- GATEWAY USER MANUAL For all Broadcom chipset-based models including: SR300n, SR350n, SR360n VDSL 5xx series: SR500n, SR505n, SR510n, SR550n, SR552n ADSL 3xx series: Release 3. 
- TABLE OF CONTENTS Introduction Welcome! Virtual Servers (Port Forward) ������������������������������������������������������������������������ 6 Thank you for purchasing this SmartRG product. 
- Wireless Basic ������������������������������������������������������������������������������������� 81 Security ������������������������������������������������������������������������������������� 83 Manual Setup ���������������������������������������������������������������������� 85 Network Authentication: Open and Shared Manual Setup ���������������������������������������������������������������������� 86 Network Authentication: 802. 
- INTRODUCTION Copyright ©2014 by SmartRG, Inc. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of SmartRG, Inc. Published by SmartRG, Inc. All rights reserved. 
- FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate this equipment. IMPORTANT NOTE: FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed an operated with a minimum distance of 20cm between the radiator and your body. 
- Welcome! Thank you for purchasing this SmartRG product. SmartRG proudly brings you the best, most innovative broadband gateways available. SmartRG enables service providers to monitor, manage, and monetize the connected home through the design and production of reliable and highly interoperable hardware and software solutions. As an early innovator in TR-069 remote management technology, SmartRG offers the finest in managed broadband and home networking solutions. 
- LED Status Indicators: Your SmartRG gateway has several indicator lights (LEDs) on its front panel. 
- Connections: Below is a generic representation of a SmartRG gateway, however your specific model may have greater or fewer ports and controls across the back of the unit. Refer to the Quick Start Guide enclosed with your gateway for specifics regarding installation of your particular model. The ports depicted in this example are described as follows: DSL The grey, RJ12 port labeled DSL is specifically intended for connection to an internet provider via a DSL (Digital Subscriber Line) service. 
- WAN A stand-alone RJ45 port labeled WAN enables your SmartRG gateway to be hard-wired to another network device with a RJ45/ Ethernet output such as a cable, fiber, or DSL modem. For models with a stand-alone, RJ45, WAN port and a DSL port, the WAN port can be re-purposed to function as an additional LAN port when your internet connection is via DSL. See the ETH Interface section of this manual for further instructions to enable this SmartPortTM feature. 
- Repeat the steps as necessary for each additional WPS compliant device you wish to connect. The location of the WPS button varies by model. • On models SR550n, SR510n, and SR552n, the button is located on the left side of the unit. • SR360n, locate the WPS button on the top of the unit. • For the SR350n and SR500n models, an exterior button is not present however WPS is supported via the on-board software. Reference the Quick Start Guide included with your gateway for specific instructions. 
- • On models SR500n, SR505n, SR510n, SR550n, SR552n and SR630n, the button is located on the rear of the unit. • For the SR350n, locate the Reset button on the bottom of the unit. • For the SR360n, locate the Reset button on the left side of the unit. Logging in to Your SmartRG Gateway’s UI To manually configure the SmartRG Gateway, access the gateway’s embedded web UI: 1. Attach your computer’s RJ45 connection to any of the SmartRG gateway’s LAN ports (1-4) 2. 
- NOTE: The gateway’s UI can be accessed via the WAN connection by entering the WAN IP address in your browser’s address bar and entering the default username and password: support/support. WAN HTTP access control MUST be enabled to access the gateway’s UI via the WAN connection. Reference section on Management Access Control for details. If your SmartRG gateway is configured for “bridge mode” (modem) operation, your PC will NOT be able to acquire an address via CPE’s DHCP. 
- DEVICE INFO There are nine selections under Device Info. Each of them shows a different element of the gateway’s setup, status or nature of its connection with the provider and also with LAN devices. Device Info screens are read-only. It is not possible to interact with or change the settings in this section. Summary Upon successful login, Device Info is the first screen to appear. This is screen is dedicated to the display of hardware and software details associated with your gateway. 
- Wan Info The Device Info -> WAN status screen, provides a high level overview for the connection between your Internet Service Provider and the Gateway device, itself. The WAN interface could physically be DSL or Ethernet and supports a number of Layer 2 and above configuration options covered later in this document. Some features are supported only on specific Smart RG models. These exceptions and are specified in this guide. 
- LAN Device Info -> Statistics -> LAN displays the TX/RX Bytes, Packets, Error and Drops for each LAN interface for your SmartRG modem. All local LAN Ethernet ports, Ethernet WAN ports and w10(Wireless Interface) for your SmartRG gateway are included.’ Use the Reset Statistics button near the bottom of the screen to reset these counters. 
- WAN Service Device Info -> Statistics -> WAN displays the TX/RX Bytes, Packets, Error and Drops for each WAN interface for your SmartRG Gateway. All WAN interfaces configured for your SmartRG gateway are included. Use the Reset Statistics button near the bottom of the screen to reset these counters. 
- xTM The Device Info -> Statistics -> xTM displays the ATM/PTM statistics for your SmartRG Gateway. All WAN interfaces configured for your SmartRG gateway are included. Use the Reset button near the bottom of the screen to reset these counters. 
