Dual-Band Wireless VPN Router with GbE Switch RV220W User's Guide
Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 Dual-Band Wireless-N VPN Router Features ................................................................ 1 Package Contents .............................................................................................................. 3 Physical Details..................................................................................................................
L2 Switch - Radius .......................................................................................................... 91 L2 Switch - Port Setting.................................................................................................. 92 L2 Switch - Statistics ....................................................................................................... 93 L2 Switch - Port Mirroring ............................................................................................
Chapter 1 Introduction 1 This Chapter provides an overview of the Dual-Band Wireless-N VPN Router's features and capabilities. Congratulations on the purchase of your new Dual-Band Wireless-N VPN Router. The DualBand Wireless-N VPN Router is a multi-function device providing the following services: • • • Shared Broadband Internet Access for all LAN users. Wireless Access Point for 802.11a, 802.11b, 802.11g and 802.11n Wireless Stations. 4-Port Switching Hub for 10BaseT, 100 or 1000BaseT connections.
• Access Control. Using the Access Control feature, you can assign LAN users to different groups, and determine which Internet services are available to each group. • Scheduling. Both the URL Filter and Firewall rules can be scheduled to operate only at certain times. This provides great flexibility in controlling Internet -bound traffic. • Logs. Define what data is recorded in the Logs, and optionally send log data to a Syslog Server. Log data can also be E-mailed to you.
• DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The Dual-Band Wireless-N VPN Router can act as a DHCP Server for devices on your local LAN and WLAN. Configuration & Management • Easy Setup. Use your WEB browser from anywhere on the LAN or WLAN for configuration. • Configuration File Upload/Download.
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Physical Details Front-mounted LEDs POWER (Green) On - Power on. DIAG (Red) On - System problem. Off - No power. Off - Normal operation. Flashing - System rebooting or firmware upgrading. DMZ (Green) On - DMZ enabled. Off - DMZ disabled. WIRELESS (Green) On - Wireless enabled. Off - No Wireless connections currently exist. Flashing - Data is being transmitting or receiving via the Wireless connection.
Rear Panel RESET button The Reset button can be used in one of two ways: • If the Router is having problems connecting to the Internet, press the Reset button for just a second with a paper clip or a pencil tip. This is similar to pressing the Reset button on your PC to reboot it. • If you are experiencing extreme problems with the Router and have tried all other troubleshooting measures, press and hold in the Reset button for 10 seconds.
Chapter 2 Installation 2 This Chapter covers the physical installation of the Dual-Band Wireless-N VPN Router. Requirements • Network cables. Use standard 10/100/1000BaseT network (UTP) cables with RJ45 connectors. • TCP/IP protocol must be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and a DSL connection. • To use the Wireless Access Point, all Wireless devices must be compliant with the IEEE 802.11a, IEEE 802.11g, IEEE 802.11b or IEEE 802.
• The WAN LED may be OFF. After configuration, it should come ON. Antennas and Positions Positions The Router can be placed in three different positions: stackable, standalone, or wall-mount. Standalone 1. Locate the Router’s left side panel. 2. The Router includes two stands. With the two large prongs facing outward, insert the short prongs into the little slots in the Router, and push the stand upward until it snaps into place. Wall-mount You will need two suitable screws to mount the Router.
3 Chapter 3 Setup This Chapter provides Setup details of the Dual-Band Wireless-N VPN Router. Configuration Program The Dual-Band Wireless-N VPN Router contains an HTTP server. This enables you to connect to it, and configure it, using your Web Browser. Your Browser must support JavaScript. The configuration program has been tested on the following browsers: • Netscape 7.1 or later • Mozilla 1.6 or later • Internet Explorer V5.
Figure 1: Login Screen If you can't connect If the Dual-Band Wireless-N VPN Router does not respond, check the following: • The Dual-Band Wireless-N VPN Router is properly installed, LAN connection is OK, and it is powered ON. You can test the connection by using the "Ping" command: • Open the MS-DOS window or command prompt window. • Enter the command: ping 192.168.1.
Setup Tab The Setup screen contains all of the Router’s basic setup functions. The Router can be used in most network settings without changing any of the default values. Some users may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL, cable modem) carrier. Setup - Summary The first screen that appears is the System Summary screen, which displays the Router’s current status and settings. This information is read-only.
