Wireless Firewall Router Reference Manual

ManualsBrandsNETGEAR ManualsNetwork RouterWGU624

M-10153-01

Version 1.1

September 2004

NETGEAR, Inc.

4500 Great America Parkway

Santa Clara, CA 95054 USA

Reference Manual for the

Double 108 Mbps

Wireless Firewall Router

WGU624

Summary of content (178 pages)

PAGE 1
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA M-10153-01 Version 1.
PAGE 2
© 2004 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
PAGE 3
Europe - EU Declaration of Conformity This device is a 2.4/5.0 GHz dual band low power RF device intended for home and office use in EU and EFTA member states. In some EU / EFTA member states some restrictions may apply. Please contact local spectrum management authorities for further details before putting this device into operation. Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC).
PAGE 4
requirements for use of the 2.4GHz band in France: http://www.art-telecom.fr/eng/index.htm. When operating in France, this device may be operated under the following conditions: Indoors only, using any channel in the 2.4465-2.4835 GHz band. Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das Double 108 Mbps Wireless Firewall Router WGU624 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B.
PAGE 5
Contents Chapter 1 About This Manual Audience, Scope, Conventions, and Formats ................................................................1-1 How to Use This Manual ................................................................................................1-2 How to Print this Manual .................................................................................................1-3 Chapter 2 Introduction Key Features of the Router .................................................................
PAGE 6
How to Manually Configure Your Internet Connection ....................................................3-9 Manual PPPoE Configuration ................................................................................ 3-11 Manual PPTP Configuration ...................................................................................3-13 Manual Telstra Bigpond Configuration ...................................................................
PAGE 7
Chapter 6 Maintenance Viewing Wireless Router Status Information ...................................................................6-1 Viewing a List of Attached Devices .................................................................................6-5 Upgrading the Router Software ......................................................................................6-5 Configuration File Management .....................................................................................
PAGE 8
Restoring the Default Configuration and Password ........................................................8-7 Problems with Date and Time .........................................................................................8-7 Why Does the WGU624 Not Reach Full 108 Mbps Speeds? .........................................8-8 Appendix A Technical Specifications Appendix B Network, Routing, Firewall, and Basics Related Publications ..............................................................................
PAGE 9
Verifying TCP/IP Properties .................................................................................... C-6 Configuring Windows NT4, 2000 or XP for IP Networking ............................................ C-7 Install or Verify Windows Networking Components ................................................. C-7 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 ............................... C-8 DHCP Configuration of TCP/IP in Windows XP .....................................................
PAGE 10
What are the Key Features of WPA Security? ...................................................... D-10 WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS .................................................. D-12 WPA Data Encryption Key Management ........................................................ D-14 Is WPA Perfect? .................................................................................................... D-16 Product Support for WPA ...........................
PAGE 11
Chapter 1 About This Manual This chapter describes the intended audience, scope, conventions, and formats of this manual. Audience, Scope, Conventions, and Formats This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is provided in the Appendices and on the Netgear website. This guide uses the following typographical conventions: Table 1-1.
PAGE 12
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Use This Manual The HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters. 2 1 3 Figure 1 -1: HTML version of this manual 1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs. To view the HTML version of the manual, you must have a version 4 or later browser with JavaScript enabled. 2.
PAGE 13
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the upper right of the toolbar to print the currently displayed topic.
PAGE 14
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 4 About This Manual M-10153-01
PAGE 15
Chapter 2 Introduction Congratulations on your purchase of the NETGEAR® Double 108 Mbps Wireless Firewall Router WGU624. The WGU624 wireless router provides connection for multiple personal computers (PCs) to the Internet through an external broadband access device (such as a cable modem or DSL modem) that is normally intended for use by a single PC. This chapter describes the features of the NETGEAR Double 108 Mbps Wireless Firewall Router WGU624.
PAGE 16
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • • • • • • • Built-in 4-port 10/100 Mbps Switch. LAN port 4 is a built-in hardware DMZ port Ethernet connection to a wide area network (WAN) device, such as a cable modem or DSL modem. Extensive protocol support. Login capability Front panel LEDs for easy monitoring of status and activity. Flash memory for firmware upgrades. 802.11 a/g Wireless Networking The WGU624 wireless router includes 802.11 a and 802.
PAGE 17
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Table 2-1. Features Comparison of Wireless Modes 802.11b 802.11a Super A 802.11g Super G Performance 11 Mbps 54 Mbps 108 Mbps 54 Mbps 108 Mbps Range Less than “b” More than “a” Two times “b” Four times “b” Compatibility 802.11b only Only with normal 802.11a 802.11a 802.11g and 802.11b (Can use a “g” router with a “b” adapter.) 802.11g and 802.11b Channel Any Any Any Any 6 Frequency 2.4 GHz 5 GHz 5 GHz 2.
PAGE 18
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Security The WGU624 wireless router is equipped with several features designed to maintain security, as described in this section. • PCs Hidden by NAT NAT opens a temporary path to the Internet for requests originating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN.
PAGE 19
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Extensive Protocol Support The WGU624 wireless router supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). For further information about TCP/IP, refer to Appendix B, “Network, Routing, Firewall, and Basics”.
PAGE 20
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Firmware Auto-Update The WGU624 wireless router automatically checks the Internet to see if a newer version of firmware is available. If so, it asks if you want to install the upgrade. This lets you take advantage of product enhancements for your WGU624 as soon as they become available. • Visual monitoring The WGU624 wireless router’s front panel LEDs provide an easy way to monitor its status and activity.
