IBM WRT-410 Network Router User Manual
Contents
1. Mutilization bytes sec 5 72 6007 143165542 341 112 D 925 143165016 0 246 Click Reset to erase all statistics and begin logging statistics again Utilization Separates packet transmission statistics into send and receive categories Peak indicates the maximum packet transmission recorded since logging began while Average indicates the average of the total packet transmission since recording began 3 3 5 Wireless This screen will show you which wireless devices that are connected to this WRT 410 via wireless interface H Device information P Log P Log Setting P Statisic Be Wireless _ Connected Time MAC Address Management Connected Time Displays how long the wireless device has been connected to the LAN via the WRT 410 MAC Address Displays the devices wireless LAN interface MAC address 3 4 Routing 3 4 1 Static You can set parameters by which the WRT 410 forwards data to its destination if your network has a static IP address le ARK C whl ns A LAN Setting i a a a ll Lables ne rel are a ir tatus management Network Address Type the static IP address your network uses to access the Internet Your ISP or network administrator provides you with this information Network Mask Type the network subnet mask for your network If you do not type a value here the network mask defaults to 255 255 255 255 Your ISP or network administrator provides you with this i2. Action view Pp Tree Protocol Friendly Name Internet Authentication Service Local Export List Help 26 Enter the IP address of WRT 410 in the Client address text field a memorable name for WRT 410 in the Client Vendor text field the access password used by WRT 410 in the Shared secret text field Re type the password in the Confirmed shared secret text field 27 Click Finish e Add RADIUS Client 192 168 1 1 RADIUS Standard 28 In the Internet Authentication Service right click Remote Access Policies 29 Select New Remote Access Policy AAA PP a Internet Authentication Service fe intemmet Authentic ation Service Local allow access if dial in permission ls enabled 1 E Clients Remote Access Laggng ie Remote Access Policies a latin New Remote Access Policy 30 Select Day And Time Restriction and click Add to continue 38 Select Attribute 3 x S lect the type of attribute to add and then chock the Add Button AkHribubs types Called 5tation Id Phone number dialed oy user Calling Station ld Phone number from which call originated Clent Friendly H ame Friendly name for the RADIUS client AS ony ClentlP Addre IP address of RADIUS client LAS only Clentifendar Manufacturer ol RADIUS pros or Ns 18 5 onl AAA Time penod and days of week duning wh
3. cssscccccsssssssssnssssccessesnnensnnecccceesesssennanenncocoeesseesnaneneensceessss 1 PACKAGE CONTENTS a dl o e alla coca 1 1 2 OY STEM REQUIREMENTS usd 1 to FEATURE OO 1 14 SPECIFICATION a id 2 15 WIRELESS PERFORMANCE ecc 3 CHAPTER 2 HARDWARE INSTALLATION 0ccccceecessessseceeeeeeeeessssssececeeeeeeeesseeeseseeeeees 4 2 HARDWARE CONNEC O Nc 4 22 DED INDICATIOR Siro reno aaa 4 CHAPTER 3 CONFIGURE THROUGH WEB BROWSER cccccnccccconcccnccccnnancnnnannonnnnconannananannss 5 LEMAN OPONEN Po SE E aN 5 Tet VAIN SS DHCP SEVE aia A ii 5 IVANA A O een a 6 A e SW ONO AI acc oabea nae doeaeawec aes 8 A e ee Oe eee ene Ee ER Neer eC ne en ene ee ere eee eer eae 9 s TODA IN SAS A DA 10 FLNR LE S O ca odas 10 WAN SC RPA aula oes ENEE REE artic NA E E A E D E AE EE 10 ZAZ e 11 E AOV ia A A ce ite eine A AA O E neues 12 A A ee a a eee eee eee 13 23 T DEVICE AMOMMANON isso a a aa a 13 iS ee yam 16 0 EPA PRO SUE nn E E E E A 14 ISOLOTTO EUNIS ae EN A 15 Oe ANSO e a eas AE T EE TEETE 16 I WIGS serr a terse In II E 17 SA ROUTING aaan a 17 SA T NANG AAA AA AA AA E A A 17 Die DYNAMO ASADAS AA E AAA AAA A 18 ED AQUINO TAS pio beca 19 OATES stress 20 DAMOS A Ad 20 EA A Be geo E awe sees cea anagem 23 o A ER a recast O seu a ea dew N laste E ate a labap A T 24 AS Se a PA Meee eee EET ENE Eee ee eT eer eee ee etme Tee te my er eee eee era 25 A IPFOW All AUC 552 Seite nsec es an Shinn al Modine ETETE AA A asa auntie Ged E 25 3
4. in this field Host Name Enter the host name you registered to DDNS provider User Name Enter the user name you registered to DDNS provider Password Enter the password of your registered account 3 2 Wireless 3 2 1 Basic This page enables you to enable and disable the wireless LAN function enter a SSID and set the channel for wireless communications Ps Basic M Authentication P Advanced m Jo MER LAN emng o ee SSD default Domain ETSI Channel 6 Routing 5 ry aS oo Aas ACCe wl ol Management Tools 240 Enable Disable Enable or disable wireless LAN via the WRT 410 SSID Type an SSID in the field The SSID of any wireless device must match the SSID typed here in order for the wireless device to access the LAN and WAN via the WRT 410 Channel Select a work channel for wireless communications The channel of any wireless device must match the channel selected here in order for the wireless device to access the LAN and WAN via the WRT 410 3 2 2 Authentication This screen enables you to set authentication types and the parameters for secure wireless communications Basic Authentication P Advanced AL a 15t if LAN em Ing PoE a O WPA PSK C Enabled Disabled fey a anna O a jooo0000000 Key 4 le Jooooooo000 Cancel Apply Clear Authentication Type Select the type from the listed options If Open System or Shared Key is selected the
5. PLANET 802 11g Wireless Broadband Router WRT 410 User s Manual Copyright Copyright 2003 by PLANET Technology Corp All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Further this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a C
6. 3 Select the file and click Upgrade to update WRT 410 to the latest firmware P Restart P Settings Firmware Ping test PC EY TEE Upgrade Firmware LAN sening m Se upgrade Status ee toe ROUTINE Arroes Mamani AT Mand IES Bt 3 7 4 Ping Test You can ping an IP address or host which is present on the Internet Type the IP address or host name in the field and click Ping 29 P Restart gt Settings P Firmware Ping test Ak Catkin as Ly ug setting VAR CaHing Host Name or IP address Status Routing 3 8 Wizard The setup wizard enables you to configure the WRT 410 quickly and conveniently Click Wizard button the window below will appear Please click Next gt and follow the steps to configure WRT 410 Welcome to Wireless Router Setup Wizard O A Step 1 Set your new password Step 2 Choose your time zone Step 3 Set LAN connection and DHCP server Step 4 Set internet connection Step 5 Set wireless LAN connection Step 6 Restart display wizard next time Yes No Update You are prompted to select a password Type a password in the text box and then type it again for verification Click Next Select your time zone from the drop down list Click Next Type the LAN IP address in the text box The default IP address is 192 168 1 1 Type the subnet mask in the text box Enable DHCP Server if you want DHCP to automatically assign
7. Frequency band 2 4 GHz 2 484GHz FCC 11 Channels US Canada Channel ETSI 13 Channels Europe TELEC 14 Channels Japan Super G mode Up to 108Mbps Data Rate 802 119 Up to 54Mbps 6 9 12 18 24 36 48 54 802 11b Up to 11Mbps 1 2 5 5 11 Operating temperature 0 55 C Operating humidity 5 95 non condensing Environment Storage temperature 20 70 C Storage humidity 0 95 non condensing Dimension 200 x 115 x 31mm W x D x H Power Supply 5V 2 5A 1 5 Wireless Performance The following information will help you utilizing the wireless performance and operating coverage of WRT 410 1 Site selection To avoid interferences please locate WRT 410 and wireless clients away from transformers microwave ovens heavy duty motors refrigerators fluorescent lights and other industrial equipments Keep the number of walls or ceilings between AP and clients as few as possible otherwise the signal strength may be seriously reduced Place WRT 410 in open space or add additional WAP 4000 as needed to improve the coverage 2 Environmental factors The wireless network is easily affected by many environmental factors Every environment is unique with different obstacles construction materials weather etc It is hard to determine the exact operating range of WRT 410 in a specific location without testing 3 Antenna adjustment The bundled antenna of WRT 410 is adjustable Firstly install th
8. Routing Access Af A AAA TAN management Lifetime Select proper time interval from the drop down list Once the lifetime expires the Encryption key will be renewed by RADIUS server automatically Encryption Key Select the Encryption key length to be 64 bits or 128 bits RADIUS Server 1 Enter the IP address communicate port number and shared secret key of your primary RADIUS server RADIUS Server 2 Enter the IP address communicate port number and shared secret key of your secondary RADIUS server Note As soon as 802 1X authentication is enabled all the wireless client stations that are connected to the Router currently will be disconnected The wireless clients must be configured manually to authenticate themselves with the RADIUS server to be reconnected If WPA PSK is selected the screen appears as below Please enter a hard to guess passphrase between 8 and 63 characters in the field E Basic Authentication P Advanced e Open System Shared Key CNPA WPAPSK C 8021x Status Routing L a Sar Ta lal 3 2 3 Advanced This screen enables you to configure advanced wireless functions 12 Basic P Authentication Pe Advanced Beacon Interval ho f default 100 msec range 20 1000 RTS Threshold 2346 default 2346 range 1 2346 Fragmentation Threshold TN default 2346 range 256 2346 even number only DTIM Interval EMM default 1 range 1 255 Tx Rates MBps Auto 7 g 11
9. fields Add Click to add the protocol filter to the list at the bottom of the page Update Click to update information for the protocol filter if you have changed any of the fields Delete Select a filter profile from the table at the bottom of the list and click Delete to remove the profile New Click New to erase all fields and enter new information 3 5 2 Virtual Server This screen enables you to create a virtual server via the WRT 410 If the WRT 410 is set as a virtual server remote users requesting Web or FTP services through the WAN are directed to local servers in the LAN The WRT 410 redirects the request via the protocol and port numbers to the correct LAN server The Virtual Sever profiles are listed in the table at the bottom of the page ELANET AE A Special A EEE Enable Disabled Aki Calls gt LAN Setting Wireless Status Routing Management E lools e _add Update Delete Clear ee Virtual Server FTP TCP 21 21 0 0 0 0 Virtual Server HTTP TCP 80 80 0 0 0 0 Enable Click to enable or disable the virtual server Name Type a descriptive name for the virtual server Protocol Select the protocol TCP or UDP you want to use for the virtual server Private Port Type the port number of the computer on the LAN that is being used to act as a virtual server Teer Public Port Type the port number on the WAN that will be used to provide access to the virtua
