Efficient Networks SpeedStream 5100 Series User Manual

Efficient Networks SpeedStream 5100 Series User Manual

Efficient router user guide
Hide thumbs Also See for SpeedStream 5100 Series:
Table of Contents

Advertisement

SpeedStream
Router

User Guide

Series: 5100, 5200, 5400, 5500
REV 2.1
Part No. 007-0820-003

Advertisement

Table of Contents
loading

Summary of Contents for Efficient Networks SpeedStream 5100 Series

  • Page 1: User Guide

    SpeedStream  Router User Guide Series: 5100, 5200, 5400, 5500 REV 2.1 Part No. 007-0820-003...
  • Page 2 Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Efficient Networks, Inc. shall not be liable for technical or editorial errors or omissions in this document; nor for incidental or consequential damages resulting from the furnishing, performance, or use of this material.
  • Page 3 Software License and Limited Warranty will remain in full force and effect. Any notices or other communications to be sent to EFFICIENT must be mailed by certified mail to the following address: Efficient Networks, Inc. 4849 Alpha Road Dallas, TX 75244 U.S.A.
  • Page 4: Table Of Contents

    1: I ...1 NTRODUCTION About the SpeedStream Router...1 Features and Benefits ...1 Firewall Security...2 Hardware Description...3 General Safety Guidelines...3 2: I ...4 NSTALLING THE OUTER Minimum System Requirements ...4 Hardware Installation ...4 Basic Installation Procedure...4 Recording System Settings...5 Installing Line Filters ...5 In-Line Filter...5 Wall-Mount Filter ...6 Two-to-One Adapter...6...
  • Page 5 Navigating the Web Interface...17 Table Navigation...19 Window Navigation ...19 5: C USTOMIZING OUTER ETTINGS PPP (Point-to-Point Protocol)...20 PPP Configuration Options ...20 Change PPP Settings ...21 User Profiles ...21 Open the Profile Wizard...21 Enable Profiling ...22 Delete a User Profile ...22 Add a New User Profile ...22 Select Content Filtering ...23 Enter a New URL Name or Tag ...23...
  • Page 6 Specify Connection Name ...33 Finish...34 Configure RFC-2684 Bridged/IP Protocol...34 Enter IP Information...34 Use PPPoE...34 Select Interface Options...35 Specify Connection Name ...36 Finish...36 Configure RFC-2684 Routed Protocol ...36 Enter IP Information...36 Select Interface Options...36 Specify Connection Name ...38 Finish...38 Configure PPPoE Protocol...38 Configure PPPoE / Client Only ...39 Select PPPoE Session Count ...39 Enter User Information ...39...
  • Page 7 Finish...54 Host ...55 Specify the Host Configuration Settings ...55 DHCP...55 IP Address Restrictions ...55 DHCP Configuration Options ...56 Configure DHCP ...57 Admin User (System Login)...58 Change the User Name or Password ...58 Time Client...58 Time Client Configuration Options...59 Configure the Time Client...59 Static Routes...59 Add a Static Route ...59 NAT/NAPT...60...
  • Page 8 Reset the Snooze Time interval ...67 DMZ Settings ...67 DMZ Configuration Options...67 Disable DMZ ...68 Enable DMZ ...68 Custom IP Filter Rules ...69 Clone a Rule Definition ...70 Clone a Rule Definition ...71 Create Custom IP Filter Rules ...71 Firewall Log ...73 ADS (Attack Detection System) ...73 Background...74 Types of Attack...74...
  • Page 9 ATM/AAL Status/Statistics ...84 DSL Status/Statistics ...84 Ethernet Status/Statistics ...85 USB Status/Statistics ...85 Routes ...85 7: U ...86 SING YSTEM OOLS Diagnostics...86 Interface Map...87 Reboot...87 Reset...87 Firmware Update...88 Update the Router Firmware ...88 8: T ...90 ROUBLESHOOTING Basic Troubleshooting Steps...90 Interpreting the LED Display...90 Resolving Specific Issues ...91 LEDs Not Lit...91 Login Password Error...91...
  • Page 10 Port Forwarding ...97 PPP Login ...97 RIP ...98 Static Route ...98 System Log...98 Time Client...99 UPnP ...99 B: T PPENDIX ECHNICAL PECIFICATIONS C: F PPENDIX IREWALL ECURITY D: A PPENDIX CRONYMS AND Acronyms ...104 Technical Concepts ...106 E: S PPENDIX IRTUAL ...114 NDEX...
  • Page 11: 1: Introduction

    (LAN) to the Internet. This manual covers the SpeedStream model series 5100, 5200, 5400 and 5500. Note About the SpeedStream Router Your SpeedStream router provides high-speed Internet and corporate network access to homes, networked home offices, and small offices.
  • Page 12: Firewall Security

    • Stateful Inspection Firewall that provides many security features such as blocking common hacker attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding. •...
  • Page 13: Hardware Description

    Hardware Description The appearance of your router may vary somewhat from the following images. Note SpeedStream 5100 Series (1 Ethernet port, no USB port) SpeedStream 5400 Series (4 Ethernet ports, no USB port) The LED display panel on the front of your SpeedStream router displays system power and port indicators that simplify installation and network troubleshooting.
  • Page 14: 2: Installing The Router

