Netopia 6.3 Manuale Utente Pagina 1

Software User GuideCayman Operating System Version 6.3January 2002Cayman 3000 series by Netopia

10 Section 1 Organization The expressions “Release 6.3.0” and “R 6.3.0” refer to the most recent generally available Cayman Operating System: COS 6.3

100TroubleshootExample: Show the path to the grosso.com site.Result: It took 20 hops to get to the grosso.com web site.Step 5 To use the NSLookup capa

101System StatusSystem StatusSystem Status provides a group of links that display status and statistics to help you manage your Gateway. Managing the

102System StatusThe Show link provides this information:• Number of allowed concurrent WAN users • Number of WAN connections currently in use• Address

103System StatusStep 3 Click the Disconnect button. If you want to disconnect all users at once, click the Disconnect All button.Step 4 A confirmation

104Appendix A OverviewOverviewThe Cayman Gateway operating software includes a command line interface (CLI) that lets you access your Cayman Gateway o

105Appendix A OverviewCONFIG CommandsCommandVerbsStatus and/or Descriptionset Set configuration datadefine Define environment datadelete Delete config

106Appendix A Starting and Ending a CLI SessionStarting and Ending a CLI SessionThere are two ways to open a CLI session:1. Open a telnet connection f

107Appendix A Using the CLI Help FacilityWhen you have logged in successfully, the command line interface lists the user-name and the security level a

108Appendix A SHELL CommandsThe only command you cannot truncate is restart. To prevent accidental inter-ruption of communications, you must enter the

109Appendix A SHELL CommandsPuts the command line interface into Configure mode, which lets you configure your Cayman Gateway with Config commands. Config

11 Section 2 Basic Product Structure Basic Product Structure Units from the Netopia Cayman-series Gateway family are supplied in many configurations.

110Appendix A SHELL CommandsDownloads a new version of the Cayman Gateway operating software from a TFTP (Trivial File Transfer Protocol) server, vali

111Appendix A SHELL CommandsDisplays the IP routes stored in your Cayman Gateway.Performs a domain name system lookup for a specified host.• The hostna

112Appendix A SHELL CommandsReleases the DHCP lease the Gateway is currently using to acquire the IP settings for its WAN (Ethernet B) port.Releases t

113Appendix A SHELL CommandsResets the point-to-point connection over the specified virtual circuit. This com-mand only applies to virtual circuits tha

114Appendix A SHELL CommandsDisplays the DHCP leases stored in NVRAM by your Cayman Gateway. Displays DSL port statistics, such as upstream and downst

115Appendix A SHELL CommandsDisplays memory usage information for your Cayman Gateway. If you include the optional all argument, your Cayman Gateway w

116Appendix A SHELL CommandsOpens a PPP link on the specified virtual circuit.Displays the current status of a Cayman Gateway, the device's hardwa

117Appendix A About CONFIG CommandsAbout CONFIG CommandsYou reach the configuration mode of the command line interface by typing con-figure (or any tru

118Appendix A About CONFIG Commands•Moving from one subnode to another — You can move from one subnode to another by entering a partial path that iden

119Appendix A About CONFIG CommandsIf a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must s

12 Section 2 What’s New in Version 6.3 What’s New in Version 6.3The new features for COS 6.3 are:New Embedded Web ServerNot only is the look and feel

120Appendix A About CONFIG CommandsDogzilla (top)>> set systemStepping set mode (press Control-X <Return/Enter> toexit)...system name (“

121Appendix A CONFIG CommandsCONFIG CommandsThis section describes the keywords and arguments for the various CONFIG com-mands.ATM SettingsYou can use

122Appendix A CONFIG CommandsSelect the number of PPPoE sessions to be configured for VCC n. Up to eight can be configured on the first VCC; one on the o

123Appendix A CONFIG CommandsDHCP SettingsAs a Dynamic Host Control Protocol (DHCP) server, your Cayman Gateway can assign IP addresses and provide co

124Appendix A CONFIG CommandsDMT Settings Selects the type of Discrete Multitone (DMT) asynchronous digital subscriber line (ADSL) protocol to use for

125Appendix A CONFIG CommandsIP SettingsYou can use the command line interface to specify whether TCP/IP is enabled, identify a default Gateway, and t

126Appendix A CONFIG Commands.Specifies restrictions on the types of traffic the 3220-H accepts over the DSL vir-tual circuit. The admin-disable argumen

