ARRIS SVG2500 SURFboard Voice Gateway User Manual SURFboard Wireless Voice Gateway

ARRIS Group, Inc. SURFboard Voice Gateway SURFboard Wireless Voice Gateway

UserManual.wiki >

SVG2500 User Manual >

Contents

Manual Part 3

This document is uncontrolled pending incorporation in PDM 1 OVERVIEW 15 Security The SVG2500 provides the following: • A firewall to protect the SVG2500 LAN from undesired attacks over the Internet • For wireless transmissions, data encryption and network access control Network Address Translation (NAT) provides some security because the IP addresses of SVG2500 LAN computers are not visible on the Internet. This diagram does not necessarily correspond to the network cabling. A full discussion of network security is beyond the scope of this document. Figure 1-6 — SVG2500 Security Measures

This document is uncontrolled pending incorporation in PDM 1 OVERVIEW 16 Firewall The SVG2500 firewall protects the SVG2500 LAN from undesired attacks and other intrusions from the Internet. It provides an advanced, integrated stateful-inspection firewall supporting intrusion detection, session tracking, and denial-of-service attack prevention. The firewall: • Maintains state data for every TCP/IP session on the OSI network and transport layers • Monitors all incoming and outgoing packets, applies the firewall policy to each one, and screens for improper packets and intrusion attempts • Provides comprehensive logging for all: • User authentications • Rejected internal and external connection requests • Session creation and termination • Outside attacks (intrusion detection) You can configure the firewall filters to set rules for port usage. For information about choosing a predefined firewall policy template, see Section 7, SVG2500 Firewall Pages. DMZ A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SVG2500 LAN and the Internet. A DMZ prevents direct access by outside users to private data. For example, you can set up a web server on a DMZ computer to enable outside users to access your website without exposing confidential data on your network. A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more information, see Gaming Configuration Guidelines. Port Triggering When you run an application that accesses the Internet, it typically initiates communications with a computer on the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications with your computer. Because NAT does not normally allow these incoming connections: • The SVG2500 has preconfigured port triggers for common applications. • If needed, you can configure additional port triggers on the Advanced Port Triggers Page.

This document is uncontrolled pending incorporation in PDM 1 OVERVIEW 17 Wireless Security Because WLAN data is transmitted using radio signals, it may be possible for an unauthorized person to access your WLAN unless you prevent them from doing so. To prevent unauthorized eavesdropping of data transmitted over your LAN, you must enable wireless security. The default SVG2500 settings neither provide security for transmitted data nor protect network data from unauthorized intrusions. The SVG2500 provides the following wireless security measures, which are described in Section 9, SVG2500 Wireless Pages. To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using one of the following: • If all of your wireless clients support Wi-Fi® Protected Access (WPA) encryption, Motorola recommends using WPA. Otherwise, configure a Wired Equivalency Privacy (WEP) key on the SVG2500 and each WLAN client. • To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or both of: • Known MAC addresses • The same unique network name (SSID) as the SVG2500 Restricting access to computers having the same network name is also called “disabling SSID broadcasting” or “enabling closed network operation.” Port Forwarding The SVG2500 opens logical data ports when a computer on its LAN sends data, such as e-mail messages or web data, to the Internet. A logical data port is different from a physical port, such as an Ethernet port. Data from a protocol must go through certain data ports. Some applications, such as games and videoconferencing, require multiple data ports. If you enable NAT, this can cause problems because NAT assumes that data sent through one port will return to the same port. You may need to configure port forwarding to run applications with special requirements. To configure port forwarding, you must specify an inbound (source) port or range of ports. The inbound port opens only when data is sent to the inbound port and closes again after a specified time elapses with no data sent to it. You can configure up to 32 port forwarding entries using the Advanced Port Forwarding Page. Virtual Private Networks The SVG2500 supports multiple tunnel VPN pass-through operation to securely connect remote computers over the Internet. The SVG2500: • Is compatible with Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) • Is fully interoperable with any IPSec client or gateway and ANX certified IPSec stacks

This document is uncontrolled pending incorporation in PDM 19 2 INSTALLATION The following topics provide information about installing the SVG2500 hardware: • Before You Begin • Precautions • Signing Up for Service • Computer System Requirements • Installing the Battery • Connecting the SVG2500 to the Cable System • Cabling the LAN • Installing USB Drivers • Connecting a PC to the SVG2500 USB Port • Obtaining an IP Address for Ethernet • Configuring TCP/IP • Installing the Telephone for VoIP • Wall Mounting Your SVG2500 For information about WLAN setup, see Setting Up Your Wireless LAN. Before You Begin Before you begin the installation, check that the following items were included with your Motorola SVG2500 Gateway: Item Description Power cord Connects the SVG2500 to a power adapter that connects to an AC electrical outlet Telephone cable (RJ-11) Connects to a telephone outlet Ethernet cable Connects to the Ethernet port USB cable Connects to the USB port SVG2500 Installation CD-ROM Contains this user guide and USB drivers SVG2500 Quick Installation Guide Contains basic information for getting started with the SVG2500

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 20 You must have the latest service packs and patches installed on your computer for your operating system. You will need 75-ohm coaxial cable with F-type connectors to connect the SVG2500 to the nearest cable outlet. If a TV is connected to the cable outlet, you may need a 5 to 900 MHz RF splitter and two additional coaxial cables to use both the TV and the SVG2500. Determine the connection types you will make to the SVG2500. Check that you have the required cables, adapters, and adapter software. You may need: Wireless LAN Wireless adapter and driver software for each computer having a wireless connection. Wired Ethernet Ethernet cables and network interface cards (NICs) with accompanying installation software LAN To connect more than four computers to the SVG2500, one or more Ethernet hubs or switches USB A USB cable and the SVG2500 Installation CD-ROM containing the software for USB installation Coaxial cable, RF splitters, hubs, and switches are available at consumer electronic stores. Precautions Postpone SVG2500 installation until there is no risk of thunderstorm or lightning activity in the area. To avoid potential shock, always unplug the power cord from the wall outlet or other power source before disconnecting it from the SVG2500 rear panel. To prevent overheating the SVG2500, do not block the ventilation holes on the sides of the unit. Do not open the unit. Refer all service to your Internet Service provider. Wipe the unit with a clean, dry cloth. Never use cleaning fluid or similar chemicals. Do not spray cleaners directly on the unit or use forced air to remove dust.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 21 Signing Up for Service You must sign up with an Internet Service provider to access the Internet and other online services. To activate your service, call your local Internet Service provider. You need to provide the MAC address marked HFC MAC ID printed on the Bottom Label on the SVG2500. You can record it in the SVG2500 Quick Installation Guide. You should ask your Internet Service provider the following questions: • Do you have any special system requirements? • When can I begin to use my SVG2500? • Are there any files I need to download after connecting the SVG2500? • Do I need a user name or password to access the Internet or use e-mail? Computer System Requirements You can connect Microsoft Windows, Macintosh, UNIX®, or Linux® computers to the SVG2500 LAN using one of the following: • Ethernet — 10Base-T or 10/100Base-T Ethernet adapter with proper driver software installed. • Wireless — Any IEEE 802.11g or IEEE 802.11b device. This includes any Wi-Fi certified wireless device, such as a cellular telephone equipped with this feature. In addition, your computer must meet the following requirements: • PC with Pentium class or better processor • Windows® 2000, Windows® XP, Windows VistaTM, Macintosh, or Linux® operating system with operating system CD-ROM available • Minimum 16 MB RAM recommended • 10 MB available hard disk space You can use any web browser such as Microsoft® Internet Explorer, Netscape Navigator®, or Mozilla® Firefox® with the SVG2500. The following operating systems are not supported by the SVG2500. Microsoft support for these products has ended: • Windows® 95 • Windows® 98 • Windows® 98 SE • Windows® Me • Windows NT® Note: UNIX, Linux, or Macintosh computers only use the Ethernet connection.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 22 You can use the USB connection with any PC running Windows 2000, Windows XP, or Windows Vista that has a USB interface. The USB connection requires special USB driver software that is supplied on the SVG2500 Installation CD-ROM. You can upgrade your USB drivers from the Motorola Downloads page: http://broadband.motorola.com/consumers/support/default.asp Installing the Battery Before you begin the installation, you must first install the battery in your SVG2500. Please read Safety Requirements for the SVG2500 Lithium-Ion Battery before proceeding. 1. Place the SVG2500 on a soft surface to access the bottom of the unit. 2. Pull up on the battery cover tab. 3. Align the key pins in the SVG2500 with the key slots on the battery for proper contact.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 23 4. The battery connectors should mate with the connectors on the SVG2500. Make sure the pull-tab is accessible and does not prevent the battery cover from closing properly. 5. Reinstall the battery cover with the alignment tabs seated downward. It may take up to 12 hours for the battery to reach full charge when: • It is installed for the first time. • It is replaced. • It is fully discharged. Battery back-up times may vary based on many factors, including the battery age, charging state, storing conditions, and operating temperature, as well as by factors such as data activity and length of active telephone calls.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 24 Connecting the SVG2500 to the Cable System Before starting, be sure the computer is turned on and the SVG2500 is unplugged. 1. Connect one end of the coaxial cable to the cable outlet or splitter. 2. Connect the other end of the coaxial cable to the cable connector on the SVG2500. Hand-tighten the connectors to avoid damaging them. 3. Plug the power cord into the power connector on the SVG2500. 4. Plug the power cord into the electrical outlet. This turns the SVG2500 on. You do not need to unplug it when not in use. The first time you plug in the SVG2500, allow it 5 to 30 minutes to find and lock on the appropriate communications channels. 5. Check that the lights on the front panel cycle through this sequence: POWER Turns on when AC power is connected to the SVG2500. Indicates that the power is connected properly. ONLINE Flashes during SVG2500 registration and configuration. Changes to solid green when the SVG2500 is registered. DS Flashes while scanning for the downstream receive channel. Changes to solid green when the receive channel is locked. US Flashes while scanning for the upstream send channel. Changes to solid green when the send channel is locked.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 25 Cabling the LAN After connecting to the cable system, you can connect your wired Ethernet LAN. Some samples are shown in Wired Ethernet LAN. On each networked computer, you must install proper drivers for the Ethernet adapter. Detailed information about network cabling is beyond the scope of this document. Installing USB Drivers This section describes installing the USB driver on a PC connected to the USB port on the SVG2500. Before connecting the PC to the SVG2500 USB port, perform one of the following procedures applicable to the Windows version you are running: • Installing the Windows 2000 USB Driver • Installing the Windows XP USB Driver • Installing the Windows Vista USB Driver The SVG2500 USB driver does not support Macintosh or UNIX computers. For those systems, you can connect through Ethernet only. Caution! Be sure the SVG2500 Installation CD-ROM is inserted in the CD-ROM drive before you plug in the USB cable. If you have a problem installing the USB driver, remove it by performing one of the following procedures applicable to the Windows version you are running: • Removing the Windows 2000 USB Driver • Removing the Windows XP USB Driver When done, run the Motorola USB Driver Removal Utility.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 26 Installing the Windows 2000 USB Driver 1. Insert the SVG2500 Installation CD-ROM in the CD-ROM drive. This CD contains the USB drivers and must be inserted and read by the PC before you connect the SVG2500 to the PC. 2. Connect the USB cable as shown in USB Connection. A few seconds after you complete the USB connection, the Found New Hardware window is displayed. 3. Click Next to display the Install Hardware Device Drivers window. 4. Be sure Search for a suitable driver for my device is selected. Motorola SURFboard SVG USB Gaeway

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 27 5. Click Next to display the Locate Driver Files window. 6. Checkmark CD-ROM drives only. 7. Click Next to display the Driver Files Search Results window. 8. Click Next to display the Digital Signature Not Found window. Motorola USB SVG Modem

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 28 9. Click Yes to continue the installation. The Found New Hardware Wizard window is displayed. 10. Click Finish to complete the installation. When you finish setting up the USB driver, you can continue with Configuring TCP/IP. If you have any difficulties setting up the USB driver, perform Removing the USB Driver in Windows 2000 and repeat the setup procedure. Installing the Windows XP USB Driver 1. Insert the SVG2500 Installation CD-ROM in the CD-ROM drive. This CD contains the USB drivers and must be inserted and read by the PC before you connect the SVG2500 to the PC. 2. Connect the USB cable as shown in USB Connection. A few seconds after you complete the USB connection, the Found New Hardware Wizard window is displayed. 3. Be sure Install the software automatically is selected. Motorola USB SVG Modem

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 29 4. Click Next to display the Hardware Installation window. 5. Click Continue Anyway. Windows automatically searches for the correct USB drivers and installs them. If the installation is successful, the Found New Hardware Wizard window is displayed: Although your SVG model number may be different than in the images in this guide, the procedure is the same. 6. Click Finish to complete the installation. Otherwise, be sure the SVG2500 Installation CD-ROM is correctly seated in the CD-ROM drive. When you finish setting up the USB driver, you can continue with Configuring TCP/IP. Motorola USB SVG Modem Motorola USB SVG Modem

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 30 Installing the Windows Vista USB Driver 1. Be sure the USB cable is connected to both the computer and the SVG2500 gateway. If not, connect it as described in Connecting a PC to the USB Port. A few seconds after you complete the USB connection, the Found New Hardware window is displayed. 2. Click Locate and install driver software. The Vista permissions pop up appears. 3. Click Continue to proceed. The Found New Hardware window is displayed.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 31 4. Insert the SVG2500 Installation CD containing the USB drivers in the CD-ROM drive. This CD must be inserted and read by the PC before you connect the SVG2500 to the PC. Windows automatically searches the CD for driver software. The Windows Security window is displayed. 5. Click Install this driver software anyway. The Found New Hardware window is displayed. 6. Click Close. The SVG2500 USB interface is now installed and ready for operation. When you finish installing the USB driver, you can continue with Configuring TCP/IP. Motorola USB SVG Modem

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 32 Connecting a PC to the SVG2500 USB Port You can connect a single PC running Windows 2000, Windows XP, or Windows Vista to the SVG2500 USB port. Caution! Before plugging in the USB cable, be sure the SVG2500 Installation CD-ROM is inserted in the PC CD-ROM drive. To connect a PC to the SVG2500 USB port: 1. Insert the SVG2500 Installation CD-ROM in the CD-ROM drive to install the USB driver. See Installing USB Drivers for the applicable procedure for the Windows version you are running. 2. Connect the USB cable to the USB port on the back of the SVG2500. 3. Connect the other end of the USB cable to the USB port on the computer. Obtaining an IP Address for an Ethernet Connection You can use either of the following two options to obtain the IP address for the network interface on your computer: • Retrieve the statically defined IP address and DNS address • Automatically retrieve the IP address using the Network DHCP server The Motorola SVG2500 gateway provides a DHCP server on its LAN. It is recommended that you configure your LAN to obtain the IPs for the LAN and DNS server automatically.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 33 Windows 2000 or Windows XP To retrieve the IP and DNS addresses, do the following on each Ethernet client computer running Windows 2000 or Windows XP: 1. From the Windows Desktop, select Control Panel to display the Control Panel window. 2. Select Network Connections to display the Network Connections window. 3. Right-click the Ethernet connection icon and select Properties to display the Local Area Connection Properties window: 4. Under the General tab, select (or highlight) Internet Protocol (TCP/IP) and then click Properties button. The Internet Protocol (TCP/IP) Properties window is displayed:

