WIRELESS Parameter Description Bandwidth • 20MHz: Sets the operation bandwidth as 20 MHz. • 20/40MHz: Allows automatic detection of the operation bandwidth between 20 MHz and 40 MHz. Choosing the bandwidth mode as 20/40MHz allows you to use the extension channel. Broadcast SSID Enable or disable the broadcasting of the SSID. Disabling SSID broadcast will provide increased security by hiding the SSID of your wireless network.
CONFIGURING THE BARRICADE Access Control Using the Access Control functionality, you can restrict access based on MAC address. Each PC has a unique identifier known as a Medium Access Control (MAC) address. With MAC filtering enabled, the computers whose MAC address you have listed in the filtering table will be able to connect (or will be denied access) to the Barricade.
WIRELESS Security To make your wireless network safe, you should turn on the security function.
CONFIGURING THE BARRICADE WEP If you want to use WEP to protect your wireless network, you need to set the same parameters for the Barricade and all your wireless clients. Parameter WEP Mode Description Select 64 bit or 128 bit key to use for encryption. Key Entry Method Select Hex or ASCII to use for encryption key. Static WEP Key Setting You may automatically generate encryption keys or manually enter the keys.
WIRELESS WPA Wi-Fi Protected Access (WPA) combines temporal key integrity protocol (TKIP) and 802.1x mechanisms. It provides dynamic key encryption and 802.1x authentication service. Parameter Authentication Description Choose 802.1X or Pre-shared Key to use as the authentication method. • 802.1X: for the enterprise network with a RADIUS server. See “802.1X” on page 4-34. • Pre-shared key: for the SOHO network environment without an authentication server.
CONFIGURING THE BARRICADE WPA2 WPA2 is a product certification that is available through the Wi-Fi Alliance. WPA2 certifies that wireless equipment is compatible with the IEEE 802.11i standard. The WPA2 product certification formally replaces Wired Equivalent Privacy (WEP) and the other security features of the original IEEE 802.11 standard. The goal of WPA2 certification is to support the additional mandatory security features of the IEEE 802.
WIRELESS WPA+WPA2 Wi-Fi Protected Access (WPA) combines temporal key integrity protocol (TKIP) and 802.1x mechanisms. It provides dynamic key encryption and 802.1x authentication service. Wi-Fi Protected Access 2 (WPA2) is a product certification that is available through the Wi-Fi Alliance. WPA2 certifies that wireless equipment is compatible with the IEEE 802.11i standard.
CONFIGURING THE BARRICADE Parameter Authentication Description Choose 802.1X or Pre-shared Key to use as the authentication method. • 802.1X: for the enterprise network with a RADIUS server. See “802.1X” on page 4-34. • Pre-shared key: for the SOHO network environment without an authentication server. Pre-shared key type Select the key type to be used in the Pre-shared Key. Pre-shared Key Type in the key here. 802.1X If 802.
WIRELESS Parameter Description Authentication Enable 802.1x authentication. Session Idle Timeout Defines a maximum period of time for which the connection is maintained during inactivity. Re-Authentication Defines a maximum period of time for which the Period authentication server will dynamically re-assign a session key to a connected client. Quiet Period Defines a maximum period of time for which the ADSL Router will wait between failed authentications.
CONFIGURING THE BARRICADE Wi-Fi Protected Setup (WPS) The Barricade was implemented with the ease-of-use Wi-Fi Protected Setup (WPS). WPS makes a secure wireless network much easier to achieve by using an eight-digit PIN number and the Push Button Control (PBC). Check Enable and click SAVE SETTINGS. Pressing Generate New PIN creates a new Current PIN number. Pressing Restore Default PIN sets the PIN code to the factory default number. Take the following steps for easy network security settings.
WIRELESS PIN Code Setup 1. Power on your client device supporting WPS PIN code method. 2. Start WPS PIN process on client device. For instructions on how to do this refer to the user manual of the client device. 3. Enter the PIN code of client device. Note: The PIN code is generally printed on the bottom of the unit or displayed in the configuration utility. 4. Click the Start PIN button on the screen.
CONFIGURING THE BARRICADE Push Button Configuration (PBC) Method To achieve successful WPS connection, you can use one of the following ways: (1) push and hold the WPS button on your Barricade, or (2) click the Start PBC button on this screen. 1. Power on your network devices such as an access point and client network devices. 2. Press the WPS button for 4 seconds, or click the Start PBC button on the screen. 3. Press the WPS button or click the PBC button on your client devices of your network.
