3-6-2009 Draft Parental Control Setup - Filtering Function 4030765 Rev 01 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens.
3-6-2009 Draft Chapter 6 Security Configuration 148 3 Check the Enable Filtering Function check box to enable the filtering function. The Client IP Mac Filtering screen populates with any time restrictions that are set. 4 Click Add PC. The Add Filtering Function screen opens.
-6-2009 Draft Parental Control Setup - Filtering Function 5 In the Client PC Description field, enter a description of the PC for which you want to block services. 6 In the Choose mode field, Click IP mode or MAC mode from the drop-down menu. 7 Enter the IP address in the Client PC IP Address field, or enter the MAC address in the MAC address field depending upon the mode you selected in step 6. 8 Under Service Name area, check the Blocking check box for every service that you wish to filter.
3-6-2009 Draft Chapter 6 Security Configuration 2 Click the Firewall tab. The Filtering Function screen opens. 3 Check the Enable Filtering Function check box to enable the filtering function. The Mac Filtering screen populates with any time restrictions that are set. Q. to reviewers. screen changed test steps. 150 4 From the Configure field select Remove in the Remove column next to the time of day restriction that you wish to remove. 5 Click Remove to remove the restriction.
3-6-2009 Draft URL Filtering Function URL Filtering Function The URL Filtering Function screen allows you to block websites based on the URL address and/or key words used in the website. For example, if you have children in the home, you may want to block websites that are inappropriate for children by entering the URL or key words. Path: Security > Firewall > URL Filter Enabling URL Filtering To enable URL filtering for the firewall, complete the following steps.
3-6-2009 Draft Chapter 6 Security Configuration 152 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens by default.
3-6-2009 Draft URL Filtering Function 3 Click the URL Filter tab. The URL Filtering Function screen opens. 4 Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. 5 For each rule, enter the URL or keyword that you want to block. 6 Under Week Day, select Everyday or select the individual days on which you want the filter to take effect.
3-6-2009 Draft Chapter 6 Security Configuration 154 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens by default. 3 Click the URL Filter tab. The URL Filtering Function screen opens.
3-6-2009 Draft URL Filtering Function 4030765 Rev 01 4 Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. 5 Click Del next to each rule that you want to delete. If you want to remove all the rules, click Remove All. 6 Click Save.
3-6-2009 Draft Chapter 6 Security Configuration Stateful Packet Inspection The Stateful Packet Inspection screen allows you to use stateful packet inspection (SPI) to detect and prevent certain types of network attacks such as DoS (denial-ofservice) attacks. Q. to reviewers provide more detail. Path: Security > Firewall > Stateful Packet Inspection Enabling Stateful Packet Inspection To enable stateful packet inspection (SPI), complete the following steps. 1 156 Click Security on the main screen.
3-6-2009 Draft Stateful Packet Inspection 2 Click the Firewall tab. The Filtering Function screen opens by default. 3 Click the Stateful Packet Inspection tab. The Intrusion Detection screen opens. 4 Select the Enable SPI, Hacker Pattern and Anti-Dos Firewall field. Q. to reviewers: What about the Enable Email ALert field? 5 4030765 Rev 01 Click Save/Apply to enable stateful packet inspection.
3-6-2009 Draft Chapter 6 Security Configuration Local Certificates The Local Certificates screen allows you to load certificates onto the residential gateway. Local certificates are used by peers to verify your identity. A maximum of four certificates can be stored on the residential gateway. Path: Security > Certificate > Local > Local Certificates Creating Certificates The Create Certificate screen allows you to generate a certificate by specifying certificate parameters shown in this screen.
3-6-2009 Draft Local Certificates 4030765 Rev 01 2 Click Certificate. The Local Certificates screen opens. 3 Click Create Certificate Request. The Create New Certificate Request screen opens. 4 In the Certificate Name field, enter the name for the certificate. 5 In the Common Name field, enter the common name of the certificate. 6 In the Organization Name field, enter the name of the organization that owns the certificate.
3-6-2009 Draft Chapter 6 Security Configuration 10 Click Load Signed Certificate to save the certificate on the residential gateway. Importing Local Certificates The Import Certificate screen allows you to import a pre-existing certificate to the residential gateway. To import a certificate, complete the following steps. 1 160 Click Security on the main screen. The MAC Filtering screen opens by default.
3-6-2009 Draft Local Certificates 4030765 Rev 01 2 Click Certificate. The Local Certificates screen opens. 3 Click Import Certificate. The Import certificate screen opens. 4 In the Certificate Name field, enter the name of the certificate.
