This document will review procedures for using Ascend Pipeline 50, Pipeline 75 and Pipeline 130 routers to obtain IP addresses dynamically from a Network Access Server (NAS). (The Pipeline 50, 75 and 130 are the ONLY Ascend routers that support this "NAT for a LAN" feature. The Pipeline 25-Px does support NAT, but only for a single workstation.) This technical note assumes your ISDN line is configured and working properly. Information in this document is excerpted from the appropriate incremental software release notes, located at ftp://ftp.ascend.com/pub/Software-Releases/Pipeline /Incremental/Release-5.0Ai16/doc/rp50ai.pdf and experience.

Single Workstation Example:

The following example, for setting up NAT to a single workstation, is a typical setup for a connection to an ISP.

Diagram:

Requirements:

The Pipeline MUST be on software 5.0A or better. Software upgrades are available online at ftp://ftp.ascend.com/pub/Software-Releases/Pipeline/ . You must have an account with your ISP that is set up to dynamically assign you an IP address.

Configuration:

1. Under the Configure... menu, enter your case-sensitive username (as provided by your ISP) in the "My Name" field.
2. Under "My Addr" enter a bogus IP address (i.e., an unregistered address on your private network). This address must have three digits in each octet, e.g., 200.200.200.200/24 would work but 200.99.200.200/24 would not. Make sure that the single workstation you are connecting has an IP address on the same network. For example, if your Pipeline has an address of 200.200.200.200/24, then set your workstation to an address of 200.200.200.201 with a subnet mask of 255.255.255.0
3. Under Rem Name, enter the name of your ISP's NAS (this can actually be anything, as long as it's a unique name).
4. Under Rem Addr, we recommend you enter the IP address of your ISP's NAS; however, entering another bogus address that is NOT on your local network will work. You MUST enter something. Leaving the address at 0.0.0.0 will not work. Under Dial #, put in the phone number for your ISP.
5. Set Route=IP.
6. Set Send Auth=PAP or CHAP (whichever authentication method your ISP is using) and enter the case-sensitive password that your ISP has assigned under the Send PW field.
7. Save your changes (ESC, then Exit and Accept).
8. Under Ethernet->Mod Config… set NAT Routing=Yes. Then set NAT Profile to the same name as you entered under Rem Name and you're done. No special configuration is needed on the ISP's equipment -- they just need to assign you an IP address from a pool or with a /32 (255.255.255.255) netmask.

How it works:

When the Pipeline first connects to the NAS, it receives an initial IP address via PPP negotiation. The Pipeline then builds a lookup table that matches the workstation's bogus address with the registered address that the NAS assigns. The Pipeline re-addresses packets destined for your workstation (i.e., destined to the registered address) with the bogus address it actually has. This translation is transparent both to the workstation and to devices on the WAN.

Multiple Workstation Example:

Diagram:

Requirements:

You must satisfy a few additional requirements before using NAT for a LAN of multiple workstations. The setup for the Pipeline is exactly the same as it is for single-workstation NAT. The feature required "single-to-many NAT" is incorporated only in software release 5.0Ai10 and later.

Pipeline Configuration:

Configure the Pipeline exactly as you would for a single-workstation application.

Workstation Configuration:

Each workstation must have a unique IP address on the same logical network as the Pipeline. For example, if the Pipeline has an IP address of 200.200.200.200/24 and you have three workstations on the same Ethernet segment, you could address the workstations as 200.200.200.201/24, .202/24, and .203/24.

NAT Notes:

When NAT Routing=Yes, the Pipeline 50 or 75 is NOT accessible from the WAN (i.e., you cannot telnet into it from the Internet). It is still accessible from the local network (using the private address).

Be aware that, if the ISDN connection drops (e.g., because of an idle time-out), there is no guarantee that upon reconnection you will get the same IP address assigned. For example, if you are using a web browser and the connection drops because you go idle, if you then click on a link, you might get an error message because you now have a different IP address.

Be certain that Ignore Def Rt=Yes (on the Pipeline, under Ethernet->Mod Config->Ether options...) to prevent the NAT default route from being overwritten.

Certain applications, like some UDP-based Internet game and chat client programs, will work unreliably or not at all when using NAT because they report their bogus, private IP address to the server instead of the "correct" dynamically assigned address.

There is a command in debug mode that will tell you the address assigned by the NAS. Enter the command "napt" in debug mode and you will see the address assigned by the NAS.

For more information on additional NAT features such as static port mappings and NAT over Frame Relay, check the release notes for 5.0A incremental releases (available at the link referenced at the beginning of this document).