    Minimum System Requirements At a minimum, your computer must be equipped with the following. • For Ethernet port connectivity (5100, 5200, 5400, 5500 series): - A network interface card (NIC) that supports Ethernet 10/100Base-T full-/half-duplex - Operating system that supports TCP/IP - Microsoft Internet Explorer or Netscape Navigator versions 5.0 or later...
  • Page 15: Recording System Settings

    Recording System Settings Another important step is to record the current router configuration in the worksheets provided in Appendix A, “Configuration Data Sheets.” Although the router is already configured for your particular network, it is important to record this configuration in case it must be restored for any reason or if you make changes to the default settings and need to restore them at any point.
  • Page 16: Wall-Mount Filter

    Ethernet port, USB port, or both. Determine the cable to use for your physical connection, and then follow the instructions below for the appropriate installation method. SpeedStream 5100 series SpeedStream 5400 series SpeedStream Router User Guide...
  • Page 17: Ethernet Installation Method

    SpeedStream Router User Guide Some models may have a power switch on the router case, Note as illustrated: Ethernet Installation Method To connect the SpeedStream router via the Ethernet interface, your computer must have an Ethernet adapter (network interface card, or “NIC”) installed. If your computer does not have this adapter, you will need to install it before proceeding further.
  • Page 18: Usb Installation Method

    USB Installation Method • Ensure that your computer meets the minimum requirements for USB installation. • Make sure the router is not plugged in to the electrical outlet. • Connect the USB cable to the USB port at the rear of the router. •...
  • Page 19: 3: Configuring Computer Network Settings

    3: Configuring Computer Network Settings To access the Internet through the SpeedStream router, the TCP/IP protocol must be installed on your computer. If TCP/IP is not already installed on your computer, refer to your system documentation or online help for instructions. The default network settings for the SpeedStream router are: IP Address: 192.168.254.254...
  • Page 20 4. In the TCP/IP Properties dialog box, click the IP Address tab. 5. On the IP Address tab, make sure that Obtain IP address automatically and Detect connection to network media are selected. 6. Click the DNS Configuration tab. 7. On the DNS Configuration tab, make sure that Disable DNS is selected.
  • Page 21: Windows Nt 4.0

    Windows NT 4.0 1. On the Windows taskbar, click Start, then point to Settings, and then click Control Panel. The Windows Control Panel displays. 2. In Control Panel, double-click Network. The Network dialog box displays. 3. On the Protocols tab, select TCP/IP Protocol, and then click Properties.
  • Page 22: Windows 2000

    5. In the Microsoft TCP/IP Properties dialog box, click the DNS tab. 6. On the DNS tab, delete any IP addresses listed in the DNS Service Search Order box. 7. Click OK twice to save your settings. 8. Reboot your computer if prompted. Windows 2000 1.
  • Page 23: Windows Xp

    Your network adapter may differ Note from this illustration. 5. In the Internet Protocol (TCP/IP) Properties dialog box, make sure that Obtain IP address automatically and Obtain DNS server address automatically are selected. 6. Click OK twice to save your settings. 7.
  • Page 24: 4: Getting Started

    By this point, you should have completed the following: • Connected the router. • Verified that the TCP/IP protocol is installed on all computers in your network. (If you need to install TCP/IP, refer to your system documentation or Windows Help.) •...
  • Page 25: Entering The Network Password

    Username and password fields are case-sensitive. Each may consist of up to 64 Important! alphanumeric characters. Be sure to record your user name and password. You will need to use them when you log on again. 2. You may accept the default user name, admin, or enter a new user name in the User Name box.
  • Page 26: Logging In (After First Time)

    1. After you have logged on to the Web interface under either of these two conditions, the Enter Network Password window displays. Your site IP address may differ Note from this image. 2. In the Enter Network Password dialog box, enter your user name and password. 3.
  • Page 27: Logging Off

    To log in using UPnP: Your system display Note may vary somewhat from these screenshots. 1. Click the UPnP icon in the system tray. The Network Places window displays the SpeedStream Router icon. 2. Double-click the router icon. Your default Web browser opens.
  • Page 28 User Profile Wizard guides you through steps required to set up and User Profiles configure individual user profiles, allowing you to establish different permissions for different users. WAN Interface Configuration Wizard guides you through the steps WAN Interface required to set up and configure wide-area network settings. Enter host IP address and netmask, default router and host name.
  • Page 29: Table Navigation

    Perform DSL diagnostics. Diagnostics Access interface tools. Tools View current interface configuration. Interface Map Reboot router. Reboot Install updated system firmware. Update Table Navigation The SpeedStream Web management interface provides you with an additional “shortcut” means of accessing certain configuration windows in the Web Interface Configuration Wizard. Additional information on this feature is included in the next chapter under the WAN Interface heading.
  • Page 30: 5: Customizing Router Settings

    This section provides you with the information and procedures to customize various settings on your SpeedStream router. For ease of reference, each topic presents in the order you see it on the main menu under Setup. The line beneath the topic heading indicates that location in the main menu. ►...
  • Page 31: Change Ppp Settings

    Change PPP Settings 1. From the main menu, click Setup; then click PPP. The PPP Setup window displays. On the PPP Setup window, enter the user name and password. Enter/select the optional PPP options if desired. 4. Click Save Settings. The System Summary window displays.
  • Page 32: Enable Profiling

