....................................................... B-2
Subnets and subnet masks .................................. B-3
Example: Using subnets on a Class C IP internet.... B-5
Example: Working with a Class C subnet................ B-8
Distributing IP addresses ............................................... B-9
Manually distributing IP addresses ...................... B-10
Using address serving........................................ B-10
Tips and rules for distributing IP addresses .......... B-10
Nested IP subnets ....................................................... B-13
Broadcasts.................................................................. B-16
Packet header types ........................................... B-16
Appendix C — ISDN Configuration Guide .................................... C-1
Definitions ..................................................................... C-1
Reference Guide
About SPIDs .................................................................. C-2
Example SPIDs .................................................... C-3
Second directory number ............................................... C-3
Switch-specific uses ............................................. D-3
Backup number.................................................... D-4
Dynamic B-channel usage ............................................... D-4
Other incoming call restrictions ............................. D-5
Appendix D — ISDN, DDS/ ADN, and T1 Events ........................... D-1
Leased line events ......................................................... D-2
ISDN events .................................................................. D-2
ISDN event cause codes ....................................... D-3
Appendix E — Further Reading .................................................. E-1
Chapter 1
Your Netopia Router offers Advanced Configuration features in
addition to the Easy Setup features. The advanced feature screens
are accessed through the Main Menu of the Router’s console
configuration screen. This Reference Guide documents the advanced
features, including advanced testing, security, monitoring, and
configuration features. This Reference Guide should be used as a
companion to the Easy Setup configuration instructions in the Netopia
Router Getting Started guide. You should read the Getting Started
guide before reading this Reference Guide.
This chapter introduces the Reference Guide and tells you how to use
it efficiently. You will also learn about different methods of accessing
the configuration screens. Finally, you will learn how to locate and go
to particular configuration screens.
e r
G o
T r a f f i c
T r a f f i c
P C c a r d
G o
T r a f f i c
l l i s i o
T r a n s m i t
L i n k
e c e i v
L i n k
e c e i v
Reference Guide
How to use this guide
You can also use this summary to locate relevant sections:
page 2-2.
Setup” on page 2-5.
ISDN and Leased lines” on page 2-13.
“Default profile” on page 2-39.
“Restarting the system” on page 10-8.
profile, see “Establishing a WAN Connection” on page 2-30.
400 Netopia series
models only
“AURP setup” on page 6-12.
To configure dynamic IP address service (DHCP, MacIP, or
BOOTP), see “IP address serving” on page 4-16.
For testing network connections, see “The ISDN loopback test”
on page 10-9 to test a switched ISDN line, and “Ping” on
page 10-3 to test connections to IP hosts.
For IP filters, see “About filters and filter sets” on page 7-6 and
“Working with IP filters and filter sets” on page 7-16.
configuration and firmware files with XMODEM” on page 10-12 or
“Transferring configuration and firmware files with TFTP” on
page 10-17.
To secure your network with SecurID, see Chapter 8, “Token
Security Authentication.”
Use the guide’s table of contents and index to locate sections on
other topics.
The appendices of this guide offer helpful information, such as
troubleshooting tips and a technical support guide.
Netopia models
This Reference Guide covers all of the Netopia Router models.
However some information in this guide will only apply to a specific
See the Netopia Router’s Release Notes for more information, or call
Farallon Customer Service.
Screen differences
Because different Netopia Router models offer different features and
interfaces, the options shown on some screens in this Reference
Guide may not appear on your own particular Netopia Router’s
console screen.
These differences are explained throughout the manual.
Reference Guide
Connecting to the Advanced Configuration screens
There are three ways to connect to the Netopia Router’s advanced
configuration screens:
Started Guide)
Using Telnet with the Router’s Ethernet port IP address (cannot
be used for initial configuration)
Over analog phone lines using a modem and terminal emulation
software (see “Connecting a modem to the SmartPort,” below)
You can also retrieve the Netopia Router’s configuration information
and remotely set its parameters using the Simple Network
Management Protocol (see “SNMP” on page 9-17).
Note: Web-based management does not support advanced
Connecting a modem to the SmartPort
The Netopia Router has a SmartPort (also known as a PC Card port or
has two Type II slots and is located on the router’s left side behind a
pull-down cover.
You may want to attach a Farallon approved PC Card modem to the
Netopia Router to remotely configure it or to upgrade its firmware (see
“Updating firmware” on page 10-14 or page 10-18.) Contact Farallon
Customer Service for information on Farallon approved PC Card
Follow the manufacturer’s instructions when unpacking and preparing
to use the PC Card modem. One end of the telephone cable connects
to your modem, while the other end (RJ-11) connects to an analog
telephone line wall socket (not an ISDN or leased line).
PC Card
To attach the modem to the Netopia Router, pull down the rubber door
that covers its SmartPort slots and insert the modem. You can use
either slot.
Inserting a PC Card (PCMCIA) modem into the exposed SmartPort slot.
Reference Guide
Navigating through the Advanced Configuration screens
To help you find your way to particular screens, some sections in this
guide begin with a graphical path guide similar to the following
• ISDN Line Config.
• Connection Profiles
• Answer Profile
This particular path guide shows how to get to the WAN Setup
screens. The path guide represents these steps:
1. Beginning in the Main Menu, select the Advanced Configuration
item and press Return.
2. Select the WAN Setup item in the Advanced Configuration screen
and press Return.
3. Select the ISDN Line Configuration, Connection Profiles, or
Answer Profile item in the WAN Setup screen and press Return.
To go back in this sequence of screens, use the Escape key.
Keyboard navigation
Use your keyboard to navigate the Netopia Router’s configuration
screens, enter and edit information, and make choices. The following
table lists the navigation keys.
Use These Keys...
Move through selectable items in a
screen or pop-up menu
Up, Down, Left, and
Right Arrow
Execute action of a selected item or
open a pop-up menu of options for a
selected item
Return or Enter
Change a toggle value
(Yes/ No, On/ Off)
Restore an entry or toggle value to
its previous value
Move one item up
Ctrl + k
Ctrl + j
Move one item down
Dump the device event log
Dump the ISDN event log
Refresh the screen
Go to topmost selectable item
Go to bottom right selectable item
Chapter 2
Configuring ISDN and Leased Line Connections
make and receive network connections over an ISDN or leased line
and how to control those connections. Topics include:
“Leased line WAN Setup” on page 2-5 shows you how to
outgoing calls.
page 2-13, shows you how to configure connection profiles for
your ISDN, SA/ Serial, DDS, or T1 Netopia Router.
set up an answer profile for incoming calls.
“WAN IP Address Serving,” beginning on page 2-48, discusses
from an address pool.
“Scheduled connections,” beginning on page 2-49, shows you
how to control the dates and times when connection profiles
can be used.
“CSU Backup,” beginning on page 2-55, describes how to
automatically switch from an internal CSU to the SA port during
a leased line failure.
Note: Netopia Router models offering different feature sets will
have variations in the fields on certain screens. For example, there
are switched (dial-up) or permanent (nailed-up) circuit ISDN or
leased line models, as well as models that offer feature subsets
such as AppleTalk, SmartIP (Network Address Translation and WAN
IP Address Serving) and SmartPhone (Plain Old Telephone Service).
Your own Advanced Configuration screens may look different from
those illustrated in this chapter.
Reference Guide
• Line Configuration
• Connection Profiles
• Default Answer Profile
The ISDN WAN Setup screen has three subscreens, each involving a
different aspect of using the ISDN line to control connections to
remote IP or IPX networks.
Note: If you have completed Easy Setup (see the Getting Started
Guide), the information you have already entered will appear in
some of the Advanced Configuration screens.
To go to the WAN Setup screen, select WAN Setup in the Advanced
Configuration screen and press Return. A screen similar to the
following appears:
WAN Setup
Line Configuration...
Connection Profiles...
Default Answer Profile...
From here you will configure yours and the remote sites' WAN information.
ISDN line configuration
Enter the information provided by your telephone service provider in
the ISDN Line Configuration screen. Use the information recorded in
the Getting Started Guide’s ISDN worksheet as a reference when
specifying this configuration information.
To go to the ISDN Line Configuration screen, select Line
Configuration in the WAN Setup screen. Press Return, and the ISDN
Line Configuration screen appears.
Configuring ISDN and Leased Line Connections
Note: If your ISDN Line Configuration screen contains items that
are not discussed in this section, such as SPIDs, see Appendix C,
“ISDN Configuration Guide.”
The ISDN Line Configuration screen consists of up to three pop-up
menus and up to four editable fields.
North America ISDN
models only
ISDN Line Configuration
Circuit Type...
Switch Type...
National ISDN-1 (NI-1)
Directory Number 1:
Directory Number 2:
Data Link Encapsulation...
Return/Enter goes to new screen.
Enter information supplied to you by your ISDN phone company.
1. Select Circuit Type and press Return. From the pop-up menu,
highlight Switched if you have an ISDN switched line, or
Permanent if you have a dedicated or leased ISDN line. Press
If you select Switched, go to step 3. If you select Permanent, go
to step 2.
Note: The Switch Type, SPIDs, and Directory Numbers apply
only to Switched ISDN service. If you select Permanent, these
fields are not displayed.
2. If you select Permanent as your circuit type, select B-Channel
Reference Guide
ISDN Line Configuration
Circuit Type...
B-Channel Usage...
Data Link Encapsulation...
Enter information supplied to you by your ISDN phone company.
From the pop-up menu, select the appropriate B-channel, such
as B1, B2, or Both. Then go to step 7.
Note: A permanent ISDN circuit type only supports 64 kbps
and 128 kbps B-channel usages.
3. Select Switch Type and press Return. From the pop-up menu,
select the switch protocol your ISDN service provider uses.
Observe these guidelines:
NI-1 can appear on an AT&T 5ESS or a Northern Telecom
DMS-100 Switch. Do not confuse it with a custom ISDN
implementation, which also appears on these two
Outside North America
models only
Countries not shown in the list may use the generic
EuroISDN protocol.
North America models
4. Select SPID 1 and enter the primary SPID number. If you did
not receive a SPID (AT&T 5ESS custom point-to-point switches
have no SPID), you should skip this and the following step.
North America models
5. If you have a second SPID, select SPID 2 and enter the
secondary SPID number.
Note: SPID1 and SPID2 are not displayed for models outside
North America.
Configuring ISDN and Leased Line Connections
6. Select Directory Number 1 and enter the primary directory
number as you would dial it, including any required prefixes
(such as area, access, and long-distance dialing codes). Press
Note: If you select an IDSL (Pt-to-Pt) switch, the Directory
Number 1 field will default to 555-1234.
Since an IDSL line is already physically hooked up in a pt-to-pt
configuration, a specific directory number is not necessary.
However, the Netopia Router does require a directory number in
this field to allow a connection to dial out.
7. If you have a second directory number, select Directory
Number 2 and enter the secondary directory number as you
would dial it, including any required prefixes (such as area,
access, and long-distance dialing codes). Press Return.
8. Select Data Link Encapsulation and highlight the method of
encapsulation that you want to use from the pop-up menu. The
choices offered are PPP or HDLC. Press Return.
In order for the changes that you have entered in the ISDN Line
Configuration screen to take effect, you must reset the Netopia
Router. Press the Escape key to return to the Main Menu. Select
Statistics, Utilities, Tests and then select Restart System.
Leased line WAN Setup
• Line Configuration
• Frame Relay Configuration
• Frame Relay DLCI Configuration
• Connection Profiles
• Default Profile
The leased line WAN Setup screen will vary for an SA/ Serial, 56k
DDS, or T1 line depending on the circuit type and datalink
encapsulation parameter that is selected for that specific leased
To begin WAN Setup, select WAN Setup in the Advanced
Configuration menu, then press Return.
Reference Guide
WAN Setup
Line Configuration...
Frame Relay Configuration...
Frame Relay DLCI Configuration...
Connection Profiles...
Default Profile...
From here you will configure yours and the remote sites' WAN
Note: For all leased line Netopia Router models using PPP or Cisco-
HDLC datalink encapsulation, the Frame Relay Configuration and
Frame Relay DLCI Configuration options will be hidden.
For all leased line Netopia Router models using Cisco-HDLC datalink
encapsulation, the Default Profile option will remain hidden.
If you have completed Easy Setup (see the Getting Started Guide),
the information you have already entered will appear in some of the
WAN Setup screens.
Leased line configuration
The following Leased line configuration section describes the first
step in configuring the Line Configuration screen in the WAN Setup
menu for an SA/ Serial, T1, and DDS Netopia Router wanlet module
The Serial Line Configuration screen appears for SA/ Serial leased
line models (with an external CSU/ DSU connection). See below.
The T1 Line Configuration screen appears for T1 leased line models
(with an internal CSU/ DSU connection). See page 2-9.
Configuring ISDN and Leased Line Connections
The DDS Line Configuration screen appears for DDS leased line
models (with an internal CSU/ DSU connection). See page 2-12.
Line configuration for an SA/Serial line
The Serial Line Configuration screen is where you enter the
configuration parameters for your leased line, in order for the
Netopia Router to communicate with the physical connection. Use
the information in the Leased Line worksheet in the Getting Started
Guide, as a reference when specifying this configuration
Permanent circuit only
Serial Line Configuration
Circuit Type...
Permanent Sync
Data Rate (kbps)...
Invert Tx Clock:
Circuit Activation Requires...
Data Link Encapsulation...
Frame Relay
Enter Information supplied to you by your telephone company.
1. Select Circuit Type and select Permanent Sync or Switched
Async. If you select permanent sync, continue with Step 2. If
you select Switched Async, skip to Step 6.
2. Select Data Rate (kbps) and press Return. From the pop-up
menu, select a fixed data rate for your digital line or select
Auto. (The data rates to choose from range from 56 kbps to the
highest synchronized line speed.) The Auto setting allows your
Netopia Router to determine the data rate of your serial line at
the time of circuit activation. Press Return.
Permanent circuit only
3. Select Invert Tx Clock and toggle to Yes or No depending on
whether you use this selection. Press Return.
Invert Tx Clock causes transmitted data to be delayed by half a
clock phase. This option is useful for X.21 DTEs (Data Terminal
Reference Guide
Equipment) because their transmit data can become altered in
relation to the clock sourced by the DCE (Data Communications
A DTE (Data Terminal Equipment) is a term used to define the
equipment rate. It is a designation for the maximum rate at
which a router can exchange information.
A DCE (Data Communications Equipment) is a term defined by
both Frame Relay and X.25 committees, that applies to
switching equipment and is distinguished from the devices that
attach to the network (DTE).
Permanent circuit only
4. Select Circuit Activation Requires and select DCD-only,
DSR-only, or DCD and DSR. Press Return.
Some V.35 interfaces represent their capability to transfer user
data end-to-end with the DCD signal, while others offer a more
accurate representation with DSR. For this latter case, you may
choose to use DSR-only.
Note: This option will be hidden if an X.21 cable is attached.
5. Select Data Link Encapsulation and highlight the method of
encapsulation that you want to use from the pop-up menu. The
choices offered are PPP, HDLC, and Frame Relay. The default
setting is Frame Relay. Press Return.
Continue to the last step.
Switched circuit only
Serial Line Configuration
Circuit Type...
Switched Async
Data Rate (kbps)...
Modem Initialization String:
Modem Dialing Prefix:
Data Link Encapsulation is
Async PPP
Configuring ISDN and Leased Line Connections
Switched async only
6. Select Date Rate (kbps) and press Return. From the pop-up
menu, select 19.2, 38.4, 57.6, 115.2, or 230.4. Choose the
data rate that is about twice your modem’s capabilities. For
instance, if you have a 28.8K modem, select 57.6 for your data
rate. Press Return.
7. The Modem Initialization String and Modem Dialing Prefix
fields configure the connection to the external modem. For
Router 3.2 Release Note.
8. The Data Link Encapsulation is set to Async PPP.
9. You are now finished configuring the Serial Line Configuration
screen. Press the Escape key to return to the WAN Setup
screen. Go to page 2-13 for information on how to configure
your leased line connection profile.
Line configuration for a T1 line
The T1 Line Configuration screen is where you enter the
configuration parameters for your leased line, in order for the
Netopia Router to communicate with the physical connection. Use
the information in the Leased Line worksheet in the Getting Started
Guide as a reference when specifying your T1 configuration
Reference Guide
T1 Line Configuration
Line Encoding...
Framing Mode...
Transmit ANSI PRMs:
Number of DS0 Channels:
First DS0 Channel:
Buildout (-dB)...
Channel Data Rate...
Clock Source...
Data Link Encapsulation...
Frame Relay
Enter Information supplied to you by your telephone company.
1. Select Line Encoding and press Return. From the pop-up menu,
highlight the encoding your telephone service provider uses:
B8ZS or AMI. The default setting is B8ZS. Press Return.
2. Select Framing Mode and press Return. From the pop-up
menu, highlight either ESF or D4, depending on the framing
mode that your telephone service provider advises you to use.
The default setting is ESF. Press Return.
3. The ANSI T1.403 standard defines Performance Report
Messages (PRMs) that may be transmitted each second from a
T1 Integrated CSU to the telephone service provider’s network.
By default, the Netopia Router does not send PRMs. However,
you can enable these transmissions by toggling Transmit ANSI
PRMs to Yes.
4. Select Number of DS0 Channels and enter the number of DS0
channels that you and your telephone service provider have
determined are necessary for your T1 line. The default setting
for DS0 Channels is 1 (one). Press Return.
Configuring ISDN and Leased Line Connections
Note: Each DS0 channel represents a 56k or 64k increment in
bandwidth. Selecting a number less than the maximum of 24
specifies a fractional-T1 interface.
For fractional-T1, you may also specify in the check box whether
the DS0 channels are contiguous or alternating.
5. Select First DS0 Channel and enter the number of the first
active DS0 channel you will be using. The default setting is 1
(one). Press Return.
Note: You may change the First DS0 Channel number, which
has a valid range from one to the maximum number minus the
number of active channels. If the number of active DS0
channels is 24 (maximum), First DS0 Channel is hidden.
6. Select Buildout (-dB) and press Return. From the pop-up menu,
highlight the line Buildout, which is the transmit attenuation of
your line that you will be using. The choices in the menu include
Auto, 0-0.6, 7.5, 15.0, 22.5, and None. The default setting is
Automatic. Press Return.
If Automatic is chosen, the attenuation of the transmission will
be set to match the receiving signal level.
7. Select Channel Data Rate and highlight the data rate specified
by your service provider. The channel data rate choices are
Nx56k or Nx64k. The default is Nx64k. Press Return.
8. Select Clock Source and press Return. From the pop-up menu,
highlight the clock source, that you wish to use. The choices
offered are Internal Clock Source, or Network Clock Source.
The default is Network. Press Return.
encapsulation that you want to use from the pop-up menu. The
choices offered are PPP, HDLC, and Frame Relay. The default
setting is Frame Relay. Press Return.
10. You are now done configuring the Line Configuration screen.
Press the escape key to return to the WAN Setup screen. Go to
page 2-13, for information on how to configure your leased line
connection profile.
Reference Guide
Line configuration for a DDS line
The DDS Line Configuration screen is where you enter the
configuration parameters for your leased line, in order for the
Netopia Router to communicate with the physical connection. Use
the information in the Leased Line worksheet in the Getting Started
Guide as a reference when specifying your DDS line configuration
DDS Line Configuration
Circuit Type...
Data Rate...
Clock Source...
Data Link Encapsulation...
Frame Relay
Enter Information supplied to you by your telephone company.
1. Select Circuit Type and press Return. From the pop-up menu,
highlight Switched for a dial-up digital line or Permanent for a
nailed-up leased line. The default setting is Permanent. Press
Note: The DDS data rate is capable of handling 56 or 64 kbps.
If the Switched circuit type is selected, 56 kbps data rate is the
only available option. If the Permanent circuit type is selected,
56 kbps and 64 kbps data rates will be available.
2. Select Data Rate and press Return. From the pop-up menu,
highlight the data rate that you want your DDS line connection
to transmit at. The data rate choices are 56 kbps and 64 kbps.
The default is Automatic. Press Return.
Note: As noted above, DDS Netopia Routers may run 56 kbps
or 64 kbps data rates on permanent circuits. You may
alternately select Automatic, in which case the router will hunt
between modes until it can determine what the telephone
company has provisioned your DDS line for.
Configuring ISDN and Leased Line Connections
3. Select Clock Source and press Return. From the pop-up menu,
highlight the clock source, that you wish to use. The choices
offered are Internal Clock Source, or Network Clock Source.
The default is Network. Press Return.
encapsulation that you want to use from the pop-up menu. The
choices offered are PPP, HDLC, and Frame Relay. The default
setting is Frame Relay. Press Return.
5. You are now done configuring the Line Configuration screen.
Press the escape key to return to the WAN Setup screen. Go to
page 2-13, for information on how to configure your leased line
connection profile.
Connection profiles for ISDN and Leased lines
A connection profile is a set of parameters that tells the Netopia
Router how to connect to a remote destination. Connection profiles
are also used to make out-bound calls and optionally to help answer
Some Netopia models support up to 4 different connection profiles
while most models support up to 16 connection profiles.
To go to the Connection Profiles screen, select Connection Profiles
in the WAN Setup screen.
Reference Guide
Connection Profiles
Display/Change Connection Profile...
Add Connection Profile...
Delete Connection Profile...
Establish WAN Connection...
Disconnect WAN Connection...
Return/Enter to modify an existing Connection Profile.
This Screen is the main point of navigation for Connection Profiles.
Note: The Establish WAN Connection and Disconnect WAN
Connection fields in the Connection Profiles screen will only appear
for a Netopia Router model with switched circuit selected. This field
will remain hidden when permanent circuit is selected.
Displaying connection profiles
To display a view-only table of connection profiles, select
Display/ Change Connection Profile in the Connection Profiles
screen. Press Return and the connection profiles that you have
created will appear.
The Connection Profiles table is a handy way to quickly see the
names and destination IP or IPX addresses of your connection
Configuring ISDN and Leased Line Connections
Connection Profiles
+-Profile Name---------------------IP Address----IPX Network-+
| Easy Setup Profile
| Panost Inc.
| XYZ Corporation
Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Changing a Connection Profile
To modify a connection profile, select Display/ Change Connection
connection profiles.
Select a connection profile from the table and press Return to go to
the Change Connection Profile screen. The parameters in this
screen are the same as the parameters found in the Add
Connection Profile screen. To find out how to set them, see “Adding
a connection profile” on page 2-16.
Change Connection Profile
Profile Name:
Panost Inc.
Profile Enabled:
IP Enabled:
IP Profile Parameters...
IPX Enabled:
IPX Profile Parameters..
Data Link Encapsulation...
Data Link Options...
Telco Options...
Modify Connection Profile here. Changes are immediate.
Reference Guide
Deleting a Connection Profile
To delete a connection profile, select Delete Connection Profile in
the Connection Profiles screen and press Return to display a table
of connection profiles.
Connection Profiles
+-Profile Name---------------------IP Address----IPX Network-+
| Gunther Hydroelectric
| Are you sure you want to delete this Connection Profile?
1. Highlight the connection profile you wish to delete. Press
2. A connection profile table appears with a prompt asking you if
you want to delete the connection profile you have just
highlighted. Select CONTINUE if you wish to delete this
connection profile or CANCEL if you do not.
Adding a Connection Profile
To add a new connection profile, select Add Connection Profile in
the Connection Profiles screen. Press Return and the Add
Connection Profile screen appears.
Configuring ISDN and Leased Line Connections
Add Connection Profile
Profile Name:
Profile 04
Profile Enabled:
IP Enabled:
IP Profile Parameters...
IPX Enabled:
IPX Profile Parameters..
Data Link Encapsulation...
Data Link Options...
Interface Group...
Telco Options...
Configure a new Conn. Profile. Finished? ADD or CANCEL to exit.
1. Select Profile Name and enter a name for this connection
profile. It can be any name you wish. For example: the name of
your ISP.
2. Select Profile Enabled and toggle it to Yes to activate the
3. Select IP Enabled and toggle it to Yes or No depending on
whether you will be using TCP/ IP over your WAN connection.
4. Select IP Profile Parameters. This option is only available if IP
Enabled is toggled to Yes.
Reference Guide
IP Profile Parameters
Address Translation Enabled:
IP Addressing...
Local WAN IP Address:
Local WAN IP Mask:
Remote IP Address:
Remote IP Mask:
Filter Set...
Remove Filter Set
Receive RIP:
Configure IP requirements for a remote network connection here.
Applicable only to SmartIP
5. In the IP Profile Parameters screen, toggle Address Translation
Enabled to Yes if you choose to use Network Address
Network Address Translation allows communication between
the LAN connected to the Netopia Router and the Internet using
a single IP address, instead of a routed account with separate
IP addresses for each computer on the network. Network
Address Translation also provides increased security by hiding
the local IP addresses of the LAN connected to the Netopia
Router from the outside world.
Note: See “Summary of the Netopia Router models and
features” on page 1-5 of the Getting Started Guide.
If you did not enable Network Address Translation, select IP
Addressing and, from the pop-up menu, choose the IP routing
method that your ISP or network administrator specifies (either
Numbered or Unnumbered).
If your ISP uses Numbered (Interface-based) Routing, select
Local WAN IP Address and enter the local WAN address your
ISP gave you. Then select Local WAN IP Mask and enter the
WAN subnet mask of the remote site you will connect to.
Configuring ISDN and Leased Line Connections
The default address for the Local WAN IP Address is,
which allows for dynamic addressing, when your ISP assigns an
address each time you connect. However, you may enter
another address if you want to use static addressing.
Note: When using Cisco-HDLC datalink encapsulation and
Network Address Translation, you must use a static address.
When using numbered interfaces, the Netopia Router will use
its local WAN IP address and subnet mask to send packets to
the remote router. Both routers have WAN IP addresses and
subnet masks associated with the connection.
IP Profile Parameters
Address Translation Enabled:
IP Addressing...
Remote IP Address:
Remote IP Mask:
Filter Set...
Remove Filter Set
Receive RIP:
Transmit RIP:
Configure IP requirements for a remote network connection here.
If your ISP uses Unnumbered (System-based) Routing, select
Remote IP Address and enter the IP address your ISP gave you.
Then select Remote IP Mask and enter the IP subnet mask of
the remote site you will connect to.
Note: If your ISP has not given you their IP or subnet mask
addresses, then you may enter an IP address such as and an IP subnet mask such as
When using unnumbered interfaces, the Netopia Router will
use either its local Ethernet IP address or its NAT (Network
Address Translation) address (if so configured) and subnet
mask to send packets to the remote router. Neither router has
Reference Guide
a WAN IP address or subnet mask associated with this
connection. These default addresses will request that the
remote router dynamically assign an address at the time the
connection is made.
To configure a profile for a terminal adapter or Netopia Router
that is dialing into your router using dynamic Network Address
Translation, you may enter a remote IP address and
enable IP WAN Address Serving.
Note: If you are interested in serving a WAN IP Address to an
incoming caller, see “WAN IP Address Serving” on page 2-48.
Select Filter Set and then select an appropriate filter set from
the list. If you do not want to block any TCP/ IP traffic, then
leave this entry blank.
To remove a filter set, select Remove Filter Set and press
Return. A pop-up menu will appear displaying the filter sets you
have set up previously. Highlight the specific filter set that you
want to remove and press Return. A window will appear asking
you if you are sure that you want to delete that specific filter
set. You can either select Continue or Cancel.
Select Receive RIP and toggle it to Yes if you want the Netopia
Router to receive RIP information sent by remote routers that
are connected to your local area network (LAN).
Select Transmit RIP and toggle to Yes if you want the Netopia
Router to send RIP information to remote routers that are
connected to your LAN. If Transmit RIP has been enabled, the
TX RIP Policy field will appear. Select TX RIP Policy and press
Return and the Poison Reverse field will appear.
