2.4.3 Security This Access Point provides complete wireless LAN security functions, include WEP, IEEE 802.11x, IEEE 802.11x with WEP, WPA with pre-shared key and WPA with RADIUS. With these security functions, you can prevent your wireless LAN from illegal access. Please make sure your wireless stations use the same security function. 2.4.3.1 WEP only When you select 64-bit or128-bit WEP key, you have to enter WEP keys to encrypt data. You can generate the key by yourself and enter it.
Key Format You may select to select ASCII Characters (alphanumeric format) or Hexadecimal Digits (in the "A-F", "a-f" and "0-9" range) to be the WEP Key. For example: ASCII Characters: guest Hexadecimal Digits: 12345abcde Default Key Select one of the four keys to encrypt your data. Only the key you select it in the "Default key" will take effect. Key 1 - Key 4 The WEP keys are used to encrypt data transmitted in the wireless network. Fill the text box by following the rules below.
Parameters Default Description RADIUS Server IP address The IP address of external RADIUS server. RADIUS Server Port The service port of the external RADIUS server. RADIUS Server Password The password used by external RADIUS server. Click at the bottom of the screen to save the above configurations. You can now configure other advance sections or start using the router (with the advance settings in place) 2.4.3.3 802.1x WEP Static key IEEE 802.1x is an authentication protocol.
For the WEP settings, please refer to section 2.4.3.1 “WEP only”. For the 802.1x settings, please refer to section 2.4.3.2 “802.1x only”. 2.4.3.4 WPA Pre-shared key Wi-Fi Protected Access (WPA) is an advanced security standard. You can use a preshared key to authenticate wireless stations and encrypt data during communication. It uses TKIP or CCMP(AES) to change the encryption key frequently. So the encryption key is not easy to be broken by hackers. This can improve security very much.
Parameters Default Description WPA(TKIP) TKIP can change the encryption key frequently to enhance the wireless LAN security. WPA2(AES) This use CCMP protocol to change encryption key frequently. AES can provide high level encryption to enhance the wireless LAN security. WPA2 Mixed This will use TKIP or AES based on the other communication peer automatically.
Click at the bottom of the screen to save the above configurations. You can now configure other advance sections or start using the router (with the advance settings in place) 2.4.3.5 WPA Radius Wi-Fi Protected Access (WPA) is an advanced security standard. You can use an external RADIUS server to authenticate wireless stations and provide the session key to encrypt data during communication. It uses TKIP or CCMP(AES) to change the encryption key frequently. This can improve security very much.
RADIUS Server Port The service port of the external RADIUS server. RADIUS Server Password The password used by external RADIUS server. Click at the bottom of the screen to save the above configurations.
2.4.4 Access Control This wireless router provides MAC Address Control, which prevents the unauthorized MAC Addresses from accessing your wireless network. Parameters Description Enable wireless access control Enable wireless access control Add MAC address into the list Fill in the "MAC Address" and "Comment" of the wireless station to be added and then click "Add". Then this wireless station will be added into the "Current Access Control List" below.
Click at the bottom of the screen to save the above configurations.
2.5 QoS The QoS can let you classify Internet application traffic by source/destination IP address and port number. You can assign priority for each type of application and reserve bandwidth for it. The packets of applications with higher priority will always go first. Lower priority applications will get bandwidth after higher priority applications get enough bandwidth. This can let you have a better experience in using critical real time services like Internet phone, video conference …etc.
“Enable QoS” to disable QoS function for the WAN port. Add a QoS rule into the table Click “Add” then you will enter a form of the QoS rule. Click “Apply” after filling out the form and the rule will be added into the table. Remove QoS rules from the table If you want to remove some QoS rules from the table, select the QoS rules you want to remove in the table and then click "Delete Selected". If you want remove all QoS rules from the table, just click "Delete All" button.
Parameters Description Rule Name The name of this rule. Bandwidth You can assign the download or upload bandwidth by the unit of Kbps (1024 bit per second). You can limit the maximum bandwidth consumed by this rule by selecting “Maximum”. You also can reserve enough bandwidth for this rule by selecting “Guarantee”. Local IP Address Enter the local IP address range of the packets that this rule will apply to. If you assign 192.168.2.3 – 192.168.2.5, it means 3 IP addresses: 192.168.2.3, 192.168.2.