Data - Summary Screen System Information Firmware Version It displays the current firmware version installed on this Router. CPU Displayed here are the type and speed of the processor installed on the Router. System Up Time This is the length of time in days, hours, and minutes that the Router has been active. The current time and date are also displayed. DRAM Displayed here is the size of DRAM installed on the Router’s motherboard.
Setup - WAN Screen DHCP By default, the Router’s Configuration Type is set to Automatic Configuration - DHCP, and it should be kept only if your ISP supports DHCP or you are connecting through a dynamic IP address. Figure 3: DHCP Screen Optional Settings Host Name Enter a host name for the Router. Domain Name Enter a domain name for the Router. MTU This setting specifies the largest packet size permitted for network transmission. In most cases, keep the default, Auto.
up with TZO. • Connect Button Status - The status of the TZO service connection is displayed here. When DDNS is enabled, the Connect button is displayed. Use this button to manually update your IP address information on the DDNS server. The Status area on this screen also updates. Static IP If you are required to use a permanent IP address, select Static IP. Figure 4: Static IP Static IP Settings Internet IP Address This is the Router’s IP address on the WAN port that can be reached from the Internet.
PPPoE Most DSL-based ISPs use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections. If you are connected to the Internet through a DSL line, check with your ISP to see if they use PPPoE. If they do, you will have to enable PPPoE. Figure 5: PPPoE PPPoE Settings Username Enter the User Name provided by your ISP for PPPoE authentication. Password Enter the Password by your ISP for PPPoE authentication.
PPTP Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only. Figure 6: PPTP PPTP Settings IP Address This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask This is the Router’s Subnet Mask. Your ISP will provide you the Subnet Mask and your IP address. Default Gateway Your ISP will provide you with the Default Gateway IP Address.
tion terminates in the Max Idle Time field. Use this option to minimize your DSL connection time if it is charged based on time. Keep Alive This option allows the Router will periodically check your Internet connection. If you are disconnected, then the Router will automatically reestablish your connection. To use this option, click the option next to Keep Alive. In the Redial Period field, you specify how often you want the Router to check the Internet connection.
L2TP Server Enter the IP address of the L2TP server Username Enter the User Name provided by your ISP. Password Enter the Password provided by your ISP. Connect on Demand You can configure the Router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time).
Setup - LAN Screen The LAN Setup section allows you to change the Router’s local network settings for the four Ethernet ports. Figure 8: LAN Screen Data - LAN Screen IPv4 Local IP Address Enter the IPv4 address on the LAN side. The default value is 192.168.1.1.
Subnet Mask Select the subnet mask from the drop-down menu. The default value is 255.255.255.0. Server Settings (DHCP) DHCP Server DHCP is enabled by default. If you already have a DHCP server on your network, or you don't want a DHCP server, then select Disabled (no other DHCP features will be available). If you already have a DHCP server on your network, and you want the Router to act as a Relay for that DHCP Server, select DHCP Relay, then enter the DHCP Server IP Address.
DHCPv6 DHCPv6 Enabled or Disabled as required. Lease Time Enter the desired value. The default is 0, which actually means one day. DHCP address range start Enter the start IP address of the DHCP range. DHCP address range end Enter the end IP address of the DHCP range. Primary DNS Your ISP will provide you with at least one DNS (Domain Name System) Server IP Address to resolve host name to IP address mapping. Secondary DNS The secondary DNS will only be used if the primary DNS is not available.
Setup - DMZ Screen The DMZ screen allows one local PC to be exposed to the Internet for use of a special-purpose service, such as Internet gaming and video-conferencing. DMZ hosting forwards traffic to all the ports for the specified PC simultaneously, unlike Port Range Forwarding that can only forward a maximum of 10 ranges of ports.
Setup - MAC Address Clone Screen Some ISPs require that you register a MAC address. This feature clones your PC network adapter's MAC address onto the Router, and prevents you from having to call your ISP to change the registered MAC address to the Router's MAC address. The Router's MAC address is a 6-byte hexadecimal number assigned to a unique piece of hardware for identification.
Setup - Advanced Routing Screen Figure 11: Advanced Routing Screen Data - Advanced Routing Screen Operating Mode Operating Mode • Gateway - This is the normal mode of operation. This allows all devices on your LAN to share the same WAN (Internet) IP address. In the Gateway mode, the NAT (Network Address Translation) mechanism is enabled. • Router - You either need another Router to act as the Gateway, or all PCs on your LAN must be assigned (fixed) Internet IP addresses.
