OfficeConnect® ADSL Wireless 108Mbps 11g Firewall Router User Guide Model WL-553 3CRWDR200A-75 3CRWDR200B-75 http://www.3com.
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
CONTENTS ABOUT THIS GUIDE Naming Convention 7 Conventions 8 Feedback about this User Guide Related Documentation 9 1 8 INTRODUCING THE FIREWALL ROUTER OfficeConnect ADSL Wireless 108Mbps 11g Firewall Router Firewall Router Advantages 13 Package Contents 13 Minimum System and Component Requirements 15 Front Panel 15 Rear Panel 17 2 HARDWARE INSTALLATION Introduction 19 Safety Information 19 Positioning the Router 19 Using the Rubber Feet 20 Stacking the Router 20 Wall Mounting 20 Before you Install you
Windows 95/98/ME 27 Macintosh 27 Disabling PPPoE and PPTP Client Software Disabling Web Proxy 28 4 RUNNING THE SETUP WIZARD Accessing the Wizard 29 Password 32 Time Zone 33 ATM PVC Configuration IGMP 34 Connection Mode 34 LAN Settings 38 Wireless Settings 40 Summary 41 5 28 33 ROUTER CONFIGURATION Navigating Through the Router Configuration Pages Main Menu 43 Option Tabs 44 Welcome Screen 44 Notice Board 45 Password 45 Wizard 46 LAN Settings 47 Unit Configuration 47 DHCP Lease Table 48 Wireless Settin
Virtual Servers 59 Special Applications 61 Virtual DMZ 62 SPI 63 Internet Access Policy 64 Content Filter 66 System Tools 67 Restart 67 Time Zone 68 Configuration 68 Upgrade 69 Advanced 70 Routing 70 Static Route 71 RIP 71 DNS 73 DDNS 73 DSL 75 IPSec 75 Proxy ARP 76 ALG 77 Management 77 Syslog 78 SNMP 79 Trusted Station 80 Remote Management 81 Diagnostics 82 Device Info 82 Summary 82 WAN 83 Statistics 83 Route 84 ARP 84 Support/Feedback 85 Support 85 Feedback 86
TROUBLESHOOTING Basic Connection Checks 87 Browsing to the Router Configuration 87 Connecting to the Internet 88 Forgotten Password and Reset to Factory Defaults Wireless Networking 89 Replacement Power Adapters 92 Alert LED 92 Recovering from Corrupted Software 93 Frequently Asked Questions 94 A USING DISCOVERY Running the Discovery Application 97 Windows Installation (95/98/2000/Me/NT) B 89 97 IP ADDRESSING The Internet Protocol Suite 99 Managing the Router over the Network 99 IP Addresses and Su
C SAFETY INFORMATION D END USER SOFTWARE LICENSE AGREEMENT E ISP INFORMATION GLOSSARY REGULATORY NOTICES FOR THE ADSL WIRELESS 108MBPS 11G FIREWALL ROUTER INDEX
ABOUT THIS GUIDE This guide describes how to install and configure the OfficeConnect ADSL Wireless 108Mbps 11g Firewall Router (3CRWDR200A-75 and 3CRWDR200B-75). This guide is intended for use by those responsible for installing and setting up network equipment; consequently, it assumes a basic working knowledge of LANs (Local Area Networks) and Internet Router systems.
8 ABOUT THIS GUIDE Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1 Notice Icons Icon Notice Type Description Information note Information that describes important features or instructions. Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device. Warning Information that alerts you to potential personal injury.
Conventions 9 Page number (if appropriate) Example: OfficeConnect ADSL Wireless 108Mbps 11g Firewall Router User Guide Product Number 3CRWDR200A-75 Page 24 Do not use this e-mail address for technical support questions. For information about contacting Technical Support, please refer to the Support and Safety Information sheet. Related Documentation In addition to this guide, each Router document set includes one Installation Guide.
10 ABOUT THIS GUIDE
1 INTRODUCING THE FIREWALL ROUTER Welcome to the world of networking with 3Com®. In the modern business environment, communication and sharing information is crucial. Computer networks have proved to be one of the fastest modes of communication but, until recently, only large businesses could afford the networking advantage. The OfficeConnect® product range from 3Com has changed all this, bringing networks to the small office.
12 CHAPTER 1: INTRODUCING THE FIREWALL ROUTER Figure 1 Example Network Without a Firewall Router When you use the Firewall Router in your network (Figure 2), it becomes your connection to the Internet. Connections can be made directly to the Router, or to an OfficeConnect Switch or Hub, expanding the number of computers you can have in your network.
Firewall Router Advantages Firewall Router Advantages 13 The advantages of the Firewall ADSL Wireless 108Mbps 11g Firewall Router include: Shared Internet connection for both wired and wireless computers High speed 802.
14 CHAPTER 1: INTRODUCING THE FIREWALL ROUTER One CD-ROM containing the Firewall Router Discovery program and this User Guide Installation Guide One Support and Safety Information Sheet One Warranty Flyer If any of these items are missing or damaged, please contact your retailer.
Minimum System and Component Requirements Minimum System and Component Requirements 15 Your Router requires that the computer(s) and components in your network be configured with at least the following: A computer with an operating system that supports TCP/IP networking protocols (for example Windows 95/98/NT/Me/2000/XP, Unix, Mac OS 8.5 or higher). An Ethernet 10Mbps or 10/100 Mbps NIC for each computer to be connected to the four-port switch on your Router. An 802.11b or 802.11g wireless NIC.
16 CHAPTER 1: INTRODUCING THE FIREWALL ROUTER The administrator has invoked the Reset to Factory Defaults command, or The system software is in the process of being upgraded In each of these cases, wait until the Router has completed the current operation and the alert LED is Off. Flashing slowly - The Router has completed the Reset to Factory Defaults process, and is waiting for you to reset the unit. To do this, remove power, wait 10 seconds and then re-apply power.
