SMC SMCWBR14-G2 Manual 2
Contents
1. ule Number UAL Keyword ule Number URL Keyword site 1 funs Site 16 n Site 2 arg Site 7 Advanced Settings Site 3 fwwwaunsurable com Ste 10 f Stos f Sto 19 Stes f Ste 2 site 6 f Ste 2 f se sa 5 aN aa rn 2 gt Ste 10 f Ste 25 sei stew yp site 12 f Site 27 f 2a You can define up to 30 sites or keywords here To configure the Parental Site 13 Site 28 Control feature use the table to specify the web sites www somesite com and or keywords you want to block on your network To complete this configuration you will need to create or modify an access rule in Access Control Add PC on page 4 34 To modify an existing rule click the Edit option next to the rule you want to modify To create a new rule click on the Add PC option From the Access Control Add PC section check the option for WWW with Parental Control in the Client PC Service table to filter out the web sites and keywords selected below on a specific PC Click Save Settings to proceed or Cancel to change your settings SECURITY Intrusion Detection The BARRICADE s firewall inspects packets at the application layer maintains TCP and UDP session information including timeouts and number of active sessions and provides the ability to detect and prevent certain types of network attacks such as Denial of Service DoS attacks Intrusion Detection When the SPI Stateful Packet Inspection2. The NAT address mappings are listed 20 lines per page click the control buttons to move forwards and backwards As the NAT mapping is dynamic a Refresh button is provided to refresh the NAT Mapping Table with the most updated values The content of the NAT Mapping Table is described as follows e Protocol protocol of the flow Local IP local LAN host s IP address for the flow e Local Port local LAN host s port number for the flow e Pseudo IP translated IP address for the flow e Pseudo Port translated port number for the flow Peer IP remote WAN host s IP address for the flow e Peer Port remote WAN host s port number for the flow 4 59 CONFIGURING THE BARRICADE Maintenance 4 60 Use the Maintenance menu to back up the current settings to restore previously saved settings or to restore the factory default settings Configuration Tools Configuration Tools Use the Backup tool to save the wireless router s currant configuration to a file on your PC You can then use the Restore tool to restore the saved Configuration to the wireless router Altematively you can use the Restore to Factory Defaults tool to force the wireless router to perform a power roset and restore the original factory settings WARNING All configuration settings wi be lost so also the username and password of your ISP Please backup your configuration first Before your reset the wirel
3. Modulation Type OFDM CCK Operating Channels IEEE 802 11b Compliant 11 channels US Canada 13 channels ETSD 14 channels Japan Operating Channels IEEE 802 11g Compliant 13 channels US Canada Europe Japan SPECIFICATIONS RF Output Power Modulation Rate Output Power dBm 802 11b 1Mbps 17 802 11b 2Mbps 17 802 11b 5 5Mbps 17 802 11b 11Mbps 17 Modulation Rate Output Power dBm 802 11g 6Mbps 16 802 11g 9Mbps 16 802 11g 12Mbps 16 802 11g 18Mbps 16 802 11g 24Mbps 16 802 11g 36Mbps 16 802 11g 48Mbps 14 802 11g 54Mbps 12 Standards Compliance Environmental CE Mark Temperature Operating 0 to 40 C 32 to 104 F Storage 40 to 70 C 40 to 158 F Humidity 5 to 95 non condensing Vibration IEC 68 2 36 IEC 68 2 6 Shock IEC 68 2 29 Drop IEC 68 2 32 C 3 SPECIFICATIONS C 4 FOR TECHNICAL SUPPORT CALL From U S A and Canada 24 hours a day 7 days a week 800 SMC 4 YOU Phn 949 679 8000 Fax 949 679 1481 From Europe Contact details can be found on WWww smc europe com or www smc com From Asia Pacific Contact details can be found on www smc asia com INTERNET E mail addresses techsupport smc com european techsupport smc europe com support smc asia com Driver updates http www smc com index cfm action tech_support_ drivers downloads http www smc asia com index php option com_downloads amp Itemid 50 World Wide Web
4. TABLE OF CONTENTS Introduction sense 1 1 About the BARRICADES yos 22 2 2 0a u ni kenn 1 1 Featutes and Benelitsn 2 ini 1 2 APPICaHOnS d a ed Be 1 3 Tastalation gio Os a a ni 2 1 Package C ntentse su sta ee ea nen 2 1 System Requirements u 3 Osa ele are 2 2 Hardware Description 00 cee 2 2 TS PIS ett os or N Eu a agate EE gael a eg 2 5 Connect the Systemisk e Rn an 2 5 Desktop Installation 6 0 eee eee 2 5 Wall Mount Installation 0 2 6 Connecting the BARRICADE to your LAN 2 2 7 Connect the Power Adapter 0 cee eee 2 7 Application Examiple gt syrena ienaa ee AS Zn ar I Eades 2 8 Configuring The Client PC 0005 3 1 TCP IP Configuration este en eae ee 3 2 Windows 2000 ara a wer EL EAS 3 3 Obtain IP Settings From Your BARRICADE 3 5 Manual IP Configuration 1 0 0 0 0c cece cee eee ee 3 7 Windows XP ns ee 3 9 Disable HEP Proxy in a 3 14 Configuring Your Macintosh Computer s s s sesser eee eee 3 15 Disable HTTE Proxy soc sass io aaa Boosts ake BUN Sty 3 17 Configuring the BARRICADE 4 1 Navigating the Web Browser Interface 0 0 0 0 6 0 0 cece eee eee 4 2 Making Configuration Changes 00 00 eee ee eee 4 3 Login Screen a cate hia a ahead Beier aah re 4 4 Setups Wizard Narnia Busen een 4 5 Getting Statted msi ski ser 4 5 Wireless Settings ai a ea ent La 4 6 Internet Settings estes 2 reset 4 8 ix TABLE OF
5. TZO com http www tzo com For using DDNS click on the enable radio button select the DDNS Service type and then enter the Domain Name Account E mail address and Password Key ADVANCED SETTINGS Routing This section defines routing related parameters including static routes and RIP Routing Information Protocol parameters Static Route Static Route Parameter Please Enter the Following Configuration Parameters Index Network Address Subnet Mask Gateway Configure No Valid Static Route Entry IH aI Static Route Parameter Please Enter the Following Configuration Parameters Index Network address Subnet Mask Gateway Configure Tu a SAVE SETTINGS CANCEL x Click Add to add a new static route to the list Parameter Description Index Index number of the route Network Address Enter the IP address of the remote computer for which to set a static route Subnet Mask Enter the subnet mask of the remote network for which to set a static route Gateway Enter the WAN IP address of the gateway to the remote network Configure Allows you to edit existing routes Click Save Settings to save the configuration 4 71 CONFIGURING THE BARRICADE RIP RIP sends routing update messages at regular intervals and when the network topology changes a RIP Parameter The device supports Routing Information Protocol RIP vi and v2 to dynamically e
6. Be sure the device you want to ping or from which you are pinging has been configured for TCP IP TROUBLESHOOTING Troubleshooting Chart Symptom Action Management Problems Cannot connect Be sure to have configured the BARRICADE with a using the web valid IP address subnet mask and default gateway rowser j 3 browse e Check that you have a valid network connection to the BARRICADE and that the port you are using has not been disabled e Check the network cabling between the management station and the BARRICADE Forgot or lost e Press the Reset button on the bottom panel holding the password it down for at least six seconds to restore the factory defaults A 3 TROUBLESHOOTING Troubleshooting Chart Symptom Action Wireless Problems A wireless PC cannot associate with the BARRICADE Make sure the wireless PC has the same SSID settings as the BARRICADE See Channel and SSID on page 4 26 e You need to have the same security settings on the clients and the BARRICADE See Security on page 4 29 The wireless network is often interrupted Move your wireless PC closer to the BARRICADE to find a better signal If the signal is still weak change the angle of the antenna There may be interference possibly caused by microwave ovens or wireless phones Change the location of the possible sources of interference or change the loc
7. 1 To disable the proxy in Internet Explorer click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below 2 In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box is not ticked 3 Click OK Internet Options General Security Privacy Content Connections Programs Advanced D To set up an Internet connection click 5 Setup etup Dial up and Virtual Private Network settings Choose Settings if you need to configure a proxy server for a connection Local Area Network LAN settings LAN Settings do not apply to dial up connections LAN Settings Choose Settings above for dial up settings Local Area Network LAN Settings Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration C Automatically detect settings o Use automatic configuration script Proxy server o Use a proxy server for your LAN These settings will not apply to dial up or VPN connections CONFIGURING THE CLIENT PC Configuring Your Macintosh Computer You may find that the instructions here do not exactly match your operating system This is be
8. End Daylight Savings Time January IT F Set Date and Time Manually pate Hase EEE Twoinemn sec 53 53 53 F Enable Automatic Time Server Maintenance a When you enable this option you will need ta configure two different tine servers use the options below to set the primary and secondary NTP servers in your area Configure Time Server NTP Pi a Set the time zone and time server for the BARRICADE This information is used for log entries and client access control e Set Time Zone Select your time zone from the drop down list Enable Daylight Savings Check Enable Daylight Savings and set the start and end dates if your area requires daylight savings Set Date and Time Manually For manually setting the date and time configure the date and time by selecting the options from the drop down list 4 63 CONFIGURING THE BARRICADE Enable Automatic Time Server Maintenance Check Enable Automatic Time Server Maintenance to automatically maintain the BARRICADE s system time by synchronizing with a public time server over the Internet Configure Time Server NTP Configure two different time servers by selecting the options in the Primary Server and Secondary Server fields Setup Wizard Configure Time Server NTP Home Network You can automatically maintain the system time on your Wirsless Router by synchronizing with a public tna server over the Internet Primary Server 12
9. firewall feature is enabled all packets can be blocked Stateful Perret ber brat en a CO OSS PO DARRE For applications chacked in tho ist below the Device will support ful cperation agitated em the IEAA The Device firewall can block common hacker attacks including IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding Intrusion Detection Feature Stateful Packet Inspection a CONFIGURING THE BARRICADE 4 38 005 Detect Criteria Total incomplete TCP UDP sessions HIGH 200 sozzion Total incomplete TCP UDP sessions LOW BT cession Incomplete TCP UDP sessions per min HIGH so ession Incomplete TCP UDP sessions per min LOW f0 snssion Maximum incomplete TCP UO sessions number from same host fo Incomplete TCP VOP sessions detect sensitive time period oo msec Maximum half open fragmentation packet number from same host fo Advanced Settings Half open fragmentation detect sensitive tme period i0000 msec Flooding cracker block time ogc SAVE SETTINGS CANCEL ri Network attacks that deny access to a network device are called DoS attacks DoS attacks are aimed at devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The BARRICADE protects against DoS attacks including Pin
10. stored on or integrated with any products returned to SMC pursuant to any warranty Products returned to SMC should have any customer installed accessory or add on components such as expansion modules removed prior to returning the product for replacement SMC is not responsible for these items if they are returned with the product Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC Proof of purchase may be required Any product returned to SMC without a valid Return Material Authorization RMA number clearly marked on the outside of the package will be returned to customer at customer s expense For warranty claims within North America please call our toll free customer support number at 800 762 4968 Customers ate responsible for all shipping charges from their facility to SMC SMC is responsible for return shipping charges from SMC to customer LIMITED WARRANTY WARRANTIES EXCLUSIVE IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE CUSTOMER S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION AT SMC S OPTION THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS EXPRESS OR IMPLIED EITHER IN FACT OR BY OPERATION OF LAW STATUTORY OR OTHERWISE INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR
11. 0 for the Default gateway 192 1683 2 1 subnet mask Use Obtain DNS server address automatically 192 168 2 1 for the Use the following DNS server addresses Preferred DNS server 192 168 2 1 Default gateway field Alternate DNS server r Select Use the Advanced following DNS server addresses Enter the IP address for the BARRICADE in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes Record the configured information in the following table TCP IP Configuration Setting IP Addtess Subnet Mask Preferred DNS Server Alternate DNS Server Default Gateway 3 7 TCP IP CONFIGURATION Disable HTTP Proxy You need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your browser can view the BARRICADE s HTML configuration pages 1 To disable the proxy in REET Internet Explorer click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below 2 In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box
12. Card 10 100 SMC1255FTX ST 2 This connection uses the following items QoS Packet Scheduler F AEGIS Protocol IEEE 802 1x v2 3 1 9 CP IP Internet Pre Internet Protocol TCP IP Properties pa Sr re General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Cancel CONFIGURING THE CLIENT PC Obtain IP Settings From Your BARRICADE Now that you have configured your computer to connect to your BARRICADE it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your BARRICADE you can verify that you have configured your computer correctly On the Windows desktop click Start Programs Accessories Command Prompt TEPE W Windows Catalog E o 9 MSN Explorer N Accessibilit Windows Update a i I Communications Windows Media Play IM Entertainment Games M System Tools i ny Windows Movie Make E Tau windows ve be e Snaglt 5 0 Windows Media Player AllPrograms 3 Windows Messenger IM Stnet Ex I Startup 8 Internet Explorer Tg MSN Explorer a Outlook Express WD Add
13. Direct connection on the same subnet S Static route R RIP Routing Information Protocol assigned route I ICMP Internet Control Message Protocol Redirect route Destination IP address The subnetwork associated with the destination This is a template that identifies the address bits in the destination address used for routing to specific subnets Each bit that corresponds to a 1 is part of the subnet mask number each bit that corresponds to 0 is part of the host number The IP address of the router at the next hop to which frames are forwarded The local interface through which the next hop of this route is reached When a router receives a routing update that contains a new or changed destination network entry the router adds 1 to the metric value indicated in the update and enters the network in the routing table 4 74 APPENDIX A TROUBLESHOOTING This section describes common problems you may encounter and possible solutions to them The BARRICADE can be easily monitored through panel indicators to identify problems Troubleshooting Chart LED Indicators Symptom Action Power LED is off Check connections between the BARRICADE the external power supply and the wall outlet If the power indicator does not turn on when the power cord is plugged in you may have a problem with the power outlet power cord or external power supply However if the unit powers o
14. IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Ob Use the following IP address IP address a a Subnet mask Default gateway EEE Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server Alternate DNS server CONFIGURING THE CLIENT PC Obtain IP Settings From Your BARRICADE Now that you have configured your computer to connect to your BARRICADE it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your BARRICADE you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs gt amp Communications gt Command Prompt f ies E Internet Explorer E Outlook Express w Paint Y Y wordpad y Accessories Command Prompt amp Shut Down stort GES 2 Inthe Command Prompt window type IPCONFIG RELEASE and press the Enter key Microsoft Windows 2000 Version 5 88 2195 lt C gt Copyright 1985 2808 Microsoft Corp C Documents and Settings laurence gt IPCONFIG RELEASE Windows 2888 IP Configuration IP address successfully released for adapter Local Area Connection 2 C Documents and Settings laurence gt 3 5 TCP IP CoNFIGURATION 3 6 Ty
15. http www sme com http www smc europe com http www smc asia com For Literature or Advertising Response Call U S A and Canada 800 SMC 4 YOU Fax 949 679 1481 Spain 34 91 352 00 40 Fax 34 93 477 3774 UK 44 0 8712779802 Fax 44 0 1189748701 France 33 0 41383232 Fax33 0 41380158 Italy 39 0 3355708602 Fax39027391417 Benelux 3133 4557288 Fax 3133455 73 30 Central Europe 49 0 8992861 0 Fax49 0 8992861 230 Nordic 46 0 86870700 Fax 46 0 8876262 Eastern Europe 34 93 477 4920 Fax 3493 477 3774 Sub Saharan Africa 216 712 36616 Fax 216 71751415 North West Africa 3493 477 4920 Fax 34 93 477 3774 CIs 7 095 7893573 Fax 7 095 789 357 PRC 86 10 6235 4958 Fax86 10 6235 4962 Taiwan 886 2 87978006 Fax 886 2 87976288 Asia Pacific 65 62386556 Fax 65 6238 6466 Japan 81 45 224 2332 Fax 81 45 224 2331 India 91 11 51436361 62 Fax91 11 51601838 Thailand 66 2651 8733 Fax 66 26518737 Middle East 971 4883 0610 Fax 971 4883 0611 If you are looking for further contact information please visit www smc com WWW smc europe com or www smc asia com Irvine CA 90618 SMCWBR14 G2 Phone 943 679 8000 E032006 R02 F1 0
16. in the event of any incorrect missing or damaged parts If possible please retain the carton and original packing materials in case there is a need to return the product 2 1 INSTALLATION System Requirements You must meet the following minimum requirements Internet access from your local telephone company or Internet Service Provider ISP using a DSL modem or cable modem A computer with a CD ROM drive e Windows 98 or later MacOS 9 x e An up to date web browser Internet Explorer 5 5 or later e Mozilla 1 7 Firefox 1 0 or later Hardware Description 2 2 The BARRICADE connects to the Internet or to a remote site using its WAN RJ 45 port linked to a modem It also can be connected directly to your PC or to a local area network using the Fast Ethernet LAN port Access speed to the Internet depends on your service type Full rate ADSL provides up to 8 Mbps downstream and 1 Mbps upstream G lite or splitterless ADSL provides up to 1 5 Mbps downstream and 512 kbps upstream However you should note that the actual rate provided by specific service providers may vary dramatically from these upper limits Data passing between devices connected to your local area network can run at up to 100 Mbps over the Fast Ethernet port and 54 Mbps over the built in wireless network adapter The BARRICADE includes an LED display on the front panel for system power and port indications that simplifies installation and n
17. it to any input voltage within the range marked on the power adapter Information for Power Source meee This unit is to be used with a class 2 or level 3 external power adapter approved suitable for use in North American equipment installation having an output voltage rating of 9 V DC and output current rating of 1 0 A or equivalent The external AC adapter must be complied with the requirements of LPS Limited Power Sources vii COMPLIANCES viii Wichtige Sicherheitshinweise Germany 1 n 10 11 12 13 14 15 Bitte lesen Sie diese Hinweise sorgf ltig durch Heben Sie diese Anleitung f r den sp teren Gebrauch auf Vor jedem Reinigen ist das Ger t vom Stromnetz zu trennen Verwenden Sie keine Fl s sigoder Aerosolreiniger Am besten eignet sich ein angefeuchtetes Tuch zur Reinigung Die Netzanschlu Bsteckdose soll nahe dem Ger t angebracht und leicht zug nglich sein Das Ger t ist vor Feuchtigkeit zu sch tzen Bei der Aufstellung des Ger tes ist auf sicheren Stand zu achten Ein Kippen oder Fallen k nnte Besch digungen hervorrufen Die Bel ftungs ffnungen dienen der Luftzirkulation die das Ger t vor berhitzung sch tzt Sorgen Sie daf r da diese ffnungen nicht abgedeckt werden Beachten Sie beim Anschlu an das Stromnetz die AnschluBwerte Verlegen Sie die Netzanschlu leitung so da niemand dar ber fallen kann Es sollte auch nichts auf der Leitung abgestellt werden Al
18. running the new code 4 61 CONFIGURING THE BARRICADE Reset Perform a reset from this screen Reset In the evant that the system stops responding correctly or in some way stops functioning you can perform a reset Your settings will not be changes To perform the reset click on the SAVE SETTINGS button below You wil be asked to confirm your decision The reset wil be complete whan the powor light stops binking Advanced Settings Reboot Wireless Router a To perform a system reset click the Reboot Wireless Router button in the screen above The configurations that you have set previously will not be changed back to the factory default settings Note You may also use the reset button on the bottom of the BARRICADE to perform a reset Push for one second to perform a reboot All of your settings will remain upon restarting Push for six seconds to return the BARRICADE to factory default settings 4 62 ADVANCED SETTINGS System This section includes all the basic configuration tools for the BARRICADE such as time settings password settings and remote management Time Settings Time Settings Use this setting to insure the time based client filtering feature and system log entries are based on the correct localzed time Advanced Settings Sot Time Zane G4T 01 00 Amsterdam Serin Berm Rome Stockholm Vienna Enable Daylight Savings Start Daylight Savings Time January ST E
19. security over the wireless network Virtual Private Network VPN Pass through The BARRICADE supports three of the most commonly used VPN protocols PPTP L2TP and IPSec The VPN protocols supported by the BARRICADE are briefly described below e Point to Point Tunneling Protocol Provides a secure tunnel for remote client access to a PPTP security gateway PPTP includes provisions for call origination and flow control required by ISPs L2TP merges the best features of PPTP and L2F Like PPTP L2TP requires that the ISP s routers support the protocol IP Security Provides IP network layer encryption IPSec can support large encryption networks such as the Internet by using digital certificates for device authentication CHAPTER 2 INSTALLATION Before installing the BARRICADE verify that you have all the items listed under Package Contents If any of the items are missing or damaged contact your local distributor Also be sure that you have all the necessary cabling before installing the BARRICADE After installing the BARRICADE refer to Configuring the BARRICADE on page 4 1 Package Contents After unpacking the BARRICADE check the contents of the box to be sure you have received the following components BARRICADE 54Mbps g Wireless Broadband Router SMCWBR14 G2 Power adapter One CAT 5 Ethernet cable RJ 45 One documentation CD Quick Install Guide Immediately inform your dealer
20. the key type to be used in the Pre shared Key Pre shared Key Type the key here Group Key Re_Keying The period of renewing the broadcast multicast key 4 49 CONFIGURING THE BARRICADE 4 50 WPA WPA addresses all known vulnerabilities in WEP the original less secure 40 or 104 bit encryption scheme in the IEEE 802 11 standard WPA also provides user authentication since WEP lacks any means of authentication Designed to secure present and future versions of IEEE 802 11 devices WPA is a subset of the IEEE 802 111 specification WPA replaces WEP with a strong new encryption technology called Temporal Key Integrity Protocol TKIP with Message Integrity Check MIC It also provides a scheme of mutual authentication using either IEEE 802 1X Extensible Authentication Protocol EAP authentication or pre shared key PSK technology The passphrase can consist of up to 32 alphanumeric characters WPA2 Launched in September 2004 by the Wi Fi Alliance WPA2 is the certified interoperable version of the full IEEE 802 11i specification which was ratified in June 2004 Like WPA WPA2 supports IEEE 802 1X EAP authentication or PSK technology It also includes a new advanced encryption mechanism using the Counter Mode CBC MAC Protocol CCMP called the Advanced Encryption Standard AES WPA and WPA2 Mode Types WPA WPA2 Enterprise Mode Authentication Authentication IEEE 802 1X EAP IEEE 802 1X EAP Encryption Encr
21. 128 000 001 080 r Advanced wektinnn WWW with Parental Control HTTP Ref Parental Control Page E mail Sending SMTP TCP Port 25 F News Forums NNTP TCP Port 119 F E mail Receiving POPS TCR Port 110 ri Secure HTTP HTTPS TCP Port 443 r File Transfer FTP TCP Port 21 G Tenet Service TCP Port 23 r AM AOL Instant Messenger TCP Port 5190 r NetMeeting TCP Port 1720 1503 r DNS UDP Port 53 r aie VPN PRTP TCP Port 1723 x a Define the appropriate settings for Wetec Rika Rat aiiai tana Pegs client PC services as shown above At the bottom of this screen you can set the scheduling function You can set this function to Always Blocking ot to whatever schedule you have defined in the Schedule Rule screen Click OK to save your settings The added PC will now appear in the Access Control page For the URL keyword blocking function you will need to configure the URL address or blocked keyword on the Parental Control page first Click Parental Control to add to the list of disallowed URL s and keywords To enable scheduling you also need to configure the schedule rule first Click Schedule Rule in the left hand menu to set the times for which you wish to enforce the rule SECURITY MAC Filter Use this page to block access to your network using MAC addresses MAC Filter 2 This section helps provides MAC F ter configuration When enabled only MAC addresses configured will have accass to your natwork All o
22. 9 122 2 21 Europe Secondary Server 130 143 17 8 Europe a SAVE SETTINGS CANCEL j 4 64 ADVANCED SETTINGS Password Settings Use this page to restrict access based on a password For security you should assign one before exposing the BARRICADE to the Internet Password Settings Set a password to rastnct management access to the wireless router If you want to manage the wireless router from a remote location outside of the local network you must also specify the 1P address of the remote PC You can do this in the System Remote Management menu Current Password e Now Password e Re Enter Password for Verification Idle Time Outil30 Min idle Tene 0 NO Time Out SAVE SETTINGS CANCEL re Passwords can contain from 3 to12 alphanumeric characters and are case sensitive Note If your password is lost or you cannot gain access to the user interface press the Reset button on the bottom panel holding it down for at least six seconds to restore the factory defaults The default password is smcadmin Enter a maximum Idle Time Out in minutes to define a maximum period of time an inactive login session will be maintained If the connection is inactive for longer than the maximum idle time it will be logged out and you will have to log in to the web management system again Setting the idle time to 0 will mean the connection never times out Default 10 minutes 4 65 CONFIGURING THE BARR
23. ARRICADE s Home Network Settings interface contains four main menu items as described in the following table Menu Description Status Provides WAN connection type and status firmware and hardware version numbers system IP settings as well as DHCP NAT and firewall information Displays the number of attached clients the firmware versions the physical MAC address for each media interface and the hardware version and serial number Shows the security and DHCP client log LAN Sets the TCP IP configuration for the BARRICADE LAN interface and Settings DHCP clients WAN Specifies the Internet connection settings Settings Wireless Configures the radio frequency SSID and security for wireless communications Status Home NETWORK SETTINGS The Status screen displays WAN LAN connection status firmware and hardware version numbers as well as information on DHCP clients connected to your network You can also view the Security Log Status your network You can use the Status screen to see the connection status for the wireless router s WAN LAN interfaces firmware and hardwa version numbers any illegal attempts to access your network as weil as information on all DHCP client PCs currently connected e Current Tene 2005 10 10 19 20 22 Wireless MAC Address WAN MAC Address INTERNET Unk Status CONNECTED WAN IP 10 1 20 47 Subnet Mask 255 255 252 0 Gateway 10 1 20 254 Primary ONS 10 1 3 5 Se
24. C SPECIFICATIONS IEEE Standards IEEE 802 3 10 BASE T Ethernet IEEE 802 3u 100 BASE TX Fast Ethernet IEEE 802 3 802 3u 802 11g 802 1D ITU G dmt ITU G Handshake ITU T 413 issue 2 ADSL full rate LAN Interface 4 RJ 45 10 BASE T 100 BASE TX ports Auto negotiates the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet and the transmission mode to half duplex or full duplex WAN Interface 1 ADSL RJ 45 port Indicator Panel LAN 1 4 WLAN PPPoE DSL WAN Power Dimensions 124 18 x 115 93 x 33 51 mm 4 89 x 4 56 x 1 32 in Weight 0 175 kg 0 469 lbs Input Power 9VIA DVE EU DV 91AUP US DV 91A Leader EU 48090100 C5 US 480910003CT Power Consumption 8 Watts maximum C 1 SPECIFICATIONS C 2 Advanced Features Dynamic IP Address Configuration DHCP DNS DDNS Firewall Client privileges hacker prevention and logging Stateful Packet Inspection Virtual Private Network PPTP IPSec pass through VPN pass through VLAN Ping Internet Standards RFC 826 ARP RFC 791 IP RFC 792 ICMP RFC 768 UDP RFC 793 TCP RFC 783 TFTP RFC 1483 AAL5 Encapsulation RFC 1661 PPP RFC 1866 HTML RFC 2068 HTTP RFC 2364 PPP over ATM Radio Features Wireless RF module Frequency Band 802 11g Radio 2 4GHz 802 11b Radio 2 4GHz USA FCC 2412 2462MHz Ch1 Ch11 Canada IC 2412 2462MHz Ch1 Ch11 Europe ETSI 2412 2472MHz Ch1 Ch13 Japan STD T66 STD 33 2412 2484MHz Ch1 Ch14