10. those settings per the information your ISP provides P LAN amp DHCP server EWAN F Password gt Time P aan DNS Connection Type DHCP Client or Fixes PS l to Obtain IF Automatically A C Specify IP BESTEE 0 0 0 0 subnet wask poon Default Gateway booo Wire less Status Routing ONS 1 IO PR 4 NS 2 i v 8 a al Ca a 0 a MAC Ad g fess Cancel Apply Connection Type Select the connection type DHCP client Fixed IP PPPoE or PPTP from the drop down list Clone MAC Address When using DHCP client Fixed IP enter the following information in the fields some information are provided by your ISP WAN IP Select whether you want to specify an IP address manually or want DHCP to obtain an IP address automatically When Specify IP is selected type the IP address subnet mask and default gateway in the fields Your ISP will provide you with this information DNS 1 2 3 Type up to three DNS numbers in the fields Your ISP will provide you with this DNS information MAC Address If required by your ISP type the MAC address for the WRT 410 WAN interface in this field You can also copy the MAC address of your PC s network card to the WRT 410 WAN interface by clicking Clone MAC address gt LAN amp DHCP server WAN PF Password P Time gt Dynamic DNS Connection Type PPPoE Obtain IP Automatically C Specify IP IF Address 0 0 0 0 Wi eless i DMS 1 0 0 0 0 Status E a
11. 40 45 03 8E 07 T ls LAGS This page enables you to set LAN and DHCP properties such as the host name IP address subnet mask and domain name LAN and DHCP profiles are listed in the DHCP table at the bottom of the screen Host Name Type the host name in the text box The host name is required by some ISPs The default host name is AP Router IP Address This is the IP address of the router The default IP address is 192 168 1 1 Subnet Mask Type the subnet mask for the router in the text box The default subnet mask is 255 255 255 0 DHCP Server Enables the DHCP server to allow the router to automatically assign IP addresses to devices connecting to the WLAN or LAN DHCP is enabled by default All DHCP client computers are listed in the table at the bottom of the page providing the host name IP address and MAC address of the client Start IP Type an IP address to serve as the start of the IP range that DHCP will use to assign IP addresses to all LAN devices connected to the WRT 410 End IP Type an IP address to serve as the end of the IP range that DHCP will use to assign IP addresses to all LAN devices connected to the WRT 410 Domain Name Type the local domain name of the network in the text box This item is optional Lease Time Select the proper expired duration of the IP leased by DHCP server 3 1 2 WAN Please refer to your Internet connection method to select the Connection Type And please configure
12. Connection Properties El E General Wireless Networks Authentication Advanced Use Windows to configure my wireless rebwork settings Available network To connectto an avalable network cick Configure T PLANET RT Configure i AP252423 Wireless Prefered network Automaticall connect to available networks in the order listed below PLANET RT Mowe up Move down Add Remove Properties Learn about seting up wireless network configuration ok Cancel 6 Select The key is provided for me automatically option Wireless Metvork Properties Hehvwok name 5510 PLANET R Wireless network key MEP Thiz netwok regures a key for the following Data encryption WEP enabled Network Authentication Shared mode Network key key larmat ASCH chatacters Ret ferigth 7104 bit 1 3 characters Rev Tides advanced The kev is provided for me automaticaly This ie a conputer to compute ad hoc network wireless access Ponts are nol used 7 Click OK 55 8 Click Authentication tab 9 Select Enable network access control using IEEE 802 1X option to enable 802 1x authentication 10 Select Smart Card or other Certificate from the drop down list box for EAP type A Wireless Network Connection Properties a General Wireless Network Authentication fh dranced Select this opbonto provide a
13. DNS 2 6 0 0 0 DNS 3 0 0 0 0 User Name OD sila Routing li 7 FA a Nae iar al When using PPPoE enter the following information in the fields some information are provided by your ISP WAN IP Select whether you want the ISP to provide the IP address automatically or whether you want to assign a static IP address to the WRT 410 WAN interface When Specify IP is selected type the PPPoE IP address in the field Your ISP will provide you with this information DNS 1 2 3 Type up to three DNS numbers in the fields Your ISP will provide you with this DNS information User Name Type your PPPoE user name Password Type your PPPoE password Connect on Demand Enables or disables the connect on demand function which enables WRT 410 to initiate a connection with your ISP when an Internet request is made to the WRT 410 When enabled the WRT 410 automatically connects to the Internet when you open your browser Idle Time Out Specify the time that will elapse before the WRT 410 times out of a connection MTU Type the MTU value in the field gt LAN amp DHCP server WAN P Password gt Time P Dynamic DNS Ad PP TP ES F Address 0 0 0 0 Subnet Mask pono i pooo lt Status Routing Server IP A eee Manag Tools EEES Maximum Idle Time lo Minute S Auto reconnectIke Enabled C Disabled When using PPTP enter the following information in the fields some information are provided
14. IP addresses Type a beginning IP address and an end IP address for the DHCP server to use in assigning IP addresses Click Next Select how the router will set up the Internet connection If you have enabled DHCP server choose Obtain IP automatically DHCP client to have the router assign IP addresses automatically Click to enable or disable wireless LAN If you enable the wireless LAN type the SSID in the text box and select a communications channel The SSID and channel must be the same as wireless devices attempting communication to the router Click Next You are prompted to restart save the settings and restart the router interface Click Restart to complete the wizard 30 Chapter 4 802 1X Authentication Setup 4 1 802 1X Infrastructure An 802 1X Infrastructure is composed of three major components Authenticator Authentication server and Supplicant Authentication server An entity that provides an authentication service to an authenticator This service determines from the credentials provided by the supplicant whether the supplicant is authorized to access the services provided by the authenticator Authenticator An entity at one end of a point to point LAN segment that facilitates authentication of the entity attached to the other end of that link Supplicant An entity at one end of a point to point LAN segment that is being authenticated by an authenticator attached to the other end of that link In the foll
15. RJ 45 cable to WRT 410 LAN port Connect one of the LAN ports on WRT 410 to your LAN switch hub with a RJ 45 cable 4 Connect RJ 45 cable to WRT 410 WAN port Connect ADSL Cable Modem to the WAN port on WRT 410 Use the cable supplied with your modem If no cable was supplied with your modem please use a RJ 45 Ethernet cable 5 Plug in power adapter and connect to power source After power on WRT 410 will start to operate Note ONLY use the power adapter supplied with the WRT 410 Otherwise the product may be damaged Note If you want to reset WRT 410 to default settings press and hold the Reset button over 5 seconds And then wait for 10 seconds for WRT 410 restart 2 2 LED Indicators PLANET EN O Wireless Router WRT 410 STATUS WAN WLAN E Device power on Device power off STATUS Green Indicates a connection error oe WAN link status is on linking Green WAN activity WLAN Green WLAN link status is on Blinking Green WLAN activity LAN ink is established Blinking Green ackets are transmitting or receiving ink is established Blinking Green ackets are transmitting or receiving ink is established Blinking Green Packets are transmitting or receiving Green Link is established Blinking Green Packets are transmitting or receiving Green B Green Green Green Green Chapter 3 Configure through Web Browser Web configuration provides a user friendly graphical user interface web pages to
16. Type the minimum address for the IP range IP addresses falling between this value and the Range End are not allowed to access the Internet Range End Type the minimum address for the IP range IP addresses falling between this value and the Range Start are not allowed to access the Internet Add Click to add the IP range to the table at the bottom of the screen Update Click to update information for the range if you have selected a list item and have made changes Delete Select a list item and click Delete to remove the item from the list Clear Click Clear to erase all fields and enter new information lt 9 Select Domain Blocking and the following screen appear Domain Blocking Disabled C Allow users to access all domains except Blocked Domains B Deny users to access all domains except Fermitted Domains ee planet corn ty Permitted Domains Delete Blocked Domains oo abe corm Delete Add pote Bali Clear Domain Blocking There are three options in this field Select the proper setting according to your demand Permitted Domains Enter the domain name in the text field and click Add button to add it to the list Blocked Domains Enter the domain name in the text field and click Add button to add it to the list Select Protocol Filter the screen appears as below It enables you to allow or deny access based upon a communications protocol list you
17. amp DHCP server WAN Password Be Time Dynamic DNS HELP Wee Sie Apr01 2002 01 11 20 SMT 08 00 Pacific Time US amp Canada Time Zone Default WTP server Status Set the time i ayl z manm A Hour 01 5d Minute 11 Second 20 E Set Time C Enabled Disabled Daylight Saving 01 eset Jan E an 01 7 Management Ta nli TA 10015 Local Time Displays the local time and date Time Zone Select your time zone from the pull down list Default NTP Server Type the NTP server IP address in the field to enable the WRT 410 to automatically synchronize the time with Internet NTP server Set the Time Select the date and time from the pull down lists and click Set Time to set the WRT 410 s internal clock to the correct date and time Daylight Saving Enables you to enable or disable daylight saving time When enabled select the start and end date for daylight saving time 3 1 5 Dynamic DNS You can configure WRT 410 to use DDNS service if you already have a registered DDNS account LAN amp DHCP server H WAN PF Password b Time Dynamic DNS HELP JDynamic DNS a Enabled Disabled Serer Address TN kar Par Far leal ALA p LA A meme manageme el E QOIS DDNS You can enable or disable DDNS function here Server Address Please type in the url of your DDNS service provider Currently WRT 410 supports DynDNS only thus you have to key in www dyndns org
18. click Next to continue 7 Go to Start gt Program gt Administrative Tools gt Certificate Authority 8 Right click on the Policy Setting select new 9 Select Certificate to Issue 01 Certification Authority Go ale intended Purpose Gad EFS Recovery Agent Fie Recovery E 4 Wireless Ga Basic EFS Encrypting Ale System Revoked CerkFicatas GA Domain Controler Client Authentication Server Gut entic 23 Issued Certificates Gd Web Server Server ALthentica ion 20 Pending Requests GA Computer Client Authentication Serv er Aubhentii E Faled Requests FT Encrypting Ale System Secure Emal e na ID x c Wew Tres Certification Authority Local aa akion Authority Code Soning Microsoft Trost List Signi My Refresh Export list Hep Add a Certficate Template to the ist of Certificate Templates issued by this Certfica 10 Select Authenticated Session and Smartcard Logon by holding down to the Ctrl key and click OK to continue 33 Select Certificate Template Selecta certlicate template to issue cerbhicates Secure Email Cler Secure Email Cher Client Sutherticatic Client Autherticatic Code Signing Microsoft Trust List Cratificate Penas b Ged User Signature Only mis Trust List Signing tl F nralmank cent Canos 11 Go to Start gt Program gt Administra
