advertisement
iConnectAccess621
Technical Reference / User Guide
iConnectAccess621
Technical Reference
C o p y r i i g h t
Copyright© 2006 OPEN Networks Pty Ltd. All rights reserved. The content of this manual is subject to change without notice. The information and messages contained herein are proprietary to OPEN Networks Pty Ltd. No part of this manual may be translated, transcribed, reproduced, in any form, or by any means without prior written permission by OPEN Networks Pty Ltd.
D i i s c l l a i i m e r
For content and procedures available in this document, OPEN Networks Pty Ltd does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed.
Rev.:
Date Released:
1
February 2006 www.opennw.com
2
iConnectAccess621
Technical Reference
Table Of Contents
Host Operating Systems Support For USB: ...................................................... 7
Your iConnectAccess621 At A Glance................................................................ 8
Configuring Your Ethernet Network Card / Installing Your USB Device.......... 11
Configuring Your Ethernet Network Card........................................................ 12
Me .............................................................. 12
XP.................................................................................... 13
Installing The USB Device Driver – Windows
98 SE........................................................ 14
Installing The USB Device Driver - For Windows
Me ........................................................ 15
Installing The USB Device Driver - For Windows
2000 ..................................................... 15
Installing The USB Device Driver - For Windows
XP ........................................................ 16
Log Into Your iConnectAccess621.................................................................. 18
Wide Area Network (WAN) Setup ................................................................... 26
www.opennw.com
3
iConnectAccess621
Technical Reference
www.opennw.com
4
iConnectAccess621
Technical Reference
Document Conventions
When using this manual, certain words are represented in different fonts, typefaces, and weights. This highlighting is systematic: different words are represented in the same style to indicate their inclusion in a specific category. The types of words represented in this way are listed in the following table:
Type Face Used For:
Bold Typeface
GUI tabs;
GUI menu items;
Window and screen buttons
Italics
Window, dialog and screen names:
Titles;
Field names.
User-entered data
<Bold>
Data entered by the user
Computer keyboard commands
Also, different strategies are used to draw your attention to certain pieces of information.
In order of how critical the information is to your system, these items are marked as Note,
Tip or Warning. For example:
NOTE:
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
TIP:
TIP:
Ensure your computer is configured for DHCP mode and that proxies are disabled in your browser.
You must also ensure that JavaScript support is enabled in browser settings, so that the browser does not display a login redirection screen.
Finally, if any screen other than the Login screen appears, you may need to delete your temporary Internet files. (ie, basically flush the cached web pages).
WARNING:
WARNING!
WARNING!
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
www.opennw.com
5
iConnectAccess621
Technical Reference
Introduction
Congratulations on the purchase of your iConnectAccess621. Fully-featured, it is the perfect high-speed ADSL Modem WAN bridge/router, specifically designed to connect your computer or LAN to the Internet and directly connect to your local area network via a high speed 10/100 Mbps Ethernet port.
The iConnectAccess621’s extensive routing and bridging functions render it a flexible and scaleable platform for multiple users to access the Internet. Features include port forwarding and VPN pass-through, along with the ability to enable public or private
Intranet solutions through a single IP address, using its RIP v 1 / 2 routing engine or
NAPT features.
The highest levels of security are implemented in the iConnectAccess621, including
Stateful Packet Inspection firewall and DMZ support for a full suite of security options against malicious intruders.
The iConnectAccess621 is fully compatible with all computers which support an Ethernet interface and are running a TCP/IP protocol stack. So, plug in the iConnectAccess621
(refer to the Quick Start Guide), configure it (per your ISP’s instructions) and enjoy fast
Internet access as never before!
www.opennw.com
6
iConnectAccess621
Technical Reference
System Requirements
A Pentium
®
MMX 233MHz or greater computer, installed with the following:
CD-ROM drive;
Ethernet card installed with TCP/IP Protocol (required only if you are connecting to the Ethernet port of your router);
USB Port (required only if you are connecting to the USB Port of your router);
Host Operating Systems Support For USB:
Windows® 98 Second Edition;
Windows® 2000;
Windows® Me;
Windows® XP;
OS independent for Ethernet.
Web Browser Support:
Microsoft Internet Explorer 4.0 (or later versions);
Netscape® Navigator 3.02 (or later versions).
www.opennw.com
7
iConnectAccess621
Technical Reference
Your iConnectAccess621 At A Glance
The iConnectAccess621 has different ports and LEDs. The following list details these:
Ports And Buttons
ADSL
The grey phone cable connects from the ADSL port of the iConnectAccess621 to the
ADSL port of your line filter. (ADSL Line)
USB
The blue USB cable connects from the USB port of the iConnectAccess621 to the USB port on your computer / notebook.
ETHERNET
The yellow Ethernet cable connects from the Ethernet port of the iConnectAccess621 to the Ethernet LAN port of your computer.
RESET
This button resets your iConnectAccess621 to factory default settings. (All customized settings will be lost when you perform a reset.)
DC
The power cable connects from the DC port of the iConnectAccess621 to the mains power outlet. Remember to use only the power cable supplied with your iConnectAccess621, and ensure you switch the power switch to the ON position.
NOTE:
As each of the cables is connected, the corresponding LED will light up on the front of the iConnectAccess621.
www.opennw.com
8
iConnectAccess621
Technical Reference
Reset
Reset And Restore To Factory Defaults:
The Restore To Factory Defaults feature will reset the iConnectAccess621 to its factory default configuration. If configuration details in the router are changed, or following a firmware upgrade, you may lose the ability to configure it via the web interface. In order to restore this functionality, you may need to reset it to factory defaults.
To Reset The iConnectAccess621:
Ensure that the iConnectAccess621 has been powered on for a minimum of 10 seconds.
Use a blunt implement, such as a pencil or paperclip to press the reset button for 10 seconds, then release it.
NOTE:
During this time the reset is in progress. Do NOT power the iConnectAccess621 off whilst it resets.
The iConnectAccess621 will be reset to its factory defaults and once the indicator lights have returned to green (non-blinking), the reset is complete.
www.opennw.com
9
Front LED Panel iConnectAccess621
Technical Reference
The following table displays the LED Status of each of the iConnectAccess621’s LEDs and the definitions of each:
ADSL Front
Panel LED
LED Status Definition
PPP
PWR
DSL
ETH/ACT
USB
Steadily Lit Up
Flickering
Steadily Lit Up
Flickering
Steadily Lit Up
Flickering
Steadily Lit Up
Flickering
Steadily Lit Up
Flickering
PPP connection to iConnectAccess621 is established.
N/A
Power is supplied to the iConnectAccess621.
N/A
ADSL connection is established.
Router is trying to establish connection with ADSL
Service Provider.
iConnectAccess621 Ethernet cable is properly connected to Computer Ethernet port.
Ethernet is transmitting / receiving data.
USB connection is established.
USB port is transmitting / receiving data www.opennw.com
10
iConnectAccess621
Technical Reference
Installing Your iConnectAccess621
step 1 step 2 step 3
Locate an optimum location for the iConnectAccess621.
Connect the Power Adaptor to mains power.
Now that the hardware installation is complete, you may need to configure
Ethernet and USB drivers. Proceed to Configuring Your Ethernet Network
Card / Installing Your USB Device for more information.
Before You Begin
Before you can use your iConnectAccess621, you may need to install drivers for the USB ports and configure your Ethernet ports on the computer.
Configuring Your Ethernet Network Card / Installing Your USB
Device
The table below displays the procedures you will need to follow to configure your
Ethernet and / or USB, depending on the how you connect your iConnectAccess621 to your network and the operating system you use.
621 Port Type
Ethernet
USB
Ethernet and USB
Computer Port Type
Ethernet Network Card / Network
Hub/Switch
USB Interface
Ethernet Network Card / Network
Hub/Switch and USB interface
Procedure
Configuring Your Ethernet Network
Card
Installing the USB Device Driver
Configuring Your Ethernet Network
Card
Installing the USB Device Driver www.opennw.com
11
iConnectAccess621
Technical Reference
Configuring Your Ethernet Network Card
For Windows
®
98 Second Edition / Windows
®
Me
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are configuring your Ethernet Driver in Windows. Those below are for first-time configurations.
step 1 step 2 step 3 step 4 step 5 step 6 step 7
From your Windows desktop, click Start > Settings > Control Panel.
From the Control Panel window, double-click the Network icon.
From the Network screen, highlight the Configuration tab to make it active.
From the The following network components are installed area of the window, select TCP/IP-> xxx where xxx refers to the model of the Ethernet card connected to your ADSL Router, click Properties.
From the TCP/IP Properties screen, click the IP Address tab to make it active.
Highlight the Obtain an IP Address Automatically radio button, and click OK to save the settings.
Ensure that the iConnectAccess621 is powered on. Restart your system when prompted.
www.opennw.com
12
iConnectAccess621
Technical Reference
For Windows
®
2000 / Windows
®
XP
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are configuring your Ethernet Driver in Windows. Those below are for first-time configurations.
Windows® 2000:
step 1
From your Windows desktop, click Start > Control Panel.
step 2 step 3
From the Control Panel window, double-click the Network Connections icon.
At the Network Connections window, right-click on the Local Area
Connection icon and click Properties.
step 4
Proceed from step 3 in the Windows XP Ethernet Driver Configuration
Procedure below.
Windows® XP:
step 1 step 2 step 3
NOTE:
Instructions are based on the default Start menu option.
From your Windows desktop, click Start > Control Panel.
From the Network Connections window, right-click on the Local Area
Connection icon and select Properties.
In the Properties window of the LAN connected, ensure that the Connect
Using field indicates the model of the Ethernet Card connected to your iConnectAccess621.
step 4 step 5 step 6 step 7
NOTE:
This is important especially if you have more than one Local Area Connection
icon displayed in the Network Connections window. Ensure that you have
selected the correct one.
From the This connection uses the following items: area of the Properties window, select Internet Protocol (TCP/IP) and click Properties.
From the General tab of Internet Protocol (TCP/IP) Properties window, highlight the Obtain an IP Address Automatically radio button, and click OK.
Click OK again to close the dialog.
Ensure that your iConnectAccess621 is powered on. Restart your system when prompted.
www.opennw.com
13
iConnectAccess621
Technical Reference
Installing The USB Device Driver
Installing The USB Device Driver – Windows
®
98 SE
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are installing your USB Driver in Windows. Those below are for first-time installations.
Windows
®
98 Second Edition
step 1 step 2
Power on your computer to start Windows.
Place the iConnect Access CD into your CD-ROM drive. In the first screen of the Add New Hardware Wizard, click Next.
NOTE:
Ensure that when the Add New Hardware screen appears, USB
Composite Device is the message that appears in the screen. If it does not, see the Advanced / Technical section of the iConnectAccess online
User Guide for more information.
step 3 step 4 step 5 step 6
From the second screen of the Add New Hardware Wizard, highlight the
Search for the best driver for your device (Recommended) radio button and click Next.
From the third screen of the Add New Hardware Wizard, check the CD-ROM
drives checkbox and click Next.
From the fourth screen of the Add New Hardware Wizard, highlight The
updated driver (Recommended) DSL Router USB Remote NDIS Network
Device radio button and click Next.
From the fifth screen of the Add New Hardware Wizard, click Next to proceed with the installation for the indicated driver.
NOTE:
Depending on your system configurations, you may be prompted for your
Windows CD-ROM during installation. If this occurs, replace the
Installation CD in your CD-ROM Drive with your Windows CD-ROM when
prompted and click OK.
