Actiontec MI408 User's Manual
Contents
1. ee My Network E Firewall Settings Parental Control Advanced System Monitoring g Router Status Gor Your Router is Ready for Internet Access g Broadband Connection Ethernet Status IP Address Connected 192 168 10 11 Ethernet 192 168 1 2 Connection Type IP Address ra My Router irr i BPC Name FAELAB23 A 5 Securit r ERRE eon Verizon com The My Network screen appears MAC Address My Network a UP DAD MOM PC Connection type Wireless IP Address 192 168 1 2 IP Address peice Allocation 00 0 B3 11 11 11 3 SON PC Connection type Ethernet IP Address 192 168 1 3 IP Address bice Access Shared Files Website Blocking Block Internet Services Enable Application View Device Details Rename this Device Timeout for Inactive Device Access Shared Files Website Blocking Block Internet Services Enable Application Connected Devices Ethernet 3 device s On the far right side of the screen in the Connected Devices section is list of the devices currently connected to the network listed by connection type and num ber The rest of the screen contains the My Network section which displays each device connected to the network and a series of configuration settings 15 Actiontec Broadband Router User Manual Using My Network Various settings can2. Edit Service screen appears Define the service then click Apply The service will then be automatically added to the top section of the Add Access Control Rule screen and will be selectable 17 Actiontec Broadband Router User Manual The user may disable an access control and the service made available without having to remove the service from the Access Control table This may be useful to make the service available only temporarily with the expectation that the restric tion will be reinstated later To temporarily disable an access control clear the check box next to the net work computer device To reinstate the restriction at a later time select the check box next to the network computer device To remove an access restriction from the Access Control table click the Remove button for the service The service will be removed from the Access Control table Note When Web Filtering is enabled HTTP services cannot be blocked by access control Enable Application Activating Enable Application also known as port forwarding allows the net work to be exposed to the Internet in certain limited and controlled ways enabling some applications to work from the local network game voice and chat applica tions for example as well as allowing Internet access to servers in the network To set this up on a networked device locate the device in the My Network column then click Enable Applications The
3. General Model Number MI408 8 Port Broadband Router Standards IEEE 802 3x IEEE 802 3u IP IP version 4 Firewall ICSA certified Speed LAN Ethernet 10 100 Mbps auto sensing Cabling Type Ethernet 10BaseT UTP STP Category 3 or 5 Ethernet100BaseTX UTP STP Category 5 LED Indicators Power LAN 8 WAN Internet 131 Actiontec Broadband Router User Manual Environmental Power External 5V DC 3A Certifications FCC Part 15 UL 60959 1 Operating Temperature 0 C to 40 C 32 F to 104 F Storage Temperature 20 C to 70 C 4 F to 158 F Operating Humidity 8 to 93 non condensing Storage Humidity 5 to 100 non condensing lt gt Note Specifications are subject to change without notice 132 Notices Regulatory Compliance Notices Class B Equipment This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installa tion This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that inter ference will not occur in a particular installation If this equipment does cause harmful interference to radio or tele
4. This section allows the following management application ports to have their default port numbers to be changed Primary secondary HTTP ports Primary secondary HTTPS ports e Primary secondary Telnet ports Secure Telnet over SSL ports System Logging Use this section to configure the following system log options Enable Logging Click in this check box to activate system logging Low Capacity Notification Enabled Click in this check box to activate low capacity notification works in tandem with Allowed Capacity Before Email Notification and System Log Buffer Size options Allowed Capacity Before Email Notification Enter the percentage of system log buffer capacity reached to trigger an E mail notification System Log Buffer Size Enter the size of the system log buffer in this text box Remote System Notify Level This feature is used to specify the type of information received for remote system logging Options include None Error Warning and Information 81 Actiontec Broadband Router User Manual Security Logging Use this section to configure the following security log options Enable Logging Click in this check box to activate security logging Low Capacity Notification Enabled Click in this check box to activate low capacity notification works in tandem with Allowed Capacity Before Email Notification and Security Log Buffer Size options Allowed Capacity Before E
5. Any gt 69 esd a gt 5060 5061 ia Any gt 10000 20000 Add 2 Click Add at the bottom of the screen The Edit Service screen appears Edit Service Service Name Global Application Service Description Server Ports Protocol Server Ports Action Add Server Ports i 105 Actiontec Broadband Router User Manual 3 Name the service in the Service Name text box and if needed enter a description of the service in the Service Description text box then click Add Service Ports The Edit Service Server Ports screen appears Edit Service Server Ports Protocol Other gt I Exclude Protocol Number 4 Select a protocol from the Protocol drop down list To create a new protocol select Other After selecting a protocol the screen will refresh displaying the relevant text boxes needed to edit the particular protocol 5 Click Apply to save the changes 106 Monitoring the Router The Broadband Router s System Monitoring screens display important system information including e Basic Router settings System log Key network device parameters Network traffic statistics Router Status Click System Monitoring at the top of the Home screen to display the Router Status screen which displays the Router s basic settings Router Status Firmware Version 4 0 16 1 45 36 Model Name MI424 WR Broadband Con
6. Chapter 7 Using Advanced Settings System Settings Clicking System Settings in the Advanced screen generates the System Settings screen where various system and management parameters can be configured System Settings System Wireless Broadband Routers Wireiess_Broadband_Route Hostname Local Domain home Wireless Broadband Router MV Automatic Refresh of System Monitoring Web Pages i Warn User Before Network Configuration Changes Session Lifetime 600 Seconds Configure a number of concurrent users that canbe 5 logged into the Router Remote Administration Management Application Ports Primary HTTP Management Port 80 Secondary HTTP Management ogg Pert 8080 Primary HTTPS Management m Port Secondary HTTPS Management z333 Port 8443 Primary Telnet Port 23 Secondary Telnet Port 8023 Secure Telnet over SSL Port 992 System Logging M Enable Logging Low Capacity Notification Enabled Allowed Capacity Before Email 35 gy Notification System Log Buffer Size 16 KB Remote System Notify Level None Security Logging M Enable Logging M Low Capacity Notification Enabled Allowed Capacity Before Email 35 yy Notification Security Log Buffer Size 16 KB Remote Security Notify Level None A Outgoing Mail Server Server From Email Address Port 25 O Server Requires Authentication Auto WAN Detection M Enable Logging PPP Timeout 30
7. Port Forwarding screen appears Port Forwarding This feature enables applications Games Webcams IM amp Others by opening a tunnel between remote Internet computers and a specific device port inside your local area network LAN Networked Network Public IP WAI Computer Device Address Address Protocols Connection s eel Add Apply 18 1 Chapter 3 Configuring My Network Settings Click Add The Add Port Forwarding Rule screen appears Add Port Forwarding Rule Specify Public IP Address Networked Computer Device Specify Address gt Protocol Specify Protocol vj Add WAN Connection Type AN Broadband Devices Forward to Port Same as Incoming Port gt When should this rule occur Always eal Enter the local IP address or the host name of the computer providing the ser vice in the Networked Computer Device text box Note that only one local network computer can be assigned to provide a specific service or application Select the Internet protocol to be provided from the Protocol drop down list To select a port to forward communications to this is optional select Specify from the Forward to Port drop down list then in the text box that appears enter the port number If no port is identified select Same as Incoming Port If this port will be active all the time select Always from the When should this rul
8. in the Network Objects screen Destination Address The destination address of the packets sent to or received from the network object This address can be configured in the same manner as the source address Protocol Select a specific traffic protocol from the drop down list or add a new one To add a new traffic protocol 1 Select Specify Protocol from the drop down list The screen will refresh and an Add link appears 2 Click Add and add a new protocol This is the same as clicking New Entry in the Protocols screen DSCP Use this drop down list to mark a DSCP value on packets matching a connection that matches this rule To do so select Specify from the drop down list and enter the hexadecimal value of the DSCP 124 Appendix A Quality of Service Set Priority Activate this check box to add a priority to the rule The screen will refresh allowing a selection of one of eight priority levels zero being the lowest and seven the highest each priority level is mapped to low medium high priority This sets the priority of a packet on the connection matching the rule while routing the packet Log Packets Matched by This Rule Check this check box to log the first packet from a connection that was matched by this rule When should this rule occur By default the rule will always be active However scheduler rules can be configured to define time periods during which the rule is a
9. Dynamic DNS screen appears Dynamic DNS Setup Dynamic DNS Domain Name Server Dynamic DNS is a dynamic IP address to be aliased to a static hostname allowing a computer on the network to be more easily accessible from the Internet Connection to Update None x Offline Status Not Updated User Name Password Host Name Wildcard Mail Exchanger Backup MX Configure the following parameters Connection To Update Select the connection with which to couple the Dynamic DNS service Options include Broadband Connection Ethernet Broadband Connection Coax and WAN PPPoE Offline Disable the Dynamic DNS feature by clicking this check box This feature is available only to users who have purchased some type of upgrade credit from Dyndns org Note that changing the redirection URL can only be performed via the Dynamic DNS website User Name Enter the Dynamic DNS user name in this text box Password Enter the Dynamic DNS password in this text box 99 Actiontec Broadband Router User Manual Host Name Enter the full Dynamic DNS domain in this text box Wildcard Select the Wildcard check box to have any URL that includes the domain name here yourhost dyndns org for example to connect Mail Exchanger Enter the mail exchange server address This will redirect all E mails arriving at the Dynamic DNS address to the mail server Backup MX Select this c
10. Seconds DHCP Timeout 30 Seconds Number of Cycles 2 Auto Detection Continuous Trying Apply Cancel 79 Actiontec Broadband Router User Manual System Use the System section of this screen to configure the following two options Broadband Router s Hostname Specify the Router s host name by entering it into the this text box The host name is also the Router s URL address so it can be entered here rather than 192 168 1 1 Local Domain Specify the network s local domain by entering it into this text box Broadband Router Use this section to configure the following Automatic Refresh of System Monitoring Web Pages Click in this check box to activate the automatic refresh of system monitoring web pages Warn User Before Network Configuration Changes Click in this check box to activate user warnings before network configuration changes take effect Session Lifetime After the Router has been inactive for a period of time the user must reenter a user name and password to continue accessing the MegaControl Panel To change the length of this time period enter the amount of time in seconds in the Session Lifetime text box Configure a number of concurrent users Used to limit the number of users that can access the Router at the same time Select the number of users from the drop down list 80 Chapter 7 Using Advanced Settings Management Application Ports
11. changed unless instructed to do so by Verizon 40 Chapter 4 Using Network Connections Login User Name Enter the user name provided by the ISP in this text box Login Password Enter the password provided by the ISP in this text box Support Unencrypted Password PAP Password Authentication Protocol PAP is a simple plain text authentication scheme The user name and password are requested by the networking peer in plain text PAP however is not a secure authentication protocol Man in the middle attacks can easily determine the remote access client s password PAP offers no protection against replay attacks remote client impersonation or remote server impersonation Support Challenge Handshake Authentication CHAP Click in this check box to activate CHAP a challenge response authentication protocol that uses MD5 to hash the response to a challenge CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt Support Microsoft CHAP Click in this check box if communicating with a peer that uses Microsoft CHAP authentication protocol Support Microsoft CHAP Version 2 Select this check box if communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol PPP Compression The PPP Compression Control Protocol CCP is responsible for configuring enabling and disabling data compression algorithms on both ends of the point to point link It is also used to
12. or only the main WAN connection will have UPnP active from the WAN Connection Publication drop down list UPnP services are not deleted when disconnecting a computer without proper shut down of the UPnP application e g messenger Thus if running a boingo services may often not be deleted and will eventually lead to exhaustion of rules and ser vices and no new services can be defined In this scenario the cleanup feature will find the invalid services and remove them preventing services exhaustion 104 Chapter 7 Using Advanced Settings Protocols Protocols features a list of preset and user defined applications and common port settings Protocols can be used in various security features such as Access Control and Port Forwarding New protocols can be added to support new applications or existing ones can be edited when needed To define a protocol 1 Click Protocols in the Advanced screen The Protocols screen appears Protocols Protocols Ports Action FTP TCP Any gt 21 BR HTTP TCP Any gt 80 aR HTTPS TCP Any gt 443 BR IMAP TCP Any gt 143 pR L2TP UDP Any gt 1701 SR L2TP Port Triggering UDP Any gt 1701 BR Ping ICMP Echo Request BR PoP3 TCP Any gt 110 BR SMTP TCP Any gt 25 BR SNMP UDP Any gt 161 pR Telnet TCP Any gt 23 pR TFTP UDP 1024 65535 gt 69 BR TFTP Port Triggering UDP 1024 65535 gt 69 DR Traceroute UDP 32769 65535 gt 33434 33523 SR UDP Any gt 53
13. to a network to be updated whenever an important change occurs in the network A multicast is simply a message that is sent simultaneously to a pre defined group of recipients When joining a multicast group all messages addressed to the group will be received by the user much like when an E mail message is sent to a mailing list IGMP multicasting enables UPnP capabilities over networks and may also be useful when connected to the Internet through the Router When an application run ning on a computer in the network sends out a request to join a multicast group the Router intercepts and processes the request If the Router is set to Minimum Security no further action is required However if the Router is set to Typical Security or Maximum Security the group s IP address must be added to the Router s Multicast Groups screen This will allow incoming messages addressed to the group to pass through the firewall and on to the correct networked computer 1 Select Routing in the Advanced screen 2 Activate the Internet Group Management Protocol check box 3 Click Apply Chapter 7 Using Advanced Settings Domain Routing Domain routing is used in multi router local network configurations Normally to accesss a device connected to one router from another router on the network its IP address must be used Activating domain routing by clicking in the appropriate check box allows the user to access to
14. 115 Traffic Shaping 119 Specifications 131 General 131 LED Indicators 131 Environmental 132 Notices 133 Regulatory Compliance Notices 133 Modifications 133 Limited Warranty 135 Introduction Thank you for purchasing the Actiontec Broadband Router The Router features eight Ethernet ports making it one of the most versatile routers available If you want to take your home or office networking to the next level the Actiontec Broadband Router is sure to be one of the keys to your success 3 Package Contents Actiontec Broadband Router Black Power cord Yellow cable Ethernet 6 ft White cable Ethernet 10 ft Quick Start Guide Installation Guide User Manual CD Wall mount template Vertical stand Warranty Actiontec Broadband Router User Manual Minimum System Requirements Computer with Ethernet capability Microsoft Windows 98SE Me 2000 or XP Mac OS 9 or greater Linux BSD Unix Internet Explorer 5 0 or higher Netscape Navigator 7 0 or higher TCP IP network protocol installed on each computer Features Integrated wired networking with 8 port 10 100 Mbps Ethernet switch Enterprise level security including Fully customizable firewall with Stateful Packet Inspection Content filtering with URL keyword based filtering parental control customizable filtering policies per computer and E mail notification Denial of service protection against IP spoofing attacks intrusion
15. 128 Appendix A Quality of Service 2 The eight 802 1p values are pre populated with the three priority levels Low Medium and High These levels can be changed for each of the eight values in their respective drop down lists 3 Click Apply to save the settings Class Statistics The Router provides accurate real time information on the traffic moving through the defined device classes For example the amount of packets sent dropped or delayed are just a few of the parameters monitored per each shaping class To view class statistics click Quality of Service at the top of the Home screen then click Class Statistics The following screen appears Note that class statistics will only be available after defining at least one class otherwise the screen will not present any information Packets Packets Rate Packet Clone Pachate Sent Bytes Sent oropped Delayed bytea s Rate Class Identifier To create a class identifier click Quality of Service in the Advanced screen then click Class Identifier The DHCP Server Pool Settings screen appears DHCP Server Pool Settings DHCP Option 60 Vendor Class DOO Identifier Start IP Address b f f End IP Address po p p fb a Set Priority 7 High Enter the information needed in the appropriate text boxes then click Apply 129 Actiontec Broadband Router User Manual This page left intentionally blank 130 Specifications
16. 16 Chapter 3 Configuring My Network Settings 1 Click Add in the Networked computer Device column The Add Access Control Rule screen appears Add Access Control Rule Networked Computer Device Any z Protocol any j When should this rule occur Aways x Apply 2 If this access control rule applies to all networked devices select Any from the Networked Computer Device list box If this rule applies to certain devices only select Specify Address and click Add Then add a network object for more details about adding network objects see the Advanced Settings chapter of this manual 3 Select the Internet protocol to be blocked from the Protocol drop down list 4 If this rule will be active all the time select Always from the When should this rule occur drop down list If the rule will only be active at certain times select Specify Schedule and click Add Then add a schedule rule for more details about schedule rules see the Advanced Settings chapter of this manual a gt Note Make sure the Router s date and time settings for your time zone are set correctly for schedule rules to function properly 5 Click Apply to save the changes The Access Control screen will display a sum mary of the access control rule Note To block a service that is not included in the list select Specify Protocol from the Protocol drop down menu The
17. Allow the following URL Keywords Specify a list of URL Keywords separated by spaces Note URL keywords are any words that can be included in a website address such as example in www example com_ Step 4 Click the Apply button for the settings to take effect Apply Cancel 3c Additionally the Router can block or allow access to websites based on key words For example to block any website with example in its title click in the circle next to Block the Following URL Keywords then enter example in the text box below To allow access to any website with example in its title click in the circle next to Allow the Following URL Keywords then enter example in the text box 4 When finished click Apply to have the access policy take effect 70 Chapter 6 Parental Controls 5a Select the computer or device on the network on which the access policy will be enforced from the Network Computer Device drop down menu 5a Select the time period during which the access policy will be enforced from the Network Computer Device drop down menu If Specify Schedule is selected see Scheduler Rules in the Advanced Settings chapter for more infomation 6 An overview of the rule or access policy is displayed at the bottom of the screen Step 5 Select the Network Computer Device the rule will apply to Rule Name R lt r Network Computer Devi
