Escolar Documentos
Profissional Documentos
Cultura Documentos
This manual copyright 2001. All rights reserved. No part of this document may be copied or re-used without prior written consent
Contents
Wireless Router
Chapter 1 Introduction
Whats in the box? Overview of the Wireless Router Multifunction Router Wireless Router Applications Accessing the Internet Accessing Servers from the Public Network Supporting Dial-in Access to Your Network Accessing Internet and Dial-In Simultaneously Creating Your Own Private Wide Area Network Accessing Internet and LAN-to-LAN Simultaneously Creating a Virtual Private Network (VPN) A Configuration Example A Security Overview A Physical Look at the Wireless Router The Connectors on the Back The LEDs on the Front
How to mount the Wireless Router on the wall? Chapter 2 Installing the Wireless Router
Installing the Wireless Router Setting Up a Windows PC for Configuring the Wireless Router Connecting more Devices through a Hub to the Wireless Router
Chapter 3
Internet Access in Five Minutes Using Different Browsers for Wireless Router Configuration Logging On To Enable More Features Customizing the ARM for Your Specific Needs Overview of The ARM Browser Screen What is a Connection Profile? Selecting Internet Access Interface Configuring a Basic Internet Access Profile via EWAN Configuring a Basic Internet Access Profile via Modem Adding Internet Access Profiles Deleting or Modifying Internet Access Profiles Setting Up Internet Access with Advanced Features Modifying Public and Private IP Addresses Setting Up Your Router for Wireless LAN connection Configuring for Remote Office Access Advanced Options for Remote Office Profiles Deleting or Modifying Remote Office Access Profiles Configuring Dial-in User Profiles
iii
Single User Dial-In Advanced Options Deleting Dial-in User Profiles Setting the System Time Setting Internet Access Time Restrictions
Chapter 4
Advanced Configuration
Configuring and Using Port Address Translation Configuring Port Address Translation Static DHCP Assignments Creating VPN Connection Profiles (Optional) To Configure VPN Remote Office Access Profiles Set up a VPN Connection Profile Advanced Options Setup Packet Filtering A Packet Filtering Overview Configuring IP Packet Rules Configuring IPX Packet Rules To Configure Advanced IP Settings The IP Routing Table To Configure IPX Settings (Optional) The IPX Routing Table The IPX SAP Table To Enable Bridging Learning
Chapter 5
How to View the Connection Log How to Upgrade the Wireless Router Features/Software How to Save or Clear Configuration Changes How to Reset the Wireless Router How to Change the ARM Password What if I Forget the Password? How to Customize the ARM Interface How to Configure General System Settings
Chapter 6
Messages
Messages
Appendix A Wireless Router Specifications Appendix B Glossary Appendix C Warranty, Copyrights, FCC Notice
Warranty Copyrights FCC Part 15 Notice
iv
1WirelessWireless Router
Safety Warnings
The Wireless Router is not intended to be serviced by the user. Do not open the case.
1Wireless Router
Introduction
This chapter gives the introduction to the Wireless Router.
Note:
1-1
-to support remote users to directly dial in and access your LAN, -to support direct dial-up communication with remote offices and share resources between remnote LANs. - to create Virtual Private Network (VPN) to allow remote LANs to share resources with each other over the Internet.
Figure 1-1 Dial-in Access You can set up the Wireless Router to provide Internet access for everyone on your LAN and allow a remote user to dial in to your network via V.90 Modem or ISDN TA simultaneously.
1-2
Figure 1-3 Connecting Two Networks with Wireless Router You can set up the Wireless Router to provide Internet access for everyone on your LAN and create your own private wide area network via V.90 Modem or ISDN TA simultaneously.
1-3
1-4
A Configuration Example
In Figure 1-6, two Wireless Routers are installed in two different locations. They are connected to the Internet via ADSL/Cable modem, allowing users to surf the Web. They are also connected to each other through the telephone network, forming a private company network.
Figure 1-6 Connecting Two Private Networks This example illustrates an important feature of the Wireless Router: a private device can be accessed from the Internet by mapping the application port number to a port number on the Wireless Router. In this case, an Internet user accesses a web server with IP address 206.112.113.6, which is the Wireless Routers IP address. When properly configured, the Wireless Router will translate that port 80 of that address to port 80 of the private IP address, 192.168.168.112. In this example, all devices on both LANs (except for the Web servers) are configured to obtain their IP addresses automatically (i.e., from the built-in DHCP server in the Wireless Router). It is important for the Web Server on LAN #1 to have the same IP address all the time (so that users can use the same IP address to access it), it also means the Wireless Router should also be assigned a static IP address. IP addresses assigned to the devices on the LAN are only used in the local LAN environment (with default IP network address of 192.168.168.0), therefore these devices naturally form a private network and are not accessible by users across the Internet, unless they are mapped. It is still possible to assign public IP addresses obtained from your ISP to devices on your LAN so that they can be accessed by users across the Internet. These public addresses can co-exist with private IP address on the
1-5
same LAN. In order for LAN to LAN communication to work in such configurations, the default private network Wireless Routeraddress (192.168.168.0) for one of the above Wireless Router has to be changed (to 192.168.170.0 in the above example). The traffic between these two networks is secure because data are sent across the telephone network via a direct phone call.
A Security Overview
More and more people are concerned about security of their data in the Internet The Wireless Router provides many ways to help make your network and your data secure: All dial-in users and LAN-to-LAN communications require PPP PAP/CHAP/ MS-CHAP authentication (basically user name and password) The Wireless Router also supports call-back for dial-in users - so that remote user are really who they say they are The Wireless Router uses a private IP addressing scheme to prevent devices on your LAN from access by outside users Console, Telnet and ARM support password protection DES encryption with PPP/ECP negotiation is supported for VPN connections IP packet filtering may be used to futher enhance security requirements
1-6
Wireless Router
Power
WLAN PPPoE
EWAN
LNK/ACT COL
1
100/10 LNK/ACT FDX/COL
Power: Green. The LED illuminates whe the Router is Powered on. WLAN: Green. The LED illuminates when the wireless client is power on, and flickering when wireless is activity. LAN Indicators 100/10: Green. If the LED illuminates when the throughput is 100Mbps. LNK/ACT: Green. The LED is continously illuminated, indicating the Router is connected to a device successfully. The LED is flickering, indicating the Router is actively sending or receiving data over the port. FDX/COL: Green. The LED is continously illuminated, indicating the connection is running in full duplex mode. The LED is flickering, indicating the connection is experiencing collisions.
EWAN Indicators LNK/ACT: Green. The LNK/ACT LED serves two purposes. One is, it indicates the Router is connected to your Broadband successfuly when it illuminates. The other is indicates the Router is actively sending or receiveing data over the WAN interface. COL: Green. The LED indicates the connection is experiencing collisions. PPPoE: Green. The PPPoE LED indicates if the PPPoE is enabled. Some DSL-based ISPs use PPPoE to establish communications with an end-user. If you are using a DSL line, check with your ISP if they use PPPoE.
1-7
Step 2
Step 3
Finished
Or
1-8
Note:
Step 2
Connect a PC/Workstation to one of the LAN ports of the Wireless Router, such as port 1 or port 2 (using a straight or cross-over LAN cable, respectively). See below for more details of how to connect to an external repeater hub or LAN switch. Connect the AC adapter to the Wireless Router and an electrical outlet.
Step 3
2-1
Step 2 Step 3
Step 4
Check your list of Network Components in the Network window Configuration tab. If TCP/IP has already been installed, go to Step 8. Otherwise, select Add to install it now.
2-2
Step 5 Step 6
In the new Network Component Type window, select Protocol. In the new Select Network Protocol window, select Microsoft in the Manufacturers area.
Select Microsoft
Select TCP/IP
Step 7
In the Network Protocols area of the same window, select TCP/IP, then click OK. You may need your Win95/98 CD to complete the installation. After TCP/IP installation is complete, go back to the Network window shown in Step 4 . Select TCP/IP in the list of Network Components. Click Properties, and check the settings in each of the TCP/IP Properties window:
Step 8 Step 9
-Bindings Tab : both Client for Microsoft Networks and File and printer sharing for Microsoft Networks should be selected. -Gateway Tab : All fields should be blank -DNS Configuration Tab: Disable DNS should be selected -IP Address Tab : Obtain IP address automatically should be selected Step 10 When the Wireless Router connected to the LAN (and powered on), reboot the PC. After the PC is re-booted, you should be ready to configure the Wireless Router. See Chapter 3.
