- DL manuals
- 3Com
- Gateway
- OfficeConnect 3CR856-95
- User Manual
3Com OfficeConnect 3CR856-95 User Manual - Etting
19
S
ETTING
U
P
Y
OUR
C
OMPUTERS
The OfficeConnect Cable/DSL Secure Gateway has the ability to
dynamically allocate network addresses to the computers on your
network, using DHCP. However, your computers need to be
configured correctly for this to take place. To change the
configuration of your computers to allow this, follow the
instructions in this chapter.
If your computers are configured with static addresses (also
known as fixed addresses) and you do not wish to change this,
then you should use the Discovery program on the Gateway
CD-ROM to detect and configure your Gateway. Refer to
“Using
Discovery” on page 65
for information on using the Discovery
program.
Obtaining an IP Address Automatically
Windows 2000, XP
If you are using a Windows 2000 or Windows XP computer, use
the following procedure to change your TCP/IP settings
(Windows XP specific instructions in brackets):
1
From the Windows Start Menu, select Settings > Control Panel
(select Control Panel directly from the Start menu in Windows
XP)
2
Double click on Network and Dial-Up Connections (Network and
Internet Connections).
3
(XP only — click on Network Connections)
4
Double click on Local Area Connection.
5
Click on Properties.
6
A screen similar to
Figure 6
should be displayed. Select Internet
Protocol (TCP/IP) and click on Properties.
Figure 6
7
Ensure that the options Obtain an IP Address automatically, and
Obtain DNS server address automatically are both selected as
shown in
Figure 7
. Click OK.
dua08569-5aaa01.book Page 19 Wednesday, March 13, 2002 10:39 AM
Summary of OfficeConnect 3CR856-95
Page 1
Dua08569-5aaa01.Book page 1 wednesday, march 13, 2002 10:39 am.
Page 2
3com corporation 5400 bayfront plaza santa clara, california 95052-8145 copyright © 2002, 3com technologies. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) witho...
Page 3: Ontents
3 c ontents contents 3 about this guide 7 naming convention 7 conventions 7 introducing the officeconnect cable/dsl secure gateway 9 officeconnect cable/dsl secure gateway 9 cable/dsl secure gateway advantages 10 package contents 11 minimum system and component requirements 11 front panel 12 rear pa...
Page 4
4 lan settings 35 lan ip settings 35 dhcp clients list 36 internet settings 37 connection to isp 37 setting up nat 41 configuring the firewall 43 the virtual servers menu 43 pc privileges 45 special applications 47 advanced 49 configuring vpn 50 setting the vpn mode 50 configuring ipsec connections ...
Page 5
5 ethernet performance 72 cable specifications 72 safety and regulatory statements 73 important safety information 73 wichtige sicherheitshinweise 73 consignes importantes de sécurité 74 end user software licence agreement 77 3com corporation end user software license agreement 77 isp information 79...
Page 6
6 dua08569-5aaa01.Book page 6 wednesday, march 13, 2002 10:39 am.
Page 7: Bout
7 a bout t his g uide this guide is intended for use by those responsible for installing and setting up network equipment; consequently, it assumes a basic working knowledge of lans (local area networks) and internet gateway systems. If a release note is shipped with this officeconnect cable/dsl sec...
Page 8
8 feedback about this user guide your suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comments about this document to 3com at: pddtechpubs_comments@3com.Com please include the following information when commenting: ■ document title ■ docu...
Page 9: Ntroducing The
9 i ntroducing the o ffice c onnect c able /dsl s ecure g ateway welcome to the world of networking with 3com ® . In the modern business environment, communication and sharing information is crucial. Computer networks have proved to be one of the fastest modes of communication but, until recently, o...
Page 10
10 figure 2 example network using a cable/dsl secure gateway cable/dsl secure gateway advantages the advantages of using a gateway include: ■ shared internet connection. ■ no need for a dedicated, “always on” computer serving as your internet connection. ■ cross-platform operation for compatibility ...
Page 11
11 package contents the officeconnect cable/dsl secure gateway kit includes the following items: ■ one officeconnect cable/dsl secure gateway ■ one power adapter for use with the gateway ■ four rubber feet ■ one stacking clip ■ one ethernet cable ■ one cd-rom containing ■ the gateway discovery progr...
