- Barricade ADSL Router Wireless Broadband Router with built-in ADSL Modem ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ Compatible with all leading DSLAMs Firewall (hacker attack logging, DoS, and client filtering) Supports DMT line modulation Four auto-negotiating 10/100 Ethernet ports Built-in print server PPTP, L2TP, and IPSec pass through Multiple user Internet access with a single-user account Supports PPPoE and PPPoA Plug & Play installation Web-based management User Guide SMC7404WBRA EU 
- Wireless Broadband Router with built-in ADSL Modem From SMC’s line of award-winning connectivity solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 January 2003 Part No: 750.9077, UK 750. 
- Information furnished is believed to be accurate and reliable. However, no responsibility is assumed by our company for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of our company. We reserve the right to change specifications at any time without notice. Copyright © 2003 by SMC Networks, Inc. 38 Tesla Irvine, CA 92618 All rights reserved. 
- LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. 
- LIMITED WARRANTY WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 
- COMPLIANCES FCC - Class B This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with instructions, may cause harmful interference to radio communications. 
- COMPLIANCES modifications in order to maintain uninterrupted service. If trouble is experienced with this equipment, please contact our company at the numbers shown on back of this manual for repair and warranty information. If the trouble is causing harm to the telephone network, the telephone company may request you to remove the equipment from the network until the problem is resolved. No repairs may be done by the customer. This equipment cannot be used on telephone company-provided coin service. 
- COMPLIANCES EC Conformance Declaration - Class B This information technology equipment complies with the requirements of the Council Directive 89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93/68/EEC. 
- COMPLIANCES vi 
- TABLE OF CONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 About the Barricade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
- TABLE OF CONTENTS Password Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PPPoE (PPP over Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . ATM . . . . . . . . . . . . . . . . 
- TABLE OF CONTENTS 5 Configuring Client TCP/IP . . . . . . . . . . . . . . . . . . . . 5-1 Windows 95/98/ME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Obtain IP Settings from Your ADSL Router . . . . . . . . . . . . . . . 5-5 Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Disable HTTP Proxy . . . . . . . . . . . . . . . 
- TABLE OF CONTENTS x 
- CHAPTER 1 INTRODUCTION Congratulations on your purchase of the Barricade Wireless Broadband Router with built-in ADSL Modem (SMC7404WBRA EU). We are proud to provide you with a powerful yet simple communication device for connecting your local area network (LAN) to the Internet. For those who want to surf the Internet in the most secure way, this Router provides a convenient and powerful solution. About the Barricade The Barricade provides Internet access to multiple users by sharing a single-user account. 
- INTRODUCTION 1-2 • NAT also enables multi-user Internet access via a single user account, and virtual server functionality (providing protected access to Internet services such as Web, FTP, e-mail, and Telnet). • VPN pass-through (IPSec-ESP Tunnel mode, L2TP, PPTP). • User-definable application sensing tunnel supports applications requiring multiple connections. • Easy setup through a Web browser on any operating system that supports TCP/IP. • Compatible with all popular Internet applications. 
- APPLICATIONS Applications Many advanced networking features are provided by the Barricade: • Wireless and Wired LAN The Barricade provides connectivity to wired 10/100 Mbps devices, and wireless IEEE 802.11b compatible devices, making it easy to create a network in small offices or homes. • Internet Access This device supports Internet access through a DSL connection. 
- INTRODUCTION • DMZ Host Support Allows a networked computer to be fully exposed to the Internet. This function is used when NAT and firewall security prevent an Internet application from functioning correctly. • Security The Barricade supports security features that deny Internet access to specified users, or filter all requests for specific services the administrator does not want to serve. 
- CHAPTER 2 INSTALLATION Before installing the Barricade Broadband Router with built-in ADSL Modem, verify that you have all the items listed under “Package Contents.” If any of the items are missing or damaged, contact your local distributor. or Service Provider where you acquired the router. Also be sure that you have all the necessary cabling before installing the Barricade. After installing the Barricade, refer to “Configuring the Barricade” on page 4-1. 
- INSTALLATION System Requirements You must meet the following minimum requirements: 2-2 • Internet access from your Internet Service Provider (ISP) using a DSL modem. • A PC using a fixed IP address or dynamic IP address assigned via DHCP, as well as a gateway server address and DNS server address from your service provider. • A computer equipped with a 10 Mbps, 100 Mbps, or 10/100 Mbps Fast Ethernet card, a USB-to-Ethernet converter, or an IEEE 802.11b wireless network adapter. 
- HARDWARE DESCRIPTION Hardware Description The Barricade contains an integrated DSL modem and connects to the Internet or to a remote site using its RJ-11 WAN port. It connects directly to your PC or to a local area network using any of the four RJ-45 Fast Ethernet LAN ports or via a wireless network adapter. Access speed to the Internet depends on your service type. Full-rate ADSL provides up to 8 Mbps downstream and 640 Kbps upstream. G.lite (or splitterless) ADSL provides up to 1. 
- INSTALLATION LEDs Verify Status Check the power and port LED indicators. LED Condition Status Power On The Barricade is receiving power. Normal operation. Off Power off or failure. On Ethernet Link. Flashing Send/Receive data. Off No Link. On ADSL connection is functioning correctly. Flashing Startup. Off ADSL connection is not established. Flashing Send/Receive data. Off No data transfering. 