3-6-2009 Draft Chapter 6 Security Configuration 162 5 In the Certificate area, copy and paste the contents of the certificate file provided by the service provider. 6 In the Private Key area, copy and paste the private key from the certificate file provided by the service provider. 7 Click Apply to save the certificate on the residential gateway.
3-6-2009 Draft Trusted CA Certificates Trusted CA Certificates The Trusted CA (Certificate Authority) Certificates screen allows you to load certificates onto the residential gateway. You can use CA certificates to verify peers' certificates. A maximum of four certificates can be stored.
3-6-2009 Draft Chapter 6 Security Configuration 164 2 Click Certificate. The Local Certificates screen opens. 3 Click the Trusted CA tab. The Trusted CA (Certificate Authority) Certificates screen opens.
3-6-2009 Draft Trusted CA Certificates 4030765 Rev 01 4 Click Import Certificate. The Import CA Certificate screen opens. 5 In the Certificate Name field, enter the name of the certificate. 6 In the Certificate area, copy and paste the contents of the certificate file provided by the service provider. 7 Click Apply to save the CA certificate on the residential gateway.
3-6-2009 Draft
3-6-2009 Draft 7 Chapter 7 Advanced Configuration The Advanced tab lets you to check the quality of service and IP traffic over your network and to change the configuration. Use this chapter to check the status of the more advanced features of your residential gateway, such as port mapping and DNS server configuration, and to change the configuration. In This Chapter 4030765 Rev 01 Upstream Quality of Service .............................................................
3-6-2009 Draft Chapter 7 Advanced Configuration Upstream Quality of Service The Upstream Quality of Service screen allows you to configure the Quality of Service (QoS) settings for the residential gateway. Path: Advanced > QoS > Upstream Quality of Service Q. to reviewers: Screen alignment is off. Adding Upstream Quality of Service Settings To add upstream Quality of Service settings, complete the following steps. 1 168 Click Advanced on the main screen. The Upstream Quality of Service screen opens.
3-6-2009 Draft Upstream Quality of Service 2 Click Add. The Add Upstream QoS Rule screen opens. 3 In the Name field, enter the name of the QoS rule. 4 In the LAN Port field, select the LAN port for which you want to apply the rule. 5 In the Protocol field, select the protocol that you want to use from the following options: TCP/UDP TCP UDP ICMP 6 In the IP Address field, enter the source and destination addresses.
3-6-2009 Draft Chapter 7 Advanced Configuration 11 Select the Marker field and choose from the list of Diffserv code point (DSCP) values. 12 Select the Queue field and choose from the list of queues. 13 Click Save.
3-6-2009 Draft Remote Management Remote Management The Remote Management -- TR-O69 Client screen allows an autoconfiguration server (ACS) to perform autoconfiguration, provisioning, collection of statistics, and diagnostics for this residential gateway. Path: Advanced > Remote Management Configuring the TR-069 Client Options To configure the TR-069 client options, complete the following steps.
3-6-2009 Draft Chapter 7 Advanced Configuration 1 Click Advanced on the main screen. The Remote Management -- TR-069 Client screen opens. 2 In the Inform field, choose one of the following options: Click Enable to to enable the periodic "inform" messages from the residential gateway. Click Disable to disable the inform messages to the residential gateway.
3-6-2009 Draft Port Mapping Port Mapping The Port Mapping screen allows you to specify which traffic will be transmitted over the WAN interface. Traffic is classified by ingress port, such as Ethernet port, or by DHCP option settings. Port Mapping supports multiple ports to PVC and bridging groups. Each group will perform as an independent network. To support this feature, you must create mapping groups with appropriate LAN and WAN interfaces.
3-6-2009 Draft Chapter 7 Advanced Configuration 174 2 Click the Port Mapping tab. The Port Mapping screen opens. 3 Select the Enable virtual ports on field if you want to use the port mapping feature. 4 Select Enable Diffserv to 802.1p conversion if you want to convert diffserv code points to 802.1p tags.
3-6-2009 Draft Port Mapping 4030765 Rev 01 5 Click Add. The Port Mapping Configuration screen opens. 6 In the Group Name field, enter the name of the group. The group name must be unique. For example, enter IPTV. 7 For the Grouped Interfaces field, select interfaces from the Available Interfaces list and add them to the grouped interface list using the arrow buttons to create the required mapping of the ports.
3-6-2009 Draft Chapter 7 Advanced Configuration Creating Certificates The Create Certificate screen allows you to generate a certificate by specifying certificate parameters shown in this screen. To create a certificate, complete the following steps. 176 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click Certificate. The Local Certificates screen opens.