19. connected to the wired LAN and provide connectivity to the LAN The radio frequency of WLAN devices is strong enough to be transmitted through non metal walls and objects and can cover an area up to a thousand feet Laptops and notebooks use wireless LAN PCMCIA cards while PCs use plug in cards to access the WLAN WLAN WLANs Wireless LANs are local area networks that use wireless communications for transmitting data Transmissions are usually in the 2 4 GHz band WLAN devices do not need to be lined up for communications like infrared devices WLAN devices use access points which are connected to the wired LAN and provide connectivity to the LAN The radio frequency of WLAN devices is strong enough to be transmitted through non metal walls and objects and can cover an area up to a thousand feet Laptops and notebooks use wireless LAN PCMCIA cards while PCs use plug in cards to access the 63 WLAN WAN WAN Wide Area Network is a communications network that covers a wide geographic area such as a country contrasted with a LAN which covers a small area such as a company building 64
20. control Terminal Services Profile General Address Account Profile Telephones Organization User logon name test PAP LOCAL 7 User logon name pre Windows 000 FAES tect Logon Hours Log n To Fo Acesunt islocked aut Account options T User met change pessword at nest logan M Usercannot change password ESE Te oO IY Store password using reversible encryotion e Never C Endo Friday Februsr 07 2003 48 Go to the Dial in tab and check Allow access option for Remote Access Permission and No Call back for Callback Options Then click OK test Properties i x xj Remote control l Terminal Services Profile General l Addres rofle Telephones Organization Member Of Environment Sete Remote Access Permission Dial n or YPM gt C Deny access Allow ances C Contra access though hence Access Policy F Veny Galleria Calback Options No i f Set by Caller FA uting and Remote Access Service only C Always Callback to Assan State F Address apply Static Rotes Define routes to enable For this Diabin Stain Houtes connection Cancel Apply 45 4 3 Authenticator Setup 1 For EAP MD5 Authentication WEP key must be set previously Go to Wireless gt Authentication Enable WEP key and enter a desired key string You can skip this step if using EAP
21. create The protocol filter profiles are listed in the table at the bottom of the page Protocol Filter Disable List Enable List Deny to access internet from LAM when Apply Edit protocol Filter in List Enable Enable Disabled Hame Protocol TCP Port E Type Range for ICMP Add Update Delete New O E ee a ee Range Filter FTP TCP 20 41 Fiter HTTP TCF au aD Note When selecting items in the table at the bottom click anywhere in the item The line is selected and the fields automatically load the item s parameters which you can edit Protocol Filter Enables you to allow or deny Internet access to users based upon the communications protocol of the origin Click the radio button next to Disabled to disable the protocol filter Disable List Select this option to disable Protocol Filter Enable List All protocols in the list are not allowed to connect to the Internet via the LAN Create list items in section under Add Protocol Filter Edit Protocol Filter in List Use this section to create a profile for the protocol you want to deny Internet access to Enable Click to enable or disable the protocol filter Name Type a descriptive name for the protocol filter Protocol Select the protocol TCP UDP or ICMP you want to allows deny Internet access to from the pull down list Port Range If you are creating a profile for ICMP type a minimum and maximum port range in the two
22. giving the adapter a unique identification METRIC A number that indicates how long a packet takes to get to its destination MTU MTU Maximum Transmission Transfer Unit is the largest packet size that can be sent over a network Messages larger than the MTU are divided into smaller packets NAT NAT Network Address Translation also known as IP masquerading enables an organization to present itself to the Internet with one address NAT converts the address of each LAN node into one IP address for the Internet and vice versa NAT also provides a certain amount of security by acting as a firewall by keeping individual IP addresses hidden from the WAN NETWORK ADMINISTRATOR The network administrator is the person who manages the LAN within an organization The administrator s job includes ensuring network security keeping software hardware and firmware up to date and keeping track of network activity NTP NTP Network Time Protocol is used to synchronize the realtime clock in a computer Internet primary and secondary servers synchronize to Coordinated Universal Time UTC PACKET A packet is a portion of data that is transmitted in network communications Packets are also sometimes called frames and datagrams Packets contain not only data but also the destination IP address O PING Ping Packet INternet Groper is a utility used to find out if a particular IP address is present online and is usually used b
23. must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal operation R amp TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999 5 CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity R amp TTE The R amp TTE Directive repeals and replaces in the directive 98 13 EEC Telecommunications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment Revision User s Manual for PLANET Wireless Broadband Router Model WRT 410 Rev 1 0 November 2003 Part No EM WRT410 TABLE OF CONTENTS CHAPTER 1 INTRODUCTION
24. only allow specified data to be transmitted For example the router can filter specific IP addresses so that users cannot connect to those addresses FIREWALL Firewalls are methods used to keep networks secure from malicious intruders and unauthorized access Firewalls use filters to prevent unwanted packets from being transmitted Firewalls are typically used to provide secure access to the Internet while keeping an organization s public Web server separate from the internal LAN FIRMWARE Firmware refers to memory chips that retain their content without electrical power for example BIOS ROM The router firmware stores settings made in the interface FRAGMENTATION Refers to the breaking up of data packets during transmission FTP FTP File Transfer Protocol is used to transfer files over a TCP IP network and is typically used for transferring large files or uploading the HTML pages for a Web site to the Web server GATEWAY Gateways are computers that convert protocols enabling different networks applications and operating systems to exchange information HOST NAME The name given to a computer or client station that acts as a source for information on the network HTTP HTTP HyperText Transport Protocol is the communications protocol used to connect to servers on the World Wide Web HTTP establishes a connection with a Web server and transmits HTML pages to client browser for example Windows IE HTTP addresses all
25. open Command Prompt 20 Type secedit refreshpolicy machine_policy to refresh policy Command Prompt C gt secedit refreshpolicy machine_policy Group policy propagation from the domain has been initiated for this computer t may take a few minutes for the propagation to complete and the new policy to t jake effect Please check Application Log for errors if any Lent Adding Internet Authentication Service 21 Go to Start gt Control Panel gt Add or Remove Programs 22 Select Add Remove Windows Components from the panel on the left 23 Select Internet Authentication Service and click OK to install 36 Networking Services xj Po add or remove a component click the check bos A shaded box means hal orby part of the component will be iretaled To see whet s noluded in a component click Detak Subcomponente of Hebwoking Services O A COM Internet Services Pioxy Ea El Domain o E Site Server ILS Services Descriptio Enable authentication authorization and accounting of dial up and PN users 145 supports the RADIUS protocol Total d k space required 0 4 ME Details Space available on disk BEY E ME conc Setting Internet Authentication Service 24 Go to Start gt Program gt Administrative Tools gt Internet Authentication Service 25 Right click Client and select New Client Internet Authentication Service mee
26. summary information about the log entry Source Displays the source of the communication Destination Displays the destination of the communication Note Displays the IP address of the communication 3 3 3 Log Settings This screen allows you to set WRT 410 logging parameters 5 nee Email Address Syslog Server 0 0 0 0 EPS M System Activity Access az Debug Information l Cancel Apply Email Log Now SMTP Server Type the SMTP server address for the email that the log will be sent to in the next field Send to Type an email address for the log to be sent to Click Email Log Now to send the current log immediately Syslog Server Type the IP address of the Syslog Server if you want the WRT 410 to listen and receive incoming SysLog messages Log Type Select what items will be included in the log System Activity Displays information related to WRT 410 operation Debug Information Displays information related to errors and system malfunction Attacks Displays information about any malicious activity on the network Dropped Packets Displays information about packets that have not been transferred successfully Notice Displays important notices by the system administrator 3 3 4 Statistic This screen displays a table that shows the rate of packet transmission via the WRT 410 LAN WLAN and WAN ports in bytes per second H Device information Log Log Setting P Statisic P Wireless
27. which interface WAN or LAN the rule is applied to IP Range Start Type the start IP address that the rule is applied to IP Range End Type the end IP address that the rule is applied to Protocol Select the protocol TCP UDP or ICMP of the destination Port Range Select the port range Add Click to add the rule profile to the table at the bottom of the screen Update Click to update information for the rule if you have selected a list item and changed Delete Select a list item and click Delete to remove the item from the list New Click New to erase all fields and enter new information Priority Up Select a rule from the list and click Priority Up to increase the priority of the rule Priority Down Select a rule from the list and click Priority Down to decrease the priority of the rule Update Priority After increasing or decreasing the priority of a rule click Update Priority to save the changes 3 6 Management 3 6 1 SNMP This screen allows you to configure SNMP 26 SNMP Remote Management E cries visas AMA EA sy menanu vir 1 410 System Location Wi slace TEO GIU Status A 1 a Routing i rh Paco mi G kh 3 Enabled Disabled Click to enable or disable SNMP By default is disabled System Name Displays the name given to the WRT 410 System Location Displays the location of the WRT 410 normally the DNS name System Contact Displays the