- CONNECT THE SYSTEM Connect the ADSL Line Run standard telephone cable from the wall jack providing ADSL service to the WAN port on your Barricade. When inserting an ADSL RJ-11 plug, be sure the tab on the plug clicks into position to ensure that it is properly seated. If you are using splitterless ADSL service, be sure you add low-pass filters between the ADSL wall jack and your telephones. (These filters pass voice signals through but filter data signals out. 
- INSTALLATION Installing a Splitterless Connection If you are using a splitterless (G.lite) connection, then your service provider will attach the outside ADSL line directly to your phone system. 
- CONNECT THE SYSTEM inserting an RJ-45 connector, be sure the tab on the connector clicks into position to ensure that it is properly seated. Warning: Do not plug a phone jack connector into an RJ-45 port. This may damage the Barricade. Notes: 1. Use 100-ohm shielded or unshielded twisted-pair cable with RJ-45 connectors for all Ethernet ports. Use Category 3, 4, or 5 for connections that operate at 10 Mbps, and Category 5 for connections that operate at 100 Mbps. 2. 
- INSTALLATION 2-8 
- CHAPTER 3 CONFIGURING CLIENT PCS TCP/IP Configuration To access the Internet through the Barricade, you must configure the network settings of the computers on your LAN to use the same IP subnet as the Barricade. The default network settings for the Barricade are: IP Address: 192.168.2.1 Subnet Mask: 255.255.255. 
- CONFIGURING CLIENT PCS 3-2 
- CHAPTER 4 CONFIGURING THE BARRICADE After you have configured TCP/IP on a client computer, use a Web browser to configure the Barricade. The Barricade can be configured by any Java-supported browser including Internet Explorer 4.0 or above, or Netscape Navigator 4.0 or above. Using the Web management interface, you may configure the Barricade and view statistics to monitor network activity. To access the Barricade’s management interface, enter the IP address of the Barricade in your web browser: http://192. 
- CONFIGURING THE BARRICADE Navigating the Web Browser Interface The Barricade’s management interface consists of a Setup Wizard and an Advanced Setup section. Setup Wizard: Use the Setup Wizard if you want to quickly set up the Barricade. Go to “Setup Wizard” on page 4-3. Advanced Setup: Advanced Setup supports more advanced functions like hacker attack detection, IP and MAC address filtering, virtual server setup, virtual DMZ host, as well as other functions. Go to “Advanced Setup” on page 4-13. 
- SETUP WIZARD Setup Wizard Time Zone Click on “Setup Wizard.” The first item in the Setup Wizard is Time Zone setup. For accurate timing of log entries and system events, you need to set the time zone. Select your time zone from the drop-down list. If your area requires it, check to enable the clock for daylight saving changes, and enter the Daylight Saving Time start and end dates for your location. 
- CONFIGURING THE BARRICADE Internet Sharing Select the operation mode. Go to “PPPoE & PPPoA” on page 4-7 if you will use either of these modes, and go to “Multiple Protocol over ATM Mode” on page 4-10 if you will use multiple protocol routing mode. 
- SETUP WIZARD Parameter Setting Parameter Description VPI/VCI Data flows are broken up into fixed length cells, each of which contains a Virtual Path Identifier (VPI) that identifies the path between two nodes, and a Virtual Circuit Identifier (VCI) that identifies the data channel within that virtual path. Each virtual circuit maintains a constant flow of cells between the two end points. When there is no data to transmit, empty cells are sent. 
- CONFIGURING THE BARRICADE Finish Parameter Description Protocol Indicates the protocol used. VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). AAL5 Encapsulation Shows the packet encapsulation type. Your Barricade is now set up. Go to “Troubleshooting” on page A-1 if you cannot make a connection to the Internet. 
- SETUP WIZARD PPPoE & PPPoA Parameter Description Username Enter the ISP assigned user name. Password Enter your password. Retype Password Confirm the password. DNS Enter a Domain Name Server IP address. VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). 
- CONFIGURING THE BARRICADE Finish Parameter Description ADSL Operation Mode (WAN) Protocol Indicates the protocol used VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). AAL5 Encapsulation Shows the packet encapsulation type. ISP Parameters 4-8 Username The ISP assigned user name. Password The password (hidden). 
- SETUP WIZARD Parameter Description DHCP Parameters Default Gateway The default gateway IP address. If the Barricade cannot find the destination address within its local network, it will forward the packets to the Default Gateway (usually supplied by your ISP). Subnet Mask The network subnet mask. Name Server 1 Primary name server IP address. Name Server 2 Alternate name server IP address. Name Server 3 Alternate name server IP address. 
- CONFIGURING THE BARRICADE Multiple Protocol over ATM Mode Parameter Description DNS Enter a Domain Name Server IP address. WAN IP Enter an IP address for the Barricade WAN interface. Subnet Mask Enter a subnet mask. VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). 
- SETUP WIZARD Finish Parameter Description ADSL Operation Mode (WAN) Protocol Indicates the protocol used. VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). AAL5 Encapsulation Shows the packet encapsulation type. Network Layer Parameters (WAN) IP Address Shows the WAN IP address. Subnet Mask Shows the WAN subnet mask. Default Gateway Shows the WAN default gateway. 
- CONFIGURING THE BARRICADE Parameter Description DHCP Parameters Default Gateway The default gateway IP address. If the Barricade cannot find the destination address within its local network, it will forward the packets to the Default Gateway (usually supplied by your ISP). Subnet Mask The network subnet mask. Name Server 1 Primary name server IP address. Name Server 2 Alternate name server IP address. Name Server 3 Alternate name server IP address. 