3-6-2009 Draft Creating Certificates 3 Click Create Certificate Request. The Create New Certificate Request screen opens. 4 In the Certificate Name field, enter the name for the certificate. 5 In the Common Name field, enter the common name of the certificate. 6 In the Organization Name field, enter the name of the organization that owns the certificate. 7 In the State/Province Name field, enter the state or province where you want to register the certificate.
3-6-2009 Draft Chapter 7 Advanced Configuration Virtual Servers Setup The NAT -- Virtual Servers Setup screen allows you to configure servers to which you want to forward IP packets that belong to a specific service. Path: Advanced > IP Networking > NAT > Virtual Servers Adding a Virtual Server To add and configure a virtual server, complete the following steps. 178 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens.
3-6-2009 Draft Virtual Servers Setup 3 4030765 Rev 01 Click Virtual Servers.The Virtual Servers screen opens.
3-6-2009 Draft Chapter 7 Advanced Configuration 4 From the Virtual Servers Setup screen, click Add. The NAT Virtual Servers screen opens. 5 Under Server Name, choose one of the following: Click Select a Service, and choose a service from the drop-down list. OR Click Custom Server, and enter a server name and the Server IP Address. 6 In the Server IP Address field, enter the IP address for the server. 7 Under Protocol, select TCP, UDP, TCP/UDP. 8 Click Save/Apply to add the virtual server.
3-6-2009 Draft Virtual Servers Setup 4030765 Rev 01 2 Click IP Networking. The NAT screen opens. 3 Click Virtual Servers.The Virtual Servers screen opens. 4 From the NAT Virtual Servers Setup screen, select Remove in the Remove column next to the server you wish to remove. 5 Click Remove to remove the NAT Virtual Server.
3-6-2009 Draft Chapter 7 Advanced Configuration Port Triggering Setup Some applications require that specific ports in the router's firewall be opened for access by the remote parties. The Port Triggering feature dynamically opens up the "Open Ports" in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the Triggering Ports feature.
3-6-2009 Draft Port Triggering Setup 3 Click Port Triggering. The NAT -- Port Triggering screen opens. 4 From the NAT -- Port Triggering screen, click Add. The NAT Port Triggering screen opens with a list of available protocols. 5 Under Application Name, choose one of the following: Click Select an Application and choose an application from the drop-down list. OR 4030765 Rev 01 Click Custom Application, and enter a name for the application.
3-6-2009 Draft Chapter 7 Advanced Configuration 6 7 Complete the fields on the screen as follows: Under Trigger Port Start, enter the time that you want to open the trigger port on the firewall. Under Trigger Port End, enter the time that you want to close the trigger port on the firewall. Under Trigger Protocol, select TCP/UDP, TCP or UDP. Under Open Port End, enter the ending port number for the ports that you want to open on the firewall.
3-6-2009 Draft Port Triggering Setup 4030765 Rev 01 3 Click Port Triggering. The NAT -- Port Triggering screen opens. 4 From the NAT -- Port Triggering screen, click Remove in the Remove column next to the port you wish to close. 5 Click Remove. The port you selected is closed.
3-6-2009 Draft Chapter 7 Advanced Configuration DMZ Host Setup The NAT -- DMZ Host screen allows the IP packets from the WAN that do not belong to any of the applications configured in the Virtual Servers table to be forwarded to the DMZ (demilitarized zone) host computer. Path: Advanced > IP Networking > NAT > DMZ Host > NAT -- DMZ Host Activate the DMZ Host In the DMZ Host IP Address field, enter the computer's IP address and click Save/Apply to activate the DMZ host.
3-6-2009 Draft DNS Server Configuration DNS Server Configuration The DNS Server Configuration screen allows you to configure the Domain Name Server (DNS). If the Enable Automatic Assigned DNS check box is selected, this router will accept the first received DNS assignment from one of the PPPoA, PPPoE or MER/DHCP enabled PVC(s) during the connection establishment.
3-6-2009 Draft Chapter 7 Advanced Configuration Dynamic DNS The Dynamic DNS screen allows you to alias a dynamic IP address to a static hostname in any of the many domains. The alias allows your DSL router to be more easily accessed from various locations on the Internet. Path: Advanced > IP Networking > DNS > Dynamic DNS Adding an Alias for A Dynamic IP Address to a Static Host Name To alias a dynamic IP address to a static host name, complete the following steps.