Configuring Your Pipeline 50, 75, 85, ISDN For Internet Access Using Network Address Translation Latest Software Version To utilize Network Address Translation, it is recomended that the Pipeline be upgraded to the latest version of software. Follow these links for Upgrade Instructions and for the Latest Software Release. Table of Contents Configuring Your ISDN Line Configuring Your Internet Provider Information Pipeline Configuration for workstations with static IP addresses Pipeline Configuration for workstations with dynamic IP addresses Configuring Your Pipeline to Assign DNS Information Configuring Your Computer with Static IP addresses Configuring Your Computer with Dynamic Assigned IP addresses Checking the Ethernet Connection Configuring Your ISDN Line You must first obtain this information from your local ISDN provider: Switch Type (the switch that your ISDN provider's local central office is using) SPIDs Service Profile Identifiers (if any--depends on the Switch Type) Once you obtain this information, enter the following: Main Edit Menu... Configure... Switch Type=(as obtained from your ISDN provider *) Chan Usage=Switch/Switch My Num A=(put in your 1st local 7 digit phone number. Area Code, spaces, periods or hyphens are not necessary.) My Num B=(put in your 2nd local 7 digit phone number. Area Code, spaces, periods or hyphens are not necessary.) SPID 1=(your 1st SPID number assigned to you by your ISDN provider. Do not include any spaces, periods or hyphens) SPID 2=(your 2nd SPID number assigned to you by your ISDN provider. Do not include any spaces, periods or hyphens) Data Usage=(leave at default) This menu item is available in the Pipeline 75 only. Phone 1 Usage=(leave at default) This menu item is available in the Pipeline 75 only. Phone 2 Usage=(leave at default) This menu item is available in the Pipeline 75 only. Phone Num Binding=(leave at default) This menu item is available in the Pipeline 75 only. Ans Voice Call=(leave at default) This menu item is available in the Pipeline 75 only. My Name=(See section "Configuring Your Internet Provider Information") My Addr=(See section "Configuring Your Internet Provider Information") Rem Name=(See section "Configuring Your Internet Provider Information") Rem Addr=(See section "Configuring Your Internet Provider Information") Dial #=(See section "Configuring Your Internet Provider Information") Route=IP Bridge=No Send Auth=(See section "Configuring Your Internet Provider Information") Send PW=(See section "Configuring Your Internet Provider Information") Recv Auth=(See section "Configuring Your Internet Provider Information") Recv PW=(See section "Configuring Your Internet Provider Information") Save=(Don't forget to save your changes!) * Regarding switch types, we support AT&T5ESS or Northern Telecom DMS-100 (or any switch type that can emulate these). Switch Types Here are possible switch type setting descriptions: AT&T/P-T-P=AT&T Point to Point. If your provider didn't give you any SPID numbers, then this should be your switch type setting. AT&T/Multi-P=AT&T Multipoint. Your provider might also call it "AT&T Custom Multipoint". This switch type is typically associated with having one SPID number, although it can have two SPIDs. NTI=Northern Telecom Incorporated. Use this switch type setting if your ISDN provider tells you they are using a Northern Telecom DMS-100 (or mention of DMS Custom). This switch type typically requires two SPIDs. NI-1=National ISDN 1. Most providers are moving towards the National ISDN 1 standard. If your ISDN provider tells you that their only switch type are AT&T5ESS or Northern Telecom DMS 100, ask them if they are running them in National ISDN mode (sometimes it will just say "National" on your paperwork). Both switch types can run in this mode, so make sure you get this information. This switch type typically requires two SPIDs. Don't forget to save your parameters! Once you save your line configurations, your "10-100 Link" status window should show one of the following: "P", "M", or a "D" NOTE: Your "Link" status window is located at the top/middle of your terminal screen. If you don't see this, try [CTRL] L to refresh your screen. You should see Link "P" only if your "switch type" setting is set to AT&T/P-T-P. You should see Link "M" only if you have one SPID given to you from your ISDN provider. You should see Link "D" if you have two SPIDs given to you from your ISDN provider. If you see Link: "X" then you have a physical layer problem. Check your cabling (make sure you're using the correct one--part #2510-0122-001) and model number of your P75 (for example, an "SBRI" model would require using an RJ48C or an RJ45 cable and an external NT1 