Download from Www.Somanuals.com. All Manuals Search And Download.
10 Utility ....................................................................................................................................................66
10.1 System Info..................................................................................................................................67
10.2 Config Tool...................................................................................................................................68
10.3 Upgrade.......................................................................................................................................69
10.4 Logout.........................................................................................................................................70
10.5 Restart.........................................................................................................................................71
11 Status ...................................................................................................................................................72
12 LAN-to-LAN connection with bridge Mode ...............................................................................................73
12.1 CO side .......................................................................................................................................73
12.2 CPE Side......................................................................................................................................75
13 LAN to LAN Connection with Routing Mode .............................................................................................76
13.1 CO side .......................................................................................................................................76
13.2 CPE side......................................................................................................................................78
14 Configuration via Serial Console or Telnet with Menu Driven Interface........................................................80
14.1 Serial Console..............................................................................................................................80
14.2 Telnet ..........................................................................................................................................80
14.3 Operation Interface.......................................................................................................................81
14.4 Window structure .........................................................................................................................82
14.5 Menu Driven Interface Commands.................................................................................................83
14.6 Menu Tree....................................................................................................................................84
14.7 Configuration ...............................................................................................................................85
14.8 Status..........................................................................................................................................87
14.9 Show...........................................................................................................................................88
14.10 Write .........................................................................................................................................89
14.11 Reboot.......................................................................................................................................89
14.12 Ping ..........................................................................................................................................89
14.13 Administration............................................................................................................................89
14.14 Utility.........................................................................................................................................95
14.15 Exit............................................................................................................................................95
14.16 Setup ........................................................................................................................................95
Appendix A: Cable Information ...................................................................................................................112
RJ-45 Network Ports .........................................................................................................................112
Straight and crossover cable configuration ..........................................................................................113
Straight-Through Cabling....................................................................................................................113
Cross-Over Cabling ............................................................................................................................113
SHDSL Line Connector........................................................................................................................114
Console Cable....................................................................................................................................114
Appendix B: Registration and Warranty Information ....................................................................................115
NB712 / NB714 User Guide
YML829 Rev1
3
Download from Www.Somanuals.com. All Manuals Search And Download.
1 Introduction
NetComm’s NB712 (2-wire) and NB714 (2 or 4-wire selectable) G.SHDSL 4-port Security Modem Routers deliver
symmetrical DSL services to small and medium size business making them an economical alternative to Leased
Line or ISDN services.
Available in two modem router configurations, the NB712 (2-wire) and NB714 (2 or 4-wire selectable) are capable
of providing data rates from 64kbps to 2.304Mbps (NB712) or 128kbps to 4.608Mbps (NB714) and fully comply
with the ITU-T G.991.2 standards.
The NetComm NB712 and NB714 Modem Routers combine integrated high-end Bridging/Routing capabilities
with advanced functions such as Multi-DMZ, virtual server mapping, and VPN pass-through. They also support
port-based VLAN and IEEE802.1q VLAN over an ATM network. An advanced Firewall with Stateful Packet
Inspection (SPI) and DoS protection, all combine to protect your network from outside intruders.
With 4 x 10/100 Base-T auto-sensing, auto-negotiation and auto-MDIX switching ports, the NetComm G.SHDSL
Modem Routers enable you to leverage the latest broadband technology to meet the growing need for high
performance data communication.
1.1 Features
•
Easy configuration and management with password control for various applications and
environments
•
•
•
Efficient IP routing and transparent learning bridge to support broadband Internet services
VPN pass-through for PPTP/L2TP/IPSec Tunnelling
Virtual LANs (VLANs) offering significant benefits in terms of efficient use of bandwidth, flexibility,
performance and security
•
•
Built-in advanced SPI firewall
Four 10/100Mbps Auto-negotiation and Auto-MDIX switching port for flexible local area network
connectivity
•
•
•
•
•
DMZ host/Multi-DMZ/Multi-NAT enables multiple workstations on the LAN to access the Internet
Full ATM protocol stack implementation over SHDSL
PPPoA and PPPoE support user authentication with PAP/CHAP/MS-CHAP
SNMP management with SNMPv1/SNMPv2 agent and MIB II
Obtain enhancements and new features via Internet software upgrade
1.2 Package Contents
The following items are included in your G.SHDSL Modem Router pack:
•
•
•
•
•
•
NB712 (2-wire)714 (2 or 4-wire selectable) G.SHDSL Router
15V AC 1.0 Amp power supply
RS232 Console Cable
RJ11 ADSL line connection cable
RJ45 10/100 Ethernet cable
User Guide CD
If any of the above items are missing or damaged, please content NetComm immediately.
4
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
1.3 Specification
Routing
•
•
•
•
•
•
•
Supports IP/TCP/UDP/ARP/ICMP/IGMP protocols
IP routing with static routing and RIPv1/RIPv2 (RFC1058/2453)
IP multicast and IGMP proxy (RFC1112/2236)
Network address translation (NAT/PAT) (RFC1631)
NAT ALGs for ICQ/Netmeeting/MSN/Yahoo Messenger
DNS relay and caching (RFC1034/1035)
DHCP server, client and relay (RFC2131/2132)
Bridging
Security
•
•
•
•
IEEE 802.1D transparent learning bridge
IEEE 802.1q VLAN
Port-based VLAN
Spanning tree protocol
•
•
•
•
•
•
•
DMZ host/Multi-DMZ/Multi-NAT function
Virtual server mapping (RFC1631)
VPN pass-through for PPTP/L2TP/IPSec tunnelling
Natural NAT firewall
Advanced Stateful packet inspection (SPI) firewall
Application level gateway for URL and keyword blocking
User access control: deny certain PCs access to Internet service
Management
•
•
•
•
Easy-to-use web-based GUI for quick setup, configuration and management
Menu-driven interface/Command-line interface (CLI) for local console and Telnet access
Password protected management and access control list for administration
SNMP management with SNMPv1/SNMPv2 (RFC1157/1901/1905) agent and MIB II (RFC1213/
1493)
•
Software upgrade via web-browser/TFTP server
ATM
•
•
•
Up to 8 PVCs
OAM F5 AIS/RDI and loopback
AAL5
NB712 / NB714 User Guide
YML829 Rev1
5
Download from Www.Somanuals.com. All Manuals Search And Download.
ATM QoS
•
UBR (Unspecified bit rate)
•
•
•
CBR (Constant bit rate)
VBR-rt (Variable bit rate real-time)
VBR-nrt (Variable bit rate non-real-time)
AAL5 Encapsulation
•
•
•
•
VC multiplexing and SNAP/LLC
Ethernet over ATM (RFC 2684/1483)
PPP over ATM (RFC 2364)
Classic IP over ATM (RFC 1577)
PPP
•
•
•
PPP over Ethernet for fixed and dynamic IP (RFC 2516)
PPP over ATM for fixed and dynamic IP (RFC 2364)
User authentication with PAP/CHAP/MS-CHAP
WAN Interface
•
•
•
•
•
SHDSL: ITU-T G.991.2 (Annex A, Annex B)
Encoding scheme: 16-TCPAM
Data Rate (2-wire mode): N x 64Kbps (N=0~36, 0 for adaptive)
Data Rate (4-wire mode): N x 128kbps (N=0~36, 0 for adaptive)
Impedance: 135 ohms
LAN Interface
•
•
•
4-ports switching hub (4-port router)
10/100 Base-T auto-sensing and auto-negotiation
Auto-MDIX (4-port router)
Hardware Interface
•
•
•
•
WAN: RJ-11
LAN: RJ-45 x 4
Console: RS232 female
RST: Reset button for factory default
Indicators
•
•
•
•
General: PWR
WAN: LNK, ACT
LAN: 1, 2, 3, 4
SHDSL: ALM
6
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Physical/Electrical
•
•
•
•
•
Dimensions: 18.7 x 3.3 x 14.5cm (WxHxD)
Power: 100~240VAC (via power adapter)
Power consumption: 9 watts max
Temperature: 0~45oC
Humidity: 0%~95%RH (non-condensing)
Memory
•
2MB Flash Memory, 8MB SDRAM
Product Information
•
•
G.shdsl 2-wire router/bridge with 4-port switching hub LAN, VLAN and business class firewall
G.shdsl 2 or 4-wire selectable router/bridge with 4-port switching hub LAN, VLAN and business
class firewall
1.4 Application
NB714 or NB712
G.SHDSL Modem Router
(Note: NB714 model shown)
Internet
Firewall
PC
PC
PC
PC
NB712 / NB714 User Guide
7
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
2 Firewall
A firewall protects networked computers from an intrusion that could compromise confidentiality or result in data
corruption or denial of service. It must have at least two network interfaces, one for the network it is intended to
protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two
networks, usually a private network and a public network such as the Internet.
A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is
routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can
also manage public access to private networked resources such as host applications. It can log all attempts to
enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter
packets based on their source and destination addresses and port numbers. This is known as address filtering.
Firewalls can also filter specific types of network traffic. This is known as protocol filtering because the decision
to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also
filter traffic by packet attribute or state.
It is important to note that an Internet firewall cannot prevent individual users with modems from dialling into or
out of the network. By doing so they bypass the firewall altogether and open the network to attack. However, these
are management issues that should be raised during the planning of any security policy and cannot be solved with
Internet firewalls alone.
Unknown Traffic
NB714 or NB712
G.SHDSL Modem Router
(Note: NB714 model shown)
Access to Specific Destination
Allowed Traffic
Specified Allowed Traffic
Out to Internet
Internet
Restricted Traffic
Firewall
PC
PC
PC
PC
8
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
2.1 Types of Firewall
There are three types of firewall:
2.1.1 Packet Filtering
In packet filtering, only the protocol and the address information of each packet is examined. Its
contents and context (its relation to other packets and to the intended application) are ignored.
The firewall pays no attention to applications on the host or local network and it “knows” nothing
about the source of the incoming data. Filtering consists of examining incoming or outgoing packets
and allowing or disallowing their transmission on the basis of a set of configurable rules. Network
Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide
the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Level 5: Application
Protocol
Level 4: TCP
Source/Destination address
Source/Destination port
IP options
Level 3: IP
Connection status
Level 2: Data Link
Level 1: Physical
192.168.0.5
172.16.3.4
Firewall
Filter remembers
this information
UDP
SP=3264
SA=192.168.0.5
DP=1525
DA=172.16.3.4
Matches outgoing
so allowed
UDP
SP=1525
SA=172.16.3.4
DP=3264
DA=192.168.0.5
No matches
so disallowed
UDP
SP=1525
SA=172.168.3.4
DP=2049
DA=192.168.0.5
192.100.0.10:1025
192.120.8.5:2205
Internet
192.120.8.5:2206
Firewall 192.120.8.5
Client IP
Internal Port
External Port
192.100.0.11:4433
192.68.0.10
192.168.0.11
1025
4406
2205
2206
Internal/Protected
Network
External/Unprotected
Network
NB712 / NB714 User Guide
9
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
2.1.2 Circuit Gateway
Also called a “Circuit Level Gateway,” this is a firewall approach that validates connections before
allowing data to be exchanged. What this means is that the firewall doesn’t simply allow or disallow
packets but also determines whether the connection between both ends is valid according to
configurable rules, then opens a session and permits traffic only from the allowed source and
possibly only for a limited period of time.
Level 5: Application
Destination IP address and/
or source IP address and/or
Level 4: TCP
time of day
protocol
Level 3: IP
user
password
Level 2: Data Link
Level 1: Physical
2.1.3 Application Gateway
The Application Level Gateway acts as a proxy for applications, performing all data exchanges with
the remote system on their behalf. This can render a computer behind the firewall all but invisible to
the remote system. It can allow or disallow traffic according to very specific rules; permitting some
commands to a server but not others, limiting file access to certain types, varying rules according
to authenticated users and so forth. This type of firewall may also perform very detailed logging of
traffic and monitoring of events on the host system, and can often be instructed to sound alarms or
notify an operator under defined conditions. Application-level gateways are generally regarded as the
most secure type of firewall.
Level 5: Application
Telnet
Level 4: TCP
FTP
HTT:
Level 3: IP
SMTP
Level 2: Data Link
Level 1: Physical
2.2 Denial of Service Attack
Denial of service (DoS) attacks typically come in two varieties: resource starvation and resource overload. DoS
attacks can occur when there is a legitimate demand for a resource that is greater than the supply (i.e. too many
web requests to an already overloaded web server). Software vulnerability or system misconfigurations can also
cause DoS situations. The difference between a malicious denial of service and simple system overload is the
requirement of an individual with malicious intent (attacker) using or attempting to use resources specifically to
deny those resources to other users.
10
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Ping of death
On the Internet, ping of death is a kind of denial of service
(DoS) attack caused by an attacker deliberately sending an
IP packet larger than the 65,536 bytes allowed by the IP
protocol. One of the features of TCP/IP is fragmentation; it
allows a single IP packet to be broken down into smaller
segments. Attackers began to take advantage of that feature
when they found that a packet broken down into fragments
could add up to more than the allowed 65,536 bytes.