- ADVANCED SETUP Advanced Setup Clicking “Advanced Setup” displays the main menu on the left-hand side of the screen and descriptive information on the right-hand side. The Main Menu links are used to navigate to other menus that display configuration parameters and statistics. Navigating the Web Browser Interface The Barricade’s advanced management interface contains eleven main menu items – System, WAN, LAN, Wireless, NAT, Routing system, Firewall, SNMP, ADSL, Tools, and Status. 
- CONFIGURING THE BARRICADE The following table briefly describes the “Advanced Setup” menu items. Menu Description System Sets the local time zone, the password for administrator access, the IP address of a PC that will be allowed to manage the Barricade remotely, and the IP address of a Domain Name Server. WAN Specifies the Internet connection settings. LAN Sets the TCP/IP configuration for the Barricade LAN interface and DHCP clients. Wireless Sets wireless parameters and encryption settings. 
- SYSTEM SETTINGS Note: To ensure proper screen refresh after a command entry, check that Internet Explorer 5.0 is configured as follows: Under the menu “Tools/Internet Options/General/Temporary Internet Files/ Settings,” the setting for “Check for newer versions of stored pages” should be “Every visit to the page.” System Settings Time Zone Set your local time zone. This information is used for log entries and client filtering. 
- CONFIGURING THE BARRICADE Password Settings Use this page to restrict access based on a password. By default, there is no password. For security you should assign one before exposing the Barricade to the Internet. Passwords can contain from 3–12 alphanumeric characters and are not case sensitive. Note: If your password is lost, or you cannot gain access to the user interface, press the reset button (colored blue) on the rear panel (holding it down for at least five seconds) to restore the factory defaults. 
- SYSTEM SETTINGS Remote Management By default, management access is only available to users on your local network. However, you can also manage the Barricade from a remote host by entering the IP address of a remote computer on this screen. Check the “Enabled” box to enable this function. Note: If you check “Enabled” and specify an IP address of 0.0.0.0, any host can manage the Barricade. 
- CONFIGURING THE BARRICADE DNS Domain Name Servers are used to map a domain name (e.g., www.smc.com) to the equivalent numerical IP address (e.g., 64.147.25.20). Your ISP should provide the IP address of one or more domain name servers. Enter those addresses on this page. 
- WAN WAN PPPoE (PPP over Ethernet) Parameter Description Enable/Disable Enables/disables the PPPoE Interface. IP Address If your IP address is assigned by the ISP each time you connect, leave this field all zeros. Otherwise, enter your ISP supplied static IP address here. Subnet Mask If your subnet mask is assigned by the ISP each time you connect, leave this field all zeros. Otherwise, enter your subnet mask here. 
- CONFIGURING THE BARRICADE Parameter Description VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). Data flows are broken up into fixed length cells, each of which contains a Virtual Path Identifier (VPI) that identifies the path between two nodes, and a Virtual Circuit Identifier (VCI) that identifies the data channel within that virtual path. Each virtual circuit maintains a constant flow of cells between the two end points. 
- WAN ATM Parameter Protocol IP Address Description • Disable: Disables the connection. • 1483 Bridging: Bridging is a standardized layer 2 technology. It is typically used in corporate networks to extend the physical reach of a single LAN segment and increase the number of stations on a LAN without compromising performance. Bridged data is encapsulated using the RFC1483 protocol to enable data transport. 
- CONFIGURING THE BARRICADE Parameter VPI/VCI Description Virtual Path Indicator/Virtual Channel Indicator: Each connection must have a unique pair of VPI/VCI settings. Encapsulation Specifies how to handle multiple protocols at the ATM transport layer. • VC-MUX: Point-to-Point Protocol over ATM Virtual Circuit Multiplexer (null encapsulation) allows only one protocol running per virtual circuit with less overhead. 
- LAN LAN Parameter Description LAN IP IP Address The IP address of the Barricade. IP Subnet Mask Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI). DHCP Server To dynamically assign an IP address to client PCs, enable the DHCP (Dynamic Host Configuration Protocol) Server. Lease Time Set the DHCP lease time. 
- CONFIGURING THE BARRICADE Parameter Description IP Address Pool Start IP Address Specify the start IP address of the DHCP pool. Do not include the gateway address of the Barricade in the client address pool. If you change the pool range, make sure the first three octets match the gateway’s IP address, i.e., 192.168.2.xxx. End IP Address Specify the end IP address of the DHCP pool. Domain Name If your network uses a domain name, enter it here. 
- WIRELESS Wireless The Barricade also operates as a wireless-to-wired bridge, allowing wireless computers to access resources available on the wired LAN, and to access the Internet. To configure the Barricade as a wireless access point for wireless clients (either stationary or roaming), all you need to do is enable the wireless function, define the radio channel, the domain identifier, and the encryption options. 
- CONFIGURING THE BARRICADE Channel and SSID Parameter Description ESSID Extended Service Set ID. The ESSID must be the same on the Barricade and all of your wireless clients. Transmission Rate The default is Fully Automatic. The transmission rate is automatically adjusted based on the receiving data error rate. Usually the connection quality will vary depending on the distance between the wireless hub and wireless adapter. 