that you must provide). If you have the "UBRI" model, then any regular standard telephone cable (RJ11) will work. If you still have a problem, it could be that your ISDN line is not turned on, or the P75's WAN port is faulty. Contact us at Ascend technical support if you're not sure. If you see Link: "." (a dot), then you have a logical link problem. This means that your Pipeline and the ISDN provider's central office switch are talking to each other, but not in the same language (they are out of sync). Most likely causes would either be the wrong switch type setting, or the wrong SPIDs. If you've tried all combinations and are still not sure, please refer to the ISDN BRI Troubleshooting Guide, you may also want to refer to Ordering ISDN Service for the Pipeline 75 If you are still experencing problems please contact technical support for additional troubleshooting procedures. Configuring Your Internet Provider Information Before you begin, you want to obtain some information from your Internet Provider (from here on, we will refer to the internet provider as "ISP"). Before you can get access to the internet, an ISP must provide you with these parameters: User Name (also called Login Name) Type of Authorazation (either PAP or CHAP) Password ISP's DNS IP address(s) A phone number to dial Once you obtain this information, enter the information as follows: Start from the: Main Edit Menu... Configure... My Name= (the User or Login Name provided to you by your ISP. Watch out, it's CASE SENSITIVE) My Addr=(in this field you can enter any reserved, vaild IP address. 192.168.100.100/24 is a common reserved IP address. For more information please refer to the white paper on IP Routing 101.) Rem Name=(Your ISP's name or name of their router) Rem Addr=(100.100.100.100/24) Dial #=(phone number to your ISP's router that you will be dialing into) Route=IP Bridge=No Send Auth=(either PAP or CHAP. Your ISP must tell you what to select here) Send PW=(the Password assigned to you) Recv Auth=(leave at default setting) Recv PW=(leave at default setting) Save=(go ahead and save your changes) Then back to: Main Edit Menu... Ethernet... Static Rtes... Default... Name=Default Active=Yes Dest=0.0.0.0/0 Gateway=0.0.0.0/0 Metric=(leave at default setting) Preference=(leave at default setting if you have this option) Private=(leave at default setting) Then back to: Main Edit Menu... Ethernet... NAT... NAT... Routing=Yes Profile=(This should match the connection profile name for your ISP i.e. your Remote Name) FR address=0.0.0.0 Lan=Single IP addr Static Mappings... Def Server=(leave at default setting) Reuse last addr=(leave at default setting) Reuse addr timeout=(leave at default setting) Then back to: Main Edit Menu... Ethernet... Mod Config... Ether options... IP Adrs=192.168.100.100 2nd Adrs=(leave at default setting) RIP=Off RIP2 Use Multicast=(leave at default setting) Ignore Def Rt=(leave at default setting) Proxy Mode=Off Filter=(leave at default setting) IPX Frame=(leave at default setting) IPX Enet#=(leave at default setting) IPX Pool#=(leave at default setting) IPX SAP Filter=(leave at default setting) IPX SAP Proxy=(leave at default setting) IPX SAP Proxy Net#1=(leave at default setting) IPX SAP Proxy Net#2=(leave at default setting) IPX SAP Proxy Net#3=(leave at default setting) Handle IPX Type20=(leave at default setting) Pipeline Configuration for Workstations with Static IP Addresses (Use this option if you are using static IP addresses in you workstations!) (For more information please refer to the white paper on IP Routing 101.) Start from: Main Edit Menu... Ethernet... Mod Config... DHCP Spoofing... DHCP Spoofing=No DHCP PNP Enabled=(leave at default setting) Renewal Time=(leave at default setting) Become Def. Router=(leave at default setting) Dial if Link Down=(leave at default setting) Always Spoof=(leave at default setting) Validate IP=(leave at default setting) Maximum no reply wait=(leave at default setting) IP Group 1=(leave at default setting) Group 1 count=(leave at default setting) IP group 2=(leave at default setting) Group 2 count=(leave at default setting) Host 1 IP=(leave at default setting) Host 1 Enet=(leave at default setting) Host 2 IP=(leave at default setting) Host 2 Enet=(leave at default setting) Host 3 IP=(leave at default setting) Host 3 Enet=(leave at default setting) Pipeline Configuration for Workstations with Dynamic Assigned IP Addresses (Use this option if you want to assign dynamic IP addresses to your workstations!) Start from: Main Edit Menu... Ethernet... Mod Config... DHCP Spoofing... DHCP Spoofing=Yes DHCP PNP Enabled=Yes Renewal Time=10 Become Def. Router=Yes Dial if Link Down=No Always Spoof=Yes Validate IP=No