ADMINISTRATION GUIDE Cisco RV130 Multifunction VPN Router Cisco RV130W Wireless Multifunction VPN Router
Revised July 2015 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Contents Chapter 1: Introduction 6 Verifying the Hardware Installation 6 Using the Setup Wizard 7 Configuration Next Steps 8 Using the Getting Started Page 8 Connecting to Your Wireless Network Chapter 2: Viewing Device Status 10 12 Viewing the Dashboard 12 Viewing the System Summary 13 Viewing Active TCP/IP Services 15 Viewing Wireless Statistics 15 Viewing Captive Portal Status 15 Viewing Site-to-Site IPsec VPN Connection Status 15 Viewing the IPsec VPN Server Status 16 Viewin
Contents Configuring Mobile Network Settings Manually 31 Bandwidth Cap Setting 32 E-mail Setting 32 Setting Failover and Recovery Configuring LAN Settings 33 34 Changing the Device Management IP Address 34 Configuring DHCP Server 35 Configuring VLANs 37 Configuring Static DHCP 38 Viewing DHCP Leased Clients 39 Configuring a DMZ Host 39 Configuring RSTP 40 Port Management 41 Configuring Link Aggregation 42 Cloning the MAC Address 43 Configuring Routing 44 Configuring the Oper
Contents Chapter 4: Configuring Wireless Networks Wireless Security 63 63 Wireless Security Tips 63 General Network Security Guidelines 65 Wireless Networks on Your Device 65 Configuring Basic Wireless Settings 66 Editing Wireless Network Settings 68 Configuring the Security Mode 69 Configuring MAC Filtering 72 Configuring Time of Day Access 73 Configuring Advanced Wireless Settings 74 Detecting Rogue Access Points 77 Importing Authorized AP Lists 78 Configuring WDS 80 Configuring
Contents Configuring Port Forwarding 99 Configuring Single Port Forwarding 100 Configuring Port Range Forwarding 101 Configuring Port Range Triggering 101 Chapter 6: Configuring VPN 103 VPN Tunnel Types 103 Configuring Basic Site-to-Site IPsec VPN 103 Viewing Default Values Configuring Site-to-Site IPsec VPN Advanced Parameters 105 105 Managing IKE Policies 105 Managing VPN Policies 107 Configuring IPsec VPN Server 109 Configuring the IPsec VPN Server 109 Configuring IPsec VPN Use
Contents Configuring User Accounts Importing User Accounts 122 123 Setting the Session Timeout Value 124 Configuring Simple Network Management (SNMP) 125 Configuring SNMP System Information 125 Editing SNMPv3 Users 126 Configuring the SNMP Traps 127 Using Diagnostic Tools 127 Network Tools 128 Configuring Port Mirroring 129 Configuring Log and E-mail Settings 130 Configuring Log Settings 130 Configuring Log E-Mailing 132 Configuring Bonjour 134 Configuring Date and Time Settings
1 Getting Started The Getting Started page displays the most common configuration tasks on your device. Click the links on the Web page to go to the relevant configuration page. This page appears every time you start Device Manager. To change this behavior, check Don’t show on start up. Initial Settings Change Default Administrator Password Displays the Users page where you can change the administrator password and set up a guest account. See Configuring User Accounts.
1 Getting Started Quick Access Upgrade Router Firmware Opens the Firmware/Language Upgrade page to update the device firmware or language pack. See Upgrading Firmware or Changing the Language. Add VPN Clients Opens the PPTP Server page to set up and manage VPN tunnels. See Configuring PPTP. Configure Remote Management Access Opens the Basic Settings page to enable the basic features of the device. See Configuring Basic Firewall Settings.
Getting Started Connecting to Your Wireless Network 1 Connecting to Your Wireless Network To connect a client device (such as a computer) to your wireless network, configure the wireless connection on the client device with the wireless security information that you configured for the router by using the Setup Wizard. The following steps are provided as an example; you may need to configure your device differently. For specific instructions, consult the documentation for your client device.
2 Viewing Device Status To ensure that data and statistics are frequently updated on Status pages, choose a refresh rate from the Refresh Rate drop-down list. Viewing the Dashboard Choose Status > Dashboard to view a snapshot of the configuration of your device. The Dashboard page displays information about your device’s firmware version, CPU and memory utilization, error-logging settings, LAN, WAN, wireless, site-to-site IPsec VPN, and PPTP VPN server settings.
2 Viewing Device Status Viewing the System Summary Viewing the System Summary Choose Status > System Summary to view details of your device properties, network settings across IP address modes, firewall, wireless and VPN settings. Click Refresh to see the latest information. Click the underlined link to go to the related configuration window. For example, to modify the LAN IP address, click LAN IP. The LAN Configuration window is displayed.
2 Viewing Device Status Viewing the System Summary • Mode—Displays Gateway if NAT is enabled, or Router. • DNS 1—Primary DNS server IP address of the WAN port. • DNS 2—Secondary DNS server IP address of the WAN port. • DDNS—Indicates whether the Dynamic DNS is enabled or disabled. IPv6 Configuration • LAN IP—LAN IP address of the device. • WAN IP—WAN IP address of the device. • Gateway—IP address of the gateway to which the device is connected (for example, the cable modem).
Viewing Device Status Viewing Active TCP/IP Services 2 For more information on configuring VPN server connections and user accounts, see Configuring Basic Site-to-Site IPsec VPN and Configuring PPTP. Viewing Active TCP/IP Services Choose Status > Active TCP/IP Services to view IPv4 and IPv6 TCP/IP connections that are active on your device. The Active Service List section for IPv4 and IPv6 displays the protocols and the services that are active on the device.
Viewing Device Status Viewing the IPsec VPN Server Status 2 By default, byte data is displayed in bytes and other numerical data is displayed in long form. To show the bytes in kilobytes (KB) and the numerical data in roundedup form, check the Show Simplified Statistic Data box and click Save. To terminate an active VPN connection, click Disconnect. Viewing the IPsec VPN Server Status Choose Status > IPsec VPN Server to view a list of your IPsec VPN connections and the duration of the connection.
2 Viewing Device Status Viewing Connected Devices • Error—Messages about conditions that are not critical but require corrective action. • Warning—System warnings. • Notification—Messages about normal but significant conditions that may require attention. • Informational—Messages about device information. • Debugging—Detailed information about an event. To delete all entries in the log window, click Clear Logs. To save all log messages from the device to the local hard drive, click Save Logs.
2 Viewing Device Status Viewing Port Statistics Viewing Port Statistics The Port Statistics page displays detailed port activity. To view port statistics, choose Status > Port Statistics. To refresh the page at regular intervals, choose a refresh rate from the Refresh Rate drop-down list. To show the bytes in kilobytes (KB) and the numerical data in rounded-up form, check the Show Simplified Statistic Data box and click Save.