Press the Escape key when you are finished configuring IP
Profile Parameters to go back to the Add Connection Profile
screen. The next step describe how to configure the IPX
parameters. If you do not wish to enable IPX, skip to step 7,
which describes how to set up Data Link Encapsulation.
6. From the Add Connection Profile screen, select IPX Enabled
and toggle it to Yes or No depending on whether you will be
using IPX over your ISDN connection.
Configuring ISDN and Leased Line Connections
Note: Using the IPX protocol is required with other remote
networks using IPX for an intranet connection. For more
information on IPX, refer to Chapter 5, “IPX Setup” of this
Select IPX Profile Parameters and press Return. This option is
only available if IPX Enabled is toggled to Yes.
IPX Profile Parameters
Remote IPX Network:
Path Delay:
NetBios Packet Forwarding:
Incoming Packet Filter Set...
Outgoing Packet Filter Set...
Incoming SAP Filter Set...
Outgoing SAP Filter Set...
Periodic RIP Timer:
Periodic SAP Timer:
Configure IPX requirements for a remote network connection here.
Select Remote IPX Network and enter the network address of
the IPX network being called. Do not use an address already in
use by another connection profile. If this value is set to zero
and the Netopia Router is answering a call, the remote address
will be learned when the profile is active.
Note: If you are trying to connect two Netopia Routers using
Frame Relay and IPX, be sure to enter an IPX address for the
remote side in the connection profiles. If the remote IPX
address is all zeros (the default), the two Netopia Routers will
not be able to connect.
Note: Unlike IP, the IPX network address is never used in
matching a profile when answering a non-authenticated call.
Reference Guide
To change the default Path Delay, select and enter a value (in
To enable NetBIOS Packet Forwarding, toggle the selection to
Select Incoming Packet Filter Set to attach a filter set for
filtering incoming packets. Choose a filter set from the list and
press Return.
Select Outgoing Packet Filter Set to attach a filter set for
filtering outgoing packets. Choose a filter set from the list and
press Return.
Select Incoming SAP Filter Set to attach a filter set for filtering
server entries within incoming Service Advertising Protocol
(SAP) packets. Choose a filter set from the list press Return.
Select Outgoing SAP Filter Set to attach a filter set for filtering
server entries within outgoing Service Advertising Protocol
(SAP) packets and choose a filter set from the list.
Select Periodic RIP Timer, and enter a new value (in seconds)
to change the periodic RIP timer’s default value.
Select Periodic SAP Timer, and enter a new value (in seconds)
to change the periodic SAP timer’s default value.
Press the Escape key to go back to the Add Connection Profile
screen when you are finished configuring IPX Profile
For more information on creating an IPX filter set, go back to the
Advanced Configuration screen and select the Filter Sets (Firewalls)
screen. Also refer to Chapter 6, “IPX Setup”.
7. Select Data Link Encapsulation and highlight the method of
encapsulation that you want to use from the pop-up menu. The
choices offered are PPP, HDLC, or Frame Relay. Press Return.
If you have enabled PPP/ MP, go to step 8. If you have enabled
Frame Relay, go to step 9. If you have enabled HDLC, go to step
8. Select Data Link Options and press Return. The PPP/ MP
Options screen appears.
Configuring ISDN and Leased Line Connections
Point-to-Point Protocol (PPP) and Multilink Point-to-Point Protocol
(MP) allow the Netopia Router to make adaptable and secure
connections to other networks.
PPP/MP Options
Data Compression...
Ascend LZS
Send Authentication...
Send User Name:
Send Password:
Receive User Name:
Receive Password:
B-Channel Usage...
BAP Usage...
Return/Enter to choose PPP Authentication type (or None).
Select the Data Compression pop-up menu, choose the type of
data compression supported by the network you are calling,
and press Return. The choices are Ascend LZS, Standard LZS,
or None (if the remote network does not use Ascend LZS or
Standard LZS). Ascend LZS is compatible with the type used by
Ascend Communications. This is the default setting for Data
Compression, as most ISP’s (Internet Service Providers) and
remote networks use Ascend’s proprietary data compression
utility. Standard LZS is an IETF (Internet Engineering Task
Force) standard for LZS data compression.
Applicable only to
Switched circuits
Select the Send Authentication pop-up menu and choose the
type of connection security supported by the network you are
calling. From the pop-up menu highlight PAP, CHAP,
PAP-TOKEN, CACHE-TOKEN, or None (if the remote network
does not use PAP or CHAP). On the Netopia Router the default
Reference Guide
authentication is set for PAP, as this is usually the most popular
security parameter that ISP’s and other remote networks set up
for a point-to-point connection use.
If you choose None, and the remote network expects to
connect to the Netopia Router using this connection pro-
file, you may need to set the answer profile to accept calls
using no authentication (None). See “Default profile” on
page 2-39.
If you choose to use PAP for calling the remote network,
you will need to obtain a name and password from the
remote network’s administrator. Enter the name in Send
User Name and enter the password in Send Password. If
you want the remote network to use this connection profile
when it calls the Netopia Router, select Receive Name and
word. You will need to give this name and password to the
remote network’s administrator.
If you choose PAP, and the remote network expects to connect
to the Netopia Router using this connection profile, you may
need to set the answer profile to accept calls using PAP. See
“Default profile” on page 2-39.
If you choose to use CHAP for calling the remote network,
obtain a name and secret (the CHAP term for password)
from the remote network’s administrator. Enter the name
in Send Host Name and enter the password in Send
Secret. If you want the remote network to use this connec-
tion profile when it calls the Netopia Router, select Receive
Host Name and enter a name. Select Receive Secret and
enter a secret. You will need to give this name and secret
to the remote network’s administrator.
Note: If you choose CHAP, and the remote network expects to
connect to the Netopia Router using this connection profile, you
may need to set the answer profile to accept calls using CHAP.
See “Default profile” on page 2-39.
If you choose to use PAP-TOKEN, select Send User Name
and enter a name for your Netopia Router. You will not
need to enter a Send Password for PAP-TOKEN.
Configuring ISDN and Leased Line Connections
If you choose to use CACHE-TOKEN, select Send User
Name and enter a name for your Netopia Router. Then,
select Send Password and enter a secret name or number.
If you will be using SecurID (an added method of security
authentication), check with your network administrator to find
out if you will need to use either PAP-TOKEN, or
CACHE-TOKEN. (Also, see Chapter 9, “Security-Token
PPP/MP Options
Data Compression...
Ascend LZS
Send Authentication...
Send User Name:
Send Password:
Receive User Name:
Receive Password:
B-Channel Usage...
BAP Usage...
| Dynamic
| 1 B-Channel
| 2 B-Channels
| 2 B, Preemptable |
Maximum Packet Size:
Applicable only to
Switched circuits
Select B-Channel Usage and choose how this connection
profile will use the ISDN line’s B-channels. From the pop-up
menu highlight either Dynamic, 1 B-Channel, 2 B-Channels, or
2 B, Pre-emptable.
Dynamic (default setting), allows the connection profile to
use one or both channels at any time during a call. The
decision to alternately use or drop the second B-channel is
based on an algorithm that looks at traffic volume over
time. With Dynamic, one B-channel may be relinquished to
Reference Guide
accept an incoming call through or when a second connec-
tion profile is used to make a call. See Appendix D for infor-
mation on “Dynamic B-channel usage”.
1 B-Channel forces a call to remain within one B-channel.
(Throughput will generally be at either 56k or 64k, depend-
ing on how the local telephone company installs your ISDN
line. This will also depend on certain geographic locations
in North America. The standard ISDN data rate outside of
North America is 64k.)
2 B-Channels forces a call to use both B-channels.
(Throughput connection will generally run at 128k.)
2 B Pre-emptable allows calls to use 2 B-channels in a
dynamic, Pre-emptable manner. This option is very similar
to Dynamic, in that the second B-channel may be relin-
quished to accept an incoming call or to initiate a second
outgoing call. However, 2B Pre-emptable will always try to
add a second B-channel to the call when the second chan-
nel is otherwise unused, much like a fixed 2 B-channel
Note: If you select Dynamic or 2 B, Pre-emptable while using
PPP/ MP, the Netopia Router may attempt to use both
B-channels during a call. However, during a call, your second
B-channel may be blocked from use if the answering side drops
that B-channel before you begin sending data over it. The
Netopia Router will try four times to bring up the second
B-Channel; if all attempts fail and you wish to retry, end the call
and reinitiate it.
Applicable only to
Switched circuits
Select BAP Usage and from the pop-up menu highlight the
method of BAP usage that your ISP or network administrator
has suggested that you use when establishing a connection to
a remote site. The choices offered for BAP usage are On - Old
IDs, On - New IDs, and Off. Press Return.
BAP refers to the PPP Bandwidth Allocation Control Protocol.
The BAP Usage feature allows a Netopia Router to either dial
out to provide a telephone number for a multilink call, or allows
the Netopia Router to answer a call, while also providing a
Configuring ISDN and Leased Line Connections
telephone number for a multilink call. In addition, the Netopia
Router can bring WAN links up and down with a remote router.
Note: There are two specifications for BAP protocol. The first
specification was proposed before January 1997 and the latter
was proposed after that date.
The On-Old IDs selection refers to the earlier BAP proposal and
On-New IDs refer to the new proposal.
Because there is no set standard at this time for BAP protocol
the Netopia Router allows you to select either specification.
Models with Frame Relay
enabled only
9. Select Data Link Options and press Return. The Frame Relay
Parameters screen appears.
Frame Relay Parameters
Auto-Detect DLCIs:
Multicast DLCI Number:
Configure Frame Relay-specific parameters of your Connection Profile
select Yes, you are enabling your Frame Relay profile to
auto-detect the DLCIs associated with its network layer
attributes. This feature is also called SmartMatch. If you select
No, you will need to manually configure each DLCI in the DLCI
configuration table. See “Frame Relay DLCI configuration” on
page 2-34. The default setting for this option is Yes. Press
Select Multicast DLCI Number. In this field you may add a
number that will be used for multicasting in conjunction with the
network layer attributes of your given profile. The default setting
for this option is 0. If you choose to leave 0 as the value for this
field, the specific profile that you are configuring will not be
used for multicasting.
Reference Guide
T1 and DDS models only
10. The Interface Group field reflects the active port selection: the
internal CSU for T1 or DDS, or SA port for SA, if backup is
enabled. See “CSU Backup” on page 2-55 for more
Models with Switched
circuits only
11. Select Telco Options and press Return. The Telco Options
screen appears. The Telco Options screen contains items that
allow you to control the calls made on the WAN line with this
particular connection profile.
Telco Options
Initiate Data Service...
64 kb/sec
Dial In/Out
Number to Dial:
Alternate Number to Dial:
Dial On Demand:
Idle Timeout (seconds):
CNA Validation Number:
In this Screen you configure options for the ways you will establish a
ISDN Switched circuit
models only
Select Initiate Data Service and choose the correct ISDN
bandwidth to use with this connection profile. In North America,
users are not guaranteed of having a 64k connection to their
destination, but only when 64k is not available from point A to
point B should 56k be selected. The Router automatically falls
back to 56k when 64k service is not available. It is advised to
select 56k when you know that the 64k service will fail. You
may also select Speech if your line is provisioned for this
feature and the call is within your local ISDN region. Selecting
Speech may save money, but it is not guaranteed to work
outside of your switch.
Configuring ISDN and Leased Line Connections
Select Dial and set this connection profile to only make calls,
only receive calls, or do both. Choose from In Only (receive
calls), Out Only (make calls), or Dial In/ Out (receive and make
Select Number to Dial and enter the telephone number you
received from your ISP. This is the number the Netopia Router
dials to reach your ISP. Enter the number as you would dial it,
including any required prefixes (such as area, access, and
long-distance dialing codes).
If you selected IDSL (Pt-to-Pt) as your Netopia Router’s switch
type the connection profile’s number to dial will default to
555-4321. The same default information applies to this
number as the directory number, in order for the Netopia Router
to allow a connection to dial out.
Note: If you previously selected Permanent as your router’s
Circuit Type in the ISDN Easy Setup screen, Number to Dial will
not be an available option.
Select Alternate Number to Dial if your ISP requires that you
use a second telephone number to dial, or as an alternative
backup when the first channel is unavailable to use.
Available for outbound
calls only
Select Dial On Demand and toggle No if manual connections
are required for this profile. The default for Dial On Demand is
Yes, which is correct for most uses. When Dial On Demand is
set to Yes, the Netopia Router can automatically make calls as
the need arises, such as when a request to connect to a host
Dial on demand also comes into action when IP and or IPX
traffic needs to go to a route defined by the profile attributes.
Every dial-on-demand profile becomes a part of the routing
See “Establishing a WAN Connection” on page 2-30 for more
Select Idle Timeout (seconds) and enter the time limit desired
before the Netopia Router drops a call if there is no activity on
the line. The default timeout setting is 300 seconds (5
Reference Guide
ISDN Switched circuit
models only
The CNA Validation Number is the telephone number that your
Netopia Router will match to incoming calls. Question marks
“?” can be used in place of numbers as wild card characters to
See “Default profile” on page 2-39 for information on CNA
(Calling Number Authentication).
Available for inbound calls
Available for inbound calls
Select Callback and toggle to Yes to drop incoming answered
calls and use this connection profile to call the remote network
back. (See “Default profile” on page 2-39 for information on
incoming calls matching connection profiles). The default for
Callback is No.
You are now finished configuring the Telco options screen.
Press the Escape key to return to the Add Connection Profile
12. From the Add Connection Profile screen, select ADD PROFILE
NOW to save the current connection profile information that you
have just entered, and press Return to go to the Connection
Profiles screen. Alternatively, you can cancel the connection
profile you have just constructed by selecting CANCEL to exit
the Add Connection Profile screen.
Establishing a WAN Connection
Switched circuit models
To establish a manual WAN connection call, select Establish WAN
Connection from the Connection Profiles screen and press Return.
The Establish WAN Connection pop-up menu displays a table of all
of the connection profiles you have previously defined. Highlight the
connection profile you wish to manually call. Press Return and the
connection you select will initiate a call.
Call Status
Profile Name -- Panost, Inc.
Connection State -- Acquiring
Hit ESCAPE/RETURN/ENTER to return to previous menu.
Configuring ISDN and Leased Line Connections
If a connection is establishing properly, the Connection State will
initially read Acquiring but will change to Up once the call has
successfully connected. You will be able to access information at
the remote site that you are connecting to once authentication is
completed successfully.
Disconnecting a WAN Connection
Switched circuit models
To hang up a manual WAN connection call, select Disconnect WAN
Connection from the Connection Profiles screen and press Return.
The Disconnect pop-up menu displays a table of all of the
connection profiles you have previously defined. Highlight the
connection profile you wish to disconnect. Press Return and the
connection you select will be disconnected. Press Esc to cancel.
Frame Relay configuration
If you chose Frame Relay as your datalink encapsulation type you
will now need to configure your Netopia Router to support Frame
Relay. From the WAN Setup screen, select the Frame Relay
Configuration option and press Return.
The Frame Relay Configuration screen consists of two pop-up
menus. Use the information in the Leased Line worksheet in the
Getting Started Guide as a reference when specifying this
configuration information.
Reference Guide
Frame Relay Configuration
LMI Type...
ANSI (Annex D)
T391 (Polling Interval in secs):
N391 (Polls/Full Status Cycles):
N392 (Error Threshold):
N393 (Monitored Event Window):
Tx Injection Management...
Default CIR:
Default Bc:
Default Be:
Congestion Management Enabled:
Maximum Tx Frame Size:
Enter Information supplied to you by your telephone company.
A), LMI, or None. The world-wide default is ANSI (Annex D).
Press Return.
Note: If you select None as an LMI Type, the four LMI options
listed below will remain hidden, and you will need to manually
configure DLCIs. See “Frame Relay DLCI configuration” on
page 2-34 for instructions.
Specifying the Link Management Type is the first step in
configuring Frame Relay.
If you select an LMI Type (Link Management Type) other than
None, the T391 option specifies the number of seconds
between the Status Enquiry messages. The default setting is
The N391 option specifies the frequency of full status polls,
in increments of the basic (T391) polling cycle. The default
setting is 6.
Configuring ISDN and Leased Line Connections
The N392 option specifies the maximum number of (link
reliability, protocol, and sequence number) error events that
can occur within the N393 sliding window. If an N392 thresh-
old is exceeded, the switch declares the Netopia Router inac-
tive. The default setting is 3.
The N393 option allows the user to specify the width of the
sliding N392 monitored event window. The default setting is
2. Select Tx Injection Management and press Return. From the
pop-up menu, highlight Standard if you want the frames on your
line that exceed the link capacity to be acknowledged and marked
as discard-eligible, Buffered if you want the frames on your line
that exceed the link capacity to be delayed until the link is less
busy, or None if you want all of the frames on your line to be
transmitted. Press Return.
Note: If you select None as the Tx Injection Management type,
the three Tx Injection Management options listed below will
remain hidden. Go to step 4.
If you select Standard or Buffered as the Tx Injection
Management type, then the Default CIR, Bc, and Be values will
appear (in the corresponding fields below the Tx Injection
Management field) in order for you to define the parameters the
management algorithm.
The Default CIR (CIR also referred to as Committed
Information Rate) represents the average capacity available
to a given PVC (Permanent Virtual Circuit) or DLCI (Data Link
Connection Identifier). This setting defaults to 64000, but
you may modify the capacity rate if this setting will not be
applicable to you.
The Default Bc (Bc also referred to as Committed Burst Size)
represents the maximum amount of data that your Frame
Relay service provider agrees to transfer from a given PVC
(Permanent Virtual Circuit) or DLCI (Data Link Connection
Identifier). This setting defaults to 64000, but you may
change the capacity rate if this setting needs to be modified.
Reference Guide
The Default Be (Be also referred to as Excess Burst Size)
represents the maximum amount of data that your Frame
Relay service provider will attempt to deliver to a given PVC
(Permanent Virtual Circuit) or DLCI (Data Link Connection
Identifier). This setting defaults to 0, but you may change the
capacity rate if this setting needs to be modified.
See Appendix B, “Understanding Frame Relay” in the Getting
Started Guide for information on the these parameters.
Note: Some Frame Relay service providers allow for
over-subscription of the DLCIs, which occurs when the total
number of CIRs for all PVCs exceeds the line rate setup.
3. Select Congestion Management Enabled and toggle to Yes or No
depending on whether you use this selection. Press Return.
If Congestion Management is enabled, this option causes the
Netopia Router to use in-bound FECNs (Forward Explicit
Congestion Notification). This feature is designed to notify you
that congestion avoidance procedures should be initiated where
applicable for traffic in the same direction as the received frame.
It indicates that the frame in question, has encountered
congested resources.
Note: The Congestion Management Enabled field will only appear
if Standard or Buffered is selected as the option from the Tx
Injection Management field.
4. Select Maximum Frame Size and press Return. The default is
automatically set to a value suitable for encapsulating a full
the Maximum Frame Size to suit your networks transmission load.
Press Return.
You are now done configuring the Frame Relay Configuration screen.
Press the Escape key to return to the WAN Setup screen. If you need
to configure your DLCIs, go to the section below. Otherwise, go to
“Connection Profiles for ISDN and Leased lines” on page 2-13 to set
up your connection profile for a remote site.
Frame Relay DLCI configuration
If you selected None as your LMI Type then you will need to manually
configure your DLCIs.
Configuring ISDN and Leased Line Connections
A Frame Relay DLCI is a set of parameters that tells the Netopia
Router how to initially connect to a remote destination.
The Netopia Router leased line models support up to 16 different
Frame Relay DLCI configuration profiles.
Each Frame Relay DLCI configuration you set up allows the Netopia
Router to connect your network to another network that uses IP or IPX
over Frame Relay.
To go to the Frame Relay DLCI configuration screen, select Frame
Relay DLCI Configuration in the WAN Setup screen.
Frame Relay DLCI Configuration
Display/Change DLCIs...
Add DLCI...
Delete DLCI...
Add, delete, and modify DLCIs from here.
Displaying a Frame Relay DLCI configuration table
To display a view-only table of the Frame Relay DLCIs, select
Display/ Change DLCIs in the Frame Relay DLCI Configuration screen,
and press Return.
The Frame Relay DLCI Configuration table is a handy way to quickly
view the DLCI names and DLCI numbers that you attribute to your
Frame Relay profiles.
Frame Relay DLCI Configuration
+-DLCI Name----------DLCI Number-+
| DLCI 33
32 |
Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Reference Guide
Changing a Frame Relay DLCI configuration
To modify a Frame Relay DLCI configuration, select Display/ Change
DLCIs in the Frame Relay DLCI Configuration screen.
Select a DLCI Name from the table and press Return to go to the
Change DLCI screen. The parameters in this screen are the same as
the parameters in the Add DLCI screen. To find out how to set them,
see “Adding a Frame Relay DLCI configuration” on page 2-37.
Change DLCI
DLCI Name:
DLCI Enabled:
DLCI Number (16-991):
Remote IP Address:
Here you configure the parameters for a single DLCI (Data Link Circuit ID).
Deleting a Frame Relay DLCI configuration
To delete a Frame Relay DLCI configuration, select Delete DLCI in the
Frame Relay DLCI Configuration screen and press Return to display
the Frame Relay DLCI configuration table.
| Are you sure you want to delete this DLCI?
1. Highlight the Frame Relay DLCI configuration you wish to delete.
Press Return.
Configuring ISDN and Leased Line Connections
just highlighted. Select CONTINUE if you wish to delete this DLCI
or CANCEL if you do not.
You are now done configuring the Frame Relay DLCI Configuration
screen. Press the escape key to return to the WAN Setup screen. Go
to “Connection profiles for ISDN and Leased lines,” beginning on
page 2-13, for information on how to configure your leased line
Adding a Frame Relay DLCI configuration
To add a new Frame Relay DLCI, select Add DLCI in the Frame Relay
DLCI Configuration screen. Press Return and the Add DLCI screen
DLCI Name:
DLCI Enabled:
DLCI Number (16-991):
Remote IP Address:
Data Flow Parameters---------------Use Default---------Value----
Return accepts * Tab toggles * ESC cancels.
1. Select DLCI Name and enter a name for this individual Frame
Relay DLCI profile. It can be any name you wish. For example: the
name of your ISP or remote branch your connecting to such as
the corporate headquarters of your company.
Reference Guide
Note: The Netopia Router allows Frame Relay DLCIs to be
named, so that you can easily reference and differentiate them.
This is accomplished by giving a DLCI Name to a DLCI Number.
Frame Relay DLCI Configuration
+-DLCI Name----------DLCI Number-+
| Panost Inc.
16 |
32 |
Up/Down Arrow Keys to select, ESC to cancel, Return/Enter to Delete.
2. Select DLCI Enabled and toggle it to Yes to activate the profile. If
you disable this profile, the Netopia Router will automatically
disable and block access to a specific remote DLCI.
3. Select DLCI Number (16-991) and enter a number for this
individual DLCI. Check with your Frame Relay provider to find out
what numbers are allocated for each of your DLCI profiles. The
DLCI number range should fall within the range of 16-991. For
more information, refer to the Leased line worksheet that you
filled out in Chapter 2 of the Getting Started Guide.
4. Select Remote IP Address and enter the remote IP address your
ISP or network administrator gave you that represents the remote
sites IP address for their router. Press Return.
If you select Standard or Buffered as the Tx Injection Management
type in the Frame Relay Configuration screen go to the next bulleted
item below. If you selected None in the Frame Relay Configuration
screen go to step 6.
Below the Remote IP Address field, the following Data Flow
Parameters appear:
The CIR (Committed Information Rate) represents the aver-
age capacity available to a given PVC (Permanent Virtual Cir-
cuit) or DLCI (Data Link Connection Identifier). The setting
defaults to 64000, but you may modify the capacity rate by
toggling the selection in the Use Default field to No. You can
then enter a different capacity rate in the Value field.
Configuring ISDN and Leased Line Connections
The Bc (Committed Burst Size) represents the maximum
amount of data that your Frame Relay service provider
agrees to transfer from a given PVC (Permanent Virtual Cir-
cuit) or DLCI (Data Link Connection Identifier). The setting
defaults to 64000, but you may modify the committed burst
size by toggling the selection in the Use Default field to No.
You can then enter a different committed burst size in the
Value field.
The Be (Excess Burst Size) represents the maximum amount
of data that your Frame Relay service provider will attempt to
deliver to a given PVC (Permanent Virtual Circuit) or DLCI
(Data Link Connection Identifier). The setting defaults to 0,
but you may modify the excess burst size by toggling the
selection in the Use Default field to No. You can then enter a
different excess burst size in the Value field.
Note: Some Frame Relay service providers allow for
over-subscription of the DLCIs, which occurs when the total
number of CIRs for all PVCs exceeds the line rate set up.
5. Select ADD DLCI NOW to save the current static Frame Relay
DLCI profile that you have just entered, and press Return to go
back to the Frame Relay DLCI Configuration screen. Alternately,
you can cancel the Frame Relay DLCI profile you have just created
by selecting CANCEL to exit the Add DLCI screen.
Default profile
Netopia can answer calls as well as initiate them over switched
circuits. To answer calls, Netopia uses a default profile. The default
and more.
For information on how to set up a default profile for a switched
circuit, see the next section.
For information on how to set up a default profile for a permanent
circuit, see “How the default profile works for a permanent circuit,”
beginning on page 2-45.
Reference Guide
How the default profile works for a switched
The Default Profile works like a guard booth at the gate to your
network: it scrutinizes incoming calls. Like the guard booth, the
default profile allows calls based on a set of criteria that you define.
The main criterion used to check calls is whether they match one of
the connection profiles already defined. If PAP or CHAP authentication
is being used, the default profile checks that the incoming call’s name
and password/ secret match the receive name and password/ secret
of a connection profile. If PAP or CHAP is not being used, an incoming
call is matched to a connection profile using the remote network’s IP
address (that is, the caller is defined as the destination of a particular
connection profile).
If an incoming call is matched to an existing connection profile, the
call is accepted. All of that connection profile’s parameters, except for
authentication, are adopted for the call.
You could set up the default profile to allow calls in even if they fail to
match a connection profile. Continuing the guard booth analogy, this
would be like removing the guards or having them wave all calls in,
regardless of their source.
If an incoming call is not required to match a connection profile, and
fails to do so, it is accepted as a standard IP connection. Accepted,
unmatched calls adopt the call parameter values set in the default
To determine how which call parameter values unmatched calls will
adopt, customize the default profile parameters in the Default Profile
Customizing the default profile
You can customize the Netopia Router’s default profile in the Default
Profile screen.
Configuring ISDN and Leased Line Connections
WAN Setup
Line Configuration...
Connection Profiles...
Default Answer Profile...
From here you will configure yours and the remote sites' WAN information.
1. Select Default Answer Profile in the WAN Setup screen. Press
Return. The Default Profile screen appears.
2. To enable CNA authentication, select Calling Number
Authentication in the Default Profile screen and choose one of
the following settings:
Ignored: Calling Number Authentication (CNA) is not in effect.
This is the default setting.
Preferred: Authentication is attempted if the calling number is
available. If authentication fails, or the calling number is not
available, the call proceeds as usual and the caller may still
connect successfully. Use this setting if you expect to receive
both regular and CNA-authenticated calls.
Required: Authentication is attempted if the calling number is
available. If authentication fails, or the calling number is not
available, the Netopia Router disconnects the caller. Use this
setting if you require all calls to be CNA-authenticated.
