Networking Gateway System Manual S/W Version 2.
About T his M a nua l This manual contains the following chapters: Chapter 1 – Product Description: Describes the Networking Gateway and its components. Chapter 2 – Installation: Describes how to install the system and its components. Chapter 3 – Operation and Administration: Describes how to use the web-based management application for configuring parameters and managing the Networking Gateway. Appendix A – Print Server: Describes how to configure the printer server. Appendix B – 802.
Cont e nt s Cha pt e r 1 - Produc t De sc ript ion ....................................................... 1 1.1 Introducing the Networking Gateway IDU ......................................................2 1.2 Functions and Features ...................................................................................3 1.3 1.2.1 Basic Functions....................................................................................................3 1.2.2 Wireless Functions................................
Contents Cha pt e r 3 - U sing t he We b Configura t ion Se rve r............................ 1 7 3.1 Introduction .................................................................................................... 18 3.2 Accessing the Web Configuration Server.................................................... 19 3.3 Log in and Log out ......................................................................................... 20 3.3.1 The Main Menu ....................................................
Introducing the Networking Gateway IDU 3.9.2 System Log ........................................................................................................73 3.9.3 Dynamic DNS.....................................................................................................75 3.9.4 SNMP Setting.....................................................................................................76 3.9.5 Routing Table...............................................................................
Figure s Figure 1: Front Panel .........................................................................................................................11 Figure 2: Rear Panel (without antenna).............................................................................................13 Figure 3: Log In Window....................................................................................................................20 Figure 4: Networking Gateway Main Window.........................................
Figures Figure 25: DHCP Clients List.............................................................................................................45 Figure 26: MAC Address Control.......................................................................................................46 Figure 27: DHCP Clients Combo Box ...............................................................................................48 Figure 28: Wireless Setting ...................................................................
Introducing the Networking Gateway IDU Figure 54: Schedule Rule ..................................................................................................................80 Figure 55: Schedule rule Setting .......................................................................................................81 Figure 56: Schedule Rule Setting – Example Step 1 ........................................................................81 Figure 57: Schedule Rule Setting – Example Step 2 ................
T a ble s Table 1: Radio Specifications ..............................................................................................................6 Table 2: Regulatory Standards Compliance........................................................................................6 Table 3: Environmental Specifications.................................................................................................7 Table 4: Mechanical Specifications ...........................................................
Tables Table 24: Wireless Clients List Parameters ......................................................................................51 Table 25: Advanced Wireless Setting Parameters............................................................................52 Table 26: Advanced Wireless Setting Parameters............................................................................56 Table 27: URL Blocking Parameters ........................................................................................
1 Cha pt e r 1 - Produc t De sc ript ion I n T his Cha pt e r: Introducing the Networking Gateway IDU, page 2 Functions and Features, page 3 Specifications, page 6
Chapter 1 - Product Description 1 .1 I nt roduc ing t he N e t w ork ing Ga t e w a y I DU The Networking Gateway Indoor Unit (IDU) enables operators and service providers using a Broadband Wireless Access system to provide subscribers with a number of broadband services transparently. The Networking Gateway IDU together with the SU-ODU comprises a Subscriber Unit that provides data connections to the Base Station.
Functions and Features 1 .2 Func t ions a nd Fe a t ure s 1 .2 .1 Ba sic Func t ions Auto-sensing Ethernet Switch Equipped with a 4-port auto-sensing Ethernet switch. Printer sharing Embedded print server to allow all of the networked computers to share one printer through the USB host port. WAN Types Support of several WAN types: Static, Dynamic, PPPoE, PPTP, and Dynamic IP with Road Runner Session Management (e.g., Telstra, BigPond).
Chapter 1 - Product Description Statistics of WAN Support Enables to monitor inbound and outbound packets. 1 .2 .2 Wire le ss Func t ions High speed for wireless LAN connection Up to 54 Mbps data rate by incorporating Orthogonal Frequency Division Multiplexing (OFDM). IEEE 802.11b compatible (11M) Allowing inter-operation among multiple vendors. IEEE 802.11g compatible (54M) Allowing inter-operation among multiple vendors.
Functions and Features SPI Mode Support When SPI Mode is enabled, the Networking Gateway checks every incoming packet and detects if this packet has changed its IP address since initial negotiation. DoS Attack Detection Support When this feature is enabled, the Networking Gateway detects and logs Denial of Service (DoS) attack arriving from the Internet. 1 .2 .
Chapter 1 - Product Description 1 .3 Spe c ific a t ions 1 .3 .1 Ra dio Spe c ific a t ions Table 1: Radio Specifications Item Description Frequency 2400-2483.5 MHz Wireless LAN Standards Compliant with IEEE 802.11b and IEEE 802.11g Output Power (Average) 10, 12, 15, 17 dBm Data Rates IEEE 802.11g mode: 54M, 48M, 36M, 24M, 18M, 12M, 6M with auto fallback in. IEEE 802.11b mode: 11M, 5.5M, 2M, 1M with auto fallback in. 1 .3 .
Specifications 1 .3 .3 Environm e nt a l Table 3: Environmental Specifications Item Details Operating temperature 0 C to 40 C Operating humidity 5%-95% non condensing 1 .3 .4 o o M e c ha nic a l Table 4: Mechanical Specifications Item Details Dimensions (W x H x D) 190.5 x 26.2 x 111 mm Weight 0.62 kg 1 .3 .5 Ele c t ric a l Table 5: Electrical Specifications Item Details Power Transformer 100-240 VAC, 50-60 Hz, 2A max.