28. 0 MANAGEMENT ada 26 O SAL E POETA OR E O RO ae eee ee ere eee ee eee ee es 26 36 2 Remote Manage nea A goletes 27 ES A ds eds es 28 Diels MASS AN y ARAN SO SOS E II sumeu A 28 A AE EE E P EAEE oda aann AEE E A E EE 28 IAS FIWA 2 EE IS A NAS A OES 29 LS AAA A aebind hen eeoia daa oie 29 SS WIZARD A Na 30 CHAPTER 4 802 1X AUTHENTICATION SETUP ccccccccccononononcncncncnnnnncnnnnnnnnnnnnnnnnnnnnnnnnnnannas 31 4 1 802 X INERASTRUC TURE 2 as 31 4 2 RADIUS SERVER SETUP ss 32 At TACQUITCO DOMINA ii 32 4 UN FOCU ooi E see aa ieee E E 32 ALS AUTHENTICATOR OE TUP aia 46 AA NVIRELESS GLIENT SETUP oa 47 AAT EAP IMI AUNeni caon inre nt ESA RAE eran A ANA A A 47 4 42 EAP TES AUIONUICAUON iD A Bead eee A BA 50 CHAPTER 5 TROUBLESHOOTING coooccooccccncncncccncccncnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnas 58 9 1 FREQUENTLY ASKED QUESTIONS 1 das e 58 A A A AN 59 Chapter 1 Introduction Thank you for purchasing WRT 410 This device features the latest innovation wireless technology making the wireless networking world happened This manual guides you on how to install and properly use the WRT 410 in order to take full advantage of its features 1 1 Package Contents Make sure that you have the following items One WRT 410 One dipole antenna One AC Power Adapter One User s Manual CD One Quick Installation Guide Note lf any of the above items are missing contact your supplier as soon as possible 1 2 Syst
29. 16 Click Automatic Certificate Request dejad Ls es 00 118 Aboma Certificate uest Computer Corfiguratior H Sofbware Setting ed System Services E i Registry E Ei a Ti ER Public Key Policias i PS 8 SS as da Atomatic Certificate fe est Setti q Aucomatic Certificate lequeast Ey Enterprise Trust A 3 IP Security Policies on Active Directory 1123 Administrative Templates Refresh H User Configuration Export Uist 4 2 Software Settings 7 4139 windows Settings Help 1 Adinik alive Tenpla e 35 17 The Automatic Certificate Request Setup Wizard will guide you through the Automatic Certificate Request setup simply click Next through to the last step Automatic Certificate Request Setup Wizard Certificate Template The next tie a computer bgs on a certificate bated on the template pou select is provided A certiicale template is a set of predefined properbes for cerbficates issued to computers Select atemplate kom the following list Certificate templates Intended Client Sulhentication Server Autherticatior Domain Controller Chent 4ulhentication Server Autherticatior Enrolment Agent Computer Certificate Request Agent IPSEC 136155822 2 Back Next gt Cancel 18 Click Finish to complete the Automatic Certificate Request Setup 19 Go to Start gt Run and type command and click Enter to
30. 166 1 10 cert icertrgdi aspitype 0 pe xa Microsoft Certificate Services Wy User Certificate ldentifying Information All the necessary identifying infornad on has already been collected You may now SUBMIT your request 6 The Certificate Service is now processing the certificate request 25D links Y 3 Microsoft Certificate Seraces Microsoft Internet bon lorer Fie Edit view Favorites Toos Help lt iT y A i j i Q 010 Pur yrn Aa G S E Address a http 192 166 1 10 certsry certrqbi espitype 0 v eGo links Microsoft Cerliticsta Sericegs fome User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit your request More Options Watne for server response 7 The certificate is issued by the server click Install this certificate to download and store the certificate to your local computer p7 Microsoft Certificate Senaces HicrosoH Internet Explo rer Fie Edito view Favorites Toos Help P EES 3 x E TA Jo Search SiP Favoritos A Hoda gt le da Address E http LI a A Link Microsod Certiticaie Dere Home Certificate Issued The certificate you requested was issued to you Her Install tis certificate 8 Click Yes to store the certificate to your local computer Root Certificate Store Do you want bo 400 the following certFicete to the Ro
31. Computers 45 Go to Users Right click on the user that you are granting access and select Properties S Active Directory Users and Computers 21 Console Window Help acion vew gt EEE Tree Users 21 objects za Acbwe Directory Users and Computers ia Pee e El Eal FAE LCAL administrator User Buik n account For admin 4 J Buitin Cert Publishers Security Group Entarprise certirication am a Computers Adinin Security Group Members who here adiniri 1 Domain Controllers EOHCP Users Security Group Members who have views 4 ForeignSecurtyPrincpak oon Copy PNS Administrators Group 4 Users Dre Add members to a group PS clients who are permi EE Dor Disable Account besignated administrators fEDor Reset Password Al workstations and serve EE Dor Moya Al domain controllers in th ae Open home page Al domain quests Dor Send mall Al domain users Pent resigned administrators Eo All Teks E embers in this group can al Deleka ola account For Quest ie pene Buik im account For anar fi Iwi Refres uan account For Intern Y Distribution Center Se sslonaced administrators f TsInternetUser User This user account 5 used 46 Go to Account tab and enable Store password using reversible encryption 47 Click Apply to continue 44 test Properties 3 xj Member Of Diabin Environment l Sesion Remote
32. Login into Windows 2000 Server as Administrator or account that has Administrator authority 2 Go to Start gt Control Panel and double click Add or Remove Programs 3 Click on Add Remove Windows components 4 Check Certificate Services and click Next to continue Windows Components Wizard Windows Components You can add or remove components of Windows 2000 Po add or remove a component click the checkbox 4 shaded box means that only par ofthe component will be installed To see what s included n a component click Details Components JA Accessories and Utilities A E Certificate Services EF ndexng Service 0 0 ME e ER Internet Information Services 115 21 7 MiB 0133 Manannan and danita Toni AoA Description Installs a cerbfication authority LA to issue certificates for use with public key securty appbcations Total dsk space required 2 1 MB EE Space available an disk 3524 4 MB ERP Back Lancel 5 Select Enterprise root CA and click Next to continue 52 gt Windows Components Wizard CA Identifying Information Enter infomation to identity this CA CA mame wireless Organization Po Oroanizationel unit i City y A 222 state or province fo Country region fus E mail 22 CA description LAA A A gt Wall For 2 veas 7 Expres 178 2005 1215 PM a 6 Enter the information that you want for your Certificate Service and
33. TLS Authentication gt Basic Authentication P Advanced P 802 1 OPENS Open System a Shared Key WPA WPA PSK Enabled Disabled Status i sles Routing Arreate ACCESS SE ooma En e JOOOOO00000 4 Cancel 2 Click on 802 1X for detailed configuration P Basic P Authentication P Advanced 802 1 TAN Sef i Setting T a Enabled E Disabled m TT Length C 64 bits 128 bits E 30 Minutes GRADIUS Server 1 P 192 168 1 110 Port fmz Shared Secret a o o o y O RADIUS Server 2 IP pooo Optional Port po Shared Secret OO Routing Cancel Ap 3 Enable 802 1X Authentication by selecting Enable 4 lf EAP MD5 is used you can leave the settings in Encryption Key Length and Lifetime as default If you are using EAP TLS authentication set the Encryption Key Length ranging from 64 to 256 Bits and the Lifetime from 5 Minutes to 1 Day As soon as the lifetime expires the Encryption Key will be renewed by RADIUS server 5 Enter the IP address Port number and Shared Secret Key used by the Primary Radius Server 46 6 Enter the IP address Port number and Shared Secret Key used by the Secondary Radius Server 7 Click Apply The 802 1x settings will take effect right after WRT 410 reboots itself 4 4 Wireless Client Setup Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is needed The follow
34. Type the port range that can be used to access the application in the fields Incoming Defines which incoming communications users are permitted to connect with Protocol Select the protocol TCP UDP or ICMP that can be used by the incoming communication Port Type the port number that can be used for the incoming communication Add Click to add the special application profile to the table at the bottom of the screen Update Click to update information for the special application if you have selected a list item and have made changes Delete Select a list item and click Delete to remove the item from the list Clear Click Clear to erase all fields and enter new information 24 3 5 4 DMZ This screen enables you to create a DMZ for those computers that cannot access Internet applications properly through the WRT 410 and associated security settings P Filters VirtualSever Special AP JRDMZ Firewall Rule HELP Pana C Enabled Disabled Ala Wei ta Z em Aaa 0 0 0 0 Wirelece MIC dl Status ae A ROUTING Management a lic 10015 Enable Click to enable or disable the DMZ DMZ Host IP Type a host IP address for the DMZ The computer with this IP address acts as a DMZ host with unlimited Internet access Apply Click to save the settings Note Any clients added to the DMZ exposes the clients to security risks such as viruses and unauthorized access 3 5 5 Firewall Ru
35. ame channel number with the Wireless Network Access Point of dedicated coverage area 5 2 Glossary ACCESS POINT Access points are way stations in a wireless LAN that are connected to an Ethernet hub or server Users can roam within the range of access points and their wireless device connections are passed from one access point to the next AUTHENTICATION Authentication refers to the verification of a transmitted message s integrity DMZ DMZ DeMilitarized Zone is a part of an network that is located between a secure LAN and an insecure WAN DMZs provide a way for some clients to have unrestricted access to the Internet BEACON INTERVAL Refers to the interval between packets sent sent by access points for the purposes of synchronizing wireless LANs DHCP DHCP Dynamic Host Configuration Protocol software automatically assigns IP addresses to client stations logging onto a TCP IP network which eliminates the need to manually assign permanent IP addresses 59 DNS DNS stands for Domain Name System DNS converts machine names to the IP addresses that all machines on the net have It translates from name to address and from address to name DOMAIN NAME The domain name typically refers to an Internet site address DTIM DTIM Delivery Traffic Indication Message provides client stations with information on the next opportunity to monitor for broadcast or multicast messages FILTER Filters are schemes which
36. ancel pol 42 Go to Computer Configuration gt Windows Settings gt Security Settings gt Account Policies gt Password Policies Double click on Store password using reversible encryption for all users in the domain lolx si Group Policy Action wiew aa am 2 Tree Computer Setting i Default Domain Policy Fae01 FA a AY Enforce password history 1 passwords remembered ee Computer Configuration iia Mazimum password age 42 days H E Software Settings lig Minimum password age 0days E E Windows Settings te Minimum password length O characters E Scripts Srartup Shu So coors couch cael conan are a S39 Security Settings eStore password using reversible encryption e Account Policies i Password Pc E Account Lol EA kerberos Pal F a Local Policies H gg Event Log 8 Restricted Group 1 System Services lig Registry Gl File Systern H E Public Key Policie Eg IP Securty Polici E E Administrative Template User Configuration E E Sotware Sektings 435 43 Click Define this policy setting select Enabled and click OK to continue Security Policy Setting ed Ba 424 Store password using reversible encryotion for al users in he domain W Defne this policy setting Enabled C Disabled Cancel 44 Go to Start gt Program gt Administrative Tools gt Active Directory Users and