Calling Number Authentication (CNA), is an application of
CallerID. It is a method of verifying that an incoming call is
originating from an expected site. Using CNA, you can increase
the security of your network by requiring that callers not only
possess the correct PPP authentication information, but also are
calling from a particular physical location.
CNA works by matching the actual calling number to the number
entered in the Calling Number field in the answering side’s
connection profile. When a match occurs, the incoming call is
handled by the connection profile containing the matched
Reference Guide
Note: If the actual calling number and entered calling number do
not have the same number of digits, CNA can still match the
numbers. The smaller number determines how many digits must
match. For instance, if the actual calling number is 10 digits and
the entered calling number is 7 digits, only 7 digits must be
matched. The 7 digits that must be matched in this example are
the last 7 digits of each calling number. In this example then, the
first 3 digits of the actual calling number will be ignored. This
method allows the actual calling number to include prefixes and
area codes without requiring the entered calling number to
include them.
Calling numbers can also be matched using the wildcard
character, ?, which will match any digit. For example, if you enter
555-123? in the Calling Number field, the following actual calling
numbers will be matched: 555-1231, 555-1232, 555-1233,
555-1234, 555-1235, 555-1236, 555-1237, 555-1238,
555-1239, and 555-1230.
Using CNA can also provide cost savings because calls are not
billed during the CNA phase. With CNA, a caller can set up a
connection to the Netopia Router without incurring any charges by
accessing a dial-back connection profile. If the caller’s rates are
higher than those charged to the Netopia Router’s return call,
then using CNA has saved the difference.
CNA should be available where CallerID services are available.
You will need to consult with your telephone service provider to
find out if your line is provisioned for CallerID.
Also note that if the calling side has instructed the phone
company to block delivery of its caller ID, the answering side will
not be able to authenticate.
North America models
If you have a Northern Telecom DMS-100 line (either Custom or
NI-1) you should verify that the line supports “Calling Number
Delivery" service.
If your line is an AT&T 5ESS (either custom or NI-1) verify that it
supports "CPN/ BN (Calling Party Number/ Billing Number)
Delivery" service.
If your line does not support the appropriate service, CNA may
not work properly.
Configuring ISDN and Leased Line Connections
Note: For an ISDN switched circuit with HDLC datalink
encapsulation enabled, the Default Profile screen will only show
the Calling Number Authentication pop-up menu.
3. To force incoming calls to match connection profiles, select Must
Match a Defined Profile and toggle it to Yes. Incoming calls that
cannot be matched to a connection profile are dropped. To allow
unmatched calls to be accepted as standard IP or IPX
connections, toggle Must Match a Defined Profile to No.
If Must Match a Defined Profile is set to Yes, the answer profile
only accepts calls that use the same authentication method
defined in the Authentication item. If PAP or CHAP are involved,
the caller must have a name and password or secret that match
one of the connection profiles. The caller must obtain these from
you or your network administrator before initiating the call.
For example, if Must Match a Defined Profile is set to Yes, and
Authentication is set to PAP, then only incoming calls that use
PAP and match a connection profile will be accepted by the
answer profile.
If authentication in the default answer profile is set to CHAP, the
value of the CHAP Challenge Name item must be identical to the
value of the Send Host Name item of the connection profile to be
matched by the caller.
If Must Match a Defined Profile is set to No, Authentication is
assumed to be None, even if you’ve set it to PAP or CHAP. The
answer profile uses the caller’s IP address to match a connection
profile. However, the answer profile cannot discover a caller’s
subnet mask; it assumes that the caller is not subnetting its IP
Class A addresses are assumed to have a mask of
Class B addresses are assumed to have a mask of
Class C addresses are assumed to have a mask of Class C address ranges are generally the most
common subnet allocated.
If a remote network has a non-standard mask (that is, it uses
subnetting), the only way for it to successfully connect to the
Netopia Router is by matching a connection profile. In other
Reference Guide
words, you will have to set up a connection profile for that
You can set the following default parameters for incoming calls:
Non-North America
models only
Force 56K on Answer
Data Compression
Maximum Receive Packet Size
If Must Match a Defined Profile is set to No, you can also set the
following parameters for accepted calls that do not match a
connection profile:
B-Channel Usage
Idle Timeout
ISDN switched circuit
models with PPP
enabled only
BAP Usage
Firewall Filter Set
Non-Small Office models
Non-Small Office models
Net BIOS Packet Forwarding
Periodic RIP Timers
Periodic SAP Timers
All of these parameters are similar to the connection profile
parameters of the same names. To find out how to set them, see
“Adding a Connection Profile” on page 2-16.
Note: The only options that would be offered for ISDN profiles would
be applied to the Default Profile for ISDN.
Configuring ISDN and Leased Line Connections
How the default profile works for a permanent
The default profile works like a guard booth at the gate to your
network: it scrutinizes WAN connections. Like the guard booth, the
default profile allows connections based on a set of criteria that you
The main criterion used to check connections is whether they match
one of the connection profiles already defined. A connection is
matched to a connection profile using the remote network’s IP
address (that is, the caller is defined as the destination of a particular
connection profile).
If a connection matches an existing profile, all of the connection
profile parameters are adopted for the call.
When using PPP or Cisco-HDLC datalink encapsulation on a
permanent circuit, you must configure a connection profile. Note, that
you may have already configured this connection profile in Easy Setup.
See the Getting Started Guide for information on configuring an Easy
Setup connection profile.
When using Frame Relay datalink encapsulation on a permanent
circuit, you may require that the frame relay DLCIs explicitly match up
to your connection profile, or you may allow your Frame Relay network
to automatically confirm this by using the Default Frame Profile.
Reference Guide
Customizing the default profile
You can customize the Netopia Router’s default frame relay profile in
the Default Frame Profile screen.
WAN Setup
Line Configuration...
Frame Relay Configuration...
Frame Relay DLCI Configuration...
Connection Profiles...
Default Frame Profile...
Return/Enter for default WAN connection parameters.
1. Select Default Frame Profile in the WAN Setup screen. Press
Return. The Default Frame Profile screen appears.
Default Frame Profile
Must Match a Defined Profile:
IP Enabled:
IP Parameters...
IPX Enabled:
IPX Parameters...
Configure Default WAN Connection Parameters here.
2. To force matches with connection profiles, select Must Match a
Defined Profile and toggle to Yes. To allow the frame relay
network to automatically configure a frame profile, toggle to No.
If Must Match a Defined Profile is set to Yes, the fields in the
Default Profile screenshot above will remain hidden.
Configuring ISDN and Leased Line Connections
If Must Match a Defined Profile is set to No, you can also set the
following parameters for accepted calls that do not match a
connection profile:
Network Address Translation
Interface-based Routing or System-based Routing
Firewall Filter Set
Transmit RIP
Receive RIP
TX RIP Policy to use either Split Horizon or Poison Reverse
Net BIOS Packet Forwarding
Net BIOS Path Delay
Periodic RIP Timers
Periodic SAP Timers
Call acceptance scenarios
The following are a few common call acceptance scenarios and
information on how to configure the router for those purposes.
To accept all calls, regardless of whether they match a
connection profile:
Toggle Must Match a Defined Profile to No.
To only accept calls that match a connection profile through use
of a name and password (or secret):
Toggle Must Match a Defined Profile to Yes, and
Set Authentication to PAP or CHAP.
Note: The authentication method you choose determines which
connection profiles are accessible to callers. For example, if you
choose PAP, callers using CHAP or no authentication will be
dropped by the answer profile.
Reference Guide
To allow calls that only match a connection profile’s remote IP
and/ or IPX address:
Toggle Must Match a Defined Profile to Yes, and
set Authentication to None.
To not allow any incoming calls to connect to the Netopia Router:
Toggle Must Match a Defined Profile to Yes, and
Set the Dial option in the Telco Options screen of every con-
nection profile to Dial Out Only
WAN IP Address Serving
IP Address
Small Office ISDN
models only
The Netopia Router supports WAN IP Address Serving.
With WAN IP Address Serving the Netopia Router serves an IP
address to an incoming call. The incoming caller can be either a TA
(Terminal Adapter), such as the Netopia ISDN Modem, or another
Netopia Router with the NAT (Network Address Translation) feature
set. The incoming caller will dynamically obtain an IP address from a
pool of IP addresses that the Netopia Router serves.
The Netopia Router serving the IP address should have a connection
profile with an IP address of defined for the calling TA or
Configuring ISDN and Leased Line Connections
IP Address Serving
IP Address Serving:
To select WAN IP Address Serving, go to the IP Address Serving
screen from the Advanced Configuration menu and toggle On.
Note: WAN IP Address Serving is used for only incoming caller
connections. Refer to “IP address serving” on page 4-16, for more
information on how to use WAN IP Address Serving.
Scheduled connections
You can set a Netopia Router using a switched circuit to make
scheduled connections using designated connection profiles. This is
useful for creating and controlling regularly scheduled periods when
the router can be used by hosts on your network. It is also useful for
once-only connections that you want to schedule in advance.
To go to the Scheduled Connections screen, select Scheduled
Connections in the Advanced Configuration screen.
Scheduled Connections
Display/Change Scheduled Connection...
Add Scheduled Connection...
Delete Scheduled Connection...
Reference Guide
Viewing scheduled connections
To display a table of view-only scheduled connections, select
Display/ Change Scheduled Connection in the Scheduled
Connections screen. Each scheduled connection occupies one row of
the table.
Scheduled Connections
+-Days----Begin At - HH:MM--- When-----Conn. Prof. NameEnabled ------+
Profile 3
The first column in the table shows a one-letter representation of the
Days of the week, from Monday (M or m) to Sunday (S or s). If a letter
representing a day is capitalized, the connection will be activated on
that day; a lower-case letter means that the connection will not be
activated on that day. If the scheduled connection is configured for a
once-only connection, the word “once” will appear instead of the days
of the week.
The other columns show:
The time of day that the connection will Begin At
The duration of the connection (HH:MM)
Whether it’s a recurring Weekly connection or used Once Only
Which connection profile (Conn. Prof.) is used to connect
Whether the scheduled connection is currently Enabled
You should make sure that the Netopia Router’s system date and time
are correct (see “Setting the system date and time” on page 10-2).
The router checks the date and time set in scheduled connections
against the system date and time.
Configuring ISDN and Leased Line Connections
Adding a scheduled connection
To add a new scheduled connection, select Add Scheduled
Connection in the Scheduled Connections screen and go to the Add
Scheduled Connection screen.
Add Scheduled Connection
Scheduled Connection Enable:
How Often...
Schedule Type...
Set Weekly Schedule...
Use Connection Profile...
Follow these steps to configure the new scheduled connection:
To activate the connection, select Scheduled Connection Enable
and toggle it to On. You can make the scheduled connection
inactive by toggling Scheduled Connection Enable to Off.
Decide how often the connection should take place by selecting
How Often and choosing Weekly or Once Only from the pop-up
menu. The item directly below How Often allows you to set the
exact weekly schedule or once-only schedule. If How Often is set
to Weekly, the item directly below How Often reads Set Weekly
Schedule. If How Often is set to Once Only, the item directly
below How Often reads Set Once-Only Schedule.
If you selected Weekly, select Schedule Type and select from the
pop-up menu.
Forced schedules the connection according to the parameters
you set in the next step.
Periodic retries the connection several times during the
scheduled time.
Demand-Allowed defines the schedule when demand calls are
Reference Guide
Demand-Blocked defines the schedule when demand calls are
If you selected Weekly, select Set Weekly Schedule and go to
the Set Weekly Schedule screen.
Select the days for the scheduled connection to occur and toggle
them to Yes.
Set Weekly Schedule
Scheduled Window Start Time:
AM or PM:
Call Window Duration:
Select Scheduled Window Start Time and enter the time to
initiate the scheduled connection. Be sure to use the same clock,
either 12-hour or 24-hour, as the system time format in the Set
Date and Time screen. See “Setting the system date and time”
on page 10-2.
You must enter the time in the format H:M, where H is a one- or
two-digit number representing the hour and M is a one- or
two-digit number representing the minutes. The colon is
mandatory. For example, the entry 1:3 (or 1:03) would be
accepted as 3 minutes after one o’clock. The entry 7:0 (or 7:00)
would be accepted as seven o’clock, exactly. The entries 44, :5,
and 2: would be rejected.
Configuring ISDN and Leased Line Connections
Select AM or PM and choose AM or PM from the pop-up menu.
Select Scheduled Window Duration and enter the maximum
duration allowed for this scheduled window (not for the call).
If you selected Periodic, select Every and choose how often the
call should be attempted. The default is every 15 minutes.
You are done configuring the weekly options. Return to the Add
Scheduled Connection screen to continue.
If you set How Often to Once Only, select Set Once-Only
Schedule and go to the Set Once-Only Schedule screen.
Set Once-Only Schedule
Place Call on (DD/MM/YY):
Scheduled Window Start Time:
AM or PM:
Scheduled Window Duration:
Select Place Call On (DD/ MM/ YY) and enter a date in the
format DD/ MM/ YY (day, month, year).
Note: You must enter the date in the format specified. The
slashes are mandatory. For example, the entry 5/ 1/ 95 would be
accepted as January 5, 1995. The entry 1/ 6 would be rejected.
Select Schedueld Window Start Time and enter the time to
initiate the scheduled connection.
Note: You must enter the time in the format H:M, where H is a
one- or two-digit number representing the hour and M is a one- or
two-digit number representing the minutes. The colon is
mandatory. For example, the entry 1:3 (or 1:03) would be
accepted as 3 minutes after one o’clock. The entry 7:0 (or 7:00)
would be accepted as seven o’clock, exactly. The entries 44, :5,
and 2: would be rejected.
Reference Guide
Select AM or PM and choose AM or PM. The AM or PM item
appears only if the time is in the 12-hour clock format.
Select Scheduled Window Duration and enter the maximum
duration allowed for this scheduled window (not for the call). Use
the same format restrictions noted above.
You are done configuring the once-only options. Return to the Add
Scheduled Connection screen to continue.
In the Add Scheduled Connection screen, select Use Connection
Profile and choose from the list of connection profiles you have
already created. A scheduled connection must be associated with
a connection profile to be useful. The connection profile becomes
active during the times specified in the associated scheduled
connection, if any exists.
Select ADD SCHEDULED CONNECTION to save the current
scheduled connection. Select CANCEL to exit the Add Scheduled
Connection screen without saving the new scheduled connection.
Modifying a scheduled connection
To modify a scheduled connection, select Display/ Change Scheduled
Select a scheduled connection from the table and go to the Change
Scheduled Connection screen. The parameters in this screen are the
same as the ones in the Add Scheduled Connection screen (except
that ADD SCHEDULED CONNECTION and CANCEL do not appear). To
find out how to set them, see “Adding a scheduled connection” on
page 2-51.
Deleting a scheduled connection
To delete a scheduled connection, select Delete Scheduled
Connection in the Scheduled Connections screen to display a table of
scheduled connections.
Select a scheduled connection from the table and press the Return
key to delete it. To exit the table without deleting the selected
scheduled connection, press the Escape key.
Configuring ISDN and Leased Line Connections
CSU Backup
CSU Backup
When you are using the leased line interfaces T1 and DDS, you can
configure an automatic CSU backup, to switch to the SA port during a
leased line failure.
CSU Backup Configuration
Enable SA Port as CSU Backup
Requires Data Link Failure of...
30 Sec
Circuit Type...
Switched Async
Data Rate (kbps)...
Modem Initialization String:
Modem Dialing Prefix:
Data Link Encapsulation is
Async PPP
In the CSU Backup Configuration Screen, follow these steps to enable
the SA port as the CSU backup.
2. Select Requires Data Link Failure of. From the pop-up menu,
select how long the failure must be to enable the backup. The
default is 30 seconds.
3. The remaining fields configure the SA port. See “Line
configuration for an SA/ Serial line” on page 2-7 for more
Chapter 3
Connecting Your Local Network
In this chapter, you will learn how to physically connect the Netopia
Router to your local area network (LAN). Before you proceed, make
sure the Netopia Router is properly configured. You can configure
the Router using Console-based Management or Web-based
Management (see the Getting Started Guide).
You can connect the Netopia Router to an IP or IPX network that
uses Ethernet. You can connect to the Router’s Ethernet ports with
either a PC LAN using IP over Ethernet or Apple Macintosh
computers using native IP.
You can also connect the Router to an AppleTalk network that uses
either Ethernet or LocalTalk. AppleTalk networks based on Ethernet
cabling (EtherTalk) connect to all models of the Router through the
Ethernet port.
AppleTalk networks based on LocalTalk cabling connect to the 400
series models through the PhoneNET port. If you have both kinds of
AppleTalk networks, you can connect the LocalTalk network to the
network to the Ethernet ports. AppleTalk traffic will be routed
between these two networks.
Before connecting the Netopia Router to any AppleTalk LANs that
contain other AppleTalk routers, you should read “Routers and
seeding” in “Routers and seeding” on page 6-5.
Reference Guide
See the sections later in this chapter for details on how to connect
the Netopia Router to the two types of networks.
Readying computers on your local network
PC and Macintosh computers must have certain components
installed before they can communicate through the Netopia Router.
The following illustration shows the minimal requirements for a
typical PC or Macintosh computer.
Application software
TCP/ IP stack
Ethernet/ EtherTalk/ LocalTalk Driver
Your PC
or Macintosh
To the Netopia Router
Application software: This is the software you use to send e-mail,
browse the World Wide Web, read newsgroups, etc. These
applications may require some configuration. Examples include the
Eudora Light e-mail client, and the web browsers Microsoft’s
Internet Explorer and Netscape Navigator.
TCP/ IP stack: This is the software that lets your PC or Macintosh
communicate using Internet protocols. TCP/ IP stacks must be
configured with some of the same information you used to configure
the Netopia Router. There are a number of TCP/ IP stacks available
for PC computers. Windows 95 includes a built-in TCP/ IP stack.
Macintosh computers use either MacTCP or Open Transport.
Ethernet: Ethernet hardware and software drivers enable your PC or
Macintosh computer to communicate on the LAN.
Connecting Your Local Network
EtherTalk and LocalTalk: These are AppleTalk protocols used over
Once the Netopia Router is properly configured and connected to
your LAN, PC and Macintosh computers that have their required
components in place will be able to connect to the Internet or other
remote IP networks.
Connecting to a LocalTalk network—for 400 series models
Connect one end of the LocalTalk cable to the Netopia Router’s
PhoneNET port. Connect the other end of the cable to your LocalTalk
If your LocalTalk network is not based on standard PhoneNET
cabling, use a PhoneNET-to-LocalTalk adaptor cable. Connect the
adaptor cable’s RJ-11 connector to the Netopia Router. Connect the
cable’s mini-DIN-3 connector to your LocalTalk network.
The PhoneNET port is terminated, so the Netopia Router should
only be used at the end of your LocalTalk network. Be sure to
observe the standard rules governing maximum cable lengths and
limits on the number of nodes on a PhoneNET network.
Note: Make sure you do not connect your LocalTalk network to the
Telco port, one of the EtherWave ports, or one of the POTS (Phone 1
and 2) ports.
Reference Guide
Connecting to an Ethernet network
The Netopia Router supports an Ethernet connection to either its
AUI or its EtherWave ports. The Router’s autosensing feature
eliminates the need for a switch; connection to the AUI or
EtherWave ports is automatically detected and the connected port
is used.
You can connect several types of Ethernet networks to the Netopia
Router. Most are distinguished by the type of cable they use. The
table below displays some important attributes of four types of
Max. length of backbone,
branch, or end to end (cable
330 feet
(100 meters)
330 feet
600 feet
1500 feet
(100 meters) (185 meters) (450 meters)
Twisted pair
Twisted pair Flexible (thin)
Cable type
Netopia Router port used
Maximum 8
devices (daisy
No daisy
Other restrictions
Do not connect to both the AUI and EtherWave ports. Connect to
either the AUI port or to the EtherWave ports. Connecting to both
the AUI and EtherWave ports will result in communications errors on
the networks connected to these ports.
Connecting Your Local Network
To add the Netopia Router to your EtherWave daisy chain, use a
10Base-T cable with RJ-45 connectors. The router can be connected
to your EtherWave network at any point in the daisy chain.
NuBus Card
ISA Card
AAUI Transceiver
Printer Adapter
The Netopia Router in the middle of an EtherWave daisy chain
NuBus Card
ISA Card
AAUI Transceiver
Printer Adapter
The Netopia Router in the middle of an EtherWave daisy chain that’s part of a
larger network
Reference Guide
You may use either or both of the EtherWave ports to connect the
Netopia Router, as needed. No termination is necessary, even when
the router is at the end of your EtherWave network.
The Netopia Router at the end of an EtherWave daisy chain
Connecting Your Local Network
You can connect a 10Base-T Ethernet network to the Netopia Router
either through one of its EtherWave ports or through its AUI port.
The Netopia Router in a 10Base-T network
To connect your 10Base-T network to the Netopia Router through its
EtherWave port, use a 10Base-T cable with RJ-45 connectors. You
may connect your 10Base-T network to either EtherWave port.
NuBus Card
ISA Card
Printer Adapter
When there are no more free ports on the 10Base-T hub, the network can be
extended using EtherWave.
Reference Guide
Thick and Thin Ethernet
You can connect a 10Base-5 (Thick Ethernet) or 10Base-2 (Thin
Ethernet) network to the Netopia Router’s AUI port.
To connect your 10Base-5 network to the Netopia Router’s AUI port,
use a standard Ethernet 10Base-5 transceiver and cable.
To connect your 10Base-2 network to the Netopia Router’s AUI port,
use a standard Ethernet 10Base-2 transceiver and cable.
Connecting to a 10Base-2 network using Farallon’s EtherMac Transceiver
Chapter 4
IP Setup
The Netopia Router uses Internet Protocol (IP) to communicate both
locally and with remote networks. This chapter shows you how to
configure the Router to effectively route IP traffic. You also learn
how to configure the Router to serve IP addresses to hosts on your
local network.
Some models of the Netopia Router support the SmartIP feature,
which includes Network Address Translation (NAT).
NAT is a powerful feature that allows the user to represent an entire
LAN to the outside world as a single IP address. Instead of having
an ISP assign a separate IP address for each computer on the
network, the ISP provides one public IP address called a proxy
address. Each computer then has a separate private IP address, but
uses the proxy address to communicate with the outside world.
Key Features of IP Network Address Translation
NAT is selectable on a per connection basis, optionally allowing
real addresses to be used for intranet connections and proxied
addresses to be used for Internet connections.
The NAT user can use any combination of proxied and
unproxied addresses simultaneously with ISDN on the two
B-channels. For instance, one unproxied address connection
profile can be used to connect to a central office, while another
proxied address connection profile can simultaneously connect
the user’s Netopia Router and LAN to the Internet.
Reference Guide
The single proxy address is acquired at connection time from
the answering side. The address can be assigned by the
remote router from either a dynamic pool of addresses or a
fixed, static address.
Static NAT (Network Address Translation) Security is made
simpler and more reliable by only having to firewall one IP
address and by obscuring the internal network structure from
the Internet.
Using NAT
Follow these steps to use NAT.
1. Pick a network number for your local (internal) network. This
can be any IP address range you want. For this example, we will
Note: The outside world (the external network) will not see this
network number.
2. Using the internal network number, assign addresses to the
local nodes on your LAN. For example, you may assign
■ to your Netopia Router to a node running as a World Wide Web server to an FTP server to a Macintosh computer to a Windows 95 PC
3. Create a connection profile for your ISP or other remote net-
work. See “Adding a Connection Profile” on page 2-16. In the IP
Profile Parameters screen, toggle Address Translation Enabled
to Yes, to turn on NAT for this profile.
4. When your Netopia Router calls the ISP, the remote router that
answers the call assigns your Netopia Router an IP address
that external users use to communicate with your network. To
view this address, go to the QuickView menu and check More
Info in the Current Status section of the profile.
IP Setup
In the following example screen, is assigned to
the calling Netopia Router.
Note: The QuickView screen varies by your Netopia Router
model and line type.
Quick View
Ethernet Address - 00-00-c5-ff-60-8d Current Date - 5/31/97 03:09:43PM
Firmware Version -- 3.0
IP Address -
AppleTalk ET Address - 33051:150
AppleTalk LT Address - 33050:149
IPX Network Address - 00000000
Current ISDN Connection Status
---Profile Name-------State--%Use---Remote Address--------Est.----More Info-----
LED Status
-----ETHERNET------+--CH1-----MGMT----CH2---+-CARD-+-PWR +-------LEDS--------
- -
- - - -
|'-'= Off 'E'= Error
O |'O' = On '*'= Blink
Internal users can access the Internet as they always do; the
external Internet, however, views all traffic that the computers
generate on the internal network as originating from Similarly, all traffic received by your Netopia
Router on that network is addressed to
Reference Guide
Associating port numbers with nodes
When an IP client, such as a Netscape or Microsoft Internet Explorer
web browser, wants to establish a session with an IP server, such
as a web server, the client must know the IP address to use and the
IP port where the traffic is to be directed.
Just as an IP address specifies a particular computer on a network,
ports are addresses that specify a particular service in a computer.
There are many universally agreed-upon ports assigned to various
services. For example:
Web servers use port number 80.
FTP servers use port number 21.
Telnet uses port number 23.
SNMP uses port number 161.
The Netopia Router lets you associate these and other port
numbers with nodes on your internal LAN. See page 4-8 for details
on how to accomplish this.
IP Setup
NAT guidelines
Observe the following guidelines when using Network Address
The router can export just one local IP address per TCP port, so
you can have just one machine available for a given service,
such as one FTP server. However, some services, such as Web
servers (www-http servers), allow you to change the TCP port
on both the server and client. With two different TCP ports
exported, you can have Web servers on two different IP hosts.
Associate your primary Domain Name Server (DNS) with
whichever profile is more accessible. If neither profile is
dial-on-demand, you may associate a secondary DNS with the
other profile.
You can enable Network Address Translation on one connection
profile, disable it on another, and use the two profiles simulta-
neously. The profiles might have the following attributes:
A profile with Network Address Translation disabled connects to
your branch or main office. Your company network
administrator has assigned you a local IP address range that is
consistent with the address space assigned to your company
so that you seamlessly integrate when connected. The remote
IP address and mask for this profile define only the company’s
address space, so that the only IP traffic you send over this
connection is for hosts and servers within your company.
A Network Address Translation profile connects to the Internet
via an ISP. Even though the ISP assigns you a dynamic address
each time you connect, there will be no address space conflict,
since Network Address Translation hides the corporate address
you use locally. You enter the ISP’s remote IP address as your
default IP gateway so that any IP traffic not intended for your
corporate intranet will be directed to the ISP.
Reference Guide
IP setup
IP Setup
IP Options
The IP Setup options screen is where you configure the Ethernet
side of the Netopia Router. The information you enter here controls
how the Router routes IP traffic.
Consult your network administrator or Internet Service Provider to
obtain the IP setup information (such as the Ethernet IP Address,
Ethernet Subnet Mask, Default IP Gateway and DNS Server IP
Address) you will need before changing any of the settings in this
screen. Changes made in this screen will take effect only after the
Netopia Router is reset.
To go to the IP Setup options screen, from the Main Menu select
Advanced Configuration and then select Network Protocols Setup
and then select IP Setup.
Note: If you have completed Easy Setup, the information you have
already entered will appear in the IP Setup options screen.
IP Setup
Small Office models only
IP Setup
Ethernet IP Address:
Ethernet Subnet Mask:
Default IP Gateway:
DNS Server:
Secondary DNS Server:
Domain Name:
Exported Services...
Follow these steps to configure IP Setup for your Small Office
Netopia Router:
Select Ethernet IP Address and enter the IP address for the
Netopia Router’s Ethernet port.
Select Ethernet Subnet Mask and enter the subnet mask for
the Ethernet IP Address that you entered in the last step.