2 Cha pt e r 2 - I nst a llat ion I n T his Cha pt e r: Installation Requirements, page 10 Panels Layout and Components, page 11 Installation, page 14
Chapter 2 - Installation 2 .1 I nst a lla t ion Re quire m e nt s 2 .1 .1 Pa c k ing List Networking Gateway IDU Antenna Power Transformer Mains power cord 2 .1 .2 Addit iona l I nst a lla t ion Re quire m e nt s Ethernet cable(s) for connecting to the end-user’s data equipment. Mains plug adapter or termination plug (if the power plug on the supplied AC power cord does not fit local power outlets).
Panels Layout and Components 2 .2 Pa ne ls La yout a nd Com pone nt s 2 .2 .1 Front Pa ne l Figure 1: Front Panel 2.2.1.1 Front Panel LEDs Table 6: Front Panel LEDs LED POWER WLAN Function Status Power Indication On Power is available. Wireless LAN Sending or receiving data via wireless Activity Blinking On USB USB Port Activity Blinking STATUS System Status Blinking On LAN LINK/ACT 1~4 Description LAN. The USB port is linked. The USB port is sending or receiving data.
Chapter 2 - Installation LED Function Status Off On ODU LINK/ACT ODU 10/100 2.2.1.2 Data rate is 10 Mbps on the corresponding LAN port. The ODU port is connected to the ODU. ODU Port Activity ODU Port Data Rate ODU WLINK Description ODU Wireless Link Status Blinking The ODU port is sending or receiving data. On Data rate is 100 Mbps. Off Data rate is 10 Mbps. On The ODU is connected with an AU.
Panels Layout and Components 2 .2 .2 Re a r Pa ne l Com pone nt s Figure 2: Rear Panel (without antenna) 2.2.2.1 Rear Panel Connectors Table 7: Rear Panel Connectors Connector Description POWER DC Power Inlet from Power Transformer ODU Connection to the ODU. Carries Ethernet, Power (55 VDC) and signaling. Port 1-4 LAN ports for networked computers and other devices. USB USB Host Port for a USB printer.
Chapter 2 - Installation 2 .3 I nst a lla t ion The unit can be placed on a desktop or a shelf. Alternatively, it may be wallmounted. For optimal performance, place the Networking Gateway in the center of your office (or your home), in a location that is away from any potential source of interference, such as a metal wall or microwave oven. This location must be close to a mains outlet and network connections.
Installation 7 If a printer is to be used, connect it to the USB port using a standard USB cable. To configure the Print Server on your computer(s), refer to Appendix A - Print Server. 8 Configure the network settings of the computers for proper operation with the Networking Gateway. The default IP address of the Networking Gateway LAN is 192.168.254.253, and the default subnet mask is 255.255.255.0.
3 Cha pt e r 3 - U sing t he We b Configurat ion Se r ve r I n T his Cha pt e r: Start-up and Log in on page 18 Status on page 23 Wizard on page 25 Basic Setting on page 33 Security Setting on page 55 NAT Setting on page 67 Advanced Settings on page 72 Toolbox on page 84
Chapter 3 - Using the Web Configuration Server 3 .1 I nt roduc t ion The Networking Gateway IDU can be configured using the following methods: The Web Configuration Server A .cfg-file loaded into the unit from the web configuration server or TFTP. SNMP This document describes the configuration using the Web Configuration Server.
Accessing the Web Configuration Server 3 .2 Ac c e ssing t he We b Configura t ion Se rve r Follow the steps below to access the Web Configuration Server: 1 Connect the unit to the AC mains. 2 Connect PC to LAN port 1. NOTE When connecting from WAN, make sure that a remote administrator is enabled (see section 3.7.6), and enter the WAN IP address specified in the System Status window (see section 3.4) using TCP port 88.
Chapter 3 - Using the Web Configuration Server 3 .3 Log in a nd Log out After connection is established, the networking gateway web user interface appears. There are two entry levels: for general users and for system administrators. The menus and screens vary depending on entry level. The menus and parameters specified hereinafter, refer to both entry levels, unless otherwise specified. To log in, enter the system password in the System Password field and click the Log in button.
Log in and Log out Figure 4: Networking Gateway Main Window 3 .3 .1 T he M a in M e nu The Web Configuration Server view consists of a number of menu links (to the left). Clicking on each of them expands the menu node and displays the selected page with the applicable content (configurable parameters/options or status information) in the main area. IMPORTANT Many pages include a "Save" button. Click on the Save button before selecting another page/menu item, or before quitting the application.
Chapter 3 - Using the Web Configuration Server Save – Saves any changes made to the configuration. Most changes require rebooting the system for them to take effect. Undo – Recovers the original settings. Help – Displays a help screen for the specific window. Refresh – Refreshes the displayed information. Back – Reverts to a previous step/screen. <
Status 3 .4 St a t us The Status window appears in the main window upon successful log in. The window can be accessed at any time by clicking on the Status menu on the menu list. Figure 5: System Status The Status window provides information for observing the product's working status, as follows: Table 8: Status Window Parameters Parameter Description Remaining Lease Time A counter displaying the remaining time (in hh:mm:ss) in which unit will request a new IP.
Chapter 3 - Using the Web Configuration Server Parameter Description IP Address The WAN IP address. Release (Administrator only) – In Dynamic IP Address mode only, Click to release the WAN IP address. Subnet Mask The Subnet mask of the device. (The default is 255.255.255.0) Gateway The default Gateway IP address. Domain Name Server The DNS Server IP address(es).
Wizard (Administrator only) 3 .5 Wiza rd (Adm inist ra t or only) The Setup Wizard will guide you through the basic configuration procedure (recommended for most users). Figure 6: Setup Wizard 1 Click on Next . The Select WAN Type window appears. NOTE You can click Back at any time to return to previous screens and change your settings.