Rear Panel 17 Green (100 Mbps link) / yellow (10 Mbps link) If the LED is on, the link between the Router and the cable or DSL modem is OK. If the LED is flashing, the link is OK and data is being transmitted or received. If the LED is off, nothing is connected, the modem is switched off or there is a problem (refer to Chapter 6 “Troubleshooting”). Rear Panel The rear panel (Figure 4) of the Router contains four LAN ports, one Ethernet Cable/DSL port, a power adapter OK LED, and a power adapter socket.
18 CHAPTER 1: INTRODUCING THE FIREWALL ROUTER 10 Reset Button Press this button for resetting your Router to factory default. 11 Four 10/100 LAN ports Using suitable RJ-45 cable, you can connect your Router to a computer, or to any other piece of equipment that has an Ethernet connection (for example, a hub or a switch). The LAN ports will automatically set themselves to MDI or MDIX depending on the device to which they are connected and the type of cable used.
2 Introduction HARDWARE INSTALLATION This chapter will guide you through a basic installation of the Router, including: Connecting the Router to the Internet. Connecting the Router to your network. Setting up your computers for networking with the Router. Safety Information WARNING: Please read the Router section in Appendix C before you start. VORSICHT: Bitte lesen Sie den Abschnitt “Wichtige Sicherheitshinweise” sorgfältig durch, bevor Sie das Gerät einschalten.
20 CHAPTER 2: HARDWARE INSTALLATION allows easy viewing of the front panel LED indicator lights, and access to the rear panel connectors, if necessary. When positioning your Router, ensure: It is out of direct sunlight and away from sources of heat. Cabling is away from power lines, fluorescent lighting fixtures, and sources of electrical noise such as radios, transmitters and broadband amplifiers. Water or moisture cannot enter the case of the unit.
Before you Install your Router 21 3 Remove any connections to the unit and locate it over the screw heads. When in line, gently push the unit on to the wall and move it downwards to secure. When making connections, be careful not to push the unit up and off the wall.Router CAUTION: Only wall mount single units, do not wall mount stacked units. Before you Install your Router Before you install and configure your Router, you need the following additional information.
22 CHAPTER 2: HARDWARE INSTALLATION If your ISP allocates fixed or static IP information, you need the following information: IP Address : ____.____.____.____ Subnet Mask : ____.____.____.____ Default Router address : ____.____.____.____ DNS address : ____.____.____.____ If your ISP allocates IP information dynamically over a protocol other than PPPoE, you do not need any further information. This configuration is typical of cable connections.
Connecting the Router 23 Figure 5 Connecting the Router sofu Power Supply Unit Jouf Telephone socket 12VDC 1.25A MAX POWER OK Cable/DSL 4 3 2 1 LAN Xjsfmftt! Vtfst Zpvs!QD To use your Router to connect to the Internet through an DSL connection: 1 Insert one end of the supplied telephone (RJ-11) cable into the Cable/DSL port on the rear panel of the Router. Check that the DSL Sync status LED lights on the Router.
24 CHAPTER 2: HARDWARE INSTALLATION Service Area Name/SSID — 3Com Channel — 11
3 SETTING UP YOUR COMPUTERS The Router has the ability to dynamically allocate network addresses to the computers on your network, using DHCP. However, your computers need to be configured correctly for this to take place. To change the configuration of your computers to allow this, follow the instructions in this chapter.
26 CHAPTER 3: SETTING UP YOUR COMPUTERS Figure 6 Local Area Properties Screen 6 Ensure that the options Obtain an IP Address automatically, and Obtain DNS server address automatically are both selected as shown in Figure 7. Click OK. Figure 7 Internet Protocol (TCP/IP) Properties Screen 7 Restart your computer.
Obtaining an IP Address Automatically Windows XP 27 If you are using a Windows XP computer, use the following procedure to change your TCP/IP settings: 1 From the Windows Start menu, select Control Panel. 2 Click on Network and Internet Connections. 3 Click on the Network Connections icon. 4 Double click on LAN or High Speed Connection icon. A screen titled Local Area Connection Status will appear. 5 Select Internet Protocol TCP/IP and click on Properties.
28 CHAPTER 3: SETTING UP YOUR COMPUTERS Disabling PPPoE and PPTP Client Software If you have PPPoE or PPTP client software installed on your computer, you will need to disable it. To do this: 1 From the Windows Start menu, select Settings > Control Panel. 2 Double click on Internet Options. 3 Select the Connections Tab. A screen similar to Figure 8 should be displayed. 4 Select the Never Dial a Connection option.
4 Accessing the Wizard RUNNING THE SETUP WIZARD The Firewall Router setup program is Web-based, which means that it is accessed through your Web browser (Netscape Navigator 4.7 or higher, Internet Explorer 5.0 or higher, or Mozilla 1.2.1 or higher). To use the Setup Wizard: 1 Ensure that you have at least one computer connected to the Firewall Router. Refer to Chapter 2 for details on how to do this. 2 Launch your Web browser on the computer.
30 CHAPTER 4: RUNNING THE SETUP WIZARD Figure 10 Firewall Router Login Screen 5 If the password is correct, the Country Selection screen will appear. Select the country you wish to configure the Firewall Router for, then click Apply. (Figure 11) If your purchased your Firewall Router in the United States, you do not see this screen, as it is automatically set.
Accessing the Wizard 31 6 When you have selected a country either: The Welcome screen will appear (Figure 12). Select the Wizard tab and click Wizard. or If your Router has not been configured before, the Wizard will launch automatically (refer to Figure 13). 7 Click Next. 8 You will be guided step by step through a basic setup procedure.
32 CHAPTER 4: RUNNING THE SETUP WIZARD Figure 13 Wizard Screen Password Figure 14 Change Administration Password Screen When the Change Administration Password screen (Figure 14) appears, type the Old Password, then a new password in both the New Password and Confirm Password boxes. 3Com recommends entering a new password when setting up the Firewall Router for the first time. The Firewall Router is shipped from the factory with a default password, admin. 1. Password is case sensitive.