Select Default IP Gateway and enter the IP address for a
default gateway. This can be the address of any major router
accessible to the Netopia Router.
A default gateway should be able to successfully route packets
when the Netopia Router cannot recognize the intended
recipient’s IP address. A typical example of a default gateway is
the ISP’s router.
Select DNS Server and enter the IP address for a domain name
server. The domain name server matches the alphabetic
addresses favored by people (for example, to
the IP addresses actually used by IP routers (for example,
Reference Guide
If a secondary DNS server is available, select Secondary DNS
Server and enter its IP address. The secondary DNS server is
used by the Netopia Router when the primary DNS server is
inaccessible. Entering a secondary DNS is useful but it is not
Select Domain Name and enter your network’s domain name
(for example, Entering a Domain Name is
strongly recommended.
Models supporting
SmartIP only
Select Exported Services. The Exported Services screen
appears with three options, Show/ Change Exports, Add
Export, and Delete Export.
Exported Services
(Local Port to IP Address Remapping)
Show/Change Exports...
Add Export...
Delete Export...
Select Add Export. The Add Exported Service screen appears.
Add Exported Service
Local Server's IP Address:
IP Setup
Select Service. A pop-up menu of services and ports appears.
Add Exported Service
| ftp
| telnet
| smtp
| tftp
| gopher
| finger
Local Server's IP Address:
| www-http 80
| pop2
| pop3
| snmp
| chat
109 |
110 |
161 |
531 |
| Other...
Select any of the services/ ports and press Return to associate
it with the address of a server on your local area network.
Press the Escape key when you are finished configuring
Exported Services to go back to the IP Setup screen.
Reference Guide
Non-Small Office models
IP Setup
Ethernet IP Address:
Ethernet Subnet Mask:
Default IP Gateway:
DNS Server:
Secondary DNS Server:
Domain Name:
Receive RIP:
Transmit RIP:
Static Routes...
Set up the basic IP attributes of your Netopia in this screen.
Follow these steps to configure IP Setup for your Corporate Netopia
Select Ethernet IP Address and enter the IP address for the
Netopia Router’s Ethernet port.
Select Ethernet Subnet Mask and enter the subnet mask for
the Ethernet IP Address that you entered in the last step.
Select Default IP Gateway and enter the IP address for a
default gateway. This can be the address of any major router
accessible to the Netopia Router.
A default gateway should be able to successfully route packets
when the Netopia Router cannot recognize the intended
recipient’s IP address. A typical example of a default gateway is
the ISP’s router.
IP Setup
Select DNS Server and enter the IP address for a domain name
server. The domain name server matches the alphabetic
addresses favored by people (for example,
to the IP addresses actually used by IP routers (for example,
If a secondary DNS server is available, select Secondary DNS
Server and enter its IP address. The secondary DNS server is
used by the Netopia Router when the primary DNS server is
inaccessible. Entering a secondary DNS is useful but it is not
Select Domain Name and enter your network’s domain name
(for example, Entering a Domain Name is
strongly recommended.
Non-Small Office models
If there are IP routers on your Ethernet network that the Netopia
Router needs to recognize, select Receive RIP and toggle it to
On. With Receive RIP on, the Netopia Router’s Ethernet port will
accept routing information provided by Routing Information
Protocol (RIP) packets. RIP is used on all Netopia Router
models except the SO-Smart models.
Non-Small Office models
If you want the Netopia Router to advertise its routing table to
other routers via RIP, select Transmit RIP and toggle it to On.
With Transmit RIP on, the Netopia Router will generate RIP
packets to those other routers.
Non-Small Office models
Select Static Routes to manually configure IP routes. See the
following section.
Static routes
Static routes are IP routes that are maintained manually. Each static
route acts as a pointer that tells the Netopia Router how to reach a
particular network. However, static routes are used only if they
appear in the IP routing table, which contains all of the routes used
by the Netopia Router (see “IP routing table” on page 9-13).
Reference Guide
Static routes are helpful in situations where a route to a network
must be used and other means of finding the route are unavailable.
For example, static routes are useful when you cannot rely on RIP.
To go to the Static Routes screen, select the Static Routes item in
the IP Setup screen.
Static Routes
Display/Change Static Route...
Add Static Route...
Delete Static Route...
Configure/View/Delete Static Routes from this and the following Screens.
Viewing static routes
To display a view-only table of static routes, select Display/ Change
Static Route in the Static Routes screen.
+-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+
Select a Static Route to modify.
The table has the following columns:
Dest. Network: The network IP address of the destination network.
Subnet Mask: The subnet mask associated with the destination
IP Setup
Next Gateway: The IP address of the router that will be used to
reach the destination network.
Priority: An indication whether the Netopia Router will use the static
route when it conflicts with information received from RIP packets.
Enabled: An indication whether the static route should be installed
in the IP routing table.
Adding a static route
To add a new static route, select Add Static Route in the Static
Routes screen and go to the Add Static Route screen.
Add Static Route
Static Route Enabled:
Destination Network IP Address:
Destination Network Subnet Mask:
Next Gateway IP Address:
Route Priority...
Advertise Route Via RIP:
Configure a new Static Route in this Screen.
Route Enabled and toggle it to Yes. To remove the static route
from the IP routing table, select Static Route Enabled and
toggle it to No.
Be sure to read the rules on the installation of static routes in
the IP routing table. See “Rules of static route installation” on
page 4-15.
Select Destination Network IP Address and enter the network
IP address of the destination network.
Reference Guide
Select Destination Network Subnet Mask and enter the subnet
mask used by the destination network.
Select Next Gateway IP Address and enter the IP address for
the router that the Netopia Router will use to reach the
destination network. This router does not necessarily have to
be part of the destination network, but it must at least know
where to forward packets destined for that network.
Select Route Priority and choose High or Low. High means that
the static route takes precedence over RIP information; Low
means that the RIP information takes precedence over the
static route.
If the static route conflicts with a connection profile, the
connection profile will always take precedence.
To make sure that the static route is known only to the Netopia
Router, select Advertise Route Via RIP and toggle it to No. To
allow other RIP-capable routers to know about the static route,
select Advertise Route Via RIP and toggle it to Yes. When
Advertise Route Via RIP is toggled to Yes, a new item called
RIP Metric appears below Advertise Route Via RIP.
With RIP Metric you set the number of routers, from 1 to 15,
between the sending router and the destination router. The
maximum number of routers on a packet’s route is 15. Setting
RIP Metric to 1 means that a route can involve 15 routers,
while setting it to 15 means a route can only involve one router.
Select ADD STATIC ROUTE NOW to save the new static route,
or select CANCEL to discard it and return to the Static Routes
Up to 16 static routes can be created, but one is always
reserved for the default gateway, which is configured using
either Easy Setup or the IP Setup screen in Advanced
IP Setup
Modifying a static route
To modify a static route, select Display/ Change Static Route in the
Static Routes screen to display a table of static routes.
Select a static route from the table and go to the Change Static
Route screen. The parameters in this screen are the same as the
ones in the Add Static Route screen (see “Adding a static route” on
page 4-13).
Deleting a static route
To delete a static route, select Delete Static Route in the Static
Routes screen to display a table of static routes. Select a static
route from the table and press Return to delete it. To exit the table
without deleting the selected static route, press the Escape key.
Rules of static route installation
The Netopia Router applies certain rules before installing enabled
static routes in the IP routing table. An enabled static route will not
be installed in the IP routing table if any of the following conditions
are true:
The static route’s Next Gateway IP Address matches the IP
address used by a connection profile or the Netopia Router’s
Ethernet port.
The static route’s Next Gateway IP Address matches an IP
address in the range of IP addresses being distributed by
MacIP or DHCP.
The static route’s Next Gateway IP Address is determined to
be unreachable by the Netopia Router.
The static route’s route information conflicts with a connection
profile’s route information.
The connection profile associated with the static route is set for
dial-in connections only, and there is no incoming call
connected to that connection profile.
Reference Guide
The connection profile associated with the static route has a
disabled dial-on-demand setting, and there is no current
connection using that connection profile.
A static route is already installed in the IP routing table will be
removed if any of the conditions listed above become true for that
static route. However, an enabled static route is automatically
reinstalled once the conditions listed above are no longer true for
that static route.
IP address serving
• DHCP Setup
• BOOTP Setup
• MacIP Setup
In addition to being a router, the Netopia Router is also an IP
address server. There are four protocols it can use to distribute IP
The first, called Dynamic Host Configuration Protocol (DHCP),
is widely supported on PC networks, as well as Apple
Macintosh computers using Open Transport and computers
using the UNIX operating system. Addresses assigned via
DHCP are “leased” or allocated for a short period of time; if a
lease is not renewed, the address becomes available for use by
another computer. DHCP also allows most of the IP
parameters for a computer to be configured by the DHCP
server, simplifying setup of each machine.
The second, called BOOTP (also known as Bootstrap Protocol),
is the predecessor to DHCP and allows older IP hosts to obtain
most of the information that a DHCP client would obtain.
However, in contrast, BOOTP address assignments are
“permanent” since there is no lease renewal mechanism in
IP Setup
The third protocol, called IPCP, is part of the PPP/ MP suite of
wide area protocols used for ISDN WAN connections. It allows
remote terminal adapters and NAT-enabled routers to be
assigned a temporary IP address for the duration of their
The fourth protocol, called MacIP, is used only for computers
on AppleTalk networks. MacIP provides a protocol translation
(or gateway) function between IP and AppleTalk as well as an IP
address assignment mechanism. Like DHCP, MacIP address
assignments are normally temporary, although you may also
use static IP addresses with MacIP.
Since no two hosts can use the same IP address at the same time,
make sure that the addresses distributed by the Netopia Router,
and those that are manually configured are not the same. Each
method of distribution must have its own exclusive range of
addresses to draw from.
To go to the IP Address Serving screen, select IP Address Serving
in the Advanced Configuration screen and press Return.
IP Address Serving
Server Name is
Netopia PN455 #221393
Number of Client IP Addresses:
1st Client Address:
Serve DHCP Clients:
DHCP Serving Options...
DHCP NetBios Options...
Serve BOOTP Clients:
Serve Dynamic WAN Clients
Serve MacIP/KIP Clients:
MacIP/KIP Static Options...
Configure DHCP, BOOTP, WAN IP, and/or MacIP Address Serving here.
Reference Guide
Follow these steps to configure IP Address Serving:
Server Name is lists the Netopia Router’s name, model number
and individual serial number. It is filled in automatically.
Small Office models only
To serve IP addresses to clients, select IP Address Serving and
toggle it to Yes. Activating IP Address Serving automatically
enables DHCP, WAN clients, and dynamic MacIP/ KIP clients (if
you have an AppleTalk model).
Select Number of Client IP Addresses and enter the total number
of contiguous IP addresses that the Netopia Router will distribute
to the client machines on your local area network.
In the screen example shown above, five Client IP addresses
have been allocated.
Select 1st Client Address and enter the first client IP address
that you will allocate to your first client machine. For instance, on
your local area network you may first want to figure out what
machines are going to be allocated specific static IP addresses
so that you can determine the pool of IP addresses that you will
be serving addresses from via DHCP, BOOTP and or MacIP.
Example: Your ISP has given your Netopia Router the IP address, with a subnet mask of The
subnet mask allocated will give you six IP addresses to use when
connecting to the ISP over the Internet (for more information on
understanding IP addressing refer to Appendix C). Your address
range will be from .137-.143. In this example you would enter as the 1st client address.
Non-Small Office models
To enable DHCP, select Serve DHCP Clients and toggle it to Yes.
DHCP serving is automatic for other models when IP Address
Serving is enabled.
Non-Small Office models
If Yes is selected in Serve DHCP Clients, select DHCP Serving
Options item and press Return. The DHCP Options screen
IP Setup
DHCP Options
Serve Domain Name:
Domain Name:
Serve Default Gateway:
Default Gateway:
Serve DNS Servers:
Primary DNS Server IP Addr.:
Secondary DNS Server IP Addr.:
The DHCP Options screen offers a set of parameters that can be
passed to each client requesting an IP address. These additional
parameters simplify each client’s setup.
Select Serve Domain Name, toggle to Yes, and press Return. By
toggling this item to Yes, once the domain name is entered the
Netopia Router will send this information to client machines
requesting it. (Note that you will need to configure each client
machine for the Netopia Router and clients to communicate with
each other).
In the Domain Name menu item, type in the domain name that
will be used on your network. For example:
Select Serve Default Gateway, toggle to Yes, and press Return.
In the Default Gateway menu item,enter the IP address of the
Netopia Router.
Select Serve DNS Servers, toggle to Yes, and press Return. By
toggling this item to Yes, once the DNS Server’s IP address or
addresses (Primary and Secondary DNS Server IP Address) are
entered the Netopia Router will automatically broadcast this
information to the client machine. (Note that you will need to
configure each client machine for the Netopia Router).
In the Primary DNS Server IP Address menu item, the Primary
DNS Server IP Address will be automatically generated from the
connection profile screen if one has been entered.
Reference Guide
In the Secondary DNS Server IP Address menu item, the
Secondary DNS Server IP Address will be automatically generated
from the connection profile screen, if an address has been
entered. (A secondary DNS IP address is not required, but may
be helpful. For instance, if the Netopia Router attempts to
communicate to the primary DNS but it is unavailable, then it will
attempt to communicate with the secondary DNS. If the
secondary DNS is available and the IP address is resolved than
the Netopia will be able to connect to the ISP or remote network.)
You are now finished setting up DHCP Options. To return to the IP
Address Serving screen press the Escape key once.
DHCP NetBIOS Options
If your network uses NetBIOS, you can enable the Netopia Router to
use DHCP to distribute NetBIOS information.
NetBIOS stands for Network Basic Input/ Output System. It is a layer
of software originally developed by IBM and Sytek to link a network
operating system with specific hardware. NetBIOS has been adopted
as an industry standard. It offers LAN applications, a variety of
“hooks” to carry out inter-application communications and data
transfer. Essentially, NetBIOS is a way for application programs to talk
to the network. To run an application that works with NetBIOS, a
non-IBM network operating system or network interface card must
offer a NetBIOS emulator. Many vendors either provide a version of
NetBIOS to interface with their hardware or emulate its transport layer
communications services in their network products. A NetBIOS
emulator is a program provided by NetWare clients that allow
workstations to run applications that support IBM’s NetBIOS calls.
Select Serve NetBIOS Options and press Return. The DHCP
NetBIOS Options screen will appear.
IP Setup
DHCP NetBios Options
Serve NetBios Type:
NetBios Type...
Type B
Serve NetBios Scope:
NetBios Scope:
Serve NetBios Name Server:
NetBios Name Server IP Addr:
DHCP allows you to allocate IP Addresses dynamically.
To serve DHCP clients with the type of NetBIOS used on your
network, select Serve NetBIOS Type and toggle it to Yes.
From the NetBIOS Type pop-up menu, select the type of NetBIOS
used on your network.
DHCP NetBios Options
Serve NetBios Type:
NetBios Type...
| Type B |
| Type P |
| Type M |
| Type H |
Serve NetBios Scope:
NetBios Scope:
Serve NetBios Name Server:
NetBios Name Server IP Addr:
To serve DHCP clients with the NetBIOS scope, select Serve
NetBIOS Scope and toggle it to Yes.
Select NetBIOS Scope and enter the scope.
To serve DHCP clients with the IP address of a NetBIOS name
server, select Serve NetBIOS Name Server and toggle it to Yes.
Select NetBIOS Name Server IP Address and enter the IP
address for the NetBIOS name server.
Reference Guide
You are now finished setting up DHCP NetBIOS Options. To return
to the IP Address Serving screen press the Escape key once.
To enable BOOTP’s address serving capability, select Serve
BOOTP Clients and toggle to Yes.
Note: Addresses assigned through BOOTP are permanently
allocated from the IP Address Serving pool. To release these
addresses, toggle Serve BOOTP Clients to No and restart your
Netopia Router.
MacIP (Kip Forwarding) Options
When hosts using AppleTalk (typically those using LocalTalk) are not
directly connected to an IP network (usually an ethernet), they must
use a MacIP (AppleTalk-IP) gateway. Such a service is provided by
AppleTalk models of the Netopia Routers. A MacIP gateway converts
network traffic into the correct format for AppleTalk or IP, depending
on the traffic’s destination. The MacIP gateway can also distribute IP
addresses to AppleTalk computers on the network.
Note: Macintosh computers that have LocalTalk or EtherTalk selected
in the MacTCP control panel, or “AppleTalk (MacIP)” selected in the
TCP/ IP control panel, must use the MacIP gateway to communicate
with the Internet or any other IP network. Users should point their
MacTCP or TCP/ IP control panel to look in the LocalTalk zone for the
MacIP server. Macintosh computers that have Ethernet selected in
the MacTCP or TCP/ IP control panel can do their own AppleTalk-IP
Setting up MacIP involves choosing MacIP dynamic address serving
and then configuring that type. KIP forwarding is simply a method for
distributing IP addresses to AppleTalk clients.
To go to the MacIP Setup screen, select MacIP/ KIP Clients in the IP
Address Serving screen from the Advanced Configuration menu.
Non-Small Office
AppleTalk models only
Select Serve Mac IP/ KIP Clients and toggle to Yes, to enable
MacIP/ KIP address serving capability. This option is
automatically enabled on Small Office models if AppleTalk and IP
Address Serving are enabled.
IP Setup
Non-Small Office
AppleTalk models only
Select MacIP/ KIP Static Options and press Return. The MacIP
(KIP) Forwarding Setup screen tells the Netopia Router how many
static addresses to allocate for MacIP/ KIP clients. The addresses
must fall within the address pool from the previous screen. You
will need to enter the number of static MacIP addresses to
reserve in this screen. Note that the address pool IP range will
also be listed for your referral in this screen.
MacIP (KIP) Forwarding Setup
This screen tells the Netopia how many static addresses to allocate for
MacIP/KIP clients. The addresses must fall within the address pool from the
previous screen -- to
Number of Static Addresses:
First Static Client Address:
Reserve static MacIP addresses for KIP Forwarding here.
You have finished setting up IP Setup.
Chapter 5
IPX Setup
Internetwork Packet Exchange (IPX) is the network protocol used by
Novell NetWare networks. This chapter shows you how to configure
the Netopia Router for routing data using IPX. You also learn how to
configure the router to serve IPX network addresses.
The Netopia Router supports the following IPX features:
NetBIOS broadcast packet forwarding (IPX type 20)
IPX packet filtering definable by source and destination IPX
address and socket number, for added security
IPX SAP filtering to aid in optimizing WAN bandwidth
Dial-on-demand features:
Spoofing of IPX keep-alive, SPX, and server serialization
Configurable RIP/ SAP timers on connection profiles
IPX Definitions
This section defines IPX-related protocols such as RIP, SAP and
NetBIOS, in addition to other related terms. See the next section for
setup instructions.
Reference Guide
Internetwork Packet Exchange (IPX)
IPX is a datagram, connectionless protocol that Novell adapted from
Xerox Network System’s (XNS) Internet Datagram Protocol (IDP). IPX
is dynamically routed, and the routing architecture works by
“learning” network addressing automatically.
IPX address
An IPX address consists of a network number, a node number, and a
socket number. An IPX network number is composed of eight
hexadecimal digits. The network number must be the same for all
nodes on a particular physical network segment. The node number
is composed of twelve hexadecimal digits and is usually the
hardware address of the interface card. The node number must be
unique inside the particular IPX network. Socket numbers
correspond to the particular service being accessed.
A socket in IPX is the equivalent of a port in TCP/ IP. Sockets route
packets to different processes within a single node. Novell has
reserved several sockets for use in the NetWare environment:
Field Value
Packet Type
Unknown Packet Type
Used for all packets not
classified by any other type
Routing Information
Unused for RIP packets
Used for SAP packets
Service Advertising
Sequenced Packet
Used for SPX packets
Used for NCP packets
NetWare Core Protocol
Propagated Packet
Used for Novell NetBIOS
IPX Setup
Routing Information Protocol (RIP)
RIP, which was also derived from XNS, is a protocol that allows for
the bidirectional transfer of routing tables and provides timing
information (ticks), so that the fastest route to a destination can be
determined. IPX routers use RIP to create and dynamically maintain
databases of internetwork routing information. See the last section
in this chapter for more information on routing tables.
Service Advertising Protocol (SAP)
SAP is a protocol that provides servers and routers with a method
to exchange service information. Using SAP, servers advertise their
services and addresses. Routers collect this information to
dynamically update their routing tables and share it with other
routers. These broadcasts keep all routers on the internetwork
synchronized and provide real-time information on accessible
servers on the internetwork.
The following is a list of common SAP server types:
Print Queue
File Server
Job Server
Print Server
Archive Server
Remote Bridge Server
Advertising Print Server
Reserved Up To
Reference Guide
NetBIOS is a protocol that performs tasks related to the Transport
and Session layers of the OSI model. It can operate over IPX, using
a special broadcast packet known as “IPX Packet type 20” to
communicate with IPX NetBIOS servers.
IPX Spoofing
Applicable only to ISDN
switched lines
The Netopia has several IPX features designed to restrict the traffic
on the ISDN link when the unit is not sending or receiving IPX data.
When the link is idle and a user is logged into a Novell server, the
server will send “keep alive” packets to ensure the user is still
there. If the link is idle, the “keep alive” packets will be sent back to
the server by the locally connected Netopia router as though they
came back from the user without bringing up the ISDN link.
Similarly, “SPX keep alive” packets are treated in this manner. IPX
RIP, and SAP messages will not be sent if the link is down. Together
these features enable the user to remain connected to a Novell
server or SPX peer without bringing up the ISDN link, except to send
and receive actual user data.
IPX setup
IPX Setup
IP Options
The IPX Setup screen is where you configure the Ethernet side of
the Netopia Router. The information you enter here controls how the
Router routes IPX traffic.
Consult your network administrator for the IPX setup information you
will need before changing any of the settings in this screen.
Changes made in this screen will take effect only after the Netopia
Router is reset.
IPX Setup
To go to the IPX Setup screen, from the Main Menu select Advanced
Configuration and then select Network Protocols Setup and then
select IPX Setup.
Note: If you have completed Easy Setup, the information you have
already entered will appear in the IP Setup options screen.
IPX Setup
IPX Routing:
Ethernet Encapsulation...
Ethernet Network Address:
Ethernet Path Delay:
Ethernet NetBios Forwarding:
Ethernet Inbound SAP Filter Set... <<NONE>>
Default Gateway Address:
Filters and Filter Sets...
IPX Wan Pool Base Address
Set up the basic IPX attributes of your Netopia in this screen.
1. To enable IPX routing, select IPX Routing, toggle it to Yes, and
press Return.
2. To change Ethernet encapsulation from the commonly used
802.3 standard, select Ethernet Encapsulation and choose a
different encapsulation method.
3. Select Ethernet Network Address and enter the network
address of the IPX network connected to the Netopia Router’s
Ethernet port.
Note: If the Ethernet network address is set to zero, the Router
will attempt to learn the address from any configured IPX device
on the Ethernet network or from the remote IPX network when a
call is established.
Reference Guide
4. To change the default path delay, select Ethernet Path Delay
and enter a value (in ticks). This value is used to determine the
port cost of using the Ethernet port in IPX RIP calculations.
5. To enable NetBIOS packet forwarding, select Ethernet NetBIOS
Forwarding and toggle it to Yes. This parameter will determine
whether “IPX Packet type 20” packets are forwarded on the
Ethernet interface. These packets are used by NetBIOS and
some other applications.
6. Select Ethernet Inbound SAP Filter Set to filter incoming IPX
SAP advertisements on the Ethernet. By attaching an incoming
SAP filter on the Ethernet, you can restrict the number of SAP
entries learned on a large IPX network to only those required by
remote users connecting to the Netopia Router. An Ethernet
SAP filter must be used with networks that have so many
servers advertised that the Netopia Router would otherwise
exhaust its internal memory storing server entries.
To attach a SAP filter set, first define the filter set using the
Filters and Filter Sets option (see step 8 below). Then select
the filter set from the Ethernet Incoming SAP Filter Set pop-up
menu. To detach the filter set, select Detach Filter Set.
7. Select Default Gateway Address, and enter the network
address of the IPX network to which all packets of unknown
destination address should be routed.
Note: The Default Gateway Address is usually set up to match
the IPX Address in your network Connection Profile.
8. To configure filters and filter sets, select Filters and Filter Sets
and go to the IPX filters and filter sets screens. For information
on how to configure IPX filters and filter sets, see “IPX filters”
on page 5-8.
9. Select IPX Wan Pool Base Address and enter the first IPX
network address to be allocated to requesting IPX WAN clients.
The base address you enter must not conflict with other IPX
networks assigned to your IPX internet.
IPX Setup
IPX in the answer profile
The answer profile can be configured to accept calls from remote
IPX networks. To configure the answer profile to accept calls from
remote IPX networks, go to the Default Answer Profile screen.
Note: The Default Answer Profile screen varies according to
Default Answer Profile
Force 56k on Answer:
Max. Receive Packet Size:
Stac Data Compression...
Must Match a Defined Profile:
B Channel Usage...
Idle Timeout:
1 B Channel
IP Enabled:
IP Parameters...
IPX Enabled:
IPX Parameters...
Configure values which may be used when receiving a call in this screen.
toggle it to Yes. When IPX Enabled is set to Yes, the item IPX
Parameters appears below it.
To configure IPX routing in the answer profile, select IPX Parameters
and go to the IPX Parameters (Default Answer Profile) screen. The
items in this screen are similar to the IPX Profile Parameters items
of the same name (see page 5-7).
Reference Guide
IPX Parameters (Default Answer Profile)
NetBios Packet Forwarding:
Incoming Packet Filter Set...
Outgoing Packet Filter Set...
Incoming SAP Filter Set...
Outgoing SAP Filter Set...
Detach Filter Sets...
Periodic RIP Timer:
Periodic SAP Timer:
Configure IPX values to use when no matching Profile can be found.
IPX filters
IPX Filters
and Filter Sets
Filter Sets
IPX packet filters work very similarly to IP packet filters. They filter
data traffic coming from or going to remote IPX networks. IPX filters
can be set up to pass or discard IPX packets based on a number of
user-defined criteria. Like IP filters, IPX filters must be grouped in
sets that are applied to the answer profile or to connection profiles.
IPX SAP filters are used for filtering server entries not required to
pass over the WAN links. When connecting to a large IPX network via
ISDN, the transfer of large numbers of SAP entries can consume
significant bandwidth on the WAN link.
Note: Using SAP filtering to prevent a server from being advertised
does not provide security against that server being accessed—IPX
packet filtering must be used for that purpose.
IPX Setup
Setting up and using IPX filter sets is a four-step process:
1. Create the filters to use.
2. Create the filter sets to use.
3. Add filters to the filter sets.
4. Attach the filter sets to the answer profile or to connection
You can configure IPX filters and set up IPX filter sets from the IPX
Filters and Filter Sets screen.
IPX Filters and Filter Sets
Show/Change IPX Packet Filters...
Add IPX Packet Filter...
Delete IPX Packet Filter...
Show/Change IPX Packet Filter Sets...
Add IPX Packet Filter Set...
Delete IPX Packet Filter Set...
Show/Change IPX Sap Filters...
Add IPX Sap Filter...
Delete IPX Sap Filter...
Show/Change IPX Sap Filter Sets...
Add IPX Sap Filter Set...
Delete IPX Sap Filter Set...
Define your filters 1st. IPX Filter Sets refer to, but don't contain, filters.
The items in the IPX Filters and Filter Sets screen are grouped into
four areas:
IPX packet filters
IPX packet filter sets
IPX SAP filters
IPX SAP filter sets
The following sections explain the items in each of these areas.