Page 12
12 front panel the front panel of the gateway contains a series of indicator lights (leds) that help describe the state of various networking and connection operations. Figure 3 cable/dsl secure gateway - front panel 1 alert led (orange) indicates a number of different conditions, as described below...
Page 13
13 ■ the connected device is switched off ■ there is a problem with the connection. See "troubleshooting" on page 61 4 cable/dsl status led green (100 mbps link) / yellow (10 mbps link) indicates a number of different conditions, as described below. On the link between the gateway and the cable or d...
Page 14
14 dua08569-5aaa01.Book page 14 wednesday, march 13, 2002 10:39 am.
Page 15: Nstalling The
15 i nstalling the g ateway introduction this chapter will guide you through a basic installation of the officeconnect cable/dsl secure gateway, including: ■ connecting the gateway to the internet. ■ connecting the gateway to your network. Positioning the gateway you should place the cable/dsl secur...
Page 16
16 pppoe if your isp allocates ip information dynamically over pppoe, you need a user name and password: only enter a pppoe service name or host name if your isp requires you to do this. Do not enter anything if your isp does not require a service name dhcp if your isp allocates ip information dynam...
Page 17
17 figure 5 connecting the cable/dsl secure gateway to use your cable/dsl secure gateway to connect to the internet through an external cable or dsl modem ( figure 5 ): 1 use the supplied cable to connect the gateway's ethernet cable/dsl port to your cable/dsl modem. Ensure that your modem is connec...
Page 18
18 dua08569-5aaa01.Book page 18 wednesday, march 13, 2002 10:39 am.
Page 19: Etting
19 s etting u p y our c omputers the officeconnect cable/dsl secure gateway has the ability to dynamically allocate network addresses to the computers on your network, using dhcp. However, your computers need to be configured correctly for this to take place. To change the configuration of your comp...
Page 20
20 figure 7 8 restart your computer. Windows 95, 98, me 1 from the windows start menu, select settings > control panel. 2 double click on network. Select the tcp/ip item for your network card and click on properties. 3 in the tcp/ip dialog, select the ip address tab, and ensure that obtain ip addres...
Page 21
21 4 select the never dial a connection option and click on the ok button. Figure 8 you may wish to remove the pppoe client software from your computer to free resources, as it is not required for use with the gateway. Web proxy settings ensure that you do not have a web proxy enabled on your comput...
Page 22
22 dua08569-5aaa01.Book page 22 wednesday, march 13, 2002 10:39 am.
Page 23: Unning The
23 r unning the s etup w izard if the gateway needs to be configured, for example if it has not yet been used or has been reset, it will run the setup wizard automatically. This detects some of the settings the gateway needs to function and asks that you input the others. Accessing the wizard the ca...
Page 24
24 figure 11 officeconnect cable/dsl secure gateway welcome screen if the wizard does not launch automatically (this may occur if the gateway has been powered up or configured previously) launch the wizard manually. 5 to launch the wizard manually click on the setup wizard tab in the welcome screen ...
Page 25
25 figure 13 change administration password screen choose a password that you can remember but that others are unlikely to guess. Remember that the password is case sensitive. Click next to display the time zone setup screen ( figure 14 ). Setting the time zone the gateway sets its time automaticall...
Page 26
26 auto-configuration screen for pppoe is shown in figure 15 below. Figure 15 pppoe auto-configuration screen click next to accept the option you have chosen and continue. ■ if the gateway could not automatically configure your internet settings or if you chose to configure your internet settings ma...
Page 27
27 pppoe mode to setup the gateway for use with a ppp over ethernet (pppoe) connection, use the following procedure: figure 17 pppoe screen 1 if your isp requires the addresses of a primary and secondary dns server then enter them in the fields labelled primary dns address and secondary dns address....
Page 28
28 if your isp does not require one of the fields to be filled in then leave it blank. This indicates to the gateway that there is no server. 2 if your isp requires you to supply a host name enter it in the host name box, otherwise leave the box blank. 3 click next to continue to the clone mac addre...
