ADMINISTRATION GUIDE Cisco Small Business RV215W Wireless-N VPN Firewall
Contents Chapter 1: Introduction 7 Verifying the Hardware Installation 7 Using the Setup Wizard 8 Configuration Next Steps 9 Using the Getting Started Page 9 Saving Changes Connecting to Your Wireless Network Chapter 2: Viewing the Cisco RV215W Status 11 11 12 Viewing the Dashboard 12 Viewing the System Summary 14 Viewing the Wireless Statistics 17 Viewing the VPN Status 18 Viewing the IPSec Connection Status 19 Viewing Logs 20 Viewing Connected Devices 21 Viewing Port Statist
Contents Configuring a Mobile Network 31 Global Settings 31 Moble Network Setup 32 Bandwidth Cap Setting 33 E-mail Setting 34 Setting Failover and Recovery Configuring the LAN Settings 34 35 Changing the Device Management IP Address 36 Configuring DHCP Server 37 Configuring VLANs 38 Configuring Static DHCP 40 Viewing DHCP Leased Clients 41 Configuring a DMZ Host 41 Configuring RSTP 42 Port Management 43 Cloning the MAC Address 45 Configuring Routing 45 Configuring the Oper
Contents Chapter 3: Configuring the Wireless Network Wireless Security 64 64 Wireless Security Tips 64 General Network Security Guidelines 66 Cisco RV215W Wireless Networks 66 Configuring Basic Wireless Settings 67 Editing the Wireless Network Settings 69 Configuring the Security Mode 70 Configuring MAC Filtering 73 Configuring Time of Day Access 74 Configuring the Wireless Guest Network 74 Configuring Advanced Wireless Settings 76 Configuring WDS 79 Configuring WPS 80 Chapter 4:
Contents Chapter 5: Configuring VPN 98 VPN Tunnel Types 98 VPN Clients 99 Configuring PPTP 99 Configuring NetBIOS Over VPN 100 Creating and Managing PPTP Users 100 Creating and Managing QuickVPN Users 101 Importing VPN Client Settings 102 Configuring Basic VPN Settings (Site-to-Site VPN) Viewing Default Values Configuring Advanced VPN Parameters 103 104 105 Managing IKE Policies 105 Managing VPN Policies 106 Adding or Editing IKE Policies 106 Adding or Editing VPN Policies 108 C
Contents Configuring Simple Network Management (SNMP) 123 Configuring SNMP System Information 123 Editing SNMPv3 Users 124 Configuring the SNMP Traps 125 Using Diagnostic Tools 126 Network Tools 126 Configuring Port Mirroring 128 Configuring Logging 128 Configuring Logging Settings 128 Configuring the E-Mailing of Logs 130 Configuring Bonjour 132 Configuring Date and Time Settings 132 Backing Up and Restoring the System 133 Backing Up the Configuration Settings 134 Restoring the
1 Introduction This chapter provides information toguide you through the installation process, and get started using the browser-based Device Manager. • Verifying the Hardware Installation • Using the Setup Wizard • Using the Getting Started Page • Connecting to Your Wireless Network Verifying the Hardware Installation Configure the device to connect to your wired and wireless networks by using the Cisco RV215W Wireless-N VPN Firewall Quick Start Guide. ! CAUTION Use the 12V, 1.
1 Introduction Using the Setup Wizard Using the Setup Wizard The Setup Wizard and Device Manager are supported on Microsoft Internet Explorer 6.0 or later, Mozilla Firefox 3.0 or later, and Apple Safari 3.0 or later. To use the Setup Wizard: STEP 1 Start the computer that you connected to a LAN port. Your computer becomes a DHCP client of the Cisco RV215W and receives an IP address in the 192.168.1.xxx range. STEP 2 Launch a web browser and enter 192.168.1.1 in the Address bar.
1 Introduction Using the Getting Started Page Configuration Next Steps Although the Setup Wizard automatically configures the Cisco RV215W, we suggest customizing some settings to provide better security and performance: • If you already have a DHCP server on your network and you do not want the Cisco RV215W to act as a network DHCP server, disable the server. See Configuring the LAN Settings. • Configure your Virtual Private Network (VPN) by using QuickVPN.
Introduction Using the Getting Started Page 1 Configure WAN Settings Opens the Internet Setup page to change parameters such as the router host name. See Configuring the WAN Settings. Configure LAN Settings Opens the LAN Configuration page to modify the LAN parameters, such as the management IP address. See Configuring the LAN Settings. Configure Wireless Settings Open the Basic Settings page to manage the radio. See Configuring Basic Wireless Settings.
1 Introduction Connecting to Your Wireless Network Other Resources Support Click to open the Cisco support page. Forums Click to visit Cisco online support forums. Saving Changes When you finish making changes on a configuration page, click Save to save the changes in Flash memory, or click Cancel to undo your changes.
2 Viewing the Cisco RV215W Status This chapter describes how to view real-time statistics and other information about the Cisco RV215W. • Viewing the Dashboard • Viewing the System Summary • Viewing the Wireless Statistics • Viewing the VPN Status • Viewing Logs • Viewing Connected Devices • Viewing Port Statistics Viewing the Dashboard The Dashboard page provides important router information. To view the Dashboard, click Status > Dashboard.
Viewing the Cisco RV215W Status Viewing the Dashboard 2 The Dashboard page displays the following: Device Information • System Name—Name of the device. • Firmware Version—Firmware version the device is currently running. • Serial Number—Serial number of the device. Resource Utilization • CPU—CPU utilization. • Memory—Memory utilization. • Current Time—Time of day. • System Up Time—How long the system has been running.
Viewing the Cisco RV215W Status Viewing the System Summary • 2 DHCPv6 Server—Status of the router IPv6 DHCP server (enabled or disabled). To view the LAN settings, click details. For more information, see Configuring the LAN Settings. WAN (Mobile Network) Information • IPv4 Address—IPv4 address of the USB port. • State—State of the mobile network WAN connection (up or down). To view the WAN settings, click details. For more information see Configuring the WAN Settings.
Viewing the Cisco RV215W Status Viewing the System Summary 2 Click Refresh to obtain the latest information. The System Summary page displays this information: System Information • Firmware Version—Current software version the device is running. • Firmware MD5 Checksum—The message-digest algorithm used to verify the integrity of files. • Locale—The language installed on the router. • Language Version—The version of the installed language pack.
Viewing the Cisco RV215W Status Viewing the System Summary 2 IPv6 Configuration • LAN IP—LAN IP address of the device. • WAN IP—WAN IP address of the device. • Gateway—IP address of the gateway to which the Cisco RV215W is connected (for example, the cable modem). • NTP—Network Time Protocol server (hostname or IPv6 address). • Prefix Delegation—IPv6 prefix returned from the device at the ISP that is given to IP addresses on the Cisco RV215W. • DNS 1—IP address of the primary DNS server.
2 Viewing the Cisco RV215W Status Viewing the Wireless Statistics • PPTP VPN Connections Available—Number of available PPTP VPN connections. • Connected QuickVPN Users—Number of connected QuickVPN users. • Connected PPTP VPN Users—Number of connected PPTP VPN users. Viewing the Wireless Statistics The Wireless Statistics page shows wireless statistics for the device radio. To view wireless statistics, choose Status > Wireless Statistics.