At the Copying Files dialog box, enter the path of your Windows CD-ROM
and click OK. step 7 step 8
From the final screen of the Add New Hardware Wizard, click Finish to complete the USB driver installation.
Click Yes when your computer prompts you to reboot.
www.opennw.com
14
iConnectAccess621
Technical Reference
Installing The USB Device Driver - For Windows
®
Me
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are installing your USB Driver in Windows. Those below are for first-time installations.
step 1 step 2 step 3 step 4 step 5 step 6 step 7
Power on your computer to start Windows.
Place the iConnectAccess CD into your CD-ROM Drive.
In the Windows has found the following new hardware screen, highlight the
Specify the location of the driver (Advanced) radio button and click Next.
From the second Add New Hardware Wizard screen, check the Removable
Media checkbox and click Next.
From the third Add New Hardware Wizard screen, click Next again to proceed with the installation for the indicated driver.
From the fourth Add New Hardware Wizard screen, click Finish to complete the USB driver installation.
Click Yes when your computer prompts you to reboot.
Installing The USB Device Driver - For Windows
®
2000
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are installing your USB Driver in Windows. Those below are for first-time installations.
step 1 step 2 step 3 step 4 step 5 step 6
Power on your computer to start Windows.
Place the iConnectAccess CD into your CD-ROM Drive.
At the Welcome to the Found New Hardware Wizard screen, click Next.
From the Install Hardware Device Drivers screen, highlight the Search for a
suitable driver for my device (recommended) radio button and click Next.
From the Locate Driver Files screen, check the CD-ROM drives check box and click Next.
From the Driver Files Search Results screen, click Next to proceed with the installation for the indicated driver.
step 7
NOTE:
You may be prompted with the Digital Signature Not Found dialog box during installation. (This happens when Windows detects your driver as a
new version.) Click Yes to proceed with the installation.
From the Completing the Found New hardware Wizard screen, click Finish.
www.opennw.com
15
iConnectAccess621
Technical Reference
Installing The USB Device Driver - For Windows
®
XP
NOTE:
Please note that these instructions may vary, depending on whether this is the first time you are installing your USB Driver in Windows. Those below are for first-time installations.
step 1 step 2 step 3 step 4
Power on your computer to start Windows.
Place the iConnectAccess CD into your CD-ROM Drive.
In the Welcome to the Found New Hardware Wizard screen, highlight the
Install from a list or specific location (Advanced) radio button and click Next.
From the Please choose your search and installation options screen, check the Search removable media checkbox and click Next.
step 5
NOTE:
You may be prompted with the Hardware Installation dialog box during
installation. (This occurs when Windows detects your driver as a new
version.) Click Continue to proceed with the installation.
From the Completing the Found New Hardware Wizard screen, click Finish when prompted.
www.opennw.com
16
iConnectAccess621
Technical Reference
Setting Up Your iConnectAccess621
This section will guide you through your iConnectAccess621’s configuration via the web interface. The iConnectAccess621 is shipped with a standard PPP configuration.
Default Settings
The following table lists the default settings for your iConnectAccess621. These settings may change depending on your DSL Provider / ISP. Please check with your DSL
Provider / ISP for more information.
Setting
Login Username
Login Password
New Connection
LAN Configuration
Default Value
root
ØP3N (0 = zero, P, 3, N)
Name
Username
Password
<blank>
<blank>
<blank>
Protocol
VPI
VCI
PPPoE
8
Authentication
IP Address
Netmask
Server On Enabled
35
Auto
192.168.1.254
255.255.255.0
Start IP
End IP
Lease Time
192.168.1.100
192.168.1.200
604800 sec (7 days) www.opennw.com
17
iConnectAccess621
Technical Reference
Log Into Your iConnectAccess621
To Configure Your iConnectAccess621:
step 1
Open your web browser and enter http://192.168.1.254 in the
Address bar, then click <Enter>. The following appears: step 2 step 3
In the Log In screen, enter root (case sensitive) in the Username field and in the Password field, enter ØP3N (0 = zero, P, 3, N - case sensitive).
Click Log In.
TIP:
Ensure your computer is configured for DHCP mode and that proxies are disabled in your browser. See the procedures for configuring your Ethernet.
You must also ensure that JavaScript support is enabled in browser settings, so that the browser does not display a login redirection screen. Finally, if any screen other than the Login screen appears, you may need to delete your temporary Internet files. (ie, basically flush the cached web pages).
Logging in allows you to access the iConnectAccess621’s web interface. This consists of the following six tabs that provide all the options you need to configure your iConnectAccess621:
Tab
Home
Setup
Advanced
Tools
Status
Help
Function
Screen listing all available modem web interface configuration options, and modem status information.
Configuration of LAN and WAN Settings
Configuration of advanced options within the iConnectAccess621 such as security, routing and filtering.
Access tools and diagnostics to assist in debugging.
Obtain the status of the iConnectAccess621.
View the online help.
www.opennw.com
18
iConnectAccess621
Technical Reference
Home Tab
After you have logged in, the first screen to appear will be the Home tab screen. This is the screen from which you navigate to all other modem configuration options, by clicking the appropriate tab.
It also displays the status and details of your connection, including the DSL speed and the firmware version. You can click the Refresh button to update the system status details as required.
www.opennw.com
19
iConnectAccess621
Technical Reference
Setup Tab
The Setup tab allows you to set up the LAN and WAN sides of your networks, including:
DHCP Configuration;
Management IP;
New WAN Connections;
Modem Configuration.
Accessing The Setup Main Screen:
From any screen of the web interface,
Click Setup. The following screen appears:
The Setup screen consists of two set up subsections: LAN Setup and WAN Setup. From here you can select the LAN and WAN Settings you wish to configure by clicking the appropriate links from the menu list.
www.opennw.com
20
iConnectAccess621
Technical Reference
LAN Set Up
By default, your iConnectAccess621 has the DHCP server (LAN side) enabled. If you already have a DHCP server running on your network, you must disable one of them; if you connect a second DHCP server into the network, you will experience network errors and the network will not function normally.
Accessing The LAN Configuration Screen
Before configuring the IP settings for your LAN, you will need to select the Ethernet interface type to set up in the LAN Configuration screen.
To do this, from any web interface screen: step 1
Click Setup, then LAN Configuration. The following screen appears: step 2
Click Configure. The following screen appears.
Enabling DHCP
step 1
Follow steps 1 to 3 of the Accessing The LAN Configuration Screen
procedure.
www.opennw.com
21
step 2 step 3 step 4 step 5
iConnectAccess621
Technical Reference
In the Enable DHCP Server area of the screen, highlight the Enable DHCP
Server radio button.
Enter the Start IP Address in the Start IP: field. This address is the beginning of the range from which the DHCP Server starts issuing IP addresses.
Enter the End IP Address in the End IP Address field. This address is the end of the range from which the DHCP Server issues IP addresses.
Click Apply, then Save / Restart Menu. The following appears:
Field
Unmanaged
Obtain an IP address automatically
IP Address
Netmask
Use the following Static IP Address
IP Address
Netmask
Hostname
Domain
step 6
Click Save All to save the changes permanently.
The following table lists the LAN Group 1 Configuration screen fields and their definitions:
Default Gateway
Description
Highlight this radio button if this interface does not require a management IP address.
Check this checkbox if the 621 is acting as a DHCP client. The 621 will receive an IP Address from the specified DHCP server.
This field will be populated when the iConnectAccess621 receives an IP
Address from a DHCP Server.
This field will be populated when the iConnectAccess621 receives an IP
Address from a DHCP Server.
Highlight this radio button to use a static address for your router.
The Default IP Address for the iConnectAccess621 is 192.168.1.254. Its
Subnet Mask is 255.255.255.0, and this allows you to support 254 users.
If you wish to support a larger number of users, you can alter the Subnet
Mask. However, if you do, remember the DHCP Server is defaulted to give out 101 IP Addresses.
A mask used to determine the subnet to which an IP address belongs. This is the Subnet Mask that will be assigned to the Management interface of the iConnectAccess621.
The default gateway is a host to which local computers send data that is destined for a non-local machine. On the iConnectAccess621, configure the default gateway address here to reach all computers that are not on the same local IP subnet. This is usually delivered automatically by the ISP.
This is the assigned hostname for the iConnectAccess621. The Hostname can be any alphanumeric word that does not contain spaces.
The Domain Name is used in conjunction with the Hostname to uniquely identify the iConnectAccess621. Domain Names always have 2 or more www.opennw.com
22
Field
Enable DHCP Server
Start IP
End IP
Lease Time
Enable DHCP Relay
Server and Relay Off
Services
Status
iConnectAccess621
Technical Reference
Description
parts, separated by dots. The part on the left is the most specific, and the part on the right is the most general. Usually, all of the hosts on a given
Network will have the same part as the right-hand portion of their Domain
Names.
Highlighting the Enable DHCP Server radio button turns on the DHCP server. This will need to be disabled if a DHCP server is already running on the LAN. The DHCP Server is set to on by default.
This address is the beginning of the range from which the DHCP Server starts issuing IP addresses. You need to ensure the iConnectAccess621
Management IP address and any statically-defined addresses are not within the DHCP start and end address ranges. The default Start IP address is
192.168.1.100.
This is the end of the DHCP Server IP address range. The default End IP is
192.168.1.200.
The Lease Time is the amount of time a LAN computer will hold the IP address. The IP Address will automatically renew after this time has elapsed. If the LAN computer does not renew the address after the lease period the lease information will be removed from the DHCP database. This database can be viewed under Tools> DHCP Clients. The lease time is in units of seconds; the default value is 604800 seconds (7 days).
Highlighting the Enable DHCP Relay radio button configures the iConnectAccess621 to forward the DHCP request to a remote DHCP server.
Enter the remote DHCP server address in the Relay IP field.
This will disable the iConnectAccess621’s DHCP server and relay functionality.
Click the appropriate link to move quickly to the services you wish to configure for the interface type.
The green radio buttons indicate the services running by default for the interface you are configuring.
www.opennw.com
23
iConnectAccess621
Technical Reference
Management IP
The Management IP area of the web interface allows you to configure the LAN IP
Address details for the iConnectAccess621.
NOTE:
If you change this address from the default, you will need to reconnect using your new IP Address.
To Change The iConnectAccess621 IP Address:
step 1
Follow steps 1 to 3 of the Accessing The LAN Configuration Screen
procedure. The following appears: step 2 step 3 step 4 step 5 step 6
Ensure the Use the following Static IP address radio button is highlighted, and in the area beneath the Use the following Static IP address field, enter the IP Address in the IP Address field as required.
Enter the netmask in the Netmask field as required.
Enter the default gateway as provided by your DSL Provider / ISP in the
Default Gateway field. This is optional.
Enter an alphanumeric Hostname in the Hostname field. This cannot contain spaces.
Enter the Domain Name in the Domain Name field. This cannot contain spaces.
www.opennw.com
24
step 7
iConnectAccess621
Technical Reference
NOTE:
The Domain Name is used in conjunction with the Hostname to identify the
iConnectAccess621 uniquely. To access the iConnectAccess621’s web pages
you can type the IP 192.168.1.254 or mygateway.ar7 in the web browser.
Using the Hostname in the browser requires the workstation to have its DNS server set to the iConnectAccess621.
