FriendlyNET® Internet Router FR1000 Series User’s Guide
Asanté Technologies, Inc. 821 Fox Lane San Jose, CA 95131 FriendlyNET FR1000 Series Internet Router with Firewall User’s Manual 06-00675-00 Rev. A SALES 800-662-9686 FriendlyNET Home/Office Solutions 800-303-9121 IntraCore Enterprise Solutions 408-435-8388 sales@asante.com TECHNICAL SUPPORT 801-566-8991 Worldwide 801-566-3787 FAX www.asante.com support@asante.com Copyright © 2002 Asanté Technologies, Inc. Asanté and FriendlyNET are registered trademarks of Asanté Technologies, Inc.
Table of Contents Chapter 1. Introduction Chapter 2. WAN Types 2.1 Dynamic IP 2.2 DSL/PPP Over Ethernet 2.3 DSL (Always On) 2.4 Cable (@Home-like) 2.5 Cable (BigPond) 2.6 Cable (Static IP) 2.7 Static IP Address 2.8 PPTP (Point-to-Point Tunneling Protocol) Chapter 3. Status 3.1 Router Status 3.2 Peripheral Status 3.3 View Log 3.4 View DHCP List 3.5 Other Chapter 4. Security 4.1 Change Administrator’s Password 4.2 Security Options 4.3 Secure Packet Inspection (SPI) 4.4 Popular Applications 4.
Appendix A. Appendix B. Appendix C. Appendix D. Appendix E. Troubleshooting Client IP Addresses Advanced Troubleshooting Glossary Warranty and Regulatory Notices Online Warranty Registration and Card Status Indicators and Ports 51 53 57 61 65 Back Cover Quick Tips 1. How do I configure the router from a web browser? Go to the address http://192.168.123.254 and use admin as the default password. 2.
Chapter 1. Introduction The Asanté FriendlyNET Internet router works with your cable or DSL modem to share highspeed Internet services. • • FriendlyNET FR1004 is a router with an integrated 4-port 10/100 Fast Ethernet switch and firewall with Secure Packet Inspection™ (SPI). FriendlyNET FR1004AL adds an AeroLAN wireless access point and a parallel (LPT) print server. To install and configure the router, follow the instructions in the Quick Start guide.
• • • The router’s dynamic host configuration protocol (DHCP) server function will assign IP addresses in the range 192.168.123.100 through 192.168.123.199. The router’s default IP address is 192.168.123.254. The Internet service that is connected to the router’s Internet port is connected to an ISP that will supply a dynamic (not fixed) IP address to the router. To configure the router: 1. Start your web browser and type http://192.168.123.254 in the location field. Press the Enter key. 2.
Chapter 2. WAN Types This chapter details the 8 different Internet or WAN (wide area network) connection types supported by the Asanté router. From the top navigation bar, click on the Advanced button to access the features described in this chapter. Note: This document uses the menus from the FR1004AL wireless router. The menus for the FR1004 wired router are similar (wireless menu is excluded). Tip: Disable all proxy server, firewall, and Internet-sharing software before configuring your WAN type.
2.1 Dynamic IP This is a very popular type of connection for residential and small business customers. Your Internet address settings are furnished dynamically by your ISP. Characteristics: Cable or DSL modem. Popular ISPs: Numerous, including Covad TeleSurfer (some plans), Earthlink Cable and AT&T Broadband. Tip: If you are unsure which WAN type to choose, try this one first.
2.2 DSL/PPP Over Ethernet This is also a very popular choice for residential and small business customers. PPPoE simulates a dial-up session and uses dynamic IP addresses. The account and password items are assigned by your ISP. Characteristics: ADSL modem which requires special software (IVasion MacPOET/WinPOET, Sympatico Access Manager and NTS EnterNet).
2.3 DSL (Always On) Select this type of connection if your DSL connection to your ISP is always on or “alive.” Characteristics: DSL modem Popular ISPs: Verizon (Online Business DSL), Pacific Bell/Southwestern Bell (Enhanced DSL, Business DSL) and Telocity WAN IP Address, Subnet Mask, Gateway and DNS Your ISP should have given you a static IP address, a subnet mask, a gateway (or router) address, and one or more domain name server (DNS) addresses. The subnet mask typically is 255.255.255.