PAGE 21
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Router’s Front Panel The front panel of the WGU624 wireless router contains the status LEDs described below. 0OWER 7IRELESS 7IRELESS A G )NTERNET 0ORT ,!. 0ORT Figure 2-1: WGU624 Front Panel You can use some of the LEDs to verify connections. Viewed from left to right, the table below describes the LEDs on the front panel of the router. Table 2-1.
PAGE 22
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Table 2-1. LED Descriptions On The Internet (WAN) port has detected a link with an attached device. Data is being transmitted or received by the Internet port. Blink Internet Local On (Green) Blink (Green) On (Amber) Blink (Amber) Off The Local (LAN) port has detected link with a 100 Mbps device. Data is being transmitted or received at 100 Mbps. The Local port has detected link with a 10 Mbps device.
PAGE 23
Chapter 3 Connecting the Router to the Internet This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your Double 108 Mbps Wireless Firewall Router WGU624 for Internet access using the Setup Wizard, or how to manually configure your Internet connection.
PAGE 24
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: For help with DHCP configuration, please use the Windows TCP/IP Configuration Tutorials on the Double 108 Mbps Wireless Router WGU624 Resource CD , or refer to Appendix C, “Preparing Your Network”.
PAGE 25
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name. The Service Name is not required by all ISPs.
PAGE 26
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Connecting the WGU624 This section provides instructions for connecting the Double 108 Mbps Wireless Firewall Router WGU624. Also, the Double 108 Mbps Wireless Router WGU624 Resource CD included with your router contains an animated Installation Assistant to help you through this procedure. Connecting the Wireless Router Follow the steps below to connect your router to your network.
PAGE 27
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: Place the WGU624 wireless router in a location which conforms to the “Observing Performance, Placement, and Range Guidelines” on page 4-1. The stand provided with the WGU624 provides a convenient, space-saving way of installing the wireless router. Avoid stacking it on other electronic equipment. B ,QWHUQHW ,QWHUQHW SRUW PRGHP URXWHU &DEOH Figure 3-2: Connect the wireless router to the modem e.
PAGE 28
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 2. RESTART YOUR NETWORK IN THE CORRECT SEQUENCE Warning: Failure to restart your network in the correct sequence could prevent you from connecting to the Internet. a. First, turn on the broadband modem and wait 2 minutes. b. Now, plug in the power cord to the WGU624 and wait one minute. c. Last, turn on your computer. Note: For DSL customers, if software logs you in to the Internet do not run that software.
PAGE 29
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The login window is displayed below: Figure 3-4: Login window c. Click OK. Note: If you cannot connect to the wireless router, verify that your cables are connected correctly, that the router is powered on. Verify that your computer is set to obtain the both IP and DSN server addresses automatically, which is usually so. For help with this, see the tutorials on the Resource CD. 4.
PAGE 30
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Click Next and follow the steps in the Setup Smart Wizard for inputting the configuration parameters from your ISP to connect to the Internet. Note: If you choose not to use the Setup Smart Wizard, you can manually configure your Internet connection settings by following the procedure “How to Manually Configure Your Internet Connection” on page 3-9.
PAGE 31
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Manually Configure Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section. ISP Does Not Require Login ISP Does Require Login Figure 3-6: Browser-based configuration Basic Settings menus You can manually configure the router using the Basic Settings menu shown in Figure 3-6 using these steps: 1.
PAGE 32
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 2. If your Internet connection does not require a login, click No at the top of the Basic Settings menu and fill in the settings according to the instructions below. If your Internet connection does require a login, click Yes, and skip to step 3. a. Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers. b.
PAGE 33
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 a. Select you Internet service provider from the drop-down list. Figure 3-7: Basic Settings ISP list b. 4. The screen changes according to the ISP settings requirements of the ISP you select. If your Internet connection does require a login, fill in the settings according to the instructions below.
PAGE 34
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure 3-8: Other (PPPoE) menu To configure your Internet service connection for Other (PPPoE), fill in the following fields: • • • • • Enter the Login and Password as provided by your ISP. These fields are case sensitive. To change the login timeout, enter a new value in minutes. This determines how long the router keeps the Internet connection active after there is no Internet activity from the LAN.
PAGE 35
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Manual PPTP Configuration If your ISP uses PPTP, select PPTP for the Internet Service Provider in the Basic Settings menu and you will see the following menu: Figure 3-9: PPTP menu Connecting the Router to the Internet 3-13 M-10153-01
PAGE 36
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 To configure your Internet service connection for PPTP, fill in the following fields: • • • • • • Enter your Login and Password. These fields are case sensitive. To change the login timeout, enter a new value in minutes. This determines how long the router keeps the Internet connection active after there is no Internet activity from the LAN. Entering a timeout value of zero means never log out.
PAGE 37
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Manual Telstra Bigpond Configuration If your ISP uses Telstra Bigpond, select Telstra Bigpond for the Internet Service Provider in the Basic Settings menu and you will see the following menu: Figure 3-10: Telstra Bigpond Cable menu To configure your Internet service connection for Telstra Bigpond, fill in the following fields: • • Enter your Login, Password and Authentication Server. These fields are case sensitive.
PAGE 38
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • • • The Router Mac Address section determines the Ethernet MAC address that will be used by the router on the Internet port. Some ISPs register the Ethernet MAC address of the network interface card in your PC when your account is first opened. They will then only accept traffic from the MAC address of that PC. This feature allows your router to masquerade as that PC.