37. ardware from different manufactures to communicate What IEEE 802 11 features are supported The product supports the following IEEE 802 11 functions e CSMA CA plus Acknowledge protocol e Multi Channel Roaming e Automatic Rate Selection e RTS CTS feature e Fragmentation e Power Management What is PBCC 58 This new products use the ACX100 chip from Texas Instruments In addition to meeting the existing standard the chip also supports a new modulation scheme developed by TI called Packet Binary Convolution Code PBCC It s this scheme that gives the products the extra kick Even at lower speeds PBCC provides better performance at greater distances and it can also work at 22 Mbps What is Ad hoc An Ad hoc integrated wireless LAN is a group of computers each with a WLAN adapter connected as an independent wireless LAN Ad hoc wireless LAN is applicable at a departmental scale for a branch or SOHO operation What is Infrastructure An integrated wireless and wired LAN is called an Infrastructure configuration Infrastructure is applicable to enterprise scale for wireless access to central database or wireless application for mobile workers What is Roaming Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than that covered by a single Wireless Network Access Point Before using the roaming function the workstation must make sure that it is the s
38. begin with the prefix http prefix for example http www yahoo com ICMP ICMP Internet Control Message Protocol is a TCP IP protocol used to send error and control messages over the LAN for example it is used by the router to notify a message sender that the destination node is not available 60 IP IP Internet Protocol is the protocol in the TCP IP communications protocol suite that contains a network address and allows messages to be routed to a different network or subnet However IP does not ensure delivery of a complete message TCP provides the function of ensuring delivery IP ADDRESS The IP Internet Protocol address refers to the address of a computer attached to a TCP IP network Every client and server station must have a unique IP address Clients are assigned either a permanent address or have one dynamically assigned to them via DHCP IP addresses are written as four sets of numbers separated by periods for example 211 23 181 189 ISP An ISP is an organization providing Internet access service via modems ISDN Integrated Services Digital Network and private lines LAN LANs Local Area Networks are networks that serve users within specific geographical areas such as in a company building LANs are comprised of servers workstations a network operating system and communications links such as the router MAC ADDRESS A MAC address is a unique serial number burned into hardware adapters
39. by your ISP IP Address Type the IP address which your ISP provides Subnet Mask Type the Subnet Mask which your ISP provides Gateway Type the IP address of Gateway which your ISP provides Server IP Type the IP address of server which offers Internet service Your ISP will provide you with this information PPTP Account Type your PPTP account PPTP Password Type your PPTP password PPTP Retype password Confirm your PPTP password again Maximum Idle Time Specify the time that will elapse before the WRT 410 times out of a connection Auto reconnect If this function is enabled WRT 410 will try to rebuild Internet connection once the link is down 3 1 3 Password You can change the Administrator and User s password in this screen These passwords are used to gain access to the router interface When you login with user name User you don t have permission to configure WRT 410 Lite ae NTeLess WR DD Soe De did Status Metter Cancel Sn fete ts lr Sa al Administrator Type the password the Administrator will use to login to the system The password must be typed again for confirmation User Users can type a password to be used for logging in to the system The password must be typed again for confirmation 3 1 4 Time This screen enables you to set the time and date for the router s real time clock select your time zone specify an NTP server and enable or disable daylight saving H LAN
40. contact information for the person responsible for the WRT 410 Community SNMP system name for exchanging SNMP community messages The name can be used to limit SNMP messages passing through the network The default name is public Trap Receiver Type the name of the destination PC that will receive trap messages 3 6 2 Remote Management This screen enables you to set up remote management Using remote management the WRT 410 can be configured through the WAN via a Web browser A user name and password are required to perform remote management P SNMP Remote Management Enable Enable Disabled HTTP port foso Remote IP Range From Pa Enable Enable Disabled Allow to Ping WAM Port iis gt Remote IF Range From To UPNP Enable Enable Enabled Disabled Gaming mode Enable i Enabled Disabled Enable Enabled C Disabled IPSec Enable Enabled C Disabled IDENT Enable Closed Stealth L i tattine Lat Le Ah FAA Lille le ri Re Status Cancel HTTP Enables you to set up HTTP access for remote management aD Enable Click to enable or disable HTTP access for remote management Remote IP Range Type the range of IP addresses that can be used for remote access Allows to Ping WAN Port This function allows remote users to ping WRT 410 WAN port IP address Enable Click to enable or disable WAN port pinged function Remote IP Range Type the range of IP addresses that can pi
41. e antenna pointing straight up then smoothly adjust it if the radio signal strength is poor But the signal reception is definitely weak in some certain areas such as location right down the antenna Moreover the original antenna of WRT 410 can be replaced with other external antennas to extend the coverage Please check the specification of the antenna you want to use and make sure it can be used on WRT 410 4 WLAN type If WRT 410 is installed in an 802 11b and 802 11g mixed WLAN its performance will reduced significantly Because every 802 11g OFDM packet needs to be preceded by an RTS CTS or CTS packet exchange that can be recognized by legacy 802 11b devices This additional overhead lowers the speed If there are no 802 11b devices connected or if connections to all 802 11b devices are denied so that WRT 410 can operate in 11g only mode then its data rate should actually 54Mbps and 108Mbps in Super G mode Chapter 2 Hardware Installation Before you proceed with the installation it is necessary that you have enough information about the WRT 410 2 1 Hardware Connection 1 Locate an optimum location for the WRT 410 The best place for your WRT 410 is usually at the center of your wireless network with line of sight to all of your mobile stations 2 Adjust the antennas of WRT 410 Try to adjust them to a position that can best cover your wireless network The antenna s position will enhance the receiving sensitivity 3 Connect
42. ed Mote Even though you may have speched thet users should be denied access the profile can stil be used F this policy s conditons are ovemdden on a per user basis Edit Profile Back Cancel For TLS Authentication Setup Steps 34 35 34 Select Authentication Tab 35 Enable Extensible Authentication Protocol and select Smart Card or other Certificate for TLS authentication Click OK Then go to step 38 40 Edit Dial in Profile UH x Diakin Constrairts IP Multilink Autenkication Enerption Advanced Check the auihentcaton methods which are alowed for this connection mi Extensible Authertication Protocol Select the ESP type which ts acceptable for this polcy mar Card or other Certhicate Configure T Mictosatt Encripted 4uthenlication version 2 MS CHAP 2 F Microzott Encrypted Authentication MS CH P T Encrypted Authentication CHAF T Unencrypted Authenticalian PAF S PAPI Unaithenticated Access C Alon remote PPP clients to connect without negotiating any atithenicaton method Camel Amb For MD5 Authentication Setup Steps 36 37 36 Select Authentication Tab 37 Enable Extensible Authentication Protocol Select MD5 Challenge and enable Encrypted Authentication CHAP for MD5 authentication Click OK Edit Dial in Profile tx Dialin Constraints IP Multilink Authe
43. em Requirements Before installation please check the following requirements with your equipment Pentium Based And Above IBM Compatible PC System CD ROM drive Windows 98 ME NT 2000 XP Operating System with TCP IP protocol 1 3 Features 2 4GHz ISM band unlicensed operation Strong network security with 802 1X authentication and 64 128 bit WEP encryption Supports WPA Wi Fi Protected Access for both 802 1x and WPA PSK Dual standard capability 802 11g and 802 11b compliant Super G mode efficiently raises the data transfer rate up to 108Mbps Supports DHCP server Web Configuration provide a user friendly interface for the user to configure through web browser Support MAC Filter Build in 4 port switch Provides Setup Wizard for the user to configure easily in the first time 1 4 Specification Standards IEEE 802 11b IEEE 802 119 Signal Type DSSS Direct Sequence Spread Spectrum BPSK QPSK CCK OFDM pot 10 100Base TX RJ 45 1 LAN 10 100Base TX RJ 45 4 Antenna One Detachable Dipole Antenna Output Power 17dBm 11 Mbps CCK 82dBm eee 5 5 Mbps QPSk 86dBm 1 2 Mbps BPSK 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C 54 Mbps 72dBm 48 Mbps 72dBm Sensitivity 36 Mbps 76dBm 24 Mbps 79dBm 802 11g 18 Mbps 82dBm 12 Mbps 86dBm 9 Mbps 89dBm 6 Mbps 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C Data Encryption 64 128 bit WEP encryption
44. ems in the table at the bottom click anywhere in the item The line is selected and the fields automatically load the item s parameters which you can edit Name Type the name of the user to be denied access MAC Address Type the MAC address of the user s network interface Add Click to add the user to the list at the bottom of the page Update Click to update information for the user if you have changed any of the fields Delete Select a user from the table at the bottom of the list and click Delete to remove the user profile Clear Click Clear to erase all fields and enter new information If URL Blocking is selected the screen appears as below In the text field enter the keyword of the url you want to block then click the Add button The word would appear on the list immediately If you want to remove any existing word just select it from the list and click Delete button De The following screen appears once you select IP Filters It enables you to define a minimum and maximum IP address range filter all IP addresses falling in the range are not allowed Internet access The IP filter profiles are listed in the table at the bottom of the page Note When selecting items in the table at the bottom click anywhere in the item The line is selected and the fields automatically load the item s parameters which you can edit Enable Click to enable or disable the IP address filter Range Start