Click Apply, then click Save / Restart Menu. The following appears: step 8
Click Save All to save the changes permanently.
See the table above for the LAN Group 1 Configuration fields and their definitions.
www.opennw.com
25
iConnectAccess621
Technical Reference
Wide Area Network (WAN) Setup
Before the router will pass any data between the LAN and WAN interfaces, the WAN side of the iConnectAccess621 must be configured. Depending on your DSL service provider or ISP, you will need some (or all) of the information outlined below before you can properly configure the WAN. The following table lists all DSL requirements:
DSL Requirement
Line
Comment
VPI and VCI
Encapsulation and Multiplexing
Training Mode
The VPI (Virtual Path Identifier) and the VCI (Virtual
Channel Identifier) define the virtual path settings for the
ADSL connection between you and your ISP. By default, these settings are pre-configured for 8/35 in your iConnectAccess621. If you wish to change them, please ensure you obtain the correct VPI/VCI setting details form your ISP.
For PPPoA, Static, Bridge, DHCP and CLIP authentication types, you may have to define the encapsulation parameters. The iConnectAccess621 has two options for encapsulation: LLC encapsulation and VCMux. The default encapsulation type for the iConnectAccess621 is
LLC. If you wish to change these settings, please ensure you obtain the correct encapsulation setting details form your ISP.
The default is MMODE, and this enables your iConnectAccess621 to tune into the ADSL services in
Australia automatically. Do not change this parameter.
PPPoA / PPPoE Requirement
Username
Password
Your username is required for authentication for your
Internet service.
Your username is required for authentication for your
Internet service.
Static Type Requirement
DSL Fixed Internet IP Address
Subnet Mask
Default Gateway
Primary DNS IP Address
The iConnectAccess621 supports the following connection types:
PPPoE
PPPoA
Bridged;
Static;
DHCP;
CLIP.
www.opennw.com
26
iConnectAccess621
Technical Reference
Connection Types
Your iConnectAccess621 can support up to eight unique virtual connections to different destinations, all using the same bandwidth simultaneously. If you have multiple virtual connections, you may need to utilize the static and dynamic routing capabilities of the router to pass data correctly.
PPPoE Connection Type Set Up:
Computers connected to the Internet via ADSL do so through an Ethernet link. As such, plain TCP/IP has been used, with no additional protocols. PPP (Point-to-Point Protocol) provides secure login, and traffic metering among other advanced features. PPPoE
(PPP over Ethernet) was designed to bring the security and metering benefits of PPP to
Ethernet connections such as DSL.
PPPoE allows ADSL users to be authenticated by the ISP’s Radius authentication systems. Most broadband connections are Ethernet, hence Point-to-Point Protocol over
Ethernet. It also allows for ISPs to provide multiple services over multiple PPP sessions, ie, rated services, broadband specific content (movies, etc.), metered services, etc.
To Configure PPPoE:
From any screen in the web interface, step 1 step 2
Click Setup.
From the WAN Setup menu, click New Connection.
The default PPPoE Connection Setup screen appears.
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
step 3
From the Type drop-down list, select PPPoE. The following is displayed: step 4 step 5
Enter a unique name for your PPPoE connection in the Name field. The name must not have spaces and cannot begin with numbers.
Check the NAT and Firewall checkboxes beside the Options field.
www.opennw.com
27
step 6 step 7 step 8 step 9
iConnectAccess621
Technical Reference
Enter your DSL Provider / ISP username and password in the Username and Password fields.
Enter the DSL Provider / ISP-provided VPI and VCI settings.
Click Connect.
Click Apply, then click Save / Restart Menu. The following appears: step 10
Click Save All to save the changes permanently.
www.opennw.com
28
iConnectAccess621
Technical Reference
The following table lists the PPPoE Connection type fields and describes each of the options:
Field
NAT
Firewall (SPI)
Username
Password
On-Demand
Idle Timeout
Keep Alive
Authentication
MTU
VPI
VCI
QoS
LAN
Default Gateway
Debug
Connect
Disconnect
Description
Network Address Translation is a feature that enables you to use private IP addresses on your computer or your LAN. This is set to Enabled by default for standard operation.
Check this checkbox to monitor traffic passing between your LAN and the outside world on this connection, to prevent security breaches. This is set to
Enabled by default for standard operation.
The Username for your ISP account.
The Password for your ISP account.
If selected, this enables on-demand connectivity to the Internet. The connection is activated when traffic from the LAN is generated. This is unchecked by default.
This specifies that the PPPoE connection should disconnect if the link detects no activity for x seconds. If you wish to ensure the link remains always connected, enter 0 in this field. This option will only be available when the On-Demand option is checked.
When the On-Demand option is disabled, this value specifies the time to wait without connection to your provider before terminating the connection. If you wish to ensure the link remains always active, enter 0 in this field. This is set to
0 by default.
This defines the authentication protocol for your ISP. This is set to Auto by default.
Enter the Maximum Transmission Unit for the DSL connection. The default value is set to 1492.
The VPI (Virtual Path Identifier) defines the virtual path settings for the ADSL connection between you and your ISP. The value entered here must be supported by your ISP.
The VCI (Virtual Channel Identifier) defines the virtual channel settings for the
ADSL connection between you and your ISP. The VCI value entered here must be supported by your ISP.
QoS defines the iConnectAccess621 capabilities that provide guarantee of performance such as traffic delivery priority, speed, latency, or latency variation.
Delivery of good-quality audio or video streams typically requires QoS capabilities. Three different Quality Of Service options are available in the iConnectAccess621: UBR, CBR and VBR. The QoS selected here must be supported by your ISP. By default this is set to UBR.
Select the LAN Group (as defined in the LAN Configuration screen) of which the
PPPoE connection will be part.
Check this checkbox to set this connection as the default gateway in the routing table.
Check this checkbox to enable PPP connection debugging facilities.
Click the Connect button to use the current settings to establish a PPP connection. Note that in On Demand mode the Connect button is disabled.
Click the Disconnect button to disconnect the PPP connection.
www.opennw.com
29
iConnectAccess621
Technical Reference
PPPoA Connection Type Set Up:
PPPOA or PPPoA, Point-to-Point Protocol (PPP) over ATM, is a network protocol for encapsulating PPP frames in ATM AAL5. It used mainly with ADSL services and is compliant with RFC 2364. PPP over ATM adaptation layer 5 (AAL5) – PPPoA uses
AAL5 as the framed protocol, which supports both PVC and SVC.
PPPoA was primarily implemented to support PPP sessions over the ADSL network. It relies on RFC1483, operating in either Logical Link Control-Subnetwork Access Protocol
(LLC-SNAP) or VC-Mux mode. A Customer Premises Equipment (CPE) device, normally an ADSL modem, encapsulates the PPP sessions for transport across the ADSL network and the Digital Subscriber Line Access Multiplexer (DSLAM).
It offers standard PPP features such as authentication, encryption, and compression.
To Configure The iConnectAccess621 For PPPoA:
From any screen in the web interface, step 1 step 2
Click Setup.
Under the WAN Setup menu, click New Connection.
The default PPPoE Connection type screen appears.
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
step 3
From the Type drop-down list select PPPoA. The following appears: step 4 step 5 step 6 step 7
Check the NAT and Firewall checkboxes beside the Options field.
Enter a unique name for the PPPoA connection in the Name field. The name must not have spaces and cannot begin with numbers.
Select the encapsulation type (LLC or VC) by highlighting the appropriate radio button. If you are not sure leave this set to the default.
Enter your DSL Provider / ISP username and password in the Username and Password fields.
www.opennw.com
30
iConnectAccess621
Technical Reference
step 8
Enter the VPI and VCI settings as supplied by your DSL service provider /
ISP.
step 9
Click Connect. step 10
Click Apply then click Save / Restart Menu. The following appears: step 11
Click Save All to save the changes permanently.
The following table lists the PPPoA Connection Set Up screen fields and describes each of the options:
Field
NAT
Firewall
Encapsulation
Username
Password
On-Demand
Idle Timeout
Keep Alive
Description
Network Address Translation is a feature that enables you to use private IP addresses on your computer or LAN. This is set to Enabled by default for standard operation.
Check this checkbox to monitor traffic passing between your LAN and the outside world on this connection, to prevent security breaches. This is set to
Enabled by default for standard operation.
LLC and VC are two different methods of encapsulating multiple sessions.
This is set to LLC by default.
LLC
VC
With LLC encapsulation, a link control header is added to the
Ethernet packet that identifies the protocol type (Ethernet). This allows multiple protocols to be transmitted over the ATM Virtual
Circuit.
With VC Multiplexing, no link control header is needed as the ATM
Virtual Circuit is assumed to be carrying a single protocol
The username for your ISP account.
The password for your ISP account.
If selected, this enables on-demand connectivity to the Internet. The connection is activated when traffic from the LAN is generated. This is unchecked by default.
This specifies that the PPPoE connection should disconnect if the link detects no activity for x seconds. If you wish to ensure the link remains always connected, enter 0 in this field. This option will only be available when the On-
Demand option is checked.
When the On-Demand option is disabled, this value specifies the time to wait without connection to your provider before terminating the connection. If you wish to ensure the link remains always active, enter 0 in this field. This is set to
0 by default.
www.opennw.com
31
Field
Authentication
MTU
VPI
VCI
QoS
LAN
Default Gateway
Debug
Connect
Disconnect
iConnectAccess621
Technical Reference
Description
This defines the authentication protocol for your ISP. This is set to Auto by default.
Enter the Maximum Transmission Unit for the DSL connection. The default value is set to 1500.
The VPI (Virtual Path Identifier) defines the virtual path settings for the ADSL connection between you and your ISP. The VPI value entered here must be supported by your ISP.
The VCI (Virtual Channel Identifier) defines the virtual channel settings for the
ADSL connection between you and your ISP. The VCI value entered here must be supported by your ISP.
QoS defines iConnectAccess621 capabilities that provide guarantee of performance such as traffic delivery priority, speed, latency, or latency variation. Delivery of good-quality audio or video streams typically requires
QoS capabilities. Three different Quality Of Service options are available in the iConnectAccess621. These are UBR, CBR and VBR. The QoS selected here must be supported by your ISP. By default this is set to UBR.
Select the LAN Group (as defined in the LAN Configuration screen) of which the PPPoA connection will be part.
Check this checkbox to set this connection as the default gateway in the routing table.
Check this checkbox to enable PPP connection debugging facilities.
Click the Connect button to use the current settings to establish a PPP connection. Note that in On Demand mode the Connect button is disabled.
Click the Disconnect button to disconnect the PPP connection.
www.opennw.com
32
iConnectAccess621
Technical Reference
Bridged Connection Type Set Up:
In Bridged mode, Ethernet frames are bridged over ATM Virtual Circuits. The Ethernet frames are encapsulated using either LLC Encapsulation or VC Multiplexing. Since the
Ethernet packets are bridged, the router’s only functionality is to pass the Ethernet packets to and from the Internet Service Provider and the local network. The IP addresses of the local network are assigned by the ISP either statically or dynamically.
In this setting, NAT and firewall rules are disabled. This connection method makes the iConnectAccess621 act as a transparent hub, and passes packets across from the WAN interface to the LAN interface transparently.
If your ISP provides a bridged service, this is the type that you should select.
To Configure The iConnectAccess621 As A Bridge:
From any screen in the web interface, step 1 step 2
Click the Setup tab.
Under the WAN Setup menu item, click New Connection.