127Appendix A CONFIG CommandsSpecifies the broadcast address for the local Ethernet interface. IP hosts use the broadcast address to send messages to e

128Appendix A CONFIG Commands.Specifies whether you want the Cayman Gateway to respond when it receives an address resolution protocol for devices behi

129Appendix A CONFIG CommandsSpecifies whether the Gateway is reached using a fixed IP address or through a PPP virtual circuit.Specifies the IP address

13Section 2 Capabilities Roadmap for COS 6.3Capabilities Roadmap for COS 6.3Cayman Gateways support a wide array of features and functionality. This r

130Appendix A CONFIG CommandsThe default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP interface will use the IP

131Appendix A CONFIG CommandsFor example, inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting. This la

132Appendix A CONFIG CommandsStatic Route SettingsA static route identifies a manually configured pathway to a remote network. Unlike dynamic routes, wh

133Appendix A CONFIG Commands•The remote network is more than one router away but the static route should not be replaced by a dynamic route, even if

134Appendix A CONFIG CommandsSpecifies whether an administrator can open a telnet connection to the Cayman Gateway over the WAN Ethernet interface [or

135Appendix A CONFIG CommandsNetwork Address Translation (NAT) Default SettingsNAT default settings let you specify whether you want your Cayman Gatew

136Appendix A CONFIG CommandsSpecifies the type of protocol being redirected.If you select other, specifies the number of the protocol you want to trans

137Appendix A CONFIG CommandsConfiguring Basic PPP SettingsEnables or disables PPP on the Cayman Gateway.Specifies the Maximum Receive Unit (MRU) for th

138Appendix A CONFIG CommandsSpecifies the number of seconds the Cayman Gateway should wait before retrans-mitting a configuration or termination reques

139Appendix A CONFIG CommandsSpecifies the name the Cayman Gateway sends in a CHAP response packet. The chap_name argument is 1-64 alphanumeric charact

14Section 3 GeneralThis section describes the principal features of Cayman Operating System version 6.3. The information is grouped by usage area.Gene

140Appendix A CONFIG CommandsConfiguring Peer AuthenticationYou can specify that your Cayman Gateway will use PAP, CHAP, or both to authen-ticate a rem

141Appendix A CONFIG CommandsCommand Line Interface Preference SettingsYou can set command line interface preferences to customize your environment. S

142Appendix A CONFIG CommandsSpecifies the port number for telnet (CLI) communication with the Cayman Gate-way. Because port numbers in the range 0-102

143Appendix A CONFIG CommandsThis enables this particular tunnel. Currently, one tunnel is supported. Specifies the IP address of the destination gatew

144Appendix A CONFIG CommandsSee page 73 for details about SafeHarbour IPsec tunnel capability. See page 73 for details about SafeHarbour IPsec tunnel

145Appendix A CONFIG CommandsSNMP SettingsThe Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by

146Appendix A CONFIG Commandsyou have assigned a name to your Cayman Gateway, you can enter that name in the Address text field of your browser to open

147Appendix A CONFIG CommandsTraffic Shaping SettingsTraffic shaping lets you control how much traffic can flow through an Ethernet interface by limiting

148Appendix BGlossaryAppendix B 10Base2 IEEE 802.3 specification for Ethernet that uses thin coaxial cable to run at 10 Mbps.

149 Appendix Bbps Bits per second. A measure of

15Section 3 GeneralManagementEmbedded Web ServerThere is no specialized client software required to configure, manage, or maintain your Cayman Gateway.

150Appendix B3DES Triple DES, with a 168 bit encryption key, is the most accepted variant of DES.DH Group Diffie-Hellman is a public key algorithm use

151 Appendix BESP Encapsulation Security Payloa

152Appendix B -----I-----IKE Internet Key Exchange protocol provides automated key management and is a preferred alternative

153 Appendix B -----M-

154Appendix BPeer Internal IP Network The Peer Internal IP Network is the private, or Local Area Network (LAN) address of the remote gateway or VPN Se

155 Appendix BSecurity Association From the IPS

156Appendix B -----T-----T1 link Digital transmission link capable of speeds up to 1544 kilobits per second.TA Terminal adapt

157 Appendix B

158Symbols!! command 108AAccess the GUI 29Address mapping 134Address resolution table 114Admin Login Failures 25Administrative restrictions 130Adminis

159HHardware address 122hijacking 155Home page 30User mode 30Home window 29Hop count 132How ToConfigure a SafeHarbour VPN 73Configure Multiple Static