2 Viewing the Cisco RV215W Status Viewing the VPN Status Viewing the VPN Status The VPN page displays the status of VPN connections. To view VPN user connection status, choose Status > VPN Status. The VPN page displays this information: Username The username of the VPN user associated with the QuickVPN or PPTP tunnel. Remote IP Displays the IP address of the remote QuickVPN client. This could be a NAT/Public IP if the client is behind the NAT router.
Viewing the Cisco RV215W Status Viewing the IPSec Connection Status 2 Viewing the IPSec Connection Status The IPSec Connection status shows the status of active VPN policies on the Cisco RV215W. (These policies are configured on the VPN > Advanced VPN Setup page.) To view the IPSec connection status: STEP 1 Choose Status > IPSec Connection Status. STEP 2 The table displays the following information: • Refresh Rate—Choose the rate at which you want the data display to clear and display the newest data.
Viewing the Cisco RV215W Status Viewing Logs 2 Viewing Logs The View Logs page displays the Cisco RV215W logs. To view the logs, choose Status > View Logs. To display the latest log entries, click Refresh Logs. To filter logs or specify the severity of logs to display, check the boxes next to the log type and click Go. Note that all log types above a selected log type are automatically included and you cannot deselect them.
Viewing the Cisco RV215W Status Viewing Connected Devices 2 Viewing Connected Devices The Connected Devices page displays information about the active devices connected to the Cisco RV215W. The IPv4 ARP Table displays information from devices that have responded to the Cisco RV215W address resolution protocol (ARP) request. If a device does not respond to the request, it is removed from the list.
2 Viewing the Cisco RV215W Status Viewing the GuestNet Status The Port Statistics page displays this information: Interface Name of the network interface. Packet Number of received/sent packets. Byte Number of received/sent bytes of information per second. Error Number of received/sent packet errors. Dropped Number of received/sent packets that were dropped. Multicast Number of multicast packets sent over this radio. Collisions Number of signal collisions that occurred on this port.
Viewing the Cisco RV215W Status Viewing the Mobile Network Status 2 Viewing the Mobile Network Status The mobile network statistics about the mobile 3G/4G network and communication device (dongle) configured on the Cisco RV215W. To view the mobile network status, choose Status > Mobile Network. The following information is displayed: • Connection—Device connected to the guest network. • Internet IP Address—IP address assigned to the USB device. • Subnet Mask—Subnet mask of the USB device.
2 Configuring Networking This chapter describes how to configure the Cisco RV215W network settings.
2 Configuring Networking Configuring the WAN Settings Configuring the WAN Settings An Internet connection can be established through the WAN port or a wireless modem installed in the USB port. This section describes configuration of the WAN, mobile network, and failover and recovery. Configuring the Wired WAN Connections Configuring WAN properties for an IPv4 network differs depending on which type of Internet connection you have.
2 Configuring Networking Configuring the WAN Settings Default Gateway IP address of the default gateway. Static DNS 1 IP address of the primary DNS server. Static DNS 2 IP address of the secondary DNS server. STEP 4 Click Save. Configuring PPPoE To configure the Point-to-Point Protocol over Ethernet (PPPoE )settings: STEP 1 Choose Networking > WAN. STEP 2 From the Internet Connection Type drop-down menu, choose PPPoE.
2 Configuring Networking Configuring the WAN Settings Authentication Type Auto-negotiation—The server sends a configuration request specifying the security algorithm set on it. Then, the Cisco RV215W sends back authentication credentials with the security type sent by the server. PAP—Password Authentication Protocol (PAP), used by Point-to-Point Protocol to connect to the ISP.
2 Configuring Networking Configuring the WAN Settings Connect on Demand Select this option if your ISP charges based on the amount of time that you are connected. When you select this option, the Internet connection is on only when traffic is present. If the connection is idle— that is, no traffic is flowing—the connection is closed. If you click Connect on Demand, enter the number of minutes after which the connection shuts off in the Max Idle Time field.
2 Configuring Networking Configuring the WAN Settings Configuring L2TP To configure the L2TP settings: STEP 1 Choose Networking > WAN. STEP 2 From the Internet Connection Type drop-down menu, choose L2TP. STEP 3 Enter this information: Internet IP Address Enter the IP address of the WAN port. Subnet mask Enter subnet mask of the WAN port. Default Gateway Enter the IP address of the default gateway. L2TP Server Enter the IP address of the L2TP server.
2 Configuring Networking Configuring the WAN Settings Authentication Type Auto-negotiation—The server sends a configuration request specifying the security algorithm set on it. Then, the Cisco RV215W sends back authentication credentials with the security type sent by the server. PAP—Password Authentication Protocol (PAP) is used to connect to the ISP. CHAP—Challenge Handshake Authentication Protocol (CHAP) is used to connect to the ISP.
2 Configuring Networking Configuring the WAN Settings STEP 2 Click Save. Configuring a Mobile Network Use the Mobile Network page to configure the Cisco RV215W to connect to a Mobile Broadband USB modem that is connected to its USB interface. To display the Mobile Network window, click Networking > WAN > Mobile Network. Global Settings To install a USB modem: STEP 1 Connect the USB modem. If the modem is supported, it is automatically detected and appears on the Mobile Network page.
2 Configuring Networking Configuring the WAN Settings • Searching for service... • no SIM card • SIM locked • SIM busy • SIM ready • pin code needed • pin code error • Card is locked • Card is not activated • Card initialized error • error Moble Network Setup If it is necessary to change any of the mobile network parameters in the Mobile Network Setup area, click the Manual radio button in the Configure Mode field.
2 Configuring Networking Configuring the WAN Settings Field Description User Name Password User name and password provided by your mobile network service provider. SIM PIN PIN code associated with your SIM card. This field is only displayed for GSM SIM cards. Server Name Name of the server for the Internet connection (if provided by your service provider). Authentication Authentication used by your service provider.
2 Configuring Networking Configuring the WAN Settings E-mail Setting When the bandwidth data limit is reached, an email message can be sent to the administrator. To set up the target email address, see Configuring the E-Mailing of Logs. When enabled by checking the box, email is sent when: • Mobile network usage has exceeded a given percentage. • The device fails over to the backup pathway and recovers. • At every interval specified while a mobile network link is active.
Configuring Networking Configuring the LAN Settings 2 STEP 6 Chose to Switch back to Ethernet immediately when Ethernet is available or set a time to Switch back to Ethernet in a specific time range. If you choose a specific time range, set the start and end times. STEP 7 Choose the Failover Validation Site on which to perform failover validation.
2 Configuring Networking Configuring the LAN Settings Changing the Device Management IP Address The local device management IP address of the Cisco RV215W is static and defaults to 192.168.1.1. To change the local device management IP address: STEP 1 Choose Networking > LAN > LAN Configuration. STEP 2 In the IPv4 section, enter this information: VLAN The VLAN number. Local IP Address Local LAN IP address of the Cisco RV215W. Make sure this IP address is not in use by another device.
