aaronjwood
asked on
How to use the Netopia R910 behind a Cayman 3346 ADSL Modem/router
Hello,
I currently have a Netopia Cayman 3346 ADSL modem/router at our corporate office that provides us a connection to the internet. We have a static IP through AT&T. I am trying to use a Netopia R910 router behind the Cayman in order to establish VPN connections to out 10 retail location subnets. I am not sure if I need to put the Cayman into bridge mode or what? I would assume that I need to continue using the Cayman as the modem and then pass all other functions (and the static/public IP) to the R910. Obviously there is no way to use the R910 as an ADSL modem because there is no phone line jack on it. Any and all help will be greatly appreciated.
Regards,
Aaron J. Wood
I currently have a Netopia Cayman 3346 ADSL modem/router at our corporate office that provides us a connection to the internet. We have a static IP through AT&T. I am trying to use a Netopia R910 router behind the Cayman in order to establish VPN connections to out 10 retail location subnets. I am not sure if I need to put the Cayman into bridge mode or what? I would assume that I need to continue using the Cayman as the modem and then pass all other functions (and the static/public IP) to the R910. Obviously there is no way to use the R910 as an ADSL modem because there is no phone line jack on it. Any and all help will be greatly appreciated.
Regards,
Aaron J. Wood
Hypercat (Deb)
Yes, you would want to put the 3346 into bridge mode and then program the R910 to use your public static IP address for its external interface and give it an internal private IP address for your LAN. Then the 3346 gets connected to the R910 WAN port and you connect one of the R910 LAN ports to your internal switch. Putting the Cayman in bridge mode will then pass all traffic to the R910, and you can set up your firewall and VPN connections on the R910.
ASKER
Ok, do I need to transfer all of the settings in the cayman over to the r910 or will both of them need the same settings (such as ISP DNS servers and gateway)? Do you know of any documentation that will help me do this? Thank you very much for all of your help.
The 3346 is still req'd because it essentially converts the phone signal to an ethernet signal. I agree w/aaron, I would also recommend you bridge the 3346 (1) & have the connected R910 will provide the req'd DSL PPPoE (username & pwd) connection (2).
Once the R910 is "authenticated" on AT&T network, the R910 will recieve the public static IP. Once your online, you can setup the VPN connection on the R910. The R910 also appears that it can function as a VPN "server" or passthru device.. (3)
Unless you are running concurrent, fulltime (vs "on-demand") VPN tunnels, you shouldnt have any problems with networking the satellite locations with the corp network via VPN.
Good luck...
P2E
(1) http://www.netopia.com/support/technotes/hardware/CQG_020.html
(2) http://www.netopia.com/support/hardware/technotes/NQG_029.html
(3) http://www.netopia.com/support/hardware/technotes/NQG_022.html
Once the R910 is "authenticated" on AT&T network, the R910 will recieve the public static IP. Once your online, you can setup the VPN connection on the R910. The R910 also appears that it can function as a VPN "server" or passthru device.. (3)
Unless you are running concurrent, fulltime (vs "on-demand") VPN tunnels, you shouldnt have any problems with networking the satellite locations with the corp network via VPN.
Good luck...
P2E
(1) http://www.netopia.com/support/technotes/hardware/CQG_020.html
(2) http://www.netopia.com/support/hardware/technotes/NQG_029.html
(3) http://www.netopia.com/support/hardware/technotes/NQG_022.html
ASKER
Ok guys, thank you for the help. I conceptually understand what you are both saying. My problem is that I will need to do this with as little downtime as possible. Currently the 3346 is the only path to the internet for all our corporate and satelite location client computers (the satelite computers internet traffic is tunneled through a proxy server hosted at corporate...the satelite clients are networked to the corporate office via frame relay...this is the reason for all this in the first place...I want to replace the frame network with a secure VPN network). Would I connect the R910 to a separate computer for configuration and once its configured connect it to the 3346 and put the 3346 in bridge mode? Or should I configure the R910 after connecting it to the 3346 and switching it to bridge mode. I am having trouble with the logistics of doing this. Normally I would just screw things up until I finally fix it, but in this case I can't afford to have the internet connection down for more than an hour max and I try not to work nights because of my family). What steps would you guys recommend that I take to minimize downtime? As always, your help is greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellnet help hypercat. I have no problem telnetting into the R910 and getting to the condiguration menus so that is the easy part. A few questions for you.