16Section 3 GeneralLocal Area NetworkDHCP (Dynamic Host Configuration Protocol) ServerDHCP Server functionality enables the Gateway to assign your LAN

160RIP 128Routing Information Protocol (RIP) 128SSecondary nameserver 124Secret 139Security log 82Security Monitoring 22Serial cable 106Set bncp comma

Contact InformationCayman 3000 series by NetopiaNetopia, Inc.2470 Mariner Square LoopAlameda, CA 94501Corporate Headquarters: 510-814-5100Corporate Fa

17Section 3 GeneralWide Area NetworkDHCP (Dynamic Host Configuration Protocol) ClientDHCP Client functionality enables the Gateway to request an IP add

18Section 3 General• Your network may change address with each connection making it more difficult to attack.When you configure Instant On access, you c

19Section 3 GeneralSecurityPassword ProtectionAccess to your Cayman device is controlled through two access control accounts, Admin or User.• The Admi

Copyright © 2002 Netopia, Inc. All rights reserved, Printed in the USA.The information in this document is subject to change without notice. The stat

20Section 3 General A similar configuration applies to a DSL WAN interface (3220 family).Cayman Advanced Features for NATUsing the NAT facility provide

21Section 3 GeneralPinholesThis feature allows you to:• Transparently route selected types of network traffic using the port for-warding facility.– FTP

22Section 3 GeneralCombination NAT Bypass ConfigurationSpecific pinholes and Default Server settings, each directed to different LAN devices, can be us

23Section 3 GeneralEvent DetailsDetails on the eight specific event types and the information logged are: IP Source Address SpoofingThe Gateway checks a

24Section 3 Generalmentation information can also be exploited to create an illegally sized packet. Unwary hosts will often crash when the illegal fra

25Section 3 GeneralLogin FailuresThe Cayman software provides the means for assigning passwords to the Admin or User accounts to control access to the

26Section 3 GeneralBreakWater Basic FirewallBreakWater delivers an easily selectable set of pre-configured firewall pro-tection levels. These settings a

27Section 3 GeneralVPN IPSec Pass ThroughThis Cayman service supports your independent VPN client software in a transparent manner. Cayman has impleme

28Section 3 GeneralSafeHarbour VPN IPSec TunnelSafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, makin

29Section 4 Access the User InterfaceAccess the User InterfaceUsing the embedded Web-based user interface for the Netopia Cayman-series Gateway you ca

3 Disclaimers ...2Table of Contents ...

30Section 4 Home pageHome pageThe Home page is the “dashboard” for your Cayman Gateway. The toolbar at the top provides links to controlling, configuri

31Section 4 Home pageHome page - InformationThe Home page’s center section contains a summary of the Gateway’s configuration settings and operational s

32Section 4 ToolbarToolbarThe toolbar is the dark blue bar at the top of the page containing the major navigation buttons. These buttons are available

33Section 4 RestartRestartButtonRestartResponseCommentThe Restart button on the toolbar allows you to restart the Gateway at any time. You will be pro

34Section 4 RestartLinkAlert SymbolResponseCommentThe Alert symbol appears in the upper right corner under one of two cir-cumstances:1. a database cha

35Section 4 HelpHelpButtonHelpResponseCommentContext-sensitive Help is provided in Release 6.3. The page shown above is displayed when you are on the

36Section 4 ConfigureConfigure QuickstartHow to Use the Quickstart PageQuickstart is normally used immediately after the new hardware is installed. Whe

37Section 4 ConfigureSetup Your Gateway using a DHCP Connection The Other Quickstart Options page allows you to change the System Name or your Gateway

38Section 4 ConfigureIf you need to change either of these fields, use the following procedure.Change ProcedureStep 1 Enter your selected System Name.Y

39Section 4 ConfigureYou will be returned to the Home page. A warning is displayed on this page while the Gateway restarts.

