Netopia Netopia-3000 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Netopia

Netopia-3000

Page 16 / 161 Scroll up to view Page 11 - 15

Section 3

General

Local Area Network

DHCP (

Dynamic Host Conﬁ

guration Protocol

)

Server

DHCP Server functionality enables the Gateway to assign your LAN com-

puter(s) a “private” IP address and other parameters that allow network

communication. The default DHCP Server configuration of the Gateway

supports up to 253 LAN IP addresses.

This feature simplifies network administration because the Gateway main-

tains a list of IP address assignments. Additional computers can be added

to your LAN without the hassle of configuring an IP address.

DHCP (

Dynamic Host Conﬁ

guration Protocol

)

Relay Agent

DHCP Relay functionality enables the Gateway to forward a DHCP client

request to a specified DHCP Server. This assigned DHCP Server will reply to

the request with an IP address and other network parameters.

DNS Proxy

Domain Name System (DNS) provides end users with the ability to look for

devices or web sites through the use of names, rather than IP addresses.

For websurfers, this technology allows a user to enter the URL (Universal

Resource Locator) text string to access a desired website. Each text string

identifier has an associated IP address, a series of numbers in the format of

xxx.xxx.xxx.xxx (e.g. 147.240.101.006). It is DNS servers that are respon-

sible for this text-to-IP Address translation. DNS Servers, in most cases, are

located at Internet Service Provider facilities. They translate domain names

into the desired IP address for locating an Internet website by answering

DNS requests.

The Cayman DNS Proxy feature allows the LAN-side IP address of the Gate-

way to be used for proxying DNS requests from hosts on the LAN to the

DNS Servers configured in the gateway. This is accomplished by having the

Gateway's LAN address handed out as the “DNS Server” to the DHCP cli-

ents on the LAN.

The Cayman DNS Proxy only proxies UDP DNS queries, not TCP DNS

queries.

Downloaded from

www.Manualslib.com

manuals search engine

Page 17 / 161

Section 3

General

Wide Area Network

DHCP (

Dynamic Host Conﬁ

guration Protocol

) Client

DHCP Client functionality enables the Gateway to request an IP address

from your Service Provider. DHCP servers on your Service Provider’s net-

work reply to DHCP Client requests and assign the network parameters.

PPPoE (

Point-to-Point Protocol over Ethernet

)

The PPPoE specification, incorporating the PPP and Ethernet standards,

allows your computer(s) to connect to your Service Provider’s network

through your Ethernet WAN connection. The Netopia Cayman-series Gate-

way supports PPPoE, eliminating the need to install PPPoE client software

on any LAN computers.

Service Providers may require the use of PPP authentication protocols such

as Challenge Handshake Authentication Protocol (CHAP) or Password

Authentication Protocol (PAP). CHAP and PAP use a username and pass-

word pair to authenticate users with a PPP server.

A CHAP authentication process works as follows:

The password is used to scramble a challenge string.

The password is a shared secret, known by both peers.

The unit sends the scrambled challenge back to the peer.

PAP, a less robust method of authentication, sends a username and pass-

word to a PPP server to be authenticated. PAP’s username and password

pair are not encrypted, and therefore, sent “unscrambled”.

Instant-On PPP

You can configure your Gateway for one of two types of Internet connec-

tions:

•

Always On

•

Instant On

These selections provide either an uninterrupted Internet connection or an

as-needed connection.

While an Always On connection is convenient, it does leave your network

permanently connected to the Internet, and therefore potentially vulnera-

ble to attacks.

Cayman's Instant On technology furnishes almost all the benefits of an

Always-On connection while providing two additional security benefits:

•

Your network cannot be attacked when it is not connected.

Downloaded from

www.Manualslib.com

manuals search engine

Page 18 / 161

Section 3

General

•

Your network may change address with each connection making it

more difficult to attack.

When you configure Instant On access, you can also configure an idle

time-out value. Your Gateway monitors traffic over the Internet link and

when there has been no traffic for the configured number of seconds, it

disconnects the link.

When new traffic that is destined for the Internet arrives at the Gateway,

the Gateway will instantly re-establish the link.

