LevelOne WBR-3402TX Network Router User Manual
Contents
1. 01 12 2004 15 34 50 None i ESP None zigo Sec gt None ZI Es None zio Sec None ZI EsP None zio Sec None ZI EsP None zio sec None ZI Es None zio sec Prone IMesP None zigo Sec None xi ESP None zio Sec VPN Settings Tunnel 1 Set IPSec Proposal ID 1 Proposal Name proposal DH Group Group2 Encap Protocol ESP Encrypt Algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec User can view VPN connection process in System Log page and correct their settings 132 Appendix C PPTP and L2TP Configurations 1 First please go to the Network connection amp Network Connections amp Network Connections fa gt Broadband amp D Set up a home or pas z a 3 office network Start the New Connection Wizard which helps you create a connection to the Internet to another computer or to your workplace network e Start this connection Network Tasks mj Rename this connection Delete this connection Change settings of this Eii Ea connection p i Dial up test Connection through Re Control Panel Internet Gateway a3 My Network Places O My Documents e Y My Computer Intanet Connection LAN or High Speed Internet a Local Area Connection Virtual Private Network e 2 Connect to network at my workplace New Connection Wizard Network Conn2. Internet Protocol TCRIIP Me Cd File and Printer Sharing for Microsoft Networks Client for Microsoft Networks rai trertesl 136 However you should add the Authentication Protocol in advanced Custom setting of Security option like below t o support pap chap mschap If successfully we will see This time the client in the internet can ping any pcs in the lan 192 168 123 x cy CAWINDO WSS ystem32 cmd exe Connection specific DHS Suffix IF Address 192 168 122 139 Subnet Mask 255 255 255 868 Default Gateway 192 168 122 258 C gt Documents and Settings ajax ipconfig Mindows IP Configuration Connection specific Suffix IP Address a a a Subnet Mask Default Gateway 192 168 122 139 255 255 2558 192 168 122 258 PPP adapter 1972 168 122 16 Connect ion specif ic IP Address a a a Subnet Mask a Default Gateway 10 86 8 2 255 255 255 255 16 46 80 2 Go sDocuments and Settings ajax L2TP However the router is the also vpn I2tp server and supports three Authentication Protocols PAP CHAP and MSCPAP And the settings are similar with PPTP But MS operating systems like winxp win2000 will not find The type of vpn L2tp We can use this files disableipsec Zip to enable it http support 1glou com fom serve cache 473 html Then We will see L2tp IPSEC VPN and choose it 137 L2TP 3 roperties O f Automatic C LZTP IPSec VPN
3. Now you can configure the NAT Router refer to Chapter 4 and setup the Print Server refer to Chapter 5 12 Chapter 4 Configuring ADSL Wireless Broadband Router This product provides Web based configuration scheme that is configuring by your Web browser such as Netscape Communicator or Internet Explorer This approach can be adopted in any MS Windows Macintosh or UNIX based platforms Wireless LAN Desktop PC TT u 9 _ Internet Switch ADSL Router Desktop PC Fast Ethernet wl F NI y z Windows Mac Unix like 13 4 1 Start up and Log in 8 4 a3 5 SH 2 level TITIOLIVSLinon one Status wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Status ltem WAN Status Sidenote WARN Type Bridge Mode with MAT _ Remaining lease Time OF 08 0 jE Address 61 59 223 208 subnet Mask Mae fall d at Pwa Y na Domain Name Server 139 175 252 166 139 175 55 244 SB ROU os 512 Kbps 64 Kbps Interleaved Mode wniotream Upstream ltem Peripheral Status Sidenote OVO 2004 16 25 09 ees Mot ready Statistics of WAH Inbound Outbound 3689806 1230645 91013 61408 152 2 a ADSL Modem Status Activate your browser and disable the proxy or add the IP address of this product into the exceptions Then type this product s IP address in the Location for Netscape or Address for IE field and press ENTER For
4. gt OAM Setup gt Wireless e Iles 34028 b Change Password Channel gt SSID broadcast Enable Disable Wireless connecting mode 11g ony SP Mixed gt WEP Secu rity 2 Disable WEP Enable IEEE 64 bit Shared Key security Enable IEEE 128 bit Shared Key security k S WEF Key 1 0102004 18 57 41 O Enable Disable Save Undo 802 1 Setting MAC Address Control 30 Wireless settings allow you to set the wireless configuration items 1 Network ID SSID Network ID is used for identifying the Wireless LAN WLAN Client stations can roam freely over this product and other Access Points that have the same Network ID The factory setting is default 2 Channel The radio channel number The permissible channels depend on the Regulatory Domain The factory setting is as follow channel 6 for North America channel 7 for European ETSI channel 7 for Japan 3 SSID Broadcast Enable or disable SSID via this option 4 Wireless Connecting Mode Choose your Connecting Mode Mixed Mode allows 11Mbps or 54Mbps wireless adapter connection 11g only mode only allows the connection from 54Mbps wireless adapter and will refuse the connection from 11 Mbps wireless adapter 5 WEP Security Select the data privacy algorithm you want Enabling the security can protect your data while it is transferred from one station to another The standardized IEEE 802 11 WEP 128 or 64 bit is used here 6 WEP Key 1 2 3 am
5. 7 Click Apply to finish setup WAI TYE TAI BULL PEITAI RA Unix BENTH FF lpg Router LAN IP Address EMRIP LaserJet 2200 xmo duc ly emo 88 8 At last you must click Apply on the toolbox to make the change take effective a Se eee ee ee ee ee ee ee re E oa de ee gaT iei ae Peeper tiie irre eben g hep press BEO prii sade WMT printertest v spooling LPR gob In Command Mode Linux has built in LPR client You can utilize it for printing You can manual set it or via the tool printtool in X windows PS The spool name Is Ip all lowercase letter Below is my setting etc printcap Ip Sd var spool pd Ip mx 0 Sh rm 192 168 123 254 Then add the corresponding directory mkdir var spool lpd lp Too see the detail please refer to the online manual in linux man printcap 89 5 5 Configuring on Apple PC 1 First go to Printer center Printer list and add printer rapea Ean tell as IP 5YE mem o M EMR RHE Router Lan ip address Internet H ONS SK TRAA REHDHE ERARE RRT s th Eee MR WA 2 Choose IP print and setup printer ip address router Lan ip address 3 Disable Default Queue of Server And fill in Ip in Queue name item 4 Printer type Choose General 90 Appendix A TCP IP Configuration for Windows 95 98 This sect
6. Mew Password fe cantirm 01707 2004 16 59 14 You can change Password here We strongly recommend you to change the system password for security reason 32 4 5 Forwarding Rules 8a4 a9 5 am E level E annie LOOT ITALIJI one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Forwarding Virtual Server Special AP Miscellaneous Virtual Server Allows others to access WAAMA FTP and other senices on your LAN bb Special Application This configuration allows some applications to connect and work with the NAT router Miscellaneous communication Mote that this feature should be used only when needed slon standard FTP port You have to configure this item if you want to access an FTP server hose port number is not 21 when Client uses active mode OOF 2004 10 59 47 gF Setting UPnP is short for Universal Plug and Play which is a networking architecture acovides compatibility among networking equipment software and peripherals 4 5 1 Virtual Server 2d Qaa0 5S5m a level one Status Wizards Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Forwarding Preeeceesencecesescescscsecsesecesseses Fessssssssseresrsessssereesrsesessenes b Special AP gt Miscellaneous Service Ports Server IP Enable Use Rule 192 168 123 F 192 168 123 192 168 123 192 168 123
7. This rule does not specify an IPSec tunnel f The tunnel endpoint is specified by this IP address 197 168 1 254 Cancel Sippy configure The tunnel endpoint is specified by this IP address 192 168 1 254 Select Connection Type 112 F Edit Rule Properties x IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type ma This rule only applies to network traffic over connections of my the selected type fe All network connections C Local area network LAN C Remote access select All network connections Tunnel 2 router gt xp In the new policy s properties page dis select Use Add Wizard check box and then click Add button to create a new rule 113 z Edit Rule Properties Tunnel Setting Connection Type Authentication Methods Filter ction IF Filter List The selected IF fiter list species which network traffic will be affected by this rule IP Filter Lists Description lt lt lt Matches all ICMP packets betw Matches all IP packets from this Name O AIICMP Traffic AIP Traffic router sp O p router Add Edit Remove Cancel Apply click Add button 114 F E IP Filter List RES An F filter list is composed of multiple filters In this way multiple subnets IF 4 addresses and protocols can be combined into one IF filter Hame router gt p Description Edit Re
8. 516 Setup Wizard Select WAN Type For detail settings please refer to 4 4 1 primary setup 4 4 Basic Setting gt OR 4 00 45 am E EEE level One Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox OO Logout Basic Setting i i b Frimary Setup Basic setting gt OAM Setup gt DHCP Server gt Wireless gt Change Password Primary Setup Configure LAN IP and select WAM type OAM Setup Allow you to set the OAM feature for virtual channel L The settings include Host IP Subnet Mask Gateway DNS and WINS configurations Wireless Pirelass settings allow you to configure the wireless configuration items OOF 2004 16 27 25 ange Password Baou to change system password 17 4 4 1 Primary Setup WAN Type j 9 Ob d 48 9 5 am H level j Cvaneeteeae aera One Status Wizard Basic Setting Forwarding Rules Secuity Setting Atarot Setting Toolbox Legout Basic Setting b Prirnary Setup gt OAM Setup p DHCP Server ltem Setting b Wireless b Change Password p gt LAN IP Address 192 168 123 254 WAN Type RFC1463 Bridge Mode with HAT OWAN IP Mode Dynamic IP Address SWAN S MAC Address FF FF FF FF FF FF Clone MAC Renew IP Forever E Enable Auto recannect gt Data Encapsulation P Number Murnber OOF 2004 16 20 10 Press Change 18 O92 4 83 5 4M 2 level Status Wiz
9. Cancel Configure Integrity algorithm SHA1 Configure Encryption algorithm 3DES Configure Diffie Helman group Medium 2 Settings on VPN router VPN Router Wan IP address 192 168 1 254 Lan IP address 192 168 123 254 PC 192 168 123 123 128 PETA 8 4 a4 3 Sm 2 level j as 7 hi f i IOTI YS yi one Status Wizard Basic Setting Forwarding Rules Secuity Settings Arken Setting Toolbox Logout Security Settig b Packet Filters gt Domain Filters b MAC Address Control 8 ltem Setting b Miscellaneous gt Wax number of tunnels R Tunnel Hame Method fe More pe Mor pe More pe More C More O14 2 2004 15 29 25 po lt lt Previous VPN Settings VPN Enable Max number of tunnels 2 ID 1 Tunnel Name 1 Method IKE Press More gt 129 92 4 834 5 4H 2 level tL OTTISUrarniol one Status Vizard Basic Setting Forwarding Rules Secuity Setting Aatarteed setting Toolbox 0 Logout Security Settig b Packet Filters Domain Filters gt MAC Address Control bari Setting gt YPN i gt Miscellaneous yO Tunnel Name gt Local Subnet 192 165 123 0 gt Local Netmask 255 255 255 0 F Femote Subnet 132 160 1 1 l Remote Netmask 299 299 299 205 Femote Gateway 132 160 1 1 mypresharekey 7 0S4 Select IKE Proposal Tenn 15 31 24 p i 1088 select IPSec
10. O M Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout gt System Time b System Log ltem b Dynamic ONS o 5 Se i Tx Gain Offset joo i z b Routing e Target Noise Margin Offset foo zi 5 b schedule Rule l e Max Bits per Tone 14 e on gt Ry Gain Offset joo z z Tx Output Power Offset joo zig Bm P Rx Output Power Offset joo z Bim Reset ta default Setting OV 08 2004 15 36 13 ae reset it to i Tx Gain Offset This parameter allows the user to add an offset on the Tx gain of the CPE Modem The offset range is limited between 10 dB and 3 dB with a granularity of 0 5 dB The default value is set to 0 dB no offset Target Noise Margin Offset This parameter allows the user to add an offset on the Target Noise Margin of the CPE Modem The offset is directly added to the calculated Target Noise margin It should be ranged between 3dB and 3dB with a granularity of 0 5 dB The default value is set to O dB no offset Max Bits per Tone The value of this parameter will limit the number of bits loaded in each upstream tone It should be ranged between 2 and 14 bits tone The default value is set to the ADSL maximum standard 14 bits tone Rx Gain Offset This parameter allows the user to add an offset on the Rx gain of the CPE Modem The offset range is limited between 10 dB and 3dB with a granularity of 0 5 dB The default value is set to 0 d
11. Print to the following ports Documents will print to the first free checked port Description Printer Frinter Part HP Laserdet 2200 Series PE Printer Port Printer Port Serial Fort Serial Fort Serial Fort gral Fort ket E a ee er C Enable bidrechonal support Enable printer pooling toy J ep 3 Select Standard TCP IP Port and then click New Port Printer Ports Available port types bem Fo CUTE Standard TCPIIP Fort 81 4 Click Next and then provide the following information Type address of server providing LPD that is our NAT device 192 168 123 254 Add Standard TCP IP Printer Port Wizard x Add Port For which device do you want to add a port Enter the Printer Mame or IF address and a port name for the desired device Printer Name or IP Addretgs 192 1 69 123 254 Port Name IP_192 168 7 25 254 4 Select Custom then click Settings Add Standard TCP IP Printer Port Wizard bd Additional Port Information Required The device could not be identified The device is not found on the network Be sure that 1 The device ts tumed on 2 The network i connected 3 The device is properly configured 4 The address on the previous page i correct IF you think the address is not corect click Back to return to the previous page Then correct the address and perform another search on the network IF you are sure the address is correct