2 Viewing Device Status Viewing the Mobile Network Status • Subnet Mask—Subnet mask of the USB device. • Default Gateway—IP address of the default gateway. • Connection Up Time—The length of time that link has been up. • Current Session Usage—Volume of data being received (Rx) and transmitted (Tx) on the mobile link. • Monthly Usage—Monthly data download and bandwidth usage. • Manufacturer—Card manufacturer name. • Card Model—Card model number. • Card Firmware—Card firmware version.
3 Configuring Networking Configuring Wired WAN Connections Configuring WAN properties for an IPv4 network differs depending on which type of Internet connection you have. Configuring DHCP (Automatic Configuration) If your Internet Service Provider (ISP) uses Dynamic Host Control Protocol (DHCP) to assign you an IP address, you receive an IP address that is dynamically generated each time you log in. To configure DHCP WAN settings: STEP 1 Choose Networking > WAN.
3 Configuring Networking Configuring Static IP If your ISP assigned you a permanent IP address, perform the following steps to configure your WAN settings: STEP 1 Choose Networking > WAN. STEP 2 From the Internet Connection Type drop-down menu, choose Static IP. STEP 3 Enter this information: Internet IP Address IP address of the WAN port. Subnet mask Subnet mask of the WAN port. DNS Server Source The DNS server address.
3 Configuring Networking Profile Name A unique name for the PPPoE profile. Username The username assigned by the ISP. Password The password assigned by the ISP. DNS Server Source The DNS server address. If you already have DNS server addresses from your ISP, choose Use these DNS Servers, and enter the primary and secondary addresses in the Static DNS 1 and Static DNS 2 fields. To get DNS server addresses from your ISP, choose Get Dynamically from ISP.
3 Configuring Networking Authentication Type Auto-negotiation—The server sends a configuration request specifying the security algorithm set on it. The device then sends back authentication credentials with the security type sent by the server. PAP—Password Authentication Protocol (PAP) used by Point-to-Point Protocol to connect to the ISP. CHAP—Challenge Handshake Authentication Protocol (CHAP) requires that both the client and server know the plaintext of the secret to use ISP services.
3 Configuring Networking Connect on Demand Select this option if your ISP charges based on the amount of time that you are connected. When you select this option, the Internet connection is on only when traffic is present. If the connection is idle— that is, no traffic is flowing—the connection is closed. If you click Connect on Demand, enter the number of minutes after which the connection shuts off in the Max Idle Time field.
3 Configuring Networking DNS Server Source The DNS server address. If you already have DNS server addresses from your ISP, choose Use these DNS Servers, and enter the primary and secondary addresses in the Static DNS 1 and Static DNS 2 fields. To get DNS server addresses from your ISP, choose Get Dynamically from ISP. To use the DNS servers provided by OpenDNS (208.67.222.222, 208.67.220.220) to resolve your web addresses, choose Use OpenDNS. STEP 4 Click Save.
3 Configuring Networking Vendor ID The vendor ID contained in the AVP encoding format for L2TP. To use the IETF-adopted attribute values in the AVP, select Standard. To implement Cisco’s L2TP extensions and private attribute values, select Cisco. Virtual Circuit ID The identifier for the Layer 2 circuit over which L2TP data packets are carried. This information is required if you selected Cisco as the Vendor ID for L2TP v3. Username Enter your username assigned to you by the ISP.
3 Configuring Networking Service Name Enter a name for the new L2TP service. MPPE Encryption Check Enable to enable Microsoft Point-to-Point Encryption for the L2TP connection. DNS Server Source The DNS server address. If you already have DNS server addresses from your ISP, choose Use these DNS Servers, and enter the primary and secondary addresses in the Static DNS 1 and Static DNS 2 fields. To get DNS server addresses from your ISP, choose Get Dynamically from ISP.
3 Configuring Networking Untagged VLAN Check the box to enable VLAN tagging. When enabled (the default), all traffic is tagged with a VLAN ID. By default, all traffic on the device uses VLAN 1, the default untagged VLAN. All traffic is untagged until you disable the untagged VLAN, change the untagged traffic VLAN ID, or change the VLAN ID. Untagged VLAN ID A number between 1 and 4094 for the untagged VLAN ID. The default is 1.
3 Configuring Networking Configuring a Mobile Network Configuring a Mobile Network Choose Networking > WAN > Mobile Network to configure to configure the device to connect to a Mobile Broadband USB modem that is connected to its USB interface. Configuring Global Mobile Network Settings To configure global settings for supported USB devices: STEP 1 Connect the USB modem. If the modem is supported, it is automatically detected and appears on the Mobile Network page.
3 Configuring Networking Configuring a Mobile Network STEP 3 Verify that the Card Status field shows your mobile card is Connected. Configuring Mobile Network Settings Manually To change mobile network parameters in the Mobile Network Setup area, click the Manual radio button. The device automatically detects supported modems and lists the appropriate configuration parameters. To override global parameters, select Manual.
3 Configuring Networking Configuring a Mobile Network Field Description Server Type The most commonly available type of mobile data service connection based on your area service signal. If your location supports only one mobile data service, you can limit your preferred option, reducing connection setup times. The first selection always searches for HSPDA/3G/UMTS service and switches automatically to GPRS when it is available. LTE Service Long-term Evolution (LTE) Service setting.
3 Configuring Networking Configuring a Mobile Network • At every interval specified while a mobile network link is active. Setting Failover and Recovery While both Ethernet and mobile network links are available, only one connection can be used to establish a WAN link, at a time. When one WAN connection fails, the device attempts to establish a connection on another interface. This feature is called Failover.
3 Configuring Networking Configuring LAN Settings The WAN Interface table shows the status of the Ethernet WAN and mobile network link to the Internet. Click the Status hyper link to view the port detail. Configuring LAN Settings The default DHCP and TCP/IP settings work for most applications. If you want another PC on your network to be the DHCP server, or if you want to manually configure the network settings of all of your devices, disable DHCP.
3 Configuring Networking Configuring LAN Settings STEP 3 Click Save. After changing the IP address of your device, your PC is no longer able to display Device Manager. To display Device Manager, do one of the following: • If DHCP is configured on the device, release and renew your PC IP address. • Manually assign an IP address to your PC. The address must be on the same subnetwork as the device. For example, if you change the device IP address to 10.0.0.