3-6-2009 Draft Dynamic DNS 3 Click DNS. The DNS screen opens. 4 Click Dynamic DNS. The Dynamic DNS screen opens. 5 Click Add on the Dynamic DNS screen. The Add dynamic DDNS screen opens. Q. to reviewers Dynamic should be a capital D on screen. 4030765 Rev 01 6 In the D-DNS provider field, select the provider from the drop-down list. 7 In the Hostname field, enter the name of the host.
3-6-2009 Draft Chapter 7 Advanced Configuration 8 In the Interface field, select the interface from the drop-down list. 9 Under DynNDS Settings, enter your user name and password. 10 Click Save/Apply.
3-6-2009 Draft Default Gateway Routing Default Gateway Routing The Default Gateway screen allows you to make gateway assignments for devices that are connected to the residential gateway. Note: If you change the Enable Automatic Assigned Default Gateway check box from unselected to selected, you must reboot the router to get the automatic assigned default gateway.
3-6-2009 Draft Chapter 7 Advanced Configuration 3 Click Routing. The Routing screen opens. 4 Click Default Gateway. The Default Gateway screen opens. 5 Do you want to enable the automatic assigned defautl gateway? 6 192 If yes, be sure the Enable Automatic Assigned Default Gateway check box is checked. If this check box is checked, the residential gateway will accept the first received default gateway assignment from one of the PPPoA, PPPoE or MER/DHCP enabled PVC(s).
3-6-2009 Draft Internet Group Management Protocol Internet Group Management Protocol IGMP screen allows you to configure the Internet group management protocol (IGMP) parameters. The Internet Group Management Protocol is a communications protocol that is used to manage the membership of Internet Protocol multicast groups. Routers use IGMP to manage multicasting. The IGMP messages are used to determine which hosts are part of which multicast groups.
3-6-2009 Draft Chapter 7 Advanced Configuration IPSec Settings The IPSec Settings screen allows you to configure IP security settings for the residential gateway. Path: Advanced > IP Networking > IPSec Adding an IPSec Connection To add an IPSec connection, complete the following steps. 194 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens. 3 Click IPSec. The IPSec Settings screen opens.
3-6-2009 Draft IPSec Settings 4 Click Add New Connection. The IPSec Settings screen opens. 5 In the IPSec Connection Name field, enter the name of the connection. 6 In the Remote IPSec Gateway Address field, enter the gateway address for the remote IPSec gateway. 7 In the Tunnel access from local IP addresses field, select Subnet or Single Address. 8 In the IP Address for VPN, enter the IP address for the VPN connection.
3-6-2009 Draft Chapter 7 Advanced Configuration 14 Do you want to configure the advanced settings? If yes, in the Advanced IKE Settings field, click Show Advanced Settings to populate the screen with advanced settings. If no, go to step 17. 15 Complete the advanced settings as follows: a In the Phase 1 Mode field, select Main or Aggressive.
3-6-2009 Draft 8 Chapter 8 Customer Information Introduction This chapter provides contact information to obtain product support and return products for service. In This Chapter 4030765 Rev 01 Customer Support .............................................................................. 198 Return Products for Repair................................................................
3-6-2009 Draft Chapter 8 Customer Information Customer Support If You Have Questions If you have questions about this product, contact the representative who handles your account for information. If you have technical questions, telephone your nearest technical support office at one of the following telephone numbers.
3-6-2009 Draft Customer Support Australia Australia Sydney Technical Support Telephone: 011-61-2-8446-5374 Fax: 011-61-2-8446-8015 Japan Japan Tokyo Technical Support Telephone: 011-81-3-5322-2067 Fax: 011-81-3-5322-1311 Additional Information Access your company's extranet site to view or order additional technical publications. For accessing instructions, contact the representative who handles your account. Check your extranet site often as the information is updated frequently.
3-6-2009 Draft Chapter 8 Customer Information Return Products for Repair You must obtain a return material authorization (RMA) number before you send products to us for repair or upgrade. To return a product for repair or upgrade, complete the following steps.
3-6-2009 Draft Return Products for Repair 3 Pack the product in its original container and protective packing material. Important: 4 If the original container and packing material are no longer available, pack the product in a sturdy, corrugated box and cushion it with packing material that is appropriate for the method of shipping. You are responsible for delivering the returned goods to us safely and undamaged.
3-6-2009 Draft Service Provider Video Technology Group 5030 Sugarloaf Parkway, Box 465447 Lawrenceville, GA 30042 678.277.1000 www.scientificatlanta.com This document includes various trademarks of Cisco Systems, Inc. Please see the Notices section of this document for a list of the Cisco Systems, Inc. trademarks used in this document. Product and service availability are subject to change without notice. © 2009 Cisco Systems, Inc. All rights reserved.