12. SNMP the Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events Enable SNMP You must check either Local or Remote or both to enable SNMP function If Local is checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device will response Set Community Setting the community of SetRequest your device will accept Example 63 gt Enable SNMP Ed Local Ed Remote gt Get Community gt Set Communit if saved The 1 This device will response to SNMP client which s get community is set as public 2 This device will response to SNMP client which s set community is set as private 3 This device will response request from both LAN and WAN 64 4 7 6 Routing Table 98 a a3 Swm A level LOOTO LIFTS one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Advanced Sep gt ADSL Modem b System Time gt System Log item setting b Dynamic DNS SNMP Dynamic Routing O Disable RIPvl RIPW E Schedule Rule l gt Static Routing ID Destination Subnet Mask 1 Gateway Hop Enable 0109 2004 15 38 17 Save Undo Routing Tables allow you to d
13. The possible kinds of printer status include Ready Not ready Printing and Device error When a job is printing there may appear a Kill Job button on the Sidenote column You can click this button to kill current printing job manually C Statistics of WAN enables you to monitor inbound and outbound packets Notice For the WBR 3402B it can support both Annex B and U R2 ADSL line coding schemes The default setting is Annex B If your ISP used U R2 scheme you have to change the line oding scheme to U R2 and then reboot this product to successfully establish the connection with ISP 15 4 3 Wizard EETA 08 4 a4 Sm pizar ODTIS Uron one status izardi Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox S Logou Wizard Setup Wizard will guide you through a basic configuration procedure step by step O10 72004 16 26 55 Setup Wizard will guide you through a basic configuration procedure step by step Press Next gt 16 ay amp fal 2 ne 3 h a aag One Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Wizard Setup Wizard Select WAN TYPE Ethernet Over ATM RFC 1493 Bridged without MAT Ethernet Over ATM RFC 1403 Bridged with NAT IP over ATM RFC 1485 Routed Classical IP over ATM RFC 1577 PPP over ATM RFC 2364 OOF 2004 16 27 03 PP over Ethernet RFC
14. select the device type below Device Type 82 6 Select LPR type Ip lowercase letter in Queue Name And enable LPR Byte Counting Enabled led Configure Standard TCP IP P 2 Port Settings Port Name IP_192 168 123 254 Printer Name or IF Address 1 927 166 123 254 Protocal a O Baw LPR Raw Sethings Fot Number LFR Byte Counting Enabled SNMP Status Enabled Corarmurity Mame public SAMP Device Indes 83 7 Apply your settings Add Standard TCP IP Printer Port Wizard X Completing the Add Standard TCP IP Printer Port Wizard Tou have selected a pork with the following characteristics SHMP No Protocal LPR Ip Device 192 168 123 254 Fort Name IF_192 168 123 254 Adapter Type To complete this wizard click Finish General Sharing Ports Advanced Color Management ERTE S HF Lasenet 2200 Seres PEL 6 Print to the following porta Documents will print to the first free checked port Port Description Printer LI come Serial Port Print to File Standard TCPIP Fort ggah Auto hp des Local Fort ye gt a Add Pott Enable bidirectional support Enable printer pooling Cancel Apply Help 84 5 4 Configuring on Unix like based Platforms Please follow the traditional configuration procedure on Unix platforms to setup the print server of this product The pr
15. 15241681125 182 168 123 192 168 1235 deka Ve Wed 01 07 2004 16 59 57 192 168 1 ho DJ 192 eo et 192 168 123 KJ DJ 192 168 1 Trea echiiacee select one Semis Aways 33 f opy to His This product s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this product are invisible to the outside world If you wish you can make some of them accessible by enabling the Virtual Server Mapping A virtual server is defined as a Service Port and all requests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 then you need to specify the following virtual server mapping table 192 168 123 2 V 192 168 123 6 V 34 4 5 2 Special AP 8 4 a3 SH level on m Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout Forwarding b Virtual Server gt Special AP b Miscellaneous Incoming Ports Enable Trigger OOF 2004 19 00 45 Popular applications Copy to pE A Some applications require multiple connections like Internet games Video con
16. 22 4 4 1 3 IP over ATM RFC 1483 Routed 5 8 4 a3 SH 2 level aon rn Status Vizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout Basic Setting L b Frimary Setup gt OAM Setup DHCP Server ltem Setting b Wireless Mae LAN IP Address 192 168 123 254 P Change Password WAN Type RFC1463 Router Mode with HAT ae WAM IP Mode Static IP Address SWAN IP Address 0 0 0 0 li WAN Subnet Wlask 0 0 0 0 WAN Gateway 0 0 0 0 Pe Primary DNS 0 0 0 0 econdary DNS 0 0 0 0 OOF 2004 18 33 57 Clone MAC W s MAC Address FF FF FF FF FF FF ee Reboot Help ave Undo In the Router Mode NAT is always enabled You have to set the following WAN IP settings Virtual Computer WAN IP Mode This product supports two WAN IP modes static and dynamic If you select dynamic mode it will try to get a legal IP and WAN settings from ISP s DHCP server If you select static mode you have to set the following WAN setting manually WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are assigned by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate Once you finished the required configuration you must click on the Save button to sa
17. Ml Enable b Miscellaneous e Connection control Wireless and wired clients with C checked can connect to this device and fallow gt unspecified MAC addresses to connect E Association control Wireless clients with A checked can associate to the wireless LAM and unspecified MAC addresses to associate MAC Address IP Address Po 192 168 sm O O1V062004 13 37 23 O Ga BE 192 160 123 Previous page MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address MAC Address Control Check Enable to enable the MAC Address Control All of the settings in this page will take effect only when Enable is checked Connection control Check Connection control to enable the controlling of which wired and wireless clients can connect to this device If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control table please see below to connect to this device Assosiation control Check Association control to enable the controling of which wireless client can associate to the wireless LAN If a client is denied to associate to the wireless LAN it means the client can t send or receive any data via this device Choose allow or deny to allow or deny the clients
18. NOTE This feature should be used only when needed Non standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21 This setting will be lost after rebooting 36 4 6 Security Settings CECA 8 4 a4 S4m level 4 j j a 4 N as Se NITISLIVALION Status Wizard Basic Setting Forwarding Rules Secuity Settings Aitartcet Setting Toolbox Logout EO EAA AEE ae Teeter MAS e a dere era Security Settig b Packet Filters b Domain Filters b MAC Address Control gt VP b Miscellaneous Packet Filters Allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting therm based on the IP address of the source and destination Domain Filters Let you prevent users Under this device from accessing specific URLs EMAC Address Control 0102004 19 01 13 Bior Time out The amount of time of ina ctivity before the device will automatically Bditrinistrator session Set this to zero to disable it arom WAN side When this feature is enabled hosts an the WAN cannot ping 37 4 6 1 Packet Filter e OF gaa Sl Ba E e level LYTT iyi ALa Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout one Security Settig b Packet Filters Domain Filters URL Blocking ltem Setting gt MAC Control b A Outbound Filter l Enable 2 Al
19. Server provides a rather simple approach to handle all these settings This product supports the function of DHCP server If you enable this product s DHCP server and configure your computers as automatic IP allocation mode then when your computer is powered on it will automatically load the proper TCP IP settings from this product The settings of DHCP server include the following items 1 DHCP Server Choose Disable or Enable 2 Lease Time this feature allows you to configure IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting and ending address of the IP address pool 4 Domain Name Optional this information will be passed to the client 5 Primary DNS Secondary DNS This feature allows you to assign DNS Servers 6 Primary WINS Secondary WINS This feature allows you to assign WINS Servers de Gateway The Gateway Address would be the IP address of an alternate Gateway This function enables you to assign another gateway to your PC when DHCP server offers an IP to your PC 4 4 4 Wireless Setting and 802 1X setting 8 4 a3 am E level on n Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Basic Setting b Prirnary Setup
20. beside the index list can remove selected proposal index before Proposal name It indicates which IPSec proposal to be focused First char of the name with 0x00 value stands for the proposal is not available e DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 But none also can be selected here for IPSec proposal Encapsulation protocol There are two protocols can be selected ESP and AH Encryption algorithm There are two algorithms can be selected 3DES and DES But when the encapsulation protocol is AH encryption algorithm is unnecessarily set Authentication algorithm There are two algorithms can be selected SHA1 and MDS But none also can be selected here for 52 IPSec proposal Life time The unit of life time is based on the value of Life Time Unit If the value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 seconds If the value of unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways for Its value ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IPSec proposal can be chosen for adding the proposal to the dedicated tunnel There are total ten proposals can be s
21. every 10000 seconds Click OK button 121 F Edit Rule Properties x IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trusti established between computers These authentication methods are offered and accepted when negotiating security with another computer Authentication method preference order l Details Freshared Key mvpresharedkey Move up Move dowr select Authentication Methods page click Add button 122 Edit Authentication Method Properties Authentication Method The authentication method species how trust i established between the computers Active Directory default Kerberos W5 protocol Use a certificate from this certification authority CA a Use this string preshared key mypresharedkey select Use this string to protect the key exchange preshared key and enter the preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting 123 Edit Rule Properties x IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type IF traffic destination as specihed by the associated IF filter The tunnel endpoint is the tunneling computer closest to the list It takes two rules to describe an PSec tunnel This rule does not specify an IPSec tunnel f The
22. example http 192 168 123 254 After the connection is established you will see the web user interface of this product There are two appearances of web user interface for general users and for system administrator To log in as an administrator enter the system password the factory setting is admin in the System Password field and click on the Log in button If the password is correct the web appearance will be changed into administrator configure mode As listed in its main menu there are several options for system administration 14 4 2 Status PECE 8 4 a4 S4m level Mrnnnnnnnnnnnnnnnn EPEE Status ltem WAN Status Sidenote WARN Type Bridge Mode with MAT Remaining Lease Time 07 05 43 P Address 61 59 223 208 Subnet Mask Es diss SE I sateway ee Domain Name Server 139 175 252 16 139 175 55 244 ADSL Connection 512 Kbpsib4 Kbps D own ot ream a LJ p oT ream j nte rl Pave d l oO dd 2 ltem Peripheral Status Sidenote 0107 2004 16 25 54 Not ready Statistics of WAN Inbound Outbound 136200672 1215045 t s L E A E a a gale System Time 01 07 2004 18 24 31 Fefresh This option provides the function for observing this product s working status A WAN Port Status If the WAN port is assigned a dynamic IP there may appear a Renew or Release button on the Sidenote column You can click this button to renew or release IP manually B Printer Status