Accessing the Wizard 33 2. Write the new password down and keep it in a safe place, so that you can change your settings in the future. Click Next to display the Time Zone setup screen (Figure 15). Time Zone Figure 15 Time Zone Screen Select your time zone from the pull-down menu, check the daylight savings option if required, and then click Next. The Daylight Savings option advances the system clock by one hour. It does not cause the system clock to be updated for daylight savings time automatically.
34 CHAPTER 4: RUNNING THE SETUP WIZARD UBR service may be considered as "best effort service". Peak cell rate specifies the maximum cell rate at which the user will transmit. CBR (constant bit rate): the CBR service class is intended for real-time applications, for example, those requiring tightly constrained delay and delay variation, such as voice and video applications. The consistent availability of a fixed quantity of bandwidth is considered appropriate for CBR service.
Accessing the Wizard 35 MAC Encapsulation Routing (MER) see page 36 Bridging, see page 38 and click Next. PPPoE/PPPoA Mode Figure 17 PPPoE Screen To setup the Firewall Router for use with a PPP over Ethernet (PPPoE) or PPP over ATM (used mainly in UK) connection, use the following procedure: 1 Enter your PPP over Ethernet/ATM user name in the PPPoE/PPPoA User Name text box. 2 Enter your PPP over Ethernet/ATM password in the PPPoE/PPPoA Password text box.
36 CHAPTER 4: RUNNING THE SETUP WIZARD 6 PPP IP extension: Check this box to invoke the PPP IP extension. Only one user is allowed to access the web configurator at one time when this is checked. 7 Use Static IP Address: Check this box to enter the IP Address manually. Check all of your settings, and then click Next. Enable 802.1q Check on this to enable this function. The 802.
Accessing the Wizard 37 Manually entering an IP address: To set WAN IP address by yourself. 1 WAN IP Address: Enter the IP address for using in the WAN from your ISP. 2 WAN Subnet Mask: Enter the WAN subnet mask. 3 Default Gateway: Enter the default gateway for using in the WAN from your ISP. 4 Enter your primary DNS address in the Primary DNS Address text box. 5 Enter your secondary DNS address in the Secondary DNS Address text box.
38 CHAPTER 4: RUNNING THE SETUP WIZARD 4 Enable NAT: Check the Enable NAT to enable this function which will allow more than one PC in the LAN to connect the internet. 5 Click on Next to configure your LAN settings. See “LAN Settings” in this section for more information. Bridging Mode Figure 20 Bridging Mode Screen To set up the Firewall Router for use as a bridge in which the router is the bridge between WAN and LAN, use the following procedure: 1 Enter your the name for the bridging service.
Accessing the Wizard 39 This screen displays a suggested LAN IP address and subnet mask of the Firewall Router. It also allows you to change the IP address and subnet mask. 1 Primary IP Address: Enter the first IP Address for your LAN interface. 2 Subnet Mask: Enter the Subnet Mask for your LAN interface. 3 Enable DHCP server on the LAN: Check this box to enable the DHCP service on the router. See “DHCP” in this section.
40 CHAPTER 4: RUNNING THE SETUP WIZARD Wireless Settings Figure 23 Wireless Configuration Screen This screen displays the Channel and Service Area Name. It also allows you to change these settings. There are a maximum of 14 channels, the number available to you is dependent on the country you reside in. Selecting Clear Channel Select from the Channel drop-down list allows the Firewall Router to automatically select an available channel when first powered on.
Accessing the Wizard Summary 41 Figure 24 Configuration Summary Screen When you complete the Setup Wizard, a configuration summary will display. 3Com recommends that you verify the configuration information of the Firewall Router and then print this page for your records.
42 CHAPTER 4: RUNNING THE SETUP WIZARD Figure 25 Wizard Completed Screen If you have made changes to the LAN Settings or wireless configuration options, you may need to reconfigure the computer you are using in order to make contact with the Firewall Router again. Your Firewall Router is now configured and ready for use. For information on improving your Wireless network security see "Wireless Settings" on page 48. See Chapter 5 for a detailed description of the Router configuration screens.
5 ROUTER CONFIGURATION Navigating Through the Router Configuration Pages Main Menu This chapter describes all the screens available through the Router configuration pages, and is provided as a reference. To get to the configuration pages, browse to the Router by entering the URL in the location bar of your browser. The default URL is http://192.168.1.1 but if you changed the Router LAN IP address during initial configuration, use the new IP address instead.
44 CHAPTER 5: ROUTER CONFIGURATION Advanced — allows you to monitor and configure the Router’s advanced features, including LAN/WAN setup, DSL, RIP, DDNS, Print Server, IPSec, Certificate, Proxy ARP, and ALG. Management — displays the current status and activity logs of the Router, SNMP enable/disable, Internet service enable/disable, and remote management control. Diagnostics — Testing the connection between your wired and wireless device to your Router.
Welcome Screen Notice Board 45 Figure 26 Notice Board Screen The Notice Board is used to display the firmware version and configuration warning messages. For example, you would be warned if you had disabled wireless networking or wireless encryption.
46 CHAPTER 5: ROUTER CONFIGURATION Changing the Administration Password You can change the password to prevent unauthorized access to the Administration System. To do this: 1 Enter the current password in the Old Password field 2 Enter the new password in the New Password field 3 Enter the new password again in the Confirm Password field 4 Click Save/Apply to save the new password The password is case sensitive. If you have forgotten your password you need to reset the Router.
LAN Settings 47 LAN Settings Unit Configuration Figure 29 LAN Setup Screen This screen allows you to change the IP address and subnet mask. 1 IP Address: Enter the IP Address for your LAN interface. 2 Subnet Mask: Enter the Subnet Mask for your LAN interface. 3 Enable IGMP Snooping: 4 Enable DHCP server on the LAN: Check this box to enable the DHCP service on the router.
48 CHAPTER 5: ROUTER CONFIGURATION DHCP Lease Table Figure 30 DHCP Lease Table Screen The DHCP Lease table screen list the client’s name, MAC Address, IP Address and Expiration time which reflects the value specified in DHCP server setting in “Unit Configuration” on this chapter. Wireless Settings The Wireless Settings menu provides options described in the following sections. To improve the security of your wireless network, 3Com recommends that you: 1.