Many operating systems didn’t know what to do when they
received an oversized packet, so they froze, crashed, or
rebooted. Other known variants of the ping of death include
teardrop, bonk and nestea.
SYN Flood
The attacker sends TCP connections faster than the
victim machine can process them, causing it to run out
of resources and dropping legitimate connections. A new
defence against this is to create “SYN cookies”. Each side
of a connection has its own sequence number. In response
to a SYN, the attacked machine creates a special sequence
number that is a “cookie” of the connection and forgets
everything it knows about the connection. It can then
recreate the forgotten information about the connection
where the next packets come in from a legitimate
connection.
ICMP Flood
UDP Flood
The attacker transmits a volume of ICMP request packets to
cause all CPU resources to be consumed serving the phony
requests.
The attacker transmits a volume of requests for UDP
diagnostic services which cause all CPU resources to be
consumed serving the phony requests.
Land attack
Smurf attack
Fraggle Attack
IP Spoofing
The attacker attempts to slow your network down by sending
a packet with identical source and destination addresses
originating from your network.
Where the source address of a broadcast ping is forged so
that a huge number of machines respond back to the victim
indicated by the address, thereby overloading it.
A perpetrator sends a large amount of UDP echo packets
at IP broadcast addresses, all of it having a spoofed source
address of a victim.
IP Spoofing is a method of masking the identity of an
intrusion by making it appear that the traffic came from a
different computer. This is used by intruders to keep their
anonymity and can be used in a Denial of Service attack.
NB712 / NB714 User Guide
11
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
3 VLAN (Virtual Local Area Network)
Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can
communicate as if they were attached to the same wire, when in fact they are located on a number of different
LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible.
The IEEE 802.1Q defines the operation of VLAN bridges that permit the definition, operation and administration of
VLAN topologies within a bridged LAN infrastructure. VLAN architecture benefits include:
1. Increased performance
2. Improved manageability
3. Network tuning and simplification of software configuration
4. Physical topology independence
5. Increased security options
As DSL (over ATM) links are deployed more and more extensively, VLAN (VLAN-to-PVC) over DSL links is
becoming a popular requirement of networks.
The following section will discuss the implementation of VLAN-to-PVC only for bridge mode operation, i.e., the
VLAN spreads over both the COE and CPE sides, where there is no layer 3 routing involved.
3.1 Specification
1. The unit supports up to 8 active VLANs with shared VLAN learning (SVL) bridge out of 4096 possible
VLANs specified in IEEE 802.1Q.
2. Each port always belongs to a default VLAN with its port VID (PVID) as an untagged member. Also, a
port can belong to multiple VLANs and be tagged members of these VLANs.
3. A port must not be a tagged member of its default VLAN.
4. If a non-tagged or null-VID tagged packet is received, it will be assigned with the default PVID of the
ingress port.
5. If the packet is tagged with non-null VID, the VID in the tag will be used.
6. The look up process starts with VLAN look up to determine whether the VID is valid. If the VID is
not valid, the packet will be dropped and its address will not be learned. If the VID is valid, the VID,
destination address, and source address lookups are performed.
7. The VID and destination address lookup determines the forwarding ports. If it fails, the packet will be
broadcast to all members of the VLAN, except the ingress port.
8. Frames are sent out tagged or untagged depending on if the egress port is a tagged or untagged
member of the VLAN that the frames belong to.
9. If VID and source address look up fails, the source address will be learned.
3.2 Frame Specification
An untagged frame or a priority-tagged frame does not carry any identification of the VLAN to which it belongs.
Such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving
port. Also, priority tagged frames, which, by definition, carry no VLAN identification information, are treated the
same as untagged frames.
A VLAN-tagged frame carries an explicit identification of the VLAN to which it belongs; i.e., it carries a tag header
that carries a non-null VID. This results in a minimum tagged frame length of 68 octets. Such a frame is classified
12
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
as belonging to a particular VLAN based on the value of the VID that is included in the tag header. The presence
of the tag header carrying a non-null VID means that some other device, either the originator of the frame or a
VLAN-aware bridge, has mapped this frame into a VLAN and has inserted the appropriate VID.
The following figure shows the difference between a untagged frame and VLAN tagged frame, where the Tag
Protocol Identifier (TPID) is of 0x8100 and it identifies the frame as a tagged frame. The Tag Control Information
(TCI) consists of the following elements:
1) User priority allows the tagged frame to carry user priority information across bridged LANs in
which individual LAN segments may be unable to signal priority information (e.g., 802.3/Ethernet
segments).
2) The Canonical Format Indicator (CFI) is used to signal the presence or absence of a Routing
Information Field (RIF) field, and, in combination with the Non-canonical Format Indicator (NCFI)
carried in the RIF, to signal the bit order of address information carried in the encapsulated frame.
3) The VID uniquely identifies the VLAN to which the frame belongs.
3.3 Applications
SHDSL Router
SHDSL Router
Ethernet
SHDSL
Ethernet
LAN
LAN
SHDSL Router
LAN
Internet
SHDSL
Ethernet
DSLAM
NB712 / NB714 User Guide
YML829 Rev1
13
Download from Www.Somanuals.com. All Manuals Search And Download.
4 Getting to know the router
This section will introduce the hardware of the router.
4.1 Front Panel
The front panel contains LEDs which show the status of the SHDSL router. Note: The front panel LEDs of the
NB712 (2-wire) and NB714 (2 or 4-wire selectable) are identical. The NB714 is shown below.
LED status
LEDs
PWR
WAN
LNK
Active
Description
Power on
On
On
SHDSL line connection is established
SHDSL handshake
Blink
On
ACT
LAN
1
Transmit or received data over SHDSL link
On
Ethernet cable is connected to LAN 1
Transmit or received data over LAN 1
Ethernet cable is connected to LAN 2
Transmit or received data over LAN 2
Ethernet cable is connected to LAN 3
Transmit or received data over LAN 3
Ethernet cable is connected to LAN 4
Transmit or received data over LAN 4
SHDSL line connection is dropped
SHDSL self test
Blink
On
2
Blink
On
3
Blink
On
4
Blink
On
ALM
Blink
14
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
4.2 Rear Panel
The rear panel of the SHDSL router is where all of the cable connections are made.
Connectors
DC-IN
Description
Power adaptor inlet: Input voltage 9VDC
LAN (1,2,3,4)
10/100BaseT auto-sensing and auto- MDIX for LAN port
(RJ-45)
CONSOLE
RS-232C (DB9) for system configuration and maintenance
SHDSL interface for WAN port (RJ-11)
LINE
RST
Reset button to reboot or load factory default
The reset button can be used in one of two ways.
(1) Press the Reset Button for one second to reboot the system only.
(2) Pressing the Reset Button for four seconds will cause the product to reload the factory default
settings, thereby losing all of your settings. If you forget your user name or password, or if the router
is having difficulties connecting to the Internet, you may want to reconfigure it to clear all previous
settings. Press the Reset Button and hold for four (4) seconds with a paper clip or sharp pen/pencil.
NB712 / NB714 User Guide
YML829 Rev1
15
Download from Www.Somanuals.com. All Manuals Search And Download.
5 Connecting your G.SHDSL Modem Router
This guide is designed to lead users through the Web Configuration of the G.SHDSL Modem Router in the easiest
and quickest way possible. Please follow the instructions carefully.
Note:
There are three methods to configure the router: serial console, Telnet and Web
Browser. Only one configuration application is used to setup the Modem Router at
any given time. Select the method you wish to use and continue.
For Web configuration, you can skip step 3.
For Serial Console Configuration, you can skip step 1 and 2.
Step 1: Check the Ethernet Adapter in PC
Make sure that an Ethernet Adapter has been installed in the PC that is to be used for configuration of the router.
TCP/IP protocol is necessary for web configuration, so please check that the PC has TCP/IP protocol installed.
Step 2: Check the Web Browser in PC
For Web Configuration, ensure that the PC has a Web Browser installed, such as IE or Netscape.
Note: Suggest IE5.0, Netscape 6.0 or above and 800x600 screen resolution or above.
Step 3: Check the Terminal Access Program
For Serial Console and Telnet Configuration, users need to setup the terminal access program with VT100
terminal emulation.
Step 4: Determine Connection Setting
Users need to know the Internet Protocol supplied by your Service Provider and determine the mode of setting.
Protocol
Selection
RFC1483
RFC1577
RFC2364
RFC2516
Ethernet over ATM
Classical Internet Protocol over ATM (CLIP)
Point-to-Point Protocol over ATM (PPPoA)
Point-to-Point Protocol over Ethernet (PPPoE)
Different Protocols are required to setup different WAN parameters. Your ISP will advise the correct protocol and
the necessary WAN parameters to configure your Modem Router.
16
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Bridge EoA
Route EoA
IPoA
PPPoA
NB712 / NB714 User Guide
17
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
PPPoE
Step 5: Install the SHDSL Router
Do not turn on the Modem Router until you have completed the Hardware Installation.
•
•
Connect the power adapter to the port labelled DC-IN on the rear panel of the product.
Connect the Ethernet cable to the PC.
Note:
The 4-port modem router supports auto-MDIX switching, so both straight and
cross-over Ethernet cables can be used.
•
•
•
Connect the phone cable to the product and the other side of the phone cable to the wall jack.
Connect the power adapter to the power source.
Turn on the PC which will be used to configure the Router.
4-port router with network topology
NB714 or NB712
G.SHDSL Modem Router
(Note: NB714 model shown)
Internet
Firewall
PC
PC
PC
PC
18
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
6 Configuration via Web Browser
For Win95, 98 and Me, click the start button. Select Setting and Control Panel.
Double click the Network icon.
In the Configuration window, select the TCP/IP protocol line associated with your network card and then click the
Properties button.
NB712 / NB714 User Guide
YML829 Rev1
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Choose IP Address tab. Select Obtain IP address automatically. Click the OK button.
The window will ask you to restart the PC. Click Yes button.
After rebooting your PC, open your web browser and type http://192.168.1.1 to connect to the Router.
The default IP address and sub net-mask of the Router is 192.168.1.1 and 255.255.255.0. Because the router
acts as DHCP server in your network, the router will automatically assign an IP address for the PC in the network.
Type User Name admin and Password admin and then click OK.
The default user name and password are both admin. For the system security, we suggest you change them after
configuration.
Note:
After changing the User Name and Password, it is strongly recommended that you
record them somewhere as a reminder for the next time you login. If you cannot
remember the User Name and Password, you will need to reset the Modem
Router, which will lose any previous configuration.
20
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
7 Basic Setup
The Basic Setup contains LAN, WAN, Bridge and Router operation modes. This section can be used to completely
setup the router. After successfully completing it, you can access the Internet. This is the easiest and quickest way
to setup the router.
Note:
The advanced functions are only for advanced users. The incorrect settings of
advanced functions can affect the performance of the network and cause a
system error or disconnection.
Click Basic for basic installation.
NB712 / NB714 User Guide
YML829 Rev1
21
Download from Www.Somanuals.com. All Manuals Search And Download.
7.1 Bridge Mode
Before configuring the router in bridge mode, check with your ISP to ensure you have the necessary information.
Click Bridge and CPE Side to setup Bridging mode of the Router and then click Next.
Two SHDSL modes are available: CO, Central Office, and CPE, Customer Premises Equipment. For a connection
with a DSLAM, the correct SHDSL mode is CPE. For a LAN to LAN connection, one side must be CO and the other
side must be CPE.
LAN Parameters
Enter IP:
192.168.1.1
Enter Subnet Mask:
Enter Gateway:
255.255.255.0
192.168.1.254
The Gateway IP is provided by ISP.
SOHO
Enter Host Name:
Some ISPs will require the host name as identification. You may need to check with your ISP to see if your Internet
service has been configured with a host name. In most cases, this field can be ignored.
22
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
WAN1 Parameters
Enter VPI:
Enter VCI:
Click LLC
Click Next.
0
32
The screen will display the new parameters. Check the parameters and click Restart. The router will reboot with
the new settings. Select Continue to configure other parameters.
NB712 / NB714 User Guide
YML829 Rev1
23
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2 Routing Mode
Routing mode includes DHCP server, DHCP client, DHCP relay, Point-to-Point Protocol over ATM and Ethernet and
IP over ATM and Ethernet over ATM. The type of Internet protocol is provided by your ISP.
Click ROUTE and CPE Side then press Next.
Two SHDSL modes are available: CO, Central Office, and CPE, Customer Premises Equipment. For connection with
a DSLAM, the SHDSL mode is CPE. For a LAN to LAN connection, one side must be CO and the other side must
be CPE.
24
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2.1 DHCP Client
Some ISPs provide a DHCP server service whereby the PC in the LAN can access IP information automatically. To
setup the DHCP client mode, follow the procedure.
LAN IP Type:
Dynamic
Click Next to setup WAN1 parameters.
NB712 / NB714 User Guide
25
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2.2 DHCP Server
Dynamic Host Configuration Protocol (DHCP) is a communication protocol that allows network administrators to
centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization’s network.
Internet Protocol requires that each machine that can connect to the Internet has a unique IP address. When an
organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each
machine.