Reference Guide
IPX packet filters
For each IPX packet filter, you can configure a set of parameters to
match on the source or destination attributes of IPX data packets
coming from or going to the WAN.
Viewing and modifying packet filters
To display a view-only table of IPX packet filters, select
Show/ Change IPX Packet Filters in the IPX Filters and Filter Sets
To modify any of the filters in the table, note the desired filter and
press Return to go to the Change Packet Filter screen. The
parameters in this screen are the same as the ones in the Add
Packet Filter screen (see the next section).
Adding a packet filter
To add a new IPX packet filter, select Add IPX Packet Filter in the
IPX Filters and Filter Sets screen and press Return to go to the Add
Packet Filter screen.
Add Packet Filter
Filter Name:
IPX Filter 1
Source Network:
Source Node Address:
Source Socket:
Destination Network:
Destination Node Address: 000000000000
Destination Socket:
Configure a new IPX Packet Filter. Finished? ADD or CANCEL to exit.
IPX Setup
By default, the filter’s socket numbers and network and node
addresses are null (all zeros). This sets the filter to match on any
IPX data packet. You should configure the filter using criteria that
meet your security needs.
1. Select Filter Name and enter a descriptive name for the filter.
2. To specify a source network for the filter to match on, select
Source Network and enter an IPX network address.
3. To specify a source node for the filter to match on, select
Source Node Address and enter an IPX node address.
4. To specify a source socket for the filter to match on, select
Source Socket and enter an IPX source socket number.
5. To specify a destination network for the filter to match on,
select Destination Network and enter an IPX network address.
6. To specify a destination node for the filter to match on, select
Destination Node Address and enter an IPX node address.
7. To specify a destination socket for the filter to match on, select
Destination Socket and enter an IPX destination socket
8. Select ADD FILTER NOW to save the current filter. Select
CANCEL to exit the Add Packet Filter screen without saving the
new filter.
Deleting a packet filter
To delete a packet filter, select Delete IPX Packet Filter in the IPX
Filters and Filter Sets screen to display a table of filters. Select a
filter from the table and press Return to delete it. Press the Escape
key to exit the table without deleting the filter.
IPX packet filter sets
Before the individual filters can be used, IPX packet filters must be
grouped into sets. A filter can be part of more than one filter set.
Reference Guide
Viewing and modifying packet filter sets
To display a table of IPX packet filter sets, select Show/ Change IPX
Packet Filter Sets in the IPX Filters and Filter Sets screen.
To modify any of the filter sets in the list, select the desired filter set
and press Return to go to the Change Packet Filter Set screen. The
parameters in this screen are the same as the ones in the Add
Packet Filter Set screen (see the next section).
Adding a packet filter set
To add a new IPX packet filter set, select Add IPX Packet Filter Set
in the IPX Filters and Filter Sets screen and press Return to go to
the Add Packet Filter Set screen.
Add Packet Filter Set
Filter Set Name:
Show Filters/Change Action on Match...
Append Filter...
Detach Filter...
Modify an IPX Packet Filter here. Changes are immediate.
Follow these steps to configure the new packet filter set:
1. Select Filter Set Name and enter a descriptive name for the
filter set.
2. To change the forwarding action of filters in the filter set, select
Show Filters/ Change Action on Match and press Return to go
to the Show Filters/ Change Actions on Match screen.
IPX Setup
Show Filters/Change Actions on Match
Filter Name---------------------Forward
Filter 1
Filter 2
Set whether filters forward or drop matching packets here.
Select a filter and toggle the packet forwarding action to Yes
(pass) or No (discard).
3. To add a filter to the filter set, select Append Filter to display a
table of filters. Select a filter from the table and press Return to
add it to the filter set. The default action of newly added filters
is to not forward packets that match their criteria.
To exit the table without adding the filter, press the Escape key.
4. To remove a filter from the filter set, select Detach Filter to
display a table of appended filters. Select a filter from the table
and press Return to remove it from the set. To exit the table
without removing the filter, press the Escape key.
5. Select ADD FILTER SET NOW to save the current filter set.
Select CANCEL to exit the Add Packet Filter Set screen without
saving the new filter set.
Deleting a packet filter set
To delete a packet filter set, select Delete IPX Packet Filter Set in
the IPX Filters and Filter Sets screen to display a list of filter sets.
Select a filter set from the list and press Return to delete it. Press
the Escape key to exit the list without deleting the filter set.
Note: Deleting a filter set does not delete the filters in that set.
However, the filters in the deleted set are no longer in effect (unless
they are part of another set). The deleted set will no longer appear
in the answer profile or any connection profiles to which it was
Reference Guide
IPX SAP filters
For each IPX SAP filter, you can configure a set of parameters to
match on certain attributes of IPX SAP packet entries. The filters
check IPX SAP packets for entries that match and then act on those
entries. The SAP packets themselves are always allowed to
continue after their entries are checked.
The purpose of filtering SAP packets is not to make your network
more secure, but to add efficiency to network bandwidth use.
Filtering SAP packets may reduce the size of SAP packets and SAP
bindery tables by removing unwanted entries.
Viewing and modifying SAP filters
To display a table of IPX SAP filters, select Show/ Change IPX SAP
Filters in the IPX Filters and Filter Sets screen.
To modify any of the filters in the table, select the desired filter and
press Return to go to the Change SAP Filter screen. The parameters
in this screen are the same as the ones in the Add SAP Filter screen
(see the next section).
Adding a SAP filter
To add a new IPX SAP filter, select Add IPX SAP Filter in the IPX
Filters and Filter Sets screen and press Return to go to the Add SAP
Filter screen.
IPX Setup
Add SAP Filter
Filter Name:
Server Name:
IPX Network:
IPX Node Address:
Configure a new IPX SAP Filter. Finished? ADD or CANCEL to exit.
By default, the filter’s socket and type numbers and network and
node addresses are null (all zeros). This sets the filter to match on
any IPX SAP packet entry. You should configure the filter using
criteria that meet your needs.
Follow these steps to configure the new SAP filter:
1. Select Filter Name and enter a descriptive name for the filter.
2. To specify a server name for the filter to match on, select
Server Name and enter the name of an IPX server. You can use
the wildcard characters * (asterisk) and ? (question mark). Use
* to match any string, including a null string (no characters),
and ? to match any single character in the server’s name. For
example, the filter could match on the server name
3. To specify a socket for the filter to match on, select Socket and
enter an IPX socket number.
4. To specify a type number for the filter to match on, select Type
and enter an IPX type number.
5. To specify an IPX network address for the filter to match on,
select IPX Network and enter an IPX network address.
Reference Guide
6. To specify an IPX node address for the filter to match on, select
IPX Node Address and enter an IPX node address.
7. Select ADD FILTER NOW to save the current filter. Select
CANCEL to exit the Add SAP Filter screen without saving the
new filter.
Deleting a SAP filter
To delete a SAP filter, select Delete IPX SAP filter in the IPX Filters
and Filter Sets screen to display a table of filters. Select a filter from
the table and press Return to delete it. Press the Escape key to exit
the table without deleting the filter.
IPX SAP filter sets
Before IPX SAP filters can be used, they must be grouped into sets.
A SAP filter can be part of more than one filter set.
Viewing and modifying SAP filter sets
To display a table of IPX SAP filter sets, select Show/ Change IPX
SAP Filter Sets in the IPX Filters and Filter Sets screen to display a
list of filter sets.
To modify any of the filter sets in the list, select the desired filter set
and go to the Change SAP Filter Set screen. The parameters in this
screen are the same as the ones in the Add SAP Filter Set screen
(see the previous section).
Adding a SAP filter set
To add a new IPX SAP filter set, select Add IPX SAP Filter Set in the
IPX Filters and Filter Sets screen and go to the Add SAP Filter Set
IPX Setup
Add SAP Filter Set
Filter Set Name:
Show Filters/Change Action on Match...
Append Filter...
Detach Filter...
Modify an IPX SAP filter here. Changes are immediate.
Follow these steps to configure the new SAP filter set:
1. Select Filter Set Name and enter a descriptive name for the
filter set.
2. To change the forwarding action of filters in the filter set, select
Show Filters/ Change Action on Match and press Return to go
to the Show Filters/ Change Actions on Match screen.
Show Filters/Change Actions on Match
Filter Name---------------------Forward
Filter 1
Filter 2
Set whether filters forward or drop matching packets here.
Select a filter and toggle the entry forwarding action to Yes
(pass) or No (discard).
Reference Guide
3. To add a filter to the filter set, select Append Filter to display a
table of filters. Select a filter from the table and press Return to
add it to the filter set. The default action of newly added filters
is to not forward (discard) packet entries that match their
To exit the table without adding the filter, press the Escape key.
4. To remove a filter from the filter set, select Detach Filter to
display a table of appended filters. Select a filter from the table
and press Return to remove it from the set. To exit the table
without removing the filter, press the Escape key.
5. Select ADD FILTER SET NOW to save the current filter set.
Select CANCEL to exit the Add SAP Filter Set screen without
saving the new filter set.
Deleting a SAP filter set
To delete a SAP filter set, select Delete IPX SAP Filter Set in the IPX
Filters and Filter Sets screen to display a list of filter sets. Select a
filter set from the list and press Return to delete it. Press the
Escape key to exit the list without deleting the filter set.
Note: Deleting a filter set does not delete the filters in that set.
However, the filters in the deleted set are no longer in effect (unless
they are part of another set). The deleted set will no longer appear
in the answer profile or any connection profiles to which it was
IPX Setup
IPX routing tables
• IPX Routing Table
• IPX SAP Bindery Table
Statistics, Utilities, Tests
Routing Tables
IPX routing tables provide information on current IPX routes and
To go to the IPX Routing Table screen, select IPX Routing Table in
the Routing Tables screen. This table shows detailed information
about current IPX network routes.
IPX Routing Table
Net Addr-Hops-Ticks-Type--Status-Interface--------------via Router------------
-----------------------------------SCROLL UP----------------------------------
12 RIP
14 RIP
Active Ethernet
Active Ethernet
Active Ethernet
Active Ethernet
Active Ethernet
---------------------------------SCROLL DOWN-----------------------------
To go to the IPX SAP Bindery Table screen, select IPX SAP Bindery
Table in the Routing Tables screen. This table shows detailed
information about available IPX services and their location.
Chapter 6
AppleTalk Setup
This chapter discusses the concept of AppleTalk routing and how to
configure AppleTalk Setup for a Netopia Router with AppleTalk
capability. AppleTalk is available on the Netopia Router’s 400 series
which includes both the Small Office and Corporate models. This
chapter will discuss both versions. Skip this chapter if this
information does not apply to your particular Netopia model.
AppleTalk networks
A network is a communication system that connects computers
together to share information using network services, such as
electronic mail, print spoolers, and file servers. Information is
transferred over a cabling system or WAN using a common set of
protocols. You can think of the cabling system as an organization of
cities, streets, and buildings and the protocols as the method of
sending letters or packages, as illustrated on the following pages. A
cable is the physical medium (for example, twisted pair or coaxial)
over which information travels from one device to another.
AppleTalk is a protocol set for local area networks developed by
Apple Computer. While initially applied to the LocalTalk cabling
system for connecting Macintosh computers and LaserWriters, it
has been expanded to use other cabling systems, such as Ethernet,
as well as the dial-up telephone networks and packet switching
systems. LocalTalk was originally known as the AppleTalk Personal
Network system.
Reference Guide
Each computer or peripheral device (printer, client, file server)
connected to a network is called a node and has a unique node
address, which can be any number from 1 to 254. Whenever you
open the Chooser or any application that communicates with other
computers on your network, your application compiles a list of all
node names and addresses. All you see are the names --- for
example, “Paul’sMac,” “TechSportsWriter,” or “2nd Floor
AppleShare” --- but your application also knows the node addresses
of all these devices.
When you send information, commands, or requests to a printer,
server, or another workstation, your application formats the
information into units known as packets. It then attaches the
correct address to the packets and sends them to the AppleTalk
software on your computer, which forwards the packets across the
network. Packets also include a return address, so the receiver will
know where to reply.
If the cabling of your network were a street system, then a node
address would correspond to a building’s street address. Node
addresses are not permanent. Each AppleTalk device determines its
node address at startup. Although a Macintosh that is starting up
will try to use its previous address, the address will often be
different every time you restart. This dynamic node addressing
scheme prevents conflicts when devices are moved between
networks and simplifies the administrative tasks of a network. If you
have only one network, the node address alone is all the
information AppleTalk needs to send a packet from one computer to
However, networks can be connected together through routers,
such as the Netopia Router, into an internetwork (often shortened
to internet). Because devices on different networks can have
duplicate node numbers, AppleTalk tells them apart according to an
additional part of their addresses: the network number.
The Router assigns a unique network number to each member
network. In terms of the city street metaphor, the network number is
similar to the name of the city. Putting a network number together
with a node number fully specifies the address of a node on an
AppleTalk Setup
To make the services on an internet manageable, groups of devices
on a network can be grouped into zones. When this is done,
selecting a network service (server, etc.) includes choosing a zone
from which the service can be selected. Like network numbers,
zone names are assigned by routers.
A routing table is maintained by each AppleTalk router. The table
serves as a map of the internet, specifying the path and distance,
in hops, between its router and other networks. The routing table is
used to determine whether a router will forward a data packet and,
if so, to which network.
You can use the information in the AppleTalk routing table to
observe and diagnose the Netopia Router’s current connections to
other AppleTalk routers. To go to the AT Routing Table screen from
the Netopia Router’s console, select Statistics, Utilities, Tests
from the Main Menu and then select Routing Tables and AppleTalk
Routing Table.
AT Routing Table
-Net---Range--Def Zone Name----------Hops-State-Next Rtr Addr.--Pkts Fwded
----------------------------------SCROLL UP--------------------------
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Customer Service
UNIX Services
---------------------------------SCROLL DOWN-------------------------
UPDATE'*' Entries have multiple zone names. Return/Enter on these to see zone list.
Reference Guide
A router has multiple communications ports and is capable of
forwarding information to other routers and devices on the internet.
The router performs packet forwarding, network and device address
maintenance, and other administrative functions required by the
AppleTalk protocols. The distinction between routers and bridges is
an important one:
A true bridge, like a router, is used to join two cable segments
and filter traffic between them. The result is still one expanded
network rather than an internet. Bridges do not assign network
numbers or zone names, nor do they maintain network maps.
A router maintains the separate identities of the networks it
connects; the result is an internet.
When Macintosh computers encapsulate TCP/ IP packets in
administrative reasons, they must use the services of a MacIP
gateway. This gateway converts network traffic into the correct
format for AppleTalk or IP, depending on the traffic’s destination.
Setting up MacIP involves enabling the feature and optionally setting
up a range of addresses to be static.
See Chapter 4, “IP Setup.” for more information on how to set up
MacIP and other IP addressing schemes.
AppleTalk Update-Based Routing Protocol (AURP) allows AppleTalk
networks to communicate across an IP network. Your local AppleTalk
networks (connected to the Netopia Router) can exchange data with
remote AppleTalk networks that are also connected to an
AURP-capable router.
AppleTalk Setup
When two networks using AppleTalk communicate with each other
through a network based on the Internet Protocol, they are said to
be tunneling through the IP network. The Netopia Router uses AURP
to allow your AppleTalk network to tunnel to designated AppleTalk
partner networks, as well as to accept connections from remote
AppleTalk networks tunneling to your AppleTalk LAN.
Routers and seeding
To configure AppleTalk networks, you must understand the concept
of seeding. Seeding is the process by which routers (or more
specifically, router ports) agree on what routing information is valid.
AppleTalk routers that have been reset, for example, must decide
what zones and network numbers are valid before they begin
routing. In this case, a router may use the information it has stored,
or use information it receives from another router, depending on
how it has been configured.
To help ensure agreement between routers on a network, a seed
router is configured with the correct information, and other routers
obtain their information from that router when they are turned on or
Routers commonly use one of three types of seeding procedures:
hard seeding, soft seeding, and non-seeding.
Hard seeding: When a router that uses hard seeding is turned on or
reset, it requests network number and zone name information from
any existing routers on the networks it will serve. If no other routers
reply, the router uses the network numbers and zone names
specified in its own configuration. If other routers reply, and their
information matches the router’s own configuration information, the
result is the same—the router uses the values in its own
configuration. However, if other routers provide network numbers or
zone names that conflict with those in the router’s configuration, the
router disables any of its own ports for which there are conflicts.
Reference Guide
Soft seeding: When a router that uses soft seeding is turned on or
reset, it requests network number and zone name information from
any existing routers on the networks it will serve. If no other routers
reply, the router uses the network numbers and zone names
specified in its own configuration. If other routers reply, the router
uses the information they provide, regardless of whether or not
there are conflicts between the information received and its
configured information. Once the soft seeding router begins to
route, it can serve as a seed router, providing network number and
zone name information to other routers upon request. The default
state of the Netopia Router’s AppleTalk ports is soft seeding.
Non-seeding: When a router that uses non-seeding is turned on or
reset, it requests network number and zone name information from
any existing routers on the networks it will serve. For any network
where no other routers reply, the non-seeding router will not have
any active ports until the next reset.
You should set the Netopia Router’s seeding action to work best in
your particular network environment. These scenarios may guide
you in deciding how to set the router’s seeding:
If the Netopia Router is the only router on your network, you
must set it to either hard seeding or soft seeding. The default
is soft seeding.
If there is another active router on your network, and you want
that router to configure the Netopia Router’s EtherTalk or
LocalTalk parameters, you can set the Netopia Router to
If there is another active router on your network, you could set
the Netopia Router to be soft seeding if you are unsure that the
second router would always be available to configure the
Netopia Router’s EtherTalk or LocalTalk parameters.
If you want the Netopia Router to configure the EtherTalk or
LocalTalk parameters of other routers on your network, you
must set it to hard seeding. In this case, the other routers must
be soft seeding or non-seeding, and the Netopia Router must
already be active when those other routers are rebooted.
AppleTalk Setup
If you want the Netopia Router and all other routers on your
network to use only their own configurations, set the Netopia
Router and all other routers to hard seeding. In this case, any
any other router. This last scenario could be useful for detecting
and locating routing errors on your network.
For information on how to configure AppleTalk setup for Small Office
models, see below. For information on how to configure AppleTalk
setup for Corporate models, see “AppleTalk Setup for Corporate
models” on page 6-9.
AppleTalk Setup for Small Office models
AppleTalk setup for Small Office Netopia Routers consists of
configuring the options in the AppleTalk Setup screen.
To go to the AppleTalk Setup screen, select AppleTalk Setup in the
Network Protocols Setup screen and press Return.
AppleTalk Setup
AppleTalk Routing:
AppleTalk Zone Name:
EtherTalk Net Number (0..65279):
LocalTalk Net Number (0..65279):
AURP Partner Address or Name:
Initiate Connection:
Accept AURP Connections from...
Tickle Interval (HH:MM:SS):
Configure basic AppleTalk services here.
Reference Guide
1. Select AppleTalk Routing and toggle to On.
2. Select AppleTalk Zone Name and enter a name of your choice
(this will apply to both the EtherTalk and LocalTalk networks) to
distinguish your network from the other facilities. The two
different networks will appear in the same zone.
3. Observe EtherTalk Net Number. This value is the EtherTalk
network number. You may type in a new network number, or
leave the value as it originally appears.
4. Observe LocalTalk Net Number. This value is the LocalTalk
network number. You may type in a new net number, or leave
the value as it originally appears.
5. Select AURP Partner Address or Name and enter the AURP
partner’s IP address or domain name. If you do not know the
remote network’s IP address, enter its domain name. Domain
names are the Internet addresses favored by people (for
example:,, etc.). Domain names are
matched to the IP addresses actually used by the router (for
6. Once you enter the IP address or domain name of the remote
AppleTalk network that you would like to connect to, an
additional field appears. To initiate a connection with an AURP
partner, select Initiate Connection and toggle it to Yes.
Note: Small Office users can only create one AURP partner.
7. Select Accept AURP Connections and press Return. You have
two choices for accepting AURP connections. A pop-up menu
appears with the options Configured Partners Only or Anyone.
Choosing Configured Partners Only will tell the Router to only
accept a connection from the pre-defined partner. Choosing
Anyone will allow any AURP machine to connect.
8. Select Tickle Interval (HH:MM:SS) and set the timer to
indicate how often a tickle or ‘are you still there’ packet will be
sent to the remote AppleTalk network.
This parameter can be set between 0 and 100 hours. If this
value is set to 0, the Netopia Router will never send out a tickle
AppleTalk Setup
You have finished configuring AppleTalk Setup for the Small Office
AppleTalk Setup for Corporate models
AppleTalk setup for Corporate Netopia Routers consists of
configuring EtherTalk, LocalTalk, and AURP.
EtherTalk Setup
To go to the EtherTalk Setup options screen, select Network
Protocols Setup and then select AppleTalk Setup in the Advanced
Configuration screen. Select EtherTalk Phase II Setup and press
EtherTalk Phase II Setup
EtherTalk Phase II Enabled:
Show Zones...
+---------ET II Zone List----------+
| Unnamed
Enter New Zone Name:
Delete Zone Name...
Set Default Zone...
Net Low:
Net Hi:
Up/Down Arrow Keys to select, ESC to dismiss.
If you are using EtherTalk Phase II on the Ethernet network
connected to Netopia Router, select EtherTalk Phase ll Enabled
and toggle it to On.
Reference Guide
To view the zones available to EtherTalk Phase ll, select Show
Zones and press Return. You can dismiss the list of zones by
pressing the Return or Escape key.
Select Enter New Zone Name to enter a new zone name.
Note: Your EtherTalk network number and zone name must
match the values in use on the EtherTalk network.
If another router is already present on the EtherTalk network
that you will be connecting to the Netopia Router, use the zone
name and network number used by that router for that
EtherTalk network. Otherwise, your EtherTalk network may
experience routing conflicts.
As an alternative, you can set EtherTalk seeding to soft seeding
and let the Netopia Router receive the zone name and network
number from the other router.
To remove zones from the list, select Delete Zone Name and
press Return to see the zones list. Use the Up and Down Arrow
keys to select the zone to delete. Press the Return key to
delete it and exit the list. Press the Escape key to exit the list
without deleting any zones.
Select Set Default Zone to choose a different default zone.
This is the zone where Netopia’s EtherTalk Phase II port is
visible to other AppleTalk nodes. The default zone is also where
new AppleTalk nodes will appear. If you do not set a default
zone, the first zone you create will be the default zone.
network number range. Select Net High and enter the upper
limit of the range.
Select the Seeding pop-up menu and choose the seeding
method for Netopia to use (see “Routers and seeding” on
page 6-5).
You have finished configuring EtherTalk Phase II.
AppleTalk Setup
LocalTalk Setup
The Netopia Router can function as a LocalTalk-to-EtherTalk router.
This means that a LocalTalk network can be connected to the
Netopia Router’s PhoneNET port.
Select LocalTalk Setup in the AppleTalk Setup screen and press
Return to the LocalTalk Routing Setup screen.
LocalTalk Routing Setup
LocalTalk Enabled:
LocalTalk Zone Name:
LocalTalk Net Number:
Use this screen to set up the LocalTalk Port Routing attributes.
If you are using LocalTalk with the Netopia Router, select
LocalTalk Enabled and make sure LocalTalk is set to On, which
is the default.
Select LocalTalk Zone Name and enter a new or existing zone
Note: Your LocalTalk network may already have a zone and
network number in place. For Netopia’s LocalTalk port to be
part of your LocalTalk network, it must have a network number
and zone name that matches the values in use on the LocalTalk
If another router is already present on the LocalTalk network
that you will be connecting to the Netopia Router, use the zone
name and network number used by that router for that
LocalTalk network. Otherwise, your LocalTalk network may
experience routing conflicts.
Reference Guide
As an alternative, you can set LocalTalk seeding to soft seeding
and let the Netopia Router receive the zone name and network
Select LocalTalk Network Number and enter the desired
network number.
Select Seeding. From the pop-up menu, choose the type of
seeding for the Netopia Router’s LocalTalk port to use (see
“Routers and seeding” on page 6-5).
You have finished configuring LocalTalk Setup.
AURP setup
To set up AURP, select AppleTalk Setup from the Network Protocols
screen. Select AURP Setup and press Return.
AURP Setup
AURP Enable:
Display/Change Partner...
Add Partner...
Delete Partner...
Enter Free Trade Zone Name:
Accept Connections From...
Restrict Guests to Free Trade Zone:
Advanced Options...
AURP Allows you to connect remote AppleTalk Networks across IP.
AppleTalk Setup
To activate AURP and enable connections to and from AURP
partners, select AURP Enable and toggle it to On.
Viewing AURP partners
To see a table of existing AURP partners, select Display/ Show
Partners and press Return.
Note: The Netopia Router can define a total of 32 AURP
Adding an AURP partner
To add a new AURP partner, select Add Partner and press
Return to go to the Add AURP Partner screen.
Add AURP Partner
Partner IP Address or Domain Name:
Initiate Connection:
Restrict to Free Trade Zone:
Enter Information about new Partner.
Select Partner IP Address or Domain Name and enter the new
AURP partner’s IP address. If you do not know the remote
network’s IP address, enter its domain name. Domain names
are the Internet addresses favored by people (for example, Domain names are matched to the IP
addresses actually used by IP routers (for example,
Reference Guide
To initiate a connection with an AURP partner, select Initiate
Connection and toggle it to Yes. This will open a connection to
the remote AppleTalk network.
To restrict the new AURP partner’s access to your intranet,
select Restrict to Free Trade Zone and toggle it to Yes. See
“Restricting intranet access,” below.
To add the new AURP partner, select ADD PARTNER NOW. To
discard the new AURP partner, select CANCEL.
Modifying an AURP partner
To modify an AURP partner, select Display/ Change Partner in
the AURP Setup screen and press Return to display a table of
existing partners.
Use the Up and Down Arrow keys to select a partner, then
press Return to go to the Change AURP Partner screen.
Deleting an AURP partner
To delete an AURP partner, select Delete Partner in the AURP
Setup screen and press Return to display a table of existing
Use the Up and Down Arrow keys to select an AURP partner,
then press Return to delete it. Press the Escape key to exit
without deleting a partner.
Restricting intranet access
To restrict access to your Intranet by your AURP partners,
establish a free trade zone. By creating this zone for AURP
partners to access, you can confine all AURP traffic to and from
the AppleTalk nodes residing within the free trade zone.
Select Enter Free Trade Zone Name and enter the name of a
zone to handle all AURP traffic. This zone may be one that does
not yet exist.
To restrict AURP access to and from the free trade zone, select
Restrict Guests to Free Trade Zone and toggle it to Yes.
AppleTalk Setup
Receiving AURP connections
To control the acceptance of incoming AURP tunnels, select
Accept Connections From and choose Anyone or Configured
Partners Only from the pop-up menu. If you choose Anyone, all
incoming AURP connections will be accepted.
The more secure option is Configured Partners Only, which
only accepts connections from recognized AURP partners (the
ones you have set up).
Configuring AURP Options
In the AURP Setup screen, select Advanced Options and go to the
AURP Options screen. Using AURP can cause a problem when two
networks, one local and one remote, have the same network
number. This may cause network routing ambiguities than can result
in routing errors.
AURP Options
Tickle Interval (HH:MM:SS):
Update Interval (HH:MM:SS):
Enable Network Number Remapping:
Remap into Range
Cluster Remote Networks:
Enable Hop-Count Reduction:
Select Tickle Interval (HH:MM:SS) and set the timer to
indicate how often a tickle or ‘are you still there’ packet will be
sent to the remote AppleTalk Network.