2-3
2-4
3Wireless Router
Logging On
After entering the default IP address as described above, a password prompt screen will ask you to log on. If you are logging on for the first time, you should accept the factory default password (which is password). The password is always displayed as a string of asterisks (*). Clicking the Log On button will begin a Access Router Manager (ARM) session. The next time you log in, even if you have modified the
3-1
password , the default password (password) will still be used as the default. You need to change it to the correct password before you will be let in. No matter what password you use, each character will always be displayed in the logon prompt as a *. If you forget the password, you need to follow steps described in chapter 5 to be able to log on.
3-2
Note: The ARM Customization screen is displayed the very first time you invoke the ARM tool. To return to this screen, select Customize User Interface from the ARM Menu. The choices available depend on what feature keys have been installed. The selections you make determine what configuration menu and buttons will appear in the ARM interface. For example, if you select Basic Internet Access only, the ARM interface will display only buttons and screens that you need for basic Internet access. If you subsequently use ARM to configure the Wireless Router for other applications, you can return to this ARM Customization screen to re-customize your ARM interface by selecting Customize User Interface from the ARM M enu (on the left hand side of the ARM interface).
3-3
AA
ARM Menu
AA
Message Window
AAConfiguration Window
3-4
ARM Menu
This part of the browser screen contains items you can click to display the various screens for configuring your Wireless Router, including EWAN, connection profiles, and protocols, as well as system monitoring, tools, and help.
Configuration Window
This is the window where the actual configuration screens appear. Before any selection of the configuration is made, the window shows a picture of the Wireless Router with cables and peripheral devices that can be connected to it.
Message Window
Whenever appropriate, the Wireless Router will display system status or error messages in this window. For example, when you try to connect to the Internet, if you had configured your password incorrectly, the message window will display an appropriate message.
The following status/statistical information is provided for each interface: Device: lists all interfaces, including both the physical interface (i.e., the LAN port, the EWAN port). Status: indicates the current state of the interface: (I) For LAN: this will always show Up. (II) For EWAN: (i) PPPoE: profile name: Sow the profile you used if the interface is up and funtioning.
3-5
No call: Means that this interface is not connected and the profile of EWAN port is idle. Down: Means that this interface is not connected and no EWAN profile added. (ii) DHCP & No: profile name: Show the profile you used if the interface is up and funtioning. Down: Means that this interface is not connected. Xmt Pkts: indicates the number of packets that have been transmitted through the interface. Rcv Pkts: indicates the number of packets that the interface has received. Err Pkts: indicates the number of error (bad) packets that have been received. Disconnect: if an active interface has been selected (highlighted), clicking this button will cause the connection to be taken down. The LAN interface is not affected by this operation. When EWAN is configured to be DHCP interface, it's not affected either. Clear: resets the selected statistics values to zero.
3-6
TA/Analog Modem
Now select Internet Access as the Access Type (if your router is customized to support Internet access only, this selection will be made by the system automatically). Then press Enter, which will cause the following screen to show. There are three ways to obtain an IP Address for your router, including via PPP over Ethernet, via DHCP and No .If you choose No, the following screen will appear and please follow step 1. If you choose via DHCP, please follow step 2, if you choose via PPP over Ethernet, please follow step 3 Step 1
Enter the following information: Profile Name: the name that you will use to identify this Internet access profile. Obtain IP Addresses Automatically: Please specify IP address , netmask,gateway and domain name server assigned by ISP. EWAN IP Address: the IP address of your EWAN. EWAN IP Netmask: the IP Netmask of your EWAN. ISP Gateway IP Address: the IP address of your ISP Gateway Primary DNS IP Address: the IP address of primary domain name server Secondary DNS IP Address: the IP address of secondary domain name server
3-7
Note: Step 2
After configuring each item, please go to step 4. If you choose via DHCP the following items will appear.
Please enter the following information: Profile Name: the name that you will use to identify this Internet access profile. Obtain IP Addresses Automatically: get the IP address via DHCP (Optional) Host Name (System Name): the Host Name provided by your system. Note: After configuring each item, go to step 3 or 4, please check your ISP.
Step 3
If you choose via PPP over Ethernet the following items will appear.
Please enter the following information: Profile Name: the name that you will use to identify this Internet access
3-8
profile. Obtain IP Addresses Automatically: Some DSL-based ISPs use PPPoE to establish communication with end-users. ISP Account Name: the username of your ISP account ISP Account Password: the password of your ISP account (Optional) Service Name: the Service Name provided by your ISP, if one is required, otherwise, leave it empty (Optional) Access Concentrator Name: the Access Concentrator Name provided by your ISP, if one is required, otherwise, leave it empty Idle Timeout(0-3600 seconds): The default value of the idle timeout is 120 seconds. It represents the number of seconds of inactivity over the connection: when this value is reached, the Broadband Router will disconnect the call. You can change the idle timeout value to anything between 0 to 3600 seconds. But if you select 0 , the connection will never time out. (Optional) Host Name (System Name): the Host Name provided by your system. Note: Step 4 After configuring each item, go to step 3 or 4, please check your ISP. If you choose via PPTP, the following screen will show.
Profile Name: The name that you will use to identify this Internet accesses profile. Obtain IP Addresses Automatically: Obtain the IP address from ISP using PPTP connection to the local cable modem or ADSL modem. Some DSL-based ISPs use cable modem/ADSL modem as PPTP server to establish communications with an end-user. Check with your ISP to see if PPTP is used. PPTP Local IP Address: IP address of router for the PPTP connection. Consult your ISP for this information. PPTP IP Netmask: IP network mask for the PPTP Tunnel. Consult your ISP for this information. PPTP Remote IP Address: IP address of the remote site for the PPTP Tunnel. Consult your ISP for this information.
3-9
ISP Account Name: the username of your ISP account ISP Account Password: the password of your ISP account Idle Timeout (0-3600 seconds): The default value of the idle timeout is 120 seconds. It represents the number of seconds of inactivity over the connection: when this value is reached, the router will disconnect the connection. You can change the idle timeout value to anything between 0 to 3600 seconds. But if you select 0, the connection will never be timed out. Step 5 Click APPLY or APPLY and Test
Note: When you click Apply or Apply and Test , the Wireless Router connects to your Internet Service Provider. Watch the Message Window for any messages. If the test is successful, your users will be ready to access the Internet. If not, the Wireless Router will try to give you enough information to let you know why the connection is not successful. If Apply or Apply and Test is successful, users on your LAN can now start to access the Internet. However, it is required that these devices have also been configured to obtain IP addresses automatically, as described in Chapter 2. Users may need to re-boot their computers in order to obtain the DNS information obtained during the Apply or Apply and Test operation.
Step 1
Enter the following information: Profile Name: the name that you will use to identify this Internet access profile. Remote Phone Number: the telephone number of your ISP. ISP Account Name: the username of your ISP account. ISP Account Password: the password of your ISP account.
3-10
Step 2
STAC Compression: allows outgoing data to be compressed to achieve higher throughput, and compressed incoming data to be recognized. The ability to use compression depends on the capabilities of the ISP. Idle Timeout(0-3600): This is where you specify the idle timeout The default value of the idle timeout is 300 seconds. It represents the number of seconds of inactivity over the connection: when this value is reached, the Wireless Router will disconnect the call. You can change the idle timeout value to anything between 0 to 3600 seconds. But if you select 0, the connection will never time out. After you make the change, click OK . You will are returned to the previous screen Step 3 Click APPLY and TEST.
