Home

SMC Barricade SMCWBR14S-N4 router

Contents

1. This section is dedicated to the DMZ or De Militarized Zone Since some Internet applications such as interactive games or video may not function properly behind the firewall the DMZ allows a specified hast on the LAN to access the Internet without any firewall protection DMZ Settings DMZ Settings DMZ IP Address DMZ Settings Sets the DMZ status Default Disable DMZ IP Address Specifies an IP address on the local network allowed unblocked access to the WAN 95 CHAPTER 8 Firewall Configuration System Security SYSTEM SECURITY The Wireless Broadband Router includes the facility to manage it from a remote location The unit can also be sent a ping message from a remote location Figure 50 System Security System Securty Settings System Security Settings allows you to make various configurations that maintain and protect your device Remote Management Access Remote management via WAN Ping from WAN Filter Ping from WAN Filter Stateful Packet Inspection SPI SFI Firewall Remote Management Denies or allows management access to the Gateway Router through the WAN interface Default Deny Ping from WAN Filter When enabled the Gateway Router does not respond to ping packets received on the WAN port Default Disable Stateful Packet Inspection SPI The Stateful Packet Inspection SPI firewall protects your network and computers against attacks and i
2. ka Radio LAN device atbilst Direkt vas 1999 5 EK b tiskaj m Latviski prasibam un citiem ar to saistitajiem noteikumiem Lithuanian Siuo Manufacturer deklaruoja kad Sis Radio LAN device atitinka esminius reikalavimus ir Lietuvi kitas 1999 5 EB Direktyvos nuostatas Maltese Hawnhekk Manufacturer jiddikjara li dan Radio LAN device jikkonforma mal ti ijiet Malti essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5 EC Spanish Por medio de la presente Manufacturer declara que el Radio LAN device cumple con los Espa ol requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE Polish Niniejszym Manufacturer o wiadcza e Radio LAN device jest zgodny z zasadniczymi Polski wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC Portuguese Manufacturer declara que este Radio LAN device est conforme com os requisitos Portugu s essenciais e outras disposi es da Directiva 1999 5 CE Slovak Manufacturer t mto vyhlasuje e Radio LAN device sp a z kladn po iadavky a v etky Slovensky pr slu n ustanovenia Smernice 1999 5 ES Slovenian Manufacturer izjavlja da je ta radio LAN device v skladu z bistvenimi zahtevami in ostalimi Slovensko relevantnimi dolo ili direktive 1999 5 ES COMPLIANCES PURPOSE AUDIENCE CONVENTIONS N RELATED PUBLICATIONS REVISION HISTORY ABOUT THIS GUIDE This guide gives
3. ty ae CHAPTER 8 Firewall Configuration Content Filtering Adda Host Filter Enters the keyword for a host filtering 98 ADMINISTRATION SETTINGS The Wireless Broadband Router s Administration Settings menu provides the same configuration options in both Gateway and Bridge Mode These settings allow you to configure a management access password set the system time upgrade the system software display the system status and Statistics Administration Settings contains the following sections System Management on page 100 SNTP Settings on page 101 DDNS Settings on page 102 Upgrade Firmware on page 103 Configuration Settings on page 104 System Status on page 105 Statistics on page 107 Ho OH System Log on page 108 99 CHAPTER 9 Administration Settings System Management SYSTEM MANAGEMENT The System Management commands allow you to change the language settings displayed in the interface and change the user name and password Figure 52 System Management System Management The System Management section is provided for configuration of administrative needs such as language type username password SNTP settings DNS etc Language Settings Select Language English Il a Apply Web Interface Settings User Name LANGUAGE SETTINGS You can change the language displayed in web interface Chooses the appropriate langua
4. CHAPTER 3 Installing the Gateway Router Bridge Mode Connections 1 Using Ethernet cable connect the Wireless Broadband Router s LAN and WAN ports to PCs or a LAN switch 2 Power on the Wireless Broadband Router by connecting the AC power adapter and plugging it into a power source CAUTION Use ONLY the power adapter supplied with the Wireless Broadband Router Otherwise the product may be damaged When you power on the Wireless Broadband Router verify that the Power LED turns on and that the other LED indicators start functioning as described under LED Indicators on page 25 3 Connect an Ethernet cable from the Wireless Broadband Router s LAN ports to your PCs Alternatively you can connect to a workgroup switch to support more wired users The Wireless Broadband Router can Support up to 253 wired and wireless users 4 Set up wireless devices by pressing the WPS button on the Wireless Broadband Router or by using the web interface See Initial Configuration on page 38 for more information on accessing the web interface 37 ISP SETTINGS INITIAL CONFIGURATION The Wireless Broadband Router offers a user friendly web based management interface for the configuration of all the unit s features Any PC directly attached to the unit can access the management interface using a web browser such as Internet Explorer version 6 0 or above If you are not sure of your connection method please contact
5. KEY HARDWARE FEATURES The following table describes the main hardware features of the Gateway Router Table 1 Key Hardware Features Feature Description WAN Port One 100BASE TX RJ 45 port for connecting to the Internet 4 LAN Ports Four 1OOBASE TX RJ 45 ports for local network connections WPS Button To set up a secure connection to a wireless device Reset Button For resetting the unit and restoring factory defaults LEDs Provides LED indicators for Power WAN port and LAN ports status Mounting Options Can be mounted on any horizontal surface such as a desktop or shelf or on a wall using two screws DESCRIPTION OF CAPABILITIES Internet connection through an RJ 45 WAN port Local network connection through four 10 100 Mbps Ethernet ports DHCP for dynamic IP configuration Firewall with Stateful Packet Inspection client privileges intrusion detection and NAT NAT also enables multi user Internet access via a single user account and virtual server functionality providing protected access to Internet services such as Web FTP e mail and Telnet VPN pass through PPTP User definable application sensing tunnel supports applications requiring multiple connections 21 CHAPTER 1 Introduction Description of Capabilities APPLICATIONS Easy setup through a Web browser on any operating system that supports TCP IP Compatible with all popular Internet applications In addit
6. TKIP AES Uses either TKIP or AES keys for encryption WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID In mixed mode the unicast encryption type TKIP or AES is negotiated for each client Key Renewal Interval Sets the time period for automatically changing data encryption keys and redistributing them to all connected clients Default 3600 seconds PMK Cache Period WPA2 provides fast roaming for authenticated clients by retaining keys and other security information in a cache so that if a client roams away from an access point and then returns reauthentication is not required This parameter sets the time for deleting the cached WPA2 Pairwise Master Key PMK security information Default 10 minutes Pre Authentication When using WPA2 pre authentication can be enabled that allows clients to roam to another access point and be quickly associated without performing full 802 1X authentication Default Disabled IEEE 802 1X AND IEEE 802 1X is a standard framework for network access control that uses RADIUS a central RADIUS server for user authentication This control feature prevents unauthorized access to the network by requiring an 802 1X client application to submit user credentials for authentication The 802 1X standard uses the Extensible Authentication Protocol EAP to pass user credentials either digital certificates user names and passwords or other from the
7. Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC which is registered with the ISP This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disabled CHAPTER 4 Initial Configuration Setup Wizard Note If you are unsure of the PC MAC address originally registered by your ISP call your ISP and request to register a new MAC address for your account Register the default MAC address of the Wireless Broadband Router STEP 3 WAN Configures a static IP for the WAN port SETTINGS STATIC IP Figure 16 Wizard Step 3 WAN Settings Static IP Wide Area Network VAN Settings This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type STATIC Fixed IP Ha IP Address Subnet Mask Default Gateway Primary DNS Server Secondary DNS Server MAC Clone Enabled Dis
8. The unit can also be protected by securing all attached cables to a table leg or other nearby fixed structure GATEWAY MODE CONNECTIONS In its default Gateway Mode the Wireless Broadband Router forwards traffic between an Internet connected cable or ADSL modem and wired or wireless PCs or notebooks The basic connections are illustrated in the figure below Figure 9 Gateway Mode Connection 4 eN Set up wireless devices gt 1 Connect WAN port to Notebook PC cable DSL modem Int t 7 72 x 3 Connect AC power adapter to Cable DSL Modem power source Connect LAN port to PC s a To connect the Wireless Broadband Router in Gateway Mode for use as an Internet gateway follow these steps 1 Connect an Ethernet cable from the Wireless Broadband Router s WAN port to your Internet connected cable or ADSL modem 2 Connect an Ethernet cable from the Wireless Broadband Router s LAN ports to your PCs Alternatively you can connect to a workgroup switch to support more wired users The Wireless Broadband Router can Support up to 253 wired and wireless users 3 Power on the Wireless Broadband Router by connecting the AC power adapter and plugging it into a power source 35 CHAPTER 3 Installing the Gateway Router Bridge Mode Connections CAUTION Use ONLY the power adapter supplied with the Wireless Broadband Router Otherwise the product may be damaged When you power on the Wireless Broadba
9. Basic Service Set BSS network Security Mode The wireless network authentication and encryption method For a complete description see WLAN Security on page 69 Default Disabled 68 WLAN SECURITY CHAPTER 7 Wireless Configuration WLAN Security Access Policy The Wireless Broadband Router provides a MAC address filtering facility The access policy can be set to allow or reject specific station MAC addresses This feature can be used to connect known wireless devices that may not be able to support the configured security mode Adda station MAC Enter the MAC address of the station that you want to filter MAC addresses must be entered in the format XXIXX XXIXX IXX XX The Wireless Broadband Router s wireless interface is configured by default as an open system which broadcasts a beacon signal including the configured SSID Wireless clients with a configured SSID of ANY can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the wireless network To implement wireless network security you have to employ one or both of the following functions Authentication It must be verified that clients attempting to connect to the network are authorized users Traffic Encryption Data passing between the unit and clients must be protected from interception and eavesdropping The Wireless Broadband Router supports supports ten different se
10. DNS address are dynamically assigned to clients Options Enable Disable Default Enable Start End IP Address Specify the start and end IP addresses of a range that the DHCP server can allocate to DHCP clients Note that the address pool range is always in the same subnet as the unit s IP setting The maximum clients that the unit can support is 253 Primary DNS Server The IP address of Domain Name Servers on the network A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses Secondary DNS Server The IP address of the Secondary Domain Name Server on the network Default Gateway The default gateway is the IP address of the router for the Wireless Broadband Router which is used if the requested destination address is not on the local subnet Lease Time Select a time limit for the use of an IP address from the IP pool When the time limit expires the client has to request a new IP address The lease time is expressed in seconds Options Forever Two weeks One week Two days One day Half day Two hours One hour Half hour Default One week Statically Assigned Up to three devices with specific MAC addresses can be assigned static IP addresses That is the DHCP server always assigns these devices the same IP addresses LLTD Link Layer Topology Discovery LLTD is a Microsoft proprietary discovery protocol which can
11. INSTALLING THE GATEWAY ROUTER System Requirements iil s 10 11 16 19 20 21 21 21 22 23 23 25 26 26 26 27 27 29 29 30 31 33 33 CONTENTS SECTION Il Location Selection Mounting on a Wall Mounting on a Horizontal Surface Gateway Mode Connections Bridge Mode Connections INITIAL CONFIGURATION ISP Settings Connecting to the Login Page Home Page and Main Menu Common Web Page Buttons Setup Wizard Step 1 Language Selection Step 2 SNTP Settings Step 3 WAN Settings DHCP Step 3 WAN Settings Static IP Step 3 WAN Settings PPPoE Step 3 WAN Settings PPTP Step 4 Wireless Security Completion WEB CONFIGURATION OPERATION MODE Logging In Operation Mode INTERNET SETTINGS WAN Setting DHCP Static IP PPPoE PPTP LAN Setting Advanced Routing Advanced Routing Settings Routing Table fra 33 34 35 35 36 38 38 38 39 40 40 40 41 42 43 44 45 46 47 49 51 52 54 55 33 55 57 58 59 61 63 63 64 CONTENTS Dynamic Route 65 7 WIRELESS CONFIGURATION 67 Basic Settings 67 WLAN Security 69 Wired Equivalent Privacy WEP 70 WPA Pre Shared Key 71 WPA Enterprise Mode 72 IEEE 802 1X and RADIUS 74 Advanced Settings 76 Wireless Network 76 HT Physical Mode Settings 77 Advanced Wireless 79 Wi Fi Multimedia 81 Multicast to Unicast Converter 83 Wireless Distribution System WDS 84 Wi Fi Protected Setup WPS 88 Station List 90 8 FIREWA
12. KEY SNTP TKIP TFTP VAP WI FI PROTECTED ACCESS GLOSSARY beacon and automatically reset their SSID to allow immediate connection to the nearest access point Orthogonal Frequency Division Multiplexing OFDM allows multiple users to transmit in an allocated band by dividing the bandwidth into many narrow bandwidth carriers Service Set Identifier An identifier that is attached to packets sent over the wireless LAN and functions as a password for joining a particular radio cell i e Basic Service Set BSS Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point A shared key can be used to authenticate each client attached to a wireless network Shared Key authentication must be used along with the 802 11 Wireless Equivalent Privacy algorithm Simple Network Time Protocol SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers Temporal Key Integrity Protocol A data encryption method designed as a replacement for WEP TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads Virtual Access Point Virtual AP technology mul
13. LED is off amp The AC power adapter may be disconnected Check connections between the Gateway Router the power adapter and the wall outlet The access point radio has been disabled through it s web management interface Access the management interface using a web browser to enable the radio Verify that the Gateway Router is powered on Be sure cables are plugged into both the Gateway Router and corresponding PC Verify that the proper cable type is used and its length does not exceed specified limits Check the cable connections for possible defects Replace the defective cable if necessary There is no detected signal from WAN port Check connections and the management interface IF YOU CANNOT CONNECT TO THE INTERNET Check that your computer is properly configured for TCP IP Make sure the correct network adapter driver is installed for your PC operating system If necessary try reinstalling the driver Check that the network adapter s speed or duplex mode has not been configured manually We recommend setting the adapter to auto negotiation when installing the network driver BEFORE CONTACTING TECHNICAL SUPPORT Check the following items before you contact local Technical Support 1 If the Gateway Router cannot be configured using a web browser Be sure to have configured the Gateway Router with a valid IP address subnet mask and default gateway 11i APPENDIX A Troubleshooting Before C