- WIRELESS Encryption If you are transmitting sensitive data across wireless channels, you should enable encryption. You must use the same set of encryption keys for the Barricade and all of the wireless clients. Choose between standard 64-bit WEP (Wired Equivalent Privacy) or the more robust 128-bit encryption. You may automatically generate encryption keys or manually enter the keys. For automatic 64-bit key generation, enter a passphrase and click “Generate.” Four keys will be generated. 
- CONFIGURING THE BARRICADE To manually configure the keys, enter five hexadecimal pairs of digits for each 64-bit key, or enter 13 pairs for the single 128-bit key. (A hexadecimal digit is a number or letter in the range 0-9 or A-F.) If you use encryption, configure the same keys used for the Barricade on each of your wireless clients. Note that WEP protects data transmitted between wireless nodes, but does not protect transmissions over your wired network or over the Internet. 
- WIRELESS MAC Address Filtering 4-29 
- CONFIGURING THE BARRICADE Client computers can be filtered using the unique MAC address of their IEEE 802.11 network card. To secure an access point using MAC address filtering, you must enter a list of allowed/denied client MAC addresses into the filtering table. (See “Finding the MAC address of a Network Card” on page 4-61.) Parameter Description Filtering Disable Disables MAC address filtering. Enable Enables MAC address filtering. 
- NAT Address Mapping Use “Address Mapping” to allow a limited number of public IP addresses to be translated into multiple private IP addresses for use on the internal LAN network. This also hides the internal network for increased privacy and security. 
- CONFIGURING THE BARRICADE Virtual Server 4-32 
- NAT If you configure the Barricade as a virtual server, remote users accessing services such as Web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addresses. In other words, depending on the requested service (TCP/UDP port number), the Barricade redirects the external service request to the appropriate server (located at another internal IP address). 
- CONFIGURING THE BARRICADE Routing System These pages define routing related parameters, including static routes and RIP (Routing Information Protocol) parameters. Static Route Parameter Description Index Check the box of the route you wish to delete or modify. Network Address Enter the IP address of the remote computer for which to set a static route. Subnet Mask Enter the subnet mask of the remote network for which to set a static route. 
- ROUTING SYSTEM RIP Parameter Description Interface The WAN interface to be configured. Operation Mode Disable: RIP disabled on this interface. Enable: RIP enabled on this interface. Silent: Listens for route broadcasts and updates its route table. It does not participate in sending route broadcasts. Version Sets the RIP (Routing Information Protocol) version to use on this interface. Poison Reverse A way in which a router tells its neighbor routers that one of the routers is no longer connected. 
- CONFIGURING THE BARRICADE Parameter Authentication Required Description • None: No authentication. • Password: A password authentication key is included in the packet. If this does not match what is expected, the packet will be discarded. This method provides very little security as it is possible to learn the authentication key by watching RIP packets. 
- ROUTING SYSTEM Routing Table Parameter Description Flags Indicates the route status: C = Direct connection on the same subnet. S = Static route. R = RIP (Routing Information Protocol) assigned route. I = ICMP (Internet Control Message Protocol) Redirect route. Network Address Destination IP address. Netmask The subnetwork associated with the destination. This is a template that identifies the address bits in the destination address used for routing to specific subnets. 
- CONFIGURING THE BARRICADE Note: Most modern routers support RIP-2 so there is usually no need for a static route table. Firewall The Barricade’s firewall enables access control of client PCs, blocks common hacker attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding. The firewall does not significantly affect system performance and we advise leaving it enabled to protect your network. 
- FIREWALL Access Control 4-39 
- CONFIGURING THE BARRICADE Access Control allows users to define the outgoing traffic permitted or not-permitted through the WAN interface. The default is to permit all outgoing traffic. (See the following page for details.) The Barricade can also limit the access of hosts within the local area network (LAN). The MAC Filtering Table allows the Barricade to enter up to 32 MAC addresses that are not allowed access to the WAN port. 
- FIREWALL Access Control: Add PC 4-41 
- CONFIGURING THE BARRICADE URL Blocking The Barricade allows the user to block access to Web sites from a particular PC by entering either a full URL address or just a keyword. This feature can be used to protect children from accessing violent or pornographic Web sites. 
- FIREWALL Schedule Rule You may filter Internet access for local clients based on rules. Each access control rule may be activated at a scheduled time. Define the schedule on the “Schedule Rule” page, and apply the rule on the “Access Control” page. 1. Click “Add Schedule Rule.” 2. Define the appropriate settings for a schedule rule (as shown on the following screen). 
- CONFIGURING THE BARRICADE 3. Click “OK” and then click “APPLY” to save your settings. 
- FIREWALL Intrusion Detection 4-45 
- CONFIGURING THE BARRICADE The Barricade’s firewall inspects packets at the application layer, maintains TCP and UDP session information including timeouts and number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as DoS attacks. Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. 
- FIREWALL Parameter Defaults Stateful Packet Inspection Description This option allows you to select different application types that are using dynamic port numbers. If you wish to use Stateful Packet Inspection (SPI) for blocking packets, click on the “Yes” radio button in the “Enable SPI and Anti-DoS firewall protection” field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, FTP Service, H.323 Service, and TFTP Service. 
- CONFIGURING THE BARRICADE Parameter RIP Defect Defaults Description Enabled If the router does not reply to an IPX RIP request packet, it will stay in the input queue and not be released. Accumulated packets could cause the input queue to fill, causing severe problems for all protocols. Enabling this feature prevents the packets accumulating. When hackers attempt to enter your network, we can alert you by e-mail Your E-Mail Address Enter your e-mail address. 