3 Configuring Networking Configuring LAN Settings Disable Disables DHCP on the device when you want to manually configure the IP addresses of all of your network devices. DHCP Relay Relays the IP addresses assigned by another DHCP server to the network devices. If you enabled the device DHCP server, enter this information: Starting IP Address The first address in the IP address pool. Any DHCP client joining the LAN is assigned an IP address in this range.
3 Configuring Networking Configuring LAN Settings Configuring VLANs A virtual LAN (VLAN) is a group of endpoints in a network that are associated by function or other shared characteristics. Unlike LANs that are typically geographically based, VLANs can group endpoints without regard to the physical location of the equipment or users. The device has a default VLAN (VLAN 1) that cannot be deleted. You can create up to four other VLANs on the device.
3 Configuring Networking Configuring LAN Settings STEP 4 Click Save. To edit the settings of a VLAN, select the VLAN and click Edit. To delete a selected VLAN, click Delete. Click Save to apply changes. Configuring Static DHCP You can configure your router to assign a specific IP address to a client device with a specific MAC address. To configure static DHCP: STEP 1 Choose Networking > LAN > Static DHCP. STEP 2 From the VLAN drop-down menu, choose a VLAN number. STEP 3 Click Add Row.
Configuring Networking Configuring LAN Settings 3 Viewing DHCP Leased Clients You can view a list of endpoints on the network (identified by hostname, IP address, or MAC address) and see the IP addresses assigned to them by the DHCP server. The VLAN of the endpoints is also displayed. To view the DHCP clients, choose Networking > LAN > DHCP Leased Client. For every VLAN defined on the device, a table displays a list of the clients associated with the VLAN.
3 Configuring Networking Configuring LAN Settings STEP 3 From the VLAN drop-down menu, choose the ID of the VLAN where DMZ is enabled. STEP 4 In the Host IP Address field, enter the IP address of the DMZ host. The DMZ host is the endpoint that receives the redirected packets. STEP 5 Click Save. Configuring RSTP Rapid Spanning Tree Protocol (RSTP) is a network protocol that prevents loops in the network and dynamically reconfigures which physical links should forward frames.
3 Configuring Networking Configuring LAN Settings Forward Delay The forward delay is the interval after which an interface changes from the blocking to forwarding state. Enter a number from 4 to 30. The default is 15. Force Version Select the default protocol version to use. Select Normal (use RSTP) or Compatible (compatible with old STP). The default is Normal. STEP 3 In the Setting Table, configure the following settings: Protocol Enable Check to enable RSTP on the associated port.
3 Configuring Networking Configuring LAN Settings Link The port speed. If no device is connected to the port, this field displays Down. Mode Choose from the drop-down menu one of the following port speeds: • Auto Negotiation—The device and the connected device choose a common speed. • 10Mbps Half—10 Mbps in both directions, but only one direction at a time. • 10Mbps Full—10 Mbps in both directions simultaneously. • 100Mbps Half—100 Mbps in both directions, but only one direction at a time.
3 Configuring Networking Cloning the MAC Address To assign ports to link aggregation group: STEP 1 Choose Networking > LAN > Link Aggregation. The Port Status section displays the mode associated with each port on the device and the status. STEP 2 In the Link Aggregation Setting Table section, check the check box for each port to include it in the group. STEP 3 Click Save.
3 Configuring Networking Configuring Routing Configuring Routing Use the Routing page to configure the operating mode and other routing options for your device. Configuring the Operating Mode To configure the operating mode: STEP 1 Choose Networking > Routing. STEP 2 In the Operating Mode field, select one of the following options: Gateway To set the device to act as a gateway.
3 Configuring Networking Configuring Routing NOTE RIP is disabled by default on the device. To configure dynamic routing: STEP 1 Choose Networking > Routing. STEP 2 Configure the following settings: RIP Check Enable to enable RIP. This allows the device to use RIP to route traffic. RIP Send Packet Version Select the RIP Send Packet Version (RIPv1 or RIPv2). The version of RIP used to send routing updates to other routers on the network depends on the configuration settings of the other routers.
3 Configuring Networking Viewing the Routing Table To configure static routing: STEP 1 Choose Networking > Routing. STEP 2 From the Route Entries drop-down menu, choose a route entry. To delete the route entry, click Delete This Entry. STEP 3 Configure the following settings for the selected route entry: Enter Route Name Enter the name of the route. Destination LAN IP Enter the IP address of the destination LAN. Subnet Mask Enter the subnet mask of the destination network.
3 Configuring Networking Configuring Dynamic DNS Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must set up an account with a DDNS provider such as DynDNS.com, TZO.com, 3322.org, or noip.com. The router notifies dynamic DNS servers of changes in the WAN IP address, so that any public services on your network can be accessed by using the domain name.
3 Configuring Networking Configuring the IP Mode Configuring the IP Mode Wide area network configuration properties are configurable for both IPv4 and IPv6 networks. You can enter information about your Internet connection type and other parameters in these pages. To select an IP mode: STEP 1 Choose Networking > IP Mode. STEP 2 From the IP Mode drop-down menu, choose one of the following options: LAN:IPv4, WAN:IPv4 To use IPv4 on the LAN and WAN ports.
3 Configuring Networking Configuring IPv6 Configuring IPv6 Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP) intended to succeed Internet Protocol version 4 (IPv4). Configuring WAN properties for an IPv6 network depends on the type of internet connection that you have. Configuring the IPV6 WAN Connection You can configure your device to be a DHCPv6 client of the ISP for this WAN or to use a static IPv6 address provided by the ISP.
3 Configuring Networking Configuring IPv6 To configure the device to be a DHCPv6 client: STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration. STEP 2 In the WAN Connection Type field, select Automatic Configuration-DHCPv6. The gateway connects to the ISP's DHCPv6 server for a leased address. STEP 3 To automate assigning prefixes to your device (the DHCP client), select the Prefix Delegation Enable radio button. STEP 4 Click Save.
3 Configuring Networking Configuring IPv6 Configuring PPPoE IPv6 Settings You can run IPv4 PPPoE, IPv6 PPPoE, or both. If you run both, your IPv6 WAN PPPoE settings must match your IPv4 WAN PPPoE settings. If they do not match, a message is displayed asking if you want to set the IPv6 protocol to match the IPv4 protocol. See Configuring PPPoE. To configure the PPPoE IPv6 settings: STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration. STEP 2 In the WAN Connection Type field, choose PPPoE IPv6.
3 Configuring Networking Configuring IPv6 Authentication Type Authentication types: Auto-negotiation—A server sends a configuration request specifying the security algorithm set on the server. The device replies with its authentication credentials, including the security type sent by the server. PAP—Use the Password Authentication Protocol (PAP) to connect to the ISP. CHAP—Use Challenge Handshake Authentication Protocol (CHAP) to connect with the ISP.