    Enable Profiling When you enable profiling, all users on your local area network (LAN) must log in with one of the created user profiles before they can “surf,” or access, the Internet. If you do not enable profiling, all computers on your LAN will have complete Internet access without any filtering controls.
  • Page 33: Select Content Filtering

    Select Content Filtering 1. On the Profile Content Filtering window, select the filter level: • Disable all URL filtering: Allows the user to have complete access to all Internet addresses. • Allow access to only URLs containing the following: Allows you to specify which Internet addresses this user can access.
  • Page 34: Delete A Url Name Or Tag

    Delete a URL Name or Tag 1. On the Profile Content Filtering w click Delete in the row of the URL you want to eliminate. The window refreshes to display the updated table. 2. Repeat for any other URL names or tags you wish to delete.
  • Page 35: Enter Constant Ip Address

    Enter Constant IP Address The Profile Constant IP Address window allows you to require that the profile login window display for a certain IP address, thereby simplifying surfing and minimizing login prompts. For example, you can set a static IP address on a network computer, and then enter that IP address as the constant IP for a specific user profile.
  • Page 36: Select Content Filtering

    2. On the Profile User Information window, change the user name and/or password for this profile. • To change the user name for this profile, double-click in the Username text box to select the current name; then type the new name. •...
  • Page 37: Edit An Existing Url Name Or Tag

    The information you entered displays in the last non-highlighted table row. 3. Continue making any other revisions on this window. - or - If no other changes to this user profile, click Finish to display the updated information in the Current Profiles window.
  • Page 38: Assign Permissions

    Assign Permissions From the Profile Configuration Access window, you can add, change or delete the specific permissions specific for this user profile. Only permissions available to this user profile will be available. 1. Click to select or deselect each item separately. - or - To select all items, click All Items.
  • Page 39: Finish

    1. On the Profile Constant IP Address window, enter a new static IP address or change the current address. 2. To finish configuring this user profile, click Next. Finish Now that you have successfully configured the profile for this user, you can return to the Current Profiles window to configure another user;...
  • Page 40: Access The Wan Interface Configuration Wizard

    • Reset/Clear: Some windows may have a Reset or Clear button that deletes any information you entered, allowing you to begin again. Access the WAN Interface Configuration Wizard • On the main menu, click WAN Interface. The WAN Interface Configuration Wizard | Current Configuration window displays.
  • Page 41: Table Navigation

    Add a New Virtual Connection (VC) Table Navigation This feature provides additional navigation via a table at the bottom of the windows. The data in the table acts as a shortcut to the window that allows you to configure that element. Click: To display this window: ATM Settings...
  • Page 42: Select Wan Protocol

    • Encapsulation Type VCMUX Traffic Class - Unspecified Bit Rate - Constant Bit Rate - Variable Bit Rate (Non Real Time) - Variable Bit Rate (Real Time) • Traffic Description Information (optional) 2. To continue to the Protocol Selection window, click Next. Select WAN Protocol 1.
  • Page 43: Configure Rfc-2684 Bridged Protocol

    - Bridged Mode: Passes PPPoE traffic through to the LAN; user runs Ethernet or another PPPoE client on the computer to maintain the PPP connection. - 2684 Bridge Mode: Concurrently runs PPPoE with a 2684 Bridge on the same virtual connection. - 2684 Bridge/IP Mode: Concurrently runs PPPoE with 2684 Bridge/IP on the same virtual connection.
  • Page 44: Finish

    Finish • On the VC Wizard window, click Finish. The Current Configuration window displays the new connection information. Configure RFC-2684 Bridged/IP Protocol RFC-2684 Bridged/IP is a bridged connection wherein the router accepts RFC-2684 encapsulated traffic from the WAN. Unlike RFC-2684 Bridged protocol, however, the WAN interface has an IP address and handles the traffic, routing only relevant data on to the appropriate LAN interface(s).
  • Page 45: Select Interface Options

    Select Interface Options 1. On the Interface Options window, select the desired options: • Use Firewall: Enable firewall protection. • Use Attack Detection System: Enable WAN attack protection. • Use Universal Plug-n-Play: Enable devices to discover and control each other via UPnP over the network. •...
  • Page 46: Specify Connection Name

    - NAT & NAPT: Enable concurrent NAT and NAPT Depending on your configuration, NAT is sometimes enabled by default. Disable NAT only in Note advanced situations where your ISP has assigned static IP addresses. 2. To continue to the Connection Name window, click Next. Specify Connection Name 1.
  • Page 47 • Use Firewall: Enable firewall protection. • Use Attack Detection System: Enable WAN attack protection. • Use Universal Plug-n-Play: Enable devices to discover and control each other via UPnP over the network. • RIP: Routing Information Protocol (For more information, see page 83.) - Version 1: Allows RIP version 1 to be transmitted/received on the...
  • Page 48: Specify Connection Name

    2. To continue to the Connection Name window, click Next. Specify Connection Name 1. On the Connection Name window, enter a name for the new connection. 2. To complete the configuration process for the RFC-2684 Routed protocol, click Next. The VC Wizard window displays. Finish •...
  • Page 49: Configure Pppoe / Client Only