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 34 5. Select the Obtain an IP address automatically radio button. 6. Select the Obtain DNS server address automatically radio button. 7. Click OK twice to save the IP settings. 8. Exit the Control Panel. To automatically retrieve the IP Address, do the following on each Ethernet client computer running Windows 2000 or Windows XP: 1. From the Windows Desktop, click Start to display the Windows Start menu. 2. Select Run to display the Run window. 3. Type cmd in the Open entry box and then click OK to display a command prompt window. 4. Type ipconfig /renew and press Enter to obtain your computer’s IP address from the DHCP server on the Motorola SVG2500. 5. Type exit and press Enter to return to Windows. Windows Vista To retrieve the IP and DNS addresses, do the following on each Ethernet client computer running Windows Vista: 1. From the Windows Desktop, select Control Panel to display the Control Panel Home window. 2. Click Network and Internet to display the Network and Internet window. 3. Click Network and Sharing Center to display the Network and Sharing Center window. 4. Click Manage network connections to display the LAN or High-speed Internet connections window. 5. Right-click the network connection icon and select Properties from the drop-down menu to display the Local Area Connection Properties window. Note: If more than one network connection is displayed, Be sure to select your network interface connection. Windows Vista may prompt you to allow access to the Network Properties Options. If you see the message User Account Control - Windows needs your permission to continue, select Continue. 6. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties to display the Internet Protocol Version 4 (TCP/IPv4) Properties window. 7. Select the Obtain an IP address automatically radio button. 8. Select the Obtain DNS server address automatically radio button. 9. Click OK twice to close both network properties windows. 10. Click at the top right corner of each network window to close it. 11. Click to exit the Control Panel and save the IP settings.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 35 Linux To retrieve the IP Address, do the following on each client computer running Linux: 1. Type su at the system prompt to log in as super-user. 2. Type ifconfig to display the network devices and allocated IP addresses. 3. Type pump -i <dev>. where <dev> is the network device name 4. Type ifconfig again to view the new allocated IP address. 5. Check to make sure no firewall is active on the device <dev>. Macintosh or UNIX Follow the instructions in the applicable user documentation. Configuring TCP/IP Make sure all client computers are configured for TCP/IP which is a protocol for communication between computers. Perform one of the following for the operating system you are running: • Configuring TCP/IP in Windows 2000 • Configuring TCP/IP in Windows XP • Configuring TCP/IP in Windows Vista • For Macintosh or UNIX systems, follow the instructions in the applicable Macintosh or UNIX user documentation. After configuring TCP/IP on your computer, you must verify the IP address. Perform one of the following: • Verifying the IP Address in Windows 2000 or Windows XP • Verifying the IP Address in Windows Vista • For Macintosh or UNIX systems, follow the instructions in the applicable Macintosh or UNIX user documentation.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 36 Configuring TCP/IP in Windows 2000 1. Select Control Panel from either the Windows Start menu or Windows Desktop to display the Control Panel window. 2. Double-click Network and Dial-up Connections to display the Network and Dial-up Connections window. In the steps that follow, a connection number such as 1, 2, or 3 represents PCs with multiple network interfaces. PCs having only one network interface may be represented as “Local Area Connection.” 3. Double-click Local Area Connection number to display the Local Area Connection number Status window. The value of number varies from system to system.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 37 4. Click Properties to display the Local Area Connection number Properties window. Information similar to the following displays. 5. If Internet Protocol (TCP/IP) is in the list of components, TCP/IP is installed. You can skip to step 8. 6. If Internet Protocol (TCP/IP) is not in the list of components, click Install. The Select Network Component Type window displays: 7. Click Protocol and then click Add. The Select Network Protocol window displays:

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 38 8. Click Internet Protocol (TCP/IP) and then click OK. The Local Area Connection number Properties window redisplays. 9. Click Internet Protocol (TCP/IP) and then click Properties to display the Internet Protocol (TCP/IP) Properties window: 10. Be sure Obtain an IP address automatically and Obtain DNS server address automatically are selected. 11. Click OK to save the TCP/IP settings and exit the TCP/IP Properties window. 12. Click OK to exit the Local Area Connection Properties window. 13. Click OK when prompted to restart the computer and click OK again. 14. When you complete the TCP/IP configuration, go to Verifying the IP Address in Windows 2000 or Windows XP.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 39 Configuring TCP/IP in Windows XP 1. On the Windows desktop, click Start to display the Start window: 2. Click Control Panel to display the Control Panel window. The display varies, depending on the Windows XP view options. If the display is a Category view as shown below, continue with step 3. Otherwise, skip to step 5. 3. Click Network and Internet Connections to display the Network and Internet Connections window:

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 40 4. Click Network Connections to display the LAN or High-Speed connections. You can skip to step 7. 5. If a Classic view similar to the screenshot below displays, double-click Network Connections to display LAN or High-Speed Internet connections: 6. Right-click the network connection. If more than one connection is displayed, be sure to select the one for your network interface: 7. Select Properties from the drop-down menu to display the Local Area Connection Properties window:

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 41 8. Select Internet Protocol (TCP/IP) and click Properties to display the Internet Protocol (TCP/IP) Properties window: 9. Make sure Obtain an IP address automatically and Obtain DNS server address automatically are selected. 10. Click OK to save the TCP/IP settings and exit the TCP/IP Properties window. 11. Click OK to exit the Local Area Connection Properties window. When you complete the TCP/IP configuration, go to Verifying the IP Address in Windows 2000 or Windows XP. Configuring TCP/IP in Windows Vista 1. On the Windows desktop, click Start to display the Start window.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 42 2. Click Control Panel to display the Control Panel Home window. 3. Double-click Network and Internet to display the Network and Internet window: 4. Double-click Network and Sharing Center to display the Network and Sharing Center window:

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 43 5. Click Manage network connections to display LAN or High-Speed Internet connections. 6. Right-click the network connection and select Properties to display the Local Area Connection Properties window. 7. If more than one connection is displayed, make sure to select the one for your network interface. Vista may prompt you to allow access to the Network Properties Options. If you see the prompt, User Account Control -- Windows needs your permission to continue, click Continue.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 44 8. Select Internet Protocol Version4 (TCP/IPv4) and click Properties to display the Internet Protocol Version4 (TCP/IPv4) Properties window. 9. Make sure Obtain an IP address automatically and Obtain DNS server address automatically are selected. 10. Click OK to save the TCP/IP settings and close the Internet Protocol Version4 (TCP/IPv4) Properties window. 11. Click OK to close the Local Area Connection Properties window. 12. Click to close the Network Connections window. 13. Click twice to exit the Network and Sharing Center window and the Control Panel. When you complete the TCP/IP configuration, go to Verifying the IP Address in Windows Vista. Verifying the IP Address in Windows 2000 or Windows XP Do the following to check the IP address: 1. On the Windows Desktop, click Start. 2. Select Run. The Run window is displayed. 3. Type cmd and click OK to display a command prompt window.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 45 4. Type ipconfig and press ENTER to display the IP configuration information. A display similar to the following indicates a normal configuration. 5. If, as in the following window, an Autoconfiguration IP Address is displayed, there is an incorrect connection between the PC and the SVG2500, or there are broadband network problems: 6. After verifying the broadband connections, renew the IP address. Do the following to renew the IP address: 1. At the command prompt, type ipconfig /renew and press Enter. If a valid IP address is displayed as shown, Internet access should be available. 2. Type exit and press ENTER to return to Windows. 3. If after performing this procedure the computer cannot access the Internet, call your Internet Service provider for help.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 46 Verifying the IP Address in Windows Vista Do the following to verify the IP address: 1. On the Windows Vista desktop, click Start to display the Start Menu. 2. Click All Programs. 3. Click Accessories.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 47 4. Click Run to display the Run window. 5. Type cmd and click OK to open a command prompt window. 6. Type ipconfig and press ENTER to display the IP Configuration. A display similar to the following indicates a normal configuration. 7. If, as in the following window, an Autoconfiguration IP Address is displayed, there is an incorrect connection between the PC and the SVG2500, or there are broadband network problems.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 48 Do the following to renew the IP address: 1. At the command prompt, type ipconfig /renew and press Enter. If a valid IP address is displayed as shown, Internet access should be available. 2. Type exit and press Enter to return to Windows. If after performing this procedure the computer cannot access the Internet, call your Internet Service provider for help. Installing the Telephone for VoIP Your SVG2500 allows you to use your cable Internet connection for VoIP telephone service. You must contact a VoIP service provider for this feature to work with the SVG2500. You can connect up to two standard telephone lines using your SVG2500. Caution! To reduce the risk of fire, use only No. 26 or larger UL Listed or CSA Certified Telecommunication Line Cord or national equivalent to connect a telephone line to your SVG2500. Contact your service provider before connecting your Motorola SVG2500 to your existing telephone wiring. Do not connect the telephone wire to a traditional telephone (PSTN) service. Be sure the phone connectors are neither connected together nor connected to wall jacks on the same network. Use only a standard telephone. In many businesses, digital phones that connect to a private branch exchange (PBX) do not operate with the SVG2500.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 49 Connect your telephone by plugging a phone wire into the TEL 1/2 connector as shown in the illustration below. You can also connect a second telephone line to the TEL 2 connector. A two-line telephone may be connected to TEL 1/2. Wall Mounting Your SVG2500 If you mount your SVG2500 on the wall, you must: • Locate the unit as specified by the local or national codes governing residential or business cable TV and communications services. • Follow all local standards for installing a network interface unit/network interface device (NIU/NID). If possible, mount the unit to concrete, masonry, a wooden stud, or some other very solid wall material. Use anchors if necessary (for example, if you must mount the unit on drywall). Do the following to mount your SVG2500 on the wall: 1. See Wall Mounting Template to print a copy of the template. 2. Click the Print icon or choose Print from the File menu to display the Print dialog box.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 50 The following image is from Adobe Acrobat Reader® version 7.0 running on Windows 2000; there may be slight differences in your version. To print the template only, select Current page as the Print Range. Be sure you print the template at 100% scale. Be sure No Scaling is selected for Scale to paper size. 3. Click OK to print the template. 4. Measure the printed template with a ruler to ensure that it is the correct size. 5. Use a center punch to mark the center of the holes. 6. On the wall, locate the marks for the mounting holes. 7. Drill the holes to a depth of at least 1 1/2 inches (3.8 cm). Caution! Before drilling holes, check the structure for potential damage to water, gas, or electric lines. If necessary, seat an anchor in each hole. Use M3.5 x 38 mm (#6 x 11/2 inch) screws with a flat underside and maximum screw head diameter of 7.0 mm to mount the SVG2500.

This document is uncontrolled pending incorporation in PDM 2 INSTALLATION 51 8. Using a screwdriver, turn each screw until part of it protrudes from the wall, as shown in the following illustration. There must be .09 inches (2.3 mm) between the wall and the underside of the screw head. 9. Place the SVG2500 so the keyholes on the back of the unit are aligned above the mounting screws. Be sure you do not damage the antennas. 10. Slide the SVG2500 down until it stops against the top of the keyhole opening. Wall Mounting Template You can print this page to use as a wall mounting template. Be sure you print it at 100% scale. In Acrobat Reader, be sure that Fit To Page is not selected in the Print dialog box. Measure the printed template with a ruler to ensure that it is the correct size. Revised drawing under construction.

This document is uncontrolled pending incorporation in PDM 53 3 BASIC CONFIGURATION The following topics provide information about basic SVG2500 configuration: • Starting the SVG2500 Configuration Manager (CMGR) • SVG2500 Menu Options Bar • Changing the SVG2500 Default Password • Getting Help • Gaming Configuration Guidelines • Exiting the SVG2500 Configuration Manager For more advanced configuration information, see Configuring TCP/IP, Setting Up Your Wireless LAN, or Installing USB Drivers. For normal operation, you do not need to change most default settings. The following caution statements summarize the issues you must be aware of: Caution! To prevent unauthorized configuration, change the default password immediately when you first configure the SVG2500. See Changing the SVG2500 Default Password. Firewalls are not foolproof. Choose the most secure firewall policy you can. See Section 7, SVG2500 Firewall Pages. If you are using a wired LAN only and have no wireless clients, be sure you disable the wireless interface. See Wireless 802.11b/g Basic Page to disable. Starting the SVG2500 Configuration Manager (CMGR) 1. Open the web browser on a computer connected to the SVG2500 over an Ethernet or USB connection. Note: Do not attempt to configure the SVG2500 over a wireless connection. 2. In the Address or Location field of your browser, type http://192.168.0.1 and press Enter to display the Login page. 3. Type admin in the Username field (this field is case-sensitive). 4. Type motorola in the Password field (this field is case-sensitive).

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 54 5. Click Login to display the SVG2500 Status Connection page. The Status Connection page provides the following status information on the network connection of the SVG2500: • RF Downstream Channel, which uses lower cable frequencies to transmit data • RF Upstream Channel, which uses higher cable frequencies to receive data • IP lease information, which includes the current cable modem IP address (CM IP address), the duration of both leases, and the expiration time of both leases • Current system time from the DOCSIS timeserver Click the Refresh button in your web browser any time you want to refresh the information on this page. If you have any problems starting the SVG2500 Configuration Manager (CMGR), see Troubleshooting for information.

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 55 SVG2500 Menu Options Bar The SVG2500 Menu Options bar is displayed along the top of the SVG2500 Configuration Manager window. When a menu option is selected, a top-level page for that option is displayed. Menu Option Pages Function Status Provides information about the SVG2500 hardware and software, MAC address, cable modem IP address, serial number, and related information. You can also monitor your cable system connection. Additional pages provide diagnostic tools and allow you to change your SVG2500 user name and password. Basic Views and configures SVG2500 IP-related configuration data, including Network Configuration, WAN Connection Type, DHCP, and DDNS. The Backup option allows you to save your SVG2500 configuration on your PC. Advanced Configures and monitors how the SVG2500 routes IP traffic Firewall Configures and monitors the SVG2500 firewall Parental Control Configures and monitors the SVG2500 parental control feature Wireless Configures and monitors SVG2500 wireless networking features VPN Configures and monitors SVG2500 operation with a VPN MTA Monitors the telephone features of your SVG2500 Battery Monitors the backup battery in your SVG2500 Logout Exits the SVG2500 Configuration Manager Caution! To prevent unauthorized configuration, immediately change the default password when you first configure your Motorola SVG2500.

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 56 SVG2500 Submenu Options Additional features for each menu option are displayed by clicking a Submenu Option in the left-panel of each page. The Status options are shown below. When selected, the submenu option will be highlighted in yellow. Changing the SVG2500 Default Password Do the following to change the default password: 1. On the SVG2500 Status page, click the Security submenu option from the Status Options list in the left panel to display the Status Security page. 2. In the Password Change Username field, type your new User Name. The default password is “motorola” (this field is case sensitive). 3. In the New Password field, type the new password (this field is case sensitive). 4. In the Re-Enter New Password field, type the new password again (this field is case sensitive). 5. In the Current Username Password field, type your old password. 6. Click Apply to save your changes.

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 57 Restore Factory Defaults To reset the user name and password back to the original factory settings: 1. Select Yes and then click Apply. 2. You must login with the default user name, ‘admin,’ and password, ‘motorola,’ after applying this change. All entries are case-sensitive. Getting Help To retrieve help information for any menu option, click help on that page. As an example, the Firewall help page is shown below: You can use the Windows scroll bar to view additional items on the help screens.

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 58 Gaming Configuration Guidelines The following provides information about configuring the SVG2500 firewall and DMZ for gaming. Configuring the Firewall for Gaming By default, the SVG2500 firewall is disabled. If, as recommended, you enable the firewall, refer to the game’s documentation to ensure that the necessary ports are open for use by that game. The pre-defined SVG2500 firewall policies affect Xbox LIVE® as follows: On the Firewall Web Content Filter Page, you may need to disable Firewall Protection and IP Flood Detection. Configuring Port Triggers Because the SVG2500 has pre-defined port triggers for games using any of the following applications, no user action is required to enable them: • DirectX 7 and DirectX 8 • MSN Games by Zone.com • Battle.net® For a list of games supported by Battle.net, visit http://www.battle.net. You may need to create custom port triggers to enable other games to operate properly. To create custom port triggers, use the Advanced Configuring Port Triggers Page. Configuring a Gaming DMZ Host Caution! The gaming DMZ host is not protected by the firewall. It is open to communication or hacking from any computer on the Internet. Consider carefully before configuring a device to be in the DMZ. Some games and game devices require one of: • The use of random ports • The forwarding of unsolicited traffic For example, to connect a PlayStation®2 for PS2® online gaming, designate it as the gaming DMZ host because the ports required vary from game to game. For these games, Motorola recommends configuring the gaming computer or device as a gaming DMZ device. To configure a gaming DMZ device, on the Basic DHCP Page: 1. Reserve a private IP address for the computer or game device MAC address. 2. Designate the device as a DMZ device.

This document is uncontrolled pending incorporation in PDM 3 BASIC CONFIGURATION 59 You can reserve IP addresses for multiple devices, but only one can be designated as the gaming DMZ at once. Exiting the SVG2500 Configuration Manager To logoff and close the SVG2500 Configuration Manager: • Click Logout on the SVG2500 Menu Options bar

This document is uncontrolled pending incorporation in PDM 61 4 SVG2500 STATUS PAGES The SVG2500 Status pages provide information about the SVG2500 hardware and software, MAC address, cable modem IP address, serial number, and related information. You can also monitor your cable system connection. Additional pages provide diagnostic tools and allow you to change your SVG2500 user name and password. You can click any Status submenu option to view or change the status information for that option. Status Software Page This page displays information about the hardware version, software version, MAC address, cable modem IP address, serial number, system "up" time, and network registration status.

