User Manual

ManualsBrandsBelkin ManualsHardwareHigh Performance Wireless VPN Router N300

User Manual

F9K1004v1 8820-01044 Rev. A00

HigH Performance Wireless n300 VPn

ROUTER

Summary of content (136 pages)

PAGE 1
High Performance Wireless N300 VPN ROUTER User Manual F9K1004v1 8820-01044 Rev.
PAGE 2
Table Of Contents Introduction… . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Requirements . . . .
PAGE 3
Table Of Contents Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
INTRODUCTION Package Contents System Requirements • Belkin Wireless N300 VPN Router • RJ-45 Ethernet Based Internet (ADSL or Cable Modem) • Power Adapter • Computer with Wireless Network function • RJ-45 Ethernet LAN Cable • Windows, Mac OS or Linux based operating systems • CD-ROM with User Manual and Setup Wizard • Internet Explorer or Firefox or Safari Web-Browser Software • Quick Guide 1
PAGE 5
INTRODUCTION Introduction F9K1004 is a Wireless 11N Gigabit VPN Router with 2 attachable antennas that delivers up to 6x faster speeds and 3x extended coverage than 802.11g devices. F9K1004 supports various network with superior throughput and performance and unparalleled wireless range. With its WPS function, it helps users to connect their wireless devices with just a push of a button. There’s also a built-in 4-port full-duplex 10/100/1000 Fast Switch to connect your wired Ethernet devices together.
PAGE 6
INTRODUCTION LED Lights Icon Description Color – Blu e Ligh ts whe n Wirel es s signal is activated . Wireless LAN Blinks when Wireless data transfer and blinks when WPS handshake is initialized. Internet WAN Color – Blu e Steady light-up when ethernet port is plugged in. Blinks when data transfer. LAN Power L AN Color – Blu e Ligh ts whe n wired ne t work device is conne cted to RJ - 45 po r t. Blinks when data transfer occ ur s on RJ - 4 5 por t.
PAGE 7
BEFORE YOU BEGIN Before you Begin Considerations for Wireless Installation This section will guide you through the installation process. Placement of the F9K1004 is very important to avoid poor signal reception and performance. Avoid placing the device in enclosed spaces such as a closet or cabinet.. The operating distance of all wireless devices cannot be predetermined due to a number of unknown obstacles in the environment that the device is placed.
PAGE 8
BEFORE YOU BEGIN Computer Settings (Windows XP/Windows Vista/Windows 7) Windows XP Windows Vista • Click Start button and open Control Panel.
PAGE 9
BEFORE YOU BEGIN • Windows XP, click [Network Connection] • W indows Vista, click [View Network Status and Tasks] then [Manage Network Connections] • Windows 7, click [View Network Status and Tasks] then [Change adapter settings] 6
PAGE 10
BEFORE YOU BEGIN • Right click on [Local Area Connection] and select [Properties].
PAGE 11
BEFORE YOU BEGIN •C heck “Client for Microsoft Networks”, “File and Printer Sharing for Microsoft Networks”, and “Internet Protocol (TCP/IP) is ticked. If not, please install them.
PAGE 12
BEFORE YOU BEGIN •S elect “Obtain an IP Address automatically” and “Obtain DNS server address automatically” then click [OK].
PAGE 13
BEFORE YOU BEGIN Hardware Installation This diagram depicts the hardware configuration: 1. Place the unit in an appropriate location after conducting a site survey. 2. Plug one end of the Ethernet cable into the LAN port of the device and another end into your PC/Notebook. 3. Plug one end of another Ethernet cable to WAN port of the device and the other end into you cable/DSL modem (Internet) 4.
PAGE 14
CONFIGURING YOUR ROUTER This section will show you how to configure the device using the web-based configuration interface. Please use your wireless network adapter to connect the WIRELESS ROUTER. Default Settings IP Address 192.168.2.1 Username / Password admin / admin Wireless Mode Enable Wireless SSID belkin.xxx Wireless Security None Note: xxx represented in the wireless SSID above is the last 3 characters (lowercase) of your device WLAN MAC Address.
PAGE 15
Setup Wizard 1. O pen a web browser (Internet Explorer/Firefox/Safari) and enter the IP Address http://192.168.2.1 2. T he default username and password are admin. Once you have entered the correct username and password, click the OK button to open the web-base configuration page. Note: If you have changed the default LAN IP Address of the WIRELESS ROUTER, ensure you enter the correct IP Address.
PAGE 16
Setup Wizard 3. You will see this webpage if login is successful. 4. Click Wizard to enter the Setup Wizard. Then click Next to begin the wizard.
PAGE 17
Setup Wizard 5. S elect the Operation Mode. Please ensure you have the proper cables connected as described in the Hardware Installation section.