Wireless Settings Configuration 49 Figure 31 Enabling Wireless Screen Enable Wireless Networking Use this check box to enable or disable the wireless section of your LAN. When disabled, no wireless PCs can gain access to either the Internet or other PCs on your Wired or Wireless LAN through this Router. Wireless Mode Select a mode from the drop-down list to configure your wireless networks. The Router supports 11b, 11g, Super G, and Mixed 11b/11g which is the default.
50 CHAPTER 5: ROUTER CONFIGURATION Service Area Name/SSID This allows you to name your Wireless network. The Service Area Name/SSID field will accept any alphanumeric string and has a maximum length of 32 characters. Your Wireless computers must be configured with exactly the same name or you will not establish a connection. The Service Area Name may also be referred to as “ESSID” depending on your networking vendor. By default the Router uses the name “3Com”.
Wireless Settings Encryption 51 Figure 32 Encryption Screen When setting up wireless networks, it is important to remember that with encryption disabled, anyone with a Wireless PC can eavesdrop on your network. 3Com recommends that you get the network working with encryption disabled first and then enable it as the last step. This will simplify setting up your network. The Router supports two types of encryption: WPA/WPA2/Mixed WPA WPA2 — Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.
52 CHAPTER 5: ROUTER CONFIGURATION WPA/WPA2/Mixed WPA WPA2 +Radius PSK2+RADIUS features using of a RADIUS server with the pre-shared key authentication method. (This should only be used when a RADIUS server is connected to the Router). WPA provides a higher level of security, provided by its longer key and dynamic changes made to the key over time. 3Com recommends that you use WPA with any clients which support it.
Wireless Settings Using the Radius Server Figure 33 WPA/WPA2 Encryption Screen - Radius Server To set up WPA/WPA2/Mixed WPA and WPA2 with Radius Server: 1 Select Encryption Method from the drop-down box. 2 Enter the frequency for key generating in seconds. 3 Enter the RADIUS Server IP address. 4 Enter the Server Port. 5 Enter the key for the Radius Server. 6 Click Save to save your changes.
54 CHAPTER 5: ROUTER CONFIGURATION Using Pre-Shared Passphrase Figure 34 WPA/WPA2 Encryption Screen - Pre-Shared Passphrase To set up Pre-Shared Passphrase as the WPA Type: 1 Select Encryption Method from the drop-down box. Enter a phrase of between 8 and 63 characters in length in the Pre-Shared key field. This passphrase will be used to generate a 256 bit key dynamically. 2 Enter the frequency for key generating in seconds 3 Click Save to save your changes.
Wireless Settings 55 Figure 35 64 bit/128 bit Encryption Keys Screen - WEP Configuration To set up WEP encryption: 1 Select 128 bit encryption or 64 bit encryption from the Encryption Strength drop-down list. 2 Enter the passphrase which can be up to 31 characters long and may contain any alphanumeric characters in the field. 3 Click on the Generate to generate 4 hex keys automatically. Virtually all manufacturers support this scheme. Hexadecimal numbers are formed from 0-9 and A-F.
56 CHAPTER 5: ROUTER CONFIGURATION Some wireless adapters have only one key available on their WEP configuration page. If this is the case ensure it is the same as Key 1 on the Router and that it is selected as the Current WEP key. WMM Wi-Fi MultiMedia QOS (Quality of Service) ensures the quality of service in wireless networks for multimedia applications. 3Com recommends that you leave the settings unchanged if you are not sure with your configuration.
Wireless Settings 57 CWmin: Minimum Contention Window. Enter a number from 0-10. CWMax: Maximum Contention Window. Enter a number from 0-10. AIFSN: Fixed Slot Time. Enter a number from 0-20. TXOPLimit: Transmit Opportunity Limit. Enter a number from 0-65535 millisecond. ACM/ACK-Policy: Admission Control Policy. Can be enabled or disabled.
58 CHAPTER 5: ROUTER CONFIGURATION the Authorized Wireless PC list. You may enter a maximum of 40 PCs in the list. Click Save to save your existing configurations or Cancel to discard all changes. The MAC Address must be entered as 6 hexadecimal pairs, for example 12-34-56-78-ef-ab. Advanced Wireless Settings Figure 38 Advanced Wireless Screen The Advanced Wireless Settings gives you more specific and advanced options to configure your Wireless Router.
Internet Settings 59 XR Mode: The router embeds the Atheros Super G technology which stretches the performance of a WLAN by enabling long-range connections. Select on the drop-down list to enable this feature. RTS Threshold (Request To Send): Should you encounter inconsistent data flow, only minor modifications are recommended. The threshold (number of bytes) for enabling RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake.
60 CHAPTER 5: ROUTER CONFIGURATION Virtual Servers Selecting the Firewall option on the main menu displays the Virtual Servers setup screen. (Figure 39) Figure 39 Virtual Servers Screen Activating and configuring a virtual server allows one or more of the computers on your network to function as a public server. For example, one of your computers could be configured as an FTP server, allowing others outside of your office network to download files of your choosing.
Firewall Special Applications 61 Figure 40 Special Applications Screen Select Special Apps tab to display NAT-Port Triggering Setup screen. (Figure 40) Some software applications require special or multiple connections to the Internet and these would normally be blocked by the firewall. For example Internet Telephony or Video conferences require multiple connections. So that these special applications can work properly and are not blocked, the firewall needs to be told about them.
62 CHAPTER 5: ROUTER CONFIGURATION 5 Click Add to return to the Special Application configuration page to enter more entries. The Router will automatically allow FTP and NetMeeting sessions. You do not need to configure these as Special Applications. Only one computer on your network can use the special application at any one time. Virtual DMZ DMZ (De-Militarized Zone) Host is a computer without the protection of the firewall.