This document is uncontrolled pending incorporation in PDM 4 SVG2500 STATUS PAGES 62 Status Connection Page This page provides the HFC and IP network connectivity status of the SVG2500 cable modem. The Connection page also displays IP lease information, including the current IP address of the cable modem, the duration of both leases, the expiration time of both leases, and the current system time from the DOCSIS timeserver. You can click the Refresh button in your web browser to refresh the information on this page at any time. Field Description Startup Procedure Startup status information about the cable modem. Downstream Channel Status information about the RF downstream channels including downstream channel frequency and downstream signal power and modulation. Upstream Channel Status information about the RF upstream channels including upstream channel ID and upstream signal power and modulation. CM IP Address Current IP address of the cable modem, the duration and expiration time of both IP leases, and the current system time from the DOCSIS timeserver.

This document is uncontrolled pending incorporation in PDM 4 SVG2500 STATUS PAGES 63 Status Security Page This page allows you to define administrator access privileges by changing your SVG2500 user name and password. It also allows you to reset your user name and password to the default setting. Changing the SVG2500 Default Password 1. In the Password Change Username field, type your new User Name. The default password is “motorola” (this field is case sensitive). 2. In the New Password field, type the new password (this field is case sensitive). 3. In the Re-Enter New Password field, type the new password again (this field is case sensitive). 4. In the Current Username Password field, type your old password. 5. Select Yes if you want to reset the user name and password to the original factory settings. 6. Click Apply to update the user name password. Note: You must login with the default user name, admin, and password, motorola, after applying the restore factory settings change.

This document is uncontrolled pending incorporation in PDM 4 SVG2500 STATUS PAGES 64 Status Diagnostics Page This page provides the following diagnostic tools for troubleshooting your IP connectivity problems: • Ping (LAN) • Traceroute (WAN) Ping Utility Ping (Packet InterNet Groper) allows you to check connectivity between the SVG2500 and other devices on the SVG2500 LAN. This utility sends a small packet of data and then waits for a reply. When you Ping a computer IP address and receive a reply, it confirms that the computer is connected to the SVG2500. Testing Network Connectivity with the SVG2500 Perform the following steps to check connectivity between the SVG2500 and other devices on the SVG2500 LAN: 1. Select Ping from the Select Utility drop-down list. 3. Enter the IP address of the computer you want to Ping in the Target field. 4. Enter the data packet size in bytes in the Ping Size field. 5. Enter the number of ping attempts in the No. of Pings field. 6. Enter the time between Ping send operations in milliseconds in the Ping Interval field. 7. Click Start Test to begin the Ping operation. The Ping results will display in the Results pane. You can click Abort Test at any time during the test to stop the Ping operation. 8. Repeat steps 2 through 6 for each device you want to ping. When done, click Clear Results to delete the Ping results in the Results pane.

This document is uncontrolled pending incorporation in PDM 4 SVG2500 STATUS PAGES 65 Traceroute Utility Traceroute allows you to map the network path from the SVG2500 Configuration Manager to a public host. Selecting Traceroute from the Select Utility drop-down list will present alternate controls for the Traceroute utility. Field Description Target IP address or Name Enter the IP address or Host Name of the computer you want to target for the Traceroute operation. Max Hops Enter the maximum number of hops that the Traceroute operation performs before stopping. Data Size Enter the data packet size in bytes. Base Port Sets the base UDP port number used by Traceroute. The default is 33434. If a UDP port is not available, this field can be used to specify an unused port range. Resolve Host Select On to list the names of hosts found during the Traceroute operation. Select Off to list only the hosts IP addresses. After entering the Traceroute parameters, click Start Test to begin the Traceroute operation. The Traceroute results will display in the Results pane. When done, click Clear Results to delete the Traceroute results in the Results pane.

This document is uncontrolled pending incorporation in PDM 4 SVG2500 STATUS PAGES 66 Status Event Log Page This page lists the critical system events in chronological order. A sample Event log is shown below: Field Description Time Indicates the date and time the error occurred Priority Indicates the level of importance of the error Description A brief definition of the error

This document is uncontrolled pending incorporation in PDM 67 5 SVG2500 BASIC PAGES The SVG2500 Basic Pages allow you to view and configure SVG2500 IP-related configuration data, including Network Configuration, WAN Connection Type, DHCP, and DDNS. The Backup option allows you to save a copy of your SVG2500 configuration on your PC. You can click any Basic submenu option to view or change the configuration information for that option. Basic Setup Page This page allows you to configure the basic features of your SVG2500 gateway related to your ISP connection. Field Description NAPT mode NAPT is a special case of NAT, where many IP numbers are hidden behind a number of addresses. But in contrast to the original NAT, this does not mean there can be only that number of connections at a time. In NAPT mode, an almost arbitrary number of connections is multiplexed using TCP port information. The number of simultaneous connections is limited by the number of addresses multiplied by the number of available TCP ports.

This document is uncontrolled pending incorporation in PDM 5 SVG2500 BASIC PAGES 68 Field Description LAN IP Address Enter the IP address of the SVG2500 on your private LAN. MAC Address Media Access Control address — a set of 12 hexadecimal digits assigned during manufacturing that uniquely identifies the hardware address of the SVG2500 Access Point. WAN IP Address The public WAN IP address of your SVG2500 device, which is either dynamically or statically assigned by your ISP. MAC Address Media Access Control address — a set of 12 hexadecimal digits assigned during manufacturing that uniquely identifies the hardware address of the SVG2500 Access Point. Duration Describes how long before your Internet connection expires. The WAN lease will automatically renew itself when it expires. Expires Displays the exact time and date the WAN lease expires. Release WAN Lease Click to release WAN lease. Renew WAN Lease Click to renew WAN lease. WAN Connection Type DHCP or Static IP If your ISP uses DHCP, select DHCP and enter a Host Name and Domain name, if required. If your ISP uses static IP addressing, select Static IP and enter the information provided by your ISP for Static IP Address, Static IP Mask, Default Gateway, Primary DNS, and Secondary DNS. Host Name If the WAN Connection Type is DHCP, enter a Host Name if required by your ISP. Domain Name If the WAN Connection Type is DHCP, enter a Domain Name if required by your ISP. MTU Size Maximum Transmission Unit (MTU) is the largest size packet or frame that can be sent. The default value is suitable for most users. Spoofed MAC Address If the WAN Connection Type is Static IP, enter the information provided by your ISP for Static IP Address, Static IP Mask, Default Gateway, Primary DNS, and Secondary DNS. When done, click Apply to save your changes.

This document is uncontrolled pending incorporation in PDM 5 SVG2500 BASIC PAGES 69 Basic DHCP Page This page allows you to configure and view the status of the optional internal SVG2500 DHCP (Dynamic Host Configuration Protocol) server for the LAN. Caution! Do not modify these settings unless you are an experienced network administrator with strong knowledge of IP addressing, subnetting, and DHCP. Field Description DHCP Server Select Yes to enable the SVG2500 DHCP Server. Select No to disable the SVG2500 DHCP Server. Starting Local Address Enter the starting IP address to be assigned by the SVG2500 DHCP server to clients in dotted-decimal format. The default is 192.168.0.2. Number of CPEs Sets the number of clients for the SVG2500 DHCP server to assign a private IP address. There are 245 possible client addresses. The default is 245. Lease Time Sets the time in seconds that the SVG2500 DHCP server leases an IP address to a client. The default is 3600 seconds (60 minutes). DHCP Clients Lists DHCP client device information. When done, click Apply to save your changes. To renew a DHCP client IP address, choose Select and then click Force Available.

This document is uncontrolled pending incorporation in PDM 5 SVG2500 BASIC PAGES 70 Basic DDNS Page This page allows you to set up the Dynamic Domain Name System (DDNS) service. The DDNS service allows you to assign a static Internet domain name to a dynamic IP address, which allows your SVG2500 to be more easily accessed from various locations on the Internet. Field Description DDNS Service Select Disable or wwwDynDNS.org to enable the DDNS Service. User Name Enter your DynDNS user name. Password Enter your DynDNS Password. Host Name Enter your DDNS Host Name. IP Address Lists IP information. Status Displays the DDNS service status: enabled or disabled When done, click Apply to save your changes. Basic Backup Page This page allows you to save your current SVG2500 configuration settings locally on your computer or restore previously saved configurations. Field Description Restore Lets you restore a previously saved configuration. Backup Lets you create a backup copy of the current configuration. Restoring Your SVG2500 Configuration 1. Type the path with the file name where the backup file is located on your computer, or click Browse to locate the file. 2. Click Restore to recreate your previously saved SVG2500 settings.

This document is uncontrolled pending incorporation in PDM 5 SVG2500 BASIC PAGES 71 Backing Up Your SVG2500 Configuration 1. Type the path with the file name where you want to store your backup file on your computer, or click Browse to locate the file. 2. Click Backup to create a backup of your SVG2500 settings.

This document is uncontrolled pending incorporation in PDM 73 6 SVG2500 ADVANCED PAGES The SVG2500 Advanced Pages allow you to configure the advanced features of the SVG2500, including IP Filtering, MAC Filtering, Port Filtering, Port Forwarding, Port Triggers, DMZ Host, and RIP Setup. You can click any Advanced submenu option to view or change the advanced configuration information for that option. Advanced Options Page This page allows you to set the operating modes for adjusting how the SVG2500 device routes IP traffic. Field Description WAN Blocking Prevents the SVG2500 Configuration Manager or the PCs behind it from being visible to other computers on the SVG2500 WAN. Checkmark Enable to turn on this option or uncheck to disable it. Ipsec PassThrough Enables the IpSec Pass-Through protocol to be used through the SVG2500 Configuration Manager so that a VPN device (or software) may communicate properly with the WAN. Checkmark Enable to turn on this option or uncheck to disable it. PPTP PassThrough Enables the Point-to-Point Tunneling Protocol (PPTP) Pass-Through protocol to be used through the SVG2500 Configuration Manager so that a VPN device (or software) may communicate properly with the WAN. Checkmark Enable to turn on this option or uncheck to disable it.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 74 Field Description Remote Configuration Management Allows remote access to the SVG2500 Configuration Manager. This enables you to configure the SVG2500 WAN by accessing the WAN IP address at Port 8080 of the configuration manager from anywhere on the Internet. For example, in the browser URL window, type http://WanIPAddress:8080/ to access the SVG2500 Configuration Manager remotely. Checkmark Enable to turn on this option or uncheck to disable it. Multicast Enable Allows multicast-specific traffic (denoted by a multicast specific address) to be passed to and from the PCs on the private network behind the configuration manager. Checkmark Enable to turn on this option or uncheck to disable it. UPnP Enable Turns on the Universal Plug and Play protocol (UPnP) agent in the configuration manager. If you are running a CPE (client) application that requires UPnP, select this box. Checkmark Enable to turn on this option or uncheck to disable it. When done, click Apply to save your changes.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 75 Advanced IP Filtering Page This page allows you to define which local PCs will be denied access to the SVG2500 WAN. You can configure IP address filters to block Internet traffic to specific network devices on the LAN by entering starting and ending IP address ranges. Note that you only need to enter the LSB (Least-significant byte) of the IP address; the upper bytes of the IP address are set automatically from the SVG2500 Configuration Manager’s IP address. The Enabled option allows you to store filter settings commonly used but not have them active. Field Description Start Address Enter the starting IP address range of the computers for which you want to deny access to the SVG2500 WAN. Be sure to only enter the least significant byte of the IP address. End Address Enter the ending IP address range of the computers you want to deny access to the SVG2500 WAN. Be sure to only enter the least significant byte of the IP address. Enabled Activates the IP address filter, when selected. Checkmark Enabled for each range of IP addresses you want to deny access to the SVG2500 WAN. When done, click Apply to activate and save your settings.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 76 Advanced MAC Filtering Page This page allows you to define Media Access Control (MAC) address filters to prevent PCs from sending outgoing TCP/UDP traffic to the WAN via their MAC addresses. This is useful because the MAC address of a specific NIC card never changes, unlike its IP address, which can be assigned via the DHCP server or hard-coded to various addresses over time. Field Description MAC nn Media Access Control address — a unique set of 12 hexadecimal digits assigned to a PC during manufacturing Setting a MAC Address Filter 1. Enter the MAC address in the MAC nn field for each PC you want to block. 2. When done, click Apply.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 77 Advanced Port Filtering Page This page allows you to define port filters to prevent all devices from sending outgoing TCP/UDP traffic to the WAN on specific IP port numbers. By specifying a starting and ending port range, you can determine what TCP/UDP traffic is allowed out to the WAN on a per-port basis. Note: The specified port ranges are blocked for ALL PCs, and this setting is not IP address or MAC address specific. For example, if you wanted to block all PCs on the private LAN from accessing HTTP sites (or "web surfing"), you would set the "Start Port" to 80, "End Port" to 80, "Protocol" to TCP, checkmark Enabled, and then click Apply. Field Description Start Port Enter the starting port number. End Port Enter the ending port number. Protocol Select TCP, UDP, or Both Enabled Checkmark for each port that you want to activate the IP port filters.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 78 Advanced Port Forwarding Page This page allows you to run a publicly accessible server on the LAN by specifying the mapping of TCP/UDP ports to a local PC. This enables incoming requests on specific port numbers to reach web servers, FTP servers, mail servers, etc. so that they can be accessible from the public Internet. A table of commonly used Port numbers is also displayed on the page for your convenience. To map a port, you must enter the range of port numbers that should be forwarded locally and the IP address to which traffic to those ports should be sent. If only a single port specification is desired, enter the same port number in the "start" and "end" locations for that IP address. The ports used by some common applications are: • FTP: 20, 21 • HTTP: 80 • NTP: 123 • Secure Shell: 22 • SMTP e-mail: 25 • Telnet: 23

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 79 Advanced Port Triggers Page This page allows you to configure dynamic triggers to specific devices on the LAN. This allows for special applications that require specific port numbers with bi-directional traffic to function properly. Applications such as video conferencing, voice, gaming, and some messaging program features may require these special settings. The Advanced Port Triggers are similar to Port Forwarding except that they are not static ports held open all the time. When the Configuration Manager detects outgoing data on a specific IP port number set in the "Trigger Range," the resulting ports set in the "Target Range" are opened for incoming (sometimes referred to as bi-directional ports) data. If no outgoing traffic is detected on the "Trigger Range" ports for 10 minutes, the "Target Range" ports will close. This is a safer method for opening specific ports for special applications (e.g. video conferencing programs, interactive gaming, file transfer in chat programs, etc.) because they are dynamically triggered and not held open constantly or erroneously left open via the router administrator and exposed for potential hackers to discover. Field Description Trigger Range Start Port The starting port number of the Port Trigger range. End Port The ending port number of the Port Trigger range. Target Range Start Port The starting port number of the Port Trigger range. End Port The ending port number of the Port Trigger range. Protocol Choice of TCP or UDP, or Both Enable Select checkbox to activate the IP port triggers.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 80 Advanced DMZ Host Page This page allows you to specify the "default" recipient of WAN traffic that NAT is unable to translate to a known local PC. The DMZ (De-militarized Zone) hosting (also commonly referred to as "Exposed Host") can also be described as a computer or small sub-network that sits between the trusted internal private LAN and the untrusted public Internet. You may configure one PC to be the DMZ host. This setting is generally used for PCs using "problem" applications that use random port numbers and do not function correctly with specific port triggers or the port forwarding setups mentioned earlier. If a specific PC is set as a DMZ Host, remember to set this back to "0" when you are finished with the needed application, since this PC will be effectively exposed to the public Internet, though still protected from Denial of Service (DoS) attacks via the Firewall. Setting Up the DMZ Host 1. Enter the computer’s IP address. 2. Click Apply to activate the selected computer as the DMZ host.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 81 Advanced Routing Information Protocol Setup Page This page allows you to configure Routing Information Protocol (RIP) parameters related to authentication, destination IP address/subnet mask, and reporting intervals. RIP automatically identifies and uses the best known and quickest route to any given destination address. To help reduce network congestion and delays, the Advanced RIP setup is used in WAN networks to identify and use the best known and quickest route to given destination addresses. RIP is a protocol that requires negotiation from both sides of the network (i.e., CMRG and CMTS). The ISP would normally set this up to match their CMTS settings with the configuration in the CMRG. Note: RIP messaging will only be sent upstream when running in Static IP Addressing mode on the Basic - Setup page. You must enable Static IP Addressing and then set the WAN IP network information! RIP is normally a function that is tightly controlled via the ISP. RIP Authentication Keys and IDs are normally held as secret information from the end user to prevent unauthorized RIP settings. Field Description RIP Enable Enables or disables the RIP protocol. This protocol helps the router dynamically adapt to the changes in the network. RIP is now considered obsolete since newer routing protocols, such as OSPF and ISIS, have been introduced. RIP Authentication If this field is enabled, a plain text password or a shared key authentication is added to the RIP packet in order for the CPE and the wireless router to authenticate each other. RIP Authentication Key Used to encrypt the plain text password that is enclosed in each RIP packet. If you are using the shared key authentication in RIP, you will need to provide a key. RIP Authentication Key ID An unsigned 8-bit field in the RIP packet. This field identifies the key used to create the authentication data for the RIP packet, and it also indicates the authentication algorithm.