Chapter 3 - Using the Web Configuration Server Static IP Address – a static IP Address provided by the ISP Dynamic IP Address – an IP Address automatically obtained from the ISP (default) Dynamic IP Address with Road Runner Session Management (e.g. Telstra, BigPond) PPP over Ethernet – some ISPs require the use of PPPoE to connect to their services PPTP – Some ISPs require the use of PPTP to connect to their services. 3 Click Next .
Wizard (Administrator only) Set the following parameters provided by your ISP: Table 9: Setup Wizard – Static IP Address Parameters Parameter Description LAN IP Address Sets the local IP address of the device. Static IP Address The IP address of the WAN port. The default is 0.0.0.0. Static Subnet Mask The subnet mask of the WAN port. The default is 0.0.0.0. Static Gateway The Default Gateway IP address of the unit. The default is 0.0.0.0.
Chapter 3 - Using the Web Configuration Server Set the following parameters: Table 10: Setup Wizard – Dynamic IP Address Parameters Parameter Description LAN IP Address The local IP address of the device. The default IP address is 192.168.254.253. To change the IP address enter a new value. Host Name: Optional Some ISPs require a host name, for example, Home. A string of maximum 39 characters. The default is an empty field. WAN's MAC Address The gateway's pre-configured MAC Address.
Wizard (Administrator only) Set the following parameters: Table 11: Setup Wizard – Dynamic IP Address with Road Runner Session Management Parameters Parameter Description LAN IP Address The local IP address of the device. The default IP address is 192.168.254.253. To change the IP address enter a new value. Account The account provided by the service provider. If you do not want to change the account, leave empty. At initial entry, you are required to enter an account.
Chapter 3 - Using the Web Configuration Server Set the following parameters: Table 12: Setup Wizard – PPPoE Parameters Parameter Description LAN IP Address The local IP address of the device. The default IP address is 192.168.254.253. To change the IP address enter a new value. Account The account provided by the service provider. A string of up to 53 printable characters. The default is an empty field. Password The password provided by the service provider.
Wizard (Administrator only) Set the following parameters: Table 13: Setup Wizard – PPTP Parameters Parameter Description LAN IP Address The local IP address of the device. The default IP address is 192.168.254.253. . To change the IP address enter a new value. IP Mode select one of the following options: Dynamic IP Address (this is the default setting) Static IP Address My IP Address The private IP address assigned by the service provider after connection.
Chapter 3 - Using the Web Configuration Server Figure 13: Setup Wizard - Configuration Completed 5 The configurations will take effect only after rebooting your computer. Click on Reboot to restart your computer. For more advance configurations, see details on the specific windows, below.
Basic Setting 3 .6 Ba sic Se t t ing The Basic Setting window allows to configure the settings for WAN, LAN, and Wireless and to change the password. Figure 14: Basic Setting 3 .6 .1 WAN Se t up Click on WAN Setup from the Basic Setting menu on the menu list. The Primary Setup window appears. The parameters displayed may vary depending on the WAN Type selected. The default WAN Type is Dynamic IP Address.
Chapter 3 - Using the Web Configuration Server NOTE The WAN setup window is read only for user level entry. From the WAN Setup window you can: Set the WAN type – allows to select the WAN connection type of your ISP. NAT – Enable/Disable - When disabled, the gateway functions as a regular router as opposed to a NAT router. This option is available in the Primary Setup window for all WAN types. Set Virtual Computers (Administrators only) – Enabled when using NAT.
Basic Setting NOTE The Reboot button is not available at first entry to the Primary Setup window and appears only after saving your changes. For user entry level (public password), the parameter fields in all WAN type screens are disabled (for display only). IMPORTANT Changes to the Primary Setup window will take effect only after rebooting the system. The default WAN type is Dynamic IP Address. However, you can change the WAN type as follows: To select a different WAN type: 1 Click Change .
Chapter 3 - Using the Web Configuration Server Dynamic IP Address with Road Runner Session Management (e.g. Telstra BigPond). See section 3.6.1.3. PPP over Ethernet: Some ISPs require the use of PPPoE to connect to their services. See section 3.6.1.4. PPTP: Some ISPs require the use of PPTP to connect to their services. See section 3.6.1.5. For each WAN type selected, a different Primary Setup window appears, as follows.
Basic Setting Parameter Description The default is 0.0.0.0. Primary DNS The IP address of the primary Domain Name Server. The default is 0.0.0.0. Secondary DNS The IP address of the secondary Domain Name Server. The default is 0.0.0.0. NAT Enable/Disable. When disabled, the gateway functions as a regular router as opposed to a NAT router. This option is available in the Primary Setup window for all WAN types. The default is: Enable 3.6.1.
Chapter 3 - Using the Web Configuration Server The Setup page for Dynamic IP Address includes the following parameters: Table 16: Dynamic IP Address Parameters Parameter Description Host Name Optional - Some ISPs require a host name, for example, Home. A string of maximum 39 characters. WAN's MAC Address The gateway's pre-configured MAC Address. Clone MAC - Click to replace the Gateway's WAN MAC Address with the PC's MAC Address.
Basic Setting The Setup page for Dynamic IP Address with Road Runner Session Management provides authentication using dedicated DHCP server and includes the following parameters: Table 17: Dynamic IP Address with Road Runner Session Management Parameters Parameter Description Account The account provided by your ISP A string of maximum 53 characters. Password The password provided by your ISP. If you do not want to change the password, leave empty. A string of maximum 53 characters.
Chapter 3 - Using the Web Configuration Server Figure 21: Primary Setup - PPPoE The Setup page for PPPoE includes the following parameters: Table 18: PPP over Ethernet Parameters Parameter Description PPPoE Account The account assigned to you by your ISP. PPPoE Password The password assigned to you by your ISP. This field always appears blank. If you don't want to change the password, leave it empty. Primary DNS The DNS provided by your ISP. To use a specific DNS, enter a specific address.