18. At the DOS prompt type ipconfig release then type ipconfig renew Windows XP Unplug the Ethernet cable or wireless card and plug it back in I cannot access the Router s Graphical User Interface What should I do If you cannot access the Router s Graphical User Interface make sure the com puter connected to the Router is set up to dynamically receive an IP address I have an FTP or Web server on my network How can I make it available to users on the Internet For a Web server enable port forwarding for port 8088 to the IP address of the server and set up the Web server to receive on that port as well Configuring the server to use a static IP address is recommended For an FTP server enable port forwarding for port 21 to the IP address of the server Configuring the server to use a static IP address is recommended 113 Actiontec Broadband Router User Manual How many computers can be connected through the Router The Router is capable of 254 connections but it is recommended to have no more than 45 connections As you increase the number of connections you decrease the available speed for each computer What is the default user name for the Router The default user name for the router is admin and the default password is password all lower case no quotation marks When logging into the Router the first time or after restoring the Router s default settings the user is aske
19. Ethernet ain IP Address 192 168 1 2 Your Router is Ready for pdig Internet Access INTERNET NOW g Broadband Connection im Ethernet Status Connected IP Address 192 168 10 11 e Verizon Central Quick Links i e Verizon Surround FEA Enable Applications SHOP gt Games Webcams IM amp Others ACTIONTEC Verizon Help Logout 2 music gt EH VIDEO gt The Home screen has a Main Menu that occupies the top of the screen Below that the screen is divided into three columns My Router My Network and Action Zone Main Menu The Main Menu contains links to all of the configuration options of the Router My Network explained in chapter 4 of this manual Firewall chapter 5 Parental Controls chapter 6 Advanced chapter 7 and System Monitoring chapter 8 12 Chapter 2 Connecting the Router My Router This section displays the status of the Router s network and Internet connection A green light signifies the Router is connected a yellow light means the Router is attempting to connect and a red light signifies the Router s connection is down Broadband Connection The Broadband Connection section of My Router displays the state of the Router s broadband connection Connected or Disconnected for the con nection option Ethernet Status and the WAN IP address of the broadband connection Quick Lin
20. Router for the first time using encrypted remote administration a warning appears regarding certificate authenti cation because the Router s SSL certificate is self generated When encountering this message under these circumstances ignore it and continue Even though this message appears the self gener ated certificate is safe and provides a secure SSL connection 57 Actiontec Broadband Router User Manual Static NAT This option allows multiple public addresses to be designated to devices on the network Static NAT allows devices behind a firewall and configured with private IP addresses appear to have public IP addresses on the Internet This allows an inter nal host such as a web server to have an unregistered private IP address and still be reachable over the Internet To do this 1 Select Static NAT from any Security screen The Static NAT screen appears Static IP Mapping Table Networked Computer ID z Device Add Public IP Address Static NAT WAN aeon Status Po rt z Forwarding oe d 2 Click Add The Add Static NAT screen appears Networked Computer Device Public IP Address WAN Connection Type Add Static NAT Specify Address v b h p p All Broadband Devices p Enable Port Forwarding for Static NAT 3 Enter the name of the computer to be used as the local host or to enter a specific IP address select Specify Address fro
21. Settings MAC Cloning A MAC Media Access Control address is a unique hexadecimal code that identifies a device on a network All networkable devices have a MAC address When replac ing another network device with the Router the installation process can be simpli fied by copying the MAC address of the existing computer to the Router To do this 1 Click MAC Cloning in the Advanced screen The MAC Cloning screen appears MAC Cloning MAC Address Cloning provides the ability to emulate the routers MAC address to appear identical to the original hardware address Use this feature only if your ISP requires MAC Address authentication Set MAC of Device Broadband Connection Ethernet y foo sor fos az a7 fea To Physical Address 2 Enter the MAC address to be cloned in the To Physical Address text boxes 3 Click Clone My MAC Address to capture the MAC address of the computer cur rently accessing the MegaControl Panel The Router will now have the new MAC address ARP Address Resolution Protocol Table Clicking ARP Table in the Advanced screen generates the ARP Table screen This screen displays the IP and MAC addresses of each DHCP connection ARP Table The ARP Table displays the IP and MAC addresses of each DHCP connection ARP Table IP Address MAC Address Device DHCP ACL 192 168 1 2 00 90 27 b3 ce 49 Network Home Office Add 95 Actiontec Broadband Router
22. TO OPEN REPAIR OR MODIFY THE PRODUCT OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OTHER HAZARDS OR ACTS OF GOD LIMITATION OF LIABILITY TO THE FULL EXTENT ALLOWED BY LAW ACTIONTEC ELECTRONICS ALSO EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE OR PROFITS LOSS OF BUSINESS LOSS OF INFORMATION OR DATA OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCT EVEN IF ACTIONTEC ELECTRONICS OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND LIMITS ITS LIABILITY TO REPAIR REPLACEMENT OR REFUND OF THE PURCHASE PRICE PAID AT ACTIONTEC ELECTRONICS OPTION THIS DISCLAIMER OF LIABILITY FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE Disclaimer Some countries states or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidental or consequential damages for certain products supplied to consumers or the limitation of liability for personal injury so the above limitations and exclusions may be limited in their application to you When the implied warranties are not allowed to be excluded in their entirety they w
23. Traffic Monitoring screen Traffic Monitoring Broadband Broadband Network i Wireless WAN WAN Rule Name Home Office Connection Ethernet Connection Coax Access Point PPPOE PPPOE 2 Ethernet Coax Status Connected Down Connected Down Down Connected Disabled Disabled Network Network Broadband Network Broadband Network Network Broadband Broadband Home Office Connection Home Office Connection Home Office Home Office Connection Connection E EN Broadband Broadband edi ee Pont Connection Connection vice poe oin Ethernet Coax oax Hardware i Connection Coax Link Coax Link Wireless Type Bridge Ethernet Sines Ethernet Ethernet Access Point PPPOE PPPoE IP Address 192 168 1 1 Received Pockets 26485 0 14317 o 0 1714079 Sent Packets 509779 0 431658 o 0 162575 Received 3726194 o 3465635 o o 142844698 Bytes Sent Bytes 88379904 o 58305737 o 0 35697647 Receive Errors i z j a Receive g 0 o 0 o 0 Drops Time Span 48 21 56 48 21 56 48 21 56 48 21 56 48 21 56 48 21 56 Automatic Refresh Off 110 Troubleshooting This chapter contains a list of problems that may be encountered while using the Broadband Router and techniques to try and overcome the problem Note that these techniques may not solve the problem or problems Accessing the Router if Locked Out If the Router s connection is lost while making configuration changes a setting that locks access to the MegaControl Panel may have inadvert
24. User Manual Users To manage individual users 1 Click Users in the Advanced screen which generates the Users screen Users The Users page provides the ability to add or edit Admin or Guest access to the router Users Full Name User Name Permissions Action Administrator admin Administrator New User E 2 Click New User which generates the User Settings screen User Settings General Full Name User Name case sensitive New Password Retype New Password Permissions Administrator gt E Mail Notification Configure Notification Mail Server Notification Address System Notify Level None z Security Notify Level None z When adding a user specify the following parameters Full Name The user s full name User Name The name a remote user will use to access the home or office network This entry is case sensitive New Password Retype New Password The password for the user and enter again to confirm Permissions The level of access the user is allowed Options include Administrator or Limited 96 Chapter 7 Using Advanced Settings E mail Notification E mail notification can be used to receive indications of system events for a predefined severity classification The available types of events are System or Security events The available severity of events are Error Warning and Information To configure E mail
25. appears Note To block a service click Add in the Blocked section of the Access Control screen To allow outgoing traffic click Add in the Allowed section of the screen Add Access Control Rule Networked Computer Device Any zj Protocol any z When should this rule occur Always hd 50 Chapter 5 Configuring the Router s Security 3 If this access control rule applies to all networked devices select Any from the Networked Computer Device list box If this rule applies to certain devices only select Specify Address and click Add Then create and add a network object for more details about adding network objects see the Advanced Settings chapter of this manual 4 Select the Internet protocol to be allowed or blocked from the Protocol drop down list 5 If the rule will be active all the time select Always from the When should this rule occur drop down list If the rule will only be active at certain times select Specify Schedule and click Add Then add a schedule rule for more details about schedule rules see the Advanced Settings chapter of this manual 6 Click Apply to save the changes The Access Control screen will display a sum mary of the new access control rule lt gt Note To block a service not included in the list select Specify Protocol from the Protocol drop down menu The Edit Service screen appears Define the servi
26. bandwidth of the WAN device to that of the weak est outbound link This forces the Router to be the network bottleneck where sophisticated QoS prioritization can be performed Rx Bandwidth In the same manner this Rx bandwidth limits the Router s bandwidth reception rate TCP Serialization Enable TCP Serialization from its drop down list either for active voice calls only or for all traffic The screen will refresh adding a Maximum Delay text box This function allows the maximum allowed trans mission time frame in milliseconds of a single packet to be defined Any packet requiring a longer time to be transmitted will be fragmented to smaller sections This avoids transmission of large bursty packets that can cause delay or jitter for real time traffic such as VoIP Shaping Classes The bandwidth of a device can be divided to reserve constant portions of band width to predefined traffic types Such a portion is known as a shaping class When not used by its predefined traffic type or owner for example VoIP the class will be available to all other traffic However when needed the entire class is reserved solely for its owner Also the maximum bandwidth that a class uses can be limited even if the entire bandwidth is available When a shaping class is defined for a specific traffic type two shaping classes are created The second class is the Default Class which is responsible for all the packets that do not
27. be accessed for a particular device as follows Access Device For devices that can be accessed such as Internet cameras and networked hard drives locate it in the My Network column then click Access Devices to use the device over the network Access Shared Files To access the shared files on a particular device locate the device in the My Network column then click Access Shared Files A list of shared files appears on the screen Website Blocking Clicking Website Blocking generates the Parental Control screen For more information about using parental controls see chapter 6 Using Parental Controls Block Internet Services Internet services blocking is used to prevent a device on the network from access ing particular services on the Internet such as receiving E mail or downloading from FTP sites To set up Internet services blocking on a networked device locate the device in the My Network column then click Block Internet Services The Access Control screen appears Access Control Block Internet Services Protocols like E mail or Internet access for any computer on your network Blocked Natworiad Computer Network Address Protocols Status Action evice Add Allowed Networked Computer Network Address Protocols Status Action F any Any DHCP UDP 67 68 gt 67 Active SR DNS TCP 53 gt 53 F any Any TEP 1024 65535 gt 53 active aR LIND 1274 65525 gt 53
28. before the Router stops attempting to establish a broadband DHCP connection Number of Cycles Enter the number of times the Router attempts to detect a broadband PPP and DHCP connection Auto Detection Continuous Trying Click in this check box to cause the Router to indefinitely search for a broadband connection 83 Actiontec Broadband Router User Manual Date and Time To configure date time and daylight savings time settings perform the following 1 Click Date and Time in the Advanced screen The Date and Time screen appears Date and Time Localization Local Time Jan 1 2003 21 26 10 Time Zone Eastern_Time GMT 05 00 z Daylight Saving Time 7 Enabled Start Mar z 28 zi oo foo End oa zi zs zi pr po Offset E0 Minutes Automatic Time Update 7 Enabled C Time Of Day TOD Protocol Network Time Protocol NTP Update Every 24 Hours Time Server Action ntp actiontec com amp Add ag Stak Got time update from server Last Update Fri Apr 14 13 27 45 2006 Press the Refresh button to update the status 2 Select the local time zone from the drop down list The Router can automati cally detect daylight saving setting for selected time zones If the daylight sav ing settings for a time zone are not automatically detected the following fields will be displayed Enabled Select this check box to enable daylight saving time e Start Date and tim
29. example a gaming server is accessed using UDP protocol on port 2222 The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions In this case port triggering must be used since it con flicts with the following default firewall settings The firewall blocks inbound traffic by default The server replies to the Router s IP and the connection is not sent back to the host since it is not part of a session To resolve the conflict a port triggering entry must be defined which allows inbound traffic on UDP port 3333 only after a network host generated traffic to UDP port 2222 This results in accepting the inbound traffic from the gaming server and sending it back to the network host which originated the outgoing traf fic to UDP port 2222 54 Chapter 5 Configuring the Router s Security To use port triggering 1 Select Port Triggering from the left side of any Security screen The Port Triggering screen appears Port Triggering Trigger opening of ports for incoming data NOTE Only advanced technical users should use this feature Protocol Outgoing Trigger Ports Incoming Ports to Open Action L2TP Layer Two Tunneling Protocol UDP Any gt 1701 UDP Any gt Same as Initiating KX I TAP Trivial File Transfer Protocol UDP 1024 65535 gt 69 UDP Any gt Same as Initiating amp Specify Protocol v Add 2 Select either Specify Protocol
30. for AUTH protocol has been accepted for maximum security level IPV6 over IPV4 an IPv6 over IPv4 packet has been accepted ARP an ARP packet has been accepted PPP Discover a PPP discover packet has been accepted PPP Session a PPP session packet has been accepted 802 1Q a 802 1Q VLAN packet has been accepted Outbound Auth1X an outbound Auth1X packet has been accepted IP Version 6 an IPv6 packet has been accepted e Router initiated traffic all traffic the Router initiates is recorded Maximum security enabled service a packet has been accepted because it belongs to a permitted service in the maximum security level SynCookies Protection a SynCookies packet has been blocked ICMP Flood Protection a packet has been blocked stopping an ICMP flood UDP Flood Protection a packet has been blocked stopping a UDP flood Service a packet has been accepted because of a certain service as specified in the event type e Advanced Filter Rule a packet has been accepted blocked because of an advanced filter rule Fragmented packet header too small a packet has been blocked because after defragmentation the header was too small Fragmented packet header too big a packet has been blocked because after defragmentation the header was too big Fragmented packet bad align a packet has been blocked because after defragmentation the packet was badly aligned 65 A
31. must be updated with the new network card s MAC address To remove a host from the table click the appropriate Delete icon in the Action column 92 Chapter 7 Using Advanced Settings Diagnostics The Diagnostics screen can assist in testing network connectivity This feature pings ICMP echo an IP address and displays the results such as the number of packets transmitted and received round trip time and success status To diagnose network connectivity 1 Click Diagnostics from the Advanced screen The Diagnostics screen appears Diagnostics The information below has been determined Diagnostics can assist in testing network connectivity This feature pings ICMP echo an IP address and displays the results such as the number of packets transmitted and received round trip time and success status Ping ICMP Echo Destination 192 168 1 2 Number of pings k Status Test Failed Packets 4 4 transmitted 0 4 received 100 loss Minimum 2147483647 ms Round Trip Time Maximum 0 ms Average 0 ms Press the Refresh button to update the status 2 Enter the IP address or domain name to be tested in the Destination field 3 Click Go 4 Ina few seconds diagnostics statistics will be displayed If no new information is displayed click Refresh 93 Actiontec Broadband Router User Manual Restoring Default Settings If the Router s factory default set
32. s network connections in the My Network screen click Network Connections from the menu on the left side The Network Connections screen appears Network Connections NOTE Ignore the WAN PPPOE Status unless you are a PPPOE customer Rule Name Status Action 7 Network Home Office Connected amp amp Broadband Connection Ethernet Down S Broadband Connection Coax Down i F WAN PPPOE Disabled i F WAN PPPOE 2 Disabled amp Add Full Status Detect Broadband Connection Click Advanced to expand the screen and display all connection entries Network Connections NOTE Only advanced technical users should use this feature Rule Name Status Action T Network Home Office Connected amp amp Ethernet Connected g T Wireless Access Point Connected g F Broadband Connection Ethernet Down 2 Broadband Connection Coax Doe 5 F WAN PPPOE Disabled SR F WAN PPPOE 2 Disabled SR Add Full Status MJ Detect Broadband Connection 23 Actiontec Broadband Router User Manual To select a connection click on its name The rest of this chapter describes the dif ferent network connections available on the Router as well as the connection types that can be created Network Home Office Select Network Home Office in the Network Connections screen to generate the Network Home Office Properties screen This screen displays a list of the local network s prop
33. signal a failure of the compression decompres sion mechanism in a reliable manner For each compression algorithm BSD and Deflate select one of the following from the drop down list Reject Selecting this option rejects PPP connections with peers that use the com pression algorithm If Reject is activated throughput may diminish Allow Selecting this option allows PPP connections with peers that use the com pression algorithm Require Selecting this option insures a connection with a peer using the com pression algorithm 41 Actiontec Broadband Router User Manual Internet Protocol Select one of the following Internet Protocol options from the Internet Protocol drop down list Obtain an IP Address Automatically This option is selected by default Change only if required by the ISP The server that assigns the Router with an IP address also assigns a subnet mask Override the dynamically assigned subnet mask by selecting the Override Subnet Mask and entering a different subnet mask Use the Following IP Address Select this option to configure the Router to use a permanent static IP address The ISP should provide this address DNS Server The Domain Name System DNS is the method by which website or domain names are translated into IP addresses The Router can be configured to auto matically obtain a DNS server address or the address can be entered manually according to the information provided by
34. the ISP To configure the connection to automatically obtain a DNS server address select Obtain DNS Server Address Automatically from the DNS Server drop down list To manually configure DNS server addresses select Use the Following DNS Server Addresses from the DNS Server drop down list Up to two different DNS server addresses can be entered Primary and Secondary Routing Select Advanced or Basic from the Routing drop down list If Advanced is selected additional options appear as listed below Routing Mode Select one of the following Routing modes e Route Select this option to cause the Router to act as a router between two networks e NAT Select this option to activate Network Address Translation NAT which translates IP addresses to a valid public address on the Internet NAT adds security since the IP addresses of the devices on the network are not transmitted over the Internet In addition NAT allows many addresses to exist behind a single valid address Use the NAT routing mode only if the local network consists of a single device or collisions may occur if more than one device attempts to communicate using the same port 42 Chapter 4 Using Network Connections e NAPT Select this option to activate NAPT Network Address and Port Translation which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address Use
35. the computer by name as well as IP address IP Address Distribution The Router s DHCP server makes it possible to easily add computers configured as DHCP clients to the network It provides a mechanism for allocating IP addresses to these hosts and for delivering network configuration parameters to them For example a client host sends out a broadcast message on the network request ing an IP address for itself The DHCP server then checks its list of available address es and leases a local IP address to the host for a specific period of time and simul taneously designates this IP address as taken At this point the host is configured with an IP address for the duration of the lease The host can choose to renew an expiring lease or let it expire If it chooses to renew a lease it will also receive current information about network services as it did with the original lease allowing it to update its network configurations to reflect any changes that occurred since it first connected to the network If the host wishes to terminate a lease before its expiration it can send a release message to the DHCP server which will then make the IP address available for use by others The Router s DHCP server Displays a list of all DHCP hosts devices connected to the Router Defines the range of IP addresses that can be allocated in the network Defines the length of time for which dynamic IP addresses are allocated Prov