- xDSL Device Info -> Statistics -> xDSL displays the DSL statistics for your SmartRG Gateway. All xDSL (VDSL or ADSL) interfaces configured for your SmartRG gateway are included. You are also able to reset these counters by selecting the Reset Statistics button located on the xTM screen as shown below. Use the Reset Statistics button near the bottom of the screen to reset these counters. Also featured is an xDSL Bit Error Rate (BER) test which determines the quality of the xDSL connection. 
- 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 19 smartrg. 
- The individual fields on this screen are defined as follows: Field Name Description Mode Displays the service type (ADSL_2plus, VDSL2) Traffic Type Displays the connection type (ATM, PTM, ETH Status Displays the status of the connection (Up, NoSignal, Initializing) Link Power State Link output power state Line Coding (Trellis) (Downstream/Upstream) Displays the state of Trellis Coded Modulation (On, Off) SNR Margin (db) (Downstream/Upstream) Signal to Noise Ratio Attenuation (db) (Downstream/ 
- Field Name Description Super Frame Errors (Path 0/1, Downstream/Upstream) Total number of super frames received with errors. RS Words (Path 0/1, Downstream/Upstream) Total number of Reed-Solomon code errors. RS Correctable Errors (Path 0/1, Downstream/Upstream) Total number of Reed-Solomon with correctable errors. RS Uncorrectable Errors (Path 0/1, Downstream/Upstream) Total number of Reed-Solomon with uncorrectable errors. 
- Route The Device Info -> Route displays the LAN and WAN route table information configured in your SmartRG Gateway for both IPv4 and IPv6 implementation. The individual fields on this screen are defined as follows: Field Name Description Destination (Including IPv6 Route) Displays the Destination IP addresses. Gateway Displays the Gateway IP address. Subnet Mask Displays the Subnet Masks. Flag (Including IPv6 Route) Displays the status of the flags. 
- ARP Device Info -> ARP displays the host IP addresses and their hardware (MAC) addresses for each LAN Client connected to the SmartRG Gateway via a LAN Ethernet port or Wireless LAN. The individual fields on this screen are defined as follows: Field Name Description IP address The IP address of the host. Flags [Complete, Permanent, Published] Each entry in the ARP cache will be marked with one of these flags. HW Address The hardware (MAC) address of the host. 
- DHCP Device Info -> DHCP displays a list of locally connected LAN hosts and their DHCP lease status, which are directly connected to the SmartRG Gateway via a LAN Ethernet port or Wireless LAN. The individual fields on this screen are defined as follows: Field Name Description Hostname Displays the Host name of each connected LAN device. MAC Address Displays the MAC Address for each connected LAN device. IP Address Displays the IP Address for each connected LAN device. 
- ADVANCED SETUP Layer2 Interface ATM Interface From this screen you can configure Asynchronous Transfer Mode / Permanent Virtual Conduit for your gateway. You can customize latency options, Link Type, Encapsulation mode and more. Note that devices (routers) on both ends of the connection must support ATM / PVC. ATM is becoming popular as a wide-area network (WAN) medium. ATM offers small cell size and strict quality of service, allowing voice, video, and data to coexist. 
- The individual fields on this screen are defined as follows: Field Name Description VPI [0-255] Enter a Virtual Path Identifier. VPI is an 8bit identifier to uniquely identify a network path for ATM cell packets to reach its destination. Every ATM path requires a unique VPI number to associate. Works together with the VCI. Each individual DSL circuit cannot have the same VPI/VCI combination. VCI [32-65535] Enter a Virtual Channel Identifier. VCI is a 16bit identifier that has a unique channel. 
- Field Name Description Link Type [EoA] Ethernet over ATM [PPPoA] Point-to-Point Protocol over ATM [IPoA] Internet Protocol over ATM Encapsulation Mode [LLC/SNAP-BRIDGING] Logical Link Control used to carry multiple protocols in a single PVC (Permanent Virtual Circuit). [VC/MUX] Virtual Circuit Multiplexer creates a virtual connection used to carry one protocol per PVC (Permanent Virtual Circuit). 
- The individual fields on this screen are defined as follows: Field Name Description Select DSL Latency [Path0 Fast] No error correction and can provide lower latency on error free lines. [Path1 Interleaved] Error checking that provides error free data. This tends to increases latency. [Path0&1 Both] Fast & Interleaved. Weighted Round Robin Time slices are assigned to each process in equal portions and in circular order, handling all processes without priority (also known as cyclic executive). 
- ETH Interface Your gateway has four LAN ports. One of them can be re-purposed to become a WAN port when such an RJ45 WAN port is desired. After selecting Advanced Setup -> Layer2 Interface -> ETH Interface from the left navigation bar, click Add in the center pane. The following screen will appear. From the drop-down menu in the center pane, simply select the LAN port you wish to act as a WAN port. WAN Service There are several variations of WAN Service available to configure. 
- First, select the Layer2 interface to use for the WAN service. Click the Next button to advance to the next step. Next, select the type of WAN service you wish to create. For this example choose PPP over Ethernet. Click Next after completing the necessary fields. The individual fields on this screen are defined as follows: Field Name Description WAN service type [PPP over Ethernet PPPOE, IP over Ethernet IPoE, Bridging] Enter Service Description Enter a name to describe this configuration. 
- 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 31 smartrg. 