- FIREWALL Parameter H.323 data channel idle timeout Defaults Description 180 sec The length of time for which an H.323 session will be managed if there is no activity. DoS Detect Criteria Total incomplete 300 sessions Defines the rate of new unestablished sessions TCP/UDP that will cause the software to start deleting sessions HIGH half-open sessions. 
- CONFIGURING THE BARRICADE DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only use this option as a last resort. 
- SNMP SNMP Community Use the SNMP configuration screen to display and modify parameters for the Simple Network Management Protocol (SNMP). A computer attached to the network, called a Network Management Station (NMS), can be used to access this information. Access rights to the agent are controlled by community strings. To communicate with the Barricade, the NMS must first submit a valid community string for authentication. 
- CONFIGURING THE BARRICADE Trap Parameter Description IP Address Traps are sent to this address when errors or specific events occur on the network. Community A community string (password) specified for trap management. Enter a word, something other than public or private, to prevent unauthorized individuals from reading information on your system. Version Sets the trap status to disabled, or enabled with V1 or V2c. 
- ADSL ADSL Parameters Parameter Operation Mode Address 3C etc. Description • Automatic • ETSI DTS/TM-06006 standard. • G.992.1 standard Reserved. 
- CONFIGURING THE BARRICADE Status 4-54 
- ADSL Parameter Description Status Line Status Shows the current status of the ADSL line. Data Rate Upstream Actual and maximum upstream data rate. Downstream Actual and maximum downstream data rate. Operation Data/ Defect Indication Noise Margin Upstream Minimum noise margin upstream. Downstream Minimum noise margin downstream. Output Power Maximum fluctuation in the output power. Attenuation Upstream Maximum reduction in the strength of the upstream signal. 
- CONFIGURING THE BARRICADE Parameter Description Loss of Power Defect Failures due to loss of power. Fast Path HEC Error Fast Path Header Error Concealment errors. Interleaved Path HEC Error Interleaved Path Header Error Concealment errors. Statistics (Superframes represent the highest level of data presentation. Each superframe contains regular ADSL frames, one of which is used to provide superframe synchronization, identifying the start of a superframe. 
- TOOLS Tools Use the “Tools” menu to backup the current settings, to restore previously saved settings, or restore the factory default settings. Configuration Tools Check “Backup” and click “More Configuration” to save your Barricade’s configuration to a file named config.bin on your PC. You can then check the “Restore” radio button and click “More Configuration” to restore the saved backup configuration file. 
- CONFIGURING THE BARRICADE Firmware Upgrade Use this screen to update the firmware or user interface to the latest versions. In the “Upgrade Target” field, choose “Firmware” or “User Interface” depending on which you want to update. Then click “Browse” to browse for the previously downloaded file. Note: For latest firmware/user interface version information and download, visit SMC’s Web site at www.smc.com. 
- TOOLS Reset Perform a reset from this page. The configurations will not be changed back to the factory default settings. Note: If you use the reset button on the rear panel, the Barricade performs a power reset and restores the factory settings. 
- CONFIGURING THE BARRICADE Status The Status screen displays WAN/LAN connection status, firmware and hardware version numbers, as well as information on DHCP clients connected to your network. The security log may be saved to a file by clicking “Save” and choosing a location. 
- FINDING THE MAC ADDRESS OF A NETWORK CARD The following items are included on this screen: Parameter Description INTERNET Displays WAN connection type and status. GATEWAY Displays system IP settings, as well as DHCP Server and Firewall status. INFORMATION Displays the number of attached clients, the firmware versions, the physical MAC address for each media interface, and for the Barricade, as well as the hardware version and serial number. 
- CONFIGURING THE BARRICADE 4-62 
- CHAPTER 5 CONFIGURING CLIENT TCP/IP After completing hardware setup by connecting all your network devices, you need to configure your computer to connect to the Barricade. First determine how your ISP issues your IP address. Many ISPs issue these numbers automatically using Dynamic Host Configuration Protocol (DHCP). Other ISPs provide a static IP address and associated numbers, which you must enter manually. How your ISP assigns your IP address determines how you need to configure your computer. 
- CONFIGURING CLIENT TCP/IP 2. In “Control Panel” double-click the “Network” icon. 3. In the “Network” window, under the “Configuration” tab, double-click the “TCP/ IP” item listed for your network card. 4. Select the “IP Address” tab. 5. If “Obtain an IP address automatically” is already selected, your computer is already configured for DHCP. Click “Cancel” to close each window, and skip to “Disable HTTP Proxy” on page 5-4.” If not, locate your IP address and subnet mask. 
- WINDOWS 95/98/ME 6. Click the “Gateway” tab and record the numbers listed under “Installed gateways.” 7. Click the “DNS Configuration” tab. Locate the DNS servers listed under “DNS Server Search Order.” Record any listed addresses. 8. After writing down your settings, check to make sure you have recorded them correctly. Click the “IP Address” tab and then click “Obtain an IP address automatically.” Click “OK.” 9. Windows may need your Windows 95/98/ME CD to copy some files. 