Without DHCP, the IP address must be entered manually for each computer. If computers move to another location
in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise
and distribute IP addresses from a central point and automatically send a new IP address when a computer
is plugged into a different place in the network. If the DHCP server is enabled, you have to setup the following
parameters for processing DHCP requests from clients.
The embedded DHCP server assigns network configuration information for up to 253 users accessing the Internet
at the same time.
IP type:
Fixed
IP Address:
Subnet Mask:
Host Name:
192.168.1.1
255.255.255.0
SOHO
Some ISPs require the host name as identification. Check
with your ISP to see if your Internet service has been
configured with a host name. In most cases, this field can be
ignored.
26
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Trigger DHCP Service:
Server
The default setup is Enable DHCP server. If you want to turn
off the DHCP service, choose Disable.
For example: If the LAN IP address is 192.168.1.1, the
IP range of LAN is 192.168.1.2 to 192.168.1.51. The
DHCP server assigns the IP form Start IP Address to End IP
Address. The legal IP address range is form 0 to 255, but 0
and 255 are reserved for broadcast so the legal IP address
range is from 1 to 254. On the other hand, you cannot
assign an IP greater than 254 or less then 1. Lease time
72 hours indicates that the DHCP server will reassign IP
information every 72 hours.
DNS Server:
Your ISP will provide at least one Domain Name Service
Server IP. You can type the router IP in this field. The router
will act as DNS server relay function.
You may assign fixed IP addresses to some devices while
using DHCP, provided that the fixed IP address is not within
the range used by the DHCP server.
Click Next to setup WAN1 parameters.
NB712 / NB714 User Guide
27
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2.3 DHCP relay
If you already have a DHCP server on your LAN and you want to use it for DHCP services, the router provides a
DHCP relay function.
IP Type:
Fixed
IP Address:
Subnet Mask:
Host Name:
192.168.1.1
255.255.255.0
SOHO
Some ISPs require the host name as identification. Check
with your ISP to see if your Internet service has been
configured with a host name. In most cases, this field can be
ignored.
Trigger DHCP Service:
Relay
Click Next to setup DHCP server parameters.
Enter the DHCP server IP address in IP address field.
Press Next
28
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2.4 PPPoE or PPPoA
PPPoA (point-to-point protocol over ATM) and PPPoE (point-to-
point protocol over Ethernet) are authentication and connection
protocols used by many service providers for broadband
Internet access. These are specifications for connecting multiple
computer users on an Ethernet local area network to a remote
site through common customer premises equipment, which
is the telephone company’s term for a modem and similar
devices. Users share a common Digital Subscriber Line (DSL),
cable modem, or wireless connection to the Internet. PPPoE
and PPPoA combine the Point-to-Point Protocol (PPP), commonly used in dialup connections, with the Ethernet
protocol or ATM protocol, which supports multiple users in a local area network. The PPP protocol information is
encapsulated within an Ethernet frame or ATM frame.
Before configuring the router, check with your ISP to ensure you have the correct information.
Key in the WAN1 parameters:
VPI:
0
VCI:
33
AAL5 Encap:
LLC
Protocol:
PPPoA + NAT or PPPoE + NAT
Click Next to setup the User name and password.
For more information, refer to the section on NAT/DMZ.
NB712 / NB714 User Guide
YML829 Rev1
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Type the ISP1 parameters.
Username:
test
Password:
test
Password Confirm:
test
Your ISP will provide the user name and password.
10
Idle Time:
IP Type:
If you want your Internet connection to remain on at all
times, enter 0 in the Idle Time field.
There are three IP types, Dynamic, Fixed and IP
Unnumbered, which you can setup. The default IP type
is Dynamic. It means that ISP PPP server will provide IP
information including a dynamic IP address when a SHDSL
connection is established. I.e. you do not need to type the IP
address of WAN1. Some ISPs will provide fixed IP address
over PPP.
For fixed IP address:
IP Type:
Fixed
IP Address:
192.168.1.1
Click Next.
For IP Unnumbered:
IP Type:
IP Unnumbered
192.168.168.1
IP Address:
Click Next.
30
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Don’t forget to enable LAN: For IP Routing Usage and type IP address on STEP 2
Note:
For security, the password will be displayed as asterisk characters.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press Continue to setup other parameters.
NB712 / NB714 User Guide
YML829 Rev1
31
Download from Www.Somanuals.com. All Manuals Search And Download.
7.2.5 IPoA or EoA
Before configuring the router, check with your ISP to ensure you have the correct parameters.
Type the Wan Parameters;
VPI:
0
VCI:
33
AAL5 Encap:
LLC
Protocol:
IPoA , EoA , IPoA + NAT or EoA + NAT
Click Next to setup the IP parameters.
For more information, refer to the section on NAT/DMZ.
IP Address:
10.1.2.1
The router’s IP address as seen from the Internet. Your ISP
will provide it and you need to specify it here.
Subnet mask:
255.255.255.0
This is the router subnet mask seen by external users on the
Internet. Your ISP will provide it to you.
Gateway:
10.1.2.2
Your ISP will provide you the default gateway.
DNS Server 1:
168.95.1.1
Your ISP will provide at least one DNS (Domain Name
System) Server IP address.
Click Next
32
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press Continue to setup other parameters.
NB712 / NB714 User Guide
YML829 Rev1
33
Download from Www.Somanuals.com. All Manuals Search And Download.
8 Advanced Setup
Advanced setup contains SHDSL, WAN, Bridge, VLAN, Route, NAT/DMZ, Virtual server and firewall parameters.
34
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.1 SHDSL
You can setup the Annex type, data rate and SNR margin for SHDSL parameters in
SHDSL.
Click SHDSL.
The following screen displays the Advanced SHDSL settings page for the NB712.
The NB714 supports an additional 4-wire mode with 4.0608Mbps data rate. The following screen displays the
Advanced SHDSL settings page for the NB714 with the option to select the Link Type.
Annex Type:
Link Type:
There are three Annex types, Annex A (ANSI), Annex B
(ETSI), or Annex AB in SHDSL. Check with your ISP.
The router supports two link types, 4-wire mode with
4.0608Mbps data rate and 2-wire mode with 2.304Mbps
data rate.
Data Rate:
You can set the SHDSL data rate in multiples of 64kbps.
For adaptive mode, n=0. The router will adapt the data rate
according to the line status.
NB712 / NB714 User Guide
35
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
SHDSL SNR margin:
The margin range is from 0 to 10.
SNR margin is an index of line connection. You can see the
actual SNR margin in STATUS SHDSL. The larger the SNR
margin, the better the line connection.
If you set the SNR margin in the field to 2, the SHDSL
connection will drop and reconnect when the SNR margin
is lower than 2. I.e., the device will reduce the line rate and
reconnect for better line connection.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press Continue to setup other parameters.
36
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.2 WAN
The SHDSL router supports up to 8 PVCs. WAN 1 was configured via BASIC except QoS. If you want to setup
other PVCs, 2 to 8, the parameters are setup in WAN. I.e., you must apply two or more Internet Services with ISPs
otherwise you do not need to setup WAN.
The WAN Number 1 will be the parameters setup in Basic Setup. If you want to setup another PVC, you can
configure them in WAN 2 to WAN 8.
Enter the parameters.
If the WAN protocol is PPPoA or PPPoE with dynamic IP, leave the default WAN IP address and Subnet Mask as
default settings. The system will ignore the IP address and Subnet mask information but deleting or leaving blank
the items will cause system error.
NB712 / NB714 User Guide
YML829 Rev1
37
Download from Www.Somanuals.com. All Manuals Search And Download.
If the WAN protocol is IPoA or EoA, leave the ISP parameters as default setting. The system will ignore the
information but deleting or leaving blank fields will cause a system error.
QoS (Quality of Service):
The Traffic Management Specification V4.0 defines ATM
service catalogues that describe both the traffic transmitted
by users onto a network as well as the Quality of Service that
the network needs to provide for that traffic.
UBR (Unspecified Bit Rate):
CBR (Constant Bit Rate):
UBR is the simplest service provided by ATM networks. There
is no guarantee of any rate. It is a primary service used for
transferring Internet traffic over the ATM network.
CBR is used by connections that require a static amount of
bandwidth that is available during the connection life time.
This bandwidth is characterized by Peak Cell Rate. Based on
the PCR of the CBR traffic, specific cell slots are assigned for
the VC in the schedule table. The ATM always sends a single
cell during the CBR connection’s assigned cell slot.
VBR-rt (Variable Bit Rate real-time): VBR-rt is intended for real-time applications, such as
compressed voice over IP and video conferencing, that
require tightly constrained delays and delay variation. VBR-rt
is characterized by a peak cell rate (PCR), sustained cell rate
(SCR), and maximum burst rate (MBR).
PCR (Peak Cell Rate) in kbps:
SCR (Sustained Cell Rate):
MBS (Maximum Burst Size):
The maximum rate at which you expect to transmit data,
voice and video. Consider PCR and MBS as a means of
reducing lantency, not increasing bandwidth. The range of
PCR is 64kbps to 2400kbps
The sustained rate at which you expect to transmit data,
voice and video. Consider SCR to be the true bandwidth of a
VC and not the long-term average traffic rate. The range of
SCR is 64kbps to 2400kbps.
The amount of time or the duration at which the router
sends at PCR. The range of MBS is 1 cell to 255 cells.
Click Finish to finish setting.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press Continue to setup other parameters.
38
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.3 Bridge
If your router is setup in bridge mode and you want to setup advanced filter functions, you can use the BRIDGE
menu to setup the filter and blocking functions.
Click Bridge to setup.
Press Add to add the static bridge information.
If you want to filter the MAC address of a LAN PC to access the Internet, press Add to establish the filtering table.
Enter the MAC address in the MAC address field and select Filter in the LAN field.
If you want to filter the MAC address of WAN PC to access the LAN, press Add to establish the filtering table.
Enter the MAC address in the MAC address field and select Filter in the WAN field. For example: if your VC is
setup at WAN 1, select WAN 1 Filter.
NB712 / NB714 User Guide
YML829 Rev1
39
Download from Www.Somanuals.com. All Manuals Search And Download.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press Continue to setup other parameters.
40
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.4 VLAN
Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can
communicate as if they were attached to the same wire, when in fact they are located on a number of different
LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible.
Click VLAN to configure VLAN.
Two types of VLAN are supported: either 802.1Q or Port-Based. Note that only one type of VLAN can be
configured at a time.
For setting 802.1Q VLAN click the 802.1Q Tag-Based VLAN and click Reset. The screen will display as follows:
NB712 / NB714 User Guide
YML829 Rev1
41
Download from Www.Somanuals.com. All Manuals Search And Download.
VID:
Virtual LAN ID is a defined ID number from 1 to 4094.
Port VID is an untagged member of a default VLAN.
PVID:
Link Type:
Access means the port can receive or send untagged
packets.
Link Type:
Trunk means that the port can receive or send tagged
packets.
Port-Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and
its associated port.
Click Port-Based VLAN to configure the router and press Reset.
42
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.5 Route
If the Router is connected to more than one network, it may be necessary to set up a
static route between them. A static route is a pre-determined pathway that network
information must travel to reach a specific host or network.
With Dynamic Routing, you can enable the Router to automatically adjust to physical
changes in the network’s layout. The Router, using the RIP protocol, determines the
network packets’ route based on the least number of hops between the source and the
destination. The RIP protocol regularly broadcasts routing information to other routers
on the network.
Click Route to modify the routing information.
To modify the RIP (Routing Information Protocol) Parameters:
RIP Mode:
Enable
Enable
Auto RIP Summary:
Press Modify
RIP Mode:
This parameter determines how RIP (Routing Information
Protocol) is handled. RIP allows it to exchange routing
information with other routers. If set to Disable, the gateway
does not participate in any RIP exchange with other routers.
If set to Enable, the router broadcasts the routing table of the
router on the LAN and incorporates RIP broadcasts by other
routers into it’s routing table. If set to silent, the router does
not broadcast the routing table, but it accepts RIP broadcast
packets that it receives.
NB712 / NB714 User Guide
43
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
RIP Version:
It determines the format and broadcasting method of any
RIP transmissions by the gateway.
RIP v1: it only sends RIP v1 messages only.
RIP v2: it send RIP v2 messages in multicast and broadcast
format.
Authentication required:
Poison Reverse:
None: for RIP, there is no need of authentication code.
Password: the RIP is protected by password, authentication
code.
MD5: The RIP will be decoded by MD5 rather than be
protected by password, authentication code.
Poison Reverse promptly broadcasts or multicasts the RIP
while the route is changed. (e.g. shutting down one of the
routers in routing table)
Enable: the gateway will actively broadcast or multicast the
information.
Disable: the gateway will not broadcast or multicast the
information.
After modifying the RIP parameters, press finish.
The screen will display the modified parameters. Check the parameters and press Restart to restart the router or
press Continue to setup other parameters.