Reference Guide
The AURP tickle timer is a parameter that you can set anywhere
between 0 and 100 hours. This parameter tells the AURP
partners when to send out an AURP tickle packet. If this value
is set to 0, the Netopia Router will never send out a tickle
Select Update Interval (HH:MM:SS) and set the timer to
indicate how often a Routing Information Update (RI-Upd)
packet will be sent to the remote router.
The update timer is a parameter that you can set between 10
and 327270 seconds in 10-second increments. Values less
than 10 will be rounded to 10. Values greater than 327270 will
be rounded to 327270. Values in between 10 and 327270 will
be rounded to the nearest multiple of 10.
To enable network number remapping, select Enable Network
Number Remapping and toggle it to Yes.
You should enable network number remapping if you plan on
using AURP. With remapping, Netopia will substitute network
numbers not used by your network for the numbers of other
remote networks. These safe numbers will only be used by
local routers on your network; remote routers will not be aware
of the remapping.
When network number remapping is enabled, you must choose
a safe range of network numbers as a destination for the
remapping. A safe range of network numbers does not intersect
your local AppleTalk network’s range of network numbers.
To choose a destination range for the remapping, select From
under Remap into Range and enter a starting value. Then
select To and enter an ending value. Make sure the range you
choose is large enough to accommodate all expected incoming
AURP network numbers.
To improve the efficiency of remapping network numbers into a
safe range, select Cluster Remote Networks and toggle it to
Yes. This setting takes any number of remote networks being
remapped and causes them to be remapped into a continuous
AppleTalk Setup
To override the AppleTalk maximum limit of 15 hops, select
Enable Hop-Count Reduction and toggle it to Yes. Hosts on a
local AppleTalk network will then “see” AppleTalk destinations
across the IP tunnel as being only one hop away.
AppleTalk allows a packet up to 15 hops (going through 15
AppleTalk routers) to reach its destination. Packets that must
reach destinations more than 15 hops away will not succeed,
and tunneling from one large AppleTalk network to another
could exceed that limit. In that case, hop count reduction would
make that kind of packet transmission possible.
You have finished configuring AURP Setup.
Chapter 7
protect its configuration screens and your local network from
strongly recommended that you use them.
This chapter is divided into five main sections:
blocking potential security holes.
Router’s configuration screens.
“Telnet access” on page 7-5, shows you how to control access
“About filters and filter sets,” beginning on page 7-6, and
“Working with IP filters and filter sets,” beginning on page 7-16,
have information on what filters are, how they work, how to
customize them, and how to use them in sets. For information
on IPX filters and filter sets, see “IPX filters,” beginning on
page 5-8.
Reference Guide
Suggested security measures
In addition to setting up user accounts, Telnet access, and filters
(all of which are covered later in this chapter), there are other
actions you can take to make the Netopia Router and your network
more secure:
If you will be using a PC Card modem for dial-up access through
a telephone line, keep the phone number secure and be sure to
set passwords to protect the configuration screens.
Change the SNMP community strings (or passwords). The
default community strings are universal and could easily be
known to a potential intruder.
Set the answer profile so it must match incoming calls to a
connection profile, if you are using a switched line and CallerID.
Where possible, insist on using PAP, CHAP, or secure
authentication token card to authenticate connections to and
from connection profiles.
When using AURP, accept connections only from configured
Configure the Netopia Router through the serial or PC card
console port to ensure that your communications cannot be
User accounts
When you first set up and configure the Netopia Router, no
passwords are required to access the configuration screens.
Anyone could tamper with the router’s configuration by simply
connecting it to a console.
However, by adding user accounts, you can protect the most
sensitive screens from unauthorized access. User accounts are
composed of name/ password combinations that can be given to
authorized users.
You are strongly encouraged to add protection to the configuration
screens. Unprotected screens could allow an unauthorized user to
compromise the operation of your entire network.
The following screens can be protected with a name/ password
Main Menu
Easy Setup
Advanced Configuration
Security Options (password only)
Statistics, Utilities, Tests
Once user accounts are created, users who attempt to access
protected screens will be challenged. Users who enter an incorrect
name or password are returned to the Main Menu or to a screen
requesting a name/ password combination to access the Main
To set up user accounts, select Security in the Main Menu and go
to the Security Options screen.
Security Options
Show Users...
Add User...
Delete User...
Password for This Screen (11 chars max):
Require Name and Password to Log On:
Deny Telnet Access to SNMP Screens:
Block Telnet Console Access:
Web Server Disabled (config):
Set up configuration access options here.
Reference Guide
Protecting the Security Options screen
The first screen you should protect is the Security Options screen,
because it controls access to the configuration screens. Access to
the Security Options screen can be protected with a password.
Select Password To Visit This Screen in the Security Options
screen and enter a password. Make sure this password is secure
and is different from any of the user account passwords.
Protecting the configuration screens
You can protect the configuration screens with user accounts. You
can administer the accounts from the Security Options screen.
A single user account allows access to the Easy Setup, Advanced
Configuration, and Statistics, Utilities, Tests screens. You can
create up to four accounts.
To display a view-only list of user accounts, select Show Users in
the Security Options screen.
To add a new user account, select Add User in the Security Options
screen and press Return to go to the Add Name With Write Access
Add Name With Write Access
Enter Name:
Enter Password (11 characters max):
Follow these steps to configure the new account:
1. Select Enter Name and enter a descriptive name (for example,
the user’s first name).
2. Select Enter Password and enter a password.
3. To accept the new name/ password combination, select ADD
NAME/ PASSWORD NOW. To exit the Add Name With Write
Access screen without saving the new account, select CANCEL.
Note: The Web server uses only the first configured
Name/ Password pair for configuration access.
To delete a user account, select Delete User to display a list of
accounts. Select an account from the list and press Return to
delete it. To exit the list without deleting the selected account, press
the Escape key.
Protecting the Main Menu
The name/ password combinations you created to protect the
individual configuration screens can be extended to the Main Menu.
Select Require Name and Password to Log On in the Security
Options screen and toggle it to Yes.
Telnet access
Telnet is a TCP/ IP service that allows remote terminals to access
hosts on an IP network. The Netopia Router supports Telnet access
to its configuration screens.
You should consider restricting Telnet access to the Netopia Router
if you suspect there is a chance of tampering.
To restrict Telnet access, select Security in the Main Menu and go
to the Security Options screen. There are two levels of Telnet
restriction available:
To restrict Telnet access to the SNMP screens, select Deny Telnet
Access to SNMP Screens and toggle it to Yes. (See “SNMP traps”
on page 9-20.)
To restrict Telnet access to all of the configuration screens, select
Block Telnet Console Access and toggle it to Yes.
Reference Guide
About filters and filter sets
Security should be a high priority for anyone administering a network
connected to the Internet. Using packet filters to control network
communications can greatly improve your network’s security.
The Netopia Router’s packet filters are designed to provide security
for the Internet connections made to and from your network. You
can customize the router’s filter sets for a variety of packet filtering
applications. Typically, you use filters to selectively admit or refuse
TCP/ IP connections from certain remote networks and specific
hosts. You will also use filters to screen particular types of
connections. This is commonly called firewalling your network.
Before creating filter sets, you should read the next few sections to
learn more about how these powerful security tools work.
What’s a filter and what’s a filter set?
A filter is a rule that lets you specify what sort of data can flow in
and out of your network. A particular filter can either be an input
filter—one that is used on data (packets) coming in to your network
from the Internet—or an output filter—one that is used on data
(packets) going out from your network to the Internet.
A filter set is a group of filters that work together to check incoming
or outgoing data. A filter set can consist of a combination of input
and output filters.
How filter sets work
A filter set acts like a team of customs inspectors. Each filter is an
inspector through which incoming and outgoing packages must
pass. The inspectors work as a team, but each inspects every
package individually.
Each inspector has a specific task. One inspector’s task may be to
examine the destination address of all outgoing packages. That
inspector looks for a certain destination—which could be as specific
as a street address or as broad as an entire country—and checks
each package’s destination address to see if it matches that
A filter inspects data packets like a customs inspector scrutinizing packages.
Filter priority
Continuing the customs inspectors analogy, imagine the inspectors
lined up to examine a package. If the package matches the first
inspector’s criteria, the package is either rejected or passed on to
its destination, depending on the first inspector’s particular orders.
In this case, the package is never seen by the remaining inspectors.
If the package does not match the first inspector’s criteria, it goes
to the second inspector, and so on. You can see that the order of
the inspectors in the line is very important.
Reference Guide
For example, let’s say the first inspector’s orders are to send along
all packages that come from Rome, and the second inspector’s
orders are to reject all packages that come from France. If a
package arrives from Rome, the first inspector sends it along
without allowing the second inspector to see it. A package from
Paris is ignored by the first inspector, rejected by the second
inspector, and never seen by the others. A package from London is
ignored by the first two inspectors, and so it’s seen by the third
to next
In the same way, filter sets apply their filters in a particular order.
The first filter applied can pass or discard a packet before that
packet ever reaches any of the other filters. If the first filter can
neither pass nor discard the packet (because it cannot match any
criteria), the second filter has a chance to pass or reject it, and so
on. Because of this hierarchical structure, each filter is said to have
a priority. The first filter has the highest priority, and the last filter
has the lowest priority.
pass or
You use filter sets by linking them to particular connection profiles
and the answer profile. When you create a connection profile or edit
to network
To learn how to link a filter set to a connection profile, see “Adding a
Connection Profile” on page 2-16 or “Changing a Connection
Profile” on page 2-15.
To learn how to link a filter set to the answer profile, see “How the
default profile works for a permanent circuit” on page 2-45, or “How
the default profile works for a permanent circuit” on page 2-45.
How individual filters work
As described above, a filter applies criteria to an IP packet and then
takes one of three actions:
A filter’s actions
Passes the packet to the local or remote network
Blocks (discards) the packet
Ignores the packet
A filter passes or blocks a packet only if it finds a match after
applying its criteria. When no match occurs, the filter ignores the
The criteria are based on information contained in the packets. A
filter is simply a rule that prescribes certain actions based on
certain conditions. For example, the following rule qualifies as a
A filtering rule
Block all Telnet attempts that originate from the remote host
This rule applies to Telnet packets that come from a host with the IP
address If a match occurs, the packet is blocked.
Here is what this rule looks like when implemented as a filter on the
Netopia Router:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd
Yes No
To understand this particular filter, look at the parts of a filter.
Reference Guide
Parts of a filter
A filter consists of criteria based on packet attributes. A typical filter
can match a packet on any one of the following attributes:
The source IP address (where the packet was sent from)
The destination IP address (where the packet is going)
The type of higher-layer Internet protocol the packet is carrying,
such as TCP or UDP
Port numbers
A filter can also match a packet’s port number attributes, but only if
the filter’s protocol type is set to TCP or UDP, since only those
protocols use port numbers. The filter can be configured to match
the following:
The source port number (the port on the sending host that
originated the packet)
The destination port number (the port on the receiving host
that the packet is destined for)
By matching on a port number, a filter can be applied to selected
TCP or UDP services, such as Telnet, FTP, and World Wide Web. The
tables below show a few common services and their associated
port numbers..
Internet service
TCP port
Internet service
TCP port
20/ 21
World Wide Web
SMTP (mail)
Internet service
Who Is
UDP port
Internet service
UDP port
AppleTalk Routing
Maintenance (at-rtmp)
World Wide Web
AppleTalk Name Binding
AURP (AppleTalk)
Port number comparisons
A filter can also use a comparison option to evaluate a packet’s
source or destination port number. The comparison options are:
No Compare: No comparison of the port number specified in the
filter with the packet’s port number.
Not Equal To: For the filter to match, the packet’s port number
cannot equal the port number specified in the filter.
Less Than: For the filter to match, the packet’s port number must
be less than the port number specified in the filter.
Less Than or Equal: For the filter to match, the packet’s port
number must be less than or equal to the port number specified in
the filter.
Equal: For the filter to match, the packet’s port number must equal
the port number specified in the filter.
Greater Than: For the filter to match, the packet’s port number
must be greater than the port number specified in the filter.
Greater Than or Equal: For the filter to match, the packet’s port
number must be greater than or equal to the port number specified
in the filter.
Reference Guide
Other filter attributes
There are three other attributes to each filter:
The filter’s order (i.e., priority) in the filter set
Whether the filter is currently active
Whether the filter is set to pass (forward) packets or to block
(discard) packets
Putting the parts together
When you display a filter set, its filters are displayed as rows in a
+-#---Source IP Addr---Dest IP Addr----Proto-Src.Port-D.Port--On?-Fwd-+
| 1
Yes No |
The table’s columns correspond to each filter’s attributes:
#: The filter’s priority in the set. Filter number 1, with the highest
priority, is first in the table.
Source IP Addr: The packet source IP address to match.
Dest IP Addr: The packet destination IP address to match.
Proto: The protocol to match. This can be entered as a number (see
the table below) or as TCP or UDP if using those protocols.
Number to use
Full name
N/ A
Ignores protocol type
Internet Control Message Protocol
Transmission Control Protocol
User Datagram Protocol
Src. Port: The source port to match. This is the port on the sending
host that originated the packet.
D. Port: The destination port to match. This is the port on the
receiving host for which the packet is intended.
On?: Displays Yes when the filter is in effect or No when it is not.
Fwd: Shows whether the filter forwards (Yes) a packet or discards
(No) it when there’s a match.
Filtering example #1
Returning to our filtering rule example from above (see page 7-9),
look at how a rule is translated into a filter. Start with the rule, then
fill in the filter’s attributes:
1. The rule you want to implement as a filter is:
Block all Telnet attempts that originate from the remote host
2. The host is the source of the Telnet packets
you want to block, while the destination address is any IP
address. How these IP addresses are masked determines what
the final match will be, although the mask is not displayed in
the table that displays the filter sets (you set it when you create
the filter). In fact, since the mask for the destination IP address
is, the address for Dest IP Addr could have been
anything. The mask for Source IP Addr must be since an exact match is desired.
Source IP Addr =
Dest IP Addr =
Destination IP address mask =
Note: To learn about IP addresses and masks, see Appendix B,
“Understanding IP Addressing.”
Reference Guide
3. Using the tables on page 7-10, find the destination port and
protocol numbers (the local Telnet port):
Proto = TCP (or 6)
D. Port = 23
4. The filter should be enabled and instructed to block the Telnet
packets containing the source address shown in step 2:
On? = Yes
Fwd = No
This four-step process is how we produced the following filter from
the original rule:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd
Yes No
Filtering example #2
Suppose a filter is configured to block all incoming IP packets with
the source IP address of, regardless of the type of
connection or its destination. The filter would look like this:
+-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd
Yes No
This filter blocks any packets coming from a remote network with
the IP network address The 0 at the end of the
address signifies any host on the class C IP network
If, for example, the filter is applied to a packet with the source IP
address, it will block it.
In this case, the mask, which does not appear in the table, must be
set to This way, all packets with a source address
of 200.233.14.x will be matched correctly, no matter what the final
address byte is.
Note: The protocol attribute for this filter is 0 by default. This tells
the filter to ignore the IP protocol or type of IP packet.
Design guidelines
Careful thought should go into designing a new filter set. You should
consider the following guidelines:
Be sure the filter set’s overall purpose is clear from the
beginning. A vague purpose can lead to a faulty set, and that
can actually make your network less secure.
Be sure each individual filter’s purpose is clear.
Determine how filter priority will affect the set’s actions. Test
the set (on paper) by determining how the filters would respond
to a number of different hypothetical packets.
Consider the combined effect of the filters. If every filter in a
set fails to match on a particular packet, the packet is:
passed if all the filters are configured to discard (not for-
discarded if all the filters are configured to pass (forward).
discarded if the set contains a combination of pass and
discard filters.
Disadvantages of filters
Although using filter sets can greatly enhance network security,
there are disadvantages:
Filters are complex. Combining them in filter sets introduces
subtle interactions, increasing the likelihood of implementation
Enabling a large number of filters can have a negative impact
on performance. Processing of packets will take longer if they
have to go through many checkpoints.
Reference Guide
Too much reliance on packet filters can cause too little reliance
on other security methods. Filter sets are not a substitute for
password protection, effective safeguarding of passwords,
caller ID, the “must match” option in the answer profile, PAP or
CHAP in connection profiles, callback, and general awareness
of how your network may be vulnerable.
An approach to using filters
The ultimate goal of network security is to prevent unauthorized
access to the network without compromising authorized access.
Using filter sets is part of reaching that goal.
Each filter set you design will be based on one of the following
That which is not expressly prohibited is permitted.
That which is not expressly permitted is prohibited.
It is strongly recommended that you take the latter, and safer,
Working with IP filters and filter sets
This section covers IP filters and filter sets. For working with IPX
filters and filter sets, see “IPX filters,” beginning on page 5-8.
To work with filters and filter sets, begin by accessing the filter set
Note: Make sure you understand how filters work before attempting
to use them. Read the section “About filters and filter sets,”
beginning on page 7-6.
IP Filter Sets
Display/Change IP Filter Set...
Add IP Filter Set...
Delete IP Filter Set...
Return/Enter to configure and add a new Filter Set.
Set Up IP Filter Sets (Firewalls) from this and the following Menus.
The basic procedure for creating and maintaining filter sets is as
1. Add a new filter set.
2. Create the filters for the new filter set.
3. View, change, or delete individual filters and filter sets.
The sections below explain how to execute these steps.
Adding a filter set
You can create up to eight different custom filter sets. Each filter set
can contain up to 16 output filters and up to 16 input filters.
To add a new filter set, select Add IP Filter Set in the IP Filter Sets
screen and press Return to go to the Add Filter Set screen.
Note: There are two groups of items in the Add Filter Set screen,
one for input filters and one for output filters. The two groups work
in essentially the same way, as you’ll see below.
Reference Guide
Add IP Filter Set
Filter Set Name:
Filter Set 2
Display/Change Input Filter...
Add Input Filter...
Delete Input Filter...
Display/Change Output Filter...
Add Output Filter...
Delete Output Filter...
Configure the Filter Set name and its associated Filters.
Naming a new filter set
All new filter sets have a default name. The first filter set you add will
enter a new name for the filter set.
To save the filter set, select ADD FILTER SET. The saved filter set is
empty (contains no filters), but you can return to it later to add filters
(see “Modifying filter sets” on page 7-24). Or you can add filters to
your new set before saving it (see “Adding filters to a filter set” on
page 7-20).
Select CANCEL to leave the Add Filter Set screen without saving the
new filter set and return to the Filter Sets screen.
Input and output filters—source and destination
There are two kinds of filters you can add to a filter set: input and
output. Input filters check packets received from the Internet,
destined for your network. Output filters check packets transmitted
from your network to the Internet.
input filter
output filter
The Netopia Router
Packets in the Netopia Router pass through an input filter if they originate in the
WAN and through an output filter if they’re being sent out to the WAN.
The process for adding input and output filters is exactly the same.
The main difference between the two involves their reference to
source and destination. From the perspective of an input filter, your
local network is the destination of the packets it checks, and the
remote network is their source. From the perspective of an output
filter, your local network is the source of the packets, and the remote
network is their destination.
Type of filter
“source” means
“destination” means
Input filter
the remote network
the local network
the local network
Output filter
the remote network
Reference Guide
Adding filters to a filter set
In this section you’ll learn how to add an input filter to a filter set.
Adding an output filter works exactly the same way, providing you keep
the different source and destination perspectives in mind.
To add an input filter, select Add Input Filter in the Add IP Filter Set
screen and go to the Add Filter screen. (Select Add Output Filter to
add an output filter.)
Add Filter
Source IP Address:
Source IP Address Mask:
Dest. IP Address:
Dest. IP Address Mask:
Protocol Type:
Source Port Compare...
Source Port ID:
No Compare
Dest. Port Compare...
Dest. Port ID:
No Compare
Enter the IP specific information for this filter.
1. To make the filter active in the filter set, select Enabled and
toggle it to Yes. If Enabled is toggled to No, the filter can still exist
in the filter set, but it will have no effect.
2. If you want the filter to forward packets that match its criteria to
the destination IP address, select Forward and toggle it to Yes. If
Forward is toggled to No, packets matching the filter’s criteria will
be discarded.
3. Select Source IP Address and enter the source IP address this
filter will match on. You can enter a subnet or a host address.
4. Select Source IP Address Mask and enter a mask for the source
IP address. This allows you to further modify the way the filter will
match on the source address. Enter to force the filter to
match on all source IP addresses, or enter to
match the source IP address exclusively.
5. Select Dest. IP Address and enter the destination IP address this
filter will match on. You can enter a subnet or a host address.
destination IP address. This allows you to further modify the way
the filter will match on the destination address. Enter to
force the filter to match on all destination IP addresses.
7. Select Protocol Type and enter ICMP, TCP, UDP, Any, or the
number of another IP transport protocol (see the table on
page 7-12).
comparison that you configure in steps 8 and 9 will appear. These
settings only take effect if the Protocol Type is TCP or UDP.
8. Select Source Port Compare and choose a comparison method
Source Port ID and enter the actual source port number to match
on (see the table on page 7-10).
9. Select Dest. Port Compare and choose a comparison method for
the filter to use on a packet’s destination port number. Then
select Dest. Port ID and enter the actual destination port number
to match on (see the table on page 7-10).
10. When you are finished configuring the filter, select ADD THIS
FILTER NOW to save the filter in the filter set. Select CANCEL to
discard the filter.
TCP filter. You can increase security on connections using TCP by
filtering by protocol type and matching established TCP connections
only. With this filter attached to an active connection profile, no TCP
connections can be established from outside the firewall, increasing
network security.
Reference Guide
You can add a TCP filter to a filter set with the following steps:
1. In the Add Filter screen, toggle the Enabled field to Yes.
2. Select Forward and toggle it to Yes.
3. Select the Protocol Type field and type in TCP. Then press
4. In the last field that appears, Established TCP Conns. Only, tog-
gle the entry to Yes and press Return. This new field configures
the filter to match TCP packets for established TCP connections
5. Select ADD THIS FILTER NOW and press Return.
With this filter in effect, users from outside the firewall cannot initiate
TCP connections to devices on your network, including your FTP
server, Web server, and Telnet. To provide limited access to your
network, set up a filter to forward traffic to a specific port, such as the
FTP server port, Web server port, or Telnet port, and to a specific IP
address and mask, in addition to restricting all outside TCP
Viewing filters
To display a view-only table of input (output) filters, select
Display/ Change Input Filters (Display/ Change Output Filters) in the
Add IP Filter Set screen.
Modifying filters
Change Output Filter) in the Add IP Filter Set screen to display a table
of filters.
Select a filter from the table and press Return to go to the Change
Filter screen. The parameters in this screen are the same as the ones
in the Add Filter screen (see “Adding filters to a filter set” on
page 7-20).
Change Filter
Source IP Address:
Source IP Address Mask:
Dest. IP Address:
Dest. IP Address Mask:
Protocol Type:
Source Port Compare...
Source Port ID:
No Compare
Dest. Port Compare...
Dest. Port ID:
No Compare
Enter the IP specific information for this filter.
Deleting filters
To delete a filter, select Delete Input Filter (Delete Output Filter) in
the Add Filter Set screen to display a table of filters.
Select the filter from the table and press Return to delete it. Press the
Escape key to exit the table without deleting the filter.
Viewing filter sets
To display a view-only list of filter sets, select Display/ Change Filter
Sets in the IP Filter Sets screen.
Reference Guide
Modifying filter sets
To modify a filter set, select Display/ Change Filter Set in the Filter
Sets screen to display a list of filter sets.
Select a filter set from the list and press Return to go to the Change IP
Filter Set screen. The items in this screen are the same as the ones
in the Add Filter screen (see “Adding filters to a filter set” on
page 7-20).
Change IP Filter Set
Filter Set Name:
Basic Firewall
Display/Change Input Filter...
Add Input Filter...
Delete Input Filter...
Display/Change Output Filter...
Add Output Filter...
Delete Output Filter...
Deleting a filter set
Note: If you delete a filter set, all of the filters it contains are deleted
as well. To reuse any of these filters in another set, you’ll have to note
their configuration before deleting the current filter set and then
recreate them.
To delete a filter set, select Delete Filter Set in the IP Filter Sets
screen to display a list of filter sets.
Select a filter set from the list and press Return to delete it. Press the
Escape key to exit the list without deleting the filter set.
This section contains the settings for a filter set, called Basic Firewall,
which is part of the Netopia Router’s factory configuration. You can
add Basic Firewall to your connection profiles or the answer profile
(see “Connection profiles for ISDN and Leased lines” on page 2-13
and “Default profile” on page 2-39).
Basic Firewall blocks undesirable traffic originating from the WAN (in
most cases, the Internet), but passes all traffic originating from the
LAN. It follows the conservative “that which is not expressly permitted
is prohibited” approach: unless an incoming packet expressly
matches one of the constituent input filters, it will not be forwarded to
the LAN.
The five input filters and one output filter that make up Basic Firewall
are shown in the table below.
Reference Guide
Input filter Input filter Input filter Input filter Input filter
filter 1
Source IP
Source IP
address mask
Dest. IP
Dest. IP
address mask
N/ A
Protocol type
Source port
N/ A
N/ A
N/ A
N/ A
Source port ID
N/ A
Dest. port
N/ A
Dest. port ID
N/ A
Basic Firewall’s filters play the following roles.
Input filters 1 and 2: These block WAN-originated OpenWindows and
X-Windows sessions. Service origination requests for these protocols
use ports 2000 and 6000, respectively. Since these are greater than
1023, OpenWindows and X-Windows traffic would otherwise be
allowed by input filter 4. Input filters 1 and 2 must precede input filter
4; otherwise they would have no effect as filter 4 would have already
passed OpenWindows and X-Windows traffic.
Input filter 3: This filter explicitly passes all WAN-originated ICMP
traffic to permit devices on the WAN to ping devices on the LAN. Ping
is an Internet service that is useful for diagnostic purposes.
Input filters 4 and 5: These filters pass all TCP and UDP traffic,
respectively, when the destination port is greater than 1023. This type
of traffic generally does not allow a remote host to connect to the LAN
using one of the potentially intrusive Internet services, such as Telnet,
FTP, and WWW.
Output filter 1: This filter passes all outgoing traffic to make sure that
no outgoing connections from the LAN are blocked.
Basic Firewall is suitable for a LAN containing only client hosts that
wish to access servers on the WAN, not for a LAN containing servers
strategy is to explicitly pass WAN-originated TCP and UDP traffic to
ports greater than 1023. Ports lower than 1024 are the service
origination ports for various Internet services such as FTP, Telnet, and
the World Wide Web (WWW).
A more complicated filter set would be required to provide WAN
access to a LAN-based server. See “Possible modifications,” below,
for ways to allow remote hosts to use services provided by servers on
the LAN.
Possible modifications
You can modify the sample filter set Basic Firewall to allow incoming
traffic using the examples below. These modifications are not
intended to be combined. Each modification is to be the only one used
with Basic Firewall.
The results of combining filter set modifications can be difficult to
predict. It is recommended that you take special care if making more
than one modification to the sample filter set.