- CONFIGURING CLIENT TCP/IP Disable HTTP Proxy You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. The following steps are for Internet Explorer and Netscape. Determine which browser you use and follow the appropriate steps. Internet Explorer 1. Open Internet Explorer and click the stop button. Click “Tools,” then “Internet Options.” 2. In the “Internet Options” window, click the “Connections” tab. 
- WINDOWS 95/98/ME Netscape 1. Open Netscape and click the stop button. Click “Edit,” then click “Preferences...” 2. In the “Preferences” window, under “Category” double-click “Advanced,” then click “Proxies.” Select “Direct connection to the Internet.” Click “OK.” 3. Repeat these steps for each Windows 95/ 98/ME computer connected to your Barricade. Obtain IP Settings from Your ADSL Router Now that you have configured your computer to connect to your Barricade, it needs to obtain new network settings. 
- CONFIGURING CLIENT TCP/IP 2. Type “WINIPCFG” and click “OK.” It may take a second or two for the “IP Configuration” window to appear. 3. From the drop-down menu, select your network card. Click “Release” and then “Renew.” Verify that your IP address is now 192.168.2.xxx, your Subnet Mask is 255.255.255.0 and your Default Gateway is 192.168.2.1. These values confirm that your Barricade is functioning. Click “OK” to close the “IP Configuration” window. Windows NT 4. 
- WINDOWS NT 4.0 Follow these instructions: 1. From the Windows desktop click “Start/ Settings/Control Panel.” 2. Double-click the “Network” icon. 3. Select the “Protocols” tab. 4. Double-click “TCP/IP Protocol.” 5. Select the “IP Address” tab. 6. In the “Adapter” drop-down list, be sure your Ethernet adapter is selected. 7. If “Obtain an IP address automatically” is already selected, your computer is already configured for DHCP. 
- CONFIGURING CLIENT TCP/IP 8. In the “TCP/IP Properties” dialog box, under the IP address tab, locate your IP address, subnet mask, and default gateway. Record these values in the spaces provided below. 9. Click the “DNS” tab to see the primary and secondary DNS servers. Record these values in the spaces provided below. 10. After writing down your IP settings, click the IP address tab. Select “Obtain IP address automatically” and click “OK.” Click “OK” again to close the “Network” window. 11. 
- WINDOWS NT 4.0 Disable HTTP Proxy You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. Determine which browser you use and refer to “Internet Explorer” on page 5-4 or “Netscape” on page 5-5. Obtain IP Settings from Your Barricade Now that you have configured your computer to connect to your Barricade, it needs to obtain new network settings. 
- CONFIGURING CLIENT TCP/IP 3. Type “IPCONFIG /RENEW” and press the  key. Verify that your IP Address is now 192.168.2.xxx, your Subnet Mask is 255.255.255.0 and your Default Gateway is 192.168.2.1. These values confirm that your Barricade is functioning. 4. Type “EXIT” and press  to close the “Command Prompt” window. Your computer is now configured to connect to the Barricade. 
- WINDOWS 2000 Windows 2000 1. On the Windows desktop, click “Start/Settings/ Network and Dial-Up Connections.” 2. Click the icon that corresponds to the connection to your Barricade. 3. The connection status screen will open. Click “Properties. 
- CONFIGURING CLIENT TCP/IP 4. Double-click “Internet Protocol (TCP/IP).” 5. If there is IP Address information on the “Internet Protocol (TCP/ IP) Properties” dialog box, it should be recorded. Use the spaces below to record the current settings. 6. If “Obtain an IP address automatically” and “Obtain DNS server address automatically” are already selected, your computer is already configured for DHCP. Click “Cancel” to close each window, and skip to “Disable HTTP Proxy” on page 5-13.” 7. 
- WINDOWS 2000 Disable HTTP Proxy You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. Determine which browser you use and refer to “Internet Explorer” on page 5-4 or “Netscape” on page 5-5. Obtain IP Settings from Your Barricade Now that you have configured your computer to connect to your Barricade, it needs to obtain new network settings. 
- CONFIGURING CLIENT TCP/IP 3. Type “IPCONFIG /RENEW” and press the  key. Verify that your IP Address is now 192.168.2.xxx, your Subnet Mask is 255.255.255.0 and your Default Gateway is 192.168.2.1. These values confirm that your ADSL Router is functioning. 4. Type “EXIT” and press  to close the “Command Prompt” window. Your computer is now configured to connect to the Barricade. 
- WINDOWS XP Windows XP 1. Click “start/Control Panel.” 2. In “Control Panel” click “Network and Internet Connections.” 3. The “Network Connections” screen will open. Double-click the connection for this device. 4. On the connection status screen, click “Properties. 
- CONFIGURING CLIENT TCP/IP 5. Double-click “Internet Protocol (TCP/IP).” 6. If there is IP Address information on the “Internet Protocol (TCP/IP) Properties” dialog box, it should be recorded. Use the spaces below to record the current settings. 7. If “Obtain an IP address automatically” and “Obtain DNS server address automatically” are already selected, your computer is already configured for DHCP. Click “Cancel” to close each window, and skip to “Disable HTTP Proxy” on page 5-17.” 8. 
- WINDOWS XP Disable HTTP Proxy You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. Determine which browser you use and refer to “Internet Explorer” on page 5-4 or “Netscape” on page 5-5. Obtain IP Settings from Your Barricade Now that you have configured your computer to connect to your Barricade, it needs to obtain new network settings. 