The default PPPoE connection set up is displayed.
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open the connection and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values unless sharing is enabled.
step 3
From the Type drop-down list, select Bridge. The following screen appears: step 4
Enter a unique name for the connection type in the Name field.
NOTE:
The Name must not contain spaces or begin with numbers. step 5 step 6
Highlight either the LLC or VC radio button, depending on the encapsulation type for your configuration. If you are not sure, leave this as the default.
Enter the VPI and VCI settings as supplied to you by your DSL Provider /
ISP.
www.opennw.com
33
step 7 step 8
iConnectAccess621
Technical Reference
From the QoS drop-down list, select the quality of service. Leave the default value if you are unsure of this.
Click Apply.
NOTE:
If you have added a Bridged connection and need to edit it, once you make a change and click the Apply button and DHCP is enabled, the following warning message may appear.
step 9
Click OK and follow the instructions below to disable the DHCP server.
NOTE:
Configuration screen, highlight the Server and Relay Off radio button, then click
Apply. You will then need to complete steps 11 and 12 below.
step 10
From the Bridged Connection Setup screen, click the Save / Restart Menu link. The following appears: step 11
Click Save All to save the changes permanently.
www.opennw.com
34
iConnectAccess621
Technical Reference
The following table lists the Bridged Connection Setup screen fields and their definitions:
Field
Encapsulation
VPI
VCI
QoS
Description
LLC and VC are two different methods of encapsulating multiple sessions. This is set to LLC by default.
LLC
With LLC encapsulation, a link control header is added to the Ethernet packet that identifies the protocol type (Ethernet). This allows multiple protocols to be transmitted over the ATM Virtual Circuit.
VC
With VC Multiplexing, no link control header is needed as the ATM Virtual
Circuit is assumed to be carrying a single protocol.
The VPI (Virtual Path Identifier) defines the virtual path settings for the ADSL connection between you and your ISP. The VPI value entered here must be supported by your ISP.
The VCI (Virtual Channel Identifier) defines the virtual channel settings for the ADSL connection between you and your ISP. The VCI value entered here must be supported by your ISP.
QoS defines iConnectAccess621 capabilities that provide guarantee of performance such as traffic delivery priority, speed, latency, or latency variation. Delivery of goodquality audio or video streams typically requires QoS capabilities. There are three different quality of service options available in the iConnectAccess621. These are
UBR, CBR and VBR. The QoS selected here must be supported by your ISP. By default this is set to UBR.
www.opennw.com
35
iConnectAccess621
Technical Reference
Static Connection Type Set Up:
A Static Connection type is used whenever a known static IP address is assigned. The accompanying information such as the Subnet Mask and the Gateway should also be specified. Up to three Domain Name Server (DNS) addresses can also be specified.
These servers would enable you to have access to other web servers. The valid IP
Address range is from 0.0.0.0 to 255.255.255.255.
Static Connection Configuration:
From any screen in the web interface, step 1
Click Setup , then click New Connection from the WAN Setup menu.
The default PPPoE Connection Setup screen appears.
step 2
From the Type drop-down list, select Static. The following appears:
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
step 3
Enter a unique name for your static connection in the Name field. The name must not have spaces and cannot begin with numbers.
step 4
You can also enable Network Address Translation (NAT) and the Firewall options. If you are unsure, leave these in the default mode. step 5
Select the encapsulation type (LLC or VC) by highlighting the appropriate radio button. If you are unsure leave the setting as default.
step 6 step 7
Enter the VPI and VCI settings as provided by DSL service provider / ISP.
In the IP Address field, enter your assigned IP address based on the information provided by your DSL Provider / ISP.
step 8
In the Mask field enter the Subnet Mask based on the details provided by your DSL Provider / ISP.
step 9
In the Default Gateway field enter the Default Gateway based on the information provided by your DSL Provider / ISP (if provided).
step 10
In the DNS 1 and 2 fields, enter the Domain Name Services (DNS) values based on the information provided by your DSL Provider / ISP (if provided). step 11
In the Mode field, highlight the required connection type radio button as appropriate. The options are Bridged and Routed.
www.opennw.com
36
iConnectAccess621
Technical Reference
step 12
Click the Apply button, then the Save / Restart Menu link. The following appears: step 13
Click Save All to save the changes permanently.
The following table lists the Static Connection Setup screen fields and their definitions:
Field
NAT
Firewall (SPI)
Encapsulation
IP Address
Mask
Default Gateway
DNS 1 – DNS 3
Mode
PVC
VPI
VCI
Description
Network Address Translation is a feature that enables you to use private IP addresses on your computer or your LAN. This is set to Enabled by default for standard operation.
Check this checkbox to monitor traffic passing between your LAN and the outside world on this connection, to prevent security breaches. This is set to
Enabled by default for standard operation.
LLC and VC are two different methods of encapsulating multiple sessions.
This is set to LLC by default.
LLC
With LLC encapsulation, a link control header is added to the
Ethernet packet that identifies the protocol type (Ethernet). This allows multiple protocols to be transmitted over the ATM Virtual
Circuit.
VC
With VC Multiplexing, no link control header is needed as the ATM
Virtual Circuit is assumed to be carrying a single protocol
This is the static IP that will be assigned to the WAN interface of the iConnectAccess621. This will be provided by your ISP.
A mask used to determine to which the subnet an IP address belongs. This is the Subnet Mask that will be assigned to the WAN interface of the iConnectAccess621. This will be provided by your ISP.
The default gateway is a host to which local computers send data that is destined for a non-local machine. On the iConnectAccess621, configure the default gateway address here to reach all computers that are not on the same local IP subnet.
DNS service is used to translate a Domain Name into a corresponding IP address. The DNS server name should be obtained from your ISP.
Routed or Bridged mode can be selected here.
Select a PVC from the drop-down list.
The VPI (Virtual Path Identifier) defines the virtual path settings for the ADSL connection between you and your ISP. The VPI value entered here must be supported by your ISP.
The VCI (Virtual Channel Identifier) defines the virtual channel settings for the ADSL connection between you and your ISP. The VCI value entered www.opennw.com
37
Field
QoS
iConnectAccess621
Technical Reference
Description
the ADSL connection between you and your ISP. The VCI value entered here must be supported by your ISP.
QoS defines the iConnectAccess621 capabilities that provide guarantee of performance such as traffic delivery priority, speed, latency, or latency variation. Delivery of good-quality audio or video streams typically requires
QoS capabilities. Three different quality of service options are available in the iConnectAccess621. These are UBR, CBR and VBR. The QoS selected here must be supported by your ISP. By default this is set to UBR.
www.opennw.com
38
iConnectAccess621
Technical Reference
DHCP Connection Type Set Up:
Dynamic Host Configuration Protocol (DHCP) allows the iConnectAccess621 to obtain an
IP address automatically from the server. With dynamic addressing, a device may have a different IP address every time it connects to the network. This is not commonly used in Australia. Before configuration, please check with your DSL Provider / ISP to ensure that this mode is supported.
To Configure The iConnectAccess621 For A DHCP Connection:
From any screen in the web interface, step 1 step 2
Click Setup.
From the WAN Setup menu, click New Connection.
The default PPPoE Connection Setup screen is displayed.
step 3
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
From the Type drop-down list select DHCP. The following appears: step 4 step 5 step 6 step 7 step 8
Enter a unique name for the DHCP Connection in the Name field. The name must not have spaces and cannot begin with numbers.
In the Options area of the screen, leave the NAT and Firewall checkboxes as default. (ie, checked.)
Select the encapsulation type (LLC or VC) by highlighting the appropriate radio button. If you are unsure leave the setting as default.
Enter the VPI and VCI settings as provided by your DSL Provider / ISP.
If your DSL line is connected and your DSL/ISP provider supports DHCP, click the Renew button to retrieve an IP address, Subnet mask, and
Gateway address. www.opennw.com
39
step 9
iConnectAccess621
Technical Reference
NOTE:
You can renew the DHCP address at any time by clicking Renew.
However, in most cases you will never need to use this button as the process runs automatically.
Click the Apply button, then click the Save / Restart Menu link. The following appears: step 10
Click Save All to save the changes permanently.
The following table lists the DHCP Connection Setup screen fields and their definitions:
Field
NAT
Firewall
Encapsulation
Default Gateway
Renew
Release
PVC
VPI
Description
Network Address Translation is a feature that enables you to use private IP addresses on your computer or your LAN. This is set to Enabled by default for standard operation.
Check this checkbox to monitor traffic passing between your LAN and the outside world on this connection, to prevent security breaches. This is set to
Enabled by default for standard operation.
LLC and VC are two different methods of encapsulating multiple sessions.
This is set to LLC by default.
LLC
With LLC encapsulation, a link control header is added to the
Ethernet packet that identifies the protocol type (Ethernet). This allows multiple protocols to be transmitted over the ATM Virtual
Circuit.
VC
With VC Multiplexing, no link control header is needed as the ATM
Virtual Circuit is assumed to be carrying a single protocol.
Check this checkbox to set this connection as the default gateway in the routing table.
Sometimes it becomes necessary to get a new IP address or update DHCP options sent by a DHCP server. Pressing this button will renew the DHCP lease.
Clicking this button will release the current network settings from the iConnectAccess621.
Select a PVC from the drop-down list.
The VPI (Virtual Path Identifier) defines the virtual path settings for the ADSL connection between you and your ISP. The VPI value entered here must be supported by your ISP.
www.opennw.com
40
Field
VCI
QoS
iConnectAccess621
Technical Reference
Description
The VCI (Virtual Channel Identifier) defines the virtual channel settings for the ADSL connection between you and your ISP. The VCI value entered here must be supported by your ISP.
QoS defines iConnectAccess621 capabilities that provide guarantee of performance such as traffic delivery priority, speed, latency, or latency variation. Delivery of good-quality audio or video streams typically requires
QoS capabilities. Three different quality of service options are available in the iConnectAccess621. These are UBR, CBR and VBR. The QoS selected here must be supported by your ISP. By default this is set to UBR.
www.opennw.com
41
iConnectAccess621
Technical Reference
Classical IP Over ATM (CLIP) Connection Set Up
Classical IP over ATM (CLIP), (defined in RFC1577) provides the ability to transmit IP packets over an ATM network, CLIP support will encapsulate IP in an AAL5 packet data unit (PDU) frame using RFC1577and it utilizes an ATM aware version of the ARP protocol.
To Configure The iConnectAccess621 For A CLIP Connection:
From any screen in the web interface, step 1
Click Setup.
step 2
From the WAN Setup menu, click New Connection.
The default PPPoE Connection Setup screen appears.
step 3
From the Type drop-down list select CLIP. The following appears:
NOTE:
If you need to use the VPI and VCI values in an existing connection, you will need to open it and edit the setting. It is not possible to have more than one connection using the same VPI/VCI values.
step 4
Enter a unique name for the CLIP connection in the Name field. The name must not have spaces and cannot begin with numbers.
step 5 step 6 step 7
Leave the NAT and Firewall options as the default settings. (ie, checked.)
Enter the VPI and VCI settings as provided by your DSL Provider / ISP.