Remote IP Address Enter the remote IP address range of the packets that this rule will apply to. If you assign 192.168.2.3 – 192.168.2.5, it means 3 IP addresses: 192.168.2.3, 192.168.2.4 and 192.168.2.5 Remote Port Range Enter the remote port range of the packets that this rule will apply to. You can assign a single port number here or assign a range of port numbers by assigning the first port number and the last port number of the range.
2.6 NAT Network Address Translation (NAT) allows multiple users at your local site to access the Internet through a single Public IP Address or multiple Public IP Addresses. NAT provides Firewall protection from hacker attacks and has the flexibility to allow you to map Private IP Addresses to Public IP Addresses for key services such as Websites and FTP. Parameter 2.6.1 Port Forwarding Description 2.6.2 Virtual Server You can have different services (e.g. email, FTP, Web etc.
2.6.4 UPnP Setting It allows to Enable or Disable UPnP feature here. After you enable the UPnP feature, all client systems that support UPnP, like Windows XP, can discover this router automatically and access the Internet through this router without any configuration. The NAT Traversal function provided by UPnP can let applications that support UPnP smoothly connect to Internet sites without any incompatibility problem due to the NAPT port translation. 2.6.
2.6.1 Port Forwarding The Port Forwarding allows you to re-direct a particular range of service port numbers (from the Internet/WAN Ports) to a particular LAN IP address. It help you to host some servers behind the router NAT firewall. Parameter Description Enable Port Forwarding Enable Port Forwarding Private IP This is the private IP of the server behind the NAT firewall. Note: You need to give your LAN PC clients a fixed/static IP address for Port Forwarding to work properly.
Add Port Forwarding into the table Fill in the "Private IP", “Type”, “Port Range” and "Comment" of the setting to be added and then click "Add". Then this Port Forwarding setting will be added into the "Current Port Forwarding Table" below. If you find any typo before adding it and want to retype again, just click "Clear" and the fields will be cleared.
2.6.2 Virtual Server Use the Virtual Server function when you want different servers/clients in your LAN to handle different service/Internet application type (e.g. Email, FTP, Web server etc.) from the Internet. Computers use numbers called port numbers to recognize a particular service/Internet application type. The Virtual Server allows you to re-direct a particular service port number (from the Internet/WAN Port) to a particular LAN private IP address and its service port number.
Public Port Enter the service (service/Internet application) port number from the Internet that will be re-directed to the above Private IP address host in your LAN Note: Virtual Server function will have priority over the DMZ function if there is a conflict between the Virtual Server and the DMZ settings. Comment The description of this setting. Add Virtual Server Fill in the "Private IP", "Private Port", "Type", “Public Port” and "Comment" of the setting to be added and then click "Add".
Example: Virtual Server The diagram below demonstrates one of the ways you can use the Virtual Server function. Use the Virtual Server when you want the web server located in your private LAN to be accessible to Internet users. The configuration below means that any request coming form the Internet to access your web server will be translated to your LAN’s web server (192.168.2.2). Note: For the virtual server to work properly Internet/remote users must know your global IP address.
2.6.3 Special Applications Some applications require multiple connections, such as Internet games, video conferencing, Internet telephony and others. In this section you can configure the router to support multiple connections for these types of applications. Parameters Description Enable Trigger Port Enable the Special Application function.
Comment The description of this setting. Popular applications This section lists the more popular applications that require multiple connections. Select an application from the Popular Applications selection. Once you have selected an application, select a location (1-10) in the Copy to selection box and then click the Copy to button. This will automatically list the Public Ports required for this popular application in the location (1-10) you’d specified.
2.6.4 UPnP Settings With UPnP, all PCs in you Intranet will discover this router automatically. So you do not have to do any configuration for your PC and can access the Internet through this router easily. Parameters Default Description UPnP Feature Disable You can Enable or Disable UPnP feature here. After you enable the UPnP feature, all client systems that support UPnP, like Windows XP, can discover this router automatically and access the Internet through this router without any configuration.
2.6.5 ALG Settings You can select applications that need “Application Layer Gateway” to support. Parameters Enable Default Description You can select to enable “Application Layer Gateway”, then the router will let that application correctly pass though the NAT gateway. Click at the bottom of the screen to save the above configurations.