Static Routing Select Set Number Sometimes you will prefer to use static routes to build your routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router. You can also use static routes to reach peer routers that do not support dynamic routing protocols. Static routes can be used together with dynamic routes. Be careful not to introduce routing loops in your network.
Setup - Time Screen You can either define your Router’s time manually or automatically through Time Server. Figure 13: Time Screen Data - Time Screen Time Time • Set the local time Manually - If you wish to enter the time and date manually, enter the Day, Month, Year, Hour, Minute, and Second in the Time field using 24 hour format (example 10:00pm would be entered 22:0:0).
Setup - IP Mode Screen You can either define your Router’s time manually or automatically through Time Server. Figure 14: IP Mode Screen Data - IP Mode Screen IP Mode IPv4 Only This option utilizes IPv4 on the Internet and local network. Dual-Stack IP This option utilizes IPv4 over the Internet and IPV4 and IPv6 on the local network.
Wireless - Basic Settings Tab The Dual-Band Wireless-N VPN Router's settings must match the other Wireless stations. Note that the Dual-Band Wireless-N VPN Router will automatically accept both 802.11b and 802.11g connections, and no configuration is required for this feature. To change the Dual-Band Wireless-N VPN Router's default settings for the Wireless Access Point feature, use the Wireless link on the main menu to reach the Wireless screen. An example screen is shown below.
Wireless Network Mode Select the desired mode: • • 2.4GHz Wireless • B-Only - All the wireless client devices can be connected to the Wireless Router at Wireless-B data rates with a maximum speed of 11Mbps. • G-Only - Both Wireless-N and Wireless-G client devices can be connected at Wireless-G data rates with a maximum speed of 54Mbps. Wireless-B clients cannot be connected in this mode.
Wireless - Security Settings Change the Wireless Router’s wireless security settings on this screen. Figure 16: Disabled Data - Security Settings Screen WEP Data Encryption Select SSID Select the desired SSID from the drop-down list. Wireless Isolation (Between SSID w/o VLAN) Select Enabled to use this feature. Security Mode Select the wireless security mode you want to use, WEP, WPAPersonal, WPA2-Personal, WPA-Enterprise, WPA2-Enterprise, or Radius.
WEP Figure 17: WEP Data - WEP Screen WEP Data Encryption Authentication Type Normally, this should be left at the default value of "Automatic". If changed to "Open System" or "Shared Key", ensure that your Wireless Stations use the same setting. WEP Data Encryption Select the desired option, and ensure the Wireless Stations use the same setting. • 40/64-bit (10 Hex digits) - data is encrypted, using the default key, before being transmitted. You must enter at least the default key.
WPA-Personal Figure 18: WPA-Personal Data - WPA-Personal Screen Encryption The WPA-Personal standard allows different encryption methods to be used. Select the desired option. Wireless Stations must use the same encryption method. Shared Secret Enter a WPA Shared Key of 8-63 characters. Key Renewal Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds.
WPA2-Personal Figure 19: WPA2-Personal Data - WPA2-Personal Screen Encryption The WPA2-Personal standard allows different encryption methods to be used. Select the desired option. Wireless Stations must use the same encryption method. Shared Secret Enter a WPA Shared Key of 8-63 characters. Key Renewal Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds.
WPA-Enterprise Figure 20: WPA-Enterprise Data - WPA-Enterprise Screen Encryption WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES. RADIUS Server Enter the server address here. RADIUS Port Enter the port number used for connections to the Radius Server. Shared Key Enter the shared key. Data is encrypted using a key derived from the network key. Other Wireless Stations must use the same key.
WPA2-Enterprise Figure 21: WPA2-Enterprise Data - WPA2-Enterprise Screen Encryption WPA2 always uses AES for data encryption. RADIUS Server Enter the server address here. RADIUS Port Enter the port number used for connections to the Radius Server. Shared Key Enter the shared key. Data is encrypted using a key derived from the network key. Other Wireless Stations must use the same key. The key must be from 8 to 63 characters in length.
Radius Server Figure 22: Radius Server Data - Radius Server Screen RADIUS Server Enter the server address here. RADIUS Port Enter the port number used for connections to the Radius Server. Shared Key Enter the shared key. Data is encrypted using a key derived from the network key. Other Wireless Stations must use the same key. The key must be from 8 to 63 characters in length. Authentication Type Normally, this should be left at the default value of "Automatic".
TX Key Select one of the keys to be used for data encryption (when you manually enter multiple keys).
