DOCSIS 3.
SMC Networks 20 Mason Irvine, CA. 92618 U.S.A. Copyright © 2011 SMC Networks All Rights Reserved Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, or for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
Contents Preface...................................................................................................................... v Key Features .............................................................................................................. vi Document Organization..............................................................................................vii Document Conventions ..............................................................................................
Contents Web Management Interface Menus and Submenus ................................................. 32 System Settings Menu......................................................................................... 34 Password Settings Menu..................................................................................... 35 LAN Settings Menu.............................................................................................. 36 Ether Switch Port Control Menu ...................................
Preface Congratulations on your purchase of your SMCD3GN2 Wireless Cable Modem Gateway. Your SMCD3GN2 Wireless Cable Modem Gateway is the ideal all-in-one wired and wireless solution for the home or business environment. SMC is proud to provide you with a powerful, yet simple communication device for connecting your local area network (LAN) to the Internet. This user manual contains all the information you need to install and configure your new SMCD3GN2 Wireless Cable Modem Gateway.
Preface Key Features The following list summarizes the Gateway’s key features. y Integrated, CableLabs-compliant DOCSIS 1.1/ 2.0 /3.0 cable modem y Four 10/100/1000 Mbps Auto-Sensing LAN ports with Auto-MDI/MDIX y High-speed 300 Mbps IEEE 802.11n Wireless Access Point y Dynamic Host Configuration Protocol (DHCP) for dynamic IP configuration, and Domain Name System (DNS) for domain name mapping y One USB 2.0 port y IEEE 802.
Preface Document Organization This document consists of four chapters and two appendixes. y Chapter 1 - describes the contents in the Gateway package, system requirements, and an overview of the Gateway’s front and rear panels. y Chapter 2 - describes how to install the Gateway. y Chapter 3 - describes how to configure TCP/IP settings on the computer you will use to configure the Gateway. y Chapter 4 - describes how to configure the Gateway. y Appendix A - contains compliance information.
Preface Typographic Conventions This document also uses the following typographic conventions. Convention Description Bold Indicates text on a window, other than the window title, including menus, menu options, buttons, fields, and labels. Italic Indicates a variable, which is a placeholder for actual text provided by the user or system. Angled brackets (< >) are also used to indicate variables. screen/code Indicates text that is displayed on screen or entered by the user.
1 Getting to Know Your Gateway Before you install your SMCD3GN2 Wireless Cable Modem Gateway, check the package contents and become familiar with the Gateway’s front and back panels.
Getting to Know Your Gateway Unpacking Package Contents Your SMCD3GN2 package should include the following items: y One SMCD3GN2 Wireless Cable Modem Gateway y One power cord y One Category 5E Ethernet cable y One CD that contains this User Manual System Requirements To complete the installation, you will need the following items: y Provisioned Internet access on a cable network that supports cable modem service y A computer with a wired network adapter with TCP/IP installed y A Java-enabled W
Getting to Know Your Gateway Front Panel The front panel of your SMCD3GN2 Wireless Cable Modem Gateway contains a set of lightemitting diode (LED) indicators. These LEDs show the status of the Gateway and simplify troubleshooting. The front panel also contains a WPS button for configuring wireless security automatically. Figure 1 shows the front panel of your SMCD3GN2 Wireless Cable Modem Gateway. Table 1 describes the front panel LEDs. Figure 1.
Getting to Know Your Gateway Table 1. Front Panel LEDs LED POWER Color Green Description ON = power is supplied to the Gateway. OFF = power is not supplied to the Gateway. DS Green Blinking = scanning for DS channel. ON = synchronized on 1 channel only. Blue DS and US US ON = synchronized with more than 1 channel (DS Bond mode). Both DS and US blinking together = operator is performing maintenance. Green Blinking = ranging is in progress. ON = ranging is complete on 1 channel only.
Getting to Know Your Gateway Configuring Wireless Security The front panel has a WPS button for configuring wireless security automatically. Pressing this button for 5 seconds automatically configures wireless security. If the client device supports WPS Push Button Configuration (PBC), press the button on the client within 60 seconds to automatically configure security on the client. After pressing this button for 5 seconds, the WPS LED on the front panel flashes.
Getting to Know Your Gateway Restoring Factory Defaults The Reset button on the back panel can be used to return the Gateway to its factory default settings. As a result, any changes made to the Gateway’s default settings will be lost. If you do not have physical access to the Gateway, you can use the GUI to either power cycle the Gateway (see “Using the Reboot Menu to Reboot the Gateway” on page 99) or return the Gateway to its factory default settings (see “Using the Tools Settings Menu” on page 98).