PAGE 18
Setup Wizard AP Router Mode a. The device will search for the correct Internet settings automatically. b. The most appropriate WAN type will be determined and selected automatically. If it is incorrect, please select Others to set up the WAN settings manually.
PAGE 19
Setup Wizard c. T here are many WAN service types available. Please obtain the correct settings from your Internet Service Provider (ISP).
PAGE 20
Setup Wizard Static IP Address If your ISP Provider has assigned you a fixed IP address, enter the assigned IP address, Subnet mask, Default Gateway IP address, and Primary DNS and Secondary DNS (if available) of your ISP provider.
PAGE 21
Setup Wizard Dynamic IP Address The IP Address is allocated automatically. However some ISP’s will also recognize the MAC address and will reject connections if the MAC address does not match. If your ISP has recorded the MAC address of your computer’s Ethernet LAN card, please connect only the computer with the authorized MAC address, and click the Clone MAC Address button. This will replace the AP Router MAC address to the computer MAC address.
PAGE 22
Setup Wizard PPP over Ethernet ISP requires an account username and password. PPP over Ethernet 19 Username Username assigned to you by the ISP Password Password for this username. Service You can assign a name for this service. (Optional) MTU The maximum size of packets. Do not change unless mentioned by the ISP.
PAGE 23
Setup Wizard Point-to-Point Tunneling Protocol (PPTP) PPTP is used by some ISPs.
PAGE 24
Setup Wizard PPTP WAN Interface Settings WAN Interface Type Select whether the ISP is set to Static IP or Dynamic IP address. Hostname This is optional. Only required if specified by ISP MAC address The MAC address that is used to connect to the ISP. PPTP Settings Login Username assigned to you by the ISP Password Password for this username. Service IP Address The IP Address of the PPTP server. Connection ID This is optional. Only required if specified by ISP MTU The maximum size of packets.
PAGE 25
Setup Wizard Layer-2 Tunneling Protocol (L2TP) L2TP is used by some ISPs.
PAGE 26
Setup Wizard L2TP WAN Interface Settings WAN Interface Type Select whether the ISP is set to Static IP or Dynamic IP address. Hostname This is optional. Only required if specified by ISP MAC address The MAC address that is used to connect to the ISP. L2TP Settings Login Username assigned to you by the ISP Password Password for this username. Service IP Address The IP Address of the PPTP server. MTU The maximum size of packets. Do not change unless mentioned by the ISP.
PAGE 27
Setup Wizard d. Choose the level of wireless security. Belkin recommends the Highest level of security. Note: 802.11n wireless speeds may not be achievable if the security level is setting the Lowest or Low. SSID Enter the name of your wireless network. Key Enter the security key for your wireless network.
PAGE 28
Setup Wizard e. Check the settings are correct, and then click Reboot to apply the settings.
PAGE 29
VPN Wizard Using the VPN Wizard, you can establish VPN connection easily. Please refer to page 99.
PAGE 30
SYSTEM Status This page will display the status of the device. Status Model Description of this device. Mode The mode the device is currently in. Uptime The duration of time the device has been operating without powering down or rebooting. Current Date/Time The device’s system time. If this is incorrect, please set the time in the Tools / Time page. Hardware version and Serial Number Hardware information for this device. Application version Firmware information for this device.
PAGE 31
SYSTEM WAN Settings Attain IP Protocol Method used to connect to the Internet. IP address The WAN IP Address of the device. Subnet Mask The WAN Subnet Mask of the device. MAC address The MAC address of the device’s WAN Interface. Primary and Secondary DNS Primary and Secondary DNS servers assigned to the WAN connection.
PAGE 32
SYSTEM LAN Settings IP address The LAN IP Address of the device. Subnet Mask The LAN Subnet Mask of the device. DHCP Server Whether the DHCP server is Enabled or Disabled. MAC address The MAC address of the device’s LAN Interface.
PAGE 33
SYSTEM WLAN Settings Channel The wireless channel in use. ESSID The SSID (Network Name) of the wireless network. (up to 4 SSIDs are supported) Security Wireless encryption is enabled for this SSID. BSSID The MAC address of this SSID. Associated Clients The number of wireless clients connected to this SSID.
PAGE 34
SYSTEM LAN This page allows you to modify the device’s LAN settings.
PAGE 35
SYSTEM LAN IP IP address The LAN IP Address of this device. IP Subnet Mask The LAN Subnet Mask of this device. 802.1d Spanning Tree When Enabled, the Spanning Tree protocol will prevent network loops in your LAN network.
PAGE 36
SYSTEM DHCP Server DHCP Server The DHCP Server automatically allocates IP addresses to your LAN device. Lease Time The duration of time that the DHCP server will allocate each IP address to a LAN device. Start / End IP The range of IP addresses that the DHCP server will allocate to a LAN device. Domain name The domain name for this LAN network.