- CONFIGURING CLIENT TCP/IP 3. Type “IPCONFIG /RENEW” and press the  key. Verify that your IP Address is now 192.168.2.xxx, your Subnet Mask is 255.255.255.0 and your Default Gateway is 192.168.2.1. These values confirm that your ADSL Router is functioning. Type “EXIT” and press  to close the “Command Prompt” window. Your computer is now configured to connect to the Barricade. 
- CONFIGURING YOUR MACINTOSH COMPUTER Configuring Your Macintosh Computer You may find that the instructions here do not exactly match your operating system. This is because these steps and screenshots were created using Mac OS 8.5. Mac OS 7.x and above are similar, but may not be identical to Mac OS 8.5. Follow these instructions: 1. Pull down the Apple Menu. Click “Control Panels” and select “TCP/IP.” 2. In the TCP/IP dialog box, make sure “Ethernet” is selected in the “Connect via:” field. 
- CONFIGURING CLIENT TCP/IP 3. If “Using DHCP Server” is already selected in the “Configure” field, your computer is already configured for DHCP. Close the TCP/IP dialog box, and skip to “Disable HTTP Proxy” on page 5-21.” 4. If there is IP Address information on the “TCP/IP” screen, it should be recorded. Use the spaces below to record the current settings. 5. After writing down your IP settings, select “Using DHCP Server” in the “Configure” field and close the window. 6. 
- CONFIGURING YOUR MACINTOSH COMPUTER Disable HTTP Proxy You need to verify that the “HTTP Proxy” feature of your Web browser is disabled. This is so that your browser can view the Barricade’s HTML configuration pages. The following steps are for Internet Explorer and Netscape. Determine which browser you use and follow the appropriate steps. Internet Explorer 1. Open Internet Explorer and click the stop button. Click “Edit” and select “Preferences.” 2. 
- CONFIGURING CLIENT TCP/IP Netscape 1. Open Netscape and click the stop button. Click “Edit” and select “Preferences.” 2. In the “Preferences” dialog box, in the left-hand column labeled Category,” select “Advanced.” Under the “Advanced” category, select “Proxies.” 3. Select “Direct Connection to the Internet” and click “OK. 
- CONFIGURING YOUR MACINTOSH COMPUTER Obtain IP Settings from Your Barricade Now that you have configured your computer to connect to your Barricade, it needs to obtain new network settings. By releasing old DHCP IP settings and renewing them with settings from your Barricade, you can verify that you have configured your computer correctly. 1. Pull down the Apple Menu. Click “Control Panels” and select TCP/IP. 2. Your new settings are shown in the TCP/IP window. Verify that your IP Address is now 192.168.2. 
- CONFIGURING CLIENT TCP/IP 5-24 
- CHAPTER 6 CONFIGURING PRINTER SERVICES To use the print server built into the Barricade, you must first install the Port Monitor program as described in the following section for Windows 95/98/Me. To set up the Barricade Print Server for Windows NT, go to page 6-4. For Windows 2000/XP, see “Printer Server Setup in Windows 2000/XP” on page 6-6. For Unix, see “Printer Server Setup in Unix Systems” on page 6-8. 
- PRINTER SERVER SETUP IN WINDOWS 95/98/ME 2. The next screen indicates that the print client uses the TCP/IP network protocol to monitor print requests. Click “Next.” 3. Select the destination folder and click on the “Next” button. The setup program will then begin to install the programs into the destination folder. 
- CONFIGURING PRINTER SERVICES 4. Select the Program Folder that will contain the program icon for uninstalling the port monitor, and then click “Next.” 5. Enter the printer port name that will be used to identify the port monitor in your system, and click “Next.” 6. When the setup program finishes installing the port monitor, check “Yes, I want to restart my computer now” and then click “OK. 
- PRINTER SERVER SETUP IN WINDOWS NT Printer Server Setup in Windows NT 1. On a Windows NT platform, open the Printers window in the My Computer menu, and double-click the “Add Printer” icon. 2. Follow the prompts to add a local printer to your system. 
- CONFIGURING PRINTER SERVICES 3. Select the monitored port. The default port name is “SMC100.” Then click the “Configure Port” button. 4. Enter the IP address of the Barricade and click “OK.” Click “Next” in the Add Printer Wizard dialog box. 5. Specify the printer type attached to the Barricade. 6. Continue following the prompts to complete the installation of the Barricade print server. The printer type you specified will now be added to your Printers menu. 
- PRINTER SERVER SETUP IN WINDOWS 2000/XP Printer Server Setup in Windows 2000/XP You may find that the instructions here do not exactly match your version of Windows. This is because these steps and most of the screenshots were created in Windows 2000. Windows XP is similar, but not identical, to Windows 2000. 1. On a Windows 2000/XP platform, open the Printers window from the Start menu, and double-click the “Add Printer” icon. 
- CONFIGURING PRINTER SERVICES 2. Follow the prompts to add a local printer to your system. 3. Specify the printer type attached to the Barricade. 
- PRINTER SERVER SETUP IN UNIX SYSTEMS 4. Select the monitored port. The default port name is “SMC100.” Click the “Configure Port” button. 5. Enter the IP address of the Barricade and click “OK.” Then click “Next” in the Add Printer Wizard dialog box. 6. Continue following the prompts to complete the installation of the Barricade print server. The printer will now be added to your Printers menu. 