    If you selected: Go to: Client pg. 38 Bridge pg. 41 Configure PPPoE / Client Only This mode terminates the PPP traffic and passes on pure Ethernet to the LAN. • On the PPPoE Type window, select Client only. The PPPoE Session Count window displays Select PPPoE Session Count •...
  • Page 50: Enter Static Ip Address

    • Use Idle Timeout: If the connection sits without transmitting for the specified time, the router will log out the PPP connection. This helps relieve Internet congestion at the ISP level. The SpeedStream router also provides a Connect on Demand feature wherein the router automatically reconnects when you attempt to use the WAN connection.
  • Page 51: Specify Connection Name

    - Active Mode: In enabled, the router will receive routing updates on the selected interface and will broadcast regular routing updates to other routers. If not enabled (default), the router will receive routing updates on this interface, but will not broadcast routing tables. •...
  • Page 52: Select Interface Options

    Select Interface Options 1. On the Interface Options window, select the desired options: • Use Firewall: Enable firewall protection. • Use Attack Detection System: Enable WAN attack protection. • Use Universal Plug-n-Play: Enable devices to discover and control each other via UPnP over the network. •...
  • Page 53: Specify Connection Name

    Depending on your configuration, NAT is sometimes enabled by default. Disable NAT only in Note advanced situations where your ISP has assigned static IP addresses. 2. To continue to the Connection Name window, click Next. Specify Connection Name 1. On the Connection Name window, enter a name for the new connection.
  • Page 54 • Use Firewall: Enable firewall protection. • Use Attack Detection System: Enable WAN attack protection. • Use Universal Plug-n-Play: Enable devices to discover and control each other via UPnP over the network. • RIP: Routing Information Protocol (For more information, see page 83.) - Version 1: Allows RIP version 1 to be transmitted/received on the...
  • Page 55: Specify Connection Name

    Note Depending on your configuration, NAT is sometimes enabled by default. Disable NAT only in advanced situations where your ISP has assigned static IP addresses. 2. To continue to the Connection Name window, click Next. Specify Connection Name 1. On the Connection Name window, enter a name for the new connection.
  • Page 56: Enter Static Ip Address

    error is resolved. This is like an “always on” WAN connection. • Use Idle Timeout: If the connection sits without transmitting for the specified time, the router will log out the PPP connection. This helps relieve Internet congestion at the ISP level. The SpeedStream router also provides a Connect on Demand feature wherein the router automatically reconnects when you attempt to use the WAN connection.
  • Page 57: Specify Connection Name

    interface. - Active Mode: In enabled, the router will receive routing updates on the selected interface and will broadcast regular routing updates to other routers. If not enabled (default), the router will receive routing updates on this interface, but will not broadcast routing tables. •...
  • Page 58: Configure Pppoe / Pppoe Bridge Protocol

    Configure PPPoE / PPPoE Bridge Protocol This mode concurrently runs PPPoE with 2684 Bridge/IP on the same virtual connection. • On the PPPoE Type window, select PPPoE Bridge. The PPPoE with Bridge window displays. Use PPPoE with Bridge 1. On the PPPoE with Bridge window, specify whether the virtual circuit (VC) should also use a 2684 Bridged connection.
  • Page 59: Specify Connection Name

    - Version 1: Allows RIP version 1 to be transmitted/received on the selected interface. Currently, RIPv1 is seldom used, but supported on the SpeedStream router. - Version 2: Allows RIP version 2 to be transmitted/received on the selected interface. This would be the most common choice.
  • Page 60: Select Pppoe Session Count

    2. To continue to the PPPoE Session Count window, click Next. The VC Wizard window displays. Select PPPoE Session Count • On the PPPoE Session Count window, select from 1 to 4 connections; then click Next. The User Information window displays. The process will repeat for each Note session you need to configure.
  • Page 61: Enter Static Ip Address

    Enter Static IP Address 1. On the PPP Static IP window, you may enter a static IP address if your service provider has assigned one (not required). 2. To continue to the Interface Options window, click Next. Select Interface Options 1.
  • Page 62: Specify Connection Name

    - Disabled: Disable both NAT and NAPT (for example, if setting up static routes). - NAT: Enable NAT only and specify the destination IP address for incoming packets on the selected WAN interface. - NAPT: Enable NAPT only to handle multiple addresses based on port forwarding rules. - NAT &...
  • Page 63: Select Ppp Options

    Select PPP Options 1. On the PPP Options window, select one or multiple setting(s): • Dial-up Only: Only active when you manually connect. • Autoconnect on Disconnect: If the connection gets dropped (line error, router reboot, DSL line drop, etc.), the PPP client automatically attempts to reconnect as soon as the error is resolved.
  • Page 64: Specify Connection Name

    - Version 1: Allows RIP version 1 to be transmitted/received on the selected interface. Currently, RIPv1 is seldom used, but supported on the SpeedStream router. - Version 2: Allows RIP version 2 to be transmitted/received on the selected interface. This would be the most common choice.
  • Page 65: Host

