Broadband Router User Guide Broadband Router User Guide March, 2001 Limitation of Liability Information in this document is subject to change without notice. The material contained herein is supplied without representation or warranty of any kind. Therefore assumes no responsibility and shall have no liability of any kind arising from the supply or use of this document or the material contained herein. 1 About This User Guide Welcome to the Networking world of multifunction routers! Thank you for investing in a Broadband Router. We are dedicated to provide the most efficient, easy to configure, and trouble free equipment in the networking industry. This manual is intended as a basic introduction to your Broadband Router. It supplies enough information to make the Broadband Router operational in most common environments: connecting to the Internet , receiving calls from dial-in users, or connecting to another network through the telephone network. We'll describe how to use your web browser to configure the Broadband Router and to perform some basic operations, e.g. upgrading the software, or viewing the connection log, a task which may be useful in ongoing operations. Finally, we'll tell you how to obtain information and help for subjects that are beyond the scope of this manual. This manual consists of seven chapters and three appendixes: Chapter One: Introduction, explains the features and capabilities of the Broadband Router. Chapter Two: Installing the Broadband Router, gives the simple steps you follow to install the Broadband Router and configure your workstations. Chapter Three: Configuring the Broadband Router, explains how to log in to the ARM Manager, describes the browser screen, and provides the steps needed to configure your Broadband Router for specific applications. It provides easy-to-follow instructions for quick Internet access and provides a guide to the most popular Broadband Router configurations. Chapter Four: Advanced Configuration, provides information on advanced router configuration setup. Chapter Five: Managing the Broadband Router, explains the management features of the Broadband Router. Chapter Six: Messages, lists messages you may see in the ARM message window, and what they mean. Appendix A: Specifications Appendix B: Glossary Appendix C: Warranty, Copyright, FCC Notice Safety Warnings · · The Broadband Router is not intended to be serviced by the user. Do not open the case. This product is intended to be supplied by a Listed Direct Plug-In Power Unit marked "Class 2" and rated 9 V ac, 1 A. Contents Chapter 1 Introduction? Overview of the Broadband Router Multifunction Router Broadband Router Applications Accessing the Internet Accessing Servers from the Public Network Creating a Virtual Private Network (VPN) A Configuration Example A Security Overview A Physical Look at the Broadband Router The Connectors on the Back The LEDs on the Front Chapter 2 Installing the Broadband Router Installing the Broadband Router Setting Up a Windows PC for Configuring the Broadband Router Connecting more Devices through a Hub to the Broadband Router Chapter 3 Configuring the Broadband Router Internet Access in Five Minutes Using Different Browsers for Broadband Router Configuration Logging On Customizing the ARM for Your Specific Needs Overview of The ARM Browser Screen What is a Connection Profile? Selecting Internet Access Interface Configuring a Basic Internet Access Profile via EWAN Setting Up Internet Access with Advanced Features Modifying Public and Private IP Addresses Setting the System Time Setting Internet Access Time Restrictions Chapter 4 Advanced Configuration Configuring and Using Port Address Translation Configuring Port Address Translation Static DHCP Assignments Creating VPN Connection Profiles To Configure VPN Remote Office Access Profiles Set up a VPN Connection Profile Advanced Options Setup Packet Filtering A Packet Filtering Overview Configuring IP Packet Rules Configuring IPX Packet Rules To Configure Advanced IP Settings iii To Configure Advanced IP Settings The IP Routing Table To Configure IPX Settings The IPX Routing Table The IPX SAP Table To Enable Bridging Learning Chapter 5 Managing the Broadband Router How to View the Connection Log How to Upgrade the Broadband Router Features/Software How to Save or Clear Configuration Changes How to Reset the Broadband Router How to Change the ARM Password What if I Forget the Password? How to Customize the ARM Interface How to Configure General System Settings Chapter 6 Messages Messages Appendix A Broadband Router Specifications Appendix B Glossary Appendix C Warranty, Copyrights, FCC Notice Warranty Copyrights FCC Part 15 Notice iv 1Broadband Router 1 Introduction This chapter gives the introduction to the Broadband Router. What' in the Box? s Your Broadband Router box should contain the items listed below · · · · 1 Broadband Router 1 AC Adapter, AC 9V 1A 1 female to female 9 pin cable to connect PC COM port and Broadband Router Console port. 1 UTP CAT5 crossover LAN cable to connect EWAN port and ADSL / Cable Modem Note: · · · Some Cable Modems use straight through cable 1 CD-ROM containing the online documentation 1 Quick Start Guide 1 Warranty and registration card Overview of the Broadband Router The Broadband Router is a small desktop router that sits between your local Ethernet network and a remote network (e.g., the Internet or a remote office). The Broadband Router contains an EWAN port connecting to Internet via external ADSL/Cable modem , a COM port worked as a managemant Console , and a one-port 10/100 Ethernet switch. Data comes into the Broadband Router from the local LAN and then is "routed" to the remote network . In addition to its capability to route IP/IPX traffic, the Broadband Router also acts as a bridge for other network protocols, such as Appletalk or SNA. Broadband Router Applications The main functions of the Broadband Router -to allow devices on your LAN to access the Internet, -to access servers from the public network, -to create Virtual Private Network (VPN). Accessing the Internet The most common use for the Broadband Router is to provide Internet access, so that everyone on your LAN can surf the web and send/receive email or files. 