23. then click the OK button 8 Make sure that all settings mentioned above are correct and then click the OK button 78 5 2 Configuring on Windows NT Platforms The configuration procedure for a Windows NT platform is similar to that of Windows 95 98 except the screen of printer Properties Description Local Peet Local Fit Local Peet Local Pout Local Poet Local Peet Local Fot Local P t Hewlett Packard L T Compared to the procedure in last section the selection of Details is equivalent to the selection of Ports and Port Settings is equivalent to Configure Port 79 5 3 Configuring on Windows 2000 and XP Platforms Windows 2000 and XP have built in LPR client users could utilize this feature to Print You have to install your Printer Driver on LPT1 or other ports before you preceed the following sequence 1 Open Printers and Faxs Printers and Faxes File Edit View Favorites Tools Help Qba O BG PSearch E Folders E Address S Printers and Faxes Printer Tasks 3 Add a printer gt Set up Faxing See Also 2 Troubleshoot printing Get help with printing Other Places Control Panel 3 Scanners and Cameras O My Documents 2 My Pictures ig My Computer Details 80 2 Select Ports page Click Add Port HP LaserJet 2700 Series PCL 6 Pro 3 General Shari G Ports vanced Color Management E HF Laserlet 2200 Seres PCL 6
24. with Service Pack 1 allows 802 1x authentication only when data encryption function is enable 144 Appendix E FAQ and Troubleshooting Reset to factory Default There are 2 methods to reset to default 1 Restore with RESET button First turn off the router and press the RESET button in And then power on the router and hold the RESET button down until the Status LED start flashing then move away the hand If LED flashes about 8 times the RESTORE process is completed However if LED flashes 2 times repeat 3 Restore directly when the router power on First hold the RESET button about 5 seconds STATUS LED will start flashing about 5 times move away the hand The RESTORE process is completed TFTP Mode 1 Symptom STATUS LED flashes abnormally 1 STATUS LED flashes very quickly 2 STATUS LED flashes reciprocally We can check if the router works ok or not according to STATUS LED If Normal the STATUS LED flashes per second 2 Solution 1 First execute the execute file If the router address is be found Please go to the step 3 If not please go to step2 2 Turn off the router and press the RESET button in And then power on the router and hold the RESET button down until the Status LED start flashing For a moment the Status LED is flashing very fast It is Tftp mode If failed please try again 3 Please use the execute file and click refresh button and will show some devices 145 F
25. 0 Miscellaneous OMS oiran a ees 54 ATP NON ATIC CO SEUD a a E EE E a 55 4 7 1 ADSL Modem Performance Setting cccccccececcceccceceeeeeeaeeeeesssseeeeeeeeeees 56 AF 2D Y SUC LINC cia ci sacar meer ccesnaccans ori iesahsannss ec wedsbocoasaaseemsenhtbaatees sus cseccantessoemaass 58 AD SY SUCH OO lt itian ess uatandenirentus abtuediss taueeuniuatandetieaccesaigusdss tauscananneondtneutacianantuedashecs 59 47A Dynami DN Sereia E lastest abate NA 61 BTS NINES CUA ING costars naan van aa numheaaarace eave tule dase damenpneo moet tendeuaueoleaneaeee 63 BO We OMIM TIDI 65 AT AD CMC dake Rilan se Sepiaus tev ve oa datetvntes EA AO N 67 eo TODOR ee Ce ne TI ee UE Sere IO EEO ee oe ee eee A 71 R NCW A E EE E E E A NO EAE E E I EEE EE EE ETE E uaceaae T2 48 2 DW abe POAC nener ET 73 A ACK UIP SC UIT O winch 2 tacetresietcatudns sudud adaadeaca naan ceeseuadacuuteasnaliehatni casas tidaotaintasantts 74 FEA IRCSEL LOC AU iis utes vas ahah tuts hous hutauee a howe awuet ans ua ahons et sueen seus tates tite 74 BSD IRE DOO C irn stae tous unex euensennasaueeclusuectvleusanea neu snuemnesaueectaongeaaeeueaess 74 48 O INIISCel ANC OUS ICIS 2253 es 75 CHE PESEN E a a a asus a sano eas 76 5 1 Configuring on Windows 95 98 Platforms cccssseseseseseeeeeceeeeeeeeeeeaeaeeeeeeees 76 5 2 Configuring on Windows NT Platforms yenisi 79 5 3 Configuring on Windows 2000 and XP Platforms ccccccssssssseseseeeeeeeeees 80 5 4 Configuring on Unix li
26. 01 09 2004 15 31 54 SERED Aways z Copyto fim 70 4 8 Toolbox t QOH AQRGSGR SH 8 level tonneurartion one Status Wizard Basic Setting Forwardinty Rules Secuity Setting Advanced Setting Toolbox O Logout Toolbox b View Log b Firmware Upgrade b Backup Setting gt Reset to Default View Lo gt Reboot i 5 b Miscellaneous View the system logs Firmware Upgrade Prompt the administrator for a file and upgrade it to this device Backup Setting Save the settings of this device to a file Reset to Default set the settings of this device to the default values this device ress for WWake on LAN Let you to power up another network device remotely 05 13 2003 17 05 55 ame or IP address for Ping Test Allow you to configure an IP and ping the device You can ping a secific IP to test 71 4 8 1 View Log e QOD Q QGR S B SG40 8 level tft afn one Status Wizards Basie Settings Forwarding Rules Secuity bite gh anced Setting Toolbox Logout Toolbox D View Log 2 b Firmware Upgrade gt Backup Setting NAT R1 01b1 gt Reset to Default S 6 2003 b Reboot b Miscellaneous DHCP discover DHCP di rer DHCP d rer DHCP dis rer pOO3s 3H1i8sh E 30 92 168 123 1 login s 33H 18H E 02 05 28 192 16 23 1 login s o03 23Ai8sh EF 03 6 192 16 Je qal ipeve flea 003 3Hi8H E 03 Sys Ag alts She logged out Tae c 18H EF 03 3 192 168 123 1 login su
27. 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IKE proposal can be chosen for adding corresponding proposal to the dedicated tunnel There are total ten proposals can be set in the proposal pool At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list Function of Buttons Add to button Click it to add the chosen proposal indicated by proposal ID to IKE Proposal index list The proposals in the index list will be used in phase 1 of IKE negotiation for getting the IKSAMP SA of dedicated tunnel 51 O48 4 94 15 4m a level one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Security Settig gt Packet Filters gt Domain Filters gt URL Blocking Item Setting A y aio IPSec Proposal index Empty gt Miscellaneous ID Proposal Name DH Group Encap protocol Encrypt algorithm Auth algorithm Life Time Life Time Unit 11 10 2003 17 12 27 Proposal ID Add to Proposal index Save Undo Back Help eVPN Settings Set IPSec Proposal IPSec Proposal index A list of selected proposal indexes from the IPSec proposal pool listed below The selecting activity is performed by selecting a proposal ID and clicking add to button in the bottom of the page There are only four indexes can be chosen for the dedicated tunnel Remove button
28. B Ve 7 RE B A C Nn LevelOne WBR 3402TX 1W 4L 11g Wireless ADSL Router w VPN Printer Server USB User s Manual Table of Contents Chapter t MirogucnOnccescsssessorns ine T 4 Funcions ANG Feature iia 4 Packing Lis lerria N S 6 Chapter 2 Hardware Mstallatiolsssenin nels saneayedeuantanvaasnctagnasttanotvacen 7 PEP AVO ea A eeeeeccae seteanaines 7 2 Proceduretor Hardware Installa AON sorsien n a a anu ceeseedearvete 8 Chapter 3 Network Settings and Software Installation ccccccccecceececeeeeeeeeeeeeeeeeees 10 3 1 Make Correct Network Settings of Your Computer ccccccccccceeeeeeeeseeeeeees 10 3 2 Install the Software into Your Computers eeesseeesssssssssssseeerreressssssssssseseeeee l1 Chapter 4 Configuring ADSL Wireless Broadband Router ccccccccccceeeseeeeeeeeees 13 A botir up ANOS Mieri ee eatclelen St Maan alee Ech ladies ek eas 14 M SCAU S sects sauna ee tneciswaeaauo ane seneentaaaauon sues nee waaaauounedeueenbeas ance see stuewaagooanedeuenbeasanonners 15 es a AVA A 8 ere aR PE Ee E eee ee 16 A A TASC Se Na ae headers ga sachet taces a sas aGuaat a ias ed enh 17 Aa Forwardine RUNS aici cides cease E A 33 AO SECULICY S I E Sen r a a a soenonat neuen nae Whee 37 ROL Packet Pret arenneren aen T T TETEA 38 Ao Doman FO sa A a 42 JOS UREDB IOKIN ta E A shee tiaale vals 44 AOA MAC Address Contool ssaa a A ean eeseeeab ean 46 FOI VEN SCIT E oaa E n atl esins 48 B6
29. B no 56 offset Tx Output Power Offset This parameter allows user to reduce the Tx output power in the upstream direction The value should be ranged between 0 and 10 dBm Rx Output Power Offset This parameter allows user to reduce the Rx output power The value should be ranged between 0 and 10 dBm 57 4 7 2 System Time 9 O28 d a 9 3 mM H level Lt FOTITIO TI if One Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout Advanced Sel b ADSL Modem b System Time b System Log ltem Setting Dynamic ONS be gt SNMP Get Date and Time by NTP Protocol Suisse p Time Server Time Zone GMT 08 00 Pacific Time US amp Canada E gt Set Date and Time using PC s Date and Time aM 11 05 2004 15 36 51 Time set Date and Time manually Hou Fis 0 23 Min ute E Secon W2 ME O1 08 2004 15 36 31 Get Date and Time by NTP Protocol Selected if you want to Get Date and Time by NTP Protocol Time Server Select a NTP time server to consult UTC time Time Zone Select a time zone where this device locates Set Date and Time manually Selected if you want to Set Date and Time manually Function of Buttons Sync Now Synchronize system time with network time server 58 4 7 3 System Log Q 8B a a3 5 Swm A level Vi one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Se
30. IPSec proposals and the selecting from the set of IPSec proposals Basic setup Local subnet The subnet of LAN site of local VPN gateway It can be a host a partial subnet and the whole subnet of LAN site of local gateway 49 Local netmask Local netmask combined with local subnet to form a subnet domain Remote subnet The subnet of LAN site of remote VPN gateway it can be a host a partial subnet and the whole subnet of LAN site of remote gateway Remote netmask Remote netmask combined with remote subnet to form a subnet domain of remote end Remote gateway The IP address of remote VPN gateway Pre shared key The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways Function of Buttons Select IKE proposal Click the button to setup a set of frequent used IKE proposals and select from the set of IKE proposals for the dedicated tunnel proposals for the dedicated tunnel Select IPSec proposal Click the button to setup a set of frequent used IPSec proposalsand select from the set of IKE proposals for the dedicated tunnel O48 4 9401 4m a level one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Security Settig gt Packet Filters gt Domain Filters gt URL Blocking Setting aa Control IKE Proposal index Empty gt Miscellaneous ID Proposal N
31. Proposal i marked with dont take effective until rebooting VPN Settings Tunnel 1 IKE Tunnel 1 Local Subnet 192 168 123 0 Local Netmask 255 255 255 0 Remote Subnet 192 168 1 1 Remote Netmask 255 255 255 255 Remote Gateway 192 168 1 1 Preshare Key my preshare key 130 0 AAAI awm EH level y LOOTO LIIALIOTN one Status Wizard Basic Setting Forwarding Rules Secuity Setting Actarteed Setting Toolbox Logout Security Settig Packet Filters b Domain Filters gt MAC Address Control ltem Setting lt a IKE Proposal index b Miscellaneous l Bal Froposal Name OH Group Encrypt algorithm Auth algorithm Life Time Life Time Unit Croup 2 OV 2 2004 15 33 57 oa J Cc VPN Settings Tunnel Set IKE Proposal ID 1 Proposal Name 1 DH Group Group2 Encrypt Algorithm 3DES Auth Algorithm SHA1I Life Time 10000 Life Time Unit Sec 131 92 4 834 5 4H 2 level je T fi i Status Wizards Basic Setting Forwarding Rules Secu Setting SI AURP Settings Poni he o eddol one Security Settig gt Packet Filters gt Domain Filters gt MAC Address Control ltem Setting gt VPN A z SW heeelleaeaile IPSec Proposal index L Remove ID Proposal Mame DH Group Encap En ry ae Auth T Life Time Life Time protocol algarithrn algorithm Init ooo m Sec None ZI EsP None zio Sec Nene I ESP None o Sec
32. algorithm DES Configure Generate a new key every 10000 seconds Click OK button 109 F Edit Rule Properties x IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trusti established between computers These authentication methods are offered and accepted when negotiating security with another computer Authentication method preference order l Details Freshared Key mvpresharedkey Move up Move dowr select Authentication Methods page click Add button 110 Edit Authentication Method Properties Authentication Method The authentication method species how trust i established between the computers Active Directory default Kerberos W5 protocol Use a certificate from this certification authority CA a Use this string preshared key mypresharedkey select Use this string to protect the key exchange preshared key and enter your preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting 111 F Edit Rule Properties x IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type The tunnel endpoint is the tunneling computer closest to the IF traffic destination as specihed by the associated IF filter list It takes two rules to describe an Pec tunnel
33. ame DH Group Encrypt algorithm Auth algorithm Life Time Life Time Unit 11 10 2003 17 12 12 Proposal ID Add to Proposal index Save Undo Back Help 50 eVPN Settings Set IKE Proposal IKE Proposal index A list of selected proposal indexes from the IKE proposal pool listed below The selecting activity is performed by selecting a proposal ID and clicking add to button in the bottom of the page There are only four indexes can be chosen from the proposal pool for the dedicated tunnel Remove button beside the index list can remove selected proposal index before Proposal name It indicates which IKE proposal to be focused First char of the name with 0x00 value stands for the IKE proposal is not available e DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 Encryption algorithm There are two algorithms can be selected 3DES and DES Authentication algorithm There are two algorithms can be selected SHA1 and MDS Life time The unit of life time is based on the value of Life Time Unit If the value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 seconds If the value of unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways Its value ranges from 20 480 KBs to