2.6.6 Static Routing This router provides Static Routing function when NAT is disabled. With Static Routing, the router can forward packets according to your routing rules. The IP sharing function will not work any more in Static Routing mode. Note: The DMZ function of firewall will not work if static routing is enabled. Parameter Description Enable Static Routing Static Routing function is default disabled. You have to enable the Static Routing function before your routing rules take effect.
router that this router should communicate with on the path to the destination LAN. Hop Count The number of hops (routers) to pass through to reach the destination LAN. Interface The interface that go to the next hop (router). Add a Rule Fill in the "Destination LAN IP", "Subnet Mask”, “Default Gateway”, "Hop Count" and "Interface" of the rule to be added and then click "Add". Then this rule of Static Routing will be added into the "Static Routing Table" below.
2.7 Firewall The Broadband router provides extensive firewall protection by restricting connection parameters, thus limiting the risk of hacker attack, and defending against a wide array of common Internet attacks. However, for applications that require unrestricted access to the Internet, you can configure a specific client/server as a Demilitarized Zone (DMZ). Note: To enable the Firewall settings select Enable and click Apply Parameters Description 2.6.
Click on one of the firewall selections and proceed to the manual’s relevant sub-section 2.7.1 Access Control If you want to restrict users from accessing certain Internet applications/services (e.g. Internet websites, email, FTP etc.), then this is the place to set that configuration. Access Control allows users to define the traffic type permitted in your LAN. You can control which PC client can have access to these services.
Remove PC If you want to remove some PC from the "IP Filtering Table", select the PC you want to remove in the table and then click "Delete Selected". If you want remove all PCs from the table, just click "Delete All" button. Filter client PC by MAC address Check “Enable MAC Filtering” to enable MAC Filtering. Add PC Fill in “Client PC MAC Address” and “Comment” of the PC that is allowed to access the Internet, and then click “Add”.
Add PC Parameters Client PC Description Client PC IP Addresses Description The description for this client PC rule. Enter the IP address range that you wish to apply this Access Control rule. This is the user’s IP address(es) that you wish to setup an Access Control rule. Note: You need to give your LAN PC clients a fixed/static IP address for the Access Control rule to work properly.
Apply Changes Click “Apply Changes” to save the setting. Reset Click “Reset” to clear all fields. Click at the bottom of the screen to save the above configurations. You can now configure other advance sections or start using the router (with the advance settings in place) Example: Access Control In the example below, LAN client A can only access websites that use Port 80. However, LAN client B is able to access websites and any other service that uses ports between 80 and 999.
2.7.2 URL Blocking You can block access to some Web sites from particular PCs by entering a full URL address or just keyword of the Web site.
Parameters Description Enable URL Blocking Enable/disable URL Blocking Add URL Keyword Fill in “URL/Keyword” and then click “Add”. You can enter the full URL address or the keyword of the web site you want to block. If you find any typo before adding it and want to retype again, just click "Reset" and the field will be cleared.
2.7.3 DoS (Denial of Service) The Broadband router's firewall can block common hacker attacks, including Denial of Service, Ping of Death, Port Scan and Sync Flood. If Internet attacks occur the router can log the events.
Parameters Description Intrusion Detection Feature Ping of Death Protections from Ping of Death attack Discard Ping From WAN The router’s WAN port will not respond to any Ping requests Port Scan Protection the router from Port Scan. Sync Flood Protection the router from Sync Flood attack. Click at the bottom of the screen to save the above configurations. You can now configure other advance sections or start using the router (with the advance settings in place) 2.7.
port IP address to a particular IP address in your LAN. The difference between the virtual server and the DMZ function is that the virtual server re-directs a particular service/Internet application (e.g. FTP, websites) to a particular LAN client/server, whereas DMZ re-directs all packets (regardless of services) going to your WAN IP address to a particular LAN client/server.
Chapter 3 87
Status The Status section allows you to monitor the current status of your router. You can use the Status page to monitor: the connection status of the Broadband router's WAN/LAN interfaces, the current firmware and hardware version numbers, any illegal attempts to access your network, and information on all DHCP client PCs currently connected to your network. Parameters Description 3.1 Status and Information Shows the router’s system information 3.
3.7 Statistics Shows the statistics Select one of the above five Status selections and proceed to the manual’s relevant sub-section 3.1 Status and Information The Status and Information section allows you to view the router’s system information Parameters Description Information You can see the router’s system information such as the router’s: LAN MAC Address, WAN MAC Address, Hardware version, Serial Number, Boot code Version, Runtime code Version 3.