Page 29
29 3 enter your isp gateway address in the internet (isp) gateway address text box. 4 enter your primary dns address in the primary dns address text box. 5 if your isp requires a secondary dns address, enter it in the secondary dns address text box, otherwise leave the box blank. Click the next butt...
Page 30
30 figure 22 dhcp server setup screen 3com recommends that you activate the dhcp server and leave it at the default values unless you already have a dhcp server on your network. ■ to activate the dhcp server option, select enable the dhcp server with the following settings:. The dhcp server will def...
Page 31
31 if want to make changes, click the back button until you reach the screen which contains the settings you want to change and follow the instructions from that point. Your gateway is now configured. You can start using your gateway straight away or further configure your gateway (see “gateway conf...
Page 32
32 dua08569-5aaa01.Book page 32 wednesday, march 13, 2002 10:39 am.
Page 33: Ateway
33 g ateway c onfiguration this chapter describes all the options available through the gateway configuration pages, and is provided as a reference. Navigating through the gateway configuration pages to get to the configuration pages, browse to the gateway by entering the url in the location bar of ...
Page 34
34 welcome screen the welcome section allows you to view the notice board and to change your password. You can also gain access to the configuration wizard. See “accessing the wizard” on page 23 for details. Viewing the notice board the notice board, shown in figure 25 below, is used to display impo...
Page 35
35 setup wizard figure 27 wizard screen click the wizard... Button to launch the configuration wizard. Refer to “running the setup wizard” on page 23 for information on how to run the wizard. Lan settings the lan settings menu allows you to view and amend your gateway’s: ■ lan settings. ■ dhcp serve...
Page 36
36 network’s subnet. The default ip address of the gateway is 192.168.1.1. When you change the ip address of the gateway you must reboot all computers that gain their ip address from the gateway before they will be able to access the internet. If you are using static addresses for your pcs you must ...
Page 37
37 figure 29 dhcp clients screen the gateway grants leases for 7 days. If a computer does not connect for a week, its ip address may be reused. The gateway will attempt to supply a computer the same lease as was issued previously, even if that lease has expired. Expired leases are only reused when t...
Page 38
38 ■ your isp informs you of a change in their settings or you change isps. Figure 30 connection to isp screen select the addressing method that your isp uses to allocate your gateway’s internet ip address. Choose from the options in the ip allocation mode drop-down box and the screen will refresh w...
Page 39
39 if you have been allocated a range of ip addresses by your isp enter the first ip address in the range. ■ subnet mask — the subnet mask supplied by your isp for this connection. ■ isp gateway address — the gateway address from your isp to the internet. ■ primary dns address — the address of your ...
Page 40
40 ■ isp gateway address — the gateway address from your isp to the internet is automatically configured but is not displayed. ■ primary dns address — the address of your isp’s domain name service server is automatically configured but may be edited. ■ secondary dns address — the address of your isp...
Page 41
41 ■ primary dns address — the address of your isp’s domain name service server is automatically configured but may be edited. ■ secondary dns address — the address of your isp’s secondary domain name service server. The second server is optionally provided by an isp in case of failure of the primar...
Page 42
42 figure 35 network address translation screen setting up one-to-many nat this is very easy to set up and the gateway’s default mode. It works with any ip allocation mode and will map all the addresses on your lan to the internet address of your gateway. To set up one-to-many nat: 1 select one-to-m...
Page 43
43 to set up one-to-one nat: 1 select one-to-one nat from the nat mode drop-down box. 2 enter the second address of your internet range of addresses in the first ip address in isp pool field. 3 enter the first address in your lan range of addresses to which you want to map this range in the first ip...
Page 44
44 the computer in the ip address of dmz host text box, and then click the save button. Creating a virtual server activating and configuring a virtual server allows one or more of the computers on your network to function as an internet service host. For example, one of your computers could be confi...
Page 45
45 pc privileges select pc privileges to display the pc privileges setup screen. This is shown in figure 40 below. The gateway’s dhcp server has been enhanced to support pc privileges. If you want to use dhcp and control access to the internet on a user by user basis then you must either use the gat...
Page 46
46 enter multiple ports as either a comma separated list e.G. 101, 105, 107, or as a range, e.G. 101-107. 5 click apply to save the settings. To assign different access rights for different computers: 1 click the control pc access to the internet radio button. 2 click on the new button to display pc...