14. WPS Configuration Station List MAC IP Port Filtering Virtual Server DMZ System Security Content Filtering System Management SNTP Settings DDNS Settings Gateway Mode Upgrade Firmware Configuration Settings System Status Gateway Mode Statistics System Log RJ 45 Connector Straight through Wiring Crossover Wiring 17 FIGURES 71 73 75 76 77 79 81 82 83 84 85 86 88 89 90 92 94 95 96 97 100 101 102 103 104 105 107 108 116 118 118 FIGURES 18 Table 1 Table 2 Table 3 Table 4 Table 5 TABLES Key Hardware Features LED Behavior WMM Access Categories LED Indicators 10 100BASE TX MDI and MDI X Port Pinouts 16 21 26 81 111 117 SECTION I GETTING STARTED This section provides an overview of the Wireless Broadband Router and describes how to install and mount the unit It also describes the basic settings required to access the management interface and run the setup Wizard This section includes these chapters Introduction on page 21 Network Planning on page 29 Initial Configuration on page 38 Installing the Gateway Router on page 33 Of s INTRODUCTION The Barricade Wireless Broadband Router SGMCWBR14S N4 supports routing from an Internet Service Provider ISP connection DSL or cable modem to a local network It is simple to configure and can be up and running in minutes
15. a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification follow 119 APPENDIX D License Information The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 1 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modification Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Progra
16. be used for both wired and wireless networks Options Disable Enable Default Enable IGMP Proxy Enables IGMP proxy on the Wireless Broadband Router Options Disable Enable Default Disable UPNP Allows the device to advertise its UPnP capabilities Default Enable Router Advertisement Enables the sending and receiving of routing advertisements to discover the existence of neighboring routers Options Disable Enable Default Disable PPPoE Relay When enabled the Wireless Broadband Router will forward PPPoE messages to clients Clients are then able to connect to the PPPoE service through the WAN port Options Disable Enable Default Disable apl s CHAPTER 6 Internet Settings Advanced Routing DNS Proxy Enables DNS proxy on the LAN port DNS Proxy receives DNS queries from the local network and forwards them to an Internet DNS server Default Enable ADVANCED ROUTING Routing setup allows a manual method to set up routing between networks The network administrator configures static routes by entering routes directly into the routing table Static routing has the advantage of being predictable and easy to configure ADVANCED ROUTING This screen is used to manually configure static routes to other IP SETTINGS networks subnetworks or hosts Click Internet Settings followed by Advanced Routing Maximum 32 entries are allowed Figure 28 Advanced Routing Gateway Mode Advan
17. conntrack version 0 5 0 1268 b SMCWBR145 N4 Warn kernel ip tables Cj 2000 2006 Netfilte SMCWBR145 N4 Warn kernel arp tables C 002 David 5 Mil i SMCWBR145 N4 info kernel ICP cubic registered SMCWBR145 N4 info kernel Registered protocol family 1 SMCWBR145 N4 info kernel NET Registered protocol family 1 _ 1 SMCWBR145 N4 info kernel NET Registered protocol family 1 L G G G DOG O O G i G roo DO G D E G j D GO O O O O i E j 3 O L a E E G G 4 mo Oe D D L oS D D a e D D D O amp J 3 2 i DG i am ae 3a saa sa 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 DODO DODO GOG O O LA LA Refresh Sends a request to add the latest entries to the System Log Table Clear Removes the current system log messages from the System Log Table 108 CHAPTER 9 Administration Settings System Log 109 SECTION Ill APPENDICES This section provides additional information and includes these items Troubleshooting on page 111 Hardware Specifications on page 114 Cables and Pinouts on page 116 Glossary on page 123 Index on page 113 L10 DIAGNOSING LED INDICATORS Table 4 LED Indicators TROUBLESHOOTING Symptom Action Power LAN LEDs are off WLAN LED is off LAN LEDs are off amp when port connected WAN
18. default data encryption type for WPA is AES WPA PSK_WPA2 PSK Clients using WPA or WPA2 with a Pre Shared Key are accepted for authentication The default data encryption type is TKIP AES 71 CHAPTER 7 Wireless Configuration WLAN Security WPA Algorithms Selects the data encryption type to use Default is determined by the Security Mode selected TKIP Uses Temporal Key Integrity Protocol TKIP keys for encryption WPA specifies TKIP as the data encryption method to replace WEP TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys AES Uses Advanced Encryption Standard AES keys for encryption WPA2 uses AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 bit key Use of AES CCMP encryption is specified as a standard requirement for WPA2 Before implementing WPA2 in the network be sure client devices are upgraded to WPA2 compliant hardware TKIP AES Uses either TKIP or AES keys for encryption WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID In mixed mode the unicast encryption type TKIP or AES is negotiated for each client Pass Phrase The WPA Preshared Key can be input as an ASCII string an easy to remember form of letters and numbers tha
19. in the U S A is firmware limited to channels 1 through 11 IMPORTANT NOTE FCC RADIATION EXPOSURE STATEMENT This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20 cm between the radiator and your body COMPLIANCES IC STATEMENT This Class B digital apparatus complies with Canadian ICES 003 Operation is subject to the following two conditions 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause undesired operation of the device Cet appareil num rique de la classe B conforme a la norme NMB 003 du Canada The device could automatically discontinue transmission in case of absence of information to transmit or operational failure Note that this is not intended to prohibit transmission of control or signaling information or the use of repetitive codes where required by the technology IMPORTANT NOTE IC RADIATION EXPOSURE STATEMENT This equipment complies with IC RSS 102 radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20 cm between the radiator amp your body TAIWAN NCC AN FR Bd AS Ee BS RDS eR EER Se EBLE Bre RAT eS GS RAR ST BS i AE AKEHE AE Bee BAS PADRA E REET LRT ERDE PTR RDS ZEA a eR SE ke HEMNA E gt eal eee h T
20. is obligated to ensure the device is operating according to the channel limitations indoor outdoor restrictions and license requirements for each European Community country as described in this document DECLARATION OF CONFORMITY IN LANGUAGES OF THE EUROPEAN COMMUNITY Czech Manufacturer t mto prohla uje ze tento Radio LAN device je ve shod se z kladn mi Cesky po adavky a dal mi p slu n mi ustanoven mi sm rnice 1999 5 ES Estonian K esolevaga kinnitab Manufacturer seadme Radio LAN device vastavust direktiivi 1999 Eesti 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele English Hereby Manufacturer declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Finnish Valmistaja Manufacturer vakuuttaa t ten ett Radio LAN device tyyppinen laite on Suomi direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Dutch Hierbij verklaart Manufacturer dat het toestel Radio LAN device in overeenstemming is Nederlands met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Bij deze Manufacturer dat deze Radio LAN device voldoet aan de essenti le eisen en aan de overige relevante bepalingen van Richtlijn 1999 5 EC French Par la pr sente Manufacturer d clare que l appareil Radio LAN device est conforme aux Fran ais exigences essentielle
21. on the local network to allow external access Port Range Specifies the port range through which traffic is forwarded Protocol Specifies a protocol to use for port forwarding either TCP UDP or TCP amp UDP Comment Enter a useful comment to help identify the forwarded port service on the network 2 e CHAPTER 8 Firewall Configuration DMZ CURRENT VIRTUAL The Current Port Forwarding Table displays the entries that are allowed to SERVERS IN SYSTEM forward packets through the Wireless Broadband Router s firewall DMZ No The table entry number IP Address Displays an IP address on the local network to allow external access to Port Mapping Displays the port the server is mapped Protocol Displays the protocol used for forwarding of this port Comment Displays a useful comment to identify the nature of the port to be forwarded Enables a specified host PC on the local network to access the Internet without any firewall protection Some Internet applications such as interactive games or video conferencing may not function properly behind the Wireless Broadband Router s firewall By specifying a Demilitarized Zone DMZ host the PC s TCP ports are completely exposed to the Internet allowing open two way communication The host PC should be assigned a static IP address which is mapped to its MAC address and this must be configured as the DMZ IP address Figure 49 DMZ
22. retain the carton including the original packing materials Use them again to repack the product in case there is a need to return it HARDWARE DESCRIPTION The Barricade Wireless Broadband Router from herein refered to as Gateway Router connects to the Internet using its RJ 45 WAN port It connects directly to your PC or to a local area network using its RJ 45 Fast Ethernet LAN ports The Gateway Router includes an LED display on the front panel for system power and port indications that simplifies installation and network troubleshooting a oo amp CHAPTER 1 Introduction Hardware Description Figure 1 Top Panel MS ae eee Ss LED Indicators a 0A CHAPTER 1 Introduction Hardware Description Figure 2 Rear Panel WPS Button Reset Button DC Power RJ 45 WAN Port Socket RJ 45 LAN Ports LED INDICATORS The Wireless Broadband Router includes seven status LED indicators as described in the following figure and table Figure 3 LEDs Be eee Te ANI WADO AWAN AKI ANIS ANI ANIA amp VC VVLS NE L ad I TEF Y ji iy 4 i i y A mB A ae NS ee Power WLAN WPS WAN LAN 1 4 s OG CHAPTER 1 Introduction Hardware Description ETHERNET WAN PORT ETHERNET LAN PORTS POWER CONNECTOR Table 2 LED Behavior LED Status Description Power On Blue The unit is receiving power and is operating normally Off There is no power currently being supplied to the unit WLAN O
23. to match any network wide QoS policy WMM also specifies a protocol that access points can use to communicate the configured traffic priority levels to QoS enabled wireless clients Table 3 WMM Access Categories Access WMM Description 802 1D Category Designation Tags AC_VO AC3 Voice Highest priority minimum delay Time sensitive 7 6 data such as VoIP Voice over IP calls AC_VI AC2 Video High priority minimum delay Time sensitive 5 4 data such as streaming video AC_BE ACO Best Effort Normal priority medium delay and throughput 0 3 Data only affected by long delays Data from applications or devices that lack QoS capabilities AC_BK AC1 Background Lowest priority Data with no delay or 2 1 throughput requirements such as bulk data transfers The Wi Fi Multimedia section on the Wireless Settings Advanced page allows you to enable WMM and set detailed QoS parameters Figure 38 Wi Fi Multimedia Settings Wi Fi Multimedia vil Enable Disable APSD O Enable Disable WWMM Parameters WMM Configuration soi CHAPTER 7 Wireless Configuration Advanced Settings The following items are displayed in this section on this page WMM Sets the WMM operational mode on the access point When enabled the QoS capabilities are advertised to WMM enabled clients in the network WMM must be supported on any device trying to associated with the access point Devices that do not support this feature
24. to restore the factory default configuration If you hold WPS BUTTON down the button for 5 seconds or more any configuration changes you may have made are removed and the factory default configuration is restored to the Gateway Router Press to automatically configure the Wireless Broadband Router with other WPS devices in the WLAN OF CHAPTER 1 Introduction Hardware Description a 90 NETWORK PLANNING The Wireless Broadband Router is designed to be very flexible in its deployment options It can be used as an Internet gateway for a small network or aS an access point to extend an existing wired network to Support wireless users It also Supports use as a wireless bridge to connect up to four wired LANs This chapter explains some of the basic features of the Wireless Broadband Router and shows some network topology examples in which the device is implemented INTERNET GATEWAY ROUTER The Wireless Broadband Router can connect directly to a cable or DSL modem to provide an Internet connection for multiple users through a single service provider account Users connect to the Wireless Broadband Router either through a wired connection to a LAN port or though the device s own wireless network The Wireless Broadband Router functions as an Internet gateway when set to Gateway Mode An Internet gateway employs several functions that essentially create two separate Internet Protocol IP subnetworks a private int
25. when PPTP Network Mode is set to static IP Subnet Mask Sets the static IP subnet mask Default 255 255 255 0 available when PPTP Network Mode is set to static IP Default Gateway The IP address of a router that is used when the requested destination IP address is not on the local subnet 45 CHAPTER 4 Initial Configuration Setup Wizard Operation Mode Enables and configures the keep alive time Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable STEP 4 WIRELESS The Step 4 page of the Wizard configures the wireless network name and SECURITY secu
26. with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable STEP 3 WAN Enable the Wireless Broadband Router IP address to be assigned SETTINGS PPPoE automatically from an Internet service provider ISP through an ADSL modem using Point to Point Protocol over Ethernet PPPoE Figure 17 Wizard Step 3 WAN Settings PPPoE Wide Area Network WAN Settings This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type PPPoE ADSL v User Name pppoe_user Password eececcecccece Verify Password eeoecccecsece KeepAlive Operation Mode Keep Alive Mode Redial Period 60 senconds On demand Mode Idle Time minutes MAC Clone Enabled Disable The following items are displayed on this page User Name Sets the PPPoE user name for the WAN port Default pppoe_user Range 1 32 characters Password Sets a PPPoE password for the WAN port Default pppoe _password Range 1 32 characters Verify Password Prompts you to re enter your chosen password Operation Mode Enables and configures the keep alive time and configures the on demand idle time MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This se
27. your Internet Service Provider There are several connection types to choose from Static IP DHCP cable connection PPPoE DSL connection and PPTP NoTE If using the PPPoE option you will need to remove or disable any PPPoE client software on your computers CONNECTING TO THE LOGIN PAGE It is recommended to make initial configuration changes by connecting a PC directly to one of the Wireless Broadband Router s LAN ports The Wireless Broadband Router has a default IP address of 192 168 2 1 anda subnet mask of 255 255 255 0 You must set your PC IP address to be on the same subnet as the Gateway Router that is the PC and Gateway Router addresses must both start 192 168 2 x To access the Wireless Broadband Router s management interface follow these steps 1 Use your web browser to connect to the management interface using the default IP address of 192 168 2 1 2 Log into the interface by entering the default username admin and password smcadmin then click Login NoTE It is strongly recommended to change the default user name and password the first time you access the web interface For information on changing user names and passwords See System Management on page 100 38 CHAPTER 4 Initial Configuration Home Page and Main Menu Figure 11 Login Page Connect to 192 168 2 1 The server 192 168 2 1 at SMCWBR145 H4 requires a username and password Warning This server is requ