1-1 The Broadband Router automatically acquires the necessary IP address when the connection to the Internet is established. You don't need to apply for and assign an IP address to each PC or workstation on your network. ivate wide area network with Broadband Router via external ISDN TA/modem and provide Internet access for everyone on your LAN to surf the web and send/receive email or files simultaneously Figure 1-1 Internet Access Accessing Servers from the Public Network If you want special servers to be accessible by remote users across the Internet (e.g., an e-mail server, an FTP server, or a web server), you can configure the Broadband Router to proxy the service from its own address. This means that the remote user can address the router as if it were the special server and the Broadband Router will redirect this connection to the appropriate computer on the network. Creating a Virtual Private Network (VPN) Virtual Private Networking (VPN) provides a means to connect remote LANs over the Internet, while only local toll charges to an Internet Service Provider are incurred even if the two LANs are physically remote to each other. To create a VPN between two sites, a special connection called "tunnel" followed by a VPN data session has to be set up over the Internet. After a VPN data session is set up, data can be sent over it, optionally encrypted to prevent unauthorized access. Additionally, VPN tunnels allow IP, IPX and Bridging traffic to flow across the Internet, including NetBIOS information (for Windows networking) encapsulated within IP or IPX packets. All information required for a VPN is defined in a VPN profile, which contains, for example, the IP address of the VPN partner and authentication information (including the encryption key that is used). When a PC from one site tries to communicate with a device on the other site for the 1-2 first time, the VPN tunnel and data session establishment process will be triggered automatically. For the originating side, first the destination IP address will be used to search for the corresponding VPN profile. Based on the information conifgured in the matched VPN profile, a VPN tunnel is created, a VPN data session will be created and authentication information exchanged, then data traffic can start to flow. For the destination side, when a VPN data session creation is requested, the router will base on the originating IP address to search for a matched profile. Once found, the Broadband Router will use the information in the matched profile to authenticate the incoming "call", after which data transfer can begin. More than one VPN data sessions can be established over the same tunnel. See chapter 4 for detailed configuration instructions. Figure 1-2 Creating a Virtual Private Network A Configuration Example In Figure 1-3, two Broadband Routers are installed in two different locations. They are connected to the Internet via ADSL/Cable modem, allowing users to surf the Web. They are also connected to each other through the telephone network, forming a private company network. Figure 1-3 Connecting Two Private Networks This example also illustrates an important feature of the Broadband Router that a private device can be accessed from the Internet by mapping the application port number to a port number on the Broadband Router. In this case, an Internet user references the URL http://206.112.113.6, which was assigned to the Broadband 1-3 Router by the ISP, and the Broadband Router will translate that address to 192.168.168.112, port 80. All devices on both LANs (except for the Web servers) are configured to obtain their IP addresses automatically (i.e., from the built-in DHCP server in the Broadband Router). Since the Web Server on LAN #1 must have the same address all the time, this machine has a statically configured DHCP address. These IP addresses are only used in the local LAN environment, these devices naturally form a private network (with default IP network address of 192.168.168.0) and are not accessible by users across the Internet (if they are not mapped). In Broadband Router, it is possible to assign public IP addresses obtained from your ISP and they will be accessible by users across the Internet. These public addresses can co-exist in the same LAN private address segment. In order to let the LAN to LAN communications work, the default private network address (192.168.168.0) for one of the above Broadband Router has to be changed (to 192.168.170.0 in the above example). The traffic between these two networks is secure because data are sent across the telephone network via a direct phone call. A Security Overview More and more people are concerned about security of their data in the Internet The Broadband Router provides many ways to help make your network and your data secure: · · · · · · All dial-in users and LAN-to-LAN communications require PPP PAP/CHAP/ MS-CHAP authentication (basically user name and password) The Broadband Router also supports call-back for dial-in users - so that remote user are really who they say they are The Broadband Router uses a private IP addressing scheme to prevent devices on your LAN from access by outside users Console, Telnet and ARM support password protection DES encryption with PPP/ECP negotiation is supported for VPN connections IP packet filtering may be used to futher enhance security requirements A Physical Look at the Broadband Router The Connectors on the Back The following illustration shows the rear panel of Broadband Router. (1 )1 RJ-45 10/100 Switch connectors for connecting to PCs and workstations or connecting external Ethernet hub, or switch with uplink switch on port 1. (2) 1 RJ-45 EWAN connector for connecting to Internet via ADSL/Cable modem (3) 1 RS-232 DB-9 connector to be a Console port connecting to PC. (4) 1 AC power connector for connecting through an AC power adapter (included as part of the product) to the wall power outlet (5) 1 power ON/OFF switch 1-4 Figure 1-4 Broadband Router Connectors The LEDs on the Front There are 7 LEDs on the front of the Broadband Router that show connection and traffic status of Power, PPPoE, EWAN and LAN ports: Figure 1-5 LEDs EWAN LED1 LED2 LED3 LED4 LAN LED5 LED6 POWER LED7 ON OFF FLASH PPPoE COL PPPoE Linkage N/A No PPPoE Linkage N/A Sending or Receiving Packet Collision ACT N/A COL N/A ACT N/A 10/100 Power 100Mbps Power On N/A N/A Sending or Receiving Packet Collision N/A 10 Mbps Sending or Receiving Packet N/A Power Off N/A Note: Some of the features above are optional. Please refer to Appendix A for the details. 1-5 2Broadband Router 2 Installing the Broadband ...