2 Installing Your Gateway This chapter describes how to install your SMCD3GN2 Wireless Cable Modem Gateway.
Installing Your Gateway Finding a Suitable Location The SMCD3GN2 Wireless Cable Modem Gateway can be installed in any location with access to the cable network. All of the cables connect to the rear panel of the Gateway for better organization and utility. The LED indicators on the front panel are easily visible to provide you with information about network activity and status.
Installing Your Gateway 2. Connect the other end of the cable to your computer’s network-interface card (NIC) or to another network device (see Figure 4). Figure 4. Connecting the Gateway to the a Laptop or Desktop Computer Connecting the WAN To connect the Gateway to a Wide Area Network (WAN) interface: 1. Connect a coaxial cable to the port labeled Cable on the rear panel of the Gateway from a cable port in your home or office (see Figure 2 on page 13).
3 Configuring Your Computer for TCP/IP After you install your SMCD3GN2 Wireless Cable Modem Gateway, configure the TCP/IP settings on a computer that will be used to configure the Gateway. This chapter describes how to configure TCP/IP for various Microsoft Windows and Apple Macintosh operating systems.
Configuring Your Computer for TCP/IP Configuring Microsoft Windows 2000 Use the following procedure to configure your computer if your computer has Microsoft Windows 2000 installed. 1. On the Windows taskbar, click Start, point to Settings, and then click Control Panel. 2. In the Control Panel window, double-click the Network and Dial-up Connections icon. If the Ethernet adapter in your computer is installed correctly, the Local Area Connection icon appears. 3.
Configuring Your Computer for TCP/IP Configuring Microsoft Windows XP Use the following procedure to configure a computer running Microsoft Windows XP with the default interface. If you use the Classic interface, where the icons and menus resemble previous Windows versions, perform the procedure under “Configuring Microsoft Windows 2000” on page 19. 1. On the Windows taskbar, click Start, click Control Panel, and then click Network and Internet Connections. 2. Click the Network Connections icon. 3.
Configuring Your Computer for TCP/IP Configuring Microsoft Windows Vista Use the following procedure to configure a computer running Microsoft Windows Vista with the default interface. If you use the Classic interface, where the icons and menus resemble previous Windows versions, perform the procedure under “Configuring Microsoft Windows 2000” on page 19. 1. On the Windows taskbar, click Start, click Control Panel, and then select the Network and Internet icon. 2.
Configuring Your Computer for TCP/IP 6. In the Internet Protocol Version 4 Properties dialog box, click Obtain an IP address automatically to configure your computer for DHCP (see Figure 8). Figure 8. Internet Protocol Properties Window 7. Click the OK button to save your changes and close the dialog box. 8. Click the OK button again to save your changes. Figure 9.
Configuring Your Computer for TCP/IP Configuring Microsoft Windows 7 Use the following procedure to configure a computer running Microsoft Windows 7. 1. In the Start menu search box, type: ncpa.cpl Figure 10. Typing ncpa.cpl in the Start Menu Box The Network Connections List appears. Figure 11. Example of Network Connections List 2. Right-click the Local Area Connection icon and click Properties. 3.
Configuring Your Computer for TCP/IP Figure 12. Local Area Network Connection Properties Dialog Box 4. In the properties dialog box, click Obtain an IP address automatically to configure your computer for DHCP (see Figure 13).
Configuring Your Computer for TCP/IP Figure 13. Properties Window 5. Click the OK button to save your changes and close the dialog box. 6. Click the OK button again to save your changes. Configuring an Apple® Macintosh® Computer The following procedure describes how to configure TCP/IP on an Apple Macintosh running Mac OS 10.2. If your Apple Macintosh is running Mac OS 7.x or later, the steps you perform and the screens you see may differ slightly from the following.
Configuring Your Computer for TCP/IP Figure 14.
4 Configuring Your Gateway This chapter describes how to use a Web browser to configure the Gateway.
Configuring Your Gateway Pre-configuration Guidelines Before you configure the Gateway, observe the guidelines in the following sections. Disabling Proxy Settings Disable proxy settings in your Web browser. Otherwise, you will not be able to view the Gateway’s Web-based configuration pages. Disabling Proxy Settings in Internet Explorer The following procedure describes how to disable proxy settings in Internet Explorer 5 and later. 1. Start Internet Explorer. 2.
Configuring Your Gateway Disabling Proxy Settings in Safari The following procedure describes how to disable proxy settings in Safari. 1. Start Safari. 2. Click the Safari menu and select Preferences. 3. Click the Advanced tab. 4. In the Advanced tab, click the Change Settings button. 5. Choose your location from the Location list (this is generally Automatic). 6. Select your connection method. If using a wired connection, select Built-in Ethernet. For wireless, select Airport. 7. Click the Proxies tab. 8.