Basic Setting 3.6.1.5 PPTP Some ISPs require the use of PPTP to connect to their services. Figure 22: Primary Setup - PPTP The Setup page for PPTP includes the following parameters: Table 19: PPTP Parameters Parameter Description IP Mode Select one of the following options: Dynamic IP Address (this is the default setting) Static IP Address My IP Address The private IP address assigned by your ISP. This parameter is enabled only for Static IP Address mode.
Chapter 3 - Using the Web Configuration Server Parameter Description Maximum Idle Time The amount of time of inactivity before disconnecting your PPTP session. To disable this feature, set this parameter to 0 seconds, or enable Auto-reconnect. Connection Control Authentication for IP allocation. Select one of the following options: Connect-on-demand – An IP address is automatically allocated whenever the user attempts to make a connection.
Basic Setting The LAN Setup page includes the following parameters: Table 20: LAN Setup Parameters Parameter Description LAN IP Address Sets the local IP address of the device. The users on your network must use this LAN IP address as their default gateway. You can change it as necessary. LAN Subnet Mask DHCP Server Sets the subnet mask to the LAN IP address. Enable/Disable to turn off this service.
Chapter 3 - Using the Web Configuration Server Figure 24: LAN Setup - DHCP Server Enabled The LAN PC receives a DHCP IP address from the Networking Gateway. To receive the DHCP IP address from the DHCP server, perform the following procedure: 3 Set the DHCP Server parameter to Disable . 4 Set the DHCP Proxy parameter to Enable . 5 In the Proxy IP field, enter the IP of the DHCP server.
Basic Setting 3.6.2.1 DHCP Clients List Figure 25: DHCP Clients List The DHCP Clients List displays the following parameters for each DHCP client: Table 21: DHCP Clients List Parameters Parameter Description IP Address The IP address of the DHCP client. Host Name The host name of the DHCP client. MAC Address The MAC address of the DHCP client.
Chapter 3 - Using the Web Configuration Server 3.6.2.2 Fixed Mapping Opens the MAC Address Control window. MAC Address Control allows to assign different access rights for different users and to assign a fixed IP address to a specific MAC address. NOTE All the settings in this page will take effect only when MAC Address Control is set to "Enable".
Basic Setting Parameter Description clients on the wireless LAN, or use the Web configuration. Association control "Association" refers to the exchanging of information between wireless clients and the device to establish a link between them. A wireless client is able to transmit and receive data to the device only after successful association. Check "Association control" check box to control which wireless clients can associate to the wireless LAN.
Chapter 3 - Using the Web Configuration Server To enter the MAC address: Use the DHCP clients combo box. Figure 27: DHCP Clients Combo Box 1 Select a specific client in the "DHCP clients" Combo box and click on Copy to to copy the MAC address of the selected client to the selected ID in the "ID" Combo box NOTE When the unit has a list of clients connected through DHCP, and the unit is reset, the list will show empty. In this case renew the PC IP address from DHCP on LAN.
Basic Setting The Wireless Setting window includes the following parameters: Table 23: Wireless Setting Parameters Parameter Description Wireless Enable/Disable – Check the Enable box to enable this service. The default setting is "Enable". Network ID (SSID) Network ID is used for identifying the Wireless LAN (WLAN). Client stations can roam freely over this product and other Access Points that have the same Network ID. The factory setting is "default". Channel The radio channel number.
Chapter 3 - Using the Web Configuration Server Parameter Description Pre-share key mode: ASCII or HEX can be selected. Pre share key: 32 ASCII characters or 64 hexadecimal digits pre-share key (encryption key). WPA (Wi-Fi Protected Access) – improves data protection and implements access control to Wireless LAN systems. Frames transmitted through a wireless module are encrypted using a Pre-share key (PSK) or a key received from the RADIUS server. RADIUS Server IP – The 802.
Basic Setting 3.6.3.1 Wireless Clients List Clicking on the Wireless Clients List button that appears in the Wireless Setting window opens the Wireless Clients List window. Figure 29: Wireless Clients List The Wireless Clients List displays the following parameters for each wireless client: Table 24: Wireless Clients List Parameters Parameter Description Connected Time The connection time. MAC Address The MAC address of the wireless client. 3.6.3.
Chapter 3 - Using the Web Configuration Server Figure 30: Advanced Wireless Setting The Advanced Wireless Setting window includes the following parameters: Table 25: Advanced Wireless Setting Parameters Parameter Description Beacon Interval Specify the intervals (in milliseconds) between the packets sent by the access point to synchronize the wireless network (beacons). The range is 1~1000 milliseconds The default is 100 milliseconds.
Basic Setting Parameter Description DTIM Interval Delivery Traffic Indication Message (DTIM) is a countdown informing clients of the next window for listening to broadcast and multicast messages. The range is: 1~65535 seconds. The default value is 3 seconds. Wireless Mode The wireless mode supported: 802.11b, 802.11g, or both. The default is both. TX Rates Select the wireless transfer rate from the dropdown list, based on the speed of wireless adapters on the WLAN. The default is auto rate.
Chapter 3 - Using the Web Configuration Server 3.6.3.3 MAC Address Control MAC Address Control allows to assign different access rights for different users and to assign a fixed IP address to a specific MAC address. For further details, see section 3.6.2.2. 3 .6 .4 Cha nge Pa ssw ord The Change Password window allows to change the system password. For security reasons, it is strongly recommended that you do so.
Security Setting 3 .7 Se c urit y Se t t ing Click on the Security Setting menu on the menu list to display the submenus and the Security Setting window. Figure 32: Security Setting Window 3 .7 .1 M AC Cont rol MAC Address Control allows to assign different access rights for different users and to assign a fixed IP address to a specific MAC address. For further details, see section 3.6.2.2. 3 .7 .