2 Configuring Networking Configuring the LAN Settings Configuring DHCP Server By default, the Cisco RV215W functions as a DHCP server to the hosts on the Wireless LAN (WLAN) or wired LAN. It assigns IP addresses, and provides DNS server addresses. With DHCP enabled, the Cisco RV215W assigns IP addresses to network devices on the LAN from a pool of IPv4 addresses. The Cisco RV215W tests each address before it is assigned to avoid duplicate addresses on the LAN. The default IP address pool is 192.168.1.
2 Configuring Networking Configuring the LAN Settings IP Address Range (Read-only) The range of IP addresses available to the DHCP clients. Client Lease time Duration (in hours) that IP addresses are leased to clients. Static DNS 1 IP address of the primary DNS server. Static DNS 2 IP address of the secondary DNS server. Static DNS 3 IP address of the tertiary DNS server. WINS IP address of the primary WINS server.
2 Configuring Networking Configuring the LAN Settings STEP 3 Enter this information: VLAN ID Numerical VLAN ID to assign to endpoints in the VLAN membership. The number you enter must be between 3 to 4094. VLAN ID 1 is reserved for the default VLAN, and is used for untagged frames received on the interface. Description A description that identifies the VLAN. Inter VLAN Routing Allows an end station in one VLAN to communicate with an end station in another VLAN.
2 Configuring Networking Configuring the LAN Settings Configuring Static DHCP You can configure the Cisco RV215W to assign a specific IP address to a device with a specific MAC address. To configure static DHCP: STEP 1 Choose Networking > LAN > Static DHCP. STEP 2 From the VLAN drop-down menu, choose a VLAN number. STEP 3 Click Add Row. STEP 4 Enter this information: Description Description of the client. IP Address IP address of the device.
Configuring Networking Configuring the LAN Settings 2 Viewing DHCP Leased Clients You can view a list of endpoints on the network (identified by hostname, IP address, or MAC address) and see the IP addresses assigned to them by the DHCP server. The VLAN of the endpoints is also displayed. To view the DHCP clients, choose Networking > LAN > DHCP Leased Clients. For every VLAN defined on the Cisco RV215W, a table displays a list of the clients associated with the VLAN.
2 Configuring Networking Configuring the LAN Settings STEP 3 From the VLAN drop-down menu, choose the ID of the VLAN where DMZ is enabled. STEP 4 In the Host IP Address field, enter the IP address of the DMZ host. The DMZ host is the endpoint that receives the redirected packets. STEP 5 Click Save. Configuring RSTP Rapid Spanning Tree Protocol (RSTP) is a network protocol prevents loops in the network and dynamically reconfigures which physical links should forward frames.
2 Configuring Networking Configuring the LAN Settings Forward Delay The forward delay is the interval after which an interface changes from the blocking to forwarding state. Enter a number from 4 to 30. The default is 15. Force Version Select the default protocol version to use. Select Normal (use RSTP) or Compatible (compatible with old STP). The default is Normal. STEP 3 In the Setting Table, configure the following settings: Protocol Enable Check to enable RSTP on the associated port.
2 Configuring Networking Configuring the LAN Settings Link The port speed. If no device is connected to the port, this field displays Down. Mode Choose from the drop-down menu one of the following port speeds: Flow Control • Auto Negotiation—The Cisco RV215W and the connected device choose a common speed. • 10Mbps Half—10 Mbps in both directions, but only one direction at a time. • 10Mbps Full—10 Mbps in both directions simultaneously.
2 Configuring Networking Cloning the MAC Address Cloning the MAC Address Sometimes, you may need to set the MAC address of the Cisco RV215W WAN port to be the same MAC address as your PC or some other MAC address. This is called MAC address cloning. For example, some ISPs register your computer NIC card MAC address when the service is first installed. When you place a router behind the cable modem or DSL modem, the MAC address from the Cisco RV215W WAN port is not recognized by the ISP.
2 Configuring Networking Configuring Routing Gateway (Recommended) Click this button to set the Cisco RV215W to act as a gateway. Keep this default setting if the Cisco RV215W is hosting your network connection to the Internet and is performing the routing functions. Router (For advanced users only) Click this button to set the Cisco RV215W to act as a router. Select this option if the Cisco RV215W is on a network with other routers.
2 Configuring Networking Configuring Routing RIP Check Enable to enable RIP. This allows the Cisco RV215W to use RIP to route traffic. RIP Send Packet Version Select the RIP Send Packet Version (RIPv1 or RIPv2). The version of RIP used to send routing updates to other routers on the network depends on the configuration settings of the other routers. RIPv2 is backward compatible with RIPv1. RIP Recv Packet Version Choose the RIP Receive Packet Version. STEP 3 Click Save.
2 Configuring Networking Viewing the Routing Table Enter Route Name Enter the name of the route. Destination LAN IP Enter the IP address of the destination LAN. Subnet Mask Enter the subnet mask of the destination network. Gateway Enter the IP address of the gateway used for this route. Interface Select the interface to which packets for this route are sent: • LAN & Wireless—Click this button to direct packets to the LAN and wireless network.
2 Configuring Networking Configuring Dynamic DNS Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must set up an account with a DDNS provider such as DynDNS.com, TZO.com, 3322.org, or noip.com. The router notifies dynamic DNS servers of changes in the WAN IP address, so that any public services on your network can be accessed by using the domain name.
2 Configuring Networking Configuring the IP Mode Status (Read-only) Indicates that the DDNS update has completed successfully or the account update information sent to the DDNS server failed. STEP 5 To test the DDNS configuration, click Test Configuration. STEP 6 Click Save. Configuring the IP Mode Wide area network configuration properties are configurable for both IPv4 and IPv6 networks. You can enter information about your Internet connection type and other parameters in these pages.
2 Configuring Networking Configuring IPv6 The 6to4 tunneling feature is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network. STEP 4 Click Save. Configuring IPv6 Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP) intended to succeed Internet Protocol version 4 (IPv4). Configuring WAN properties for an IPv6 network depends on the type of internet connection that you have.
2 Configuring Networking Configuring IPv6 Configuring a Static IPv6 WAN Address If your ISP assigns you a fixed address to access the WAN, configure the Cisco RV215W to use a static IPv6 address. To configure a static IPv6 WAN address: STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration. STEP 2 From the WAN Connection Type menu, select Static IPv6. STEP 3 Enter this information: IPv6 Address IPv6 address of the WAN port. IPv6 Prefix Length Length of the IPv6 prefix(typically defined by the ISP).
2 Configuring Networking Configuring IPv6 STEP 3 Enter the following information (it might be necessary to contact your ISP to obtain your PPPoE login information): Username Username assigned to you by the ISP. Password Password assigned to you by the ISP. Connect on Demand If your ISP charges based on the amount of time that you are connected, select the radio button. When selected, the Internet connection is active only when traffic is present.