PAGE 39
Chapter 4 Wireless Configuration This chapter describes how to configure the wireless features of your WGU624 wireless router. In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your router in order to maximize the network speed. For further information on wireless networking, refer to in Appendix D, “Wireless Networking Basics”.
PAGE 40
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Implementing Appropriate Wireless Security Note: Indoors, computers can connect over 802.11b/g wireless networks at ranges of up to 300 feet. Such distances can allow for others outside of your immediate area to access your network. Unlike wired network data, your wireless data transmissions can be received well beyond your walls by anyone with a compatible adapter.
PAGE 41
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • • • WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP Shared Key authentication and WEP data encryption will block all but the most determined eavesdropper. WPA-PSK. Wi-Fi Protected Access (WPA) data encryption provides strong data security. WPA-PSK will block eavesdropping. Because this is a new standard, wireless device driver and software availability may be limited. Turn Off the Wireless LAN.
PAGE 42
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Default Basic Wireless Settings When you first receive your WGU624, the default factory settings in effect are shown in the table below. You can restore these defaults with the factory default reset button on the rear panel. Table 4-2. Default Wireless Settings FEATURE DEFAULT SETTINGS Wireless Access Point Enabled Wireless Access List (MAC Filtering) All wireless stations allowed SSID broadcast Enabled SSID NETGEAR_11g for 802.
PAGE 43
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure 4-2: Wireless 802.11a Settings menu The following options are available for the 802.11a configuration: Name (SSID). The SSID is also known as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a setting where there is more than one wireless network, different wireless network names provide a means for separating the traffic.
PAGE 44
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Wireless Mode. This field determines which data communications protocols will be used: • a only — dedicates the WGU624 to communicating with 802.11a wireless devices exclusively. • 108 Mbps only — only compatible 802.11a wireless stations that support 108 Mbps can connect. • Auto 108 Mbps — all 802.11a and NETGEAR 108 Mbps wireless stations can be used.
PAGE 45
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure 4-3: Wireless 802.11g Settings menu The following options are available for the 802.11g configuration: Name (SSID). The SSID is also known as the wireless network name. Enter a value of up to 32 alphanumeric characters. In a setting where there is more than one wireless network, different wireless network names provide a means for separating the traffic.
PAGE 46
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Wireless Mode. This field determines which data communications protocols will be used: • g & b — both 802.11g and 802.11b wireless stations can be used. • g only — only 802.11g wireless stations can be used. • b only — all 802.11b wireless stations can be used. 802.11g wireless stations can still be used if they can operate in 802.11b mode. • 108 Mbps only — only compatible 802.
PAGE 47
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Wireless Security Settings The following table shows the 11a and 11g security mode and cipher type options: Table 4-3. Wireless Security Settings Security Mode Cipher Type Open System WEP — 64, 128, or 152 bit encryption Shared Key WEP — 64, 128, or 152 bit encryption 802.1x none WPA-PSK AES or TKIP WPA AES or TKIP Instructions on how to configure the security settings are provided in the following sections.
PAGE 48
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Security Mode Selection Figure 4-4: Encryption Strength The WGU624 lets you select the following wireless security modes with the WEP Cypher Type: • Open System. With Open Network Authentication and 64-, 128-, or 152- bit WEP data encryption, the WGU624 performs data encryption, but does not perform any authentication. • Shared Key. Encrypts the SSID and data. Choose the Encryption Strength (64-, 128-, or 152-bit data encryption).
PAGE 49
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Disable. No encryption will be applied. This setting is useful for troubleshooting your wireless connection, but leaves your wireless data fully exposed. • 64-bit, 128-bit, or 152-bit WEP. When selected, WEP encryption will be applied. If encryption strength is set to 128 bit or 152 bit, then only the selected WEP key box will automatically be populated with key values.
PAGE 50
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Cipher Type Choices • AES. Advanced Encryption Standard, a symmetric 128-bit block data encryption technique. It is an iterated block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192 or 256 bits.The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used.
PAGE 51
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Recording Your SSID and Security Settings Before customizing your wireless settings, print this form and record the following information. 802.11a Wireless Network Name (SSID):______________________________ 802.11g Wireless Network Name (SSID):______________________________ The Service Set Identification (SSID), called the wireless network name in Windows XP, identifies the wireless network.
PAGE 52
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Setting Up and Testing Basic Wireless Connectivity Follow the instructions below to set up and test basic wireless connectivity. Once you have established basic wireless connectivity, you can enable security settings appropriate to your needs. 1. Log in to the WGU624 wireless router at its default LAN address of http://192.168.1.
PAGE 53
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: If you are configuring the router from a wireless PC and you change the router’s SSID, channel, or security settings, you will lose your wireless connection when you click Apply. You must then change the wireless settings of your PC to match the router’s new settings. 8. Configure and test your PCs for wireless connectivity.
PAGE 54
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. Click the Setup Access List button to display the Wireless Card Access menu shown below. Figure 4-7: Wireless Card Access List Setup 4. Click Add to add a wireless device to the wireless access control list. The Available Wireless Cards list displays. 5. Click the Turn Access Control On check box. 6.
PAGE 55
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring WEP To configure WEP data encryption, follow these steps: Note: If you use a wireless PC to configure the WEP settings, you will be disconnected when you click Apply. You must then either configure your wireless adapter to match the wireless router WEP settings or access the wireless router from a wired PC to make any further changes. Log in to the WGU624 at its default LAN address of http://192.168.1.
