WPA2-PSK(AES) 1. Select Pre-share Key Mode If you select HEX, you have to fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits If ASCII, the length of Pre-share key is from 8 to 63. 2.
WPA2(AES) Check Box was used to switch the function of the WPA. When the WPA function is enabled, the Wireless user must authenticate to this router first to use the Network service. RADIUS Server IP address or the 802.1X server’s domain-name. Select RADIUS Shared Key If you select HEX, you have to fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits If ASCII, the length of Pre-share key is from 8 to 63. Key value shared by the RADIUS server and this router.
WPA-PSK /WPA2-PSK The router will detect automatically which Security type the client uses to encrypt. 1. Select Pre-share Key Mode If you select HEX, you have to fill in 64 hexadecimal (0, 1, 2…8, 9, A, B…F) digits If ASCII, the length of Pre-share key is from 8 to 63. 2.
WPA/WPA2 Check Box was used to switch the function of the WPA. When the WPA function is enabled, the Wireless user must authenticate to this router first to use the Network service. RADIUS Server The router will detect automatically which Security type(Wpa-psk version 1 or 2) the client uses to encrypt. IP address or the 802.1X server’s domain-name.
WDS(Wireless Distribution System) WDS operation as defined by the IEEE802.11 standard has been made available. Using WDS it is possible to wirelessly connect Access Points, and in doing so extend a wired infrastructure to locations where cabling is not possible or inefficient to implement.
4.4.4 Change Password You can change Password here. We strongly recommend you to change the system password for security reason.
4.
4.5.1 Virtual Server This product’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this product are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. A virtual server is defined as a Service Port, and all requests to this port will be redirected to the computer specified by the Server IP. Virtual Server can work with Scheduling Rules, and give user more flexibility on Access control.
4.5.2 Special AP Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT router. The Special Applications feature allows some of these applications to work with this product. If the mechanism of Special Applications fails to make an application work, try setting your computer as the DMZ host instead. 1. Trigger: the outbound port number issued by the application.. 2.
4.5.3 Miscellaneous Items IP Address of DMZ Host DMZ (DeMilitarized Zone) Host is a host without the protection of firewall. It allows a computer to be exposed to unrestricted 2-way communication for Internet games, Video conferencing, Internet telephony and other special applications. NOTE: This feature should be used only when needed. Non-standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21. This setting will be lost after rebooting.
4.
4.6.1 Packet Filter Packet Filter enables you to control what packets are allowed to pass the router. Outbound filter applies on all outbound packets. However, Inbound filter applies on packets that destined to Virtual Servers or DMZ host only. You can select one of the two filtering policies: 1. Allow all to pass except those match the specified rules 2. Deny all to pass except those match the specified rules You can specify 8 rules for each direction: inbound or outbound.
For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses. For source or destination port, you can define a single port (80) or a range of ports (1000-1999). Add prefix "T" or "U" to specify TCP or UDP protocol. For example, T80, U53, U2000-2999. No prefix indicates both TCP and UDP are defined. An empty implies all port addresses.
(1.2.3.100-1.2.3.149) They are allow to send mail (port 25), receive mail (port 110), and browse the Internet (port 80) (1.2.3.10-1.2.3.20) They can do everything (block nothing) Others are all blocked. Example 2: (1.2.3.100-1.2.3.119) They can do everything except read net news (port 119) and transfer files via FTP (port 21) Others are all allowed. After Inbound Packet Filter setting is configured, click the save button.
Example 1: (192.168.123.100-192.168.123.149) They are allowed to send mail (port 25), receive mail (port 110), and browse Internet (port 80); port 53 (DNS) is necessary to resolve the domain name. (192.168.123.10-192.168.123.20) They can do everything (block nothing) Others are all blocked.
Example 2: (192.168.123.100-192.168.123.119) They can do everything except read net news (port 119) and transfer files via FTP (port 21) Others are allowed After Outbound Packet Filter setting is configured, click the save button.
4.6.2 Domain Filter Domain Filter Let you prevent users under this device from accessing specific URLs. Domain Filter Enable Check if you want to enable Domain Filter. Log DNS Query Check if you want to log the action when someone accesses the specific URLs. Privilege IP Addresses Range Setting a group of hosts and privilege these hosts to access network without restriction. Domain Suffix A suffix of URL to be restricted. For example, ".com", "xxx.com".
Example: In this example: 1. URL include “www.msn.com” will be blocked, and the action will be record in log-file. 2. URL include “www.sina.com” will not be blocked, but the action will be record in log-file. 3. URL include “www.google.com” will be blocked, but the action will not be record in log-file. 4. IP address X.X.X.1~ X.X.X.20 can access network without restriction.
4.6.3 URL Blocking URL Blocking will block LAN computers to connect to pre-defined Websites. The major difference between “Domain filter” and “URL Blocking” is Domain filter require user to input suffix (like .com or .org, etc), while URL Blocking require user to input a keyword only. In other words, Domain filter can block specific website, while URL Blocking can block hundreds of websites by simply a keyword. URL Blocking Enable Checked if you want to enable URL Blocking.
In this example: 1. URL include “msn” will be blocked, and the action will be record in log-file. 2. URL include “sina” will be blocked, but the action will be record in log-file 3. URL include “cnnsi” will not be blocked, but the action will be record in log-file. 4.
4.6.4 MAC Address Control MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address. MAC Address Control Check “Enable” to enable the “MAC Address Control”. All of the settings in this page will take effect only when “Enable” is checked. Connection control Check "Connection control" to enable the controlling of which wired and wireless clients can connect to this device.
via this device. Choose "allow" or "deny" to allow or deny the clients, whose MAC addresses are not in the "Control table", to associate to the wireless LAN. Control table "Control table" is the table at the bottom of the "MAC Address Control" page. Each row of this table indicates the MAC address and the expected IP address mapping of a client. There are four columns in this table: MAC Address MAC address indicates a specific client. IP Address Expected IP address of the corresponding client.
Example: In this scenario, there are three clients listed in the Control Table. Clients 1 and 2 are wireless, and client 3 is wired. 1.The "MAC Address Control" function is enabled. 2."Connection control" is enabled, and all of the wired and wireless clients not listed in the "Control table" are "allowed" to connect to this device. 3."Association control" is enabled, and all of the wireless clients not listed in the "Control table" are "denied" to associate to the wireless LAN. 4.
5.Clients 2 and 3 and other wired clients with a MAC address unspecified in the Control table are all allowed to connect to this device. But client 1 is denied to connect to this device. 6.Clients 1 and 2 are allowed to associate to the wireless LAN, but a wireless client with a MAC address not specified in the Control table is denied to associate to the wireless LAN. Client 3 is a wired client and so is not affected by Association control. 4.6.
IP address, port address, ACK, SEQ number and so on. And the router will check every incoming packet to detect if this packet is valid. DoS Attack Detection When this feature is enabled, the router will detect and log the DoS attack comes from the Internet. Currently, the router can detect the following DoS attack: SYN Attack, WinNuke, Port Scan, Ping of Death, Land Attack etc. 4.