From the Quality of Service (QoS) drop-down list, select the QoS required, or if you are uncertain, leave the default value. step 8
Enter the CLIP Settings, including IP Address, Mask and Default Gateway as provided by your DSL Provider / ISP.
step 9
Leave the ARP Server address as the default, unless advised by your DSL
Provider / ISP.
step 10
Click the Apply button, then click the Save / Restart Menu link. The following appears: www.opennw.com
42
iConnectAccess621
Technical Reference
step 11
Click Save All to save the changes permanently.
www.opennw.com
43
iConnectAccess621
Technical Reference
Modify An Existing Connection
To Modify An Existing Connection:
From any web interface screen,
Click Setup, then click the connection you wish to modify. The connections are listed as their unique names.
Edit as applicable and click Apply, or if you are deleting the entry, click
Delete
, then click Save / Restart Menu. The following appears:
Click Save All to save the changes permanently.
www.opennw.com
44
iConnectAccess621
Technical Reference
Modem Set Up
To Configure The DSL Modem Type:
From any web interface screen, step 1 step 2
Click Setup.
Under the WAN Setup menu, select Modem. The screen below appears.
Leave the default setting if you are unsure of this value.
step 3
NOTE:
The iConnectAccess621 is pre-configured to detect the ADSL modulation standard automatically. In most cases, this screen should not be modified.
Click the Apply button, then click the Save / Restart Menu link. The following appears: step 4
Click Save All to save the changes permanently.
www.opennw.com
45
iConnectAccess621
Technical Reference
The following table lists the ADSL Handshake screen fields and their definitions:
Field
T1413
GDMT
GLITE
MMODE
ADSL
ADSL2Plus
Description
ANSI T1.413-1998
G.dmt (G.992.1)
G.lite (G.992.2)
Multi-Mode (the modulation is automatically detected)
Asymmetric Digital Subscriber Line has the ability to transmit data at high speeds over a phone line while remaining available for (voice) phone use.
ADSL delivering speeds up to 24Mbps.
www.opennw.com
46
iConnectAccess621
Technical Reference
Advanced Tab
The iConnectAccess621 supports a host of advanced networking and routing features including security, port configuration, and plug and play capability.
UPnP
Universal Plug and Play is a networking architecture that provides compatibility among networking equipment, software and peripherals such as games consoles, digital cameras, and other systems that connect by TCP/IP. It can be supported on any operating system, and boasts device-driver independence and zero-configuration networking.
To Enable UPnP:
NOTE:
Before enabling UPnP, ensure that you have a WAN connection configured.
From any web interface screen, step 1
Click Advanced, then UPnP. The following appears: www.opennw.com
47
step 3 step 4 step 5 step 6
iConnectAccess621
Technical Reference
Check the Enable UPnP checkbox.
Select the required WAN Connection by highlighting the appropriate item from the drop-down list.
From the LAN Connection drop-down list, select the LAN connection as appropriate.
Click the Apply button, then click the Save / Restart Menu link. The following appears: step 7
Click Save All to save the changes permanently.
The following table lists the UPnP screen fields and their definitions:
Field
Enable UPNP
WAN Connection
LAN Connection
Description
Universal Plug and Play (UPnP) is a standard that uses Internet and Web protocols to enable the iConnectAccess621 to be plugged into a network and automatically know about each other. With UPnP enabled, when a user plugs the iConnectAccess621 into the network, the device will configure itself, acquire a TCP/IP address, and use a discovery protocol based on the Internet's
Hypertext Transfer Protocol (HTTP) to announce its presence on the network to other devices. This is set to Disabled by default in the iConnectAccess621.
Select the WAN connection from thedrop-down list of configured WAN connections.
Select the LAN connection from the drop-down list of available LAN Group connections.
NOTE:
UPnP can only be enabled on a saved Configuration File.
www.opennw.com
48
iConnectAccess621
Technical Reference
SNTP
Simple Time Network Protocol ensures that computer clock times can be synchronised in a network of computers to the millisecond.
To Configure SNTP For The iConnectAccess621:
From any web interface screen, step 1
Click Advanced, then SNTP. The following appears: step 2 step 3
Click the Enable SNTP checkbox.
Enter a primary SNTP Server address as required in the Primary SNTP
Server field.
step 4
Repeat step 3 for the Secondary and Tertiary SNTP Server addresses as required.
step 5 step 6 step 7
Enter a timeout limit (in seconds) in the Timeout field.
Enter a Polling Interval limit (in minutes) in the Polling Interval field.
Enter the number of times to retry connecting to the server in the Retry
Count field.
step 8
From the Time Zone drop-down list, select the time zone in which the router is operating.
step 9
Check the Day Light checkbox to activate daylight savings time.
step 10
Click the Apply button, then click Save / Restart Menu from the menu list.
The following appears: www.opennw.com
49
iConnectAccess621
Technical Reference
step 11
Click Save All to save the changes permanently.
The following table lists the SNTP screen fields and their definitions:
Field
Enable SNTP
Primary SNTP Server
Secondary SNTP Server
Tertiary SNTP Server
Timeout
Polling Interval
Retry Count
Time Zone
Day Light
Description
Check this checkbox to enable the 621 to synchronise its system time to an external time source.
The IP Address or fully qualified name of the time source.
The IP Address or fully qualified name of a backup time source.
The IP Address or fully qualified name of a backup time source.
Time in seconds that the 621 will wait for an SNTP server to respond.
Polling period in minutes that the 621 checks time with the
SNTP server.
Number of retries before a backup server is polled.
Select the time zone in which your network is operating from this drop-down list.
Check the Day Light to activate daylight savings time.
www.opennw.com
50
iConnectAccess621
Technical Reference
SNMP
SNMP stands for Simple Network Management Protocol. It is used to monitor the state of the network remotely, collecting information about Internet traffic events and device status and storing these in a database. For example, SNMP can be used to monitor the amount of traffic passing through the network.
To Configure SNMP Details:
From any web interface screen, step 1
Click Advanced, then SNMP. The following appears: step 2 step 3 step 4 step 5 step 6 step 7
Check the Enable SNMP Agent and SNMP Traps checkboxes.
Enter a name for the device in the Name field.
Enter the vendor’s location in the Location field.
Enter a contact for the vendor in the Contact field.
Enter a community name in the Name field in the Community area of the screen, for Read-Only access. The default is Public.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
51
iConnectAccess621
Technical Reference
step 8
Click Save All to save the changes permanently.
The following table lists the SNMP Management screen fields and their definitions:
Field
Enable SNMP Agent
Enable SNMP Traps
Traps Destination IP
Trap Community
Trap Version
SNMP Management (Name,
Location, Contact)
Community Name and
Access Rights
Description
Check this checkbox to enable SNMP (Simple Network Management
Protocol) on this device. Enter the SNMP settings in the Community area of the screen.
Check this checkbox to enable the SNMP trap service. Enter the
SNMP trap settings in the Traps area of the screen.
Enter the Destination Address of the host to receive the SNMP traps.
Enter the Community name in this field. This should match the community name on the server receiving the traps.
Select the version of SNMP to use from this drop-down list.
Enter details specific for this device in the Name, Location and Contact fields.
The SNMP Read-Only Community string is like a User-ID or Password that allows access to the router’s statistics.
SNMP Read-Write Community String allows a remote device to read information from a device, and to modify settings on that device. If using SNMP Read-Write do not leave this password at the default.
www.opennw.com
52
iConnectAccess621
Technical Reference
IP QoS
Before attempting to configure IP QoS, you will need a good understanding of the TCP/IP protocol and ports.
The IP Quality Of Service (QoS) queues data streams to ensure that basic connectivity is maintained when running multiple services over one connection. For example, if you are using a peer-to-peer file-sharing program whilst simultaneously performing normal web browsing, you can configure QoS to limit the resources dedicated to the peer-to-peer session to ensure web browser connectivity. IP QoS is often critical to maintain VoIP session quality.
IP QoS services in the iConnectAccess621 are applicable to the output device (LAN side). This means that the IP QoS is associated with any transmitted traffic from the iConnectAccess621. Each output device has three priority queues associated with transmit data. The High priority queue has strict priority over medium and low priority queues. The Medium and Low priority queues are serviced on a round robin priority basis according to the configured weights (WRR), after the High priority queue has been completely serviced.
NOTE:
If IP QoS is enabled and no rules are defined, a default rule is added which is hidden. The default rule places all traffic to be transmitted in the
Low priority queue.
To Configure IP QoS:
From any web interface screen, step 1
Click Advanced, then IP QoS. The following screen appears: step 3 step 4 step 5 step 6 step 7 step 8
Select a WAN connection to enable IP QoS for the modem’s upstream traffic, or choose a LAN connection (Ethernet and USB Bridged) for the downstream traffic, from the Choose a connection drop-down list.
Select a percentage from the Low priority weight drop-down list.
Select a percentage from the Medium priority weight drop-down list.
If you wish to enable IP QoS, check the Enable IPQoS checkbox.
If you wish to enable trusted mode, check the Trusted Mode checkbox.
Click Apply then click Save / Restart Menu. The following appears: www.opennw.com
53
iConnectAccess621
Technical Reference
step 9
Click Save All to save the changes permanently.
The following table lists the IP QoS screen fields and their definitions:
Field
Choose a
Connection
Low Priority Weight /
Medium Priority
Weight
Enable IP QoS
Trusted Mode
Description
This lists the connection names that are configured on the iConnectAccess621.
Select a WAN or LAN connection here.
These two fields allow you to select the weights of the Medium and Low Priority queues in increments of 10 percent, so that the sum of the weights is 100 percent.
Check /uncheck this checkbox to enable / disable IP QoS for the selected connection.
The iConnectAccess621 has two primary modes of operation: Trusted and
Untrusted.
Trusted: In Trusted mode, all the rules will be applied first, regardless of the
Type Of Service (TOS) bit setting. (After the rules have been exhausted, the existing TOS bit settings will be honoured.)
Untrusted: Untrusted Mode matches first against all rules, as in Trusted Mode.
If there is no match, then a default rule will be used. The queuing priority of the default rule is Low.
www.opennw.com
54
iConnectAccess621
Technical Reference
To Define IP QoS Traffic Rules:
The IP QoS page appears when you click the Add button in the QoS Setup screen.
When setting rules, each rule is a matching criterion that identifies the application traffic to be transmitted by the iConnectAccess621 using one of the three priority queues –
High, Medium or Low.
step 1
From the IP QoS screen, click Add to define the IP QoS traffic rules. The following screen appears: step 2 step 3 step 4 step 5 step 6 step 7
Enter a rule name in the Rule Name field.
Identify the traffic by source and destination IP address and ports.
Select the protocol from the Protocol drop-down list. The options are: TCP,
UDP, ICMP or ANY.
Select the priority queue in which the identified traffic will be placed, from the
Traffic Priority drop-down list. The options are: Low, Medium, or High.
If you wish to set the TOS bit, select it from the TOS Marking drop-down list.
Click Apply, then click Save / Restart Menu. The following appears: step 8
Click Save All to save the changes permanently.
www.opennw.com
55
iConnectAccess621
Technical Reference
The following table lists the IP QoS Traffic Rule screen fields and their definitions:
Field
Rule Name
Source IP
Source Netmask
Source Start Port /Source
End Port
Destination IP
Destination Netmask
Destination Start Port
Destination End Port
Protocol
Traffic Priority
Normal Service
TOS Marking
Description
This lists the connection names that are configured in the iConnectAccess621.
The IP address of the device that is the sending the information.
The Network Mask of the device that is sending the information.
The port number/port range of device that is sending the information on.
The port range must be between 1 – 65535.
The IP address of the device that is the receiving the information.
The Network Mask of the device that is receiving the information.
