Nortel BCM50a User Manual

Introduction to the guide's purpose and scope, including text conventions and related publications.

Introduces the BCM50a Integrated Router as a secure gateway and outlines its key features.

Discusses ADSL2+ support for high transmission speeds and lists supported ADSL standards.

States compatibility with major ADSL Digital Subscriber Line Access Multiplexer (DSLAM) providers.

Explains support for VC-based and LLC-based multiplexing methods.

Details supported encapsulation methods like PPPoA, RFC 1483, and PPP over Ethernet.

Describes the integrated switch functionality for connecting multiple devices to the LAN.

Describes automatic adjustment of LAN interfaces for crossover or straight-through Ethernet cables.

Explains how to set the router's time and date, manually or from an external server.

Details the function of the reset button for restoring factory defaults.

Describes establishing secure Virtual Private Network tunnels using IPSec for encrypted internet communication.

States support for VPN connections using Nortel Contivity VPN Client software.

Explains the use of digital certificates for user authentication and public key exchange.

Describes the use of SSH (Secure Shell) for secure communication between hosts.

Explains HTTPS for secure web GUI access to the router using SSL.

Details the stateful inspection firewall with DoS protection, TCP/UDP inspection, and real-time alerts.

Describes a mechanism to deter password guessing attacks by enforcing wait times after incorrect attempts.

Explains blocking web features, proxies, and specific URLs using keyword features and time periods.

Describes blocking unwanted traffic entering or leaving the network using packet filtering mechanisms.

Explains how UPnP-enabled devices can dynamically join a network and convey capabilities.

Describes configuring time periods to restrict and allow access for users on remote nodes.

Explains PPPoE's role in high-speed data network access via a dial-up interface.

Describes using Dynamic DNS for static host name aliases for dynamic IP addresses.

Explains the use of IP multicast for delivering packets to groups of hosts using IGMP.

Describes partitioning a physical network into logical networks over the same Ethernet interface.

Explains how network administrators can manage the router remotely for configuration and upgrades.

Describes SNMP for exchanging management information between network devices using TCP/IP.

Explains translating multiple IP addresses within one network to different IP addresses in another.

Details forwarding WAN traffic to a backup gateway when the primary connection fails.

Explains forwarding incoming service requests to a specific server on the local network.

Describes DHCP for clients obtaining TCP/IP configuration and the router's DHCP server capability.

Mentions the web configurator and SMT interface for managing and configuring the router.

Lists logging and tracing functions, including message logging, packet tracing, and syslog support.

Explains how to upgrade the router's firmware manually through the WebGUI.

Describes embedded FTP and TFTP servers for firmware upgrades and configuration backups.

Details broadband internet access via ADSL, IP address sharing, firewall, and VPN capabilities.

Explains accessing the System Management Terminal (SMT) and its menu overview.

Describes the router's internal tests and line initialization upon startup.

Details the process of logging into the SMT interface using username and password.

Explains how to navigate the SMT interface for router configuration using menus and commands.

Describes the BCM50a Integrated Router Main Menu displayed after logging into the SMT.

Provides steps to change the administrator password for the BCM50a Integrated Router.

Provides a visual overview of the SMT menu structure and navigation flow.

Guides users through filling in the required fields in the General Setup screen.

Explains how to configure Dynamic DNS settings by enabling the feature and filling in service provider details.

Introduces the process of configuring the WAN port settings using Menu 2.

Guides users to access Menu 2 from the main menu to configure WAN settings.

Explains how to configure parameters for traffic redirection to a backup gateway using Menu 2.2.

Introduces the configuration of the BCM50a Integrated Router for LAN connections using Menu 3.

Guides users to access the LAN configuration menus by selecting Menu 3 from the main menu.

Describes specifying filter sets to apply to LAN traffic for blocking packets and enhancing security.

Details configuring TCP/IP and DHCP settings for the Ethernet interface via Menu 3.2.

Explains how to configure IP Alias to create multiple logical LAN interfaces through a single Ethernet interface.

Guides users on entering Internet Access information using Menu 4, requiring ISP account details.

Confirms successful setup and initial connection to the network and internet.