Wireless - Connection Control This screen allows you to configure the Connection Control List to either permit or block specific wireless client devices connecting to (associating with) the Wireless Router. Figure 23: Connection Control Data - Connection Control Select SSID Select the desired SSID from the drop-down list. Enabled/Disabled Enable or disable wireless connection control. The default is Disabled.
Figure 24: Wireless Client List 40
Wireless - Advanced Settings This screen allows you to configure the advanced settings for the Wireless Router. The Wireless-N Router adopts several new parameters to adjust the channel bandwidth and guard intervals to improve the data rate dynamically. Linksys recommends to let your Wireless Router automatically adjust the parameters for maximum data throughput. Figure 25: Advanced Settings Screen Channel Bandwidth You can select the channel bandwidth manually for Wireless-N connections.
Message (TIM). The default is 100 Msec. DTIM Interval This value indicates how often the Wireless Router sends out a Delivery Traffic Indication Message (DTIM). Lower settings result in more efficient networking, while preventing your PC from dropping into power-saving sleep mode. Higher settings allow your PC to enter sleep mode, thus saving power, but interferes with wireless transmissions. The default is 1 ms. Fragmentation Threshold Enter the preferred setting between 256 and 2346.
Wireless - VLAN & QoS This screen allows you to configure the Qos and VLAN settings for the Router. The QoS (Quality of Service) feature allows you specify priorities for different traffic. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic. The 802.1Q VLAN feature is allowing traffic from different sources to be segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your LAN.
queues based on QoS settings (in IP or layer 2 header). WMM provides the capability to prioritize traffic in your environment. The default is Enabled.
Firewall Tab The Firewall Tab allows you to configure software security features like SPI (Stateful Packet Inspection) Firewall, IP based Access List, restriction LAN users on Internet (WAN port) access, and NAPT (Network Address Port Translation) Settings (only works when NAT is enabled) to limited services to specific ports. Note that for WAN traffic, NAPT settings are applied first, then it will pass the SPI Firewall settings, followed by IP based Access List (which requires more CPU power).
could place security concern to your PCs on the LAN side. You have to balance your needs on those applications and security. The default is unselected. • Java: Java is a programming language for websites. If you deny Java, you run the risk of not having access to Internet sites created using this programming language. • Cookies: A cookie is data stored on your PC and used by Internet sites when you interact with them, so you may not want to deny cookies.
Firewall - IP Based ACL This screen shows a summary of configured IP based Access List. The Access List is used to restrict traffic going through the Router either from WAN or LAN port. There are two ways to restrict data traffic. You can block specific types of traffic according to your ACL definitions. Or you can allow only specific types of traffic according to your ACL definition. The ACL rules will be read according to its priority.
Enable This tells the Router if the rule is active or not. You can have rules defined in the ACL Table but in an inactive state. The administrator can decide on when to enable specific ACL rules manually. Action This defines how the rule is to affect the traffic. It can be either Allow or Deny. If the rule is matched and the action is Allow, the packet will be forwarded. If the rule is matched and the action is Deny, the packet will be dropped.
Figure 29: Edit IP ACL Rule New Rule Action Select either Allow or Deny. Default is Allow. Service Select ALL or pre-defined (or user-defined) services from the dropdown menu. Log If checked, this ACL rule will be logged when a packet match happens. Log Prefix This string will be attached in front of the log for the matched event. Source Interface Select LAN, WAN, or ANY interface. Source IP The source IP address to be matched against.
Firewall - Internet Access Policy Access to the Internet can be managed by policies. A policy consists of four components. You need to define the PCs (MAC or IP address) to apply this policy, either Deny or Allow Internet service, what time and date to enable this policy, and what URLs or Keywords to apply this policy. Use the settings on this screen to establish an access policy. Selecting a policy from the dropdown menu will display that policy's settings.
Figure 30: Internet Access Policy Screen On the List of PCs screen, you can define PCs by MAC Address or IP Address. You can also enter a range of IP Addresses if you want this policy to affect a group of PCs. To create an Internet Access policy: 1. Select the desired policy number from the Internet Access Policy drop-down menu. 2. Enter a Policy Name in the field provided. 3. To enable this policy, select the Enable option. 4.
6. Decide what Days and what Times you want this policy to be enforced. Select the individual days during which the policy will be in effect, or select Everyday. Enter a range of hours and minutes during which the policy will be in effect, or select 24 Hours. 7. If you wish to block access to Web sites, use the Website Blocking by URL Address or Website Blocking by Keyword feature. 8. • Website Blocking by URL Address. Enter the URL or Domain Name of the web sites you wish to block.