Note: When you click APPLY and TEST, the Wireless Router attempts to place a call to your Internet Service Provider. Watch the Message Window for any messages. If the test is successful, your users will be ready to access the Internet. If not, the Wireless Router will try to give you enough information to let you know why the connection is not successful. If APPLY and TEST is successful, users on your LAN can now start to access the Internet. However, it is required that these devices have also been configured to obtain IP addresses automatically, as described in Chapter 2. Users may need to reboot their computers in order to obtain the DNS information obtained during the APPLY and TEST operation.
3-11
You should highlight New in the list, and then click NEXT , which will lead you through the configuration as above.
Step 2
Highlight the entry in the list, and click DELETE to delete the profile, or click NEXT to modify the profile, in which case the same screen as configured previously will appear.s
3-12
3-13
Step 2
Note: To install publicly addressed servers on your network (e.g., Web or ftp servers), you need to apply for an IP address for each server plus one for the LAN port of the Wireless Router. All these public IP addresses have to belong to the same IP network. Public IP Address : the public IP address for the LAN interface on the Wireless Router.
Internet
Modem or EWAN Interface (IP address usually assigned by ISP) LAN Interface Public IP address Private IP address
Public IP Netmask : the network mask for the public network address on your LAN. Private IP Address: the private IP address for the LAN interface on the Wireless Router. The default private IP address is 192.168.168.230. If you want to create your own private network through other Wireless Router at remote office locations, you need to make sure that each Wireless Router on each LAN is assigned an address in a unique private IP network . Note: If you use a PC (that obtains an IP address automatically) to change the private IP address (e.g., from the default of 192.168.168.230 to 192.168.167.230) either from the browser or through a telnet session, right after the change is made, you will no longer be able to communicate with your Wireless Router. To reconnect, you need to re-boot your computer, so that your device will re-acquire a new IP address and the default Gateway from the Wireless Router based on the new private IP network address. Your device will then again be able to communicate with your Wireless Router. For the same reason, all devices on the LAN need to be restarted before they can access the Internet again. Private IP Netmask: the network mask for your private network. Its value is 255.255.255.0 and can be changed. The Wireless Router private address of 192.168.xxx.yyy is called a Class C IP address. This means that changing xxx will change the network while changing yyy will assign a different address in the same network. Primary DNS IP Address : the IP address of the primary Domain Name
3-14
Server (DNS). If properly configured, when a computer re-boots and acquires the IP address from the Wireless Router, the IP addresses of both the primary and the secondary DNS server will be provided to requesting client workstations. This field will reflect the DNS addresses acquired from the ISP and will be used to assign to requesting DHCP clients (see below). You may change this address if you want another address to be assigned instead. The Wireless Router will save any manually configured DNS addresses. Secondary DNS IP Address : the IP address of the secondary Domain Name Server. Note: When a Wireless Router connects to the ISP, it will automatically be assigned the IP address of a primary Domain Name Server (DNS), as well as the IP address for a secondary DNS. DHCP: you can enable or disable the DHCP server feature provided by the Wireless Router. If you want the Wireless Router to act as a DHCP server and assign private IP addresses to requesting DHCP clients, you need to nable the DHCP (this is the default). When enabled, the Wireless Router will provide an IP address, network mask, gateways IP address (the Wireless Routers private IP address), DNS addresses, tghe WINS server IP address, and Windows node type to clients on the LAN making DHCP requests. Note: Devices that require public IP addresses on your network are by definition not DHCP clients. Therefore, you need to assign their IP addresses, network mask, default gateways IP address, primary and secondary DNS IP addresses manually. Configure WINS Server: select Yes if you want the DHCP server to assign WINS Server addresses and NetBIOS Node Type. This will cause the following fields to appear. IP Address Assignment - High: Addresses are assigned dynamically to DHCP clients and dial-in users from the range of private addresses as defined by the IP Address Assignment - High/Low. The high address defaults to the highest address in the subnet. This is adjustable by the administrator using this configuration item. If the private network is reconfigured outside the current range, the dynamic assignment range is reset to default values. IP Address Assignment - Low: This is the lower end of the dial-in single user address assignment range described above. This range defaults at the low end to the high address minus 253. This is adjustable by the administrator using this configuration item. Primary WINS Server: enter the IP address of a WINS Server to be assigned to a requesting DHCP client. Secondary WINS Server: enter the IP address of a second WINS Server to be assigned to a requesting DHCP client. NodeType: select a NetBIOS Node Type to be assigned to a requesting DHCP client. For a definition of these node types, consult your Microsoft documentation b: Broad cast
3-15
p: Peer to Peer m: Mix-node h: Hybrid Additionally, some ISPs may require you to register the MAC address of your Wireless Routers EWAN port, please refer to the CLI manual for configuration details.
ESSID The ESSID is the unique name shared among all points in a wireless network, the ID must be different from each other. The EESID can up to 35 characters. Enter the your ESSID and click APPLY.
3-16
Channel Select the appropriate channel from the following list to corespond with your network settings. All points in your wireless network must use the same channel, that means all points must sahre the same bandwith. Available Channel(s): CH01 2412 MHz CH02 2417 MHz CH03 2422 MHz CH04 2417 MHz CH05 2432 MHz CH06 2437 MHz CH07 2442 MHz CH08 2447 MHz CH09 2452 MHz CH10 2457 MHz CH11 2462 MHz CH12 2467 MHz CH13 2472 MHz CH14 2484 MHz Note: The available channel numbers are different to varied country. Please watch out the available channel range, when implemnet CLI and Http functions. USA and Canada: CH01~11, Europe: CH01~CH13, Japan: CH01~CH14, France: CH10~CH13, Span: Ch10~CH11 WEP Selection The Wireless Router allows you to use data encryption keys to secure your data from being eavesdropping by unauthorized wireless user. We provide WEP40 and WEP128 for data encryption. Please select the appropriate one to use data encryption when communicating with the Wireless Router. WEP Key Setting The caracters in the range of a-z, A-Z and 09(e.g. Mykey) can be set as the WEP keys, and the setting of 40 bit WEP key length must equal 5, 128 bit WEP key length must equal 13. Once you enabele WEP funcation, Please take care that the WEP key must be set up exactly the same on the Wireless Router as they are on the wireless client stations. RTS threshold This function is to provides a solution to prevent data collisions. Using this signaling to make sure which work station obatain the carrier, and the work station has the right to deal with data transfer. The available fragement range is between 256 and 2432. Fragment threshold Fragement mechanism is used for improving the efficiency when there is high traffic within the wireless network. If you transmit large files in a wireless network, you can specify the Framentation threshold. This mechanism will split the packet into the packet size you set. The available fragement range is between 256 and 2432.
3-17
Note: The default is 2342 which disables the RTS treshold and Fragment threshold functions, the RTS and Fragment will be activated if the packet size exceeds the value you set. Since the packet size maximum of Ethernet frame is 1500 bytes, if the packet size you set is bigger than 1500 bytes, the function will be disable. Therefore it is highly recommend you set the value ranging from 256 to 1500.
3-18
Note: The ARM Customization screen displays the very first time you invoke the ARM tool. To return to this screen, select Customize User Interface from the ARM menu . Step 2 Select Connection Profiles from the ARM menu: Configuration - Connection Profiles When you select Connection Profiles, the Interface Configuration screen appears only if you have existing Connection Profiles. For example, if you configured an Internet connection as described earlier, it will appear here as a connection profile.
Step 3
3-19
Profile Name: the name that you will use to identify this profile. Call Direction: If the remote site will be dialing in only, select Incoming. If the Wireless Router will only be dialing out to the remote site, select Outgoing . Select Both if either side can initiate the connection. The default setting is Both . Depending on the direction selected, some of the fields will not be displayed. Call Back: specifies the call back option, either Yes or No . If Call Back is enabled (select Yes ), the Wireless Router checks the Remote Account Name and Remote Account Password. If authentication passes, the Wireless Router disconnects the incoming call, and calls theremote site back using the number specified in the Call Back field. If Call Back is not set (Select No ), the Call Back Number field will not be displayed. If the Call Direction is Outgoing only, Call Back options are not displayed. Remote Phone Number: the phone number of the remote router connected to the remote LAN. My Account Name: the name that the remote system will use to authenticate the local system. My Account Password: the password of the remote system will use to authenticate the local system. Remote Account Name: the name of the remote system. Remote Account Password: the password that the local system will use to authenticate the remote system. Note: Make sure the remote site is configured with your Account Name and Account Password. Step 4 Click Apply and Test or go to Advanced Options for Remote Office Profiles, shown below for more choices.