28. 0 Short Preamble O Enable Disable Short Slot Enable Disable Tx Burst Enable Disable Packet Aggregate Enable Disable The following items are displayed in this section on this page BG Protection Mode Enables a backward compatible protection mechanism for 802 11b clients There are three modes Default Auto Auto The unit enables its protection mechanism for 802 11b clients when they are detected in the network When 802 11b clients are not detected the protection mechanism is disabled On Forces the unit to always use protection for 802 11b clients whether they are detected in the network or not Note that enabling b g Protection can slow throughput for 802 11g n clients by as much as 50 Off Forces the unit to never use protection for 802 11b clients This prevents 802 11b clients from connecting to the network Beacon Interval The rate at which beacon signals are transmitted from the access point The beacon signals allow wireless clients to maintain contact with the access point They may also carry power management information Range 20 999 TUs Default 100 TUs Data Beacon Rate DTIM The rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Known also as the Delivery Traffic Indication Map DTIM interval it indicates how often the MAC layer forwards broadcast multicast traffic which is necessary to wake up statio
29. 1A Power WLAN Wireless Local Area Network WPS Wi Fi Protected Setup WAN Wide Area Network LAN 1 4 Local Area Network Web browser Operating O to 40 C 32 to 104 F Storage 20 to 70 C 32 to 158 F 20 to 85 non condensing 136 X 90 8 X 28 5 mm 157 g 5 54 oz FCC Part 15c EN 300 328 LPOOO2 FCC Part 15b EN 55022 24 EN 301 489 1 17 EN 60950 1 114 APPENDIX B Hardware Specifications STANDARDS UL60950 1 CSA22 2 No 60950 1 EN 60950 1 IEC 60950 1 ETSI EN 300 019 2 1 Class 1 2 Storage ETSI EN 300 019 2 2 Class 2 3 Packaged ETSI EN 300 019 2 3 Class 3 2 Operating 115 CABLES AND PINOUTS TWISTED PAIR CABLE ASSIGNMENTS For 10 100BASE TX connections a twisted pair cable must have two pairs of wires For 1000BASE T connections the twisted pair cable must have four pairs of wires Each wire pair is identified by two different colors For example one wire might be green and the other green with white stripes Also an RJ 45 connector must be attached to both ends of the cable NoTE Each wire pair must be attached to the RJ 45 connectors in a specific orientation CAUTION DO NOT plug a phone jack connector into the RJ 45 port Use only twisted pair cables with RJ 45 connectors that conform with FCC standards The following figure illustrates how the pins on the RJ 45 connector are numbered Be sure to hold the connectors in the same orientation when attaching the
30. 6 hexadecimal digits for 128 bit keys Default Hex no preset value WPA PRE SHARED Wi Fi Protected Access WPA was introduced as an interim solution for the Key vulnerability of WEP pending the adoption of a more robust wireless security standard WPA2 includes the complete wireless security standard but also offers backward compatibility with WPA Both WPA and WPA2 provide an enterprise and personal mode of operation For small home or office networks WPA and WPA2 provide a simple personal operating mode that uses just a pre shared key for network access The WPA Pre Shared Key WPA PSK mode uses a common password phrase for user authentication that is manually entered on the access point and all wireless clients Data encryption keys are automatically generated by the access point and distributed to all clients connected to the network Figure 32 Security Mode WPA PSK Security Mode WPA Algorithms CITKIP AES CITKIPAES Key Renewal Interval 3600 seconds Security Mode Configures the WPA PSK and WPA2 PSK security modes used by clients When using WPA PSK or WPA2 PSK be sure to define the Shared key for the Wireless Broadband Router and all its clients Default Disable WPA PSK Clients using WPA with a Pre shared Key are accepted for authentication The default data encryption type for WPA is TKIP WPA2 PSK Clients using WPA2 with a Pre shared Key are accepted for authentication The
31. ALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION INNO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS 122 10BASE T 100BASE TX 1000BASE T ACCESS POINT AES AUTHENTICATION BACKBONE BEACON BROADCAST KEY DHCP GLOSSARY IEEE 802 3 2005 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable IEEE 802 3 2005 specification for 100 Mbps Fast Ethernet over two pairs of Category 5 or better UTP cable IEEE 802 3ab specification for 1000 Mbps Gigabit Ethernet over four pairs of Category 5 or better UTP cable An internetworking device that seamlessly connects wired and wireless networks Access points attached to a wired network support the creation of multiple radio cells that enable roaming throughout a fa
32. ERIA gt WANEER TERRIERE o BIE Sis gt TEE RE ESRC EARTE fa BIRHEN E LSS BPE Be eae Ad a RET VE BS eins OZ HE e EC CONFORMANCE DECLARATION CEC Marking by the above symbol indicates compliance with the Essential Requirements of the R amp TTE Directive of the European Union 1999 5 EC This equipment meets the following conformance standards EN 60950 1 IEC 60950 1 Product Safety EN 55022 24 ITE EMC EN 301 489 1 17 RF EMC EN 300 328 802 11 b g n COMPLIANCES This device is intended for use in the following European Community and EFTA countries Austria Belgium Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Iceland Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Romania Slovakia Slovenia Spain Sweden Switzerland United Kingdom Note The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as described below This device will automatically limit the allowable channels determined by the current country of operation Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other systems The user
33. Firmware This section allows you to upgrade to the latest firmware To upgrade the firmware connect your PC to one ofthe LAN ports via a standard Ethernet cable Click Browse and select the firmware image saved on your PC Then click Apply Firmware upgrade takes approximately 3 minutes Do NOT interrupt while the firmware upgrade is in process Fi rmware U pgrade Firmware Upgrade Allows you to upload new firmware manually by specifying a file path Make sure the firmware you want to use is on the local computer by clicking Browse to search for the firmware to be used for the update Browse Opens a directory on the local hard drive for specifying the path of the file to upload Apply Starts the upload procedure 103 CHAPTER 9 Administration Settings Configuration Settings CONFIGURATION SETTINGS The Configuration Setting page allows you to save the Wireless Broadband Router s current configuration or restore a previously saved configuration back to the device Figure 56 Configuration Settings Settings Management In this section you will be able to export or load a configuration file and reset settings to factory Import Settings Import Configuration File fs B Load Factory Defaults Restore settings to factory default Load Default Export Settings Saves the current configuration to a fil
34. HT PHYSICAL MODE The HT Physical Mode section on the Wireless Settings Advanced page SETTINGS includes additional parameters for 802 11n operation Figure 36 HT Physical Mode Settings HT Physical Mode Channel Bandwidth 20 O 20 40 Guard Interval Long Auto MCS Reverse Direction Grant ROG O Disable Enable Aggregation MSDU A MSDU Disable Enable Auto Block ACK Disable Enable Decline BA Request Disable Enable Apy 77 CHAPTER 7 Wireless Configuration Advanced Settings The following items are displayed in this section on this page HT Channel Bandwidth The Wireless Broadband Router provides a channel bandwidth of 40 MHz by default giving an 802 11g connection speed of 108 Mbps sometimes referred to as Turbo Mode and a 802 11n connection speed of up to 150 Mbps Setting the HT Channel Bandwidth to 20 MHz slows connection speed for 802 11g and 802 11n to 54 Mbps and 74 Mbps respectively and ensures backward compliance for slower 802 11b devices Default 20MHz Guard Interval The guard interval between symbols helps receivers overcome the effects of multipath delays When you add a guard time the back portion of useful signal time is copied and appended to the front Default Auto MCS The Modulation and Coding Scheme MCS is a value that determines the modulation coding and number of spatial channels Options value range O 7 1 Tx Stream 8 15 2 TxStrea
35. LL CONFIGURATION 91 MAC IP Port Filtering 91 Current Filter Rules 93 Virtual Server Settings Port Forwarding 94 Current Virtual Servers in system 95 DMZ 95 System Security 96 Content Filtering 97 9 ADMINISTRATION SETTINGS 99 System Management 100 Language Settings 100 Web Interface Settings 100 SNTP Settings 101 DDNS Settings 102 Upgrade Firmware 103 Configuration Settings 104 System Status 105 Statistics 107 ie CONTENTS SECTION III System Log APPENDICES TROUBLESHOOTING Diagnosing LED Indicators If You Cannot Connect to the Internet Before Contacting Technical Support HARDWARE SPECIFICATIONS CABLES AND PINOUTS Twisted Pair Cable Assignments 10 100BASE TX Pin Assignments Straight Through Wiring Crossover Wiring LICENSE INFORMATION The GNU General Public License GLOSSARY 14 108 110 111 111 111 111 114 116 116 117 117 118 119 119 123 15 CONTENTS Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 FIGURES Top Panel Rear Panel LEDs Operating as an Internet Gateway Router Operating as an Access Point Operating as a Wireless Bridge Operati
36. S eee Cables A o eee 2 Modem ae ae a a Gateway Router A me t 7 Gateway Mode z Gateway Router T a Bridge Mode NS N 2 Notebook PC E 5 7 r i 2 2 Nee EE Notebook PC INSTALLING THE GATEWAY ROUTER The Wireless Broadband Router has two basic operating modes that can be set through the web based management interface For information on setting the mode suitable for your network environment See Operation Mode on page 54 Gateway Mode A gateway mode that connects a wired LAN and wireless clients to an Internet access device such as a cable or DSL modem This is the factory set default mode Bridge Mode An access point mode that extends a wired LAN to wirelessclients In addition to these basic operating modes the wireless interface supports a Wireless Distribution System WDS link to another Wireless Broadband Router These advanced configurations are not described in this section See Network Planning on page 29 for more information In a basic configuration how the Wireless Broadband Router is connected depends on the operating mode The sections in this chapter describe connections for basic Gateway Mode and Bridge Mode operation SYSTEM REQUIREMENTS You must meet the following minimum requirements An Internet access device DSL or Cable modem with an Ethernet port connection An up to date web browser Internet Explorer 6 0 or above or Mozilla F
37. SMC Networks USER GUIDE Barricade N 150 Mbps 4 Port Wireless Broadband Router SMCWBR14S N4 Barricade SMCWBR14S N4 User Guide SMC Networks 20 Mason September 2009 Irvine CA 92618 Pub 149100000034W E092009 CS R01 Information furnished by SMC Networks Inc SMC is believed to be accurate and reliable However no responsibility is assumed by SMC for its use nor for any infringements of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2009 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and Barricade EZ Switch TigerStack TigerSwitch and TigerAccess are trademarks of SMC Networks Inc Other product and company names are trademarks or registered trademarks of their respective holders WARRANTY AND PRODUCT REGISTRATION To register SMC products and to review the detailed warranty statement please refer to the Support Section of the SMC Website at http www smc com COMPLIANCES FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protecti
38. Wireless Configuration Wi Fi Protected Setup WPS Figure 45 WPS Configuration WPS Summary WPS Current Status WPS Configured es WPS 35D SMOCWBR145 N4_AFP WPS Auth Mode Open WPS Encryp Type None WPS Default Key Index Booo WPS Key ASCII le cei 64824901 Reset OOB WPS Progress WPS mode PIN PBC PN Apply WPS Status Idle WPS Summary Provides detailed WPS statistical information WPS Current Status Displays if there is currently any WPS traffic connecting to the Wireless Broadband Router Options Start WSC Process Idle WPS Configured States if WPS for wireless clients has been configured for this device WPS SSID The service set identifier for the unit WPS Auth Mode The method of authentication used WPS Encryp Type The encryption type used for the unit WPS Default Key Index Displays the WEP default key 1 4 WPS Key ASCII Displays the WPS security key ASCII which can be used to ensure the security of the wireless network AP PIN Displays the PIN Code for the Wireless Broadband Router The default is exclusive for each unit Default 64824901 Reset OOB Resets the WPS settings to factory default values 89 CHAPTER 7 Wireless Configuration Station List WPS Config Configures WPS settings for the Wireless Broadband Router WPS Mode Selects between methods of broadcasting the WPS beacon to network c
39. Wireless Settings followed by Basic Sieg CHAPTER 7 Wireless Configuration Basic Settings Figure 29 Basic Settings Wireless Security and Encryption Settings The V vireless Security and Encryption Settings page allows you to make detailed Security configurations to prevent unauthorized access and monitoring Network Name SSID SMCYYBR145 N4_AP Broadcast Network Mame 551D Enable Disable AP Isolation O Enable Disable BSSID 00 22 20 62 EA 3A Security Mode Access Policy 00 11 22 33144 55 Add a station MAC fs The following items are displayed on this page Network Name SSID The name of the wireless network service provided by the Wireless Broadband Router Clients that want to connect to the network must set their SSID to the same as that of the Wireless Broadband Router Default SMCWBR14S N4_AP Range 1 32 characters Broadcast Network Name SSID By default the Wireless Broadband Router always broadcasts the SSID in its beacon signal Disabling the SSID broadcast increases security of the network because wireless clients need to already know the SSID before attempting to connect Default Enabled AP Isolation The Wireless Broadband Router will isolate communincation between all clients in order to protect them Normally for users who are at hotspots Default Disabled BSSID The identifier MAC address of the Wireless Broadband Router in the
40. able Cancel The following items are displayed on this page WAN Connection Type Select the connection type for the WAN port from the drop down list Default DHCP IP Address The IP address of the Wireless Broadband Router Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Subnet Mask The mask that identifies the host address bits used for routing to specific subnets Default Gateway The IP address of the gateway router for the Wireless Broadband Router which is used if the requested destination address is not on the local subnet Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server aa CHAPTER 4 Initial Configuration Setup Wizard MAC Clone Some ISPs limit Internet connections to a specified MAC address This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC
41. age specifies the Internet connection parameters Click on Internet Settings followed by WAN WAN Connection Type By default the access point WAN port is configured with DHCP enabled After you have network access to the access point you can use the web browser interface to modify the initial IP configuration if needed The options are Static IP DHCP cable modem PPPoE ADSL and PPTP Each option changes the parameters displayed below it Default DHCP Enables Dynamic Host Configuration Protocol DHCP for the WAN port This setting allows the Wireless Broadband Router to automatically obtain an IP address from a DHCP server normally operated by the Internet Service Provider ISP 55 CHAPTER 6 Internet Settings WAN Setting Figure 23 DHCP Configuration Wide Area Network WAN Settings This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type Primary DNS Server MAC Clone Enabled v MAC Address Clone Your PC s MAC Address The following items are displayed on this page Hostname Optional The hostname of the DHCP client Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field pr
42. and Router then click the Clone your PC s MAC Address Default Disable 60 CHAPTER 6 Internet Settings LAN Setting LAN SETTING The Wireless Broadband Router must have a valid IP address for management using a web browser and to support other features The unit has a default IP address of 192 168 2 1 You can use this IP address or assign another address that is compatible with your existing local network Click on Internet Settings followed by LAN Figure 27 LAN Configuration Local Area Network LAN Settings This section is provided to configure LAN settings like DHCP and other networking features LAN Setup MAC Address 00 22 20 82 EA 38 IP Address 192 168 2 1 Subnet Mask 26 755 255 0 DHCP Server Star IP Address 1927 168 2 100 End IP Address 1927 168 2 199 Lease Time IGMP Proxy Router Advertisement PPPoE Relay DNs Proxy LAN IP Address Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods The default setting is 192 168 2 1 Subnet Mask Indicate the local subnet mask Default 255 255 255 0 Bt CHAPTER 6 Internet Settings LAN Setting MAC Address The shared physical layer address for the Wireless Broadband Router s LAN ports DHCP Server Enable this feature to assign IP settings to wired and wireless clients connected to the Gateway Router The IP address subnet mask default gateway and Domain Name Server