2.4 Cable (@Home-like) This setting is for cable modem services similar to @Home. Characteristic: Cable modem Popular ISPs: Not very common after @Home service was terminated, but variations of this service may still be available. Host Name Provided by your ISP. Auto-reconnect Your ISP may disconnect you after a period of inactivity. Check this box to have the router automatically reconnect your service. To save your settings, click on the Save and Restart Router buttons.
2.5 Cable (BigPond) Characteristic: Cable modem service in Australia. Popular ISPs: Telstra BigPond Account and Password Supplied by your ISP. Server Name (optional) Name of your local server, if required. Auto-reconnect Your ISP may disconnect you after a period of inactivity. Check this box to have the router automatically reconnect your service. To save your settings, click on the Save and Restart Router buttons.
2.6 Cable (Static IP) Select this type of connection if your cable ISP has given you a static IP address. Characteristics: Selected cable modem services Popular ISPs: Optivision and Cox WAN IP Address, Subnet Mask, Gateway and DNS Your ISP should have given you a static IP address, a subnet mask, a gateway (or router) address, and one or more domain name server (DNS) addresses. The subnet mask typically is 255.255.255.0 Tip: See the Quick Start guide for the settings you recorded from your computer.
2.7 Static IP Address Select this type of connection if your ISP has given you a static IP address. Characteristics: Business DSL and selected cable services Popular ISPs: SBC Yahoo! Standard Plus-S/Deluxe-S/Expert Plus-S and Earthlink (Business SDSL) WAN IP Address, Subnet Mask, Gateway and DNS Your ISP should have given you a static IP address, a subnet mask, a gateway (or router) address, and one or more domain name server (DNS) addresses. The subnet mask typically is 255.255.255.
2.8 PPTP (Point-to-Point Tunneling Protocol) PPTP is a special Internet connection that uses a virtual private network (VPN) protocol. Characteristics: DSL modem service. WAN IP Address, Subnet Mask, Server IP Address, Username and Password If you have this type of connection, you should have received a username, password, and WAN IP and subnet addresses from your ISP. Enter the information in the appropriate fields of this screen.
Connecting at Higher Speeds All of the wired network ports—including the Internet (WAN) port—on the router are designed to run at 10 or 100 Mbps. For maximum LAN performance, you should use Asanté or other 10/100 Mbps Fast Ethernet adapters. Although your Internet performance will not change, you will notice a performance difference when sharing files or printers.
Chapter 3. Status The FriendlyNET router is a very sophisticated networking device with many powerful features. Click on the Status button in the top navigation bar to see an overview of its system settings. Tip: When you contact Asanté Technical Support (or your Asanté Advantage reseller), you’ll want to have the information shown on this screen for ready reference.
3.1 Router Status IP Address, Subnet Mask, Gateway and Domain Name Server This information describes your current Internet (WAN) connection. Your ISP assigns your subnet mask, gateway and domain name server settings. If you use a static address (not dynamic or PPPoE), then these values were entered by you in the Setup > WAN Type screens. Note: The router has two IP addresses. This is your router’s WAN address. The router’s LAN address is 192.168.123.254 (factory default); see section 5.
3.2 Peripheral Status The FR1004AL wireless router includes an integrated print server. This means you can share a printer, attached to the router’s Printer port, with other users on your LAN. Status messages include: • Not ready. Printer is not connected or it’s off-line • Ready: Printer is ready to begin printing • Printing: Printer is now printing. Click the Cancel button (when visible) to manually stop the current print job • Device error: Printer is out of paper or ink 3.
• • ...Login failed Someone tried to login to the router, but the password was not valid ...Logged out The system administrator logged out CONFIGURATION ENTRIES • ERR: All DNS fail • The router forwards DNS requests. If no DNS server is found, then this entry is made.