44
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.6 NAT/DMZ
NAT (Network Address Translation) is the translation of an Internet Protocol address
(IP address) used within one network to a different IP address known within another
network. One network is designated as the inside network and the other is the
outside. Typically, a company maps its local inside network addresses to one or more
global outside IP address and changes the global IP addresses of incoming packets
back into local IP addresses. This ensures security since each outgoing or incoming
request must go through a translation process that also offers the opportunity
to qualify or authenticate the request or match it to a previous request. NAT also
conserves the number of global IP addresses that a company needs and lets the
company use a single IP address for its communication in the Internet world.
DMZ (demilitarized zone) is a computer host or small network inserted as a “neutral
zone” between a company private network and the outside public network. It prevents
outside users from getting direct access to a server that has company private data.
In a typical DMZ configuration for an enterprise, a separate computer or host receives requests from users within
the private network to access Web sites or other companies accessible on the public network. The DMZ host then
initiates sessions for these requests to the public network. However, the DMZ host is not able to initiate a session
back into the private network. It can only forward packets that have already been requested.
NB712 / NB714 User Guide
YML829 Rev1
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Users of the public network outside the company can access only the DMZ host. The DMZ may typically also have
the company’s Web pages so these could serve the outside world. However, the DMZ provides access to no other
company data. In the event that an outside user penetrated the DMZ host’s security, the Web pages might be
corrupted, but no other company information would be exposed.
Press NAT/DMZ to setup the parameters.
If you want to enable the NAT/DMZ functions, click Enable. Enable the DMZ host Function uses the IP address
assigned to the WAN for enabling DMZ functions for the virtual IP address.
Multi-DMZ:
Multi-NAT:
Some users who have two or more global IP addresses
assigned by their ISP can be used as a multi DMZ. The
table is for the mapping of global IP address and virtual IP
address.
Some of the virtual IP addresses (e.g.: 192.168.1.10
~ 192.168.1.50) collectively use two of the global IP
addresses (e.g.: 69.210.1.9 and 69.210.1.10). The Multi-
NAT table will be setup as;
Virtual Start IP Address:
Count:
192.168.1.10
40
Global Start IP Address:
Count:
69.210.1.9
2
Press Finish to continue.
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM. Press Restart to restart the router with new parameters or Continue to configure other parameters.
46
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.7 Virtual Server
Virtual Server allows specific ports on the WAN interface to be re-mapped to
services inside the LAN. For example, 69.210.1.8 is assigned to WAN by the ISP
and is visible to the Internet but does not actually have any services (other than NAT)
running on the gateway. TCP requests made to 69.210.1.8:80 are remapped to
the server 1 on 192.168.1.2:80 for working days from Monday to Friday 8 AM to
6PM, other requests with UDP made to 69.210.1.8:25 are remapped to server 2 on
192.168.1.3:25 which is always on.
You can setup the router as Index 1, protocol TCP, interface WAN1, service name
test1, private IP 192.168.1.2, private port 80, public port 80, schedule from
Day Monday to Friday and time 8:0 to 16:0 and index 2, protocol UDP, interface
WAN1, service name test2, private IP 192.168.1.3, private port 25, public port 25,
schedule always.
Click Modify to configure the parameters.
Press Restart to restart the router or press continue to setup another function.
NB712 / NB714 User Guide
YML829 Rev1
47
Download from Www.Somanuals.com. All Manuals Search And Download.
8.8 Firewall
A firewall is a set of related programs that protect the resources of a private network from other networks. It
prevents unauthorised users from accessing private data and resources accidentally.
Basic Firewall Security
This level only enables the NAT firewall and the remote management security. The NAT firewall will take effect if
the NAT function is enabled. The default remote management security is to block any WAN side connection to the
device. Non-empty legal IP pool in ADMIN will block all remote management connection except those IPs specified
in the pool.
Press Finish to finish setting up the firewall The screen will display the parameters, which will be written to
EPROM. Check the parameters.
Press restart to restart the router or press continue to setup another function.
48
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Automatic Firewall Security
Select Automatic Firewall Security. This level enables basic firewall security as well as all DoS protection and the
SPI filter function. Press Finish to finish setting up the firewall.
The screen will display the parameters, which will be written to EPROM. Check the parameters.
Press restart to restart the router or press Continue to setup another function.
NB712 / NB714 User Guide
YML829 Rev1
49
Download from Www.Somanuals.com. All Manuals Search And Download.
Advanced Firewall Security
You can determine the security level for special purpose, environment, and applications by configuring DoS
protection and defining an extra packet filter with higher priority than the default SPI filter. Note that an improper
filter policy may degrade the capability of the firewall and/or even block the normal network traffic.
Click Advanced Firewall Security and then press Finish.
SYN Attack:
A SYN flood attack attempts to slow your network by
requesting new connections but not completing the process
to open the connection. Once the buffer for these pending
connections is full a server will not accept any more
connections and will be unresponsive.
ICMP Flood:
UDP Flood:
A sender transmits a volume of ICMP request packets to
cause all CPU resources to be consumed serving the phony
requests.
A sender transmits a volume of requests for UDP diagnostic
services which cause all CPU resources to be consumed
serving the phony requests.
50
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Ping of Death:
A ping of death attack attempts to crash your system by
sending a fragmented packet, when reconstructed is larger
than the maximum allowable size. Other known variants of
the ping of death include teardrop, bonk and nestea.
Land Attack:
IP Spoofing:
A land attack is an attempt to slow your network down
by sending a packet with identical source and destination
addresses originating from your network.
IP Spoofing is a method of masking the identity of an
intrusion by making it appeared that the traffic came from
a different computer. This is used by intruders to keep their
anonymity and can be used in a Denial of Service attack.
Smurf Attack:
A smurf attack involves two systems. The attacker sends
a packet containing a ICMP echo request (ping) to the
network address of one system. This system is known as the
amplifier. The return address of the ping is faked (spoofed)
to appear to come from a machine on another network (the
victim). The victim is then flooded with responses to the
ping. As many responses are generated for only one attack,
the attacker is able use many amplifiers on the same victim.
Traditional firewalls are stateless meaning they have no memory of the connections of data or packets that pass
through them. Such IP filtering firewalls simply examine header information in each packet and attempt to match
it to a set of defined rule. If the firewall finds a match, the prescribed action is taken. If no match is found, the
packet is accepted into the network, or dropped, depending on the firewall configuration.
A stateful firewall maintains a memory of each connection and data passing through it. A stateful firewall records
the context of connections during each session, continuously updating state information in dynamic tables. With
this information, stateful firewalls inspect each connection traversing each interface of the firewall, testing the
validity of data packets throughout each session. As data arrives, it is checked against the state tables and if the
data is part of the session, it is accepted. Stateful firewalls enable a more intelligent, flexible and robust approach
to network security, while defeating most intrusion methods that exploit state-less IP filtering firewalls.
NB712 / NB714 User Guide
YML829 Rev1
51
Download from Www.Somanuals.com. All Manuals Search And Download.
If you want to configure the Packet Filtering Parameters, choose Enable and press Add.
Select the protocol and configure the parameters.
If you want to ban all of the protocol from the IP (e.g.: 200.1.1.1) to access the all PCs (e.g.: 192.168.1.2 ~
192.168.1.50) in the LAN, key in the parameter as;
Protocol:
Direction:
ANY
INBOUND (INBOUND is from WAN to LAN, and OUTBOUND is
LAN to WAN.)
Description:
Hacker
Src. IP Address:
Dest. IP Address:
200.1.1.1
192.168.1.2-192.168.1.50
Press OK to finish.
The screen will display the configured parameters. Check the parameters.
Click Restart to restart the gateway or Continue to configure another parameters.
52
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Filtering Rule for SMTP connection
Filtering rule will be configured as follow
Index
Protocol
TCP
Direction
Inbound
Outbound
Outbound
Inbound
Either
Action
Permit
Permit
Permit
Permit
Deny
Source
External
Internal
Internal
External
Any
Destination Dest. Port
Schedule
Always
Always
Always
Always
Always
1
2
3
4
5
Internal
External
External
Internal
Any
25
TCP
>1023
25
TCP
TCP
>1023
Any
Any
Packet
Direction
Inbound
Destination
Protocol
Dest. Port
25
Action (Rule)
Permit (A)
Source
1
2
192.168.3.4
172.16.1.1
172.16.1.1
TCP
TCP
Outbound
192.168.3.4
1234
Permit (B)
Packet
Direction
Outbound
Inbound
Destination
192.168.3.4
172.16.1.1
Protocol
TCP
Dest. Port
25
Action (Rule)
Permit (C)
Source
3
4
172.16.1.1
192.168.3.4
TCP
1357
Permit (D)
Packet
Direction
Inbound
Destination
171.16.3.4
10.1.2.3
Protocol
TCP
Dest. Port
6000
Action (Rule)
Deny (E)
Source
5
6
10.1.2.3
171.16.3.4
Outbound
TCP
5150
Deny (E)
NB712 / NB714 User Guide
YML829 Rev1
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Update Filtering Rule
Index
Protocol
TCP
Direction
Inbound
Outbound
Outbound
Inbound
Either
Action
Permit
Permit
Permit
Permit
Deny
Source
External
Internal
Internal
External
Any
Destination Source Port Dest. Port
1
2
3
4
5
Internal
External
External
Internal
Any
>1023
25
25
TCP
>1023
25
TCP
>1023
25
TCP
>1023
Any
Any
Any
Filtering Result
Index
Protocol
Direction
Inbound
Action
Source
Destination Source Port Dest. Port
1
2
3
4
5
6
TCP
TCP
TCP
TCP
TCP
TCP
Permit(A)
Permit(B)
Permit(C)
Permit(D)
Deny(E)
192.168.3.4 171.16.1.1
1234
25
Outbound
Outbound
Inbound
171.16.1.1
171.16.1.1
192.168.3.4 25
1234
25
192.168.3.4 1357
192.168.3.4 171.16.1.1
25
1357
6000
5150
Inbound
10.1.2.3
171.16.3.4
10.1.2.3
5150
6000
Outbound
Deny(E)
171.16.3.4
54
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Rule Order
The order of the rules affects the filtering result. The filtering process will proceed from top to bottom, changing
the order will give a different result. For example:
Rule
A
Source Address
10.0.0.0
10.1.99.0
Any
Destination Address
172.16.6.0
172.16.0.0
Any
Action
Permit
Deny
B
C
Deny
Where “0” at the last eight bits indicates “from 1 to 254”, “0” at any eight bits preceding “0”, “0.0” or “0.0.0”
indicates “from 1 to 254”. On the other hand, “0” and all “0” successive with “0” represents any.
When the rule is ordered as ABC.
Index
Source Address
10.1.99.1
10.1.99.1
10.1.1.1
Destination Address
172.16.1.1
Action
1
2
3
4
5
Deny (B)
Permit (A)
Permit (A)
Deny (C)
Deny (C)
172.16.6.1
172.16.6.1
10.1.1.1
172.16.1.1
192.168.3.4
172.16.6.1
The rule order will permit 10.1.99.1 to access 172.16.6.1.
When the rule is ordered as BAC.
Index
Source Address
10.1.99.1
10.1.99.1
10.1.1.1
Destination Address
172.16.1.1
Action
1
2
3
4
5
Deny (B)
Deny (B)
Permit (A)
Deny (C)
Deny (C)
172.16.6.1
172.16.6.1
10.1.1.1
172.16.1.1
192.168.3.4
172.16.6.1
The rule order will deny 10.1.99.1 to access 172.6.6.1.
NB712 / NB714 User Guide
55
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
8.9 IP QoS
IP QoS allows you to prioritise different types of traffic, thereby ensuring Quality of
Service. This is particularly useful for Voice over IP (VoIP) where the amount of bandwidth
can affect the line quality in a phone call.
Select Enable to enable IP QoS and then click on the Add button to set the IP QoS Policy
parameters.
Enter the information to define the Policy Rule and click on the OK button.
56
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
The screen will display the configured parameters. Check the parameters. In this example 192.168.1.60 is the
highest priority; 192.168.1.50 is the second high priority; 192.168.1.40 is the third highest priority and so on.
NB712 / NB714 User Guide
57
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
9 Administration
This section details security, simple network management protocol (SNMP) and time
synchronous.
58
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
9.1 Security
For system security, it is suggested that the default user name and password is changed
from the default.
There are three ways to configure the route: Web browser, telnet and serial console.
Press Security to setup the parameters.
For greater security, define the Supervisor ID and password for the gateway. If you don’t
set them, all users on your network will be able to access the gateway.
You can authorize up to five users to access the router via telnet or console. There are
two UI modes, menu driven mode and command mode to configure the router.
NB712 / NB714 User Guide
59
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Trusted Host address pool will setup the IP addresses from which authorized users can configure the gateway.
This is the most secure way to setup and control authorised access to the router.
Configured 0.0.0.0 will allow all hosts on Internet or LAN to access the router.
Leaving blank the Trust Host List will block all PCs from WAN to access the router. I.e. only PCs on the LAN would
be able to access the router.
If you type the exact IP address in the field, only that host can access the router.
Click Finish to finish the setting.
The browser will display the configured parameters and check it before writing them to EPROM.
Press Restart to restart the gateway working with the new parameters and press Continue to setup other
parameters.