The port number/port range of device that is receiving the information on.
The port range must be between 1 – 65535.
Select the protocol for your traffic. The options are: TCP, UDP, ICMP or
ANY.
This is the priority for the source traffic. The options are: Low, Medium or High for the selected traffic.
The additional TOS marking field allows you to assign a Type Of Service
(TOS) value to this traffic. The values for the TOS marking are: No
Change, Normal Service, Minimise Monetary Cost, Maximise Reliability,
Maximise Throughput and Minimise Delay.
www.opennw.com
56
iConnectAccess621
Technical Reference
LAN Clients
If DHCP is used, all current DHCP clients are automatically registered in the LAN Client database. However, if a Static IP Address is used on a LAN device and you need this to be visible via the WAN, you must add its IP address to the LAN Clients list. Once the IP address has been added you will be able to apply Port Forwarding, IP Filtering and QoS rules to it.
To Add A LAN Client:
From any web interface screen, step 1
Click Advanced, then LAN Clients. The following screen appears: step 2 step 3 step 4
Enter the LAN IP Address in the Enter IP Address field.
Enter the LAN’s hostname in the Hostname field if required.
Click Apply, then click Save / Restart Menu. The following appears: step 5
Click Save All to save the changes permanently.
www.opennw.com
57
iConnectAccess621
Technical Reference
NOTE:
Once the IP Address has been added you are now able to apply Port
Forwarding and Access Control rules to it.
The following table lists the LAN Clients screen fields and their definitions:
Field
Select LAN Connection:
Enter IP Address
Hostname
Description
The LAN group to which you are adding the new LAN client.
IP address of the server/host that you want to use for port forwarding or access control must be defined here.
An optional hostname can be assigned to the above address.
LAN Isolation
If a LAN interface is added to each LAN group in the LAN Configuration area, then the communications between the two groups can be disabled. Both groups will still have access to the Internet.
From any web interface screen, step 1
Click Advanced, then LAN Isolation. The following appears: step 2 step 3
Check the Disable traffic between LAN group 1 and LAN group 2 checkbox.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
58
iConnectAccess621
Technical Reference
step 4
Click Save All to save the changes permanently.
Bridge Filters
The Bridge filtering mechanism enables users to define rules which allow/deny access through the iConnectAccess621, via the hardware (MAC Address) of network devices.
The User Interface for Bridge Filter allows the following functionality:
Adding/Editing/Deleting filter rules;
Enabling filter rules.
To Enable Bridge Filters:
The Enable Bridge Filters checkbox allows the user to enable or disable Bridge filtering.
It can be checked / unchecked during any editing operation. It can also be set/unset independently by just pressing the Apply button.
From any web interface screen, step 1
Click Advanced
, then Bridge Filters. The following screen appears: step 2 step 3 step 4
Check the Enable Bridge Filters checkbox,
Check the Enable Bridge Filter Management Interface checkbox, then click
Apply. You can now select the bridge filter management interface from the
Bridge Filter Management Interface drop-down list.
If more than one LAN group has been created, select the LAN group filter to www.opennw.com
59
step 5 step 6 step 7 step 8
iConnectAccess621
Technical Reference
which the filter rules are to be applied.
Enter the source MAC address in the Src MAC field.
Select the source Port from the Src Port drop-down list.
Enter the destination MAC address in the Destination MAC field.
Select the destination Port from the Dest Port drop-down list.
NOTE:
Entering 0s or blanks in the Source or Destination fields means ALL
MAC Addresses are specified.
step 9
Select the protocol to be used from the Protocol drop-down list.
step 10
Select the mode with desired filtering type from the Mode drop-down list.
The options are Allow or Deny.
step 11
Click Add.
step 12
Click Apply then click Save / Restart Menu. The following appears: step 13
Click Save All to save the changes permanently.
To Edit An Existing Filter Rule:
From the Bridge Filters screen, highlight the Edit radio button for the rule to be edited, from the list of existing filter rules.
The rule appears in the Enable Bridge Filters area of the screen.
Make the required change / s to the MAC Address, Protocol and Mode types, and click Apply.
To Delete Filter Rule(s):
Check the Delete checkbox beside the filter rule / s to be deleted.
NOTE:
Multiple deletions are possible by using the <Shift> key and clicking the
Delete checkboxes. The Select All checkbox can be used to delete all
filter rules quickly.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
60
iConnectAccess621
Technical Reference
Click Save All to save the changes permanently.
Hidden Bridge Filter Rules:
The Bridge filter table contains 3 hidden rules, which are entered automatically by the system to ensure you do not "lock" yourself out of the system. These include:
Any ARP frames are permitted to pass through the system.
All IPv4 frames with the destination MAC address of the bridge are permitted to pass through.
All IPv4 frames with the source MAC address of the bridge are permitted to pass through.
NOTE:
To locate the MAC Address of a Windows-based machine, type
ipconfig /all at a DOS prompt. www.opennw.com
61
iConnectAccess621
Technical Reference
Multicast
Multicasting is a form of limited broadcast. UDP is used to send datagrams to all hosts that belong to what is called a "host group." A host group is a set of one or more hosts identified by the same destination IP address. The following statements apply to host groups.
Anyone can join or leave a host group at will;
There are no restrictions on a host's location;
There are no restrictions on the number of members that may belong to a host group;
A host may belong to multiple host groups;
Non-group members may send UDP datagrams to the host group.
Multicasting is useful when data needs to be sent to more than one other device. For instance, if one device is responsible for acquiring data that many other devices need, then multicasting is a natural fit. Note that using multicasting as opposed to sending the same data to individual devices uses less network bandwidth.
To Enable Multicasting:
From any web interface screen, step 1
Click the Advanced tab, then Multicast. The following screen appears: step 3 step 4 step 5
Check and / or highlight the Enable IGMP Multicast checkbox.
From the Available Connections area of the screen, highlight the Select radio button for the connection required.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
62
iConnectAccess621
Technical Reference
step 6
Click Save All to save the changes permanently.
The following table lists the Multicast screen fields and their definitions:
Field
Enable IGMP Multicast
Select Available
Connections
Description
IP packets are transmitted in one of either two ways:
Unicast (1 sender to 1 recipient) or
Broadcast (1 sender to everybody on the network).
Multicast delivers IP packets to just a group of hosts on the network.
IGMP (Internet Group Multicast Protocol) is a session-layer (layer-3) protocol used to establish membership in a Multicast group. Checking this will enable the iConnectAccess621 to receive multicast traffic. Refer to RFC 1112 and RFC 2236 for information on IGMP versions 1 and 2 respectively.
Select the connection type here.
www.opennw.com
63
iConnectAccess621
Technical Reference
Static Routing
If the iConnectAccess621 is connected to more than one network, you may need to set up a static route between them. A static route is a pre-defined pathway down which network information must travel to reach a specific host or network. You can use static routing to allow different IP domain users to access the Internet through the iConnectAccess621.
To Enable Static Routing:
From any screen in the web interface, step 1
Click Advanced, then Static Routing. The following screen appears: step 2 step 3 step 4 step 5 step 6 step 7
From the Choose a connection drop-down list, select a connection type.
Enter the new destination IP for the remote LAN network or host to which you wish to assign a static route in the New Destination IP field.
Enter a subnet mask in the Mask field.
Enter the IP address of the near device to connection with the remote network or host in the Gateway field.
Enter a metric in the Metric field.
Click Apply then click Save / Restart Menu. The following appears: www.opennw.com
64
iConnectAccess621
Technical Reference
step 8
Click Save All to save the changes permanently.
The following table lists the Static Routing screen fields and their definitions:
Field Description
Choose a Connection
Choose the connection profile from the drop-down list.
New Destination IP
This is the destination network or Host IP to which packets will be sent.
Mask
Gateway
Metric
A mask used to determine the subnet to which an IP address belongs. This is the mask that determines the destination network.
This is the IP address of the next hop router in the path of the destination network. When a packet is ready to be sent to a destination, the iConnectAccess621 sends it on to the Gateway. The gateway examines the destination address in the header and passes the packet along to another router, chosen by a route-finding algorithm. A packet may go through 30 or more routers in its travels from one host computer to another. Because routes are dynamically updated, it is possible for different packets from a single session to take different routes to the destination.
Metric (hop count) is used to measure the distance between the source and a destination network. Each hop in a path from source to destination is assigned a hop count value, which is typically 1. www.opennw.com
65
iConnectAccess621
Technical Reference
Dynamic Routing
Using Routing Information Protocol (RIP), dynamic routing allows the iConnectAccess621 to adjust to physical changes in the network automatically. It determines the route through which the packets travel based on the fewest number of hops between the source and destination. RIP protocol regularly broadcasts routing information to other
Routers on the network.
To Enable Dynamic Routing:
From any web interface screen, step 1
Click Advanced, then Dynamic Routing. The following screen appears: step 2 step 3 step 4 step 5 step 6 step 7
Check the Enable RIP checkbox.
From the Protocol drop-down list, select the RIP version as appropriate.
Select the direction for the interface required from the Direction drop-down list.
Check / Uncheck the Enable Password checkbox as appropriate.
If you have checked the Enable Password checkbox, enter a password in the Password field.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
66
iConnectAccess621
Technical Reference
step 8
Click Save All to save the changes permanently.
The following table lists the Dynamic Routing screen fields and their definitions:
Field
Enable RIP
Protocol
Direction
Enable Password
Password
Description
This enables RIP routing on the iConnectAccess621 router.
There are two versions of RIP. RIP version 1 (v1) is defined in RFC 1058. RIP version 2 (v2) is defined in RFC 1723. Select between RIPv1, RIPv2 and RIPv1 compatible.
The protocol is dependent upon the entire network. Most networks support RIP v1. If RIP v1 is selected, routing data will be sent in RIP v1 format. If RIP V2 is selected, routing data will be sent in RIP v2 format using subnet broadcasting. If
RIP V1-Compatible is selected, routing data will be sent in RIP v2 format using multicasting.
The direction determines the means through which RIP routes will be updated.
Selecting In means that the iConnectAccess621 will only incorporate received
RIP information. Selecting Out means that the iConnectAccess621 will only send out RIP information.
Selecting Both means that the iConnectAccess621 will incorporate received RIP information and send out updated RIP information.
Simple password authentication for RIPv2 was defined in RFC 1723. If you intend to use password authentication you must enable your password here.
Type the RIPv2 authentication password here. Ensure that all routers are configured with this password for RIPv2 to work.
www.opennw.com
67
iConnectAccess621
Technical Reference
Firewall
In the presence of the firewall, anonymous Internet traffic is blocked. Using advanced security features, you can redirect this traffic to a dedicated computer on your local network Demilitarised Zone (DMZ) or open access from the Internet to the iConnectAccess621 management ports (web, Telnet). The iConnectAccess621’s firewall and NAT services (port forwarding, access control) can be disabled for all interfaces by unchecking the Enable Firewall and NAT Service checkboxes.
Port Forwarding
Using the Port Forwarding page, you can provide local services (for example web hosting) for people on the Internet, or play Internet games. When users send this type of request to your network via the Internet, the iConnectAccess621 will forward those requests to the appropriate computer. Port Forwarding can be used with DHCP-assigned addresses but remember that a DHCP address is dynamic (not static). For example, if you were configuring a Netmeeting server, you would want to assign this server a static
IP address so that the IP address is not reassigned. Also remember that if an Internet user is trying to access an Internet application, they must use the WAN IP address. Port forwarding will translate the WAN IP address into a LAN IP address.