43. arty software subject to the terms of the GNU General Public License GPL GNU Lesser General Public License LGPL or other related free software licenses The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors For details refer to the section The GNU General Public License below or refer to the applicable license as included in the source code archive THE GNU GENERAL PUBLIC LICENSE GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Library General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to
44. ask Default 255 255 255 0 available when PPTP Network Mode is set to static IP Default Gateway The IP address of the gateway router for the Wireless Broadband Router which is used if the requested destination address is not on the local subnet Operation Mode Selects the operation mode as Keep Alive or Manual Default Keep Alive Keep Alive Mode The Wireless Broadband Router will periodically check your Internet connection and automatically re establish your connection when disconnected Default 60 seconds Manual Mode The unit will remain connected to the Internet without disconnecting Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadb
45. ata encryption When enabled WEP encryption keys are automatically generated by the RADIUS server and distributed to all connected clients Default Disabled RADIUS Server Configures RADIUS server settings IP Address Specifies the IP address of the RADIUS server Port The User Datagram Protocol UDP port number used by the RADIUS server for authentication messages Range 1024 65535 Default 1812 Shared Secret A shared text string used to encrypt messages between the access point and the RADIUS server Be sure that the same text string is specified on the RADIUS server Do not use blank Spaces in the string Maximum length 20 characters Session Timeout Number of seconds the access point waits for a reply from the RADIUS server before resending a request Range 1 60 seconds Default 0 Idle Timeout Sets the maximum time in seconds of client inactivity before a session is terminated a 75 CHAPTER 7 Wireless Configuration Advanced Settings ADVANCED SETTINGS The Advanced Settings page includes additional parameters concerning the wireless network including HT Physical Mode and Wi Fi Multimedia settings NoTE There are several variables to consider when selecting a radio mode that make it fully functional Simply selecting the mode you want is not enough to ensure full compatibility for that mode Information on these variables may be found in the HT Physcial Mode Setting
46. ced Routing Settings The Advanced Routing Section allows you to configure Static and Dynamic Routing settings Destination Coo Range Interface Comment LT Current Routing table in the system No Destination Netmask Seem Flags wet So use merce Comes 295 295 255 255 255 255 255 255 0 0 0 0 0 0 Tha 192 168 2 0 255 255 255 0 o 0 0 0 l oo i cs Dynamic Routi ng Protocol 63 CHAPTER 6 Internet Settings Advanced Routing Destination A destination network or specific host to which packets can be routed Type Defines the type of destination Options Host Net Default Host Gateway The IP address of the router at the next hop to which matching frames are forwarded Interface The selected interface to which a static routing subnet is to be applied Comment Enters a useful comment to help identify this route ROUTING TABLE This page displays the information necessary to forward a packet along the best path toward its destination Each packet contains information about its origin and destination When a packet is received a network device examines the packet and matches it to the routing table entry providing the best match for its destination The table then provides the device with instructions for sending the packet to the next hop on its route across the network Note The Routing Table is only available when the Wireless Broadband Router is set to Gateway Mode Dest
47. cility Advanced Encryption Standard An encryption algorithm that implements symmetric key cryptography AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP The process to verify the identity of a client requesting network access IEEE 802 11 specifies two forms of authentication open system and Shared key The core infrastructure of a network The portion of the network that transports information from one central location to another central location where it is unloaded onto a local system A signal periodically transmitted from the access point that is used to identify the service set and to maintain contact with wireless clients Broadcast keys are sent to stations using dynamic keying Dynamic broadcast key rotation is often used to allow the access point to generate a random group key and periodically update all key management capable wireless clients Dynamic Host Configuration Protocol Provides a framework for passing configuration information to hosts on a TCP IP network DHCP is based on 123 GLOSSARY ENCRYPTION ETHERNET FTP HTTP IEEE 802 11B IEEE 802 11G INFRASTRUCTURE LAN MAC ADDRESS NTP OPEN SYSTEM the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options Data passing between the access point and clients can use encryption to protect from in
48. ckets fo WAN Rx bytes o WAN TX packets 613 WAN Tx bytes 361050 LAN Rx packets 3145 LAN Rx bytes 399661 LAN Tx packets 3854 LAN Tx bytes 2529384 All interfaces Name lo Rx Packet lo Rx Byte 0 Tx Facket fo Tx Byte fo Name eth Rx Facket 3176 The following items are displayed on this page Memory total The total memory of this Wireless Broadband Router Memory left The available memory of this Wireless Broadband Router WAN LAN AIl Interfaces Displays the interface on which traffic is being monitored Rx packets Displays the total number of packets received by the specified interface Rx bytes Displays the total number of bytes transmitted by the specified interface 107 CHAPTER 9 Administration Settings System Log SYSTEM LOG Tx packets Displays the total number of packets transmitted by the specified interfaces Tx bytes Displays the total number of bytes transmitted by the specified interface The Wireless Broadband Router supports a logging process that controls error messages saved to memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating Wireless Broadband Router and network problems The System Log page displays the latest messages logged in chronological order from the newest to the oldest Log messages saved in the Wireless Broadband Router s memory are erased when the device is
49. client to the RADIUS server Client authentication is then verified on the RADIUS server before the client can access the network Remote Authentication Dial in User Service RADIUS is an authentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of user credentials for each user that requires access to the network The WPA and WPA2 enterprise security modes use 802 1X as the method of user authentication IEEE 802 1X can also be enabled on its own asa security mode for user authentication When 802 1X is used a RADIUS server must be configured and be available on the connected wired network NoTE This guide assumes that you have already configured RADIUS server s to support the access point Configuration of RADIUS server software is beyond the scope of this guide refer to the documentation provided with the RADIUS server software 74 CHAPTER 7 Wireless Configuration WLAN Security Figure 34 Security Mode 802 1X Security Mode 021X hai 607 1 WEP Disable 2 Enable Radius Server Shared Secret session Timeout Idle Timeout Security Mode Configures the 802 1X security mode used by clients When using 802 1 either with WPA WPA2 or on its own be sure there is a configured RADIUS server in the connected wired network Default Disable 802 1X WEP Selects WEP keys for d
50. curity mechanisms that provide various levels of authentication and encryption depending on the requirements of the network Click on Wireless Settings followed by Basic Figure 30 Security Mode Options security Mode Access Policy Policy Add a station MAC The supported security mechanisms and their configuration parameters are described in the following sections OPEN SHARED WEP AUTO See Wired Equivalent Privacy WEP on page 70 69 CHAPTER 7 Wireless Configuration WLAN Security WPA PSK WPA2 PSK WPA PSK_WPA2 PSK See WPA Pre Shared Key on page 71 WPA WPA2 WPA1_WPA2 See WPA Enterprise Mode on page 72 802 1X See IEEE 802 1X and RADIUS on page 74 WIRED EQUIVALENT WEP provides a basic level of security preventing unauthorized access to PRIVACY WEP the network and encrypting data transmitted between wireless clients and an access point WEP uses static shared keys fixed length hexadecimal or alphanumeric strings that are manually distributed to all clients that want to use the network When you select to use WEP be sure to define at least one static WEP key for user authentication or data encryption Also be sure that the WEP shared keys are the same for each client in the wireless network Figure 31 Security Mode WEP security Mode Encrypt Type Wire Equivalence Protection VWWEP Default Key WEP Key 1 WEP Key 2 WEP K
51. ddress Displays a MAC address to filter Destination IP Address Displays the destination IP address Source IP Address Displays the source IP address Protocol Displays the destination port type Destination Port Range Displays the destination port range Source Port Range Displays the source port range Action Displays if the specified traffic is accepted or dropped Comment Displays a useful comment to identify the routing rules 93 CHAPTER 8 Firewall Configuration Virtual Server Settings Port Forwarding VIRTUAL SERVER SETTINGS PORT FORWARDING Virtual Server sometimes referred to as Port Forwarding is the act of forwarding a network port from one network node to another This technique can allow an external user to reach a port on a private IP address inside a LAN from the outside through a NAT enabled router Maximum 32 entries are allowed Figure 48 Virtual Server Virtual Server Settings This section is provided for the configuration of the Virtual Server Virtual Server Settings Virtual Server Settings Private Port Public Port C Protocol TCP amp UDP The maximum rule countis 32 Current Virtual Servers in system No IP Address Port Mapping Protocol Comment Delete Selected Reset Virtual Server Settings Selects between enabling or disabling port forwarding the virtual server Default Disable IP Address Specifies the IP address
52. ddresses consist of four decimal numbers O to 255 separated by periods Subnet Mask The mask that identifies the host address bits used for routing to specific subnets Default Gateway The IP address of the gateway router for the Wireless Broadband Router which is used if the requested destination address is not on the local subnet Primary DNS Server The IP address of the Primary Domain Name Server on the network A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses If you have one or more DNS servers located on the local network type the IP addresses in the text fields provided Otherwise leave the addresses as all zeros 0 0 0 0 Secondary DNS Server The IP address of the Secondary Domain Name Server on the network MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes 57 CHAPTER 6 Internet Settings WAN Setting provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable PPPOE Enables the Wireless Broadband Ro
53. distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly by software patents We wish to avoid the danger that redistributors of
54. e locally Import Settings Allows the user to load previously saved configuration files from a local source Load Factory Defaults Restores the factory defaults 104 CHAPTER 9 Administration Settings System Status SYSTEM STATUS The System Information page displays basic system information and the displayed settings are for status information only and are not configurable on this page This information is split into the three sections that follow Figure 57 System Status Gateway Mode Displays the status of the device Firmware Version 0 0 3 5 Aug 2 2009 System Time Wed 02 Sep 2009 16 04 40 Operation Mode Gateway Mode Connected Type DHCP WAN IP Address Subnet Mask Default Gateway Primary Domain Name Server Secondary Domain Name Server MAC Address 00 22 2D 62 EA 3 LAN IP Address 192 168 2 1 LAN Netmask 255 256 266 0 MAC Address 00 22 2D 62 EA 36 System Info Displays the basic system information in both Bridge and Gateway Modes Firmware Version The version number of the current Wireless Broadband Router software System Time Length of time the management agent has been up specified in hours and minutes Operation Mode Displays the mode setting of the unit Internet Configurations Displays the basic WAN information Connected Type Displays the WAN connected mode Default DHCP WAN IP Address IP address of the WAN p
55. eless Broadband Router in the Basic Service Set BSS network Security Mode Specifies the security mode for the SSID Select the security method and then configure the required parameters For more information see WLAN Security on page 69 Options Disabled Open Shared WEP AUTO WPA PSK WPA2 PSK WPA PSK_WPA2 PSK WPA WPA2 WPA1_WPA2 802 1X Default Disabled NoTE To keep your wireless network protected and secure you should implement the highest security possible For small networks it is recommended to select WPA2 PSK using AES encryption as the most secure option However if you have older wireless devices in the network that do not support AES encryption select TKIP as the encryption algorithm Access Policy The Wireless Broadband Router provides a MAC address filtering facility The access policy can be set to allow or reject specific station MAC addresses This feature can be used to connect known wireless devices that may not be able to support the configured security mode Adda station MAC Enter the MAC address of the station that you want to filter MAC addresses must be entered in the format XXIXX XXIXX XX XX COMPLETION After completion of the Wizard the screen returns to the Home Page 47 CHAPTER 4 Initial Configuration Setup Wizard ae SECTION Il WEB CONFIGURATION This section provides details on configuring the Wireless Broadband Router using the web browser
56. ernal network with wired and wireless users and a public external network that connects to the Internet Network traffic is forwarded or routed between the two subnetworks J0 CHAPTER 2 Network Planning LAN Access Point Figure 4 Operating as an Internet Gateway Router Internet Service Provider G gt NAS Modem is ed from isP Wireless m eg b si NAN wr A 9214082 Notebook PC w LAN N p IP 192 168 2 x g LAN Switch Server Q p IP 192 168 2 x N Desktop PC IP 192 168 2 x The private local network connected to the LAN port or wireless interface provides a Dynamic Host Configuration Protocol DHCP server for allocating IP addresses to local PCs and wireless clients and Network Address Translation NAT for mapping the multiple internal IP addresses to one external IP address The public external network connected to the WAN port supports DHCP client Point to Point Protocol over Ethernet PPPoE and static IP for connection to an Internet service provider ISP through a cable or DSL modem LAN ACCESS POINT The Wireless Broadband Router can provide an access point service for an existing wired LAN creating a wireless extension to the local network The Wireless Broadband Router functions as purely an access point when set to Bridge Mode When used in this mode there are no gateway functions between the WAN port and the LAN and wireless interface A Wi Fi
