Chapter 1

Getting to know your BCM50a Integrated Router

31

This chapter introduces the main features and applications of the BCM50a

Integrated Router.

Introducing the BCM50a Integrated Router

The BCM50a Integrated Router is an ideal secure gateway for all data passing between the Internet and the Local Area Network (LAN).

Your BCM50a Integrated Router integrates high-speed 10/100 Megabits per second (Mb/s) autonegotiating LAN interfaces and a high-speed Asymmetrical

Digital Subscriber Line Plus (ADSL2+) port into a single package. The BCM50a

Integrated Router is ideal for high-speed Internet browsing and making

LAN-to-LAN connections to remote networks. By integrating Digital Subscriber

Line (DSL) and Network Address Translation (NAT), the BCM50a Integrated

Router provides easy installation and Internet access. By integrating firewall and

Virtual Private Network (VPN) capabilities, the BCM50a Integrated Router is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.

Features

This section lists the key features of the BCM50a Integrated Router.

Table 1 Feature specifications

Feature

Number of static routes

Number of NAT sessions

Specification

12

4096

BCM50a Integrated Router Configuration — Basics

32 Chapter 1 Getting to know your BCM50a Integrated Router

Table 1 Feature specifications

Feature Specification

Number of SUA (Single User Account) servers

Number of address mapping rules

Number of configurable VPN rules (gateway policies)

Number of configurable IPSec VPN IP policies (network policies)

Number of concurrent IKE (Internet Key Exchange) Phase 1 Security

Associations:

These correspond to the gateway policies.

Number of concurrent IPSec VPN tunnels (Phase 2 Security

Associations):

These correspond to the network policies and are also monitorable and manageable. For example, 5 IKE gateway policies could each use 12

IPSec tunnels for a total of 60 phase 2 IPSec VPN tunnels. This total includes both branch office tunnels and VPN client-termination tunnels.

Number of IP pools that can be used to assign IP addresses to remote users for VPN client termination

60

3

Number of configurable split networks for VPN client termination 16

Number of configurable inverse split networks for VPN client termination 16

Number of configurable subnets per split network for VPN client termination

64

12

10

10

60

10

Physical features

High-speed Internet access

Your BCM50a Integrated Router supports ADSL2+ (Asymmetrical Digital

Subscriber Line) for high transmission speeds and long connection distances.

ADSL standards

• Multimode standard (ANSI (American National Standards Institute) T1.413,

Issue 2; G.dmt (G.992.1 Discrete Multitone Modulation)

• EOC (Embedded Operations Channel) specified in ITU-T

(Telecommunication Standardization Sector of the International

Telecommunications Union) G.992.1

• ADSL2 G.dmt.bis (G.992.3)

• ADSL2+ (G.992.5)

N0115790

Chapter 1 Getting to know your BCM50a Integrated Router 33

• Extended-reach ADSL (ER ADSL)

• SRA (Seamless Rate Adaptation)

• Autonegotiating rate adaptation

• ADSL physical connection ATM (Asynchronous Transfer Mode) AAL5

(Adaptation Layer type 5)·

• Multiprotocol over AAL5 (Request For Comments (RFC) 2684/1483)

• Support Point-to-Point-Protocol over ATM AAL5 (PPPoA) (RFC 2364)

• PPP over Ethernet support for DSL (Digital Subscriber Line) connection

(RFC 2516)

• Support Virtual Circuit (VC) based and LLC (Logical Link Control) based multiplexing

• Support OAM (Operational, Administration and Maintenance) VC Hunt

• I.610 F4/F5 OAM

Networking compatibility

Your BCM50a Integrated Router is compatible with the major ADSL Digital

Subscriber Line Access Multiplexer (DSLAM) providers, making configuration as simple as possible.

Multiplexing

The BCM50a Integrated Router supports VC-based and LLC-based multiplexing.

Encapsulation

The BCM50a Integrated Router supports PPPoA (RFC 2364 - PPP over ATM

Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC (Media Access

Control) encapsulated routing (ENET encapsulation) as well as PPP over Ethernet

(RFC 2516).

Four-Port switch

A combination of switch and router makes your BCM50a Integrated Router a cost-effective and viable network solution. You can connect up to four computers or phones to the BCM50a Integrated Router without the cost of a switch. Use a switch to add more than four computers or phones to your LAN.

BCM50a Integrated Router Configuration — Basics

34 Chapter 1 Getting to know your BCM50a Integrated Router

Autonegotiating 10/100 Mb/s Ethernet LAN

The LAN interfaces automatically detect if they are on a 10 or a 100 Mb/s

Ethernet.

Autosensing 10/100 Mb/s Ethernet LAN

The LAN interfaces automatically adjust to either a crossover or straight through

Ethernet cable.

Time and date

Using the BCM50a Integrated Router, you can get the current time and date from an external server when you turn on your BCM50a Integrated Router. You can also set the time manually.

Reset button

There is a 'Cold Reset Router' button that is accessible from the Element Manager

Administration/Utilities/Reset page.Use this button to restore the factory default password to setup and the IP address to 192.168.1.1, subnet mask 255.255.255.0, and DHCP server enabled with a pool of 126 IP addresses starting at 192.168.1.2.

Nonphysical features

IPSec VPN capability

Establish Virtual Private Network (VPN) tunnels to connect home or office computers to your company network using data encryption and the Internet; thus providing secure communications without the expense of leased site-to-site lines.

VPN is based on the IPSec standard and is fully interoperable with other

IPSec-based VPN products.