Firewall SPI 63 Stateful Packet Inspection (SPI) inspects, and if required blocks packets at the application layer. SPI also maintains TCP and UDP session information, including timeouts and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as DoS attacks. Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
64 CHAPTER 5: ROUTER CONFIGURATION Internet Access Policy Figure 43 The Internet Access Policy Screen The Internet Access Policy screen lets you configure your Router’s access availability according to specified day/time with options in blocking the application, website (URL), and website keywords. 1 Select Access Policy number from the drop-down menu. 2 Enter the Policy Name in the field provided. 3 Select on Status for enabling or disabling this policy.
Firewall 65 For example, to allow access Monday through Friday between 9 am and 5 pm, check the check boxes for Mon, Tue, Wed, Thu and Fri, and enter 09:00 and 17:00 in the text boxes next to each of these days. 7 Select on an internet service/application to blocked the service/port number. 8 Type in the Website Accessing by URL Address with the URL that you want to block access from. 9 Type in the Website Blocking by Keyword with the keywords on the URL.
66 CHAPTER 5: ROUTER CONFIGURATION You can filter up to 4 keywords and URLs. Content Filter Figure 44 The Content Filter Screen The content filter lets your block the websites according to pre-defined categories. You can subscribe to the 3Com Content Filter Service, which enables you to block or allow the URLs of a number of pre-defined categories. The Router comes with a 14-day free trial of the 3Com Content Filter Service.
System Tools 67 4 Select the Server Timeout value in milliseconds. The default is 3000 milliseconds (3 seconds). 5 Select Allow or Deny for each displayed category, as required. Click Save to save the settings, Test URL to test the connection with the specified content filter server or cancel to discard your changes. System Tools The main frame of the System Tools screen includes four administration items: Restart, Time Zone, Configuration, and Upgrade (Figure 45).
68 CHAPTER 5: ROUTER CONFIGURATION Time Zone Figure 46 Time Zone Screen Check the Automatically synchronize with internet time servers to read the correct time from NTP servers on the Internet and sets its system clock automatically. You may enter two NTP servers according to your priority. Choose the time zone that is closest to your actual location. The time zone setting is used by the system clock when displaying the correct time in the log files. Click on Save/Apply to apply your settings.
System Tools 69 Select the Configuration tab to display the Configuration screen (Figure 47). Backup Configuration Click BACKUP to save the current Router configuration. You will be prompted to download and save a file to disk. Restore Configuration Data If you want to reinstate the configuration settings previously saved to a file, press Browse to locate the backup file on your computer, and then click RESTORE to copy the data into the Router's memory. The password will remain unchanged.
70 CHAPTER 5: ROUTER CONFIGURATION web browser where this file is on your computer, and then click Apply. The file will be copied to the Router, and once this has completed, the Router will restart.
Advanced Static Route 71 Router supports static route functionality. Select the Static Route tab to display the screen shown in Figure 49 Figure 49 Static Route screen Please enter the following values in the box respectively to specify a static route: Network Address - the network address of the route. If network address and subnet mask are both set to 0.0.0.0, this is the default route. Subnet Mask - the subnet mask of the route. If network address and subnet mask are both set to 0.0.0.
72 CHAPTER 5: ROUTER CONFIGURATION Figure 50 RIP screen Setting Up RIP Check the Enable Global RIP Mode check box check box to configure RIP on the Router.The screen displays RIP information for the LAN interface and WAN interface. To set up or change the information for one or both interfaces: 1 Select one of Disable, Enable or Silent from the Operation Mode drop-down list. If you select Enable, the Router transmits RIP update information to other RIP enabled devices.
Advanced DNS 73 The DNS Screen The DNS Screen lets you specify your Domain Name Service (DNS) server’s information. You may check the Enable Automatic Assigned DNS for automatically assigned DNS or you may manually specify your DNS server’s IP Address. DDNS Dynamic Domain Name Server (DDNS) enables you to map a static domain name to a dynamic IP address. The Router supports two DDNS providers, TZO.com and DYNDNS.org.
74 CHAPTER 5: ROUTER CONFIGURATION To set up DDNS: Figure 51 DDNS screen 4 Select a DDNS Service provider from the drop-down list. This can be either TZO.com or DynDNS.org. TZO.com If you select TZO.com: 1 In the Host Name text box, enter the host name. 2 In the Interface text box, select the WAN/LAN interface that will be using the DDNS. 3 In the Username/E-mail text box, enter the account name. 4 In the Key text box, enter the account password. 5 Click Apply to make this service active. DynDNS.
Advanced DSL 75 Figure 52 The DSL Setting Screen The DSL Screen lets you configure your DSL connections. Check the boxed for the type of DSL connection that you are using. Select the type of phone line you are using. Also Check the compatibility type.
76 CHAPTER 5: ROUTER CONFIGURATION the Internet. The Virtual Private Network (VPN) is a popular technology used for communications between two networking sites without the expense of leased site-to-site lines. Click on Add New IPsec to add new IPSec configurations. Select on the dropdown menu and enter the values in the text boxes for settings in your IPSec.
Management 77 5 In To, type the ending IP address of the IP address range. ALG Figure 55 The ALG Screen An Application Layer Gateway (ALG) is a SIP Back to Back User agent (B2BUA). An ALG can be used to allow firewall traversal with SIP. If the firewall has it's SIP traffic terminated on an ALG then the responsibility for permitting SIP sessions is passed onto the ALG instead of the firewall.
78 CHAPTER 5: ROUTER CONFIGURATION Syslog If you have a syslog server on the network, you can configure the Router Point to send the device logs to the server. You may need to configure the syslog server to accept logs from the Router. Figure 56 Syslog Screen To view the current logs: 1 Click on the view the syslogs button. To send the device logs to a syslog server: 1 Click on Configure syslogs. 2 Click on Enable. 3 Select on the drop-down menu for a list of available types of logging activities.
Management SNMP 79 Figure 57 The SNMP Screen Simple Network Management Protocol (SNMP) is the protocol used for exchanging management information between network devices. Click Enable/Disable to enable/disable the agent. To Configure the SNMP: 1 Type the Read Community, which is the password for the incoming Get and GetNext requests from the management station. 2 Type the Set Community, which is the password for incoming Set requests from the management station. 3 Type the System Name for the program.