25. CONTENTS Home Network Settings 2 0 0 cece eee 4 14 STATUS en E al Rett A Mt lk a olde a 4 15 LAN Settinost sey bl er Een aa bas i Get 4 17 WAIN SEtENOS u 222 ea a Sa Ae elle 4 19 Wireless aus cialis Bae ee AS 4 25 SECUR Ai a ener a HE Be a Sud BEE EL 4 29 Bite wallet a a a ne 4 30 WATCIESS i 2 N Ener Seas an kan Sh Moe hans Rasta Mats ee 4 44 Advanced Settings u ns ee gee ed 4 53 INIA cis De LE Mish oie bes ee a Ra Er 4 54 Maintenance ht NEN aia ea 4 60 Syste Rinie a er Bam ae ee 4 63 WIP AP 52 ne ee 4 68 DNS Domain Name Server 2 222222 ceeneeeee een 4 69 DDNS Dynamic DNS 222222 cc 4 70 Routing ua ar En Dar ee Ban 4 71 A Troubleshooting 222er A 1 Be SCoBles una een an B 1 Ethernet Gabler ae ee ei B 1 Specifications nr a Er a Ne B 1 Wiring Conventions a5 aks za B 1 RJ 45 Port Ethernet Connection 00 B 2 Pin ASSiOnients su 2 nee B 3 C SPCeiica tons eoa patra wea aloe ne C 1 CHAPTER 1 INTRODUCTION Congratulations on your purchase of the BARRICADE 54Mbps g Wireless Broadband Router SMCWBR14 G2 We are proud to provide you with a powerful yet simple communication device for connecting your local area network LAN to the Internet For those who want to surf the Internet in the most secure way this router provides a convenient and powerful solution About the BARRICADE The BARRICADE provides Internet access to multiple users by sharing a single user account Th
26. E Up to 32 MAC addresses can be added to the MAC Filtering Table When enabled all registered MAC addresses are controlled by the Access Rule Access Control For a more secure Wireless network you can specify that only Certain Wireless PCs can connect to the Wireless Router Up to 32 MAC addrosses can bo added to the MAC Filtering Table whan enabled all ragstered MAC addresses are controled by the Access Rude Enable MAC Filtering C Enable Disable SAVE SETTINGS o Access Rude for registered MAC address sow C Deny e MAC Filtering Table up to 32 stations 19 MAC Address 1 foo foo foo foo foo foo 2 foo foo foo foo foo foo 3 oo foo foo foo s foo foo 4 60 foo sfo foo foo ioo s oo foo oo ifo sfo fo 6 foo ifo fo sfo foo oo T 7 foo sfo spo lt foo foo oo By default this MAC filtering feature is disabled WEP SECURITY WEP is the basic mechanism to transmit your data securely over a wireless network Matching encryption keys must be set up on your BARRICADE and and each of your wireless client devices Setup Wizard wer Home Network Settings WIEP is the ba r data securely over the wireless network Matchng encryption keys must Pre be setup o jont devices to use WER ae vala WER Mode R s bit F 128 bit Fe Enenypson Rey Entry Method f Hex Casci Kaker GOS Key Provisioning Static Dynamic U WPRWPAZ Eeoa o Static WEP Kay Setting Advanc
27. ICADE 4 66 Remote Management By default management access is only available to users on your local network However you can also manage the BARRICADE from a remote host by entering the IP address of a remote computer on this screen Check the Enabled check box and enter the IP address of the remote host and click Save Settings Remote Management Set the remote management of the wireless router If you want to manage the wireless router from a remote location outside of the local network you must specify the IP address of the remote PC Advanced Settings Enabled 7 Host address 0 fo pD fo Port 000 SAVE SETTINGS CANCEL r Note Ifyou check Enabled and specify an IP address of 0 0 0 0 any host can manage the BARRICADE For remote management via WAN IP address you need to connect using port 8080 Simply enter WAN IP address followed by 8080 in the address field of your web browser for example 212 120 68 20 8080 ADVANCED SETTINGS Syslog Server Syslog Server Using trd party syslog software thes Syslog Server tool will automatically download the router log te the server IP address specified below Sarvar LAN ID Address gt fo io fo Enablad M _ Save SETTINGS Cancer if The Syslog Server downloads the BARRICADE log file to the server with the IP address specified on this screen Syslog servers offer the possibility to capture the live logs of the router on a PC There are ma
28. IJKLMNOPQRSTUVWXYZ _ abcdefghijklmnopgrstuvwxyz Having selected and recorded your key click Save Settings to proceed or Cancel to go back WPA WPA2 SECURITY WPA WPA2 is a security enhancement that strongly increases the level of data protection and access control for existing wireless LAN Matching authentication and encryption methods must be set up on your BARRICADE and wireless client devices to use WPA WPA2 To use WPA your wireless network cards must be equipped with software that supports WPA A security patch from Microsoft is available for free download for XP only Setup Wizard Home Network Settings Security Firewall Wireless D Wireless Enerypoon Recess Control Advanced Settings Parameter WPA WPA2 Opher suite TKIPSARS WPA WPAZ Authentication 802 18 Pro shared Key Pre shared key typo passphrase 963 characters Hex 64 digits Pra shared Key Group Key Re_Keying pp 1000 Seconds Por 1000 K Packots Disable SAVE SETTINGS CANCEL Description Cipher Suite The security mechanism used in WPA for encryption Select TKIP AES WPA WPA2 or AES WPA2 Only Authentication Select 802 1X or Pre shared Key for the authentication method 802 1X for the enterprise network with a RADIUS server Pre shared key for the SOHO network environment without an authentication server Pre shared key type Select
29. IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF ITS PRODUCTS SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER S OR ANY THIRD PERSON S MISUSE NEGLECT IMPROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPTS TO REPAIR OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS WHICH MAY VARY FROM STATE TO STATE NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS SMC will provide warranty service for one year following discontinuance from the active SMC price list Under the limited lifetime w
30. NGS j Advanced Settings a To begin configuring your wireless security settings click Wireless Encryption SECURITY Wireless Encryption The BARRICADE can transmit your data securely over a wireless network Matching security mechanisms must be set up on your BARRICADE and your wireless client devices Select the most suitable security mechanism from the drop down list on this screen Setup Wizard Home Network Settings Security Firewall wireless D Wireless Enerypkion WEP Only i aecass Control WPAWPAR Only WEP wer cance U WPAWPAZ Security e Allowed Client Type No WEP No WRA WPA2 Advanced Settings af Parameter Description No WEP No WPA WPA2 Disables all wireless security To make it easier to set up your wireless network we recommend enabling this setting initially By default wireless secutity is disabled WEP Only Once you have your wireless network in place the minimum security we recommend is to enable the legacy security standard Wired Equivalent Privacy WEP See WEP on page 4 47 For maximum wireless security you should enable the WPA WPA2 option See WPA WPA2 on page 4 49 WPA WPA2 Only Click Save Settings to proceed or Cancel to change your settings 4 45 CONFIGURING THE BARRICADE 4 46 Access Control For a more secure wireless network you can specify that only certain wireless clients can connect to the BARRICAD
31. Network Name disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP Default Enable Wireless Mode This device supports the following modes 11g only 11b only and 11b g mixed mode Default 11b g Mixed mode Parameter SETUP WIZARD Description Wi Fi Channel Number Extend Range The radio channel used by the BARRICADE and its clients to communicate with each other This channel must be the same on the BARRICADE and all of its wireless clients The BARRICADE will automatically assign itself a radio channel or you may select one manually Default channel 6 Increases the range of the BARRICADE Default Disable 4 7 CONFIGURING THE BARRICADE Internet Settings Specify the WAN connection type required by your Internet Service Provider Specify Cable modem Fixed IP xDSL PPPoE xDSL PPTP or BigPond 3 Internet Settings Specify the WAN connection type required by your Internet Service Provider Specify Cable modem Meved IP xDSL or PPPOE xDSL z Pa cavie Modem A cable modem requires minimal configuration When you have setup an account with your Internet provider the wireless router will be automatically configured when plugged into the cable modem The host name feld is optional but may be required by some Service Providers If there is a Domain Name Server ONS
32. SMGWBR14 G2 BARRICADE 54Mbps G Wireless Broadband Router Wireless Broadband Router User s Guide From SMC s line of award winning connectivity solutions SMC March 2006 Networks 38 Tesla Irvine CA 92618 RO2 F W 1 0 Phone 949 679 8000 Information furnished is believed to be accurate and reliable However no responsibility is assumed by our company for its use nor for any infringements of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of our company We reserve the right to change specifications at any time without notice Copyright 2006 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks Product and company names are trademarks or registered trademarks of their respective holders LIMITED WARRANTY Limited Warranty Statement SMC Networks Inc SMC warrants its products to be free from defects in workmanship and materials under normal use and service for the applicable warranty term All SMC products carry a standard 90 day limited warranty from the date of purchase from SMC or its Authorized Reseller SMC may at its own discretion repair or replace any product not operating as warranted with a similar or functionally equivalent product during the applicable warranty term SMC will endeavor to repair or replace any product returned under warranty within 30 days
33. amic IP Tho Host name is optional but may be required by some Service Provider s The default MAC address is set to the WAN s physical interface on the Wirelass Router If required by your Service Provider yo Notwork Interface Card installed in your use the Clone MAC Address button to copy the MAC address of tho roplace the WAN Mac address if necessary you can use the Renew button on the Status page to renew the WAN IP address Host Name MAC Address fo h2 BEF ho E7 E0 Clone MAC Address SAVE SETINGS CANCEL Note Make sure you record the MAC address that you clone so that if you lose your settings you will be able to re connect to the Internet Click Save Settings to proceed or Cancel to change your settings Home NETWORK SETTINGS PPPoE Enter the PPPoE user name and password assigned by your Service Provider The Service Name is normally optional but may be required by some service providers Enter a Maximum Idle Time in minutes to define a maximum period of time for which the Internet connection is maintained during inactivity If the connection is inactive for longer than the Maximum Idle Time then it will be dropped You can enable the Auto reconnect option to automatically re establish the connection as soon as you attempt to access the Internet again Setup Wizard PPPOE SC oe MEERES ewan port is connected to an soma modem Many service providers provide PPP ovar Ethern
34. and Gateway IP address provided to you by your ISP in the appropriate fields below 5 ADSL settings By Fixed IP xDSL Te pb Suboat mask GF f p Gateway ad RE fp Enter the IP address Subnet Mask and Gateway IP address provided to you by your SP in tho appropriate fiokis above jarke Click NEXT to proceed or BACK to change your settings SETUP WIZARD ADSL Settings PPPoE Enter the User Name and Password required by your ISP in the appropriate fields If your ISP has provided you with a Service Name enter it in the Service Name field otherwise leave it blank Leave the Maximum Transmission Unit MTU at the default value 1454 unless you have a particular reason to change it Enter the maximum idle time for the Internet connection After this time has been exceeded the connection will be terminated Check Keep session to keep the session alive Check the Auto connect check box to automatically re establish the connection as soon as you attempt to access the Internet again Check the Manual connect check box to manually re establish the connection 3 Getting started 5 ADSL settings ee cE pppoe 9 Internet settings Use PPPOE Authentication 4 Modem settings m User Name AA Bee Password i Please retype your password Service Name MTU fia 576 lt MTU Value lt 1492 Maximum Idle Time x an f Keep session R Auto connect F Manuabconnect Enter the User Name and Password raqui
35. anel is lit If the power indicator is not lit refer to Troubleshooting on page A 1 In case of a power input failure the BARRICADE will automatically restart and begin to operate once the input power is restored If the BARRICADE is properly configured it will take about 30 seconds to establish a connection with the ADSL service provider after powering up 2 7 INSTALLATION Application Example The following diagram shows a typical network application 2 8 CHAPTER 3 CONFIGURING THE CLIENT PC After completing hardware setup by connecting all your network devices you need to configure your computer to connect to the BARRICADE You can either configure your computer to automatically obtain IP settings DHCP or manually configure IP address settings Static IP Depending on your operating system see Windows 2000 on page 3 3 Windows XP on page 3 9 or Configuring Your Macintosh Computer on page 3 15 3 1 TCP IP CONFIGURATION TCP IP Configuration 3 2 To access the Internet through the BARRICADE you must configure the network settings of the computers on your LAN to use the same IP subnet as the BARRICADE The default network settings for the BARRICADE are IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Note These settings can be changed to fit your network requirements but you must first configure at least one computer to access the BARRICADE s web configuration
36. arranty internal and external power supplies fans and cables are covered by a standard one year warranty from date of purchase SMC Networks Inc 38 Tesla Irvine CA 92618 Warranty terms may differ according to geographic region For complete details please consult your country s support section of the SMC web site http www smc com COMPLIANCES Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the distance between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced rad
37. ation of the BARRICADE e Change the wireless channel on the BARRICADE See Channel and SSID on page 4 26 e Check that the antenna connectors and cabling are firmly connected The BARRICADE cannot be detected by a wireless client e The distance between the BARRICADE and wireless PC is too great Make sure the wireless PC has the same SSID and security settings as the BARRICADE See Channel and SSID on page 4 26 and Security on page 4 29 APPENDIX B CABLES Ethernet Cable Caution Do not plug a phone jack connector into an RJ 45 port For Ethernet connections use only twisted pair cables with RJ 45 connectors that conform to FCC standards Specifications Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat 5 100 ohm UTP 100 m 328 ft RJ 45 Wiring Conventions For Ethernet connections a twisted pair cab e must have two pairs of wires Each wire pair is identified by two different colors For example one wire might be red and the other red with white stripes Also an RJ 45 connector must be attached to both ends of the cable B 1 CABLES Each wire pair must be attached to the RJ 45 connectors in a specific orientation The following figure illustrates how the pins on an Ethernet RJ 45 connector are numbered Be sure to hold the connectors in the