Page 47
47 vpn connections to other networks are unaffected by settings in pc privileges. To allow or deny vpn connections to other networks see “configuring vpn” on page 50 . Special applications select special applications tab to display the authorized application setup screen. See figure 43 below. Figure...
Page 48
48 figure 44 special application settings screen 2 select the applications from the choose application drop-down box. See figure 44 . If the application you want to define is not in the list select custom and see “creating custom special applications” below. 3 click the add button to add the special...
Page 49
49 caution: selecting multiple hosts allowed weakens the security that your gateway’s firewall is able to provide and should only be used if the special application requires it. ■ timeout — enter the number of seconds the gateway should wait for the first reply from the special application server be...
Page 50
50 between two devices, to ensure that everything is working correctly. By default the gateway has ping disabled so that it does not respond to ping requests. This makes the device more difficult to find on the internet and less prone to attack. This feature is enabled by clicking on the check box s...
Page 51
51 figure 47 vpn mode screen if you chose: ■ disable vpns — no further configuration is necessary. ■ ipsec enabled — see “configuring ipsec connections” below. ■ pptp server enabled — see “setting pptp end points” on page 54 and “configuring pptp users” on page 55 . Configuring ipsec connections ips...
Page 52
52 of the connection. Clicking the name of a connection displays the edit ipsec screen. See “adding and editing ipsec connections” below. ■ description — a text description that enables you to identify a connection. This field in the table additionally displays whether the connection is currently ac...
Page 53
53 ■ remote user id — (appears only if remote user access is selected). Enter the remote user id. This must be entered identically on the ipsec software installed on the client’s machine. ■ this gateway’s id — (appears only if gateway to gateway is selected). Enter the internet ip address or domain ...
Page 54
54 gateway two is located at the sales office and is configured with the following settings: ■ internet ip address: 174.27.34.202 ■ lan ip address: 192.168.2.1 ■ lan subnet mask: 255.255.255.0 to set up an ipsec connection between the two gateways, do the following on each gateway: 1 select ipsec en...
Page 55
55 figure 50 pptp end points screen configuring pptp users pptp connections are formed between users and a terminating device. The gateway is able to act as that device and needs to know the user names and passwords of those that are allowed to connect by pptp. Viewing pptp users the pptp connection...
Page 56
56 ■ enabled — this check box allows you to enable or disable a connection without deleting it and thus losing the connection details. Check this box to enable a connection. Clear this box to disable the connection and disconnect the user. Additionally there are three buttons outside the table: ■ he...
Page 57
57 figure 53 restart screen any network users who are currently accessing the internet will have their access interrupted whilst the restart takes place, and they may need to reboot their computers when the restart has completed and the gateway is operational again. Time zone choose the time zone th...
Page 58
58 loading and saving the gateway configuration figure 55 configuration screen select the configuration tab to display the configuration screen.( figure 55 ) ■ click the backup button to save the current configurations of the officeconnect cable/dsl secure gateway. You will be prompted to download a...
Page 59
59 figure 56 upgrade screen once you have downloaded the software, use the browse button to locate the file on your computer, and then click on apply. You may need to change the file type in the dialog box displayed by your web browser to *.* to be able to see the file. The file will be copied to th...
Page 60
60 figure 57 status screen obtaining support for your gateway selecting support option on the main menu generates the support links screen, which contains a list of internet links that provide information and support concerning the gateway. ( figure 58 ) figure 58 support screen dua08569-5aaa01.Book...
Page 61: Roubleshooting
61 t roubleshooting basic connection checks ■ check that the gateway is connected to your computers and to the cable/dsl modem, and that all the equipment is powered on. Check that the lan and cable/dsl port link status leds on the gateway are illuminated, and that any corresponding leds on the cabl...
Page 62
62 ■ ensure that you have entered the correct information into the gateway configuration screens as required by your internet service provider. Use the “internet settings” screen to verify this. ■ for dsl users, check that the pppoe user name, password and service name are correct, if these are requ...