WIRELESS Manual For client devices without WPS, manually configure the device as displayed on the screen.
CONFIGURING THE BARRICADE NAT Network Address Translation allows multiple users to access the Internet sharing one public IP.
NAT Address Mapping Allows one or more public IP addresses to be shared by multiple internal users. This also hides the internal network for increased privacy and security. Enter the Public IP address you wish to share into the Global IP field. Enter a range of internal IPs that will share the global IP into the “from” field.
CONFIGURING THE BARRICADE Virtual Server If you configure the ADSL Router as a virtual server, remote users accessing services such as web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addresses. In other words, depending on the requested service (TCP/UDP port number), the ADSL Router redirects the external service request to the appropriate server (located at another internal IP address).
NAT Special Application Some applications require multiple connections, such as Internet gaming, video-conferencing, and Internet telephony. These applications may not work when Network Address Translation (NAT) is enabled. If you need to run applications that require multiple connections, use these screens to specify the additional public ports to be opened for each application.
CONFIGURING THE BARRICADE NAT Mapping Table This screen displays the current NAPT (Network Address Port Translation) address mappings. NAT Mapping Table displays the current NAPT address mappings. The NAT address mappings are listed 20 lines per page, click the control buttons to move forwards and backwards. As the NAT mapping is dynamic, a Refresh button is provided to refresh the NAT Mapping Table with the mots updated values. The content of the NAT Mapping Table is described as follows.
ROUTING Routing These screens define routing related parameters, including static routes and RIP (Routing Information Protocol) parameters. Static Route Parameter Description Index Check the box of the route you wish to delete or modify. Network Address Enter the IP address of the remote computer for which to set a static route. Subnet Mask Enter the subnet mask of the remote network for which to set a static route. Gateway Enter the WAN IP address of the gateway to the remote network.
CONFIGURING THE BARRICADE Routing Table Parameter Flags Description Indicates the route status: C = Direct connection on the same subnet. S = Static route. R = RIP (Routing Information Protocol) assigned route. I = ICMP (Internet Control Message Protocol) Redirect route. Network Address Destination IP address. Netmask The subnetwork associated with the destination. This is a template that identifies the address bits in the destination address used for routing to specific subnets.
FIREWALL Firewall The Barricade Router’s firewall inspects packets at the application layer, maintains TCP and UDP session information including time-outs and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks. Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. DoS attacks are aimed at devices and networks with a connection to the Internet.
CONFIGURING THE BARRICADE Access Control Access Control allows users to define the outgoing traffic permitted or not-permitted through the WAN interface. The default is to permit all outgoing traffic. The following items are on the Access Control screen: Parameter Description Enable Filtering Function Enable or Disable Access control function. Normal Filtering Table Displays descriptive list of Filtering rules defined.
FIREWALL To create a new access control rule: 1. Click Add PC on the Access Control screen. The Access Control Add PC screen will appear. 2. Define the appropriate settings for client PC services. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BARRICADE MAC Filter The MAC Filter allows you to define what client PC’s can access the Internet. When enabled only the MAC addresses defined in the MAC Filtering table will have access to the Internet. All other client devices will be denied access. You can enter up to 32 MAC addresses in this table. 1. MAC Address Control: select enable or disable. 2. MAC Filtering Table: enter the MAC address in the space provided.
FIREWALL URL Blocking The ADSL Router allows the user to block access to web sites by entering either a full URL address or just a keyword. This feature can be used to protect children from accessing violent or pornographic web sites. You can define up to 30 sites here.
CONFIGURING THE BARRICADE Schedule Rule You may filter Internet access for local clients based on rules. Each access control rule may be activated at a scheduled time. Define the schedule on the Schedule Rule screen, and apply the rule on the Access Control screen.
FIREWALL Follow these steps to add a schedule rule: 1. Click Add Schedule Rule on the Schedule Rule screen. The Edit Schedule Rule screen will appear. 2. Define the appropriate settings for a schedule rule. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BARRICADE Intrusion Detection • Intrusion Detection Feature Stateful Packet Inspection (SPI) and Anti-DoS firewall protection (Default: Enabled) — The Intrusion Detection Feature of the Barricade Router limits access for incoming traffic at the WAN port. When the SPI feature is turned on, all incoming packets will be blocked except for those types marked in the Stateful Packet Inspection section.
