User's Manual

ManualsBrandsWuxi MitraStar Technology ManualsElectronics802.11n 2x2 Wireless ADSL2+ 4-port Gateway

171

172

173

174

175

176

177

178

179

180

Table Of Contents

DSL-100HNU-T1 v3 User’s Guide
Contents
Introduction
- 1.1 Overview
- 1.2 Ways to Manage the Device
- 1.3 Good Habits for Managing the Device
- 1.4 Applications for the Device
  - 1.4.1 Internet Access
- 1.5 Wireless Access
  - 1.5.1 Using the WLAN/WPS Button
- 1.6 The RESET Button
  - 1.6.1 Using the Reset Button
- 1.7 LEDs (Lights)
Introducing the Web Configurator
- 2.1 Overview
  - 2.1.1 Accessing the Web Configurator
- 2.2 The Web Configurator Layout
  - 2.2.1 Title Bar
  - 2.2.2 Main Window
Quick Start
- 3.1 Overview
- 3.2 Quick Start Setup
Connection Status and System Info
- 4.1 Overview
- 4.2 The Connection Status Screen
- 4.3 The System Info Screen
WAN Setup
- 5.1 Overview
- 5.2 The Internet Connection Screen
  - 5.2.1 Advanced Internet Connection
- 5.3 The More Connections Screen
  - 5.3.1 More Connections Edit
  - 5.3.2 Configuring More Connections Advanced Setup
- 5.4 The 3G Backup Screen
- 5.5 WAN Technical Reference
Wireless
- 6.1 Overview
- 6.2 Wireless General Screen
- 6.3 More AP Screen
  - 6.3.1 Edit More AP
- 6.4 MAC Authentication Screen
- 6.5 The WPS Screen
- 6.6 The WDS Screen
- 6.7 The WMM Screen
- 6.8 Scheduling Screen
  - 6.8.1 Add or Edit Schedule
- 6.9 Advanced Screen
- 6.10 Technical Reference
Home Networking
- 7.1 Overview
  - 7.1.1 What You Can Do in this Chapter
  - 7.1.2 What You Need To Know
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
  - 7.3.1 Before You Begin
- 7.4 The IP Alias Screen
- 7.5 The UPnP Screen
- 7.6 The IPv6 LAN Setup Screen
- 7.7 The File Sharing Screen
  - 7.7.1 Before You Begin
  - 7.7.2 Edit File Sharing User
- 7.8 The Printer Server Screen
  - 7.8.1 Before You Begin
- 7.9 Technical Reference
- 7.10 Installing UPnP in Windows Example
- 7.11 Using UPnP in Windows XP Example
Static Route
- 8.1 Overview
  - 8.1.1 What You Can Do in this Chapter
- 8.2 Configuring Static Route
  - 8.2.1 Add/Edit Static Route
- 8.3 IPv6 Static Route
  - 8.3.1 IPv6 Static Route Edit
Quality of Service (QoS)
- 9.1 Overview
  - 9.1.1 What You Can Do in this Chapter
  - 9.1.2 What You Need to Know
- 9.2 The QoS General Screen
- 9.3 The Queue Setup Screen
  - 9.3.1 Edit a QoS Queue
- 9.4 The Class Setup Screen
  - 9.4.1 Add/Edit QoS Class
- 9.5 The QoS Policer Setup Screen
  - 9.5.1 Add/Edit a QoS Policer
- 9.6 The QoS Game List Screen
- 9.7 QoS Technical Reference
  - 9.7.1 DiffServ
Network Address Translation (NAT)
- 10.1 Overview
  - 10.1.1 What You Can Do in this Chapter
  - 10.1.2 What You Need To Know
- 10.2 The General Screen
- 10.3 The Port Forwarding Screen
  - 10.3.1 The Port Forwarding Screen
  - 10.3.2 The Port Forwarding Add/Edit Screen
- 10.4 The DMZ Screen
- 10.5 The ALG Screen
- 10.6 Technical Reference
Port Binding
- 11.1 Overview
- 11.2 The Port Binding Screen
  - 11.2.1 Port Binding Summary Screen
  - 11.2.2 The Any Port Any Service Edit Screen
Dynamic DNS
- 12.1 Overview
  - 12.1.1 What You Need To Know
- 12.2 The Dynamic DNS Screen
Filter
- 13.1 Overview
  - 13.1.1 What You Can Do in the Filter Screens
- 13.2 The IP/MAC Filter Screen
- 13.3 The IPv6/MAC Filter Screen
Firewall
- 14.1 Overview
  - 14.1.1 What You Can Do in the Firewall Screens
  - 14.1.2 What You Need to Know About Firewall
- 14.2 Firewall General Screen
- 14.3 Default Action Screen
- 14.4 Rules Screen
- 14.5 DoS Screen
  - 14.5.1 The DoS Advanced Screen
  - 14.5.2 Configuring Firewall Thresholds
- 14.6 Firewall Technical Reference
Parental Control
- 15.1 Overview
- 15.2 The Parental Control Screen
  - 15.2.1 Add/Edit a Parental Control Rule
Certificates
- 16.1 Overview
- 16.2 Local Certificates
- 16.3 Trusted CA
- 16.4 Trusted CA Import
- 16.5 View Certificate
System Monitor
- 17.1 Overview
  - 17.1.1 What You Can Do in this Chapter
  - 17.1.2 What You Need To Know
- 17.2 The Log Screen
- 17.3 The WAN Traffic Status Screen
- 17.4 The LAN Traffic Status Screen
- 17.5 The NAT Traffic Status Screen
User Account
- 18.1 Overview
- 18.2 The User Account Screen
TR-069 Client
- 19.1 Overview
- 19.2 The TR-069 Client Screen
System
- 20.1 Overview
- 20.2 The System Screen
Time Setting
- 21.1 Overview
- 21.2 The Time Setting Screen
Log Setting
- 22.1 Overview
- 22.2 The Log Setting Screen
Firmware Upgrade
- 23.1 Overview
- 23.2 The Firmware Upgrade Screen
Backup/Restore
- 24.1 Overview
- 24.2 The Backup/Restore Screen
- 24.3 The Reboot Screen
Remote Management
- 25.1 Overview
  - 25.1.1 What You Can Do in the Remote Management Screens
  - 25.1.2 What You Need to Know About Remote Management
- 25.2 The WWW Screen
  - 25.2.1 Configuring the WWW Screen
- 25.3 Telnet Screen
- 25.4 FTP Screen
- 25.5 SNMP Screen
  - 25.5.1 Configuring SNMP
- 25.6 DNS Screen
- 25.7 ICMP Screen
- 25.8 SSH Screen
  - 25.8.1 SSH Example
Diagnostic
- 26.1 Overview
  - 26.1.1 What You Can Do in the Diagnostic Screens
- 26.2 The Ping Screen
- 26.3 The DSL Line Screen
Troubleshooting
- 27.1 Overview
- 27.2 Power, Hardware Connections, and LEDs
- 27.3 Device Access and Login
- 27.4 Internet Access
- 27.5 Wireless Internet Access
- 27.6 USB Device Connection
- 27.7 UPnP
Legal Information