Describes configuring protocol-independent parameters for a remote node required for calls to a remote gateway.

Discusses employing the strongest possible authentication protocols for secure remote connections.

Explains a dial-up connection that remains always up, regardless of traffic demand, at potential higher costs.

Guides the configuration of a remote node's profile by selecting and editing its settings in Menu 11.1.

Discusses choosing encapsulation and multiplexing methods based on ISP requirements and LAN-to-LAN needs.

Details the steps to edit TCP/IP parameters for a remote node's network layer options in Menu 11.3.

Explains configuring filter sets to apply to traffic between a remote node and the router to prevent unwanted call triggers.

Guides on editing ATM Layer Options for remote nodes, with versions depending on multiplexing and PPP encapsulation choices.

Details accessing advanced setup options, particularly when PPPoE is selected in the Encapsulation field.

Guides on configuring static routes with the BCM50a Integrated Router using Menu 12.

Explains creating user accounts for local authentication without a RADIUS server.

Discusses configuring NAT and firewall rules to allow traffic forwarding from WAN to BCM50a Integrated Router.

Explains SUA as a subset of NAT with Many-to-One and Server mapping types.

Guides on applying NAT via menus 4 or 11.3 for Internet access and remote node configuration.

Details creating mapping tables to assign global addresses to LAN computers using address mapping sets.

Guides on accessing Menu 15.1 to configure address mapping sets for NAT.

Describes accessing the SUA Address Mapping Set screen (Figure 34) where fields cannot be changed.

Emphasizes the importance of rule order for packet processing and action selection in NAT.

Provides examples of NAT configuration scenarios, including internet access only.

Illustrates configuring internet access with an inside server using SUA Only set and Menu 15.2.

Demonstrates mapping multiple public IP addresses to inside servers for FTP, web, and mail services.

Guides on accessing Menu 21 for Filter Set and Firewall Configuration.

Explains how to activate the firewall using Menu 21.2 to protect against DoS attacks.

Introduces filters used for deciding packet passage, call initiation, and their subdivision into device and protocol filters.

Explains filter sets consisting of multiple rules, system limits, and application to ports.

Provides a procedure to configure a new filter set, starting with menu 21.

Guides on configuring a filter rule by typing its number in the Filter Rules Summary menu.

Explains how to create TCP/IP filter rules based on IP and upper-layer protocol fields.

Describes configuring generic filter rules to filter non-IP packets by treating them as byte streams.

Demonstrates blocking outside users from accessing the router via Telnet using a filter example.

Discusses the two classes of filter rules: Generic Filter (Device) and Protocol Filter (TCP/IP).

Refers to Chapter 10 for firewall configuration and compares filtering, NAT, and firewall functions.

Shows where to apply filters after designing them, noting pre-configured filters for NetBIOS, Telnet, FTP, and HTTP.

Explains applying LAN traffic filter sets to block packets, reduce traffic, and prevent security breaches via menu 3.1.

Guides on applying filter sets to remote nodes via menu 11.1.4, including call filter sets for PPPoE/PPPoA.

Explains how to configure SNMP settings using Menu 22, noting it requires TCP/IP configuration.

Lists events that trigger SNMP traps sent to the SNMP manager, such as system startup or authentication failures.

Outlines configuring system password, external RADIUS server, and 802.1x authentication.

Guides on changing the system password and the importance of not forgetting it.

Details the steps to configure external RADIUS server settings for authentication and accounting.

Introduces diagnostic tools for maintaining the router, including system status, port status, and log capabilities.

Explains how to access System Status to view firmware version, port status, and packet statistics.

Describes how to choose different console port speeds and access system information.

Explains how to obtain system information, including routing protocol, Ethernet address, and IP address.

Details changing the console port speed through Menu 24.2.2.

Explains the syslog facility for message logging and trace function for viewing call-triggering packets.

Describes using the syslog facility to log CDR and system messages to a syslog server, with configuration options.

Explains packet triggered log messages and their formats.

Provides the format for filter log messages, explaining source, destination, and protocol details.

Describes the PPP log message format and examples of PPP connection status messages.