2 Configuring Networking Configuring IPv6 MTU (Maximum Transmit Unit (MTU)) The size of the largest packet that can be sent over the network. Unless a change is required by your ISP, we recommend that you choose Auto. The standard MTU value for Ethernet networks is 1500 bytes. For PPPoE connections, the value is 1492 bytes. If your ISP requires a custom MTU setting, choose Manual. Size MTU size. If your ISP requires a custom MTU setting, enter the MTU size.
2 Configuring Networking Configuring IPv6 To configure IPv6 LAN settings: STEP 1 Choose Networking > IPv6 > IPv6 LAN Configuration. STEP 2 Enter the following information to configure the IPv6 LAN address: IPv6 Address Enter the IPv6 address of the Cisco RV215W. The default IPv6 address for the gateway is fec0::1 (or FEC0:0000:0000:0000:0000:0000:0000:0001). You can change this 128-bit IPv6 address based on your network requirements. IPv6 Prefix Length Enter the IPv6 prefix length.
2 Configuring Networking Configuring IPv6 Static DNS 1 IPv6 address of the primary DNS server on the ISP IPv6 network. Static DNS 2 IPv6 address of the secondary DNS server on the ISP IPv6 network. Client Lease Time Client lease time duration (in seconds) for which IPv6 addresses are leased to endpoints on the LAN. STEP 5 Choose Networking > IPv6 > IPv6 LAN Configuration. STEP 6 In the IPv6 Address Pools Table, click Add Row.
2 Configuring Networking Configuring IPv6 To create a static route: STEP 1 Choose Networking > IPv6 > IPv6 Static Routing. STEP 2 In the list of static routes, click Add Row. STEP 3 Enter this information: Name Route name. Destination IPv6 address of the destination host or network for this route. Prefix Length Number of prefix bits in the IPv6 address that define the destination subnet. Gateway IPv6 address of the gateway through which the destination host or network can be reached.
Configuring Networking Configuring IPv6 2 Configuring Routing (RIPng) RIP Next Generation (RIPng) is a routing protocol based on the distance vector (D-V) algorithm. RIPng uses UDP packets to exchange routing information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric, or cost. The hop count from a router to a directly-connected network is 0. The hop count between two directly-connected routers is 1.
2 Configuring Networking Configuring IPv6 STEP 4 For 6RD Tunneling, choose auto or manual. STEP 5 Enter the following information: • IPv6 Prefix • IPv6 Prefix Length • Border Relay • IPv4 Mask Length. STEP 6 Click Save. 4 to 6 Tunneling To configure 4-to-6 tunneling: STEP 1 Select Networking > IPv6 > Tunneling. STEP 2 In the 4 to 6 Tunneling field, check Enable. STEP 3 Enter the local WAN IPv6 address on the Cisco RV215W.
2 Configuring Networking Configuring IPv6 Configuring Router Advertisement The Router Advertisement Daemon (RADVD) on the Cisco RV215W listens for router solicitations in the IPv6 LAN and responds with router advertisements as required. This is stateless IPv6 auto configuration, and the Cisco RV215W distributes IPv6 prefixes to all nodes on the network. To configure the RADVD: STEP 1 Choose Networking > IPv6 > Router Advertisement.
2 Configuring Networking Configuring IPv6 Router Preference Choose low, medium, or high from the drop-down menu. The default is medium. The router preference provides a preference metric for default routers. The low, medium and high values are signaled in unused bits in RA messages. This extension is backward compatible, both for routers (setting the router preference value) and hosts (interpreting the router preference value). These values are ignored by hosts that do not implement router preference.
2 Configuring Networking Configuring IPv6 IPv6 Prefix Type Choose one of the following types: 6to4—Allows IPv6 packets to be transmitted over an IPv4 network. It is used when an end user wants to connect to the IPv6 Internet using their existing IPv4 connection Global/Local—A locally unique IPv6 address that you can use in private IPv6 networks or a globally unique IPv6 Internet address. SLA ID If you choose 6to4 as the IPv6 prefix type, enter the Site-Level Aggregation Identifier (SLA ID).
Configuring Networking Configuring IPv6 Cisco RV215W Wireless-N VPN Firewall Administration Guide 2 63
3 Configuring the Wireless Network This chapter describes how to configure the Cisco RV215W wireless network. • Wireless Security • Cisco RV215W Wireless Networks • Configuring Basic Wireless Settings • Configuring Advanced Wireless Settings • Configuring WDS • Configuring WPS Wireless Security Wireless networks are convenient and easy to install, so small businesses and homes with high-speed Internet access are adopting them at a rapid pace.
Configuring the Wireless Network Wireless Security 3 When choosing names, do not use personal information (such as your Social Security number) because this information may be available for anyone to see when browsing for wireless networks. • Change the default password. For wireless products such as access points, routers, and gateways, you are asked for a password when you want to change their settings. These devices have a default password. The default password is often cisco.
3 Configuring the Wireless Network Cisco RV215W Wireless Networks • Turn wireless routers, access points, or gateways off when they are not being used (at night, during vacations). • Use strong passphrases that are at least eight characters in length. Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure.
3 Configuring the Wireless Network Configuring Basic Wireless Settings SSID Name ciscosb1 ciscosb2 ciscosb3 ciscosb4 Wireless Isolation with SSID Disabled Disabled Disabled Disabled WMM Enabled Enabled Enabled Enabled WPS Hardware Button Enabled Disabled Disabled Disabled 1. When using the Setup Wizard, select Best Security or Better Security to protect the Cisco RV215W from unauthorized access.
Configuring the Wireless Network Configuring Basic Wireless Settings 3 B/G-Mixed Choose this option if you have Wireless-B and Wireless-G devices in your network. G/N-Mixed Choose this option if you have Wireless-G and Wireless-N devices in your network. STEP 4 If you chose B/G/N-Mixed, N-Only, or G/N Mixed, in the Wireless Band Selection field, select the wireless bandwidth on your network (20MHz or 20/40MHz). If you chose N-Only, you must use WPA2 security on your network.
3 Configuring the Wireless Network Configuring Basic Wireless Settings Editing the Wireless Network Settings The Wireless Table in the Basic Settings page (Wireless > Basic Settings) lists the settings of the four wireless networks supported on the Cisco RV215W. To configure wireless network settings: STEP 1 Check the box for the networks you want to configure. STEP 2 Click the Edit button. STEP 3 Configure these settings: Enable SSID Click On to enable the network.
Configuring the Wireless Network Configuring Basic Wireless Settings 3 Configuring the Security Mode You can configure one of the following security modes for wireless networks: Configuring WEP The WEP security mode offers weak security with a basic encryption method that is not as secure as WPA. WEP may be required if your network devices do not support WPA. NOTE If you do not have to use WEP, we recommend that you use WPA2. If you are using the Wireless-N only mode, you must use WPA2.
Configuring the Wireless Network Configuring Basic Wireless Settings 3 If you want to provide your own key, enter it directly in the Key 1 field (recommended). The length of the key should be 5 ASCII characters (or 10 hexadecimal characters) for 64-bit WEP and 13 ASCII characters (or 26 hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are 0 to 9 and A to F. STEP 8 In the TX Key field, choose which key to use as the shared key that devices must use to access the wireless network.