PPPOE ENTRIES These entries begin with the prefix PPoE, PADO, PADR, PADS, or PADT PPTP ENTRIES These entries begin with the prefix PPTP PPP ENTRIES These entries begin with the prefix PAP_, CHAP_, MSCHAP_, IPCP_ To return to the Status screen, click on the Back button. To update this screen, click on the Refresh button. Tip: To save or print a copy of the log, select the text and copy it to your word processor or email. For Macintosh computers, highlight the text in your log and press Command+C.
Tip: To change the Host Name in Windows XP, right click on the My Computer icon. Choose Properties > Computer Name. Click the Change… button. 3.5 Other For your convenience, the bottom of this screen provides buttons to quickly access additional features. Restart Router Click this button to reinitialize the router. This is similar to turning the power off and on. Refresh Click to update the router’s status. Help Click to see a summary explanation of the buttons and controls on this page.
Chapter 4. Security Asanté routers are frequently installed in schools, libraries, cafes, and other public areas. To guard against unauthorized network access, this chapter details how to configure the router’s many security features to protect your network. To configure these settings, you should have a strong working knowledge of TCP/ IP and the Internet. From the top navigation bar, click on the Security button to access the features described in this chapter. 4.
4.2 Security Options Administrator Timeout After this time, the router’s administration screen will automatically log you out and you will need to re-enter your password to continue. Enter 0 to disable the timeout feature. Discard PING from WAN side When enabled, this router will discard all attempts to detect this router from the Internet (WAN). However, it will respond to PING from the LAN side. Non-standard FTP port The default is 0 (no port); the typical port control setting is 21.
INBOUND PACKET FILTER The following will describe the Inbound filter; the Outbound filter works in the same way, except: • • The inbound filter evaluates all packets that pass through the Virtual Servers or DMZ host. See Chapter 6 (Advanced) of this manual for more information on these features. The outbound filter applies to all traffic from the LAN side of the router (ports 1-4).
Tip: To find the IP address of a specific website, try using the ping command. For example, open a command window and type ping apple.com to find that the IP address of its web server is 17.254.3.183. Some sites may have multiple IP addresses for their web servers. Destination IP The IP addresses of the computers on the LAN. Leave this field blank if you want the rule to apply to all computers on the LAN. Ports The TCP or UDP port. See http://www.asante.com/support/routerguide/ index.
4.4 Popular Applications The Asanté router effectively hides all your computers behind its firewall using network address translation (NAT, RFC 1631) technology. The router’s IP network address is exposed to the Internet, but your computers on the LAN are safely protected. From time to time, you may want to selectively open your router’s firewall to enable 2-way communications for your networked applications (or games!) for a single computer on your network.
Trigger The outbound port used by your application. Incoming Port After the trigger port is detected, inbound packets to the specified port numbers will be allowed to pass through the router’s firewall. Unlike other routers that keep the ports open all the time, the Asanté router will close the port 60 seconds after the last network activity. Save Click on the Save button to save your settings.
4.5 Hardware (MAC) Address Control Every network device has a unique hardware address known as a media access control (MAC) address. This address is assigned by the manufacturer and hardcoded into each Ethernet port. If you have a built-in 10/100 Fast Ethernet port on your computer and added a wireless 802.
To set specific access controls for each computer on your LAN: 1. Locate the computer listed in the client drop down list. For your convenience, each computer is listed with its MAC address, IP address and computer names. 2. Choose an ID number from the drop down list. You may define rules for up to 32 client computers. 3. Click the Copy button to add or update the entry in the list below. 4. Choose the appropriate access type: LAN (no Internet access) or LAN & WAN (full access). 5.
FR1004AL WIRELESS ROUTER Address Control Check this box to turn on hardware (MAC) address control. Default Settings By default, all wired computers connected to the router’s LAN ports will have Full access. Alternatively, you may also select LAN & WLAN to turn off access to the Internet (WAN and other network services). By default, wireless computers connected to the router will have No access. Select Full to permit access to the LAN and Internet.
To set specific access controls for each computer on your LAN: 1. Locate the computer listed in the client drop down list. For your convenience, each computer is listed with its MAC address, IP address and computer names. 2. Choose an ID number from the drop down list. You may define rules for up to 32 client computers. 3. Click the Copy button to add or update the entry in the list below. 4. Choose the client type: Wired or Wireless. 5.