PAGE 37
SYSTEM Two DNS servers can be assigned for use by your LAN device. There are four modes available. DNS Servers From ISP The DNS server IP address is assigned from your ISP. User-Defined The DNS server IP address is assigned manually. DNS Relay LAN clients are assigned the device’s IP address as the DNS server.
PAGE 38
SYSTEM DHCP This page shows the status of the DHCP server and also allows you to control how the IP addresses are allocated.
PAGE 39
SYSTEM The DHCP Client Table shows the LAN clients that have been allocated an IP address from the DHCP Server DHCP Client Table IP address The LAN IP address of the client. MAC address The MAC address of the client’s LAN interface. Expiration Time The time that the allocated IP address will expire. Refresh Click this button to update the DHCP Client Table.
PAGE 40
SYSTEM You can also manually specify the IP address that will be allocated to a LAN client by associating the IP address with its MAC address. Type the IP address you would like to manually assign to a specific MAC address and click Add to add the condition to the Static DHCP Table.
PAGE 41
SYSTEM Schedule This page allows you to setup the schedule times that the Firewall and Power Saving features will be activated / deactivated. Click Add to create a Schedule entry.
PAGE 42
SYSTEM Schedule Schedule Description Assign a name to the schedule. Service The service provides for the schedule. Days Define the Days to activate or deactivate the schedule. Time of day Define the Time of day to activate or deactivate the schedule. Please use a 24-hour clock format.
PAGE 43
SYSTEM Log This page displays the system log of the device. When powered down or rebooted, the log will be cleared. Log Save Save the log to a file. Clear Clear the log. Refresh Update the log.
PAGE 44
SYSTEM Language This page allows you to change the Language of the User Interface.
PAGE 45
INTERNET The Internet section allows you to manually set the WAN type connection and its related settings. Status This page shows the current status of the device’s WAN connection.
PAGE 46
internet Dynamic IP Address The IP Address is allocated automatically. However some ISP’s will also recognize the MAC address and will reject connections if the MAC address does not match. If your ISP has recorded the MAC address of your computer’s Ethernet LAN card, please connect only the computer with the authorized MAC address, and click the Clone MAC button. This will replace the AP Router MAC address to the computer MAC address. The correct MAC address is used to initiate the connection to the ISP.
PAGE 47
internet Static IP Address If your ISP Provider has assigned you a fixed IP address, enter the assigned IP address, Subnet mask, Default Gateway IP address, and Primary DNS and Secondary DNS (if available) of your ISP provider. Static IP Address IP address Assign an IP address Manually. IP Subnet Mask Specify an IP address’s subnet mask. Default Gateway Specify the gateway of your network. Primary DNS Specify the primary DNS server’s IP address.
PAGE 48
internet PPP over Ethernet ISP requires an account username and password 45
PAGE 49
internet PPP over Ethernet (PPPoE) Username Username assigned to you by the ISP Password Password for this username. Service You can assign a name for this service. (Optional) MTU The maximum size of packets. Do not change unless mentioned by the ISP. Authentication type Select whether the ISP uses PAP or CHAP methods for authentication. Select Auto if unsure. You can choose the method that the router maintains the connection with the ISP.
PAGE 50
internet Point-to-Point Tunneling Protocol (PPTP) PPTP is used by some ISPs.
PAGE 51
internet Point-to-Point Tunneling Protocol (PPTP) WAN Interface Type Select whether the ISP is set to Static IP or will allocate a Dynamic IP address. Hostname This is optional. Only required if specified by ISP. MAC address The MAC Address that is used to connect to the ISP. Username Username assigned to you by the ISP. Password Password for this username. Service IP Address The IP Address of the PPTP server. Connection ID This is optional. Only required if specified by ISP.
PAGE 52
internet Layer-2 Tunneling Protocol (L2TP) L2TP is used by some ISPs..
PAGE 53
internet Layer-2 Tunneling Protocol (L2TP) WAN Interface Type Select whether the ISP is set to Static IP or will allocate a Dynamic IP address. Hostname This is optional. Only required if specified by ISP MAC address The MAC Address that is used to connect to the ISP. Username Username assigned to you by the ISP Password Password for this username. Service IP Address The IP Address of the L2TP server. MTU The maximum size of packets. Do not change unless mentioned by the ISP.
PAGE 54
WIRELESS The Wireless section allows you to configure the Wireless settings. Basic This page shows the current status of the device’s Wireless settings.
PAGE 55
WIRELESS Basic Radio Enable or Disable the device’s wireless signal. Mode Select between Access Point or Wireless Distribution System (WDS) modes. Band Select the types of wireless clients that the device will accept. e.g.: 2.4 GHz (B+G+N) Only 802.11b and 11g clients will be allowed. Enable SSID# Select the number of SSID’s (Wireless Network names) you would like. You can create up to 4 separate wireless networks. SSID# Enter the name of your wireless network. You can use up to 32 characters.