1. You said that the gateway for the R910 should be the IP of the 3346. Is that the private IP of the 3346? Currently the private IP of the 3346 is 10.0.1.254 and our Windows 2003 SBS DHCP assigns that IP to all client computers as the default gateway. Does this all stay the same? My educated gues is yes.
2. I would most likely set the private IP of the R910 to 10.0.1.253. Does this make sense? will that IP need to be designated anywhere on the W2003 SBS DHCP settings?
3. I have no idea what PPPoE is so I will do a bit of Google research to try and determine if I need to enable PPPoE on the R910. You say that I might find this information in the 3346 documentation? So does this mean that the 3346 is the one that determines if PPPoE needs to be enabled on the R910?
Thank you for all of the hand holding :)
--Aaron
1. You said that the gateway for the R910 should be the IP of the 3346. Is that the private IP of the 3346? Currently the private IP of the 3346 is 10.0.1.254 and our Windows 2003 SBS DHCP assigns that IP to all client computers as the default gateway. Does this all stay the same? My educated gues is yes.
2. I would most likely set the private IP of the R910 to 10.0.1.253. Does this make sense? will that IP need to be designated anywhere on the W2003 SBS DHCP settings?
3. I have no idea what PPPoE is so I will do a bit of Google research to try and determine if I need to enable PPPoE on the R910. You say that I might find this information in the 3346 documentation? So does this mean that the 3346 is the one that determines if PPPoE needs to be enabled on the R910?
Thank you for all of the hand holding :)
--Aaron
ASKER
UPDATE: I just checked my 3346 and it is currently using PPPoE vcc1 to authenticate to the ISP (AT&T...was Bellsouth). So I guess that means I will have to enable PPPoE on the R910 in order to authenticate to my ISP. Does this make sense?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
P2E, thank you for your input. The DHCP server on the 3346 is disabled. Our W2003 SBS handles DHCP tasks.
So what I get from your other info is that the 3346 can continue to do the PPPoE authentication to my ISP even when it is placed in bridge mode.
I do have a static IP from my ISP and I don't really follow the DMZ lingo. I know what it stands for, but I am not I network guy so it is a bit confusing at the moment.
Thanks,
Aaron
So what I get from your other info is that the 3346 can continue to do the PPPoE authentication to my ISP even when it is placed in bridge mode.
I do have a static IP from my ISP and I don't really follow the DMZ lingo. I know what it stands for, but I am not I network guy so it is a bit confusing at the moment.
Thanks,
Aaron
From your postings, I got the msg that the 3346 was already performing the PPPoE connection. Therefore, as mentioned above, let the 3346 continue to provide the PPPoE connection. Do NOT bridge the 3346.
With the 3346 providing the PPP connection, you will need to set up "IP Passthrough" mode to pass/forward your Static IP to the R910. If you following the instruction below, the R910 will essentially be accessible via your public static IP address & functionally appear like it is directly connected to the Internet. In network terms, this config is also functionally refered to as placing a network device (e.g., router, firewall, server, etc) in to the DMZ.
Since you stated that you have a single static IP (SIP) from the ISP, you can configure the IP Passthrough in the 3346 as follows:
- http://www.netopia.com/support/hardware/technotes/CQG_022.html
Once the R910 is online and assessable via your SIP, you shouldnt have any prob configuring the VPN connection on the R910.
Good Luck!
P2E
With the 3346 providing the PPP connection, you will need to set up "IP Passthrough" mode to pass/forward your Static IP to the R910. If you following the instruction below, the R910 will essentially be accessible via your public static IP address & functionally appear like it is directly connected to the Internet. In network terms, this config is also functionally refered to as placing a network device (e.g., router, firewall, server, etc) in to the DMZ.