34. an types Ethernet Over ATM RFC 1483 Bridged without NAT Ethernet Over ATM RFC 1483 Bridged with NAT IP over ATM RFC 1483 Routed Classical Ip over ATM RFC 1577 PPP over ATM RFC 2364 PPP over Ethernet RFC 2516 Firewall All unwanted packets from outside intruders are blocked to protect your Intranet DHCP server supported All of the networked computers can retrieve TCP IP settings automatically from this product Web based configuring Configurable through any networked computer s web browser using Netscape or Internet Explorer Virtual Server supported Enables you to expose WWW FTP and other services on your LAN to be accessible to Internet users User Definable Application Sensing Tunnel User can define the attributes to support the special applications requiring multiple connections like Internet gaming video conferencing Internet telephony and so on then this product can sense the application type and open multi port tunnel for it DMZ Host supported Lets a networked computer be fully exposed to the Internet this function is used when special application sensing tunnel feature is insufficient to allow an application to function 4 correctly Statistics of WAN Supported Enables you to monitor inbound and outbound packets Wireless functions High speed for wireless LAN connection Up to 54Mbps data rate by incorporating Orthogonal Frequency Division Multiplexing OFDM Roaming Provides seamless roamin
35. ard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout one Basic Setting b Primary Setup gt OAM Setup b DHCP Server Ethernet Over ATM RFC 1483 Bridged without NAT gt Wireless P Change Password Ethernet Over ATM RFC 1483 Bridged with NAT Static IP amp Dynamic IP IF over ATM RFC 1483 Routed SCs li eae Classical IP over ATM RFC 1577 Static P Dynamic IP PPP over ATM RFC 2364 PPP over Ethernet RFC 2516 LTP Cancel OOF 2004 16 20 45 This page is primary to enable this product to work properly The setting items and the web appearance depend on the WAN type Choose correct WAN type before you start 1 LAN IP Address the local IP address of this device The computers on your network must use the LAN IP address of your product as their Default Gateway You can change it if necessary 2 WAN Type WAN connection type of your ISP You can click Change button to choose a correct one from the following five options A Ethernet Over ATM RFC 1483 Bridged without NAT Ethernet Over ATM RFC 1483 Bridged with NAT IP over ATM RFC 1483 Routed Classical IP over ATM REC 1577 PPP over ATM RFC 2364 ye wa a PPP over Ethernet RFC 2516 3 Data Encapsulation Two data encapsulation type are supported LLC and vc MUX It is specified by your ISP Once you finished above settings click on the Advanced Setting button to another page for further con
36. ccessful Back Retesh 05 13 2003 17 05 55 You can View system log by clicking the View Log button I2 4 8 2 Firmware Upgrade QO da 09 5 45 8 level tC onnovration one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Toolbox b View Log b Firmware Upgrade b Backup Setting b Reset to Default b Reboot gt Miscellaneous Current firmware version is R1 01b1 The upgrade procedure takes about 20 seconds Note Do not power off the unit when it is being upgraded V Yhen the upgrade is done successfully the unit will be restarted automatically 05 13 2003 17 05 55 You can upgrade firmware by clicking Firmware Upgrade button 73 4 8 3 Backup Setting File Download You are downloading the File config bin From 192 168 123 254 Would wou like to open the file or save tt to pour computer i Save Cancel More Info Always ask before opening this type of file You can backup your settings by clicking the Backup Setting button and save it as a bin file Once you want to restore these settings please click Firmware Upgrade button and use the bin file you saved 4 8 4 Reset to default Microsoft Internet Explorer x 2 Reset all setting to default i Cancel You can also reset this product to factory default by clicking the Reset to default button 4 8 5 Reboot 2 Reboot right now You can also reboot this product b
37. ced Setting Toolbox Logout Basic Setting z b Prirnary Setup gt OAM Setup p gt DHCP Server ltem Setting gt Wireless LAN IF Address 192 168 123 254 b Change Password Ra A TWAN Type RFC1483 Bridge Mode with NAT WARD IP Wlode Static IP Address WAN IP Address 0 0 0 0 WAN Subnet Mask 0 0 0 0 A YA A M GS at E a y a Primary DNS b 2 TE ry DNS 0 0 0 0 01 07 2004 18 30 44 me s MAC Address FF FF FF FF FF FF Clone MAC d agapsulation gt d p irtual Computer fe doesnt take effective until rebooting Dynamic IP Address Obtain an IP address from ISP automatically Host Name optional Required by some ISPs for example Home 1 Renew IP Forever this feature enables this product to renew your IP address automatically when the lease time is expiring even when the system is idle 21 PETA 8 4 a4 3 Sm 2 level j as 7 r g tC ONTTIOUVsalion one Status Wizard Basic Setting Forwarding Rules Secuity Setting Artet Setting Toolbox Logout Basic Setting b Primary Setup gt OAM Setup 7 gt DHCP Server ltem gt Wireless ares l b Change Password pC LAN IP Address 192 168 123 254 WAN Type RFC1463 Bridge Mode with HAT WAN IP Mode Dynamic IP Address S WAN s MAC Address k Renew IP Forever Ed Enable Ayto reconnect b Data Encapsulation jce l LPI Number o SSP Number 0107 2004 16 36 47 7 UER Setting Ehange doesnt take effective until rebooting
38. e To delete the schedule rule and the rule of the rules behind the deleted one will decrease one automatically Schedule Rule can be apply to Virtual server and Packet Filter for example Exanplel Virtual Server Apply Rule 1 ftp time everyday 14 10 to 16 20 0 AAAI am H level i 3 l T i i ii P l l Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout one Forwarding gt Virtual Server P Special AP gt Miscellaneous Service Ports Server IP Enable Use Ruled Iv 152 168 123 192 166 123 192 165 123 192 165 123 192 160 123 192 166 123 192 165 123 192 156 123 O19 2004 16 02 45 192 168 123 152 168 123 1952 166 123 DJ E E E E G E E Ett 192 168 123 ME Ae select one SEER Always T 69 Copy to ID A Exanple2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20 CECA 8 4 a4 SH 2 level Le JFL d y m Po i one Status Wizards Basic Setting Forwarding Rules Secuity Settings LLL Al Toolbox HTa i Security Settig gt Packet Filters gt Domain Filters gt MAC Address Control ltem Setting b YPN b Miscellaneous Outbound Filter l Enable Allow all to pass except those match the following rules Deny all to pass except those match the following rules Source IP Ports Destination IP Ports Enable Use Rule SS SS m
39. e Rule Host Name E F aSSwo rg H ke Y 0109 2004 15 37 35 To host your server on a changing IP address you have to use dynamic domain name service DDNS So that anyone wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS click the check box next to Enable in the DDNS field Next you can enter the appropriate information about your Dynamic DNS Server You have to define Provider Host Name 61 Username E mail Password Key You will get this information when you register an account on a Dynamic DNS server Example DDNS fal Enable gt Provider DynDNS org Dynamic Host Name user dyndns org Username E mail User F Password Key After Dynamic DNS setting is configured click the save button 62 4 7 5 SNMP Setting 98 a a3 Swm A level L fF TVPT OL Prewitt one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout Advanced gt ADSL Modem b System Time gt System Log item setting gt Enable SNMP Ed Local Ml Remote gt Routing a b Schedule Rule T i ea E ET 0109 2004 15 37 57 In brief
40. ection Type What do you wantto do 133 3 Choose Virtual Private Network New Connection Wizard Network Connection How do you wantto connectto the network at your workplace Create the following connection C Dial up connection Connect using a modem and a regular phone line or an Integrated Services Digital Network SDN phone line Connect to the network using a virtual private network VPN connection over the Internet lt Back Heds Cancel fee 4 Do not dial to initial connection New Connection Wizard Public Network Windows can make sure the public network is connected first Windows can automatically cial the initial connection to the Internet or other public network before establishing the virtual connection Do not dial the initial connection C Automatically cial this initial connection el J 134 5 Input the router wan ip address New Connection Wizard YPN Server Selection What is the name or address of the VPM server Type the host name or Internet Protocol IP address of the computer to which you are connecting Hostname or IF address for example microsoft com or 157 54 0 1 3 PPTP Server IP Address Cancel Username Save this username and password for the following users ee only G Amone whio uses tis computer Help 135 7 Select the type of VPN ole PPTP Properties Automatic L2TP IPSec VPN ee i
41. ecuity Setting Advanced Setting Toolbox Logout Security Settig b Packet Filters Domain Filters se pee item setting t i gt a F Domain Filter E Enable gt Log DNS Query Enable z O Privilege IP Addresses Range From po To boo o 1D Domain Suffix Action Enable E DOrop W Log m a W Drop W Log d 1 Crop E Mi Crop IE W Crop W Log W Crop W Log 1 pona IE 1 pora E Woe Blog all others Wi Drop Wi Log qa012003 19 15 27 Domain Filter let you prevent users under this device from accessing specific URLs Domain Filter Enable Check if you want to enable Domain Filter Log DNS Query Check if you want to log the action when someone accesses the specific URLs Privilege IP Addresses Range Setting a group of hosts and privilege these hosts to access network without restriction Domain Suffix A suffix of URL to be restricted For example com xxx com Action When someone is accessing the URL met the domain suffix what kind of action you want Check drop to block the access Check log to log these access Enable Check to enable each rule 42 Example PECA 8 4 a4 5 S4m B level L OTITIOIYSLIon one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout a Security Settig Packet Filters Domain Filters gt MAC Address Control ltem Setting b VPM b Miscellaneous Domain Filter U Enable Log DNS Query
42. el 2 Double click Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab of the Network window Network ki Ei Configuration Identification Access Control The following network components are installed BS PCI Fast Ethemet DEC 21140 Based Adapter 7S NetBEUI gt Dial Up Adapter MetBEUI gt PCI Fast Ethernet DEC 21140 Based Adapter 4 TCPAP gt Dial Up Adapter TCP IP PCI Fast Ethernet DEC 21140 Based Adapter m File and printer sharing for Microsoft Networks Add Remove Properties Primary Network Logor Clhent for Microsoft Networks File and Print Sharing Description TCP IP ts the protocol you use to connect to the Internet and wide area networks 3 Click Properties button to set the TCP IP protocol for this NAT Router 4 Now you have two setting methods 93 a Select Obtain an IP address automatically in the IP Address tab TCP IP Properties 94 c Choose Disable DNS in the DNS Configuration tab CPAP Properties E E Gateway WINS Configuration IP Address nosh Waniehin WHS Seiten seanci Waer ETT P _ Danai suhe satire Olpelap eT intl a B Configure IP manually a Select Specify an IP address in the IP Address tab The default IP address of this product is 192 168 123 254 So please use 192 168 123 xxx xxx is between 1 and 253 for IP Addres
43. er Inbound Packet Filter setting is configured click the save button Outbound Filter To enable Outbound Packet Filter click the check box next to Enable in the Outbound Packet Filter field Example 1 40 ltem Setting gt Outbound Filter El Enable Allow all to pass except those match the following rules O Deny all to pass except those match the following rules Use Rule ID Source IP Ports Destination IP Ports Enable T 100 192 169 123 149 8 a 5 110 Gi egg 10 192 166 125 20 m 192 168 123 100 192 168 123 149 They are allowed to send mail port 25 receive mail port 110 and browse Internet port 80 port 53 DNS is necessary to resolve the domain name 192 168 123 10 192 168 123 20 They can do everything block nothing Others are all blocked Example 2 ltem Setting gt Outbound Filter v Enable 2 Allow all to pass except those match the following rules Deny all to pass except those match the following rules Use Source IP Ports Destination IP Ports Enable Rule Ei 100 192 168 123 119 lt 100 192 165 123 119 Ed mi m m 192 168 123 100 192 168 123 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are allowed After Outbound Packet Filter setting is configured click the save button 4 4 6 2 Domain Filter e Q AAA a eE level one Status Wizard Basic Setting Forwarding Rules S