57. esting that your username and password be sent in an insecure manner basic authentication without a secure connection Rermermber my password HOME PAGE AND MAIN MENU After logging in to the web interface the Home page displays The Home page shows the main menu and the method to access the Setup Wizard Figure 12 Home Page SMC Networks SMCWBR14S N4 Setup Wizard Operation Mode Internet Settings Wireless Settings Firewall Administration Welcome to the SMCWBR14S N4 Home Page If you wish to directly configure or view the status of this device please use the menu bar located above For basic configuration to get started enter Setup wizard Enter Setup Wizard 39 CHAPTER 4 Initial Configuration Common Web Page Buttons COMMON WEB PAGE BUTTONS SETUP WIZARD STEP 1 LANGUAGE SELECTION The list below describes the common buttons found on most web management pages Apply Applies the new parameters and saves them to memory Also displays a screen to inform you when it has taken affect Clicking Apply returns to the home page Cancel Cancels the newly entered settings and restores the previous settings Next Proceeds to the next step Back Returns to the previous screen The Wizard is designed to help you configure the basic settings required to get the the Wireless Broadband Router up and running There are only a few basic steps you need to set up the the Wireless B
58. eys WEP Key 3 WEP Key 4 Security Mode Configures the WEP security mode used by clients When using WEP be sure to define at least one static WEP key for the Wireless Broadband Router and all its clients Default Disable OPEN Open system authentication accepts any client attempting to connect the Wireless Broadband Router without verifying its identity In this mode the default data encryption type is WEP SHARED The shared key security uses a WEP key to authenticate clients connecting to the network and for data encryption WEP AUTO Allows wireless clients to connect to the network using Open WEP uses WEP for encryption only or Shared WEP uses WEP for authentication and encryption Encrypt Type Selects WEP for data encryption OPEN mode only s 70 CHAPTER 7 Wireless Configuration WLAN Security Default Key Selects the WEP key number to use for authentication or data encryption If wireless clients have all four WEP keys configured to the same values you can change the encryption key to any of the settings without having to update the client keys Default 1 Range 1 4 WEP Keys 1 4 Sets WEP key values The user must first select ASCII or hexadecimal keys Each WEP key has an index number Enter key values that match the key type and length settings Enter 5 alphanumeric characters or 10 hexadecimal digits for 64 bit keys or enter 13 alphanumeric characters or 2
59. ge of your choice from the drop down list then click Apply Options English Traditional Chinese Default English WEB INTERFACE To protect access to the management interface you need to configure a SETTINGS new Administrator s user name and password as soon as possible If a new user name and password are not configured then anyone having access to the Wireless Broadband Router may be able to compromise the unit s security by entering the default values User Name The name of the user The default name for access to the unit is admin Length 3 16 characters case sensitive Password The password for management access The default password preset for access to the unit is smcadmin Length 3 16 characters case sensitive Confirm Password Prompts you to enter the password again for verification 100 SNTP SETTINGS CHAPTER 9 Administration Settings SNTP Settings The System Management page allows you to manually configure time settings or enable the use of a Simple Network Time Protocol SNTP or NTP server Figure 53 SNTP Settings Current Time Sat Jan 1 0110 42 UTC 200 sync with host Time Zone GMT England Ww SNTP Server ex time nist gov ntp broad mitedu time stdtime gov tw SNTP synchronization hours Current Time Displays the current system time on the unit Sync with host Updates the unit s time from the web management PC s system time T
60. idge Mode 3 Both units in a link are configured as Bridge Mode When two or more units in the WDS network are set to Gateway Mode be Sure to check these settings Be sure each unit is configured with a different LAN IP address Be sure that only one unit has an Internet access on its WAN port Be sure the DHCP server is enabled only on one unit When one unit is providing Internet access enable the DHCP server on that unit Note When using WDS Lazy mode in the network at least one unit must be set to Bridge or Repeater mode 85 CHAPTER 7 Wireless Configuration Wireless Distribution System WDS Figure 43 WDS Configuration Wireless Distribution System WIS The Wireless Distribution page allows configuration of WDS parameters for the purpose of bridging or creating a repeater application Wireless Distribution System WDS WDS Mode Physica CCK fe Encryption Type AP MAC Address a Encryption Type AP MAC Address SSS Encryption Type Enator Ke AP MAC Address T Encryption Type The WDS settings configure WDS related parameters Up to four MAC addresses can be specified for each unit in the WDS network WDS links may either be manually configured Bridge and Repeater modes or auto discovered Lazy mode 86 CHAPTER 7 Wireless Configuration Wireless Distribution System WDS WDS Mode Selects the WDS mode of the SSID Options Disable Lazy Br
61. idge Repeater Default Disable Disable WDS is disabled Lazy Operates in an automatic mode that detects and learns WDS peer addresses from received WDS packets without the need to configure a WDS MAC list entry This feature allows the Wireless Broadband Router to associate with other Wireless Broadband Routers in the network and use their WDS MAC list Lazy mode requires one other Wireless Broadband Router within the wireless network that is configured in Bridge or Repeater mode and has a configured MAC address list Bridge Operates as a standard bridge that forwards traffic between WDS links links that connect to other units in Repeater or Lazy mode The MAC addresses of WDS peers must be configured on the Wireless Broadband Router Repeater Operates as a wireless repeater extending the range for remote wireless clients and connecting them to an AP connected to the wired network The MAC addresses of WDS peers must be configured on the Wireless Broadband Router Physical The radio media coding used on all WDS links CCK corresponds to 11b OFDM corresponds to 11g and HTMIX corresponds to Lin Encryption Type The data encryption used on the WDS link Be sure that both ends of a WDS link are configured with the same encryption type and key Options None WEP TKIP AES Default None Encryption Key The encryption key for the WDS link The key type and length varies depending on the encryption type
62. ight through or crossover cable to connect to any device type You must connect all four wire pairs as shown in the following diagram to Support Gigabit Ethernet connections Lif APPENDIX C Cables and Pinouts Crossover Wiring Figure 61 Straight through Wiring EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX Straight through Cable White Orange Stripe Orange White Green Stripe EndA End B Blue White Blue Stripe Green LUN W CONOOaRWN White Brown Stripe Brown CROSSOVER WIRING If the twisted pair cable is to join two ports and either both ports are labeled with an X MDI X or neither port is labeled with an X MDI a crossover must be implemented in the wiring When auto negotiation is enabled for any RJ 45 port on this switch you can use either straight through or crossover cable to connect to any device type You must connect all four wire pairs as shown in the following diagram to Support Gigabit Ethernet connections Figure 62 Crossover Wiring EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX Crossover Cable White Orange Stripe Uf Orange N White Green Stripe N End A Blue End B White Blue Stripe 4 Green LINN NW CONOORWN White Brown Stripe Brown L18 LICENSE INFORMATION This product includes copyrighted third p
63. ime Zone Specifies the time zone in relation to Greenwich Mean Time GMT SNTP Server The IP address or URL of the NTP server to be used SNTP synchronization Sets the SNTP sycnronization in hours 01 CHAPTER 9 Administration Settings DDNS Settings DDNS SETTINGS Dynamic DNS DDNS provides users on the Internet with a method to tie a specific domain name to the unit s dynamically assigned IP address DDNS allows your domain name to follow your IP address automatically by changing your DNS records when your IP address changes The Wireless Broadband Router provides access to three DDNS service providers DynDns org Non IP com and ZoneEdit com To set up an DDNS account visit the websites of these service providers at www dyndns org www non ip com or www zoneedit com Figure 54 DDNS Settings Gateway Mode DDNS Settings Dynamic ONS Provider User Name Password HostName Dynamic DNS Provider Specifies the DDNS service provider DynDns org Freedns afraid org ZoneEdit com or Non IP com Default none User Name Specifies your user name for the DDNS service Password Specifies your password for the DDNS service HostName Specifies the URL of the DDNS service 102 CHAPTER 9 Administration Settings Upgrade Firmware UPGRADE FIRMWARE You can update the Wireless Broadband Router firmware by using the Firmware Update facility Figure 55 Upgrade
64. ination Displays all destination networks or specific hosts to which packets can be routed Netmask Displays the subnetwork associated with the destination Gateway Displays the IP address of the router at the next hop to which matching frames are forwarded Flags Flags Possible flags identify as below m 0 reject route 1 route is up 3 route is up use gateway 5 route is up target is a host 7 route is up use gateway target is a host Metric A number used to indicate the cost of the route so that the best route among potentially multiple routes to the same destination can be selected Ref Number of references to this route pA DYNAMIC ROUTE CHAPTER 6 Internet Settings Advanced Routing Use Count of lookups for the route Interface Interface to which packets for this route will be sent Comment Displays a useful comment to identify the routing rules The Wireless Broadband Router supports RIP 1 and RIP 2 dynamic routing protocol Routing Information Protocol RIP is the most widely used method for dynamically maintaining routing tables RIP uses a distance vector based approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network t
65. ing distributing or modifying the Program or works based on it Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties to this License If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to appl
66. interface This section includes these chapters Operation Mode on page 51 Internet Settings on page 55 Wireless Configuration on page 67 Firewall Configuration on page 91 Administration Settings on page 99 4G SECTION Web Configuration 50 OPERATION MODE The Wireless Broadband Router offers a user friendly web based management interface for the configuration of all the unit s features Any PC directly attached to the unit can access the management interface using a web browser such as Internet Explorer version 6 0 or above The following sections are contained in this chapter Logging In on page 52 Operation Mode on page 54 51 CHAPTER 5 Operation Mode Logging In LOGGING IN It is recommended to make initial configuration changes by connecting a PC directly to one of the Wireless Broadband Router s LAN ports The Wireless Broadband Router has a default IP address of 192 168 2 1 anda subnet mask of 255 255 255 0 If your PC is set to Obtain an IP address automatically that is set as a DHCP client you can connect immediately to the web interface Otherwise you must set your PC IP address to be on the same subnet as the Wireless Broadband Router that is the PC and Wireless Broadband Router addresses must both start 192 168 2 x To access the configuration menu follow these steps 1 Use your web browser to c
67. ion the Gateway Router offers full network management capabilities through an easy to configure web interface Many advanced networking features are provided by the Barricade Wired LAN The Barricade provides connectivity to wired 10 100 Mbps devices making it easy to create a network in small offices or homes Internet Access This device supports Internet access through a WAN connection Since many DSL providers use PPPoE to establish communications with end users the Barricade includes built in clients for these protocols eliminating the need to install these services on your computer Shared IP Address The Barricade provides Internet access for up to 253 users via a single shared IP address Using only one ISP account multiple users on your network can browse the Web at the same time Virtual Server If you have a fixed IP address you can set the Barricade to act as a virtual host for network address translation Remote users access various services at your site using a constant IP address Then depending on the requested service or port number the Barricade can route the request to the appropriate server at another internal IP address This secures your network from direct attack by hackers and provides more flexible management by allowing you to change internal IP addresses without affecting outside access to your network DMZ Host Support Allows a networked computer to be fully exposed to the Inte
68. irefox 2 0 or above LOCATION SELECTION The Wireless Broadband Router can be mounted on any horizontal surface or on a wall The following sections describe the mounting options 33 CHAPTER 3 Installing the Gateway Router Mounting on a Wall MOUNTING ON A WALL The Wireless Broadband Router should be mounted only to a wall or wood surface that is at least 1 2 inch plywood or its equivalent To mount the unit on a wall always use its wall mounting bracket The unit must be mounted with the RJ 45 cable connector oriented upwards to ensure proper operation Figure 8 Wall Mounting Mounting Slots j To mount on a wall follow the instructions below 1 Mark the position of the two screw holes on the wall For concrete or brick walls you will need to drill holes and insert wall plugs for the screws 2 Insert the included screws into the holes leaving about 0 08 0 12 inches 2 3 mm clearance from the wall 3 Line up the two mounting points on the unit with the screws in the wall then slide the unit down onto the screws until it is in a secured position 34 CHAPTER 3 Installing the Gateway Router Mounting on a Horizontal Surface MOUNTING ON A HORIZONTAL SURFACE To keep the Wireless Broadband Router from sliding on the surface the Wireless Broadband Router has four rubber feet on the bottom of the unit It is recommended to select an uncluttered area on a sturdy surface such as a desktop or table
69. lients wanting to join the network PIN The Wireless Broadband Router along with other WPS devices such as notebook PCs cameras or phones all come with their own eight digit PIN code When one device the WPS enrollee sends a PIN code to the Wireless Broadband Router it becomes the WPS registrar After configuring PIN Code information you must press Apply to send the beacon after which you have up to two minutes to activate WPS on devices that need to join the network PBC This has the same effect as pressing the physical WPS button that is located on the front of the Wireless Broadband Router After checking this option and clicking Apply you have up to two minutes to activate WPS on devices that need to join the network STATION LIST Displays the station information which associated to this Wireless Broadband Router Figure 46 Station List This section allows you to view the stations that have associated with this device Wireless Network MAG Address PSM MimoPS MCS BW SGI STEC 90 FIREWALL CONFIGURATION The Wireless Broadband Router provides extensive firewall protection by restricting connection parameters to limit the risk of intrusion and defending against a wide array of common hacker attacks Firewall Configuration contains the following sections MAC IP Port Filtering on page 91 Virtual Server Settings Port Forwarding on page 94 DMZ on page 95 S
70. m 32 and auto 33 Default auto Reverse Direction Grant RDG When Reverse Direction Grant is enabled the Wireless Broadband Router can reduce the transmitted data packet collision by using the reverse direction protocol During TXOP Transmission Opportunity period the receiver could use remaining transmission time to transmit data to a sender The RDG improves transmission performance and scalability in a wireless environment Extension Channel When 20 40MHz channel bandwidth has been set the extension channel option will be enabled The extension channel will allow you to get extra bandwidth Options 2417MHz Channel 2 2457MHz Channel 10 Default AutoSelect Aggregate MSDU A MSDU This option enables Mac Service Data Unit MSDU aggregation Default Disable Auto Block ACK Select to block ACK Acknowledge Number or not during data transferring Decline BA Request Select to reject peer BA Request or not Fe CHAPTER 7 Wireless Configuration Advanced Settings ADVANCED WIRELESS The Advanced Wireless section on the Wireless Settings Advanced page includes additional radio parameters Figure 37 Advanced Wireless Settings BG Protection Mode Auto Beacon Interval 00 ms range 20 999 default 100 Data Beacon Rate OTIM ms range 1 255 default 1 Fragment Threshold 2346 2346 default 2346 RTS Threshold 2347 range 1 2347 default 2347 TX Power 100 range 1 100 default 10