- Click Next after completing the necessary fields. The individual fields on this screen are defined as follows: Field Name Description PPP Username: Enter the Username required for authentication to the PPP server. PPP Password: Enter the Password required for authentication to the PPP server. PPPoE Service Name: (Optional) Enter a description for this service. Authentication Method Select a means for authentication from the drop-down list. 
- Field Name Description -Enable Fullcone NAT Enables what is known as one-to-one NAT. (Exposed when Enable NAT is checked.) -Enable SIP Enables Session Initiation Protocol (SIP) pass-through NAT. Used for Voice over IP (VOIP) applications. (Exposed when Enable NAT is checked.) Enable IGMP Multicast Proxy Enables Internet Group Membership Protocol (IGMP) multicast. Used by IPv4 hosts to report multicast group memberships to any neighboring multicast routers. 
- Select DNS Server Interface from available WAN interfaces. Use the -> button to move your highlighted selection from left to right or <- for right to left. Alternatively, you may use the lower portion of the screen to manually key in static DNS IP addresses. Click Next after completing the desired parameters. Lastly, the summary screen will appear indicating that your PPPoE WAN setup is complete. 
- IP Over Ethernet The next WAN Service variant is IP over Ethernet. After selecting Advanced Setup -> WAN Service from the left navigation bar, click the Add button. A progression of several screens will follow. Advance to the next after completing the required fields using the Next button appearing near the bottom of each screen. First, select the Layer2 interface to use for the WAN service. Click the Next button to advance to the next step. Next, select the type of WAN service you wish to create. 
- Enter the relevant WAN IP Settings. Click Next after completing the necessary fields. The individual fields on this screen are defined as follows: Field Name Description WAN service type [PPP over Ethernet PPPOE, IP over Ethernet IPoE, Bridging] Enter Service Description Enter a name to describe this configuration. Network Protocol Selection [IPV4 Only] [IPV4&IPV6] (Dual Stack) – IPV4 and IPV6 running concurrently. 
- Enter the relevant WAN IP Settings. Click Next after completing the necessary fields. The individual fields on this screen are defined as follows: Field Name Description Obtain an IP address automatically When you wish the ISP to automatically assign the WAN IP to the gateway. Option 60 Vendor ID (Optional) Broadcast a specific vendor ID for the DHCP server to accept the device. Option 61 IAID (Optional) Interface Association Identifier (IAID). A unique identifier for an IA, chosen by the client. 
- Field Name Description Advanced DMZ (Optional) Check this option to enable Advanced DMZ on the WAN service.* NON DMZ IP Address (Optional) Broadcast a specific vendor ID for the DHCP server to accept the device. NON DMZ Net Mask Enter a secondary LAN IP address for the gateway. e.g. 192.168.2.1 Obtain an IPv6 address automatically When you wish the ISP to automatically assign the WAN IP to the gateway. Dhcpv6 Address Assignment (IANA) Select this option for CPE to receive WAN IP from ISP. 
- Click Next after completing the necessary fields. The individual fields on this screen are defined as follows: Field Name Description Interface Address (prefix length is IPV6 address to assign as the gateways Local LAN IPV6 address and prefix length. required) Enable DHCP v6 Server Check this option to turn on the DHCP v6 feature on the LAN. Enable DHCP Server Inherit IPV6 address assignments from the WAN IPV6 interface. 
- NAT Virtual Servers (Port Forward) Virtual Servers (more commonly known as Port Forward) is a technique used to facilitate communications by external hosts with services provided within a private local area network. After Selecting Advanced Setup -> NAT -> Virtual Servers from the left navigation bar, click the Add button. The following screen will appear. Customize the fields to create your port forwarding entry. Click Apply/Save to commit your changes. 
- The individual fields on this screen are defined as follows: Field Name Description Use Interface Select the WAN interface that this NAT rule will apply to. Select a Service Select from a list of common applications that typically require port forwards in place. The port ranges and protocol fields will be pre-populated Custom Service If your application does not appear in the preceding drop-down list you may manually enter a unique name for the application. 
- The individual fields on this screen are defined as follows: Field Name Description Use Interface Select the interface over which the port triggering rule will apply. Select an Application Choose from this list of applications which commonly require a Port trigger entry. Custom Application A free form text field. Enter a unique name for the application for which you are creating a Port Trigger entry Trigger Port Start [1-65535] An outgoing trigger port number. 
- DMZ Host The Broadband Router will forward IP packets from the WAN that do not belong to any of the applications configured in the Virtual Servers table to the DMZ host computer. If it is desired to route all internet traffic with no filtering or security to a specific LAN device, add the IP address of that device to this field. After selecting Advanced Setup -> NAT -> DMZ Host from the left navigation bar, enter the DMZ Host IP Address. Click Apply/Save to commit the new or changed address. 
- SECURITY IP Filtering Outgoing Add an Outgoing filter when refusal of data from the LAN to the WAN is desired. After selecting Advanced Setup -> Security -> IP Filtering -> Outgoing from the left navigation bar, click the Add button. The following screen will appear to facilitate the filtering you desire. Click Apply/Save to commit the completed entry. The individual fields on this screen are defined as follows: Field Name Description Filter Name A free form text field. 