44. et in the proposal pool At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list Function of Buttons Add to button Click it to add the chosen proposal indicated by proposal ID to IPSec Proposal index list The proposals in the index list will be used in phase 2 of IKE negotiation for getting the IPSec SA of dedicated tunnel 53 4 6 6 Miscellaneous Items Ob a Qa4 3 GmM 2 level re Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Security Settig gt Packet Filters gt Domain Filters re a Item Setting Enable ontro b YPN Remote Administrator Host Port 0 0 0 0 i J b Miscellaneous Administrator Time out eco seconds 0 to disable Discard PING from WWAN side E Save Undo f rer 11 10 2003 17 12 59 Remote Administrator Host Port In general only Intranet user can browse the built in web pages to perform administration task This feature enables you to perform administration task from remote host If this feature is enabled only the specified IP address can perform remote administration If the specified IP address is 0 0 0 0 any host can connect to this product to perform administration task You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted
45. etermine which physical interface address to use for outgoing IP data grams If you have more than one routers and subnets you will need to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other Routing Table settings are settings used to setup the functions of static and dynamic routing RIP Enable Check to enable RIP function Static Routing For static routing you can specify up to 8 routing rules You can enter the destination IP address subnet mask gateway hop for each routing rule and then enable or disable the rule by checking or unchecking the Enable checkbox 65 Example W Enable Enable I Destination Subnet Mask Gateway 192 168 5 0 255 255 255 0 152 166 1 33 192 168 5 0 255 255 255 0 192 165 1 56 e save Help Seren Gt change takes effective immediately 197 16811 192 160 123 192 168 1 55 YOUL other other Device gateway gateway 192 168 123 254 192 168 2254 192 108 5 254 192 168 123 1 192 1608 3 65 197 168 577 So if for example the host wanted to send an IP data gram to 192 168 3 88 it would use the above table to determine that it had to go via 192 168 1 33 a gateway And if it sends Packets to 192 168 5 77 will go via 192 168 1 55 Each rule can be enabled or disabled individually After routing table setting is configured click the save button 66 4 7 7 Schedule Rule 5 0B 8 H3 am A leve
46. ferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT router The Special Applications feature allows some of these applications to work with this product If the mechanism of Special Applications fails to make an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall This product provides some predefined settings Select your application and click Copy to to add the predefined setting to your list Note At any given time only one PC can use each Special Application tunnel 35 4 5 3 Miscellaneous Items e OF 4 Q aG sm level TI sT A ay Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout one Forwarding b Virtual Server gt Miscellaneous h Item Setting Enable gt IP Address of DMZ Host 192 160 1 23 i W Enable t gt Non standard FTP port UPnP Setting O Enabled Disabled O10 2004 19 00 57 IP Address of DMZ Host DMZ DeMilitarized Zone Host is a host without the protection of firewall It allows a computer to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications
47. figurations 19 4 4 1 1 Ethernet Over ATM RFC 1483 Bridged without NAT 8 4 a3 5 SH level Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout one Basic Setting gt Primary Setup gt OAM Setup P Wireless ltem Setting P Change Password S LAN IF Address 192 168 123 254 WAN Type RFC1483 Bridge Mode without NAT gt Data Encapsulation we VPI Number gt VCI Number gt Schedule type ae change doesnt take effective until rebooting OOF 2004 18 30 03 This WAN type disable the NAT this device becomes a pure bridge between your LAN and WAN all the clients in your LAN must have legal IPs If you enable the NAT feature you have to set the following WAN IP settings WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are also specified by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate Once you finished the required configuration you must click on the Save button to save the configuration into Flash memory and the reboot this device 20 4 4 1 2 Ethernet Over ATM RFC 1483 Bridged with NAT e 00AIN am E level 4 ora Ou Gl ARa one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advan
48. g within the IEEE 802 11b 11M and IEEE 802 11g 54M WLAN infrastructure IEEE 802 11b compatible 11M Allowing inter operation among multiple vendors IEEE 802 11g compatible 54M Allowing inter operation among multiple vendors Auto fallback 54M 48M 36M 24M 18M 12M 6M data rate with auto fallback in 802 11g mode 11M 5 5M 2M 1M data rate with auto fallback in 802 11b mode Security functions Packet filter supported Packet Filter allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination Domain Filter Supported let you prevent users under this device from accessing specific URLs URL Blocking Supported URL Blocking can block hundreds of websites connection by simply a keyword VPN Servers The router has three vpn server IPSEC Dynamic vpn PPTP L2TP VPN Pass through The router also supports vpn pass through 02 1X supported When the 802 1 X function is enabled the Wireless user must authenticate to this router first to use the Network service SPI Mode Supported When SPI Mode is enabled the router will check every incoming packet to detect if this packet is valid DoS Attack Detection Supported When this feature is enabled the router will detect and log the DoS attack comes from the Internet Advanced functions System time Supported Allow you to synchronize system time with network time se
49. i 7 z Internet Protocol TCPIP i File and Frinter Sharing for Microsoft Networks hr El Client for Microsoft Networks Lie tell Then the steps refer to pptp settings 138 Appendix D 802 1x Setting PC USER A N I Ma A No Wireless uin PC 2 ir Wired LAN USER B 192 RCE 123 254 i Authentication Server Windows 2000 Radius server 192 168 123 533 Figure 1 Testing Environment Use Windows 2000 Radius Server 1 Equipment Details PCI Microsoft Windows XP Professional without Service Pack 1 D Link DWL 650 wireless LAN adapter Driver version 3 0 5 0 Driver date 03 05 2003 PC2 Microsoft Windows XP Professional with Service Pack la Z Com XI 725 wireless LAN USB adapter Driver version 1 7 29 0 Driver date 10 20 2001 Authentication Server Windows 2000 RADIUS server with Service Pack 3 and HotFix Q313664 Note Windows 2000 RADIUS server only supports PEAP after upgrade to service pack 3 and HotFix Q313664 You can get more information from Configuration 1 Enable DHCP server 2 WAN setting static IP address 139 3 LAN IP address 192 168 123 254 24 4 Set RADIUS server IP 5 Set RADIUS server shared key 6 Configure WEP key and 802 1X setting The following test will use the inbuilt 802 1X authentication method such as EAP_TLS PEAP_CHAPv2 Windows XP with SPI only and PEAP_TLS Windows XP with SPI only using the Smart Card or other Certificate of the Window
50. imply a keyword URL Blocking Enable Checked if you want to enable URL Blocking URL If any part of the Website s URL matches the pre defined word the connection will be blocked For example you can use pre defined word sex to block all websites if their URLs contain pre defined word sex Enable Checked to enable each rule 44 e 2 4 Q a4 2 S m e level Lt OTITIOUrarinn one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout i Security Settig b Packet Filters b Domain Filters URL Blocking b MAC Control b Miscellaneous ltem setting gt URL Blocking Enable Enable m a O a E E a e o lt i lt i girl erotica game AHORA OE 19 19 20 Help Save In this example 1 URL include sex will be blocked and the action will be record in log file 2 URL include erotica will be blocked but the action will be record in log file 3 URL include girl will not be blocked but the action will be record in log file 4 URL include game will be blocked but the action will be record in log file 45 4 6 4 MAC Address Control 8 4 a3 SmH 2 level Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout one Security Settig gt Packet Filters b Domain Filters b MAC Address Control Item Setting WAC Address Control
51. installation CD ROM into the CD ROM drive The following window will be shown automatically If it isn t please run install exe on the CD ROM Install Print Server User s Manual Exit Step 2 Click on the INSTALL button Wait until the following Welcome dialog to appear and click on the Next button om Welcome to the Print Server Setup program This a program will install Print Server on your computer itis strongly recommended that you exit all Windows programs before running this Setup program Click Cancel to quit Setup and then close any programs you have running Click Next to continue with the Setup program WARNING This program is protected by copyright law and international treaties Unauthorized reproduction or distribution of this program or any portion of it may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under law Cancel l1 Step 3 Select the destination folder and click on the Next button Then the setup program will begin to install the programs into the destination folder Step 4 When the following window is displayed click on the Finish button Select the item to restart the computer and then click the OK button to reboot your computer To make broadband router workable for you please remember rebootingyour computer Step 4 After rebooting your computer the software installation procedure is finished
52. inter connected to the printer port of this product as server printer On a Windows 95 98 platform open the Printers window in the My Computer menu es File Edt View Help Add Printer HP Laserjet HPLaserett BL PCL Chinese 4 object s A Now yon can configure the print server of this product 76 Find out the corresponding icon of your server printer for example the HP LaserJet 6L Click the mouse s right button on that icon and then select the Properties item HP Lasewet 6L PCL Properties 11 2 Click the Details item HP Lasewet 6L PCL Properties Ei E4 General Detalls Sharing Paper Print Quality Fonts Device Options a Tm TE arg HP Lazenlet EL PCL Print to the following port PAT mate All in 1 Add Port Delete Pott Print using the Following driver HF Laserlet 6L PCL New Driver Capture Printer Port End Capture Timeout settings Mot selected Seconds Transmission retry 45 Seconds Spool Settings Fort Settings Cancel Apply Help 3 Choose the PRTmate All in 1 from the list attached at the Print To item Be sure that the Printer Driver item is configured to the correct driver of your server printer 4 Click on the button of Port Settings Printer Position Enter the Product s IF OK 192 168 123 254 Cancel Type in the IP address of this product and
53. inter name is Ip In X Windows for example In Redhat Platforms Please follow the below steps to configure your printer on Red Hat 9 0 1 Start from the Red Hat gt System Setting gt Printing a era _ Aires FALAT E f ia E jf al te ee amp Printing HER cme Root configure printers SS gio pam GIRA at ij fa Ee T mn iB EFA a LRF Bs SANH j 1 a ENE aa QAR iy mag TE meena a EF E hi likar 3 SSH ERS ee bu Ph HF la HE a 9 Qae e iM wate Q ean Ba TERRA i Ae i SHE A HERM root foramit var spool 85 2 Click Add gt Forward TELL PP oer eA Le a A dE PT SEE Bea HE fe at a LSet TEEPE 3 Enter the Pinter Name Comments then forward RAMA 3a AT PE Se PEE iA AMRAM Ae 88 pia A TAFIL T BH fp BRADS RH GARR A E REEN REA Ee LI A HD eam E 86 4 Select LPD protocol and then forward apr miei x Novell NCP HERRN JetDirect G arenga BATEO 5 Enter the router LAN IP Address and the queue name lp Then forward Pry Si N e as w ee E paepe A Ho T wr TATER MEAT SRSA APESAR UNIX LPD 87 6 Select the Printer Brand and Model Name Then Forward Fi in IT f MX SRAM INE MSEE LETEN ah CURRAN M roster io MA LaserJet 2100 LaserJet 7100M LaserJet 20D k Bw amo ame K erara
54. ion introduces you how to install TCP IP protocol into your personal computer And suppose you have been successfully installed one network card on your personal computer If not please refer to your network card manual Moreover the Section B 2 tells you how to set TCP IP values for working with this NAT Router correctly A 1 Install TCP IP Protocol into Your PC 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon and select Configuration tab in the Network window 3 Click Add button to add network component into your PC 4 Double click Protocol to add TCP IP protocol Select Network Component Type Ei ES Add Cancel Click the type of network component you want to install o Protocol ts a language a computer uses Computers o must use the same protocol to communicate 91 5 Select Microsoft item in the manufactures list And choose TCP IP in the Network Protocols Click OK button to return to Network window Select Network Protocol a Banyan Fi Fast Infrared Protocol p a IBM 78 Pes SPes compatible Protocol Microsoft T3 Microsoft 32 bit DLC Microsoft OLE X NetBEUI 6 The TCP IP protocol shall be listed in the Network window Click OK to complete the install procedure and restart your PC to enable the TCP IP protocol 92 A 2 Set TCP IP Protocol for Working with NAT Router 1 Click Start button and choose Settings then click Control Pan
55. irmware Upgrade 1 1 1 92 168 12 12 IP unreachable 4 If you can find one device and unreachable You must setup the same submask For example configure the PC IP address to 192 168 12 xxx 5 Click Upgrade Button and to upgrade the firmware smoothly 6 If successfully please use Reset Button reset to default the router If failed the program will ask to redo again from Step 2 146