Since you stated that you have a single static IP (SIP) from the ISP, you can configure the IP Passthrough in the 3346 as follows:
- http://www.netopia.com/support/hardware/technotes/CQG_022.html
Once the R910 is online and assessable via your SIP, you shouldnt have any prob configuring the VPN connection on the R910.
Good Luck!
P2E
ASKER
P2E,
Forgive my ignorance, I am learning here. I am assuming that my account type with my ISP is PPPoE because when I go to Home->Configure->WAN->IP Interface (PPP over Ethernet vcc1) in the web admin of the 3346 the checkbox for Enable Interface and Address Mapping (NAT) are both checked and there is username and password information in those fields. From reading the tech note you provided at http://www.netopia.com/support/hardware/technotes/CQG_022.html I gather that this means I do not have a block of static IP addresses, but rather a single static (sort of) IP assigned to me by the ISP when my credentials are presented. Am I correct in this assumption? If I am, it looks to me that I will need to follow the portion of the tech note about "Configuration for Dynamic and PPPoE Accounts" and using the second DHCP server in the 3346 to assign an IP to the R910. This is a bit confusing to me because my ISP (AT&T) says that we have a static IP, but I am now unsure of this. Am I making this way too complicated?
Forgive my ignorance, I am learning here. I am assuming that my account type with my ISP is PPPoE because when I go to Home->Configure->WAN->IP Interface (PPP over Ethernet vcc1) in the web admin of the 3346 the checkbox for Enable Interface and Address Mapping (NAT) are both checked and there is username and password information in those fields. From reading the tech note you provided at http://www.netopia.com/support/hardware/technotes/CQG_022.html I gather that this means I do not have a block of static IP addresses, but rather a single static (sort of) IP assigned to me by the ISP when my credentials are presented. Am I correct in this assumption? If I am, it looks to me that I will need to follow the portion of the tech note about "Configuration for Dynamic and PPPoE Accounts" and using the second DHCP server in the 3346 to assign an IP to the R910. This is a bit confusing to me because my ISP (AT&T) says that we have a static IP, but I am now unsure of this. Am I making this way too complicated?
ASKER
ALL,
I tried so many things today and have become very frustrated because none of them worked.
1. I tried to enable IP passthrough on the 3346 which was easy, but then I could not get the R910 to pick up the public IP. Here is my confusion; the technotes for putting the 3346 in passthrough mode state that for a PPPoE connection to your ISP (which I have) that the "Configuration for Dynamic and PPPoE Accounts" steps should be used. This involves specifying a MAC address of one of the R910 interfaces. It does not say which one, the LAN or the WAN interface? In fact all references to the MAC address are for a clinet PC, not another router. I tried it both ways, but was in such a hurry to minimize downtime that I got confused and it didn't work. Also something that is not clear to me is whether or not the DHCP setting on my W2003 SBS need to be changed. Currently when client computers get their IP they are assigned the 3346 privite IP as their router. Does this need to change if IP passthrough is utilized?
2. After messing around with IP passthrough half the day I tried to put the 3346 into bridge mode and do the PPPoE authentication on the R910. I was able to establish a PPPoE connection and get the IP from my ISP which showed up under the Current WAN connections in the Quick View of the router's setup. However, I was never able to ping my public IP or telnet into it. Once the PPPoE connection is establish are there more steps that need to be taken to assign IP addresses to the interfaces? The reason I ask is that even though it showed me having an active PPPoE session neither the LAN or WAN interface had an IP.
3. In either of the two steps above I was not sure where to plug the cable coming from the 3346 into the R910. Should it be plugged into the Line port, or one of the Ethernet ports. I would think that the cable from the 3346 should plug into the Line port and then a separate cable should be plugged into an ethernet port on the R910 and a open port on my switch as hypercat stated in the original post. It seemed that when I did plug into the Line port that no traffic ever made it to the LAN ports (no blinking lights)
Sorry for the long post...I am just extremely frustrated right now.
Happy Memorial Day!
I tried so many things today and have become very frustrated because none of them worked.