FIREWALL • Stateful Packet Inspection This is called a “stateful” packet inspection because it examines the contents of the packet to determine the state of the communications; i.e., it ensures that the stated destination computer has previously requested the current communication.
CONFIGURING THE BARRICADE sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until connection to the specific port is requested. When particular types of traffic are checked, only the particular type of traffic initiated from the internal LAN will be allowed.
FIREWALL • Connection Policy Enter the appropriate values for TCP/UDP sessions as described in the following table. Parameter Defaults Description Fragmentation half-open wait 10 sec Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet.
CONFIGURING THE BARRICADE • DoS Criteria and Port Scan Criteria Set up DoS and port scan criteria in the spaces provided (as shown below). Parameter Defaults Description Total incomplete TCP/UDP sessions HIGH 300 sessions Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions. Total incomplete TCP/UDP sessions LOW 250 sessions Defines the rate of new unestablished sessions that will cause the software to stop deleting halfopen sessions.
FIREWALL DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted twoway Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only use this option as a last resort.
CONFIGURING THE BARRICADE UPnP The Universal Plug and Play architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPnP enables seamless proximity network in addition to control and data transfer among networked devices in the office, home and everywhere within your network.
DDNS DDNS Dynamic Domain Name Service (DDNS) provides users on the Internet with a method to tie their domain name to a computer or server. DDNS allows your domain name to follow your IP address automatically by having your DNS records changed when your IP address changes. This DNS feature is powered by DynDNS.org or TZO.com. With a DDNS connection you can host your own web site, email server, FTP site, and more at your own location even if you have a dynamic IP address.
CONFIGURING THE BARRICADE Tools Use the Tools menu to backup the current configuration, restore a previously saved configuration, update firmware, and reset the Barricade. Configuration Tools Choose a function and click Next. 4-62 • Backup Router Configuration: this allows you to save the Barricade’s configuration to a file. • Restore from saved Configuration file: this function is used to restore the previously saved backup configuration file.
TOOLS Firmware Upgrade Use this screen to update the firmware or user interface to the latest versions. 1. Download the upgrade file from the SMC web site first, and save it to your hard drive. 2. Then click Browse... to look for the downloaded file. Click BEGIN UPGRADE. Check the Status screen Information section to confirm that the upgrade process was successful.
CONFIGURING THE BARRICADE Reset Click REBOOT ROUTER to reset the ADSL Router. The reset will be complete when the power LED stops blinking. If you perform a reset from this screen, the configurations will not be changed back to the factory default settings. Note: If you use the Reset button on the back panel, the Barricade performs a power reset. If the button is pressed for over 10 seconds, all the LEDs will illuminate and the factory default settings will be restored.
TOOLS STATUS The Status screen displays WAN/LAN connection status, firmware, and hardware version numbers, illegal attempts to access your network, as well as information on DHCP clients connected to your network. The security log may be saved to a file by clicking Save and choosing a location. Scroll down to view more information on the Status screen.
CONFIGURING THE BARRICADE The following items are included on the Status screen: Parameter Description INTERNET Displays WAN connection type and status. Renew GATEWAY Click on this button to establish a connection to the WAN. Displays system IP settings, as well as DHCP Server and Firewall status. INFORMATION Displays the number of attached clients, the firmware versions, the physical MAC address for each media interface and for the ADSL Router, as well as the hardware version and serial number.
FINDING THE MAC ADDRESS OF A NETWORK CARD Finding the MAC address of a Network Card WINDOWS NT4/2000/XP Click Start/Programs/Command Prompt. Type “ipconfig /all” and press “ENTER”. The MAC address is listed as the “Physical Address.” MACINTOSH Click System Preferences/Network. The MAC address is listed as the “Ethernet Address” on the TCP/IP tab. LINUX Run the command “/sbin/ifconfig.” The MAC address is the value after the word “HWaddr.
CONFIGURING THE BARRICADE 4-68
APPENDIX A TROUBLESHOOTING This section describes common problems you may encounter and possible solutions to them. The Barricade can be easily monitored through panel indicators to identify problems. Troubleshooting Chart Symptom Action LED Indicators Power LED is off • Check connections between the Barricade, the external power supply, and the wall outlet.