56. ivate the default response rule check box and click Next button Click Finish button make sure Edit check box is checked 100 i to_vpn_router Properties Rules General ain m Security rules for communicating with other computers IF Security rules P Filter List Filter Action Authentication Souler Require a ecurit E Preshared Key router p Require Security Preshared Kep C Dynamic Detault Response kerberos Add Edit Remove Use Add Wizard Apel Build 2 Filter Lists xp gt router and router gt xp Filter List 1 xp gt router In the new policy s properties screen select Use Add Wizard check box and then click Add button to create a new rule 101 F Edit Rule Properties x Authentication Methods Tunnel Setting Connection Type IF Filter List Filter Action The selected IF filter list species which network traffic will be affected by this rule IF Filter Lists 1 E o o AlICMP Traffic Matches all ICMF packets betw O AllIP Traffic Matches all IF packets from this O router xp ts p gt router Add Edit Remove rea click Add button 102 F E IP Filter List An F filter list is composed of multiple Alters In this way multiple subnets IF 4 addresses and protocols can be combined into one IP filter Hame ep gt router Description Remove Filters Use Add Wi
57. ke based Platforms cccccccseeceeeeeeeeeeeeeeeeeeaeeeeeeeees 85 3 COMMUTING on Apple PE s cih cin cesses est A setae etass 90 Appendix A TCP IP Configuration for Windows 95 98 ccccecccecceeececeeeeeeeeeeeeeeeeeeees 91 Appendix B Win 2000 XP IPSEC Setting guide ccc cccccccccccecceceeeeceeeeeeeesseeeseeeeeeees 97 Appendix PPTP and L2TP Configurations a a a aeei 133 Appendix 6021X Sein sssri E E 139 Appendix E FAQ and TroubieshootiN aasia hdunmaamndietieancwscitendiaat 145 Reset to factor y Dorili AE 145 Fe i Bal 7 Co 6 lt erener Te TO 145 Chapter 1 Introduction Congratulations on your purchase of LevelOne WBR 3402 ADSL Wireless Broadband Router This product is specifically designed for Small Office and Home Office needs It provides a complete SOHO solution for Internet surfing and is easy to configure and operate even for non technical users Instructions for installing and configuring this product can be found in this manual Before you install and use this product please read this manual carefully for fully exploiting the functions of this product Functions and Features Router Basic functions Auto sensing Ethernet Switch Equipped with a 4 port auto sensing Ethernet switch Printer sharing Embedded a print server to allow all of the networked computers to share one printer Built in USB host to connect to USB printer for printer sharing Wan type supported The router supports some w
58. l ri i E dj g Tay T Baa Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout one Advanced gt ADSL Modem b System Time d eel ne Item Setting p Seal i gt Schedule l Enable b Routing Peschedule Rule w Ruled Rule Name Action Add New Rule 0109 2004 15 38 33 You can set the schedule time to decide which service at what time will be turned on or off Select the enable item Press Add New Rule You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configure FTP time as everyday 14 10 to 16 20 67 93 OF 0 9 40 5 am 2 gi 7 x One Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout O Advanced i kan E odem oF Schedule Rule Setting b System Time b System Log item Setting b Dynamic ONS 3 i i b SNMP Name of Rule 1 FTP time Routing P schedule Rule Week Day Start Time hh mm nd Time hh mm 0109 2004 15 39 56 Advanced BAST Maden Schedule Rule gt System Time b system Log Item Dynamic ONS os r gt SNMP schedule M Routing Schedule Rule Rulet Setting Rule Hame Action FTP time Add New Rule O1 0S 2004 15 40 47 68 Schedule Enable Selected if you want to Enable the Scheduler Edit To edit the schedule rule Delet
59. low all to pass except those match the following rules Deny all to pass except those match the following rules Use Rule i ID Source IP Ports Destination IP Ports Enable 1 l m TASAA slaps els Senne eee UU iAWways T ID A Packet Filter enables you to control what packets are allowed to pass the router Outbound filter applies on all outbound packets However Inbound filter applies on packets that destined to Virtual Servers or DMZ host only You can select one of the two filtering policies 1 Allow all to pass except those match the specified rules 2 Deny all to pass except those match the specified rules You can specify 8 rules for each direction inbound or outbound For each rule you can define the following e Source IP address e Source port address e Destination IP address e Destination port address e Protocol TCP or UDP or both e Use Rule 38 For source or destination IP address you can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 1 4 3 2 254 An empty implies all IP addresses For source or destination port you can define a single port 80 or a range of ports 1000 1999 Add prefix T or U to specify TCP or UDP protocol For example T80 U53 U2000 2999 No prefix indicates both TCP and UDP are defined An empty implies all port addresses Packet Filter can work with Scheduling Rules and give user more flexibility on Access control For De
60. move Filters Mirrored Description Protocol Source Patt Destination No ANY ANY ANY gt Cancel Enter a name such as router gt xp and dis select Use Add Wizard check box Click Add button 115 Filter Properties Addressing Protocal Description Source address IP Address 192 168 123 O subnet mask 255 255 255 Destination address lA specific IP Address IF address 192 168 1 Subnet mask 255 205 Z259 F Mirrored Also match packets with the exact opposite source and destination addresses In the Source address field select A specific IP Subnet fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 In the Destination address field select A specific IP Address and fill in IP Address 192 168 1 1 If you want to select a protocol for your filter click Protocol page 116 Filter Properties mi sp tL 5 F mea Set tne te protocol pork r 4 m Sate ee at Pe TOOT oat pay Loany port o othe port Click OK button Then click OK button on IP Filter List window 117 F mi p AE Connection Type Filter Action Edit Rule Properties Authentication Methods Tunnel Setting IF Filter List The selected filter action species whether this rule negotiates for secure network traffic and how it will secure the traffic Filter Actions Description Pernt unsecured IP packets to Accepts unsecured c
61. ncryption key by system managers manually However IKE approach will perform automatic Internet key exchange 48 System managers of both end gateways only need set the same pre shared key Function of Buttons More To setup detailer configuration for manual key or IKE approaches by clicking the More button e O48 4 94 15 4m 2 level one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Security Settig gt Packet Filters gt Domain Filters gt URL Blocking Item are b MAC Control b VPN Tunnel Name gt Miscellaneous Local Subnet Local Netmask Remote Subnet Remote Netmask Remote Gateway EDreshare Key gt Proposal index Select IKE Proposal gt g Proposal index Select IPSec Proposal Save Back Help No change 11 10 2003 17 10 46 eVPN Settings IKE There are three parts that are necessary to setup the configuration of IKE for the dedicated tunnel basic setup IKE proposal setup and PSec proposal setup Basic setup includes the setting of following items local subnet local netmask remote subnet remote netmask remote gateway and pre shared key The tunnel name is derived from previous page of VPN setting IKE proposal setup includes the setting of a set of frequent used IKE proposals and the selecting from the set of IKE proposals Similarly PSec proposal setup includes the setting of a set of frequent used
62. ocol you can use the ping command to check if your computer has successfully connected to this product The following example shows the ping procedure for Windows 95 platforms First execute the ping command ping 192 168 123 254 If the following messages appear Pinging 192 168 123 254 with 32 bytes of data Reply from 192 168 123 254 bytes 32 time 2ms TTL 64 a communication link between your computer and this product has been successfully established Otherwise if you get the following messages Pinging 192 168 123 254 with 32 bytes of data Request timed out There must be something wrong in your installation procedure You have to check the following items in sequence 1 Is the Ethernet cable correctly connected between this product and your computer Tip The LAN LED of this product and the link LED of network card on your computer must be lighted 2 Is the TCP IP environment of your computers properly configured Tip If the IP address of this product is 192 168 123 254 the IP address of your computer must be 192 168 123 X and default gateway must be 192 168 123 254 10 3 2 Install the Software into Your Computers Skip this section if you do not want to use the print server function of this product Notice If you are using Windows 2000 XP please refer to Chapter 5 Printer 5 3 Configuring on Windows 2000 and XP Platforms It is not necessary to setup any program and the print server can work Step 1 Insert the
63. oduct with your printer Use the printer cable to connect your printer to the USB printer port of this product 5 Power on Connecting the power cord to power inlet and turning the power switch on this product will automatically enter the self test phase When it is in the self test phase the indicators STATUS will be lighted ON for about 10 seconds and then STATUS will be flashed 3 times to indicate that the self test operation has finished Finally the STATUS will be continuously flashed once per second to indicate that this product is in normal operation Chapter3 Network Settings and Software Installation To use WBR 3402 correctly you have to properly configure the network settings of your computers and install the attached setup program into your MS Windows platform Windows 95 98 NT 2000 3 1 Make Correct Network Settings of Your Computer The default IP address of this product is 192 168 123 254 and the default subnet mask is 255 255 255 0 These addresses can be changed on your need but the default values are used in this manual If the TCP IP environment of your computer has not yet been configured you can refer to Appendix A to configure it For example 1 configure IP as 192 168 123 1 subnet mask as 255 255 255 0 and gateway as 192 168 123 254 or more easier 2 configure your computers to load TCP IP setting automatically that is via DHCP server of this product After installing the TCP IP communication prot
64. ommunicat Accepts unsecured communicat Name _ O Perit Request Security Optional Require Security Add Edit Remove M Use Add wizard select Filter Action tab select Require Security then click Edit button 118 Require Security Properties x Security Methods General C Permit C Block Negotiate security Security method preference order H Integity ESP Confidential ES Add Moner DES Mone 3DES Edit Mone J3DES Mone DES Remove None gt DES Move down Accept unsecured communication but always respond using IPSec Allow unsecured communication with non lPSec aware computer iW Session key perfect forward secrecy PFS select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button 119 New Security Method select Custom button 120 F Custom Security Method Settings Specify the settings for this custom security method SUE Data and address integrity without encryption AH W Data integrity and encryption ESF Integrity algorithrn y erat Encryption algorithm IDES M Session key settings Generate a new key every iW Generate a new key every nee Kbytes 1 oooi seconds canes Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key
65. onfiguration you must click on the Save 24 button to save the configuration into Flash memory and the reboot this device 4 4 1 5 PPP over ATM RFC 2364 8 4 a4 Sm t onnecuraiion one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox tC Logou 7 Basic Setting b Frimary Setup gt OAM Setup gt DACP Server Hain a b Wireless TE l b Change Password LAN IF Address 192 168 123 254 WAN Type ewig Change TA PPPoA Account gt PPPoA Password l2 Maximum Idle Time seconds M Auto reconnect gt Data Encapsulation 01072004 18 39 59 khange doesnt take effective until rebooting Press More gt gt 23 EETA 8 4 a4 3 Sm 2 level i 3 j 1 j one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout Basic Setting b Frimary Setup gt OAM Setup DHCP Server ltem Setting b Wireless ER T gt Change Password LAN IP Address 192 168 123 254 OVA DY Type EPPA Account T E gr D i ou Liar D PPPoA Password l Maximum Idle Time seconds M Auto reconnect gt PPPoA Serice Name optional dees signed IP Address optional gta Encapsulation 01 07 2004 18 40 58 i DJ m Co PPPoA Account Password The account ID amp password provided by your ISP Maximum Idle Time The time of no activit
66. p 4 When you enable the 128 or 64 bit WEP key security please select one WEP key to be used and input 26 or 10 hexdecimal 0 1 2 8 9 A B F digits 7 Pass phrase Generator Since hexadecimal characters are not easily remembered this device offers a conversion utility to convert a simple word or phrase into hex 6 802 1X Setting 802 1X CheckBox was used to switch the function of the 802 1X When the 802 1 X function is enable the Wireless user must authenticate to this router first to use the Network service RADIUS Server IP address or the 802 1 X server s domain name RADIUS Shared Key Key value shared by the RADIUS server and this router This key value is consistent with the key value in the RADIUS server 31 ane Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Basic Setting E Primary Setup 027 1 Setting b OAM Setup p DACP Server gt oga 1 Enable b Wireless ERE AL a gt Change Password 64 bits gt Encryption Key Length B oo p MEN PUAN REY UIE 125 bits gt BADIUS Server gt PADIUS Shared key 01707 2004 16 56 17 4 4 5 Change Password R 2 Q5G 54m E ETE one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Basic Setting b Primary Setup Change Password gt OAM Setup b DACP Server ltem setting b Wireless P Change Password Old Password