    Host ►Setup | Host The Host Configuration window allows you to change the host IP address, netmask, default router and host name. The information in this section is auto-generated and should not be changed unless your ISP directs you to do so; for example, if you have been assigned a static IP address. Specify the Host Configuration Settings 1.
  • Page 66: Dhcp Configuration Options

    as the Default Router IP address, Primary or Secondary DNS IP addresses, and Primary or Secondary Relay IP addresses. • Commonly used non-Internet routed IP address ranges include: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 DHCP Configuration Options •...
  • Page 67: Configure Dhcp

    the end of the lease period, the DHCP client will transmit a request to the server to extend the lease, at which time the server will extend the lease period of the IP address assigned to the client. If the lease period expires without the server receiving a request from the client to extend the lease, the server will assume that the client's connection no longer exists, and the server will release the IP address assigned to the client and return the address back to the pool of available addresses.
  • Page 68: Admin User (System Login)

    Admin User (System Login) ►Setup | Admin User After you have initially set your user name and password, the System Status window will display the next time you log on to the Web interface. To change the system user name and/or password, you must open the Administrative User Setup window from the main menu.
  • Page 69: Time Client Configuration Options

    Time Client Configuration Options • Primary Server IP Address Specifies the primary IP address of a “well-known” Network Time Protocol Server (NTPS). • Secondary Server IP Address Specifies the secondary IP address of a “well-known” NTPS. If the router does not receive a response from the primary NTPS, it will switch to the secondary.
  • Page 70: Nat/Napt

    6. To create the static route from your settings, click Set Route. NAT/NAPT ►Setup | NAT/NAPT The SpeedStream router provides you with several options for using Network Address Translation (NAT) and Network Address Port Translation (NAPT): • Use NAT and specify the destination IP address for incoming packets on the selected WAN interface. •...
  • Page 71: Disable Both Nat And Napt

    Disable Both NAT and NAPT 1. In the WAN interface row under NAT and NAPT Disabled, select yes. 2. To save the setting, click Apply. - or - To clear your selection, click Reset. Enable NAT Only and Specify a Destination IP Address 1.
  • Page 72: Map A New Public Ip Address

    The Current Public/Private IP Address Map table allows you to define the mapping of public IP addresses, supplied by your service provider, to the private IP addresses used on your local LAN. If you enable concurrent NAT/NAPT, you must define at least one entry in the Current Note Public/Private IP Address Map table.
  • Page 73: Port Forwarding

    • Cancel: Discards any changes, maintaining the current configuration, and changes the Edit #n label back to Add. • Reset: Discards your changes and returns to the previous settings. • Delete: * Removes the corresponding entry from the table. • Delete All: * Removes all entries from the table.
  • Page 74: Edit An Existing Port Forwarding Configuration

    Edit an Existing Port Forwarding Configuration 1. On the main menu, click Setup, and then click Port Forwarding. The Port Forwarding Configuration window displays. 2. In the Current Port Forwarding Configuration table, click Edit in the row that you wish to reconfigure. The Add/Edit Entry data refreshes and displays the current configuration for the selected protocol.
  • Page 75: Manage Network Address Port Mappings Through Upnp

    Manage Network Address Port Mappings through UPnP If you have enabled UPnP on the SpeedStream router, you can use UPnP to manipulate the NAPT port mappings. This is effectively the same as if you had logged into the router’s Web management interface through your Internet browser.
  • Page 76: Firewall Security Levels

    Firewall Security Levels The SpeedStream router is shipped with a set of preconfigured firewall database rules grouped into levels, allowing you to easily configure the firewall. The default set of levels include: • Off: No restrictions are applied to either inbound or outbound traffic. Translation (NAPT) functionality is disabled - there is no address/port translation.
  • Page 77: Firewall Snooze Control

    Firewall Snooze Control The firewall supports a Snooze feature by which , the firewall can be made to temporarily “sleep,” or go into an Off state, for a specified period. The firewall will restore itself to its previous state after the specified time period elapses.
  • Page 78: Disable Dmz

    In order for this feature to work effectively, you need to set the host name of each of the hosts running DHCP. In Windows, this is called “Computer Name” and is set in a variety of places, depending on the operating system you are running. (Please refer to your Windows documentation or Windows online Help for specific instructions on designating the computer name.) •...
  • Page 79: Custom Ip Filter Rules

    machine that will be accessible to inbound traffic. - or - Select Enable DMZ with this Host name; then select the host name from the drop-down list. 3. Select how long you want the settings to remain permanently, until the next reboot, or for a specified number of minutes.
  • Page 80: Clone A Rule Definition

    SpeedStream Router User Guide...
  • Page 81: Clone A Rule Definition

    Clone a Rule Definition You can create a new set of custom IP filter rules from one of the existing preconfigured firewall levels.) 1. In the Clone Rules Definitions box, select the firewall level to copy. 2. Click Clone Rule Set. The Rules table refreshes to display the new rules for that level.
  • Page 82 Step 3: Select a protocol to filter. 1. In the Select by Name list box, select the protocol name. - or - In the Select by Number text box, enter the protocol number. 2. Depending on the protocol, select the applicable rule options: •...
  • Page 83: Firewall Log

    Firewall Log When the Attack Detection System (ADS) is enabled, various checks are performed, according to the criteria you designate. For example: 1. If an attack is detected, that information can be displayed in the Firewall Log. 2. Any denials of access by the firewall can be logged with a reason code and a description string. 3.
  • Page 84: Background