Configuring Your Gateway Accessing the Gateway’s Web Management After configuring your computer for TCP/IP and performing the pre-configuration guidelines on the previous page, you can now easily configure the Gateway from the convenient Webbased management interface. From your Web browser (Microsoft Internet Explorer version 5.
Configuring Your Gateway Understanding the Web Management Interface Screens The left side of the management interface contains a menu bar you use to select menus for configuring the Gateway. When you click a menu, information and any configuration settings associated with the menu appear in the main area of the interface (see Figure 16).
Configuring Your Gateway The bottom right side of the screen contains three buttons: y Help displays online help y Apply click this button to save your configuration changes to the displayed page y Cancel click this button to discard any configuration changes made to the current page Web Management Interface Menus and Submenus Table 3 describes the menus and submenus in the Web management interface. Table 3.
Configuring Your Gateway Table 3. Web Management Interface Menus and Submenus Note: Some menus and submenus described in this chapter may not apply to your Gateway. Please check your Gateway’s GUI to see which items are available. Menu and Submenus NAT > Port Forwarding Description Configure predefined and custom port forwarding settings to let Internet users access local services such as the Web Server or FTP server at your local site.
Configuring Your Gateway System Settings Menu The System Settings menu lets you enable or disable Universal Plug and Play (uPnP) and Home Network Administration Protocol (HNAP). To access the System Settings menu, click System in the menu bar. Figure 18 shows an example of the menu and Table 4 describes the setting you can select. Figure 18. System Settings Menu Table 4. System Settings Menu Option Option Enable UPnP Description Configures your Gateway as a uPnP Internet gateway.
Configuring Your Gateway Password Settings Menu The Password Settings menu lets you change the default username and password used to log in to the Gateway’s Web interface. The Password Settings menu also lets you change the number of minutes of inactivity that can occur before your Web management session times out automatically. The default setting is 10 minutes. To access the Password Settings menu, click System in the menu bar and then click the Password Settings submenu.
Configuring Your Gateway Table 5. Password Settings Menu Options Option Description Current Password Enter the current case-sensitive login password. For security purposes, every typed character appears as a dot (y). The default password is not shown for security purposes. New Password Enter the new case-sensitive login password you want to use. A password can contain up to 32 alphanumeric characters. Spaces count as password characters.
Configuring Your Gateway Figure 20. LAN Settings Menu Table 6. LAN Settings Menu Options Option Description Private LAN IP IP Address IP address of the Gateway’s private LAN settings. Default IP address is 192.168.0.1. if you change this setting, the Gateway reboots after displaying a message. IP Subnet Mask Subnet mask of the Gateway’s private LAN settings. Default subnet mask is 255.255.255.0. Domain Name Domain name of the Gateway’s private LAN settings.
Configuring Your Gateway Option Description Lease Time Amount of time a DHCP network user is allowed connection to the Gateway with their current dynamic IP address. Default is One Week. This option is available when Enable DHCP Server is checked. Assign DNS Manually Enables or disables the DHCP server to allow automatic allocation of primary and secondary IP addresses for DSN servers on the LAN. • Checked = use static IP addresses for primary and secondary DNS servers.
Configuring Your Gateway Ether Switch Port Control Menu By default, the Gateway LAN ports are enabled to auto-negotiate the highest supported speed and appropriate duplex mode. If these settings prevent the Gateway from successfully connecting with other devices, you can use the Ether Switch Port Control menu to configure the Gateway to use fixed speed and duplex settings. The Ether Switch Port Control menu also let you disable the individual LAN ports.
Configuring Your Gateway The following procedure describes how to change the settings in the Ether Switch Port Control menu. 1. To change a port from auto-negotiation to a fixed speed and duplex setting: a. Uncheck the Auto check box for the port. b. Under Speed (10/100/1000), click the radio that corresponds to the fixed speed you want to use for that port. c. Under the Mode H/F column, leave the check mark for full-duplex mode or uncheck it for half-duplex mode. 2.
Configuring Your Gateway LAN Access Control Menu Using the LAN Access Control menu, you can: y Allow all EtherLAN client stations to access the Internet through the Gateway. This is the default setting. y Allow certain trusted EtherLAN client stations to access the Internet through the Gateway. You use the add up to 16 trusted clients. y Deny certain trusted EtherLAN client stations from accessing the Internet through the Gateway. You use the add up to 16 untrusted clients.