This document is uncontrolled pending incorporation in PDM 6 SVG2500 ADVANCED PAGES 82 Field Description RIP Reporting Interval Determines how long before a RIP packet is sent out to the CPE. RIP Destination IP Address Location where the RIP packet is sent to update the routing table in your CPE. RIP Destination IP Subnet Mask Specifies which CPE you want to receive the RIP packet.

This document is uncontrolled pending incorporation in PDM 83 7 SVG2500 FIREWALL PAGES The SVG2500 Firewall Pages allow you to configure the SVG2500 firewall filters and firewall alert notifications. You can click any Firewall submenu option to view or change the firewall configuration information for that option. For information about how the firewall can affect gaming, see Gaming Configuration Guidelines. The predefined policies provide outbound Internet access for computers on the SVG2500 LAN. The SVG2500 firewall uses stateful inspection to allow inbound responses when there already is an outbound session running corresponding to the data flow. For example, if you use a web browser, outbound HTTP connections are permitted on port 80. Inbound responses from the Internet are allowed because an outbound session is established. When required, you can configure the SVG2500 firewall to allow inbound packets without first establishing an outbound session. You also need to configure a port forwarding entry on the Advanced Port Forwarding Page or a DMZ client on the Advanced DMZ Host Page.

This document is uncontrolled pending incorporation in PDM 7 SVG2500 FIREWALL PAGES 84 Firewall Web Content Filter Page This page allows you to configure the firewall by enabling or disabling various Web filters related to blocking or exclusively allowing different types of data through the Configuration Manager from the WAN to the LAN. Java Applets, Cookies, ActiveX controls, popup windows, and Proxies can be blocked from this page. Firewall Protection turns on the Stateful Packet Inspection (SPI) firewall features. Block Fragmented IP packets prevent all fragmented IP packets from passing through the firewall. Port Scan Detection detects and blocks port scan activity originating on both the LAN and WAN. IP Flood Detection detects and blocks packet floods originating on both the LAN and WAN. Checkmark Enable for each Web filter you want to set for the firewall, and then click Apply. The Web filters will activate without having to reboot the SVG2500 Configuration Manager. Note: If you deselect all the Web filters, you will disable the firewall. This is not recommended.

This document is uncontrolled pending incorporation in PDM 7 SVG2500 FIREWALL PAGES 85 Firewall Local Log Page This page allows you to set up how to send notification of the firewall event log in either of the following formats: • Individual e-mail alerts sent out automatically each time the firewall is under attack • Local log is stored within the modem and displayed in table form on the Local Log page Field Description Contact Email Address Your email address SMTP Server Name Name of the e-mail (Simple Mail Transfer Protocol) server. The firewall page needs your email server name to send a firewall log to your email address. You can obtain the SMTP server name from your Internet service provider. Email Alerts Enable or disable emailing firewall alerts.

This document is uncontrolled pending incorporation in PDM 7 SVG2500 FIREWALL PAGES 86 Firewall Remote Log Page This page allows you to send firewall attack reports out to a standard SysLog server so many instances can be logged over a long period of time. You can select individual attack or configuration items to send to the SysLog server so that only the items of interest will be monitored. You can log permitted connections, blocked connections, known Internet attack types, and CMRG configuration events. The SysLog server must be on the same network as the Private LAN behind the Configuration Manager (typically 192.168.0.x). To activate the SysLog monitoring feature, check all desired event types to monitor and enter the last byte of the IP address of the SysLog server. Normally, the IP address of this SysLog server would be hard-coded so that the address does not change and always agrees with the entry on this page. Field Description Permitted Connections Check for the server to e-mail you logs of who is connecting to your network. Blocked Connections Check for the server to e-mail you logs of who is blocked from connecting to your network. Known Internet Attacks Check for the server to e-mail you logs of known Internet attacks against your network. Product Configuration Events Check for the server to e-mail you logs of the basic product configuration events logs. To SysLog server at 192.168.0. Enter the last digits from 10 to 254 of your SysLog server’s IP address. When done, click Apply.

This document is uncontrolled pending incorporation in PDM 87 8 SVG2500 PARENTAL CONTROL PAGES The SVG2500 Parental Control Pages allow you to configure access restrictions to a specific device connected to the SVG2500 LAN. You can click any Parental Control submenu option to view or change the configuration information for that option. Parental Control User Setup Page This page is the master page. Each user is linked to a specified time access rule, content filtering rule, and login password to get to the filtered content. You may also specify a user as a "trusted user," which means that person will have access to all Internet content regardless of the filters that you define. You can use the Trusted User checkbox as a simple override to grant a user full access, while storing all of the filtering settings for easy availability. You can also enable Internet session duration timers, which set a limited amount of time for Internet access from the rules you select. The user must enter their password only the first time to access the Internet. It is not necessary to enter the password each time a new web page is accessed. In addition, there is a password inactivity timer. If there is no Internet access for the specified time in minutes, the user must login again. These timed logins ensure that a specific user uses the Internet gateway appropriately.

This document is uncontrolled pending incorporation in PDM 8 SVG2500 PARENTAL CONTROL PAGES 88 Field Description Add User Adds a user to set the parental controls for a specific user. User Settings Select the user for whom you want to modify their access restrictions. Checkmark Enable to select the user. Click Remove User to delete the user from Parental Controls. Password Enter a user password to log onto the Internet. Re-Enter Password Enter the password again for confirmation. Trusted User The selected user will have full access to Internet content, thus overriding any set filters. Checkmark Enable to override set filters without having to turn off filter settings. Content Rule Used to specify which websites a selected user is allowed to access. Check White List Access Only and choose a user from the drop-down list. Time Access Rule You can choose a rule that restricts when a selected user can use the Internet. Session Duration You can set the amount of time a selected user can use the Internet. Inactivity time You can set the amount of inactivity time before the Internet automatically closes for a selected user. Trusted Computers You can enter a selected user’s CPE MAC address so that CPE can access the Internet without being censored by the Parental Control. When done entering the MAC address, click Add. When done, click Apply to activate and save any changes you made.

This document is uncontrolled pending incorporation in PDM 8 SVG2500 PARENTAL CONTROL PAGES 89 Parental Control Basic Setup Page This page allows you to set rules to block certain kinds of Internet content and certain Web sites. After you have changed your Parental Control settings, click the appropriate Apply, Add, or Remove button. Click Refresh in your web browser window to view your current settings.

This document is uncontrolled pending incorporation in PDM 8 SVG2500 PARENTAL CONTROL PAGES 90 Parental Control ToD Access Policy Page This page allows you to block all Internet traffic to and from specified devices on your SVG2500 network based on the day and time settings you specify. You can set policies to block Internet traffic for the entire day or just certain time periods within each day for specific users. You can add up to 30 eight-character categories (filter names) with different day and time settings. You enter a name for each time filter in the Add New Policy field. Any time filter for Internet access can be enabled or disabled at any time. The time filters for limited Internet access are applied for each user in the Time Access Rule field on the Parental Control User Setup Page. Once each category change has been made, the user must click Apply at the bottom of the page to store and activate the settings. These same category names for blocking profiles show up in the Parental Control section on the User Setup page in the "Time Access Rules" section. On that page, each user can be assigned up to four of these categories simultaneously.

This document is uncontrolled pending incorporation in PDM 8 SVG2500 PARENTAL CONTROL PAGES 91 Parental Control Event Log Page This page displays a report of the Parental Control event log. The event log is a running list of the last 30 Parental Control access violations that include the following items on Internet traffic: • If the user's Internet access is blocked (time filter) • If a blocked keyword is detected in the URL • If a blocked domain is detected in the URL • If the online lookup service detects that the URL falls under a blocked category

This document is uncontrolled pending incorporation in PDM 93 9 SVG2500 WIRELESS PAGES The SVG2500 Wireless Pages allow you to configure your wireless LAN (WLAN). You can click any Wireless submenu option to view or change the configuration information for that option. WPA encryption provides higher security than WEP encryption, but older wireless client cards may not support the newer WPA encryption methods. Setting Up Your Wireless LAN You can use the SVG2500 as an access point for a wireless LAN (WLAN) without changing its default settings. Caution! To prevent unauthorized eavesdropping or access to WLAN data, you must enable wireless security. The default SVG2500 settings provide no wireless security. After your WLAN is operational, be sure to enable wireless security. To enable security for your WLAN, you can do the following on the SVG2500: To Perform Use in SVG2500 Configuration Mgr Encrypt wireless transmissions and restrict WLAN access Encrypting Wireless LAN Transmissions Wireless 802.11b/g Privacy Page Further prevent unauthorized WLAN intrusions Restricting Wireless LAN Access Wireless 802.11b/g Access Control Page Caution! Never provide your SSID, WPA or WEP passphrase, or WEP key to anyone who is not authorized to use your WLAN. Connect at least one computer to the SVG2500 Ethernet or USB port to perform configuration. Do not attempt to configure the SVG2500 over a wireless connection. You need to configure each wireless client (station) to access the SVG2500 LAN as described in Configuring the Wireless Clients. Another step to improve wireless security is to place wireless components away from windows. This decreases the signal strength outside the intended area.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 94 Encrypting Wireless LAN Transmissions To prevent unauthorized viewing of data transmitted over your WLAN, you must encrypt your wireless transmissions. Use the Wireless 802.11b/g Privacy Page to encrypt your transmitted data. Choose one of: Configure on the SVG2500 Required on Each Wireless Client If all of your wireless clients support Wi-Fi Protected Access (WPA), Motorola recommends configuring WPA on the SVG2500 If you use a local pre-shared key (WPA-PSK) passphrase, you must configure the identical passphrase to the SVG2500 on each wireless client. Home and small-office settings typically use a local passphrase. Otherwise, configure WEP on the SVG2500 You must configure the identical WEP key to the SVG2500 on each wireless client. If all of your wireless clients support WPA encryption, Motorola recommends using WPA instead of WEP because WPA: • Provides much stronger encryption and is more secure • Provides authentication to ensure that only authorized users can log in to your WLAN • Is much easier to configure • Uses a standard algorithm on all compliant products to generate a key from a textual passphrase • Will be incorporated into the new IEEE 802.11i wireless networking standard For new wireless LANs, Motorola recommends purchasing client adapters that support WPA encryption.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 95 Wireless 802.11b/g Basic Page This page allows you to configure the Access Point parameters including the SSID and channel number. Creating a SecureEasySetup™ (SES) network ensures strong security for preventing unauthorized wireless network access. However, traditional wireless network installation can be a complicated and time-consuming task, requiring the user to possess the technical know-how to manually enter several settings (such as network name, and encryption key or WPA pass phrase) on each Wi-Fi device. Motorola SecureEasySetup technology dramatically simplifies installation by automating the processes of configuring new wireless networks and adding devices to existing networks. SecureEasySetup establishes a private connection between the devices and automatically configures the network's Service Set Identifier (SSID) and WPA-Personal security settings. It configures a new network only on each new device that is authorized to join the network. Field Description Wireless MAC Address Shows the MAC address of the installed wireless card. It is not configurable. Network Name (SSID) Sets the Network Name (also known as SSID) of the wireless network. This is a 1-32 ASCII character string.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 96 Field Description Network Type Selecting Closed prevents the network name from appearing in a wireless client’s "Available Wireless Networks" list. Only clients who already know the network name will be able to connect. Closed disables the SSID broadcast in beacon packets. Selecting Open allows broadcasting to the SSID in beacon packets. Country Restricts the channel set based on the country's regulatory requirements. This is a display-only field. Channel Selects the channel for access point (AP) operation. The list of available channels depends on the designated country. For this field, the channel selected on the wireless clients on your WLAN must be the same as the one selected on the SVG2500. Interface Allows the access point to be Enabled or Disabled. Create SES Network This action button generates a new SecureEasySetup network, applies the configuration to the wireless interface, and stores the settings to non-volatile memory. It enables WPA-PSK authentication and generates a unique Network Name (SSID) and random, 16-character Pre-Shared Key (PSK). The pop-up window shown informs the user a SecureEasySetup network has been successfully created. Open SES Window This action button opens a 2-minute security window that allows a SecureEasySetup client to connect. Only 1 SecureEasySetup client may connect during an Open Window period. If you have more than 1 client to connect to your SecureEasySetup, you must open the window multiple times. When the SecureEasySetup window is open, the pop-up window below indicates the CMRG is waiting for a SecureEasySetup client.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 97 Wireless 802.11b/g Privacy Page This page allows you to configure the WEP keys and/or passphrase.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 98 Field Description WPA WPA2 Enables or disables Wi-Fi Protected Access (WPA) encryption. WPA-PSK WPA2-PSK Enables or disables a local pre-shared key (WPA-PSK) passphrase. WPA/WPA2 Encryption When using WPA or WPA-PSK authentication, these WPA encryption modes can be set: TKIP, AES, or TKIP + AES. AES (Advanced Encryption Standard) provides the strongest encryption, while TKIP (Temporal Key Integrity Protocol) provides strong encryption with improved compatibility. The TKIP + AES mode allows both TKIP and AES-capable clients to connect. WPA Pre-Shared Key Sets the WPA Pre-Shared Key (PSK). This is an 8-63 ASCII character string, or a 64-digit hex number. Enabled when the Network Authentication method is WPA-PSK. RADIUS Server Sets the RADIUS server IP address to use for client authentication using the dotted-decimal format (xxx.xxx.xxx.xxx). RADIUS Port Sets the UDP port number of the RADIUS server. The default is 1812. RADIUS Key Sets the shared secret for the RADIUS connection. The key is a 0 to 255 character ASCII string. Group Key Rotation Interval Sets the WPA Group Rekey Interval in seconds. Set to zero to disable periodic rekeying. WPA/WPA2 Re-auth Interval WPA and WPA2 are two security features in WiFi technology. This field, re-authentication interval, is the amount of time the wireless router can wait before re-establishing authentication with the CPE. WEP Encryption Enables or disables Wired Equivalent Privacy encryption. Shared Key Authentication The WEP protocol uses Shared Key Authentication, which is an Authentication protocol where the CPE sends an authentication request to the access point. Then the access point sends a challenge text to the CPE. The CPE uses either the 64-bit or 128-bit key to encrypt the challenge text, and sends the encrypted text to the access point. The access point will decrypt the encrypted text and then compare the decrypted message with the original challenge text. If they are the same the access point it will let the CPE connect; if it doesn’t match then the access point does not let the CPE connect. 802.1x Authentication This is another type of authentication and is used on top of WEP. 802.1x Authentication is a much stronger type of authentication than WEP.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 99 Field Description Network Key 1-4 Sets the static WEP keys when WEP encryption is enabled. Enter 5 ASCII characters or 10 hexadecimal digits for a 64-bit key. Enter 13 ASCII characters or 26 hexadecimal digits for a 128-bit key. When both WPA encryption and WEP encryption are enabled, only keys 2 and 3 are available for WEP encryption. Current Network Key When WEP encryption is enabled, selects the encryption (transmit) key. PassPhrase Sets the text to use for WEP key generation. WPS Config Allows the WiFi Protected Setup to be enabled or disabled. Button Mode Allows the type of setup for the Wireless Security: • SES — Secure Easy Setup • WPS — WiFi Protected Setup Device Name Name of the WPS device STA PIN The station PIN method where it is entered as the "representant" of the Network that follows the WPS protocol architecture. WPS Method There are two types of methods used for the WiFi Protected Setup: PIN and Push Button WPS Status Shows what the status of the WiFi Protected Setup.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 100 Wireless 802.11b/g Access Control Page This page allows you to configure the Access Control to the AP as well as status on the connected clients. Field Description MAC Restrict Mode Selects whether wireless clients with the specified MAC address are allowed or denied wireless access. Select Disabled to allow all clients. MAC Address A list of wireless client MAC addresses to allow or deny based on the Restrict Mode setting. Valid input MAC address formats are XX:XX:XX:XX:XX:XX and XX-XX-XX-XX-XX-XX. Connected Clients A list of connected wireless clients. When a client connects (associates) to the network, it is added to the list; when a client leaves (disassociates) from the network, it is removed from the list. For each client, the age (in seconds), estimated average receive signal strength (in dBm), IP address, and host name are presented. The age is the amount of time elapsed since data was transmitted to or received from the client.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 101 Wireless 802.11b/g Advanced Page This page allows you to configure data rates and WiFi thresholds. Field Description 54g™ Mode Sets these network modes: 54g Auto 54g Performance 54g LRS 802.11b only 54g Auto accepts 54g, 802.11g, and 802.11b clients, but optimizes performance based on the type of connected clients. 54g Performance accepts only 54g clients and provides the highest throughout; nearby 802.11b networks may have degraded performance. 54g LRS interoperates with the widest variety of 54g, 802.11g, and 802.11b clients. 80211b. accepts only 802.11b clients. Basic Rate Set Determines which rates are advertised as "basic" rates. Default uses the driver defaults. All sets all available rates as basic rates. 54g™ Protection In Auto mode, the AP will use RTS/CTS protection to improve 802.11g performance in mixed 802.11g + 802.11b networks. Turn protection off to maximize 802.11g throughput under most conditions. XPress™ Technology This is a performance-enhancing Wi-Fi technology designed for increasing throughput and efficiency. It is used when there are mixed wireless networks in the surrounding area from 802.11a/b/g networks. Afterburner™ Technology This is also a performance-enhancing Wi-Fi technology that enhances the existing 802.11g standard by increasing throughput by 40 percent. Rate Forces the transmission rate for the AP to a particular speed.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 102 Field Description Auto will provide the best performance in nearly all situations. Output Power Sets the output power as a percentage of the hardware's maximum capability. Beacon Interval Sets the beacon interval for the AP. The default is 100, which is fine for nearly all applications. DTIM Interval Sets the wakeup interval for clients in power save mode. When a client is running in power save mode, lower SVG2500N-2.1.1.0-LAB-00-SH.bin values provide higher performance but result in decreased client battery life, while higher values provide lower performance but result in increased client battery life. Fragmentation Threshold Sets the fragmentation threshold. Packets exceeding this threshold will be fragmented into packets no larger than the threshold before packet transmission. RTS Threshold Sets the RTS threshold. Packets exceeding this threshold will cause the AP to perform an RTS/CTS exchange to reserve the wireless medium before packet transmission. Wireless Bridging Page This page allows you to configure the WDS features. Field Description Wireless Bridging Enables or disables wireless bridging. Remote Bridges Table of remote bridge MAC addresses authorized to establish a wireless bridge. Up to four remote bridges may be connected. Typically, you will also have to enter your AP's MAC address on the remote bridge.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 103 Wireless 802.11b/g Wi-Fi Multimedia Page This page allows you to configure the Wi-Fi Multimedia Quality of Service (QoS). Field Description WMM Support Sets WMM support to Auto, On, or Off. If enabled (Auto or On), the WME Information Element is included in beacon frame. No-Acknowledgement Sets No-Acknowledgement support to On or Off. When enabled, acknowledgments for data are not transmitted. Power Save Support Sets Power Save support to On or Off. When Power Save is enabled, the AP queues packets for STAs that are in power-save mode. Queued packets are transmitted when the STA notifies AP that it has left power-save mode.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 104 Field Description EDCA AP Parameters Specifies the transmit parameters for traffic transmitted from the AP to the STA in four Access Categories: • Best Effort (AC_BE) • Background (AC_BK) • Video (AC_VI) • Voice (AC_VO) Transmit parameters include Contention Window (CWmin and CWmax), Arbitration Inter Frame Spacing Number (AIFSN), and Transmit Opportunity Limit (TXOP Limit). There are also two AP-specific settings: Admission Control and Discard Oldest First. Admission control specifies if admission control is enforced for the Access Categories. Discard Oldest First specifies the discard policy for the queues. On discards the oldest first; Off discards the newest first. EDCA STA Parameters Specifies the transmit parameters for traffic transmitted from the STA to the AP in four Access Categories: • Best Effort (AC_BE) • Background (AC_BK) • Video (AC_VI) • Voice (AC_VO) Transmit parameters include Contention Window (CWmin and CWmax), Arbitration Inter Frame Spacing Number (AIFSN), and Transmit Opportunity Limit (TXOP Limit).