67. rd Basic Settings Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout gt Packet Filters gt Domain Filters gt URL Blocking Item Setting i wee capim VPN Enable gt VPN oO Teveeeensesen b Miscellaneous Max number of tunnels Method KE a KE If More KE More KE More KE More Tunnel Name Save Undo Dynamic YPN Settings Help lt lt Previous 11 10 2003 17 10 29 VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms e VPN enable item VPN protects network information from 111 network inspectors But it greatly degrades network throughput Enable it when you really need a security tunnel It 1s disabled for default e Max number of tunnels item Since VPN greatly degrades network throughput the allowable maximum number of tunnels is limited Be careful to set the value for allowing the number of tunnels can be created simultaneously Its value ranges from to 5 e Tunnel name Indicate which tunnel that is focused now e Method IPSec VPN supports two kinds of key obtained methods manual key and automatic key exchange Manual key approach indicates that two end VPN gateways setup authenticator and e
68. red communicat Name _ O Perit Request Security Optional Require Security Add Edit Remove M Use Add wizard select Filter Action select Require Security then click Edit button 106 Reguire Security Properties Security Methods General C Permit C Block Negotiate security Secunty method preference order Type AH Integrity ESP Confidential ES Add Custom lt Mone gt DES Custom Mones 3DES Edt Custom None SIDES Custom None gt DES Remove Custom Mone DES pr T i q i aA eer Accept unsecured communication but always respond using IPSec Allow unsecured communication with non lPSec aware computer W Session key perfect forward secrecy PFS cancel select Negotiate security Select Session key Perfect Forward Secrecy PFS click Edit button 107 Mew Security Method select Custom button 108 F Custom Security Method Settings Specify the settings for this custom security method SUE Data and address integrity without encryption AH W Data integrity and encryption ESF Integrity algorithrn MDS Encryption algorithm IDES M Session key settings Generate a new key every iW Generate a new key every nee Kbytes 1 oooi seconds canes Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption
69. rver E mail Alert Supported The router can send its info by mail Dynamic dns Supported At present the router has 3 ddns dyndns TZO com and dhs org SNMP Supported Because SNMP this function has many versions anyway the router supports V1 and V2c Routing Table Supported Now the router supports static routing and two kinds of dynamic routing RIP1 and RIP2 Schedule Rule supported Customers can control some functions like virtual server and packet filters when to access or when to block Other functions UPNP Universal Plug and Play Supported The router also supports this function The applications X box Msn Messenger Packing List WBR 3402 Wireless ADSL Router unit Installation CD ROM Power adapter CAT 5 UTP Fast Ethernet cable Chapter 2 Hardware Installation 2 1 Panel Layout 2 1 1 Front Panel EMEly POWER STATUS SH Time ADSL Act WLAN 2 amp one MWBR 3402A 1W AL 11g Wireless ADSL Router w VPN Printer Server Figure 2 1 Front Panel Power is being applied to this POWER Power indication Green On product This product is functioning STATUS System status Green Blinking properly Show tme ADSL status Green This router is trying to connect to Blinking your ISP The ADSL is sending or ADSL Act ADSL status2 Green Blinking receiving data Sending or receiving data via WLAN Wireless activity Green Blinking wireless o An active station is connected to n the corre
70. s XP Professional 3 DUT and Windows 2000 Radius Server Setup 3 1 1 Setup Windows 2000 RADIUS Server We have to change authentication method to MD5_Challenge or using smart card or other certificate on RADIUS server according to the test condition 3 1 2 Setup DUT 1 Enable the 802 1X check the Enable checkbox 2 Enter the RADIUS server IP 3 Enter the shared key The key shared by the RADIUS server and DUT 4 We will change 802 1 X encryption key length to fit the variable test condition 3 1 3 Setup Network adapter on PC 1 Choose the IEEE802 1X as the authentication method Fig 2 Note Figure 2 is a setting picture of Windows XP without service pack 1 If users upgrade to service pack 1 then they can t see MD5 Challenge from EAP type list any more but they will get a new Protected EAP PEAP option 2 Choose MD5 Challenge or Smart Card or other Certificate as the EAP type 3 If choosing use smart card or the certificate as the EAP type we select to use a certificate on this computer Fig 3 4 We will change EAP type to fit the variable test condition 140 Wireless Network Connection Properties Ed General wireless Networks Authentication Advanced Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 602 1 EAP tyr AMMA other Lerthcate 3 MO S Challenge Smart Card or other Certificate Authentica
71. s field and 255 255 255 0 for Subnet Mask field Bindings Adv 192 168 123 115 255 255 255 Ol 95 b In the Gateway tab add the IP address of this product default IP is 192 168 123 254 in the New gateway field and click Add button TCP IP Properties 192 168 123 254 c Inthe DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button TCPAP Properties O lt o B 168 95 192 1l 168 95 1 1 96 Appendix B Win 2000 XP IPSEC Setting guide Example Win XP 2000 gt VPN Router Configuration on WIN 2000 is similar to XP 1 On Win 2000 XP click Start button select Run type secpol msc in the field then click Run Goto Local Security Policy Settings page 2 Or in Win XP Click Control Pannel Fi LOntrol Panel e Edit View Favorites Tools Help T Eidi 7 wi F Search m Folders Address b Control Panel 7 bape BE Control Panel Cr Switch bo Classic view g Help and Support Double click Performance and Maintenance 97 E Performance and Maintenance File Edit View Favorites Tools Help Back T JO search gt Folders RFI Address G Ferformance and Maintenance See Also ia File Types E System Restore Troubleshooters 2 Startup and Shutdown Performance and Maintenance Pick a task gt See basic information about your computer gt Adjust visual effec
72. session You can also set it to zero or enable Auto reconnect to disable this feature If Auto reconnect is enabled this product will automatically connect to ISP after system is restarted or connection is dropped VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate pal PPPoE Service Name Optional Input the service name if your ISP requires it Assigned IP Address Optional Required by some ISPs Once you finished the required configuration you must click on the Save button to save the configuration into Flash memory and the reboot this device 4 4 2 OAM Server 3 O08 d 49a 4 5 am H level one Status Vizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout Basic Setting b DHCP Server b Wireless It 5 iti gt Change Password stb etting gt Activation De activation settin g W Enable gt Loopback setting W Enable 5 Fault Management setting E Enable me FMstate Normal lz ADstate Ready Refresh AD FM state OOF 2004 16 53 47 In this page you can set the OAM feature for virtual channel First click on the Enable or Disable circle for the settings of OAM Function Activation De activation Loopback and Fault Management individually Then click on the Save button to finish the configuration of the selec
73. sks x a Local Grea Connection jal Create a new gt Disabled connection rs 5 D Link DFE 530T PCI Fast Et Set up a home or small office network Figure 5 Authenticating 143 a Dx w s Network Connections mak Y Fie Edit wiew Favorites Tools Adwanced Help p pale gt pi Ka Search i Folders Bak A LAN or High Speed Internet Network Tasks 4 8 Local Area Connection DESEE aE Fa Create a new a Disabled uthentication succeed connection Lea D Link DFE S30T PCI Fast Eb i Eei i Set up a home or small office network Figure 6 Authentication success 4 2DUT authenticate PC2 using PEAP TLS 1 PC2 choose the SSID of DUT as the Access Point 2 Set authentication type of wireless client and RADIUS server both to PEAP_TLS 3 Disable the wireless connection and enable again 4 The DUT will send the user s certificate to the RADIUS server and then send the message of authentication result to PC2 5 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure 6 Terminate the test steps when PC2 get dynamic IP and PING remote host successfully Support Type Amit supports the types of 802 1x Authentication PEAP CHAPv2 and PEAP TLS Note 1 PC1 is on Windows XP platform without Service Pack 1 2 PC2 is on Windows XP platform with Service Pack la 3 PEAP is supported on Windows XP with Service Pack 1 only 4 Windows XP
74. sponding LAN port L1 L4 Link status Green ining The corresponding LAN port is Blinking sending or receiving data 2 1 2 Rear Panel RESET SV OCG Figure 2 2 Rear Panel Ports Port Description 5VDC Power inlet DC 5V 2A ADSL the port where you will connect your phone jack Port 1 4 the ports where you will connect networked computers and other devices USB USB Ports for USB printer 2 2 Procedure for Hardware Installation 1 Decide where to place your WBR 3402 Wireless ADSL Router You can place your ADSL Wireless Broadband Router on a desk or other flat surface or you can mount it on a wall For optimal performance place your ADSL Wireless Broadband Router in the center of your office or your home in a location that is away from any potential source of interference such as a metal wall or microwave oven This location must be close to power and network connection 2 Setup LAN connection a Wired LAN connection connects an Ethernet cable from your computer s Ethernet port to one of the LAN ports of this product b Wireless LAN connection locate this product at a proper position to gain the best transmit performance P 4 Existing Connection To Printer I To PCs Figure 2 3 Setup of LAN and WAN connections for this product 3 Setup ADSL connection Prepare a telephone cable for connecting this product to your ISP Figure 2 3 illustrates the ADSL connection 4 Connecting this pr
75. tail please refer to Scheduling Rule Each rule can be enabled or disabled individually Inbound Filter To enable Inbound Packet Filter click the check box next to Enable in the Inbound Packet Filter field Suppose you have SMTP Server 25 POP Server 110 Web Server 80 FTP Server 21 and News Server 119 defined in Virtual Server or DMZ Host Example 1 ltem Setting gt Inbound Filter Ed Enable Allow all to pass except those match the following rules Deny all to pass except those match the following rules Use Rule ID Source IP Ports Destination IP Ports Enable 1 00 192 166 125 1459 ag 10 192 160 125 20 hd ni 192 168 123 100 192 168 123 149 They are allow to send mail port 25 receive mail port 110 and browse the Internet port 80 192 168 123 10 192 168 123 20 They can do everything block nothing Others are all blocked 09 9 Example 2 ltem Setting gt Inbound Filter v Enable Allow all to pass except those match the following rules Deny all to pass except those match the following rules Use Rule Destination IP Ports Enable Ed ID Source IP Ports JOO 192 166 125 1195 119 00 192 166 125 1795 192 168 123 100 192 168 123 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are all allowed Aft
76. te as computer when computer information i available Authenticate as guest when user or computer information is unavailable Figure 2 Enable IEEE 802 1X access control 141 Smart Card or other Certificate Properties x when connecting Validate server certificate e r Use a different user name for the connection Figure 3 Smart card or certificate properties 4 Windows 2000 RADIUS server Authentication testing 4 1DUT authenticate PC1 using certificate PC2 follows the same test procedures 1 Download and install the certificate on PC1 Fig 4 2 PC1 choose the SSID of DUT as the Access Point 3 Set authentication type of wireless client and RADIUS server both to EAP_TLS 4 Disable the wireless connection and enable again 5 The DUT will send the user s certificate to the RADIUS server and then send the message of authentication result to PC1 Fig 5 6 Windows XP will prompt that the authentication process 1s success or fail and end the authentication procedure Fig 6 7 Terminate the test steps when PC1 get dynamic IP and PING remote host successfully 142 Certificates Personal Other People Certificate intended purposes Figure 4 Certificate information on PC1 s Network Connections File Edit View Favorites Tools Advanced Help Back gt pi ja arh E Folders fl Address Network Connections A LAN or High Speed Internet Network Ta