3-20
Note: When you click APPLY and TEST, the Wireless Router attempts to place a call to the remote LAN and log in. Watch the Message Window for any messages.
Note: The IPX options shown in this screen only appear if you also selected Share NetWare (IPX) Resource on the ARM Customization screen Step 1 Enter the following information: STAC Compression: allows outgoing data to be compressed to achieve higher throughput, and compressed incoming data to be recognized. The ability to use compression depends on the capabilities of the ISP Idle Timeout: the number of seconds of inactivity over the connection. When this value is reached, the Wireless Router will disconnect the call. You can set the idle timeout from 0 to 3600 seconds. The default setting is 300 seconds. If you select 0 , the connection will never time out. Enable IP: select Yes to allow IP routing over a connection using this profile IP RIP : enable or disable IP Routing Information Protocol. IP RIP Version: select RIP-I if the Routing Information Protocol, version 1 is to be used, or RIP-II if the Routing Information Protocol, version 2 is to be used for this connection.
Note: The use of RIP-I or RIP-II depends upon the System-wide setting of RIP. If the system-wide setting is Disable, the RIP setting for all connection profiles will be disabled. If the system-wide setting is RIP-I, only RIP-I may be selected in any profile. If the system-wide setting is RIP-II, either RIP-I or RIP-II
3-21
may be selected in any individual profile. Set as IP Default Route (e.g., for Internet Access): select Yes if you want users on your local LAN to get their Internet access through a connection to the remote LAN or if this connection is to be used to locate an IP resource not otherwise defined in the IP Routing Table. If Yes is selected, the Remote IP Address and Netmask fields do not appear. Note: If you allow Internet access in this manner, make sure you do not have any Internet Access configuration profiles set up on the Wireless Router. Remote IP Address: the IP address of a destination computer on a network reachable through this connection. Remote IP Netmask : the IP subnet mask of the Remote IP Address Enable IPX : select Yes to allow IPX routing over a connection using this profile IPX RIP/SAP: enable or disable IPX Routing Information Protocol and Service Advertising Protocol. Set as IPX Default Route : if this parameter is set to Yes , then the Wireless Router uses this connection if no other route for an IPX packet can be found in the routing table. Remote IPX Network Number : the IPX network number of a network reachable through this connection. If you set this connection as the default IPX route, an entry in this field is not required. Enable Bridging: select Enable to bridge other protocols, for example, SNA, Appletalk, and NetBEUI.
Step 2
Highlight the entry in the list you want to delete or modify, and click DELETE to delete the profile or click NEXT to modify the profile.
3-22
Step 3
Highight the New and click the Next. Depending on the customization you have done from the ARM Customization screen, you may see a screen similar to the following:
Step 4
Select Modem as the interface, then check Single User Dial-in from the list of access types.
3-23
Step 5
Step 6
Enter the following information: Profile Name: a name that you will use to identify this profile. Call Back: sets the call back option. If selected, the Wireless Router disconnects after authenticating the dial-in user, and dials the remote users call back phone number to reconnect. Call Back Phone Number: the number the Wireless Router calls if Call Back is Yes. This field will not appeare if Call Back is not selected. User Name: the username that is dialing in. User Password: the password for the remote dial-in user. Note that Authentication is CHAP,MS-CHAP (MicroSoft Challenge Handshake Authentication Protocol) or PAP (the Password Authentication Protocol). CHAP,or MS-CHAP will be first tried to authenticate the incoming call, and if that fails, PAP will be used.
Step 7
Click APPLY to add the connection profile to the Wireless Router database, or select ADVANCED for more options.
To add additional dial-in profiles, repeat steps 2 through 7. To modify an existing dial-in profile, select the corresponding profile name in Step 3 instead, which will lead to Step 5 directly.
3-24
Note: The IPX options shown in this screen only appear if you also selected Share NetWare (IPX) Resource on the ARM Customization screen Step 1 Enter the following information: STAC Compression: allows outgoing data to be compressed to achieve higher throughput, and compressed incoming data to be recognized. The ability to use compression depends on the capabilities of the ISP Idle Timeout: the number of seconds of inactivity over the connection. When this value is reached, the Wireless Router will disconnect the call. You can set the idle timeout from 0 to 3600 seconds. The default setting is 300 seconds. If you select 0 , the connection will never time out. Enable IP: select YES to allow IP routing over a connection using this profile Dynamic IP Assignment: get IP Address automatically or manually Enable IPX: select YES to allow IPX routing over a connection using this profile Dynamic IPX network Number Assign: sets the IPX network number as a random or manually. Remote IPX Network Number: sets the IPX network number on the remote workstation. If you set YES for the Dynamic IPX network Number , this field is not displayed. Enable Bridging: select Enable to bridge other protocols, for example, SNA, Appletalk, and NetBEUI (or IP and/or IPX if they are not routed) Step 2 Click OK
3-25
Step 2
Highlight the entry in the list you want to delete, and click DELETE.
3-26
Step 1 Step 2
Select the Time Zone of the router location from the selections in the dropdown list (if needed). Check the Daylight Savings Time box, if appropriate. Note that the setting for Daylight Savings Time does not change automatically. Setting the system time between Standard Time and Daylight Savings Time must be done manually. Click Apply. The Wireless Router time and Time Zone is now reflected in the Current Router Time box.
Step 3
Note: The proposed Router Time is always based upon the time set in the management PC, adjusted for the selected Time Zone.
3-27
Step 1
Set the days of the week during which Internet access is allowed. Select Day Range if you want to specify a range of days. If you select All , Internet access will be allowed every day. Set the time during which Internet access will be allowed. Not that this setting is based upon a 24 hour clock. Select Time Range to enter a consecutive period of time between which Internet access is allowed. If you select All, Internet access will be allowed from midnight to midnight on the days selected in Step 1. Enter the default setting for Internet access if the router is power-cycled or reset. If you enter Yes (the default), then Internet access will be allowed unconditionally until the clock is set. If you enter No, then Internet access will not be allowed until the clock is set. Click Apply to enable your settings.
Step 2
Step 3
Step 4
3-28
4WirelessWirelessWireless Router
Advanced Configuration
This section covers advanced configuration of the Wireless Router. These functions include: Configuring and Using Port Address Translation Static DHCP Assignments Creating Virtual Private Networking Connections Using Packet Filtering Configuring IP Settings Configuring IPX Settings Configuring Bridging Settings
4-1
Note: The ARM Configuration screen is displayed the very first time you run the ARM software. To return to this screen, select Customize User Interface from the menu. Step 2 Select IP from the Menu: Configuration - Advanced - IP Step 3 At the bottom of the System IP Configuration screen press the button Address Translation.
Step 4
Add an entry to the IP Address Translation Table by clicking the Add button at the bottom of the table.
4-2
Step 5
Add Address Translation: Select the type of entry being configured. There may be one and only one Default Entry configured in the router. The Default Entry is a device to which Internet requests will be sent if no other match is found in the Address Translation Table. If you select Default Entry, the Private Port Number selection does not appear. The Static Entry selection is used to define a device which will receive the request whose target port number is specified in Public Port Number. Public Port Number: This is the TCP or UDP port contained in the received IP packet from the Internet. This port number will be translated into the port number specified in the Private Port Number field. Private IP Address: The private address specified here will be the translated destination of the IP packet received from the Internet. Private Port Number: This is the port number on the device with the IP address specified in Private IP Address to which the IP packet will be sent. Step 6 Step 7 Press Apply to enter the configured Address Translation Table entry. The screen will revert to the Address Translation Table display with the
4-3
new entry added. From this screen, you may select an entry and then press Edit to edit the selected entry, press Delete to delete the selected entry, press Refresh to refresh the display, or press Add to add another entry.
Note: The ARM Configuration screen is displayed the very first time you run the ARM software. To return to this screen, select Customize User Interface from the menu. Step 2 Select IP from the Menu: Configuration - Advanced - IP Step 3 At the bottom of the System IP Configuration screen press the button marked Static DHCP.