36. the power is on Confirm the computer and Router are on the same network segment If unsure let the computer get the IP address automatically by initiating the DHCP function then verify the computer is using an IP address within the default range 192 168 1 2 through 198 168 1 254 If the computer is not using an IP address within the range it will not connect to the Router Ensure the Subnet Mask address is set to 255 255 255 0 Time out error occurs when entering a URL or IP Address Verify all the computers are working properly Ensure the IP settings are correct Ensure the Router is on and connected properly Verify the Router s settings are the same as the computer I ve run out of Ethernet ports on my Router How do add more computers Plugging in an Ethernet hub or switch expands the number of ports on the Router Run a standard Ethernet cable from the Uplink port of the new hub or switch to a yellow Ethernet port on the Router How do I change the password on the Router s Graphic User Interface From the Router s GUI Home screen click Advanced then Users From the Users screen click Administrator which generates the User Settings screen In the General section of the screen change the password Which connection speeds does the Router support The Ethernet Internet connection supports 100 Mbps The 802 11g wireless con nection supports up to 54 Mbps depending on signal
37. ties The only modifications that can be made from this screen are disabling the connection by clicking Disable or renaming the connection by entering a new name in the Rule Name text box Ethernet Properties NOTE Only advanced technical users should use this feature Rule Name Ethernet Status Connected Network Network Home Office Connection Type Ethernet MAC Address 00 0F b3 a2 d7 c7 IP Address Distribution Disabled Received Packets 8967 Sent Packets 615430 Time Span 70 31 48 I Se Ee Note If disabling the connection the Router must be rebooted for the change to take effect 29 Actiontec Broadband Router User Manual Configuring the Ethernet Connection Click Settings at the bottom right of the Ethernet Properties screen to generate the Configure Ethernet screen Configure Ethernet NOTE Only advanced technical users should use this feature General Status Connected When should this rule occur Always Network Network Home Office gt Connection Type Ethernet Physical Address 00 0F b3 a2 d7 c6 MTU Automatic 1500 Additional IP Addresses New IP Address 4 Ports Ethernet Switch FShow iv Port Status PVID VLANs Action Port 0 Connected 100 FD Port 1 Disconnected Port 2 Disconnected ag a Port 3 Disconnected General The top part of the Configure Ethernet screen displays general communication parameters Actiontec recommends not c
38. 94085 Actiontec Electronics shall not be responsible for any software firmware informa tion memory data or Customer data contained in stored on or integrated with any products returned to Actiontec Electronics for repair whether under warranty or not WARRANTIES EXCLUSIVE IF AN ACTIONTEC ELECTRONICS PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE CUSTOMER S SOLE REMEDY FOR BREACH OF THAT WARRANTY SHALL BE REPAIR REPLACEMENT OR REFUND OF THE PURCHASE PRICE PAID AT ACTIONTEC ELECTRONICS OPTION TO THE FULL EXTENT ALLOWED BY LAW THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES TERMS OR CONDITIONS EXPRESS OR IMPLIED EITHER IN FACT OR BY OPERATION OF LAW STATUTORY OR OTHERWISE INCLUDING WARRANTIES TERMS OR CONDITIONS OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE SATISFACTORY QUALITY CORRESPONDENCE WITH DESCRIPTION AND NON INFRINGEMENT ALL OF WHICH ARE EXPRESSLY DISCLAIMED ACTIONTEC ELECTRONICS 136 Limited Warranty NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF ITS PRODUCTS ACTIONTEC ELECTRONICS SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT OR MALFUNCTION IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMERS OR ANY THIRD PERSON S MISUSE NEGLECT IMPROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPT
39. CP values which are mapped to 802 1p priority marking method Any of the existing DSCP setting can be edited or deleted and new entries can be added 126 Appendix A Quality of Service 1 Click Quality of Service at the top of the Home screen then click DSCP Settings The DSCP Settings screen appears OSCP Settings OSCP Value hex 802 1p Priority Action Ox 0 tow Sam Ox2 0 tow om Out 4 medon Sm Ont 4 Meee om ot 2 low SR osa 1 os ox Oc 3 tow om oxt 2 Low se Onto 7 high Sm 0x12 6 Magn PEN O 7 high Sm oust e me Sm Ose so ecua Sa Oxs s Mecum aa Ossc so ece oa oxtt 5 Medun om oas 7 gh om Asa a c 2 To edit an existing entry click the appropriate icon in the Action column To add a new entry click Add In either case the Edit DSCP Settings screen appears DSCP Value hex 802 1p Priority Edit DSCP Settings o tow zi 3 Configure the following parameters DSCP Value hex Enter the DSCP value as a hexadecimal value 802 1p Priority Select a 802 1p priority level from the drop down list zero being the lowest and seven the highest each priority level is mapped to low medium high priority The default DSCP value for packets with an unassigned value is zero 4 Click Apply to save the settings 127 Actiontec Broadband Router User Manual 802 1p Settings The IEEE 802 1p priority marking method is a standard for prioritizing netwo
40. E IP Address Down Connected Disabled Disabled Network Network Broadband Network Broadband Network Network Broadband Broadband Home Office Connection Home Office Connection Home Office Home Office Connection Connection Ethernet ing Wireless Access Broadband Broadband peed Point Connection Connection Coax properties Ethernet Coax Coax Stats Connection pri Hardware Coax Link Coax Link Wireless Access Type Biase Breuer Ethernet Switch Ethernet Ethernet Point PODE lean MAC agg 00 0f b3 a2 d7 c6 00 0f b3 a2 d7 ca 00 0f b3 a2 d7 c7 00 0F b3 a2 d7 cb 00 0f b3 a2 d7 c8 00 0d f0 1d 00 cc IP Address 192 168 1 1 Subnet Mask 255 255 255 0 IP Address Distribution DHCP Server Disabled Disabled Disabled Disabled Disabled Service Name User Name qa2 local qa2 local Received 11835 0 8760 0 0 1427922 Packets Sent Packets Time Span 70 27 09 70 27 09 70 27 09 70 27 09 70 27 09 70 27 09 845051 0 614542 0 0 233910 Channel Disconnected Disconnected Automatic Refresh Off 109 Actiontec Broadband Router User Manual Traffic Monitoring The Router constantly monitors traffic within the local network and between the local network and the Internet To view up to the second statistical information about data received from and transmitted to the Internet and about data received from and transmitted to computers in the local network click Traffic Monitoring in the Advanced Status screen This generates the
41. NAPT if the local network contains multiple devices a topology that necessitates port translation in addition to address translation Device Metric The device metric is a value used by the Router to determine whether one route is superior to another considering parameters such as band width delay and more Default Route Click in this check box to define the connection as a the default route Multicast IGMP Proxy Default Click in this check box to enable the Router to issue IGMP Internet Group Management Protocol host messages on behalf of hosts the Router discovers through standard IGMP interfaces IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devic es asking to join multicast groups Routing Table Clicking New Route generates the New Route window where a new route can be configured Internet Connection Firewall Click in the Enabled check box to activate the Router s firewall on the WAN PPPoE connection 43 Actiontec Broadband Router User Manual This page left intentionally blank 44 Configuring the Router s Security The Broadband Router s security suite includes comprehensive and robust security services Stateful Packet Inspection a firewall user authentication protocols and password protection mechanisms These features allow users to connect their com puters to the Internet and be protected from the security threats The Rou
42. Router s factory default settings press and hold the Reset button for approximately ten seconds The reset process will start about ten seconds after releasing the button When the Router resets all the lights on the front panel turn off and then the lights start flashing The Router has completed its reset process when the Power light glows steadily green Caution Do not unplug the Power cord from the Router dur ing the reset process Doing so may result in the loss of the Router s configuration information If this occurs reset the Router again Actiontec Broadband Router User Manual Power Switch The Power switch powers the Router on and off Power Port The Power port connects the Router to an electrical wall outlet via the Power cord amp Caution Do not unplug the Power cord from the Router dur ing the reset process Doing so may result in the loss of the Router s configuration information If this occurs reset the Router again Connecting the Router Connecting a computer or local network to the Broadband Router is a simple procedure varying slightly depending on the computer s operating system but designed to seamlessly integrate the Router with the computer or local network Moreover addition configuration to access the GUI is not required when taking advantage of Universal Plug and Play support in Windows XP The Windows default network settings dictate that in most cases the setup pro cedu
43. SD Allow gt Deflate Allow vj Internet Protocol Obtain an IP Address Automatically Override p Jo Subnet Mask o 0 DNS Server Obtain DNS Server Address Automatically 7 Routing Basic z Internet Connection Firewall Enabled This feature provides the ability to change the default firewall settings on this interface We highly recommend that you not change the default settings General The top part of the Configure WAN PPPoE screen displays general communica tion parameters Actiontec recommends not changing the default values in this section unless familiar with networking concepts gt Status Displays the connection status of the WAN PPPoE connection Down Disabled Connected etc When should this rule occur Displays when the rule is active To schedule rules see Advanced Settings chapter 39 Actiontec Broadband Router User Manual Network Select the type of connection being configured from the drop down list Broadband Connection Network Home Office or DMZ Connection Type Displays the type of connection Since this is PPPoE connection PPPOE is displayed MTU MTU Maximum Transmission Unit specifies the largest packet size permitted for Internet transmission Automatic sets the MTU at 1492 Other choices include Automatic which sets the MTU according to the connection to the ISP and Manual which allows the MTU to be set man
44. TPS Port 443 Using Secondary HTTPS Port 8443 Diagnostic Tools V Allow Incoming ICMP Echo Requests e g pings and ICMP traceroute queries Allow Incoming UDP Traceroute Queries Telnet Telnet is used to create a command line session and gain access to all system set tings and parameters using a text based terminal Select the Telnet port to be used by clicking in the appropriate check box then click Apply 56 Chapter 5 Configuring the Router s Security MegaControl Panel MegaControl Panel is used to obtain access to the Router s MegaControl Panel and gain access to all settings and parameters using a web browser Both secure HTTPS and non secure HTTP access is available Select the port to be used by clicking in the appropriate text box then click Apply gt Note Telnet and MegaControl Panel remote administration access may be used to modify or disable firewall settings Local IP addresses and other settings can also be changed making it difficult or impossible to access the Router from the local network Therefore remote adminstration access to Telnet or MegaControl Panel services should be activated only when absolutely necessary Diagnostic Tools Diagnostic Tools are used for troubleshooting and remote system management by a user or the ISP a gt Note Encrypted remote administration is performed using a secure SSL connection and requires an SSL certificate When accessing the
45. Table of Contents Introduction Package Contents Minimum System Requirements Features Getting to Know the Router Connecting the Router Setting Up the Router Computer Network Configuration Configuring the Router Home Page Configuring My Network Settings Accessing My Network Using My Network Using Network Connections Network Home Office Ethernet Connection Broadband Ethernet Connection WAN PPPoE WAN PPPoE 2 Configuring the Router s Security General Access Control Port Forwarding DMZ Demilitarized Zone Host Port Triggering Remote Administration Static NAT Advanced Filtering Security Log 6 Using Parental Controls Activating Parental Controls Advanced Parental Controls 7 Using Advanced Settings Firmware Upgrade Firmware Restore Configuration File System Settings Date and Time NN WNN 12 15 15 16 23 24 29 32 38 45 47 49 52 53 54 56 58 59 62 69 69 71 73 75 77 78 79 84 Actiontec Broadband Router User Manual Scheduler Rules 85 Routing 87 IP Address Distribution 89 Diagnostics 93 Restoring Default Settings 94 Reboot the Router 94 MAC Cloning 95 ARP Address Resolution Protocol Table 95 Users 96 Qos 97 Local Administration 97 Remote Administration 98 Dynamic DNS 98 DNS Server 100 Network Objects 102 Universal Plug and Play UPnP 103 Protocols 105 Monitoring the Router 107 Router Status 107 Advanced Status 108 Troubleshooting 111 Quality of Service 115 Traffic Priority
46. anced Settings The Advanced section of the Broadband Router s MegaControl Panel is intended primarily for more advanced users Some changes to settings within this section could adversely affect the operation of the Router and the local network and should be made with caution To access the Router s Advanced Settings click Advanced at the top of the Home screen which generates the Advanced screen Advanced we 2 5 e Diagnostics Dynamic DNS Configuration File Firmware Upgrade Restore Defaults DNS Server System Settings Firmware Restore Reboot Router Port Configuration MAC Cloning ARP Table 4 m J a Users Quality of Service QoS Network Objects Date and Time Routing Local Administration Universal Plug and Play Scheduler Rules IP Address Distribution Remote Administration Protocols The following settings are explained in this chapter Firmware Upgrade download and install new versions of the Router s firmware Firmware Restore restores firmware to previous version loaded in flash memory Configuration File manage configuration files System Settings modify the system s settings Date and Time set the local date and time Scheduler Rules schedule firewall activation Routing manage routing policies IP Address Distribution manage the IP addresses of devices on the network Diagnostics perform diagnostic tests on the Router 73 Actiontec Broadband Router User Manual Restore Defa
47. and Peer To Peer client applications tend to use these ports if they cannot connect with their own default ports When applying this behavior these applications will not be blocked outbound even at the Maximum Security level To configure the Router s security settings 1 From the General screen select a security level by clicking the appropriate radio button Using the Minimum Security setting may expose the local network to significant security risks and thus should only be used for short periods of time 48 Chapter 5 Configuring the Router s Security 2 Check the Block IP Fragments box to protect the local network from a com mon type of hacker attack that uses fragmented data packets to sabotage the network Note that VPN over IPSec and some UDP based services make legiti mate use of IP fragments IP fragments must be allowed to pass into the local network to use these services 3 Click Apply to save changes Access Control Access control is used to block specific computers within the local network or even the whole network from accessing certain services on the Internet For example one computer can be prohibited from surfing the Internet another computer from transferring files using FTP and the whole network from receiving incoming E mail Access control defines restrictions on the types of requests that can pass from the local network out to the Internet and thus may block traffic flowing in bot
48. and scanning attacks IP fragment overlap ping of death and fragmentation attacks Event logging Intrusion detection MAC address filtering NAT DMZ hosting Access control ICSA certified Other Features DHCP server option DHCP server PPPoE server auto detection DNS server LAN IP and WAN IP address selection MAC address cloning Chapter 1 Introduction Port forwarding PPPoE support QoS support end to end layer 2 3 featuring Diffserv 802 1p q prioriti zation configurable upstream downstream traffic shaping random early detection and pass through of WAN side DSCPs PHBs and queuing to LAN side devices Remote management and secured remote management using HTTPS Reverse NAT Static NAT Static routing Time zone support VLAN multicast support VPN IPSec VPN passthrough only Getting to Know the Router This section contains a quick description of the Router s lights LEDs ports etc The Router features several indicator lights on its front panel and a series of ports and switches on its rear panel Front Panel The front panel of the Router features 11 indicator lights Power Broadband Internet and Ethernet 8 Actiontec Broadband Router User Manual Power Light ly The Power light displays the Router s current status If the Power light glows steadily green the Router is receiving power and fully operational When the Power light flashes rapidly the Router is initializing If
49. antly been acti vated There are three common ways to lock access to the Router Scheduler If a schedule has been created that applies to the computer over the connection being used the Router will not be accessible during the times set in the schedule To regain access either wait until the connection is scheduled to be active again or restore the default settings to the Router LAN Firewall If the firewall setting for the local network is set to maximum no computers from the network will be able to connect to the Router To gain access restore the default settings to the Router Access Control If the access control setting for the computer is set to block the computer access to the Router will be denied To gain access restore the default settings to the Router Restoring the Router s Default Settings There are two ways to restore the Router s default settings The first is to use the tip of a ballpoint pen and depress the Reset button on the back of the Router for at least five seconds The second is to access the Router s MegaControl Panel and navigate to the Advanced Settings screen Click on Restore Defaults and read the instructions on screen Note that after performing either of these two procedures all previously saved settings on the Router will be lost Actiontec Broadband Router User Manual LAN Connection Failure Ensure the Router is properly installed the LAN connections are correct and
50. cations that can be made from this screen are disabling the connection by clicking Disable or renaming the connection by entering a new name in the Name text box WAN PPPOE Properties INOTE Only advanced technical users should use this feature Enable Rule Name WAN PPPoE Status Disabled Network Broadband Connection Underlying Device Broadband Connection Ethernet Connection Type PPPoE Service Name User Name verizonfios I ES oe 38 Chapter 4 Using Network Connections Configuring the WAN PPPoE Connection Click Settings in the WAN PPPoE Properties screen to generate the Configure WAN PPPoE screen Configure WAN PPPOE NOTE Only advanced technical users should use this feature General Status Disabled When should this rule occur Always Network Broadband Connection v Connection Type PPPoE MTU Automatic gt 1492 Underlying Connection Broadband Connection Ethernet 7 PPP Service Name should be filled only if specified by provider 7 On Demand will attempt to connect only when packets are sent Time Between Reconnect Attempts 30 Seconds PPP Authentication Login User Name case sensitive verizonfios Login Password gt m I Support Unencrypted Password PAP F Support Challenge Handshake Authentication CHAP I Support Microsoft CHAP MS CHAP F Support Microsoft CHAP Version 2 MS CHAP v2 PPP Compression B
51. ce Any When should this rule occur Always Rule Overview Rule Name Description Action Networked Computer Device Overview Computer Device IP Address Rule When should this rule occur Action amp Advanced Parental Controls Clicking Advanced from the menu on the left side generates the Advanced screen Advanced To block All Internet access to a specific computer device on your network follow the steps below Step 1 Select the Computer Device that blocking All Internet access will apply to Network Computer Device Any z When should this rule occur aways I Step 2 Click the Apply button for the settings to take effect Overview Blocked Device Delete Rule R Ea Here all Internet access to a particular computer or device on the network can be blocked To do this 1 Select the computer or device on the network on which the access policy will be enforced from the Network Computer Device drop down menu 71 Actiontec Broadband Router User Manual Select the time period during which the access policy will be enforced from the Network Computer Device drop down menu If Specify Schedule is selected see Scheduler Rules in the Advanced Settings chapter for more infomation When finished click Apply to have the access policy take effect An overview of the rule or access policy is displayed at the bottom of the screen 72 Using Adv