4 Combination NAT Bypass Configuration ...22Security Monitor ...

40Section 4 ConfigureSetup Your Gateway using a PPP Connection Step 1 Enter your ISP Username and ISP Password.Step 2 Click Submit.This turns on the A

41Section 4 ConfigureSetup Your Gateway using a Static IP AddressIf your service provider supplies you with a static IP address, your Gate-way’s Quick

42Section 4 ConfigureStep 4 When you see the Save Changes page, click the Save and Restart link to restart your Cayman Gateway with its new configurati

43Section 4 ConfigureLAN LinkConfigure -> LANResponseComment* Interface Enable: Enables all LAN-connected computers to shared resources and to conne

44Section 4 ConfigureWAN LinkConfigure -> WANResponseCommentWAN IP InterfacesYour IP interfaces are listed. Click on an interface to configure it.IP

45Section 4 ConfigureAdvancedThe following are links under Configure -> Advanced:LinkAdvancedLinkIP Static RoutesSelected Advanced options are discu

46Section 4 ConfigureLinkIP Static ARPLinkPinholesResponseDescriptionYour Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map I

47Section 4 ConfigureConfigure Specific PinholesPlanning for Your PinholesDetermine if any of the service applications that you want to provide on your

48Section 4 Configure A diagram of this LAN example is:TIPS for making Pinhole Entries1. If the port forwarding feature is required for Web services,

49Section 4 ConfigurePinhole Configuration ProcedureUse the following steps:Step 1 From the Configure toolbar button -> Advanced link, select the Int

5 Configure a SafeHarbour VPN ...73 VPN IPSec Tunnel at the Gateway ...

50Section 4 ConfigureStep 6 Click Add. Type your specific data into the Pinhole Entries table of this page. Click Submit. Step 7 Click on the Pinholes

51Section 4 ConfigureStep 9 Click on the Pinholes link in the Breadcrumb Trail to go to the Pinholes entry page. Review your entries to be sure they a

52Section 4 ConfigureConfigure the IPMaps FeatureFAQs for the IPMaps FeatureBefore configuring an example of an IPMaps-enabled network, review these fre

53Section 4 ConfigureWhat types of servers are supported by IPMaps? IPMaps allows a Cayman Gateway to support servers behind the Gateway, for example,

54Section 4 ConfigureIPMaps Block DiagramThe following diagram shows the IPMaps principle in conjunction with existing Cayman NAT operations:NAT/PAT T

55Section 4 ConfigureLinkProtocol LifetimesLinkDefault ServerResponseDescriptionEach NAT Protocol map entry will time-out if there is no traffic of tha

56Section 4 ConfigureConfigure a Default ServerThis feature allows you to direct unsolicited or non-specific traffic to a des-ignated LAN station. With N

57Section 4 ConfigureTypical Network DiagramA typical network utilizing the NAT Default Server looks like this:NAT Combination ApplicationCayman’s NAT

58Section 4 ConfigureLinkDNSResponseDescriptionYour Service Provider may maintain a Domain Name server. If you have the information for the DNS server

59Section 4 ConfigureLinkDHCP ServerResponseDescriptionYour Gateway can provide network configuration information to com-puters on your LAN, using the

6 Default IP Gateway Settings ...128WAN-to-WAN Routing Settings ...

60Section 4 ConfigureLinkSNMPSNMP presents you with a security issue. The community facility of SNMP behaves somewhat like a password. The community “

61Section 4 ConfigureLinkEthernet BridgeResponseDescriptionBridges let you join two local area networks, so that they appear to be part of the same ph

62Section 4 ConfigureLinkSystemResponseDescriptionThe System Name defaults to your Gateway's factory identifier com-bined with its serial number.

63Section 4 ConfigureLinkInternal ServersResponseDescriptionYour Gateway ships with an embedded Web server and support for a Telnet session, to allow

64Section 4 ConfigureLinkEthernet MAC Address OverrideLinkTraffic ShapingResponseDescriptionYou can override your Gateway’s Ethernet MAC address with a

65Section 4 ConfigureLinkClear OptionsResponseDescriptionTo restore the factory configuration of the Gateway, choose Clear Options. You may want to upl

66Section 4 ConfigureSecurityButtonSecurityLinkPasswordsDescriptionThe Security features are available by clicking on the Security toolbar button. Som

67Section 4 ConfigureCreate and Change PasswordsYou can establish different levels of access security to protect your Cay-man Gateway settings from un

68Section 4 Configure• It can have up to eight alphanumeric characters. • It is case-sensitive. Step 4 Enter your new password again in the Confirm Pas

69Section 4 ConfigureUse a Cayman FirewallBreakWater Basic FirewallBreakWater delivers an easily selectable set of pre-configured firewall pro-tection l

7 Section 1 About Cayman Documentation About Cayman Documentation Netopia, Inc. provides a suite of technical information for its Cayman-series famil

70Section 4 ConfigureStep 4 Click on the radio button to select the protection level you want. Click Submit. Changing the BreakWater setting does not

71Section 4 ConfigureBasic Firewall BackgroundAs a device on the Internet, a Cayman Gateway requires an IP address in order to send or receive traffic.