Configuring Your Gateway Controlling LAN Access By default, All EtherLAN LAN stations is selected at the top of the menu. This setting allows all client stations to access the Internet through the Gateway. To restrict LAN access, click one of the following radio buttons and click Apply: y Trusted PC List = restricts Internet access through the Gateway to client stations in the Lan Trusted Table. To add client station to this table, see “Adding and Deleting Trusted Client Stations”, below.
Configuring Your Gateway 4. To delete client stations from the Lan Trusted Table, click the radio button corresponding to the client station you want to delete and click the Delete button. A precautionary message does not appear before deleting a client station. 5. To enforce this policy, click Trusted PC list at the top of the menu. 6. When you finish, click Apply.
Configuring Your Gateway QoS Settings Menu Quality of Service (QoS) refers to a collection of techniques for identifying data whose delivery across the network is time sensitive, and managing its delivery through both bandwidth allocation and prioritization schemes Using the QoS Settings menu, you can enable the Gateway’s QoS module to provide guarantees on the ability of the network to deliver predictable results. To access the QoS menu, click QOS in the menu bar. Figure 23 shows an example of the menu.
Configuring Your Gateway Port Based QoS Menu The Port Based QoS menu lets you enable or disable the Gateway’s port-based QoS setting. To access the Port Based QoS menu, click QOS in the menu bar and then click the Port submenu in the menu bar. Figure 24 shows an example of the menu. y To enable the Gateway’s port-based QoS setting, check Enable Port Based QoS and click Apply. y To disable the Gateway’s port-based QoS setting, uncheck Enable Port Based QoS and click Apply.
Configuring Your Gateway CoS Settings Menu Given that there will always be points in the network where multiple traffic streams merge or where network links will change speed and capacity, it is important to move traffic on the basis of relative importance. Without CoS prioritization, less important traffic can consume network bandwidth and slow down or halt the delivery of more important traffic.
Configuring Your Gateway To define CoS settings: 1. Check Enable QoS Class based on CoS. 2. For each class of service, assign a queue number from 0 to 3. Higher priority values are evaluated as being of higher importance than lower priority values. 3. Under Port Default CoS, map the Gateway’s four ports to the classes of service you defined in the previous step. – CoS setting from 0 to 3 = normal priority. Packets in this queue leave the port after the high-priority queue is emptied.
Configuring Your Gateway DSCP Based QoS Menu The DSCP Based QoS menu lets you classify and prioritize traffic using DSCP tags. DSCP allows the Gateway to determine how traffic classes should be prioritized. Using the DSCP Based QoS menu, you can use DSCP to provide different levels of service to conforming and non-conforming traffic by appropriately selecting the DSCP values in this menu.
Configuring Your Gateway Figure 26. DSCP Based QoS Menu To define DSCP-based QoS settings: 1. Check Enable DHCP Based QoS. 2. For each index, enter a DSCP value from 0 to 63. 3. Under Queue, select a queue (from 0 to 3) you want to map to this DSCP value. Higher priority values are evaluated as being of higher importance than lower priority values. 4. To define DSCP-based QoS values for other queues, repeat steps 2 and 3. 5. Click Apply.
Configuring Your Gateway Queue Settings Menu The Queue Settings menu lets you configure QoS behavior as either strict priority or weighted priority. y Strict priority – allows delay-sensitive data such as voice to be sent before packets in other queues. y Weighted priority – lets you assign each queue with a certain weight indicating the amount of guaranteed capacity, with high priority packets served before any low priority packets.
Configuring Your Gateway By default, the Gateway uses strict priority. To change to weighted priority: 1. For Queue Type, select Weighted Priority. The options in Figure 28 appear. Figure 28. Weighted Priority Options 2. For Weight Base, select a queue weight to ensure that some sets of queues get higher thresholds than others. Queue weight directs the Gateway to set the queue thresholds proportionately. Choices are 8 or 10. Queues with a weight of 10 are longer than those with a queue weight of 8. 3.
Configuring Your Gateway DSCP Remarking Menu The DSCP Remarking menu lets you configure the Gateway’s DSCP remarking mode and actions. To access the Queue Settings menu, click QOS in the menu bar and then click the DSCP Remarking submenu in the menu bar. Figure 29 shows an example of the menu. Note: The DSCP Remarking submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 39). Figure 29. DSCP Remarking Menu To configure DSCP remarking settings: 1.
Configuring Your Gateway Table 8. DSCP Remarking Options Option Dscp remarking mode Description Lets you select the DSCP remarking mode that the Gateway is to use. Choices are: • Map frame priority to AF code points = select this option for Quality of Service configurations that use assured forwarding (AF) code points to mark packets. AF guarantees a certain amount of bandwidth to an AF class and allows access to extra bandwidth, if available.