4.6 Advanced Security WARNING: Exercise caution before making changes in this section. Improper settings could seriously compromise the security of your router and your network. DeMilitarized Zone (DMZ) You may configure a single computer to be logically “outside” of the router’s protective firewall. A computer in the DMZ will have unrestricted 2-way communications with the Internet (WAN).
Remote Administration The router’s administrative functions are normally available only to computers on the LAN or wireless LAN (WLAN). If you want these administrative functions available to support individuals outside your network, you will need to enable this feature. To enable administration of the router: 1. Enter the IP address of the remote computer. If an IP address of 0.0.0.0 is entered, then any workstation on the Internet (WAN) can perform router administration with the correct password. 2.
Chapter 5. Advanced If you have a strong technical background in TCP/IP and networking, you’ll appreciate the advanced features of this router: • • • • Host your own website—even if you have a dynamic IP address Re-direct incoming traffic to dedicated mail, ftp, web and other servers Upgrade your router’s firmware Backup all of your router’s settings to an external file If you need help, consult your authorized Asanté Advantage reseller for assistance.
this address. The router’s 2nd address, the WAN IP address, is set in Chapter 3 (WAN Types). Changing the router’s LAN IP address also affects: • IP address for administration • DHCP server To change the address, enter the number and click Apply. You may be asked to re-start the router. Copy MAC Address For security reasons, some ISPs will limit your Internet service to a single registered network adapter.
Upgrade Firmware From time to time, Asanté will provide firmware updates to improve performance and to ensure compatibility. To upgrade the router’s firmware: 1. Click on the Upgrade Firmware Setting button. 2. In the Firmware Filename screen, check for the latest firmware by clicking on the www.asante.com link. On the Asanté website, click on Support and look for “FriendlyNET FR1004 Series router” firmware downloads.
Backup Setting Save your router settings into a file on your computer. Tip: Asanté strongly recommends that you use this Backup Setting command to save all of your router settings. In the event of a major malfunction, you can quickly restore the original settings by using the Upgrade Firmware command.
verify that there is only one DHCP server (or router) on the LAN. If you have multiple DHCP servers, then disable the DHCP service on all but one server. Domain Name You may also specify Domain Name Server (DNS) server addresses for all connected computers on your LAN. 5.3 Dynamic DNS If you want to host your own web servers, one or more static IP addresses are strongly recommended; see your ISP for information on upgrading your account.
Host Name, Username/E-mail, Password/Key After you open an account with your DDNS, they will provide you with this information. Enter this information here. Tip: If you want to use a dedicated computer as a web server, then you’ll want to enable it as a distributed server; see the following section. 5.
Chapter 6. Wireless The FriendlyNET FR1004AL is a powerful wireless router. Compared to the FR1004, the FR1004AL adds: • • • • An AeroLAN wireless access point for Apple Airport, Wi-Fi and other IEEE 802.11b-compatible equipment Dual diversity antennas with high performance signal amplifier to provide maximum signal strength and data integrity Multiple security levels including hardware-based MAC address controls to lock out unauthorized users An integrated network print server 6.
Network ID (SSID) Enter up to 32 characters as a Service Set IDentifier for your wireless LAN (WLAN). You may use any combination of printable alpha or numeric characters. Since this field is case-sensitive, default is not the same as Default. The SSID separates one WLAN from another; it must be unique. Some acceptable examples include: • • • default wireless AsanteFriendlyNET Tip: Because the network ID can easily be discovered, do not use any secret information (like other passwords) as your SSID. 6.
With 128-bit WEP, just specify one key up to 26 digits long. Examples: • • • 0123456789A1234567890B123456 ABCDEF01234567890ABCDEF01234 F1004ABCD0123456789012345678 Note: When disabling WEP after using a 64-bit key, the router will add zeros (0000) to the end of the WEP key. If you wish to re-enable WEP using the 64-bit key, simply delete the extra zeros. 6.
6.5 Tips for Better Wireless Reception The signal quality and range of any wireless card is depends on the environment in which it is placed. Here are some tips on getting the most out of your wireless network when using the Asanté wireless router. • • • • • • • • • 44 The best rule of thumb for good signal strength and quality is to have lineof-sight from the router to all the other wireless computers.