    Packets with spoofed source addresses are commonly sent to smaller hosts, not with the intent of • bringing down a particular computer, but rather to take down a large host through a mechanism called Distributed Denial of Service (DDoS). In this situation, when a huge number of computers are used to request services, those services are rendered unavailable because of the traffic load.
  • Page 85: Ads Configuration Options

    enough data to flood a large Internet host’s connection, a would-be attacker instead “convinces” hundreds or thousands of other hosts to do it for him. This is called a Distributed Denial of Service (DDoS). Several viruses can turn a host into a remote-controlled “zombie,” although some attacks can simply use a host’s network stack to do the job if it is too trusting.
  • Page 86: Enable Ads

    • TCP Xmas Flags: The TCP Xmas flag configuration is an invalid combination of the FIN, URG and PUSH flags. This packet can cause some hosts to crash. • Fragmented TCP Packet: As discussed in the Invalid IP Packet Fragment description, packets may be fragmented in transit. While it is entirely valid to fragment a TCP packet, this is rarely done because of a process called “MTU discovery”...
  • Page 87: Globally Enable Ads

    Globally Enable ADS To globally enable ADS without losing any of the individual packet types: • Select Enable Attack Detection. Filter a Packet Type To filter, or drop, a packet type: • Select Filter to the right of the desired option. Log a Packet Type to the Firewall Event Log •...
  • Page 88: Configure Upnp Settings

    • Read-only mode: Restricts the kind of access a UPnP client can have into the router. Only requests in the UPnP protocol that query the status of the router are allowed. Any requests that could potentially modify the router’s behavior are blocked. Configure UPnP Settings 1.
  • Page 89: Rip Configuration Options

    to decide which interface will carry the outbound IP packet. If all routes in the routing table fail, the router will forward the IP packet to its default route. When the router boots up, it will broadcast its routing table on configured interfaces; i.e., it shares its routing table with other routers that support RIP. This broadcast occurs about every 30 seconds.
  • Page 90: Dynamic Dns

    Note New port values that may be specified for these LAN servers are restricted. The new port value must be in the range 1024-59999. Port values below 1024 are reserved for well-known port values, and values above 60000 are used for port forwarding. To specify server port numbers: 1.
  • Page 91: Configure Dynamic Dns

    Configure Dynamic DNS 1. From the main menu, click Setup, and then click Dynamic DNS. The Dynamic DNS Configuration window displays. 2. Click Enable. 3. Enter the Service Username, Service Password, and Host Name(s). 4. Click Apply. The router will save your configuration and automatically contact the Dynamic DNS Service with updates.
  • Page 92: 6: Viewing Status And Statistics

    The SpeedStream router Web management interface provides several windows from which you can monitor various system status and statistics: • The System Summary displays router and PPP connection(s) information. • The System Log displays system activity • The Interface Map displays a graphical depiction of system connections. •...
  • Page 93: System Log

    To display the System Summary window: • From the main menu, click Status and Statistics, and then click System Summary. The System Summary window displays. System Log The System Log records all system activity, including what actions were performed, what packets were dropped and what packets were forwarded.
  • Page 94: Select The Capture Level

    Select the Capture Level • Select the log capture level; then click Set. The window refreshes with the current data. ATM/AAL Status/Statistics The following screenshot is an example Note only and will differ from your actual window display. • From the main menu, click Status and Statistics, and then click ATM/AAL.
  • Page 95: Ethernet Status/Statistics

    Ethernet Status/Statistics The following screenshot is an example Note only and will differ from your actual window display. • From the main menu, click Status and Statistics, and then click Ethernet. The Ethernet Status/Statistics window displays. USB Status/Statistics The following screenshot is an example Note only and will differ from your actual window display.
  • Page 96: 7: Using System Tools

    The SpeedStream router provides tools within the firmware to assist you in troubleshooting connection and configuration issues: • The Diagnostics window allows you to test your DSL service. • The Interface Map provides a graphical representation of the current LAN and WAN configurations. •...
  • Page 97: Interface Map

    above, if no change in status occurs after running the diagnostics a second time, contact your Service Provider for further assistance. Interface Map This option may not be available on your router configuration. Note The Interface Map window provides a graphical representation of the current LAN and WAN configurations of your SpeedStream router.
  • Page 98: Firmware Update

    10 seconds. The pwr LED will return to green, and the action will be cancelled. Firmware Update Efficient Networks will occasionally provide firmware updates to your ISP, which will notify you when updates are available. Update the Router Firmware 1.
  • Page 99 SpeedStream Router User Guide 6. Click OK to proceed. The file is sent to the router. If a valid update file, the router writes the update to its internal flash memory. The System Reboot window displays a countdown during the Flash Write process. When the update is completed, the Login window displays.
  • Page 100: 8: Troubleshooting

    Connection problems usually occur when the router’s software configuration contains incomplete or incorrect information. The router’s diagnostic tools can help you identify and solve many of these problems. Basic Troubleshooting Steps Before contacting Technical Support, you should attempt to resolve the issue by following these steps: 1.
  • Page 101: Resolving Specific Issues