Configuring Your Gateway Wireless Basic Settings Menu The Wireless Basic Settings menu lets you configure basic wireless settings, such as: y Enabling or disabling the Gateway’s wireless operation y Selecting a wireless mode y Configuring the primary SSID y Configuring channel settings To access the Wireless Basic Settings menu, click Wireless in the menu bar. Figure 30 shows an example of the menu and Table 9 describes the settings you can select. Figure 30.
Configuring Your Gateway Table 9. Wireless Basic Settings Menu Options Option Wireless ON/OFF Description Enables or disables the Gateway’s wireless operation. • ENABLE = Gateway’s wireless operation is active. Selecting this option activates the options in this menu. Clicking Apply displays the submenus below the Wireless menu. • DISABLE = Gateway’s wireless operation is not active. Selecting this option deactivates the options in this menu. Clicking Apply hides the submenus below the Wireless menu.
Configuring Your Gateway Wireless Encryption Settings Menu Using the Wireless Encryption Settings menu, you can protect the data transmitted across your wireless network. The same encryption keys you specify here must also be configured on your other wireless client devices on your wireless network. To access the Wireless Encryption Settings menu, click Wireless in the menu bar and then click the Encryption submenu. Figure 31 shows an example of the menu and Table 10 describes the settings you can select.
Configuring Your Gateway Table 10. Wireless Encryption Settings Menu Options Option Description SSID Network name of the of the primary wireless carrier. This field can be changed by administrators, but not by users. Security Mode Selects the security mode used to protect transmissions across the wireless network. • None = no security is used over the wireless network. • WEP = Wired Equivalency Privacy encryption is used over the wireless network.
Configuring Your Gateway Figure 32. WEP Options Table 11. WEP Options Option Description WEP Key Length Level of WEP encryption applied to all WEP keys. Choices are 64-bit (10 hex digits) and 128-bit (26 hex digits). WEP Key 1 – WEP Key 4 Fields for entering up to four WEP keys manually. Alternatively, you can click the Generate Keys button to generate these keys automatically. Default WEP Key Specifies which of the four WEP keys the Gateway is to use as its default.
Configuring Your Gateway Figure 33. WPA_Personal Options Table 12. WPA_Personal Options Option WPA Mode Description Lets you select the WPA mode they want to use. Choices are: • WPA-PSK = select this setting if your access points and wireless clients support WPA-Pre-Shared Key (PSK) Authentication. • WPA2-PSK = select this setting if your access points and wireless clients support WPA2-PSK Authentication.
Configuring Your Gateway WPS Setup Using the WPS Setup menu, you can enable or disable WPS. WPS is a standard for easy and secure wireless network set up and connections. The advantages of WPS are: y WPS automatically configures the network name (SSID) and WPA security key for the Gateway and for the access point and wireless devices that join the network. y You do not need to know the network name and security keys or passphrases to use WPS to join a wireless network.
Configuring Your Gateway Figure 34. WPS Setup Menu By default, WPS is disabled. If you select ENABLE and click Apply, the options in Figure 35 are displayed. Table 13 describes the options shown.
Configuring Your Gateway Figure 35. WPS Setup Menu with WPS Config Enabled Table 13. WPS Summary and WPS Progress Options Option WPS Config Description Enables or disables the Gateway’s WPS setup. • ENABLE = Gateway’s WPS setup is available. (default) • DISABLE = Gateway’s WPS setup is unavailable. WPS Summary WPS Current Status A read-only field that shows whether WPS is currently being used. WPS Configured A read-only field that whether WPS has been configured.
Configuring Your Gateway MAC Filtering Using the MAC Filtering menu, you can define up to 16 MAC address filters to prevent PCs from sending outgoing TCP/UDP traffic to the WAN via their MAC addresses. This is useful because a specific NIC’s MAC address never changes, unlike its IP address, which can be assigned by a DHCP server or hard-coded to various addresses over time.
Configuring Your Gateway Table 14. MAC Filtering Options Option Description SSID Network name of the of the primary wireless carrier. MAC Filtering Mode Determines which wireless client stations can connect to the Gateway. The choices are: • Allow- All = all wireless client stations can connect to the Gateway. (default) • Allow = allow only the wireless client stations in the MAC filter table to connect to the Gateway. • Deny = no wireless client stations can connect to the Gateway.
Configuring Your Gateway Advanced Wireless Settings Menu Using the Advanced Wireless Settings menu, you can configure advanced wireless settings for the Gateway. To access the Advanced Wireless Settings menu, click Wireless in the menu bar and then click the Advanced Wireless Settings submenu. Figure 37 shows an example of the menu and Table 15 describes the settings you can select.