PAGE 56
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring WPA-PSK Encryption Security Wi-Fi Protected Access (WPA) is wireless security with far greater protection than WEP. WPS-PSK (pre-shared key) uses encryption of a shared key as the starting point. WPA has a significant advantages over WEP — an encryption key differing in every packet. It is extremely difficult for hackers to read messages even if they have intercepted the data. To enable WPA-PSK Encryption Security: 1.
PAGE 57
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Advanced Wireless Settings The advanced wireless settings are configured separately for the 802.11a and 802.11g protocols. Default Advanced Wireless Settings The default advanced wireless settings are shown in the table below. Note: These settings should work for most networks and should not be changed unless you have a specific reason to do so. Table 4-4. Default Advanced Wireless Settings FEATURE 802.11a 802.
PAGE 58
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Advanced 802.11a Wireless Settings From the main menu, click Advanced a Wireless Settings to view the configuration menu shown below. Figure 4-10: Advanced 802.11a Wireless Settings • Enable SSID Broadcast — allow Broadcast of Network Name (SSID). If you disable broadcast of the SSID, only devices that have the correct SSID can connect.
PAGE 59
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • DTIM — from 1 to 5. The default is 1. DTIM stands for Delivery Traffic Indication Message. This setting determines how often the Access Point's Beacon (Traffic Indication Message) contains a DTIM. The DTIM tells client devices in power-save mode that a packet is waiting for them. The default setting causes client devices using power-save mode to wake up.
PAGE 60
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Enable Super G Mode — if enabled, the wireless router will enable data compression, packet bursting and large frame support. • Enable eXtended Range — eXtended Range (XR) technology provides significantly longer range than basic 802.11 by maintaining connectivity when signals are made fainter when passing through dense walls, floors, or other barriers.
PAGE 61
Chapter 5 Content Filtering This chapter describes how to use the content filtering features of the Double 108 Mbps Wireless Firewall Router WGU624 to protect your network. These features can be found by under the Content Filtering heading in the main menu of the browser interface. The Double 108 Mbps Wireless Firewall Router WGU624 provides you with Web content filtering options, plus browsing activity reporting and instant alerts via e-mail.
PAGE 62
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Block Sites menu is shown below: Figure 5-1: Block Sites menu To enable keyword blocking, select either “Per Schedule” or “Always”, then click Apply. If you want to block by schedule, be sure that a time period is specified in the Schedule menu. To add a keyword or domain, type it in the Keyword box, click Add Keyword, then click Apply.
PAGE 63
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Blocking Access to Internet Services The WGU624 wireless router allows you to block the use of certain Internet services by PCs on your network. This is called services blocking or port filtering. The Block Services menu is shown below: Figure 5-2: Block Services menu Services are functions performed by server computers at the request of client computers.
PAGE 64
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Block Services Setup menu is shown below: Figure 5-3: Block Services Setup menu From the Service Type list, select the application or service to be allowed or blocked. The list already displays several common services, but you are not limited to these choices. To add any additional services or applications that do not already appear, select User Defined.
PAGE 65
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Service Blocking by IP Address Range Under “Filter Services For”, you can block the specified service for a single PC, a range of PCs (having consecutive IP addresses), or all PCs on your network. Scheduling When Blocking Will Be Enforced The WGU624 wireless router allows you to specify when blocking will be enforced.
PAGE 66
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Adjust for Daylight Savings Time. If your region uses Daylight Savings Time, you must manually select Adjust for Daylight Savings Time on the first day of Daylight Savings Time, and clear this check box at the end. Enabling Daylight Savings Time will cause one hour to be added to the standard time. Enable System Clock. Uses the system clock in the router. Synchronize Time.
PAGE 67
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Log entries are described in Table 5-1 Table 5-1. Log entry descriptions Field Description Number The index number of the content filter log entries. Up to 128 entries are available numbered from 0 to 127. The log keeps a record of the latest 128 entries. Action This field displays whether the access was blocked or allowed. Web site The name or IP address of the Web site or newsgroup visited or attempted to access.
PAGE 68
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring E-Mail Alert and Web Access Log Notifications In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail menu, shown below: Figure 5-6: E-mail menu Turn E-mail notification on: Select this check box if you wish to receive e-mail logs and alerts from the router. Outgoing mail server: Enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com).
PAGE 69
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • • Send alert immediately Select this check box if you would like immediate notification of attempted access to a blocked site. Send logs according to this schedule Specifies how often to send the logs: None, Hourly, Daily, Weekly, or When Full. – Day for sending log. Specifies which day of the week to send the log. Relevant when the log is sent weekly or daily. – Time for sending log. Specifies the time of day to send the log.
PAGE 70
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 5-10 Content Filtering M-10153-01
PAGE 71
Chapter 6 Maintenance This chapter describes how to use the maintenance features of your Double 108 Mbps Wireless Firewall Router WGU624. These features can be found by clicking on the Maintenance heading in the main menu of the browser interface. Viewing Wireless Router Status Information The Router Status menu provides a limited amount of status and usage information. From the main menu of the browser interface, click Router Status to view the status screen, shown below.
PAGE 72
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Router Status screen displays the following parameters: Table 6-1. Menu 3.2 - Wireless Router Status Fields Field Description Account Name The Host Name assigned to the router. Firmware Version The router firmware version. Internet Port These parameters apply to the Internet (WAN) port of the router. MAC Address The Media Access Control address being used by the Internet (WAN) port of the router.