Chapter 7. Network Print Server Setup Your FriendlyNET FR1004AL wireless router can also function as a network print server for Macintosh, Windows, and UNIX/Linux computers. This chapter describes how to share a printer with: • Apple Mac OS 7-9 • Apple Mac OS X • Microsoft Windows • UNIX/Linux 7.1 Connecting Printer Connect your printer to the router: 1. Connect one end of a standard parallel printer cable (sold separately) to connect the router, and the other end to the router. 2.
Creating the Desktop Icon To create the desktop printer icon: 1. Look in the Apple Extras folder (at the root level of your hard drive) for the Desktop Printer Utility. Double-click to launch this program. 2. Select the Printer (LPR) and click OK. Note: In the example, an HP LaserJet 4MP is being used as a network printer. This type of printer utilizes the LaserWriter 8 driver. Your printer may utilize a different type of driver. 3.
After the icon is on the Desktop, or wherever it was saved, the printer options will need to be manually configured. This step is essentially the same as choosing Configure after setting up a printer in the Chooser. To set the options, highlight the Desktop Printer icon and select Change Setup from the Printing menu. The configuration of your desktop printer icon is now complete. 7.3 Printer Drivers for Mac OS X Macintosh users running Mac OS X (“Jaguar”, version 10.
7.4 Printer Drivers for Windows The printer connected to the router’s Printer port is called a shared printer. To share the printer, you will need to install the special Asanté printer driver and configure a printer on each computer. To install the Asanté virtual printer driver: 1. Insert the FR1004 Series disk into your CD-ROM drive. 2. Run the SETUP.EXE file from the CD-ROM. Please wait until the Welcome dialog box appears, and click on the Next button. 3.
Windows XP To configure the shared printer: 1. From the Start button, click on Settings > Printers and Faxes. 2. In the Printers dialog box, double-click on Add Printer and follow the on-screen instructions. 3. In the Printers and Faxes dialog box, click on Set printer properties from the task list on the left. 4. Click on the Ports tab and select the Shared this printeras option. 5. Click on the Ports tab. Select the printer and click on the Configure Port… button. 6.
Windows 2000 To configure the shared printer: 1. From the Start button, click on Settings > Printers. 2. In the Printers dialog box, double-click on Add Printer and follow the onscreen instructions. 3. In the Printers dialog box, right mouse click on the printer icon and choose Properties from the menu. 4. Click on the Sharing tab and select the Shared as option. 5. Click on the Ports tab. Select the PRT Local Port option. You should see the name of your printer next to this port. 6.
Appendix A. Troubleshooting Client IP Addresses After you have configured your router, you should restart all of the computers connected to the router. This allows each computer to receive all of its network IP address settings. To verify that the router is providing the correct information, check the router’s status screen: 1. 2. 3. 4. Login to the router’s administration utility by pointing your web browser to http://192.168.123.254 (default address).
A.2 Windows NT/2000/XP You can view and update the IP address settings for each computer by running the Microsoft command line utility, ipconfig: 1. 2. 3. 4. 5. 6. From the Start button, click on Run... In the Run dialog box, type cmd and press the Enter key. This will open the command line window. To view all the IP settings, type ipconfig /all and press Enter. To reset the IP address, type ipconfig / release and press Enter. To renew the IP address, type ipconfig /renew and press Enter.
Appendix B. Advanced Troubleshooting If you are having difficulties accessing the router, Asanté Technical Support will ask you to verify the physical and logical connections from your computers to the router. To save time, you may want to work through these exercises on your own before contacting Asanté for assistance. B.1 Verifying Connections to the Router Use the ping utility to verify access to the router. If you need assistance with the ping utility, see the following sections B.2 and B.3. 1. 2. 3.
4. You’ll see an MS-DOS dialog box, that shows the ping activity. If you see the error message, “Request timed out.”, then there is no logical connection from your computer to the router. B.3 Using Macintosh WhatRoute Most versions of Mac OS do not include a ping utility. You may want to use the WhatRoute utility, included on the Asanté FR1000 Series CD-ROM, to ping your network devices. To use WhatRouter: 1. Install the WhatRoute program from the CD-ROM. 2.