60
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
9.2 SNMP
Simple Network Management Protocol (SNMP) provides for the exchange of messages
between a network management client and a network management agent for remote
management of network nodes. These messages contain requests to get and set
variables that exist in network nodes in order to obtain statistics, set configuration
parameters, and monitor network events. SNMP communications can occur over the
LAN or WAN connection.
The router can generate SNMP traps to indicate alarm conditions, and it relies on
SNMP community strings to implement SNMP security. This router support MIB I and
MIB II.
Click SNMP to configure the parameters.
In the table of current community pool, you can setup the access authority.
In the table of current trap host pool, you can setup the trap host.
Click on the Modify button to modify the community pool.
NB712 / NB714 User Guide
61
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
SNMP status:
Enable
Access Right:
Access Right:
Deny for deny all access
Read for access read only
Access Right:
Write for access read and write.
Serves as password for access right.
Community:
Click on the OK button to submit the changes.
62
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
SNMP trap is an informational message sent from an SNMP agent to a manager. Click Modify to modify the trap
host pool.
Version:
IP:
Select version for trap host (SNMP v1 or SNMP v2).
Type the trap host IP
Community:
Type the community password. The community is setup in
community pool.
Click on OK to finish the setup.
The browser will display the configured parameters.
Press Restart to restart the gateway with the new parameters or press Continue to setup other parameters.
NB712 / NB714 User Guide
YML829 Rev1
63
Download from Www.Somanuals.com. All Manuals Search And Download.
9.3 Time Sync
Time synchronization is an essential element for any business that relies on an IT system.
The reason for this is that these systems all have clocks that are the source of time for files
or operations they handle. Without time synchronization, time on these systems can vary
and cause firewall packet filtering schedule processes to fail, security to be compromised,
and virtual servers to work in wrong schedule.
Click on TIME SYNC.
There are two synchronization modes: Simple Network Time Protocol (SNTP) and
synchronization with PC. For synchronization with PC, select Sync with PC. The gateway will
synchronize the time with the connecting PC.
SNTP is the acronym for Simple Network Time Protocol, which is an adaptation of the Network Time Protocol
(NTP) used to synchronize computer clocks in the Internet. SNTP can be used to ensure the ultimate performance
of full NTP implementation.
64
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
For SNTP, select SNTP v4.0.
SNTP service:
Enable
Time Server:
Any time server in the world can be used but it is suggested
that you use the nearest timeserver.
Time Zone:
You have to choose the right time zone.
Click on Finish to finish the setup. The browser will display the configured parameters.
Press Restart to restart the gateway with the new parameters or press Continue to setup other parameters.
NB712 / NB714 User Guide
65
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10 Utility
This section describes the utility of the router including system information, loading the
factory default configuration, upgrading the firmware, logout and restarting the gateway.
66
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10.1 System Info
Click on System Info to review the information.
The browser will display your system information on the screen.
NB712 / NB714 User Guide
67
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10.2 Config Tool
This configuration tool has three functions: Load Factory Default, Restore Configuration and
Backup Configuration.
Press Config Tool.
Choose the function and then click on Finish.
Load Factory Default function:
Will reload the factory default parameters to the gateway.
Note:
All of the settings will be changed to factory default. On the other hand you will
lose all the configured parameters.
Restore Configuration:
Will help you to recover your backup configuration:
*
*
Click Finish after selecting Restore Configuration.
Browse the router for the backup file and then click
Finish. The router will automatically restore the saved
configuration.
Backup Configuration:
Any changes to the default configuration should be backed
up. Use this function to backup your router parameters on a
PC.
*
*
Select Backup Configuration and then press Finish.
Browse the place of backup file named backup.
Press Finish. The router will automatically backup the
configuration.
68
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10.3 Upgrade
You can upgrade the gateway using the upgrade function.
Press Upgrade.
Browse the file and press OK button to upgrade. The system will reboot automatically after
finishing.
NB712 / NB714 User Guide
69
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10.4 Logout
To logout the router, press logout.
70
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
10.5 Restart
To restart the router, select Restart in UTILITY.
Click on the Restart button to reboot the router.
NB712 / NB714 User Guide
71
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
11 Status
You can monitor the following:
•
•
SHDSL status including mode, Tx power, Bitrate, and Performance
information including SNR margin, attenuation and CRC error count.
LAN status will display the MAC address, IP address, Subnet mask and
DHCP client table.
•
•
•
•
WAN status will display the WAN interface information.
Route status will display the routing table of router.
Interface status includes LAN and WAN statistics information.
Firewall status display DoS protection status and dropped packets
statistics.
72
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
12 LAN-to-LAN connection with bridge Mode
12.1 CO side
Click Bridge and CO Side to setup Bridging mode of the Router and then click Next.
LAN Parameters
NB712 / NB714 User Guide
73
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Enter IP:
192.168.1.1
255.255.255.0
192.168.1.1
SOHO
Enter Subnet Mask:
Enter Gateway:
Enter Host Name:
WAN1 Parameters
Enter VPI:
Enter VCI:
Encap:
0
32
Click LLC
Click Next
The screen will display the configured parameters. Check the parameters and click Restart . The router will reboot
with the new settings.
74
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
12.2 CPE Side
Click Bridge and CO Side to setup Bridging mode of the Router and then click Next.
LAN Parameters
IP Address:
Subnet Mask:
Gateway:
Enter192.168.1.2
Enter 255.255.255.0
Enter 192.168.1.2
Enter SOHO
Host Name:
WAN1 Parameters
VPI:
0
VCI:
32
LLC
Encap:
Click Next
The screen will display the configured parameters. Check the parameters and click Restart . The router will reboot
with the new settings.
NB712 / NB714 User Guide
YML829 Rev1
75
Download from Www.Somanuals.com. All Manuals Search And Download.
13 LAN to LAN Connection with Routing Mode
13.1 CO side
Click ROUTE and CO Side then press Next.
LAN parameters:
IP Address:
192.168.20.1
Subnet Mask:
Host Name:
255.255.255.0
SOHO
DHCP Service:
For more DHCP service, review DHCP Service.
76
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
WAN Parameters
VPI:
VCI:
0
32
LLC
AAL5 Encap:
Protocol:
IPoA , EoA , IPoA + NAT or EoA + NAT
The Protocol used in CO and CPE have to be the same.
Note:
Click Next to setup the IP parameters.
Refer to the section NAT/DMZ for more information.
IP Address:
Subnet mask:
Gateway:
192.168.30.1
255.255.255.0
192.169.30.2
Click Next
The screen will display the parameters that will be written to EPROM. Check the parameters before writing to
EPROM.
Press Restart to restart the router with the new parameters or press continue to setup other parameters.
NB712 / NB714 User Guide
77
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
13.2 CPE side
Click ROUTE and CPE Side then press Next.
LAN parameters:
IP Address:
Subnet Mask:
192.168.10.1
255.255.255.0
Host Name:
SOHO
DHCP Service:
WAN Parameters
For more DHCP service, review DHCP Service.
78
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
VPI:
0
VCI:
32
LLC
AAL5 Encap:
Protocol:
Note:
IPoA , EoA , IPoA + NAT or EoA + NAT
The Protocol used in CO and CPE have to be the same.
Click Next to setup the IP parameters.
Refer to the section NAT/DMZ for more information.
IP Address:
Subnet mask:
Gateway:
192.168.30.2
255.255.255.0
192.168.30.1
Click Next
The screen will display the parameters that will be written to EPROM. Check the parameters and click the Restart
button to restart the router with the new parameters or press continue to setup other parameters.
NB712 / NB714 User Guide
YML829 Rev1
79
Download from Www.Somanuals.com. All Manuals Search And Download.
14 Configuration via Serial Console or Telnet with Menu Driven
Interface
14.1 Serial Console
Check the connectivity of the RS-232 cable from your computer to the serial port of ROUTER. Start your terminal
access program with VT100 terminal emulation. Configure the serial link with the following value:
Parameter
Value
9600
8
Baudrate
Data Bits
Parity Check
Stop Bits
No
1
Flow-control
No
Press the SPACE key until the login screen appears. When you see the login screen, you can logon to Router.
Note:
You have to use the SPACE key. Pressing other keys will not work.
User:
admin
*****
Password:
Note: The factory default user and passwords are both “admin”.
14.2 Telnet
Make sure the correct Ethernet cable is used to connect the LAN port of your computer to the Router. The LAN
LNK indicator on the front panel will glow if the correct cable is used. Start your Telnet client with a VT100
terminal emulation and connect to the management IP of Router. When the login screen appears enter your User
name and Password.
User:
admin
*****
Password:
Note:
The default IP address is 192.168.1.1.
80
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.3 Operation Interface
For serial console and Telnet management, the Router implements two operational interfaces: command line
interface (CLI) and menu driven interface. The CLI mode provides users with a simple command line interface.
The menu driven interface is a more user-friendly interface for general operations. The command syntax for CLI
is the same as that of the menu driven interface. The only difference is that the menu driven interface displays all
available commands for you to select. This means that you don’t need to remember the command syntax and can
save you time by not requiring you to type the whole command line.
The following figure gives you an example of the menu driven interface. In the menu, you scroll up/down by
pressing key I / K, select one command by key L, and go back to a higher level of menu by key J. For example, to
show the system information, just logon to the Router, move down the cursor by pressing key K twice and select
“show” command by pressing key L, you shall see a submenu and select “system” command in this submenu,
then the system will display the general information.
NB712 / NB714 User Guide
YML829 Rev1
81
Download from Www.Somanuals.com. All Manuals Search And Download.
14.4 Window structure
From top to bottom, the window will be divided into four parts:
1. Product name
2. Menu field: Menu tree is prompted on this field. “>>” symbol indicates the cursor place.
3. Configuring field: You will configure the parameters in this field. < parameters > indicates the
parameters you can choose and < more…> indicates that there have submenu in the title.
4. Operation command for help
The following table shows the parameters in the brackets.
Command
<ip>
Description
An item enclosed in brackets is required. If the item is shown
in lower case bold, it represents an object with special
format. For example, <ip> may be 192.168.1.3.
<Route|Bridge>
Two or more items enclosed in brackets and separated by
vertical bars means that you must choose exactly one of the
items. If the item is shown in lower case bold with leading
capital letter, it is a command parameter. For example, Route
is a command parameter in <Route|Bridge>.
[1~1999]
An item enclosed in brackets is optional.
[1~65534|-t]
Two or more items enclosed in brackets and separated by
vertical bars means that you can choose one or none of the
items.
82
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.5 Menu Driven Interface Commands
Before changing the configuration, familiarize yourself with the operations list in the following table. The Keystroke
list are also displayed on the window.
Menu Driven Interface Commands
Keystroke
[UP] or I
Description
Move to above field in the same level menu.
Move to below field in the same level menu.
Move back to previous menu.
Move forward to submenu.
Move forward to submenu.
To choose another parameters.
To quit the configuring item.
For help
[DOWN] or K
[LEFT] or J
[RIGHT] or L
[ENTER]
[TAB]
Ctrl + C
Ctrl + Q
NB712 / NB714 User Guide
83
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.6 Menu Tree
The menu tree is shown below. All configuration commands are included in the Enable directory and are
protected by a supervisor password. Unauthorized users can view the status and configuration of the router, but
cannot change any configuration information.
84
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.7 Configuration
To setup the router, move the cursor “ >>” to Enable and press the enter key. When the screen appears, type the
supervisor password. The default supervisor password is admin. The password will be prompted as a “ * “ symbol
for system security.
----------------------------------------------------------------------
Command: enable <CR>
Message: Please input the following information.
Supervisor password: ****
----------------------------------------------------------------------
In this sub menu, you can setup management features and upgrade software, backup the system configuration
and restore the system configuration via utility tools.
Any changes will need to be written to EPROM and the router will need to be rebooted to work with the new
settings.
The screen will prompt as follow.
>> enable
setup
status
show
Modify command privilege
Configure system
Show running system status
View system configuration
Update flash configuration
Reset and boot system
Packet internet groper command
Setup management features
TFTP upgrade utility
write
reboot
ping
admin
utility
exit
Quit system
The description of the commands are:
Command
enable
Description
Modify command privilege. When you login via serial
console or Telnet, the router defaults to a program execution
(read-only) privileges. To change the configuration and write
changes to nonvolatile RAM (NVRAM), you must work in
enable mode.
setup
To configure the product, you have to use the setup
command.
status
show
write
View the status of product.
Show the system and configuration of product.
Update flash configuration. After you have completed all
necessary settings, write the new configuration to NVRAM
by the “write” command and reboot the system, or all of your
changes will not take effect.
reboot
Reset and boot system. After you have completed all
necessary changes, write the new configuration to NVRAM
and reboot the system by “reboot” command, or all of your
changes will not take effect.
NB712 / NB714 User Guide
85
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Command
ping
Description
Packet internet groper command.
You can set management features with this command.
admin
utility
Upgrade software and backup and restore configuration are
done via “utility” command.
exit
Quit system
86
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.8 Status
You can view the status of SHDSL, WAN, route and interface via the status command.