72Section 4 ConfigureThis table shows how outbound traffic is treated. Outbound means the traf-fic is coming from the LAN-side computers into the LAN

73Section 4 ConfigureConfigure a SafeHarbour VPN VPN IPSec Tunnel at the GatewaySafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be

74Section 4 ConfigureA typical SafeHarbour configuration is shown below:Use these Best Practices in establishing your SafeHarbour tunnel.Parameter Desc

75Section 4 ConfigurePeer Internal IP NetmaskThe Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network.PFS DH Group Perfect Forw

76Section 4 ConfigureIPSec Tunnel Parameter Setup WorksheetParameter Cayman Peer GatewayNamePeer External IP AddressPeer Internal IP NetworkPeer Inter

77Section 4 ConfigureSafeHarbour Tunnel SetupUse the following tasks to configure an IPSec VPN tunnel on your Cayman Gateway.Task 1: Ensure that you ha

78Section 4 ConfigureLeave the Enable NAT over Tunnel choice as Off unless your network administrator instructs otherwise. Task 4: Make the IPSec Tunn

79Section 4 ConfigureStep 6 Ensure that the toggle checkbox Enable, which is On by default, remains On.Step 7 Click Add.The Tunnel Details page appear

8 Section 1 Documentation Conventions Documentation Conventions General This manual uses the following conventions to present information: Internal W

80Section 4 ConfigureUsing the Security Monitoring LogYou can view the Security Log at any time. Use the following steps:Step 1 Click the Security too

81Section 4 Configure

82Section 4 ConfigureThe capacity of the security log is 100 security alert messages. When the log reaches capacity, subsequent messages are not captu

83Section 4 ConfigureInstallButtonInstallResponseDescriptionFrom the Install toolbar button you can:• Install new Operating System Software• Install n

84Section 4 ConfigureInstall SoftwareUpdating Your Gateway to COS Version 6.3Cayman Operating System Release 6.3 represents significantly expanded func

85Section 4 ConfigureRequired Tasks Warnings: Task # Description Page #1 Locate and confirm the required files.862 Install and verify the Update

86Section 4 ConfigureUpgrading to COS 6.3 requires THREE files:1. Documentation - Software Upgrade Instructions PDF file2. Updater file3. Cayman Operatin

87Section 4 ConfigureContact InformationContact Cayman Technical Support for questions concerning the upgrade process.Contact Cayman Sales for specific

88Section 4 ConfigureEthernet button on the Cayman Gateway Home page. When the Ethernet window appears, click Save.If you have previously saved your C

89Section 4 ConfigureYour Cayman Gateway restarts with its new image. During this step you have the following visual guide from your unit:Verify Updat

9 Section 1 Documentation Conventions Icons Icons used in the guide are: Text The words “Cayman Gateway” and “Gateway” refer to a standard unit from

90Section 4 ConfigureStep 3 Enter the filename into the text box by using one of these techniques:The COS file name starts with the letter “c” (for “COS

91Section 4 ConfigureVerify the COS 6.3 ImageTo verify that the COS 6.3 image has loaded successfully, use the following steps:Step 1 Open a web conne

92Section 4 Configure If your admin password is not set, you will be prompted to set it before you reach the Home page. This completes the UPGRADE pro

93Section 4 ConfigureInstall KeysUse Cayman Software Feature KeysBackgroundCayman Gateway users obtain advanced product functionality by install-ing a

94Section 4 Configure•BreakWater Basic Firewall• BarrierReef Advanced Firewall• SafeHarbour IPSec Tunnel at the Gateway Obtaining Software Feature Key

95Section 4 ConfigureStep 5 Click the Restart toolbar button.The Confirmation screen appears.Step 6 Click the Restart the Gateway link to confirm.To che

96Section 4 ConfigureThe System Status page appears with the information from the features link displayed below. You can check that the feature you ju

97TroubleshootTroubleshootThis section provides some specific procedures and tips for working with important features of Cayman OS 6.3. Perform Trouble

98TroubleshootEach test generates one of the following result codes:CODE DescriptionPASS The test was successful.FAIL The test was unsuccessful.SKIPPE

99TroubleshootNetwork ToolsUse these steps:Step 1 Click the Troubleshoot toolbar button.Step 2 Click the Network Tools link.Three test tools are avail