Maximum no reply wait=10 IP Group 1=192.168.100.101 Group 1 count=20 IP group 2=(leave at default setting) Group 2 count=(leave at default setting) Host 1 IP=(leave at default setting) Host 1 Enet=(leave at default setting) Host 2 IP=(leave at default setting) Host 2 Enet=(leave at default setting) Host 3 IP=(leave at default setting) Host 3 Enet=(leave at default setting) Configuring Your Pipeline to Assign DNS Information (When using the Pipeline to assign dynamic IP addresses you can also configure the Pipeline to assign Domain Name Server/DNS information) Start from: Main Edit Menu... Ethernet... Mod Config... DNS... Domain Name=(This is the domain of your ISP) Sec Domain Name=(This would be the secondary domain of your ISP, if they do not have one leave at default setting) Pri DNS=(This is the primary DNS address given to you by your ISP) Sec DNS=(This is the secondary DNS address given to you by your ISP) Allow As Client DNS=Yes List Attempt=(leave at default setting) List Size=(leave at default setting) Client Pri DNS=(leave at default setting) Client Sec DNS=(leave at default setting) Enable Local DNS Table=(leave at default setting) Loc.DNS Tab Auto Update=(leave at default setting) Checking the Ethernet Connection And finally check: Bottom right of your terminal window... (use your [TAB] key to get to...) 00-400 HW Config (of the eight boxes on the right side of your screen, it's the box on the bottom right. You may have to hit [CTRL] L to refresh your screen) Enet I/F: UTP or AUI (The default is AUI. It's auto-sensing. That is, if you plug in an active 10-Base-T connection, you'll see it switch to UTP.) Pinging the Pipeline (After compleating the next step of configuring your workstation you should be able to ping the IP address of the Pipeline.) Note about UTP (10-Base-T) cabling: if you are connecting the P75 directly to a single computer, you must use a cross-over cable. That is, the transmit pairs and the receive pairs must be reversed from one end of the cable to the other (pins 1 & 3 and pins 2 & 6). This cable should come with your P75 already (part # 2510-0084-001). If you are planning on placing a "hub" (also called a "concentrator") between your P75 and your computer(s) (to have multiple workstations), then you will have to use a straight-through UTP cable, which you must supply. Don't forget to save your parameters! Configuring Your Computer with a Static IP Address Here are the parameters you must enter into your TCP/IP software configuration on your computer: IP Address Default Gateway (also referred to as "Default Router" in some TCP/IP software) DNS (Domain Name Service) Your ISP should have provided you with some IP addresses (at least two if you recall). We have assigned one for your P75; the other address(s) is going to be assigned to your computer(s). You will put this address in your "IP Address" setting in your TCP/IP software. Your "mask" or "subnet mask" parameter should be given to you by your ISP (see end of technote for decimal/slash mask conversion table). Your Default Gateway should be the address of your P75. In short, all hosts on the LAN will have different IP addresses with default gateways "pointing" towards the P75. example: P75 IP Address=192.168.100.100/24 Computer's IP Address=192.168.100.101/24 Computer's Default Gateway=192.168.100.100/24 (The IP address of the Pipeline.) And lastly, your DNS settings are the DNS addresses that your ISP has given you. These are the addresses to their DNS servers. Without these settings, you would not be able to surf the net using names such as "www.ascend.com". You would have to know the IP address of a site to get to it! After you enter in your TCP/IP settings, some computers will require that you reboot them. If you're not sure what the case would be for your computer, it would be wise to reboot it to make sure those changes will take effect. From here on, just click on your Netscape icon (or whatever internet browser you're using) and the P75 should dial out on demand to your ISP. Just surf away! Configuring Your Computer for a dynamic IP Address Here are the parameters you must enter into your TCP/IP software configuration on your computer: Select the parameter that directs your computer to obtain an IP address dynamicly from a DHCP server. If you have not configured the Pipeline to assign DNS information, then you will need to enter the DNS information into your TCP/IP configuration software. DECIMAL-->SLASH SUBNET MASK CONVERSION TABLE FOR CLASS C ADDRESSES Decimal MaskSlash Mask 255.255.255.0 = /24 255.255.255.192 = /26 255.255.255.224 = /27 255.255.255.240 = /28 255.255.255.248 = /29 255.255.255.252 = /30 example: If your IP address is: 