1. I tried to enable IP passthrough on the 3346 which was easy, but then I could not get the R910 to pick up the public IP. Here is my confusion; the technotes for putting the 3346 in passthrough mode state that for a PPPoE connection to your ISP (which I have) that the "Configuration for Dynamic and PPPoE Accounts" steps should be used. This involves specifying a MAC address of one of the R910 interfaces. It does not say which one, the LAN or the WAN interface? In fact all references to the MAC address are for a clinet PC, not another router. I tried it both ways, but was in such a hurry to minimize downtime that I got confused and it didn't work. Also something that is not clear to me is whether or not the DHCP setting on my W2003 SBS need to be changed. Currently when client computers get their IP they are assigned the 3346 privite IP as their router. Does this need to change if IP passthrough is utilized?
2. After messing around with IP passthrough half the day I tried to put the 3346 into bridge mode and do the PPPoE authentication on the R910. I was able to establish a PPPoE connection and get the IP from my ISP which showed up under the Current WAN connections in the Quick View of the router's setup. However, I was never able to ping my public IP or telnet into it. Once the PPPoE connection is establish are there more steps that need to be taken to assign IP addresses to the interfaces? The reason I ask is that even though it showed me having an active PPPoE session neither the LAN or WAN interface had an IP.
3. In either of the two steps above I was not sure where to plug the cable coming from the 3346 into the R910. Should it be plugged into the Line port, or one of the Ethernet ports. I would think that the cable from the 3346 should plug into the Line port and then a separate cable should be plugged into an ethernet port on the R910 and a open port on my switch as hypercat stated in the original post. It seemed that when I did plug into the Line port that no traffic ever made it to the LAN ports (no blinking lights)
Sorry for the long post...I am just extremely frustrated right now.
Happy Memorial Day!
ASKER
One last thing...in many of the static IP setups it states that you need to input the netmask given to you by your ISP. My PPPoE session shows a netmask of 0.0.0.0. I do not show a netmask on the status page of my 3346 web config sceen either.
See code snippet
See code snippet
IP interfaces:
Ethernet 100BT: ( up broadcast default rip-send v1 rip-receive v1 )
inet 10.0.1.254 netmask 255.255.0.0 broadcast 10.0.255.255
physical address 00-00-c5-be-83-a4 mtu 1500
PPP over Ethernet vcc1: ( up address-mapping broadcast default admin-disabled )
inet 68.16.159.42 netmask 0.0.0.0 broadcast 255.255.255.255
physical address 00-00-c5-be-83-a5 mtu 1500
aw, if you havent changed anythng from this last posting....
The 3386 (hopefully) appears to be bridged.
Q: Did you use the link I provided earlier? If not, what steps or reference link did you use to config the bridge mode for the 3346? I ask because the Bridging the 3346 is a multi-step manual process.
If you followed the steps @ http://www.netopia.com/support/hardware/technotes/NQG_029.html, the R910 should be able to recieve your Static IP (SIP). BTW, your SBS2003 is now accessible via your SIP (68.16.159.xx)...
Q: Finally, did you follow the VPN config, I listed above?... Is the VPN now working?
P2E
The 3386 (hopefully) appears to be bridged.
Q: Did you use the link I provided earlier? If not, what steps or reference link did you use to config the bridge mode for the 3346? I ask because the Bridging the 3346 is a multi-step manual process.
If you followed the steps @ http://www.netopia.com/support/hardware/technotes/NQG_029.html, the R910 should be able to recieve your Static IP (SIP). BTW, your SBS2003 is now accessible via your SIP (68.16.159.xx)...
Q: Finally, did you follow the VPN config, I listed above?... Is the VPN now working?
P2E
ASKER
P2E, I hope that you had a nice Memorial Day.
I have followed all of the technotes given by Netopia without success. One thing I just figured out last night was that a crossover cable is needed to connect the R910 to my existing switch (i was using a regular cable).
Right now the 3346 is not in bridge mode. The reason you get the SBS is because I have a pinhole set up to direct port 80 to the SBS which also hosts our internal web site. I am taking that this is not the best way to do this.