PAGE 56
WIRELESS Wireless Distribution System (WDS) Use WDS to connect Access Point wirelessly. Doing so extends a wired infrastructure to locations where cabling is not possible or inefficient to implement. Note that compatibility between different brands and models is not guaranteed. It is recommended that the WDS network be created using the same models for maximum compatibility. Also note that all Access Points in the WDS network needs to use the same Channel and Security settings.
PAGE 57
WIRELESS Advanced This page allows you to configure wireless advance settings. It is recommended the default settings are used unless the user has experience with these functions.
PAGE 58
WIRELESS Advanced Fragment Threshold Specifies the size of the packet per fragment. This function can reduce the chance of packet collision. However when this value is set too low, there will be increased overheads resulting in poor performance. RTS Threshold When the packet size is smaller than the RTS Threshold, then the packet will be sent without an RTS/CTS handshake which may result in an incorrect transmission. Beacon Interval The time interval that the device broadcasts a beacon.
PAGE 59
WIRELESS Security This page allows you to set the wireless security settings.
PAGE 60
WIRELESS Security SSID Selection Select the SSID that the security settings will apply to. Broadcast SSID If Disabled, the device will not broadcast the SSID. It will be invisible to wireless clients. WMM Wi-Fi Multi-Media is a Quality of Service protocol which prioritizes traffic in the order according to voice, video, best effort, and background. Encryption Note that in certain situations, WMM needs to be enabled to achieve 11n transfer speeds. The encryption method to be applied.
PAGE 61
WIRELESS IEEE 802.1x is an authentication protocol. Every user must use a valid account to login to this Access Point before accessing the wireless LAN. The authentication is processed by a RADIUS server. This mode only authenticates users by IEEE 802.1x, but it does not encrypt the data during communication. 802.1x Authentication RADIUS Server IP Address The IP Address of the RADIUS Server RADIUS Server port The port number of the RADIUS Server. RADIUS Server password The RADIUS Server’s password.
PAGE 62
WIRELESS WEP Encryption: WEP Encryption Authentication Type Please ensure that your wireless clients use the same authentication type. Key type ASCII: regular text (recommended) HEX: for advanced users Key Length Default Key Encryption Key # Select the desired option, and ensure the wireless clients use the same setting. • 6 4 Bit - data is encrypted, using the default key, before being transmitted. You must enter at least the default key.
PAGE 63
WIRELESS WPA RADIUS Encryption: WPA RADIUS Encryption WPA type Select the WPA encryption you would like. Please ensure that your wireless clients use the same settings. RADIUS Server IP address Enter the IP address of the RADIUS Server. RADIUS Server Port Enter the port number used for connections to the RADIUS server. RADIUS Server password Enter the password required to connect to the RADIUS server.
PAGE 64
WIRELESS WPA Pre-Shared Key Encryption: WPA Pre-Shared Key Encryption Authentication Type WPA type Pre-shared Key Type Pre-shared Key Please ensure that your wireless clients use the same authentication type. Select the WPA encryption you would like. Please ensure that your wireless clients use the same settings. Select whether you would like to enter the Key in HEX or Passphrase format. Wireless clients must use the same key to associate the device.
PAGE 65
WIRELESS Filter This page allows you to create filters to control which wireless clients can connect to this device by only allowing the MAC addresses entered into the Filtering Table.
PAGE 66
WIRELESS Wireless Filter Enable Wireless Access Control Check the box to Enable Wireless Access Control. Description Enter a name or description for this entry. MAC address Enter the MAC address of the wireless client that you wish to allow a connection. Add Click this button to add the entry. Reset Click this button if you have made a mistake and want to reset the MAC address and Description fields. When Enabled, only wireless clients on the Filtering Table will be allowed.
PAGE 67
WIRELESS Wi-Fi Protected Setup (WPS) WPS feature is follows the Wi-Fi Alliance WPS standard and it eases the setup of security-enabled Wi-Fi networks in the home and small office environment. It reduces the user steps required to configure a network and supports two methods that are familiar to most consumers for configuring a network and enabling security.
PAGE 68
WIRELESS Wi-Fi Protected Setup (WPS) WPS Check to Enable the WPS feature. WPS Button Check to Enable the WPS push button. Wi-Fi Protected Setup Information WPS Current Status Shows whether the WPS function is Configured or Un-configured. Configured means that WPS has been used to authorize a connection between the device and wireless clients. SSID The SSID (wireless network name) used when connecting using WPS. Authentication Mode Shows the encryption method used by the WPS process.
PAGE 69
WIRELESS Initializing WPS Feature There are two methods to initialize the WPS feature: Push Button and Pin Code methods. 1. WPS Push Button Method 2. Pin Code Method Push the WPS button on the F9K1004, the Wireless LED light will start to flash when WPS process is ready. Note the Pin code of your WIRELESS ROUTER device. While the Wireless LED is flashing on the F9K1004, press the WPS button on your wireless client. This could either be a physical hardware button, or a software button in the utility.