52. ce then click OK The service will then be automatically added to the top section of the Add Access Control Rule screen and will be selectable An access control can be disabled and the service made available without having to remove the service from the Access Control table This may be useful to make the service available temporarily with the expectation that the restriction will be reinstated later To temporarily disable an access control clear the check box next to the ser vice name To reinstate the restriction at a later time select the check box next to the service name To remove an access restriction from the Access Control table click Remove for the service The service will be removed from the Access Control table 51 Actiontec Broadband Router User Manual Port Forwarding In its default state the Router blocks all external users from connecting to or communicating with the network making it safe from hackers who may try to intrude on the network and damage it However the network can be exposed to the Internet in certain limited and controlled ways to enable some applications to work from the local network game voice and chat applications for example and to enable Internet access to servers in the network Port forwarding sometimes referred to as local servers supports both of these functions To grant Internet users access to servers inside the local network each service pro vided as wel
53. cket on an application basis QoS can be configured using flexible rules according to the following parameters Source destination IP address MAC address or host name Device Source destination ports Limit the rule for specific days and hours The Router supports two priority marking methods for packet prioritization DSCP 802 1p Priority Actiontec Broadband Router User Manual The matching of packets by rules is connection based known as Stateful Packet Inspection SPI using the Router s firewall mechanism Once a packet matches a tule all subsequent packets with the same attributes receive the same QoS param eters both inbound and outbound Connection based QoS also allows inheriting QoS parameters by some of the applications that open subsequent connections For instance QoS rules can be defined on SIP and the rules will apply to both con trol and data ports even if the data ports are unknown Applications that support such inheritance have an ALG in the firewall They are SIP MSN Messenger Windows Messenger TEPP lt FIP MGCP H 323 Port triggering applications PPTP IPSec 116 Appendix A Quality of Service Setting Priority Rules To set priority rules 1 Click Quality of Service in the Advanced screen The Traffic Priority screen appears This screen is divided into two identical sections one for QoS input rules and the other for QoS output
54. ctiontec Broadband Router User Manual Fragmented packet packet too big a packet has been blocked because after defragmentation the packet was too big Fragmented packet packet exceeds a packet has been blocked because after defragmentation the packet exceeded Fragmented packet no memory a fragmented packet has been blocked because there is no memory for fragments Fragmented packet overlapped a packet has been blocked because after defragmentation there were overlapping fragments Defragmentation failed the fragment has been stored in memory and blocked until all fragments have arrived and defragmentation can be per formed Connection opened debug message regarding connection Wildcard connection opened debug message regarding connection Wildcard connection hooked debug message regarding connection Connection closed debug message regarding connection Echo Chargen Quote Snork protection a packet has been blocked due to Echo Chargen Quote Snork protection First packet in connection is not a SYN packet a packet has been blocked due to a TCP connection that started without a SYN packet Error No memory a new connection has not been established because of lack of memory NAT Error connection pool is full No connection created a connection has not been created because the connection pool is full NAT Error No free NAT IP no free NAT IP so NAT has failed NAT Error Conflict Mapping al
55. ctive To learn how to configure scheduler rules see the Advanced Settings chapter lt p Note The hierarchy of the class rules is determined by the addi tion order to the class For example if the first rule is match packets with any source address any destination address and any protocol to this class all packets traveling through Router will be associated with the specific class Any rules defined later will not have any effect Ingress Data The Router can control outgoing data fairly easily It can queue packets delay them give precedence to other packets or drop them This helps in resolving upload Tx traffic bottlenecks and in most cases is sufficient However in the case of download Rx traffic bottlenecks the ability to control the flow is much more limited The Router cannot queue packets since in most cases the local network LAN is much faster then the Internet WAN and when the Router receives a packet from the Internet it passes it immediately to the local network QoS for ingress data has the following limitations which do not exist for outgoing data QoS can only be applied to TCP streams UDP streams cannot be delayed No borrowing mechanism When reserving Rx bandwidth it is strictly taken from the bandwidth of all other classes 125 Actiontec Broadband Router User Manual Furthermore the Router cannot control the behavior of the ISP which may not have proper QoS handling Unf
56. d then either accepted allowed to pass through the Router or rejected barred from passing through the Router according to a flexible and configurable set of rules These rules are designed to prevent unwanted intrusions from the outside while allowing local network users access to required Internet services The firewall rules specify what types of services available on the Internet can be accessed from the local network and what types of services available in the local network can be accessed from the Internet Each request for a service the firewall receives whether originating in the Internet or from a computer in the local net work is checked against the firewall rules to determine whether the request should be allowed to pass through the firewall If the request is permitted to pass all sub sequent data associated with this request a session will also be allowed to pass regardless of its direction For example when accessing a website on the Internet a request is sent out to the Internet for this site When the request reaches the Router the firewall identifies the request type and origin HTTP and a specific computer in the local network in this case Unless the Router is configured to block requests of this type from this computer the firewall allows this request to pass out onto the Internet When the website is returned from the web server the firewall will associate it with this ses sion and allow it to pass regardl
57. d to create a new user name and password after entering the default user name and password Enter the new user name and password write them down on a piece of paper and keep it in a safe place The new user name and password will be needed to access the Mega Control Panel in the future 114 Quality of Service Network based applications and traffic are growing at a high rate producing an ever increasing demand for bandwidth and network capacity For obvious reasons bandwidth and capacity cannot be expanded infinitely requiring that bandwidth demanding services be delivered over existing infrastructure without incurring additional expensive investments The next logical means of ensuring optimal use of existing resources are Quality of Service QoS mechanisms for congestion management and avoidance Quality of Service refers to the capability of a network device to provide better ser vice to selected network traffic This is achieved by shaping the traffic and process ing higher priority traffic before lower priority traffic STOP Do not change any Quality of Service settings unless instructed to do so by the ISP Traffic Priority Traffic Priority manages and avoid traffic congestion by defining inbound and out bound priority rules for each device on the Router These rules determine the pri ority that packets traveling through the device will receive QoS parameters DSCP marking and packet priority are set per pa
58. date and time settings the event occurred Event There are five kinds of events listed in the system log Inbound Traffic a result of an incoming packet Outbound Traffic a result of an outgoing packet Firewall Setup configuration message WBM Login a user logged in to WBM CLI Login a user logged in to the command line interface via Telnet Event Type Displays a textual description of the event Details The Details column displays more information about the packet or the event such as protocol IP addresses ports etc The following are the available event types that can be recorded in the security log Firewall internal from the firewall internal mechanism in case this event type is recorded an accompanying explanation will be added Firewall status changed the firewall changed status from up to down or the vice versa as specified in the event type description STP packet an STP Spanning Tree Protocol packet has been accepted rejected Illegal packet options the options field in the packet s header is either illegal or forbidden Fragmented packet a fragment has been rejected WinNuke protection a WinNuke attack has been blocked ICMP replay an ICMP Internet Control Message Protocol replay mes 63 Actiontec Broadband Router User Manual sage has been blocked ICMP redirect protection an ICMP redirected message has been blocked Packet invalid i
59. debug Clink Link Down freq timer 2003 Log 9 repeated 13 times last time on Jan 2 21 26 19 2003 Jan 2 21 26 04 System Message daemon warn cLink clinkO ioctl DRV_GET_MY_NODE_INFO 2003 Log failed res 1 Bad address Jan 2 21 26 00 System Message kern debug Clink Link Down freq timer 2003 Log g repeated 4 times last time on Jan 2 21 26 03 2003 Jan 2 21 26 00 System Mexsace daemon warn cLink clinkO ioctl DRV_GET_MY_NODE_INFO 2003 Log 9 failed res 1 Bad address Jan 2 21 25 54 System Mossoge kern debug Clink Link Down freq timer 2003 Log 3 repeated 5 times last time on Jan 2 21 25 59 2003 Jan 2 21 25 54 System Messa daemon warn cLink clink1 iocti DRV_GET_MY_NODE_INFO 2002 1 pe failad remot Aad addrace 108 Chapter 8 Monitoring the Router Full Status System wide Monitoring of Connections 1 Click Full Status System wide Monitoring of Connections in the Advanced Status screen to generate the Full Status System wide Monitoring of Connections screen which features a table summarizing the monitored con nection data 2 Click Refresh to update the table or click Automatic Refresh On to con stantly update the displayed parameters Full Status System wide Monitoring of Connections NOTE Only advanced technical users should use this feature Broadband Broadband Rule Name MOT aioe Connection Ethernet Connection Coax Micsleee pucker PA ae Ethernet Coax Status Connected Down Connected PAC
60. e Port VLANs screen where ingress and egress policies can be edited Port 0 Settings Ingress Policy Egress Policy Port VLANs IDs Add VLAN ID Port VLANs Untagged Do Not Add VLAN Header gt Untagged Remove VLAN Header xi Action amp 31 Actiontec Broadband Router User Manual Broadband Ethernet Connection A Broadband Ethernet connection connects the Router to the Internet using an Ethernet cable Click Broadband Connection Ethernet from the Network Connections screen to generate the Broadband Connection Ethernet Properties screen This screen displays a list of the connection s properties The only modifica tions that can be made from this screen are disabling the connection by clicking Disable or renaming the connection by entering a new name in the Rule Name text box Broadband Connection Ethernet Properties NOTE Only advanced technical users should use this feature Rule Name Broadband Connection Ethernet Status Down Network Broadband Connection Ethernet Connection Type Ethernet MAC Address 00 0f b3 a2 d7 ca IP Address Distribution Disabled Received Packets 0 Sent Packets 0 Time Span 70 10 59 Note If disabling the connection the Router must be rebooted for the change to take effect 32 Chapter 4 Using Network Connections Configuring the Broadband Ethernet Connection Click Settings at the bottom right
61. e occur drop down list If the rule will only be active at certain times select Specify Schedule and click Add Then add a schedule rule for more details about schedule rules see the Advanced Settings chapter of this manual Click Apply to save the changes ie Note Some applications such as FTP TFTP PPTP and H323 require the support of special specific Application Level Gateway ALG modules to work inside the local network Data packets associated with these applications contain information that allows them to be routed correctly An ALG is needed to handle these packets and ensure they reach their intended destinations The Router is equipped with a robust list of ALG modules enabling maximum functionality in the local network The ALG is automatically assigned based on the destination port 19 Actiontec Broadband Router User Manual View Device Details To view information about a networked device or to test a device s connection locate the device in the My Network column then click View Device Details The Device Information screen appears Device Information This screen provides a detailed breakdown for this device Device DAD MOM PC IP Address 192 168 1 1 Subnet Mask 255 255 255 0 MAC Address 00 0E B3 11 11 11 Network Connection Bridge Lease Type Dynamic Port Forwarding A Services Windows Shared Folders DAD MOM home To test if this device is connected to you
62. e when daylight saving starts e End Date and time when daylight saving ends e Offset The time amount daylight saving time changes 84 Chapter 7 Using Advanced Settings To perform an automatic time update 1 Click in the Enabled check box in the Automatic Time Update section 2 Select the protocol to be used to perform the time update by selecting either the Time of Day or Network Time Protocol radio button 3 Specify how often to perform the update in the Update Every text box 4 Define time server addresses by clicking Add on the bottom of the Automatic Time Update section and entering the IP address or domain name of the time server in the Time Server Settings screen Scheduler Rules Scheduler rules are used for limiting the activation of firewall rules to specific time periods either for days of the week or for hours of each day To define a rule 1 Make sure the Router s date and time are set correctly To do this see the Date and Time section in this chapter 2 Click Scheduler Rules in the Advanced screen The Scheduler Rules screen appears Scheduler Rules Scheduler rules are used for limiting the activation of firewall rules to specific time periods either for days of the week or for hours of each day Rule Name Settings Status Action Add 85 Actiontec Broadband Router User Manual 3 Click Add The Se
63. erties The only modifications that can be made from this screen are disabling the connection by clicking Disable or renaming the connec tion by entering a new name in the Rule Name text box Network Home Office Properties NOTE Only advanced technical users should use this feature Rule Name Network Home Office Status Connected Network Network Home Office Underlying Device Ethernet Connection Type Bridge MAC Address 00 0f b3 c0 06 f0 IP Address 192 168 1 1 Subnet Mask 255 255 255 0 IP Address Distribution DHCP Server Received Packets 745 Sent Packets 4958 Time Span 0 18 16 Note When a network is disabled its formerly underlying devices will not be able to get the DHCP address from the net work interface to which they were connected The Network Home Office connection is used to combine several network devices under one virtual network For example a home office network can be created for Ethernet and other network devices 24 Chapter 4 Using Network Connections Configuring the Home Office Network Click Settings in the Network Home Office Properties screen to generate the Configure Network Home Office screen General The top part of the Configure Network Home Office screen displays general communication parameters Actiontec recommends not changing the default values in this section unless familiar with networking concepts Configure Network Home O
64. ess begins and should take no longer than one minute to complete At the conclusion of the upgrade process the Router automatically reboots The new firmware will run maintaining any custom configurations and settings Upgrading From the Internet The Router s firmware can be automatically updated via the Internet From the drop down list next to the globe icon near the top of the Firmware Upgrade screen a list of options appears as described below Automatically Check and Upgrade If Automatically Check for New Version and Upgrade Broadband Router is selected enter the period of time the Router checks for a new upgrade and the URL at which to get the upgrade in the appropriate text boxes The Router will then check at each time interval for upgrades and if one is available upgrade the Router s firmware Automatically Check and Send E mail If Automatically Check for New Version and Notify via Email is selected enter the period of time the Router checks for a new upgrade and the URL at which to get the upgrade in the appropriate text boxes The Router will then check at each time interval for firmware upgrades and if one is available send an E mail to the E mail address listed in the System Settings 76 Chapter 7 Using Advanced Settings Automatic Check Disabled If Automatically Check Disabled is selected the Router will not automatically check for firmware upgrades Manual Checking and Upg
65. ess of whether HTTP access from the Internet to the local network is blocked or permitted 47 Actiontec Broadband Router User Manual Note that it is the origin of the request not subsequent responses to this request which determines whether a session can be established or not The Router features three pre defined security levels Minimum Typical and Maximum The table below summarizes the behavior of the Router for each of the three security levels Security Level Maximum Security Typical Security Minimum Security Requests from the Internet incoming traffic Blocked No access to local network from Internet except as configured in the Port Forwarding DMZ host and Remote Access screens Blocked No access to local network from Internet except as configured in the Port Forwarding DMZ host and Remote Access screens Unrestricted Permits full access from Internet to local network all connection attempts permitted Requests from the local network outgoing traffic Limited Only commonly used services such as web browsing and E mail are permitted Unrestricted All services are permitted except as configured in the Access Control screen Unrestricted All services are permitted except as configured in the Access Control screen These services include Telnet FTP HTTP HTTPS DNS IMAP POP3 and SMTP a gt Note Some applications such as some Internet messengers
66. ffice NOTE Only advanced technical users should use this feature General Status Connected When should this rule occur Always TST PET Network Network Home Office Connection Type Bridge Physical Address 00 0f b3 a2 d7 c6 meee MTU Automatic 1500 Status Displays the connection status of the network When should this rule occur Displays when the rule is active To schedule rules see the Advanced Settings chapter Network Select the type of connection being configured from the drop down list options Broadband Connection Network Home Office or DMZ Connection Type Displays the type of connection Physical Address Displays the physical address of the network card used for the network MTU MTU Maximum Transmission Unit specifies the largest packet size per mitted for Internet transmission Automatic sets the MTU at 1500 Other choic es include Automatic by DHCP which sets the MTU according to the DHCP connection and Manual which allows the MTU to be set manually 25 Actiontec Broadband Router User Manual Internet Protocol This section has three options No IP Address Obtain an IP Address Automatically and Use the Following IP Address No IP Address Select this option if the connection will have no IP address This is useful if the connection operates under a bridge Obtain an IP Address Automatically Select this option if the network connection is requ
67. figuration File Valid to Tue Apr 4 20 08 23 2006 Do you want to Restore Firmware Restore Backup Fintwere The screen displays the Active Firmware and the Backup Firmware To restore the firmware to the backup firmware click Restore Backup Firmware A confir mation screen appears Click OK to finish restoring the Router s firmware 77 Actiontec Broadband Router User Manual Configuration File Use the Router s Configuration File feature to view save and load configuration files which are used to backup and restore the Router s current configuration To do this 1 Click Configuration File in the Advanced screen The Configuration File screen appears Configuration File Use the Routers Configuration File feature to view save and load configuration files which are used to backup and restore the Routers current configuration To Save the Router s current configuration to your hard drive click the Save Configuration File button Save Configuration File To Load a previously saved configuration file click the Load Configuration File button Note Loading a previously saved configuration file will overwrite the current configuration of the router Load Configuration File 2 Click Load Configuration File to load the previous configuration from a file and restart the Router 3 Click Save Configuration File to backup the current configuration to a file 78
68. h direc tions In the E mail example given above computers in the local network can be prevented from receiving E mail by blocking their outgoing requests to POP3 serv ers on the Internet Access control also incorporates a list of preset services in the form of applications and common port settings 49 Actiontec Broadband Router User Manual Allow or Restrict Services To view and allow restrict these services 1 Select Access Control from the left side of any Security screen The Access Control screen appears Note The Allowed section is only visible when the firewall is set to Maximum Access Control Block Internet Services Protocols like E mail or Internet access for any computer on your network Blocked Networked Computer Network Address Protocols Status Action Device Add amp Allowed Networked Computer Network Address Protocols Status Action Device F Any Any DHCP UDP 67 68 gt 67 Active SR DNS TCP 53 gt 53 TCP 1024 65535 gt 53 F Any Any UDP B3 gt 53 Active SR UDP 1024 65535 gt 53 F Any Any IMAP TCP Any gt 143 Active SR any Any SMTP TCP Any gt 25 Active SR F Any Any POP3 TCP Any gt 110 Active SR Any Any HTTPS TCP Any gt 443 Active SR F Any Any HTTP TCP Any gt 80 Active SR F any Any FTP TCP Any gt 21 Active SR Any Any Telnet TCP Any gt 23 Active SR Add amp 2 Click Add The Add Access Control Rule screen