80 CHAPTER 5: ROUTER CONFIGURATION Trusted Station Figure 58 The Trusted Station Screen The Trusted Station Screen let you add/remove the MAC address of the stations which can access the web administration.
Management Remote Management 81 Figure 59 The Remote Management Screen It is possible to administer the Router remotely. Select one of the following options for remote administration: Disable Remote Administration - This option is set as default. Enable administration from a single Internet Host - Only the specified Host IP Address can manage the Router. Any other users will be rejected.
82 CHAPTER 5: ROUTER CONFIGURATION Diagnostics Figure 60 The Diagnostics Screen The Diagnostics Screen lets you diagnose your DSL connection and wired and wireless networkings. Click on the Test button to start testing. Device Info The Device Info Settings menu provides the following options: Figure 61 Summary Screen Summary The Summary screen is used to display the information of your LAN status.
Device Info WAN 83 Figure 62 WAN Status Screen The WAN Status Screen is used to display the information of your DSL Connection Status. Statistics Figure 63 Statistics Screen The Statistics Screen is used to display the information of your LAN/WAN/ATM/ADSL Connection Statistics. Click on the button for each connection device for more detailed information.
84 CHAPTER 5: ROUTER CONFIGURATION Route Figure 64 Route Screen The Route Screen is used to display the routing status/information between your LAN and WAN. Refer to “Static Route” in this section for more information.
Support/Feedback 85 The ARP screen is used to display the Proxy ARP status. Refer to “Proxy ARP” in this section for more information. Support/Feedback Support Selecting Support/Feedback from the main menu displays the Support and Feedback screens. Figure 66 Support Screen Selecting the Support option on the main menu displays the support links screen, which contains a list of Internet links that provide information and support concerning the Router (Figure 66).
86 CHAPTER 5: ROUTER CONFIGURATION Feedback Figure 67 Feedback Screen Selecting the Feedback option displays the Feedback screen and allows you to provide feedback to 3Com on the operation of your Router (Figure 67). This screen should not be used to obtain technical support.
6 Basic Connection Checks TROUBLESHOOTING Check that the Router is connected to your computers and to the cable/DSL modem, and that all the equipment is powered on. Check that the LAN Status and Cable/DSL Status LEDs on the Router are illuminated, and that any corresponding LEDs on the cable/DSL modem and the NIC are also illuminated. Ensure that the computers have completed their start-up procedure and are ready for use.
CHAPTER 6: TROUBLESHOOTING and click on the LAN Settings button at the bottom. Make sure that the Proxy Server option is unchecked. If you cannot browse to the Router, use the winipcfg utility in Windows 95/98/ME to verify that your computer has received the correct address information from the Router. From the Start menu, choose Run and then enter winipcfg. Check that the computer has an IP address of the form 192.168.1.xxx (where xxx is in the range 2-254), the subnet mask is 255.255.255.
Forgotten Password and Reset to Factory Defaults 91 Ensure that your computers are not configured to use a Web proxy. On Windows computers, this can be found under Control Panel > Internet Options > Connections. Forgotten Password and Reset to Factory Defaults If you can browse to the Router configuration screen but cannot log on because you do not know or have forgotten the password, follow the steps below to reset the Router to it’s factory default configuration.
CHAPTER 6: TROUBLESHOOTING Verify that your wireless computers are configured to work in Infrastructure mode and not Ad Hoc mode. The Router contains an Access Point that is designed to operate in Infrastructure mode. Ad Hoc mode is not supported by the Router. If you have a wired and a wireless NIC in the same computer, ensure that the wired NIC is disabled. Check the status of the Router Wireless LED, it should be lit if wireless is enabled and will flash when there is wireless activity.
Power LED or Power Adapter OK LED Not Lit 93 Most wireless computer Adapters will scan the channels for the wireless Router. If a wireless computer has not located the Router then try initiating a search manually if the client software supports this feature or manually set the channel on your wireless computer to correspond to the Router channel number. Please refer to your Wireless computer adapter documentation and vendor to do this. Speed of connection: The 802.11b and 802.
CHAPTER 6: TROUBLESHOOTING Replacement Power Adapters If both the Power Adapter OK LED and Power LED are off, check your power adapter connection. If the mains outlet is working and is capable of supplying power to other devices, contact 3Com Technical Support and ask for a replacement power adapter. Please quote the power adapter part number shown on the OfficeConnect power adapter you are using.
Recovering from Corrupted Software 95 ISP. The Router logs such attacks, and this information is available through the Status and Logs screens. Recovering from Corrupted Software If the Alert LED remains permanently on following power-up, it is possible that the system software has become corrupted. In this condition, the Router will enter a “recovery” state; DHCP is disabled, and the LAN IP address is set to 192.168.1.1.
CHAPTER 6: TROUBLESHOOTING If the Router does not resume normal operation following the upload, it may be faulty. Contact your supplier for advice. Frequently Asked Questions How do I reset the Router to Factory Defaults? See “Forgotten Password and Reset to Factory Defaults” on page 91. How many computers on the LAN does the Router support? A maximum of 253 computers on the LAN are supported.
Frequently Asked Questions 97 is a database of technical information covering all 3Com products. It is updated daily with information from 3Com technical support services, and it is available 24 hours a day, 7 days a week.
CHAPTER 6: TROUBLESHOOTING
A Running the Discovery Application USING DISCOVERY 3Com provides a user friendly Discovery application for detecting the Router on the network. Windows Installation (95/98/2000/Me/NT) 1 Insert the Router CD-ROM in the CD-ROM drive on your computer. A menu will appear; select Router Discovery. Discovery will find the Router even if it is unconfigured or misconfigured.
98 APPENDIX A: USING DISCOVERY Figure 72 Discovered Router Screen 3 Figure 73 shows an example Discovered Devices screen. Highlight the Cable/DSL Router by clicking on it, and press Next. Figure 73 Discovery Finish Screen 4 Click on Finish to launch a web browser and display the login page for the Router.