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 105 Wireless 802.11b/g Guest Network Page This page allows you to configure a secondary guest network on the wireless interface. This network is isolated from the LAN. Any clients that associate with the guest network SSID will be isolated from the private LAN and can only communicate with WAN hosts.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 106 Field Description Guest Network You may have several different wireless Guest Networks running with different options. This field lets you select which wireless Guest Network you want to modify. Current Guest Network When set to Enabled, beacon frames are transmitted with the Guest SSID Guest Network Name (SSID) Assigns a unique network name (SSID) for the guest network, which appears in the beacon frames. Closed Network With a closed network, users type the SSID into the client application instead of selecting the SSID from a list. This feature makes it slightly more difficult for the user to gain access. DHCP Server Enables the DHCP server to give out leases to guest network clients from the specified lease pool. If the DHCP server is disabled, guest network STAs need to be assigned static IP addresses. IP Address Specifies the gateway IP relayed to guest clients in DHCP lease offers. Subnet Mask Specifies the subnet mask for the guest network. Lease Pool Start Specifies the starting IP address for the guest network lease pool. Lease Pool End Specifies the ending IP address for the guest network lease pool. Lease Time Specifies the lease time for the guest network lease pool once the Configuration Manager completes the WAN provisioning.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 107 Configuring the Wireless Clients For each wireless client computer (station), install the wireless adapter by following the instructions supplied with the adapter. Be sure to: 1. Insert the CD-ROM for the adapter in the CD-ROM drive on the client. 2. Install the device software from the CD. 3. Insert the adapter in the PCMCIA or PCI slot or connect it to the USB port. Configure the adapter to obtain an IP address automatically. On a PC with Wireless Client Manager installed, the icon is displayed on the Windows task bar. Double-click the icon to launch the utility. You may need to do the following to use a wireless client computer to access the Internet: If You Performed On Each Client, You Need to Perform Configuring WPA on the SVG2500 Configuring a Wireless Client for WPA or WPA2 Configuring WEP on the SVG2500 Configuring a Wireless Client for WEP Configuring the Wireless Network Name on the SVG2500 Configuring a Wireless Client with the Network Name (SSID) Configuring a MAC Access Control List on the SVG2500 No configuration on client required Configuring a Wireless Client for WPA If you enabled WPA and set a PSK Passphrase by configuring WPA on the SVG2500, you must configure the same passphrase (key) on each wireless client. The SVG2500 cannot authenticate a client if: • WPA is enabled on the SVG2500 but not on the client • The client passphrase does not match the SVG2500 PSK Passphrase Caution! Never provide the PSK Passphrase to anyone who is not authorized to use your WLAN.

This document is uncontrolled pending incorporation in PDM 9 SVG2500 WIRELESS PAGES 108 Configuring a Wireless Client for WEP If you enabled WEP and set a key by configuring WEP on the SVG2500, you must configure the same WEP key on each wireless client. The SVG2500 cannot authenticate a client if: • Shared Key Authentication is enabled on the SVG2500 but not on the client • The client WEP key does not match the SVG2500 WEP key For all wireless adapters, you must enter the 64-bit or 128-bit WEP key generated by the SVG2500. Caution! Never provide the WEP key to anyone who is not authorized to use your WLAN. Configuring a Wireless Client with the Network Name (SSID) After you specify the network name on the Wireless Basic Page, many wireless cards or adapters automatically scan for an access point such as the SVG2500 and the proper channel and data rate. If your card requires you to manually start scanning for an access point, do so following the instructions in the documentation supplied with the card. You must enter the same SSID in the wireless configuration setup for the device to communicate with the SVG2500.

This document is uncontrolled pending incorporation in PDM 109 10 SVG2500 VPN PAGES The VPN pages allow you to configure and manage VPN tunnels. You can click any VPN submenu option to view or change the configuration information for that option. VPN Basic Page This page allows you to enable VPN protocols and manage VPN tunnels. Field Description L2TP Server Enable or disable the Layer 2 Tunneling Protocol PPTP Server Enable or disable the Point-to-Point Protocol IPsec Endpoint Enable or disable the Internet Protocol Security protocol Add New Tunnel Creates a new tunnel configuration and appends it to the table. Click Edit to add the name and constructs of the tunnel for that tunnel.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 110 VPN IPsec Page This page allows you to configure multiple VPN tunnels to various client PCs. You can configure and store different tunnels, but you cannot enable them for ease of use with connections and/or client PCs that are not constantly used. For each tunnel configuration you store, its unique IPsec parameters are stored using the IPsec Settings section at the bottom of the page. You can click Show Advanced Settings at the bottom of the page to display the advanced features that control IPSEC key management and negotiation with the far endpoint. Field Description Tunnel Contains preset tunnels by their preset name. This allows you to configure each tunnel individually.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 111 Field Description Name A generic user-specified name for a group of settings for a single tunnel. Once the appropriate tunnel name is entered for the first time, click Add New Tunnel to create a heading for the tunnel settings selected from the Tunnel drop-down list. If no name is entered here, the tunnels are sequentially named 1, 2, 3, and so on. Enable drop-down Once a particular VPN tunnel is named and configured, it can be left stored and disabled or enabled via the Enable/Disable drop-down list. Click Apply to make the "Enable/Disable" setting effective. Local Endpoint Settings Address group type Set the local VPN access group as one of the following group types: • Single IP address – for one computer, enter the IP address for the specific computer • IP address range – for a small range of computers, enter the starting and ending IP addresses for the group of consecutive IP address that will have access to the VPN tunnel • IP Subnet – for an entire subnet/network, enter the Subnet and Mask For IP address range and IP Subnet enter the starting and ending IP addresses for the group of consecutive IP address that will have access to the VPN tunnel. Identity Type You can define the local endpoint identity type to automatically use the WAN IP address of the router or as a user-specified IP address, fully qualified domain name (FQDN), or e-mail address. This is the identity that the far endpoint will use for identification of the VPN termination point and handshake. The remote VPN endpoint on the other side of the tunnel should match the settings here for its remote endpoint settings. Identity Once the identity type is selected, enter the identity string here. • For IP address, enter x.x.x.x. • For FQDN, enter yourdomain.com • For email address identity, enter yourname@yourdomain.com The remote VPN endpoint on the other side of the tunnel should match the settings here for its remote endpoint settings.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 112 Field Description Remote Endpoint Settings Address group type Set the remote VPN access group to one of the following group types: • Single IP address – for one computer, enter the IP address for the specific computer • IP address range – for a small range of computers, enter the starting and ending IP addresses for the group of consecutive IP address that will have access to the VPN tunnel. • IP Subnet – for an entire subnet/network, enter the Subnet and Mask For IP address range and IP Subnet enter the starting and ending IP addresses for the group of consecutive IP address that will have access to the VPN tunnel. The remote VPN endpoint on the other side of the tunnel should match the settings here for its local endpoint settings. Identity type You can define the remote endpoint identity type to automatically use the remote endpoint IP address or as a user specified IP address, fully qualified domain name (FQDN), or e-mail address. This is the identity that the far endpoint will use for identification of the VPN termination point and handshake. The remote VPN endpoint on the other side of the tunnel should match the settings here for its local endpoint settings. Identity Once the identity type is selected, enter the identity string here. • For IP address, enter x.x.x.x. • For FQDN, enter yourdomain.com • For email address identity, enter yourname@yourdomain.com The remote VPN endpoint on the other side of the tunnel should match the settings here for its local endpoint settings. Network address type Select the remote endpoint's WAN address type: IP address or Fully Qualified Domain Name (FQDN) Remote Address Enter either the IP address of the remote endpoint or its FQDN.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 113 Field Description IPsec Settings With VPN tunnels, there are two phases of Security Association (SA). Phase 1 is used to create an IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSEC SAs, which are then used to key IPSEC sessions. Pre-shared key If one side of the VPN tunnel is using a unique firewall identifier (or Pre-shared Key), the firewall identifier or Pre-shared Key should be entered in the "Pre-shared Key" field. Phase 1 DH group There are three Diffie-Hellman groups to choose from: 768 bits, 1024 bits, and 1536 bits. Diffie-Hellman is a cryptographic technique that uses public and private keys for encryption and decryption. The higher number of bits selected from the options list the more secure the encryption. Options: Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits). Phase 1 encryption Encryption is used to secure the VPN connection between endpoints. Five different types of encryption are available: DES, 3DES, AES-128, AES-192, and AES-256. Any form off encryption may be selected as long as the far endpoint matches. One of the more common settings here is 3DES; however, AES is also a very strong encryption method. Phase 1 authentication Authentication acts as another level of security. The two types of authentication available are MD5 and SHA. SHA is recommended because it is more secure. Either authentication type may be used as long as the other end of the VPN tunnel uses the same method. Phase 1 SA lifetime Specifies the lifetime of individual rotating keys. Enter the desired number of seconds for the key to last until a re-key negotiation between each endpoint is negotiated. The default setting is 28,800 seconds. A smaller lifetime is generally more secure, since it would give an attacker a smaller amount of time to try to crack the key, but key negotiation does take up bandwidth, so network throughput will be sacrificed with small lifetimes. Entries here are typically in the thousands or tens of thousands of seconds.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 114 VPN L2TP/PPTP Page This page allows configuration of L2TP and PPTP server options. Field Description PPP Address Range Start End Specify the starting and ending IP address range so that when the tunnel is set up, the client and server side will get their IP address from this specified range. PPP Security MPPE Encryption Microsoft Point to Point Encryption (MPPE) is a type of link encryption used in PPTP. Link encryption means that the data sent along this tunnel will be encrypted. You can choose to enable or disable MPPE encryption. Username Used to authenticate between the client and the server of the tunnel that was created between them. Password Enter a user password for authentication. Confirm Password Enter the password again for confirmation. Preshared Phrase Pre shared Phrase – A phrase used to authenticate when the SVG2500 is acting as a Layer 2 Tunneling Protocol (L2TP) server.

This document is uncontrolled pending incorporation in PDM 10 SVG2500 VPN PAGES 115 VPN Event Log Page This page allows you to view the VPN Event Log. It shows a history of VPN connections and activity in chronological order and shows the IP address of both endpoints on the tunnel (remote and local). Click Refresh to update the Event Log table to show any changes since the web page was last loaded. Click Clear to clear the log table of its current contents and only the most recent data will appear.

This document is uncontrolled pending incorporation in PDM 117 11 SVG2500 MTA PAGES The Multimedia Terminal Adapter (MTA) in your SVG2500 provides digital Voice over IP (VoIP) services, which allow you to use the Internet to make telephone calls. Basic telephone functions such as call waiting, three-way calling, voice mail, and fax transmissions are supported with this connection on the SVG2500. You can click any MTA submenu option to view the status information for that option. MTA Status Page This page displays the initialization status of the MTA. MTA DHCP Page This page displays the MTA DHCP lease information.

This document is uncontrolled pending incorporation in PDM 11 SVG2500 MTA PAGES 118 MTA QoS Page This page displays the MTA Quality of Service (QoS) parameters.

This document is uncontrolled pending incorporation in PDM 11 SVG2500 MTA PAGES 119 MTA Provisioning Page This page displays the MTA provisioning details about your SVG2500 VoIP telephone connection.

This document is uncontrolled pending incorporation in PDM 11 SVG2500 MTA PAGES 120 MTA Event Log This page displays the MTA Event Log information related to your SVG2500 VoIP telephone connection. Diagnostic messages generated by the MTA are provided. This information is intended for use by a qualified technician.