Step 4
Add an entry to the DHCP Static Assignment Table by clicking the Add
4-4
Step 5
From the Add a Static Entry screen configure the following information:
Name: Enter a convenient display name for this resource. IP Address: The IP address to be consistently assigned to this device MAC Address: The hardware address associated with the Ethernet adapter which is permanently assigned to this machine. Note that dashes must separate each pair of hexadecimal digits. Step 6 Step 7 Press Apply to enter the configured DHCP Static Assignment Table entry. The screen will revert to the DHCP Static Assignment Table display with the new entry added. From this screen, you may select an entry and then press Edit to edit the selected entry, press Delete to delete the selected entry, or press Add to add another entry.
4-5
When you set up your VPN, keep in mind that the VPN connection (the tunnel) emulates an actual hardware wide area network port. After setting up your VPN tunnel, you can create a connection profile to allow access to and from a remote site. VPN connections are created automatically as a result of a reference by a LAN user to a resource reachable through a VPN connection.
Note: The ARM Configuration screen is displayed the very first time you run the ARM software. To return to this screen, select Customize User Interface from the menu. Step 2 Configure a VPN tunnel. Select VPN-L2TP Tunnel from the menu: Configuration - WAN Interface - VPN-L2TP Tunnel
Step 3
Enter the following information: Tunnel ID: a ID by which you will refer to this VPN tunnel. Call Direction: the direction of the call in the tunnel. If the remote site will always be creating the tunnel, select Incoming Only. If the Wireless Router will always initiate the connection to the remote site, select Outgoing Only. Select Both if either side can initiate the connection.The
4-6
default setting is Both. Remote IP Address: Key in your remote side IP address when you set Call Direction to Both or Outgoing
Note: If you set Call Direction to Incoming Only, the Remote IP Address field does not display. My Tunnel Name: the name that the remote system will use to recognize your network. My Tunnel Password: the password the remote system will use to authenticate your system.If the remote site does not require tunnel authentication, leave this field blank. Note: Make sure the remote site is configured with your Tunnel Name (and Tunnel Password, if used). Remote Tunnel Name: the name of the remote network that is dialing in. Remote Tunnel Password: the password that your Wireless Router will expect to see from the remote system. If you do not require tunnel authentication, leave this field blank. Step 4 Click APPLY.
Step 3
Select New from the pull-down menu, and click NEXT. The Interface
4-7
Note: If VPN-L2TP is selected as the interface, the Remote Office Access is the only Configuration Type displayed. Step 4 Step 5 Select VPN-L2TP as the interface, and check Remote Office Access from the list of configuration types. Click NEXT to continue. The Connection Profile Configuration screen appears.
Step 6
Enter the following information: Profile Name: the name that you will use to identify this remote office dial-in/dial-out profile. Call Direction: the direction of the call in the tunnel. If the remote site will be dialing in, select Incoming Only. If the Wireless Router will be dialing out to the remote site, select Outgoing Only. Select Both if either side can initiate the connection.The default setting is Both.
Note: If you set Call Direction to Incoming Only, the My Account Name and My Account Password fields do not display. If you set Call Direction to Outgoing Only, the Remote Account Name and Remote Account Password fields do not display
4-8
My Account Name: the name that the remote system will use to recognize your network. My Account Password: the password the remote system will use to authenticate your system Note: Make sure the VPN Connection Profile at the remote site is configured with your Account Name and Account Password. Remote Account Name: the name of the remote network that is dialing in. Remote Account Password: the password that your Wireless Router will expect to see from the remote system. VPN-L2TP Tunnel: the VPN Tunnel you will use for this profile. This is one of the tunnel configurations set up earlier. Step 7 Click APPLY and TEST when you are done, or select Advanced to enter advanced options.
Step 1
Enter the following information: Enable IP : allows IP routing over a connection using this profile. Remote IP Address: the IP address of a destination computer on a network reachable through this connection.
4-9
Remote IP Netmask : the IP subnet mask of the Remote IP Address. Enable IPX : allows IPX routing over a connection using this profile. IPX RIP/SAP: enables or disables IPX Routing Information Protocol and Service Advertising Protocol. Set as IPX Default Route : specifies whether this connection is used as the default IPX route if no other route for an IPX packet can be found in the routing table. Remote IPX Network Number: the IPX network number of a network reachable through this connection. If you set this connection as the default IPX route, this field is not displayed. Enable Bridging: enables or disables bridging to bridge other protocols, for example, SNA, Appletalk, and NetBEUI. Enable Encryption: allows DES encryption. If you select DES encryption you must enter a DES Encryption key. Encryption key: the DES encryption key used by other systems to establish contact with your system. This must be a hexadecimal number (0-9, a-f) with up to 16 digits, depending upon the strength of encryption licensed for your site. Confirm Encryption key: re-enter the DES encryption key to confirm its correct entry. Note: For security reasons, encryption options only appear if you are connected to the Wireless Router over a local LAN and if encryption is enabled on your system. Step 2 Step 3 Click OK. Click APPLY.
MAC Filtering
The MAC address filtering function will check the Ethernet packets which will enter from Wired-LAN port, and Wireless-LAN port. It is important to note that only packets entering the router at that interface (Wired and Wireless LAN ) are examined. Step 1 Select MAC Filtering from ARM Menu.
Discard: When a packet satisfies the rule, specifying this action causes it to be dropped.
4-10
Sent: When a packet satisfies the rule, specifying this action causes the packets to be delivered to its destination normally. Step 2 Click Add, the following screen will appear.
Rule Name: Enter the rule name of this configuration. Set MAC Address To: There are the following options. Single: Any packet orignating from the setting MAC addresses will satisfy this condition. Any: Any packet orignating from any MAC addresses will satisfy this condition. Range: Any packet orignating from one of these addresses will satify this condition. Mask: Any packet orignating from the specified mask of MAC address will satisfy this condition.
Packet Filtering
This section describes the packet filtering feature. Note: Packet filtering is a sophisticated feature that can substantially impact your Wireless Router operation. Therefore be sure that you fully understand the description in this chapter before you start to configure and use this feature, since if you make any mistakes, it may produce drastic and potentially undesired results.
4-11
any rule for that interface, then the packet is either forwarded or discarded, depending upon the filter default for that interface. Otherwise, the exception action is taken, i.e., the packet is discarded or forwarded, the opposite of the default action. The Wireless Router maintains separate filtering tables for IP and IPX traffic. These filters are configured separately. Configuration commands allow you to define: each and every IP or IPX packet to be inspected to determine if it should be allowed to be transmitted over a WAN interface alternatively. each and every IP or IPX packet to be inspected to determine if it should be disallowed from being transmitted over a WAN interface alternatively.
Due to the conflicting nature of allow and disallow, only one of the above two choices can be made for each WAN interface. After the choice is made, you can define selection rules to select which packets will be allowed (or disallowed). Each packet selection rule consists of an IP protocol and set of local IP addresses/ports or an IPX Packet Type and a set of local IPX network number(s), node(s) and socket(s) a set of remote IP addresses/ports or remote IPX network numbers/nodes/ sockets
The following table indicates the types of values that may be configured for each rule condition.
4-12
Protocol IP
Condition Parameter
Configuration Formats
Protocol
Address Port
IPX Packet Type Network Number Node Number Socket Single/Any Single/Range/ Any Single/Any Single/Range/ Any
Therefore packet filtering simply defines sets of rules of what to allow or disallow through a set of parameters highlighted below: For IP, remote devices with IP addresses/port numbers are allowed (or disallowed) to communicate with local devices with IP addresses/port numbers over a WAN connection and using a specific IP protocol. For IPX, remote devices with IPX network numbers/nodes/sockets are allowed (or disallowed) to communicate with
4-13
Examples of packet filtering requirements are: 1. I want to block any user in my remote office from being able to access my local NetWare server. The corresponding translated packet rule is: All IPX communication with my remote office is allowed EXCEPT remote devices with Any IPX network number and Any IPX node number and Any IPX socket which are disallowed from communicating with the local NetWare server (identified by its IPX network number, IPX Node Number and Any socket number over my specified remote office connection profile using any IPX packet type. 2. I want to disallow people in the manufacturing department to access the Internet. The corresponding translated packet rule is: All access to the Internet is allowed EXCEPT remote devices with the range of IP addresses in the manufacturing department and any port number which are disallowed to communicate with any IP address/port number over my Internet connection using any IP protocol.