192.168.100.100 and your subnet mask assigned to you is: 255.255.255.0 then you would enter into the P75's IP address parameter: 192.168.100.100/24 SPIDs A Service Profile Identifier (SPID) is a number that identifies ISDN equipment attached to your ISDN line. Depending on the type of ISDN service you have, there are one, two, or no SPIDs. When you order ISDN service, the ISDN provider should give you the necessary SPID or SPIDs, which you then use when configuring your Pipeline. NOTE: You normally don't need to know about SPIDs; you simply enter the numbers when configuring the Pipeline. If, however, the ISDN provider does not provide the necessary SPIDs or provides SPIDs that are incorrect, the information in the following sections can help you explain to the ISDN provider what you need. About SPID Formats A SPID is normally derived from a telephone number for the ISDN BRI line. It may or may not include the Area Code, and it may have a special prefix and/or suffix. The SPID formats used by most telephone companies are described in the following sections. Generic SPIDs for NI-1 and NI-2 Service A generic SPID format for National ISDN-1 (NI-1) and National ISDN-2 (NI-2) service is used by some telephone companies. The format for these generic SPIDs, which is the same for all switches, is as follows: AAANNNNNNNSSTT AAA is the 3-digit Area Code and NNNNNNN is the 7-digit telephone number for the ISDN BRI line. SS is the Sharing Terminal Identifier (ID), which a two-digit number from 01 to 32. These two digits are normally 01. TT is a 2-digit code Terminal ID (TID), which is a two-digit number from 01 to 08. These two digits are normally 01. For example, if the ISDN provider assigns the telephone numbers 510-769-6001 and 510-769-6002 to the ISDN BRI line, and the IDs and TIDs for both SPIDs are all 01, the SPIDs are 51076960010101 and 51076960020101. SPIDs For An AT&T 5ESS Switch For National ISDN-1 (NI-1) service from an AT&T 5ESS switch, SPIDs are normally in this format: 01NNNNNNN0TT NNNNNNN is a 7-digit telephone number (not including the area code) of the ISDN BRI line. TT is a 2-digit Terminal ID code (TID) from 00 to 62. If you have a choice, use 00 for this code. For example, if the ISDN provider assigns the telephone numbers 769-6001 and 769-6002 to the ISDN BRI line, and 00 is the TID for both numbers, the SPIDs are 017696001000 and 017696002000. For AT&T Custom Multipoint service, SPIDs are normally in this format: 01NNNNNNN0 NNNNNNN is a 7-digit telephone number (not including the area code) of the ISDN BRI line. For example, if the ISDN provider assigns the telephone numbers 769-6001 and 769-6002 to the ISDN BRI line, the SPIDs are 0176960010 and 0176960020. There are no SPIDs for AT&T Custom Point-to-Point service. SPIDs For A Northern Telecom DMS-100 Switch For National ISDN-1 (NI-1) service from a Northern Telecom DMS-100 switch, SPIDs are normally in this format: AAANNNNNNNSSTT AAA is the 3-digit Area Code and nnnnnn is the 7-digit telephone number for the ISDN BRI line. SS is an optional SPID suffix. If present, it is either one digit or two digits. If it is one digit, it must be one of these values: -- 0, 1, or 2 A different digit is normally used for each of the two SPIDs for the ISDN line. If it is two digits, it must be one of the following two-digit pairs: -- 00, 01, or 02 A different pair is normally used for each of the two SPIDs for the ISDN line. TT is a 2-digit code from 00 to 62. If you have a choice, use 00 for this code. For example, if the ISDN provider assigns the telephone numbers 769-6001 and 769-6002 to the ISDN BRI line, 01 and 02 are the SPID suffixes, and 00 is the two-digit code for both SPIDs, the SPIDs are 51076960010100 and 51076960020200. For DMS-100 Custom service from a Northern Telecom DMS-100 switch, SPIDs are normally in this format: AAANNNNNNNSS AAA is the 3-digit Area Code and NNNNNNN is the 7-digit telephone number of the ISDN line. SS is an optional SPID suffix. If present, it is either one digit or two digits. If it is one digit, it must be one of these values: -- 0, 1, or 2 A different digit is normally used for each of the two SPIDs for the ISDN line. If it is two digits, it must be one of the following two-digit pairs: -- 00, 01, or 02 A different pair is normally used for each of the two SPIDs for the ISDN line. For example, if the ISDN provider assigns the telephone numbers 510-769-6001 and 510-769-6002 to the ISDN BRI line, and 00 and 01 are the SPID suffixes, the SPIDs are 510769600100 and 510769600201.

About Ascend | Products | Service & Support | Seminars & Training | Careers | Library Home | Log In | Find | Contact Us

Copyright ©1997 Ascend Communications, Inc. All rights reserved.