- NOTE: The address specified here can be a particular address or a block of IP address on a given network subnet. This is done through appending the address with the routing “/prefix” length decimal value (preceded with the slash) associated. Use of a valid decimal routing prefix for defining the subnet mask per CIDR notation is required). 
- The individual fields on this screen are defined as follows: Field Name Description Filter Name A free-form text field. Enter a descriptive name for this filter. IP Version Version IPv4 applies by default. IPV6 can be alternately selected. Protocol [TCP/UDP, TCP, UDP, or ICMP] Select the protocol to be associated with this incoming filter. Source IP address [/prefix length] Enter source address for rule. Source Port (port or port:port) Enter source port number or range. 
- Field Name Description Interface Interface(s) associated with established policy rule(s). Policy [FORWARD, BLOCKED] The current/active policy type that is in place. Change Check this box then click the Change Policy button to toggle the policy type. Next, click the Add button. The following screen will appear. Click Apply/Save to commit the changes. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. 
- The individual fields on this screen are defined as follows: Field Name Description Protocol Type [PPPoE, IPv4/IPv6, AppleTalk, IPX, NetBEUI, IGMP] Select the protocol associated with the device at the destination MAC address. Destination MAC Address Enter the MAC address of the hardware you wish to associate with this filter. Source MAC Address Enter the MAC address of the device that is originating requests intended for the device associated with the Destination MAC address. 
- The individual fields on this screen are defined as follows: Field Name Description User Name A free form text field. Enter and intuitive name for this restriction. Browser’s MAC Address MAC address of the PC to which this restriction will uniquely apply. Other MAC Address MAC address of another LAN device to restrict. (xx:xx:xx:xx:xx:xx) Days of the week Check the box(es) for day(s) Mon - Sun the restrictions apply. 
- Note that there is only one Block List and one Allow List per gateway. The stand-alone modem capability does not maintain a unique Allow and Block List for each individual LAN device. Some additional flexibility however is available when your SmartRG gateway is under management of Cisco Prime Home™. Refer to Cisco documentation regarding, “Content Filtering” for instructions. 
- When this option is checked, it exposes the QoS Queue Management Configuration drop-down menu where selection of the default Differentiated Services Code Point (DSCP) Mark classification value to be associated can be declared. If this option was already enabled and the check is removed, QoS for ALL interfaces will be turned off upon clicking Apply/Save. For a commonly used DSCP values refer to RFC 2475. 
- Click to Apply/Save to commit the changes. QoS Queue Management Configuration marking on ingress packets in accordance with the Select Default DSCP Mark setting field just above it. Queue management on ingress packets will mark according to the highlighted selection therein. The associated default marking will then automatically be applied to all incoming packets without reference to a particular classification. 
- The individual fields on this screen are defined as follows: Field Name Description Name A free form text field. Enter an intuitive name for your config. Enable Dropdown selection for either enable or disable of a given QoS queue configured on chosen Layer 2 interface. Note: Only one queue can be defined for any one interface/precedence pair, resulting in a maximum of three queues per interface. Interface Dropdown selection for desired Layer 2 interface to be associated with the defined QoS queue (e. 
- Field Name Description The following selections are exposed if either Weighted Priority algorithm is selected as Scheduler Algorithm. Minimum Rate [1-100000 Kbps] [-1 value indicates no minimum shaping applied] Minimum shaping rate defined for packets in QoS queue. Shaping Rate [1-100000 Kbps] [-1 value indicates no minimum shaping applied] Shaping rate defined for packets in QoS queue defined. 
- The individual fields on this screen are defined as follows: Field Name Description Classification Name A free form text field. Enter a descriptive name for this rule. Rule Order [Last, Null] Select Last to set this rule as the very last classification rule to be processed. Select Null to set this rule as the next classification rule to be processed within the existing list of classification rules. Rule Status [Enable, Disable] Select whether this rule is active or turned off. 
- QoS Port Shaping QoS Port Shaping facilitates setting a fixed rate (Kbps) for each of the Ethernet ports. Select Advanced Setup -> Quality Of Service -> QoS Port Shaping and the following screen will appear. Click the Apply/Save button to commit the changes entered. The individual fields on this screen are defined as follows: Field Name Description Interface Each line item in the table represents one of the Ethernet LAN ports on the back of your SmartRG gateway. 
- Routing Default Gateway Select Advanced Setup -> Routing -> Default Gateway and the following screen will appear. Use the -> button to move your highlighted selection from left to right or <- for right to left. Click the Apply/Save button to commit the changes entered. The individual fields on this screen are defined as follows: Field Name Description Available Routed WAN Interfaces Choose from the list of available WAN interfaces identify as the Default Gateway. 
- Static Route Static Route is one form of manually configured, fixed route for IP data. After selecting Advanced Setup -> Routing -> Static Route, click the Add button and the following screen will appear. Click the Apply/Save button to commit the changes entered. Up to 32 entries may be added. The individual fields on this screen are defined as follows: Field Name Description IP Version [IPv4, IPv6] Select the IP version associated with the static route you wish to create. 
- Policy Routing Policy routing makes somewhat automated routing choices based on net admin dictated policies. For example, a network administrator might want to deviate from standard routing based on destination markers in the packet and instead, forward a packet based on the source address. Use this feature to establish similar policies. After selecting Advanced Setup -> Routing -> Policy Route, click the Add button and the following screen will appear. 