Step 2 Step 3
4-14
Step 4
Step 5
Enter the following information: Rule No.: a number used for identification purposes. Rule Name: a name by which you will refer to this rule. Interface: the specific WAN interface to which this new selection rule applies. IP Protocol: the IP protocol to which this rule applies. You can select TCP, UDP, ICMP, IGMP, or any of these protocols. Local IP Address: the IP address(es) of the local devices this new rule will apply to. You can select a single IP address, a range of IP addresses, a network, or any IP addresses. The screen may change to show fields you need to fill out accordingly. For example, if you select range, you will also see (From) and (To) fields where you need to fill out the starting IP address and the ending IP address. Local Port: the port number(s) of the local devices this new rule will apply to. See Table 4-1 for some examples of TCP/IP port assignments. This field does not appear if either ICMP or IGMP is selected as the IP Protocol. Remote IP Address: the IP address(es) of the remote devices this new rule will apply to. You can select a single IP address, a range of IP addresses, a network, or any IP addresses. The screen may change to show fields you need to fill out accordingly. For example, if you select range, you will also see (From) and (To) fields where you need to fill out the starting IP address and the ending IP address. Remote Port: the port number(s) of the remote devices this new rule will apply to. See Table 4-1 for some examples of TCP/IP port assignments. This field does not appear if either ICMP or IGMP is selected as the IP Protocol. If you highlighted an existing entry (by selecting the Select to Edit button) and clicked Edit instead, a similar screen will display, with all fields already filled out by you previously. Then you can make changes as
4-15
necessary.If you highlighted an existing entry and clicked Delete instead, the corresponding entry in the rule table will be removed. TCP/IP Service Typea BootP/DHCP DNS Finger FTP HTTP NetBIOS NNTP RIP SMTP SNMP Sun RPC Telnet TFTP Whois
a.
Port Range
4-16
Step 4
Step 5
Enter the following information: Rule No.: a number used for identification purposes. Rule Name: a name by which you will refer to this rule. Interface: the specific WAN interface this new selection rule will apply to. IPX Packet Type: The packet type to which the rule applies. This value is specified as a two digit hexadecimal number. Some standard IPX Packet Types are listed in Table 4-2 Local IPX Network Number: the IPX Network Number(s) of the local devices to which this new rule applies. You can select a single IPX
4-17
Network Number, a range of IPX Network Numbers, or any IPX Network Number. The screen may change to show fields you need to fill out accordingly. For example, if you select range, you will also see (From) and (To) fields where you need to fill out the starting IPX Network Number and the ending IPX Network Number. Local IPX Node Number: the IPX Node Number of the local device(s) to which this new rule applies. You may select an individual Network Node or any Network Node. An individual Network Node is entered as six pairs of hexadecimal digits, such as 11-22-33-aa-bb-cc. Local IPX Socket Number: the local IPX Socket Number(s) of the local devices to which this rule applies. You can select a single IPX Socket Number, a range of IPX Socket Numbers, or any IPX Socket Number. This value is specified as a four digit hexadecimal number. Remote IPX Network Number: the IPX Network Number(s) of the remote devices to which this new rule applies. You can select a single IPX Network Number, a range of IPX Network Numbers, or any IPX Network Number. The screen may change to show fields you need to fill out accordingly. For example, if you select range, you will also see (From) and (To) fields where you need to fill out the starting IPX Network Number and the ending IPX Network Number. Remote IPX Node Number: the IPX Node Number of the remote device(s) to which this new rule applies. You may select an individual Network Node or any Network Node. An individual Network Node is entered as six pairs of hexadecimal digits, such as 11-22-33-aa-bb-cc. Remote IPX Socket Number: the remote IPX Socket Number(s) of the local devices to which this rule applies. You can select a single IPX Socket Number, a range of IPX Socket Numbers, or any IPX Socket Number. This value is specified as a four digit hexadecimal number. Hexadecimal Value 00 01 04 05 11 14
Packet Type Unknown Routing Information Service Advertising Sequenced Packet NetWare Core Protocol Propagated (NetBIOS)
If you highlighted an existing entry (by selecting the Select to Edit button) and clicked Edit instead, a similar screen will display, with all fields already filled out by you previously. Then you can make changes as necessary. If you highlighted an existing entry and clicked Delete instead, the corresponding entry in the rule table will be removed.
4-18
Step 2
Note: To install public servers on your network (e.g., Web or ftp servers), you need to apply for an IP address for each server plus one for the LAN port of the Wireless Router. All these public IP addresses have to belong to the same IP network. Public IP Address: the public IP address for the LAN interface on the Wireless Router.
4-19
Internet
Modem or EWAN Interface (IP address usually assigned by ISP) LAN Interface Public IP address Private IP address
Public IP Netmask : the network mask for the public network address on your LAN. Private IP Address: the private IP address for the LAN interface on the Wireless Router. The default private IP address is 192.168.168.230. If you want to create your own private network through other Wireless Router with remote offices, you need to make sure that each Wireless Router router on each LAN is assigned a unique private IP network address. The default IP private address is 192.168.168.230 with a network mask of 255.255.255.0. This private address may be changed to any private address and network mask as specified in the following table:
Default Network Mask Maximum Number of Host Addresses 16,777,214
Network Address
Network Prefix
10.0.0.0
8 bits
255.0.0.0
172.xx.0.0
12 bits
255.255.0.0
65534
192.168.xx.0
16 bits
255.255.255.0
254
192.168.xx.1/ 192.168.xx.254
Table 4-1
However, please note that once you change the private IP address (such as from the default of 192.168.168.230 to 192.168.167.230) either from the browser or through a telnet session (which is based on the IP address), the device from which you operate will no longer be able to communicate with your Wireless Router router. To reconnect, you need to restart your device. This is so that your device will re-acquire the IP address from the Wireless Router router based on the new private IP address, and then your
4-20
device can again communicate with your Wireless Router. For the same reason, all devices on the LAN need to be restarted before they can access the Internet again. Private IP Netmask: the network mask for your private network. Its value may be selected to accommodate your networks requirements. Primary DNS IP Address: the IP address of the primary Domain Name Server (DNS). If properly configured, when a device reboots and acquires the IP address from the Wireless Router, the IP addresses of both the primary and the secondary DNS server will be provided to requesting client workstations. When a Wireless Router connects to the ISP, it will automatically be assigned the IP address for a primary Domain Name Server (DNS), as well as the IP address for a secondary DNS. Alternatively, the user can decide that they want to assign their own DNS IP addresses. Secondary DNS IP Address: the IP address of the secondary domain name server. DHCP: this enables or disables the Wireless Router Dynamic Host Configuration Protocol (DHCP) feature. If you want the Wireless Router to act as a DHCP server and assign private IP addresses to requesting DHCP clients, make sure DHCP is enabled. When enabled, the Wireless Router will provide an IP address, network mask, gateway address (the Wireless Router private IP address), DNS addresses and WINS addresses to any workstation on the local area network that is configured as a DHCP client. Devices on your network that are configured with public IP addresses are not DHCP clients. Therefore, you need to assign their IP addresses, network mask, default gateways IP address, primary and secondary DNS IP addresses manually. IP Address Assignment: sets the range of IP address IP RIP: sets IP RIP to Disable, Active or Passive. The Wireless Router can both receive routing table broadcasts and transmit routing table information. When disabled, no routing information is transmitted or processed if received. When Active, the Wireless Router broadcasts its address every 30 seconds and also listens for routing information on the network. When Passive, the Wireless Router does not broadcast its routing information, but simply listens for routing information from the network and updates its routing tables. IP RIP Version: select the system-wide setting of the RIP version to be used if RIP is enabled. RIP, version 1 (RIP-I) or version 2 (RIP-II) may be selected. If RIP-II is selected, individual connection profiles may use either RIP-I or RIP-II. If RIP-I is selected, only RIP-I is used, regardless of the setting in the individual connection profiles. Step 3 Press APPLY to save the changes to the Wireless Router, or press IP Routing Table to display or modify the IP Routing Table (The operation for Address Translation and static DHCP are described in previous sections.)