Configuring Port Forwarding is a two-part process. Firstly you must ensure that you have a LAN IP Address configured in LAN Clients, and once you have completed this, you can then configure Port Forwarding.
www.opennw.com
68
iConnectAccess621
Technical Reference
To Configure Port Forwarding:
From any screen in the web interface, step 1
Click Advanced, then Port Forwarding. The following screen appears: step 2 step 3 step 4 step 5
From the WAN Connection drop-down list, select the connection type for which you wish to add the firewall rule.
From the Select LAN Group: drop-down list, select the LAN group for which you wish to add the firewall rule.
From the Select LAN Group: drop-down list, select the LAN group for which you wish to apply the rule.
From the LAN IP drop-down list, select the IP address for which you wish to apply the rule. If you wish to add a new LAN IP address, highlight the user
category and click New IP button, and follow the instructions in To Add A
NOTE:
It is recommended that Static IP Addresses rather than DHCP IP
Addresses be used for Port Forwarding.
step 6 step 7 step 8
In the Category area of the screen, highlight the appropriate category radio button. The Available Rules area displays common Internet services within the selected category. Rules for each service can be viewed by clicking the
View button.
To add a rule for this connection, highlight the service / application from the
Available Rules window, then click Add.
The rule then appears in the Applied Rules area of the screen.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
69
iConnectAccess621
Technical Reference
Field
WAN Connection
Select LAN Group
LAN IP
step 9
Click Save All to save the changes permanently.
The following table lists the Port Forwarding screen fields and their definitions:
Allow Incoming Ping
Description
This is the list of connections defined in the WAN Setup area of the interface.
Select the LAN Group that contains the IP Host on which you wish to enable Port
Forwarding from the drop-down list.
Ping is a protocol used mainly for monitoring the connectivity between IP devices.
Enabling this feature allows remote devices to use Ping to check connectivity to your device. You may need to enable this for monitoring purposes.
This is the server IP address to which the selected Ports are forwarded. It is recommended that you use a static IP address for Server. You will need to define
this in the LAN Clients screen. See To Add A LAN Client:
A number of pre-defined categories and rules are available here. E.g.: Web servers specifies the following port forwarding profile:
Category/Available Rules
Applied Rules
Custom Rules
To view the details of a pre-defined rule, click View.
This specifies the applied Port Forwarding rule for the selected WAN Connection and the LAN IP.
You can specify custom Port Forwarding rules by clicking the Custom Port
Forwarding link.
www.opennw.com
70
iConnectAccess621
Technical Reference
Custom Port Forwarding
step 1
From the Port Forwarding screen, click Custom Port Forwarding to define
Port Forwarding rules. The following screen appears: step 2 step 3 step 4
step 5 step 6 step 7 step 8
From the Connection: drop-down list, select the connection name for which you wish to set up port forwarding rules.
Enter a unique name for the rule in the Application field.
Identify the traffic by source and destination address and ports.
Use the IP Address 0.0.0.0 with a netmask of 0.0.0.0 in the Source Address if your IP Address is dynamically-assigned.
Select the protocol from the Protocol drop-down list. The options are: TCP,
UDP, ICMP or ANY.
Enter the Destination IP Address and Netmask of the server to which the traffic is being forwarded.
Enter the destination port map on which the server will respond, in the
Destination Port Map field.
Click Apply then click Save / Restart Menu. The following appears: www.opennw.com
71
iConnectAccess621
Technical Reference
step 9
Click Save All to save the changes permanently.
The following table lists the Custom Port Forwarding screen fields and their definitions:
Field
Connection
Enable
Protocol
Application
Source IP
Source Netmask
Destination IP
Destination Netmask
Destination Start Port
Destination End Port
Destination Port Map
Description
Select the name of the connection for which you wish to customise Port
Forwarding.
Check this checkbox to enable the customisation.
Select the protocol. The options are: TCP, UDP, ICMP or ANY.
Enter a unique name for the rule in this field.
The IP address of the WAN interface to be forwarded, or 0.0.0.0 if the address is dynamically-assigned.
The Network Mask of the WAN interface to be forwarded, or 0.0.0.0 if the address is dynamically-assigned.
The IP address of the device that is the receiving the traffic.
The Network Mask of the device that is receiving the traffic.
The port number/port range between which the traffic will arrive at the 621
WAN interface. The port range must be between 1 – 65535.
The port number on the LAN that is to receive the traffic.
Enable Incoming ICMP Ping
Enabling the Incoming Internet Control Message Protocol (ICMP) Ping will allow Echo requests to come into the gateway. The gateway will respond with an ICMP Echo response message. The option allows the DSL provider or ISP to determine the following:
The status of the network;
Tracking and isolating hardware and software problems;
Testing, measuring, and managing networks.
www.opennw.com
72
iConnectAccess621
Technical Reference
Access Control
The iConnectAccess621’s Access Control management feature opens access from the
Internet (WAN) or (LAN) to the router’s management ports (Web, Telnet, SSH, FTP,
TFTP, SNMP). Note that there are security risks associated with this action, and for this reason, remote management is restricted to computers on the network that are specified in the IP Access Control List. (This holds up to 16 IP Addresses.)
The Access Control List (ACL) provides a global enable / disable. If the ACL is disabled, the default behaviour (ie, Deny for WAN, and Accept for LAN, is enabled for all IP addresses) is enforced. If no IP Addresses are specified in the ACL, the ACL will act as if it is disabled until the first IP Address is added.
NOTE:
You must ensure that you add your own IP Address to the IP Access List, otherwise you could lock yourself out of the router. Should this occur and the setting is saved, you will need to perform a factory default reset, using the reset button.
To Enable Access Control:
From any screen in the web interface, step 1
Click Advanced, then click Access Control. The following appears: step 2
Check the Enable Access Control checkbox. The following warning message will appear. Click OK to continue.
step 3 step 4
Check the services you wish to enable on the LAN and WAN sides.
To allow all IP Addresses highlight the Allow All radio button. If you wish to allow a single IP Address in the Access Control List, highlight the Select IP www.opennw.com
73
step 5 step 6
iConnectAccess621
Technical Reference
Range radio button, and enter an IP Address range in the Start IP Address field for which services on the WAN and LAN sides are to be allowed. If you wish to enter a range of IP Addresses in the Access Control List, enter the start and end IP Addresses in the Start IP Address and End IP Address fields.
Check the Add checkbox.
Click Apply then the Save / Restart Menu link. The following appears: step 7
Click Save All to save the changes permanently.
The following table lists the Access Control screen fields and their definitions:
Field
Enable Access Control
Service Name (WAN / LAN)
IP Access List
New IP Address
Add
Delete
Description
Global Enable / Disable that enables or disables the ACL.
Services that can be opened on the LAN and WAN sides of the iConnectAccess621. The options are: Telnet, Web, FTP,
TFTP, SNMP. Select as many as required.
List of allowed IP Addresses.
Specify the new management host IP Address.
Once you have specified the new management host IP
Address, check the Add checkbox to add it.
Highlight the existing host IP Address and check the Delete checkbox.
www.opennw.com
74
iConnectAccess621
Technical Reference
DMZ Configuration
Setting a computer (on your local network) as a De-Militarised Zone (DMZ) forwards any network traffic that is not redirected to another computer via the port-forwarding feature to the computer's IP address. This opens access to the DMZ computer from the Internet.
To Configure A DMZ:
From any screen in the web interface, step 1 step 2
Click Advanced, then click Port Forwarding.
From the Port Forwarding screen, click the DMZ link. The following appears: step 3 step 4 step 5 step 6 step 7
Check the Enable DMZ checkbox.
From the Select your WAN Connection drop-down list, select the connection type for which you wish to add the DMZ.
From the Select LAN Group: drop-down list, select the LAN group for which you wish to enable the DMZ.
Select the DMZ Host IP Address from the Select a LAN IP Address dropdown list. If your IP Address is not listed, click LAN Clients, and follow
instructions in To Add A LAN Client:.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
75
iConnectAccess621
Technical Reference
step 8
Click Save All to save the changes permanently.
The following table lists the DMZ Settings screen fields and their definitions:
Field
Enable DMZ
Select your WAN Connection
Select LAN Group:
Select a LAN IP Address
Description
Enables / Disables DMZ feature.
List of connections defined in the WAN Setup.
Select the LAN Group for which you wish to enable the
DMZ from the drop-down list.
Host computer to act as the DMZ.
www.opennw.com
76
iConnectAccess621
Technical Reference
IP Filters
IP Filters allow you to block network access based on a user’s computer IP Address on the local LAN. You can use this option to block specific traffic (eg, to block web access) or any traffic from a computer on your local network. If the traffic type is set to Any, all network traffic from that computer will be blocked. You can also add / edit / delete IP
Filter rules without using the pre-defined rules. Click Custom IP Filters to access this interface.
To Configure IP Filtering:
From any screen in the web interface, step 1
Click Advanced, then IP Filters. The following appears: step 2
From the LAN IP drop-down list, select the IP Address for which you wish to apply the rule. If your IP address is not listed, click the New IP button, and
following the instructions in To Add A LAN Client:.
NOTE:
It is recommended that Static IP Addresses rather than DHCP IP
Addresses be used for IP Filtering.
step 3 step 4 step 5
In the Category area of the screen, highlight the appropriate radio button for the category. The Available Rules area displays common Internet services within the category selected. Rules for each service can be viewed by clicking the View button.
To add a rule for this connection, highlight the service or application from the
Available Rules window, then click Add. The rule then appears in the
Applied Rules area of the screen.
Click Apply, then click Save / Restart Menu. The following appears: www.opennw.com
77
iConnectAccess621
Technical Reference
step 6
Click Save All to save the changes permanently.
The following table lists the IP Filtering screen fields and their definitions:
Field Description
Select LAN Group
LAN IP
Select a LAN (as specified in the LAN Configuration screen) from the drop-down list.
This is the server IP address to which Ports are forwarded. It is recommended that you use a static IP address for Server. This address will need to be defined in the
LAN Clients screen. See To Add A LAN Client:
Block All Traffic
This option blocks all IP traffic from the specified LAN IP Address.
Block Outgoing Ping
This option blocks ICMP traffic from the specified LAN IP Address.
A number of pre-defined categories and rules are available here. E.g.: Web servers specifies the following port forwarding profile:
Category/Available
Rules
Applied Rules
Custom Rules
To view the details of a pre-defined rule, click View.
This specifies the applied IP filtering rule for the selected LAN IP Address.
You can specify custom IP Filtering rules by clicking the Custom IP Filters button.
www.opennw.com
78
iConnectAccess621
Technical Reference
Tools
The Tools tab of the iConnectAccess621 web interface allows you to customise and debug your iConnectAccess621, update the firmware and perform network diagnostics.
Its options include:
Remote Log;
User Management;
Update Firmware;
Ping Test;
Modem Test;
Save / Restart.
www.opennw.com
79
iConnectAccess621
Technical Reference
Remote Log
Remote Log enables logging in information to be sent to an external Syslog server. This allows for logging information to be retained for an extended period, depending on the capacity of the Syslog server.
When selecting a logging level, Panic will log only major events, where Info will log all events from Panic to Info.
From any screen in the web interface, step 1
Click Tools, then Remote Log. The following screen appears: step 2 step 3 step 4 step 5
From the Log Level drop-down list, select the category at which a remote log is activated. The options are: Panic, Alert, Critical, Error, Warning Notice,
Information or Debug.