Explains the format of firewall log messages, including source, destination, protocol, and action details.

Describes how call-triggering packets are displayed and their equivalent hex format information.

Explains enabling DHCP on LAN or WAN, and using WAN Release/Renewal fields in Menu 24.4.

Explains the naming conventions for configuration files (*.rom) and system firmware (*.bin) files.

Guides on backing up the router's configuration to a computer using FTP, emphasizing its speed and recommendation.

Provides step-by-step instructions for using FTP commands to back up configuration files from the router.

Shows a sample FTP session demonstrating commands for file transfer, including get and put.

Describes general commands commonly found in GUI-based FTP clients for file management.

Lists conditions under which TFTP, FTP, and Telnet over WAN do not function correctly.

Explains using TFTP for uploading and downloading firmware and configuration files, recommending LAN use.

Guides on restoring a previously saved configuration, warning about overwriting the current settings.

Explains using FTP as the preferred method for restoring configurations due to its speed.

Details how to upload firmware and configuration files, referencing procedures for restore and upload menus.

Describes using FTP as the preferred method for uploading firmware and configuration files via Telnet.

Explains accessing menu 24.7.2 via Telnet for uploading system configuration files using FTP.

Provides an example of FTP file upload commands executed from a DOS prompt.

Explains using TFTP for uploading firmware and configuration files over LAN, with notes on Telnet and CI mode requirements.

Shows an example TFTP command for uploading firmware files, explaining parameters like host and transfer mode.

Introduces the Command Interpreter (CI) for low-level setup and diagnostics, accessible via SMT menu 24.8.

Explains the syntax rules for commands, including keywords, required/optional fields, and symbols.

Guides on finding and using commands, including help, full commands, and exiting to the SMT.

Describes call control functions like budget management and call history, applicable for PPPoE/PPPoA.

Explains budget management statistics for outgoing calls and how to configure call time limits.

Describes accessing call history to view information about past incoming and outgoing calls.

Explains setting the router's time and date manually or from an external server via Menu 24.10.

Details the three instances when the router automatically resets its time.

Explains determining which services and protocols can access the router's interface from remote locations.

Lists conditions under which remote management may not function, such as filter rules or service disabling.

Introduces call scheduling feature for managing remote nodes, dictating call times and duration.

Guides on configuring TCP/IP settings for Windows 95/98/Me by accessing network configuration.

Explains installing necessary network components like adapter, TCP/IP protocol, and Client for Microsoft Networks.

Details configuring TCP/IP properties by setting IP address, subnet mask, and DNS information.

Guides on accessing network connections and control panel for TCP/IP configuration in Windows 2000/NT/XP.

Provides instructions for configuring TCP/IP settings on Macintosh OS 8/9 via the Control Panel.

Checks TCP/IP properties in the TCP/IP Control Panel window.

Explains configuring TCP/IP settings for Macintosh OS X by accessing System Preferences and Network settings.

Checks TCP/IP properties in the Network window.

Illustrates an ideal network topology where the router acts as a secure gateway between LAN and Internet.

Explains the triangle route problem occurring with multiple internet connections and alternate gateways on the LAN.

Describes using IP aliasing to partition networks into logical sections and act as a gateway for each.

Guides on importing router certificates into Netscape Navigator to trust the server certificate.

Explains importing certificates into Internet Explorer to trust the router's self-signed or CA-issued certificate.

Details the requirement for SSL clients to have certificates when 'Authenticate Client Certificates' is enabled.

Guides on installing a Certificate Authority's trusted certificate to produce a recognized security certificate.

Explains the process of installing personal certificates provided by a CA, requiring a password.

Provides a procedure to access the BCM50a Integrated Router via HTTPS using client certificates.

Explains PPPoE's role in establishing PPP sessions over Ethernet for ADSL connections to DSLAMs.

Lists benefits of PPPoE, including a familiar dial-up interface and reduced burden on carriers.

Depicts a typical hardware configuration using PCs with traditional dial-up networking.

Explains the PPPoE driver, Ethernet framing, and L2TP tunneling between Access Concentrator and ISP.