B IP ADDRESSING The Internet Protocol Suite The Internet protocol suite consists of a well-defined set of communications protocols and several standard application protocols. Transmission Control Protocol/Internet Protocol (TCP/IP) is probably the most widely known and is a combination of two of the protocols (IP and TCP) working together.
96 APPENDIX B: IP ADDRESSING For your network to work correctly, all devices on the network must have: The same sub-network address. The same subnet mask. The only value that will be different is the specific host device number. This value must always be unique. An example IP address is ‘192.168.100.8’. However, the size of the network determines the structure of this IP Address. In using the Router, you will probably only encounter two types of IP Address and subnet mask structures.
How does a Device Obtain an IP Address and Subnet Mask? 97 This type of IP Address operates on a subnet mask of ‘255.255.0.0’. See Table 4 for an example about how a network (only four computers represented) and a Router might be configured. Table 4 IP Addressing and Subnet Masking How does a Device Obtain an IP Address and Subnet Mask? Device IP Address Subnet Mask PC 1 192.168.100.8 255.255.0.0 PC 2 192.168.201.30 255.255.0.0 PC 3 192.168.113.155 255.255.0.0 PC 4 192.168.002.230 255.255.
98 APPENDIX B: IP ADDRESSING random from the industry standard subnet of 169.254.x.x (with a subnet mask of 255.255.0.0). If two devices allocate themselves the same address, the conflict is detected and one of the devices allocates itself a new address. Automatic IP addressing support was introduced by Microsoft in the Windows 98 operating system and is also supported in Windows 2000.
B SAFETY INFORMATION Important Safety Information WARNING: Warnings contain directions that you must follow for your personal safety. Follow all directions carefully. You must read the following safety information carefully before you install or remove the unit: WARNING: The Router generates and uses radio frequency (rf) energy. In some environments, the use of rf energy is not permitted. The user should seek local advice on whether or not rf energy is permitted within the area of intended use.
100 APPENDIX B: SAFETY INFORMATION WARNING: Disconnect the power adapter before moving the unit. WARNING: RJ-45 ports. These are shielded RJ-45 data sockets. They cannot be used as telephone sockets. Only connect RJ-45 data connectors to these sockets. Wichtige Sicherheitshinweise VORSICHT: Warnhinweise enthalten Anweisungen, die Sie zu Ihrer eigenen Sicherheit befolgen müssen. Alle Anweisungen sind sorgfältig zu befolgen.
101 VORSICHT: Es sind keine von dem Benutzer zu ersetzende oder zu wartende Teile in dem Gerät vorhanden. Wenn Sie ein Problem mit dem Router haben, das nicht mittels der Fehleranalyse in dieser Anleitung behoben werden kann, setzen Sie sich mit Ihrem Lieferanten in Verbindung. VORSICHT: Vor dem Ausbau des Geräts das Netzadapterkabel herausziehen. VORSICHT: RJ-45-Anschlüsse. Dies sind abgeschirmte RJ-45-Datenbuchsen. Sie können nicht als Telefonanschlußbuchsen verwendet werden.
102 APPENDIX B: SAFETY INFORMATION sont maintenues que si l'équipement auquel il est raccordé fonctionne dans les mêmes conditions. AVERTISSEMENT: Il n’y a pas de parties remplaceables par les utilisateurs ou entretenues par les utilisateurs à l’intérieur du moyeu. Si vous avez un problème physique avec le moyeu qui ne peut pas être résolu avec les actions de la résolution des problèmes dans ce guide, contacter votre fournisseur.
D END USER SOFTWARE LICENSE AGREEMENT IMPORTANT: READ BEFORE INSTALLING THE SOFTWARE 3Com END USER SOFTWARE LICENSE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE DOWNLOADING, INSTALLING AND USING THIS PRODUCT, THE USE OF WHICH IS LICENSED BY 3COM CORPORATION (ì3COMî) TO ITS CUSTOMERS FOR THEIR USE ONLY AS SET FORTH BELOW. DOWNLOADING, INSTALLING OR OTHERWISE USING ANY PART OF THE SOFTWARE OR DOCUMENTATION INDICATES THAT YOU ACCEPT THESE TERMS AND CONDITIONS.
108 APPENDIX D: END USER SOFTWARE LICENSE AGREEMENT UNITED STATES GOVERNMENT LEGENDS: The Software, Documentation and any other technical data provided hereunder is commercial in nature and developed solely at private expense. The Software is delivered as ìCommercial Computer Softwareî as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.
E Information Regarding Popular ISPs ISP INFORMATION WAN Types Characteristics Popular ISPs Dynamic IP Cable modem ISP, non-hostname based. Need to clone the MAC address in the Advanced tab of the Internet Settings page. MediaOne, RoadRunner, Optimum Online, Time Warner, Charter, Adelphia, Metrocast. (Clone MAC) Dynamic IP (Hostname) PPPoE (DSL) PPTP Cable ISP, Requires Hostname to @Home Network, Cogoco, authenticate ie. cx213818-B.
106 APPENDIX E: ISP INFORMATION Static (DSL) Static (Cable) DSL Modem, always on. Need to enter ALL IP information from ISP in the Static IP address section of the Internet Settings page.
GLOSSARY 802.11b The IEEE specification for wireless Ethernet which allows speeds of up to 11 Mbps. The standard provides for 1, 2, 5.5 and 11 Mbps data rates. The rates will switch automatically depending on range and environment. 802.11g The IEEE specification for wireless Ethernet which allows speeds of up to 54 Mbps. The standard provides for 6, 12, 24, 36, 48 and 54 Mbps data rates. The rates will switch automatically depending on range and environment.
112 GLOSSARY 100BASE-TX full duplex, 100BASE-TX half duplex, 10BASE-T full duplex, and 10BASE-T half duplex. Auto-negotiation is defined in the IEEE 802.3 standard for Ethernet and is an operation that takes place in a few milliseconds. Bandwidth The information capacity, measured in bits per second, that a channel can transmit. The bandwidth of Ethernet is 10 Mbps, the bandwidth of Fast Ethernet is 100 Mbps. The bandwidth for 802.11b wireless is 11Mbps.