My problem with the http://www.netopia.com/support/hardware/technotes/CQG_022.html tech note is that the second portion for PPPoE is for setting up a computer to receive the passthrough IP, not a router. So I am getting confused on how to configure the R910 to accept the passthrough IP. I would rather just use passthrough, and let the 3346 do the PPPoE authentication. Here are my questions:
1. The 3346 gives two options for IP passthrough (see http://www.netopia.com/support/hardware/technotes/CQG_022.html ), one for static setup and one for Dynamic/PPPoE that uses a MAC address. Which one should I use?
2. If I am to use the one that need a MAC specified, which MAC in the R910 do I use? The WAN1 MAC or the LAN MAC?
3. My private netowork uses the 10.0.1.xx IP structure and the 3346 is currently at IP 10.0.1.254 (which all my client computer use as their default gateway). Once I set the 3346 in passthrough mode, do my client computers continue to use 10.0.1.254 as their default gateway, or do they now need to use the IP of the R910 (say I make the private IP of the R910 10.0.1.253) as the gateway?
4. What should the default gateway be in the R910? 10.0.1.254? Something else?
5. If I hardcode my public IP to the local WAN1 interface of the R910 then what do I use as a subnet mask? Should I have to hardcode the public IP at all, or should the 3346 pass the public IP to the R910 which should see it and automatically assign it to the correct interface?
5. Do i need to set the DNS servers on the R910 to the same servers that the 3346 has (given by my ISP) or should they be directed to my SBS (which all my clinet computers use as their DMS server)?
6. Is there an easier way to communicate other than this? Chat?
NOTE: When I bridged the 3346 and did PPPoE authentication with the R910 it did recieve the public IP. This showed up under the "Current WAN connection status" section of the quick view menu item. However, the IP was not ever assigned to the WAN1 interface. Perhapse I should have Manually assigned it to the WAN1 interface.
WOW! I am such a pain. I really do appreciate your help.
--Aaron
I have followed all of the technotes given by Netopia without success. One thing I just figured out last night was that a crossover cable is needed to connect the R910 to my existing switch (i was using a regular cable).
Right now the 3346 is not in bridge mode. The reason you get the SBS is because I have a pinhole set up to direct port 80 to the SBS which also hosts our internal web site. I am taking that this is not the best way to do this.
My problem with the http://www.netopia.com/support/hardware/technotes/CQG_022.html tech note is that the second portion for PPPoE is for setting up a computer to receive the passthrough IP, not a router. So I am getting confused on how to configure the R910 to accept the passthrough IP. I would rather just use passthrough, and let the 3346 do the PPPoE authentication. Here are my questions:
1. The 3346 gives two options for IP passthrough (see http://www.netopia.com/support/hardware/technotes/CQG_022.html ), one for static setup and one for Dynamic/PPPoE that uses a MAC address. Which one should I use?
2. If I am to use the one that need a MAC specified, which MAC in the R910 do I use? The WAN1 MAC or the LAN MAC?
3. My private netowork uses the 10.0.1.xx IP structure and the 3346 is currently at IP 10.0.1.254 (which all my client computer use as their default gateway). Once I set the 3346 in passthrough mode, do my client computers continue to use 10.0.1.254 as their default gateway, or do they now need to use the IP of the R910 (say I make the private IP of the R910 10.0.1.253) as the gateway?
4. What should the default gateway be in the R910? 10.0.1.254? Something else?
5. If I hardcode my public IP to the local WAN1 interface of the R910 then what do I use as a subnet mask? Should I have to hardcode the public IP at all, or should the 3346 pass the public IP to the R910 which should see it and automatically assign it to the correct interface?
5. Do i need to set the DNS servers on the R910 to the same servers that the 3346 has (given by my ISP) or should they be directed to my SBS (which all my clinet computers use as their DMS server)?
6. Is there an easier way to communicate other than this? Chat?
NOTE: When I bridged the 3346 and did PPPoE authentication with the R910 it did recieve the public IP. This showed up under the "Current WAN connection status" section of the quick view menu item. However, the IP was not ever assigned to the WAN1 interface. Perhapse I should have Manually assigned it to the WAN1 interface.