Chapter 3 - Using the Web Configuration Server Figure 33: Packet Filter Initial Window The Outbound filter applies on all outbound packets. The Inbound filter applies only on packets that are destined to Virtual Servers or DMZ host. You can select one of the following filtering policies: Allow all to pass except those match the specified rules Deny all to pass except those match the specified rules Up to 8 rules can be specified for each direction, inbound and outbound.
Security Setting Parameter Description Destination IP address You can define a single IP address (for example, 4.3.2.1) or a range of IP addresses (for example, 4.3.2.1-4.3.2.254). An empty field denotes all IP addresses. Destination port address You can define a single port (for example, 80) or a range of ports (for example, 1000-1999). Add prefix "T" or "U" to specify a TCP or UDP protocol. For example, T80, U53, U2000-2999. No prefix indicates both TCP and UDP protocols.
Chapter 3 - Using the Web Configuration Server Example 1: Figure 34: Inbound Packet Filter – Example 1 In this example, IPs (1.2.3.100-1.2.3.149) are allowed to send mail (port 25), receive mail (port 110), and browse the Internet (port 80). IPs (1.2.3.10-1.2.3.20) are allowed to perform all operations. All other IPs are all blocked from performing any operation.
Security Setting In this example, IPs (1.2.3.100-1.2.3.119) are allowed to do everything except read net news (port 119) and transfer files via FTP (port 21). All other IPs are all allowed to perform all operations. 3.7.2.2 Outbound Filter To enable Outbound Packet Filter, click on the Outbound Filter button and check the Enable box in the Outbound Packet Filter window. Example 1: Figure 36: Outbound Packet Filter - Example 1 In this example, IP (192.168.123.
Chapter 3 - Using the Web Configuration Server Example 2: Figure 37: Outbound Packet Filter - Example 2 In this example, IPs (192.168.123.100) and (192.168.123.119) can only read net news (port 119) and send mail (port 25). They are blocked from performing any other operation. All other IPs are blocked from performing any operation. 3 .7 .3 U RL Bloc k ing (Adm inist ra t or only) When enabled, this feature blocks LAN computers from connecting to predefined Web sites.
Security Setting The URL Blocking window includes the following parameters: Table 27: URL Blocking Parameters Parameter Description URL Blocking Enable/Disable - Check to enable the URL Blocking feature. URL If any part of the Web site's URL matches the pre-defined word specified in this field, the connection will be blocked. For example, you can use a pre-defined word "sex" to block all Web sites whose URLs contain the word "sex". Enable Check to enable the rule.
Chapter 3 - Using the Web Configuration Server In this example: 1 All URLs which include the string "msn" will be blocked, and the action will be recorded in the log file. 2 All URLs which include the string "sina" will be blocked, and the action will be recorded in the log file. 3 All URLs which include the string "cnnsi" will be blocked, and the action will be recorded in the log file. 4 All URLs which include the string "espn" will be blocked, and the action will be recorded in the log file.
Security Setting Table 28: Domain Filter Parameters Parameter Description Domain Filter Check to enable the Domain Filter feature to prevent users from accessing specific URLs. Log DNS Query Check to enable logging users' attempts to enter the specified URLs. Privilege IP Addresses Sets a group of hosts and allows them to access the network Range without restriction. The range is: From: 1~254, To: 1~254 Domain Suffix A suffix of URL to be restricted. For example, ".com", "xxx.com".
Chapter 3 - Using the Web Configuration Server 3 .7 .5 Fire w a ll (Adm inist ra t or only) Firewall rules deny/allow traffic from passing through the device. Figure 41: Firewall Up to 8 rules can be specified for each direction of traffic: inbound and outbound.
Security Setting 3 .7 .6 M isc e lla ne ous I t e m s (Adm inist ra t or only) Figure 42: Miscellaneous Items From the Miscellaneous Items window you can set the following parameters: Table 30: Miscellaneous Items Parameters Parameter Description Remote Administrator Enables the user to perform administration tasks from a Host/Port remote host. When enabled, only the specified IP address can perform remote administration. If the specified IP address is 0.0.0.
Chapter 3 - Using the Web Configuration Server Parameter Description side SPI Mode When enabled, the router records the information, such as IP address, port address, ACK, SEQ number and so on, of the packets that pass through the WAN, and the Networking Gateway checks every incoming packet to detect whether it is valid. DoS Attack Detection When enabled, the router detects and logs the Denial of Service (DoS) attack that comes from the Internet.
NAT Setting (Administrator only) 3 .8 N AT Se t t ing (Adm inist ra t or only) The NAT Setting page provides access to configuring the virtual server, special AP, DMZ host and VPN pass through. Figure 43: NAT Setting 3 .8 .1 V irt ua l Se rve r Virtual Server enables WWW, FTP and other services on your LAN to be accessible to Internet users.
Chapter 3 - Using the Web Configuration Server Specify the following parameters for each ID: Table 31: Virtual Server Parameters Parameter Description Protocol Select from TCP, UDP, * (all). The default setting is *. Service Ports Enter a port number, or a range of ports. Server IP Enter the server IP on the LAN interface. The range is 1~254. Enable Check to enable the rule. Each rule can be enabled/disabled individually. Use Rule# Virtual Server can work with Scheduling Rules.
NAT Setting (Administrator only) Figure 45: Special Applications The Special Applications window includes the following parameters: Table 32: Special Applications Parameters Parameter Trigger Description The outbound destination port number issued by the application. Incoming Ports When the trigger packet is detected using the destination port, the inbound packets to the specified port numbers are allowed to pass through the networking gateway. Enable Check to enable the rule.
Chapter 3 - Using the Web Configuration Server Internet games, Video conferencing, Internet telephony (H.323 or SIP), and other special applications. CAUTION This feature exposes your computer and may cause security issues. Make sure your PC is updated with the last security updates. Figure 46: DMZ Host Check the Enable box to enable this feature. One IP address should be set on the subnet of LAN. 3 .8 .