Parameters Description Internet Connection This page displays whether the WAN port is connected to a Cable/DSL connection. It also displays the router’s WAN port: WAN IP address, Subnet Mask, and ISP Gateway as well as the Primary DNS and Secondary DNS being used. 3.3 Device Status View the Broadband router’s current configuration settings. The Device Status displays the configuration settings you’ve configured in the Quick Setup Wizard/General Setup section.
Parameters Description Device Status This page shows the Broadband router’s current device settings. This page displays the Broadband router LAN port’s current LAN IP Address and Subnet Mask. It also shows whether the DHCP Server function is enabled/disabled..
3.4 System Log View the operation log of the system. Parameters Description System Log This page shows the current system log of the Broadband router. It displays any event occurred after system start up. At the bottom of the page, the system log can be saved to a local file for further processing or the system log can be cleared or it can be refreshed to get the most updated situation. When the system is powered down, the system log will disappear if not saved to a local file.
3.5 Security Log View any attempts that have been made to illegally gain access to your network. Parameters Description Security Log This page shows the current security log of the Broadband router. It displays any illegal attempts to access your network. At the bottom of the page, the security log can be saved to a local file for further processing or the security log can be cleared or it can be refreshed to get the most updated situation.
3.6 Active DHCP Client View your LAN client's information that is currently linked to the Broadband router's DHCP server Parameters Description Active DHCP Client This page shows all DHCP clients (LAN PCs) currently connected to your network. The “Active DHCP Client Table” displays the IP address and the MAC address and Time Expired of each LAN Client.
3.7 Statistics View the statistics of packets sent and received on WAN, LAN and Wireless LAN. Parameters Description Statistics Shows the counters of packets sent and received on WAN, LAN and Wireless LAN.
Chapter 4 Tool This page includes the basic configuration tools, such as Configuration Tools (save or restore configuration settings), Firmware Upgrade (upgrade system firmware) and Reset. Parameters Description 4.1 Configuration Tools You can save the router’s current configuration, restore the router’s saved configuration files and restore the router’s factory default settings 4.2 Firmware Upgrade This page allows you to upgrade the router’s firmware 4.
4.1 Configuration Tools The Configuration Tools screen allows you to save (Backup) the router’s current configuration setting. Saving the configuration settings provides an added protection and convenience should problems occur with the router and you have to reset to factory default. When you save the configuration setting (Backup) you can re-load the saved configuration into the router through the Restore selection.
4.2 Firmware Upgrade This page allows you to upgrade the router’s firmware Parameters Description Firmware Upgrade This tool allows you to upgrade the Broadband router’s system firmware. To upgrade the firmware of your Broadband router, you need to download the firmware file to your local hard disk, and enter that file name and path in the appropriate field on this page. You can also use the Browse button to find the firmware file on your PC.
4.3 Reset You can reset the router’s system should any problem exist. The reset function essentially Re-boots your router’s system Parameters Description Reset In the event that the system stops responding correctly or in some way stops functioning, you can perform a reset. Your settings will not be changed. To perform the reset, click on the button. You will be asked to confirm your decision. The reset will be complete when the power light stops blinking.
Appendix A How to Manually find your PC’s IP and MAC address 1) In Window’s open the Command Prompt program 2) Type Ipconfig /all and • • • Your PC’s IP address is the one entitled IP address (192.168.1.77) The router’s IP address is the one entitled Default Gateway (192.168.1.
Glossary Default Gateway (Router): Every non-router IP device needs to configure a default gateway’s IP address. When the device sends out an IP packet, if the destination is not on the same network, the device has to send the packet to its default gateway, which will then send it out towards the destination. DHCP: Dynamic Host Configuration Protocol. This protocol automatically gives every computer on your home network an IP address.
ISP: Internet Service Provider. An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations. LAN: Local Area Network. A LAN is a group of computers and devices connected together in a relatively small area (such as a house or an office). Your home network is considered a LAN. MAC Address: MAC stands for Media Access Control. A MAC address is the hardware address of a device connected to a network.
create IP address numbers used only within a particular network (as opposed to valid IP address numbers recognized by the Internet, which must be assigned by InterNIC). TCP/IP, UDP: Transmission Control Protocol/Internet Protocol (TCP/IP) and Unreliable Datagram Protocol (UDP). TCP/IP is the standard protocol for data transmission over the Internet. Both TCP and UDP are transport layer protocol. TCP performs proper error detection and error recovery, and thus is reliable.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