PAGE 70
WIRELESS Client List This page shows the wireless clients that are connected to the WIRELESS ROUTER device.
PAGE 71
WIRELESS Policy This page allows you to configure the access policies for each SSID (wireless network). Policy WAN Connection Allow wireless clients on this SSID to access the WAN port which typically is an Internet connection. Communication between Wireless clients Dictates whether or not each wireless client can communicate with each other in this SSID. When Disabled, the wireless clients will be isolated from each other.
PAGE 72
firewall The Firewall section allows you to set the access control and Firewall settings. Enable Advanced This page allows you to Enable / Disable the Firewall features. If Enabled Firewall service, the Denial of Service (DoS) and SPI (Stateful Packet Inspection) features will also be enabled. You can choose whether to allow VPN (Virtual Private Network) packets to pass through the Firewall.
PAGE 73
firewall DMZ Denial of Service (DoS) If enabled this feature, allows the DMZ computer on your LAN to be exposed to all users on the Internet. Denial of Service (Denial of Service) is a type of Internet attack that sends a high amount of data to you with the intent to overload your Internet connection. Enable the DoS firewall feature to automatically detect and block these DoS attacks. • This allows almost any application to be used on the server.
PAGE 74
firewall MAC Filter You can choose whether to Deny or Allow those computers listed in the MAC Filtering table access to the Internet. MAC Filter Enable MAC filtering Check this box to Enable the MAC filtering feature. Deny all clients with MAC addresses listed below to access the network When selected, the computers listed in the MAC Filtering table will be Denied access to the Internet.
PAGE 75
firewall IP Filter You can choose whether to Deny or Allow computers with IP Addresses listed from accessing certain Ports. This can be used to control which Internet applications the computers can access. You may need to have knowledge of what Internet ports the applications use. IP Filter Enable IP filtering Check this box to Enable the IP filtering feature.
PAGE 76
firewall URL Filter You can deny access to certain websites by blocking keywords in the URL web address. For example, “gamer” has been added to the URL Blocking Table. Any web address that includes “gamer” will be blocked.
PAGE 77
advanced The Advanced section allows you to configure the Advanced settings of the router. Network Address Translation (NAT) This page allows you to Enable / Disable the Network Address Translation (NAT) and Network Turbine features. NAT is required to share one Internet account with multiple LAN users. Enabling Network Turbine will speed up your NAT throughput. It is required for certain Firewall features to work properly, but may cause software compatibility issues.
PAGE 78
advanced Port Mapping Port Mapping allows you to redirect a particular range of ports to a computer on your LAN network. This helps you host servers behind the NAT and Firewall. Port Mapping Enable Port Mapping Check this box to Enable the Port Mapping feature. Description Enter a name or description to help you identify this entry. Local IP The local IP address of the computer the server is hosted on. Protocol Select to apply the feature to either TCP, UDP or Both types of packet transmissions.
PAGE 79
advanced Port Forwarding Port Forwarding allows you to redirect a particular public port to a computer on your LAN network. This helps you host servers behind the NAT and Firewall. In the example below, there is a WEB Server running on port 80 on the LAN. For security reasons, the Administrator would like to provide this server to Internet connection on port 1000. There is a connection from the Internet on port 1000 and it will be forwarded to the computer with the IP address 192.168.2.
PAGE 80
advanced Port Trigger If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the Wireless Router’s firewall. A Port Trigger will be required for these applications to work. Port Trigger Enable Port Forwarding Check this box to Enable the Port Trigger feature. Popular applications This is a list of some common applications with preset settings.
PAGE 81
advanced Application Layer Gateway (ALG) Certain applications may require the use of the ALG feature to function correctly. If you use any of the applications listed, please check and select it to enable this feature.
PAGE 82
advanced Universal Plug and Play (UPnP) The UPnP function allows automatic discovery and configuration of UPnP enabled devices on your network. It also provides automatic port forwarding for supported applications to seamlessly bypass the Firewall. Universal Plug and Play (UPnP) Enable the UPnP Feature Check this box to Enable the UPnP feature to allow supported devices to be visible on the network.
PAGE 83
advanced Quality of Service (QoS) QoS refers to the capability of a network to provide better service to selected network traffic. This is to ensure that applications get enough Internet bandwidth for a pleasant user experience. If not, then the performance and user experience of time sensitive transmissions such as voice and video could be very poor. In order for this feature to function properly, the user should first set the Uplink and Downlink bandwidth provided by your Internet Service Provider.