- RIP (Routing Information Protocol) RIP is a type of distance-vector routing protocol, which leverages hop count as a metric for routing. RIP puts a limit on the number of hops (max 15) allowed in order to prevent routing loops. This can sometimes limit the size of networks that RIP can be successfully employed. After selecting Advanced Setup -> Routing -> RIP, click the Add button and the following screen will appear. Click the Apply/Save button to commit the changes entered. 
- DNS DNS Server Use the features of this screen to input the Domain Name Server information supplied by the service provider. After selecting Advanced Setup -> DNS -> DNS Server from the left navigation bar, the following screen will appear. Enter your desired settings. Click Apply/Save to commit changes. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 61 smartrg. 
- The individual fields on this screen are defined as follows: Field Name Description Selected DNS Server Interfaces The WAN service selected to be your primary DNS server. Available Wan Interfaces WAN services available to be selected for the DNS server. Primary DNS Server Enter the IP address of the primary DNS server. Secondary DNS Server Enter the IP address of the secondary DNS server. WAN Interface Selected Alter this field only if IPv6 environment. 
- The individual fields on this screen are defined as follows: Field Name Description D-DNS provider Select a dynamic Domain Name Server provider from the drop-down menu. Hostname Enter the name of the dynamic DNS server. 
- DSL Advanced settings for the DSL interface. CAUTION: Altering these settings unnecessarily could result in the gateway being unable to attain DSL synchronization. After selecting Advanced Setup ->DSL from the left navigation bar, click the Add button. The following screen will appear. Enter your desired settings then click Apply/Save to commit your changes. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. 
- The individual fields on this screen are defined as follows: Modulation Data Transmission Rate G.Dmt ITU-T G.992.1 standard. Max Downstream: 12 Mbps Max Upstream: 1.3 Mbps G.lite ITU-T G.991.2 standard. Max Downstream: 4 Mbps Max Upstream: 0.5 Mbps T1.413 ANSI T1.413 Issue 2 standard. Max Downstream: 8 Mbps Max Upstream: 1.0 Mbps ADSL2 ITU-T G.992.3 standard. Max Downstream: 12 Mbps Max Upstream: 1.0 Mbps AnnexL Annex L of ITU-T G.992. 
- Test Modes Mode Description Normal Puts the DSL PHY in test mode, sending only a Normal signal. Reverb Puts the DSL PHY in test mode, sending only a REVERB signal Medley Puts the DSL PHY in test mode, sending only a MEDLEY signal. No Retrain The DSL PHY will attempt to establish a connection as in Normal mode, but once the connection is up, it will not retrain even if the signal is lost. L3 Puts the DSL modem in the L3 power state. Click the Apply button place the gateway in test mode. 
- DSL Bonding NOTE: This feature supported only on SmartRG models SR550n and SR552n. Bonding enables two DSL lines to feed the same modem. Utilize this screen to leverage the bandwidth of both lines. Bonded, they will behave as a single, higher bandwidth connection. After selecting Advanced Setup -> DSL Bonding from the left navigation bar. The following screen will appear. Check the checkbox to enable Bonding. Click Apply/Save to commit your changes. 
- UPnP Enable UPnP when 3rd party devices on your LAN support this Universal Plug and Play standard. Common client devices include gaming consoles, IP cameras, printers and others. After selecting Advanced Setup -> UPnP from the left navigation bar. The following screen will appear. Check the checkbox to enable UPnP. Click Apply/Save to commit your changes. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. 
- DNS Proxy A DNS Proxy improves domain lookup performance for clients by creating a historical cache of lookups. Navigate to Advanced Setup -> DNS Proxy to enable and configure this feature. After selecting Advanced Setup -> DNS Proxy from the left navigation bar. The following screen will appear. Check the checkbox to enable DNS Proxy mode and specify a Hostname and Domain Name of the LAN in the fields that follow. Click Apply/Save to commit your changes. 
- Interface Grouping Creating an interface group is used to map local interfaces to WAN interfaces. Typical application for this feature would include assigning IPTV STBs to a WAN interface. After selecting Advanced Setup -> Interface Grouping from the left navigation bar, click the Add button below the table. The screen shown on the next page will appear. To create a new interface group: 1. Enter a unique Group Name then select either step 2. (dynamic) or step 3. (static) below: 2. 
- 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 71 smartrg. 
- IP Tunnel IP Tunneling is typically used as a means to establish a path between two independent networks. Your SmartRG gateway supports connecting islands of IPv6 networks across the IPv4 internet or IPv4 in IPv6 as well. IPv6inIPv4 After selecting Advanced Setup -> IP Tunnel -> IPv6inIPv4 from the left navigation bar, click the Add button. The screen shown on the next page will appear. 1. Enter a Tunnel Name 2. Currently, only the 6rd Mechanism is supported 3. 
- IPv4inIPv6 After selecting Advanced Setup -> IP Tunnel -> IPv4inIPv6 from the left navigation bar, click the Add button. The screen shown on the next page will appear. 1. Enter a Tunnel Name 2. Currently, only the DS-Lite Mechanism is supported. Consult RFC6333 for further information regarding DS-Lite. 3. Select the appropriate LAN and WAN interfaces from the drop-down lists associated with the tunnel you wish to establish. 4. AFTR (Address Family Transition Router) may be configured automatically. 