3 Configuring Networking Configuring IPv6 Configuring IPv6 LAN Connections In the IPv6 mode, the LAN DHCP server is enabled by default (similar to the IPv4 mode). The DHCPv6 server assigns IPv6 addresses from configured address pools that use the IPv6 prefix length assigned to the LAN.
3 Configuring Networking Configuring IPv6 DHCP Status Check to enable the DHCPv6 server. When enabled, the device assigns an IP address within a specified range and provides additional information to any LAN endpoint that requests DHCP addresses. Domain Name (Optional) Domain name of the DHCPv6 server. Server Preference Server preference level of this DHCP server. DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages.
3 Configuring Networking Configuring IPv6 Configuring IPv6 Static Routing You can configure static routes to direct packets to the destination network. A static route is a predetermined pathway that a packet must travel to reach a specific host or network. Some ISPs require static routes to build a routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router.
Configuring Networking Configuring IPv6 3 STEP 4 Click Save. To edit the settings of a route, select the route and click Edit. To delete a selected route, click Delete. Click Save to apply changes. Configuring Routing (RIPng) RIP Next Generation (RIPng) is a routing protocol based on the distance vector (D-V) algorithm. RIPng uses UDP packets to exchange routing information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric, or cost.
3 Configuring Networking Configuring IPv6 Configuring Tunneling IPv6-to-IPv4 tunneling (6-to-4 tunneling) allows IPv6 packets to be transmitted over an IPv4 network. IPv4 to IPv6 tunneling (4-to-6 tunneling) allows IPv4 packets to be transmitted over an IPv6 network. 6 to 4 Tunneling 6-to-4 tunneling is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network. To configure 6-to-4 tunneling: STEP 1 Select Networking > IPv6 > Tunneling.
3 Configuring Networking Configuring IPv6 4 to 6 Tunneling To configure 4-to-6 tunneling: STEP 1 Select Networking > IPv6 > Tunneling. STEP 2 In the 4 to 6 Tunneling field, check the Enable box. STEP 3 Enter the local WAN IPv6 address on the device. STEP 4 Enter the remote IPv6 address, or the IP address of the remote endpoint. STEP 5 Click Save. Viewing IPv6 Tunnel Status To view IPv6 tunnel status: STEP 1 Choose Networking > IPv6 > IPv6 Tunnels Status.
3 Configuring Networking Configuring IPv6 Advertise Mode Select one of the following modes: Unsolicited Multicast—Send Router Advertisements (RAs) to all interfaces belonging to the multicast group. Unicast only—Restrict advertisements to well-known IPv6 addresses only (RAs are sent to the interface belonging to the known address only). Advertise Interval Advertise interval (4–1800) for the Unsolicited Multicast. The default is 30.
3 Configuring Networking Configuring IPv6 MTU MTU size (0 or 1280 to 1500). The default is 1500 bytes. The maximum transmission unit (MTU) is the size of the largest packet that can be sent over the network. The MTU is used in RAs to ensure all nodes on the network use the same MTU value when the LAN MTU is not well-known. Router Life Time Router lifetime value or the time in seconds that the advertisement messages exists on the route. The default is 3600 seconds. STEP 3 Click Save.
3 Configuring Networking Configuring IPv6 SLA ID If you choose 6to4 as the IPv6 prefix type, enter the Site-Level Aggregation Identifier (SLA ID). The SLA ID in the 6to4 address prefix is set to the interface ID of the interface on which the advertisements are sent. IPv6 Prefix If you choose Global/Local as the IPv6 prefix type, enter the IPv6 prefix. The IPv6 prefix specifies the IPv6 network address. IPv6 Prefix Length If you choose Global/Local as the IPv6 prefix type, enter the prefix length.
4 Configuring Wireless Networks • Detecting Rogue Access Points, page 72 • Configuring Captive Portal, page 77 • Configuring Device Mode, page 80 Wireless Security Wireless networks are convenient and easy to install. Because wireless networking operates by sending information over radio waves, it can be more vulnerable to intruders than a traditional wired network.
Configuring Wireless Networks Wireless Security 4 Hackers know these default values and may try to use them to access your wireless device and change your network settings. To prevent unauthorized access, customize the device password so that it is difficult to guess. • Enable MAC address filtering. Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device.
4 Configuring Wireless Networks Wireless Networks on Your Device General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. We recommend that you take the following precautions: • Password-protect all computers on the network and individually passwordprotect sensitive files. • Change passwords on a regular basis. • Install anti-virus software and personal firewall software.
4 Configuring Wireless Networks Configuring Basic Wireless Settings SSID Name ciscosb1 ciscosb2 ciscosb3 ciscosb4 WPS Hardware Button Enabled Disabled Disabled Disabled 1. When using the Setup Wizard, select Best Security or Better Security to protect the device from unauthorized access. Configuring Basic Wireless Settings Choose Wireless > Basic Settings to configure basic wireless settings. To configure basic wireless settings: STEP 1 Choose Wireless > Basic Settings.
Configuring Wireless Networks Configuring Basic Wireless Settings 4 STEP 4 If you chose B/G/N-Mixed, N-Only, or G/N Mixed, in the Wireless Band Selection field, select the wireless bandwidth on your network (20MHz or 20/40MHz). If you chose N-Only, you must use WPA2 security on your network. See Configuring the Security Mode. STEP 5 In the Wireless Channel field, choose the wireless channel from the drop-down menu.
4 Configuring Wireless Networks Configuring Basic Wireless Settings Enable SSID Click On to enable the network. SSID Name Enter the name of the network. SSID Broadcast Check this box to enable SSID broadcast. If SSID broadcast is enabled, the wireless router advertises its availability to wireless-equipped devices in the range of the router. Security Mode See Configuring the Security Mode. MAC Filter See Configuring MAC Filtering. VLAN Choose the VLAN associated with the network.
Configuring Wireless Networks Configuring Basic Wireless Settings 4 To configure the WEP security mode: STEP 1 Choose Wireless > Basic Settings. In the Wireless Table, check the box for the network you want to configure. STEP 2 Click Edit Security Mode. The Security Settings page appears. STEP 3 In the Select SSID field, choose the SSID for which to configure the security settings. STEP 4 From the Security Mode menu, choose WEP.
Configuring Wireless Networks Configuring Basic Wireless Settings 4 Configuring WPA-Personal, WPA2-Personal, and WPA2-Personal Mixed The WPA Personal, WPA2 Personal, and the WPA2 Personal Mixed security modes offer strong security to replace WEP. • WPA-Personal—WPA is part of the wireless security standard (802.11i) standardized by the Wi-Fi Alliance and was intended as an intermediate measure to take the place of WEP while the 802.11i standard was being prepared.