    - POST error occurred The 5100 and 5400 series SpeedStream routers have one Ethernet LED; the 5200 and 5500 series Note have four Ethernet LEDs, one for each Ethernet port. Resolving Specific Issues LEDs Not Lit •...
  • Page 102: Post Failure (Red Pwr Led)

    • If the initial POST diagnostic tests fail, the pwr LED will remain red, indicating a POST failure, and will lock the router. You will need to contact Efficient Networks Technical Support to resolve this issue. Contacting Technical Support If you still cannot resolve the issue after following the recommended troubleshooting procedures, contact Efficient Networks Technical Support.
  • Page 103: Appendix A: Configuration Data Sheets

    Your router is preconfigured with settings specific to your network. We strongly suggest that you record these settings in case you need to reestablish your original configuration. Administrative User Setup Parameter User Name Password Attack Detection System Parameter Enable ADS Same Source/Destination Address Broadcast Source Address LAN Source Address On WAN...
  • Page 104 SpeedStream Router User Guide Parameter Default Value Your Value Direction Protocol Source Interface Source Address Source Mask Destination Port Operator Enable/Disable Rule # Status Access Direction Protocol Source Interface Source Address Source Mask Destination Port Operator Enable/Disable Rule # Status Access Direction Protocol...
  • Page 105: Firewall - Dmz

    Parameter Rule # Status Access Direction Protocol Source Interface Source Address Source Mask Destination Port Operator Enable/Disable Rule # Status Access Direction Protocol Source Interface Source Address Source Mask Destination Port Operator Enable/Disable Rule # Status Access Direction Protocol Source Interface Source Address Source Mask Destination Port Operator...
  • Page 106: Host

    Parameter Reset Time Interval To Host Parameter IP Address IP Netmask Default Router Host Name LAN IP Parameter IP Address Subnet Mask NAT/NAPT Parameter Interface 1 NAT/NAPT Disabled NAT Enabled Internal (LAN) IP Address NAPT Enabled Interface 2 NAT/NAPT Disabled NAT Enabled Internal (LAN) IP Address NAPT Enabled...
  • Page 107: Port Forwarding

    Parameter Internal (LAN) IP Address NAPT Enabled Interface 8 NAT/NAPT Disabled NAT Enabled Internal (LAN) IP Address NAPT Enabled Concurrent NAT/NAPT Interface 1 Public (WAN) IP Address Private (LAN) IP Address Interface 2 Public (WAN) IP Address Private (LAN) IP Address Interface 3 Public (WAN) IP Address Private (LAN) IP Address...
  • Page 108: Rip

    Parameter Use Idle Time-Out Connection 2 User Name Password Access Connection Service Name Auto-Connect On Disconnect Use Idle Time-Out Connection 3 User Name Password Access Connection Service Name Auto-Connect On Disconnect Use Idle Time-Out Connection 4 User Name Password Access Connection Service Name Auto-Connect On Disconnect Use Idle Time-Out...
  • Page 109: Time Client

    Time Client Parameter Disabled Primary Server IP Address Secondary Server IP Address UPnP Parameter Disabled Discovery and Advertisement Only Full IGD-Supported Enable Access Logging Read-Only Mode Default Value Default Value SpeedStream Router User Guide Your Value Your Value...
  • Page 110: Appendix B: Technical Specifications

    AAL and ATM Support: VCI 0-65535 address range VPI 0-255 address range AAL5 support Bridging: IEEE 802.1.d Transparent Learning Bridge Spanning Tree support Certifications: FCC Part 15, Class B CE certification Connectors: DSL interface: RJ-11 or RJ-45 (Europe) Ethernet interface: RJ-45 USB Type B interface (5200, 5500 series) Diagnostic LEDs: Power, DSL, Activity, Ethernet status;...
  • Page 111: Appendix C: Firewall Security Levels

    The following table shows the security of each mode of the firewall for specific applications and protocols. All applications and protocols are conditionally allowed IN if the outbound session was Note initiated locally and allowed OUT. Application/ High Protocol Abuse.Net Age of Empires AOL IM Asherons Call...
  • Page 112 Application/ High Protocol ICU II IGMP IPSec multi-session IPSec single-session Kali L2TP MechWarrior 4 Mplayer MS Netmeeting MSN Gaming Zone MSN Messenger Myth Napster Need for Speed Net2telephone Netshow Client NNTP PCAnywhere Ping POP3 PPPoE PPTP multi-session PPTP single-session Quake Arena Quake II Quicktime 4 Rainbow Six...
  • Page 113 Application/ High Protocol Traceroute Ultima Online Unreal Tournament Warcraft Windows Media Player Yahoo Messenger SpeedStream Router User Guide Security Medium √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ ICSA- NAPT Off Compliant √ √...
  • Page 114: Appendix D: Acronyms And Technical Concepts

    Acronyms and Technical Concepts Acronyms AAL5 ATM Adaption Layer 5 Attack Detection System Asynchronous Transfer Mode ADSL Termination Unit ATU-C ADSL Termination Unit - Central Office; refers to location at the CO aggregation point. ATU-R ADSL Termination Unit - Remote; refers to location at the customer premises CHAP Challenge-Handshake Authentication Protocol Cycle Redundancy Checking...
  • Page 115 Loss of Signal MAC address Media Access Control address; a network device’s unique identifier Maximum Transmission Unit Network Access Provider NAPT Network Address Port Translation Network Address Translation Network-layer Control Protocol Network Service Provider Out-of-cell Delineation (ATM error condition) octet 8 bytes Password Authentication Protocol POST...
  • Page 116: Technical Concepts