38. cause these steps and screen shots were created using Mac OS 10 2 Mac OS 7 x and above are similar but may not be identical to Mac OS 10 2 Follow these instructions 1 System Preferences Pull down the Apple Menuf Click 2 Double click the Network icon in the Systems Preferences window Finder File About This Mac Get Mac OS X Software System Preferences Edit View Dock gt Location gt Recent Items gt Force Quit Sleep Restart Shut Down Log Out DEO eoc System Preferences oO Personal j f CE 7 E B Desktop Dock General International Login Items My Account Screen Effects Hardware O mE o a f x vy E 3 Ly 2 CDs amp DVDs ColorSync Displays Energy Keyboard Mouse Sound Saver Internet amp Network Internet QuickTime Sharing System f f Jal ie 2 u a Q BB Accounts Classic Date amp Time Software Speech Startup Disk Universal Update Access 3 15 CONFIGURING YOUR MACINTOSH COMPUTER 5 If Using DHCP Server is so Network already selected in the mn gt Configure field your ae computer is already Configure sing DHCP a configured for DHCP If ren eu me not select this option Be Roter 10 1 28 254 DHCP Client ID brampie appie com Ethernet Address 00 50 04 00 2606 earthink net Guck the tock to prevent further changes even Appi Now Your new settings are shown i
39. complete 250 Maximum number of allowed incomplete TCP UDP sessions TCP UDP sessions per minute sessions per min HIGH Incomplete 200 Minimum number of allowed incomplete TCP UDP sessions TCP UDP sessions per minute sessions per min LOW Maximum 10 Maximum number of incomplete TCP UDP incomplete sessions sessions from the same host TCP UDP sessions number from same host 4 41 CONFIGURING THE BARRICADE Parameter Defaults Description Incomplete 300 msecs Length of time before an incomplete TCP UDP TCP UDP session is detected as incomplete sessions detect sensitive time period Maximum 30 Maximum number of half open fragmentation half open sessions packets from the same host fragmentation packet number from same host Half open 1 sec Length of time before a half open fragmentation fragmentation session is detected as half open detect sensitive time period Flooding cracker 300 secs Length of time from detecting a flood attack to block time blocking the attack Note We do not recommend modifying the default parameters shown above Click Save Settings to proceed or Cancel to change your settings 4 42 DMZ SECURITY DMZ Demilitarized Zone Enable DMZ C nable Disable Public IP Address 3 10 1 20 47 2p p bb s u 1 Pp sE P P pb ep P P F u e pp u Eu 1f you have a local client PC that cannot run an Internet application properly from behind t
40. condary DNS 10 2 3 4 E Home Network LAN IP Address 192 160 2 1 Subnet Mask 255 255 255 0 DHCP Server Enabled Firewall Enabled upro Enabled Wireless Enabled INFORMATION Numbers of DHCP Clients 4 Runtima Coda Version v1 00 Oct 19 2005 12 03 17 Boot Code Version v0 03 LAN MAC Addrass 00 12 BF 10 C7 EC 00 12 8F 10 C7 EE 00 12 BF 10 C7 EO 4 15 CONFIGURING THE BARRICADE Setup Wizard Home Network Settings Security Advanced Settings The security file Boat Code Version LAN MAC Address Wireless MAC Address WAN MAC Address 00 12 8F 10 C7 ED 01 3539000065 Hardware Version Serial Num DHCP Client Log View information on LAN OHCP clients currently linked to the wireless router namana iBar lati nawertest dkt nase Knoppix name Jonie_haueh Security Log View any attempts that have been made to gain access to your network paceive Ack from 10 2 2 4 amain name accton com ty d Request Request IP 2 108 900 woeive Aci 10 omain name ac d Request Reques Send Request Request 1P 10 1 Could not find DHCP daemon to Lease time 259200 2 07 get information 1 1 1 1 rt 1 1 1 1 9 28 16 DHCP Client ma Clear Refresh SMCWBR14G2_logfile log may be saved by clicking Save and choosing a location The following items are included on the Status screen Parameter Description Current Time Displays the curre
41. ddress Pool see ie BE fm tnd fiz fe fis 4 Domain Name Losso Time One Day The LAN Settings parameters are listed below Parameter Description Wireless Router IP Address IP Address The IP address of the BARRICADE IP Subnet Mask The IP subnet mask DHCP Server DHCP Server DHCP allows individual computers to obtain the TCP IP configuration at startup from a centralized DHCP server To dynamically assign an IP address to a client PC enable the DHCP Dynamic Host Configuration Protocol function DHCP Server ID Enter the DHCP Server ID here 4 17 CONFIGURING THE BARRICADE 4 18 Parameter Description DHCP IP Address The DHCP IP Address Pool is the range of IP addresses set Pool aside for dynamic assignment to the computers on your network Start IP This field indicates the first of the contiguous IP addresses in the IP address pool End IP This field indicates the last of the contiguous IP addresses in Domain Name Lease Time the IP address pool The domain name is the name you assign to your network The length of time the DHCP server will reserve the IP address for each computer Setting lease times for shorter intervals such as one day or one hour frees IP addresses after the specified period of time This also means that a particular computer s IP address may change over time If you have set any advanced features such as DMZ this is dependent on the IP address For this reason you wi
42. device OUNHOPPWYVETAI TTPOO TIO OLOIW EIO ATTAITNOEIO KAI TIO AOITTEO OXETIKEO latage o THO o ny ao 1999 5 ek Italian Con la presente SMC Networks dichiara che questo Radio LAN device conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Spanish Por medio de la presente SMC Networks declara que el Radio LAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE Portuguese SMC Networks declara que este Radio LAN device esta conforme com os requisitos essenciais e outras disposig es da Directiva 1999 5 CE COMPLIANCES Safety Compliance Underwriters Laboratories Compliance Statement Important Before making connections make sure you have the correct cord set Check it read the label on the cable against the following Operating Voltage Cord Set Specifications 120 Volts UL Listed CSA Certified Cord Set Minimum 18 AWG Type SVT or SJT three conductor cord Maximum length of 15 feet Parallel blade grounding type attachment plug rated 15 A 125 V 240 Volts Europe only Cord Set with HO5VV F cord having three conductors with minimum diameter of 0 75 mm2 IEC 320 receptacle Male plug rated 10 A 250 V The unit automatically matches the connected input voltage Therefore no additional adjustments are necessary when connecting
43. e BARRICADE Default Disable 4 27 CONFIGURING THE BARRICADE 4 28 WDS The Wireless Distribution System WDS provides a means to extend the range of a Wireless Local Area Network WLAN WDS allows the BARRICADE to establish a direct link to other wireless base stations and allows clients to roam freely within the area covered by the WDS To carry out a site survey of available wireless base stations click Scan Sc E B iiome tonon A Setup Wizard 2 a WDS Home Network Settings Status LAN Settings Security Advanced Settings roa Site Survey Scan so Channel MAC Adkins Security Enable WOS Unwed 4949991114 6 00 90 11 04 46 42 wer RB URWERTZB NHTTIIITTTIITTTERIIINN 6 00 11 95 ca detb wer G SMC 6 004 22120508 B Manual 1 MR TE wA r Manual 2 na wa r Manual 3 na na r Manual 4 na na r SAVE SETTINGS CANCEL L Ee Fi a Parameter Description SSID The Service Set ID SSID is the name of your wireless network The SSID must be the same on the BARRICADE and all of its wireless clients Channel This device supports the following modes 11g only 11b only and 11b g mixed mode MAC Address The media access control address MAC address is a unique identifier attached to each wireless base station Security Displays the security mechanism in use Enable WDS Enables the WDS feature When enabled up to 4 WDS links can be set by specifying their Wireless MAC addresse
44. e collect the following information from your ISP before setting up the BARRICADE ISP account user name and password e Protocol encapsulation and VPI VCI circuit numbers e DNS server address IP address subnet mask and default gateway for fixed IP users only Connect the System Desktop Installation The BARRICADE can be positioned on any convenient flat surface in your office or home No special wiring or cooling requirements are needed You should however comply with the following guidelines Keep the BARRICADE away from any heating devices Do not place the BARRICADE in a dusty or wet environment You should also remember to turn off the power remove the power cord from the outlet and keep your hands dry when you install the BARRICADE 2 5 INSTALLATION Wall Mount Installation There are two wall mount holes at the bottom of the BARRICADE Before drilling two holes into the wall make sure the holes are 87 mm apart p PEt i e IBEEEEEEEERE 9 III IIING 2 e W A N E A e G N IBEEREREERER s gt IIIIIITITITG le r 87 mm 4 gt 1 Choose a suitable location for the BARRICADE Note It should be accessible for installing cabling and maintaining the device 2 Measure the distance of the two wall mount holes 3 Drill two holes into the wall 4 Insert a screw into each hole Note Leave 5 mm exposed of the screw head 5 Attach the BARRICADE to t
45. ed Settings 10 26 hex digits for 64 Wi Default Kay 10 1 gt Passphase 7 fama characters Keyi pme uuu Key 2 p Key 2 pe lt Key 4 er oi j rE mavesertinas canca zi Parameter Description WEP Mode Select 64 bit or 128 bit key to use for encryption Key Entry Method Select hexadecimal Hex or ASCII for the key entry method Key Provisioning Select Static if there is only one fixed key for encryption If you want to select Dynamic you need to enable 802 1X function first Default Key ID Choose which key to use as default Passphrase Check the Passphrase check box to generate a key automatically Key 1 4 The BARRICADE supports up to 4 keys You select the default key 4 47 CONFIGURING THE BARRICADE 4 48 You may automatically generate encryption keys or manually enter the keys To generate the key automatically with passphrase check the Passphrase box and enter a string of characters Select the default key from the drop down menu Click APPLY Note The passphrase can consist of up to 63 alphanumeric characters Hexadecimal Keys A hexadecimal key is a mixture of numbers and letters from A F and 0 9 64 bit keys are 10 digits long and can be divided into five two digit numbers 128 bit keys are 26 digits long and can be divided into 13 two digit numbers ASCII Keys There are 95 printable ASCII characters MHS E amp 0123456789 lt gt ABCDEFGH
46. ess router Backup Wireless Router Configuration C Restore from saved Confiquration file SMCWDR14G2_backup bin Restore Wireless Router to Factory Dofauts Next gt gt Ha Check Backup Wireless Router Configuration and click NEXT to save your BARRICADE s configuration to a file named config bin on your PC You can then check the Restore from saved Configuration file SMCWBR14 G2_backup bin radio button and click NEXT to restore the saved backup configuration file To restore the factory settings check Restore Wireless Router to Factory Defaults and click NEXT You will be asked to confirm your decision ADVANCED SETTINGS Firmware Upgrade Use this screen to update the firmware to the latest version Firmware Upgrade This tool allows you to upgrade the wireless router firmware You can dawnload the latest fernware from the SMC The product code SMCWERI4 G2 Advanced Settings Enter the path and name or browse to the location of the upgrade fla then cick the BEGIN UPGRADE button vou wit be prompted to confirm the upgrade to complete the process FimwareFla p a e BEGIN UPGRADE CANCEL Fu Go to www smc com to find the latest firmware Download the firmware to your hard drive first Click Browse to locate the saved file After locating the new firmware file click BEGIN UPGRADE Follow the instructions to complete the upgrade After restarting check the Status page to make sure the device is
47. et PPPOE servic The Bamcade supports 9 Keep session Auto connect and Mi onnact features for PPPOE service security the ide t tt d Th ti a be aiy 3 the Se tme setting is ignored The connection wit aways be alive Advanced Settings Auto Connect when the co oken by the idle time ar y WAN tngger wil cause the router to re establish the connection Manual Connect Disi on demand is disabled in this mode When the connection is broken by the idie time you must press the Connect button to reconnect NOTE If your are on a leased ine or pay per min connection please set your max 3 minutes This wi cause your internat Connectien to drop after 3 minutes of Se bme so you won t be charged for evtra ord your ISP Use PPPOE Authentication User tame Pasmo Please retype your password Service Hawes fT MTU fia S76c MTU Valuece 1492 Mama ide Time Fir Keep session F Autoconnect Manual connoet a Click Save Settings to proceed or Cancel to change your settings 4 21 CONFIGURING THE BARRICADE 4 22 PPTP The PPTP screen displays the IP Address Subnet Mask and Default Gateway of your BARRICADE Enter the User ID and Password assigned by your ISP in the appropriate fields Enter the Idle Time Out for the Internet connection This is the period of time for which the connection to the Internet is maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Ti
48. etwork troubleshooting HARDWARE DESCRIPTION Figure 2 1 Front LED indicators The power and port LED indicators on the front panel are illustrated by the following table LED Status Description Power On The BARRICADE is receiving power Normal operation Off Power off or failure WLAN On WLAN link Flashing The BARRICADE is sending or receiving data via WLAN Off No WLAN link PPPoE DSL On PPPoE DSL connection is functioning correctly Flashing The BARRICADE is sending or receiving data via PPPoE DSL link Off PPPoE DSL connection is not established WAN On WAN link Off No WAN link INSTALLATION LED Status Description LAN 1 4 On Ethernet link Flashing The LAN port is sending or receiving data Off No Ethernet link The following figure and table shows the rear panel of the BARRICADE Y DEITY oon RJ 45 RJ 45 LAN Ports Power Antenna WAN Port Connector Figure 2 2 Rear Panel Item Description WAN Port Connect your WAN line to this port RJ 45 LAN Ports Fast Ethernet ports RJ 45 Connect devices on your local area network to these ports i e a PC hub switch or IP set top box Power Inlet Connect the included power adapter to this inlet Warning Using the wrong type of power adapter may cause damage Antenna Antenna is connected here 2 4 ISP SETTINGS ISP Settings Pleas
49. ff after running for a while check for loose power connections power losses or surges at the power outlet If you still cannot isolate the problem then the external power supply may be defective In this case contact Technical Support for assistance A 1 TROUBLESHOOTING A 2 Troubleshooting Chart Symptom Action LED Indicators LAN LED is Off Verify that the BARRICADE and attached device are powered on Be sure the cable is plugged into both the BARRICADE and the corresponding device Verify that the proper cable type is used and that its length does not exceed the specified limits Be sure that the network interface on the attached device is configured for the proper communication speed and duplex mode Check the adapter on the attached device and cable connections for possible defects Replace any defective adapter or cable if necessary Network Connection Problems Cannot ping the BARRICADE from the attached LAN or the BARRICADE cannot ping any device on the attached LAN Verify that the IP addresses are properly configured For most applications you should use the BARRICADE s DHCP function to dynamically assign IP addresses to hosts on the attached LAN However if you manually configure IP addresses on the LAN verify that the same network address network component of the IP address and subnet mask are used for both the BARRICADE and any attached LAN devices