PAGE 73
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 From the Router Status screen, click the “Connection Status” button to display the connection status, as shown below. Figure 6-2: Connection Status screen This screen shows the following statistics:. Table 6-1. Connection Status Fields Field Description IP Address The WAN (Internet) IP Address assigned to the router. Subnet Mask The WAN (Internet) Subnet Mask assigned to the router.
PAGE 74
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Click the Renew button to renew the DHCP lease. From the Router Status screen, click the “Show Statistics” button to display router usage statistics, as shown below. Figure 6-3: Router Statistics screen This screen shows the following statistics: Table 6-1. Router Statistics Fields Field Description Port The statistics for the WAN (Internet) and LAN (local) ports.
PAGE 75
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Show Statistics action buttons are described in Table 6-2. Table 6-2. Show Statistics action buttons Field Description Set Interval Enter a time and click the button to set the polling frequency. Stop Click the Stop button to freeze the polling information. Viewing a List of Attached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network.
PAGE 76
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: Be sure to check the NETGEAR Web site for documentation updates, which are available at http://kbserver.netgear.com/products/WGU624.asp. From the main menu of the browser interface, under the Maintenance heading, select the Router Upgrade heading to display the menu shown below.
PAGE 77
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuration File Management The configuration settings of the WGU624 wireless router are stored within the router in a configuration file. This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings. From the main menu of the browser interface, under the Maintenance heading, select the Backup Settings heading to bring up the menu shown below.
PAGE 78
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Erasing the Configuration It is sometimes desirable to restore the router to the factory default settings. This can be done by using the Erase function, which will restore all factory settings. After an erase, the router's password will be password, the LAN IP address will be 192.168.1.1, and the router's DHCP client will be enabled. To erase the configuration, click the Erase button.
PAGE 79
Chapter 7 Advanced Configuration This chapter describes how to configure the advanced features of your Double 108 Mbps Wireless Firewall Router WGU624. These features can be found under the Advanced heading in the main menu of the browser interface. Comparison of Port Triggering and Port Forwarding Port Triggering is an advanced feature that can be used for gaming and other Internet applications.
PAGE 80
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Port Forwarding For the services, applications, or games, that already exist in the pull-down list, you only need to specify the computer's IP address. Otherwise, the port number and computer's IP address for each service, game or application should be specified by clicking the Add Custom Service button. Port Assignment You can make up to 20 different port assignments for Internet services, applications or games.
PAGE 81
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. Select the Internet service you want to use from the Service Name list. If the service does not appear in the list, refer to the section “Adding a Port Forwarding Custom Service” on page 7-3. 4. Type the IP address of the computer in the Server IP Address box. 5. Click the Add button. Note: You may have a single computer or server available for more than one type of service.
PAGE 82
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 1. Click the Add Custom Service button. 2. Enter the first port number in an unused Starting Port box. 3. To forward only one port, enter it again in the Ending Port box. To specify a range of ports, enter the last port to be forwarded in the End Port box. 4. Enter the IP address of the local server in the corresponding Server IP Address box. 5. Type a name for the service. 6. Click Apply at the bottom of the menu.
PAGE 83
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • If the IP address of the local PC is assigned by DHCP, it may change when the PC is rebooted. To avoid this, you can manually configure the PC to use a fixed address. • Local PCs must access the local server using the PCs’ local LAN address (192.168.1.33 in this example). Attempts by local PCs to access the server using the external IP address (172.16.1.23 in this example) will fail.
PAGE 84
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. Click the Add button. 4. Type a name for the service. 5. Enter unused port numbers for the Outgoing Start Port and End Port. To trigger only one port, enter it again in the Outgoing End Port box. To specify a range of ports, enter the last port to be triggered in the End Port box. 6. Enter unused port numbers for the Incoming Start Port and End Port. To trigger only one port, enter it again in the Incoming End Port box.
PAGE 85
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Enable DMZ Port: LAN port 4 on the WGU624 is reserved to be used as the DMZ port. You can also use this port as a regular LAN port when this feature is not enabled. The DMZ port feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT.
PAGE 86
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 MTU Size: The default MTU size is usually fine. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU. This should not be done unless you are sure it is necessary for your ISP. Any packets sent through the router that are larger than the configured MTU size will be repackaged into smaller packets to meet the MTU requirement.
PAGE 87
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure 7-4: LAN IP Setup Menu The LAN IP parameters are: IP Address: This is the LAN IP address of the router. IP Subnet Mask: This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router.
PAGE 88
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 RIP Version: This controls the format and the broadcasting method of the RIP packets that the router sends. (It recognizes both formats when receiving.) By default, this is set for RIP-1. • RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup. • RIP-2 carries more information. Both RIP-2B and RIP-2M send the routing data in RIP-2 format.
PAGE 89
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The router delivers the following parameters to any LAN device that requests DHCP: • An IP Address from the range you have defined • Subnet Mask • Gateway IP Address (the router’s LAN IP address) • Primary DNS Server (if you entered a Primary DNS address in the Basic Settings menu; otherwise, the router’s LAN IP address) • Secondary DNS Server (if you entered a Secondary DNS address in the Basic Settings menu Using Address R
PAGE 90
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Using a Dynamic DNS Service If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently.
PAGE 91
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 To configure Dynamic DNS: 1. Register for an account with DynDNS.org. Select “Click here for information” to go to www.dyndns.org. 2. Select DynDNS.org. 3. Type the Host Name appended with dyndns.org. For example: myHostName.dyndns.org 4. Type the User Name for your dynamic DNS account. 5. Type the Password (or key) for your dynamic DNS account. 6.