2. 3. Cables should be wired “straight-through”. According to IEEE T568A or T568B specifications, cables should be wired so that pin 1 connects to pin 1, etc. The diagram shows T568B wiring. To determine if your cable is a straightthrough cable, hold both ends of the cable together, with the clip pointing to the floor, away from you. Pin 1 is on your left. All the wires of each clip are identical. If they are different, you may have a “crossover” cable.
Asanté FR1000 Series Trivia The FriendlyNET FR1004 Series has two models: • • FR1004 FR1004AL The FR prefix indicates that it is a member of our award-winning FriendlyNET Router family. The FR1000 Series represents Asanté’s routers for small office, home office users. The digit 4 corresponds to the four 10/100 Mbps Fast Ethernet LAN ports on the unit. On the wireless unit, the letter A is a configuration code corresponding to the integrated AeroLAN® wireless access point.
Appendix C. Glossary Authentication: The procedure to verify user identity as a security measure. Passwords and digital signatures are the most popular forms. DHCP: Dynamic Host Configuration Protocol. A method for automatically assigning IP addresses to computers on a local area network. With dynamic addressing, a device can have a different IP address each time it connects to the network.
ISDN: Integrated Services Digital Network. It is a fast digital phone line provided by most phone companies. Requires a special card or an additional external device for your computer. Your Internet Service Provider must be able to provide an ISDN connection. ISP: Internet Service Provider. A company that provides access to the Internet for private and business users. This company handles the link from your computer to the rest of the Internet. LAN: Local Area Network.
defined rules. Asanté’s Secure Packet Inspection technology evaluates both incoming and outgoing packets based on multiple conditions: TCP/UDP ports, source address, destination address and packet states. TCP/IP: Transmission Control Protocol/Internet Protocol. A standard set of protocols that govern the Internet. The TCP portion ensures that data is transmitted correctly between two computers. The data transmitted is split up into small portions called data packets.
Asanté FriendlyNET Internet Router with Firewall
Appendix D. Warranty and Regulatory Notices D.1 2-Year Limited Warranty Subject to the limitations and exclusions below, Asanté warrants to the original end user purchaser that the covered products will be free from defects in title, materials and manufacturing workmanship for a period of two years from the date of purchase. This warranty excludes fans, power supplies, non-integrated software and accessories.
IMPLIED WARRANTY, INCLUDING ECONOMIC LOSS, DAMAGE TO PROPERTY AND, TO THE EXTENT PERMITTED BY LAW, DAMAGES FOR PERSONAL INJURY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING NEGLI-GENCE). THESE LIMITATIONS SHALL APPLY EVEN IF ASANTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF THIS WARRANTY IS FOUND TO FAIL OF ITS ESSENTIAL PURPOSE.
D.3 Safety Advisory 1. 2. 3. 4. The FriendlyNET router should be operated from the type of power source indicated on the marking label. If you are not sure of the type of power available, consult your dealer or local power company. Do not allow anything to rest on the power cord or where persons will walk on the cord. Never push objects of any kind into the router through cabinet slots as they may touch dangerous voltage points or short out parts that could result in a risk of fire or electric shock.
Typical network configuration using the FR1004AL router to share the Internet (via cable or DSL modem) with other computers on the local area network (LAN).
Appendix E. Online Warranty Registration and Card Before you contact Asanté’s technical support, please register your switch online at www.asante.com/support/registration.html or use the following printed card. By doing so, you’ll be entitled to special offers, up-to-date information and important product bulletins.
Asanté FriendlyNET Internet Router with Firewall
User’s Manual 67
Label Description Power FR1004: On when the router has power Status Blinks during power on self-test Link/Activity On with valid network connection; blinks when there is network activity 100 Mbps On for 1000 Mbps (Fast Ethernet); off for 10 Mbps Printer FR1004AL: On when print server is active Wireless FR1004AL: Blinks rapidly when there is wireless network activity Ports Ports Connection Specification 1, 2, 3, 4 To 10/100 Fast Ethernet ports for your computers (LAN) RJ-45, 10/100 Fast Et