45. end data when accuracy and guaranteed packet delivery are not as important for example in realtime video and audio transmission The IP component of TCP IP provides data routability meaning that data packets contain the destination station and network addresses enabling TCP IP messages to be sent to multiple networks within the LAN or in the WAN TELNET Telnet is a terminal emulation protocol commonly used on the Internet and TCP or IP based networks Telnet is used for connecting to remote devices and running programs Telnet is an integral component of the TCP IP communications protocol UDP User Datagram Protocol is a protocol within TCP IP that is used to transport information when accurate delivery isn t necessary for example realtime video and audio where packets can be dumped as there is no time for retransmitting the data VIRTUAL SERVERS Virtual servers are client servers such as Web servers that share resources with other virtual servers i e It is not a dedicated server WEP WEP Wired Equivalent Privacy is the de facto security protocol for wireless LANs providing the equivalent security available in hardwired networks WIRELESS LAN Wireless LANs WLANs are local area networks that use wireless communications for transmitting data Transmissions are usually in the 2 4 GHz band WLAN devices do not need to be lined up for communications like infrared devices WLAN devices use access points which are
46. es and forwards mail SNMP SNMP Simple Network Management Protocol is a widely used network monitoring and control protocol SNMP hardware or software components transmit network device activity data to the workstation used to oversee the network SSID SSID Service Set Identifier is a security measure used in WLANs The SSID is a unique identifier attached to packets sent over WLANs This identifier emulates a password when a wireless device attempts communication on the WLAN Because an SSID distinguishes WLANS from each other access points and wireless devices trying to connect to a WLAN must use the same SSID SUBNET MASK Subnet Masks SUBNETwork masks are used by IP protocol to direct messages into a specified network segment i e subnet A subnet mask is stored in the client machine server or router and is compared 62 with an incoming IP address to determine whether to accept or reject the packet SYSLOG SERVER A SysLog server monitors incoming Syslog messages and decodes the messages for logging purposes TCP Transmission Control Protocol is the transport protocol in TCP IP that ensures messages over the network are transmitted accurately and completely TCPAP TCP IP Transmission Control Protocol Internet Protocol is the main Internet communications protocol The TCP part ensures that data is completely sent and received at the other end Another part of the TCP IP protocol set is UDP which is used to s
47. esses get from ISP for the WAN port Click DHCP Renew to get a new IP addresses from ISP for the WAN port 3 3 2 Log This screen will show you a running log of system statistics events and activities The log displays up to 200 entries Older entries are overwritten by new entries You can save logs via the Log Settings option gt Send to The Log screen commands and information meaning are as follows d H Device information Log P Log Setting P Statisic P Wireless Next Page eS First Page Last Page Previous Page Clear Log KA Catkin 2 Li 10 Sing E page 1 of 20 E ES TA EE Note Apri 1 2002 01 25 31 DHCP Discover Routing Apri01 2002 01 25 27 DHCP Discover Access E Apr01 2002 01 25 26 DHCP Discover no response ee Anil 2002 01 25 25 DHCP Discover B April 2002 01 24 52 DHCP Discover Apridl2002 01 24 35 DHCP Discover Apri 2002 01 24 26 DHCP Discover April 2002 01 24 22 DHCP Discover A pr012002 01 24 21 DHCP Discover no response April 2002 01 34 20 DHCP Discover Wireless Tic First Page View the first page of the log message list Last Page View the last page of the log message list Previous Page View the page just before the current page Next Page View the page just after the current page Clear Log Delete the contents of the log and begin a new log Refresh Renew log statistics Time Displays the time and date that the log entry was created Message Displays
48. g This chapter provides solutions to problems usually encountered during the installation and operation of the Wireless Broadband Router Read the description below to solve your problems 5 1 Frequently Asked Questions What is WPA Wi Fi Protected Access WPA resolves the issue of weak WEP headers which are called initialization vectors IV and provides a way of insuring the integrity of the messages passed through MIC called Michael or message integrity check using TKIP the Temporal Key Integrity Protocol to enhance data encryption WPA PSK is a special mode of WPA for home users without an enterprise authentication server and provides the same strong encryption protection WPA is not an official IEEE standard but is based on and is expected to be compatible with the upcoming 802 11 security standard Can I run an application from a remote computer over the wireless network This will depend on whether or not the application is designed to be used over a network Consult the application s user guide to determine if it Supports operation over a network Can play games with other members of the wireless network Yes as long as the game supports multiple plays over a LAN local area network Refer to the game s user guide for more information What is the IEEE 802 11b standard The IEEE 802 11b Wireless LAN standards subcommittee which is formulating a standard for the industry The objective is to enable wireless LAN h
49. g only mode e Enable G Disable Antenna transmit power f A super G Mode Disabled Cancel Apply Beacon Interval Type the beacon interval in the field You can specify a value from 20 to 1000 The default beacon interval is 100 RTS Threshold Type the RTS Request To Send threshold in the field This value stabilizes data flow If data flow is irregular choose values between 1 and 2346 until data flow is normalized A ge8 ACCESS i ma m poe rt ii Management Fragmentation Threshold Type the fragmentation threshold in the field If packet transfer error rates are high choose values between 256 and 2346 until packet transfer rates are minimized Please note that setting the fragmentation threshold value may diminish system performance DTIM Interval Type a DTIM Delivery Traffic Indication Message interval in the field You can specify a value between 1 and 255 The default value is 1 TX Rates MBps Select one of the wireless communications transfer rates based upon the speed of wireless adapters connected to the WLAN 11g only mode Enable 11g only mode will improve the performance of a 802 11g WLAN but non 802 11g clients cannot connect to WRT 410 Antenna Transmit Power You can control the transmit power of WRT 410 here There are five options available full half quarter eighth and min Super G Mode There are four options selectable Disabled Super G without Turbo Super G with Dynamic Turb
50. g up IAS see Checklist Configuring LAS for dial up and VPM access and Checklist Configuring IAS to outsource dial up access in online Help For more information on 145 deployment fe ee 39 Go to Start gt Program gt Administrative Tools gt Active Directory Users and Computers 40 Right click on the domain and select Properties a Active Directory Users and Computers E ioj xj i Console Window Help lej ato vw e Gln BS waves Tree FAELOCAL 5 objects ify Active Directory Users E EP LA Builkir builtin Comain Es Delegate Control orkainer Default container For upar En Find Prgsnizational Default container for new ia ortainer Default container For secu C Comet to Domain Controler ortalner Default container For upar se Operations Masters New All Tasks view d New Window from Here Refresh Export List Properties Opens pro Help 41 Select Group Policy tab and click Edit to edit the Group Policy 4 42 FAE LOCAL Properties ed A General Managed By Group Policy Current Group Policy Object Links for FSE Group Police Obiect Links Oelauk Doman Policy Ho Uweride Disabled Group Paley Objects higher in the list have the highes priority This list obtained kom fael F4E LOCAL Hew ae Up Options Properties Down T Block Policy inheritance L
51. hentication Advanced Use Windows to configure my wireless network settings Available network To connectto an avalable network click Configure P PLANET RT Configure AP252423 Wireless Prefered networks Automatically connect to available networks in the order listed below HA PLANET RT a Woe up Move down Add Remove Properties Learn about seting up wireless network configuration o Cancel 6 Select Data encryption WEP enabled option but leave other options unselected 48 7 Enter the network key in Network key text box The string must be the same as the first set of WEP key which you set to WRT 410 Wireless Hetvork Properties debo name 3211 Wireless network hey PAE FP This nehvork requires a key for the following Data encryption WEP enabled Network Suthenticatian Shared made Network key pa AA sl Ken length 40 bits 5 characters Rep hdes advanced la l The key is provided for me automaticaly Thiz iza computer to comprte ad hoc nebmok wireless access ponte are not used K Cancel 8 Click OK 9 Select Authentication tab 10 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 11 Select MD 5 Challenge from the drop down list box for EAP type m A Wireless Hetwork Connection Properties pd Select this oph
52. ich use Framed Protocol The protocol to be used MAS ldentitier Sting identiying the MAS onginating the request HAS lP adcress IF address of the NAS onginating the request 16 NaS Por Type Type of physical port used by the MAS orginatin Service ype Type of service user has requested Tunnel Type Tunneling protocol to be used Windows Gioups Windows groups that user belongs to E Lancel 31 Unless you want to specify the active duration for 802 1X authentication click OK to accept for having 802 1x authentication enabled at all times Time of day constraints XxX l c 7 12 2 4 5 8 10 12 2 4 6 8 10 12 all Lance Tuezdst UT Pemited Wednesday a Denied Thureday AN a LL sados O NAS Sunday thiough Saturday amd 24M to 12 AM 32 Select Grant remote access permission and click Next to continue 39 Add Remote Access Policy x Fermissions Determine whether to giani or deny remote access permitzlor You can Lee a Remote Access Policy ether to grant certain access privileges toa group of users of to act as a fiter and deny access piivilegez to a group of users lf a user matches the speched comditiors f Grant emote access permission C Deny remote access permission 33 Click Edit Profile Add Remote Access Policy i xj User Profile Specity the user prolile You can now specity the profile for users who matched the conditions pou have specifi
53. ing procedures show how to configure 802 1X Authentication with WL 3555 in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again 4 4 1 EAP MD5 Authentication 1 Go to Start gt Control Panel double click on Network Connections 2 Right click on the Wireless Network Connection which using WL 3555 3 Click Properties to open up the Properties setting window Wireless Hetwork Connection Status EJES General Support Connection status Connected Duratior 01 47 43 Speed 220 Mbps Signal Strength q oa Activiby Receved Butez 335 a 4 Click on the Wireless Network tab ie Wireless Hetwork Connection Properties General f wireless Networks Authentication Advanced Connect using Eg 22M WLAN PCI Adepte Thiz connection uses the following temz y e Pie charg aN Microsoft MHetworks el 2 QoS Packet Scheduler 7 Internet Protocol TCP IP Install Uninstal Descnptior Allows pour computer to access resources on a Microsoft network e Show icanin notiicetion area when connected Ok Cancel 5 Click Properties of one available wireless network which you want to associate with t Wireless Hetwork Connection Properties El E General wireless Networks Aut