Figure 32: Internet Access PC List 53
Firewall - Single Port Forwarding This is one of the NAPT (Network Address Port Translation) feature. Use the Single Port Forwarding screen when you want to open specific services (that use single port). This allows users on the Internet to access this server by using the WAN port address and the matched external port number. When users send these types of request to your WAN port IP address via the Internet, the NAT Router will forward those requests to the appropriate servers on your LAN.
using the standard port 80.) Protocol Select the protocol used for this application, TCP and/or UDP. IP Address For each application, enter the IP address of the PC running the specific server application. Enabled Select Enabled to enable port forwarding for the relevant server application.
Firewall - Port Range Forwarding This is one of the NAPT (Network Address Port Translation) features. The Port Range Forwarding screen allows you to set up public services on your network, such as web servers, ftp servers, e-mail servers, or other specialized Internet applications that use one or multiple port numbers (e.g. video conference). The port numbers being used will not change while forwarding to the local network.
Firewall - Port Range Triggering This is one of the NAPT (Network Address Port Translation) feature. Port Range Triggering is used for special applications that can request a port to be opened on demand. For this feature, the Wireless Router will watch outgoing packets for specific port numbers. This will trigger the Wireless Router to allow the incoming packets within the specified forwarding range and forward those packets to the triggering PC. One of the example applications is QuickTime.
Security Protection - Web Protection The Web Protection features are provided by the Router. Configure the website filtering settings on this screen.
Web Protection Enable URL Filtering To filter website addresses (URLs), select this option. Enable Web Reputation To block potentially malicious websites, select this option. URL Filtering Reset Counter The Router counts the number of attempted visits to a restricted URL. To reset the counter to zero, click Reset Counter. URL Category For each URL category, select the appropriate Filtering option. If you want to filter a sub-category, click + to view the sub-categories for each category.
IP Addresses/range Enter the appropriate IP addresses or ranges. Separate multiple URLs with semicolons (“;”). For a range of IP addresses, use a hyphen (“-”). Example: 10.1.1.0-10.1.1.10. Add>> To add the IP addresses or ranges, click Add. Approved Clients list The IP addresses or range of trusted clients are displayed. To delete an IP address or range, click its trash can icon.
Security Protection - Email Protection The Email Protection features are provided by an online service called IMHS, which stands for InterScan™ Messaging Hosted Security. It checks your e-mail messages so spam, viruses, and inappropriate content are filtered out. After you have configured the IMHS settings, your email messages will be checked online before appropriate messages are forwarded to your network.
Security Protection - License The license for the Trend Micro ProtectLink Gateway service (Email Protection and Web Protection) is valid for one year from the time the activation code for Web Protection is generated. If you do not provide the necessary information to activate Email Protection during registration, please provide that information as soon as possible because Email Protection and Web Protection will expire at the same time.
seats to your license, click Add Seats. Then follow the on-screen instructions.
VPN - Summary Tab Figure 39: Summary Screen Summary Tunnel(s) Used Displays the number of tunnels used. Tunnel(s) Available Displays the number of available tunnels. Tunnel Status No. Displays the number of the tunnel. Name Displays the name of the tunnel, as defined by the Tunnel Name field on the VPN > IPSec VPN screen. Status Displays the tunnel’s status: Connected, Hostname Resolution Failed, Resolving Hostname, or Waiting for Connection.
VPN Clients Status No. Displays the user number from 1 to 5. Username Displays the username of the VPN Client. Status Displays the connection status of the VPN Client. IP Address Displays the IP address of the VPN Client. Start Time Displays the start time of the most recent VPN session for the specified VPN Client. End Time Displays the end time of a VPN session if the VPN Client has disconnected. Duration Displays the total connection time of the latest VPN session.
VPN - IPSec VPN Tab Use this screen to create VPN tunnels between the Router to the remote Router. All Linksys Routers with Ipsec VPN support can be used as a remote Router (e.g. RVS4000, WRV54G, RV042). The Router supports VPN tunnels using IPsec (IP Security) technologies. You can create, delete, or modify a VPN tunnel on this page. Figure 40: IPSec VPN Screen IPSec VPN Tunnel Selected Select a tunnel to configure or create a new tunnel. Delete Button Click this button to delete the selected tunnel.