PAGE 84
advanced Priority Queue Method Bandwidth priority is set to either High or Low. The transmissions in the High queue will be processed first. Unlimited Priority Queue Local IP Address Traffic to this IP address will not be affected by QoS rules. High / Low Priority Queue Protocol The type of network protocol. High / Low Priority Sets the protocol to High or Low priority. Specific Port Each protocol uses a specific port range. Please specify the ports used by this protocol.
PAGE 85
advanced Bandwidth Allocation Method You can set the maximum amount of bandwidth a certain protocol will use at one time. Or you can set a minimum amount of bandwidth that will be guaranteed to a certain protocol. Bandwidth Allocation Type Set the QoS rules to apply to transmissions that are Downloaded/Uploaded or Both directions. Local IP range Enter the IP address range of the computers that you would like the QoS rules to apply to.
PAGE 86
advanced Routing If your WIRELESS ROUTER device is connected to a network with different subnets, then this feature will allow the different subnets to communicate with each other. Static Routing Enable Static Routing Check this box to Enable the Static Router feature. Destination LAN IP Enter the IP address of the destination LAN. Subnet Mask Enter the Subnet Mask of the destination LAN IP address Default Gateway Enter the IP address of the Default Gateway for this destination IP and Subnet.
PAGE 87
advanced Destination Subnet Mask Gateway Hop Interface 192.168.11.0 255.255.255.0 192.168.2.216 1 LAN 192.168.10.0 255.255.255.0 192.168.2.103 1 LAN For example, if Client3 wants to send an IP data packet to 192.168.10.2 (Client 2), it will use the above table to determine that it has to go via 192.168.2.103 (Router 2) If it sends Packets to 192.168.11.11 (Client 1) will go via 192.168.2.
PAGE 88
VPN A Virtual Private Network (VPN) provides a secure connection between two or more computers or protected networks over the public Internet. It provides authentication to ensure that the information is going to and from the correct parties. It provides security to protect the information from being viewed or being tampered with en route. F9K1004 supports IPSec (Site to Site, Remote to Site), L2TP over IPSec and L2TP methods to establish VPN connections. The maximum VPN session number is up to 5.
PAGE 89
VPN Status This page displays the connect status of VPN connection. You can select one of them to connect or disconnect the VPN connection. Note: If connection type is remote dial-in (Client to Site or L2TP over IPSec), you can’t disconnect this session manually.
PAGE 90
VPN Profile Setting This page allows you to Enable, Add, Edit and Delete VPN profiles. Profile Setting Enable Check the box to Enable the VPN profile. Add Click this button to add the entry. Edit Select one profile and click this button to edit the entry. Delete Selected Delete the selected entries.
PAGE 91
VPN IPSec IPSec (Internet Protocol Security) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPSec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.
PAGE 92
VPN General Name Enter a name for your VPN policy. Connection Type Supports IPSec, L2TP over IPSec and L2TP methods to establish VPN connection. Authentication Type Supports pre-shared key method for authentication. Shared Key Enter the Shared Key in box. (example: 1234567890) Confirm Enter your Shared Key again for verification. Local ID Type Supports IP Address, Domain Name, Email Address methods for Local ID Type. Local ID Enter an ID to identify and authenticate the local VPN endpoint.
PAGE 93
VPN SA (Security Association) A Security Association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithms and mode; traffic encryption keys; and parameters for the network data to be passed over the connection. Establishment of an SA is described in RFC 2408, the Internet Security Association and Key Management Protocol. This page allows you to configure SA.
PAGE 94
VPN SA (Security Association) IKE (Phase 1) Proposal Exchange Select Main Mode or Aggressive Mode for IKE Phase 1 negotiation. • M ain Mode: Select this option to configure the standard negotiation parameters for IKE Phase 1 of the VPN Tunnel. (Recommended Setting) • A ggressive Mode: Select this option to configure IKE Phase 1 of the VPN Tunnel to carry out negotiation in a shorter amount of time.
PAGE 95
VPN Network This page allows you to configure the VPN server and local/remote subnet. Network Security Gateway Type Security Gateway Type supports IP Address and Domain Name. Select one of them. Security Gateway The IP address or domain name of the VPN server. Local Network Enter the local (LAN) subnet and mask. (ex. 192.168.2.0/255.255.255.0) Remote Network Enter the remote subnet and mask. (ex. 192.168.9.0/255.255.255.
PAGE 96
VPN Advanced This page allows you to configure advanced VPN settings. Advanced NAT Traversal Enabling NAT Traversal allows IPSec traffic from this endpoint to traverse through the translation process during NAT. The remote VPN endpoint must also support this feature and it must be enabled to function properly over the VPN. Dead Peer Detection Enable DPD (Dead Peer Detection) to delete the VPN tunnel if there is no traffic detected.
PAGE 97
VPN L2TP over IPSec L2TP over IPSec VPNs enable a business to transport data over the Internet, while still maintaining a high level of security to protect data. You can use this type of secure connection for small or remote office clients that need access to the corporate network. You can also use L2TP over IPSec VPNs for routers at remote sites by using the local ISP and creating a demand-dial connection into corporate headquarters. General The page allows you to configure the general VPN settings.