PAGE 92
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 To add or edit a Static Route: 1. Click the Add button to open the Add/Edit menu, shown below. Figure 7-7. Static Route Add/Edit menu 2. Type a route name for this static route in the Route Name box under the table. (This is for identification purposes only.) 3. Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. 4. Select Active to make this route effective. 5.
PAGE 93
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Static Route Example As an example of when a static route is needed, consider the following case: • Your primary Internet access is through a cable modem to an ISP. • You have an ISDN router on your home network for connecting to the company where you are employed. This router’s address on your LAN is 192.168.1.100. • Your company’s network is 134.177.1.0.
PAGE 94
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Enabling Remote Management Access Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your WGU624 wireless router. Note: Be sure to change the router's default configuration password to a very secure password.
PAGE 95
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Using Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network. Figure 7-8. UPnP Menu Turn UPnP On: UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP is enabled.
PAGE 96
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 UPnP Portmap Table: The UPnP Portmap Table displays the IP address of each UPnP device that is currently accessing the router and which ports (Internal and External) that device has opened. The UPnP Portmap Table also displays what type of port is opened and if that port is still active for each IP address.
PAGE 97
Chapter 8 Troubleshooting This chapter gives information about troubleshooting your Double 108 Mbps Wireless Firewall Router WGU624. After each problem description, instructions are provided to help you diagnose and solve the problem. Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.netgear.com/products/WGU624.asp. Basic Functioning After you turn on power to the router, the following sequence of events should occur: 1.
PAGE 98
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Power LED Not On If the Power and other LEDs are off when your router is turned on: • Make sure that the power cord is properly connected to your router and that the power supply adapter is properly connected to a functioning power outlet. • Check that you are using the 12 V DC 800mA power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
PAGE 99
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Troubleshooting the Web Configuration Interface If you are unable to access the router’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the router as described in the previous section. • Make sure your PC’s IP address is on the same subnet as the router.
PAGE 100
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Troubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your router must request an IP address from the ISP. You can determine whether the request was successful using the Web Configuration Manager. To check the WAN IP address: 1.
PAGE 101
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 OR Configure your router to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “How to Manually Configure Your Internet Connection” on page 3-9. If your router can obtain an IP address, but your PC is unable to load any Web pages from the Internet: • Your PC may not recognize any DNS server addresses.
PAGE 102
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message: Request timed out If the path is not functioning correctly, you could have one of the following problems: • Wrong physical connections — Make sure the LAN port LED is on. If the LED is off, follow the instructions in “Local or Internet Port LEDs Not On” on page 8-2.
PAGE 103
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 — If your ISP assigned a host name to your PC, enter that host name as the Account Name in the Basic Settings menu. — Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem.
PAGE 104
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Time is off by one hour. Cause: The router does not automatically sense Daylight Savings Time. In the E-Mail menu, check or uncheck the box marked “Adjust for Daylight Savings Time”. Why Does the WGU624 Not Reach Full 108 Mbps Speeds? Super G complies with IEEE 802.11 a/b/g standards. Because this technology is on the cutting edge, only some combinations of hardware and firmware support full speeds.
PAGE 105
Appendix A Technical Specifications This appendix provides technical specifications for the Double 108 Mbps Wireless Firewall Router WGU624. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP PPP over Ethernet (PPPoE) Power Adapter North America: 120V, 60 Hz, input United Kingdom, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input Japan: 100V, 50/60 Hz, input All regions (output): 5V DC @ 2.
PAGE 106
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B EN 55 022 (CISPR 22), Class B C-Tick N10947 Interface Specifications The router incorporates Auto UplinkTM technology which eliminates the need for crossover cables.
PAGE 107
Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various Request For Comment (RFC) documents for further information. An RFC is a document published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
PAGE 108
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The Double 108 Mbps Wireless Firewall Router WGU624 is a small office router that routes the IP protocol over a single-user broadband connection. Routing Information Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP).
PAGE 109
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class.
PAGE 110
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.
PAGE 111
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number. It is unlikely that the smaller office LANs would have that many devices. You can resolve this problem by using a technique known as subnet addressing.
PAGE 112
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet. The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits.
PAGE 113
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Table B-2. Netmask Formats 255.255.255.252 /30 255.255.255.254 /31 255.255.255.255 /32 Configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address.
PAGE 114
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router. The WGU624 wireless router employs an address-sharing method called Network Address Translation (NAT).
PAGE 115
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system. However, using port forwarding, you can allow one PC (for example, a Web server) on your local network to be accessible to outside users.
PAGE 116
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Domain Name Server Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource.
PAGE 117
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be recognized when they occur.
PAGE 118
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Table B-3. UTP Ethernet cable wiring, straight-through Pin Wire color Signal 1 Orange/White Transmit (Tx) + 2 Orange Transmit (Tx) - 3 Green/White Receive (Rx) + 4 Blue 5 Blue/White 6 Green 7 Brown/White 8 Brown Receive (Rx) - Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.
PAGE 119
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in the device. Computers and workstation adapter cards are usually media-dependent interface ports, called MDI or uplink ports.
PAGE 120
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure B-6: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
PAGE 121
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The WGU624 wireless router incorporates Auto UplinkTM technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g. connecting to a router, switch, or hub). That port will then configure itself to the correct configuration.
PAGE 122
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 B-16 Network, Routing, Firewall, and Basics M-10153-01
PAGE 123
Appendix C Preparing Your Network This appendix describes how to prepare your network to connect to the Internet through the Double 108 Mbps Wireless Firewall Router WGU624 and how to verify the readiness of broadband Internet service from an Internet service provider (ISP).