Tunnel Enable Select Enable to enable this tunnel. Local Security Group Local Security Gateway Type This has two settings, IP Only and IP + Domain Name (FQDN) Authentication. • IP Only If this is selected, the Wireless Router’s WAN IP address automatically appears in the IP Address field. • IP + Domain Name (FQDN) Authentication This is the same as IP Only, but includes a domain name for greater security. Enter an arbitrary domain name in the Domain Name field.
key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purpose. Notice that both sides must use the same Key Management method (both Auto or both Manual). For Manual key management, all the configurations need to match on both sides. Manual IKE with Preshared Key • Incoming/Outgoing SPI The SPI (Security Parameter Index) is carried in the IPsec ESP header.
method. • Phase 1 Authentication Authentication determines a method to authenticate the data packets to make sure they come from a trusted source. Either MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method. • MD5 - A one way hashing algorithm that produces a 128bit digest. • SHA1 - A one way hashing algorithm that produces a 160bit digest.
• PreShared Key IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both characters and hexadecimal values are acceptable in this field. e.g. “My_@123” or “0x4d795f40313233” Note that both sides must use the same Pre-shared Key. Advanced Aggressive Mode There are two types of Phase 1 exchanges: Main mode and Aggressive mode. Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If network security is preferred, select Main mode.
VPN - VPN Client Accounts Tab You can allow remote users to easily establish a VPN connection to your Router using the Linksys QuickVPN client utility without using a compatible VPN Router with IPsec VPN settings. This is achieved by creating user accounts on the Router and authenticate users through Username and Password. After creating user accounts, it will be summarized in the table below.
VPN Client List Table No Displays the user number. Active When checked, the designated user can connect, otherwise the VPN client account is disabled. Username Displays the username. Password Displays the password. Edit Button This button is used to modify the username, password, or toggle between whether the user is allowed to change their password. Remove Button This button is used to delete a user account.
VPN - VPN Passthrough Figure 42: VPN Passthrough Screen VPN Passthrough IPSec PassThrough Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange of packets at the IP layer. IPSec Passthrough is enabled by default to allow IPSec tunnels to pass through the Router. To disable IPSec Passthrough, select Disabled. PPTP PassThrough Point-to-Point Tunneling Protocol (PPTP) allows the Point-to-Point Protocol (PPP) to be tunneled through an IP network.
QoS Tab QoS (Quality of Service) allows you to perform Bandwidth Management, by either Rate Control or Priority. You can also configure QoS Trust Mode and the DSCP settings. QoS - Bandwidth Management Figure 43: Bandwidth Management Screen Setup Bandwidth Management QoS (Quality of Service) is disabled by default. When enabled, this option allows you to assign priority based on the application type.
Mini. Rate Enter the minimum rate for the guaranteed bandwidth. Max. Rate Enter the maximum rate for the guaranteed bandwidth. Enable Check this box to enable this Rate Control Rule. Add to List After a rule is set up, click this button to add it to the list. The list can contain a maximum of 15 entries. Delete selected application Click this button to delete a rule from the list. Priority Service Select the service from the drop-down menu.
QoS - QoS Setup The QoS Setup screen allows users to configure QoS Trust Mode for each LAN port. Figure 45: QoS Setup Screen QoS Setup Port ID The number of the LAN port. Trust Mode Select either CoS or DSCP. The default is CoS. Priority If Trust Mode is set to Port, select the port priority from 0 to 7 from the drop-down menu. If Trust Mode is set to CoS, select the default CoS priority 0 from the drop-down menu. CoS Setup Priority The CoS priority from 0 to 7.
QoS - Queue Settings Figure 46: Queue Settings QoS Setup Queue Settings Queue The number of the Queue. Strict Priority Select either Strict Priority or WRR. The default is Strict Priority. WRR If WRR enabled, enter the values for WRR Weight and % of WRR Bandwidth.
QoS - DSCP Setup Figure 47: DSCP Setup Screen DSCP Setup DSCP The Differentiated Services Code Point value in the incoming packet. Priority Select the traffic forwarding queue, 1 to 7, to which the DSCP priority is mapped. Restore Defaults Click this button to restore the default DSCP values.
Administration Tab The Administration tab provides access to system administration settings and tools. Administration - Management Figure 48: Management Screen Local Gateway Access Gateway Userlist Select the desired Gateway User List. Gateway Username Enter the user name here. Gateway Password Enter the password. Re-enter to Confirm Retype the password in this field. SNMP SNMP Select Enable if you wish to use SNMP. To use SNMP, you need SNMP software on your PC.