Configuring the Wireless Network Configuring Basic Wireless Settings 3 STEP 5 (WPA-Personal only) In the Encryption field, choose one of the following options: • TKIP/AES—Choose TKIP/AES to ensure compatibility with older wireless devices that may not support AES. • AES—This option is more secure. STEP 6 In the Security Key field, enter an alphanumeric phrase (8–63 ASCII characters or 64 hexadecimal digits).
Configuring the Wireless Network Configuring Basic Wireless Settings 3 • TKIP/AES—Choose TKIP/AES to ensure compatibility with older wireless devices that may not support AES. • AES—This option is more secure. STEP 6 In the RADIUS Server field, enter the IP address of the RADIUS server. STEP 7 In the RADIUS Port field, enter the port used to access the RADIUS server. STEP 8 In the Shared Key field, enter an alphanumeric phrase (8–63 ASCII characters or 64 hexadecimal digits).
Configuring the Wireless Network Configuring Basic Wireless Settings 3 STEP 5 To show computers and other devices on the wireless network, click Show Client List. STEP 6 In the Save to MAC Address Filter List filed, check the box to add the device to the list of devices to be added to the MAC Address Table. STEP 7 Click Add to MAC to add the selected devices in the Client List Table to the MAC Address Table. STEP 8 Click Save to save your settings.
Configuring the Wireless Network Configuring Basic Wireless Settings 3 • The guest network is configured as one of the four available SSIDs on the Cisco RV215W • The guest network cannot be configured on the AP Management VLAN (VLAN ID 1). To configure the guest network: Create a new VLAN STEP 1 In the Management Interface, choose Networking > LAN > VLAN Membership. STEP 2 In the VLAN Setting Table, add a new VLAN for the guest network.
3 Configuring the Wireless Network Configuring Advanced Wireless Settings Configure the Password and Other Options STEP 1 In the Management Interface, choose Wireless > Basic Settings. STEP 2 Under the Wireless Table, click Edit Guest Net. STEP 3 Enter a password that users will enter to access the guest network. STEP 4 Enter the password again to confirm. STEP 5 Enter the time, in minutes, that the guest connection will be available for users.
3 Configuring the Wireless Network Configuring Advanced Wireless Settings Basic Rate The Basic Rate setting is not the rate of transmission but a series of rates at which the Services Ready Platform can transmit. The Cisco RV215W advertises its basic rate to the other wireless devices in your network, so they know which rates will be used. The Services Ready Platform will also advertise that it will automatically select the best rate for transmission.
3 Configuring the Wireless Network Configuring Advanced Wireless Settings CTS Protection Mode The Cisco RV215W will automatically use CTS (ClearTo-Send) Protection Mode when your Wireless-N and Wireless-G devices are experiencing severe problems and are not able to transmit to the Cisco RV215W in an environment with heavy 802.11b traffic. This function boosts the Cisco RV215W ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance. The default is Auto.
3 Configuring the Wireless Network Configuring WDS RTS Threshold If you encounter inconsistent data flow, enter only minor reductions. The default value of 2347 is recommended. If a network packet is smaller than the preset Request to Send (RTS) threshold size, the RTS/Clear to Send (CTS) mechanism will not be enabled. The Services Ready Platform sends RTS frames to a particular receiving station and negotiates the sending of a data frame.
Configuring the Wireless Network Configuring WPS 3 Or to select repeaters from the Available Networks table: Click Show Site Survey to display the Available Networks Table. a. Click the checkboxes to select up to three access points to use as repeaters. b. Click Connecto add the MAC addresses of the selected access points to the MAC field. Or enter the MAC addresses of up to three access points to use as repeaters in the MAC 1, MAC 2, and MAC 3 fields. STEP 4 Click Save.
Configuring the Wireless Network Configuring WPS 3 PIN Lifetime—The lifetime of the key. If the time expires, a new key is negotiated. After you configure WPS, the following information appears at the bottom of the WPS page: Wi-Fi Protected Setup Status, Network Name (SSID), and Security.
4 Configuring the Firewall This chapter describes how to configure the firewall properties of the Cisco RV215W.
4 Configuring the Firewall Cisco RV215W Firewall Features • Rules for allowing or blocking inbound and outbound Internet traffic for specified services on specified schedules. • MAC addresses of devices whose inbound access to your network the router should block. • Port triggers that signal the router to allow or block access to specified services as defined by port number. • Reports and alerts that you want the router to send to you.
4 Configuring the Firewall Configuring Basic Firewall Settings Configuring Basic Firewall Settings To configure basic firewall settings: STEP 1 Choose Firewall > Basic Settings. STEP 2 Configure the following firewall settings: Firewall Check Enable to configure firewall settings. DoS Protection Check Enable to enable Denial of Service protection. Block WAN Request Blocks ping requests to the Cisco RV215W from the WAN.
Configuring the Firewall Configuring Basic Firewall Settings Block Java 4 Check to block Java applets. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded. Click Auto to automatically block Java, or click Manual and enter a specific port on which to block Java. Block Cookies Check to block cookies.
4 Configuring the Firewall Configuring Basic Firewall Settings Block Proxy Check to block proxy servers. A proxy server (or proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers.
4 Configuring the Firewall Configuring Basic Firewall Settings Remote Management Port Enter the port on which remote access is allowed. The default port is 443. When remotely accessing the router, you must enter the remote management port as part of the IP address. For example: https://:, or https:// 168.10.1.11:443 ! CAUTION When remote management is enabled, the router is accessible to anyone who knows its IP address.
Configuring the Firewall Managing Firewall Schedules 4 Managing Firewall Schedules You can create firewall schedules to apply firewall rules on specific days or at specific times of the day. Adding or Editing a Firewall Schedule To create or edit a schedule: STEP 1 Choose Firewall > Schedule Management. STEP 2 Click Add Row. STEP 3 In the Name field, enter a unique name to identify the schedule. This name is available on the Firewall Rule Configuration page in the Select Schedule list.
4 Configuring the Firewall Configuring Access Rules To create a custom service: STEP 1 Choose Firewall > Service Management. STEP 2 Click Add Row. STEP 3 In the Service Name field, enter the service name for identification and management purposes. STEP 4 In the Protocol field, choose the Layer 4 protocol that the service uses from the drop-down menu: • TCP • UDP • TCP & UDP • ICMP STEP 5 In the Start Port field, enter the first TCP or UDP port of the range that the service uses.
Configuring the Firewall Configuring Access Rules 4 To configure the default outbound policy: STEP 1 Choose Firewall > Access Rules. STEP 2 Choose Allow or Deny. Note: Ensure that IPv6 support is enabled on the Cisco RV215W to configure an IPv6 firewall. See Configuring IPv6. STEP 3 Click Save. Reordering Access Rules The order in which access rules are displayed in the access rules table indicates the order in which the rules are applied.
4 Configuring the Firewall Configuring Access Rules STEP 3 In the Connection Type field, choose the source of originating traffic: • Outbound (LAN > WAN)—Choose this option to create an outbound rule. • Inbound (WAN > LAN)—Choose this option to create an inbound rule. • Inbound (WAN > DMZ)—Choose this option to create an inbound rule. STEP 4 From the Action drop-down menu, choose the action: • Always Block—Always block the selected type of traffic.