- IPSec Internet Protocol Security is a protocol for securing communications by packet level encryption and authentication. Use the IPSec page to enable and remove connections, or edit existing connections. The IPSec configuration screen is dynamic. Some options are revealed or hidden depending on the selected connection. After selecting Advanced Setup -> IP Sec from the left navigation bar, click the Add New Connection. The following screen will appear. 
- The individual fields on this screen are defined as follows: Field Name Description IPSec Connection Name A free form text field. Enter a descriptive name for this connection IP Version [IPv4, IPv6] Select the IP version environment associated with your infrastructure. Tunnel Mode [ESP, AH] Select encapsulation method to be used. Use AH tunnel mode to encapsulate a packet with AH and IP headers. For authentication, the entire packet is signed. 
- Certificate Use the Advanced Setup -> Certificate pages to configure certificates for the gateway. Certificates contain public keys as well as the identity of the owner. They verify a person’s identity. You can use Local and Trusted CA certificates on this gateway. Local Use the Local Certificate page to configure certificates for the gateway. Local certificates are used to identify the gateway to other users. 
- The individual fields on this screen are defined as follows: Field Name Description Certificate Name A free form text field. Typically used to describe the intended use of the certificate. Common Name The FQD of the ACS or other server to which this gateway will connect. In non ACS environments, an IP address may be Organization Name A free form text field. Typically the company name creating the request. Country/Region Select the Country/Region in which this certificate will be employed. 
- Trusted CA Use Trusted Certificates to identity other gateways to your gateway as a trusted source. You can import and store four trusted certificates on the gateway. Store up to four peer certificates using this feature. After selecting Advanced Setup -> Certificate -> Trusted CA from the left navigation bar, click the Import Certificate button. The following screen will appear. Enter “acscert” for the Certificate Name field then paste the Certificate details as indicated between the BEGIN and END markers. 
- Multicast Multicast is the methodology for applications shipping information simultaneously to multiple destinations. The most common scenario being internet television and other streaming media. In IP multicast the implementation occurs at the IP routing level, where routers create the most efficient distribution paths for packets sent to a destination. Select Advanced Setup -> Multicast from the left navigation bar. The screen pictured below will appear. Update or complete the necessary fields. 
- The individual fields on this screen are defined as follows: Field Name Description Multicast Precedence [Enable, Disable] When enabled, the lower the multicast, the IGMP packets will be put higher in the queue. Default Version [1-3] Enter the supported IGMP version. Query Interval The interval at which the multicast router sends a query messages to hosts. Expressed in seconds. If the number is below 128, the value is used directly. 
- WIRELESS Basic This page allows you to configure basic features of the Wi-Fi LAN interface. You can enable or disable the Wi-Fi LAN interface, hide the network from active scans, set the Wi-Fi network name (also known as SSID) and restrict the channel set based on country requirements. After selecting Wireless -> Basic from the left navigation bar you may modify settings as desired. Click Apply/Save to commit your settings. 
- The individual fields on this screen are defined as follows: Field Name Description Enable Wireless Check to enable the gateway’s Wi-Fi radio. Enable Wireless Hotspot2.0 Check to enable wireless Hotspot2.0. (WPA2 is required!) Hotspot 2.0 is focused on enabling a mobile device to automatically “discover” Wi-Fi access points that have a roaming arrangement with the user’s home network and then securely connect. Hide Access Point Check to Hide Access Point SSID. 
- Security Utilize this screen to configure security features of the wireless LAN interface. You may configuration it manually or via Wi-Fi Protected Setup (WPS). After selecting Wireless -> Security from the left navigation bar you may modify settings as desired. Click Apply/Save to commit your settings. Note: When both STA PIN and Authorized MAC are empty, PBC becomes the default value. If Hide Access Point is enabled or the MAC filter list is empty with “allow” chosen, WPS2 will be disabled. 
- The individual fields on this screen are defined as follows: Field Name Description Enable WPS [Enabled, Disabled] Enables Wi-Fi Protected Setup. Enter STA PIN Select the method [STA PIN, AP PIN] for how the WPS PIN is generated. Select the desired radio button then click the “Add Enrollee” if necessary to add a specific, en- Use AP PIN rollee station. If both the PIN field and Set Authorized Station MAC are left blank, the PBC (pushbutton) mode is automatically made active. 
- Manual Setup Network Authentication: Open and Shared The same configuration fields apply for Manual Setup of both Shared and Open authentication types. WPS however may not be used under Shared. The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. WEP Encryption [Enabled, Disabled] Select Enabled to turn on Wired Equivalent Privacy mode. 
- Manual Setup Network Authentication: 802.1X The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. RADIUS Server IP address Enter the IP address for the Remote Authentication Dial In User Service server associated with your infrastructure. RADIUS Port Port 1812 for authentication is a standard for RADIUS authentication per the IETF RFC 2865. 
- Manual Setup Network Authentication: WPA WPA Authentication requires the same set of parameters as used with 802.1X with but with the two parameters added: WPA Group Rekey Interval and WEP Encryption. Reference the above table for field descriptions not found in the table for WPA below. 