69. hanging the default values in this section unless familiar with networking concepts Status Displays the connection status of the Ethernet switch When should this rule occur Displays when the rule is active To schedule rules see the Advanced Settings chapter Network Select the type of connection being configured from the drop down list Network Home Office Broadband Connection or DMZ Connection Type Displays the type of connection Physical Address Displays the physical address of the network card used for the network MTU MTU Maximum Transmission Unit specifies the largest packet size per mitted for Internet transmission Automatic sets the MTU at 1500 Other choic es include Automatic by DHCP which sets the MTU according to the DHCP connection and Manual which allows the MTU to be set manually 30 Chapter 4 Using Network Connections Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen where additional IP addresses can be created to access the Router via the Ethernet connection 4 Ports Ethernet Switch This section displays the connection status of the Router s four Ethernet ports Port Port 0 Port 1 Port 2 Port 3 Status Connected 100 FD Disconnected Disconnected Disconnected PVID VLANs Action gaa g Clicking on a connection s Action icon in the column on the right generates th
70. he phone company previously installed some where in the house Get the white Ethernet cable from the box and plug one end in the white port on the back of the Router Plug the other end of the white Ethernet cable into the high speed Ethernet jack Make sure the Ethernet WAN light on the front of the Router glows steadily green If connecting via coaxial cable this may take a few minutes Note If the Ethernet WAN light does not illuminate make sure the Ethernet cable is connected properly at both ends Computer Network Configuration Each network interface on the computer should either be configured with a stati cally defined IP address and DNS address or instructed to automatically obtain an IP address using the Network DHCP server The Router is set up by default with an active DHCP server and Actiontec recommends leaving this setting as is Configuring Dynamic IP Addressing To set up a computer to use dynamic IP addressing Windows XP 1 Select Network Connections in the Control Panel 2 Right click Ethernet Local Area Connection then click Properties 3 In the General tab select Internet Protocol TCP IP then click Properties 4 The Internet Protocol TCP IP Properties window appears 5 Click the Obtain an IP address automatically radio button Chapter 2 Connecting the Router 6 Click the Obtain DNS server address automatically radio button 7 Click OK in the TCP IP Pro
71. heck box to designate the mail exchange server to be a backup server DNS Server The Domain Name System DNS translates domain names into IP addresses and vice versa The Router s DNS server is an auto learning DNS which means that when a new computer is connected to the network the DNS server learns its name and automatically adds it to the DNS table Other network users can immediately com municate with this computer using either its name or its IP address The Router s DNS also provides the following services Shares a common database of domain names and IP addresses with the DHCP server Supports multiple subnets within the local network simultaneously Automatically appends a domain name to unqualified names Allows new domain names to be added to the database using the MegaControl Panel Permits a computer to have multiple host names Permits a host name to have multiple IPs needed if a host has multiple network cards 100 Chapter 7 Using Advanced Settings The DNS server does not require configuration However the list of computers known by the DNS can be viewed the host name or IP address of a computer on the list can be changed or a new computer can be added to the list DNS Table To view the list of computers stored in the DNS table click DNS Server in the Advanced screen The DNS Server screen appears DNS Server Add edit or delete computers known by the routers DNS Server Ho
72. his rule The screen will refresh allowing the user to enter the Hex value of the DSCP Log Packets Matched by This Rule Check this check box to log the first packet from a connection matched by this rule Schedule By default the rule will always be active However scheduler rules can be configured to define time segments during which the rule may be active Traffic Shaping Traffic Shaping is the solution for managing and avoiding congestion where the network meets limited broadband bandwidth Typical networks use a 100 Mbps Ethernet LAN with a 100 Mbps WAN interface router This is where most bottle necks occur A traffic shaper is essentially a regulated queue that accepts uneven and or bursty flows of packets and transmits them in a steady predictable stream so that the net work is not overwhelmed with traffic While traffic priority allows basic prioritiza tion of packets traffic shaping provides more sophisticated definitions such as Bandwidth limit for each device Bandwidth limit for classes of rules Prioritization policy TCP serialization on a device Additionally QoS traffic shaping rules can be defined for a default device These rules will be used on a device that has no definitions of its own This enables the definition of QoS rules on the default WAN for example and their maintenance even if the PPP or bridge device over the WAN is removed 119 Actiontec Broadband Router User Manual De
73. ic IP address The ISP should provide this address along with a subnet mask address default gateway address and optionally primary and secondary DNS server addresses DNS Server The Domain Name System DNS is the method by which website or domain names are translated into IP addresses This connection can be configured to automatically obtain a DNS server address or such an address can be specified manually according to the information provided by the ISP To configure the connection to automatically obtain a DNS server address select Obtain DNS Server Address Automatically from the DNS Server drop down list To manually configure DNS server addresses select Use the Following DNS Server Addresses Specify up to two different DNS server addresses one pri mary the other secondary 34 Chapter 4 Using Network Connections IP Address Distribution The IP Address Distribution section of the Configure Broadband Connection Ethernet screen is used to configure the Router s Dynamic Host Configuration Protocol DHCP server parameters DHCP automatically assigns IP addresses to network devices If enabled make sure to configure the network devices as DHCP Clients There are three options in this section Disabled DHCP Server and DHCP Relay eo Caution Actiontec strongly recommends leaving this setting at Disabled Disabled Select this option if statically assigning IP addresses to the network de
74. ides the above configurations for each network device and can be con figured and enabled disabled separately for each network device Can assign a static lease to a network computer so that it receives the same IP address each time it connects to the network even if this IP address is within the range of addresses that the DHCP server may assign to other computers Provides the DNS server with the host name and IP address of each com puter connected to the network 89 Actiontec Broadband Router User Manual To view a summary of the services currently being provided by the DHCP server click IP Address Distribution in the Advanced screen The IP Address Distribution screen appears IP Address Distribution IP Address Distribution provides the ability to allocate IP addresses and configuration parameters to selected hosts Rule Name Service Subnet Mask Dynamic IP Range Action Network Home Office pee 255 255 255 0 Tar HE A Broadband Connection i Ethernet Disabled 5 Broadband Connection Coax Disabled Connection List Access Control Editing DHCP Server Settings To edit the DHCP server settings for a device 1 Click the appropriate icon in the Action column The DHCP Settings screen for the device appears DHCP Settings for Network Home Office Service IP Address Distribution DHCP Server z DHCP Server Start IP Address fisz fies i fi End IP Address fisz f
75. ies Ji Jesa Subnet Mask fess fess Jess fo WINS Server p fp fp fb Lease Time In Minutes 1440 Provide Host Name If Not Specified by Client IP Address Distribution According to DHCP Option 60 Vendor Class Identifier Vendor Class Dynamic IP Range QoS Action ID 5 S IP STB 192 168 1 100 192 168 1 150 odium F R New IP Range 2 Select the IP Address Distribution from the drop down list Options include DHCP Server DHCP Relay or Disable 90 Chapter 7 Using Advanced Settings Complete the following fields Start IP Address Range End IP Address Range determines the number of hosts connected to the network in this subnet Start specifies the first IP address assigned in this subnet and End specifies the last IP address in the range Subnet Mask used to determine to which subnet an IP address belongs An example of a subnet mask value is 255 255 0 0 WINS Server The WINS Windows Internet Naming Service server determines the IP address associated with a network device Lease Time each device will be assigned an IP address by the DHCP server for a limited time Lease Time when it connects to the network When the lease expires the server will determine if the computer has disconnected from the network If it has the server may reassign this IP address to a newly connected computer This feature ensures that IP addresses not in use will become available for other co
76. ill be limited to the duration of the applicable written warranty This warranty gives you specific legal rights which may vary depending on local law Dispute Resolution The customer may contact the Director of Technical Support in the event the Customer is not satisfied with Actiontec Electronics response to the complaint In the event that the Customer is still not satisfied with the response of the Director of Technical Support the Customer is instructed to contact the Director of Marketing In the event that the Customer is still not satisfied with the response of the Director of Marketing the Customer is instructed to contact the Chief Financial Officer and or President 137 Actiontec Broadband Router User Manual Governing Law This Limited Warranty shall be governed by the laws of the State of California U S A excluding its conflicts of laws and principles and excluding the United Nations Convention on Contracts for the International Sale of Goods 138
77. ing This page provides the ability to add edit or delete routing rules Routing Table Name Destination Gateway Netmask Metric Status Action New Route amp Routing Protocols Internet Group Management Protocol IGMP Domain Routing add route entry according to interface from which DNS record is received Routing rules can be added edited or deleted from the Routing screen To add a router click New Route The Route Settings screen appears Route Settings Rule Name Network Home Office 2j Destination b fp fp fb Netmask fess Jess Jess Jess Gateway b f fo fo Metric fo 87 Actiontec Broadband Router User Manual When adding a routing rule the following parameters must be specified Rule Name Select the type of network from the drop down list Destination The destination is the destination host subnet address net work address or default route The destination for a default route is 0 0 0 0 Netmask The network mask is used in conjunction with the destination to determine when a route is used Gateway Enter the Router s IP address Metric A measurement of the preference of a route Typically the lowest metric is the most preferred route If multiple routes exist to a given destina tion network the route with the lowest metric is used IGMP Multicasting The Router provides support for IGMP multicasting which allows hosts connected
78. ing From a Local Computer To upgrade from a local computer 1 Click Firmware Upgrade from the Advanced screen The Firmware Upgrade screen appears Firmware Upgrade Visit upgrade actiontec com for upgrade support upgrade options and information Current Version 4 0 16 1 41 4 Upgrade From the Internet Automatic Check Disabled zj Check at URL https upgrade actiontec com MI424WR MI424WR r Check Now Status Cannot resolve hostname Internet Version No new version available Force Upgrade Upgrade From a Computer in the Network Select an updated Wireless Broadband Router firmware file from a computer s hard drive or CD on the network Upgrade Now Press the Refresh button to update the status 75 Actiontec Broadband Router User Manual 2 In the Upgrade From a Computer in the Network section click Upgrade Now The Upgrade From a Computer in the Network screen appears Upgrade From a Computer in the Network Browse to locate the file then press OK to begin the firmware upgrade process Browse 3 Enter the path of the software image file or press the Browse button to browse for the file and click Apply Make sure to only use files with an rmt extension when performing the firmware upgrade procedure 4 When loading is completed a confirmation screen appears asking whether to upgrade to the new version Click Apply The upgrade proc
79. ion is available To expose one computer to all services without restriction or security Warning A DMZ host is not protected by the firewall and may be vulnerable to attack Designating a DMZ host may also put other computers in the local network at risk When designating a DMZ host consider the security implications and protect it if necessary 53 Actiontec Broadband Router User Manual To designate a local computer as a DMZ host 1 Select DMZ Host from the left side of any Security screen The DMZ Host screen appears DMZ Host Allow a single networked computer device to be fully exposed to the Internet NOTE If you have purchased a group of Static IPs and have enabled Static NAT for all of your static IPs do NOT enable the DMZ Host feature 7 DMZ Host IP Address fiz Jiss 1 Jo 2 Click in the DMZ Host IP Address check box then enter the IP address of the computer to be designated as a DMZ host Note that only one network com puter can be a DMZ host at any time 3 Click Apply Click in the DMZ Host IP Address check box again to disable the DMZ host Port Triggering Port triggering can be used for dynamic port forwarding configuration By setting port triggering rules inbound traffic is allowed to arrive at a specific network host using ports different than those used for the outbound traffic The outbound traf fic triggers which ports inbound traffic is directed For
80. ired by the ISP to obtain an IP address automatically The server assigning the IP address also assigns a subnet mask address which can be overridden by entering another subnet mask address Use the Following IP Address Select this option if the network connection uses a permanent static IP address then the IP address and subnet mask address Bridge The Bridge section of the Configure Network Home Office screen is used to specify which networks can join the network bridge Bridge Rule Name Status STP Action T Network Home Office Connected I Broadband Connection Ethernet Down o S M Ethernet Connected K 5 lt gt Note When a network is disabled its formerly underlying devices inherit the network s DHCP settings For example the removal of a network configured as DHCP client automatically configures the devices formerly constituting the network as DHCP clients with the exact DHCP client configuration Click in the check box next to the particular network to specify it Make sure there are no loops in the network configuration and apply these settings in case the network consists of multiple switches or other bridges apart from those cre ated by the Router Status The Status column displays the connection status of a particular device STP Click in the device s STP check box to enable Spanning Tree Protocol on the device This protocol provides path redundancy while preventing undesi
81. ks The Quick Links section of My Router contains a list of frequently accessed settings including Change Login User Name amp Password Enable Gaming and Logout My Network The My Network section of the Home screen displays the connection type name and IP address of all devices connected to the Router s network The icon associated with the device will be displayed normally signifying an active device or shaded signifying the device has not been active for at least 60 seconds The user can also configure the basic settings of each device by clicking on its icon These settings are described in more detail in chapter 3 Configuring My Network Settings Action Zone This section contains links to various Verizon Web sites and other informational links Clicking on the icon above Go to Internet Now connects the user to the home page configured on the user s web browser 13 Actiontec Broadband Router User Manual This page left intentionally blank 14 Configuring My Network Settings Once the Broadband Router is physically connected and the MegaControl Panel s Home screen is displayed in a web browser a list of the devices connected to the Router s network appears in the My Network section of the screen From here some basic network settings can be configured Accessing My Network To access My Network click on My Network in the Home screen
82. l as the computer providing it must be identified To do this 1 Select Port Forwarding from the left side of any Security screen The Port Forwarding screen appears Port Forwarding This feature enables applications Games Webcams IM amp Others by opening a tunnel between remote Internet computers and a specific device port inside your local area network LAN WAN Protocols Connection Status Action Type Networked Network Public IP Computer Device Address Address Add amp Apply 2 Click Add The Add Port Forwarding Rule screen appears Add Port Forwarding Rule Specify Public IP Address Networked Computer Device Specify Address Protocol Specify Protocol vj Add WAN Connection Type All Broadband Devices Forward to Port Same as Incoming Port gt When should this rule occur Always 7 3 Enter the local IP address or the host name of the computer providing the service in the Networked Computer Device text box or select them from the drop down list Note that only one local network computer can be assigned to provide a specific service or application 52 8 Chapter 5 Configuring the Router s Security Select the Internet protocol to be provided from the Protocol drop down list To see all options select All Services Select a WAN connection type from the WAN Connection Type drop down list Actiontec recommends selecting A
83. ll Broadband Devices To select a port to forward communications to this is optional select Specify from the Forward to Port drop down list then in the text box that appears enter the port number If no port is identified select Same as Incoming Port If this port will be active all the time select Always from the When should this rule occur drop down list If the rule will only be active at certain times select Specify Schedule and click Add Then add a schedule rule for more details about schedule rules see the Advanced Settings chapter of this manual Click Apply to save the changes How many computers can use a service or play a game simultaneously Well the answer may be a bit confusing All the computers on the network can behave as clients and use a specific service simultaneously Being a client means the com puter within the network initiates the connection for example a computer on the network can open an FTP connection with an FTP server on the Internet But only one computer on the network can operate as a server and respond to requests from computers on the Internet outside the local network DMZ Demilitarized Zone Host The DMZ host feature allows one device on the network to operate outside the fire wall Designate a DMZ host To use an Internet service such as an online game or video conferencing program not present in the Port Forwarding list and for which no port range informat
84. m the Networked Computer Device drop down list and enter the IP address in the box on the right text box Enter a public IP address assigned by the ISP in the Public IP Address 5 Select a connection from the WAN Connection Type drop down list Select the protocol that needs to be accessible from the public IP address by clicking in the check box next to Enable Port Forwarding for Static NAT then selecting a protocol from the drop down menu Use Any to pass all data Click Apply and Apply again Repeat these steps to add more static IP addresses from the network 58 Chapter 5 Configuring the Router s Security Advanced Filtering Advanced filtering is designed to allow comprehensive control over the firewall s behavior Specific input and output rules can be defined the order of logically similar sets of rules controlled and distinctions made between rules that apply to Internet and local network devices To access select Advanced Filtering from any Security screen The Advanced Filtering screen appears Advanced Filtering NOTE Only advanced technical users should use this feature Input Rule Sets Manage all incoming traffic from the Internet Destination Rule ID Source Address Senato Protocols Operation Status Action Initial Rules Add Network Home Office Rules Add Broadband Connection Ethernet Rules 224 0 0 0 Mo Any pacha Any Drop Active BR Add Etherne
85. mail Notification Enter the percentage of security log buffer capacity reached to trigger an E mail notification Security Log Buffer Size Enter the size of the security log buffer in this text box Remote System Notify Level This feature is used to specify the type of information received for security log ging Options include None Error Warning and Information Outgoing Mail Server Use this section to configure the outgoing mail server options This server is used format and send system and security log E mail notifications Server Enter the host name of the outgoing SMTP server in this text box From Email Address E mail notifications require a from address Enter a from E mail address in this text box 82 Chapter 7 Using Advanced Settings Port Enter the port number of the E mail server in this text box Server Requires Authentication If the E mail server requires authentication click in this check box then enter a user name and password in the User Name and Password text boxes that appear Auto WAN Detection When activated Auto WAN Detection causes the Router to automatically search for a WAN connection Enable Logging Clicking in this check box activates automatic WAN detection PPP Timeout Enter the amount of time in seconds before the Router stops attempting to establish a broadband PPP connection DHCP Timeout Enter the amount of time in seconds