Nortel Contivity Client Termination

The BCM50a Integrated Router supports VPN connections from computers using

Nortel Contivity VPN Client 3.0, 5.01, 5.11, 6.01, 6.02, or 7.01 software.

N0115790

Chapter 1 Getting to know your BCM50a Integrated Router 35

Certificates

The BCM50a Integrated Router can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way to exchange public keys for use in authentication.

SSH

The BCM50a Integrated Router uses the SSH (Secure Shell) secure communication protocol to provide secure encrypted communication between two hosts over an unsecured network.

HTTPS

HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web sessions. Use HTTPS for secure

WebGUI access to the BCM50a Integrated Router.

Firewall

The BCM50a Integrated Router has a stateful inspection firewall with DoS

(Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN (Wide Area Network) to the LAN is blocked unless it is initiated from the LAN. The BCM50a Integrated Router firewall supports TCP/UDP inspection, DoS detection and protection, real time alerts, reports and logs.

Brute force password guessing protection

The BCM50a Integrated Router has a special protection mechanism to discourage brute force password guessing attacks on the BCM50a Integrated Router management interfaces. You can specify a wait time that must expire before you can enter a fourth password after entering three incorrect passwords.

BCM50a Integrated Router Configuration — Basics

36 Chapter 1 Getting to know your BCM50a Integrated Router

Content filtering

The BCM50a Integrated Router can block web features such as ActiveX controls,

Java applets, and cookies, as well as disable web proxies. The BCM50a Integrated

Router can block specific URLs by using the keyword feature. The administrator can also define time periods and days during which content filtering is enabled.

Packet filtering

The packet filtering mechanism blocks unwanted traffic from entering or leaving your network.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the BCM50a Integrated Router and other

UPnP-enabled devices can dynamically join a network, obtain an IP address, and convey its capabilities to other devices on the network.

Call scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high-speed data networks through a familiar dial-up networking user interface.

Dynamic DNS support

With Dynamic DNS (Domain Name System) support, you can have a static host name alias for a dynamic IP address, so the host is more easily accessible from various locations on the Internet. You must register for this service with a

Dynamic DNS service provider.

N0115790

Chapter 1 Getting to know your BCM50a Integrated Router 37

IP Multicast

The BCM50a Integrated Router can use IP multicast to deliver IP packets to a specific group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The BCM50a Integrated Router supports versions 1 and 2.

IP Alias

Using IP Alias, you can partition a physical network into logical networks over the same Ethernet interface. The BCM50a Integrated Router supports three logical LAN interfaces through its single physical Ethernet LAN interface with the BCM50a Integrated Router itself as the gateway for each LAN network.

Central Network Management

With Central Network Management (CNM), an enterprise or service provider network administrator can manage your BCM50a Integrated Router. The enterprise or service provider network administrator can configure your BCM50a

Integrated Router, perform firmware upgrades, and do troubleshooting for you.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the

TCP/IP protocol suite. Your BCM50a Integrated Router supports SNMP agent functionality, which means that a manager station can manage and monitor the

BCM50a Integrated Router through the network. The BCM50a Integrated Router supports SNMP versions 1 and 2 (SNMPv1 and SNMPv2).

Network Address Translation (NAT)

NAT (Network Address Translation — NAT, RFC 1631) translate multiple IP addresses used within one network to different IP addresses known within another network.

BCM50a Integrated Router Configuration — Basics

38 Chapter 1 Getting to know your BCM50a Integrated Router

Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway when the BCM50a

Integrated Router cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.

Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You can enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

DHCP (Dynamic Host Configuration Protocol)

With DHCP (Dynamic Host Configuration Protocol), individual client computers can obtain the TCP/IP configuration at start-up from a centralized DHCP server.

The BCM50a Integrated Router has built in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway, and DNS servers to all systems that support the DHCP client. The BCM50a Integrated

Router can also act as a surrogate DHCP server, where it relays IP address assignment from another DHCP server to the clients.

Full network management

The embedded web configurator is an all platform, web based utility that you can use to easily manage and configure the BCM50a Integrated Router. Most functions of the BCM50a Integrated Router are also software configurable through the SMT (System Management Terminal) interface. The SMT is a menu driven interface that you can access over a Telnet connection.

Logging and tracing

The BCM50a Integrated Router supports the following logging and tracing functions to help with management:

• Built in message logging and packet tracing

• Unix syslog facility support

N0115790

Chapter 1 Getting to know your BCM50a Integrated Router 39

Upgrade BCM50a Integrated Router Firmware

The firmware of the BCM50a Integrated Router can be upgraded manually through the WebGUI.

Embedded FTP and TFTP Servers

The embedded FTP and TFTP servers enable fast firmware upgrades, as well as configuration file backups and restoration.

Applications for the BCM50a Integrated Router

Secure broadband internet access and VPN

The BCM50a Integrated Router provides broadband Internet access through

ADSL. The BCM50a Integrated Router also provides IP address sharing and a firewall protected local network with traffic management.

The BCM50a Integrated Router VPN is an ideal, cost effective way to connect branch offices and business partners over the Internet without the need (and expense) of leased lines between sites. The LAN computers can share the VPN tunnels for secure connections to remote computers.

BCM50a Integrated Router Configuration — Basics

40 Chapter 1 Getting to know your BCM50a Integrated Router

Figure 1 Secure Internet Access and VPN Application

BCM50a Integrated Router

Caution: Electro-static Discharge can disrupt the router. Use appropriate handling precautions to avoid ESD. Avoid touching the connectors on the router, particularly when it is in use.

N0115790