This document is uncontrolled pending incorporation in PDM 121 12 SVG2500 BATTERY PAGES The Battery pages show varying status information on the batteries installed in the SVG2500. You can click any Battery submenu option to view the status information for that option. Battery Controller Page This page displays the status of the SVG2500 battery controller. Field Description Driver Shows the Revision Level of the PICO microcode. The PICO is the module within the BCM3368 that is responsible for managing the battery charge and discharge circuitry. Built Shows the date and time of the build of the PICO microcode in use by the unit. Current Power Source Shows the active power source for the unit as utility (when operating on AC) or battery. Number of Batteries Shows the number of batteries currently installed in the battery pack. Input Voltage Shows the current voltage (mV) being supplied to the unit by the active power source. Temperature Shows the current internal temperature (degrees Celsius) of the unit as measured by the temperature-sensing resistor Estimated Time Remaining Shows the estimated time until the battery power is depleted

This document is uncontrolled pending incorporation in PDM 12 SVG2500 BATTERY PAGES 122 Battery UPS Page This page displays the status of the individual batteries. Field Description Status Shows whether Battery A and/or Battery B are currently installed in the battery pack. Note that some units are only capable of supporting Battery A. Capacity Shows a measure of each installed battery's total capacity in milliamp hours. For example, 2200 mAH capacity means the battery can deliver 2200 mA for 1 hour. Measured Voltage Shows the voltage (mV) each installed battery is currently capable of delivering. Estimated Time Remaining Shows the estimated time until the battery power for each installed battery is depleted. Battery Interface Delay Page This page displays the shutdown delay for the various user interfaces when switching to battery power. N/A indicates that the interface will not be shut down. Field Description Interface Identifies the components of the unit that are subject to deactivation when the unit is operating on battery power. Delay(s) For each component shown under Interface, the corresponding Delay fields show the elapsed time for each component before the component is automatically deactivated following a shift to battery power. Note that N/A indicates that the component will not be deactivated.

This document is uncontrolled pending incorporation in PDM 123 13 TROUBLESHOOTING Solutions If the solutions listed here do not solve your problem, contact your service provider. Before calling your service provider, try pressing the reset button on the rear panel of the SVG2500. Resetting the SVG2500 may take 5 to 30 minutes. Your service provider may ask for the status of the lights as described in Front-Panel Lights and Error Conditions. Problem Possible Solution Power light is off Check that the SVG2500 is properly plugged into the electrical outlet. Check that the electrical outlet is working. Press the Reset button. Cannot send or receive data On the top front panel, note which is the first light that is off. This light indicates where the error occurred as described in Front-Panel Lights and Error Conditions. If you have cable TV, check that the TV is working and the picture is clear. If you cannot receive regular TV channels, the data service and VoIP telephone service will not function. Check the coaxial cable at the SVG2500 and wall outlet. Hand-tighten if necessary. Check the IP address. Follow the steps for verifying the IP address for your system. See Configuring TCP/IP. Call your service provider if you need an IP address. Check that the Ethernet cable is properly connected to the SVG2500 and the computer. Problems related to unsuccessful USB driver installation Remove the USB driver. Follow the appropriate procedure for your system in Installing USB Drivers. A wireless client(s) cannot send or receive data Perform the first four checks in “Cannot send or receive data.” Check the Security Mode setting on the Wireless Security Page: • If you enabled WPA and configured a passphrase on the SVG2500, be sure each affected wireless client has the identical passphrase. If this does not solve the problem, check whether the wireless client supports WPA. • If you enabled WEP and configured a key on the SVG2500, be sure each affected wireless client has the identical WEP key. If this does not solve the problem, check whether the client wireless adapter supports the type of WEP key configured on the SVG2500. • To temporarily eliminate the Security Mode as a potential issue, disable security. After resolving your problem, be sure to re-enable wireless security. On the Wireless Basic Page: • Check whether you turned on Disable SSID Broadcast. If it is on, be sure the network name (SSID) on each affected wireless client is identical to the SSID on the SVG2500. • On the Wireless Access Control Page, be sure the MAC address for each affected wireless client is correctly listed.

This document is uncontrolled pending incorporation in PDM 13 TROUBLESHOOTING 124 Problem Possible Solution Slow wireless transmission speed with WPA enabled On the Wireless Security Page, check whether the WPA Encryption type is TKIP. If all of your wireless clients support AES, change the WPA Encryption to AES. Front-Panel Lights and Error Conditions Light Turns Off During Startup If Turns Off During Normal Operation If DS The downstream receive channel cannot be acquired The downstream channel is lost US The upstream send channel cannot be acquired The upstream channel is lost ONLINE IP registration is unsuccessful The IP registration is lost POWER The SVG2500 is not properly plugged into the power outlet The SVG2500 is unplugged Removing USB Drivers Removing the USB Driver in Windows 2000 Although your SVG model number may be different than in the images in this guide, the procedure is the same. 1. Select Control Panel from either the Windows Start menu or Windows Desktop to display the Control Panel window. 2. Double-click System to display the System Properties window.

This document is uncontrolled pending incorporation in PDM 13 TROUBLESHOOTING 125 3. Click the Hardware tab. 4. Click Device Manager to display the Device Manager window: 5. Double-click Network Adapters to expand the list. 6. Click Motorola USB SVG Modem. The Uninstall icon displays on the menu bar at the top of the window. 7. Click the Uninstall icon. The Confirm Device Removal window is displayed: 8. Click OK to close the Device Manager window. 9. Close the Control Panel window.

This document is uncontrolled pending incorporation in PDM 13 TROUBLESHOOTING 126 10. To continue, perform Running the Motorola USB Driver Removal Utility. Removing the USB Driver in Windows XP 1. Select Control Panel from either the Windows Start menu or Windows Desktop to display the Control Panel window. 2. If a Category view similar to the image under step 2 is displayed, click Performance and Maintenance to display the Performance and Maintenance window. Otherwise, skip to step 5. 3. Click System to display the System Properties window. Skip to step 6. 4. If a Classic view similar to the following is displayed, double-click System to display the System Properties window: 5. Click the Hardware tab to display the Hardware page. 6. Click the Device Manager button to display the Device Manager window: 7. Double-click Network adapters. 8. Click the Motorola USB SVG Modem. The Uninstall icon displays on the window near the top. 9. Click the Uninstall icon. 10. Close the Device Manager and Control Panel windows. 11. Perform Running the Motorola USB Driver Removal Utility. Running the Motorola USB Driver Removal Utility Before running the Motorola USB Driver Removal Utility, perform one of the following to run the Windows Device Manager: • Removing the USB Driver in Windows 2000 • Removing the USB Driver in Windows XP To run the Motorola USB Driver Removal Utility: 1. Insert the SVG2500 Installation CD-ROM in the CD-ROM drive. After a short time, a window with language choices is displayed. 2. Press Esc on the keyboard to exit the start-up screens. 3. To start Windows Explorer, click Start and select Run. 4. On the Run window, type explorer and click OK. 5. Your Windows Explorer may appear different than in the image on this page. There are variations between Windows versions and you can configure Windows Explorer as you like. 6. Double-click My Computer. 7. Double-click the Motorola SVG icon (D: in the image).

This document is uncontrolled pending incorporation in PDM 13 TROUBLESHOOTING 127 8. Double-click remove or remove.exe to run the Remove utility from the SVG2500 Installation CD-ROM. The Motorola USB Driver Removal window is displayed. Be sure the USB cable is disconnected. 9. Click Remove Driver. A progress bar indicates that the driver is being removed. 10. Click Exit to exit the Motorola USB Driver Removal Utility. or Click Details to display informational messages about the files that were found and deleted similar to the ones shown below. If necessary, scroll down to view the entire list. Click OK to close the details window. 11. Re-install the USB driver following one of the options listed below: • Setting Up the USB Driver in Windows 2000 • Setting Up the USB Driver in Windows XP 12. If you continue to have problems, contact your Internet provider.

This document is uncontrolled pending incorporation in PDM 129 14 CONTACT US If you need assistance while working with the SVG2500, contact your Internet Service provider. For information about customer service, technical support, or warranty claims, see the Motorola Regulatory, Safety, Software License, and Warranty Information card provided with the SVG2500. For answers to typical questions, see Frequently Asked Questions. For more information about Motorola consumer Connected Home Solutions products, education, and support, visit broadband.motorola.com/consumers. For more information about Motorola consumer Connected Home Solutions products, education, and support, visit http://broadband.motorola.com/consumers/support/default.asp.

This document is uncontrolled pending incorporation in PDM 131 15 FREQUENTLY ASKED QUESTIONS Here are answers to questions our customers frequently ask: Q What is high-speed cable Internet access? A Cable Internet access uses cable television wires instead of telephone lines to connect to the Internet. It is extremely fast and does not tie up telephone lines for incoming or outgoing calls and faxes. Q How fast is the Motorola SVG2500 SURFboard Wireless Voice Gateway? A Cable modems offer Internet access at speeds up to 100 times faster than a traditional phone modem. You can experience speeds of over 1,000 Kbps. Network condition such as traffic volume and the speed of the sites you visit can affect download speeds. Q How many users can one SVG2500 support? A A single SVG2500 can support up to 245 users, each assigned a unique IP address, on a Class C network. Q What is Network Address Translation? A NAT is a technique to translate private IP addresses on your LAN to a single IP address assigned by your service provider that is visible to outside users on the Internet. Q What are IEEE 802.11g and IEEE 802.11b? A They are IEEE wireless network standards. Q What type of firewall is provided on the SVG2500? A The SVG2500 provides a stateful-inspection firewall. For more information, see Section 7, SVG2500 Firewall Pages. Q What wireless security measures are provided on the SVG2500? A To protect data transmitted over wireless connections, the SVG2500 supports WPA or WEP encryption and MAC access control lists. For information, see Setting Up Your Wireless LAN. Q Why is there no Standby button? A As a security measure, some Motorola cable modems provide a Standby button to temporarily suspend the Internet connection. Because enabling the SVG2500 firewall provides high security levels while connected, the Standby button is not required.

This document is uncontrolled pending incorporation in PDM 15 FREQUENTLY ASKED QUESTIONS 132 Q Can I still watch cable TV while using my SVG2500? A Yes, your cable TV line can carry the TV signal while you send and receive information on the Internet. Q What are CableLabs Certified, DOCSIS, and Euro-DOCSIS? A CableLabs Certified, DOCSIS, and Euro-DOCSIS are the industry standards for high-speed data distribution over cable television system networks. They are intended to ensure that all compliant cable modems interface with all compliant cable systems. Your SVG2500 is DOCSIS or Euro-DOCSIS certified. Q If I have an SVG2500, can I still use my old 28.8 Kbps or 56 Kbps modem? A Yes you can. However, once you’ve experienced the speed of cable Internet access, you’ll never again want to wait for traditional dial-up services. Q Do I need to subscribe to cable TV to get cable Internet access? A No, but you will need to subscribe to cable Internet service. Some systems require that you subscribe to basic service before you can get Internet access and/or offer a discount when you use your own SVG2500. Check with your local cable company for specific information. Q What type of technical support is available? A For questions about your Internet service, connection, or SVG2500, call your Internet service provider. Q What do I do if my SVG2500 stops working? A Troubleshooting provides tips to diagnose problems and simple solutions. If you continue to have problems, call your Internet service provider. Q Can multiple game players on the SVG2500 LAN log onto the same game server and play simultaneously with just one public IP address? A It depends on the game server. For more information about gaming, see Gaming Configuration Guidelines.

This document is uncontrolled pending incorporation in PDM 133 16 SPECIFICATIONS GENERAL Standards Cable Interface Network Interface Wireless Interface Dimensions (w/o antenna) Interoperates with DOCSIS and Euro-DOCSIS 2.0/1.1 and PacketCable and Euro-PacketCable 1.5/1.0 (SIP and CableHome 1.1 optional) F-connector, female, 75 Ω One USB, four 10/100 Ethernet ports 802.11b/g Wi-Fi 26.7 cm L x 18.41 cm W x 5.72 cm H (10.50 in x 7.25 in x 2.25 in) INPUT POWER North America Outside North America 105 to 125 VAC, 60 Hz 100 to 240 VAC, 50 to 60 Hz ENVIRONMENT Operating Temperature Storage Temperature Operating Humidity 0 °C to 40 °C (32 °F to 104 °F) –30 °C to 80 °C (–22 °F to 176 °F) 0 to 95% R.H. (non-condensing) DOWNSTREAM Modulation Maximum Data Rate* Bandwidth Symbol Rates Operating Level Range Frequency Range Input Impedance 64 or 256 QAM 38 Mbps (256 QAM at 5.361 Msym/s) 6 MHz 64 QAM at 5.069 Msym/s, 256 QAM at 5.361 Msym/s –15 to 15 dBmV 88 to 860 MHz 75 Ω (nominal)

This document is uncontrolled pending incorporation in PDM 16 SPECIFICATIONS 134 UPSTREAM Modulation Maximum Channel Rate Bandwidth Symbol Rates Operating Level Range A-TDMA S-CDMA Output Impedance Frequency Range 8***, 16, 32***, 64***,128*** QAM or QPSK 30 Mbps** 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz, 6.4 MHz*** 160, 320, 640, 1280, 2560, 5120*** ksym/s 8 to 54 dBmV (32, 64 QAM), 8 to 55 dBmV (8, 16 QAM) , 8 to 58 dBmV (QPSK) 8 to 53 dBmV (all modulations) 75 Ω (nominal) 5 to 42 MHz (edge to edge) TELEPHONY Line Type Hook State Signaling Maximum Line Length (one-way) DTMF Level Sensitivity Range Speech Coding Line Termination Loss Plan Receive Transmit Loss Plan Tolerance Ringing Wave Form Ringing Crest Factor Ring Trip (maximum) 2-wire Loop start 500 ft (AWG 26/0.4 mm @ 65 °C) 0 and –20 dBm 64 kbps PCM, μ-law or A-law companding; support for G.711, G.726, G.728, G.729, G.723.1, iLBC, and BV16/32 codecs Configurable based on market needs (D/A) 4 dB (A/D) 2 dB (configurable based on market needs) ±1 dB; 60/50 Hz loss >20 dB (one-way) (referenced to off-hook loss at 1,004 Hz) Quasi-trapezoidal 1.2 <CF <1.6 200 mS with 300 W termination

This document is uncontrolled pending incorporation in PDM 16 SPECIFICATIONS 135 NETWORK Gateway Wireless LAN Power Management 802.11 i Security Mobile Pairing Regulatory Domains Transmit Power Output IEEE 802.11b IEEE 802.11g Receiver Sensitivity DHCP, NAT, VPN endpoint, VPN tunneling; static routing and dynamic IP routing (RIPv1, RIPv2); SPI firewall with DoS protection and intrusion prevention; port, packet, and URL keyword filtering; full suite of ALGs; UPnP IGD 1.0 802.11b/g Wi-Fi, two external removable antennas, WDS bridging, 802.11e WMM admission control, QoS 802.11e WMM power save/U-APSD (Unscheduled-Automatic Power Save Delivery) WEP-64/128, WPA-PSK, WPA, WPA2, TKIP, AES, 802.1x, 802.11i (pre-authentication) User-friendly Wi-Fi–protected setup (WPS) for secure mobile pairing with compatible dual-mode handset To include US, Canada, ETSI, World 19 dBm +1/–1.5 dB at all rates in all channels 16 dBm +1/–1 dB at 54 Mbps in all channels > –90 dBm at 11 Mbps; > –74 dBm at 54 Mbps All features, functionality, and other product specifications are subject to change without notice or obligation. *When comparing download speeds with a traditional 28.8k analog modem. Actual speeds will vary and are often less than the maximum possible. Several factors affect upload and download speeds, including, but not limited to, network traffic and services offered by your cable operator or broadband service provider, computer equipment, type of service, number of connections to server, and availability of Internet route(s). **Actual data throughput will be less due to physical layer overhead (error correction coding, burst preamble, and guard interval). ***With A-TDMA or S-CDMA enabled Cable Modem Termination System (CMTS). Certain features may not be activated by your service provider, and/or their network settings may limit the feature’s functionality. Additionally, certain features may require a subscription. Contact your service provider for details. All features, functionality, and other product specifications are subject to change without notice or obligation. Battery back-up times may vary based on many factors, including the battery age, charging state, storing conditions, and operating temperature, as well as by factors such as data activity and length of active telephone calls.