Configuring Wireless Networks Configuring Basic Wireless Settings 4 STEP 8 In the Key Renewal field, enter the duration of time (600–7200 seconds) between key renewals. The default value is 3600. STEP 9 Click Save to save your settings. Click Back to go back to the Basic Settings page. Configuring WPA-Enterprise, WPA2-Enterprise, and WPA2-Enterprise Mixed The WPA Enterprise, WPA2 Enterprise, and the WPA2 Enterprise Mixed security modes allow you to use RADUIS server authentication.
Configuring Wireless Networks Configuring Basic Wireless Settings 4 STEP 10 Click Save to save your settings. STEP 11 Click Back to go back to the Basic Settings page. Configuring MAC Filtering You can use MAC Filtering to permit or deny access to the wireless network based on the MAC (hardware) address of the requesting device. For example, you can enter the MAC addresses of a set of computers and only allow those computers to access the network. You can configure MAC Filtering for each network or SSID.
4 Configuring Wireless Networks Configuring Advanced Wireless Settings Configuring Time of Day Access To further protect your network, you can restrict access to it by specifying when users can access the network. To configure Time of Day Access: STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network you want to configure. STEP 2 Click Time of Day Access. The Time of Day Access page appears. STEP 3 In the Active Time field, check Enable to enable Time of Day Access.
4 Configuring Wireless Networks Configuring Advanced Wireless Settings Basic Rate The Basic Rate setting is not the rate of transmission but a series of rates at which the Services Ready Platform can transmit. The device advertises its basic rate to the other wireless devices in your network, so they know which rates will be used. The Services Ready Platform will also advertise that it will automatically select the best rate for transmission.
4 Configuring Wireless Networks Configuring Advanced Wireless Settings CTS Protection Mode The device automatically uses CTS (Clear-To-Send) Protection Mode when your Wireless-N and Wireless-G devices are experiencing severe problems and are not able to transmit to the device in an environment with heavy 802.11b traffic. This function boosts the device’s ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance. The default is Auto.
4 Configuring Wireless Networks Detecting Rogue Access Points RTS Threshold If you encounter inconsistent data flow, enter only minor reductions. The default value of 2347 is recommended. If a network packet is smaller than the preset Request to Send (RTS) threshold size, the RTS/Clear to Send (CTS) mechanism will not be enabled. The Services Ready Platform sends RTS frames to a particular receiving station and negotiates the sending of a data frame.
Configuring Wireless Networks Detecting Rogue Access Points 4 To authorize detected access points: STEP 1 In Rogue AP Detected Table, check the box for the access point that you want to authorize. STEP 2 Click Authorize. To add an access point to the Authorized AP table: STEP 1 Click Add Row. STEP 2 Enter the MAC address of the access point that you want to authorize. STEP 3 Enter the SSID or the name that identifies the wireless network. STEP 4 Choose the security mode associated with the access point.
4 Configuring Wireless Networks Detecting Rogue Access Points Field Security Network Mode Channel Values • 0 — Open • 1 — WEP • 2 — WPA-Personal • 3 — WPA-Enterprise • 4 — WPA2-Personal • 5 — WPA2-Enterprise • 0 — B Only • 1 — G Only • 2 — N Only • 3 — BG-Mixed • 4 — GN-Mixed • 5 — BGN-Mixed • 0 — Auto • 1 — 2.412 • 2 — 2.417 • 3 — 2.422 • 4 — 2.427 • 5 — 2.432 • 6 — 2.437 • 7 — 2.442 • 8 — 2.447 • 9 — 2.452 • 10 — 2.457 • 11 — 2.
4 Configuring Wireless Networks Configuring WDS Field Values Encryption Authentication • 2 — TKIP • 4 — CCMP • 2 — PSK • 1 — RADIUS Ensure that the content in the CSV file is arranged as shown in the following example: BSSID Security Encryption Authentication Wireless Network Channel SSID 00:1C:10:CE:44:48 4 2 2 3 1 Auth_Guest To import a list of authorized APs: STEP 1 Click Merge to add the list of access points that you want to import, to the access points displayed in Author
Configuring Wireless Networks Configuring WDS 4 You can configure WDS in Bridge mode where one AP acts as the common link between multiple APs or in Repeater mode where one AP connects two APs without a wired connection to the LAN, by repeating signals using the wireless connection. WDS is supported on one SSID only. To configure WDS in Bridge mode: STEP 1 Choose Wireless > WDS. STEP 2 To enable WDS, check the Enable. STEP 3 Select the WDS Bridge radio button.
4 Configuring Wireless Networks Configuring WPS Configuring WPS Configure WPS to allow WPS-enabled devices to easily and securely connect to the wireless network. Refer to your client device documentation for additional instructions on setting up WPS on your client device. To configure WPS: STEP 1 Choose Wireless > WPS.
Configuring Wireless Networks Configuring Captive Portal 4 Creating Captive Portal Profiles To create a captive portal profile: STEP 1 Choose Wireless > Captive Portal > Portal Profile. In the Portal Profile Table section, click Add Row. To modify the portal profile provided on the device, check the Default_Portal_Profile box and click Edit. STEP 2 Enter a name for your Captive Portal profile. STEP 3 Choose if you want to use the profile to authenticate guest users or users on your network.
Configuring Wireless Networks Configuring Captive Portal 4 Configuring Captive Portal Instances To configure a captive portal instance for your device: STEP 1 Choose Wireless > Basic Settings. STEP 2 In the Wireless Table section, check the Enable box for the SSID for which you want to configure a captive portal. Click Edit. STEP 3 Select a portal profile for the SSID. You can create up to four captive portals using the SSIDs for your device.
Configuring Wireless Networks Configuring Device Mode 4 Configuring Device Mode You can configure your device to work in the following modes: • Router—To act as a wireless router. • AP (access point)—To provide wireless connections to clients and extend Wi-Fi capability to an existing wired network. All LAN ports are disabled when the device works as an access point. Ensure that you configure the AP management VLAN information on the Networking > WAN > WAN Configuration page.
Configuring Wireless Networks Configuring Device Mode Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide 4 81
5 Configuring the Firewall Firewall Features You can secure your network by creating and applying rules that the device uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following: • Services or traffic types that the router should allow or block. For example, web browsing, VoIP, other standard services and custom services that you define.
5 Configuring the Firewall Configuring Basic Firewall Settings Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your network, selectively allowing only specific outside users to access specific local resources. By default, all access from the insecure WAN side is blocked from accessing the secure LAN, except in response to requests from the LAN or DMZ. To allow outside devices to access services on the secure LAN, you must create a firewall rule for each service.