4 Configuring the Firewall Configuring Access Rules • Telnet Secondary • Telnet SSL • Voice (SIP) STEP 6 (Optional) Click Configure Services to go to the Service Management page to configure the services before applying access rules to them. See Configuring Services Management for more information. STEP 7 In the Source IP field, select the users to which the firewall rule applies: • Any—The rule applies to traffic originating on any host in the local network.
4 Configuring the Firewall Creating an Internet Access Policy Creating an Internet Access Policy The Cisco RV215W supports several options for blocking Internet access. You can block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block access to Internet sites by specifying keywords to block. If these keywords are found in the site's name (for example, web site URL or newsgroup name), the site is blocked.
4 Configuring the Firewall Configuring Port Forwarding STEP 7 (Optional) Apply the access policy to specific PCs to allow or block traffic coming from specific devices: a. In the Apply Access Policy to the Following PCs table, click Add Row. b. From the Type drop-down menu, choose how to identify the PC (by MAC address, by IP address, or by providing a range of IP addresses). c.
Configuring the Firewall Configuring Port Forwarding 4 NOTE Port forwarding is not appropriate for servers on the LAN, since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened. Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The router must send all incoming data for that application only on the required port or range of ports.
Configuring the Firewall Configuring Port Forwarding 4 Configuring Port Range Forwarding To add a port range forwarding rule: STEP 1 Choose Firewall > Port Range Forwarding. STEP 2 In the Application field, enter the name of the application for which to configure port forwarding. STEP 3 In the External Port field, specify the port number that will trigger this rule when a connection request from outgoing traffic is made.
Configuring the Firewall Configuring Port Forwarding 4 NOTE Port triggering is not appropriate for servers on the LAN, since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened. Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The router must send all incoming data for that application only on the required port or range of ports.
5 Configuring VPN This chapter describes how to configure VPN and security for the Cisco RV215W. • VPN Tunnel Types, page 98 • VPN Clients, page 99 • Configuring Certificate Management, page 111 • Configuring VPN Passthrough, page 112 VPN Tunnel Types A VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote worker and a gateway router. You can create different types of VPN tunnels, depending on the needs of your business.
5 Configuring VPN VPN Clients Remote Access with Cisco QuickVPN For quick setup with basic VPN security settings, distribute Cisco QuickVPN software to your users, who can then securely access your network resources. Use this option if you want to simplify the VPN setup process. You do not have to configure VPN policies. Remote users can connect securely with the Cisco QuickVPN client and an Internet connection. 1. Add the users on the VPN > VPN Clients page, in the VPN Client Setting Table.
5 Configuring VPN VPN Clients To configure the PPTP VPN service: STEP 1 Choose VPN > VPN Clients. STEP 2 Do the following: PPTP Server Check to enable the PPTP server. IP Address for PPTP Server Enter the IP address of the PPTP server. IP Address for PPTP Clients Enter the IP address range of PPTP clients. MPPE Encryption Check the Enable box to enable MPPE encryption. Microsoft Point-to-Point Encryption (MPPE) is used when users set up and use a PPTP VPN client to connect to the Cisco RV215W.
5 Configuring VPN VPN Clients STEP 2 Enter this information: Enable Check to enable the user. Username Enter the username of the PPTP user (4 to 32 characters). Password Enter the password (4 to 32 characters). Protocol Choose PPTP from the drop-down menu. STEP 3 Click Save. To edit the settings of a PPTP user, check its box and click Edit. When you are done, click Save. To delete a PPTP user, check its box and click Delete.
5 Configuring VPN VPN Clients To delete a QuickVPN user, check its box and click Delete. Then, click Save. For more information about QuickVPN, see Appendix A, “Using Cisco QuickVPN.” Importing VPN Client Settings You can import VPN client setting files that contain the username and passwords of clients in a Comma Separated Value (CSV) text file. You can use a program such as Microsoft Excel to create a CSV file containing the VPN client settings.
Configuring VPN Configuring Basic VPN Settings (Site-to-Site VPN) 5 Configuring Basic VPN Settings (Site-to-Site VPN) The Cisco RV215W supports Site-to-Site VPN for a single gateway-to-gateway VPN tunnel. In this configuration, the Cisco RV215W creates a secure connection to another VPN-enabled router. For example, you can configure the Cisco RV215W at a branch site to connect to the router at the corporate site, so that the branch site can securely access the corporate network.
Configuring VPN Configuring Basic VPN Settings (Site-to-Site VPN) • 5 Local LAN (Local Network) Subnet Mask—Enter the private network (LAN) subnet mask of the local network (Cisco RV215W). Note: The remote WAN and remote LAN IP addresses cannot exist on the same subnet. For example, a remote LAN IP address of 192.168.1.100 and a local LAN IP address of 192.168.1.115 would cause conflict when traffic is routed over the VPN.
Configuring VPN Configuring Advanced VPN Parameters 5 Configuring Advanced VPN Parameters The Advanced VPN Setup page allows you to configure advanced VPN parameters, such as IKE and other VPN policies. These policies control how the Cisco RV215W initiates and receives VPN connections with other endpoints. Managing IKE Policies The Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts.
Configuring VPN Configuring Advanced VPN Parameters 5 Managing VPN Policies To manage VPN policies: STEP 1 Choose VPN > IPsec > Advanced VPN Setup. STEP 2 In the VPN Policy Table, checking the box in the VPN connection row allows you to perform the following tasks: • Edit—Edit properties of the VPN policy. See Adding or Editing VPN Policies. • Enable—Enable the policy. • Disable—Disable the policy. • Delete—Delete the policy. • Add Row—Add a VPN policy. See Adding or Editing VPN Policies.
Configuring VPN Configuring Advanced VPN Parameters 5 In the IKE SA Parameters section, the Security Association (SA) parameters define the strength and mode for negotiating the SA.
Configuring VPN Configuring Advanced VPN Parameters - 5 DPD Timeout—Enter the maximum time that the Cisco RV215W should wait to receive a response to the DPD message before considering the peer to be dead. Adding or Editing VPN Policies To create an Auto VPN Policy, you need to first create an IKE policy and then add the corresponding Auto Policy for that IKE Policy. When adding or editing a VPN policy, you can configure the following settings: • Policy Name—Enter a unique name to identify the policy.
Configuring VPN Configuring Advanced VPN Parameters 5 in the Subnet Mask field. The field automatically displays a default subnet address based on the IP address. IMPORTANT: Make sure that you avoid using overlapping subnets for remote or local traffic selectors. Using these subnets would require adding static routes on the router and the hosts to be used. For example, a combination to avoid would be: Local Traffic Selector: 192.168.1.0/24 Remote Traffic Selector: 192.168.0.
Configuring VPN Configuring Advanced VPN Parameters • • • 5 Integrity Algorithm—Select the algorithm used to verify the integrity of the data: - MD5 - SHA-1 - SHA2-256 Key-In—Enter the integrity key (for ESP with Integrity-mode) for the inbound policy. The length of the key depends on the algorithm chosen: - MD5—16 characters - SHA-1—20 characters - SHA2-256—32 characters Key-Out—Enter the integrity key (for ESP with Integrity-mode) for the outbound policy.