50. g of Death Ping flood attack SYN flood attack IP fragment attack Teardrop Attack Brute force attack Land Attack IP Spoofing attack IP with zero length TCP null scan Port Scan Attack UDP port loopback Snork Attack Note The firewall does not significantly affect system performance so we advise enabling the prevention features to protect your network SECURITY The table below lists the Intrusion Detection parameters and their descriptions Parameter Defaults Description Intrusion Detection Feature SPI and Anti DoS No The Intrusion Detection feature of the firewall protection RIP Defect Discard Ping to WAN Disabled Don t discard BARRICADE limits the access of incoming traffic at the WAN port When the Stateful Packet Inspection SPI feature is turned on all incoming packets are blocked except those types marked with a check in the SPI section at the top of the screen If the router does not reply to an IPX RIP request packet it will stay in the input queue and not be released Accumulated packets could cause the input queue to fill causing severe problems for all protocols Enabling this feature prevents the packets accumulating Prevents a ping on the router s WAN port from being routed to the network 4 39 CONFIGURING THE BARRICADE 4 40 Parameter Defaults Description Stateful Packet Inspection Enabled This option allows you to select different application type
51. he firewall then you can open the ciant up to unrestricted two way Internet access by dofining Virtual OMZ Host Note Please make sure your DHCP server lease time is set to Forever e Multiple PCs can bo exposed ta the Internat for two way communications 0 9 tntomet gaming video Conferencing or VPN Connections To use the DMZ you must set a static IP address for that PC Ghent PC In Address mau aa 1210 192602 P 102100200 me 19268 20 192 169 2 0 If you have a client PC that cannot run an Internet application properly from behind the firewall you can open the client up to unrestricted two way Internet access Enter the IP address of a DMZ Demilitarized Zone host on this screen Adding a client to the DMZ may expose your local network to a variety of security risks so only use this option as a last resort 4 43 CONFIGURING THE BARRICADE Wireless 4 44 The BARRICADE can be quickly configured for roaming clients by setting the Service Set Identifier SSID and channel number It supports data encryption and client filtering To use the wireless feature check the Enable check box and click Save Settings Wireless Settings The wireless router can be quickly configured for roaming chants by setting the service set identifier Wireless Network Name SStD and channel number ft alse supports data encryption and chent filtering Enable or disable wireless module function Penable Disable SAVE SETTI
52. he wall with two wall mount slots and then slide the device down until the screws fit firmly into the slots of the device 2 6 CONNECT THE SYSTEM Connecting the BARRICADE to your LAN The four LAN ports on the BARRICADE auto negotiate the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet as well as the transmission mode to half duplex or full duplex Use RJ 45 cables to connect any of the four LAN ports on the BARRICADE to an Ethernet adapter on your PC Otherwise cascade any ofthe LAN ports on the BARRICADE to an Ethernet hub or switch and then connect your PC or other network equipment to the hub or switch When inserting an RJ 45 connector be sure the tab on the connector clicks into position to ensure that it is properly seated Warning Do not plug a phone jack connector into an RJ 45 port This may damage the BARRICADE Instead use only twisted pair cables with RJ 45 connectors that conform with FCC standards Notes 1 Use 100 ohm shielded or unshielded twisted pair cable with RJ 45 connectors for all Ethernet ports Use Category 3 4 or 5 for connections that operate at 10 Mbps and Category 5 for connections that operate at 100 Mbps 2 Make sure each twisted pair cable length does not exceed 100 meters 328 feet Connect the Power Adapter Plug the power adapter into the power socket on the side panel of the BARRICADE and the other end into a power outlet Check the power indicator on the front p
53. icensing This device has been designed to operate with an antenna having a maximum gain of 1 5 dBi Any antenna having a higher gain is strictly prohibited per regulations of Industry Canada The required antenna impedance is 50 ohms To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication To prevent radio interference to the licensed service this device is intended to be operated indoors and away from windows to provide maximum shielding Equipment or its transmit antenna that is installed outdoors is subject to licensing EC Declaration of Conformity C SMC contact for these products in Europe is SMC Networks Europe Edificio Conata II Calle Fructuos Gelabert 6 8 20 4a 08970 Sant Joan Despi Barcelona Spain Marking by the above symbol indicates compliance with the Essential Requirements of the R amp TTE Directive of the European Union 1999 5 EC This equipment meets the following conformance standards EN 300 328 1 December 2001 V1 3 1 EN 300 328 2 December 2001 V1 2 1 EN 301 489 1 September 2001 V1 4 1 EN 301 489 17 September 2000 V1 2 1 EN 60950 January 2000 COMPLIANCES Countries of Operation amp Conditions of Use in the European Community This device is intended to be operated in all countries of the European Community Requirements for indoor vs outdoor operation license requiremen
54. ient with your user name password and service name to get on line BigPond In this section you can configure the built in client for the BigPond Internet service available Australia UserName a Password Advanced Settings Please retype your password Authentication Service Name i fogn sem Click Save Settings to proceed or Cancel to change your settings 4 24 Home NETWORK SETTINGS Wireless The BARRICADE can be quickly configured for roaming clients by setting the Service Set Identifier SSID and channel number It supports data encryption and client filtering Wireless Settings The wireless router can be quckly configured for roaming clients by setting the service set identifier Wireless Network Name SStD and channel number tt also supports data encryption and chent filtering Enable or disable wireless module function enable Disable SAVE SETTINGS J Security Advanced Settings aa To use the wireless feature check the Enable check box and click Save Settings After clicking Save Settings you will be asked to log in again See Security on page 4 29 for details on how to configure wireless secutity 4 25 CONFIGURING THE BARRICADE 4 26 Channel and SSID Enter your wireless network settings on this screen You must specify a common radio channel and SSID Service Set ID to be used by the BARRICADE and all of its wireless clients Be sure you configure all of its clients to
55. igure the advanced settings such as NAT Maintenance System settings and UPnP click Advanced Settings Note Changing some of the device settings in the Advanced Settings mode may cause the BARRICADE to become unresponsive The BARRICADE s advanced management interface contains 6 main menu items as described in the following table Menu Description NAT Shares a single ISP account with multiple users sets up virtual servers Maintenance Allows you to backup restore reset and upgrade the BARRICADE s firmware System Sets the local time zone the password for administrator access the IP address of a PC that will be allowed to manage the BARRICADE remotely and the IP address of a Syslog Server UPnP Universal Plug and Play UPnP allows for simple and robust connectivity between external devices and your PC DNS Sets the IP address of a Domain Name Server DDNS Dynamic DNS provides users on the Internet with a method to tie their domain name to a computer or server Routing Sets routing parameters and displays the current routing table 4 53 CONFIGURING THE BARRICADE NAT 4 54 The first menu item in the Advanced Settings section is Network Address Translation NAT This process allows all of the computers on your home network to use one IP address Using the NAT capability of the BARRICADE you can access the Internet from any computer on your home network without having to purchase more IP addresses f
56. interface in order to make the required changes See Configuring the BARRICADE on page 4 1 for instructions on configuring the BARRICADE Windows 2000 DHCP IP Configuration 1 On the Windows desktop click Start Settings Network and Dial Up Connections 2 Click the icon that corresponds to the connection to your BARRICADE 3 The connection status screen will open Click Properties CONFIGURING THE CLIENT PC a New Office Document E Open Office Document Windows Update 4 Acrobat Reader 5 0 ID winzip a Programs a Document gt Printers FM Taskbar amp Start Menu 53 21x General m Connection Status Connected Duration 00 15 12 Speed 10 0 Mbps gt Activity m Sent A Received Packets 4 0 3 3 TCP IP CONFIGURATION 4 Double click Internet Protocol TCP IP 5 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK Local Area Connection 1 Properties a x General Sharing Connect using 83 SMC EZ Card 10 100 SMC1211TX Components checked are used by this connection Client for Microsoft Networks M E SMC EZStart Service M a File and Printer Sharing for Microsoft Networks ol TCP IP Internet Protocol TCP IP Properties General You can get
57. io TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter IMPORTANT NOTE IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 11 COMPLIANCES iv Industry Canada Statement Operation is subject to the following two conditions 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause undesired operation of the device To prevent radio interference to the licensed service this device is intended to be operated indoors and away from windows to provide maximum shielding Equipment or its transmit antenna that is installed outdoors is subject to l
58. is new technology provides many secure and cost effective functions It is simple to configure and can be up and running in minutes 1 1 FEATURES AND BENEFITS Features and Benefits 1 2 Local network connection via a 10 100 Mbps Ethernet port DHCP for dynamic IP configuration and DNS for domain name mapping Firewall with Stateful Packet Inspection client privileges intrusion detection and NAT NAT also enables multi user Internet access via a single user account and virtual server functionality providing protected access to Internet services such as web FTP email and Telnet VPN pass through IPSec ESP Tunnel mode L2TP PPTP User definable application sensing tunnel supports applications requiring multiple connections Easy setup through a web browser on any operating system that supports TCP IP Compatible with all popular Internet applications INTRODUCTION Applications Many advanced networking features are provided by this BARRICADE Wired and Wireless LAN The BARRICADE provides connectivity to 10 100 Mbps devices and wireless IEEE 802 11g compatible devices making it easy to create a network in small offices or homes Internet Access This device supports Internet access through an ADSL connection Since many ADSL providers use PPPoE or PPPoA to establish communications with end users the BARRICADE includes built in clients for these protocols eliminating the need to install these services o
59. is not ticked 3 Click OK 3 8 Windows XP DHCP IP Configuration 1 On the Windows desktop click Start Control Panel 2 Inthe Control Panel window click Network and Internet Connections 3 The Network Connections window will open Locate and double click the Local Area Connection icon for the Ethernet adapter that is connected to the BARRICADE 4 Inthe connection status screen click Properties I Fie at CONFIGURING THE CLIENT PC 4 My Recent Documents gt L My Pictures 9 MSN Explorer H My Music Windows Media Player ws My Computer Q Windows Movie Maker P Connect To gt Tour Windows XP ke amp Printers and Faxes Files and Settings Transfer Wizard Help and Support e Snaglt 5 0 P Search All Programs gt Run Network and Internet Connections A Network Connections Vew Fortes Took Advanced Heip Qua O P Pen Py rates Fe Connection Status Connected 00 47 38 11 0 Mbps Duration Speed Activity Packets 43 Sent A Received 3 TCP IP CONFIGURATION 3 10 5 Double click Internet Protocol TCP IP 6 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK Pk Local Area Connection 3 Properties General Advanced Connect using E SMC EZ
60. it koskevien direktiivin muiden ehtojen mukainen Dutch Hierbij verklaart SMC Networks dat het toestel Radio LAN device in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Bij deze SMC Networks dat deze Radio LAN device voldoet aan de essenti le eisen en aan de overige relevante bepalingen van Richtlijn 1999 5 EC French Par la pr sente SMC Networks d clare que l appareil Radio LAN device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE COMPLIANCES vi Swedish H rmed intygar SMC Networks att denna Radio LAN device st r I verensst mmelse med de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG Danish Undertegnede SMC Networks erkl rer herved at f lgende udstyr Radio LAN device overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF German Hiermit erkl rt SMC Networks dass sich dieser diese dieses Radio LAN device in bereinstimmung mit den grundlegenden Anforderungen und den anderen relevanten Vorschriften der Richtlinie 1999 5 EG befindet BMWi Hiermit erkl rt SMC Networks die bereinstimmung des Ger tes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999 5 EG Wien Greek Me nv apouoa smc networks SnAwvel oT radio LAN
61. ith other applications through Internet Config Use Proxy Servers E Web Proxy Settings Use Web Proxy for all Bypass Web Proxy for FTP _ Secure Proxy Settings _ Mail Proxy d Settings gt Gopher Proxy Settings List the sites you want to connect to directly bypassing the proxies set above Put a space or comma between each site 3 17 CONFIGURING YOUR MACINTOSH COMPUTER 3 18 CHAPTER 4 CONFIGURING THE BARRICADE After you have configured TCP IP on a client computer use a web browser to configure the BARRICADE The BARRICADE can be configured by any Java supported browser such as Internet Explorer 5 5 or above Using the web management interface you can configure the BARRICADE and view statistics to monitor network activity To access the BARRICADE s management interface enter the IP address of the BARRICADE in your web browser http 192 168 2 1 The BARRICADE automatically switches to Port 80 for management access 41 CONFIGURING THE BARRICADE Navigating the Web Browser Interface 4 2 The BARRICADE s management interface consists of a Setup Wizard a Home Network Settings section a Security section and an Advanced Settings section Setup Wizard Use the Setup Wizard for quick and easy configuration of your Internet connection and basic LAN settings Go to Setup Wizard on page 4 5 Home Network Settings Use the Home Network Settings section to configure