Move cursor “ >> “ to status and press enter.
>> shdsl
wan
Show SHDSL status
Show WAN interface status
Show routing table
route
interface
Show interface statistics status
Show firewall status
firewall
Command
Description
shdsl
wan
The SHDSL status includes line rate, SNR margin, TX
power, attenuation and CRC error of the product, and SNR
margin, attenuation and CRC error of remote side. The
product access remote side information via EOC (embedded
operation channel).
WAN status shows the 8 PVC information which are
configured.
route
You can see the routing table via the route command.
interface
The statistic status of WAN and LAN interface can be
monitor by interface command.
firewall
The current and history status of firewall are shown in this
command.
NB712 / NB714 User Guide
87
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.9 Show
You can view the system information, configuration and configuration via the show command.
Move cursor “ >> “ to show and press enter.
>> system
config
Show general information
Show all configuration
script
Show all configuration in command script
Command
system
config
Description
The general information of the system is displayed.
Config command displays detailed configuration information.
Configuration information will display in the command script.
script
88
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.10 Write
Any changes to the router configuration must be written to EPROM using the write command and the router
needs to be rebooted for the changes to take affect.
Move cursor to “ >> “ to write and press enter.
----------------------------------------------------------------------
Command: write <CR>
Message: Please input the following information.
Are you sure? (y/n): y
----------------------------------------------------------------------
14.11 Reboot
To reboot the router, use reboot command. Move cursor to “ >> “ to write and press enter.
----------------------------------------------------------------------
Command: reboot <CR>
Message: Please input the following information.
Do you want to reboot? (y/n): y
----------------------------------------------------------------------
14.12 Ping
Ping command will be used to test the connection of the router. Move cursor “ >> “ to ping and press enter.
----------------------------------------------------------------------
Command: ping <ip> [1~65534|-t] [1~1999]
Message: Please input the following information.
IP address <IP> : 10.0.0.1
Number of ping request packets to send (TAB select): -t
Data size [1~1999]: 32
----------------------------------------------------------------------
There are 3 types of number of ping request packet to send, default, 1~65534 and –t. Default will send 4 packet
and –t continuous packet until you key in Ctrl+c to stop.
14.13 Administration
You can modify the user profile, telnet access, SNMP (Sample Network Management Protocol), supervisor
information and SNTP (Simple Network Time Protocol) in admin. The route is enable ==> admin.
For configuration the parameters, move the cursor “ >> “ to admin and press enter.
>> user
Manage user profile
security
Setup system security
Configure SNMP parameter
Change supervisor password
Change supervisor ID
snmp
passwd
id
sntp
Configure time synchronization
NB712 / NB714 User Guide
89
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.13.1 User Profile
You can use the user command to clear, modify and list the user profiles. You can define up to five users to access
the router via console port or telnet in user profile table however users who have the supervisor password can
change the configuration of the router. Move the cursor “ >> “ to user and press enter key.
>> clear
modify
list
Clear user profile
Modify the user profile
List the user profile
You can delete the user by number using the clear command. Make sure the number of the user is correct. You
can use list command to check it. Modify command is to modify any user information or add a new user to user
profile.
To modify or add a new user, move the cursor to modify and press enter.
----------------------------------------------------------------------
Command: admin user modify <1~5> <more...>
Message: Please input the following information.
Legal access user profile number <1~5> : 2
----------------------------------------------------------------------
The screen will prompt as follow.
>> Attrib
UI mode
Profile
User name and password
There are two UI mode, command and menu mode, to setup the product. We will not discuss command mode in
this manual.
14.13.2 Security
Security command can be configured sixteen legal IP address for telnet access and telnet port number.
Move the cursor “ >> “ to security and press enter. The default legal address is 0.0.0.0 which means that there is
no IP restriction to access the router via telnet.
>> port
ip_pool
list
Configure telent TCP port
Legal address IP address pool
Show security profile
90
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.13.3 SNMP
Simple Network Management Protocol (SNMP) is the protocol not only governing network management, but also
the monitoring of network devices and their functions.
The router can generate SNMP traps to indicate alarm conditions, and it relies on SNMP community strings to
implement SNMP security. This router supports MIB I & II.
Move the cursor “ >> “ to snmp and press enter.
>> community
Configure community parameter
trap
Configure trap host parameter
Up to 5 SNMP community entries can be configured in this system. Move the cursor to community and press
enter.
----------------------------------------------------------------------
Command: admin snmp community <1~5> <more...>
Message: Please input the following information.
Community entry number <1~5> : 2
----------------------------------------------------------------------
The screen will prompt as follow:
>> edit
Edit community entry
list
Show community configuration
Up to 5 SNMP trap entries can be configured in this system. Move the cursor to trap and press enter.
----------------------------------------------------------------------
Command: admin snmp trap <1~5> <more...>
Message: Please input the following information.
Trap host entry number <1~5> : 2
----------------------------------------------------------------------
The screen will prompt as follow:
>> edit
list
Edit trap host parameter
Show trap configuration
NB712 / NB714 User Guide
91
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.13.4 Supervisor Password and ID
The supervisor password and ID are the last door for security but the most important. Users who access the
router via web browser have to use the ID and password to configure the router and users who access the router
via telnet or console mode have to use the password to configure the router. Change the ID and password after
configuration and save it. When you access to the router again, you have to use the new password.
----------------------------------------------------------------------
Command: admin passwd <pass_conf>
Message: Please input the following information.
Input old Supervisor password: ****
Input new Supervisor password: ********
Re-type Supervisor password: ********
----------------------------------------------------------------------
----------------------------------------------------------------------
Command: admin id <pass_conf>
Message: Please input the following information.
Legal user name (Enter for default) <root> : test
----------------------------------------------------------------------
92
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.13.5 SNTP
Time synchronization is an essential element for any business that relies on an IT system. The reason for this is
that these systems all have clocks that are the source of time for files or operations they handle. Without time
synchronization, time on these systems can vary and this can cause virtual server schedule processes to fail and
system log exposures with wrong data.
There are two methods to synchronize time: synchronize with a PC or SNTPv4. If you choose synchronize with
PC, the router will synchronize with a PC. If you choose SNTPv4, the router will use the protocol to synchronize
with the time server. Synchronization with time server, SNTP v4, needs to configure service, time_server and
time_zone. Synchronization with PC does not require the above parameters.
Move the cursor “ >> “ to sntp and press enter.
>> method
service
Select time synchronization method
Tigger SNTP v4.0 service
Configure time server 1
time_server1
time_server2
time_server3
updaterate
time_zone
list
Configure time server 2
Configure time server 3
Configure update period
Configure GMT time zone offset
Show SNTP configuration
To configure SNTP v4 time synchronization, follow the procedures detailed below:
Move the cursor to method and press enter.
----------------------------------------------------------------------
Command: admin sntp method <SNTPv4|SyncWithPC>
Message: Please input the following information.
SYNC method (Enter for default) <SyncWithPC> : SNTPv4
----------------------------------------------------------------------
Move the cursor to service and press enter.
----------------------------------------------------------------------
Command: admin sntp service <Disable|Enable>
Message: Please input the following information.
Active SNTP v4.0 service (Tab Select) <Enable> : Enable
----------------------------------------------------------------------
Move the cursor to time_server1 and press enter.
----------------------------------------------------------------------
Command: admin sntp time_server1 <string>
Message: Please input the following information.
Time server address(Enter for default) <ntp-2.vt.edu> : ntp-2.vt.edu
----------------------------------------------------------------------
You can configure up to three time servers in this system.
Move the cursor to update_rate and press enter.
----------------------------------------------------------------------
Command: admin sntp update_rate <10~268435455>
Message: Please input the following information.
Update period (secs) (Enter for default) : 86400
----------------------------------------------------------------------
NB712 / NB714 User Guide
93
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Move the cursor to time_zone and configure where your router is placed. The easiest way to know the time zone
offset hour is from your PC clock. Double click the clock at the right corner of monitor and check the time zone.
----------------------------------------------------------------------
Command: admin sntp time_zone <-12~12>
Message: Please input the following information.
GTM time zone offset (hours) (Enter for default) : -8
----------------------------------------------------------------------
Move the cursor to list and review the setting.
94
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.14 Utility
There are three utility tools, upgrade, backup and restore, embedded in the firmware. You can update the new
firmware via TFTP upgrade tools and backup the configuration via TFTP backup tool and restore the configuration
via TFTP restore tool. For upgrade, TFTP server with the new firmware will be supported by supplier but for
backup and restore, you must have your own TFTP server to backup and restore the file.
Move the cursor “ >> “ to utility and press enter.
>> upgrade
Upgrade main software
backup
Backup system configuration
Restore
Restore system configuration
14.15 Exit
If you want to exit the system without saving, use exit command to quit system.
14.16 Setup
All of the setup parameters are located in the subdirectories of setup. Move the cursor “ >> “ to setup and press
enter.
>> mode
shdsl
wan
Switch system operation mode
Configure SHDSL parameters
Configure WAN interface profile
Configure transparent bridging
Configure virtual LAN paramters
Configure routing parameters
Configure LAN interface profile
Configure NAT/PAT parameters
Configure Firewall parameters
Configure DHCP parameters
bridge
vlan
route
lan
ip_share
firewall
dhcp
dns_proxy
hostname
default
Configure DNS proxy parameters
Configure local host name
Restore factory default setting
14.16.1 Mode
The product can act as routing mode or bridging mode. The default setting is routing mode. You can change the
system operation mode by using mode command. Move the cursor “ >> “ to mode and press enter.
----------------------------------------------------------------------
Command: setup mode <Route|Bridge>
Message: Please input the following information.
System operation mode (TAB select) <Route>: Route
----------------------------------------------------------------------
NB712 / NB714 User Guide
95
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.2 SHDSL
You can setup the SHDSL parameters by the command shdsl. Move the cursor “ >> “ to shdsl and press enter.
>> mode
Link
Configure SHDSL mode
Configure SHDSL link
n*64
Configure SHDSL data rate
Configure SHDSL annex type
Clear current CRC error count
Configure SHDSL SNR margin
type
clear
margin
There are two types of SHDSL mode, STU-R and STU-C. STU-R means the terminal of central office and STU-C
customer premises equipment.
Link type will be 2-wire or 4-wire mode according to the product. 4-wire product can be worked under 2-wire
mode.
You can set the data rate in multiples of 64Kbps where n is from 0 to 32. If you configure n to 0, the product will
perform in adaptive mode.
There are two types of SHDSL Annex type, Annex-A and Annex-B.
Clear command can clear CRC error count.
Generally, you do not need to change the SNR margin, which ranges from 0 to 10. The SNR margin is an index of
line connection. You can see the actual SNR margin in STATUS SHDSL. The larger the SNR margin, the better the
line connection. If you set SNR margin in the field as 2, the SHDSL connection will drop and reconnect when the
SNR margin is lower than 2. I.e., the device will reduce the line rate and reconnect for better line connection.
96
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.3 WAN
The router supports up to 8 PVCs, private virtual circuits, and so you can setup up to 8 WANs; WAN1 to WAN8.
Move the cursor “ >> “ to wan and press enter. To setup WAN1, type 1.
----------------------------------------------------------------------
Command: setup wan <1~8>
Message: Please input the following information.
Interface number <1~8>: 1
----------------------------------------------------------------------
>> protocol
address
vpi_vci
encap
Link type protocol
IP address and subnet mask
Configure VPI/VCI value
Configure encapsulation type
Configure VC QoS
qos
isp
Configure account name, password and idle time
Configure IP type in PPPoA and PPPoE
WAN interface configuration
ip_type
list
There are four types of protocols, IPoA, EoA, PPPoA and PPPoE, which you can setup.
For dynamic IP of PPPoA and PPPoE, you do not need to setup the IP address and subnet mask.
There is an unique VPI and VCI value for Internet connection supported by ISP. The range of VIP is from 0 to 255
and VCI from 0 to 65535.
There are two types of encapsulation types, VC-Mux and LLC.
You can setup virtual circuit quality of service, VC QoS, using qos command. The product supports UBR, CBR,
VBR-rt and VBR-nrt. The peak cell rate can be configured from 64kbps to 2400kbps. Move the cursor to qos and
press enter.
>> class
pcr
Configure QoS class
Configure peak cell rate (kbps)
Configure sustainable cell rate (kbps)
Configure max. burst size (cell)
scr
mbs
ISP command can configure account name, password and idle time. Idle time can be from 0 minute to 300
minutes.
Most ISPs use dynamic IP for PPP connection but some will use static IP. Configure the IP type, dynamic or fixed,
via ip_type command.
You can review the WAN interface configuration via the list command.
NB712 / NB714 User Guide
YML829 Rev1
97
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.4 Bridge
You can setup the bridge parameters in bridge command. If the product is configured as a router, you do not want
to setup the bridge parameters. Move the cursor “ >> “ to bridge and press enter.
>> gateway
Default gateway
static
Static bridging table
You can setup default gateway IP via gateway command.