NAT Setting (Administrator only) The VPN Pass Through window includes the following parameters: Table 33: VPN Pass Through Parameters Parameter Description VPN PPTP Pass-Through Check to enable PPTP connection to pass through the device. The device can handle up to 8 concurrent sessions. VPN IPSec Pass-Through Check to enable IPSec connection to pass through the device. The device can handle up to 16 concurrent sessions.
Chapter 3 - Using the Web Configuration Server 3 .9 Adva nc e d Se t t ings (Adm inist ra t or only) The Advanced Settings menu provides access to configuring additional features, such as System Time, Log, Dynamic DNS, SNMP, Routing, Scheduling Rules and enabling Universal Plug and Play protocol. Figure 48: Advanced Setting 3 .9 .1 Syst e m T im e The System Time window enables to set the device time.
Advanced Settings (Administrator only) From the System Time window, you can select one of the following ways to set the date and time of the device: Table 34: System Time Parameters Parameter Description Get Date and Time by NTP Select if you want to set the device's internal clock using the Protocol Network Time Protocol (NTP) from a specific server located on the internet. Time Server - Select an NTP time server to consult UTC time.
Chapter 3 - Using the Web Configuration Server Figure 50: System Log The System Log window includes the following parameters: Table 35: System Log Parameters Parameter IP Address for Syslog Server Description Enter the IP address of the syslog server. It is valid only on your subnet LAN. Check to Enable this function. E-mail Alert Enable Check if you want to enable Email alert (send syslog via email). SMTP Server IP and Port - Enter the SMTP server IP and port, which are concatenate with ':'.
Advanced Settings (Administrator only) NOTE The changes made in the System Log page become effective upon clicking Save. Rebooting the system is not required. To view the system log: Click on the View Log… button at the bottom of the screen. The System Log opens (see View Log on page 84, Figure 62) 3 .9 .3 Dyna m ic DN S To host your server on a changing IP address, you need to use a Dynamic Domain Name Service (DDNS). To reach your host, one needs to know its name.
Chapter 3 - Using the Web Configuration Server The Dynamic DNS window includes the following parameters: Table 36: Dynamic DNS Parameters Parameter Description DDNS Click Enable or Disable to enable/disable Dynamic DNS. Provider Select from the list of Dynamic DNS servers on which you have an account. Host Name Enter to register a domain name to the DDNS provider. The full domain name is concatenated with the specified Host Name and a suffix, specified by the DDNS provider.
Advanced Settings (Administrator only) The SNMP Setting window includes the following parameters: Table 37: SNMP Parameters Parameter Description Enable SNMP You must check either Local or Remote or both to enable the SNMP function. Local - The device will respond to requests from LAN. Remote – The device will respond to requests from WAN. Get Community Set the password for GetRequest access rights to your device.
Chapter 3 - Using the Web Configuration Server Figure 53: Routing Table Routing Table settings are used to setup the functions of static and dynamic routing. The Routing Table window includes the following parameters: Table 38: Routing Table Parameters Parameter Description Dynamic Routing Routing Information Protocol (RIP) will exchange information on destinations for computing routes throughout the network. Select RIPv2 only if you have a different subnet on your network.
Advanced Settings (Administrator only) Example: Configuration on NAT Router Destination Subnet Mask Gateway Hop Enabled 192.168.1.0 255.255.255.0 192.168.123.216 1 ˇ 192.168.0.0 255.255.255.0 192.168.123.103 1 ˇ If, for example, Client3 wanted to send an IP datagram to 192.168.0.2 (Client2), he would use the above table to determine that he had to go via 192.168.123.103 (Gateway2). And if he sends Packets to 192.168.1.11 he will go via 192.168.123.216 (Gateway1).
Chapter 3 - Using the Web Configuration Server 3 .9 .6 Sc he dule Rule Schedule Rule allows to set the schedule time for which a service will be turned on or off. Figure 54: Schedule Rule The Schedule Rule window includes the following parameters: Table 39: Routing Table Parameters Parameter Description Schedule Click the checkbox to Enable the Scheduler. Rule # The rule number. Rules are numbered sequentially from the first rule set to the last.
Advanced Settings (Administrator only) Figure 55: Schedule rule Setting You can enter a rule name and set which day and what time to schedule from “Start Time” to “End Time”. In the following example, a rule named "FTP Time" is scheduled to operate every day between 14:10 and 16:20. Figure 56: Schedule Rule Setting – Example Step 1 2 After configuring Rule 1, click on Save to save the rule and return to the Schedule Rule window. The new rule is now displayed on the list.
Chapter 3 - Using the Web Configuration Server Figure 57: Schedule Rule Setting – Example Step 2 When rules are set, you can: Edit – Click to edit the specific rule. Delete – Click to delete the specific rule. When the rule is deleted, all subsequent rules are automatically renumbered. Schedule Rule can be applied to Virtual server and Packet Filter, for example: Example1: Virtual Server – Apply Rule#1 using the scheduled rule #1 (ftp time: every day 14:10 to 16:20).
Advanced Settings (Administrator only) Example2: Packet Filter – Apply Rule#1 using scheduled rule #1 (ftp time: every day 14:10 to 16:20). Figure 59: Packet Filter - Schedule Rule#1 3 .9 .7 U PnP Se t t ing Universal Plug and Play (UPnP) is a protocol for connecting voice/video applications through the Networking Gateway when in NAT mode. Figure 60: UPnP Setting UPnP Setting - Enable/Disable – enables/disables the feature. NAT should be enabled.