This document is uncontrolled pending incorporation in PDM 137 17 GLOSSARY This glossary defines terms and lists acronyms used with the SVG2500. A TERM DEFINITION access point A device that provides WLAN connectivity to wireless clients (stations). The SVG2500 acts as a wireless access point. adapter A device or card that connects a computer, printer, or other peripheral device to the network or to some other device. A wireless adapter connects a computer to the WLAN. address See NAT translation. ALG Some file transfer (for example, FTP), game, and video conferencing applications require application level gateway triggers to open one or more ports to enable the application to operate properly. American Wire A standard system used to designate the size of electrical conductors; gauge numbers are inverse to Gauge (AWG) size. ANSI The American National Standards Institute is a non-profit, independent organization supported by trade organizations, industry, and professional societies for standards development in the United States. This organization defined ASCII and represents the United States to the International Organization for Standardization. ANX Automotive Network Exchange ARP Address Resolution Protocol broadcasts a datagram to obtain a response containing a MAC address corresponding to the host IP address. When it is first connected to the network, a client sends an ARP message. The SVG2500 responds with a message containing its MAC address. Subsequently, data sent by the computer uses the SVG2500 MAC address as its destination. ASCII The American Standard Code for Information Interchange refers to alphanumeric data for processing and communication compatibility among various devices; normally used for asynchronous transmission. attenuation The difference between transmitted and received power resulting from loss through equipment, transmission lines, or other devices; usually expressed in decibels. authentication A process where the CMTS verifies that access is authorized, using a password, trusted IP address, or serial number.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 138 TERM DEFINITION authorization Part of the process between a CMTS and the cable modem or gateway to enable Baseline Privacy. auto-MDIX Automatic medium-dependent interface crossover detects and corrects cabling errors by automatically reversing the send and receive pins on any port. It enables the use of straight-through wiring between the SVG2500 Ethernet port and any computer, printer, or hub. B TERM DEFINITION bandwidth The transmission capacity of a medium in terms of a range of frequencies. Greater bandwidth indicates the ability to transmit more data over a given period of time. Baseline Privacy An optional feature that encrypts data between the CMTS and the cable modem or gateway. Protection of service is provided by ensuring that a cable modem or gateway, uniquely identified by its MAC address, can only obtain keys for services it is authorized to access. Baud The analog signaling rate. For complex modulation modes, the digital bit rate is encoded in multiple bits per baud. For example, 64 QAM encodes 6 bits per baud, and 16 QAM encodes 4 bits per baud. BCP Binary Communication Protocol BER The bit error rate is the ratio of the number of erroneous bits or characters received from some fixed number of bits transmitted. binary A numbering system that uses two digits, 0 and 1. bit rate The number of bits (digital 0s and 1s) transmitted per second in a communications channel. It is usually measured in bits per second bps. BPKM Baseline Protocol Key Management encrypts data flows between a cable modem or gateway and the CMTS. The encryption occurs after the cable modem or gateway registers to ensure data privacy across the RF network. bps Bits per second

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 139 TERM DEFINITION bridge An OSI layer 2 networking device that connects two LANs using similar protocols. It filters frames based on the MAC address to reduce the amount of traffic. A bridge can be placed between two groups of hosts that communicate a lot together, but not so much with the hosts in the other group. The bridge examines the destination of each packet to determine whether to transmit it to the other side. See also switch. broadband High bandwidth network technology that multiplexes multiple, independent carriers to carry voice, video, data, and other interactive services over a single cable. A communications medium that can transmit a relatively large amount of data in a given time period. A frequently used synonym for cable TV that can describe any technology capable of delivering multiple channels and services. broadcast Simultaneous transmission to multiple network devices; a protocol mechanism supporting group and universal addressing. See also multicast and unicast. C TERM DEFINITION CableHome A project of CableLabs and technology suppliers to develop interface specifications for extending high-quality, cable-based services to home network devices. It addresses issues such as device interoperability, QoS, and network management. CableHome will enable cable service providers to offer more services over HFC. It will improve consumer convenience by providing cable-delivered services throughout the home. CableLabs A research consortium that defines the interface requirements for cable modems and acknowledges that tested equipment complies with DOCSIS. cable modem A device installed at a subscriber location to provide data communications over an HFC network. Unless otherwise specified, all references to “cable modem” in this documentation refer to DOCSIS or Euro-DOCSIS cable modems only. cable modem configuration file File containing operational parameters that a cable modem or gateway downloads from the Internet Service provider TFTP server during registration.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 140 TERM DEFINITION circuit-switched Network connection scheme used in the traditional PSTN telephone network, where each connection requires a dedicated path for its duration. An alternative is packet-switched. Class C network An IP network containing up to 253 hosts. Class C IP addresses are in the form “network.network. network. host.” client In a client/server architecture, a client is a computer that requests files or services, such as file transfer, remote login, or printing from the server. Also called a CPE. On a WLAN, a client is any host that can communicate with the access point. A wireless client is also called a “station.” CMTS A cable modem termination system is a device in the cable system headend that interfaces the HFC network to local or remote IP networks to connecting IP hosts, cable modems or gateways, and subscribers. It manages all cable modem bandwidth. It is sometimes called an edge router CNR carrier to noise ratio coaxial cable A type of cable consisting of a center wire surrounded by insulation and a grounded shield of braided (coax) wire. The shield minimizes electrical and radio frequency interference. Coaxial cable has high bandwidth and can support transmission over long distances. CoS Class of service traffic management or scheduling functions are performed when transferring data upstream or downstream on HFC. CPE Customer premise equipment, typically computers, printers, etc., are connected to the cable modem or gateway at the subscriber location. CPE can be provided by the subscriber or the Internet Service provider. Also called a client. crosstalk Undesired signal interfering with the desired signal. CSMA/CD Carrier sense multiple access with collision detection D TERM DEFINITION datagram In RFC 1594, a datagram is defined as “a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network.” For the most part, it has been replaced by the term packet.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 141 TERM DEFINITION default route The route by which packets are forwarded when other routes in the routing table do not apply. dB decibel dBc Signal level expressed in dB relative to the unmodulated carrier level desired. DBm A unit of measurement referenced to one milliwatt across specified impedance. 0dBm = 1 milliwatt across 75 ohms. dBmV Signal level expressed in dB as the ratio of the signal power in a 75-ohm system to a reference power when 1 mV is across 75 ohms. demodulation An operation to restore a previously modulated wave and separate the multiple signals that were combined and modulated on a sub carrier. DHCP A Dynamic Host Configuration Protocol server dynamically assigns IP addresses to client hosts on an IP network. DHCP eliminates the need to manually assign static IP addresses by “leasing” an IP address and subnet mask to each client. It enables the automatic reuse of unused IP addresses. The SVG2500 is simultaneously a DHCP client and a DHCP server. A DHCP server at the cable system headend assigns a public IP address to the SVG2500 and optionally to clients on the SVG2500 LAN. The SVG2500 contains a built-in DHCP server that assigns private IP addresses to clients. distortion An undesired change in signal waveform within a transmission medium. A nonlinear reproduction of the input waveform. DMZ A “de-militarized zone” is one or more hosts logically located between a private LAN and the Internet. A DMZ prevents direct access by outside users to private data. (The term comes from the geographic buffers located between some conflicting countries, such as North and South Korea.) In a typical small DMZ configuration, the DMZ host receives requests from private LAN users to access external web sites and initiates sessions for these requests. The DMZ host cannot initiate a session back to the private LAN. Internet users outside the private LAN can access only the DMZ host. You can use a DMZ to set up a web server or for gaming without exposing confidential data.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 142 TERM DEFINITION DNS The Domain Name System is the Internet system for converting domain names to IP addresses. A DNS server contains a table matching domain names such as Internetname.com to IP addresses such as 192.169.9.1. When you access the world-wide web, a DNS server translates the URL displayed on the browser to the destination website IP address. The DNS lookup table is a distributed Internet database; no one DNS server lists all domain names to IP address matches. DOCSIS The CableLabs Data-Over-Cable Service Interface Specification defines interface standards for cable modems, gateways, and supporting equipment to deliver data between an HFC network and computer systems or television sets. To emphasize its use as a cable modem standard, DOCSIS is now called CableLabs Certified Cable Modems. Euro-DOCSIS is DOCSIS adapted for use in Europe. domain name A unique name, such as motorola.com, that maps to an IP address. Domain names are typically much easier to remember than are IP addresses. dotted-decimal format Method of representing an IP address or subnet mask using four decimal numbers called octets. Each octet represents eight bits. In a class C IP address, the octets are “network.network.network.host.” The first three octets together represent the network address and the final octet is the host address. In the SVG2500 LAN default configuration, 192.168.100 represents the network address. In the final octet, the host address can range from 2 to 254. download To copy a file from one computer to another. You can use the Internet to download files from a server to a computer. A DOCSIS or Euro-DOCSIS cable modem or gateway downloads its configuration file from a TFTP server during start-up. downstream In a cable data network, the direction of data received by the computer from the Internet. driver Software that enables a computer to interact with a network or other device. For example, there are drivers for printers, monitors, graphics adapters, modems, Ethernet, USB, HPNA, and many others. DSL Digital Subscriber Line DSSS Direct Sequence Spread Spectrum is an IEEE 802.11b RF modulation protocol.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 143 TERM DEFINITION dynamic IP address An IP address that is temporarily leased to a host by a DHCP server. The opposite of static IP address. E TERM DEFINITION encapsulate To include data into some other data unit to hide the format of the included data. encode To alter an electronic signal so that only an authorized user can unscramble it to view the information. encrypt To encode data. endpoint A VPN endpoint terminates the VPN at the router so that computers on the SVG2500 LAN do not need VPN client software to tunnel through the Internet to the VPN server. Ethernet The most widely used LAN type, also known as IEEE 802.3. The most common Ethernet networks are 10Base-T, which provide transmission speeds up to 10 Mbps, usually over unshielded, twisted-pair wire terminated with RJ-45 connectors. Fast Ethernet (100Base-T) provides speeds up to 100 Mbps. “Base” means “baseband technology” and “T” means “twisted pair cable.” Each Ethernet port has a physical address called the MAC address. Euro-DOCSIS A ComLabs standard that is DOCSIS adapted for use in Europe. event A message generated by a device to inform an operator or the network management system that something has occurred. expansion slot A connection point in a computer where a circuit board can be inserted to add new capabilities. EAP Extensible Authentication Protocol F TERM DEFINITION FCS frame check sequence F-type connector A type of connector used to connect coaxial cable to equipment such as the SVG2500. firewall A security software system on the SVG2500 that enforces an access control policy between the Internet and the SVG2500 LAN.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 144 TERM DEFINITION flow A data path moving in one direction. FEC Forward error correction is a technique to correct transmission errors without requiring the transmitter to resend any data. FMDA Frequency Division Multiple Access is a method to allow multiple users to share a specific radio spectrum. Each active user is assigned an individual RF channel (or carrier) with the carrier frequency of each channel offset from its adjacent channels by an amount equal to the channel spacing, which allows the required bandwidth per channel. frame A unit of data transmitted between network nodes that contain addressing and protocol control data. Some control frames contain no data frequency Number of times an electromagnetic signal repeats an identical cycle in a unit of time, usually one second, measured in Hz, kHz, MHz, or GHz. FTP File Transfer Protocol is a standard Internet protocol for exchanging files between computers. FTP is commonly used to download programs and other files to a computer from web pages on Internet servers full-duplex The ability to simultaneously transmit and receive data. See also half-duplex. G TERM DEFINITION gain The extent to which a signal is boosted. A high-gain antenna increases the wireless signal level to increase the distance the signal can travel and remain usable. gateway A device that enables communication between networks using different protocols. See also router. The SVG2500 enables up to 245 computers supporting IEEE 802.11b, Ethernet, or USB to share a single broadband Internet connection. gateway IP address The address of the default gateway router on the Internet. Also known as the “giaddr.” GHz Gigahertz — one billion cycles per second GUI graphical user interface

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 145 H TERM DEFINITION H.323 A suite of protocols created by the ITU for interactive video conferencing, data sharing, and audio applications such as VoIP. half-duplex Network where only one device at a time can transmit data. See also full-duplex. headend A location that receives TV programming, radio programming, data, and telephone calls that it modulates onto the HFC network. It also sends return data and telephone transmissions. Headend equipment includes transmitters, preamplifiers, frequency terminals, demodulators, modulators, and other devices that amplify, filter, and convert incoming broadcast TV signals to wireless and cable channels. header The data at the beginning of a packet that identifies what is in the packet. hexadecimal A base-sixteen numbering system that uses sixteen sequential numbers (0 to 9 and the letters A to F) as base units before adding a new position. On computers, hexadecimal is a convenient way to express binary numbers. HFC A hybrid fiber/coaxial cable network uses fiber-optic cable as the trunk and coaxial cable to the subscriber premises. hop The interval between two routers on an IP network. The number of hops a packet traverses toward its destination (called the hop count) is saved in the packet header. For example, a hop count of six means the packet has traversed six routers. The packet hop count increases as the time-to-live (TTL) value decreases. host In IP, a host is any computer supporting end-user applications or services with full two-way network access. Each host has a unique host number that combined with the network number forms its IP address. Host also can mean: • A computer running a web server that serves pages for one or more web sites belonging to organization(s) or individuals • A company that provides this service • In IBM environments, a mainframe computer HTML Hyper Text Markup Language hub On a LAN, a hub is a device that connects multiple hosts to the LAN. A hub performs no data filtering. See also bridge and router. An IP hub is typically a unit on a rack or desktop.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 146 TERM DEFINITION On an HFC network, a hub is a scaled-down headend that performs some or all headend functions for part of the system. Hz Hertz — one cycle per second. The unit to measure the frequency that an alternating electromagnetic signal cycles through its highest and lowest states. Used to define the bands of the electromagnetic spectrum used in voice and data communications, or to define the bandwidth of a transmission medium. I TERM DEFINITION IANA The Internet Numbering Address Authority (IANA) is an organization under the Internet Architecture Board (IAB) of the Internet Society that oversees IP address allocation. It is under a contract from the U.S. government. ICMP Internet Control Message Protocol is a protocol used for error, problem, and informational messages sent between IP hosts and gateways. ICMP messages are processed by the IP software and are not usually apparent to the end-user. ICSA The International Computer Security Association is the security industry’s main source of research, intelligence, and product certification. IEEE The Institute of Electrical and Electronics Engineers, Inc. (http://www.ieee.org) is an organization that produces standards, technical papers, and symposiums for the electrical and electronic industries and is accredited by ANSI. IEEE 802.11b IEEE 802.11g IEEE wireless network standards IEEE 802.3 See Ethernet. IETF The Internet Engineering Task Force (http://www.ietf.org) is an open international community of network designers, operators, vendors, and researchers to develop and maintain Internet architecture. Technical working groups issue working documents called Internet-Drafts. The IETF publishes review versions of the drafts called requests for comments (RFCs). IGMP Internet Group Membership Protocol is the Internet multicasting standard. IGMP establishes and maintains a database of group multicast addresses and interfaces to which a multicast router forwards multicast packets. IGMP runs between multicast hosts and their immediately-neighboring multicast routers.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 147 TERM DEFINITION IGMP spoofing A process where a router acts as an IGMP querier for multicast hosts and an IGMP host to a multicast router. impedance The total opposition to AC electron current flow within a device. Impedance is typically 75 ohms for coax cable and other CATV components. impulse noise Noise of very short in duration, typically of the order of 10 microseconds. It is caused by electrical transients such as voltage spikes, electric motors turning on, and lightning or switching equipment that bleed over to the cable. Ingress noise Noise typically caused by discrete frequencies picked up by the cable plant from radio broadcasts or an improperly grounded or shielded home appliance such as a hair dryer. Ingress is the major source of cable system noise. Internet A worldwide collection of interconnected networks using TCP/IP. Internetwork A collection of interconnected networks allowing communication between all devices connected to any network in the collection. IP Internet Protocol is a set of standards that enable different types of computers to communicate with one another and exchange data through the Internet. IP provides the appearance of a single, seamless communication system and makes the Internet a virtual network. IP address A unique 32-bit value that identifies each host on a TCP/IP network. TCP/IP networks route messages based on the destination IP address. An IP address has two parts: • A network address assigned by IANA • SVG2500 network administrator assigns a host address to each host connected to the SVG2500, automatically using its DHCP server as a static IP address. For a Class C network, the first 24 bits are the network address and the final 8 bits are the host address; in dotted-decimal format, the IP address appears as “network.network.network.host.” If you enable the SVG2500 DHCP client on the Basic DHCP Page, the Internet Service provider automatically assigns the network address, subnet mask, domain name, and DNS server to provide a continuous Internet connection. IPSec The Internet Protocol Security protocols are IETF authentication and encryption standards for secure packet exchange over the Internet. IPSec works at OSI layer 3 and secures everything on the network. IKE Internet Key Exchange