PAGE 124
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 In your IP network, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address. In most cases, you should install TCP/IP so that the PC obtains its specific network configuration information automatically from a DHCP server during bootup.
PAGE 125
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. If you need to install a new adapter, follow these steps: a. Click the Add button. b. Select Adapter, and then click Add. c.
PAGE 126
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If you need Client for Microsoft Networks: 3. a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
PAGE 127
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click the Properties button. The following TCP/IP Properties window will display.
PAGE 128
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to enable the DHCP server to automatically assign an IP address. • Click OK to continue. Restart the PC. Repeat these steps for each PC with this version of Windows on your network.
PAGE 129
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter.
PAGE 130
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows. DHCP Configuration of TCP/IP in Windows XP Locate your Network Neighborhood icon. • Select Control Panel from the Windows XP new Start Menu.
PAGE 131
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window. • Click the Properties button to view details about the connection. • The TCP/IP details are presented on the Support tab page. • Select Internet Protocol, and click Properties to view the configuration information.
PAGE 132
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP. Repeat these steps for each PC with this version of Windows on your network.
PAGE 133
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. • The Local Area Connection Properties dialog box appears. • Verify that you have the correct Ethernet card selected in the Connect using box.
PAGE 134
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • With Internet Protocol (TCP/IP) selected, click Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address automatically is selected. • Click OK to return to Local Area Connection Properties. • Click OK again to complete the configuration process for Windows 2000. Restart the PC.
PAGE 135
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. • Choose Settings from the Start Menu, and then select Control Panel. This will display Control Panel window. • Double-click the Network icon in the Control Panel window. The Network panel will display.
PAGE 136
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button.
PAGE 137
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT. Restart the PC. Repeat these steps for each PC with this version of Windows on your network. Verifying TCP/IP Properties for Windows XP, 2000, and NT4 To check your PC’s TCP/IP configuration: 1.
PAGE 138
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • 4. The default gateway is 192.168.1.1. Type exit. Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP. MacOS 8.6 or 9.x 1. From the Apple menu, select Control Panels, then TCP/IP. The TCP/IP Control Panel opens: 2.
PAGE 139
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 MacOS X 1. From the Apple menu, choose System Preferences, then Network. 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. Verifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel.
PAGE 140
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.
PAGE 141
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’s full server names may look like this: mail.xxx.yyy.com In this example, the domain suffix is xxx.yyy.com. If any of these items are dynamically supplied by the ISP, your firewall automatically acquires them.
PAGE 142
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS server addresses are shown, write down the addresses. If any information appears in the Host or Domain information box, write it down. Click Disable DNS. 7.
PAGE 143
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Restarting the Network Once you’ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your WGU624 wireless router, you are ready to access and configure the firewall.
PAGE 144
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 C-22 Preparing Your Network M-10153-01
PAGE 145
Appendix D Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The WGU624 wireless router conforms to the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard for wireless LANs (WLANs) and a product update will bring the WGU624 into conformance to the 802.11g standard when it is ratified. On an 802.
PAGE 146
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access Points via a wired Ethernet backbone can further extend the wireless network coverage. As a mobile computing device moves out of the range of one access point, it moves into the range of another.
PAGE 147
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Authentication and WEP The absence of a physical connection between nodes makes the wireless links vulnerable to eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11 standard has defined two types of authentication methods, Open System and Shared Key. With Open System authentication, a wireless PC can join any network and receive any messages that are not encrypted.
PAGE 148
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Shared Key Authentication requires that the station and the access point have the same WEP Key to authenticate. These two authentication procedures are described below. Open System Authentication The following steps occur when two devices use Open System Authentication: 1. The station sends an authentication request to the access point. 2. The access point authenticates the station. 3.
PAGE 149
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 5. The station connects to the network. If the decrypted text does not match the original challenge text (i.e., the access point and station do not share the same WEP Key), then the access point will refuse to authenticate the station and the station will be unable to communicate with either the 802.11 network or Ethernet network. This process is illustrated in below.
PAGE 150
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11 device decrypts the data using the same WEP Key. For authentication purposes, the 802.11 network uses Shared Key Authentication. Note: Some 802.11 access points also support Use WEP for Authentication Only (Shared Key Authentication without data encryption).
PAGE 151
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 WEP Configuration Options The WEP settings must match on all 802.11 devices that are within the same wireless network as identified by the SSID. In general, if your mobile clients will roam between access points, then all of the 802.11 access points and all of the 802.11 client adapters on the network must have the same WEP settings.
PAGE 152
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The radio frequency channels used are listed in Table 6-1: Table 6-1. 802.11 Radio Frequency Channels Channel Center Frequency Frequency Spread 1 2412 MHz 2399.5 MHz - 2424.5 MHz 2 2417 MHz 2404.5 MHz - 2429.5 MHz 3 2422 MHz 2409.5 MHz - 2434.5 MHz 4 2427 MHz 2414.5 MHz - 2439.5 MHz 5 2432 MHz 2419.5 MHz - 2444.5 MHz 6 2437 MHz 2424.5 MHz - 2449.5 MHz 7 2442 MHz 2429.5 MHz - 2454.5 MHz 8 2447 MHz 2434.
PAGE 153
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The IEEE introduced the WEP as an optional security measure to secure 802.11b (Wi-Fi) WLANs, but inherent weaknesses in the standard soon became obvious. In response to this situation, the Wi-Fi Alliance announced a new security architecture in October 2002 that remedies the shortcomings of WEP. This standard, formerly known as Safe Secure Network (SSN), is designed to work with existing 802.