Chapter 3 - Using the Web Configuration Server 3 .1 0 T oolbox The Toolbox menu provides access to viewing the system log, to firmware upgrade, backup setting, resetting the system to the factory default values, to rebooting the system, implementing DRAP protocol, running Wake-onLAN and performing Ping tests. Figure 61: Toolbox 3 .1 0 .1 V ie w Log Clicking on View Log opens the System Log file. The System Log file can also be accessed from the System Log window in the Advanced Setting menu.
Toolbox Figure 62: View System Log While in Log View, you can: Click Back to return to the System Log window. Click Refresh to manually update the Log. Click Download to download the Log file (system.log ) and save it locally, on your PC. Click Clear to clear the log file of its content. 3 .1 0 .2 Firm w a re U pgra de (Adm inist ra t or only) The Firmware Upgrade window displays the currently installed firmware version.
Chapter 3 - Using the Web Configuration Server Figure 63: Firmware Upgrade To upgrade the firmware: 1 Click on Browse to browse to the upgrade file's location. The upgrade file is a *.BIN file. 2 Click Upgrade to begin the upgrading process, or Cancel to terminating it. When the upgrade process is complete, the unit will automatically restart. CAUTION Do not turn off power to the unit during the upgrading process. 3 .1 0 .
Toolbox Figure 64: Backup To restore your settings: Select Firmware Upgrade from the Menu list, browse to the .bin file you saved, and click Upgrade (see Firmware Upgrade on page 85). You can also upload the configuration file to the unit using TFTP client. 3 .1 0 .4 Re se t t o De fa ult To reset the unit to factory defaults: 1 Click Reset to default in the menu list. The following message appears.
Chapter 3 - Using the Web Configuration Server Figure 66: Reboot 2 Click OK to reboot, or Cancel to continue working. NOTE Most of the configurations performed, require to reboot the system for them to take effect. 3 .1 0 .6 DRAP Dynamic Resource Allocation Protocol (DRAP) is used for registration to the Base Station to which the SU is connected (by performing "Discovery").
Toolbox Parameter Description Discovery. The default is 0.0.0.0. Server Port The UDP port used for the DRAP server. For WMAX use port 8171 The default is 0. Discovery Time The Discovery Time is the timeout to be used when the Auto Discovery process is used for finding a DRAP server. The Auto Discovery process is based on sending empty broadcast, and the Discovery Time is the time that the unit will wait for a response before sending a new request. The default is 0.
Chapter 3 - Using the Web Configuration Server The Miscellaneous Items window includes the following parameters: Table 41: Miscellaneous Items Parameters Parameter Description MAC Address for Wake-on- Wake-on-LAN enables to remotely power up a networked LAN device. To use this feature, the target device must be Wakeon-LAN enabled and you need to know the device's MAC address, e.g., 00-11-22-33-44-55. Click on Wake up to have the gateway immediately send the wake-up frame to the target device.
Web Configuration Server’s Parameters Summary 3 .
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default Renew IP Forever Check/Uncheck Check Check/Uncheck Uncheck Enable NAT Disable Primary Setup - Dynamic IP Address with Road Runner Session Management Account A string of maximum 53 characters Password A string of maximum 53 characters Login Server A string of maximum 31 characters Renew IP Forever Enable Check/Uncheck Check NAT Disable Check/Uncheck Uncheck Primary Setup – PPP over Ethernet PPPoE Account A s
Web Configuration Server’s Parameters Summary Parameter Range/Options Default PPTP Account A string of maximum 53 characters PPTP Password A string of maximum 53 characters Connection ID (Optional) Maximum Idle 0~65535 300 seconds Connect-on-demand Auto Reconnect(always on) Time Connection Control Auto Reconnect(always on) Manually LAN Setup LAN IP Address x.x.x.x 192.168.254.253 LAN Subnet Mask x.x.x.x 255.255.255.
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default Connection Check/Uncheck Uncheck Allow/Deny Deny Check/Uncheck Uncheck Allow/Deny Deny Control Connection Control MAC Address MAC Address Rules 1-4 A string of maximum 32 characters IP Address 1~254 C Check/Uncheck Uncheck A Check/Uncheck Uncheck Wireless Setting Wireless Enable Check/Uncheck Check Network ID(SSID) A string of maximum 32 characters default Channel
Web Configuration Server’s Parameters Summary Parameter Range/Options Default Preamble Type Short Preamble Auto Long Preamble Auto Authentication Type Open System Both Shared Key Both SSID broadcast Enable Enable Disable Antenna Transmit Power 100% 17dBM 100% 17dBM 50% 15dBM 25% 12dBM 12.
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default InBound Packet Filter Inbound Filter Check/Uncheck Uncheck Allow all…except Allow all…except Enable Inbound Filter Mode Inbound Rules 1-8 Deny all…except Source IP: x.x.x.x Source Port: 0~65535 Destination IP: x.x.x.
Web Configuration Server’s Parameters Summary Parameter Range/Options Default Enable Check/Uncheck Uncheck Firewall Firewall Rules 1-8 Source Interface All All LAN WAN Source IP x.x.x.x Destination Interface All All LAN WAN Destination IP x.x.x.x Protocol All All TCP UDP ICMP Destination Port 0~65535 Action Allow Allow Deny Enable Check/Uncheck Uncheck Miscellaneous Items Remote Administrator Host Remote x.x.x.x 0.0.0.
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default TFTP Access Port 0~65535 69 Enable TFTP Check/Uncheck Uncheck Check/Uncheck Check SPI mode Enable Check/Uncheck Uncheck DoS Attack Check/Uncheck Uncheck Access Discard PING from WAN side Enable Detection Enable Virtual Server Virtual Server Protocol Rules 1-20 All All TCP UDP Service Ports 0~65535 Server IP 1~254 Enable Check/Uncheck Uncheck Use Rule#
Web Configuration Server’s Parameters Summary Parameter Range/Options Default VPN IPSec Pass- Check/Uncheck Check Get Date and Time by NTP Protocol Set Date and Time Through Enable System Time System Time Source Set Date and Time using PC's Date and Time Manually Set Date and Time Manually Time Server time.nist.gov time.nist.gov time-nw.nist.gov time.windows.com utcnist.colorado.