Configuring VPN Configuring Certificate Management 5 Configuring Certificate Management The Cisco RV215W uses digital certificates for IPsec VPN authentication and SSL validation (for HTTPS). You can generate and sign your own certificates using functionality available on the Cisco RV215W. Generating a New Certificate You can generate a new certificate to replace the existing certificate on the Cisco RV215W. To generate a certificate: STEP 1 Choose VPN > Certificate Management..
Configuring VPN Configuring VPN Passthrough 5 Exporting Certificates for Admin The certificate for administrator contains the private key and should be stored in a safe place as a backup. If the Cisco RV215W configuration is reset to the factory default settings, this certificate can be imported and restored on the router. To export a certificate for Admin: STEP 1 Choose VPN > Certificate Management.. STEP 2 Click Export for Admin. On a PC, the Device Manager saves the admin.
5 Configuring VPN Configuring VPN Passthrough IPsec Check Enable to allow IP security tunnels to pass through the Cisco RV215W. PPTP Check Enable to allow PPTP tunnels to pass through the Cisco RV215W. L2TP Check Enable to allow Layer 2 Tunneling Protocol (L2TP) tunnels to pass through the Cisco RV215W. STEP 3 Click Save.
6 Configuring Quality of Service (QoS) The Cisco RV215W lets you configure the following Quality of Service (QoS) features: • Configuring Bandwidth Management, page 114 • Configuring QoS Port-Based Settings, page 117 • Configuring CoS Settings, page 118 • Configuring DSCP Settings, page 119 Quality of service (QoS) assigns priority to various applications, users, or data flows, or guarantees a level of performance to a data flow.
6 Configuring Quality of Service (QoS) Configuring Bandwidth Management Configuring Bandwidth You can limit the bandwidth to reduce the rate at which the Cisco RV215W transmits data. You can also use a bandwidth profile to limit the outbound traffic, thus preventing the LAN users from consuming all of the bandwidth of the Internet link. To set the upstream and downstream bandwidth: STEP 1 Choose QoS > Bandwidth Management. STEP 2 In the Bandwidth Management field, check Enable.
6 Configuring Quality of Service (QoS) Configuring Bandwidth Management STEP 4 Enter this information: Enable Check to enable bandwidth management for this service. Service Choose the service to prioritize. Direction Choose the direction of the traffic you want to prioritize (downstream or upstream). Priority Choose the priority of the service (low, normal, medium, or high). STEP 5 Click Save. To edit the settings of an entry in the table, check the relevant box and click Edit.
6 Configuring Quality of Service (QoS) Configuring QoS Port-Based Settings Configuring QoS Port-Based Settings You can configure QoS settings for every LAN port on the Cisco RV215W. The Cisco RV215W supports 4 priority queues that allow for traffic prioritization per physical switch port. To configure QoS settings for the Cisco RV215W LAN ports: STEP 1 Choose QoS > QoS Port-Based Settings.
6 Configuring Quality of Service (QoS) Configuring CoS Settings STEP 3 For each port in the 3G QoS Port-Based Settings table, enter this information: Trust Mode Default Traffic Forwarding Queue for Untrusted Devices Choose one of the following options from the dropdown menu: • Port—This setting enables the port based on QoS. You can then set the traffic priority for a particular port. The traffic queue priority starts at the lowest priority of 1 and ends with the highest priority of 4.
Configuring Quality of Service (QoS) Configuring DSCP Settings 6 These values mark traffic types with higher or lower traffic priority depending on the type of traffic. STEP 4 Click Save. To restore the default port-based QoS settings, click Restore Default. Then, click Save. Configuring DSCP Settings You can use the DSCP Settings page to configure DSCP-to-QoS queue mapping. To configure DSCP-to-QoS queue mapping: STEP 1 Choose QoS > DSCP Settings. STEP 2 Choose the Ethernet or 3G radio button.
7 Administering Your RouterCisco RV215W This chapter describes the administration features of the Cisco RV215W, including user creation, network management, system diagnostics and logs, date and time, and other settings.
7 Administering Your RouterCisco RV215W Setting Password Complexity Setting Password Complexity The Cisco RV215W can enforce minimum password complexity requirement for password changes. To configure password complexity settings: STEP 1 Choose Administration > Password Strength. STEP 2 In the Password Complexity Settings field, check Enable. STEP 3 Configure password complexity settings: Minimum Password Length Enter the minimum password length (0-64 characters).
7 Administering Your RouterCisco RV215W Configuring User Accounts Configuring User Accounts The Cisco RV215W supports two user accounts for administering and viewing settings: an administrative user (default user name and password: “cisco”) and a “guest” user (default user name: “guest”). The guest account has read-only access. You can set and change the username and password for both the administrator and guest accounts. To configure the user accounts: STEP 1 Choose Administration > Users.
Administering Your RouterCisco RV215W Setting the Session Timeout Value 7 Setting the Session Timeout Value The timeout value is the number of minutes of inactivity that are allowed before the Device Manager session is ended. You can configure timeout for the Admin and Guest accounts. To configure session timeout: STEP 1 Choose Administration > Session Timeout. STEP 2 In the Administrator Inactivity Timeout field, enter the number, in minutes, before a session times out due to inactivity.
7 Administering Your RouterCisco RV215W Configuring Simple Network Management (SNMP) To enable SNMP: STEP 1 Choose Administration > SNMP. STEP 2 Check Enable to enable SNMP. STEP 3 Enter this information: SysContact Enter the name of the contact person for this firewall (for example, admin or John Doe.) SysLocation Enter the physical location of the firewall (for example, Rack #2, 4th Floor.) SysName Enter a name for easy identification of the firewall. STEP 4 Click Save.
7 Administering Your RouterCisco RV215W Configuring Simple Network Management (SNMP) Security Level Choose the SNMPv3 security level: No Authentication and No Privilege—Doesn't require any Authentication and Privacy. Authentication and No Privilege—Submit only Authentication algorithm and password. Authentication and Privilege—Submit Authentication/privacy algorithm and password. Authentication Algorithm Server Select the type of authentication algorithm (MD5 or SHA).
7 Administering Your RouterCisco RV215W Using Diagnostic Tools Community Enter the community string to which the agent belongs. Most agents are configured to listen for traps in the Public community. SNMP Version Select the SNMP version: v1, v2c, or v3. STEP 3 Click Save. Using Diagnostic Tools The Cisco RV215W provides several diagnostic tools to help you troubleshoot network problems. • Network Tools • Configuring Port Mirroring Network Tools Use network tools to troubleshoot the network.
Administering Your RouterCisco RV215W Using Diagnostic Tools 7 Using Traceroute The Traceroute utility displays all the routers present between the destination IP address and this router. The router displays up to 30 hops (intermediate routers) between this router and the destination. To use Traceroute: STEP 1 Choose Administration > Diagnostics > Network Tools. STEP 2 In the IP Address / Domain Name field, enter the IP address to trace. STEP 3 Click Traceroute. The Traceroute results appear.