Page 63
63 if the alert led comes on continuously again, then a fault has been detected. Locate the copy of the gateway software on the accompanying cd-rom and upload it to the gateway to see if this clears the fault (refer to “recovering from corrupted software” below). If this does not fix the problem, co...
Page 64
64 there are only 4 lan ports on the gateway. How are additional computers connected? You can expand the number of connections available on your lan by using hubs and switches connected to the gateway. 3com officeconnect hubs and switches provide a simple, reliable means of expanding your network; c...
Page 65: Sing
65 u sing d iscovery running the discovery application 3com provides a user-friendly discovery application for detecting the officeconnect cable/dsl secure gateway on the network. Windows installation (95/98/2000/me/nt) 1 insert the gateway cd-rom in the cd-rom drive on your computer. A menu will ap...
Page 66
66 3 figure 60 shows an example discovered devices screen. Highlight the cable/dsl secure gateway by clicking on it, and press next. Figure 61 discovery finish screen 4 click on finish to launch a web browser and display the login page for the gateway. Dua08569-5aaa01.Book page 66 wednesday, march 1...
Page 67: Ip A
67 ip a ddressing the internet protocol suite the internet protocol suite consists of a well-defined set of communications protocols and several standard application protocols. Transmission control protocol/internet protocol (tcp/ip) is probably the most widely known and is a combination of two of t...
Page 68
68 type two in larger networks, where there are more devices, the ip address of ‘192.168.100.8’ is, again, split into two parts but is structured differently: ■ part one (‘192.168’) identifies the network on which the device resides. ■ part two (‘.100.8’) identifies the device within the network. Th...
Page 69
69 contact a dhcp server. Automatic ip addressing is a scheme where devices allocate themselves an ip address at random from the industry standard subnet of 169.254.X.X (with a subnet mask of 255.255.0.0). If two devices allocate themselves the same address, the conflict is detected and one of the d...
Page 70
70 dua08569-5aaa01.Book page 70 wednesday, march 13, 2002 10:39 am.
Page 71: Echnical
71 t echnical s pecifications this section lists the technical specifications for the officeconnect cable/dsl secure gateway. Interfaces cable or dsl modem connection - one 10/100 mbps ethernet port (10base-t/100base-tx) with auto-mdix. Lan connection - four 10/100 mbps ethernet ports (10base-t/100b...
Page 72
72 system requirements operating systems the cable/dsl secure gateway will support the following operating systems: ■ windows 95, 98, me ■ windows nt 4.0 ■ windows 2000 ■ windows xp ■ mac os 8.5 or higher ■ unix ethernet performance the cable/dsl secure gateway complies to the ieee 802.3i, u and x s...
Page 73: Afety And
73 s afety and r egulatory s tatements important safety information warning: warnings contain directions that you must follow for your personal safety. Follow all directions carefully. You must read the following safety information carefully before you install or remove the unit: warning: exceptiona...
Page 74
74 achtung: die netzsteckdose muß in der nähe des geräts und leicht zugänglich sein. Die stromversorgung des geräts kann nur durch herausziehen des gerätenetzkabels aus der netzsteckdose unterbrochen werden. Achtung: der betrieb dieses geräts erfolgt unter den selv-bedingungen (sicherheitskleinstspa...
Page 75
75 si l'équipement auquel il est raccordé fonctionne dans les mêmes conditions. Avertissement: il n’y a pas de parties remplaceables par les utilisateurs ou entretenues par les utilisateurs à l’intérieur du moyeu. Si vous avez un problème physique avec le moyeu qui ne peut pas être résolu avec les a...
Page 76
76 dua08569-5aaa01.Book page 76 wednesday, march 13, 2002 10:39 am.
Page 77: Ser
77 e nd u ser s oftware l icence a greement 3com corporation end user software license agreement you should carefully read the following terms and conditions before downloading, installing and using this product, the use of which is licensed by 3com corporation ("3com") to its customers for their us...
Page 78
78 such termination you agree to destroy the software and documentation, together with all copies and merged portions in any form. Limited warranties and limitation of liability: all warranties and limitations of liability applicable to the software are as stated on the limited warranty card or in t...