Enter the IP address to which the log will be sent in the Add an IP Address: field, then click Add.
From the Select a logging destination: drop-down list, select the IP address of the logging destination.
Click Apply, then Save / Restart Menu link. The following appears: www.opennw.com
80
iConnectAccess621
Technical Reference
step 6
Click Save All to save the changes permanently.
The following table lists the Remote Log Settings screen fields and their definitions:
Field
Log Level
Add an IP Address
Select a logging destination
Description
Select the level of logging required. The selected option will include the following: Panic, Alert, Critical, Error, Warning
Notice, Information or Debug.
The Syslog Server IP Address.
When an IP Address is added it appears in this field. Select the IP Address to change level or remove.
www.opennw.com
81
iConnectAccess621
Technical Reference
User Management
You can change your iConnectAccess621’s username and password by clicking User
Management from the Tools menu list. From here you can change the login name and password. You can also change the idle timeout; you will need to log back onto the iConnectAccess621 once the timeout expires.
To Change The iConnectAccess621 Password:
From any screen in the web interface, step 1
Click Tools, then User Management from the menu list. The following screen appears: step 2 step 3 step 4 step 5 step 6
Enter a user name for the root user in the User Name field.
Enter a password for the root user in the Password field.
Confirm the password by re-typing it in the Confirmed Password field.
If you wish to change the idle timeout, enter a new timeout in minutes in the
Idle Timeout field.
Click Apply, then the Save / Restart Menu link. The following appears: www.opennw.com
82
iConnectAccess621
Technical Reference
step 7
Click Save All to save the changes permanently.
NOTE:
If you forget your password, press and hold the reset to factory defaults button for 10 seconds (or more). The iConnectAccess621 will reset to its factory default configuration and all customised configurations will be lost.
www.opennw.com
83
iConnectAccess621
Technical Reference
Update Gateway
To Upgrade The iConnectAccess621 Firmware:
From any screen in the web interface, step 1
Click Tools, then Update Gateway from the menu list. The following screen appears: step 2 step 3 step 4
In the Update Gateway screen, click the Browse button beside the Select A
File field to search for the new firmware. Ensure the upgrade file is in *.img format.
In the Choose File window, select the file and click Open.
Click Update Gateway.
NOTE:
The firmware upgrade should take around five minutes to complete. Once complete, the iConnectAccess621 will reboot, and you will then need to log back into it. Do not remove power from the iConnectAccess621 during the firmware upgrade procedure.
www.opennw.com
84
iConnectAccess621
Technical Reference
Ping Test
Ping is a diagnostic tool used to test connectivity between IP Hosts. When a Ping test is conducted, a small amount of data is sent from one computer to another and back again, and the time it takes is reported in milliseconds. This can be used on a LAN or across the Internet.
Once you have configured your iConnectAccess621, it is a good idea to ensure you can
Ping a network device. If your ISP has provided its gateway address, you can try to ping this address. If the Pings for both the WAN and LAN side complete and you have the proper protocols configured, you will be able to surf the Internet.
To Perform A Ping Test:
From any screen in the web interface, step 1
Click the Tools tab, then click Ping Test. The following screen appears: step 2 step 3 step 4
Enter the target address to be pinged in the Enter IP Address to ping field.
In the Packet size field, enter the required packet size or leave at the default.
In the Number of echo requests field, enter the number of echo requests, then click Test. The iConnectAccess621 will ping the specified address, and you will be able to see the results in the display area beneath the Test button.
The following table lists the Ping Test screen fields and their definitions:
Field
Enter IP address to ping
Packet size
Number of echo requests
Description
This is the IP address of the destination device that you want to ping. If the ping is successful, it means that the iConnectAccess621 has IP connectivity to this device.
The packet size can be defined for the Ping request.
The number of ping packets that you want to send in the sequence.
www.opennw.com
85
iConnectAccess621
Technical Reference
Modem Test
The Modem Test menu item allows you to check whether your iConnectAccess621 is properly connected to the WAN Network. There are four test types, each of which may take a few seconds to complete.
The OAM loopback cells are used to verify the connection between the iConnectAccess621 and the ATM network. For the iConnectAccess621, OAM loopback provides a valuable tool for diagnosing problems with the DSL line.
Before you attempt any of these modem tests, ensure the following:
Your DSL Provider / ISP supports them;
You have a valid DSL link.
To Perform A Modem Test:
From any screen in the web interface, step 1
Click the Tools tab, then click Modem Test. The following screen appears: step 2 step 3
Select your connection from the list.
Select the type of test to perform from the Test Type drop-down list, then click Test.
www.opennw.com
86
iConnectAccess621
Technical Reference
The following table lists the Modem Test screen Test Type field and its definitions:
Field
Test Type
Options
F5 End
F5 Seg
F4 End and F4 Seg
Tests
Description
Connectivity to the BRAS server can be verified by initiating a F5 Seg loopback via the DSLAM and to the authentication server.
Lost and corrupted ATM cells can be quickly ruled out in the field by initiating a F5 Seg loopback (also known as
ATM ping) to the DSLAM and have the DSLAM respond by looping back the OAM cells. By ruling out problems with the ATM Layer, the service provider can then focus on examining higher layer protocols and other configurations to isolate the problem.
You can perform two types of OAM F4 Tests:
Segment—the end of a connection segment
End-to-end—the end of a VC/VP connection where the
ATM cells are terminated www.opennw.com
87
iConnectAccess621
Technical Reference
Save / Restart
To make changes permanent on the web interface you need to click the Save / Restart
Menu link from the menu list. The following commands are used to configure the iConnectAccess621:
The following table lists the Save / Restart Menu screen buttons and their definitions:
Field
Save All
Description
Click this button to save the current configuration of the iConnectAccess621 permanently. If you do restart the system without saving your configuration, the iConnectAccess621 will revert back to the previously saved configuration.
Click this button to re-start the system. If you have not saved your configurations, the iConnectAccess621 will revert back to the previously saved configuration upon re-starting.
Restart
Restore Defaults
NOTE:
Connectivity to the unit will be lost. You can reconnect after the unit reboots.
Click this button to restore the factory default configuration.
NOTE:
Connectivity to the unit and all configuration will be lost. You can reconnect after the unit reboots.
www.opennw.com
88
iConnectAccess621
Technical Reference
Status
The Status tab of the iConnectAccess621 web interface allows you to view the
Status/Statistics of different connections and interfaces, and consists of the following:
Network Statistics;
Connection Status;
DHCP Clients;
Modem Status;
Product Information;
System Log.
www.opennw.com
89
iConnectAccess621
Technical Reference
Network Statistics
The Network Statistics area will show you details of transmitted and received packets.
To View Network Statistics:
From any screen in the web interface,
Click the Status tab, then click Network Statistics. A screen with details similar to those below appears:
In the Network Statistics screen, highlight the appropriate radio button corresponding to view network statistics for Ethernet, USB or DSL.
Click Refresh.
www.opennw.com
90
iConnectAccess621
Technical Reference
Connection Status
The Connection Status screen displays a status summary of the ADSL connection.
To View Connection Status:
From any screen in the web interface,
Click the Status tab, then click Connection Status. A screen with details similar to those below appears:
Click Refresh when you wish to update the details on the screen.
The following table lists the Connections screen fields and their definitions:
Field
Description
Type
IP
State
Online
Disconnect Reason
Description
This is the name of the connected ADSL profile.
Authentication type of the ADSL connection is listed here. E.g.: PPPoE, PPPoA,
Static etc:
The WAN IP Address is displayed here when the connection is established.
ADSL connection status is displayed here. This is the connection between your iConnectAccess621 and the DSLAM at your ISP. In normal operation, this must be connected.
The duration of the Internet connection time for the Connection type specified.
If the connection is not active, the reason for disconnection is displayed here.
www.opennw.com
91
iConnectAccess621
Technical Reference
DHCP Clients
Select the DHCP Clients menu item from the Status menu list to view the list of DHCP clients on your LAN.
To View DHCP Clients:
From any screen in the web interface,
Click the Status tab, then click DHCP Clients.
A screen with similar details to those shown below appears:
From the Select LAN drop-down list, select the LAN computer whose
DHCP details you wish to view.
Click Refresh when you wish to update the details on the screen.
www.opennw.com
92
iConnectAccess621
Technical Reference
Modem Status
Select the Modem Status menu item from the Status menu list to view the Status and
Statistics of your broadband (DSL) connection.
To View The Modem Status:
From any screen in the web interface,
Click the Status tab, then click Modem Status. A screen with details similar to those below appears:
Click Refresh when you wish to update the details on the screen.
www.opennw.com
93
iConnectAccess621
Technical Reference
Product Information
You can verify product information such as model, driver, hardware and software versions in the Product Information area of the web interface.
To View iConnectAccess621 Product Information:
From any screen in the web interface,
Click the Status tab, then click Product Information. A screen with details similar to those below appears: www.opennw.com
94
iConnectAccess621
Technical Reference
System Log
You can view all logged information in the System Log area of the web interface.
To Display The iConnectAccess621 System Log:
From any screen in the web interface,
Click the Status tab, then click System Log. A screen with details similar to those below appears:
Click Refresh when you wish to update the details on the screen.
www.opennw.com
95
iConnectAccess621
Technical Reference
Index
621 Ports And Buttons
DC, 8
Ethernet, 8
Reset, 8
Advanced Security Features
Incoming ICMP Ping, 72
Advanced Tab, 47
Bridge Filter Rules, Hidden, 61
Bridge Filters, 59
Dynamic Routing, Enabling, 66
Firewall, 68
IP QoS, Configuration Of, 53
LAN Clients, Adding, 57
Multicast, Enabling, 62
SNMP Configuration Of, 51
Static Routing, Enabling, 64
UPnP, 47
Ethernet Configuration
Windows 2000 / XP, 13
Windows 98 Second Edition / ME, 12
Ethernet Network Card, Configuration Of,
11
Firewall
Access Control, 73
DMZ, Configuration Of, 75
IP Filters, 77
Port Forwarding, 68
Front LED Panel, 10
Home Tab, 19 iConnectAccess621 Log In, 18 iConnectAccess621 Ports and Buttons, 8 iConnectAccess621 Ports And Buttons
ADSL, 8
USB, 8 iConnectAccess621, Installation Of, 11 iConnectAccess621, Setting Up, 17
LAN Configuration
Management IP Configuration, 24
LAN, Configuration Of, 21
Modem Set Up
ADSL Handshake, 45
Setting Up Your iConnectAccess621
Default Settings, 17
Status Tab, 89
Connection Status, 91
DHCP Clients, 92
Modem Status, 93
Network Statistics, 90
Product Information, 94
System Log, 95
Tools Tab, 79
Gateway Upgrade, 84
Modem Test, 86
Ping Test, 85
Save / Restart, 88
User Management, 82
USB Device, Installation Of, 11
USB Driver, Installation Of, 14
USB Installation
Windows 2000, 15
Windows 98 SE, 14
Windows ME, 15
USB Installation Windows XP, 16
WAN Configuration
Bridged Connection Type, 33
Classical IP Over ATM (CLIP)
Connection, 42
Connection, Modification Of, 44
DHCP Connection, 39
PPPoA Connection, 30
PPPoE Connection, 27
Static Connection, 36
WAN, Configuration Of, 26 www.opennw.com
96
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