Administering Your RouterCisco RV215W Configuring Logging 7 Configuring Port Mirroring Port mirroring monitors network traffic by sending copies of all incoming and outgoing packets from one port to a monitoring port. You can use port mirroring as a diagnostic or debugging tool, especially when fending off an attack or viewing user traffic from LAN to WAN to see if users are accessing information or websites they are not supposed to.
7 Administering Your RouterCisco RV215W Configuring Logging Remote Log Server Enter the IP address of the log server that will collect logs. Log Severity for Local Log and Email Click to choose the severity of logs you want to configure. Note that all log types above a selected log type are automatically included and you cannot deselect them. For example, choosing “error” logs automatically includes emergency, alert, and critical logs in addition to error logs.
7 Administering Your RouterCisco RV215W Configuring Logging Configuring the E-Mailing of Logs You can configure the Cisco RV215W to send logs by email. We recommend that you set up a separate email account for sending and receiving logs. You must first set up the severity of logs you want to capture; see Configuring Logging Settings. To configure the e-mailing of logs: STEP 1 Choose Administration > Logging > E-mail Settings. STEP 2 To enable the e-mailing of log events, check Enable.
7 Administering Your RouterCisco RV215W Configuring Logging Authentication with SMTP Server If the SMTP (mail) server requires authentication before accepting connections, choose the type of authentication from the drop-down menu: None, LOGIN, PLAIN, and CRAM-MD5. E-mail Authentication Username Enter the email authentication username (example, logging@companyname.com).
7 Administering Your RouterCisco RV215W Configuring Bonjour Configuring Bonjour Bonjour is a service advertisement and discovery protocol. On the Cisco RV215W, Bonjour only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: STEP 1 Choose Administration > Bonjour. STEP 2 Check Enable to enable Bonjour. STEP 3 To enable Bonjour for a VLAN listed in the Bonjour Interface Control Table, check the corresponding Enable Bonjour box.
7 Administering Your RouterCisco RV215W Backing Up and Restoring the System Adjust for Daylight Savings Time If supported for your region, check the Adjust for Daylight Savings Time box. This check box is enabled if you click Auto in the Set Date and Time field below. Daylight Saving Mode Choose either By date (you enter the specific date on which daylight saving mode starts) or Recurring (you enter the month, week, day of week, and time on which daylight saving time starts).
7 Administering Your RouterCisco RV215W Backing Up and Restoring the System ! CAUTION During a restore operation, do not try to go online, turn off the firewall, shut down the PC, or use the firewall until the operation is complete. This should take about a minute. When the test light turns off, wait a few more seconds before using the firewall. Backing Up the Configuration Settings To backup or restore the configuration: STEP 1 Choose Administration > Backup/Restore Settings.
Administering Your RouterCisco RV215W Backing Up and Restoring the System 7 By default, the file (startup.cfg, mirror.cfg, or backup.cfg) is downloaded in the default Downloads folder; for example, C:\Documents and Settings\admin\My Documents\Downloads\. STEP 4 To clear the selected configuration, click Clear. Restoring the Configuration Settings You can restore a previously-saved configuration file: STEP 1 Choose Administration > Backup/Restore Settings.
Administering Your RouterCisco RV215W Upgrading Firmware or Change the Language 7 To copy a configuration (for example, to copy a startup configuration to the backup configuration): STEP 1 Choose Administration > Backup/Restore Settings. STEP 2 In the Copy field, choose the source and destination configurations from the drop- down menus. STEP 3 Click Start to Copy. Generating an Encryption Key The router allows you to generate an encryption key to protect the backup files.
Administering Your RouterCisco RV215W Upgrading Firmware or Change the Language 7 Upgrading the Firmware To update the router with a newer version of the firmware: STEP 1 Choose Administration > Firmware/Language Upgrade. STEP 2 (Optional) Click Download to download the latest version of the firmware. STEP 3 In the File Type field, click the Firmware Image button. STEP 4 Click Browse to locate and select the downloaded firmware.
Administering Your RouterCisco RV215W Restarting the Cisco RV215W 7 Restarting the Cisco RV215W To restart the router: STEP 1 Choose Administration > Reboot. STEP 2 Click Reboot. Restoring the Factory Defaults ! CAUTION During a restore operation, do not try to go online, turn off the router, shut down the PC, or use the router until the operation is complete. This should take about a minute. When the test light turns off, wait a few more seconds before using the router.
A Using Cisco QuickVPN Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from Cisco.com. QuickVPN works with computers running Windows 7, Windows XP, Windows Vista, or Windows 2000. (Computers using other operating systems will have to use third-party VPN software.
Using Cisco QuickVPN Installing the Cisco QuickVPN Software A Installing the Cisco QuickVPN Software Installing from the CD-ROM STEP 1 Insert the Cisco RV215W CD-ROM into your CD-ROM drive. After the Setup Wizard begins, click the Install QuickVPN link. The License Agreement window appears. License Agreement STEP 2 Click Yes to accept the agreement. STEP 3 Click Browse and choose where to copy the files to (for example, C:\Cisco Small Business\QuickVPN Client).
Using Cisco QuickVPN Installing the Cisco QuickVPN Software A STEP 4 Click Next. The Setup Wizard copies the files to the chosen location. Copying Files Finished Installing Files STEP 5 Click Finish to complete the installation. Proceed to “Using the Cisco QuickVPN Software,” on page 142.
Using Cisco QuickVPN Using the Cisco QuickVPN Software A Downloading and Installing from the Internet STEP 1 In Appendix B, “Where to Go From Here,” go to the Software Downloads link. STEP 2 Enter Cisco RV215W in the search box and find the QuickVPN software. STEP 3 Save the zip file to your PC, and extract the .exe file. STEP 4 Double-click the .exe file, and follow the on-screen instructions.
Using Cisco QuickVPN Using the Cisco QuickVPN Software A STEP 3 In the User Name and Password fields, enter the User Name and Password that were created in Creating and Managing QuickVPN Users. STEP 4 In the Server Address field, enter the IP address or domain name of the Cisco RV215W. STEP 5 In the Port For QuickVPN field, enter the port number that the QuickVPN client uses to communicate with the remote VPN router, or keep the default setting, Auto. STEP 6 To save this profile, click Save.
Using Cisco QuickVPN Using the Cisco QuickVPN Software A STEP 10 Enter your password in the Old Password field. Enter your new password in the New Password field. Then enter the new password again in the Confirm New Password field. STEP 11 Click OK to save your new password. NOTE You can change your password only if the Allow User to Change Password box has been checked for that username. See Creating and Managing QuickVPN Users.
B Where to Go From Here Support Cisco Small Business Support Community www.cisco.com/go/smallbizsupport Online Technical Support and Documentation (Login Required) www.cisco.com/support Phone Support Contacts www.cisco.com/en/US/support/ tsd_cisco_small_ business_support_ center_contacts.html Software Downloads (Login Required) Go to tools.cisco.com/support/downloads, and enter the model number in the Software Search box. Product Documentation Wireless-N VPN Firewall www.cisco.
C Revised May 2012 78-20779-01 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