Page 79: Isp I
79 isp i nformation information regarding popular isps internet connection types characteristics popular isps dynamic ip (clone mac) cable modem isp, non-hostname based. Need to clone mac in the dhcp page of router. Mediaone, roadrunner, optimum online, time warner, charter and adelphia, metrocast, ...
Page 80
80 dua08569-5aaa01.Book page 80 wednesday, march 13, 2002 10:39 am.
Page 81: Lossary
81 g lossary 10base-t the ieee specification for 10 mbps ethernet over category 3, 4 or 5 twisted pair cable. 100base-tx the ieee specification for 100 mbps fast ethernet over category 5 twisted-pair cable. 3des triple des (see des). 3des is an extremely secure encryption system that works by applyi...
Page 82
82 software that runs on windows nt server, and windows 95 and windows 98 will call the server to obtain the address. Windows 98 will allocate itself an address if no dhcp server can be found. Dns domain name system. Dns allows internet host computers to have a domain name (such as 3com.Com) and one...
Page 83
83 ietf internet engineering task force. An organization responsible for providing engineering solutions for tcp/ip networks. In the network management area, this group is responsible for the development of the snmp protocol. Ip internet protocol. Ip is a layer 3 network protocol that is the standar...
Page 84
84 information or sharing resources. Networks vary in size, some are within a single room, others span continents. Network interface card (nic) a circuit board installed into a piece of computing equipment, for example, a computer, that enables you to connect it to the network. A nic is also known a...
Page 85
85 the end station to which data is being sent, as well as the address of the destination network. Traffic the movement of data packets on a network. Vpn virtual private network. A vpn is a private network where the data passsed across a public network infrastructure such as the internet. The data i...
Page 86
86 dua08569-5aaa01.Book page 86 wednesday, march 13, 2002 10:39 am.
Page 87: Ndex
87 i ndex numbers 100base-tx 81 10base-t 81 3des defined 81 upgrading to 58 a access rights 45 adding special applications 47 address tcp/ip 67 admin password 23 changing 34 advanced settings 49 alert led 12 apple macintosh. See macintosh auto-configuration wizard 25 auto-ip addressing 68 auto-negot...
Page 88
88 sample network 9 digital subscriber line 82 disabling pppoe client software 20 disabling the firewall 50 disabling web proxies 21 disablling ipsec 52 discovery application 65 dmz virtual 43 dns 82 domain name system 82 dsl 82 dsl ethernet port 13 dsl modem 82 dsl status led 13 dynamic host contro...
Page 89
89 blocking access 45 configuring 37 dhcp 39 pppoe 40 static address 38 wizard 26 inventory 11 ip address 67 ip defined 83 ipsec 51 defined 83 isp defined 83 isp information 79 l lan defined 83 lan ethernet port 13 lan settings configuring 35 wizard 29 lan status led 12 led alert 12 cable/dsl status...
Page 90
90 system 23 wizard 24 pc privileges setting 45 ping allowing 49 port cable/dsl ethernet 13 lan ethernet 13 positioning the gateway 15 power adapter socket 13 power cycle 56 power led 12 powering up the gateway 16 pppoe changing the password 37 defined 84 disabling client software 20 internet settin...
Page 91
91 lan 12 subnet mask 36, 84 support 60 switch 84 system password 23 system requirements 72 system tools 56 t tcp/ip 67, 83 defined 84 technical specifications 71 technical support 60 this gateway’s id 53 time zone setting 57 wizard 25 traffic 85 trigger port 48 triple des 81 tunnel shared key 53 u ...
Page 92
92 dua08569-5aaa01.Book page 92 wednesday, march 13, 2002 10:39 am.
Page 93: Egulatory
93 r egulatory n otices fcc statement this equipment has been tested and found to comply with the limits for a class b digital device, pursuant to part 15 of the fcc rules, and the canadian department of communications equipment standards entitled, “digital apparatus,” ices-003. These limits are des...
Page 94
94 dua08569-5aaa01.Book page 94 wednesday, march 13, 2002 10:39 am.
Page 95
Dua08569-5aaa01.Book page 95 wednesday, march 13, 2002 10:39 am.
Page 96
Dua08569-5aaa01 published april 2002 dua08569-5aaa01.Book page 96 wednesday, march 13, 2002 10:39 am.