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default Enable IP Check/Uncheck Uncheck Check/Uncheck Uncheck Address E-mail Alert Enable SMTP Server x.x.x.
Web Configuration Server’s Parameters Summary Parameter Range/Options Default Get Community A string of maximum 27 characters Public Set Community A string of maximum 27 characters Private IP 1-4 x.x.x.
Chapter 3 - Using the Web Configuration Server Parameter Range/Options Default Disable Disable Browse DRAP Protocol DRAP Enable DRAP Server IP x.x.x.x 0.0.0.
A Appe ndix A - Print Se rve r This Networking Gateway provides the function of network print server for MS Windows 2000/XP and Unix based platforms. The device comes with a USB port for connecting the printer. This Appendix will guide you through configuring the Print Server.
Appendix A - Print Server A.1 Configuring on Window s 2 0 0 0 a nd X P Pla t form s Windows 2000 and XP have a built-in LPR client, that can be used for printing. Your Printer Driver must be installed in LPT1 or other ports before you proceed to the following procedure. 1 Open Printers and Faxes. 2 Select the printer. Right Click on it, a quick menu appears. Select Properties from the menu.
Web Configuration Server’s Parameters Summary 3 Select the Ports tab, Click “Add Port…” 4 Select “Standard TCP/IP Port”, and then click “New Port…” The TCP/IP Printer Port Wizard appears. 5 Click Next. The Add Port window is displayed.
Appendix A - Print Server 6 Enter the IP address of the Networking Gateway device: 192.168.254.253 in the Printer Name or IP Address field. The Port Name field is automatically filled in as you type. You can change it as required. 7 Click Next. The Additional Port Information Required window appears.
Web Configuration Server’s Parameters Summary 8 Select Custom, and then click “Settings…” The Port Settings window is displayed.
Appendix A - Print Server 9 In the Protocol field, select “LPR”. Enter lp (lowercase letters) in the “Queue Name” field and check the “LPR Byte Counting Enabled” check box. 10 Click OK to apply your settings. The Port Settings window closes and the Additional Port Information Required window reappears. 11 Click Next. The following window is displayed.
Web Configuration Server’s Parameters Summary 12 Click Finish. The window closes. 13 Close the Printer Ports window. The new printer port appears in the Ports tab.
Appendix A - Print Server 14 Click Apply and then OK to close the window. NOTE Print a test page to ensure that the printer is working properly.
B Appe ndix B - 8 0 2 .
Appendix B - 802.1x Setting Testing Environment (Use Windows 2000 Radius Server) Equipment Details PC1: Microsoft Windows XP Professional without Service Pack 1. D-Link DWL-650+ wireless LAN adapter Driver version: 3.0.5.0 (Driver date: 03.05.2003) PC2: Microsoft Windows XP Professional with Service Pack 1a. Z-Com XI-725 wireless LAN USB adapter Driver version: 1.7.29.0 (Driver date: 10.20.2001) Authentication Server: Windows 2000 RADIUS server with Service Pack 3 and HotFix Q313664.
Web Configuration Server’s Parameters Summary ¾ Set RADIUS server IP. ¾ Set RADIUS server shared key. ¾ Configure WEP key and 802.1X setting. The following test uses the inbuilt 802.1X authentication method such as, EAP_TLS, PEAP_CHAPv2 (Windows XP with SP1 only), and PEAP_TLS (Windows XP with SP1 only) using the Smart Card or other Certificate of the Windows XP Professional.
Appendix B - 802.1x Setting NOTE The above figure shows a setting of Windows XP without service pack 1. If users upgrade to service pack 1, they will not see MD5-Challenge in the EAP type list, but they will receive a new Protected EAP (PEAP) option. 2 Select MD5-Challenge or Smart Card or other Certificate as the EAP type 3 If use smart card or the certificate is selected as the EAP type, select to use a certificate on this computer.
Web Configuration Server’s Parameters Summary 4 Change EAP type to fit the variable test condition. Windows 2000 RADIUS server Authentication testing: DUT authenticate PC1 using certificate. (PC2 follows the same test procedures.) 1 Download and install the certificate on PC1. (Fig 4) 2 PC1 choose the SSID of DUT as the Access Point. 3 Set authentication type of wireless client and RADIUS server both to EAP_TLS. 4 Disable the wireless connection and enable again.
Appendix B - 802.
Web Configuration Server’s Parameters Summary DUT authenticate PC2 using PEAP-TLS. 1 2 PC2 choose the SSID of DUT as the Access Point. Set authentication type of wireless client and RADIUS server both to PEAP_TLS. 3 Disable the wireless connection and enable again. 4 The DUT will send the user's certificate to the RADIUS server, and then send the message of authentication result to PC2.
Glossa ry DHCP Dynamic Host Configuration Protocol. A protocol for dynamically assigning IP addresses from a pre-defined list to nodes on a network. Using DHCP to manage IP addresses simplifies client configuration and efficiently utilizes IP addresses. DNS Domain Name System: The name resolution system that lets users locate computers on the Internet (TCP/IP network) by domain name. The DNS server maintains a database of domain names (host names) and their corresponding IP addresses.
Glossary MAC Address Standardized data link layer address that is required for every port or device that connects to a LAN. Other devices in the network use these addresses to locate specific ports in the network and to create and update routing tables and data structures. MAC addresses are 6bytes long and are controlled by the IEEE.
Glossary TFTP Trivial File Transfer Protocol. Simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication. UDP User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768.