Configuring Your Gateway Table 15. Wireless Advanced Settings Options Option BG Protection Mode Description This mode is a protection mechanism that prevents collisions among 802.11b/g modes. Choices are: • Auto = BG protection mode goes on or off automatically as needed. • Always-On = BG protection mode is always on. • Always-Off = BG protection mode is always off. (default) IGMP Snooping Enables or disables the Gateway from forwarding multicast traffic intelligently.
Configuring Your Gateway Port Forwarding Menu The Port Forwarding menu lets you configure the Gateway to provide port-forwarding services that let Internet users access predefined services such as HTTP (80), FTP (20/21), and AIM/ICQ (5190) as well as custom-defined services. You perform port forwarding by redirecting the WAN IP address and the service port to the local IP address and service port. You can configure a maximum of 100 predefined and custom-defined services.
Configuring Your Gateway Adding Predefined Services Using the following procedure, you can select well-known services and specify the LAN host IP address(es) that will provide the service to the Internet. 1. In the Port Forwarding menu, uncheck Disable Port Forwarding Function if it is checked. 2. Click the Add button below the Predefined Service Table. The Predefined Service menu appears (see Figure 39). 3. Complete the fields in the Predefined Service menu (see Table 16). 4. Click Apply.
Configuring Your Gateway Figure 39. Predefined Service Menu Table 16. Predefined Service Menu Options Option Description Service List of predefined services from which you can choose. LAN Server IP IP address of the LAN PC or server that is running the service. Remote IPs Forwards the service to any remote IP address, one remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field.
Configuring Your Gateway Adding Customer-Defined Services Using the following procedure, you can define special application services you want to provide to the Internet. The following example shows how to set port forwarding for a Web server on an Internet connection, where port 80 is blocked from the WAN side, but port 8000 is available. Name: Type: LAN Server IP: Remote IPs: Public Port: Private Port: Web Server TCP 192.168.0.
Configuring Your Gateway Figure 40.
Configuring Your Gateway Table 17. Customer Defined Service Page Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol. Choices are TCP, UDP, and TCP/UDP. Default is TCP. LAN Server IP IP address of the LAN PC or server that is running the service. Remote IPs Forwards the service to any remote IP address, one remote IP address, or a range of remote IP addresses.
Configuring Your Gateway Security Settings (Firewall) Menu The Security Settings (Firewall) menu lets you enable or disable the Gateway’s firewall.
Configuring Your Gateway Configuring Access Control The Access Control menu lets you enable access control to block traffic at the Gateway's LAN interfaces from accessing the Internet. To access the Access Control menu, click Firewall in the menu bar and then click the Access Control submenu in the menu bar. Note: The Access Control submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 73).
Configuring Your Gateway Figure 42.
Configuring Your Gateway Adding Predefined Access Rules Using the following procedure, you can select a well-known service and specify whether to block all LAN hosts, a single LAN host, or a range of LAN hosts. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Predefined Service Table, click the Add button. The Predefined Access Rules menu appears (see Figure 43). 3.
Configuring Your Gateway Figure 43.
Configuring Your Gateway Table 18. Predefined Access Rules Menu Options Option Description Service List of predefined services from which you can choose. Remote IPs Allows access to any remote IP address, one remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field. • If you select a range of remote IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field.
Configuring Your Gateway Adding Customer-Defined Access Rules Using the following procedure, you can define your own rules regarding the type of traffic allowed from the Internet to the public LAN site. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Customer Defined Service Table, click the Add button. The Customer Defined Access Rules menu appears (see Figure 44). 3.
Configuring Your Gateway Figure 44.
Configuring Your Gateway Table 19. Customer Defined Access Rules Menu Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol you want to access rule. Choices are TCP, UDP, and TCP/UDP. Default is TCP. Remote IPs Lets you apply the access rule to any remote IP addresses, a single remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field.
Configuring Your Gateway Adding Predefined Filters Using the following procedure, you can add predefined filters that block certain types of traffic from the LAN side of the Gateway to the Internet side of the Gateway . 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Predefined Filtering Table, click the Add button. The Predefined Filter menu appears (see Figure 45). 3.
Configuring Your Gateway Figure 45. Predefined Filter Menu Table 20. Predefined Filter Menu Options Option Description Service List of predefined services from which you can choose. LAN IPs Lets you apply the filter to any LAN IP addresses, a single LAN IP address, or a range of LAN IP addresses. • If you select one LAN IP address, enter the IP address in the Start IP field.