4-21
route an IP data packet. You can view the IP routing table by clicking on the IP Routing Table button at the bottom of the System IP Configuration screen. From this screen, you can also add new routing entries to the table. The following screen shows an example of the IP routing table.
When an IP packet arrives in the Wireless Router, IP tries to determine if the destination IP address contained in the packet is within the network defined by the Dest IP and Netmask pair of an entry in the routing table. If a match is found, the packet is forwarded to the interface or profile specified in the Ifname field. The Hops field is the number of routers the packet must travel through in order to reach its final destination. If this value is zero, the destination is in a network directly attached to this router, such as a LAN. If no match is found with a destination network, then a special entry called the Default IP Route may be used. This normally is set to a path where another router can be reached that has additional information about other networks not known to the local router, such as the interface to the Internet. If no match is found and a default IP route is not defined, the IP packet is discarded and will go nowhere. An entry for a specific host or network may be added manually. This static route is indicated by an S in the Flags field. Other flag field entries are H for host, and G for gateway. Note: To delete a static route, select it in the routing table and click the Delete button. You cannot delete Host or Gateway routes.
4-22
following screen:
Step 2
Enter the following information: Add Default Route: select if you want to specify a new default route. Note that the Remote IP Address and Remote IP netmask fields do not appear if you select this option.
Note: Mis-configuring the default route may result in abnormal system behavior and/or unnecessary telephone charges. Add Static Route: select if you want to add a static route. Remote IP Address: the remote IP address of the new route. Remote IP Netmask: the IP netmask of the new route. Gateway: select whether the gateway is an IP address or interface. Hop Count: the maximum number of hops for this route. Step 3 Click APPLY.
4-23
Step 2
Enter the following information: Ethernet Frame Type: the Ethernet frame type on the LAN, normally detected automatically by the Wireless Router, however you may change this selection. Options are Ethernet_802.3, Ethernet_802.2, Ethernet_II, and Ethernet_SNAP. Network Number: a unique identifier for the IPX network on your LAN. Normally, this is automatically detected by the Wireless Router. IPX RIP/SAP: enables or disables IPX Routing Information Protocol and Service Advertising Protocol, used for exchanging routing tables and server information among IPX RIP/SAP agents.
Step 3
Press APPLY to save the changes to the Wireless Router, or press IPX Routing Table to display or modify the IP Routing Table or press IPX SAP Table to display or modify the IPX SAP Table.
4-24
When an IPX packet arrives in the Wireless Router, IPX tries to determine if the destination IPX Network Number contained in the packet is within the network defined by the Network Number in an entry in the routing table. If a match is found, the packet is forwarded to the interface or profile specified in the Gateway IfName field. The Hops field is the number of routers the packet must travel through in order to reach its final destination. If this value is zero, the destination is in a network directly attached to this router, such as a LAN. If no match is found with a destination network, then a special entry called the Default IPX Route is used. This normally is set to a path where another router can be reached that has additional information about other networks not known to the local router. If no match is found and a default IPX route is not defined, the IPX packet is discarded and will go nowhere. An entry for a specific host or network may be added manually. This static route is indicated by an S in the Flags field. Note: To delete a static route, select it in the routing table and click the Delete button. You cannot delete a non-static route.
4-25
Step 2
Enter the following information: Add IPX: select the type of entry to be added. If you specify a Default Route, the Destination Network Number and Hop Count fields do not appear. Select Static Route if you want to add a static route.
Note: Mis-configuring the IPX default route may result in abnormal system behavior and/or unnecessary telephone charges. Destination Network Number: the IPX Network Number reachable through this new route. Gateway Interface Name: this specifies the interface through which the destination network can be reached. This is either the LAN or a profile name. Gateway MAC Address: identifies the MAC address of the gateway on the LAN through which the Destination Network Number can be reached. This field only appears if the Gateway Interface Name is the LAN. Hop Count: the maximum number of hops for this route. Step 3 Click APPLY.
4-26
entries to the table. The following screen shows an example of the IPX SAP table.
SAP table entries contain the following pieces of information: Server Name: This is a string of up to 48 characters that identifies the device providing the service Network Number: This is the identification of the network on which the Server resides Node: The node address of the device providing the service. Note that this node address may correspond to the devices physical MAC address, or it may be an internal node number Socket: The two byte (four hexadecimal digit) address of the IPX socket providing the service Type: The Service Type. Well-known service types include:
Hexadecimal Value 0000 0003 0004 0005 0007 0009 0024 0047
Service Type Unknown Print Queue File Server Job Server Print Server Archive Server Remote Bridge Server Advertising Print Server
IfName: The name of the interface through which this resource may be accessed. This is either the LAN or a connection profile name Hops: The number of routers the packet must travel through in order to reach its final destination. If this value is zero, the destination is in a network directly attached to this router, i.e., the LAN. Flags: An S denotes a static IPX route
4-27
The Wireless Router will respond to a workstation request for the names and address information of servers of a specific service types or all service types. The router will search the SAP table for these entries and respond with the necessary information that the workstation can use to communicate with the desired service. An entry for a specific service may be added manually. This static SAP entry is indicated by an S in the Flags field. Note: To delete a static SAP entry, select it in the SAP table and click the Delete button. You cannot delete non-static entries.
Step 2
Enter the following information: Server Name: The name of the server offering the service. This name may be up to 48 characters. IPX Network Number: The network number on which the server resides. Up to eight hexadecimal digits may be entered. IPX Node Number: The node number of the server. This is entered as six pairs of hexadecimal digits. IPX Socket Number: The socket number used to reach this service (up to four hexadecimal digits). IPX Service Type: The type of service offered. See the table above for typical Service Types. Up to four hexadecimal digits are accepted. The value FFFF is not valid. Hop Count: the number of hops to reach this device. Flags: An S denotes a static IPX SAP entry.
Step 3
Click APPLY.
4-28
Step 1
To enable the bridging learning protocol, select Bridging from the Menu:
Step 2
Enter the following information: Learn MAC address: enables or disables Learning. If Learning is enabled, the Wireless Router maintains a MAC address table that keeps track of the relationship between MAC addresses and network interfaces so that the system knows which device is reachable through which network interface.
Note: Enabling the learning protocol does not enable bridging on any connection on the Wireless Router. You must enable bridging in the Connection Profile for a specific WAN connection. Step 3 Click APPLY.
4-29
5Wireless
There are several types of messages that appear in the Connection Log: Connected and Disconnected messages: Shows the date, time, port (channel) and profile when a connection is established or disconnected.
5-1
Trigger messages: Shows the date, time and details of an event that triggers a connection. VPN messages: Shows the detail of Virtual Private Networking sessions.
Step 2
To update the Wireless Router software, download the software from distributors web site and install the software in your local environment first, then from the above screen enter a path or filename (e.g., a:\P17v500.sig), or click Browse to select the path for the firmware. Next, Click the Upgrade button. The new firmware will begin loading across the network. After a message appears telling you that the operation is complete, you need to reset the system to have the new firmware take effect.
Step 3
Upgrade Feature Key (an alphanumeric number) supplied by your distributor in the feature key field on the same screen. Then you will see these features as selectable options when you press Customize User Interface from the ARM menu.
5-2
Step 2 Step 3
Select Save to save the current configuration, or Clear and Reset to erase your entire configuration database and reset the system. When you click Clear and Reset, you will be asked to confirm your choice.
Click Yes to clear the configuration and reset the system, otherwise click No to cancel.
5-3
Step 2
Click YES to reset the Wireless Router. If you do not want to reset the system, Click No.
Note: Resetting the Wireless Router disconnects any active calls, and therefore may disrupt current data traffic. Unless you manually save the configuration, you may also lose most-recent configuration changes (that have been made within the last 30 minutes after the last auto-configuration save). All saved configuration changes are restored after the system re-initializes.