GLOSSARY DNS Server Address DSL modem 113 DNS stands for Domain Name System, which allows Internet host computers to have a domain name (such as 3com.com) and one or more IP addresses (such as 192.34.45.8). A DNS server keeps a database of host computers and their respective domain names and IP addresses, so that when a domain name is requested (as in typing “3com.com” into your Internet browser), the user is sent to the proper IP address.
114 GLOSSARY Half Duplex A system that allows packets to transmitted and received, but not at the same time. Contrast with full duplex. Hub A device that regenerates LAN traffic so that the transmission distance of that signal can be extended. Hubs are similar to repeaters, in that they connect LANs of the same type; however they connect more LANs than a repeater and are generally more sophisticated. IEEE Institute of Electrical and Electronics Engineers.
GLOSSARY MAC 115 Media Access Control. A protocol specified by the IEEE for determining which devices have access to a network at any one time. MAC Address Media Access Control Address. Also called the hardware or physical address. A layer 2 address associated with a particular network device. Most devices that connect to a LAN have a MAC address assigned to them as they are used to identify other devices in a network. MAC addresses are 6 bytes long. NAT Network Address Translation.
116 GLOSSARY RIP Routing Information Protocol. RIP allows an administrator to set up routing information on one RIP enabled device, and have that routing information replicated to all RIP enabled devices on the network. RJ-45 A standard connector used to connect Ethernet networks. The “RJ” stands for “registered jack”. Server A computer in a network that is shared by multiple end stations. Servers provide end stations with access to shared network services such as computer files and printer queues.
GLOSSARY 117 TCP relates to the content of the data travelling through a network — ensuring that the information sent arrives in one piece when it reaches its destination. IP relates to the address of the end station to which data is being sent, as well as the address of the destination network. Traffic universal plug and play URL Filter VLAN The movement of data packets on a network.
118 GLOSSARY Wireless Client Wireless LAN Service Area The term used to describe a desktop or mobile PC that is wirelessly connected to your wireless network Another term for ESSID (Extended Service Set Identifier) Wizard A Windows application that automates a procedure such as installation or configuration. WLAN Wireless Local Area Network. A WLAN is a group of computers and devices connected together by wireless in a relatively small area (such as a house or office). WMM Wi-Fi Multimedia.
REGULATORY NOTICES FOR THE ADSL WIRELESS 108MBPS 11G FIREWALL ROUTER Channels Use of the ADSL Wireless 11g Firewall Router is only authorized for the channels approved by each country. For proper installation, login to the management interface and select your country from the drop down list.
120 This product does not contain any user serviceable components. Any unauthorized product changes or modifications will invalidate 3Com’s warranty and all applicable regulatory certifications and approvals. This product can only be used with the supplied antenna(s). The use of external amplifiers or non-3Com antennas may invalidate regulatory certifications and approvals. Exposure to Radio Frequency Radiation This device generates and radiates radio-frequency energy.
121 US Federal Communications Commission (FCC) EMC Compliance This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
122 ''NOTICE: The Ringer Equivalence Number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a telephone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the Ringer Equivalence Numbers of all the devices does not exceed 5.
123 (508) 323-5000 Date: April 30, 2006 Declares that the Product: Brand Name: 3Com Corporation Model Number: WL-553 Equipment Type: 3Com OfficeConnect® ADSL Wireless 108Mbps 11g Firewall Router Complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
124 interference to the licensed service, this device is intended to be operated indoors and away from windows to provide maximum shielding. Equipment (or its transmit antenna) that is installed outdoors is subject to licensing. Pour empecher que cet appareil cause du brouillage au service faisant l'objet d'une licence, il doit etre utilize a l'interieur et devrait etre place loin des fenetres afin de Fournier un ecram de blindage maximal.
125 EU Compliance This equipment may be operated in AT BE CY CZ DK EE FI FR DE GR HU IE LV LT LU MT NL PL PT SK SI ES SE GB IS IT LI NO CH BG RO TR Intended use: ADSL 108Mbps 802.11g/b Firewall Router For connection to ADSL networks NOTE: To ensure product operation is in compliance with local regulations, select the country in which the product is installed. Refer to 3Com OfficeConnect® ADSL Wireless 108Mbps 11g Firewall Router User Guide.
126 German Greek Italian Spanish Portuguese Malti Estonian Hungarian Slovak Czech Slovene Lithuanian Latvian Hiermit erklärt 3Com Corporation, dass sich dieser/diese/dieses RLAN device in Übereinstimmung mit den grundlegenden Anforderungen und den anderen relevanten Vorschriften der Richtlinie 1999/5/EG befindet". (BMWi) Hiermit erklärt 3Com Corporation die Übereinstimmung des Gerätes RLAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999/5/EG.
127
128
INDEX Enable 802.1q 35 encryption 51 WEP 51 WPA 51 F Numbers Firewall 59 SPI 63 Forgotten Password 89 802.
Restart 67 RIP 71 setting up 72 S Safety Information 20 security remote administration 81 Setup Wizard 29, 46 Special Applications 61 SPI 63 Static Addressing 101 static route 71 Subnet Mask 38, 99 Summary 41 Support Information 85 Support Links 85 T TCP/IP 25, 27, 39, 47, 99 Time Zone 33, 68 U Unit Configuration 82 Upgrade 69 URL Filter 65 V Virtual Servers 59 VLAN 35 W Web Proxy 28 Wireless channel selection 49 configuration 49 connection control 57 encryption 51 LED 16 networking 89 NIC 15 service a
3Com Corporation, Corporate Headquarters, Copyright © 2006 3Com Corporation. All rights reserved. 350 Campus Drive, Marlborough, MA 3Com and OfficeConnect are registered trademarks of 3Com USA 01752-3064. Corporation. All other company and product names may be trademarks of their respective companies. To learn more about 3Com products and services, visit our World Wide Web site at www.3com.com All specifications are subject to change without notice.