Configuring Your Gateway Adding Customer-Defined Filters Using the following procedure, you can add customer-defined filters that block certain types of traffic from the LAN side of the Gateway to the Internet side of the Gateway. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Customer Defined Filtering Table, click the Add button.
Configuring Your Gateway Figure 46.
Configuring Your Gateway Table 21. Customer Defined Filter Menu Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol you want to filter. Choices are TCP, UDP, and TCP/UDP. Default is TCP. LAN IPs Lets you apply the filter to any LAN IP addresses, a single LAN IP address, or a range of LAN IP addresses. • If you select one LAN IP address, enter the IP address in the Start IP field.
Configuring Your Gateway Configuring Special Applications Using the Special Application menu, you can configure the Gateway to detect port triggers for detect multiple-session applications and allow them to pass the firewall. For special applications, besides the initial communication session, there are multiple related sessions created during the protocol communications. Normally, a normal treats the triggered sessions as independent sessions and blocks them.
Configuring Your Gateway Figure 47. Special Application Menu To enable port triggering: 1. In the Special Application menu, check Enable Triggering if it is unchecked and click the Apply button. The Trigger Table becomes available. 2. Click the Add button below Trigger Table. The Trigger menu appears (see Figure 48). 3. Complete the fields in fields Trigger menu (see Table 22). 4. Click Apply. (Or click Back to return to the Trigger menu or Cancel to cancel any selections you made.
Configuring Your Gateway Figure 48. Trigger Menu Table 22. Trigger Menu Options Option Description Name Name for identifying the trigger. The name is for reference purposes only. Type The type of protocol you want to use with the trigger. Choices are TCP and UDP. Default is TCP. For example, to track the H.323 protocol, the protocol type should be TCP. Trigger Port From and To port ranges of the special application. For example, to track the H.323 protocol, the From and To ports should be 1720.
Configuring Your Gateway Configuring URL Blocking Using the URL Blocking menu, you can configure the Gateway to block access to certain Web sites from local computers by entering either a full URL address or keywords of the Web site. the Gateway examines all the HTTP packets to block the access to those particular sites. This feature can be used to protect children from accessing inappropriate Web sites. You can block up to 50 sites.
Configuring Your Gateway To enable URL blocking: 1. In the URL Blocking menu, check Enable Keyword Blocking if it is not checked and click Apply. 2. To exempt a computer from URL blocking, enter the computer’s MAC address in the Add exempted PC field and click the Add Trusted Host button. The MAC address you entered appears in the Exempted PC List. – Repeat this step for each additional computer (up to 10) you want to make exempt from URL blocking.
Configuring Your Gateway Configuring Schedule Rules Schedule rules work with the Gateway’s URL blocking feature (described on page 90) to tell the Gateway when to perform URL blocking. To access the Schedule Rule menu, click Firewall in the menu bar and then click the Schedule Rule submenu in the menu bar. Figure 50 shows an example of the menu. Note: The Schedule Rule submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 73).
Configuring Your Gateway Configuring Email and Syslog Alerts The Gateway inspects packets at the application layer, and stores TCP and UDP session information, including timeouts and number of active sessions. This information Is helpful when detecting and preventing Denial of Service (DoS) and other network attacks.
Configuring Your Gateway Figure 51.
Configuring Your Gateway Configuring Email Alerts The following procedure describes how to configure the Gateway to send email notifications. This procedure assumes that your mail server is working properly. 1. In the Email/Syslog Alert menu, under Mail Server Configuration, enter the following information: – SMTP Server Address = IP address of the SMTP server that will forward the email notification to recipients.
Configuring Your Gateway Configuring Syslog Entries To have the Gateway add a syslog entry when traffic is blocked, attempts are made to intrude onto the network, or local computers try to access blocked URLs: 1. In the Email/Syslog Alert menu, under Syslog Server Configuration, enter the syslog server address. 2. Click Apply.
Configuring Your Gateway Configuring DMZ Settings If you have a local client computer that cannot run an Internet application properly behind the NAT firewall, you can configure it for unrestricted two-way Internet access by defining it as a Virtual Demilitarized Zone (DMZ) host. Adding a client to the DMZ may expose your local network to various security risks because the client in the DMZ is not protected by the firewall.
Configuring Your Gateway Using the Tools Settings Menu Using the Tools Settings menu, you can reset the Gateway and restore the device’s factory default settings. To access the Tools Settings menu, click Tools in the menu bar. Figure 54 shows an example of the menu. Note: To reboot the Gateway and retain any customized settings, use the Reboot menu (see “Using the Reboot Menu to Reboot the Gateway“ on page 99). Figure 54.