62. king on the Setup Wizard button of the left hand menu The first item in the Setup Wizard is Getting Started gering started 1 Getting started 2 Wireless settings Welcome I 9 Internot settings Make sure the Ethernet cable is connected correctly to the SMCWBR14 G2 4 Modam settings NeXT 5 ADSL settings Simply click NEXT to proceed to the following screen and configure your Wireless Settings 4 5 CONFIGURING THE BARRICADE Wireless Settings 4 6 Enter your wireless network settings on this page You must specify a common radio channel and SSID Service Set ID to be used by the BARRICADE and all of its wireless clients Be sure you configure all of its clients to the same value For security purposes you should change the default SSID immediately EZA o OCEN 1 Getting startod 2 Wireless settings 2 Wirnirss settings This page afows you to enter 2 Internet settings Wiroloss Network Name SSID SMC Broadcast Wireless Notwork A enaplE C DISABLE Name Wireless Mode 11 b a Mixed mode Wi Fi Channel number g Extond Range C ENABLE DISABLE 4 Modam settings 5 ADSL settings pack NEXT Parameter Description Wireless Network The Service Set ID SSID is the name of your wireless Name SSID network The SSID must be the same on the BARRICADE and all of its wireless clients Default SMC Broadcast Wireless Enable or disable the broadcasting of the SSID If you
63. le Hinweise und Warnungen die sich am Ger t befinden sind zu beachten Wird das Ger t ber einen l ngeren Zeitraum nicht benutzt sollten Sie es vom Strom netz trennen Somit wird im Falle einer berspannung eine Besch digung vermieden Durch die L ftungs ffnungen d rfen niemals Gegenst nde oder Fl ssigkeiten in das Ger t gelangen Dies k nnte einen Brand bzw elektrischen Schlag ausl sen ffnen sie niemals das Ger t Das Ger t darf aus Gr nden der elektrischen Sicherheit nur von authorisiertem Servicepersonal ge ffnet werden Wenn folgende Situationen auftreten ist das Ger t vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu berpr fen a Netzkabel oder Netzstecker sind besch digt b Fl ssigkeit ist in das Ger t eingedrungen c Das Ger t war Feuchtigkeit ausgesetzt d Wenn das Ger t nicht der Bedienungsanleitung entsprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen e Das Ger t ist gefallen und oder das Geh use ist besch digt f Wenn das Ger t deutliche Anzeichen eines Defektes aufweist Stellen Sie sicher da die Stromversorgung dieses Ger tes nach der EN 60950 gepr ft ist Ausgangswerte der Stromversorgung sollten die Werte von AC 7 5 8 V 50 60 Hz nicht ber oder unterschreiten sowie den minimalen Strom von 1 A nicht unterschreiten Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 betr gt 70 dB A oder weniger
64. ll not want the IP address to change Home NETWORK SETTINGS WAN Settings Specify the WAN connection type required by your Internet Service Provider Specify Dynamic IP Address PPPoE PPTP Static IP Address or BigPond WAN Settings The Wireless Router can be connected to your service provider in any of the folowing ways Dynamic 1P Address Obtains an IP address automatically from your service provider C PPPOE PPP over Ethernet is a common connection method used for wDSL c mm Point to Point Tunneling Protocol is a common connection methed used for KOSE connections in Europo Advanced Settings C Static IP Address Your service provider provides a static IP address to access Intemet services BigPond In thes section you can configure the built in client for the BigPond Intemet service available in Australia Mory Configuration J Select the connection type and click More Configuration 4 19 CONFIGURING THE BARRICADE 4 20 Dynamic IP The Host name is optional but may be required by some Service Provider s The default MAC address is set to the WAN s physical interface on the BARRICADE If required by your Service Provider you can use the Clone MAC Address button to copy the MAC address of the Network Interface Card NIC installed in your PC to replace the WAN MAC addtess If necessary you can use the Renew button on the Status page to renew the WAN IP address E home tooo I Dyn
65. lled Denial of Service DoS attacks DoS attacks are aimed at devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The BARRICADE protects against the following DoS attacks IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding See Intrusion Detection on page 4 37 for details The firewall does not significantly affect system performance so we advise leaving it enabled to protect your network Enable the firewall feature and click Save Settings to proceed SECURITY Schedule Rule The first item listed in the Firewall section is Schedule Rule You may filter Internet access for local clients based on rules Schedule Rule This page definas schedule rule names and activates the schedule for use in the Access Control page e Schedule Rule Tabla up to 10 rules Rulo Namo Rule Comment Configure Weokdays Rules no wookday emailing Edit Delete Add Schodule Rule Advanced Settings SAVE SETTINGS CANCEL You may filter Internet access for local clients based on rules Each access control rule may be activated at a scheduled time First define the schedule on the Schedule Rule page then apply the rule on the Access Control page To add a new rule click Add Schedule Rule Proceed to the fol
66. lowing page 4 31 CONFIGURING THE BARRICADE Edit Schedule Rule 1 Define the appropriate settings for a schedule rule as shown on the following screen Edit Schedule Rule e Name Weekdoys Ruled Commont No weekday emal na Activate Time Penod Werk Day Start Time hh mm End Time hh mm Every Day o fon foo fpo Sunday foo oo oo fo Monday foo foo fie foo Tuosday foo foo fio fo wednesday foo foo fio foo Thursday foo fo fia foo Friday fos foo fia foo Saturday oo foo fo foo Eu 2 Upon completion click OK to save your schedule rules and then click Save Settings to make your settings to take effect 4 32 SECURITY Access Control Setup Wizard Home Network Access Control coss Control allaws users to define includes IP address filtering and MAC traffic type permitted or not permitted to WAN port service This page address filtenng e Enable F tering Function CEnable Diablo Normal Filtering Table up to 10 computers Rite Description Clint PC IP Cliont Service Schedule Rue Configure Address No emaiing 192 168 2 10 20 E mall Sending E mail Weekdays Rides edit Delete we Receiving Advanced Settings add pc J SAVE SETTINGS CANCEL nipi Used in conjunction with the Schedule Rule screen the Access Control screen allows users to define the outgoing traffic permitted or not permitted The default is to permit all outg
67. me Out to one minute After the Idle Time Out has expired set the action you wish the BARRICADE to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep the session alive Sec o OCE Setup Wizard Home Network Settings Pont to Pont Tunneling Protocol s a common connection method used for xDSL connections in Euro Padres 6 ff fp f Subnet Mask 6 po bb P Security Default Gateway fp RB p p Advanced Settings Usor tD f Password PPTP Gateway f k f f Idle Tima Out f0 min Manual connoct Autoconnect C konp session If you hava an ISP that charges by the time change yaur idle time out value to minute SAVE SETTINGS CANCEL Click Save Settings to proceed or Cancel to change your settings Home NETWORK SETTINGS Static IP If your Service Provider has assigned a fixed IP address enter the assigned IP address subnet mask and the gateway address on this screen Static IP If your Service Provider has assigned a fied IP address enter the assigned IP address subnet mask and the gateway address provided Has your Service Provider given you an IP address and Gateway address Click Save Settings to proceed or Cancel to change your settings 4 23 CONFIGURING THE BARRICADE BigPond BigPond is a service provider in Australia that uses a heartbeat system to maintain the Internet connection Configure the built in cl
68. minating Set to 0 if you do not want the session to timeout Default 300 seconds Re Authentication Period The interval time in seconds after which the client will be asked to re authenticate For example if you set this to 30 seconds the client will have to re authenticate every 30 seconds Set to 0 for no re authentication Default 3600 seconds Quiet Period This is the interval time in seconds for which the BARRICADE will wait between failed authentications Default 60 seconds Server Type Sets the authentication server type Server IP Set the IP address of your RADIUS server 4 51 CONFIGURING THE BARRICADE 4 52 Parameter Description Server Port Set the connection port that is configured on the radius server Secret Key The 802 1X secret key used to configure the BARRICADE NAS ID Defines the request identifier of the Network Access Server The use of IEEE 802 1X offers an effective framework for authenticating and controlling user traffic to a protected network as well as dynamically varying encryption keys 802 1X ties EAP Extensible Authentication Protocol to both the wired and wireless LAN media and supports multiple authentication methods such as token cards Kerberos one time passwords certificates and public key authentication Click Save Settings to proceed or Cancel to change your settings ADVANCED SETTINGS Advanced Settings To conf
69. n be automatically redirected to local servers configured with private IP addresses In other words depending on the requested service TCP UDP port number the BARRICADE redirects the external service request to the appropriate server located at another internal IP address For example if you set Type Public Port to TCP 80 HTTP or web and the Private IP Port to 192 168 2 2 80 then all HTTP requests from outside users will be transferred to 192 168 2 2 on port 80 Therefore by just entering the IP address provided by the ISP Internet users can access the service they need at the local address to which you redirect them The more common TOP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Click All known port number for more information about public service ports ADVANCED SETTINGS Special Applications Some applications such as Internet gaming videoconferencing Internet telephony and others require multiple connections These applications cannot work with Network Address Translation NAT enabled If you need to run applications that require multiple connections use the following screen to specify the additional public ports to be opened for each application Click the List of well known special applications link for more information Special Applications Some applications require multiple connections such as Intemet gaming video conferencing Internet telephony and others These a
70. n the TCP IP tab Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning Close the Network window Now your computer is configured to connect to the BARRICADE 3 16 Disable HTTP Proxy CONFIGURING THE CLIENT PC You need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your browser can view the BARRICADE s HTML configuration pages The following steps are for Internet Explorer Internet Explorer 1 Open Internet Explorer and click the Stop EERE Fe edit view G button Click Explorer Preferences under Network select Proxies Q About Internet Explorer 1 License Agreement oE Services gt 4 p 2 Inthe Internet Explorer Preferences window _ E Hide Explorer H Hide Others XXH Quit Explorer Q 3 Uncheck all check boxes and click OK Internet Explorer Preferences j Security Security Zones Ratings Advanced w Forms AutoFill Forms AutoComplete AutoFill Profile Y Receiving Files Download Options File Helpers Cookies W Network Protocol Helpers Q Proxies Site Passwords w E mail General If you are accessing the Internet from a private network you can set gateways to allow Internet access Contact your network manager for more information Note These settings are shared w
71. n your computer Shared IP Address The BARRICADE provides Internet access for up to 253 users via a single shared IP address Using only one ISP account multiple users on your network can browse the web at the same time Virtual Server If you have a fixed IP address you can set the BARRICADE to act as a virtual host for network address translation Remote users access various services at your site using a constant IP address Then depending on the requested service or port number the BARRICADE can route the request to the appropriate server at another internal IP address This secures your network from direct attack by hackers and provides more flexible management by allowing you to change internal IP addresses without affecting outside access to your network 1 3 APPLICATIONS 1 4 DMZ Host Support Allows a networked computer to be fully exposed to the Internet This function is used when NAT and firewall security prevent an Internet application from functioning correctly Security The BARRICADE supports security features that deny Internet access to specified users or filter all requests for specific services that the administrator does not want to serve The BARRICADE firewall also blocks common hacker attacks including IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding WPA WPA2 WEP SSID and MAC filtering provide
72. nt time INTERNET Displays WAN connection status Renew Click on this button to establish a connection to the WAN Home Network LAN INFORMATION DHCP Client Log Security Log Save Clear Refresh Displays system IP settings as well as DHCP Server Firewall UPnP and Wireless status Displays the number ofattached clients the firmware versions the physical MAC address for each media interface and for the BARRICADE as well as the hardware version and serial number Displays information on DHCP clients on your network Displays illegal attempts to access your network Click on this button to save the security log file Click on this button to delete the access log Click on this button to refresh the screen 4 16 Home NETWORK SETTINGS LAN Settings You can enable DHCP to dynamically allocate IP addresses to your client PCs or configure filtering functions based on specific clients or protocols The BARRICADE must have an IP address for the local network Setup Wizard LAN Settings r Home Network PCs or configure filtering functions based on You can enable DHCP to dynamically allocate IP addresses to your client PC t have an IP address for the local network ally alloc specific clhents or protocols The wireless router mus Wireless Router IP Address wi Da fe pf Advanced Settings IP Subnet Mask oss 255 55 17 DHCP Server DHCP Server Enabled Disabled DHCP Server ID DHCP IP A
73. ny shareware syslogs servers available on the web Default Disabled 4 67 CONFIGURING THE BARRICADE UPnP 4 68 Universal Plug and Play technology makes home networking simple and affordable This architecture offers pervasive peer to peer network connectivity of PCs of all form factors intelligent appliances and wireless devices UPnP architecture leverages TCP IP and the web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home office and everywhere in between Click Enable to turn on the Universal Plug and Play function of the BARRICADE This function allows the device to automatically and dynamically join a network UPnP Universal Plug and Play Setting Tho Universal Plug and Play architecture offers pervasive poer to peer network connectivity of PCs of all form factors inteligent appliances and wireless devices UPnP enables seamless proxenity network in addition to control and data transfer among networked devices in the home office and everywhere in between Advanced settings Enable or disable UPnP module function G Enable Disable SAVE SETTINGS CANCEL Click Save Settings to proceed or Cancel to change your settings ADVANCED SETTINGS DNS Domain Name Server A Domain Name Server ONS is an index of IP addresses and Web addresses If you type a Web address into your browser such as www cenc com DNS server will find that name in it