PAGE 154
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How Does WPA Compare to IEEE 802.11i? WPA will be forward compatible with the IEEE 802.11i security specification currently under development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the 802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802.
PAGE 155
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared key is an authentication method that uses a statically configured pass phrase on both the stations and the access point.
PAGE 156
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS Wireless LAN WPA enabled wireless client with “supplicant” WPA enabled Access Point using pre-shared key or 802.1x Wired Network with Optional 802.
PAGE 157
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Client with a WPAenabled wireless adapter and supplicant (Win XP, Funk, Meetinghouse) For example, a WPA-enabled AP For example, a RADIUS server Figure D-2: 802.1x Authentication Sequence The AP sends Beacon Frames with WPA information element to the stations in the service set. Information elements include the required authentication method (802.1x or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).
PAGE 158
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point.
PAGE 159
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Temporal Key Integrity Protocol (TKIP) WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following: • • • The verification of the security configuration after the encryption keys are determined.
PAGE 160
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Is WPA Perfect? WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, the access point employs counter measures, which include disassociating each station using the access point.
PAGE 161
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Changes to Wireless Access Points Wireless access points must have their firmware updated to support the following: • • • • • The new WPA information element To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11 WPA information element that contains the wireless AP's security configuration (encryption algorithms and wireless security configuration information).
PAGE 162
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Microsoft has worked with many wireless vendors to embed the WPA firmware update in the wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain the new WPA-compatible driver and install the driver. The firmware is automatically updated when the wireless network adapter driver is loaded in Windows.
PAGE 163
Glossary Use the list below to find definitions for technical terms used in this manual. List of Glossary Terms 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys. 802.1x 802.
PAGE 164
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 ADSL Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate). ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world gain access.
PAGE 165
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 A Certificate Authority is a trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be.
PAGE 166
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 DSL Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate). ADSL requires a special ADSL modem.
PAGE 167
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 IKE Internet Key Exchange. An automated method for exchanging and managing encryption keys between two VPN devices. IP Internet Protocol is the main internetworking protocol used in the Internet. Used in conjunction with the Transfer Control Protocol (TCP) to form TCP/IP.
PAGE 168
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 A LAN typically connects multiple personal computers and shared network devices such as storage and printers. Although many technologies exist to implement a LAN, Ethernet is the most common for connecting personal computers. MAC address The Media Access Control address is a unique 48-bit hardware address assigned to every network interface card. Usually written in the form 01:23:45:67:89:ab. Mbps Megabits per second.
PAGE 169
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 NAT A technique by which several hosts share a single IP address for access to the Internet. NetBIOS The Network Basic Input Output System is an application programming interface (API) for sharing services and information on local-area networks (LANs). Provides for communication between stations of a network where each station is given a name. These names are alphanumeric names, up to 16 characters in length.
PAGE 170
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 PPP over ATM PPPoA. PPP over ATM is a protocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. PPP over Ethernet PPPoE. PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. PPTP Point-to-Point Tunneling Protocol.
PAGE 171
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. SSID A Service Set Identification is a thirty-two character (maximum) alphanumeric key identifying a wireless local area network. For the wireless devices in a network to communicate with each other, all devices must be configured with the same SSID.
PAGE 172
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The TLS protocol is made up of two layers. The TLS Record Protocol ensures that a connection is private by using symmetric data encryption and ensures that the connection is reliable. The second TLS layer is the TLS Handshake Protocol, which allows authentication between the server and client and the negotiation of an encryption algorithm and cryptographic keys before data is transmitted or received. Based on Netscape’s SSL 3.
PAGE 173
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 wide area network WAN. A long distance link used to extend or connect remotely located local area networks. The Internet is a large WAN. Wi-Fi A trade name for the 802.11b wireless networking standard, given by the Wireless Ethernet Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standards group promoting interoperability among 802.11b devices. Windows Internet Naming Service WINS.
PAGE 174
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Glossary 12 M-10153-01
PAGE 175
Index Numerics D 64 or 128 bit WEP 4-11 date and time 8-7 802.
PAGE 176
front panel 2-7, 2-8 log entries 5-6 fully qualified domain name (FQDN) 4-6, 4-8 Login 3-14, 3-15 G M gateway address C-20 MAC address 8-7, B-9 spoofing 3-10, 3-14, 3-16, 8-5 H host name 3-10 Macintosh C-19 configuring for IP networking C-16 DHCP Client ID C-16 Obtaining ISP Configuration Information C-20 I masquerading C-18 IANA contacting B-2 MDI/MDI-X B-15, G-2 IETF B-1 Web site address B-7 metric 7-14 infrastructure mode D-2 N installation 2-5 Internet account address information C-18
PAGE 177
port forwarding behind NAT B-9 service numbers 5-4 Port Forwarding Menu 7-2 Setup Wizard 3-1 port numbers 5-3 Shared Key authentication D-3 PPP over Ethernet 2-5, C-18 SMTP 5-8 PPPoE C-18 spoof MAC address 8-5 Primary DNS Server 3-10, 3-12, 3-14, 3-15 SSID 4-5, 4-7, 4-14, 4-15, D-2 protocols Address Resolution B-9 DHCP B-10 Routing Information 2-5, B-2 support 2-2 Start Port 7-4 publications, related B-1 subnet mask B-5, C-19, C-20 R T range 4-1 TCP/IP configuring C-1 network, troubleshoo
PAGE 178
Wired Equivalent Privacy.