Configuring Your Gateway Figure 55. Warning Message when Restoring Factory Defaults Using the Reboot Menu to Reboot the Gateway Using the Reboot menu, you can reset the Gateway and retain all changes that have been made to the Gateway’s factory default settings. To access the Reboot menu, click Tools in the menu bar and then click the Reboot submenu in the menu bar. Figure 56 shows an example of the menu. Figure 56.
Configuring Your Gateway Figure 57.
Configuring Your Gateway Figure 58. Example of Status Page Viewing Cable Status Information The Cable Status page is a read-only screen that shows your cable initialization procedures, along with the cable upstream and downstream status. The Cable Status menu appears when you first log in to the Web management interface. You can also display it by clicking Status in the menu bar and then clicking the Cable Status submenu. Figure 59 shows an example of the cable status information shown.
Configuring Your Gateway Figure 59.
Appendix A - Compliances FCC Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against radio interference in a commercial environment. This equipment can generate, use and radiate radio frequency energy and, if not installed and used in accordance with the instructions in this manual, may cause harmful interference to radio communications.
Appendix B - Technical Specifications COMPATIBILITY y Platform independent – works with PC,OSX, Linux, MAC, UNIX y DOCSIS 1.0/1.1/2.0/3.0 compliant y IEEE 802.3, 802.3u y SPI Firewall meet ICSA Guidelines y 1 USB 2.0 Host Port NETWORK INTERFACES y 4 ports 10/100/1000 MDI/MDIX auto sensing switch y TR-68 coloring for 1 USB 2.
Technical Specifications y GUI/SNMPv1/2/3/CLI addition to present PHY usage (multiple channels parameters) y VLAN Tagging (Qin Q; 802.1p/q) y 8 SSIDs support with full wireless capabilities for each SSID y Port Forwarding y Independent resets for downstream and upstream blocks y Fragmentation and concatenation enabling Quality of Server (QoS) features y Supports 64/128/256 bit RC4 authentication and encryption y WAN-LAN transparent bridging y SOAP.
Technical Specifications CHANNEL BONDING y Downstream: Up to 8 channels y Upstream: Up to 4 channels RECEIVER y Demodulation: 64/256QAM y Bandwidth: 6MHz y Max.
Technical Specifications y Output Return Loss: > 6dB WLAN y 1T1R/1T2R/2T2R modes y 300Mbps PHY data rate y Supports IRRR 802.
Index alert options, 96 A auto-negotiation, 39 DHCP, 36 Access control, 74 adding customer-defined access rule, 79 duplex mode, 39 adding customer-defined filter, 84 email alerts, 95 adding predefined access rule, 76 firewall, 73 adding predefined filter, 82 idle timeout, 35 Access Control menu, 74 login password, 35 Adding port forwarding, 67 customer-defined access rule for access control, private LAN IP address, 36 special applications, 87 79 customer-defined filter for access control, 8
Index Document Web management, 30 conventions, vii I organization, vii Domain blocking, 91 Idle timeout, 35 DSCP Based QoS menu, 48 Installation, 15 DSCP Remarking menu, 52 Internet Explorer, disabling proxy settings, 28 Duplex mode, 39 K E Key features, vi Email alerts, 93, 95 Keyword blocking, 91 Email/Syslog Alert menu, 93 L Enabling LAN ports, 39 Ether Switch Port Control menu, 39 LAN Access Control menu, 41 Exempted computers, 91 LAN connection, 16 F LAN ports, enabling or disabli
Index Queue Settings, 50 Proxy settings, 28 Schedule Rules, 92 Q Security Settings (Firewall), 73 Special Application, 87 QoS Settings menu, 44 Status, 100 Queue Settings menu, 50 System Settings, 34 R Tools Settings, 98 Trigger, 88 URL Blocking, 90 RADIUS configuration, 35 Wireless Basic Settings, 54 Rear panel, 13 Wireless Encryption Settings, 56 Rebooting losing custom settings, 14 WPS Setup, 60 Menus in Web management, 32 Requirements, 10 Microsoft Restoring factory defaults, 14 TCP
Index Microsoft Windows 2000, 19 menus, 32 Microsoft Windows 7, 23 Password Settings menu, 35 Microsoft Windows Vista, 21 Port Based QoS, 45 Microsoft Windows XP, 20 Port Forwarding menu, 67 Timeout for Web management session, 35 QoS Settings menu, 44 Tools Settings menu, 98 Queue Settings, 50 Trigger menu, 88 Schedule Rules menu, 92 Triggering ports, 88 screens, 31 Security Settings (Firewall) menu, 73 U Special Application menu, 87 Status menu, 100 URL Blocking menu, 90 System Settings
20 Mason Irvine, CA. 92618 U.S.A. http://www.smc.