Your service provider may be using a system that assigns the Internet

address of your Gateway out of a pool of many possible Internet addresses.

The address assigned varies with each connection attempt, which makes

your network a moving target for any attacker.

Static IP Addresses

If your Service Provider requires the Cayman Gateway to use Static IP

addressing, you must configure your Gateway for it. Dynamically assigned

addresses allow a service provider’s customer to install their Gateway with-

out WAN configuration. Static addresses never time out; dynamic

addresses time out and will be reassigned.

A static IP address is preferred for setting up and maintaining pinholes

through the Cayman Gateway’s NAT security facility.

Your Service Provider may not offer a static IP address option.

IPMaps

IPMaps supports one-to-one Network Address Translation (NAT) for IP

addresses assigned to servers, hosts, or specific computers on the LAN side

of the Cayman Gateway.

With IPMaps, a Service Provider-assigned static IP address is mapped to a

specific internal device. This allows a LAN-located device to appear public

without compromising other locally attached devices. The external IP

addresses must be on the same subnet.

IPMaps is used for applications such as Web, email, and FTP servers.

See

How To: Configure for IPMaps

page 52

for more information.

Downloaded from

www.Manualslib.com

manuals search engine

Page 19 / 161

Section 3

General

Security

Password Protection

Access to your Cayman device is controlled through two access control

accounts,

Admin

User

•

The

Admin

, or administrative user, performs all configuration, manage-

ment or maintenance operations on the Gateway.

•

The

User

account provides monitor capability

only

A user may

NOT

change the configuration, perform upgrades or invoke

maintenance functions.

For the security of your connection, an Admin password must be set on the

Cayman unit.

Network Address T

ranslation (

The Cayman Gateway Network Address Translation (NAT) security feature

lets you conceal the topology of a hard-wired Ethernet or wireless network

connected to its LAN interface from routers on networks connected to its

WAN interface. In other words, the end computer stations on your LAN are

invisible

from the Internet.

Only a

single WAN IP address

is required to provide this security support

for your entire LAN.

LAN sites that communicate through an Internet Service Provider typically

enable NAT, since they usually purchase only one IP address from the ISP.

•

When NAT is

, the Cayman Gateway “proxies” for the end com-

puter stations on your network by pretending to be the originating host

for network communications from non-originating networks. The WAN

interface address is the only IP address exposed.

The Cayman Gateway tracks which local hosts are communicating with

which remote hosts. It routes packets received from remote networks to

the correct computer on the LAN (Ethernet A) interface.

•

When NAT is

OFF

, a Cayman Gateway acts as a traditional TCP/IP

router, all LAN computers/devices are exposed to the Internet.

A diagram of a typical NAT-enabled LAN is shown below:

Downloaded from

www.Manualslib.com

manuals search engine

Page 20 / 161

Section 3

General

A similar configuration applies to a DSL WAN interface (3220 family).

Cayman Advanced Features for NA

Using the NAT facility provides effective LAN security. However, there are

user applications that require methods to selectively by-pass this security

function for certain types of Internet traffic.

Cayman Gateways provide special pinhole configuration rules that enable

users to establish NAT-protected LAN layouts that still provide flexible by-

pass capabilities.

Some of these rules require coordination with the unit’s embedded admin-

istration services: the internal Web (HTTP) Port (TCP 80) and the internal

Telnet Server Port (TCP 23).

Internal Servers

Related to the pinhole configuration rules is an internal port forwarding

facility that enables you to:

•

Direct traffic to specific hosts/computers on the LAN side of the Gate-

way.

•

Eliminate conflicts with embedded administrative ports 80 and 23.

1. The default setting for NAT is

2. Cayman uses Port Address Translation (PAT) to implement the NAT

facility.

3. NAT Pinhole traffic (discussed below) is always initiated from the

WAN side.

WAN

Interface

LAN

Ethernet

Interface

Dual Ethernet Gateway

NAT

Internet

Embedded Admin Services

HTTP-Web Server and Telnet Server Port

NAT-protected

LAN stations

Cable

Modem

Ethernet

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular Netopia Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share