5 Configuring the Firewall Configuring Basic Firewall Settings Remote Management Remote Access Remote Upgrade Allowed Remote IP Address Remote Management Port See Configuring Remote Management. IPv4 Multicast Passthrough (IGMP Proxy) Check Enable to enable multicast passthrough for IPv4. IPv6 Multicast Passthrough (IGMP Proxy) Check Enable to enable multicast passthrough for IPv6. SIP ALG To allow Session Initiation Protocol (SIP) traffic to traverse the firewall, check the SIP ALG check box.
5 Configuring the Firewall Configuring Basic Firewall Settings Block Cookies Check to block cookies. Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits. Enabling this option filters out cookies from being created by a website. Many websites require that cookies be accepted in order for the site to be accessed properly.
5 Configuring the Firewall Configuring Basic Firewall Settings STEP 3 Click Save. Configuring Remote Management You can enable remote management so that you can access the device from a remote WAN network. To configure remote management, configure these settings on the Basic Settings page: Remote Management Check Enable to enable remote management. Remote Access Choose the type of web access that can be used to connect to the firewall: HTTP or HTTPS (secure HTTP).
5 Configuring the Firewall Managing Firewall Schedules Configuring Universal Plug and Play Universal Plug and Play (UPnP) allows automatic discovery of devices that can communicate with the device. To configure UPnP, configure these settings on the Basic Settings page: UPnP Check Enable to enable UPnP. Allow Users to Configure Check this box to allow UPnP port-mapping rules to be set by users who have UPnP support enabled on their computers or other UPnP-enabled devices.
5 Configuring the Firewall Configuring Services Management Configuring Services Management When you create a firewall rule, you can specify a service that is controlled by the rule. Common types of services are available for selection, and you can create your own custom services. The Services Management page allows you to create custom services against which firewall rules can be defined. Once defined, the new service appears in the List of Available Custom Services table.
Configuring the Firewall Configuring Access Rules 5 Configuring Access Rules Configuring the Default Outbound Policy The Access Rules page allows you to configure the default outbound policy for the traffic that is directed from the secure network (LAN) to the non-secure network (dedicated WAN/optional). The default inbound policy for traffic flowing from the non-secure zone to the secure zone is always blocked and cannot be changed.
5 Configuring the Firewall Configuring Access Rules Adding Access Rules All configured firewall rules on the device are displayed in the Access Rules Table. This list also indicates whether the rule is enabled (active) and gives a summary of the From/To zone as well as the services and users the rule affects. To create an access rule: STEP 1 Choose Firewall > Access Rules. STEP 2 Click Add Row.
5 Configuring the Firewall Configuring Access Rules • Post Office Protocol (POP3) • Simple Network Management Protocol (SNMP) • Simple Mail Transfer Protocol (SMTP) • Telnet • STRMWORKS • Terminal Access Controller Access-Control System (TACACS) • Telnet (command) • Telnet Secondary • Telnet SSL • Voice (SIP) STEP 6 In the Source IP field, select the users to which the firewall rule applies: • Any—The rule applies to traffic originating on any host in the local network.
5 Configuring the Firewall Creating an Internet Access Policy STEP 9 Click Save. Creating an Internet Access Policy The device supports several options for blocking Internet access. You can block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block access to Internet sites by specifying keywords to block. If these keywords are found in the site's name (for example, web site URL or newsgroup name), the site is blocked.
5 Configuring the Firewall Creating an Internet Access Policy STEP 7 (Optional) Apply the access policy to specific PCs to allow or block traffic coming from specific devices: a. In the Apply Access Policy to the Following PCs table, click Add Row. b. From the Type drop-down menu, choose how to identify the PC (by MAC address, by IP address, or by providing a range of IP addresses). c.
Configuring the Firewall Configuring One-to-One Network Address Translation (NAT) 5 Configuring One-to-One Network Address Translation (NAT) Use the One-to-one NAT page to map local IP addresses behind your firewall to global IP addresses. One-to-one NAT is a way to make systems configured with private IP addresses, which are behind a firewall, appear to have public IP addresses. To add a One-to-One NAT rule: STEP 1 Choose Firewall > One-to-One NAT. STEP 2 Click Add Row.
Configuring the Firewall Configuring Port Forwarding 5 NOTE Port forwarding is not appropriate for servers on the LAN because there is a dependency on the LAN device making an outgoing connection before incoming ports are opened. Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The router must send all incoming data for that application only on the required port or range of ports.
Configuring the Firewall Configuring Port Forwarding 5 Configuring Port Range Forwarding To add a port range forwarding rule: STEP 1 Choose Firewall > Port Range Forwarding. STEP 2 In the Application field, enter the name of the application for which to configure port forwarding. STEP 3 In the External Port field, specify the port number that will trigger this rule when a connection request from outgoing traffic is made.
Configuring the Firewall Configuring Port Forwarding 5 NOTE Port triggering is not appropriate for servers on the LAN, since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened. Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The router must send all incoming data for that application only on the required port or range of ports.
Configuring the Firewall Configuring Port Forwarding Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide 5 98
6 Configuring VPN VPN Tunnel Types You can configure VPN on your device to provide you a secure communication channel or a tunnel between: • Two gateway routers • A remote client device and a gateway router Configuring Basic Site-to-Site IPsec VPN Your device supports site-to-site IPsec VPN for a single gateway-to-gateway VPN tunnel. After configuring these basic VPN settings, you can connect securely to another VPN-enabled router.
Configuring VPN Configuring Basic Site-to-Site IPsec VPN 6 • Remote WAN (Internet) IP Address—Enter the public IP address or domain name of the remote endpoint. • Local WAN (Internet) IP Address—Enter the public IP address or domain name of your device. STEP 5 In the Secure Connection Remote Accessibility fields, enter the following information: • Remote LAN (Local Network) IP Address—The private network (LAN) address of the remote endpoint.
Configuring VPN Configuring Site-to-Site IPsec VPN Advanced Parameters 6 Configuring Site-to-Site IPsec VPN Advanced Parameters Advanced VPN parameters such as IKE and other VPN policies control how the device initiates and receives VPN connections. To configure advanced VPN parameters, choose VPN > Site-to-Site IPsec VPN > Advanced VPN Setup. Managing IKE Policies The Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts.
Configuring VPN Configuring Site-to-Site IPsec VPN Advanced Parameters 6 c. In the Pre-Shared Key field, enter the key or password. Ensure that the password does not contain double-quotes (“). d. In the Diffie-Hellman (DH) Group field, specify the DH Group algorithm used when exchanging a pre-shared key. The DH Group sets the strength of the algorithm in bits. Ensure that the DH Group is configured identically on both sides of the IKE policy. e.