- Manual Setup Network Authentication: WPA-PSK The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. WPA/WAPI passphrase Enter the desired security password to be used by this security configuration. Use base MAC address as WAP/WAPI In lieu of manually entering a password, allow the Base MAC address to be substiPassphrase tuted for the password. 
- Manual Setup Network Authentication: WPA2 The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. WPA2 Preauthentication Network Re-Auth Interval WPA Group Rekey Interval [1-65535 seconds] The frequency with which the gateway automatically updates the group key and sends it to connected LAN client devices. 
- Field Name Description Current Network Key [1-4] Select which of the four keys from the list is presently in effect. Network Key 1-4 Enter up to four encryption keys using the on-screen instructions to achieve the desired security strength (128 or 64 bit). 
- Manual Setup Network Authentication: Mixed WPA2-WPA The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. WPA2 Preauthentication Network Re-Auth Interval WPA Group Rekey Interval [1-65535 seconds] The frequency with which the gateway automatically updates the group key and sends it to connected LAN client devices. 
- Field Name Description Network Key 1-4 Enter up to four encryption keys using the on-screen instructions to achieve the desired security strength (128 or 64 bit). Manual Setup Network Authentication: Mixed WPA2/WPA-PSK The individual fields on this screen are defined as follows: Field Name Description Select SSID Select the SSID from the drop-down list for the wireless network to which this security configuration will apply. 
- MAC Filter Also known as Layer 2 address filtering, MAC Filtering refers to an access control methodology whereby the 48-bit address assigned to each LAN host NIC is used to determine access to the network. After selecting Wireless -> MAC Filter from the left navigation bar, select an SSID to filter from the drop-down list. Next, select the MAC Restrict Mode (Disabled, Allow or Deny). Use the Add button to add a MAC address to the filter list. Click Apply/Save to commit the completed entry. 
- Wireless Bridge This page allows you to configure wireless bridge features of the wireless LAN interface. You can select Wireless Bridge (also known as Wireless Distribution System) to disable access point functionality. Selecting Access Point enables access point functionality. Wireless bridge functionality will still be available and wireless stations will be able to associate to the Access Point. Selecting Disabled in Bridge Restrict will disable wireless bridge restriction. 
- The individual fields on this screen are defined as follows: Field Name Description AP Mode [Wireless Bridge, Access Point] Select Wireless Bridge to disable Access Point functionality. Select Access Point enables AP functionality. In Access Point mode, wireless bridge functionality will still be available and wireless stations will be able to associate to the AP. Bridge Restrict [Enabled, Disabled] Optional setting to turn off wireless bridge restriction. 
- 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 96 smartrg. 
- The individual fields on this screen are defined as follows: Field Name Description Band Pre-set at 2.4 GHz for compatibility with IEEE 802.11x standards. Channel [Auto, 1-11] Select the Wi-Fi channel you wish to use. Auto Channel Timer(min) [0-65535 minutes] Set the frequency with which the gateway scans channels for interference. If a threshold of inference is detected, a new channel will be auto selected. 802.11n/EWC [Auto, Disabled] Reference, IEEE 802.11n Draft 2. 
- Field Name Description a client device with its 40MHz Intolerant bit set is detected. Disabling this feature violates the 802.11-2012 specification. RX power chain save [Enable, Disable] Turn on power save mode. Note: 802.11n/EWC must be set to Auto before enabling this feature. RX power chain save quiet time [0 to 2147483647 seconds] Set the delay time between when system activity ceases and power save mode engages. Note: Set 802.11n/EWC to Auto and to Enable before setting this parameter. 
- Field Name Description Global Max Clients [1-255] The maximum number of client devices that can connect to the router. Xpress TM Technology [Enabled, Disabled] Xpress Technology is compliant with draft specifications of two planned wireless industry standards Transmit Power Set the desired output power (by percentage). WMM (Wi-Fi Multimedia) [Auto, Enabled, Disabled] When enable, this technology allows multimedia services (audio, video and voice packets) to get higher priority. 
- DIAGNOSTICS Diagnostics Line performance diagnostic tools are supported by your SmartRG gateway. Three legs of the data path are included in the available tests: LAN connectivity, DSL connectivity and Internet connectivity tests. After selecting Diagnostics -> Diagnostics from the left navigation bar, click the Test button at the bottom of the screen. The table will be updated with fresh diagnostic information regarding connection integrity. 
- Fault Management Utilize this screen for diagnostics regarding your VDSL PTM or Ethernet WAN connection. Fault Management is compliant with IEEE 802.1ag for Connectivity Fault Management. After selecting Diagnostics -> Fault Management from the left navigation bar, select values for the Maintenance Domain (MD) Level, Destination MAC Address to test and enter the applicable (if any) 802.1Q VLAN ID. 
- MANAGEMENT Settings Backup Current settings for your gateway can be backed up to a file stored on your computer. After selecting Management -> Settings -> Backup from the left navigation bar, the following screen will appear. Select the type of backup you desire. 
- Update Use the features on this screen to restore previously backed-up gateway settings. Both Current and Default settings can be managed here. After selecting Management -> Settings -> Update from the left navigation bar, the following screen will appear. Click the appropriate Choose File button for the type of setting you wish to restore. Next, browse to the desired .conf file located on your personal computer. Lastly, click the Update button. 
