IRT-101
ISDN Internet Router
User's Manual


Chapter 6 Advanced Features

Overview

Generally, the following Settings and Features are optional. Only if your ISDN link is non-standard, or your LAN contains a Router or Router, is any further configuration required.

Available Options

The available options are listed below. Follow the relevant link to locate detailed information.

Password Set or change the password for the ISDN Internet Router. The password is used to protect the configuration data.
LAN Use this to:
  • Enable/Disable the DHCP Server, or change the IP Addresses allocated by the DHCP server, or increase the number of DHCP clients supported. (Default is 50, maximum is 253.)
  • Add or Delete entries in the Routing Table
  • Enter additional DNS (Domain Name Server) IP Addresses
Dial-in Configure the ISDN Internet Router to allow users to Dial-in and use network resources on the local LAN.
Access Control Impose restrictions on the Internet Access enjoyed by particular workstations.
Internet Applications Use Virtual Servers, Special Internet Applications, or the Exposed Computer feature.
LAN-to-LAN Use the ISDN Internet Router to connect to another LAN, via the ISDN link.
ISDN These settings allow you to use 1 B channel instead of 2, set B channel parameters as advised by the phone company/technical support, or set the outgoing call ID.

Password

Overview

Password Screen

Selecting the Password tab will reveal a screen like the example below.

Password Screen

Enter the password on this screen:


Dial-in Access

Overview

Dial-in

The ISDN Internet Router's dial-in feature allows remote users to:

For additional security, the dial-back function can be used. In this situation, the ISDN Internet Router will hang-up the user's incoming connection, and then call them back.

To use the Dial-in Feature:

  1. Dial-in must be Enabled on the Dial-in Tab.
  2. User access data is required. The options are as follows:
  3. The remote user can use the same dial-up software they use for Internet access. Once connected,the remote user can access LAN resources as they normally would. They will appear to other LAN devices as a normal PC on the LAN, using the IP Address allocated by the ISDN Internet Router.

Dial-in Screen

Dial-in Access

Data - Dial-in Access
Enable Dial-in Access If checked, dial-in will be allowed. Otherwise, any attempt to dial-in will be blocked.
Idle Time-out If a dial-in connection remains inactive, it is terminated after this time period. Allowable range is 0-99 minutes; 0 means no limit.
Authentication Select the desired security option for log-in:

Disable means no user name/password check is performed. Anyone can connect. It is not necessary to enter each user's details if this option is chosen.
Warning! This is a major security risk.

Enable uses the industry-standard PAP system.

User List

Entering of user data is required only to provide secure dial-in access.

Data - User List
User Name Name of this user.
Password The password for the current user. Passwords are case sensitive. When creating or changing a password, enter it in the Verify field also.
Enable
Dial-in
Check this to enable dial-in; uncheck to suspend dial-in access.
Time limit After this time period, the user is disconnected. Allowable values are 0 (default) to 999 minutes. Zero means no time limit.
Call Back Options are:
  • Disabled:- User can simply dial-in; the device will not hang-up and call back.
  • Roaming:- After providing their name and password, the user is prompted for the call-back number.
  • Fixed:- The number entered in the Telephone No. field is always used as the call-back number.

Remote Users

Remote users can use the same dial-up software they use for Internet access. They should check the following:

Once connected,the remote user can access LAN resources as they normally would. They will appear to other LAN devices as a normal PC on the LAN, using the IP Address allocated by the ISDN Internet Router.


Access Control

Overview

The Access Control feature allows administrators to restrict Internet Access by individual workstations. The process uses "Packet Filtering" to block or discard data packets. You can apply the pre-defined filters, and optionally define your own filters.

By default, filtering is disabled; no packets are blocked or discarded.

Selecting the Access Control tab will reveal a screen like the example below.

Figure 1: Access Control Tab

To use the Access Control feature:

  1. Set the desired restrictions on the "Everyone" group, by selecting this group and clicking "Setup". By default, all PCs are in the "Everyone" group unless explicitly moved to another group.
  2. Set the desired restrictions on the other groups ("Group 1", "Group 2", etc) as needed.
  3. For each Workstation you wish to move from the "Everyone" group, enter their data and assign them to the desired group.

Note:You can limit Internet access for ALL PCs without entering ANY workstation data. Simply apply the desired restrictions to the "Everyone" group.

Security Groups

To Set or Change restrictions for a Security Group:

  1. Select the group from the drop-down list. Note that the Security groups are pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4". These names cannot be changed.
  2. Click the Setup button to define restrictions for the selected group. An example screen is shown below.

Figure 2: Group Screen

  1. Enter data on this screen as explained below. Click OK when finished.

Data for each Group

No restrictions No packets are blocked. Use this to create an "Unlimited Access" group, or to temporarily remove restrictions from a group.
Block all Access Groups members cannot access the Internet at all. Use this to create the most restrictive group.
Use List Below Enable or disable individual items as required. If set to Block, the item will be blocked, and the group will NOT have access.