Configuring VPN Configuring Site-to-Site IPsec VPN Advanced Parameters 6 - Auto Policy—Some parameters for the VPN tunnel are generated automatically. This requires using the Internet Key Exchange (IKE) protocol for negotiations between the two VPN endpoints. - Manual Policy—All parameters (including the keys) for the VPN tunnel are manually entered for each end point. No third-party server or organization is involved. c.
Configuring VPN Configuring Site-to-Site IPsec VPN Advanced Parameters - DES—8 characters - 3DES—24 characters - AES-128—16 characters - AES-192—24 characters - AES-256—32 characters 6 • Manual Integrity Algorithm—Select the algorithm used to verify the integrity of the data. • Key-In, Key Out—Enter the integrity key (for ESP with Integrity-mode) for the inbound and outbound policy.
6 Configuring VPN Configuring IPsec VPN Server Configuring IPsec VPN Server Using IPsec VPN enables secure remote access to corporate resources by establishing an encrypted tunnel across the Internet. Your device supports the following IPsec VPN clients: • TheGreenBow • ShrewSoft Configuring the IPsec VPN Server To configure the IPsec VPN server: STEP 1 Choose VPN > IPsec VPN Server> Setup. STEP 2 Check the Server Enable check box.
6 Configuring VPN Configuring IPsec VPN Server STEP 4 In the Phase 2 Configuration section, configure parameters to negotiate IPsec Security Association (SA) for the IPsec tunnel: a. In the Local IP field, indicate how many endpoints will be part of the VPN policy: • Single—Limits the policy to one host. Enter the IP address of the host that will be part of the VPN in the IP Address field. • Subnet—Allows an entire subnet to connect to the VPN.
6 Configuring VPN Configuring PPTP section, click Browse to locate the file, and click Import. See Importing User Accounts for more information. STEP 5 Save your user accounts. Configuring PPTP Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a business network by creating a secure VPN connection across public networks, such as the Internet.
6 Configuring VPN Configuring VPN Passthrough STEP 4 To import usernames and passwords from a CSV file, click Import. The Administration > Users page is displayed. In the Import Username and Password section, click Browse to locate the file, and click Import. See Importing User Accounts for more information. STEP 5 Save your user accounts. Configuring VPN Passthrough VPN passthrough allows VPN traffic that originates from VPN clients to pass through the device.
6 Configuring VPN SSL Certificate A self certificate is a certificate issued by a CA identifying your device (or self- signed if you don't want the identity protection of a CA). To request a self certificate to be signed by a CA, you can generate a Certificate Signing Request from the gateway by entering identification parameters and sending to the CA for signing.
6 Configuring VPN VPN Setup Wizard VPN Setup Wizard To use the VPN Setup Wizard: STEP 1 Click VPN > VPN Setup Wizard. STEP 2 The wizard window popped out. Follow the on-screen instructions to set up the device.
7 Configuring Quality of Service (QoS) Quality of service (QoS) assigns priority to various applications, users, or data flows, or guarantees a level of performance to a data flow. These guarantees are important when the network capacity is insufficient. For example, for real-time streaming multimedia applications such as voice-over-IP, online games, and IP-TV because they require fixed bit rate and are delay sensitive, and for networks where the capacity is a limited resource.
7 Configuring Quality of Service (QoS) Configuring Bandwidth Management Downstream The bandwidth (kb/s) used for receiving data from the Internet. (Applies to the default VLAN only) STEP 4 Click Save. Configuring Bandwidth Priority In the Bandwidth Priority Table, you can assign priorities to services to manage bandwidth usage. To configure bandwidth priority: STEP 1 In the Bandwidth Priority Table, click Add Row.
7 Configuring Quality of Service (QoS) Configuring Bandwidth Management DSCP Enter the remarking value for packets on this network. STEP 3 Click Save. To edit the settings of an entry in the table, check the relevant box and click Edit. When you are done making changes, click Save. To delete an entry from the table, check the relevant box and click Delete. Click Save. To add a new service definition, click the Service Management button.
7 Configuring Quality of Service (QoS) Configuring QoS Port-Based Settings Configuring QoS Port-Based Settings You can configure QoS settings for every port on your device. The supports four priority queues that allow traffic prioritization for each port. To configure QoS settings for the ports on your device: STEP 1 Choose QoS > QoS Port-Based Settings.
Configuring Quality of Service (QoS) Configuring CoS Settings 7 Configuring CoS Settings Use the link to the QoS Port-Based Settings Page to map the CoS priority setting to the QoS queue. To map CoS priority settings to the traffic forwarding queue: STEP 1 Choose QoS > CoS Settings. STEP 2 For each CoS priority level in the CoS Settings Table, choose a priority value from the Traffic Forwarding Queue drop-down menu.
Configuring Quality of Service (QoS) Configuring DSCP Settings Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide 7 115
8 Managing Your Device Setting Device Properties Assign a name and a domain name to your device to ensure that it is easily identified by other devices. To set device properties: STEP 1 Choose Administration > Device Properties. STEP 2 In the Hostname field, enter a name to identify the device uniquely on your network. For example, RTR141. STEP 3 In the Domain Name field, enter the domain in which your device is located. For example, abcbusiness.com.
8 Managing Your Device Configuring User Accounts Minimum Password Length Enter the minimum password length (064 characters). Minimum number of character classes Enter a number representing one of the following character classes: • Uppercase letters. • Lowercase letters. • Numbers. • Special characters available on a standard keyboard. By default, passwords must contains characters from at least three of these classes.
8 Managing Your Device Configuring User Accounts To configure the user accounts: STEP 1 Choose Administration > Users. STEP 2 In the Account Activation field, check the boxes for the accounts that you want to activate. (The admin account must be active.) STEP 3 (Optional) To edit the administrator account, under Administrator Account Setting, check Edit Administrator Settings. To edit the guest account, under Guest Settings, check Edit Guest Settings.
8 Managing Your Device Configuring User Accounts TYPE USERNAME PASSWORD ENABLE PPTP PPTP-user-1 12345678 enable PPTP PPTP-user-2 345123678 disable TYPE USERNAME PASSWORD VPNServer vpn-user-1 12345678 VPNServer vpn-user-2 33245678 TYPE USERNAME PASSWORD ACCESS_TIME guestnet guestnet-user-1 12345678 1440 guestnet guestnet-user-2 33245678 60 NOTE The names of the columns are case-sensitive. Do not change the order or the names of the columns.