You can define 20 sets of static bridge in static command. After entering static menu, the screen will prompt as
below:
>> add
Add static MAC entry
delete
Delete static MAC entry
Modify static MAC entry
Show static bridging table
modify
list
After enter add menu, the screen will prompt as follow
>> mac
lan_port
Configure MAC address
Configure LAN interface bridging type
Configure WAN1 interface bridging type
Configure WAN2 interface bridging type
Configure WAN3 interface bridging type
Configure WAN4 interface bridging type
Configure WAN5 interface bridging type
Configure WAN6 interface bridging type
Configure WAN7 interface bridging type
Configure WAN8 interface bridging type
Show static bridging table
wan1_port
wan2_port
wan3_port
wan4_port
wan5_port
wan6_port
wan7_port
wan8_port
list
98
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.5 VLAN
Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can
communicate as if they were attached to the same wire, when in fact they are located on a number of different
LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible.
You can setup the Virtual LAN (VLAN) parameters in vlan command. The router support the implementation of
VLAN-to-PVC only for bridge mode operation, i.e., the VLAN spreads over both the COE and CPE sides, where
there is no layer 3 routing involved. The unit supports up to 8 active VLANs with shared VLAN learning (SVL)
bridge out of 4096 possible VLANs specified in IEEE 802.1Q.
Move the cursor “ >> “ to vlan and press enter.
>> mode
Trigger virtual LAN function
Modify virtual LAN rule
Modify port default ID
Modify port link type
modify
pvid
link_mode
list
Show VLAN configuration
To active the VLAN function, move the cursor “ >> “ to mode and press enter. The router supports two types of
VLAN, 802.11q and Port-Based. The IEEE 802.1Q defines the operation of VLAN bridges that permit the definition,
operation, and administration of VLAN topologies within a bridged LAN infrastructure. Port-Based VLANs are
VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.
NB712 / NB714 User Guide
YML829 Rev1
99
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.6 802.11Q VLAN
Follow the following steps to configure 802.11q VLAN.
----------------------------------------------------------------------
Command: setup vlan active <Disable|8021Q|Port>
Message: Please input the following information.
Tigger VLAN function (Tab select) <Disable>: 8021Q
----------------------------------------------------------------------
To modify the VLAN rule, move the cursor “ >> “ to modify and press enter.
----------------------------------------------------------------------
Command: setup vlan modify <1~8> <1~4094> <string>
Message: Please input the following information.
Rule entry index <1~8>: 1
VLAN ID (Enter for default) <1>: 10
VLAN port status (Enter for default): 11001
----------------------------------------------------------------------
For each VLAN, VLAN ID is a unique number among 1~4095.
VLAN port status is a 12-digit binary number whose bit-1 location indicates the VLAN port membership in which
4MSBs and 8MSB represents LAN ports and WAN port, respectively. For example: the above setting means that
the VID 20 member port includes LAN1, LAN2 and WAN. The member ports are tagged members. Use PVID
command to change the member port to untagged members
To assign PVID (Port VID), move the cursor “>>” to PVID and press enter. The port index 1 to 4 represents LAN1
to LAN4 respectively and port index 5 to 12 represents WAN1 to WAN8. VID value is the group at which you want
to assign the PVID of the port. PVID is
----------------------------------------------------------------------
Command: setup vlan pvid <1~12> <1~4094>
Message: Please input the following information.
Port index <1~12>: 1
VID Value (Enter for default) <10>: 10
----------------------------------------------------------------------
To modify the link type of the port, move the cursor to link mode and press enter. There are two types of link:
access and trunk. Trunk link will send the tagged packet form the port and access link will send un-tagged packet
form the port. Port index 1 to 4 represents LAN1 to LAN4 respectively. According to the operation mode of the
device, link type of WAN port is automatically configured. If the product operates in bridge mode, the WAN link
type will be trunk, and in routing mode, access.
----------------------------------------------------------------------
Command: setup vlan link_mode <1~12> <Access|Trunk>
Message: Please input the following information.
Port index <1~12>: 1
Port link type (Tab select) <Trunk>: Access
----------------------------------------------------------------------
To view the VLAN table, move the cursor to list and press enter.
100
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.7 Route
You can setup the routing parameters in route command. If the product is configured as a bridge, you do not want
to setup the route parameters. Move the cursor “ >> “ to route and press enter.
>> static
Configure static routing table
rip
Configure RIP tool
If the Router is connected to more than one network, it may be necessary to set up a static route between them. A
static route is a pre-determined pathway that network information must travel to reach a specific host or network.
With Dynamic Routing, you can enable the Router to automatically adjust to physical changes in the network’s
layout. The Cable/DSL Firewall Router, using the RIP protocol, determines the network packets’ route based on
the least number of hops between the source and the destination. The RIP protocol regularly broadcasts routing
information to other routers on the network.
You can setup 20 sets of static route in static command. After entering static menu, the screen will show as
follow:
>> add
delete
list
Add static route entry
Delete static route entry
Show static routing table
You can add 20 sets of static route entry by using add command. Type the IP information of the static route
including IP address, subnet mask and gateway.
You can delete the static route information via delete command.
You can review the static route entry by using list command.
To configure Routing Information Protocol (RIP), you can use rip command to setup the parameters. Move the
cursor “>>” to rip and press enter.
>> generic
lan
Configure operation and auto summery mode
Configure LAN interface RIP parameters
Configure WAN interface RIP parameters
Show RIP configuration
wan
list
Generic command can setup RIP mode and auto summery mode.
If there are any routers in your LAN, you can configure LAN interface RIP parameters via lan command.
The product supports 8 PVCs and you can configure the RIP parameters of each WAN via wan command. Move
the cursor “>>” to wan and press enter.
----------------------------------------------------------------------
Command: setup route rip wan <1~8> <more...>
Message: Please input the following information.
Active interface number <1~8>: 1
----------------------------------------------------------------------
The screen will display the following:
>> attrib
version
authe
Operation, authentication and Poison reverse mode
RIP protocol version
Authentication code
Attrib
command can configure RIP mode, authentication type and
Poison reverse mode.
Version
Authe
command can configure RIP protocol version.
command can configure authentication code.
You can review the list of RIP parameters via list command.
NB712 / NB714 User Guide
101
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.8 LAN
LAN interface parameters can be configured LAN IP address, subnet mask and NAT network type.
>> address
LAN IP address and subnet mask
NAT network type
attrib
14.16.9 IP share
You can configure Network Address Translation (NAT), Port Address Translation (PAT) and Demilitarized Zone
parameters in ip_share menu. Move the cursor “>>” to ip_share then press enter.
>> nat
pat
Configure network address translation
Configure port address translation
Configure DMZ host function
dmz
NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one
network to a different IP address known within another network. One network is designated the inside network
and the other is the outside. Typically, a company maps its local inside network addresses to one or more global
outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses. This
ensure security since each outgoing or incoming request must go through a translation process, that also offers
the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on
the number of global IP addresses that a company needs and lets the company to use a single IP address of its
communication in the Internet world.
DMZ (demilitarized zone) is a computer host or small network inserted as a “neutral zone” between a company
private network and the outside public network. It prevents outside users from getting direct access to a server
that has company private data.
102
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.10 NAT
You can configure NAT parameters in nat menu.
>> virtual
global
fixed
Virtual IP address pool
Global IP address pool
Fixed IP address mapping
The virtual menu contains range of virtual IP address, delete virtual IP address and show virtual IP address.
>> range
delete
list
Edit virtual IP address pool
Delete virtual IP address pool
Show virtual IP address pool
You can create up to five virtual IP address pool ranges in range command.
----------------------------------------------------------------------
Command: setup ip_share nat virtual range <1~5> <ip> <1~253>
Message: Please input the following information.
NAT local address range entry number <1~5>: 1
Base address: 192.168.1.2
Number of address: 49
----------------------------------------------------------------------
You can delete virtual IP address range - from 1 to 5 - by using delete command.
You can view the virtual IP address range via list command.
To setup global IP address pool, move the cursor “>>” to global command and press enter.
>> range
Edit global IP address pool
interface
Bind address pool to specific interface
Delete global IP address pool
Show global IP address pool
delete
list
You can create five global IP address pool range via range command.
----------------------------------------------------------------------
Command: setup ip_share nat global range <1~5> <ip> <1~253>
Message: Please input the following information.
NAT global IP address range entry number <1~5>: 1
Base address: 122.22.22.2
Number of address: 3
----------------------------------------------------------------------
After configuring the global IP address range, you can bind the address pool to a specific interface via bind
command.
----------------------------------------------------------------------
Command: setup ip_share nat global interface <1~5> <1~8>
Message: Please input the following information.
NAT global address range entry number <1~5>: 1
Active interface number <1~8>: 1
----------------------------------------------------------------------
You can delete global IP address range- from 1 to 5- by using delete command.
You can view the global IP address range via list command.
NB712 / NB714 User Guide
YML829 Rev1
103
Download from Www.Somanuals.com. All Manuals Search And Download.
To modify fixed IP address mapping, move the cursor “>>” to fixed command and press enter.
>> modify
interface
Modify fixed NAT mapping
Bind address pair to specific interface
Delete fixed NAT mapping
delete
list Show fixed IP address mapping
You can create up to 10 fixed NAT mapping entries via range command.
----------------------------------------------------------------------
Command: setup ip_share nat fixed modify <1~1o> <ip> <ip>
Message: Please input the following information.
Fixed NAT mapping entry number <1~10>: 1
Local address: 192.168.1.250
Global address: 122.22.22.2
----------------------------------------------------------------------
After configuration fixed IP address entry, you can bind the entry to specific interface via interface command.
----------------------------------------------------------------------
Command: setup ip_share nat fixed interface <1~5> <1~8>
Message: Please input the following information.
Fixed NAT mapping entry number <1~5>: 1
Active interface number (Enter for default) <1~8>: 1
----------------------------------------------------------------------
You can delete fixed NAT mapping entries - from 1 to 5 - by using the delete command.
You can view the fixed NAT mapping entry via list command.
104
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.11 PAT
To configure Port Address Translation, move the cursor “>>” to pat and press enter.
>> clear
modify
list
Clear virtual server mapping
Modify virtual server mapping
Show virtual server mapping pool
You can delete virtual server mapping entry- from 1 to 10- by using clear command.
You can create up to 10 virtual server mapping entry via modify command.
----------------------------------------------------------------------
Command: setup ip_share pat modify <1~10>
Message: Please input the following information.
Virtual server entry number <1~10>: 1
----------------------------------------------------------------------
After key in enter, the screen will prompt as below.
>> interface
port
Active interface
TCP/UDP port number
server
protocol
name
Host IP address and port number
Transport protocol
Service name
begin
The schedule of beginning time
The schedule of ending time
end
Set the active interface number via interface command.
You can configure the global port number by using port command.
The local server, host, IP address and port number are configured via server command.
The authorized access protocol is setup via protocol command.
Name command can be used to configure the service name of the host server.
Begin and end command is used to setup the local server schedule to access.
You can view the fixed NAT mapping entry via list command.
NB712 / NB714 User Guide
105
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.12 DMZ
To setup demilitarized zone, move the cursor “>>” to dmz and press enter.
>> active
Trigger DMZ host function
address
Configure virtual IP address and interface
You can enable the demilitarized zone via active command.
After enabling the DMZ, shift the cursor to address and press enter.
----------------------------------------------------------------------
Command: setup ip_share dmz address <ip> <1~10>
Message: Please input the following information.
Virtual IP address: 192.168.1.251
Active interface number (Enter for default) <1>: 1
----------------------------------------------------------------------
14.16.13 Firewall
The product supports advanced firewall. To setup the advanced firewall, you can use firewall to configure.
>> Level
pkt_filter
Configure firewall security level
Configure packet filter
dos_protection Configure DoS protection
There are three levels of firewall:
Level one, basic, only enables the NAT firewall and the remote management security. The NAT firewall will take
effect if NAT function is enabled. The remote management security is default to block any WAN side connection
to the device. Non-empty legal IP pool in ADMIN will block all remote management connection except those IPs
specified in the pool.
Level two, automatic, enables basic firewall security, all DoS protection, and the SPI filter function.
Level three, advanced, is an advanced level of firewall where the user can determine the security level for a
special purpose, environment and/or applications by configuring DoS protection and defining an extra packet filter
with higher priority than the default SPI filter. Note that, an improper filter policy may degrade the capability of the
firewall and/or even block the normal network traffic.
The firewall security level can configure via level command.
106
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.14 Packet Filtering
Packet filtering function can be configured by pkt_filter command. Move the cursor to pkt_filter and press enter.
>> active
drop_flag
add
Trigger packet filtering function
Drop fragment packets
Add packet filtering rule
Delete packet filtering rule
Modify packet filtering rule
Exchange the filtering rule
Show packet filtering table
delete
modify
exchange
list
To enable the packet filtering function, you can use active command.
Add the packet filtering rule via add command.