71. m does You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c Ifthe modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no wa
72. n Blinking Blue The 802 11n radio is enabled and transmitting or receiving data through wireless links Off The 802 11n radio is disabled WPS Blinking WPS authentication is in progress Off WPS authentication is not in progress WAN On Blue The Ethernet WAN port is aquiring an IP address Blinking The Ethernet WAN port is connected and is transmitting receiving data Off The Ethernet WAN port is disconnected or has malfunctioned LANI LAN4 On Blue The Ethernet LAN port is connected to a PC or server Blinking The Ethernet port is connected and is transmitting receiving data Off The Ethernet port is disconnected or has malfunctioned A 100BASE TX RJ 45 port that can be attached to an Internet access device such as a DSL or Cable modem The Wireless Broadband Router has four 100BASE TX RJ 45 ports that can be attached directly to 1OBASE T 100BASE TX LAN segments These port support automatic MDI MDI X operation so you can use straight through cables for all network connections to PCs switches or hubs The Wireless Broadband Router must be powered with its supplied power adapter Failure to do so results in voiding of any warrantly supplied with the product The power adapter automatically adjusts to any voltage between 100 240 volts at 50 or 60 Hz and supplies 5 volts DC power to the unit No voltage range settings are required OG s CHAPTER 1 Introduction Hardware Description RESET BUTTON This button is used
73. nd Router verify that the Power LED turns on and that the other LED indicators start functioning as described under see LED Indicators on page 25 4 Set up wireless devices by pressing the WPS button on the Wireless Broadband Router or by using the web interface See Initial Configuration on page 38 for more information on accessing the web interface BRIDGE MODE CONNECTIONS In Bridge Mode the Wireless Broadband Router operates as a wireless access point extending a local wired network to associated wireless clients PCs or notebooks with wireless capability From any nearby location you can then make a wireless connection to the Wireless Broadband Router and access the wired network resources including local servers and the Internet In Bridge Mode the Wireless Broadband Router does not support gateway functions on its WAN port Both the LAN port and the WAN ports can be connected to a local Ethernet LAN NoTE Bridge Mode is not the factory default mode and must be manually set using the web management interface Figure 10 Bridge Mode Connection 4 Set up wireless CGEA devices A 7 Notebook PC LAN Switch y gt ao w t A 2 Cannat AC power adapter to I power source Desktop PCs 1 Connect LAN and WAN Serer ports to an Ethernet LAN 3 switch or PCs Connect LAN port to PC a To connect the Wireless Broadband Router for use as an access point follow these steps 36
74. ng as a Wireless Repeater Wall Mounting Gateway Mode Connection Bridge Mode Connection Login Page Home Page Wizard Step 1 Language Selection Wizard Step 2 Time and SNTP Settings Wizard Step 3 WAN Settings DHCP Wizard Step 3 WAN Settings Static IP Wizard Step 3 WAN Settings PPPoE Wizard Step 3 WAN Settings PPTP Wizard Step 4 Wireless Security Logging On Home Page Operation Mode Gateway DHCP Configuration Static IP Configuration PPPoE Configuration PPTP Configuration LAN Configuration Advanced Routing Gateway Mode Basic Settings Security Mode Options Security Mode WEP te 24 25 25 30 31 31 32 34 35 36 39 39 40 41 42 43 44 45 46 52 53 54 56 57 58 59 61 63 68 69 70 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Security Mode WPA PSK Security Mode WPA Security Mode 802 1X Advanced Settings Wireless Network HT Physical Mode Settings Advanced Wireless Settings Wi Fi Multimedia Settings WMM Configuration Multicast to Unicast Converter Manual WDS MAC Address Configuration WDS Configuration Example WDS Configuration Enabling WPS
75. ns that are using Power Save mode The default value of one beacon indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS a Fo CHAPTER 7 Wireless Configuration Advanced Settings and forward them after every beacon Using smaller DTIM intervals delivers broadcast multicast frames in a more timely manner causing stations in Power Save mode to wake up more often and drain power faster Using higher DTIM values reduces the power used by stations in Power Save mode but delays the transmission of broadcast multicast frames Range 1 255 beacons Default 1 beacon Fragmentation Threshold Configures the minimum packet size that can be fragmented when passing through the access point Fragmentation of the PDUs Package Data Unit can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames Range 256 2346 bytes Default 2346 bytes RTS Threshold Sets the packet size threshold at which a Request to Send RTS signal must be sent to a receiving sta
76. ntrusions A stateful packet firewall looks at packet contents to check if the traffic may involve some type of security risk Default Disable 96 CONTENT FILTERING CHAPTER 8 Firewall Configuration Content Filtering The Wireless Broadband Router provides a variety of options for blocking Internet access based on content URL and host name Figure 51 Content Filtering Content Filter Settings The Content Filtering Settings page helps to control access through various types of restrictions Current Web URL Filters No URL Add a URL filter wo Oooo o Current Website Host Filters Host Keyword Add a Host keyword Filter Web URL Filter Settings By filtering inbound Uniform Resource Locators URLs the risk of compromising the network can be reduced URLs are commonly used to point to websites By specifying a URL ora keyword contained in a URL traffic from that site may be blocked Current URL Filters Displays current URL filter Adda URL Filter Adds a URL filter to the settings For example myhost example com Web Host Filter Settings The Wireless Broadband Router allows Internet content access to be restricted based on web address keywords and web domains A domain name is the name of a particular web site For example for the address www FUNGAMES com the domain name is FUNGAMES com Enter the Keyword then click Add Current Host Filters Displays current Host filter
77. o build consistent tables of next hop links which lead to relevant subnets RIP Enables or disable the RIP protocol for the WAN or LAN interface Options Disable v1 v2 Default Disable 65 CHAPTER 6 Internet Settings Advanced Routing 66 BASIC SETTINGS WIRELESS CONFIGURATION The wireless settings section displays configuration settings for the access point functionality of the Wireless Broadband Router It includes the following sections Basic Settings on page 67 WLAN Security on page 69 Advanced Settings on page 76 Wireless Distribution System WDS on page 84 Wi Fi Protected Setup WPS on page 88 Station List on page 90 The IEEE 802 11n interface includes configuration options for radio signal characteristics and wireless security features The Wireless Broadband Router s radio can operate in six modes mixed 802 11b g n mixed 802 11b g mixed 802 11g n 802 11n only 802 11b only or 802 11g only Note that 802 11g is backward compatible with 802 11b and 802 11n is backward compatible with 802 11b g at slower data transmit rates NoTE The radio channel settings for the access point are limited by local regulations which determine the number of channels that are available The Basic Settings page allows you to configure the wireless network name Service Set Identifier or SSID and set the wireless security method Click on
78. on against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications This transmitter must not be co located or operating in conjunction with any other antenna or transmitter However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment IEEE 802 11b or 802 11g operation of this product
79. onnect to the management interface using the default IP address of 192 168 2 1 2 Log into the Wireless Broadband Router management interface by entering the default user name admin and password smcadmin then click Login NoTE It is strongly recommended to change the default user name and password the first time you access the web interface For information on changing user names and passwords see Administration Settings on page 99 Figure 20 Logging On Connect to 192 168 2 1 The server 192 168 2 1 at SMCWBR14S h4 requires a Username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name E admin v Remember my password so a CHAPTER 5 Operation Mode Logging In The home page displays the main menu items at the top of the screen and the Setup Wizard See Setup Wizard on page 40 Figure 21 Home Page SMC Networks SMCWBR14S N4 Setup Wizard Operation Mode Internet Settings Wireless Settings Firewall Administration Welcome to the SMCWBR14S N4 Home Page If you wish to directly configure or view the status of this device please use the menu bar located above For basic configuration to get started enter Setup wizard Enter Setup Wizard Copyright 2009 SMC Inc All Rights Reserved NoTE The displayed pages and settings may differ depending on whe
80. ontacting Technical Support PA m Check that you have a valid network connection to the Gateway Router and that the Ethernet port or the wireless interface that you are using has not been disabled If you are connecting to the Gateway Router through the wired Ethernet interface check the network cabling between the management station and the Gateway Router If you are connecting to Gateway Router from a wireless client ensure that you have a valid connection to the Gateway Router If you forgot or lost the password set the Gateway Router to its default configuration by pressing the reset button on the back panel for 5 seconds or more Then use the default user name admin and password smcadmin to access the management interface If all other recovery measure fail and the Gateway Router is still not functioning properly reset the Gateway Router s hardware using the web interface or through a power reset 112 APPENDIX A Troubleshooting Before Contacting Technical Support 113 PORT INTERFACES AC POWER ADAPTER LED INDICATORS NETWORK MANAGEMENT TEMPERATURE HUMIDITY PHYSICAL SIZE WEIGHT RADIO EMC SAFETY HARDWARE SPECIFICATIONS WAN 10 100BASE TX port RJ 45 connector auto MDI X 100 ohm UTP cable Category 5 or better LAN 1 4 10 100BASE TX port RJ 45 connector auto MDI X 100 ohm UTP cable Category 5 or better Input 100 240 VAC 50 60 Hz Output 5V
81. ore wireless medium access can be attempted The contention window is doubled after each detected collision up to the CWMax value Specify the CWMax value in the range 0 15 microseconds Note that the CWMax value must be greater or equal to the CWMin value Txop Transmit Opportunity Limit The maximum time an AC transmit queue has access to the wireless medium When an AC queue is granted a transmit opportunity it can transmit data for a time up to the TxOpLimit This data bursting greatly improves the efficiency for high data rate traffic Specify a value in the range 0 65535 microseconds ACM The admission control mode for the access category When enabled clients are blocked from using the access category Default Disabled AckPolicy By default all wireless data transmissions require the sender to wait for an acknowledgement from the receiver WMM allows the acknowledgement wait time to be turned off for each Access Category AC 0 3 Although this increases data throughput it can also result in a high number of errors when traffic levels are heavy Default Acknowledge MULTICAST TO The Multicast to Unicast Converter section on the Wireless Settings UNICAST CONVERTER Advanced page allows you to enable multicast traffic conversion Converting multicast traffic to unicast before sending to wireless clients allows a longer DTIM Data Beacon Rate interval to be set A longer DTIM interval prevents clients in power
82. ort for this device Subnet Mask The mask that identifies the host address bits used for routing to the WAN port 105 CHAPTER 9 Administration Settings System Status Default Gateway The default gateway is the IP address of the router for the Wireless Broadband Router which is used if the requested destination address is not on the local subnet Primary DNS Server Secondary DNS Server The IP address of Domain Name Servers A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses MAC Address The shared physical layer address for the Wireless Broadband Router s LAN ports Local Network Displays the basic LAN information LAN IP Address The IP address configured on the Wireless Broadband Router LAN Netmask The mask that identifies the host address bits used for routing to the LAN port MAC Address The shared physical layer address for the Wireless Broadband Router s LAN ports L0G STATISTICS CHAPTER 9 Administration Settings Statistics The Wireless Broadband Router Traffic Statistics Interfaces window displays received and transmitted packet statistics for all interfaces on the Wireless Broadband Router Figure 58 Statistics Statistics This section displays various status information of the device Memory total 13656 KB Memory left 1636 kB WAN Rx pa
83. ovided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable Note If you are unsure of the PC MAC address originally registered by your ISP call your ISP and request to register a new MAC address for your account Register the default MAC address of the Wireless Broadband Router 56 CHAPTER 6 Internet Settings WAN Setting STATIC IP Configures a static IP for the WAN port Figure 24 Static IP Configuration Wide Area Network WAH Settings This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type STATIC Fixed IP fig IP Address Subnet Mask a Lo S S Default Gateway CoS Too Lo S S L S Primary DNS Server secondary DNS Server MAC Clone Enabled MAC Address Fill my MAC IP Address The IP address of the Wireless Broadband Router Valid IP a
84. pirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this License you may choose any version ever published by the Free Software Foundation If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QU
85. ption the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copy
86. rebooted Figure 59 System Log System Log This section provides a system log of the device System Log Li SMCWERI45 N4 user info kernel N HDLC line discipline registered gt SMCWBR145 N4 info kernel Serial 8250 16550 driver Revisi SMCWBR145 N4 info kernel gerial 6250 ttyS0 at I O Oxb00005 SMCWBR145 N4 into kernel gerial 250 ttySl1 at I O OxbO000c SMCWBR145 N4 info kernel loop loaded max 6 devices SMCWBR145 N4 Warn kernel rdm major 254 SMCWBR145 N4 info kernel PPP generic driver version 2 4 2 SMCWBR145 N4 info kernel PPP BSD Compression module regist i SMCWBR145 N4 info kernel NET Registered protocol family 2 SMCWBR145 N4 notice kernel ralink flash device Ox400000 a SMCWBR145 N4 info kernel Ralink SoC physically mapped flas 1 SMCWBR145 N4 warn kernel Amd Fujitsu Extended Query Table SMCWBR145 N4 notice kernel number of CFI chips 1 SMCWBR145 N4 notice kernel cfi_amdset 00027 Disabling eras SMCWBR145 N4 hotice kernel Creating 5 MID partitions on R SMCWBR145 N4 hotice kernel Ox00000000 0xe00030000 Bootlo i SMCWBR145 N4 notice kernel 0Ox00030000 0x00040000 Config 7 SMCWERR145 N4 notice kernel Ox00040000 0x00050000 Factor SMCWBRI45 N4 notice kernel Ox00050000 0x200120000 Kernel SMCWER145 N4 notice kernel 0 00120000 0400400000 RootFS SMCWBR145 HN4 info kernel block mtd version Revision 1 1 SMCWBRI145 N4 Warn kernel nf
87. red See IEEE 802 1X and RADIUS on page 74 for more information Default Disable WPA Clients using WPA with an 802 1X authentication method are accepted for authentication The default data encryption type for WPA is TKIP WPA2 Clients using WPA2 with an 802 1X authentication method are accepted for authentication The default data encryption type for WPA is AES WPA1_WPA2 Clients using WPA or WPA2 with an 802 1X authentication method are accepted for authentication The default data encryption type is TKIP AES WPA Algorithms Selects the data encryption type to use Default is determined by the Security Mode selected TKIP Uses Temporal Key Integrity Protocol TKIP keys for encryption WPA specifies TKIP as the data encryption method to replace WEP TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys AES Uses Advanced Encryption Standard AES keys for encryption WPA2 uses AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 Fae S CHAPTER 7 Wireless Configuration WLAN Security bit key Use of AES CCMP encryption is specified as a standard requirement for WPA2 Before implementing WPA2 in the network be sure client devices are upgraded to WPA2 compliant hardware