86. match the defined shaping class or any other classes that might be defined on the device This can be viewed in the Class Statistics screen 121 Actiontec Broadband Router User Manual To define a shaping class 1 Click Add in the Tx Traffic Shaping section of the Edit Device Traffic Shaping screen The Add Shaping Class screen appears Add Shaping Class Rule Name Class 2 Name the new class and click Apply 3 Click the class name to edit the shaping class The Edit Class screen appears Edit Class Name class Class Priority 0 Highest v Tx Bandwidth Reserved 0 Maximum Unlimited _x Kbits s Rx Bandwidth Reserved o Maximum Unlimited yj Kbits s Policy Priority gt When should this rule occur Always xj Class Rules Source Destination P z Rule ID Adio perean Protocols Operation Status Action Outbound rules Add Inbound rules Add Configure the following parameters Name Fnter the name of the class in this text box Class Priority The class can be granted one of eight priority levels zero being the highest and seven the lowest opposite the rules priority levels This level sets the priority of a class in comparison to other classes on the device Tx Bandwidth Tx bandwidth is the reserved transmission bandwidth in kilobits per second The maximum allowed bandwidth can be limited by selecting Specify from the drop down list The screen will refresh adding a
87. me text box and if needed select a new icon for the device from the New Icon drop down list Timeout for Inactive Device The amount of time a device continues to be displayed on the network after it has been disconnected is configured in the Timeout for Inactive Device screen To display the screen click Timeout for Inactive Device Timeout for Inactive Device After a device is removed from the router the setting below is the time frame that it will take for the device to no longer be displayed on the network This page allows you to change the time out setting Please select the desired time frame then click the Apply button for the settings to take affect Timeout 5min z E a Select the timeout period from the Timeout drop down list After the device has been disconnected for this amount of time it will no longer be displayed in the My Network column 21 Actiontec Broadband Router User Manual This page left intentionally blank 22 Using Network Connections The Broadband Router supports various local area network LAN and wide area net work WAN on Internet connections via Ethernet cables Network connections are used to configure the various parameters of the Router s network and Internet con nections and to create new connections eo Caution The settings covered in this chapter should be config ured by experienced network technicians only To access the Router
88. message for each successful attempt to establish an inbound connection to the local network Accepted Outgoing Connections activating this check box generates a log message for each successful attempt to establish an outgoing connection to the public network 67 Actiontec Broadband Router User Manual Select the type of blocked events to be listed in the log All Blocked Connection Attempts activating this check box generates log messages for all blocked events Other Blocked Events if All Blocked Connection Attempts is un checked select specific blocked events from this list to generate log messages Click in the Remote Administration Attempts check box to write a log mes sage for each remote administration connection attempt whether successful or not Click in the Connection States check box to track connection handling by the firewall and Application Level Gateways ALGs Click Apply to save changes 68 Using Parental Controls The abundance of harmful information on the Internet poses a serious challenge for employers and parents alike How can I regulate what my employee child does on the Internet The Broadband Router s Parental Controls allows users to regulate control and monitor Internet access By classifying and categorizing online content it is possible to create numerous Internet access policies and easily apply them to networked computers Activating Paren
89. mputers on the network Provide host name if not specified by client when activated the Router assigns the client a default name if the DHCP client does not have a host name Click Apply to save the changes DHCP Connections To view a list of computers currently recognized by the DHCP server click Connection List at the bottom of the IP Address Distribution screen The DHCP Connections screen appears DHCP Connections Host Name Physical Address Lease Connection Status Spires Action IP Address Type Name gateway2 192 168 1 2 00 90 27 b3 ce 49 Dynamic Chee ffice Active Eee aS amp New Static Connection a Press the Refresh button to update the data 91 Actiontec Broadband Router User Manual To define a new connection with a fixed IP address 1 Click New Static Connection in the DHCP Connections screen The DHCP Connection Settings screen appears DHCP Connection Settings Host Name inew host IP Address p fp fp fb MAC Address oo oo foo foo doo foo 2 Enter a host name for this connection 3 Enter the fixed IP address to assign to the computer 4 Enter the MAC address of the computer s network card 5 Click the Apply to save changes lt p Note A device s fixed IP address is actually assigned to the spe cific network card s MAC address installed on the network com puter If this network card is replaced the device s entry in the DHCP Connections list
90. n connection an invalid connection packet has been blocked ICMP protection a broadcast ICMP message has been blocked Broadcast Multicast protection a packet with a broadcast multicast source IP has been blocked Spoofing protection a packet from the Internet with a source IP belong ing the local network has been blocked DMZ network packet a packet from a demilitarized zone network has been blocked Trusted device a packet from a trusted device has been accepted Default policy a packet has been accepted blocked according to the default policy Remote administration a packet designated for the Router management has been accepted blocked Access control a packet has been accepted blocked because of an access control rule Parental control a packet has been blocked because of parental control NAT out failed NAT failed for this packet DHCP request the Router sent a DHCP request depends on the distribu tion DHCP response the Router received a DHCP response depends on the distribution DHCP relay agent a DHCP relay packet has been received depends on the distribution IGMP packet an IGMP packet has been accepted Multicast IGMP connection a multicast packet has been accepted PPTP connection a packet inquiring whether the Router is ready to 64 Chapter 5 Configuring the Router s Security receive a PPTP connection has been accepted AUTH 113 request an outbound packet
91. n into the system as a super user by entering su at the prompt 2 Type ifconfig to display the network devices and allocated IPs 3 Type pump i lt dev gt where lt dev gt is the network device name 4 Type ifconfig again to view the newly allocated IP address 5 Make sure no firewall is active on device lt dev gt Configuring the Router 1 Open a web browser on the computer connected to the Router In the Address text box type http 192 168 1 1 then press Enter on the keyboard File Edit View Go Bookmarks Tools Help G o gt B amp B OD BM O htp2 168 1 1 The Login screen appears Enter the default user name admin and pass word password in the appropriate text boxes then click OK Login Wireless Broadband Router is up again please login User Name Password 10 3 4 The Con The 1 Chapter 2 Connecting the Router The Login Setup screen appears Select a new user name and password and enter them in the appropriate text boxes the password must be entered twice for validation purposes Write the new user name and password down on a piece of paper and keep it in a safe place since they will be needed to access the Router s MegaControl Panel in the future Login Setup Step 1 We now require you to change your default login User Name and Password Please select a new login User Name and Pass
92. nection or DMZ Connection Type Displays the type of connection Since this is an Ethernet Connection Ethernet is displayed 33 Actiontec Broadband Router User Manual Physical Address Displays the physical address of the network card used for the network MTU MTU Maximum Transmission Unit specifies the largest packet size per mitted for Internet transmission Automatic sets the MTU at 1500 Other choic es include Automatic by DHCP which sets the MTU according to the DHCP connection and Manual which allows the MTU to be set manually Internet Protocol This section includes three options No IP Address Obtain an IP Address Automatically and Use the Following IP Address No IP Address Select this option if the connection has no IP address This is use ful if the connection is operating under a bridge Obtain an IP Address Automatically Select this option if the ISP requires the con nection to obtain an IP address automatically The server assigning the IP address also assigns a subnet mask address which can be overridden by clicking in the Override Subnet Mask check box and entering another subnet mask address Additionally the DHCP lease can be renewed and or released by clicking on the appropriate DHCP Lease button The Expires In value displays how long until the DHCP lease expires Use the Following IP Address Select this option if the connection uses a perma nent stat
93. nection Status Disconnected Broadband IP Address Broadband MAC Address 00 0F B3 C0 05 0C Broadband Connection Type Ethernet Coax Active Status 2 hrs 107 Actiontec Broadband Router User Manual Advanced Status Clicking Advanced Status displays three other monitoring options System Logging Full Status System wide Monitoring of Connections and Traffic Monitoring Advanced Status Click on the Link that you wish to view NOTE Only advanced technical user should use these features a System Logging Full Status System wide Monitoring of Connections Traffic Monitoring System Logging Click System Logging in the Advanced Status screen to generate the System Log screen The System Log displays a list of the most recent activities of the Router System Log Clear Log Press the Refresh button to update the data Time Event Event Type Details Jan 2 21 26 34 System Message kern debug Clink Link Down freq timer 2003 Log repeated 5 times last time on Jan 2 21 26 39 2003 Jan 2 21 26 34 System Message daemon warn cLink clink1 ioct DRV_GET_MY_NODE_INFO 2003 Log 9 failed res 1 Bad address Jan 2 21 26 20 System Massig kern debug Clink Link Down freq timer 2003 Log g repeated 13 times last time on Jan 2 21 26 33 2003 Jan 2 21 26 20 System Message daemon warn cLink clinkO ioctl DRV_GET_MY_NODE_INFO 2003 Log g failed res 1 Bad address Jan 2 21 26 04 System Message kern
94. nother Kbits s text box Enter the desired maximum allowed bandwidth Rx Bandwidth In the same manner Rx bandwidth is the reserved reception bandwidth which can also be limited to a maximum allowed bandwidth 122 Appendix A Quality of Service Policy The class policy determines the policy of routing packets inside the class Select one of four options Priority Priority queuing utilizes multiple queues so that traffic is distrib uted among queues based on priority This priority is defined according to packet s priority which can be defined explicitly by a DSCP value or by an 802 1p value FIFO The First In First Out priority queue This queue ignores any pre viously marked priority the packets may have Fairness The fairness algorithm ensures no starvation by granting all pack ets a certain level of priority RED The RED Random Early Detection algorithm utilizes statistical methods to drop packets in a probabilistic way before queues overflow Dropping packets in this way slows a source down enough to keep the queue steady and reduces the number of packets lost when a queue overflows and a host is transmitting at a high rate Schedule By default the class will always be active However scheduler rules can be configured to define time segments during which the class may be active Class Rules Class rules define which packets belong to the class They must be defined in order to associate
95. notification for a specific user 1 Make sure an outgoing mail server has been configured in System Settings If not click Configure Notification Mail Server to configure the outgoing mail server 2 Enter the user s E mail address in the Notification Address text box 3 Select the System and Security notification levels in the System Notify Level and Security Notify Level drop down lists a gt Note Changing any of the user parameters will prompt the con nection associated with the user to terminate For changes to take effect activate the connection manually after modifying user parameters Qos The Router s QoS Quality of Service capabilities are covered in detail in Appendix A of this manual Local Administration Clicking Administration in the Advanced screen generates the Administration screen This screen allows the user to allow local Telnet access using a particular Telnet port Local Administration Note Only advanced technical users should use this feature Allow Local Telnet Access J Using Primary Telnet Port 23 7 Using Secondary Telnet Port 8023 7 Using Secure Telnet over SSL Port 992 To use select a Telnet port by clicking in the appropriate check box then click Apply 97 Actiontec Broadband Router User Manual Remote Administration The Router s Remote Administration capabilities are covered in detail in the Sec
96. o receive all traffic arriving at the Router which does not belong to a known session Port Triggering define port triggering entries to dynamically open the firewall for some protocols or ports Remote Administration enable remote configuration of the Router from any Internet accessible computer Website Blocking block network access to a certain hosts or websites on the Internet Static NAT allow multiple static NAT IP addresses to be designated to devices on the network Advanced Filtering control the firewall s settings and rules Security Log view and configure the security log 46 Chapter 5 Configuring the Router s Security General The General screen is used to configure the Router s basic security settings General Maximum Security High Inbound Policy Reject Remote Administration settings will override the security inbound policy Outbound Policy Reject Outbound access is allowed to the following services Telnet FTP HTTP HTTPS DNS IMAP POP3 and SMTP Typical Security Medium Inbound Policy Reject E Remote Administration settings will override the security rT W inbound policy Outbound Policy Accept C Minimum Security Low Inbound Policy Accept r Outbound Policy Accept CON 7 Block IP Fragments The firewall regulates the flow of data between the local network and the Internet Both incoming and outgoing data are inspected an
97. of the Broadband Connection Ethernet Properties window to generate the Configure Broadband Connection Ethernet screen Configure Broadband Connection Ethernet NOTE Only advanced technical users should use this feature General Status Down When should this rule occur Always Network Broadband Connection v Connection Type Ethernet Physical Address 00 0f b3 a2 d7 6 MTU Automatic z 1500 Internet Protocol Obtain an IP Address Automatically gt Override Subnet Mask fo J Jo Jj DHCP Lease Renew Expires In 104 minutes DNS Server Obtain DNS Server Address Automatically IP Address Distribution Disabled gt Routing Basic gt Internet Connection Firewall v Enabled This feature provides the ability to change the default firewall settings on this interface We highly recommend that you not change the default settings Additional IP Addresses New IP Address General The top part of the screen displays general communication parameters Actiontec recommends not changing the default values in this section unless familiar with net working concepts De Status Displays the status of the Ethernet connection Down Connected etc Schedule Displays when the rule is active To configure rules see the Advanced Settings chapter Network Select the type of connection being configured from the drop down list options Network Home Office Broadband Con
98. om puters one at a time the computers can be defined as a network object and website filtering configuration can then be applied to all the computers simultaneously Network objects can be used to apply security rules based on host names instead of IP addresses This may be useful since IP addresses change from time to time Moreover it is possible to define network objects according to MAC addresses mak ing rule application more persistent against network configuration settings To define a network object 1 Click Network Objects in the Advanced screen The Network Objects screen appears Network Objects A Network Object is a set of host names IP addresses or MAC addresses Security rules can be applied to a distinct LAN subset using Network Objects Network Object Items Action Close 102 Chapter 7 Using Advanced Settings 2 Click Add The Edit Network Object screen appears Edit Network Object Network Object Description Global Object Items Item Action Add amp 3 Specify a name for the network object in the Description text box 4 Click Add The Edit Item screen appears Edit Item Network Object Type IPAddress v IP Address o p hf Cfo 5 Select the type of network object type from the Network Object Type list box Options include IP address IP Subnet IP Range MAC Address and Host Name 6 Repeat to create other net
99. onfigure Network Home Office screen Basic or Advanced Basic Select this option for basic routing operation Advanced To set up the Router s network bridge for advanced routing 1 2 Select Advanced from the Routing drop down menu Enter a device metric in the Device Metric text box The device metric is a value used by the Router to determine whether one route is superior to another considering parameters such as bandwidth and delay time Click in the Default Route check box to define this device as a the default route Click in the Multicast IGMP Proxy Internal check box to activate multicasting 28 Chapter 4 Using Network Connections Routing Table Clicking New Route generates the New Route window where a new route can be configured Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen where additional IP addresses can be created to access the Router via the Network Home Office connection Ethernet Connection An Ethernet connection connects computers to the Router using Ethernet cables either directly or via network hubs and switches Click Ethernet in the Network Connections screen if needed click Advanced at the bottom of the screen to reveal the Ethernet link below Network Home Office to generate the Ethernet Properties screen This screen displays a list of the connection s proper
100. or Show All Services from the drop down list next to Add 3 Click Add An Edit Service screen appears Edit Service Service Name Application Outgoing Trigger Ports Protocol Server Ports Action New Trigger Ports amp Incoming Ports to Open Protocol Opened Ports Action New Opened Ports amp 4 Specify the port triggering entries by clicking New Trigger Ports and New Opened Ports and entering the protocol and protocol number in the succeed ing screens For example to set up port triggering for the scenario laid out on the previous page the service ports would be set to UDP and 2222 while the opened ports would be set to UDP and 3333 55 Actiontec Broadband Router User Manual Remote Administration The Router can be accessed and controlled not only from within the local network but also from the Internet using remote adminstration To access select Remote Administration from the left side of any Security screen The Remote Administration screen appears Remote Administration A Attention With Remote Administration enabled your network will be a risk from outside attacks Allow Incoming Access to the Telnet Server I Using Primary Telnet Port 23 Using Secondary Telnet Port 8023 Using Secure Telnet over SSL Port 992 Allow Incoming Access to the Broadband Router Using Primary HTTP Port 80 Using Secondary HTTP Port 8080 Using Primary HT
101. ork object To add an address 1 Select Specify Address from the drop down list The screen refreshes and an Add link appears 2 Click Add then add a new network object see the Advanced Settings chapter to learn how to add a network object Clicking Add is the same as clicking New Entry in the Network Objects screen Destination Address The destination address of the packets sent to or received from the network object This address can be configured in the same manner as the source address Protocol Choose a specific traffic protocol from the drop down list or add a new one To add a new traffic protocol 1 Select Specify Address from the drop down list The screen refreshes and an Add link appears 2 Click Add and add a new protocol see the Advanced Settings chapter to learn how to add a protocol Note that clicking Add is equivalent to click ing New Entry in the Protocols screen 118 Appendix A Quality of Service Set Priority Activate this check box to add a priority to the rule The screen will refresh allowing a selection between one of eight priority levels zero being the lowest and seven the highest each priority level is mapped to low medium high priority This sets the priority of a packet on the connection matching the rule while routing the packet Set DSCP Activate this check box to mark a DSCP value on packets matching a connection that matches t
102. ortunately this is a common situation Let s look at a scenar io of downloading a large file and surfing the Internet at the same time Downloading the file is distinguished by small requests followed by very large responses This may result in blocking HTML traffic at the ISP A solution for such a situation is limiting the bandwidth of low priority TCP connections such as the file download Differentiated Services Code Point Settings In order to understand what DSCP is one must first be familiarized with the Differentiated Services model Differentiated Services Diffserv is a Class of Service CoS model that enhances best effort Internet services by differentiating traffic by users service requirements and other criteria Packets are specifically marked allowing network nodes to provide different levels of service as appropriate for voice calls video playback or other delay sensitive applications via priority queuing or bandwidth allocation or by choosing dedicated routes for specific traffic flows Diffserv defines a field in IP packet headers referred to as the Differentiated Services Codepoint DSCP Hosts or routers passing traffic to a Diffserv enabled network will typically mark each transmitted packet with an appropriate DSCP The DSCP markings are used by Diffserv network routers to appropriately classify packets and to apply particular queue handling or scheduling behavior The Router provides a table of predefined DS