Write Community Enter the SNMP community name for SNMP “Set” commands. Trap Community Enter the SNMP community name for SNMP “Trap” commands. Trap To Enter the IP Address of the SNMP Manager to which traps will be sent. If desired, this may be left blank. UPnP UPnP If you want to use UPnP, keep the default setting, Enable. Otherwise, select Disable. WLAN Management Via WLAN Select Enable or Disable. The default setting is Disable.
Administration - Log Figure 49: Log Screen Log Setting Log Level Select the log level(s) that the Router should record. Outgoing Log Select Enable to cause all outgoing packets to be logged. You can then click View Outgoing Table to display information on the outgoing packets including Source IP, Destination IP, and Service/Port number. Incoming Log Select Enable to cause all incoming packets to be logged.
Denial of Service Thresholds Enter the number of DoS (Denial of Service) attacks which need to be blocked by the built-in Firewall before an e-mail alert is sent. The minimum value is 20, the maximum value is 100. Log Queue Length The default is 0 entries (Router will e-mail the log if there are more than 50 entries). Log Time Threshold The default is 0 minutes (Router will e-mail the log every 10 minutes).
Administration - Diagnostic Figure 50: Diagnostic Screen Ping Test Parameters Ping Target IP Enter the IP address or URL that you want to ping. Ping Size Enter the size of the packet you want to use. Number of Pings Enter the number of times you wish to ping the target device. Ping Interval Enter the time period (milliseconds) between each ping. Ping Timeout Enter the desired time period (milliseconds).
Pair Identifies a specific pair (A, B, C, or D) in the cable. Each cable consists of 8 pins (4 pairs). Cable Length Displays the length of the cable in meters. Status Displays the status of the pair.
Administration - Backup & Restore Figure 51: Backup & Restore Screen Backup & Restore Backup & Restore To download a copy of the current configuration and store the file on your PC, click Backup to start the download. Restore & Configuration Restore & Configuration To restore a previously saved config file back to the Router, enter the file name in the field or click Browse to select the config file, then click Restore to upload the config file.
Administration - Factory Defaults Figure 52: Factory Defaults Screen Factory Defaults Restore Factory Defaults Button Click this button to reset all configuration settings to their factory default values. Any settings that have been saved will be lost when the default settings are restored. After clicking the button, another screen will appear. Click OK to continue. Another screen will appear while the system reboots.
Administration - Reboot Figure 53: Reboot Screen Reboot Reboot Click this button to reboot the Router. This operation will not cause the Router to lose any of its stored settings.
Administration - Firmware Upgrade To upgrade firmware, download the latest firmware for the product from www.linksys.com, extract it to your computer, and perform the steps below. Figure 54: Firmware Upgrade Screen Firmware Upgrade File Type in the name of the extracted firmware upgrade file or click Browse to locate the file. Start to Upgrade Once you have selected the appropriate file, click Start to Upgrade and follow the on-screen instructions to upgrade your firmware.
L2 Switch - Create VLAN VLANs are logical subgroups of a Local Area Network (LAN) created via software rather than defining a hardware solution. VLANs combine user stations and network devices into a single domain regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs managed through software reduce the amount of time in which network changes are implemented.
L2 Switch - VLAN & Port Assignment Figure 56: VLAN & Port Assignment Screen Port Settings Port Mode The table indicates each port’s current mode (Access, Trunk, or General e). Wireless can be enabled in Access Mode. Acceptable Ingress Frame Type Configure which kind of packet can be accepted in the port. Ingress Filtering Select the checkbox if you want to use Ingress Filtering. PVID Configure the PVID setting. VLAN Settings VLAN Select the VLAN whose membership you want to configure.
L2 Switch - Radius Figure 57: Radius Screen Radius Mode Select Enabled or Disabled from the drop-down menu to enable or disable RADIUS. Radius IP Enter the Server IP address. Radius UDP Port Enter the UDP port. The UDP port is used to verify the RADIUS server authentication. Radius Secret Enter the Key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This key must match the RADIUS server encryption key.
L2 Switch - Port Setting Figure 58: Port Setting Screen Port Setting Port Displays the physical port number. Link Displays the port duplex mode and speed. Full Duplex indicates that the interface supports transmission between the device and its link partner in both directions simultaneously. Half Duplex indicates that the interface supports transmission between the device and the client in only one direction at a time. Mode Select the port duplex mode and speed from the drop-down menu.