88. rity options Figure 19 Wizard Step 4 Wireless Security Wireless Security and Encryption Settings The Wireless Security and Encryption Settings page allows you to make detailed security configurations to prevent unauthorized access and monitoring Network Name SSID SMCWBR14S N4_AP Broadcast Network Name SSID Enable Disable AP Isolation O Enable Disable ESSIE 00 22 2D 62 EA 3A Security Mode Disable v Access Policy Policy Allow Add a station MAC Cancel The following items are displayed on this page Network Name SSID The name of the wireless network service provided by the Wireless Broadband Router Clients that want to connect to the network must set their SSID to the same as that of the Wireless Broadband Router Default SMCWBR14S N4_AP Range 1 32 characters ie CHAPTER 4 Initial Configuration Setup Wizard Broadcast Network Name SSID By default the Wireless Broadband Router always broadcasts the SSID in its beacon signal Disabling the SSID broadcast increases security of the network because wireless clients need to already know the SSID before attempting to connect Default Enabled AP Isolation The Wireless Broadband Router will isolate communincation between all clients in order to protect them Normally for users who are at hotspots Default Disabled BSSID The identifier MAC address of the Wir
89. rnet This function is used when NAT and firewall security prevent an Internet application from functioning correctly Security The Barricade supports security features that deny Internet access to specified users or filter all requests for specific services the administrator does not want to serve WPA Wi Fi Protected Access and MAC filtering provide security over the wireless network Virtual Private Network VPN The Barricade supports one of the most commonly used VPN protocols PPTP This protocol allows remote users to establish a secure connection to their corporate network If your service provider supports VPNs then these protocols can be used to create an authenticated and encrypted tunnel for passing secure data over the Internet i e a traditionally shared data network The VPN protocols supported by the Barricade are briefly described below z OO s CHAPTER 1 Introduction Package Contents Point to Point Tunneling Protocol Provides a secure tunnel for remote client access to a PPTP security gateway PPTP includes provisions for call origination and flow control required by ISPs PACKAGE CONTENTS The Barricade Wireless Broadband Router package includes Barricade Wireless Broadband Router RJ 45 Category 5 network cable AC power adapter Quick Installation Guide EZ Installation amp Documentation CD Inform your dealer if there are any incorrect missing or damaged parts If possible
90. roadband Router and provide a connection Follow these steps Select between English or Traditional Chinese Click Next to proceed to the next step of the wizard Figure 13 Wizard Step 1 Language Selection Setup Wizard Please select language Language Settings Select Language English v The following items are displayed on the first page of the Setup Wizard Select Language Toggles between English or Traditional Chinese as the interface language Next Proceeds to the next step s AO CHAPTER 4 Initial Configuration Setup Wizard STEP 2 SNTP The Step 2 page of the Wizard configures time zone and SNTP settings SETTINGS Select a time zone according to where the device is operated Click Next after completing the setup Figure 14 Wizard Step 2 Time and SNTP Settings Time Setting Please input SNTP server or sync your host pe SNTP Settings Current Time Mon 24 Aug 2009 15 42 00 Sync with host Time Zone GMT 05 00 Eastern Time SMTP Server ec time nist gov nipO broad mitedu time stdtime qov tw SNTP synchronization hours e The following items are displayed on this page Current Time Receives a time and date stamp from an SNTP server Time Zone Select the time zone that is applicable to your region SNTP Server Enter the address of an SNTP Server to receive time updates SNTP synchronization ho
91. rogram or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following 120 APPENDIX D License Information The GNU General Public License a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exce
92. rranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License You may copy and distribute the P
93. s et aux autres dispositions pertinentes de la directive 1999 5 CE Swedish H rmed intygar Manufacturer att denna Radio LAN device st r verensst mmelse med Svenska de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG Danish Undertegnede Manufacturer erkl rer herved at f lgende udstyr Radio LAN device Dansk overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF COMPLIANCES German Hiermit erklart Manufacturer dass sich dieser diese dieses Radio LAN device in Deutsch Ubereinstimmung mit den grundlegenden Anforderungen und den anderen relevanten Vorschriften der Richtlinie 1999 5 EG befindet BMWi Hiermit erkl rt Manufacturer die bereinstimmung des Ger tes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999 5 EG Wien Greek ue THV Tapouoa Manufacturer OnAwvel oT radio LAN device OCUUUOPQWVETAI TpOO TIO EAAnVIKh OUOIWOEIO ATIAITNOEIO KAI TIO AOITTED OYXETIKEO OIATAGEIO THO o nyiao 1999 5 eK Hungarian Alulirott Manufacturer nyilatkozom hogy a Radio LAN device megfelel a vonatkozo Magyar alapvet6 k vetelm nyeknek s az 1999 5 EC ir nyelv egy b eldirasainak Italian Con la presente Manufacturer dichiara che questo Radio LAN device conforme ai Italiano requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latvian Ar So Manufacturer deklar
94. s or disables MAC IP Port Filtering Default Disable Default Policy When MAC IP Port Filtering is enabled the default policy will be enabled If you set the default policy to Dropped all incoming packets that don t match the rules will be dropped If the policy is set to Accepted all incoming packets that don t match the rules are accepted Default Dropped MAC Address Specifies the MAC address to block or allow traffic from Destination IP Address Specifies the destination IP address to block or allow traffic from te 2 6 ae CHAPTER 8 Firewall Configuration MAC IP Port Filtering Source IP Address Specifies the source IP address to block or allow traffic from Protocol Specifies the destination port type TCP UDP or ICMP Default None Destination Port Range Specifies the range of destination port to block traffic from the specified LAN IP address from reaching Source Port Range Specifies the range of source port to block traffic from the specified LAN IP address from reaching Action Specifies if traffic should be accepted or dropped Default Accept Comment Enter a useful comment to help identify the filtering rules CURRENT FILTER The Current Filter Table displays the configured IP addresses and ports that are permitted or denied access to and from the ADSL Router RULES gt UM Select Selects a table entry MAC A
95. save mode having to activate their radios to receive the multicast data which saves battery life Figure 40 Multicast to Unicast Converter Multicast to Unicast Converter Multicast to LInicast Enable Disable The following items are displayed in this section on this page Multicast to Unicast Enables multicast traffic streams to be converted to unicast traffic before delivery to wireless clients Default Disabled 83 CHAPTER 7 Wireless Configuration Wireless Distribution System WDS WIRELESS DISTRIBUTION SYSTEM WDS The radio interface can be configured to operate in a mode that allows it to forward traffic directly to other Wireless Gateway Router units This feature can be used to extend the range of the wireless network to reach remote clients or to link disconnected network segments to an Internet connection To set up links between units you must configure the Wireless Distribution System WDS forwarding table by specifying the wireless MAC address of all units to which you want to forward traffic NotTE All units in a WDS wireless network must be configured with the same SSID and use the same radio channel Also each WDS link must be configured with the same encryption key on both units in the link Up to four WDS links can be specified for each unit in the WDS network The following figures illustrate an example WDS network Figure 41 shows the manual set up of MAC addresses for units in
96. section WIRELESS NETWORK The Wireless Network section on the Wireless Settings Advanced page includes basic radio parameters such as the working mode and operating channel Figure 35 Advanced Settings Wireless Network Advanced Wireless settings B The Advance Wireless Setting page is available to make detailed changes to the wireless configuration It includes tems that are not available from the Basic Wireless Settings page such as OTIM Tx Power WMM and more Wireless Network Wireless OnfOft Turn Off Network Mode 11g n mixed mode Frequency Channel AutoSelect The following items are displayed in this section on this page Wireless On Off Enables or Disable the radio Default Enable Network Mode Defines the radio operating mode Default 11g n Mixed 11b g mixed Both 802 11b and 802 11g clients can communicate with the Wireless Broadband Router up to 108 Mbps but data transmission rates may be slowed to compensate for 802 11b clients Any 802 11n clients will also be able to communicate with the Wireless Broadband Router but they will be limited to 802 11g protocols and data transmission rates 11b only All 802 11b 802 11g and 802 11n clients will be able to communicate with the Wireless Broadband Router but the 802 11g and 802 11n clients will be limited to 802 11b protocols and data transmission rates up to 11 Mbps 70 CHAPTER 7 Wireless Configuration Advanced Se
97. selected For WEP enter 5 alphanumeric characters or 10 hexadecimal digits for 64 bit keys or 13 alphanumeric characters or 26 hexadecimal digits for 128 bit keys For TKIP or AES enter a password key phrase of between 8 to 63 ASCII characters which can include spaces or specify exactly 64 hexadecimal digits AP MAC Address The MAC address of the other Wireless Broadband Router in the WDS link ey CHAPTER 7 Wireless Configuration Wi Fi Protected Setup WPS WI FI PROTECTED SETUP WPS Wi Fi Protected Setup WPS is designed to ease installation and activation of security features in wireless networks WPS has two basic modes of operation Push button Configuration PBC and Personal Identification Number PIN The WPS PIN setup is optional to the PBC setup and provides more security The WPS button on the Wireless Broadband Router can be pressed at any time to allow a single device to easily join the network The WPS Settings page includes configuration options for setting WPS device PIN codes and activating the virtual WPS button Click on Wireless Settings followed by WPS Figure 44 Enabling WPS Wi Fi Protected Setup Wi Fi Protected Setup or WPS is an easy way of securely connecting to the system Both PIN and PBC methods are available WPS Configuration WPS Enables WPS locks security settings and refreshes WPS configuration information Default Enabled 88 CHAPTER 7
98. setting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable PPTP Enables the Point to Point Tunneling Protocol PPTP for implementing virtual private networks The service is provided in many European countries Figure 26 PPTP Configuration WAN Connection Type PPTP PPTP Mode Serer IF Address Mode IF Address 192 168 1 1 subnet Mask Default Gateway Operation Mode DNS Setting Option Primary ONS Server secondary DNS Server MAC Clone Enabled Server IP Sets a PPTP server IP Address Default pptp_server User Name Sets the PPTP user name for the WAN port Default pptp_user Range 1 32 characters 59 CHAPTER 6 Internet Settings WAN Setting Password Sets a PPTP password for the WAN port Default pptp_password Range 1 32 characters Verify Password Prompts you to re enter your chosen password Address Mode Sets a PPTP network mode Default Static IP Address Sets the static IP address Default 0 0 0 0 available when PPTP Network Mode is set to static IP Subnet Mask Sets the static IP subnet m
99. specific information on how to install the Wireless Broadband Router and its physical and performance related characteristics It also gives information on how to operate and use the management functions of the Wireless Broadband Router This guide is for users with a basic working knowledge of computers You should be familiar with Windows operating system concepts The following conventions are used throughout this guide to show information NoTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that could cause personal injury As part of the Wireless Broadband Router s software there is an online web based help that describes all management related features This section summarizes the changes in each revision of this guide SEPTEMBER 2009 REVISION This is the first revision of this guide 10 SECTION I CONTENTS WARRANTY AND PRODUCT REGISTRATION COMPLIANCES ABOUT THIS GUIDE CONTENTS FIGURES TABLES GETTING STARTED INTRODUCTION Key Hardware Features Description of Capabilities Applications Package Contents Hardware Description LED Indicators Ethernet WAN Port Ethernet LAN Ports Power Connector Reset Button WPS Button NETWORK PLANNING Internet Gateway Router LAN Access Point Wireless Bridge
100. t can include spaces or Hexadecimal format Range 8 63 ASCII characters or exactly 64 Hexadecimal digits Key Renewal Interval Sets the time period for automatically changing data encryption keys and redistributing them to all connected clients Default 3600 seconds WPA ENTERPRISE Wi Fi Protected Access WPA was introduced as an interim solution for the Mope vulnerability of WEP pending the adoption of a more robust wireless security standard WPA2 includes the complete wireless security standard but also offers backward compatibility with WPA Both WPA and WPA2 provide an enterprise and personal mode of operation For enterprise deployment WPA and WPA2 use IEEE 802 1X for user authentication and require a RADIUS authentication server to be configured on the wired network Data encryption keys are automatically generated and distributed to all clients connected to the network 72 CHAPTER 7 Wireless Configuration WLAN Security Figure 33 Security Mode WPA security Mode WPA WFA Algorithms CTKIP AES CITKIPAES Key Renewal Interval 3600 seconds FMK Cache Period 10 minute Pre Authentication Disable Enable IP Address Port shared Secret session Timeout Idle Timeout Security Mode Configures the WPA and WPAZ2 security modes used by clients When using WPA or WPA2 be sure there is a RADIUS server in the connected wired network and that the RADIUS settings are configu
101. terception and evesdropping A popular local area data communications network which accepts transmission from computers and terminals File Transfer Protocol A TCP IP protocol used for file transfer Hypertext Transfer Protocol HTTP is a standard used to transmit and receive all data over the World Wide Web A wireless standard that supports wireless communications in the 2 4 GHz band using Direct Sequence Spread Spectrum DSSS The standard provides for data rates of 1 2 5 5 and 11 Mbps A wireless standard that supports wireless communications in the 2 4 GHz band using Orthogonal Frequency Division Multiplexing OFDM The standard provides for data rates of 6 9 12 18 24 36 48 54 Mbps IEEE 802 11g is also backward compatible with IEEE 802 11b An integrated wireless and wired LAN is called an infrastructure configuration Local Area Network A group of interconnected computers and support devices The physical layer address used to uniquely identify network nodes Network Time Protocol NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master Slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio A security option which broadcasts a beacon signal including the access point s configured SSID Wireless clients can read the SSID from the 124 ODFM SSID SESSION KEY SHARED