74. of receipt of the product The standard limited warranty can be upgraded to a Limited Lifetime warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller Registration can be accomplished via the enclosed product registration card or online via the SMC web site Failure to register will not affect the standard limited warranty The Limited Lifetime warranty covers a product during the Life of that Product which is defined as the period of time during which the product is an Active SMC product A product is considered to be Active while it is listed on the current SMC price list As new technologies emerge older technologies become obsolete and SMC willl at its discretion replace an older product in its product line with one that incorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customert_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of the initial warranty whichever is longer SMC is not responsible for any custom software or firmware configuration information or memory data of Customer contained in
75. oing traffic The BARRICADE can also limit the access of hosts within the local area network LAN The MAC Filtering Table allows the BARRICADE to enter up to 32 MAC addresses that are not allowed access to the WAN port 1 Click Add PC on the Access Control screen 2 Define the appropriate settings for client PC services as shown on the following screen 3 Click OK and then click Apply to save your settings The following items are displayed on the Access Control screen Parameter Description Enable Filtering Function Enables or disables the filtering function Normal Filtering Table Displays the IP address or an IP address range up to 10 computers filtering table 4 33 CONFIGURING THE BARRICADE 4 34 Access Control Add PC Define the access control list in this page The settings in the screen shot below will block all email sending and receiving during weekdays except Friday See Schedule Rule on page 4 31 define service limitations of client PCs including IP address service type and scheduling rute ontrol function you need to configure the URL address first on the Parental Control page For the scheduling function you also nead to configure the schedi e rule first on the Schedule Rule page Cliont PC Description No maling o Client PG IP Address 192 160 2 0 fo Gllont PG Service Service Name Detail Descnption Blocking www HTTP TCP Port 80 9
76. our SMTP server address usually the part of the email address following the sign Enter your POP3 server address usually the part of the email address following the sign Enter your email account user name Parameter Defaults SECURITY Description Password Enter your email account password Connection Policy Fragmentation 10 secs Configures the number of seconds that a packet half open wait state structure remains active When the timeout value expires the router drops the unassembled packet freeing that structure for use by another packet TCP SYN wait 30 secs Defines how long the software will wait for a TCP session to teach an established state before dropping the session TCP FIN wait 5 secs Specifies how long a TCP session will be managed after the firewall detects a FIN exchange TCP connection 3600 secs The length of time for which a TCP session will be idle timeout 1 hour managed if there is no activity UDP session idle 30 secs The length of time for which a UDP session will timeou be managed if there is no activity DoS Detect Criteria Total incomplete 300 Defines the rate of new unestablished sessions that TCP UDP sessions will cause the software to s art deleting half open sessions HIGH sessions Total incomplete 250 Defines the rate of new unestablished sessions that TCP UDP sessions will cause the software to szop deleting half open sessions LOW sessions In
77. pe IPCONFIG RENEW and press the Enter key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning correctly on 5 00 2195 lt C gt Copyright 1985 2000 Microsoft Corp C Documents and Settings laurence gt IPCONFIG RELEASE Windows 28868 IP Configuration IP addre successfully released for adapter Local Area Connection 2 C Documents and Settings laurence gt IPCONFIG RENEW Windows 2888 IP Configuration Ethernet adapter Local Area Connection 2 Connection specific DNS Suffix IP Addres 192 168 2 108 Subnet Mask z 255 255 255 0 Default Gateway s 192 168 2 1 C Documents and Settings laurence gt Type EXIT and press the Enter key to close the Command Prompt window CONFIGURING THE CLIENT PC Manual IP Configuration 1 2 Follow steps 1 4 in DHCP IP Configuration on page 3 3 Select Use the internet Protocol ep 19 properties TE following IP address General You can get IP settings assigned automatically if your network supports Enter an IP address this capability Otherwise you need to ask your network administrator for based on the default m ma Ir se network 192 168 2 x Obtain an IP address automatically h a b 2 Use the following IP address w ere x is between IP address 192 168 2 20 and 254 and use Subnet mask 255 255 255 0 255 255 255
78. pplications cannot work when Network Address Translation NAT is enabled If you need to run applications that require multiple connections specify the port normally associated with an application in the Tngger Port field select the protacol type as TCP or UDP then enter the public ports associated with the tngger part to open them for inbound traffe Note Tho range of the Trigger Ports is from 1 to 65535 Trigger Port Trigger Public Port Public Enabled Type Uat of well known special applications Type i Tcp G rcp r uoo Fuoe a amp To Tcp r f uoo uoe 3 o G Tcp e uoo Cuop a iif Tce I rcp r mt uoo upp 5 amp Tto Tcp r uoo Fuoe 6 1 I tcp r rue Pune Fi Tc tcp r z Chen Annn a Specify the public port number normally associated with an application in the Trigger Port field Set the protocol type to TCP or UDP then enter the ports that the application requires The ports may be in the format of a single port or in a range e g 72 96 or a combination of both 4 57 CONFIGURING THE BARRICADE Popular applications requiring multiple ports are listed in the Popular Applications field From the drop down list choose the application and then choose a row number to copy this data into i Note Choosing a row that already contains data will overwrite the current settings For a full list of ports and the services that run on them see www iana org assignments port numbe
79. ps that would cause endless retransmission of data traffic None No authentication Password A password authentication key is included in the packet If this does not match what is expected the packet will be discarded This method provides very little security as it is possible to learn the authentication key by watching RIP packets Password Authentication key When a router receives a routing update that includes changes to an entry it updates its routing table to reflect the new route routers maintain t updates it ting table to reflect th te RIP rout t only the best route to a destination After updating its routing table the router immediately begins transmitting routing updates to inform other network routers of the change Click Save Settings to proceed or Cancel to change your settings 4 73 CONFIGURING THE BARRICADE Routing Table Click Routing Table to view the screen below Parameter Fo Home ators d Routing Table e List Routing Table Flags Network Address Natmask Gateway Interface Metric c 0 0 0 0 0 0 0 0 Groctly WAN e 10 1 20 254 255 255 255 255 directly WAN c 10 1 20 0 255 255 252 0 directly wan 5i c 192 160 2 0 255 255 255 0 drectly LAN 5 127 0 0 1 255 255 255 255 directly Loopback e Flags C directly connected static R RIP I ICMP Redirect Description Flags Network Address Netmask Gateway Interface Metric Indicates the route status C
80. red by your ISP in the appropriate fields If your ISP has provided you with a Service Name enter it in the Service Name field otherwise leave it blank BACK NEXT Click NEXT to proceed or BACK to change your settings Note Clicking NEXT will not automatically connect the BARRICADE to the Internet The BARRICADE will only connect when you explicitly request it to for example by launching your web browser 4 11 CONFIGURING THE BARRICADE 4 12 ADSL Settings PPTP Enter the User ID and Password required by your ISP in the appropriate fields Enter the Idle Time Out for the Internet connection This is the period of time for which the connection to the Internet is maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Time Out to one minute After the Idle Time Out has expired set the action you wish the BARRICADE to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep the session alive SMC 3 SOEBEN i 1 getting started 5 ADSL settings 4 2 Wireless settings Ay perp a Intemet cattings ees wide gt p pp Bereta Subnet Mask po gt p gt Dofault Gateway D b i p User ID sl Password ss C S s SSSS S PPTP Gateway Po D i TE ale Tina Outil fio Cin Manual connect G auto connact Keap session Point to Port Tunneling P
81. ress Book Calculator Notepad W Paint Program Compatibility Wizard Remote Assistance E synchronize Tour Windows xP amp Windows Explorer E Windows Movie Maker A WordPad In the Command Prompt window type IPCONFIG RELEASE and press the Enter key c Command Prompt C gt ipconfig re Mindows IP Configuration Ethernet adapter Local Area Connection Connecti pecific DNS IP Addr Subnet Default 3 11 TCP IP CoNFIGURATION 3 Type IPCONFIG RENEW and press the Enter key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning correctly cx Command Prompt Be lc gt ipconfig release Mindows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Addr Subnet Mask Default Gateway IC gt ipconfig renew Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Addr Sie Subne RE Default Gateway 4 Type EXIT and press the Enter key to close the Command Prompt window Your computer is now configured to connect to the BARRICADE 3 12 CONFIGURING THE CLIENT PC Manual IP Configuration 1 Follow steps 1 5 in DHCP IP Configuration on page 3 9 2 Select Use the following IP Internet P
82. rom your ISP NAT Settings Network Address Translation NAT allows mutwle users at your local site to access the Internet through a single public IP address or multiple public IP addresses NAT can also prevent hacker attacks by mapping local addresses to public addrosses for koy Sorvicos such as tho Web or FTP Enable or disable NAT module function WEnavle C Disable SAVE SETTINGS j Fu To use the NAT feature check the Enable radio button and click Save Settings ADVANCED SETTINGS Address Mapping Network Address Translation NAT allows IP addresses used in a private local network to be mapped to one or more addresses used in the public global Internet This feature limits the number of public IP addresses required from the ISP and also maintains the privacy and security of the local network We allow one public IP address to be mapped to a pool of local addresses Address Mapping Network Address Translation NAT allows IP addresses used in a private local network to be mapped to one or more addresses used in the pubic global Internet This feature limits the number of public 1 addresses required from the ISP and also maintains the privacy and security of tha local network We allow one public IP address to be mapped to a pool of focal addresses Address Mapping obal m F P F is transformed as multiplo virtual IPs from 192 166 2 0 to 192 108 2 P Note Please make sure your DHCP server losso time is sot
83. rotocol TCP IP Properties Address General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for 3 Enter an IP address based on ee eats the default network Obtain an IP address automatically Use the following IP address 192 168 2 x where x is IP address 192 168 2 2 Subnet mask 255 255 255 0 between 2 and 254 and use ries Dres Default gateway 192 169 2 1 255 255 255 0 for the subnet mask Use 192 168 2 1 for the Use the following DNS server addresses Preferred DNS server 192 160 2 1 Default gateway field ee wall Alternate DNS server 4 Select Use the following Advanced DNS server addresses Cancel 5 Enter the IP address for the BARRICADE in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes 6 Record the configured information in the following table TCP IP Configuration Setting IP Address Subnet Mask Preferred DNS Server Alternate DNS Server Default Gateway 3 13 TCP IP CONFIGURATION Disable HTTP Proxy You need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your browser can view the BARRICADE s HTML 3 14 configuration pages
84. rotocol is a comenon connection method used for xOSL conrectons in Euro Click NEXT to proceed or BACK to change your settings SETUP WIZARD ADSL Settings BigPond If you use the BigPond Internet Service which is available in Australia enter the the User Name Password and Authentication Service Name for BigPond authentication 3 Gutting started 5 ADSL settings 2 Wireless settings gE Bigpond 3 Internet settings UserName C S si S 4 Modem settings 5 ADSL ating Password 2 Phase retype your password Authentication Service Name Foon sort Enter the User Name and Password required by your SP in the appropriate fields If your ISP has provided you with a Service Name enter it in the Authentication Service Name field otherwise leave it blank Dex ver Click NEXT to proceed or BACK to change your settings 4 13 CONFIGURING THE BARRICADE Home Network Settings 4 14 Clicking the Home icon at any time returns you to this home page The Main Menu links are used to navigate to other menus that display configuration parameters and statistics Setup Wizard L Home Network Settings You can use the Status serean to soo the con Security firmware and hari DHCP chent PCs Advanced Settings Status n status for the wireless router s WAN LAN interfaces ttempts to access your network as wel as informaban an all Current Tene 2005 10 10 15 42 16 The B
85. rs 4 58 NAT Mapping Table This page displays the current NAPT Network Address Port Translation address mappings _ s2 168 2 103 2187 NAT Mapping Table displays the current NAPT addrass mappings 192 160 2 103 2140 192 160 2 102 2112 192 160 2 109 12190 192 168 2 103 2191 192 168 2 103 2207 I192 108 2 103 2151 192 168 2 103 2208 192 160 2 109 2212 192 160 2 102 2210 192 168 2 103 2157 192 168 2 103 2161 192 168 2 103 2162 192 168 2 103 2179 192 168 2 103 2102 192 150 2 103 2104 192 169 2 10 2195 Advanced Settings z a ru poca rt 2 rer 3 fro Tor s to 6 to 7 to 6 rer 9 tcp 0 TOR u rc 12 rter 13 tee 1 Ter is rer he re v me 18 _ tce 192 168 2 103 12237 ADVANCED SETTINGS Pseudo IP Pseudo Port 10 21 20 47 2190 10 1 20 47 asia 10 1 20 47 2190 10 1 20 47 2193 10 1 20 47 2207 10 1 20 47 2151 10 1 20 47 2208 10 1 20 47 2212 10 1 20 47 2210 10 1 20 47 2157 10 1 20 47 2161 10 1 20 47 2162 10 1 20 47 2179 s7 2182 0 47 21304 0 1 20 47 2106 10 1 20 47 2387 10 1 20 47 2237 10 1 4 118 Peer poet eo 207 46 0 103 1063 207 68 178 61 00 10 1 3 8 10 4 4 116 10 1 3 8 10 1 4 118 10 1 4 110 10 1 3 0 10 2 4118 10 1 3 8 10 1 3 8 10 1 4 118 10 1 4 118 10 3 3 229 10 8 10 138 10 13 68 445 80 445 so eo 129 so 39 445 80 so 1352 179 445 645