PAGE 98
VPN Network L2TP L2TP Network Authentication Select the desired authentication protocol (PAP, CHAP, MSCHAP_V2). Select MSCHAP_V2 by default Server IP Assign the VPN Server IP address. (example: 192.168.99.1) Account Select accounts form available Users to member for authentication. You should set these available users in user setting page. Remote IP Range Assign a range of IP addresses. The assigned IP range should be on the same range as the Server IP (example: 192.168.99.
PAGE 99
VPN L2TP General L2TP (The Layer 2 Tunnel Protocol) is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
PAGE 100
VPN Network L2TP L2TP Network Authentication Select the desired authentication protocol (PAP, CHAP, MSCHAP_V2). Select MSCHAP_V2 by default Server IP Assign the VPN Server IP address. (example: 192.168.99.1) Account Select accounts form available to member for authentication. You should set these available users in user setting page. Remote IP Range Assign a range of IP addresses. The assigned IP range should be on the same range as the Server IP (example: 192.168.99.
PAGE 101
VPN User Setting This page display the available users of VPN connection. You can add and delete the VPN available users here. You can enter the user name and password then click Add button to add a user. You can select users in Current VPN User Table then click Delete Selected button to delete users. User Setting 98 Name User’s name to be setup Password Assign password Confirm Re-enter password Add Create the user account Reset Clear the input box Delete Selected Delete the selected entries.
PAGE 102
VPN Wizard You can use Wizard to create a VPN profile easily. 1. Click Next button to begin the wizard. 2. E nter the VPN policy name then click the Next button to next page.
PAGE 103
VPN 3. Y ou can select [IPSec] or [L2TP over IPSec] or [L2TP] in this page then click the Next button to go to the next page. If you select [IPSec] then go to step “a.” If you select [L2TP over IPSec] then go to step “b.” if you select [L2TP] then go to step “c.” a. I PSec You can select [Client to Site] or [Site to Site] in this page then click the Next button to go to the next page. Note. If you select [Client to Site], you will skip Step 4.
PAGE 104
VPN Enter the Security Gateway and remote network. Then click the Next button to go to the next page. b. L 2TP over IPSec Enter the username, password and VPN server IP setting. Then click the Next button to go to the next page.
PAGE 105
VPN 4. Enter the shared key for the VPN connection c. L 2TP Enter the username, password and VPN server IP setting. Then click the Next button to go to the next page.
PAGE 106
VPN 5. S etup successful, enable this policy immediately. If you don’t want to enable this policy, you can un-check the box. Then click the Apply button to apply the settings.
PAGE 107
VPN How to establish an L2TP over IPSec VPN connection on Windows XP 1. Click the Start button and open Control Panel. 2. C lick [Network Connections], double click [New Connection Wizard] then click the Next button.
PAGE 108
VPN 3. S elect [Connect to the network at my workplace] then click the Next button. 4. S elect [Virtual Private Network connection] then click the Next button.
PAGE 109
VPN 5. E nter the [Company Name] then click the Next button. 6. S elect [Do not dial the initial connection] then click the Next button.
PAGE 110
VPN 7. E nter the VPN server IP address then click the Next button. 8. S elect [Do not use my smart card] then click the Next button.
PAGE 111
VPN 9. C lick the Finish button to complete the wizard. 10. C lick the Properities button.
PAGE 112
VPN 11. I n Security, select [Advanced (custom settings)] then click the Settings button. 12. C heck [Unencrypted password (PAP)] and [Challenge Handshake Authentication Protocol (CHAP)] then click the OK button.
PAGE 113
VPN 13. C lick [IPSec Settings] then check [Use pre-shared key for authentication], Enter the Key then click the OK button. 14. I n Networking, select [L2TP IPSec VPN] then click the OK button.
PAGE 114
VPN 15. C lick the Connect button to connect VPN connection. 16.
PAGE 115
VPN How to establish an L2TP over IPSec VPN connection in Windows 7 1. C lick the Start button and open Control Panel. 2.
PAGE 116
VPN 3.
PAGE 117
VPN 4. E nter the VPN server IP address: [Internet address], [Destination name] and check [Don’t connect now; just set it up so I can connect later], then click the Next button. 5. E nter the correct User name and Password then click the Create button.
PAGE 118
VPN 7. C lick [Change adapter settings] in Step 2, then select VPN Connection and click [Change settings of this connection] 6. C lick the Close button to close the VPN connection settings.
PAGE 119
VPN 8. C hange Type of VPN to [Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)] and check [Unencrypted password (PAP)] in Security. 9. C lick the Advanced settings button and select [Use preshared key for authentication] and enter the correct key. Then click the OK button.