77. ted session Once you set the appropriate OAM settings on virtual channel you can see the corresponding up to date maintenance status by clicking the Refresh AD FM State button in this page 28 4 4 3 DHCP Server cg m z A a Ga ry a a m E ey x level one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Basic Setting gt Primary Setup DHCP Server b OAM Setup P DHCP Server ltem Setting b Wireless gt Change Password gt DHCP Server Enable Lease Time hinutes gt IF Pool Starting Address IP Pool Endin g Address 199 01707 2004 16 55 21 Press More 24 a3 8SH H Gi 9 Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Basic Setting p Primary Setup DHCP Server gt OAM Setup DHCP Server on Setting b Wireless Ea N b gt Change Password DHEP Server I Enable Lease Time Minutes gt IF Poal Startin g Address gt IF Pool Ending Address i Domain Mame Primary ONS 0 0 0 0 0 0 0 zSecondary ONS gt Thee 0 0 0 01 07 2004 18 55 55 a ns Dood 0 0 0 optional soe Unda Fixed Mapping The settings of a TCP IP environment include host IP Subnet Mask Gateway and DNS configurations 29 It is not easy to manually configure all the computers and devices in your network Fortunately DHCP
78. to 8 amp 8 You can change web server port to other port too Administrator Time out The time of no activity to logout automatically Set it to zero to disable this feature Discard PING from WAN side When this feature is enabled any host on the WAN cannot ping this product 54 4 7 Advanced Setting 92 4 a3 4 8 level a i Ls il tap 4 one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout aie Advanced Se ADSL Modern gt System Time b System Log Dynamic ONS P SNMP t These parameters allow the user to tune the performance of the CPE modem P Routing d b Schedule Rule _ System Time Allow you to set device time manually or consult network time from NTP server ADSL Modem System Log send system log to a dedicated host or email to specific receipts Dynamic DHS he T o host your serwer on a changing IP address you have to use dynamic domain name service DNS F MP 017032004 15 35 47 guser the capability to remotely manage a computer network by polling and setting blues and monitoring network events ge more than one routers and subnets you may want to enable routing table to allow fe find proper routing path and allow different subnets to communicate with each at schedule rule that will be applied on Virtual Servers and Packet Filter 55 4 7 1 ADSL Modem Performance Setting 9 2 4 a4 3m H
79. ts gt Free up space on your hard disk gt Back up your data EJ Rearrange items on your hard disk to make programs run faster or pick a Control Panel icon ig Administrative Tools fa Power Options E Scheduled Tasks PAE System Double click Administrative Tools 98 Administrative Tools File Edit View Favorites Tools Help pack hi wi pO search gt Folders Ha Address 4 Administrative Tools File and Folder Tasks Share this Folder Other Places e Control Panel G9 My Documents fm Shared Documents 4 My Computer a My Network Places Details Component Services Shortcut 2 KB f Data Sources ODBC Shortcut 2 KB Local Security Policy Shartcut 2 KB Services q Shortcut 2 KB Computer Management Shortcut 2 KB Event viewer Shortcut 2 KB TL Performance Shortcut 2 KB Local Security Policy Settings Double click Local Security Policy 99 Local Security Settings Fil Action View Help gs H Account Policies E Account Policies 1 Local Policies 8 acal Policies E ch ee Public Key Policies Software Restriction Policie a m W i Software Restriction Policies H ecurity Policies on Loca j a IP Security Policies on Local C Right click IP Security Policies on Local Computer and click Create IP Security Policy Click the Next button enter your policy s name Here it is to_vpn_router Then click Next Dis select the Act
80. tting Toolbox C Logout Advanced Sel b ADSL Modern b System Log iia ltem setting Enable Dynamic DNS i e gt IF Address for Syslog 192 168 1 23 i W Enable Serie Rule E mail Alert Send Mail Now Mi Enable SMTP Serer IP and Port a ka E mail Subject View Log O1 0S 2004 15 56 42 This page support two methods to export system logs to specific destination by means of syslog UDP and SMTP TCP The items you have to setup including IP Address for Syslog Host IP of destination where syslogs will be sent to Check Enable to enable this function E mail Alert Enable Check if you want to enable Email alert send syslog via email SMTP Server IP and Port Input the SMTP server IP and port which are contacted with If you do not specify port number the default value is 25 For example mail your_url com or 192 168 1 100 26 Send E mail alert to The recipients who will receive these logs You can assign more than 1 recipient using or to separate these email addresses 59 E mail Subject The subject of email alert This setting is optional 60 4 7 4 Dynamic DNS 9 2 4 Q a4 Sm B level i Sian TIFALI one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Logout Advanced gt ADSL Modem gt System Time OE 04 Item Setting b Routing gt Provider DynDNS orgiDynamic gt Schedul
81. tunnel endpoint is specified by this IP address 192 168 1 1 Configure The tunnel endpoint is specified by this IP address 192 168 1 1 Select Connection Type 124 Edit Rule Properties select All network connections 125 Configure IKE properties Select General to_vpn_router Properties Qeneral IP Security policy general properties Mame to_vpr_router Description Check for policy changes ewer fi al minutele Perform key eschange using these settings Advanced Click Advanced 126 Key Exchange Settings Authenticate and generate a new key after ever 10000 Protect identities with these security methods Methods Internet Key Exchange IEE for windows sF Joint developed by Microsoft and Cisco Systems Inc OK Cancel enable Master key perfect forward security PFS 99 configure Authenticate and generate a new key after every 10000 seconds click Methods F Key Exchange Security Methods Protect identities during authentication with these security methods Security method preference order Type Encryption Integrity Add IKE SOE S SHA IKE SDES MDS Edit IKE DES SHA IKE DES MDS Remove Move down Bi ea click Add button 127 F IKE Security Algorithms fx Integrity algorithm Encryption algorithm 3DES Dithe Hellman group
82. v Enable amp Privilege IP Addresses Range From To ID Domain Suffix Action Enable wil WWW msn com Crop H Log E wan sina corm MDrop E Log waw google com com MDrop W Log MDrop W Log MiDrop W Log M Drop W Log 0102004 13 59 15 MCrop Blog MCrop W Log fall others E Crop W Log E a e e o e In this example 1 URL include www msn com will be blocked and the action will be record in log file 2 URL include www sina com will not be blocked but the action will be record in log file 3 URL include www google com will be blocked but the action will not be record in log file 4 IP address X X X 1 X X X 20 can access network without restriction 4 6 3 URL Blocking 2 4 a 4 2 S ja x level i OTIT B i ae one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout Security Settig b Packet Filters Domain Filters ltem Setting gt URL Blocking E Enable b MAC Control b Miscellaneous URL Enable E 12 09 2003 19 16 59 Save URL Blocking will block LAN computers to connect to pre defined Websites The major difference between Domain filter and URL Blocking is Domain filter require user to input suffix like com or org etc while URL Blocking require user to input a keyword only In other words Domain filter can block specific website while URL Blocking can block hundreds of websites by s
83. ve the configuration into Flash memory and the reboot this device 23 4 4 1 4 Classical IP over ATM RFC 1577 8 4 a3 SH level on m Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox C Logout Basic Setting b Frimary Setup gt OAM Setup i gt DHCP Server ltem gt Wireless gt Change Password y LAN IP Address 192 168 123 254 E WAN Type Classical IP over ATM SAWAN IP Made Static IP Address x WAR IP Address WAN Subnet Mask WAN Gateway P rimary DNS econdary DNS l s MAC Address T DER Help Setting 0102004 16 34 54 Clone MAC Dave Virtual Computer doesnt take effective until rebooting In the Classical IP over ATM Mode NAT is always enabled You have to set the following WAN IP settings WAN IP Mode This product supports two WAN IP modes static and dynamic If you select dynamic mode it will try to get a legal IP and WAN settings from ISP s DHCP server If you select static mode you have to set the following WAN setting manually WAN IP Address WAN Subnet Mask WAN Gateway and Primary Secondary DNS These settings are assigned by your ISP VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate Once you finished the required c
84. whose MAC addresses are not in the Control table to associate to the wireless LAN 46 Control table MAC Address IP Address 192 168 123 192 168 1253 im im 192 168 123 192 168 123 Control table is the table at the bottom of the MAC Address Control page Each row of this table indicates the MAC address and the expected IP address mapping of a client There are four columns in this table MAC Address MAC address indicates a specific client IP Address Expected IP address of the corresponding client Keep it empty if you don t care its IP address C When Connection control is checked check C will allow the corresponding client to connect to this device A When Association control is checked check A will allow the corresponding client to associate to the wireless LAN In this page we provide the following Combobox and button to help you to input the MAC address DHCP chents E select one Copy to ID p You can select a specific client in the DHCP clients Combobox and then click on the Copy to button to copy the MAC address of the client you select to the ID selected in the ID Combobox Previous page and Next Page To make this setup page simple and clear we have divided the Control table into several pages You can use these buttons to navigate to different pages 47 4 6 5 VPN setting OB 4 4401 46m a LEL level one Status Wiza
85. y clicking the Reboot button 74 4 8 6 Miscellaneous Items c gt Ad AaC0 8 45 8 level ag ela one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox O Logout Toolbox b View Log o gt Firmware Upgrade P Reneti Defi MAC Address for Wake on LA A Wake Eea o Darul MAC Address for Wake on LAN D ee Domain Name or IP address for Ping Test i y O Ping lt Save Undo He 05 13 2003 17 05 55 MAC Address for Wake on LAN Wake on LAN is a technology that enables you to power up a networked device remotely In order to enjoy this feature the target device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the target device immediately Domain Name or IP address for Ping Test Allow you to configure an IP and ping the device You can ping a specific IP to test whether it is alive 75 Chapter5 Print Server WBR 3402 provides the function of network print server for MS Windows 95 98 NT 2000 and Unix based platforms If the product you purchased doesn t have printer port please skip this chapter 5 1 Configuring on Windows 95 98 Platforms After you finished the software installation procedure described in Chapter 3 your computer has possessed the network printing facility provided by this product For convenience we call the pr
86. y disconnect to your PPPoA session You can also set it to zero or enable Auto reconnect to disable this feature If Auto reconnect 1s enabled this product will automatically connect to ISP after system is restarted or connection is dropped VPI VCI Numbers The channel settings provided by your ISP Schedule Type The setting of the ADSL traffic schedule type This device supports UBR Un specified bit rate and CBR Constant bit rate PPPoA Service Name Optional Input the service name if your ISP requires it Assigned IP Address Optional Required by some ISPs Once you finished the required configuration you must click on the 26 Save button to save the configuration into Flash memory and the reboot this device 4 4 1 6 PPP over Ethernet RFC 2516 8 4 a3 5 SH level one Status Wizard Basic Setting Forwarding Rules Secuity Setting Advanced Setting Toolbox Oo Logout Basic Setting P Primary Setup gt OAM Setup se gt DHCP Server hain zetting b Wireless re 2 gt Change Password pC LAN IP Address 192 168 123 254 WAN Type eas nange P PPPoE Account PPPoE Password P Maximum Idle Time seconds Ed Auto reconnect Data Enca psulation OOF 2004 16 53 00 kehange doesnt take effective until rebooting PPPoE Account Password The account ID amp password provided by your ISP Maximum Idle Time The time of no activity disconnect to your PPPoE
87. zard Mirrored D escription Protocol 5 ource Pott Destination Mo ANY ANY ANY gt OK Cancel Enter a name for example xp gt router and dis select Use Add Wizard check box Click Add button 103 Filter Properties IX Addressing Protocol Description Source address IF Address Subnetmask Destination address 4 specific IP Subnet IP address 192 168 123 JO Subnet mask 265 255 255 JO Mirrored Also match packets with the exact opposite source and destination addresses In the Source address field select A specific IP Address and fill in IP Address 192 168 1 1 In the Destination address field select A specific IP Subnet fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 If you want to select a protocol for your filter click Protocol page 104 Filter Properties mi sp tL 5 F mea Set tne te protocol pork r 4 m Sate ee at Pe TOOT oat pay Loany port o othe port Click OK button Then click OK button on the IP Filter List page 105 F mi p AE Connection Type Filter Action Edit Rule Properties Authentication Methods Tunnel Setting IF Filter List The selected filter action species whether this rule negotiates for secure network traffic and how it will secure the traffic Filter Actions Description Pernt unsecured IP packets to Accepts unsecured communicat Accepts unsecu
Download Pdf Manuals
Related Search