103. packets that meet them with the shaping class Without class rules the shaping class will have no effect Each class can have out bound and or inbound rules for outgoing and incoming traffic respectively For example all outgoing packets from computer A in the network can be defined as belonging to the VoIP class These packets will be limited to the class settings bandwidth schedule etc In addition the traffic protocol and priority for each rule can be defined this is not mandatory as it is with Traffic Priority rules 123 Actiontec Broadband Router User Manual To add a new outbound inbound class rule click Add in the Edit Class screen The Add Traffic Priority Rule screen appears Add Traffic Priority Rule Matching Source Address Any i Destination Address Any Protocol ANY z DSCP None zi Device Any zj QoS Operation DSCP None zj I Set Priority XSet Rx Class Name No Rx class names available XSet Tx Class Name No Tx class names available Logging J Log Packets Matched by This Rule When should this rule occur Always Source Address The source address of the packets sent to or received from the network object computer A in the above example To add an address 1 Select Specify Address from the drop down list The screen will refresh and an Add link appears 2 Click Add and add a new network object Note that clicking Add is equiv alent to clicking New Entry
104. party s product or from use of the software product not in accordance with Actiontec Electronics published speci fications or user guide 135 Actiontec Broadband Router User Manual THIS ACTIONTEC ELECTRONICS PRODUCT MAY INCLUDE OR BE BUNDLED WITH THIRD PARTY SOFTWARE THE USE OF WHICH IS GOVERNED BY A SEPARATE END USER LICENSE AGREEMENT THIS ACTIONTEC ELECTRONICS WARRANTY DOES NOT APPLY TO SUCH THIRD PARTY SOFTWARE FOR THE APPLICABLE WARRANTY PLEASE REFER TO THE END USER LICENSE AGREEMENT GOVERNING THE USE OF SUCH SOFTWARE Obtaining Warranty Service Customer may contact Actiontec Electronics Technical Support Center within the applicable warranty period to obtain war ranty service authorization Dated proof of purchase from Actiontec Electronics or its authorized reseller may be required Products returned to Actiontec Electronics must be pre authorized by Actiontec Electronics with a Return Merchandise Authorization RMA number marked on the outside of the package and sent prepaid and packaged appropriately for safe shipment and it is recommended that they be insured or sent by a method that provides for tracking of the package The repaired or replaced item will be shipped to Customer at Actiontec Electronics expense not later than thirty 30 days after Actiontec Electronics receives the defective product Return the product to In the United States Actiontec Electronics Inc 760 North Mary Avenue Sunnyvale CA
105. perties screen then click OK in the Local Area Connection Properties screen to save the settings Windows 2000 1 Select Network and Dialing Connections in the Control Panel 2 Right click on the Ethernet connection s icon then click Properties 3 Select Internet Protocol TCP IP component then click Properties 4 The Internet Protocol TCP IP Properties window appears 5 Click the Obtain an IP address automatically radio button 6 Click the Obtain DNS server address automatically radio button Windows 98 Me 1 Select Network in the Control Panel 2 Select the TCP IP settings for the network card then click Properties 3 Click the Obtain an IP address automatically radio button in the IP Address tab 4 Click Disable DNS in the DNS configuration tab 5 Click OK in the TCP IP Properties screen 6 Click OK in the Network screen to reboot and save the settings Windows NT 1 Click Network in the Control Panel The Network window appears 2 In the Protocol tab select Internet Protocol TCP IP then click Properties Actiontec Broadband Router User Manual 3 In the IP Address tab click the Obtain an IP address automatically radio button 4 Inthe DNS tab verify no DNS server is defined in the DNS Service Search Order text box and no suffix is defined in the Domain Suffix Search Order text box Linux 1 Logi
106. quality etc The MoCA connection supports 270 Mbps Are the Router s Ethernet ports auto sensing Yes Either a straight through or crossover Ethernet cable can be used 112 Chapter 9 Troubleshooting How do find out what IP address my computer is using Windows 95 98 98SE and Me Select Start Run and type winipcfg Press Enter When the Winipcfg window appears ensure your network device is selected Windows NT 2000 and XP Select Start Run and type cmd Press Enter When the command screen appears type ipconfig and press Enter My computer cannot connect to the Internet via MoCA What should I do First check the connection and make sure all cables are connected correctly Then make sure the NIM is still connected and check the Ethernet connection to the NIM from the computer A computer cannot be connected directly via a MoCA cable it must go through a NIM to connect The NIM converts the MoCA signal to an Ethernet signal the computer can understand l used DHCP to configure my network Do need to restart my computer to refresh my IP address No Follow these steps to refresh the IP address Windows 95 98 98SE and Me Select Start Run type winipcfg and press Enter Ensure the Ethernet adapter is selected in the device box Press the Release_all button then press the Renew_all button Windows NT 4 0 and 2000 Select Start Run type cmd and press Enter
107. r able loops in the network 26 Chapter 4 Using Network Connections Action The Action column contains an icon that when clicked generates the configuration screen of the particular device DNS Server Domain Name System DNS is the method by which website or domain names are translated into IP addresses Specify such an address manually according to the information provided by the ISP To manually configure DNS server addresses select Use the Following DNS Server Addresses Specify up to two different DNS server addresses one pri mary the other secondary DNS Server Use the Following DNS Server Addresses gt Primary DNS Server b fo b fo bb bh bh Secondary DNS Server IP Address Distribution The IP Address Distribution section of the Configure Network Home Office screen is used to configure the Router s Dynamic Host Configuration Protocol DHCP server parameters DHCP automatically assigns IP addresses to net work devices If enabled make sure to configure the network devices as DHCP Clients There are three options in this section Disabled DHCP Server and DHCP Relay Disabled Select this option if statically assigning IP addresses to the network devices DHCP Server To set up the network bridge to function as a DHCP server 1 Select DHCP Server 2 Enter the IP address at which the Router starts issuing addresses in the Start IP Address text boxes Since
108. r broad band home router click the Test Connectivity button Ping Test 1 Click Test Connectivity The Diagnostics screen appears Diagnostics The information below has been determined Diagnostics can assist in testing network connectivity This feature pings ICMP echo an IP address and displays the results such as the number of packets transmitted and received round trip time and success status Ping ICMP Echo Destination 192 168 1 2 Go Number of pings fa Status Test Failed Packets 4 4 transmitted 0 4 received 100 loss Minimum 2147483647 ms Round Trip Time Maximum 0 ms Average 0 ms Press the Refresh button to update the status 2 Click Go The Router runs a ping test and the results are displayed in the Diagnostics screen 20 Chapter 3 Configuring My Network Settings Rename This Device To rename a networked device locate the device in the My Network column then click Rename This Device The Rename Device screen appears Rename Device This Page allows you to change the name of this device and how it is identified on your network Current Device Name DAD MOM PC To rename this device type the new Device Name below and click Apply New Name To assign an icon to this device select from the drop down box below and click Apply New Icon Desktop Laptop P A Enter the new name of the device in the New Na
109. r product or the FCC declaration contact Actiontec Electronics Inc 760 North Mary Ave Sunnyvale CA 94086 United States Tel 408 752 7700 Fax 408 541 9005 134 Limited Warranty Hardware Actiontec Electronics Inc warrants to the end user Customer that this hardware product will be free from defects in workmanship and materials under normal use and service for twelve 12 months from the date of purchase from Actiontec Electronics or its authorized reseller Actiontec Electronics sole obligation under this express warranty shall be at Actiontec s option and expense to repair the defective product or part deliver to Customer an equivalent product or part to replace the defective item or if neither of the two foregoing options is reasonably available Actiontec Electronics may in its sole discretion refund to Customer the purchase price paid for the defective prod uct All products that are replaced will become the property of Actiontec Electronics Inc Replacement products may be new or reconditioned Actiontec Electronics war rants any replaced or repaired product or part for ninety 90 days from shipment or the remainder of the initial warranty period whichever is longer Software Actiontec Electronics warrants to Customer that each software program licensed from it will perform in substantial conformance to its program specifica tions for a period of ninety 90 days from the date of purchase f
110. rading To manually upgrade the Router s firmware 1 Click Check Now in the Firmware Upgrade screen 2 Ifa new version is available click Force Upgrade A download process will begin When downloading is completed a confirmation screen appears asking whether to upgrade to the new version 3 Click Apply The upgrade process will begin and should take no longer than one minute to complete At the conclusion of the upgrade process the Router automatically reboots The new firmware runs maintaining any custom configurations and settings Firmware Restore Firmware restore allows the Router s firmware to return to an earlier version if the current version is unstable or does not meet specified needs Click Firmware Restore from the Advanced screen to generate the Firmware Restore screen Firmware Restore Welcome to Firmware Restore You can use Firmware Restore to undo changes to your Wireless Broadband Router and restore its settings and performance Firmware Restore returns your Wireless Broadband Router to an earlier loaded firmware and its configuration file This is useful if the firmware you downloaded does not fit your needs Any change Firmware Restore makes to your Wireless Broadband Router is completely reversible Active Firmware Rule Name MI424WR version 4 0 16 1 45 36 Downloaded at Tue Apr 4 20 28 42 2006 Backup Firmware Rule Name MI424WR version 4 0 16 1 45 1 Downloaded at Sun Apr 2 17 01 23 2006 Con
111. rding to DHCP Option 60 Vendor Class Identifier This generates the DHCP Server Pool Settings screen Set the device name IP range and priority level in the appropriate text boxes then click Apply DHCP Server Pool Settings DHCP Option 60 Vendor Class f Identifier Start IP Address bP p p p End IP Address b b fo fo Vv Set Priority 7 High v DHCP Relay Select this option to have the Router function as a DHCP relay To enter a new IP address for the relay click New IP Address The DHCP Relay Server Address screen appears Enter the new IP address in the appropriate text boxes then click Apply DHCP Relay Server Address IP Address fo f b fo Routing The Router can be configured to use static or dynamic routing Dynamic rout ing automatically adjusts how packets travel on the network while static routing specifies a fixed routing path to neighboring destinations There are two options in the Routing section of the Configure WAN Coax Link Ethernet screen Basic or Advanced Basic Select this option for basic routing operation Advanced To set up the Router s Broadband Ethernet connection for advanced routing 1 Select Advanced from the Routing drop down menu 2 Enter a device metric in the Device Metric text box The device metric is a value used by the Router to determine whether one route is superior to another considering parameters such as bandwid
112. re described in the Computer Network Configuration will be unnecessary For example the default DHCP setting in Windows 2000 is client requiring no further modification However Actiontec advises following the setup procedure described below to verify all communication parameters are valid and the physical cable connections are correct Setting Up the Router There are three parts to setting up the Router Connecting the Cables Configuring the Router and Connecting Other Computers Set Top Boxes Connecting the Cables lt gt Note If a different router was being used disconnect it Remove all router components including power supplies and cables since they will not work with the Wireless Broadband Router 1 Get the Router and black Power cord from the box 2 Plug the black Power cord in the black port on the back of the Router and then into a power outlet 3 Turn the Router on 4 Make sure the Power light on the front of the Router is glows steadily green 5 Plug the yellow Ethernet cable from the box into one of the four yellow Ethernet ports on the back of the Router 10 Actiontec Broadband Router User Manual Make sure the computer is powered on then plug the other end of the yellow Ethernet cable into an Ethernet port on the computer Make sure at least one of the Ethernet LAN lights on the front of the Router glows steadily green This may take a few moments Locate the Ethernet wall jack t
113. ready exists a conflict occurred because the NAT mapping already exists so NAT failed Malformed packet Failed parsing a packet has been blocked because it is malformed Passive attack on ftp server Client attempted to open Server ports a packet has been blocked 66 Chapter 5 Configuring the Router s Security FTP port request to 3rd party is forbidden Possible bounce attack a packet has been blocked Firewall Rules were changed the firewall rule set has been modified User authentication a message arrived during login time including both successful and failed authentication Security Log Settings To view or change the security log settings 1 Click Settings in the Security Log screen The Security Log Settings screen appears Security Log Settings Accepted Events J Accepted Incoming Connections I Accepted Outgoing Connections Blocked Events 7 All Blocked Connection Attempts T Winnuke 7 Multicast Broadcast ICMP Replay Defragmentation Error Spoofed Connection ICMP Redirect Blocked Fragments Packet Illegal Options ICMP Multicast Syn Flood UDP Flood ICMP Flood Echo Chargen Other Events f Remote Administration Attempts Connection States Log Buffer I Prevent Log Overrun 2 Select the type of activities that will generate a log message Accepted Incoming Connections activating this check box generates a log
114. rk traffic at the data link Mac sub layer 802 1p traffic is simply classified and sent to the destination with no bandwidth reservations established The 802 1p header includes a 3 bit prioritization field which allows packets to be grouped into eight levels of priority By default the highest priority is seven which might be assigned to network critical traffic Values five and six may be applied to delay sensitive applications such as interactive video and voice Data classes four through one range from controlled load applications down to loss eligible traffic Zero is the value for unassigned traffic and used as a best effort default invoked automatically when no other value has been set A packet can match more than one rule This means that The first class rule has precedence over all other class rules scanning is stopped once the first rule is reached The first traffic priority classless rule has precedence over all other traffic priority rules There is no prevention of a traffic priority rule conflicting with a class rule In this case the priority and DSCP setting of the class rule if given will take precedence 1 Click Quality of Service in the Advanced screen then click 802 1p Settings The 802 1p Settings screen appears 802 1p Settings 802 1p Value Priority 0 low gt 1 Low 2 Low gt 3 tow zi 4 Medium gt 5 Medium x 6 THigh z 7 High z Cancel
115. rom Actiontec Electronics or its authorized reseller Actiontec Electronics warrants the media con taining software against failure during the warranty period The only updates that will be provided are at the sole discretion of Actiontec Electronics and will only be available for download at the Actiontec Web site www actiontec com Actiontec Electronics sole obligation under this express warranty shall be at Actiontec Electronics option and expense to refund the purchase price paid by Customer for any defective software product or to replace any defective media with software which substantially conforms to applicable Actiontec Electronics published specifi cations Customer assumes responsibility for the selection of the appropriate appli cations program and associated reference materials Actiontec Electronics makes no warranty or representation that its software products will meet Customer s requirements or work in combination with any hardware or applications software products provided by third parties that the operation of the software products will be uninterrupted or error free or that all defects in the software products will be corrected For any third party products listed in the Actiontec Electronics software product documentation or specifications as being compatible Actiontec Electronics will make reasonable efforts to provide compatibility except where the non com patibility is caused by a bug or defect in the third
116. rules which are for prioritizing the inbound and outbound traffic respectively Each section lists all the devices on which rules can be set Rules can be set on all devices at once by clicking Add in the All Devices row Traffic Priority QoS Input Rules i Source Destination i r RuleID Device Ere address Protocols Operation Status Action All Devices Add Network Home Office Rules Add Broadband Connection Ethernet Rules Add Ethernet Rules Add WAN PPPOE Rules Add QoS Output Rules Source Destination RuleID Device Address Address Protocols Operation Status Action All Devices Add Network Home Office Rules Add Broadband Connection Ethernet Rules Add Ethernet Rules Add WAN PPPOE Rules Add ncel Actiontec Broadband Router User Manual 2 After choosing the traffic direction and the device on which to set the rule click Add in the appropriate row The Add Traffic Priority Rule screen appears Add Traffic Priority Rule Matching Source Address Any z Destination Address Any z ANY x Protocol a DSCP None gt Device Any xj QoS Operation DSCP None z I Set Priority XSet Rx Class Name No Rx class names available XSet Tx Class Name No Tx class names available Logging Log Packets Matched by This Rule When should this rule occur Always z Set the following parameters Source Address The source address of the packets sent to or received from the netw
117. st Name IP Address Source Action gateway2 192 168 1 2 DHCP BR Add DNS Entry amp To add a new entry to the list 1 Click Add DNS Entry in the DNS Server screen The DNS Entry screen appears DNS Entry Host Name inew host IP Address ao 2 Enter the computer s host name in the Host Name text box 3 Enter the computer s IP address in the IP Address text boxes 4 Click Apply to save the changes To edit the host name or IP address of an entry Click the appropriate Edit icon in the Action column The DNS Entry screen appears DNS Entry Host Name gateway2 101 Actiontec Broadband Router User Manual 2 Ifthe host was manually added to the DNS Table its host name and or IP address can be modified Otherwise only modify its host name 3 Click Apply to save the changes To remove a host from the DNS table Click the appropriate Delete icon in the Action column The entry will be removed from the table Network Objects Network objects is used to define a part of the Router s network a group of computers for example by MAC addresses IP addresses and or host names The defined part becomes a network object and settings such as configuring system rules can be applied to all the devices defined as part of the network object at once For example instead of setting the same website filtering configuration to five c
118. t Rule Schedule screen appears Set Rule Schedule Rule Nae Bcheduler Rule Rule Settings Rule will be active at the scheduled time Rule will be inactive at the scheduled time Rule Schedule Action Add Rule Schedule amp 4 Enter a name for the rule in the Rule Name text box 5 Specify if the rule will be active or inactive during the designated time period by clicking the appropriate Rule Settings radio button 6 Click Add Rule Schedule The Edit Rule Schedule screen appears Edit Rule Schedule Days of Week Monday Tuesday J Wednesday Thursday T Friday J Saturday I Sunday Hours Range Start End Action New Hours Range Entry amp 7 Select or active or inactive days of the week by clicking in the appropriate text boxes 86 8 Chapter 7 Using Advanced Settings If applicable click New Hours Range Entry to define an active inactive hourly range The Edit Hour Range screen appears Enter a start and end time in the appropriate text boxes Edit Hour Range NOTE Use military time to edit the hour range e g 2 30pm 14 30 Start time Joo Joo End time Joo Joo 9 Click Apply Note Make sure the Router s date and time settings are properly configured for the time zone Routing Access the routing table rules by clicking Routing in the Advanced screen The Routing screen appears Rout
119. t Rules Add WAN PPPOE Rules Add Final Rules Add Output Rule Sets Manage all outbound traffic to the Internet Rule ID Source Address Pestination Protocols Operation Status Action Address Initial Rules Add Network Home Office Rules Add Broadband Connection Ethernet Rules Add Ethernet Rules Add WAN PPPOE Rules Add Final Rules Add Two sets of rules can be configured input rules and output rules Each set of rules comprises three subsets initial rules network devices rules and final rules These subsets determine the sequence by which the rules will be applied Following is a description of the set ordering for inbound and outbound packets 59 Actiontec Broadband Router User Manual Inbound Packets Input Rule Sets Initial rules All rules defined for the network device on which the packet is Local servers rules from the local server tab in the security screen Rules to accept all the packets on a device in case the firewall check box Internet Connection Firewall in the connection settings screen is unchecked Remote administration rules from the remote administration tab DMZ host rules from the DMZ tab Final rules Outbound Packets Output Rules Sets Initial rules All rules defined for the network device on which the packet is Rules to accept all the packets on a device in case the firewall check box Internet Connection Firewall in the connection settings screen is unchecked IP hostname fil