54. l server LAN Server Type the LAN IP address that will be assigned to the virtual server Add Click to add the virtual server to the table at the bottom of the screen Update Click to update information for the virtual server if you have selected a list item and have made changes Delete Select a list item and click Delete to remove the item from the list Clear Click Clear to erase all fields and enter new information 3 5 3 Special AP This screen allows you to specify special applications such as games that require multiple connections that are inhibited by NAT The special applications profiles are listed in the table at the bottom of the page LAN Setting TCP Wireless o Protocol Mer Status i ia Port Range Routing Protocol ter y Acc Port Management 1 Tools F LE le e i Name TrigerPortRange Incoming Port F Battle net 6112 6112 F Dialpad paa 51200 51201 51210 Enable Click to enable or disable the application profile When enabled users will be able to connect to the application via the WRT 410 WAN connection Click Disabled on a profile to prevent users from accessing the application on the WAN Name Type a descriptive name for the application Trigger Defines the outgoing communication that determines whether the user has legitimate access to the application Protocol Select the protocol TCP UDP or ICMP that can be used to access the application Port Range
55. lass B digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connecting to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device complies with Part 15 of the FCC Rules Operation is subject to the Following two conditions 1 This device may not cause harmful interference and 2 this Device
56. le This screen enables you to set up the firewall The WRT 410 provides basic firewall functions by filtering all the packets that enter the WRT 410 using a set of rules The rules are in an order sequence list the lower the rule number the higher the priority the rule has The rule profiles are listed in the table at the bottom of the page 95 FFilters Virtual Server a Sash AP PDMZ Firewall Rule J a Enable Cr Disabled Action s Allow Deny Interface E Range Start T Range End Protocol Protocol Destinatio af r rep lt _ Management Add Ubdste Belete New Eroniy ip Erant Woven Update Priority _ Tools La Liia p LAI Th LZETHAG Status O Dr Routing oo all al Action Name TO PESTE ES Fo Allow Allow to Ping WAN port WAN LAN 192 168 1 1 ICMP 8 EF Deny Default k LAN TP 0 Enable Click to enable or disable the firewall rule profile Name Type a descriptive name for the firewall rule profile Action Select whether to allow or deny packets that conform to the rule Source Defines the source of the incoming packet that the rule is applied to Interface Select which interface WAN or LAN the rule is applied to IP Range Start Type the start IP address that the rule is applied to IP Range End Type the end IP address that the rule is applied to Destination Defines the destination of the incoming packet that the rule is applied to Interface Select
57. ly by Radius Server and WRT 410 can be briefed as follows 1 The client sends an EAP start message to WRT 410 2 WRT 410 replies with an EAP Request ID message 3 The client sends its Network Access Identifier NAI its user name to WRT 410 in an EAP Respond message 4 WRT 410 forwards the NAI to the RADIUS server with a RADIUS Access Request message 5 The RADIUS server responds to the client with its digital certificate 34 2 6 The client validates the digital certificate and replies its own digital certificate to the RADIUS server 7 The RADIUS server validates client s digital certificate 8 The client and RADIUS server derive encryption keys 9 The RADIUS server sends WRT 410 a RADIUS ACCEPT message including the client s WEP key 10 WRT 410 sends the client an EAP Success message along with the broadcast key and key length all encrypted with the client s WEP key 4 2 RADIUS Server Setup 4 2 1 Required Services After Windows 2000 server has been installed please install Service Pack 2 also and other latest security patch Furthermore the following service components are needed n Active Directory Please consult with your network administrator or an engineer who is familiar with Windows 2000 server to install Active Directory otherwise your system or network might be unstable n IAS Internet Authentication Service n Web Server IIS n Certificate Service 4 2 2 Setup Procedure 1
58. manage your WRT 410 A WRT 410 with an assigned IP address will allows you to monitor and configure via web browser e g MS Internet Explorer or Netscape 1 Open your web browser 2 Enter the IP address of your WRT 410 in the address field default IP address is http 192 168 1 1 3 AUser Name and Password dialog box will appear Please enter your User Name and Password here Default User Name and Password are both admin Click OK Enter Network Password x j Please type your user name and password Site 192 168 1 1 Realm AP Router User Name i jf Password FIA 7 Save this password in pour password list Cancel 4 Then you will see the WRT 410 web configuration page 5 When the first time you enter WRT 410 Setup Wizard will pop up Please refer to our Quick Installation Guide to use the Setup Wizard to configure Setup Wizard will guide you through configuration step by step 3 1 Main 3 1 1 LAN amp DHCP Server You can configure WRT 410 s IP settings and DHCP server function in this screen When configuration is completed please click Apply to save and restart WRT 410 Ps LANSDHCP server WAN P Password Time PP Dynamic DNS Host Mame CE f A 192 168 1 1 subnet Mask 255 255 2550 DHCP Server Enabled Disabled sne loz 1651100 f Domain Mare gt Ma nagement i aace TME 1 Week Cancel Apply HostName IP Address MAC Address testxp nb 192 168 1 101 00
59. nformation Gateway Address Type the gateway address of your network Your ISP or network administrator provides you with this information Interface Select the interface WAN or LAN that you will use to connect to the Internet Metric Select which metric you want to apply to this configuration Add Click to add a configuration to the static IP address table at the bottom of this page Update Select one of the entries in the static IP address table at the bottom of the page and after changing parameters click Update to confirm the changes Delete Select one of the entries in the static IP address table at the bottom of the page and click Delete to remove the entry New Click New to clear the fields and add required information to create a new entry 3 4 2 Dynamic This screen allows you to set the NAT parameters 46 2 PE Wireless AR A Status NAT Select the option to enable or disable NAT Transmit Select the option to set the desired transmit parameters Disabled RIP 1 or RIP 2 Receive Select the option to set the desired transmit parameters Disabled RIP 1 or RIP 2 3 4 3 Routing Table This screen will show you the routing table of WRT 410 The routing table is a database created by the WRT 410 that displays the network interconnection topology P Static P Dynamic Bs Routing Table A Network Address Network Mask Gateway Address Interface Metric Type Network Address Display
60. ng from remote locations UPNP Enable Click to enable or disable UPNP Gaming mode Click to enable or disable Game mode PPTP Click to enable or disable PPTP passthrough IPSec Click to enable or disable IPSec passthrough 3 Tools 3 7 1 Restart Click Restart to restart the system in the event the system is not performing correctly P Restart P Settings M Firmware P Ping test mE sg restart LAN Setting Wireless Status Routing pi Jement Bs TF Baal i haa 3 7 2 Settings This screen allows you to save settings as a profile and load profiles for different circumstances You can also load the factory default settings and run a setup wizard to configure the WRT 410 and WRT 410 interface OG _ gLoad Settings ee F 7 a i relata la l dan i 10 1 j A ay Managenen Save Settings Click to save the current configuration as a profile that you can load when necessary Load Settings Click Browse and go to the location of a stored profile Click Load to load the profile s settings Restore Factory Default Settings Click to restore the default settings All configuration changes you have made will be lost 3 7 3 Firmware You can upgrade your WRT 410 with new firmware in this screen Please follow these instructions 1 Download the latest firmware from PLANET s website and save it to your disk 2 Click Browse and find out the location of the downloaded file
61. ntication Frenptior Advanced Check the authentication methods which are alowed hor this connection Ertensible 4uthertication Protacal Select the EAF type which is acceptable for this polce MOE Challenge Scnhigure NT Microsot Encrypted Authentication version E MS CHAF v2 T Microsoft Encrypted Authentication MS CH4P IY Encrypted Authentication CHAF rn Unencrpted Sutbentcalion PAF S PAP Unalthenticated Access C low remotes PPP clients to connect without negotiating any authentication method Cancel Apaly 41 38 Select Internet Authentication Service Local click on Action from top panel Then click Register Service in Active Directory P Internet Authentication Service i za Oj x action view e gt elm a 2 Om T Open gt Sharh SERVICE E 3 Welcome to Internet Authentication Stop Service Service Register Service in Active Directory Internet Authentication Service 145 performs centralized authentication authorization and Help accounting of users who connect to a network using virtual private network VPN and dial up technology 145 implements the IETF standard Remote Authentication Dial in User Service RADIUS protocol Properties To enable the 145 server to read the remote access properties of user accounts in the Active Directory on the Action menu click Register service in Active Directory For more information about settin
62. o and Super G with Static Turbo When you use Super G mode it is recommended to enable 11g only for best performance 3 3 Status 3 3 1 Device Information This screen enables you to view the router LAN wireless LAN and WAN configuration 243 2 P Device information P Log P Log Setting Statisic Wireless Firmware Version 1 4 0 2003 10 22 i A Cal SS SSS LAN Sei tting ma i MAC Address 00 50 Ca 11 52h 74 A l EiT i IP Address 19216814 us Subnet Mask 255 255 255 0 0 J RE touting DHCP Server Enabled DHCP Table Access o Manag jeme iit Tools Connection 802 119 AP Enable ESSID WRT 410 Firmware Version Displays the latest build of the WRT 410 firmware interface After upgrading the firmware in Tools gt Firmware check this to ensure that your firmware was successfully upgraded LAN This field displays the WRT 410 LAN interface MAC address IP address subnet mask and DHCP server status Click DHCP Table to view a list of client stations currently connected to the WRT 410 LAN interface Wireless Displays the WRT 410 wireless connection information including the WRT 410 wireless interface MAC address connection status SSID status which channel is being used and whether WEP is enabled or not WAN This field displays the WRT 410 WAN interface MAC address DHCP client status IP address subnet mask default gateway and DNS Click DHCP Release to release IP addr