    Cloning IP Filter Rules Defining a complete set of firewall IP filter rules can be a tedious process. To aide our SpeedStream router users, Efficient Networks includes the capability to “clone” an existing set of rules as a starting point in the process.
  • Page 117: Dhcp (Dynamic Host Configuration Protocol)

    SpeedStream Router User Guide Filter Configuration window, the Current IP Filter Rules table refreshes with the new rules set. You can edit, add or delete this new set of rules. Rule Numbering If you select a specific Firewall Level (e.g., Low) and then examine the list of rules displayed in the Current IP Filter Rules table, you will notice that the numbers start at xx20;...
  • Page 118: Dns (Domain Name Service)

    you have configured a specific set of IP addresses for the DHCP server, then you change the Ethernet IP address to something that is on a different subnet than your DHCP server’s addresses, and you do not reboot, the router will not recognize the change. The DHCP server will not be able to hand out addresses.
  • Page 119 PPP (Point-to-Point Protocol) PPP is a single or multi-link interface between two packet switching devices, such as a bridge or router. PPP has built-in negotiation for addresses and connection parameters and can route multiple protocols over a single link. One benefit of using PPP is it offers interoperability of multi-vendor equipment as well as support for dynamic configuration between the connecting devices.
  • Page 120: Appendix E: Step - By -Step Virtual Wan Configuration

    Step-by-Step Virtual WAN Configuration There are several steps to configuring a virtual WAN connection. To make it easier to follow, this section presents the steps that are detailed in 5: Customizing Router Settings | WAN Interface Configuration Wizard | Add a New Virtual Connection (VC) on page 31. Shaded rows indicate that these steps are repeated if you select multiple PPPoE sessions to configure in the PPPoE Session Count window.
  • Page 121 Step On this window: VC Wizard 4c. If you selected the RFC-2684 Routed protocol: Step On this window: 2684 Routed Interface Options Connection Name VC Wizard 4d. If you selected the PPPoE protocol: Step On this window: PPPoE Type This step is dependent on your choice of protocol. Click the protocol type to jump to the specific configuration procedures.
  • Page 122 5b. If you selected the PPPoE protocol and Step On this window: Interface Options Connection Name VC Wizard 5c. If you selected the PPPoE protocol and Step On this window: 2684 Bridged Interface Options Connection Name PPPoE Session Count User Information PPP Options PPP Static IP Interface Options...
  • Page 123 Step On this window: User Information PPP Options PPP Static IP Interface Options Connection Name VC Wizard 5e. If you selected the PPPoA protocol: Step On this window: User Information PPP Options PPP Static IP Interface Options Connection Name VC Wizard Do this: session, steps 7-11 will repeat.
  • Page 124: Index

    2684 Bridge Mode PPPoE ...33 2684 Bridge/IP Mode PPPoE ...33 AAL5 (ATM Adaption Layer 5) ...106 Access Concentrator ...20 Access the WAN Interface Configuration Wizard ..30 Adapter ...11 Add a New User Profile...22 Add a New Virtual Connection (VC) ...31 Admin User ...58 command description ...18 Administrative User Setup window...14, 15, 17...
  • Page 125 Enable Profiling...22 Encapsulation Methods: PPP and RFC 1483...108 Encapsulation Type ...32 End IP Range...56 Enter a New URL Name or Tag ...23, 26 Enter Constant IP Address...25 Enter Network Password window ...15, 16 Enter or Change the Constant IP Address ...28 Enter port range for TCP/UDP protocol ...63 Ethernet Installation...7 Ethernet port connectivity...
  • Page 126 Edit/Delete an Existing Mapping...62 enabling both...61 Map a New Public IP Address ...62 Navigating the Web Interface...14, 17 Network and Dial-up Connections ...12 Network dialog box ...9, 11 network interface card ...7 network stack...74 Obtain an IP address from a DHCP server ...11 Obtain DNS server address automatically ...13 Obtain IP address automatically ...10, 13 firewall security level...66...
  • Page 127 Setup command description ...17 Simple Network Time Protocol (SNTP)...58 Smurf Attack ...75 Snooze command description ...18 disabling...67 enabling...67 resetting time interval ...67 Snooze Control ...67 Specifications ...100 spoofed source address packets ...73 spoofing ...74 Start IP Range...56 stateful packet inspection filter...2 Static Route adding ...59 Static Routes...
  • Page 128 Window Navigation...19 Windows 2000 configure network settings...12 Windows 95 configure network settings...9 Windows 98 XP Professional Edition...16, 65 SpeedStream Router User Guide configure network settings...9 Windows ME...1, 16, 65 configure network settings...9 Windows NT 4.0...11 Windows XP Home Edition ...16, 65 Windows XP Professional Edition ...16, 65...
  • Page 129: Efficient Networks

    Efficient Networks 4849 Alpha Road Dallas, TX 75244 USA +1 (972) 852-1000 Tel +1 (972) 852-1001 Fax support@efficient.com http://www.support.efficient.com...

Table of Contents