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 148 TERM DEFINITION ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network ISO The International Organization for Standardization (http://www.iso.ch) is a worldwide federation of national standards bodies from approximately 140 countries. ISO is a non-governmental organization established in 1947 to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity. ISP Internet Service Provider ITU International Telecommunications Union K TERM DEFINITION kHz kilohertz — one thousand cycles per second L TERM DEFINITION L2F Layer 2 Forwarding is an OSI layer 2 protocol that establishes a secure tunnel across the Internet to create a virtual PPP connection between the user and the enterprise network. L2F is the most established and stable layer 2 tunneling protocol. L2TP Layer 2 Tunnel Protocol is a PPP extension that enables ISPs to operate VPNs. L2TP merges the best features of the PPTP and L2F. L2TP is the emerging IETF standard. LAC An L2TP access concentrator is a device to which the client directly connects through which PPP frames are tunneled to the LNS. The LAC need only implement the media over which L2TP operates to transmit traffic to one or more LNSs. The LAC may tunnel any protocol carried within PPP. The LAC initiates incoming calls and receives outgoing calls. A LAC is analogous to an L2F NAS. LAN A local area network provides a full-time, high-bandwidth connection over a limited area, such as a building or campus. Ethernet is the most widely used LAN standard. layer In networks, layers are software protocol levels. Each layer performs functions for the layers above it. OSI is a reference model having seven functional layers.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 149 TERM DEFINITION LCP Link Control Protocol establishes, configures, and tests data link connections used by PPP. Latency The time required for a signal to pass through a device. It is often expressed in a quantity of symbols. LED light-emitting diode LNS An L2TP network server is a termination point for L2TP tunnels where PPP frames are processed and passed to higher layer protocols. LNS can operate on any platform that terminates PPP. The LNS handles the server side of the L2TP protocol. L2TP relies only on the single media over which L2TP tunnels arrive. The LNS can have a single LAN or WAN interface but can terminate calls arriving at any of the LACs full range of PPP interfaces (asynchronous, synchronous, ISDN, V.120, etc.). The LNS initiates outgoing calls and receives incoming calls. LNS is analogous to a home gateway in L2F technology. loopback A test that loops the transmit signal to the receive signal. Usually the loopback test is initiated on a network device. The test is used to verify a path or to measure the quality of a signal on that path. M TERM DEFINITION MAC address The Media Access Control address is a unique, 48-bit value permanently saved in ROM at the factory to identify each Ethernet network device. It is expressed as a sequence of 12 hexadecimal digits printed on a Label on the Bottom of the SVG2500. You need to provide the HFC MAC address to the Internet Service provider. Also called an Ethernet address, physical address, hardware address, or NIC address. MB One megabyte; equals 1,024 x 1,024 bytes, 1,024 kilobytes, or about 8 million bits. Mbps Million bits per second (megabits per second). A rate of data transfer. media The various physical environments through which signals pass; for example, coaxial, unshielded twisted-pair (UTP), or fiber-optic cable. MIB A management information base is a unique hierarchical structure of software objects used by the SNMP manager and agent to configure, monitor, or test a device.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 150 TERM DEFINITION MHz Megahertz — one million cycles per second. A measure of radio frequency. MPDU MAC protocol data unit (PDU) MSDU MAC service data unit. MSO Multiple Systems Operator. A company that owns and operates more than one cable system. Also called a group operator. MTU The Maximum Transmission Unit is the largest amount of data that can be transmitted in one discrete message on a given physical network. The MTU places an upper bound on the size of a message that can be transferred by the network in a single frame. Messages exceeding the MTU must be fragmented before transmission and reassembled at the destination. Multicast A data transmission sent from one sender to multiple receivers. See also broadcast and unicast. mW milliwatts N TERM DEFINITION NAS Network access server NAT Network Address Translation is an Internet standard for a LAN to use one set of IP addresses for internal traffic and a second set of IP addresses for external traffic. NAPT Network Address Port Translation is the most common form of address translation between public and private IP addresses. NAPT is a mapping of one public IP address to many private IP addresses. If NAPT is enabled on the Basic Setup Page, one public IP address is mapped to an individual private IP address for up to 245 LAN clients. NEC National Electrical Code (United States) — The regulations for construction and installation of electrical wiring and apparatus, suitable for mandatory application by a wide range of state and local authorities. network Two or more computers connected to communicate with each other. Networks have traditionally been connected using some kind of wiring. network driver Software packaged with a NIC that enables the computer to communicate with the NIC. network layer Layer 3 in the OSI architecture that provides services to

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 151 TERM DEFINITION establish a path between open systems. The network layer knows the address of the neighboring nodes, packages output with the correct network address data, selects routes, and recognizes and forwards to the transport layer incoming messages for local host domains. NIC A network interface card converts computer data to serial data in a packet format that it sends over the LAN. A NIC is installed in an expansion slot or can be built-in. Every Ethernet NIC has a MAC address permanently saved in its ROM. node On a LAN, a generic term for any network device. On an HFC network, the interface between the fiber-optic trunk and coaxial cable feeders to subscriber locations. A node is typically located in the subscriber neighborhood. noise Random spurts of electrical energy or interface. May produce a salt-and-pepper pattern on a television picture. O TERM DEFINITION ohm A unit of electrical resistance. OSI The Open Systems Interconnection reference model is an illustrative model describing how data moves through a network from an application on the source host to an application on the destination host. It is a conceptual framework developed by ISO that is now the primary model for intercomputer communications. OSI is a model only; it does not define a specific networking interface.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 152 P TERM DEFINITION packet packet-switched The unit of data that is routed between the sender and destination on the Internet or other packet-switched network. When data, such as an e-mail message, is sent over the Internet, the sender’s IP divides the data into uniquely-numbered packets. The packet header contains the source and destination IP addresses. The individual packets may travel different routes. When all packets arrive at the destination, IP at that end reassembles the packets. A scheme to handle transmissions on a connectionless network such as the Internet. An alternative is circuit-switched. PacketCable A CableLabs-led project to define a common platform to deliver advanced, real-time multimedia services over two-way HFC cable plant. Built on DOCSIS 1.1, PacketCable networks use IP technology as the basis for a highly-capable multimedia architecture. pass-through A pass-through client on the SVG2500 LAN obtains its public IP address from the Internet Service provider’s DHCP server. PAT Port Address Translation PCI Peripheral Component Interconnect PCMCIA The Personal Computer Memory Card International Association sets international standards for connecting peripherals to portable computers. Laptop computers typically have a PCMCIA slot that can hold one or two PC Cards to provide features such as Ethernet connectivity. PDA personal digital assistant PDU A protocol data unit is a message containing operational instructions used for SNMP. The basic SNMP V2 PDU types are get-request, get-next-request, get-bulk-request, response, set-request, inform-request, and trap. periodic ranging Ranging that is performed on an on-going basis after initial ranging has taken place. physical layer Layer 1 in the OSI architecture. It provides services to transmit bits or groups of bits over a transmission link between open systems. It entails the electrical, mechanical, and handshaking procedures. piggybacking A process that occurs when a cable modem simultaneously transmits data and requests additional bandwidth.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 153 TERM DEFINITION PING A network utility that tests host reachability by sending a small packet to the host and waiting for a reply. If you PING a computer IP address and receive a reply, you know the computer is reachable over the network. It also stands for “Packet InterNet Groper.” PMD The physical media-dependent sublayer of the physical layer which transmits bits or groups of bits over particular types of transmission links between open systems. It entails the electrical, mechanical, and handshaking procedures. point-to-point Physical connection made from one point to another. POTS The “plain old telephone service” offered through the PSTN; basic analog telephone service. POTS uses the lowest 4 kHz of bandwidth on twisted pair wiring. port On a computer or other electronic device, a port is a socket or plug used to physically connect it to the network or to other devices. In TCP/IP, a port is a number from 0 to 65536 used logically by a client program to specify a server program. Ports 0 to 1024 are reserved port mirroring A feature that enables one port (source) on the SVG2500 to be copied to another port (destination) to be studied. The destination mirrors the transmitted (from) or received (to) data on the source port to enable the person managing the network to monitor activity. port triggering A mechanism that allows incoming communication with specified applications. Primarily used for gaming applications. PPP Point-to-Point Protocol is used to transport other protocols, typically for simple links over serial lines. It is most commonly used to access the Internet with a dial-up modem. PPTP Point-to-Point Tunneling Protocol encapsulates other protocols. It is a new technology to create VPNs developed jointly by several vendors. private IP An IP address assigned to a computer on the SVG2500 LAN by the DHCP server on the SVG2500 for an address specified lease time. Private IP addresses are used by the SVG2500 LAN only; they are invisible to devices on the Internet. See also public IP address. protocol A formal set of rules and conventions for exchanging data. Different computer types (for example PC, UNIX, or mainframe) can communicate if they support common protocols. provisioning The process of auto discovery or manually configuring a cable modem on the CMTS.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 154 TERM DEFINITION PSTN The public switched telephone network is the traditional circuit-switched, voice-oriented telephone network. See also POTS. public IP address The IP address assigned to the SVG2500 by the Internet Service provider. A public IP address is visible to devices on the Internet. See also private IP address. Q TERM DEFINITION QAM Quadrature Amplitude Modulation uses amplitude and phase modulation to encode multiple bits of data in one signaling element. QAM achieves faster data transfer than amplitude or phase modulation alone, but the signal is more prone to errors caused by noise. QAM requires a transmission circuit with a higher CNR than alternate modulation formats such as QPSK. Two types of QAM are: • 16 QAM, which encodes four bits per symbol as one of 16 possible amplitude and phase combinations. • 64 QAM, which encodes six bits per symbol as one of 64 possible amplitude and phase combinations. QPSK Quadrature Phase Shift Keying is a phase modulation algorithm. Phase modulation is a version of frequency modulation where the phase of the carrier wave is modulated to encode bits of digital information in each phase change. QoS Quality of service describes the priority, delay, throughput, and bandwidth of a connection. R TERM DEFINITION RAS Remote Access Server registration How a cable modem makes itself known to the CMTS. The cable modem configuration file and authorization are verified and the CoS is negotiated. return loss A measurement of the quality of the match of the device to the cable system. Return loss is the ratio of the amount of power reflected by the device. A return loss of 20 dB or greater is preferred. RF Radio Frequency — signals used by the CMTS transmitter and receiver to send data over HFC. The carrier is modulated to encode the digital data stream for transmission across the cable

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 155 TERM DEFINITION network. RFC Request for Comments published on the IETF or other websites. Many RFCs become international standards. RJ-11 The most common type of connector for household or office phones. RJ-45 An 8-pin modular connector; the most common connector type for 10Base-T or 100Base-T Ethernet networks. ROM read-only memory router On IP networks, a device connecting at least two networks, which may or may not be similar. A router is typically located at a gateway between networks. A router operates on OSI network layer 3. It filters packets based on the IP address, examining the source and destination IP addresses to determine the best route on which to forward them. A router is often included as part of a network switch. A router can also be implemented as software on a computer. routing table A table listing available routes that is used by a router to determine the best route for a packet. RTS request to send S TERM DEFINITION scope The set of IP addresses that a DHCP server can lease to clients. server In a client/server architecture, a dedicated computer that supplies files or services such as file transfer, remote login, or printing to clients. service provider A company providing data or telephone services to subscribers. SDU service data unit SID A service ID is a unique 14-bit identifier the CMTS assigns to a cable modem or gateway that identifies the traffic type it carries (for example, data or voice). The SID provides the basis for the CMTS to allocate bandwidth to the cable modem and implement CoS. SME small and medium enterprise SMTP Simple Mail Transfer Protocol is a standard Internet protocol for transferring e-mail. SNMP Simple Network Management Protocol is a standard to monitor

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 156 TERM DEFINITION and manage networks and network devices. Data is exchanged using PDU messages. SOHO small office home office spectrum A specified range of frequencies used for transmission of electromagnetic signals. spectrum allocation An allocation of portions of the available electromagnetic spectrum for specific services, such as AM, FM, or personal communications. splitter A device that divides the signal from an input cable between two or more cables. SSID The Service Set Identifier or network name is a unique identifier that wireless clients use to associate with an access point to distinguish between multiple WLANs in the same area. All clients on a WLAN must have the same SSID as the access point. stateful inspection A type of firewall that tracks each connection, traversing all firewall interfaces to ensure validity. In addition to examining the source and destination in the packet header based on static rules, a stateful inspection firewall: • Examines packet headers on context established by previous packets that traversed the firewall • Monitors the connection state and saves it in a table • Closes ports until a connection to a specific port is requested • May examine the packet contents up through the application layer to determine more than just the source and destination A stateful inspection firewall is more advanced than a static filter firewall. static filter A type of firewall that examines the source and destination in the packet header based on administrator-defined rules only. static IP address An IP address that is permanently assigned to a host. Normally, a static IP address must be assigned manually. The opposite of dynamic IP address. static route A manually-defined route. station IEEE 802.11b term for wireless client. subscriber A home or office user who accesses television, data, or other services from a Internet Service provider. subnet mask A bit mask that is logically ANDed with the destination IP address of a packet to determine the network address. A router routes

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 157 TERM DEFINITION packets using the network address. subnetwork A part of a network; commonly abbreviated “subnet.” When subnetting is used, the host portion of the IP address is divided into a subnet and host number. Hosts and routers use the subnet mask to identify the bits used for the network and subnet number. switch On an Ethernet network, a switch filters frames based on the MAC address, in a manner similar to a bridge. A switch is more advanced because it can connect more than two segments. synchronous The SVG2500 uses synchronous timing for upstream data transmissions. The CMTS broadcasts timing messages that bandwidth is available. The SVG2500 reserves data bytes requiring x number of mini-slots. The CMTS replies that it can receive data at a specified time (synchronized). At the specified time, the SVG2500 transmits the x-number of data bytes. symbol rate Also known as baud rate. This is a measure of the number of times per second a signal in a communications channel varies or makes a transition between states (states being frequencies, voltage levels or phase angles). Usually measured in symbols per second (sps). SYSLOG A de-facto UNIX standard for logging system events. T TERM DEFINITION TBCP Tagged Binary Communication Protocol TCP Transmission Control Protocol on OSI transport layer four, provides reliable transport over the network for data transmitted using IP (network layer three). It is an end-to-end protocol defining rules and procedures for data exchange between hosts on top of connectionless IP. TCP uses a timer to track outstanding packets, checks error in incoming packets, and retransmits packets if requested. TCP/IP Transmission Control Protocol/Internet Protocol suite. It provides standards and rules for data communication between networks on the Internet. It is the worldwide Internetworking standard and basic communications protocol of the Internet. TFTP Trivial File Transfer Protocol is a very simple protocol used to transfer files. TKIP Temporal Key Integrity Protocol

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 158 TERM DEFINITION Transparent bridging A method to enable all hosts on the wired Ethernet LAN, WLAN, and USB connection to communicate as if they were all connected to the same physical network. transport layer Layer of the OSI concerned with protocols for error recognition and recovery. This layer also regulates information flow. trunk Electronic path over which data is transmitted. TTL The time to live is the number of routers (or hops) a packet can traverse before being discarded. When a router processes a packet, it decreases the TTL by 1. When the TTL reaches zero, the packet is discarded. tunnel To place packets inside other packets to send over a network. The protocol of the enclosing packet is understood by each endpoint, or tunnel interface, where the packet enters and exits on the network. VPNs rely on tunneling to create a secure network. Tunneling requires the following protocol types: • A carrier protocol, such as TCP, used by the network that the data travels over • An encapsulating protocol, such as IPSec, L2F, L2TP, or PPTP, that is wrapped around the original data • A passenger protocol, such as IP, for the original data two-way A cable system that can transmit signals in both directions to and from the headend and the subscriber. U-Z TERM DEFINITION UDP User Datagram Protocol unicast A point-to-point data transmission sent from one sender to one receiver. This is the normal way you access websites. See also broadcast and multicast upstream In a cable data network, upstream describes the direction of data sent from the subscriber’s computer through the cable modem to the CMTS and the Internet. USB Universal Serial Bus is a computer interface for add-on devices such as printers, scanners, mice, modems, or keyboards. USB supports data transfer rates of 12 Mbps and plug-and-play installation. You can connect up to 127 devices to a single USB port.

This document is uncontrolled pending incorporation in PDM 17 GLOSSARY 160 TERM DEFINITION WLAN wireless LAN world wide web An interface to the Internet that you use to navigate and hyperlink to information. WPA Wi-Fi Protected Access (WPA) encryption, as described on the Wi-Fi Alliance web page: http://www.wifialliance.org It is a far more robust form of encryption than WEP. Motorola recommends using WPA if all of your client hardware supports WPA.

This document is uncontrolled pending incorporation in PDM Motorola, Inc. 101 Tournament Drive Horsham, PA 19044 U.S.A. http://www.motorola.com 540596-001-a 08/07