This table is ignored unless the Use List Below radio button is selected.

Workstations

This list shows all workstations (PCs) which have been defined.

It is only necessary to define workstations in the following situations:

Use the Add, Edit, and Delete buttons to modify the list as required. An example Add or Edit screen is shown below.

Figure 3: Workstation

Workstation Data

Name Enter an identifier for this workstation. The name cannot contains spaces or punctuation.
Group Select the security group for this workstation.
If you only wish to reserve an IP Address, and are not using the Access Control features, simply leave this at "Everyone".
Hardware (MAC) Address Hardware or phpsical address. On a PC, this is often called the Network Adapter Address. You can use the Windows "Winipcfg" program or your LAN management program to find this address. (By default, there is no Start Menu item for Winipcfg so you must use hte "Run" command or create your own shortcut.)
Reserve IP Addres in DHCP Table Check this if you wish to reserve an IP address for this workstation. This is useful if you have to provide the IP Address for other programs or users.
If this is left unchecked, the following entry can be ignored.
Reserved IP Address This relates to the entry above.
Enter the reserved address here. This MUST be within the range used by the DHCP server (set on the LAN screen).

LAN-to-LAN

Overview

LAN-to-LAN Screen

Selecting the LAN-to-LAN tab will reveal a screen like the following example.

Figure 1: LAN-to-LAN Tab

Data - LAN-to-LAN

Enable LAN-to-LAN/
Disable Internet Access
& Dial-in
Use this to Enable and Disable the LAN-to-LAN feature.
Note that if using LAN-to-LAN, both Internet Access and Dial-in are disabled.
Remote Site
Device IP Address IP Address of the ISDN Internet Router at the remote LAN.
Network Mask Network Mask (Subnet mask) of the ISDN Internet Router at the remote LAN.
Act as Receiver
Enable In Act as Receiver mode, this device will accept a connection from the remote device. Use this to Enable/Disable this mode.
Authentication Select the desired security option:

Disable means no name/password checking is performed. No login name or password is required if this option is chosen.
Warning: Anyone can connect; this is a major security risk.

Enable uses the industry-standard "PAP" security method.

Login Name When another ISDN Internet Router attempts to connect to this one, a log-in name and password will be requested.
Enter the name and password (below) which permit access to this ISDN Internet Router.
Password The password associated with the log-in name above. Enter the password in the Verify field also.
Initiate Connection to Remote Site
Enable In this mode, the ISDN Internet Router will connect to the remote site as required. Use this checkbox to Enable/Disable this mode.
Telephone Telephone number to dial to connect to the remote LAN. The remote site must have another ISDN Internet Router or compatible device.
Login using:

 Name

Password

The remote ISDN Internet Router will request a Log-in name and password.

Enter the name and password required to gain access to the remote ISDN Internet Router.


ISDN

Overview

In most situations, there is no need to change these settings. They are provided to allow you to:

ISDN Screen

Figure 1: ISDN Tab

Data - ISDN Screen

Usage
Always use 1 B Channel Only 1 B Channel is used for Internet Access. The 2nd B Channel is never used for Internet Access, but is available for Dial-in Access (if enabled and configured).
Dynamically use 2 B Channels For Internet Access, 1 or 2 channels are used, depending on the volume of traffic. If Dial-in Access is enabled, then the 2nd B Channel will be dropped if required to allow connection of an incoming call.
Always use 2 B Channels If an Internet connection is required, both 2 "B" channels are always used. Dial-in, if enabled, is only possible if no Internet connection exists (the ISDN Internet Router is idle).
Outgoing Call ID
MSN If provided, enter the MSN (Multiple Subscriber Numbering) which receivers of your calls will see (using caller ID). The phone company will bill this number.
SAD If provided, enter the SAD (SubAddress). The SAD acts like an extension number to your main ISDN number. You can dial-up from this number instead of the main number.
Incoming Call ID
MSN If provided, enter the MSN (Multiple Subscriber Numbering) which callers should use to connect to this device.
SAD If provided, enter the SAD (SubAddress). The SAD acts like an extension number to your main ISDN number. Incoming callers can connect by dialling this number.
Advanced B Channel Settings
B Channel Line Speed The default is 64K. Set to 56K only if advised to do so by your phone company.
B Channel Init String This is normally not needed. If required, enter the value advised by technical support staff.

 

Back to Content To Chapter 5 To Chapter 7

PLANET Technology Corp.
11F, No. 96, Min Chuan Road,
Hsin Tien, Taipei, Taiwan, R.O.C
TEL: 886-2-22199518
FAX: 886-2-22199528
E-mail: support@planet.com.tw

iso9002.GIF (4323 bytes)

logo-b.GIF (2535 bytes)

Copyright 1999 PLANET Technology Corp. All right reserved.