PAGE 120
VPN 10. D ouble click the VPN Connection then click the Connect button. 11. You can see that the VPN Connection has been established.
PAGE 121
TOOLS This section allows you to configure certain device system settings. Admin This page allows you to change the system password and to configure remote management. Change Password Old Password: Enter the current password. New Password: Enter your new password. Repeat New Password: Enter your new password again for verification. Remote Management Host Address: You can only perform remote management from the specified IP address. Leave blank to allow any host to perform remote management.
PAGE 122
TOOLS Time This page allows you to set the system time. Time Time Setup: Select the method you want to set the time. Time Zone: Select the time zone for your current location. NTP Time Server: Enter the address of the Network Time Protocol (NTP) Server to automatically synchronize with a server on the Internet. Daylight Savings: Check if daylight savings applies to your area.
PAGE 123
TOOLS Dynamic DNS (DDNS) This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.
PAGE 124
TOOLS DDNS Services work as follows: 1. You must register for the service at one of the listed DDNS Service providers. 2. A fter registration, use the Service provider’s normal procedure to obtain your desired Domain name. 3. E nter your DDNS data on the F9K1004’s DDNS screen, and enable the DDNS feature. 4. T he Wireless Router will then automatically ensure that your current IP Address is recorded at the DDNS service provider’s Domain Name Server. 5.
PAGE 125
TOOLS Power This page allows you to Enable or Disable the wireless LAN power saving features.
PAGE 126
TOOLS Diagnosis This page allows you to determine if the WIRELESS ROUTER device has an active Internet connection. Diagnosis Address to Ping: Enter the IP address you would like to Ping. Ping Result: Results of the Ping test.
PAGE 127
TOOLS Firmware The firmware (software) in the F9K1004 can be upgraded using your Web Browser. Go to http://www.belkin.com/support/ , to download available firmware update for the F9K1004. To perform the Firmware Upgrade: 1. C lick the Browse button and navigate to the location of the upgrade file. 2. S elect the upgrade file. Its name will appear in the field next to the Browse Button. 3. C lick the Apply button to complete the firmware upgrade.
PAGE 128
TOOLS Back-up Back-up Restore to factory default: Restores the device to its factory default settings. Backup Settings: Save the current configuration settings to a file. Restore Settings: Restores a previously saved configuration file. Click Browse to select the file. Then Upload to load the settings.
PAGE 129
TOOLS Reset In some circumstances it may be required to force the device to reboot.
PAGE 130
Technical Support, Warranty, FCC Statement Technical Support US http://www.belkin.com/support UK http://www.belkin.com/uk/support Australia http://www.belkin.com/au/support New Zealand http://www.belkin.com/au/support Singapore 1800 622 1130 Europe http://www.belkin.
PAGE 131
Technical Support, Warranty, FCC Statement Belkin International, Inc., Limited 2-Year Product Warranty What is not covered by this warranty? All above warranties are null and void if the Belkin product is not provided to Belkin for inspection upon Belkin’s request at the sole expense of the purchaser, or if Belkin determines that the Belkin product has been improperly installed, altered in any way, or tampered with.
PAGE 132
Technical Support, Warranty, FCC Statement Belkin reserves the right to review the damaged Belkin product. All costs of shipping the Belkin product to Belkin for inspection shall be borne solely by the purchaser. If Belkin determines, in its sole discretion, that it is impractical to ship the damaged equipment to Belkin, Belkin may designate, in its sole discretion, an equipment repair facility to inspect and estimate the cost to repair such equipment.
PAGE 133
Technical Support, Warranty, FCC Statement How state law relates to the warranty. THIS WARRANTY CONTAINS THE SOLE WARRANTY OF BELKIN. THERE ARE NO OTHER WARRANTIES, EXPRESSED OR, EXCEPT AS REQUIRED BY LAW, IMPLIED, INCLUDING THE IMPLIED WARRANTY OR CONDITION OF QUALITY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND SUCH IMPLIED WARRANTIES, IF ANY, ARE LIMITED IN DURATION TO THE TERM OF THIS WARRANTY.
PAGE 134
Technical Support, Warranty, FCC Statement FCC Statement Federal Communications Commission Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. DECLARATION OF CONFORMITY WITH FCC RULES FOR ELECTROMAGNETIC COMPATIBILITY We, Belkin International, Inc., of 12045 E.
PAGE 135
Technical Support, Warranty, FCC Statement Canada-Industry Canada (IC) The wireless radio of this device complies with RSS 139 & RSS 210 Industry Canada. This Class B digital apparatus complies with Canadian ICES-003. Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
PAGE 136
© 2012 Belkin International, Inc. All rights reserved. All trade names are registered trademarks of respective manufacturers listed. Safari is a trademark of Apple Inc., registered in the U.S. and other countries. Internet Explorer is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.