Setup L2 Switch - Statistics Figure 59: Statistics Screen Statistics Tx Bytes Displays the number of Bytes transmitted from the selected port. Tx Frames Displays the number of Frames transmitted from the selected port. Rx Bytes Displays the number of Bytes received on the selected port. Rx Frames Displays the number of Frames received on the selected port. Tx Errors Displays the number of error packets transmitted from the selected port.
L2 Switch - Port Mirroring Figure 60: Port Mirroring Screen Mirror Configuration Mirror Source Use this to enable or disable source port mirroring for each port on the Router. To enable source port mirroring on a port, check the box next to that port. To disable source port mirroring on a port, leave the box unchecked. The default is disabled. Mirror Port Select the mirror destination port from the drop-down menu.
Status - Gateway Figure 61: Gateway Screen WAN/Gateway Firmware Version Displays the Gateway’s current firmware. Mac Address Displays the Gateway MAC Address, as seen by your ISP. Current Time Displays the time, based on the time zone you selected on the Setup tab. Internet Connection Connection Type Displays the type of the connection. Interface Displays the Gateway Internet Interface. IP Address Displays the Gateway Internet IP Address.
DHCP. IP Conntrack Click this button to display the IP Conntrack screen. IP Conntrack Figure 62: IP Conntrack The IP Conntrack (Connection Tracking) screen displays information about TCP/UDP connections, such as source and destination IP address and port number pairs (known as socket pairs), protocol types (TCP/UDP/ICMP), connection state and timeouts. To see more information, click Next Page or Previous Page, or select the page from the Goto Page drop-down menu.
Status - Local Network Figure 63: Local Network Screen Local Network Current IP Address System This shows the current system. Mac Address This is the Router MAC Address, as seen on your local, Ethernet network. IP Address The Internet IP Address is displayed here. Subnet Mask This Subnet Mask is associated with the IP address above. IPv6 Address This shows the IPv6 IP address, if applicable. DHCP Server The status of the Router’s DHCP server function is displayed here.
Figure 64: DHCP Client Table Figure 65: ARP/RARP Table 98
Status - Wireless LAN This screen provides some basic information on the Wireless LAN of this Wireless Router. Figure 66: Wireless LAN Screen Wireless LAN Wireless IP Address Displays the IP address on the Wireless LAN interface. Mac Address Displays the MAC address on the Wireless LAN interface. Network Mode Displays the Wireless network operating mode (e.g. B/G/N-Mixed). Wireless SSID Displays the Wireless network name. Channel Bandwidth Displays the wireless channel bandwidth setting.
Status - System Performance This screen provides data packet statistics on the LAN switch and Wireless LAN of the Router. Figure 67: System Performance Screen All LAN ports / WLAN Packets Received This shows the number of packets received. Packets Sent This shows the number of packets sent. Bytes Received This shows the number of bytes received. Bytes Sent This shows the number of bytes sent. Error Packets Received This shows the number of error packets received.
Appendix A Specifications A Dual-Band Wireless-N VPN Router General Model RV220W Ports 10/100/1000 Base-T Ethernet, 12V DC Power Buttons Reset Cabling Type Type UTP CAT 5 LEDs Power, Diag, DMZ, Wireless, ETHERNET 1-4, Internet Wireless Transmit Power IEEE 802.11a: 23.92 dBm draft 802.11n Standard-20 MHz Channel mode: 24.52 dBm draft 802.11n Wide-40 MHz Channel mode: 23.82 dBm IEEE 802.11b: 19.26 dBm IEEE 802.11g: 20.74 dBm draft 802.11n Standard-20 MHz Channel mode: 20.65 dBm draft 802.
Setup/Config Web User Interface WebUI Built in Web UI for Easy browser-based configuration (HTTP/HTTPS) Management SNMP Version SNMP Version 1, 2c Event Logging Local, Syslog, E-mail Alerts Web F/W upgrade Firmware Upgradable Through Web-Browser Diagnostics DIAG LED for Flash and RAM failure; Ping Test for network diagnostics Security VPN 5 QuickVPN Tunnels for remote client access 5 IPSec Gateway-to-Gateway Tunnels for branch office connectivity 3DES Encryption MD5/SHA1 Authentication IPSec NAT-
Environment Device Dimensions (W x H x D) 170 x 131 x 170 mm Weight 0.99 lbs (0.45kg) Power 12V 1.25A Certification FCC class B, CE, ICES-003 Operating Temp. 0ºC to 40ºC (32ºF to 104ºF) Storage Temp.