Chapter 16 Certificates 174

5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s public key

to decrypt the message.

The Device uses certificates based on public-key cryptology to authenticate users attempting to

establish a connection. The method used to secure the data that you send through an established

connection depends on the type of connection. For example, a VPN tunnel might use the triple DES

encryption algorithm.

The certification authority uses its private key to sign certificates. Anyone can then use the

certification authority’s public key to verify the certificates.

Certification Path

A certification path is the hierarchy of certification authority certificates that validate a certificate.

The Device does not trust a certificate if any certificate on its path has expired or been revoked.

Certificate Directory Servers

Certification authorities maintain directory servers with databases of valid and revoked certificates.

A directory of certificates that have been revoked before the scheduled expiration is called a CRL

(Certificate Revocation List). The Device can check a peer’s certificate against a directory server’s list

of revoked certificates. The framework of servers, software, procedures and policies that handles

keys is called PKI (public-key infrastructure).

Advantages of Certificates

Certificates offer the following benefits.

• The Device only has to store the certificates of the certification authorities that you decide to

trust, no matter how many devices you need to authenticate.

• Key distribution is simple and very secure since you can freely distribute public keys and you

never need to transmit private keys.

Certificate File Format

The certification authority certificate that you want to import has to be in PEM (Base-64) encoded

X.509 file format. This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary

X.509 certificate into a printable form.

16.1.3 Verifying a Certificate

Before you import a trusted CA or trusted remote host certificate into the Device, you should verify

that you have the actual certificate. This is especially true of trusted CA certificates since the Device

also trusts any valid certificate signed by any of the imported trusted CA certificates.

You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest

calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a

certificate’s fingerprint to verify that you have the actual certificate.