120. t certain times select Specify Schedule and click Add Then add a schedule rule for more details about schedule rules see the Advanced Settings chapter of this manual Security Log The security log displays a list of firewall related events including attempts to establish inbound and outbound connections attempts to authenticate at an administrative interface MegaControl Panel or Telnet terminal firewall configura tion and system start up To access the security log select Security Log from any Security screen The Security Log screen appears Security Log Press the Refresh button to update the data Time Event Event Type Details Jan 2 21 14 18 Firewall s 4 ae ae Firewall internal Firewall configuration succeeded Jan 2 21 14 18 Firewall k Pi x X D H Firewall internal Starting firewall configuration Jan 2 21 14 03 Firewall n n a gans Eem Firewall internal Firewall configuration succeeded Jan 2 21 14 03 Firewall i En eae 2003 Setup Firewall internal Starting firewall configuration Jan 1 01 45 20 WBM Login User authentication Username admin repeated 17 times last time on 2003 g success Jan 2 21 08 07 2003 Jan 1 01 45 12 WBM Login User authentication Tavalid password Username admin 2003 failure Jan 1 00 01 16 User authentication Username admin repeated 4 times last time on WBM Login 62 Chapter 5 Configuring the Router s Security Time The time based on the Router s
121. tal Controls To create a basic access policy for a computer on the Router s network click Parental Control from the top of the Home screen and follow these instructions 1 The Parental Control screen appears Click in the Enable check box to activate the access policy mechanism 2 Enter a Rule Name and Description for the access policy in the appropriate text boxes Parental Control Parental Control provides the ability to create specific rules to Block or Allow any Website and URL keywords which can be assigned to a single or group of computers devices on your network To setup Parental Control simply follow the steps below Step 1 To enable Parental Control click the Enable box below Enable Step 2 Create a Rule Name and Description Rule Name Description 69 Actiontec Broadband Router User Manual 3a Click the circle next to Block the following Websites to block access to a list of websites or click the circle next to Allow the following Websites to allow access to a list of websites 3b Enter the URL of the websites to be included on the list in the text box below For example enter www sample com Step 3 Choose to Block or Allow access to a Website and URL keyword Block the following Websites O Allow the following Websites Specify a list of Websites separated by spaces Example www sample com Block the following URL Keywords
122. ter s firewall is the cornerstone of the Router s security suite It has been exclusively tailored to the needs of the residential office user and is pre configured to provide optimum security a Etes m een TWAT bee Were 7 naie Upya Eteswt j a d webecs Jee Raves Frewall Configurator The firewall provides both the security and flexibility home and office users seek It provides a managed professional level of network security while enabling the safe use of interactive applications such as Internet gaming and video conferencing Additional features including surfing restrictions and access control can also be configured locally through the Router s MegaControl Panel or remotely by a service provider The firewall also supports advanced filtering designed to allow comprehensive control over the firewall s behavior Specific input and output rules can be defined the order of logically similar sets of rules can be controlled and distinctions between rules that apply to Internet and local network devices can be made 45 Actiontec Broadband Router User Manual This chapter covers these Security features General select the security level for the firewall Access Control restrict access from the local network to the Internet Port Forwarding enable access from the Internet to specified services provided by computers on the local network DMZ Host configure a network host t
123. tering rules and access control rules from the tabs in the security screen Final rules There are numerous rules automatically inserted by the firewall in order to provide improved security and block harmful attacks 60 Chapter 5 Configuring the Router s Security To configure advanced filtering rules click Add next to the rule title The Add Advanced Filter screen appears Add Advanced Filter Matching Source Address Any zj Destination Address Any j Protocol Any j Operation Drop C Reject Drop packets and send TCP Reset or ICMP Host Unreachable packets to sender C Accept Accept all packets related to this session This session is handled by Stateful Packet amp Inspection SPI Accept Packet Accept packets matching this rule only Do not use Stateful Packet Inspection SPI to also amp automatically accept packets related to this session Logging J Log Packets Matched by This Rule When should this rule occur Always z To add an advanced filtering rule define the following rule parameters Matching To apply a firewall rule a match must be made between IP addresses or ranges and ports Use the Source Address and Destination Address drop down lists to define the coupling of source and destination traffic Port matching will be defined when selecting protocols For example if the FTP protocol is selected port 21 will be checked for matching traffic flow bet
124. th and delay time 36 Chapter 4 Using Network Connections 3 Click in the Default Route check box to define this device as a the default route 4 Click in the Multicast IGMP Proxy Internal check box to activate multicasting Routing Table Clicking New Route generates the New Route window where a new route can be configured Internet Connection Firewall Click in the Enabled check box to activate the Router s firewall on the connection Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen where additional IP addresses can be created to access the Router via the connection 37 Actiontec Broadband Router User Manual WAN PPPoE WAN PPPoE 2 WAN Point to Point Protocol over Ethernet PPPoE relies on two widely accepted standards Point to Point Protocol and Ethernet PPPoE enables Ethernet net worked computers to exchange information with computers on the Internet PPPoE supports the protocol layers and authentication widely used in PPP and enables a point to point connection to be established in the normally multipoint architecture of Ethernet A discovery process in PPPoE determines the Ethernet MAC address of the remote device in order to establish a session Click WAN PPPoE in the Network Connections screen to generate the WAN PPPoE Properties screen This screen displays a list of the connection s proper ties The only modifi
125. the Power light is not illu minated or glows red when the Power cord is plugged in and the Power switch is turned on the Router has suffered a critical error and technical support should be contacted Broadband Light FY The Broadband light illuminates when the Router is connected to a the Internet via Ethernet If flashing data traffic is passing across the port Internet Light When the Internet light glows steadily green the Router is connected to the ISP Internet Service Provider If it glows amber there is a physical connection to the ONT Optical Network Terminator but authentication has not taken place i e no IP address is present Ethernet Lights 1 8 ao The Ethernet lights illuminate when the Router is connected to a local network via one or more of its Ethernet ports If flashing data traffic is passing across the port s Chapter 1 Introduction Rear Panel The rear panel of the Router features ten ports Ethernet 8 Broadband and Power as well as a Reset button and Power switch Ethernet Ports 8 Saal The Ethernet ports connect devices to the Router via Ethernet cables to create a local area network LAN The Ethernet ports are 10 100 Mbps auto sensing ports and either a straight through or crossover Ethernet cable can be used when connecting to the ports Broadband Port Pa The Broadband port connects the Router to the ISP using an Ethernet cable Reset Button To restore the
126. the Router s default IP address is 192 168 1 1 the Start IP Address should be 192 168 1 2 3 Enter the end of the IP address range used to automatically issue IP address es in the End IP Address text boxes The maximum IP address that can be entered here is 192 168 1 253 4 Enter the subnet mask address in the Subnet Mask text boxes The subnet mask determines which portion of a destination LAN IP address is the net work portion and which portion is the host portion 27 Actiontec Broadband Router User Manual If Windows Internet Naming Service WINS is being used enter the WINS server address in the WINS Server text boxes Enter the amount of time a network device will be allowed to connect to the Router with its currently issued dynamic IP address in the Lease Time in Minutes text box Click in the Provide Host Name If Not Specified by Client check box to have the Router automatically assign network devices with a host name in case a host name is not provided by the user DHCP Relay Select this option to have the Router function as a DHCP relay and enter the IP address in the screen that appears Routing The Router can be configured to use static or dynamic routing Dynamic rout ing automatically adjusts how packets travel on the network while static routing specifies a fixed routing path to neighboring destinations There are two options in the Routing section of the C
127. tings need to be restored to build a new network from the beginning for example use the following procedure 1 If needed click Save Configuration File to save the Router s current con figuration to a file The Router s current settings can then be reapplied see Configuraton File in this chapter for more information ATTENTION Restoring your router to default settings will erase the current router configuration If you would like to save the current configuration click the Save Cofiguration File button Save Configuration File If you do not wish to save the current configuration file click the Restore Defaults button Restore Defaults 2 Click Restore Defaults The Router will restart and factory default settings will be applied Note All of the Router s settings and parameters will be restored to their default values after performing the Restore Default pro cedure This includes the administrator password a user speci fied password will no longer be valid Reboot the Router To reboot the Router 1 Click Restart in the Advanced screen The Restart screen appears Restart Are you sure you want to reboot Wireless Broadband Router a E 2 Click OK to restart the Router This may take up to one minute To reenter the MegaControl Panel after restarting the Router click the web brows Sans er s Refresh button 94 Chapter 7 Using Advanced
128. ually Underlying Connection Specify the underlying connection above which the proto col initiates from the drop down list which displays all possible underlying devices PPP Configuration Point to Point Protocol PPP is the most popular method for transporting packets between the user and the ISP Service Name Specify the networking peer s service name if provided by the ISP in this text box On Demand To use PPP on demand to initiate the point to point protocol session only when packets are actually sent over the Internet click in this check box This option should be active on a limited basis Idle Time Before Hanging Up Enter the amount of idle time in minutes before the PPP session automatically ends Time Between Reconnect Attempts In this text box specify the duration between PPP reconnect attempts as provided by the ISP PPP Authentication Point to Point Protocol PPP currently supports four authentication pro tocols Password Authentication Protocol PAP Challenge Handshake Authentication Protocol CHAP and Microsoft CHAP versions 1 and 2 Select the authentication protocols the Router may use when negotiating with a PPTP server in this section Select all the protocols if no information is available about the server s authentication methods Note that encryption is performed only if Microsoft CHAP Microsoft CHAP version 2 or both are selected 6 Warning The PPP Authentication settings should not be
129. ults reset the Router to its default settings Reboot Router restart the Router MAC Cloning clone MAC addresses ARP Table display active devices and their IP and MAC addresses etc Users create and manage remote users Local Administration configure and manage local administration policies Dynamic DNS configure Dynamic DNS settings DNS Server manage the local LAN network for host name and IP address Network Objects create and manage network objects discrete LAN subsets Universal Plug and Play configure Universal Plug and Play settings Protocols manage and create open ports for various Internet protocols or cus tomize an application About view information about the Router Radius manage the RADIUS Remote Authentication Dial in User Service server Remote Administration is explained in the Security chapter of this manual QoS is explained in Appendix A of this manual 74 Chapter 7 Using Advanced Settings Firmware Upgrade The Router offers a built in mechanism for upgrading its firmware without los ing custom configurations and settings There are two methods for upgrading the firmware Upgrading from a local computer use a software image file pre down loaded to the computer s disk drive or located on the accompanying evalua tion CD Upgrading from the Internet use this method to upgrade the Router s firmware by remotely downloading an updated software image file Upgrad
130. urity chapter of this manual Dynamic DNS Dynamic DNS Domain Name Server a dynamic IP address to be aliased to a static hostname allowing a computer on the network to be more easily accessible from the Internet Typically when connecting to the Internet the service provider assigns an unused IP address from a pool of IP addresses and this address is used only for the duration of a specific connection Dynamically assigning addresses extends the usable pool of available IP addresses while maintaining a constant domain name This allows to user to access a device a camera for example from a remote loca tion since the device will always have the same IP address When using Dynamic DNS each time the IP address provided by the ISP changes the DNS database changes accordingly to reflect the change In this way even though the IP address of the computer changes often its domain name remains constant and accessible Opening a Dynamic DNS Account To use Dynamic DNS a free Dynamic DNS account must be opened at http www dyndns org account create html When applying for an account a user name and password must be specified Have them available when customizing the Router s Dynamic DNS feature For more information regarding Dynamic DNS refer to http www dyndns org 98 Chapter 7 Using Advanced Settings Setting up Dynamic DNS To set up Dynamic DNS on the Router click Dynamic DNS in the Advanced screen The
131. vice Traffic Shaping This section describes the different Traffic Shaping screens and terms and presents the feature s configuration logic 1 Click Quality of Service in the Advanced screen then click Traffic Shaping The following screen appears Traffic Shaping Rx Bandwidth Tx Bandwidth ep 3 eo Kbits s Kbits s Serialization Aon v Any Device amp Add amp 2 Click Add The Add Device Traffic Shaping screen appears 3 Select the device for which the traffic will be shaped The drop down list includes all the Router s devices as well as the option to select all devices in each category e g All LAN Devices All WAN Devices In this example select the default WAN device option Add Device Traffic Shaping Device Default WAN device x 4 Click Apply The Edit Device Traffic Shaping screen appears Edit Device Traffic Shaping Device Default WAN device Tx Traffic Shaping Tx Bandwidth 97656 Kbits s TCP Serialization Disable v Bandwidth Kbits s Class ID Rule Name Priority Status Action Reserved Maximum Add a Rx Traffice Policing Rx Bandwidth 97656 Kbits s Bandwidth Kbits s Class ID Rule Name Status Action Reserved Maximum Add amp 120 Appendix A Quality of Service Configure the following parameters Tx Bandwidth Tx bandwidth limits the Router s bandwidth transmission rate The purpose is to limit the
132. vices DHCP Server To set up the Router to function as a DHCP server 1 Select DHCP Server 2 Enter the IP address at which the Router starts issuing addresses in the Start IP Address text boxes Since the Router s default IP address is 192 168 1 1 the Start IP Address must be 192 168 1 2 or higher 3 Enter the end of the IP address range used to automatically issue IP addresses in the End IP Address text boxes 4 Enter the subnet mask address in the Subnet Mask text boxes The subnet mask determines which portion of a destination LAN IP address is the net work portion and which portion is the host portion 5 Ifa Windows Internet Naming Service WINS is being used enter the WINS server address in the WINS Server text boxes 6 Enter the amount of time a network device will be allowed to connect to the Router with its currently issued dynamic IP address in the Lease Time in Minutes text box Just before the time is up the device s user will need to make a request to extend the lease or get a new IP address 7 Click in the Provide Host Name If Not Specified by Client check box to have the Router automatically assign network devices with a host name in case a host name is not provided by the user 35 Actiontec Broadband Router User Manual Additionally to add a new product or product family click New IP Range in the Vendor Class ID column below IP Address Distriution Acco
133. vision reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by implementing one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment to an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio or television technician for help Modifications The FCC requires the user to be notified that any changes or modifications made to this device that are not expressly approved by Actiontec Electronics Inc may void the user s authority to operate the equipment Declaration of conformity for products marked with the FCC logo United States only This device complies with Part 15 of the FCC Rules Operation is subject to the fol lowing two conditions 1 This device may not cause harmful interference 133 Actiontec Broadband Router User Manual 2 This device must accept any interference received including interference that may cause unwanted operation lt gt Note To comply with FCC RF exposure compliance require ments the antenna used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter For questions regarding you
134. ween the defined source and destination IPs Operation This is where the action the rule will take is defined Select one of the following radio buttons Drop Deny access to packets that match the source and destination IP addresses and protocol ports defined in Matching Reject Deny access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen and send an ICMP error or a TCP reset to the origination peer 61 Actiontec Broadband Router User Manual Accept Allow access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen The data transfer session will be handled using Stateful Packet Inspection SPI Accept Packet Allow access to packets that match the source and des tination IP addresses and protocol ports defined in upper section of the screen The data transfer session will not be handled using Stateful Packet Inspection SPI so other packets that match this rule will not be automati cally allowed access This setting is useful when creating rules that allow broadcasting Logging Click in this check box to add entries relating to this rule to the security log Scheduler When should this rule occur If advanced filtering needs to be active all the time select Always from the When should this rule occur drop down list If the rule will only be active a
135. word and type it into the appropriate fields below NOTE The password must be at least 6 characters long and include at least one alpha numeric character The password cannot begin with characters such as 1 2 8 New User Name admin New Password Retype New Password Step 2 Please select your apropriate Time Zone and click OK Local Time Aug 4 2006 19 25 52 Time Zone Eastern_Time GMT 05 00 x OK In the bottom part of the screen select the correct time zone from the Time Zone drop down list then click OK at the bottom of the screen Router is now configured necting Other Computers Set Top Boxes Router can connect to other computers via Ethernet To do this Get an Fthernet cable and plug one end into one of the open yellow Ethernet ports on the back of the Router Plug the other end of the Ethernet cable into an Ethernet port on the computer Make sure the corresponding Ethernet LAN light on the front of the Router glows steadily green Repeat these steps for each computer to be connected to the Router via Ethernet 11 Actiontec Broadband Router User Manual Home Page After logging into the Router s MegaControl Panel see Configuring the Router at the beginning of this chapter the Home screen appears verizon a lt sH ES My Network Firewall Parental Advanced Be contre iii 7 My Network JE B PC Name FaELAB23 A mf Router status Connection Type ss
136. work objects if needed When finished click Apply to save all created network objects Universal Plug and Play UPnP To access the UPnP settings perform the following 1 Click Universal Plug and Play in the Advanced screen The Universal Plug and Play settings screen appears Universal Plug and Play Universal Plug and Play provides the ability for the router to have new UPnP supported devices connected without having to reconfigure or reboot the router Allow Other Network Users to Control Wireless Broadband Router s Network Features 7 Enable Automatic Cleanup of Old Unused UPnP Services WAN Connection Publication Publish Only the Main WAN Connection Y 103 Actiontec Broadband Router User Manual 2 Click in the Allow Other Network Users to Control Broadband Router s Network Features check box to enable UPnP and allow UPnP services to be defined on any of the network hosts 3 Click in the Enable Automatic Cleanup of Old Unused UPnP Services check box to enable automatic cleanup of invalid rules When enabled this feature checks validity of all the UPnP services and rules every five minutes Any old and not used UPnP defined service is removed unless any user defined rule depends on it Since there is a maximum limitation on the number of UPnP defined services 256 enable the cleanup feature if the limit is in danger of being exceeded 4 Select whether all WAN connections
Download Pdf Manuals
Related Search