Reference Guide
Trusted host. To allow unlimited access by a trusted remote host with
the IP address a.b.c.d (corresponding to a numbered IP address such
as, insert the following input filter ahead of the
current input filter 1:
Enabled: Yes
Forward: Yes
Source IP Address: a.b.c.d
Source IP Address Mask:
Dest. IP Address:
Dest. IP Address Mask:
Protocol Type: 0
Trusted subnet. To allow unlimited access by a trusted remote subnet
with subnet address a.b.c.d (corresponding to a numbered IP address
such as and subnet mask e.f.g.h (corresponding to a
numbered IP mask such as, insert the following
input filter ahead of the current input filter 1:
Enabled: Yes
Forward: Yes
Source IP Address: a.b.c.d
Source IP Address Mask: e.f.g.h
Dest. IP Address:
Dest. IP Address Mask:
Protocol Type: 0
FTP sessions. To allow WAN-originated FTP sessions to a LAN-based
FTP server with the IP address a.b.c.d (corresponding to a numbered
IP address such as, insert the following input filter
ahead of the current input filter 1:
Enabled: Yes
Forward: Yes
Source IP Address:
Source IP Address Mask:
Dest. IP Address: a.b.c.d
Dest. IP Address Mask:
Protocol Type: TCP
Source Port Comparison: No Compare
Source Port ID: 0
Dest. Port Comparison: Equal
Dest. Port ID: 21
Note: A similar filter could be used to permit Telnet or WWW access.
Set the Dest. Port ID to 23 for Telnet or 80 for WWW.
Reference Guide
AURP tunnel. To allow an AURP tunnel between a remote AURP router
with the IP address a.b.c.d (corresponding to a numbered IP address
such as and a local AURP router (including the
Netopia Router itself), insert the following input filter ahead of the
current input filter 1:
Enabled: Yes
Forward: Yes
Source IP Address: a.b.c.d
Source IP Address Mask:
Dest. IP Address:
Dest. IP Address Mask:
Protocol Type: UDP
Source Port Comparison: Equal
Source Port ID: 387
Dest. Port Comparison: Equal
Dest. Port ID: 387
Chapter 8
Token Security Authentication
This chapter discusses how to configure and use security
authentication on the Netopia Router.
Note: The security authentication feature only applies to Netopia
Router models connecting over a dial-up ISDN line using the
PPP-PAP-TOKEN or PPP-CACHE-TOKEN authentication protocol.
If you will not be using this feature, you can skip this chapter.
Securing network environments
Unauthorized tampering or theft of information on internal networks
causes serious ramifications, given the reliance on information
systems. Network abuse is a serious problem, complicated by the
difficulty in detecting the source of the abuses. An unauthorized
user can gain access to networks and copy information without
leaving a trace.
Password protection is one solution, but static passwords are often
insecure. They can be compromised, allowing unauthorized users
to disguise themselves as authorized users and enter supposedly
secure systems. However, a company called Security Dynamics™
has patented a security authentication technology to increase
network security.
Reference Guide
SecurID is a two-factor authentication process to protect against
unauthorized access. This dynamic user authentication produces a
randomly-generated security code mechanism that changes every
60 seconds. At login, authorized users enter their password and
the code displayed on their SecurID token card. While a password
may be compromised, the constantly changing access code, which
requires the token card during system use, bars unauthorized users
from entering the network.
Using the SecurID token card
Each SecurID token card is programmed with an algorithm that
ensures every code displayed is valid only for that user at that
particular time. The token card has a display that authorizes the
individual user access to the computer. Through this authentication
system, the user’s identity is verified when the correct password
and current code are entered from the user’s token.
Personal identification number (PIN)
The user’s password is called a personal identification number, or
PIN. The user enters the secret PIN from a console connection,
followed by the current code displayed on the token card. Then the
access control module must authenticate the token’s unique code
in combination with the user’s secret PIN before access is granted.
Key Security Authentication Features of the
Netopia Router
As a remote device, the Netopia Router offers client/ calling side
security authentication. This feature allows the Netopia Router to
call a server router and perform security card authentication. The
router of the called server must have access to a server with ACE
software loaded on it.
Token Security Authentication
To perform security card authentication, each user must have a
security authentication token card and a PIN. In addition, the user’s
identifying information must reside on the remote ACE servers for
authentication negotiation to properly take place.
The Netopia Router supports the following user configurations for
security authentication:
Single user, calling a single destination (single session)
Single user, calling multiple destinations (two simultaneous
and separate sessions)
Multiple users, calling a single destination (single session)
Multiple users, calling multiple destinations (two simultaneous
and separate sessions
Security authentication components
To properly identify and authenticate an authorized user, the
following are required:
A secret personal identification number (PIN) for each user.
A security authentication token card.
A Security Access Control Module (ACM).
Note: The Netopia Router currently only supports Ascend routers
as ACMs.
An external Netopia Router calling into a designated server. For
example, a telecommuter dialing into a remote site from a
Netopia Router interested in accessing personal email or file
sharing services.
Note: The Netopia Router does not include a security
authentication token card.
Reference Guide
Configuring the Netopia Router for security authentication
To configure the Netopia Router to support security authentication,
select an authentication method and set up a designated
connection profile from the Advanced Configuration screen or your
first connection profile from Easy Setup.
1. From the WAN Setup menu, select PPP/ MP Options.
PPP/MP Options
Data Compression...
Send Authentication...
| None
Send User Name:
Send Password:
Receive User Name:
Receive Password:
B-Channel Usage...
BAP/BACP Enabled:
Maximum Packet Size:
For PAP-TOKEN or CACHE-TOKEN -- Password protection is used. Secure
Card needed to authenticate.
2. Select Send Authentication and press Return. From the pop-up
menu, highlight PAP-TOKEN or CACHE-TOKEN. Your network
administrator or the remote network administrator will tell you
which method to select.
Token Security Authentication
If you select PAP-TOKEN, select Send User Name and enter a
name for your Netopia Router. You will not need to enter a
Send Password for PAP-TOKEN. Press Return.
If you select CACHE-TOKEN, select Send User Name and enter
a name for your Netopia Router. Then, select Send Password
and enter a secret name or number. Press Return.
3. Set up a connection profile to use with your authentication
method. See Chapter 2, for information on setting up a
connection profile.
Note: If you are setting up your first connection profile, you can also
enter your authentication information in the Easy Setup Connection
Profile screen.
Initiating a connection call using security authentication
There are two ways to initiate a connection call using security
authentication. You can either establish a dial-on-demand (DOD)
connection or establish a manual connection.
Establishing a dial-on-demand (DOD)
connection call
To establish a connection call using DOD, select Statistics, Utilities,
Tests from the Main Menu and press Return.
Reference Guide
Statistics, Utilities, Tests
General Statistics...
Event Histories...
Routing Tables...
Date and Time...
Establish WAN Connection...
Disconnect WAN Connection...
Upgrade Feature Set...
Restart System...
Revert to Factory Defaults...
Secure Authentication Monitor...
ISDN Switch Loopback Test...
1. Select Secure Authentication Monitor and press Return. The
Secure Authentication Monitor screen appears.
Note: The Secure Authentication Monitor field will remain hidden if
PAP-TOKEN or CACHE-TOKEN is not the selected authentication
method in the connection profile.
2. Wait for the call to initiate.
Token Security Authentication
Secure Authentication Monitor
Current ISDN Connection Status
Profile Name---State---%Use---Remote Address---Est.---More Info---
Status --- Passcode Required
For Connection Profile: Easy Setup Profile
0-Challenge: Enter PASSCODE:
3. From the fields that appear, select Enter PASSCODE and press
Return. Enter your PIN and the code displayed on your security
authentication token card LED screen.
4. Once the call is established, and you enter your passcode as
prompted, PPP negotiation will continue. If the call is specified
for PAP-TOKEN, and the session involves more than one
B-channel, you will be prompted for each B-channel being
brought up.
Note: When using CACHE-TOKEN, your passcode is valid for a time
interval determined by the network administrator. When this time
interval expires, you must provide a new passcode for the call
When using PAP-TOKEN for a 2B-Channel call, your passcode is valid
for one call negotiation. For a second call negotiation, you must
enter the next passcode provided by the security authentication
token card every 60 seconds.
You will be able to access information at the remote site that you
are connecting to once authentication is successfully completed.
Reference Guide
Establishing a manual connection call
To establish a Manual connection call, select the Statistic, Utilities,
Tests from the Main Menu and press Return.
1. Select Establish WAN Connection from the Statistics, Utilities,
Tests screen and press Return. The Establish WAN
Connection screen displays a table of all of the connection
profiles you have defined. Highlight the connection profile you
wish to manually call. Press Return to initiate the call.
Call Status
Profile Name -- Easy Setup Profile
Connection State -- Dialing
Channel B1 State -- Acquiring
Channel B2 State --
0-Challenge: Enter PASSCODE:
Hit ESCAPE/RETURN/ENTER to return to previous menu.
2. From the fields that appear, select Enter PASSCODE and press
Return. Enter your PIN and the code displayed on your security
authentication token card LED screen.
3. Once the call is established, and you enter your passcode as
prompted, PPP negotiation will continue. If the call is specified
for PAP-TOKEN, and the session involves more than one
B-channel, you will be prompted for each B-channel being
brought up.
Token Security Authentication
Note: When using CACHE-TOKEN, your passcode is valid for a time
interval determined by the network administrator. When this time
interval expires, you must provide a new passcode for the call
When using PAP-TOKEN for a 2B-Channel call, your passcode is valid
for one call negotiation. For a second call negotiation, you must
enter the next passcode provided by the security authentication
token card every 60 seconds.
You will be able to access information at the remote site that you
are connecting to once authentication is successfully completed.
If the security authentication process did not negotiate properly,
check for the following:
If your security authentication token card is providing you with a
passcode but is being rejected by the Radius server, your token
card may be out of sync with the Radius server, or the server is
not correctly configured to accept your account information.
If your security authentication token card is not providing you
with a passcode, the card may have expired or either the
Netopia Router or Radius server is misconfigured.
For further information on how to troubleshoot these kinds of
problems, contact the manufacturer of your security authentication
software and hardware, or contact Farallon Technical Support.
Chapter 9
Monitoring Tools
This chapter discusses the Netopia Router’s device and network
monitoring tools. These tools can provide statistical information,
report on current network status, record events, and help in
diagnosing and locating problems.
Status overview
You can get a useful, overall status report from the Netopia Router
in the Quick View screen. To go to the Quick View screen, select
Quick View in the Main Menu.
Quick View
The Quick View screen has three status sections:
General status
Current Status
LED Status
The status sections vary according to the interface of your Netopia
Reference Guide
General Status
All interfaces
Quick View
Ethernet Address - 00-00-c5-ff-60-8d Current Date - 5/30/97 03:49:52PM
Firmware Version - 3.0
WAN Line Rate - 64 Kbps
IP Address -
AppleTalk ET Address - 33051:150
AppleTalk LT Address - 33050:149
IPX Network Address - 00000000
Ethernet Address: The Netopia Router’s hardware address.
Firmware Version: The version of the software that controls the
Netopia Router. This number is useful if you call Farallon technical
support and are asked for the firmware version running on the
WAN Line Rate: The rate of the leased line connection. This field
appears only on permanent leased lines.
Current Date: The current date. This can be set with the Date and
Time utility (see “Setting the system date and time” on page 10-2).
IP Address: The Netopia Router’s IP address, entered in the IP
Setup screen.
IPX Network Address: The Netopia Router’s IPX address, entered in
the IPX Setup screen.
AppleTalk ET Address: The Netopia Router’s AppleTalk address on
its EtherTalk Phase II interface, entered in the EtherTalk Phase II
Setup screen.
AppleTalk LT Address: The Netopia Router’s AppleTalk address on
its LocalTalk interface, entered in the LocalTalk Setup screen.
Monitoring Tools
Current Status
The current status section is a table showing the current status of
ISDN, the WAN, or Frame Relay.
Current ISDN Connection or WAN Status
ISDN only
Current ISDN Connection Status
---Profile Name------State---%Use-Remote Address----Est.-More Info----------
10 IP
Leased line with PPP or
HDLC enabled only
Current WAN Status
---Profile Name------State---%Use-Remote Address----Est.-More Info----------
Profile Name: Lists the name of the connection profile being used,
if any. This field will also indicate if the B-channel is in use for a
POTS call.
State: Lists the channels in use for this connection.
%Use: Indicates the average percent utilization of the maximum
capacity of the channels in use for the connection.
Remote Address: Shows the IP address of the connected remote
network if the connection is using IP. Otherwise, shows the IPX
address of the connected remote network, if using IPX. For ISDN
POTS calls, it shows the called DN if locally originated, otherwise
the calling DN (if available).
Est: Indicates whether the connection was locally or remotely
More Info: Indicates, in order of priority, the NAT address in use for
this connection, the IPX address in use (if IP is also in use), or the
ISDN caller identification (if available).
Reference Guide
Current Frame Relay Status
Leased line with Frame
Relay enabled only
Current Frame Relay Status
----DLCIs In Use----Bytes Rx----Bytes Tx----Frames Rx----Frames Tx----FECNs+BECNs--
DLCIs In Use: Indicates the number of data link connection
identifiers currently in use.
Bytes Rx: Indicates the total number of bytes received on the WAN
Bytes Tx: Indicates the total number of bytes sent on the WAN link.
Frames Rx: Indicates the total number of frames received on the
WAN link.
Frames Tx: Indicates the total number of frames sent on the WAN
FECNs+BECNs: Indicates congestion of frames. The forward explicit
congestion notification (FECN) indicates too much data at too high a
speed is being received. The backward explicit congestion
notification (FECN) indicates too much data at too high a speed is
being sent.
LED Status
This section shows the current real-time status of the Netopia
Router’s LEDs. It is useful for remotely monitoring the router’s
status. The Quick View screen’s arrangement of LEDs corresponds
to the physical arrangement of LEDs on the router.
All interfaces
LED Status
-----ETHERNET------+--CH1-----MGMT----CH2---+-CARD-+-PWR +-------LEDS--------
- -
- - - -
|'-'= Off 'E'= Error
O |'O' = On '*'= Blink
Monitoring Tools
Each LED representation can report one of four states:
–: A dash means the LED is off.
*: An asterisk means the LED is blinking.
O: The letter “O” means the LED is on (solid).
E: The letter “E” means the LED is reporting an error.
• General Statistics
• Event Histories
• Routing Tables
• Call Accounting
Statistics, Utilities, Tests
When you are troubleshooting your Netopia Router, the Statistics
screens provide insight into the recent event activities of the Router.
Go to the Statistics, Utilities, Tests and select one of the options
described in the sections below.
General Statistics
To go to the General Statistics screen, select General Statistics in
the Statistics, Utilities, Tests screen.
General Statistics
IP Pkts
0 | EN Rx Packets
2 | EN Rx Errors
36 | EN Collisions
IPX Pkts
ET II Pkts
LT Packets
36 | LT Bad Packets
Reference Guide
General Statistics displays information about data traffic on the
Netopia Router’s PhoneNet and Ethernet ports. This information is
useful for monitoring and troubleshooting your LAN.
The left side of the screen lists total packets received and total
packets transmitted for the following protocols:
IP (IP packets on the Ethernet)
IPX (IPX packets on the Ethernet)
ET II (AppleTalk packets on Ethernet, using EtherTalk Phase II)
LT (LocalTalk on the PhoneNET)
The right side of the table lists the total number of occurrences of
each of five types of communication statistics:
EN Rx Packets: The number of Ethernet packets received.
EN Rx Errors: The number of bad Ethernet packets received.
EN Collisions: An error occurring when Ethernet packets are
transmitted simultaneously by nodes on the LAN.
ISDN only
FEBE/ NEBE Errors: The number of bad FEBE/ NEBE packet errors.
FEBE (Far End Bit Errors) is a counter of bad packets coming from
the ISDN switch to the Router. NEBE (Near End Bit Errors) is a
counter of bad packets coming from the Router to the ISDN switch.
LT Bad Pkts: An error occurring when unacceptable LocalTalk
packets are received by the Netopia Router.
WAN Connection Statistics
ISDN only
----------------------WAN Connection Statistics-----------------------
Ch.---Bytes Rx----Bytes Tx--Packets Rx--Packets Tx--Remote Network-----
Leased line with PPP or
HDLC enabled only
----------------------WAN Connection Statistics-----------------------
Ch.---Bytes Rx----Bytes Tx--Packets Rx--Packets Tx--Remote Network-----
Leased line with Frame
Relay enabled only
----------------------WAN Connection Statistics-----------------------
---------Bytes Rx-----Bytes Tx-----Frames Rx----Frames Tx----FECNs-------BECNs
The WAN Connection Statistics give the following information about
each channel of the point-to-point interface:
The number of bytes and packets received through the channel
The number of bytes and packets transmitted through the
Not applicable with Frame
Relay enabled
The IP address of the remote network to which the Netopia
Router is connected through the channel
The congestion notifications (FECNs and BECNs) indicating too
much data at too high a speed begin received (FECN) or sent
Frame Relay LMI Statistics
Models with Frame Relay
enabled only
----------------------Frame Relay LMI Statistics-----------------------
LMI Status Pkts Rx
0 | LMI Status Enq's Tx
Interfaces using Frame Relay also include the Frame Relay LMI
Statistics. This section displays how many local management
interface (LMI) packets have been received and how many LMI
enquiries have been sent.
Reference Guide
DLCI Traffic Statistics
Models with Frame Relay
enabled only
DLCI Statistics
DLCI----Remote IP Addr--IPX Net----Frames Rx--Frames Tx---Bytes Rx---Bytes Tx
----------------------------------SCROLL UP-----------------------------------
---------------------------------SCROLL DOWN----------------------------------
Select a DLCI and hit Return/Enter for more information.
Interfaces using Frame Relay also offer the DLCI Traffic Statistics
field. By selecting DLCI Traffic Statistics in the General Statistics
screen and pressing Return, you can view the DLCI Statistics table.
The table provides the following information for each DLCI:
DLCI: Lists the data link connection interfaces.
Remote IP Addr: The IP address of the destination node for that
IPX Net: The IPX address of the node sending that DLCI.
Frames Rx: The number of frames received on that DLCI.
Frames Tx: The number of frames sent with on DLCI.
Bytes Rx: The number of bytes received with on DLCI.
Bytes Tx: The number of bytes sent with on DLCI.
If the DLCI statistics table exceeds the size of the screen, you can
scroll through it by using the SCROLL UP and SCROLL DOWN items.
To scroll up, select the SCROLL UP item at the top of the list and
press the Return key. To scroll down, select the SCROLL DOWN
item at the bottom of the list and press Return.
To obtain more information about any DLCI listed in the table, select
the DLCI and press Return. A dialog box containing more
information about the selected DLCI will appear. Press Return or the
Escape key to dismiss the dialog box.
Event Histories
The Netopia Router records certain relevant occurrences in event
histories. Event histories are useful for diagnosing problems
because they list what happened before, during, and after a
problem occurs. You can view two different event histories: one for
the router’s system and one for the ISDN or leased line.
Note: Netopia Router’s built-in battery backup prevents loss of
event history from a shut down or reset.
The Router’s event histories are structured to display most recent
events first, and to make it easy to distinguish error messages from
informational messages. Error messages are prefixed with an
To go to the Event Histories screen, select Event Histories in the
Statistics, Utilities, Tests screen.
Event Histories
Device Event History...
WAN Event History...
Clear Device Event History...
Clear WAN Event History...
Device Event History
The Device Event History screen lists port and system events,
giving the time and date for each event, as well as a brief
description. The most recent events appear at the top.
To go to the Device Event History screen, select Device Event
History in the Event Histories screen.
Reference Guide
Device Event History
Current Date --
6/4/98 09:23:53 AM
----------------------------------SCROLL UP-----------------------------------
06/04/97 08:56:13
06/04/97 08:56:06
06/04/97 08:56:06
AppleTalk initialization complete
IPX initialization complete
IP address server initialization complete
06/04/97 08:56:06 --BOOT: Cold start v3.2-------------------------------------
06/04/97 08:52:28 AURP initialization complete
---------------------------------SCROLL DOWN----------------------------------
Return/Enter on event item for details or 'SCROLL [UP/DOWN]' item for
If the event history exceeds the size of the screen, you can scroll
through it by using the SCROLL UP and SCROLL DOWN items.
To scroll up, select the SCROLL UP item at the top of the list and
press the Return key. To scroll down, select the SCROLL DOWN
item at the bottom of the list and press Return.
To obtain more information about any event listed in the Device
Event History, select the event and then press Return. A dialog box
containing more information about the selected event will appear.
Press Return or the Escape key to dismiss the dialog box.
To clear the Device Event History, select Clear Device Event History
in the Event Histories screen.
WAN Event History
The WAN Event History screen lists events on the ISDN or leased
line. The most recent events appear at the top.
To go to the WAN Event History screen, select WAN Event History in
the Event Histories screen.
WAN Event History
Current Date --
6/4/97 04:36:11 PM
----------------------------------SCROLL UP-----------------------------------
06/04/97 16:35:44
06/04/97 16:35:44
06/04/97 16:35:43
06/04/97 16:35:43
06/04/97 16:35:43
06/04/97 16:35:41
06/04/97 16:35:41
PPP: IPXCP negotiated, session 1
PPP: IPCP negotiated, session 1, rem:
PPP: MP negotiated, session 1
PPP: PAP remote accepted us, Channel 1
PPP: NCP up, session 1, Channel 1
PPP: Channel 1 up, Dialout
Received Connect Ind. for DN: 915105551111
06/04/97 16:35:41 >>Issued 64Kb Setup Request from our DN: 5105771234
06/04/97 16:34:57
06/04/97 16:34:56
06/04/97 16:34:56
Received Clear Confirm for our DN: 5105771234
Requested Disc. from DN: 915105551111, Cause: 16
PPP: Channel 1 down
06/04/97 16:34:56 * PPP: PAP authentication failed, Channel 1
06/04/97 16:34:54
06/04/97 16:34:54
PPP: Channel 1 up, Dialout
Received Connect Ind. for DN: 915105551111
06/04/97 16:34:53 >>Issued 64Kb Setup Request from our DN: 5105771234
---------------------------------SCROLL DOWN----------------------------------
Return/Enter on event item for details or SCROLL [UP/DOWN] item for
Each entry in the list contains the following information:
Time: Time of the event.
Date: Date of the event.
Event: A brief description of the event.
Models on switched
circuits only
Ch.: The channel involved in the event.
Models on switched
circuits only
Dir. Number: The directory number (number dialed) involved in the
The first event in each call sequence is marked with double arrows
Failures are marked with an asterisk (*).
Reference Guide
If the event history exceeds the size of the screen, you can scroll
through it by using the SCROLL UP and SCROLL DOWN items.
To scroll up, select the SCROLL UP item at the top of the list and
item at the bottom of the list and press the Return key.
To get more information about any event listed in the WAN Event
History, select the event and then press the Return key. A dialog box
containing more information about the selected event will appear.
Press Return or the Escape key to dismiss the dialog box. Also see
Appendix D, “ISDN, DDS/ ADN, and T1 Events” for explanations of
the possible events.
To clear the WAN Event History, select Clear WAN Event History in
the Event Histories screen.
Routing Tables
You can view all of the IP, IPX and AppleTalk routes in the Netopia
Router’s IP, IPX and AppleTalk routing tables, respectively.
To go to the Routing Tables screen, select Routing Tables in the
Statistics, Utilities, Tests screen.
Routing Tables
IP Routing Table...
IPX Routing Table...
IPX SAP Bindery Table...
AppleTalk Routing Table...
IP routing table
The IP routing table displays all of the IP routes currently known to
the Netopia Router.
To display the IP Routing Table screen, select IP Routing Table in
the Routing Tables screen and go to the IP Routing Table screen.
IPX routing table
The IPX routing table displays all of the IPC routes currently known
to the Netopia Router.
To display the IPX Routing Table screen, select IPX Routing Table in
the Routing Tables screen and go to the IPX Routing Table screen.
IPX Sap Bindery table
The IPX Sap Bindery table displays all of the IPX Sap Bindery routes
currently known to the Netopia Router.
To display the IPX Sap Bindery table screen, select IPX Sap Bindery
table in the Routing Tables screen and go to the IPX Sap Bindery
table screen.
AppleTalk routing table
The AppleTalk routing table displays information about the current
state of AppleTalk networks connected to the Netopia Router,
including remote AppleTalk networks connected with AURP. This
information is gathered from other active AppleTalk routers.
To go to the AT Routing Table screen, select AppleTalk Routing
Table in the Routing Tables screen.
Reference Guide
AT Routing Table
-Net---Range--(Def) Zone Name---------Hops-State-Next Rtr Addr.--Pkts Fwded---
----------------------------------SCROLL UP-----------------------------------
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Good 46.131
Customer Service
UNIX Services
---------------------------------SCROLL DOWN----------------------------------
'*' Entries have multiple zone names. Return/Enter on these to see zone list.
Each row in the AppleTalk routing table corresponds to an AppleTalk
route or network range. If the list of routes shown exceeds the size
of the screen, you can scroll through it by using the SCROLL UP and
To scroll up, select the SCROLL UP item at the top of the table and
press the Return key. To scroll down, select the SCROLL DOWN
item at the bottom of the table and press the Return key.
The table has the following columns:
Net: Displays the starting network number supplied by the AppleTalk
router in the ‘Next Rtr Addr. Column’. If a network number is
preceded by an asterisk (*), it has multiple zones. To display the
zones, select the network entry and press Return.
Range: Displays the ending network number for the extended
(Def) Zone Name: Displays the zone or zones associated with the
specified network or network range. The zone name shown is either
the only zone for a non extended network (e.g.:LocalTalk networks),
or the default zone name for an extended network. To see the
complete list of zones for an extended network with multiple zones,
select the entry in the table and press the Return key. Press the
Return key again to close the list of zones.
Hops: Displays the number of routers between the Netopia Router
and the specified network.
State: Displays the state of the specified route, based on the
frequency of Routing Table Maintenance Protocol (RTMP) packets
received for the route. The state can be Good, Suspect, or Bad.
AppleTalk routers regularly exchange RTMP packets to update
AppleTalk routing information.
Next Rtr Addr.: Displays the DDP or IP address of the next hop for
the specified route. A DDP address is displayed if the router shown
is on the local AppleTalk network. DDP address means that a
connection to the next hop router is by a native AppleTalk network
(e.g.: LocalTalk or EtherTalk Phase II). An IP address is displayed if
the Netopia Router is connected to the router shown using AURP. IP
address means a connection transports over AURP (AppleTalk
encapsulated IP).
Pkts Fwded: The number of packets sent to the router shown.
The AppleTalk routing table updates automatically when you first
display this screen, but not while you are viewing it. To update the
AppleTalk routing table, select UPDATE (near the bottom left-hand
side of the screen) and press Return.
Call Accounting
The Netopia Router offers system-wide call accounting to track first
minutes (an ISDN tariff factor) and additional minutes, for initiated
data and voice calls.
To go to the Call Accounting screen, select Call Accounting in the
Statistics, Utilities, Tests screen.
Reference Guide
Call Accounting
Enable Call Accounting:
Day for auto-reset of timers:
Maximum connect time (HH:MM):
-------- Call Accounting Statistics ----------------------------------
Total First Minutes:
Total Additional Time (HH:MM):
Remaining Time (HH:MM):
Trigger Date(MDY):
To enable call accounting, follow these steps:
1. Select Enable Call Accounting and toggle it to On.
2. Select Day for auto-reset of timers and enter the day of the
month for the Router to reset the Call Accounting Statistics.
3. Select Maximum connect time (HH:MM) and enter the total
amount of time to allow for outbound calls, where HH is the
hour (using either the 12-hour or 24-hour clock) and MM is the
4. Select RESET MINUTE COUNTERS and press Return to
manually reset the Call Accounting Statistics.
Under Call Accounting Statistics:
Total First Minutes displays the total number of first minutes of
outbound calls placed during the recording interval.
Total Additional Minutes (HH:MM) displays the total remaining
time of all outbound calls placed during the recording interval.
Remaining Time (HH:MM) displays how much time is left in the
recording interval. If call accounting is not enabled, the
message will read, Call Accounting Disabled.
Trigger Date (MDY) displays the date, in month, day, year
format, when the call accounting begins.