Describes how PCs on the LAN see only Ethernet when the router acts as a PPPoE client, simplifying administration.

Illustrates Ethernet cable pin assignments for both straight-through and crossover connections.

Explains how routers route data packets based on network numbers and host IDs.

Categorizes IP addresses into classes (A, B, C, D) based on the first octet's value and bit structure.

Defines subnet masks and their use in determining network and host ID bits using logical AND operations.

Explains subnetting by ignoring class arrangements and converting host ID bits to network number bits.

Illustrates creating two separate networks from a class C address by borrowing one host ID bit.

Shows how to divide a class C address space into four subnets by borrowing two host ID bits.

Demonstrates creating eight subnets using a 27-bit mask and provides last-octet values for class C IP addresses.

Explains how subnet masks determine network and host ID bits for Class A and Class B addresses.

Explains the syntax rules for commands, including keywords, required/optional fields, and symbols.

Guides on finding and using commands, including help, full commands, and exiting to the SMT.

Lists and describes system commands preceded by 'sys', such as 'stdio' and 'hostname'.

Lists and describes Ethernet commands that must be preceded by 'ether', like 'config' and 'status'.

Lists and describes IP commands preceded by 'ip', such as 'address', 'alias', and 'ping'.

Lists and describes IP Sec commands preceded by 'ipsec', covering debug, timer, and policy configuration.

Lists and describes WAN commands, including ADSL, ATM, and hwsar functions, preceded by 'wan'.

Lists and describes system firewall commands, preceded by 'sys firewall', for managing ACLs, logs, and DoS protection.

Lists and describes bandwidth management commands preceded by 'bm', covering interface, class, and filter configurations.

Lists and describes certificate commands, including creating, importing, exporting, and verifying certificates.

Introduces NetBIOS packets used for LAN communication and explains how to configure NetBIOS filters.

Shows how to display current NetBIOS filter modes and their default settings using the 'sys filter netbios disp' command.

Explains configuring NetBIOS filters for LAN/WAN traffic, IPSec packets, and call initiation using 'sys filter netbios config'.

Demonstrates configuring NetBIOS filters for various traffic types and call initiation scenarios.

Introduces enhanced DHCP features for adding site-specific options to DHCP server offer messages.

Details the syntax for assigning a specific IP address to the Nortel BCM50 via DHCP.

Explains using commands to add site-specific options to DHCP server offer messages for Nortel devices.

Describes syntax for configuring BCM50 DHCP server modes and IP address ranges.

Explains the command to configure Nortel BCM50 DHCP server settings and override default IP assignment behavior.

Describes adding site-specific options to DHCP messages for Nortel i2004 IP telephones.

Details the syntax for assigning VoIP server information, including IP address and port, to IP telephones.

Explains assigning VLAN IDs to IP telephones using DHCP, specifying interface and VLAN ID details.

Mentions WLAN handsets require similar options to IP phones, with additional site-specific options.

Describes assigning a TFTP server IP address to WLAN handsets via DHCP.

Explains assigning a WLAN Telephony Manager IP address to WLAN handsets using DHCP option 151.

Introduces appendix providing descriptions of various log messages generated by the router.

Lists and describes system error log messages.

Lists and describes system maintenance log messages.

Describes UPnP log messages indicating packets passing through the firewall.

Lists and describes content filtering log messages for URL access and blocking.

Lists and describes firewall attack log messages, including TCP, UDP, ICMP, and IP spoofing attacks.

Lists and describes access log messages related to firewall policies and rule matches.

Guides on viewing IPSec and IKE connection logs using menu 27, showing typical logs from a VPN initiator.

Displays a typical log from the VPN connection initiator, detailing the IPSec negotiation process.

Shows a typical log from the VPN connection peer, including log index, date/time, and messages.

Explains using 'sys logs load' and 'sys logs category' commands to configure logging settings.

Guides on showing all logs or specific log settings using 'sys logs display' and 'sys logs category display' commands.

Demonstrates setting up access logs and alerts recording and viewing the results using command-line commands.

Describes commands for enabling, disabling, and configuring the mechanism to prevent brute-force password guessing.