How to set up SBC's Netopia Cayman 3546 ADSL router for routing without NAT
By David Barker
Make: Netopia
Model: Cayman 3546 ADSL router
Default User ID:  admin
Default Password:  serial number of router
Summary:

When SBC installs the Netopia Cayman 3546, they usually set it up with NAT turned on. What most business with their own ISA firewall server want is to have the router act as a router without any fire walling and without Network Address Translations. Sometimes people refer this mode as bridging but bridging is a totally different option.

If you set up the Netopia Cayman 3546 as a bridge, then your firewall/servers must do the PPPOE authentication directly. This usually is not desirable. The Netopia Cayman 3546 can do all the authentication for you and make your life easier. In true bridging mode, you loose control of the router to a large degree. Your future options are limited.

By setting up the Netopia Cayman 3546 as a router with NAT turned off, you gain the use of the IP block assigned to you. You gain full control over the traffic that is passed to your ISA firewall server. If you do not have a good firewall server or firewall appliance, then you may want to keep NAT turned on.

To configure router for Routing w/o NAT:

You must configure access from the NAT side of the router unless the router is configured with Restrictions - None (located under Configure-WAN-WAN IP Interface-PPP over Ethernet-Restrictions option).

Router Setting: Configure-Advanced

  • Turn off DHCP server

Router Setting: Configure-WAN

  • PPP over Ethernet
            Uncheck Address Mapping

Router Setting: Configure-LAN

  • IP address: IP address assigned to router. Usually the last IP number of the IP block assigned to the customer.
  • IP mask: Use 255.255.255.248 for a block of five usable IP addresses

Router Setting: Upper right top of screen click on the ! icon. If validation passes, click on Save and Restart.

On the Firewall Server:

On the WAN NIC, set the IP address, Mask, and Gateway address with the desired public IP address and mask. Also review and set DNS as needed. Most firewall servers do their own DNS resolving and are not dependent on the ISP DNS settings.

Test for proper routing and connectivity. Once you are satisfied with router configuration, be sure to disable the public access to the router configuration settings:

Router Setting: Configure-WAN

  • WAN IP Interface-PPP over Ethernet
        Restrictions-Admin Disabled

Router Setting: Upper right top of screen click on the ! icon. If validation passes, click on Save and Restart.

This will disable public access to the router. The router maintenance will need to be made from within the customer facilities.

If you found this technical note helpful and feel it is worth something to you, please send us a small donation by clicking on one of the donation buttons or visiting one of our sponsors

Electrosonics, Inc.
Web Technical Articles
17150 15 Mile Road
Fraser, MI 48026
Hit Counter
©1997-2006, 2007 Electrosonics, Inc., Fraser, Michigan
All trademarks, registered trademarks, and copyrights are the properties of their respective companies.