63. ok Store Subject Wireless A Ty Issuer Self Issued Time Validity Monday January 06 2003 through Thursday January 06 2005 Serial Number 13271301 4F4837B3 41 ED4CF7 249709F4 Thumbpring shel 294PCB3C 209F2F21 40C262F9 ZODSDERA 64900 10E Thumbprink rid 1EB41EC0 20364070 66512146 41366440 ve 9 Certificate is now installed Wireless Adapter Setup 1 Go to Start gt Control Panel double click on Network Connections 53 2 Right click on the Wireless Network Connection which using WL 3555 3 Click Properties to open up the Properties setting window Wireless Hetwork Connection Status El E General Connection otatus Connected Duratior 01 47 49 Soeed 220 Mbpe Signal Strength q aiil Cent a Hecawed 70 335 0 Acii 4 Click on the Wireless Network tab d Wireless Hetwork Connection Properties 1 Ex General Wireless Networks Authentication Advanced Connect using BY 22M WLAN PCI Adapter Thiz connection uzes the Following temz Cal Fie AES ang SN Missit Metworks el 2 oS Packet Scheduler 47 Internet Protocol TCP IP Install Uninstal Properties Descnptior Alows pour computer to access resources on a Microsoft network fe Show icanin notification area when connected Cancel 5 Click Properties of one available wireless network which you want to associate with 54 Wireless Network
64. onto provide authenticated network access tor wired and wireles Elhemet networks Enable nebvork access control using IEEE 302 1 J MDSChalleng MOS Challenge Smat Card or other Certificate A uthenticate as computer when computer infomation is available Suthentcate ae quest when user or computer hbomation is unavailable OF Cancel 49 12 Click OK 13 When wireless client has associated with WRT 410 a user authentication notice appears in system tray Click on the notice to continue ba P Y a iti p HE F A Wireless Network Conmection i Click here to enter your use nama and password For tre network PLANET RT distan 14 Enter the user name password and the logon domain that your account belongs 15 Click OK to complete the validation process Wireless Hetwork Connection User name test Password Logon doman FAE LOCAL 4 4 2 EAP TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a 50 CA server Furthermore you must have a valid account password to access the server 1 Active web browser enter http 192 168 1 10 certsrv in the Address field which 192 168 1 10 is the IP address of our server This will directly access to Certificate Service of a Windows 2000 server A dialog box will prompt you to enter user name and passw
65. ord 2 Enter a valid user name and password then click OK to continue Connect to 192 162 1 10 Connecting to 192 166 1 10 Password Remember my password T 3 Select Request a certificate and click Next to continue e Microsoft Certificate 5emires Microsoft internnet Explorer Fie Edt View Favorites Took Help a eat x Ed x a de pa Search Y Favores mea e G gt 5 Microsoft Certificate Searrices Wy Welcome You Use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certifcale you will be able to securely identity yourself to other people over the web sign your email messages encrypt your e mail messages and more depending upon the toe of certificate you request 4 Select User Certificate request and click Next to continue 541 Microsoft Certificate Services Microsoft Internet Explorer Fie Eo Yew Favorites Toos Help Q vox E EA e pO sea siy Fovontes A Hoda 5 E3 de E Home Choose Request Type Please select the wpa of raquest you would like to make User cenificate request User Cenfcale Advanced request 5 Click Submit gt to continue Microsoft Certificate services Microsoft Internet Explorer Fie Ect View Favorites Took Hep CS bak gt x E ee pe Saarch Ji Favores GP meda GB EN 53 Address a http 152
66. owing sections we will guide you to build an 802 1X Infrastructure step by step The instructions are divided into three parts RADIUS Server Setup Microsoft Windows 2000 server Authenticator Setup WRT 410 Wireless Client Setup Microsoft Windows XP WRT 410 Bi WAP 4000 IWATA Server Intranet The above graph shows the network topology of the solution we are going to introduce As illustrated a group of wireless clients is trying to build a wireless network with WRT 410 in order to have access to both Internet and Intranet With 802 1X authentication each of these wireless clients would have to be authenticated by RADIUS server If the client is authorized WRT 410 would be notified to open up a communication port to be used for the client There are 2 Extensive Authentication Protocol EAP methods supported 1 MD5 and 2 TLS MD5 authentication is simply a validation of existing user account and password that is stored in a database of RADIUS server Therefore wireless clients will be prompted for account password validation to build the link TLS authentication is a more complicated authentication which is using certificate that is issued by RADIUS server for authentication TLS authentication is a more secure authentication since not only RADIUS server authenticates the wireless client but also the client can validate RADIUS server by the certificate that it issues The TLS authentication request from wireless clients and rep
67. s the network IP address of the connected node Network Mask Displays the network subnet mask of the connected node Gateway Address Displays the gateway address of the connected node Interface Displays whether the node is connected via a WAN or LAN Metric Displays the metric of the connected node Type Displays whether the node has a static or dynamic IP address 19 3 5 Access 3 5 1 Filters This screen enables you to allow and deny user access based upon the filters you set If MAC Filters is selected the screen appears as below Filters Virtual Server Special AP DMZ PF Firewall Rule LAN Setting ters ey m W ape F f EG are used to allow or deny LAN Users from accessing the Internet irel 255 Lope proa i G MAC Filters a URL Blocking tatus A ME OOCK C IP Filters Domain Blocking Protocol Fitters MAC Filter YO Disabled e S Routing ES Ee Ta ala Tools IZArc MAC Filter Enables you to allow or deny Internet access for users within the LAN based upon the MAC address of their network interface Click the radio button next to disable or enable the MAC filter Disabled All users are allowed Internet access Enable All users are allowed Internet access except those users listed in MAC table MAC Table Use this section to create a table to which Internet access is denied or allowed The user profiles are listed in the table at the bottom of the page Note When selecting it
68. screen would appear as above C 02 1 Status Routing Access Management Tools WEP You can enable or disable WEP function here Mode Select the key code you want to use for WEP Key HEX or ASCII When Hex is selected you may enter alphanumeric characters in the range of A F a and 0 9 in the WEP Key entry field Alternatively you may enter digit hexadecimal values in the range of a z A Z and 0 9 WEP Key Select the level of encryption you want from the drop down list WRT 410 supports 64 and 128 bit encryption Key 1 Key 4 There are 4 keys available please ensure you have enter correct number for the key values with different Key Length and coding Hex or ASCII as 64bit 10 Hex digit 5 ASCII 128bit 26 Hex digit 13 ASCII or 256bit 58 Hex digit 29 ASCII please select one of them and enter the key you want to use Click Clear to erase key values Note 128bit WEP encryption will require more system resources than 64bit encryption Use 64 bit encryption for better performance If WPA or 802 1x is selected in the Authentication Type field the screen appears as below 11 Basic Authentication Advanced HELP A Open System C Shared Key Authentication Type Bes apan woe y WPA O WPRAPSK O a02 Status B4 bits 128 bits pooo RADIUS Server 1 Port hasz Shared Secret Doo O O RADIUS Server 2 n pon Mal Port o Shared Secret
69. tive Tools gt Active Directory Users and Computers 12 Right click on domain and select Properties to continue Ae Aa tie Directory Users and Compubers lan x Corse Window Help ej z acer vow o gt Om ABS amar Tree FAELOCAL Subjects Z active Drectory Users Mame type i foerit i a bool D lin ltinbomain 4 Ee pease Control onkaner Defauk container for upor E Find rgenizational Defauk container for ner Connect to Benes 3 onksiner Defauk container for secu a Connect to Doman Controler er Defauk container for ungr J Operations Masters Men k All Tasks b WEN La Her Window from Here Relresn Export List Properties pens pra Hels a 13 Select Group Policy tab and click Properties to continue 34 FAE LOCAL Properties 3x General Managed By Current Group Policy Object Links for FAE Group Policy Object Links No Overnide Disabled AD etauk Domain Policy Group Policy Objects higher in the list have the highest priority This list obtained from tael FAE LOCAL Up Properties Down Hew Add Options T Block Policy inheritance Lancel Apaly 14 Go to Computer Configuration gt Security Settings gt Public Key Policies 15 Right click Automatic Certificate Request Setting and select New
70. uthenticated network access for wired and wireles Ethemet networks Enable netwok access control using IEEE 302 1 Smat Card or other Cerbhicate mait Card or other Certificate SuUthenicate as computer when computer infomation it available Authenticate as quest when user or computer formation is unavailable ok J Cancel 11 Click OK 12 When wireless client has associated with WRT 410 Windows XP will prompt you to select a certificate for wireless network connection If you only have one certificate in local computer system will automatically use it for authenticate If you have multiple certificates in local computer click on the network connection icon in the system tray to continue a a me PaRa ees gr Wireless hebeork Connection E Click here to select a cerbficate or othar cradentials Fo connection ba he network PLANET AT 56 13 Select the certificate that was issued by the server in our demonstration WirelessCA and click OK to continue Connect Wireless Hebrork Connection Friendly name laser Wireless CA Expiration date 1 6 2004 4 02 09 PM 14 Make sure this certificate is issued by correct server and click OK to complete the authentication process Yolidate Server Certificate A The Root Certification Authorty for the servers cerbficate id Wireless a Do you wank bo accept this connection 57 Chapter 5 Troubleshootin
71. y networks for debugging PORT Ports are the communications pathways in and out of computers and network devices routers and switches Most PCs have serial and parallel ports which are external sockets for connecting devices such as printers modems and mice All network adapters use ports to connect to the LAN Ports are typically numbered PPPOE PPPoE Point to Point Protocol Over Ethernet is used for running PPP protocol normally used for dial up Internet connections over an Ethernet PREAMBLE Preamble refers to the length of a CRC Cyclic Redundancy Check block that monitors communications between roaming wireless enabled devices and access points PROTOCOL A protocol is a rule that governs the communication of data IP RIP Routing Information Protocol is a routing protocol that is integrated in the TCP IP protocol RIP finds a route that is based on the smallest number of hops between the source of a packet and its destination RTS RTS Request To Send is a signal sent from the transmitting station to the receiving station requesting permission to transmit data SERVER Servers are typically powerful and fast machines that store programs and data The programs and data are shared by client machines workstations on the network SMTP SMTP Simple Mail Transfer Protocol is the standard Internet e mail protocol SMTP is a TCP IP protocol defining message format and includes a message transfer agent that stor
Download Pdf Manuals
Related Search