The Netopia Router includes a Simple Network Management
Protocol (SNMP) agent, allowing monitoring and configuration by a
standard SNMP manager.
The Netopia Router supports the following Management Information
Base (MIB) documents:
MIB II (RFC 1213)
Interface MIB (RFC 1229)
Ethernet MIB (RFC 1643)
AppleTalk MIB-I (RFC 1243)
Frame Relay DTE MIB (RFC 1315)
Farallon Netopia MIB
These MIBs are on the Netopia Router CD included with the Netopia
Router. You should load these MIBs into your SNMP management
software in the order they are listed here. Follow the instructions
included with your SNMP manager on how to load MIBs.
Reference Guide
sysObjectID and sysDescr
The value returned by the Netopia Router SNMP agent for
sysObjectID is, where x is dependent upon
your model number and defined in the table below:
Model no.
Model no.
The value returned by the Netopia Router SNMP agent for sysDescr
is Netopia PNyyy, where yyy is your particular Netopia Router model
number. For some models, yyy also includes a suffix to the model
number. See the table below.
Non-North American ISDN
Netopia Routers
country code)-1S
SA Netopia Routers
T1 Netopia Routers
DDS Netopia Routers
The SNMP Setup screen
To go to the SNMP Setup screen, select SNMP in the Advanced
Configuration screen.
SNMP Setup
System Name:
System Location:
System Contact:
Read-Only Community String:
Read/Write Community String:
Authentication Traps Enable:
IP Trap Receivers...
Configure optional SNMP parameters from here.
Follow these steps to configure the first three items in the screen:
1. Select System Name and enter a descriptive name for the
Netopia Router’s SNMP agent.
2. Select System Location and enter the router’s physical location
(room, floor, building, etc.).
3. Select System Contact and enter the name of the person
responsible for maintaining the router.
System Name, System Location, and System Contact set the
values returned by the Netopia Router SNMP agent for the
SysName, SysLocation, and SysContact objects, respectively, in the
MIB-II system group. Although optional, the information you enter in
these items can help a system administrator manage the network
more efficiently.
Reference Guide
Community strings
The Read-Only Community String and the Read/ Write Community
String are like passwords that must be used by an SNMP manager
querying or configuring the Netopia Router. An SNMP manager using
the Read-Only Community String can examine statistics and
configuration information from the router, but cannot modify the
router’s configuration. An SNMP manager using the Read/ Write
Community String can both examine and modify configuration
By default, the read-only and read/ write community strings are set
to “public” and “private,” respectively. You should change both of
the default community strings to values known only to you and
trusted system administrators.
Even if you decide not to use SNMP, you should change the
community strings. This prevents unauthorized access to the
Netopia Router through SNMP.
For more information on security issues, see “Suggested security
measures” on page 7-2.
SNMP traps
An SNMP trap is an informational message sent from an SNMP
agent (in this case, the Netopia Router) to a manager. When a
manager receives a trap, it may log the trap as well as generate an
alert message of its own.
Standard traps generated by the Netopia Router include the
An authentication failure trap is generated when the router
detects an incorrect community string in a received SNMP
packet. Auth. Traps Enable must be On for this trap to be
A cold start trap is generated after the router is reset.
Monitoring Tools
An interface down trap (ifDown) is generated when one of the
router’s interfaces, such as a port, stops functioning or is
An interface up trap (ifUp) is generated when one of the
router’s interfaces, such as a port, begins functioning.
The Netopia Router sends traps using UDP (for IP networks).
You can specify which SNMP managers are sent the IP traps
generated by the Netopia Router. Up to eight receivers can be set.
You can also review and remove IP traps.
Go to the IP Trap Receivers screen by selecting IP Trap Receivers in
the SNMP Setup screen.
IP Trap Receivers
Display/Change IP Trap Receiver...
Add IP Trap Receiver...
Delete IP Trap Receiver...
Return/Enter to modify an existing Trap Receiver.
Navigate from here to view, add, modify and delete IP Trap Receivers.
Setting the IP trap receivers
1. Select Add IP Trap Receiver.
2. Select Receiver IP Address or Domain Name. Enter the IP
address or domain name of the SNMP manager you want to
receive the trap.
3. Select Community String if you enabled one in the SNMP Setup
screen, and enter the appropriate password.
4. Select Add Trap Receiver Now and press Return. You can add
up to seven more receivers.
Reference Guide
Viewing IP trap receivers
To display a view-only table of IP trap receivers, select
Display/ Change IP Trap Receiver in the IP Trap Receivers screen.
Modifying IP trap receivers
1. To edit an IP trap receiver, select Display/ Change IP Trap
Receiver in the IP Trap Receivers screen.
2. Select an IP trap receiver from the table and press Return.
3. In the Change IP Trap Receiver screen, edit the information as
needed and press Return.
Deleting IP trap receivers
1. To delete an IP trap receiver, select Delete IP Trap Receiver in
the IP Trap Receivers screen.
2. Select an IP trap receiver from the table and press Return.
3. In the dialog box, select Cancel and press Return.
Chapter 10
Utilities and Tests
and control purposes:
Setting system date and time (see page 10-2)
Establishing and disconnecting WAN connections (see Chapter
Running a ping test (see page 10-3)
and a given destination (see page 10-7)
Upgrading feature sets and WANlets (see page 10-8)
Restarting the system (see page 10-8)
Reverting to factory default settings (see page 10-9)
Monitoring secure authentication (see Chapter 2)
Running an ISDN loopback test (see page 10-9)
Configuring the console (see page 10-11)
Transferring configurations and firmware files (see page 10-12
and page 10-17)
Note: These utilities and tests are accessible only through the
console-based management screens. If you used Web-based
management to configure your Router, see Chapter 4, “Installing the
Netopia Router,” of the Getting Started Guide for information on
accessing the console-based management screens.
Reference Guide
Some utilities and tests may not be available on some Netopia
Router models, depending on the switch type and data
encapsulation method. See the following sections for more
Setting the system date and time
You can set the system’s date and time in the Set Date and Time
Select Date and Time in the Statistics, Utilities, Tests screen and
press Return to go to the Set Date and Time screen.
Set Date and Time
System Date Format:
Current Date (MM/DD/YY):
System Time Format:
Current Time:
AM or PM:
Follow these steps to set the system’s date and time:
1. Select System Date Format and choose how the date will be
displayed. DD represents the day, MM represents the month,
and YY represents the year.
2. Select Current Date and enter the date in the appropriate
format. Use one- or two-digit numbers for the month and day,
and the last two digits of the current year. The date’s numbers
must be separated by forward slashes (/ ).
3. Select System Time Format and choose the 12-hour clock
(AM/ PM) or the 24-hour clock (24hr).
4. Select Current Time and enter the time in the format HH:MM,
where HH is the hour (using either the 12-hour or 24-hour clock)
and MM is the minutes.
5. Select AM or PM and choose AM or PM. The AM or PM item
appears only if the time is in the 12-hour clock format.
Utilities and Tests
The Netopia Router includes a standard Ping test utility. A Ping test
generates IP packets destined for a particular (Ping-capable) IP
host. Each time the target host receives a Ping packet, it returns a
packet to the original sender.
Ping allows you to see whether a particular IP destination is
reachable from the Netopia Router. You can also ascertain the
quality and reliability of the connection to the desired destination by
studying the Ping test’s statistics.
To use the Ping utility, select Ping in the Statistics, Utilities, Tests
screen and press Return to go to the Ping screen.
Name of Host to Ping:
Packets to Send:
Data Size:
Delay (seconds):
Packets Out:
Packets In:
Packets Lost:
Round Trip Time
0 (0%)
0.000 / 0.000 / 0.000 secs
Enter the IP Address/Domain Name of a host to ping.
Send ICMP Echo Requests to a network host.
To configure and initiate a Ping test, follow these steps:
1. Select Name of Host to Ping and enter the destination domain
name or IP address.
Reference Guide
2. Select Packets to Send to change the default setting. This is
the total number of packets to be sent during the Ping test. The
default setting is adequate in most cases, but you may change
it to any value from 1 to 4,294,967,295.
3. Select Data Size to change the default setting. This is the size,
in bytes, of each Ping packet sent. The default setting is ade-
quate in most cases, but you may change it to any value from 0
(only header data) to 1664.
4. Select Delay (seconds) to change the default setting. The
delay, in seconds, determines the time between Ping packets
sent. The default setting is adequate in most cases, but you
may change it to any value from 0 to 4,294,967. A delay of 0
seconds forces packets to be sent immediately one after
5. Select START PING and press Return to begin the Ping test.
While the test is running, the START PING item becomes STOP
PING. To manually stop the Ping test, select STOP PING and
press Return or the Escape key.
While the Ping test is running, and when it is over, a status field and
a number of statistical items are active on the screen. These are
described below.
Status: The current status of the Ping test. This item can display
the following messages:
Utilities and Tests
Resolving host name
Can’t resolve host name
Finding the IP address for the domain name-style address
IP address can’t be found for the domain name-style name
Ping test is in progress
Ping test was completed
Cancelled by user
Ping test was cancelled manually
Ping test was able to reach the router with IP address
w.x.y.z, which reported that the test could not reach the
final destination
Destination unreachable from
Couldn’t allocate packet buffer
Couldn’t open ICMP port
Couldn’t proceed with Ping test; try again or reset system
Couldn’t proceed with Ping test; try again or reset system
Packets Out: The number of packets sent by the Ping test.
Packets In: The number of return packets received from the target
host. To be considered “on time,” return packets are expected back
before the next packet in the sequence of Ping packets is sent. A
count of the number of late packets appears in parentheses to the
right of the Packets In count.
In the example below, a Netopia Router is sending Ping packets to
another host, which responds with return Ping packets. Note that
the second return Ping packet is considered to be late because it is
not received by the Netopia Router before the third Ping packet is
sent. The first and third return Ping packets are on time.
Reference Guide
send Ping packet 1
receive Ping packet 1
send return Ping packet 1
receive return Ping packet 1
send Ping packet 2
receive Ping packet 2
send return Ping packet 2
send Ping packet 3
receive return Ping packet 2
receive Ping packet 3
send return Ping packet 3
receive return Ping packet 3
Packets Lost: The number of packets unaccounted for, shown in
total and as a percentage of total packets sent. This statistic may
be updated during the Ping test, and may not be accurate until after
the test is over. However, if an escalating one-to-one
correspondence is seen between Packets Out and Packets Lost,
and Packets In is noticeably lagging behind Packets Out, the
destination is probably unreachable. In this case, use STOP PING.
Round Trip Time (Min/ Max/ Avg): Statistics showing the
minimum, maximum, and average number of seconds elapsing
between the time each Ping packet was sent and the time its
corresponding return Ping packet was received.
Utilities and Tests
The time-to-live (TTL) value for each Ping packet sent by the Netopia
Router is 255, the maximum allowed. The TTL value defines the
number of IP routers that the packet can traverse. Ping packets that
reach their TTL value are dropped, and a “destination unreachable”
notification is returned to the sender (see the table above). This
ensures that no infinite routing loops occur. The TTL value can be
set and retrieved using the SNMP MIB-II ip group’s ipDefaultTTL
Tracing a route
You can count the number of routers between your Netopia Router
and a given destination with the Trace Route utility.
Select Trace Route in the Statistics, Utilities, Tests screen and
press Return to go to the Trace Route screen.
Trace Route
Host Name or IP Address:
Maximum Hops:
Timeout (seconds):
Use Reverse DNS:
Trace route to a network host.
To trace a route, follow these steps:
1. Select Host Name or IP Address and enter the name or
address of the destination you want to trace.
2. Select Maximum hops (1..64) to set the maximum number of
routers to count between the Netopia Router and the
destination router, up to 64. The default is 30 hops.
Reference Guide
3. Select Timeout per probe (1..10 sec) to set when the trace will
timeout for each hop, up to 10 seconds. The default is 3
4. Select Use Reverse DNS to learn the names of the routers
between the Netopia Router and the destination router. The
default is Yes.
5. Select START TRACE ROUTE and press Return. The screen will
be replaced by a scrolling screen, listing the destination, the
number of hops, the IP addresses of each hop, and the DNS
names, if selected.
6. Cancel the trace by pressing Esc. Return to the Trace Route
screen by pressing Esc twice.
Upgrading the Netopia Router
You can upgrade your Netopia Router by adding new feature sets
through the Upgrade Feature Set utility.
See the release notes that came with your router or visit the
Farallon web site at for information on new
feature sets, how to obtain them, and how to install them on your
Netopia Router.
Restarting the system
You can restart the system by selecting the Restart System item in
the Statistics, Utilities, Tests screen.
You must restart the system whenever you reconfigure the Netopia
Router and want the new parameter values to take effect. Under
certain circumstances, restarting the system may also clear up
system or network malfunctions.
Utilities and Tests
Factory defaults
You can reset the Netopia Router to its factory default settings.
Select the Revert to Factory Defaults item in the Statistics,
Utilities, Tests screen and press Return. Select CONTINUE in the
dialog box and press Return. The Netopia Router settings will return
to the factory defaults, deleting your configurations.
The ISDN loopback test
The ISDN loopback test is designed to confirm the existence of a
working ISDN line and the proper configuration of certain Netopia
Router parameters. This test is available only on switched ISDN
Using the first B-channel, the test calls the Netopia Router on the
second B-channel, creating a call loop back to the unit.
To run the ISDN loopback test, select ISDN Switch Loopback Test
in the Statistics, Utilities, Tests screen and press Return to go to
the ISDN Switch Loopback Test screen.
ISDN Switch Loopback Test
Run Test Now
Select Run Test Now and press Return. The loopback test is
executed immediately.
Note: Make sure neither B-channel is in use before you execute the
loopback test.
10-10 Reference Guide
The Status item reports one of three results:
Untested: The loopback test has not yet been run.
Loopback Test FAILED: The loopback test has failed. See “If the
loopback test fails,” below, for troubleshooting suggestions.
Loopback Test PASSED. The loopback test was successful. The
line is working properly, and the directory numbers (the ISDN phone
numbers associated with each B-channel) are correct. If a SPID is
associated with the first B-channel, its correctness is also
confirmed. If a SPID is associated with the second B-channel, its
correctness is confirmed.
Note: SPIDs are applicable to certain North American ISDN switch
If the loopback test fails
Follow these suggestions to track down the reason behind the
loopback test’s failure:
Check that the WAN Ready LED is solid green.
Check the ISDN event log and get more information about
events that seem relevant to the failure.
Check the B-channel usage in the Quick View screen to make
sure there were no active calls when the loopback test was
Check the accuracy of the directory numbers, SPIDs, and
switch protocol you entered in the ISDN Line Configuration
screen (compare them with the information you received from
your ISDN service provider).
Verify termination of the S/ T bus.
Contact your ISDN service provider to have the line checked.
Check that your line is not provisioned for voice only (Circuit
Switched Voice).
Utilities and Tests 10-11
Console configuration
In the Getting Started Guide, it was suggested that you set the
communications parameters in your terminal emulation software to
match the Netopia Router’s default settings. However, you can
change the default terminal communications parameters to suit
your requirements.
To go to the Console Configuration screen, select Console
Configuration in the Advanced Configuration screen.
Console Configuration
Baud Rate...
Bits per Character...
Stop Bits...
No Parity
Follow these steps to change a parameter’s value:
1. Select the parameter you want to change.
2. Select a new value for the parameter. Return to step 1 if you
want to configure another parameter.
3. Select SET CONFIG NOW to save the new parameter settings.
Select CANCEL to leave the parameters unchanged and exit
the Console Configuration screen.
10-12 Reference Guide
Transferring configuration and firmware files with XMODEM
You can transfer configuration and firmware files with XMODEM
through the Netopia Router’s console or PC Card (PCMCIA) port.
To go to the PC Card Config/ Firmware Transfer screen, select
PC Card Config/ Firmware Transfer in the Advanced Configuration
PC Card Config/Firmware Transfer
Send Firmware to Netopia...
Send Config to Netopia...
Receive Config from Netopia...
PC Card Modem Init String:
The transfer you initiate will occur through the port from which you
initiate it. If you are connected to the Netopia Router through its
console port, the transfer will occur through that port. If you are
connected through the PC Card port, the transfer will occur through
that port.
Using the console port
Using the Netopia Router’s screens through the console port.
involves using either a PC or Macintosh computer with a terminal
emulation program that supports XMODEM file transfers.
See the Getting Started Guide for directions on how to configure
your terminal emulation program.
Utilities and Tests 10-13
Using the SmartPort
Follow these steps to prepare to use the SmartPort (PC Card port):
1. Connect a standard PC Card modem to the port. See
“Connecting a modem to the SmartPort” on page 1-4 for more
The modem will be initialized using the default string contained
in the PC Card Modem Init String item in the PC Card
Config/ Firmware Transfer screen. Consult your modem’s user’s
guide and edit the default string it includes commands not
supported by your modem. You may choose to substitute
equivalent commands.
2. Connect a standard, working analog telephone line (not an
ISDN line) to the modem.
3. Call the modem from another site using a computer, a modem,
and a terminal emulation program (like the one used with the
console port). The terminal emulation program should be
configured as specified in the Getting Started guide.
Once you connect to the Netopia Router’s modem, you should see
the configuration screens. Press Ctrl-L if you connect but are unable
to see the screens.
10-14 Reference Guide
Updating firmware
Firmware updates may be available periodically from Farallon or
from a site maintained by your organization’s network administra-
The procedure below applies whether you are using the console or
the PC Card port.
Follow these steps to update the Netopia Router’s firmware:
1. Make sure you have the firmware file on disk and know the path
to its location.
2. Select Send Firmware to Netopia and press Return. The
following dialog box appears:
| Are you sure you want to send a firmware file to your Netopia?
| If so, when you hit Return/Enter on the CONTINUE button, you will
| have 10 seconds to begin the transfer from your terminal program.
3. Select CANCEL to exit without downloading the file, or select
CONTINUE to download the file.
If you choose CONTINUE, you will have ten seconds to use your
terminal emulation software to initiate an XMODEM transfer of
the firmware file. If you fail to initiate the transfer in that time,
the dialog box will disappear and the terminal emulation
software will inform you of the transfer’s failure. You can then
try again.
The system will reset at the end of a successful file transfer to
put the new firmware into effect. While the system resets, the
LEDs will blink on and off.
Utilities and Tests 10-15
Do not manually reset the Netopia Router while it is
automatically resetting or it could be damaged.
Downloading configuration files
The Netopia Router can be configured by downloading a
configuration file. The downloaded file reconfigures all of the
Router’s parameters.
Configuration files are available from a site maintained by your
organization’s network administrator or from your local site (see
“Uploading configuration files,” below).
The procedure below applies whether you are using the console or
the PC Card port.
Follow these steps to download a configuration file:
1. Make sure you have the configuration file on disk and know the
path to its location.
2. Select Send Config to Netopia and press Return. The following
dialog box appears:
| Do you want to send a saved configuration to your Netopia?
| If so, when you hit Return/Enter on the CONTINUE button, you will
| have 10 seconds to begin the transfer from your terminal program.
3. Select CANCEL to exit without downloading the file, or select
CONTINUE to download the file.
10-16 Reference Guide
If you choose CONTINUE, you will have ten seconds to use your
terminal emulation software to initiate an XMODEM transfer of
the configuration file. If you fail to initiate the transfer in that
time, the dialog box will disappear and the terminal emulation
software will inform you of the transfer’s failure. You can then
try again.
The system will reset at the end of a successful file transfer to
put the new configuration into effect.
Uploading configuration files
A file containing a snapshot of the Netopia Router’s current
configuration can be uploaded from the Router to disk. The file can
then be downloaded by a different Netopia Router to configure its
parameters (see “Downloading configuration files” on page 10-15).
This is useful for configuring a number of Routers with identical
parameters, or for creating configuration backup files.
Uploading a file can also be useful for troubleshooting purposes.
The uploaded configuration file can be tested on a different Netopia
Router by Farallon or your network administrator.
The procedure below applies whether you are using the console or
the PC Card port.
To upload a configuration file:
1. Decide on a name for the file and a path for saving it.
2. Select Receive Config from Netopia and press Return. The
following dialog box appears:
| Are you sure you want to save your current Netopia configuration? |
| If so, when you hit Return/Enter on the CONTINUE button, you will |
| have 10 seconds to begin the transfer from your terminal program. |
Utilities and Tests 10-17
3. Select CANCEL to exit without uploading the file, or select
CONTINUE to upload the file.
If you choose CONTINUE, you will have ten seconds to use your
terminal emulation software to initiate an XMODEM transfer of
the configuration file. If you fail to initiate the transfer in that
time, the dialog box will disappear and the terminal emulation
software will inform you of the transfer’s failure. You can then
try again.
Transferring configuration and firmware files with TFTP
Trivial File Transfer Protocol (TFTP) is a method of transferring data
over an IP network. TFTP is a client-server application, with the
Router as the client. To use the Router as a TFTP client, a TFTP
server must be available.
To use TFTP, select Trivial File Transfer Protocol (TFTP) in the
Advanced Configuration screen and press Return to go to the Trivial
File Transfer Protocol (TFTP) screen.
Trivial File Transfer Protocol (TFTP)
Trivial File Transfer Protocol (TFTP)
TFTP Server Name:
Firmware File Name:
Config File Name:
TFTP Transfer State -- Idle
TFTP Current Transfer Bytes -- 0
10-18 Reference Guide
The sections below describe how to update the Router’s firmware
and how to download and upload configuration files.
Updating firmware
Firmware updates may be available periodically from Farallon or
from a site maintained by your organization’s network administrator.
To update the Router’s firmware, follow these steps:
1. Select TFTP Server Name and enter the DNS name or IP
address of the TFTP server you will use. The DNS name or IP
address is available from the site where the server is located.
2. Select Firmware File Name and enter the name of the file you
will download. The name of the file is available from the site
where the server is located. You may need to enter a file path
along with the file name (for example, bigroot/ config/ myfile).
3. Select GET FIRMWARE FROM SERVER and press Return. You
will see the following dialog box:
| Are you sure you want to send a firmware file to your Netopia?
| The device will restart when the transfer is complete.
Select CANCEL to exit without downloading the file, or select
CONTINUE to download the file. The system will reset at the
end of the file transfer to put the new firmware into effect.
While the system resets, the LEDs will blink on and off.
Do not manually reset the Netopia Router while it is automatically
resetting or it could be damaged.
Utilities and Tests 10-19
4. If you choose to download the firmware, the TFTP Transfer
State item will change from Idle to Reading Firmware. The
TFTP Current Transfer Bytes item will reflect the number of
bytes transferred.
Downloading configuration files
The Router can be configured by downloading a configuration file
using TFTP. Once downloaded, the file reconfigures all of the
Router’s parameters as if someone had manually done so through
the console port.
To download a configuration file, follow these steps:
1. Select TFTP Server Name and enter the DNS name or IP
address of the TFTP server you will use. The DNS name or IP
address is available from the site where the server is located.
2. Select Config File Name and enter the name of the file you will
download. The name of the file is available from the site where
the server is located. You may need to enter a file path along
with the file name (for example, bigroot/ config/ myfile).
3. Select GET CONFIG FROM SERVER and press Return. You will
see the following dialog box:
| Are you sure you want to send a saved configuration to your Netopia? |
Select CANCEL to exit without downloading the file, or select
CONTINUE to download the file. The system will reset at the
end of the file transfer to put the new configuration into effect.
10-20 Reference Guide
4. If you choose to download the configuration file, the TFTP
Transfer State item will change from Idle to Reading Config.
The TFTP Current Transfer Bytes item will reflect the number of
bytes transferred.
Uploading configuration files
Using TFTP, you can send a file containing a snapshot of the
Router’s current configuration to a TFTP server. The file can then be
downloaded by a different Netopia Router unit to configure its
parameters (see “Downloading configuration files” on page 10-19).
This is useful for configuring a number of Routers with identical
parameters, or just for creating configuration backup files.
Uploading a file can also be useful for troubleshooting purposes.
The uploaded configuration file can be tested on a different Netopia
Router unit by Farallon or your network administrator.
To upload a configuration file, follow these steps:
1. Select TFTP Server Name and enter the DNS name or IP
address of the TFTP server you will use. The DNS name or IP
address is available from the site where the server is located.
2. Select Config File Name and enter a name for the file you will
upload. The file will appear with the name you choose on the
TFTP server. You may need to enter a file path along with the
file name (for example, Mypc/ Netopia/ myfile).
3. Select SEND CONFIG TO SERVER and press Return. You will
see the following dialog box:
Utilities and Tests 10-21
| Are you sure you want to save your current Netopia configuration? |
Select CANCEL to exit without uploading the file, or select
CONTINUE to upload the file. The system will reset at the end
of the file transfer to put the new configuration into effect.
4. The TFTP Transfer State item will change from Idle to Writing
Config. The TFTP Current Transfer Bytes item will reflect the
number of bytes transferred.
Appendix A
This appendix is intended to help you troubleshoot problems you
may encounter while using the Netopia Router. It also includes
information on how to contact Farallon Technical Support.
Important information on these problems may be found in the event
histories kept by the Netopia Router. These event histories can be
accessed in the Statistics, Utilities, Tests screen.
Power outages
If you suspect that power was restored after a power outage, and
the Netopia Router is connected to a remote site, you may need to
switch the Netopia Router off and then back on again. After
temporary power outages, a connection that still seems to be up
may actually be disconnected. Rebooting the Router should
reestablish the connection.
Configuration problems
If you reconfigure the Netopia Router and the reconfigured settings
do not seem to be taking effect, reset (restart) the system. You can
reset the system by switching the Netopia Router off and back on.
Resetting the system will cause new configuration settings to take
Reference Guide
Console connection problems
Can’t see the configuration screens (nothing appears)
Check the cable connection from the Netopia Router’s console
port to the computer being used as a console.
Check that the terminal emulation software is accessing the
correct port on the computer that’s being used as a console.
Try pressing Ctrl-L or Return several times to refresh the
terminal screen.
Check that flow control on serial connections is turned off.
Junk characters appear on the screen
Check that the terminal emulation software is configured
Check the baud rate.
Characters are missing from some of the configuration screens
Try changing the Netopia Router’s default speed of 9.6 kbps
and setting your terminal emulation software to match the new
ISDN problems
The WAN Ready LED is blinking red
This is an indication that the Netopia Router cannot detect the ISDN
switch at your ISDN service provider’s central office.
Check that the cable you are using for ISDN is not a 10Base-T
cable, which can look similar to an ISDN cable.
Check that you have plugged the correct cable into the Netopia
Router’s ISDN port, and not one of its EtherWave ports.
The WAN Ready LED is solid red
This is an indication that the Netopia Router is unable to
synchronize with the switch at your ISDN service provider’s central
Confirm that you have entered the correct directory numbers
when configuring the Router.
Confirm that you have configured the Router with the correct
ISDN switch protocol. The protocol selected should match the
one used on your ISDN line.
Check the ISDN event history to see what error it reports. You
can select any event shown in the history and press Return to
The WAN Ready LED is off
The initial call made or received on the ISDN line may activate
the WAN Ready LED. You can also activate the LED by using the
ISDN loopback test. See “The ISDN loopback test” on
page 10-9 for more information on using the ISDN loopback
Calls do not go through
If the Ready LED is glowing solid green and the ISDN loopback test
is successful, calls you make with the Netopia Router should go
through. There may be several reasons why a particular call does
not go through:
The number being dialed is wrong.
The connection profile being used has the Dial On Demand
parameter (in the Telco Options screen) set to No. It should be
set to Yes, or you must manually initiate the call.
The connection profile being used has the Dial parameter (in
the Telco Options screen) set to Dial In Only. It should be set to
Dial In/ Out or Dial Out Only.