- Restore Default Use this screen to reset the gateway to it’s Default settings. Defaults can be customized and stored. For details, see Backup and Restore Settings sections of this user guide. After selecting Management -> Settings -> Restore Default from the left navigation bar, the following screen will appear. Click the Restore Default Settings button. System Log In the System Log you will find a history of error conditions and other events encountered by your gateway. 
- The individual fields on this screen are defined as follows: Action Description View System Log This button will display the system log. Configure System Log This button will edit the system log This table describes the options for configuration of the System Log Action Description Enable/Disable Select to turn logging completely off or on Logging Level Options are displayed in top-down order of least verbose to most verbose. 
- Upon selecting Management -> Settings -> Security Log from the left navigation bar, the following screen will appear. The individual fields on this screen are defined as follows: Action Description View This button will display the Security Log on the screen. Reset This button will purge all stored data from the Security Log. 
- The individual fields on this screen are defined as follows: Field Name Description OUI-Serial Select whether to use the base MAC address or the serial number of your gateway when connecting to the ACS. TR-069 Client Disable/Enable TR-069 client on the CPE. Inform Interval The frequency (in seconds) with which the CPE (gateway) checks in with the ACS to sync and exchange data. A typical production environment entails CPEs in the field informing to the ACS once/day or every 86,400 seconds. 
- STUN Config STUN: Stands for “Simple Traversal of UDP through NATs”. STUN enables a device to find out its public IP address and the type of NAT service it is sitting behind. STUN Server: An entity that receives STUN requests and sends STUN responses. STUN servers are generally attached to the public Internet. When a STUN server is present within the infrastructure of the Service Provider, utilize this screen to configure this gateway with the connectivity specifics for that server. 
- Internet Time Sync the clock in your gateway with reliable external clocking servers available on the internet. After selecting Management -> Internet Time you may check the checkbox on the first line to enable the Network Time Protocol. You may select or input your own NTP servers. Select the desired time zone for the gateway. Click Apply/Save to commit your settings. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. 
- Access Control Services Utilize this screen to establish a Service Control List. You many control which services (FTP, HTTP, Telnet, etc.) are to be restricted on the LAN After selecting Management -> Access Control -> Services you may modify settings as desired. Click Apply/Save to commit your settings. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 110 smartrg. 
- The individual fields on this screen are defined as follows: Field Name Description Services [FTP, HTTP, ICMP, SNMP, SSH, TELNET, TFTP] Specifies the SCL services that can be enabled or disabled via the Access Control configuration screen: LAN Specifies service enabled (via checkbox) on LAN side firewall. Note: ICMP is an always-enabled service by default and has no checkbox. WAN Specifies service enabled on the WAN side firewall. 
- Passwords Establish or alter the passwords associated with access to the Gateway. Three accounts are available to manage: Admin, Support and User. After selecting Management -> Passwords you enter your desired settings for one login. Click Apply/Save to commit your settings. The individual fields on this screen are defined as follows: Field Name Description User Name [admin, support, user] Specifies name of account to be configured. 
- Update Software Utilize this feature to update the firmware of your SmartRG gateway. Software updates for SmartRG product are available for download by SmartRGs direct customers. Reboot Occasional troubleshooting measures may require that the router be rebooted. The reboot function is located on this screen. 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 113 smartrg. 
- APPENDIX A: SMARTRG™ RESIDENTIAL GATEWAYS An Advanced Features Overview Connect-and-Surf (Automatic Broadband Connection Configuration) The Connect-and-Surf feature automatically establishes a WAN connection for default-configured gateways obviating the need for manual or custom configurations. The active physical layer is detected (ADSL, VDSL or GigE) and layer 3 connectivity is established using PPP authentication or DHCP. 
- Calix Compass/Consumer Connect ACS In addition to being Calix physical layer certified (to ensure Calix access equipment compatibility), SmartRG gateways have been tested to confirm maximum interoperability with the Calix Compass/Consumer Connect ACS solution Affinegy ACS SmartRG gateways have been tested to confirm maximum interoperability with the Affinegy ACS solution. Cisco Prime Home™ ACS SmartRG gateways have a long history of Prime Home™ (formerly ClearVision) ACS interoperability. 
- APPENDIX B: SMARTRG PRODUCT FAMILY – FEATURE COMPARISON MATRIX SmartRG residential gateways combine WAN connectivity with a firewall-protected router and industry-leading TR-069 remote management support. Most variants provide 802.11n Wi-Fi connectivity, as well. See the SmartRG feature details below: Model Broadband Connection LAN ports LAN Device Managed Managed Wi-Fi Signal Discovery Firewall Wi-Fi Monitor IPv6 IPTV Ready SR552n Tri-mode: ADSL2+, VDSL2, GigE 5 GE a a 802. 
- Document Revision History Rev 3.0 Date 6/26/2014 Description Initial release 501 SE Columbia Shores Boulevard, Suite 500, Vancouver, Washington 98661, USA l +1 360 859 1780 SmartRG Inc. Propriety and Confidential. All Rights Reserved. Copyright © 2014 Page 117 smartrg.