WOW! I am such a pain. I really do appreciate your help.
--Aaron
Arron, I did indeed have good w/e - thanks! And I am determined to get you up and running...
OK lets reassess the situation
1) The 3346 is not bridged & therefore it is running the req'd PPPoE connection.
2) Regarding your problem w/ Netopia's CQG_022 technote - disregard the portion concerning setting up a computer to receive the passthrough IP... Logically & electrically, the R910 is the connected device and by default your SIP will pass to it... So, App Note 022 is complete, yes?
3) Regarding your stmt, "I am getting confused on how to configure the R910 to accept the passthrough IP". Again, as the R910 is the only connected device to the 3346, your SIP will be routed to the R910 gratus.
4) No prob with the pinhole @ the R910 to the SBS. Using a Pinhole (vs IP Passthrough) is the Administrators preference.... However, in the Netopia you can not use Pinholes & IP Passthrough concurrently.
- If you choose to use Pinholes, you will need to manually set (fwd) the ports needed for your apps - in both routers! Also, the operation of IP-Passthru should be disabled (unchecked).
- Conversely, If you use IP-Passthru (Pinholes are OFF), the Netopia 3346 becomes a "pass-thru" (dumb) network device & functionally the R910 will be "fully" visable from the internet via your SIP. The hardware firewall in the 3346 will be functionally disabled..
Now, per your item 6 - if you have instant msg enabled look for (or send im to) Press2Esc...
P2E
OK lets reassess the situation
1) The 3346 is not bridged & therefore it is running the req'd PPPoE connection.
2) Regarding your problem w/ Netopia's CQG_022 technote - disregard the portion concerning setting up a computer to receive the passthrough IP... Logically & electrically, the R910 is the connected device and by default your SIP will pass to it... So, App Note 022 is complete, yes?
3) Regarding your stmt, "I am getting confused on how to configure the R910 to accept the passthrough IP". Again, as the R910 is the only connected device to the 3346, your SIP will be routed to the R910 gratus.
4) No prob with the pinhole @ the R910 to the SBS. Using a Pinhole (vs IP Passthrough) is the Administrators preference.... However, in the Netopia you can not use Pinholes & IP Passthrough concurrently.
- If you choose to use Pinholes, you will need to manually set (fwd) the ports needed for your apps - in both routers! Also, the operation of IP-Passthru should be disabled (unchecked).
- Conversely, If you use IP-Passthru (Pinholes are OFF), the Netopia 3346 becomes a "pass-thru" (dumb) network device & functionally the R910 will be "fully" visable from the internet via your SIP. The hardware firewall in the 3346 will be functionally disabled..
Now, per your item 6 - if you have instant msg enabled look for (or send im to) Press2Esc...
P2E
ASKER
P2E, I am up now! Thank goodness. I called netopia tech support and they said it would be better to bridge the 3346 and let the r910 handle the pppoe authentication. I did all this with the correct cables this time and set the lan IP of the r910 to the same IP that the 3346 had and wouldn't you know, it worked. The wan1 interface still shows no ip, but I guess this is the way it works for pppoe. I am now in the process of setting up the VPN side. Also, I went ahead and used address translation to route port 80 to the sbs (which uses host headers) and that seems to work too. The last step is the VPN. I am typing this on my blackberry so I will award points when I return to a desktop.
Thanks for all of your help. I may need some more on the pinhole stuff later.
--Aaron
Thanks for all of your help. I may need some more on the pinhole stuff later.
--Aaron
Aaron, as mentioned from the onset, bridging the netopia was definitely the prefered method. However, haven sensed your apprehension with bridging the netopia, we concentrated in IP Passthru... Both are viable options.
In any case, I am glad your network is online and working... As I have worked w/Netopia a few times before, it is definitely easier to talk over the phone or remote access your network to get some of the issues resolved..
Congrats dude!
P2E
In any case, I am glad your network is online and working... As I have worked w/Netopia a few times before, it is definitely easier to talk over the phone or remote access your network to get some of the issues resolved..
Congrats dude!
P2E