- APPENDIX A TROUBLESHOOTING This section describes common problems you may encounter and possible solutions to them. The Barricade can be easily monitored through panel indicators to identify problems. Troubleshooting Chart Symptom Action LED Indicators Power LED is Off • Check connections between the Barricade, the external power supply, and the wall outlet. 
- TROUBLESHOOTING Troubleshooting Chart Symptom Action LED Indicators Link LED is Off • Verify that the Barricade and attached device are powered on. • Be sure the cable is plugged into both the Barricade and the corresponding device. • Verify that the proper cable type is used and that its length does not exceed the specified limits. • Be sure that the network interface on the attached device is configured for the proper communication speed and duplex mode. 
- TROUBLESHOOTING Troubleshooting Chart Symptom Action Management Problems Cannot connect using the Web browser Forgot or lost the password • Be sure to have configured the Barricade with a valid IP address, subnet mask, and default gateway. • Check that you have a valid network connection to the Barricade and that the port you are using has not been disabled. • Check the network cabling between the management station and the Barricade. 
- TROUBLESHOOTING Troubleshooting Chart Symptom Action Wireless Problems A wireless PC cannot associate with the Barricade. • Make sure the wireless PC has the same SSID settings as the Barricade. See “Channel and SSID” on page 26. • You need to have the same security settings on the clients and the Barricade. See “Encryption” on page 27. The wireless network is often interrupted. • Move your wireless PC closer to the Barricade to find a better signal. 
- APPENDIX B CABLES Ethernet Cable Caution: Do not plug a phone jack connector into an RJ-45 port. For Ethernet connections, use only twisted-pair cables with RJ-45 connectors that conform to FCC standards. Specifications Cable Types and Specifications Cable 10BASE-T Type Cat. 3, 4, 5 100-ohm UTP 100BASE-TX Cat. 5 100-ohm UTP Max. Length Connector 100 m (328 ft) RJ-45 100 m (328 ft) RJ-45 Wiring Conventions For Ethernet connections, a twisted-pair cable must have two pairs of wires. 
- CABLES RJ-45 Port Ethernet Connection Use the straight-through CAT -5 Ethernet cable provided in the package to connect the Barricade to your PC. When connecting to other network devices such as an Ethernet switch, use the cable type shown in the following table. Attached Device Port Type Connecting Cable Type MDI-X Straight-through MDI Crossover Pin Assignments With 10BASE-T/100BASE-TX cable, pins 1 and 2 are used for transmitting data, and pins 3 and 6 for receiving data. 
- RJ-45 PORT ETHERNET CONNECTION Straight-Through Wiring If the port on the attached device has internal crossover wiring (MDI-X), then use straight-through cable. Straight-Through Cable Pin Assignments End 1 End 2 1 (Tx+) 1 (Tx+) 2 (Tx-) 2 (Tx-) 3 (Rx+) 3 (Rx+) 6 (Rx-) 6 (Rx-) Crossover Wiring If the port on the attached device has straight-through wiring (MDI), use crossover cable. 
- CABLES ADSL Cable Connection Use standard telephone cable to connect the RJ-11 telephone wall outlet to the RJ-11 ADSL port on the ADSL Router. Caution: Do not plug a phone jack connector into an RJ-45 port. Specifications Cable Types and Specifications Cable Type Connector ADSL Line Standard Telephone Cable RJ-11 Wiring Conventions For ADSL connections, a cable requires one pair of wires. Each wire is identified by different colors. 
- Blue/White White/Blue White/Orange Blue/White White/Blue Orange/White Black Red Green Yellow ADSL CABLE CONNECTION R1 T1 T2 R1 T1 R2 T2 R1 T1 R2 123456 123456 123456 6x2 Jack 6x4 Jack 6x4 Jack T = Tip R = Ring Pin Signal Name Wire Color 1 Not used 2 Line 2 Tip Black or White/ Orange 3 Line 1 Ring Red or Blue/ White 4 Line 1 Tip Green or White/Blue 5 Line 2 Ring Yellow or Orange/ White 6 Not used Figure B-3. 
- CABLES B-6 
- APPENDIX C SPECIFICATIONS Standards Compliance CE Mark Emissions FCC Class B VCCI Class B Industry Canada Class B EN55022 (CISPR 22) Class B C-Tick - AS/NZS 3548 (1995) Class B Immunity EN 61000-3-2/3 EN 61000-4-2/3/4/5/6/8/11 Safety UL 1950 EN60950 (TÜV) CSA 22.2 No. 950 IEEE 802.3 10 BASE-T Ethernet IEEE 802.3u 100 BASE-TX Fast Ethernet IEEE 802.11b Wireless LAN Modem Standards ITU G.992.1 (G.dmt) ITU G.992.2 (G.Lite) ITU G.994.1 (G.handshake) ITU T. 
- SPECIFICATIONS WAN Interface 1 ADSL RJ-11 port Indicator Panel Power, Ethernet, ADSL Syn, ADSL Data Dimensions 220 x 132.8 x 30.5 mm (8.66 x 5.23 x 1.20 in) Weight 0.6 kg (1.32 lbs) Input Power 12 V 1 A Power Consumption 12 Watts max. 
- FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 8700; Fax: 44 (0) 118 974 8701 INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc-europe.com Driver updates: http://www.smc.com/index.cfm?action=tech_support_drivers_downloads World Wide Web: http://www.smc.com/ http://www.smc-europe.com/ FOR LITERATURE OR ADVERTISING RESPONSE, CALL: U.S.A.