>> protocol
Direction
src_ip
Configure protocol type
Configure direction mode
Configure source IP parameter
Configure destination IP parameter
Configure port parameter (TCP and UDP only)
Configure TCP flag (TCP only)
Configure ICMP flag (ICMP only)
dest_ip
port
tcp_flag
icmp_type
description Packet filtering rule description
enable
begin
end
Enable the packet filtering rule
The schedule of beginning time
The schedule of ending time
Configure action mode
action
NB712 / NB714 User Guide
107
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.15 DoS Protection
DoS protection parameters can be configured in dos_protection menu. Move the cursor to dos_protection and
press enter.
>> syn_flood
icmp_flood
udp_flood
Enable protection SYN flood attack
Enable protection ICMP flood attack
Enable protection UDP flood attack
Enable protection ping of death attack
Enable protection land attack
ping_death
land_attack
ip_spoff
Enable protection IP spoofing attack
Enable protection smurf attack
smurf_attack
fraggle_attack Enable protection fraggle attack
A SYN flood attack attempts to slow your network by requesting new connections but not completing the process
to open the connection. Once the buffer for these pending connections is full a server will not accept any more
connections and will be unresponsive.
ICMP Flood: A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed
serving the phony requests.
UDP Flood: A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to
be consumed serving the phony requests.
A ping of death attack attempts to crash your system by sending a fragmented packet, when reconstructed is
larger than the maximum allowable size. Other known variants of the ping of death include teardrop, bonk and
nestea.
A land attack is an attempt to slow your network down by sending a packet with identical source and destination
addresses originating from your network.
IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from
a different computer. This is used by intruders to keep their anonymity and can be used in a Denial of Service
attack.
A smurf attack involves two systems. The attacker sends a packet containing a ICMP echo request (ping) to the
network address of one system. This system is known as the amplifier. The return address of the ping has been
faked (spoofed) to appear to come from a machine on another network (the victim). The victim is then flooded
with responses to the ping. As many responses are generated for only one attack, the attacker is able use many
amplifiers on the same victim.
108
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.16 IPQoS
IP QoS is a function to decide the priorities of setting IPs to transfer packets under the situation of overloading
bandwidth.
To configure IP QoS function, move the cursor to IPQoS and press enter.
>> Active
Add
Trigger IP QoS function
Add IP QoS policy
Delete
Modify
list
Delete IP QoS policy
Modify IP QoS policy
Show IP QoS policy table
You can enable the IPQoS function via active command.
The add parameters of IPQoS can be configured via add command
>> Protocol
local_ip
remote_ip
Port
Configure protocol
Configure local IP parameter
Configure remote IP parameter
Configure port parameter
description Policy description
Enable
Enable the policy
Precedence Configure precedence parameter
The port type is configured by protocol command.
The local ip range is configured by local_ip command.
The remote ip range is configured by remote_ip command.
The port range is configured by port command.
To define the description of policy is configured by description command.
To enable the policy is configured by enable command.
To define the priority of the policy is configured by precedence command
To delete the policy is configured by delete command.
To modify the policy is configured by modify command.
You can view the IPQoS configuration via list command.
NB712 / NB714 User Guide
109
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.17 DHCP
Dynamic Host Configuration Protocol (DHCP) is a communication protocol that lets network administrators to
manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization’s network.
Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address. When an
organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each
machine.
Without DHCP, the IP address must be entered manually at each computer. If computers move to another location
in another part of the network, a new IP address must be entered. DHCP lets a network administrator to supervise
and distribute IP addresses from a central point and automatically sends a new IP address when a computer is
plugged into a different place in the network.
To configure DHCP server, move the cursor to dhcp and press enter.
>> generic
fixed
Configure generic DHCP parameters
Configure fixed host IP address list
Show DHCP configuration
list
The generic DHCP parameters can be configured via generic command.
>> active
Trigger DHCP function
gateway
Default gateway for DHCP client
Subnet mask for DHCP client
Dynamic assigned IP address range
Configure max lease time
Domain name server1
netmask
ip_range
lease_time
name_server1
name_server2
name_server3
Domain name server2
Domain name server3
Active the DHCP function with active command.
Set the default gateway vie gateway command.
The subnet mask for DHCP client is configured by netmask command.
Ip_range command is to configure dynamic assigned IP address range.
The dynamic IP maximum lease time is configured by lease_time command.
You can setup 3 domain name servers via name_server commands.
Fixed Host IP Address list are setup via fixed command.
>> add
Add a fixed host entry
delete
Delete a fixed host entry
You can view the DHCP configuration via list command.
110
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
14.16.18 DNS proxy
You can setup three DNS servers in the router. The number 2 and 3 DNS servers are optional. Move cursor “ >> “
to dns_proxy and press enter.
----------------------------------------------------------------------
Command: setup dns_proxy <IP> [IP] [IP]
Message: Please input the following information.
DNS server 1 (ENTER for default) <168.95.1.1>: 10.0.10.1
DNS server 2: 10.10.10.1
DNS server 3:
----------------------------------------------------------------------
14.16.19 Host name
Enter local host name via hostname command. Move cursor “ >> “ to hostname and press enter.
----------------------------------------------------------------------
Command: setup hostname <name>
Message: Please input the following information.
Local hostname (ENTER for default) <SOHO>: test
----------------------------------------------------------------------
14.16.20 Default
If you want to restore factory default, first move the cursor “ >> “ to default and then press enter.
----------------------------------------------------------------------
Command: setup default <name>
Message: Please input the following information.
Are you sure? (Y/N): y
----------------------------------------------------------------------
NB712 / NB714 User Guide
YML829 Rev1
111
Download from Www.Somanuals.com. All Manuals Search And Download.
Appendix A: Cable Information
This cable information is provided for your reference only. Please ensure you only connect the appropriate cable
into the correct socket on either this product or your computer.
If you are unsure about which cable to use or which socket to connect it to, please refer to the hardware
installation section in this manual. If you are still not sure about cable connections, please contact a professional
computer technician or NetComm for further advice.
RJ-45 Network Ports
RJ-45 Network Ports can connect any networking devices that use a standard LAN interface, such as a
Hub/Switch Hub or Router. Use unshielded twisted-pair (UTP) or shield twisted-pair (STP) cable to connect the
networking device to the RJ-45 Ethernet port. Depending on the type of connection, 10Mbps or 100Mbps, use
the following Ethernet cable, as prescribed.
10Mbps:
100Mbps:
Note:
Use EIA/TIA-568-100-Category 3, 4 or 5 cable.
Use EIA/TIA-568-100-Category 5 cable.
To prevent loss of signal, make sure that the length of any twisted-pair connection
does not exceed 100 metres.
RJ-45 Connector
Pin Assignment
Normal Assignment
1
2
3
6
Input Receive Data +
Input Receive Data -
Output Transmit Data +
Output Transmit Data -
Not used
4,5,7,8
Figure 1
RJ-45 plug attached
to cable
Figure 2
112
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Straight and crossover cable configuration
There are two types of the wiring: Straight-Through Cables and Crossover Cables. Category 5 UTP/STP cable has
eight wires inside the sheath. The wires form four pairs. Straight-Through Cables has same pinouts at both ends
while Crossover Cables has a different pin arrangement at each end.
In a straight-through cable, wires 1,2,3,4,5,6,7 and 8 at one end of the cable are still wires 1~8 at the other end.
In a crossover cable, the wires of 1,2,3,6 are reversed so that wire 1 become 3 at the other end of the cable, 2
becomes 6, and so forth.
To determine which wire is wire 1, hold the RJ-45 cable tip with the spring clip facing towards the ground and the
end pointing away from you. The copper wires exposed upwards to your view. The first wire on the far left is wire
1. You can also refer to the illustrations and charts of the internal wiring on the following page.
Straight-Through Cabling
Figure 3
Wire
Becomes
1
1
2
3
6
2
3
6
Cross-Over Cabling
Figure 4
Wire
Becomes
1
3
6
1
2
3
6
2
Note:
To prevent loss of signal, make sure that the length of any twisted-pair connection
does not exceed 100 metres.
NB712 / NB714 User Guide
YML829 Rev1
113
Download from Www.Somanuals.com. All Manuals Search And Download.
SHDSL Line Connector
Console Cable
Pin Number
Description
No connection
RxD (O)
1
2
3
4
5
6
7
8
9
TxD (I)
No connection
GND
No connection
CTS (O)
RTS (I)
No connection
114
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Appendix B: Registration and Warranty Information
All NetComm Limited (“NetComm”) products have a standard 12 month warranty from date of purchase against defects in manufacturing and that
the products will operate in accordance with the specifications outlined in the User Guide. However some products have an extended warranty
option (please refer to your packaging). To be eligible for the extended warranty you must supply the requested warranty information to NetComm
within 30 days of the original purchase by registering on-line via the NetComm web site at:
www.netcomm.com.au
Contact Information
If you have any technical difficulties with your product, please do not hesitate to contact NetComm’s Customer Support Department.
Email:
Fax:
(+612) 9424-2010
Web:
www.netcomm.com.au
Copyright Information
This manual is copyright. Apart from any fair dealing for the purposes of private study, research, criticism or review, as permitted under the
Copyright Act, no part may be reproduced, stored in a retrieval system or transmitted in any form, by any means, be it electronic, mechanical,
recording or otherwise, without the prior written permission of NetComm Limited. NetComm Limited accepts no liability or responsibility, for
consequences arising from the use of this product. Please note that the images used in this document may vary slightly from those of the actual
product. Specifications are accurate at the time of the preparation of this document but are subject to change without notice.
NetComm Limited reserves the right to change the specifications and operating details of this product without notice. NetComm is a registered
trademark of NetComm Limited. All other trademarks are acknowledged the property of their respective owners.
Customer Information
ACA (Australian Communications Authority) requires you to be aware of the following information and warnings:
(1) This unit shall be connected to the Telecommunication Network through a line cord which meets the requirements of the ACA
TS008 Standard.
(2) This equipment has been tested and found to comply with the Standards for C-Tick and or A-Tick as set by the ACA. These
standards are designed to provide reasonable protection against harmful interference in a residential installation. This equipment
generates, uses, and can radiate radio noise and, if not installed and used in accordance with the instructions detailed within this
manual, may cause interference to radio communications. However, there is no guarantee that interference will not occur with the
installation of this product in your home or office. If this equipment does cause some degree of interference to radio or television
reception, which can be determined by turning the equipment off and on, we encourage the user to try to correct the interference
by one or more of the following measures:
•
•
•
Change the direction or relocate the receiving antenna.
Increase the separation between this equipment and the receiver.
Connect the equipment to an alternate power outlet on a different power circuit from that to which the receiver/TV is con-
nected.
•
Consult an experienced radio/TV technician for help.
(3) The power supply that is provided with this unit is only intended for use with this product. Do not use this power supply with any
other product or do not use any other power supply that is not approved for use with this product by NetComm. Failure to do so
may cause damage to this product, fire or result in personal injury.
NB712 / NB714 User Guide
YML829 Rev1
115
Download from Www.Somanuals.com. All Manuals Search And Download.
Product Warranty
The warranty is granted on the following conditions:
1. This warranty extends to the original purchaser (you) and is not transferable;
2. This warranty shall not apply to software programs, batteries, power supplies, cables or other accessories supplied in or with the
product;
3. The customer complies with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of
NetComm including producing such evidence of purchase as NetComm may require;
4. The cost of transporting product to and from NetComm’s nominated premises is your responsibility; and,
5. NetComm does not have any liability or responsibility under this warranty where any cost, loss, injury or damage of any kind,
whether direct, indirect, consequential, incidental or otherwise arises out of events beyond NetComm’s reasonable control. This
includes but is not limited to: acts of God, war, riot, embargoes, acts of civil or military authorities, fire, floods, electricity outages,
lightning, power surges, or shortages of materials or labour.
6. The customer is responsible for the security of their computer and network at all times. Security features may be disabled within
the factory default settings. NetComm recommends that you enable these features to enhance your security.
The warranty is automatically voided if:
1. You, or someone else, use the product, or attempts to use it, other than as specified by NetComm;
2. The fault or defect in your product is the result of a voltage surge subjected to the product either by the way of power supply or
communication line, whether caused by thunderstorm activity or any other cause(s);
3. The fault is the result of accidental damage or damage in transit, including but not limited to liquid spillage;
4. Your product has been used for any purposes other than that for which it is sold, or in any way other than in strict accordance
with the user manual supplied;
5. Your product has been repaired or modified or attempted to be repaired or modified, other than by a qualified person at a service
centre authorised by NetComm; and,
6. The serial number has been defaced or altered in any way or if the serial number plate has been removed.
Limitations of Warranty
The Trade Practices Act 1974 and corresponding State and Territory Fair Trading Acts or legalisation of another Government (“the relevant acts”) in
certain circumstances imply mandatory conditions and warranties which cannot be excluded. This warranty is in addition to and not in replacement
for such conditions and warranties.
To the extent permitted by the Relevant Acts, in relation to your product and any other materials provided with the product (“the Goods”) the liability
of NetComm under the Relevant Acts is limited at the option of NetComm to:
•
•
•
•
Replacement of the Goods; or
Repair of the Goods; or
Payment of the cost of replacing the Goods; or
Payment of the cost of having the Goods repaired.
116
NB712 / NB714 User Guide
YML829 Rev1
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
|