102. the WDS network Figure 42 shows the basic configuration required on each unit in the WDS network Figure 41 Manual WDS MAC Address Configuration Internet Service Provider AS es Cable DSL ee i WDS Link gt Modem Na lt T call ol z7 Sly E We Ds y MAC 00 22 2D 62 EA 44 7 k MAC 00 22 2D 62 EA 11 5N a on ee z WDS MAC List 5 pi 00 22 2D 62 EA 22 k s 00 22 2D 62 EA 33 00 22 2D 62 EA 44 MAC 00 22 2D 62 EA 22 WDS MAC List 00 22 2D 62 EA 11 Se MAC 00 22 2D 62 EA 33 WDS MAC List 00 22 2D 62 EA 11 64 CHAPTER 7 Wireless Configuration Wireless Distribution System WDS Figure 42 WDS Configuration Example Internet Service Provider Be Se Cable DSL WDS Link ee gt Modem q 7 S B wk o va ols WPS s l Operation Mode Gateway i h k Operation Mode Gateway 1 E ang ae a a e ee LAN IP Address 192 168 2 4 ae DHCP Server Enable ress 100 2 LAN IP Address 192 168 2 1 Operation Mode Bridge WDS Mode Repeater _ _ _ lt Operation Mode Bridge DHCP Server Disable a a i ee WDS Mode Lazy LAN IP Address 192 168 2 2 DHCP Server Disable LAN IP Address 192 168 2 3 A WDS link between two units can be configured in any of the following Operation Mode combinations 1 Both units in a link are configured as Gateway Mode 2 One unit in a link is configured in Gateway Mode and the other in Br
103. ther the unit is in Gateway or Bridge Mode See Operation Mode on page 54 53 CHAPTER 5 Operation Mode Operation Mode OPERATION MODE The Operation Mode Configuration page allows you to set up the mode Suitable for your network environment Figure 22 Operation Mode Gateway Operation Mode The Operation Mode Configuration section allows you to select Bridge or Gateway mode as suited to your network environment Operation Mode Configuration Operation Mode Connects a wired LAN and wireless clients to an Internet access device such as a cable or DSL modem Bridge Mode An access point mode that extends a wired LAN to wireless clients Gateway Mode Normal gateway mode that connects a wired LAN and wireless clients to an Internet access device such as a cable or DSL modem This is the factory set default mode 54 WAN SETTING DHCP INTERNET SETTINGS The Internet Settings pages allow you to manage basic system configuration settings It includes the following sections WAN Setting on page 55 DHCP on page 55 Static IP on page 57 PPPOE on page 58 PPTP on page 59 LAN Setting on page 61 Advanced Routing on page 63 Note In Bridge mode the Wireless Broadband Router s Internet Settings options are significantly reduced with only LAN Settings and the Client List being available to the user The WAN Setting p
104. time 20 microseconds is required if the access point has to support 802 11b clients Default Enabled TX Burst A performance enhancement that transmits a number of data packets at the same time when the feature is Supported by compatible clients Default Enabled 80 CHAPTER 7 Wireless Configuration Advanced Settings Packet Aggregate A performance enhancement that combines data packets together when the feature is supported by compatible clients Default Enabled WI FI MULTIMEDIA The Wireless Broadband Router implements Quality of Service QoS using the Wi Fi Multimedia WMM standard Using WMM the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time WMM employs techniques that are a subset of the developing IEEE 802 11e QoS standard and it enables access points to interoperate with both WMM enabled clients and other devices that may lack any WMM functionality WMM defines four access categories ACs voice video best effort and background These categories correspond to traffic priority levels and are mapped to IEEE 802 1D priority tags see Table 3 The direct mapping of the four ACs to 802 1D priorities is specifically intended to facilitate interoperability with other wired network QoS policies While the four ACs are specified for specific types of traffic WMM allows the priority levels to be configured
105. tion prior to the sending station starting communications The access point sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station sends a CTS clear to send frame to notify the sending station that it can start sending data If the RTS threshold is set to 0 the access point always sends RTS Signals If set to 2347 the access point never sends RTS signals If set to any other value and the packet size equals or exceeds the RTS threshold the RTS CTS Request to Send Clear to Send mechanism will be enabled The access points contending for the medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node Problem Range 1 2347 bytes Default 2347 bytes Short Preamble Sets the length of the signal preamble that is used at the start of a data transmission Use a short preamble 96 microseconds to increase data throughput when it is supported by all connected 802 11g clients Use a long preamble 192 microseconds to ensure all 802 11b clients can connect to the network Default Disabled Short Slot Sets the basic unit of time the access point uses for calculating waiting times before data is transmitted A short slot time 9 microseconds can increase data throughput on the access point but requires that all clients can support a short slot time that is 802 11g compliant clients must support a short slot time A long slot
106. tiplies the number of Access Points present within the RF footprint of a single physical access device With Virtual AP technology WLAN users within the device s footprint can associate with what appears to be different access points and their associated network services All the services are delivered using a single radio channel enabling Virtual AP technology to optimize the use of limited WLAN radio spectrum WPA employs 802 1X as its basic framework for user authentication and dynamic key management to provide an enhanced security solution for 802 11 wireless networks 125 GLOSSARY WEP WPA PSK Wired Equivalent Privacy WEP is based on the use of security keys and the popular RC4 encryption algorithm Wireless devices without a valid WEP key will be excluded from network traffic WPA Pre shared Key WPA PSK can be used for small office networks with a limited number of users that may not need a high level of security WPA PSK provides a simple security implementation that uses just a pre shared password for network access 126 SIMIC Networks SMCWBR14S N4
107. tting allows you to manually change the MAC address of the Wireless Broadband Router s WAN interface to match the PC s MAC address provided to your ISP for registration You can enter the registered MAC address manually by typing it in the boxes provided Otherwise connect only the PC with the registered MAC 44 CHAPTER 4 Initial Configuration Setup Wizard address to the Wireless Broadband Router then click the Clone your PC s MAC Address Default Disable STEP 3 WAN Enables the Point to Point Tunneling Protocol PPTP for implementing SETTINGS PPTP virtual private networks The service is provided in many European countries Figure 18 Wizard Step 3 WAN Settings PPTP Setup Wizard E i Sener IP User Name Address Mode F Address Subnet Mask 255 255 255 0 Default Gateway 92 168 1 25 Keep Alive Mode Redial Period senconds DNS Setting Option MAC Clone Operation Mode The following items are displayed on this page Server IP Sets the PPTP server IP Address Default pptp_server User Name Sets the PPTP user name for the WAN port Default pptp_user Range 1 32 characters Password Sets a PPTP password for the WAN port Default pptp_password Range 1 32 characters Verify Password Prompts you to re enter your chosen password Address Mode Sets a PPTP network mode Default Static IP Address Sets the static IP address Default 0 0 0 0 available
108. ttings 11g only Both 802 11g and 802 11n clients will be able to communicate with the Wireless Broadband Router but the 802 11n clients will be limited to 802 11g protocols and data transmission rates up to 54 Mbps Any 802 11b clients will not be able to communicate with the Wireless Broadband Router 11in only Only 802 11n clients will be able to communicate with the Wireless Broadband Router up to 150 Mbps 11g n mixed Both 802 11g and 802 11n clients can communicate with the Wireless Broadband Router up to 150 Mbps but data transmission rates may be slowed to compensate for 802 11g clients 11b g n Mixed All 802 11b g n clients can communicate with the Wireless Broadband Router up to 150 Mbps but data transmission rates may be slowed to compensate for 802 11b g clients Frequency Channel The radio channel that the Wireless Broadband Router uses to communicate with wireless clients When multiple access points are deployed in the same area set the channel on neighboring access points at least five channels apart to avoid interference with each other For example you can deploy up to three access points in the same area using channels 1 6 11 Note that wireless clients automatically set the channel to the same as that used by the Wireless Broadband Router to which it is linked Selecting Auto Select enables the Wireless Broadband Router to automatically select an unoccupied radio channel Default AutoSelect
109. urs Specify the interval between SNTP server updates 41 CHAPTER 4 Initial Configuration Setup Wizard STEP 3 WAN The Step 3 page of the Wizard specifies the Internet connection SETTINGS DHCP parameters for the Wireless Broadband Router s WAN port Click Next after completing the setup By default the access point WAN port is configured with DHCP enabled The options are Static IP DHCP cable modem PPPoE ADSL and PPTP Each option changes the parameters that are displayed on the page Figure 15 Wizard Step 3 WAN Settings DHCP This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type DHCP Auto config DHCP Mode Hostname SMCWBR14S N4 DNS Setting Option Primary DNS Server Secondary DNS Server MAC Clone Enabled Disable The following items are displayed on this page WAN Connection Type Select the connection type for the WAN port from the drop down list Default DHCP Hostname Specifies the host name of the DHCP client Default SMCWBR14S N4 Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided
110. uter IP address to be assigned automatically from an Internet service provider ISP through an ADSL modem using Point to Point Protocol over Ethernet PPPoE Figure 25 PPPoE Configuration Wide Area Network WAN Settings This section allows you to configure the connection type and other related WAN parameters suitable to your environment WAN Connection Type PPPoE ADSL yt PPPoEMode Verify Password KeepAlive Operation Mode Keep Alive Mode Redial Period senconds Qn demand Mode Idle Time minutes MAC Clone En abled MAC Address Filly MAC PPPoE User Name Sets the PPPoE user name for the WAN port Default pppoe_user Range 1 32 characters PPPoE Password Sets a PPPoE password for the WAN port Default pppoe_password Range 1 32 characters Verify Password Prompts you to re enter your chosen password Operation Mode Selects the operation mode as Keep Alive On Demand or Manual Default Keep Alive Keep Alive Mode The Wireless Broadband Router will periodically check your Internet connection and automatically re establish your connection when disconnected Default 60 seconds 58 CHAPTER 6 Internet Settings WAN Setting u On Demand Mode The maximum length of inactive time the unit will stay connected to the DSL service provider before disconnecting Default 5 minutes MAC Clone Some ISPs limit Internet connections to a specified MAC address of one PC This
111. will not be allowed to associate with the access point Default Enabled APSD When WMM is enabled Automatic Power Save Delivery APSD can also be enabled APSD is an efficient power management method that enables client devices sending WMM packets to enter a low power sleep state between receiving and transmitting data Default Disabled WMM Parameters Click the WMM Configuration button to set detailed WMM parameters Figure 39 WMM Configuration WMM Parameters of Access Point Aifsn CWMin CWM Txop ACM AckPolicy AC_BE 3 L AC_BK LJ AC_VI oO d AC_VO WMM Parameters of Station _ Alfsn CWMin CVV Max Txop ACM o o o E Ty sa a o ay pa e o The following items are displayed in the WMM Configuration window AIFSN Arbitration Inter Frame Space The minimum amount of wait time before the next data transmission attempt Specify the AIFS value in the range 0 15 microseconds e CWMin Minimum Contention Window The initial upper limit of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and 29 CHAPTER 7 Wireless Configuration Advanced Settings the CWMin value Specify the CWMin value in the range 0 15 microseconds Note that the CWMin value must be equal or less than the CWMax value CWMax Maximum Contention Window The maximum upper limit of the random backoff wait time bef
112. wireless network is defined by its Service Set Identifier SSID or network name Wireless clients that want to connect to a network must set their SSID to the same SSID of the network service 30 CHAPTER 2 Network Planning Wireless Bridge Figure 5 Operating as an Access Point JS b Server n pi IP 192 168 2 x N Desktop A IP 192 168 2 x Notebook PC IP 192 168 2 x Wireless AP Router _ 2 WIRELESS BRIDGE The IEEE 802 11 standard defines a Wireless Distribution System WDS for bridge connections between access points The Wireless Broadband Router can use WDS to forward traffic on links between units Up to four WDS links can be specified for the Wireless Broadband Router The WDS feature enables two basic functions to be configured in the wireless network Either a repeater function that extends the range of the wireless network or a bridge function that connects a remote LAN segment to an Internet connection Figure 6 Operating as a Wireless Bridge Internet Service Provider AU aAA o Cables ER 7 WDS L Link 2 Modem _ q z a Gateway Router Gateway Router Bridge Mode Se Gateway Mode gt gt 5 7 Q Desktop PCs T i e PCs nwr _ aad gi CHAPTER 2 Network Planning Wireless Bridge Figure 7 Operating as a Wireless Repeater Internet Service Provider AU wee ee ee ee eee e
113. wires to the pins Figure 60 RJ 45 Connector 116 APPENDIX C Cables and Pinouts 10 100BASE TX Pin Assignments 10 100BASE TX PIN ASSIGNMENTS Use unshielded twisted pair UTP or shielded twisted pair STP cable for RJ 45 connections 100 ohm Category 3 or better cable for 10 Mbps connections Also be sure that the length of any twisted pair connection does not exceed 100 meters 328 feet The RJ 45 port on the access point supports automatic MDI MDI X operation so you can use straight through or crossover cables for all network connections to PCs switches or hubs In straight through cable pins 1 2 3 and 6 at one end of the cable are connected straight through to pins 1 2 3 and 6 at the other end of the cable Table 5 10 100BASE TX MDI and MDI X Port Pinouts PIN MDI Signal Name MDI X Signal Name 1 Transmit Data plus TD Receive Data plus RD 2 Transmit Data minus TD Receive Data minus RD 3 Receive Data plus RD Transmit Data plus TD 6 Receive Data minus RD Transmit Data minus TD 4 5 7 8 Not used Not used a The and signs represent the polarity of the wires that make up each wire pair STRAIGHT THROUGH WIRING If the twisted pair cable is to join two ports and only one of the ports has an internal crossover MDI X the two pairs of wires must be straight through When auto negotiation is enabled for any RJ 45 port on this Switch you can use either stra
114. y in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice 12L APPENDIX D License Information The GNU General Public License 10 11 This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in s
115. ystem Security on page 96 Content Filtering on page 97 MAC IP PORT FILTERING MAC IP Port filtering restricts connection parameters to limit the risk of intrusion and defends against a wide array of common hacker attacks MAC IP Port filtering allows the unit to permit deny or proxy traffic through its MAC addresses IP addresses and ports The Wireless Broadband Router allows you define a sequential list of permit or deny filtering rules up to 32 This device tests ingress packets against the filter rules one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the packet is either accepted or dropped depending on the default policy setting s Gi CHAPTER 8 Firewall Configuration MAC IP Port Filtering Figure 47 MAC IP Port Filtering MAC P Port Filtering Settings This section allows you to configure the firewall to filter based on MAC IP or portto protect your network from viruses and other malicious activity on the Internet Basic Settings MACIP Port Filtering Default Policy Describes how packets not matching any rules will be handled Dropped MACIP Port Filter Settings WAC address The maximum rule countis 32 Current MACIPPort filtering rules in system No MAC address DIP SIP Protocol DPR SPR Action Comment Others would be dropped Delete Selected Reset MAC IP Port Filtering Enable

Download Pdf Manuals

Related Search

Related Contents

Manual do Usuário do X-Porte  Manual SELL ENG    ZYX 多機能ジャイロプログラマー  CCS‑CU Unidade de controlo    Sopladora a Gasolina  Swann DVR4-2550  

Copyright © All rights reserved. Failed to retrieve file