TROUBLESHOOTING Troubleshooting Chart Symptom Action LED Indicators LAN LED is Off • Verify that the Barricade and attached device are powered on. • Be sure the cable is plugged into both the Barricade and the corresponding device. • Verify that the proper cable type is used and that its length does not exceed the specified limits. • Be sure that the network interface on the attached device is configured for the proper communication speed and duplex mode.
TROUBLESHOOTING Troubleshooting Chart Symptom Action Management Problems Cannot connect using the web browser Forgot or lost the password • Be sure to have configured the Barricade with a valid IP address, subnet mask, and default gateway. • Check that you have a valid network connection to the Barricade and that the port you are using has not been disabled. • Check the network cabling between the management station and the Barricade.
TROUBLESHOOTING Troubleshooting Chart Symptom Action Wireless Problems A wireless PC cannot associate with the Barricade. • Make sure the wireless PC has the same SSID settings as the Barricade. See “Channel and SSID” on page 4-26. • You need to have the same security settings on the clients and the Barricade. See “Security” on page 4-29. The wireless network is often interrupted. • Move your wireless PC closer to the Barricade to find a better signal.
APPENDIX B CABLES Ethernet Cable Caution: Do not plug a phone jack connector into an RJ-45 port. For Ethernet connections, use only twisted-pair cables with RJ-45 connectors that conform to FCC standards. Specifications Cable Types and Specifications Cable Type Max. Length Connector 10BASE-T Cat. 3, 4, 5 100-ohm UTP 100 m (328 ft) RJ-45 100BASE-TX Cat. 5 100-ohm UTP 100 m (328 ft) RJ-45 Wiring Conventions For Ethernet connections, a twisted-pair cable must have two pairs of wires.
CABLES Each wire pair must be attached to the RJ-45 connectors in a specific orientation. The following figure illustrates how the pins on an Ethernet RJ-45 connector are numbered. Be sure to hold the connectors in the same orientation when attaching the wires to the pins. Figure B-1. RJ-45 Ethernet Connector Pin Numbers RJ-45 Port Ethernet Connection Use the straight-through CAT -5 Ethernet cable provided in the package to connect the Barricade to your PC.
RJ-45 PORT ETHERNET CONNECTION Pin Assignments With 10BASE-T/100BASE-TX cable, pins 1 and 2 are used for transmitting data, and pins 3 and 6 for receiving data. RJ-45 Pin Assignments Pin Number Assignment* 1 Tx+ 2 Tx- 3 Rx+ 6 Rx- * The “+” and “-” signs represent the polarity of the wires that make up each wire pair. Straight-Through Wiring If the port on the attached device has internal crossover wiring (MDI-X), then use straight-through cable.
CABLES Crossover Wiring If the port on the attached device has straight-through wiring (MDI), use crossover cable.
APPENDIX C SPECIFICATIONS IEEE Standards IEEE 802.3 10 BASE-T Ethernet IEEE 802.3u 100 BASE-TX Fast Ethernet IEEE 802.3, 802.3u, 802.11g, 802.1D LAN Interface 4 RJ-45 10 BASE-T/100 BASE-TX ports Auto-negotiates the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet, and the transmission mode to half-duplex or full-duplex WAN Interface 1 RJ-45 port Indicator Panel Power, WAN, Online, WLAN, LAN 1~4, WPS Dimensions 188 x 133 x 33 mm (7.40 x 5.24 x 1.30 in) Weight 0.285 kg (0.
SPECIFICATIONS Advanced Features Dynamic IP Address Configuration – DHCP, DNS Firewall – Client privileges, hacker prevention and logging, Stateful Packet Inspection Virtual Private Network – PPTP, L2TP, IPSec pass-through, VPN pass-through Internet Standards RFC 826 ARP, RFC 791 IP, RFC 792 ICMP, RFC 768 UDP, RFC 793 TCP, RFC 783 TFTP, RFC 1661 PPP, RFC 1866 HTML, RFC 2068 HTTP Radio Features Wireless RF module Frequency Band 802.11n Radio: 2.4GHz 802.11g Radio: 2.4GHz 802.11b Radio: 2.
SPECIFICATIONS Operating Channels IEEE 802.
SPECIFICATIONS C-4
SMCWBR14S-N SMCWBR11-G