86. s in the MAC address table Make sute the same channel is in use on all devices Default Disable SECURITY Security The first menu item in the Security section is Firewall The BARRICADE provides a stateful inspection firewall which is designed to protect against Denial of Service DoS attacks when activated Its purpose is to allow a private local area network LAN to be securely connected to the Internet The second menu item is Wireless This section allows you to configure wireless security settings according to your environment and the privacy level required Sr o E Biome atonu D Setup wizard a Home Network Settings Dev provides a stateful inspection firewall which i ed Its purpose is to alow a private N Vas Advanced Settings To configure your firewall settings click Firewall in the left hand menu 4 29 CONFIGURING THE BARRICADE Firewall 4 30 The BARRICADE firewall inspects packets at the application layer maintains TCP and UDP session information including time outs and the number of active sessions and provides the ability to detect and prevent certain types of network attacks Setup Wizard Home Network Firewall The Device provides on parameters to limit the risk of hackor attack ong that require unrastneted access to one DM2 SAVE SETTINGS Wireless Advanced Settings n Network attacks that deny access to a network device are ca
87. s index and find the matching IP address 161 83 242 11 Since your Service Provider may connect to the Intemot with dynamic IP settings it is likely that the DNS server IP s are also provided dynamically However if there is a ONS server that you would rather use you naed to specify the IP address here Domain Name Servers are used to map a domain name e g www somesite com to the equivalent numerical IP address e g 64 147 25 20 Your ISP should provide the IP address of one or more Domain Name Servers Enter those addresses on this page 4 69 CONFIGURING THE BARRICADE DDNS Dynamic DNS 4 70 Dynamic DNS DDNS provides users on the Internet with a method to tie their domain name to the router or server DDNS allows your domain name to follow your IP address automatically by having your DNS records changed when your IP address changes Default Disabled The DDNS service dynamically updates DNS information to a static hostname provided by the DDNS service provider as clients IP addresses change DDNS Dynamic DNS Settings Setup Wizard Home Network Settings Security Advanced Settings NAT x Dynamic ONS r Enable Disable System Provider fizo z Er dyni ai Domain Name DONS Account E mail Password kay SAVE SETTINGS CANCEL Note Please visit the web sites of the DDNS providers for details DDNS Service Provider Web Site DynDNS org http www dyndns org
88. s that are using dynamic port numbers If you wish to use Stateful Packet Inspection SPI for blocking packets click on the Yes radio button in the Enable SPI and Anti DoS firewall protection field and then check the inspection type that you need such as Packet Fragmentation TCP Connection UDP Session FTP Service and TFTP Service It is called a stateful packet inspection because it examines the contents of the packet to determine the state of the communication i e it ensures that the stated destination computer has previously requested the current communication This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions In addition to being mote rigorous in their inspection of packets stateful inspection firewalls also close off ports until a connection to the specific port is requested When particular types of traffic are checked only the particular type of traffic initiated from the internal LAN will be allowed For example if the user only checks FTP Service in the Stateful Packet Inspection section all incoming traffic will be blocked except for FTP connections initiated from the local LAN When hackers attempt to enter your network we can alert you by email Your E mail Address SMTP Server Address POP3 Server Address User Name Enter your email address Enter y
89. same orientation when attaching the wires to the pins Figure B 1 RJ 45 Ethernet Connector Pin Numbers RJ 45 Port Ethernet Connection B 2 Use the straight through CAT 5 Ethernet cable provided in the package to connect the BARRICADE to your PC When connecting to other network devices such as an Ethernet switch use the cable type shown in the following table Attached Device Port Type Connecting Cable Type MDI X Straight through MDI Crossover RJ 45 Port ETHERNET CONNECTION Pin Assignments With 10BASE T 100BASE TX cable pins 1 and 2 are used for transmitting data and pins 3 and 6 for receiving data RJ 45 Pin Assignments Pin Number Assignment 1 Txt 2 Tx 3 Rx 6 Rx The and signs represent the polarity of the wires that make up each wire pair Straight Through Wiring If the port on the attached device has internal crossover wiring MDI X then use straight through cable Straight Through Cable Pin Assignments End 1 End 2 1 Ix 1 Ix 2 Tx 2 Tx 3 Rx 3 Rx 6 Rx 6 Rx B 3 CABLES B 4 Crossover Wiring If the port on the attached device has straight through wiring MDD use crossover cable Crossover Cable Pin Assignments End 1 End 2 1 Tx 3 Rxt 2 Tx 6 Rx 3 Rxt 1 Txt 6 Rx 2 Tx APPENDIX
90. that you would rather use you need to specify the IP address in the WAN page By Fixed 1P xDSL Some XDSL Internet Service Providers may assign a fixed IP address for your gateway If you have been provided with this information choose this option and enter the assigned IP address subnet mask gateway IP and ONS IP addresses for your wireless router ec PPPOE xDSL If you connect to the Internat using an xDSL Modem and your ISP has provided you with amp password and service name than your ISP uses PPPoE You must choose thes option and enter the required information r gE rre Point to Point Tunneling Protocol amp a common connection method used for NDSL connections in Europe z Select your connection type to proceed Click BACK to go back and change your settings SETUP WIZARD Cable Modem Settings If the ISP requires you to input a Host Name type it in the Host Name field The MAC Address field will be filled automatically SMC OCE 2 Getting started 4 Cable Modem settings Kremer iy cable Modem 9 Internet sattings Host Name 4 Modam settings MAC Address o jun fs fr fe fo A cable modem requires minimal configuration If the 1S8 requires you to input a Host Name type it in the Host Name field above Back Next Click NEXT to proceed or BACK to change your settings CONFIGURING THE BARRICADE 4 10 ADSL Settings Fixed IP xDSL Enter the IP address Subnet Mask
91. the same value For security purposes you should change the default SSID immediately Setup Wizard Home Network Settings This Security Advanced Settings Parameter Channel and Wireless Network Name SSID Wireless Network Name SSID smc Broadcast Wireless Network Name ENAME DISABLE Wireless Mode 11 b g Mixed mode Wi Fi Channel number 6 Extend Range C ENADE DISABLE SAVE SETTINGS CANCEL Description Wireless Network Name SSID The Service Set ID SSID is the name of your wireless network The SSID must be the same on the BARRICADE and all of its wireless clients Default SMC Broadcast Wireless Network Name Enable or disable the broadcasting of the SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP Default Enable Wireless Mode This device supports the following modes 11g only 11b only and 11b g mixed mode Default 11b g mixed mode Home NETWORK SETTINGS Parameter Description Wi Fi Channel The radio channel used by the BARRICADE and its clients Number to communicate with each other This channel must be the same on the BARRICADE and all of its wireless clients The BARRICADE will automatically assign itself a radio channel or you may select one manually Default 6 Extend Range Extends the range of th
92. ther client devices will get denied access This secunty feature can support up to 32 devices and apples to chents MAC Address Control Enablo Cable SAVE SETTINGS CANCEL MAC Filtering Table up to 32 computers 1 MAC Address 1 foo fo fr E9 pa fe 2 t i 1 Advanced Settings foo ifo sfs fee see hr 3 foo he ee ipi Ps i fee IX m u 2 5 u 6 Pensa 2 9 u 2 mM 2 a u aes zu p u a 2 u F 10 Tee sen z Cepy to The BARRICADE can also limit the access of hosts within the local area network LAN The MAC Filtering Table allows the BARRICADE to enter up to 32 MAC addresses that are allowed access to the WAN port All other devices will be denied access By default this feature is disabled Click Save Settings to proceed or Cancel to change your settings 4 35 CONFIGURING THE BARRICADE 4 36 Parental Control The BARRICADE allows the user to block access to web sites from a particular PC by entering either a full URL address or just a keyword This feature can be used to protect children from accessing violent or pornographic web sites a Parental Control Disalowed Web Sites and Keywords You can block access to certain Web sites from a particular PC by entering either a full URL address or just a keyword of the Web site To specify the particular PC go back to the access Control page and check the box for Http with Parental Controlin the Normal Filtering Table
93. to Forever SAVE SETTINGS CANCEL rd Click Save Settings to proceed or Cancel to change your settings 4 55 CONFIGURING THE BARRICADE 4 56 Virtual Server Virtual Server You can configure the wireless router as a virtual server so that remote users accessng services such as the Web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addres other words dapanding on the requested service TCP UDP part number the wireless router redirects the external service request to the appropiate server located at another internal IP address This tool can support both port ranges multiple ports and combinations of the two Por example e Port Ranges 100 150 Multiple Ports 25 120 80 o Combination 25 100 80 No LAN IP Address Protocol Type um Pub Enable 2 Be Ne Su m Ge Ada Clean 2 win rer r Add clean 3 mul I A m WE Asa San s is21s8 2 Me r aaa Chean 5 192 169 2 e af f m Add Clean 6 192 168 2 e a lj r Aaa Clean z 192 168 2 TP x r Ada Clean 8 mul Me af x add clean a 9 mal Me v aaa ciwan in Ss True 7 me 1 vaal raamt Using this feature you can put PCs with public IPs and PCs with private IPs in the same LAN area If you configure the BARRICADE as a virtual server remote users accessing services such as web or FTP at your local site via public IP addresses ca
94. ts and allowed channels of operation apply in some countries as described below Note The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as described below This device requires that the user or installer properly enter the current country of operation in the command line interface as described in the user guide before operating this device e This device will automatically limit the allowable channels determined by the current country of operation Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other system The user is obligated to ensure the device is operating according to the channel limitations indoor outdoor restrictions and license requirements for each European Community country as described in this document This device may be operated indoors or outdoors in all countries of the European Community using the 2 4 GHz band Channels 1 13 Declaration of Conformity in Languages of the European Community English Hereby SMC Networks declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Finnish Valmistaja SMC Networks vakuuttaa t ten ett Radio LAN device tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja s
95. xchange routing mformation with adjacent routers Please Enter the following Configuration Parameters General RIP parameter RIP modo C Enable Disable e Auto summary C Enabie disable Table of current interface RIP parameter Interface Operation Mode Version Poison Authentication Authentication Roverse Required Code wan omas frz eran fen Sf wong Disables pa Ente Me af wana Disables fir Ene es Tem SIT a wanxr Disables MS Erste fore of Wos 2 Disables iz enable frons wosa ie fix Eee J fT a Parameter Description General RIP Parameters RIP mode Globally enables or disables RIP Auto summary If Auto summary is disabled then RIP packets will include sub network information from all subnetworks connected to the router If enabled this sub network information will be summarized to one piece of information covering all subnetworks Table of current Interface RIP parameter Interface The WAN interface to be configured Operation Mode Disable RIP disabled on this interface Enable RIP enabled on this interface Silent Listens for route broadcasts and updates its route table It does not participate in sending route broadcasts 4 72 Parameter ADVANCED SETTINGS Description Version Poison Reverse Authentication Required Authentication Code Sets the RIP Routing Information Protocol version to use on this interface A method for preventing loo
96. your LAN WAN and wireless settings Go to Home Network Settings on page 4 14 Security In this section you can easily configure your wireless security settings Go to Security on page 4 29 Advanced Settings Advanced Settings supports more advanced functions like NAT system maintenance and UPnP Go to Advanced Settings on page 4 53 NAVIGATING THE WEB BROWSER INTERFACE Making Configuration Changes Configurable parameters have a dialog box or a drop down list Once a configuration change has been made on a page be sure to click the Apply or Save Settings or NEXT button at the bottom of the page to enable the new setting Note To ensure proper screen refresh after a command entry be sure that Internet Explorer 5 5 is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for Check for newer versions of stored pages should be Every visit to the page 4 3 CONFIGURING THE BARRICADE Login Screen The Login screen automatically appears first Password 71 ost Please enter correct password for Administrator Accass Thank you We suggest that you use Internet Explorer 5 5 of above at a minim SMC Notworks Inc AB rights reserved Enter the default password smcadmin and then click LOGIN Note Your password is case sensitive 4 4 SETUP WIZARD Setup Wizard Getting Started The Setup Wizard automatically appears by clic
97. yption TKIP MIC AES CCMP SOHO Mode Authentication Authentication PSK PSK Encryption Encryption TKIP MIC AES CCMP Click Save Settings to proceed or Cancel to change your settings 802 1X SECURITY If 802 1X is used in your network then you should enable this function for the BARRICADE This screen allows you to set the 802 1X parameters 802 1X is a method of authenticating a client wireless connection Enter the parameters below to connect the BARRICADE to the Authentication Server Setup Wizard Home Network Settings Security Firewall Wireless D Wireless Eneryesion Aecess Control Wer U WRAAWPAZ Koosi Advanced Settings 802 1X This page alo parameters an egy Parameter you to set the 002 1 sed for this wireles for performng authentication to wi These ject to the Authentication Server out 902 1 Authentication f enable disable Session Idle Timeout nn Seconds 0 for na timaout checking Ae Authantication Penod son Seconds 0 for na re authentication Quiet Penod fo Seconds after authentication faled Server Type radius RADIUS Server Porametors SeveriP 107 fice fh Server Port i3 Sccretkey CS si C mso SAVE SETTINGS CANCEL Description 802 1X Authentication Enable or disable the authentication function Session Idle Timeout This is the time in seconds that a session will sit inactive before ter
Download Pdf Manuals
Related Search