Managing Your Device Setting the Session Timeout Value 8 Setting the Session Timeout Value The timeout value is the number of minutes of inactivity that are allowed before the Device Manager session is ended. You can configure timeout for the Admin and Guest accounts. To configure session timeout: STEP 1 Choose Administration > Session Timeout. STEP 2 In the Administrator Inactivity Timeout field, enter the number, in minutes, before a session times out due to inactivity.
8 Managing Your Device Configuring Simple Network Management (SNMP) SysContact Enter the name of the contact person for this device. For example, your network administrator. SysLocation Enter the physical location of the device. For example, Rack #2, 4th Floor. SysName Enter a name to identify your device easily. For example, RTR 141. STEP 5 Click Save. Editing SNMPv3 Users You can configure SNMPv3 parameters for the two default user accounts (Admin and Guest) for your device.
8 Managing Your Device Configuring Simple Network Management (SNMP) Authentication Password Enter the authentication password. Privacy Algorithm Choose the type of privacy algorithm (DES or AES). Privacy Password Enter the privacy password. STEP 3 Click Save. Configuring the SNMP Traps The fields in the SNMP Trap Configuration section allow you to configure an SNMP agent to which the device sends trap messages (notifications). To configure the traps: STEP 1 Choose Administration > SNMP.
8 Managing Your Device Using Diagnostic Tools Using Diagnostic Tools Your device provides several diagnostic tools to help you troubleshoot network problems. • Network Tools • Configuring Port Mirroring Network Tools Use network tools to troubleshoot the network. Using PING You can use the PING utility to test connectivity between this router and another device in the network.
8 Managing Your Device Using Diagnostic Tools Performing a DNS Lookup You can use the Lookup tool to find out the IP address of host (for example, a Web, FTP, or Mail server) on the Internet. To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address. An Unknown Host message indicates that the specified Internet name does not exist.
8 Managing Your Device Configuring Log and E-mail Settings Configuring Log and E-mail Settings Configure logs to monitor activity that indicates the health and performance of your device. Configuring Log Settings To configure logging: STEP 1 Choose Administration > Logging > Log Settings. STEP 2 In the Log Mode field, check Enable.
8 Managing Your Device Configuring Log and E-mail Settings Remote Log Server Enter the IP address of the log server that will maintain logs. Log Severity for Local Log and Email Choose the severity of events for which you want to maintain logs and send logs them to a specific email address. All log types that are higher in severity than the selected log type are automatically included and you cannot exclude them. For example, if you choose Error logs, Emergency, Alert, and Critical are also selected.
8 Managing Your Device Configuring Log and E-mail Settings Configuring Log E-Mailing You can configure your device to send logs by email. We recommend that you set up a separate email account for sending and receiving logs. You must first set up the severity of logs you want to capture; see Configuring Log Settings. To configure the e-mailing of logs: STEP 1 Choose Administration > Logging > E-mail Settings.
8 Managing Your Device Configuring Log and E-mail Settings E-mail Encryption Choose SSL or TSL as the email encryption method. Choose Disable if you do not want to use an email encryption method. Authentication with SMTP Server If the SMTP (mail) server requires authentication before accepting connections, choose the type of authentication from the drop-down menu: None, LOGIN, PLAIN, and CRAM-MD5.
8 Managing Your Device Configuring Bonjour Configuring Bonjour Bonjour is a service advertisement and discovery protocol. On your device, Bonjour only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: STEP 1 Choose Administration > Bonjour. STEP 2 Check Enable to enable Bonjour. STEP 3 To enable Bonjour for a VLAN listed in the Bonjour Interface Control Table, check the corresponding Enable Bonjour box. You can enable Bonjour on specific VLANs.
8 Managing Your Device Backing Up and Restoring the System Adjust for Daylight Savings Time If supported for your region, check the Adjust for Daylight Savings Time box. This check box is dimmed if you click Manual in the Set Date and Time field. Daylight Saving Mode If you choose By date, enter the specific date when daylight saving mode starts. If you choose Recurring, enter the month, week, day of week, and time when daylight saving time starts.
8 Managing Your Device Backing Up and Restoring the System ! CAUTION During a restore operation, do not try to go online, turn off the firewall, shut down the PC, or use the firewall until the operation is complete. This should take about a minute. When the test light turns off, wait a few more seconds before using the firewall. Backing Up the Configuration Settings To back up or restore the configuration: STEP 1 Choose Administration > Backup/Restore Settings.
Managing Your Device Backing Up and Restoring the System 8 By default, the file (startup.cfg, mirror.cfg, or backup.cfg) is downloaded in the default Downloads folder; for example, C:\Documents and Settings\admin\My Documents\Downloads\. STEP 4 To clear the selected configuration, click Clear. Restoring the Configuration Settings To restore a previously saved configuration file: STEP 1 Choose Administration > Backup/Restore Settings.
Managing Your Device Upgrading Firmware or Changing the Language 8 STEP 3 Click Start to Copy. Generating an Encryption Key The router allows you to generate an encryption key to protect the backup files. To generate an encryption key: STEP 1 Choose Administration > Backup/Restore Settings. STEP 2 Click Show Advanced Settings. STEP 3 In the box, enter the seed phrase used to generate the key. STEP 4 Click Save.
Managing Your Device Upgrading Firmware or Changing the Language 8 STEP 4 To be notified when new firmware is available or after the latest firmware is upgraded, check one of the following check boxes: • Notify via Admin GUI— Receive notifications on the device Administration GUI when you log on the next time. • Email to — Receive notifications through e-mail alerts. Click Email Address to configure e-mail settings. This check box is dimmed if New Firmware Email Alert is not enabled.
8 Managing Your Device Restarting the Device Changing the Language To change the language on the device: STEP 1 Choose Administration > Firmware/Language Upgrade. STEP 2 In the File Type field, click the Language File button. STEP 3 Click Browse to locate and select the language file. STEP 4 (Optional) To restore the device configuration parameters to factory default values, select Reset all configuration/settings to factory defaults. STEP 5 Click Start Upgrade.
Managing Your Device Restoring the Factory Defaults 8 To restore factory defaults to the router: STEP 1 Choose Administration > Restore Factory Defaults. STEP 2 Click Default.
Managing Your Device Restoring the Factory Defaults Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide 8 137
9 Where to Go From Here Support Cisco Support Community www.cisco.com/go/smallbizsupport Online Technical Support and Documentation (Login Required) www.cisco.com/support Phone Support Contacts www.cisco.com/en/US/support/ tsd_cisco_small_ business_support_ center_contacts.html Software Downloads (Login Required) Go to tools.cisco.com/support/downloads, and enter the model number in the Software Search box. Cisco Open Source Requests www.cisco.