Step 2
Enter the following information: Current Password: the current password for the Wireless Router. New Password: the new password for the Wireless Router Confirm Password: the new password for the Wireless Router, entered again for confirmation.
Note:
5-4
Step 3
Click Submit.
Note: Keep in mind that anyone who can physically access the router can perform this and thereby compromise the security in your network.
5-5
applications, the ARM will also become a very simple interface to use.
Note: The choices displayed in this screen depend on the feature keys which are installed in your system.
Step 1
Enter the following information: System Uptime: the elapsed time since the Wireless Router was powered on(display only). System Name: a unique name that you assign to this Wireless Router. System Contact: the network administrator responsible for maintaining the network. System Location: where the Wireless Router is physically located.
Step 2
Click APPLY.
5-6
6Wireless
Messages
This chapter lists messages you may see in the ARM message window.
System Messages
****** has to be an integer [0123456789]
The entered field (******) is not a valid integer.
A
"Account name and/or password not accepted"
User name or password failed authentication by the ISP or the remote site.
"Advanced Configuration not applied. Duplicate remote IPX network number entered"
The IPX network number entered in the "Optional Remote IPX Network Number" field is either invalid or a duplicate of an existing entry in the IPX Routing Table.
6-1
A valid IPX network number may only contain hexadecimal numbers, (0-9, a-f) and may be up to 8 characters in length.
B
"Browser failed to send out user s command. Please try again."
A temporary error has occurred while trying to communicate with the router. Please repeat the operation.
"Browser s connection has been lost. You can reconnect system by opening http://***.***.***.*** "
You must re-enter the indicated IP address in order to re-establish a management session with the router.
C
"Connection attempt failed. Acquired IP address conflicts with the router configuration"
The IP address obtained from the EWAN Internet connection was in conflict with an IP address subnet already defined for an interface of the router. Either change the IP address subnet for the interface, or contact your ISP for a different address assignment
"Cannot perform operation. Port or profile is currently disabled" An outgoing call was attempted on a port or profile that has been disabled. "Cannot disconnect LAN"
This message is displayed when "Disconnect" button is pressed for the LAN interface.
6-2
D
"Destination not currently reachable or call back configured"
Either the phone line is not operational, the destination is busy or doesnt answer , or the remote profile is configured for call back and has disconnected the call.
6-3
operation may take up to several minutes, depending upon the modem responses.
E
"Encryption key is invalid. Please re-enter"
A valid encryption key may only contain hexadecimal numbers, (0-9, a-f) and may be up to 16 digits in length, depending upon the strength of encryption licensed for the router site.
"File Invalid"
The firmware file entered is either missing or invalid.
F
"Failed to disconnect. Link is unconfigured"
An attempt was made to "Disconnect" an unconfigured interface.
6-4
An invalid IP route has entered. Please check the parameters entered and try again.
"Failed to configure system IPX. Please check input and try again"
The IPX Network Number entered is not valid. IPX Network Numbers consist of eight hexadecimal digits (0-9, a-f).
G
"General read failure"
An error has occurred while communicating with the router. Please use the Reload or Refresh button to load this page again.
H I
"The Internet access time has been configured successfully"
This message is displayed when the Internet access time configuration is accepted by the router.
6-5
"Invalid IP address"
The IP address entered is not valid.
6-6
The IP address entered in the static DHCP configuration form is invalid. Please check all parameters entered.
J K L
"Link is Disconnected"
This message is displayed after the modem link disconnection operation is completed.
M
"My Tunnel Name is required"
The Local Name of a tunnel is required.
6-7
"The menu option you clicked on can t be found. Please try again."
An internal error has occurred. Please try this operation again.
N
"NAT translation failed. Procotol not supported."
A Network Address Translation operation failed because the packet protocol type was unknown or is not supported.
"NAT translation failed. NAT table entry not found for an outgoing ICMP error message."
An attempt to perform a Network Address Translation operation on an ICMP packet (e.g., "ping") has failed. The Network Address Translation Table entry could not be found.
O
"Only one EWAN profile is supported"
The adminstrator is attempting to add a second profile over the EWAN port
P
Parameter changes applied
Changed parameters have been applied to the router configuration.
6-8
"Passwords are 6 - 15 characters (numbers, letters, dashes, underscores, dashes or colons) starting with a letter or a number"
The password entered is invalid. A passwords must be more than 6 characters and less than 15 characters. They can be digits, letters, dashes, underscores, dashes or colons, and must begin with a letter or a digits.
"Please add a filter to this interface first before setting sent or discarded "
A Filtering Rule must be configured before the Default Rule (Forward or Discard) can be set.
6-9
numbers have been reserved by the system: 9800, 9801, 9802, 17783, and 17784.
Q R
"Remote call back phone number unspecified"
Call Back is selected but a Call Back Phone Number is not provided.
"The remote account name already exists. Please change to another user name"
A duplicate user name is entered. Dial-In user names must be unique.
S
"Save configuration failed. Please try again"
The system failed to save the configuration. Please try again.
"Search failed"
An internal error has occurred.
6-10
A tunnel profile defined as "Incoming Only" cannot be used in an outgoing VPN profile.
"Statistics Cleared"
The Broadband Router has completed a clear statistics operation on the link selected in the System Status Monitoring Window.
T
"The system is disconnecting"
A "disconnect" button is pressed, while the system is in the process of disconnecting an active modem link.
"This interface has been configured to support a Remote Office profile. You must use the Command Line Interface for this type of configuration"
An EWAN profile has been configured to support Office-to-Office communication. This type of profiles can only be configured using the Command Line Interface.
This operation will cause a system reset upon completion. All unsaved configuration changes will be lost.
A "Download Firmware" operation through a directly connected Command Line Interface session will cause a system reset after the operation is complete. This
6-11
message informs the user that ongoing operations may be interrupted and that any configuration changes made within the last 30 minutes (the default time period for automatic configuration saves), may be lost as a result.
V
"Value for idle time is invalid - choose between [0, 3600] seconds"
The idle timeout value entered was incorrect. The correct values are 0 (if no idle timeout is desired) or 1 to 3600 seconds.
W
"Warning! You have changed the default HTTP port used by remote Internet users of the Web browser configuration tool. In order to access this tool remotely through the Internet, you must re-assign the router's HTTP port (e.g., to 8080). LAN users may continue to access the Web browser configuration tool as usual."
The administrator has assigned port 80 to another LAN device. Since this is the default HTTP port for remote Internet users, this message appears to remind users that the Web browser configuration tool is no longer accessible until HTTP is reassigned to another port. If the user has issued this command from a remote location, through the Internet, then connectivity is lost immediately. At that point the user can still use telnet through port 23 to issue a CLI command to do this. If port 23 has been re-assigned, the administrator must re-assign the HTTP port using the CLI through a new Telnet router port (if available), from a LAN-attached device, or through a nonInternet connection. Note: Address Translation only applies to Internet connections
"Warning! You have changed the default TELNET port used by remote Internet users of the CLI. In order to access the CLI remotely through the Internet, you must re-assign the router's Telnet port (e.g., to 8023). LAN users may continue to access the CLI or the Web browser configuration tool as usual"
The administrator has assigned port 23 to another LAN device. Since this is the default Telnet port for remote Internet user Command Line Interface configuration, this message appears to remind users that the Command Line Interface is no longer accessible over the Internet until Telnet is re-assigned to another port. If the user has issued this command from a remote location, through the Internet, then connectivity is lost immediately. At that point the user can still use HTTP through port 80 to access the Web browser configuration tool to do this. If port 80 has been re-assigned, the administrator must re-assign the Telnet port from a newly re-assigned router's HTTP
6-12
port (if available), from a LAN-attached device, or through a non-Internet connection. Note: Address Translation only applies to Internet connections
6-13
A
Internet Access via Cable or xDSL
Specifications
Accessing Servers from the Public Network Supporting Inter-office Communication Supporting Dial-In Access to your Network Supporting Multimedia Applications Creating Virtual Private Network
Features
Internet Access, Multimedia Applications and Virtual Server
Multiple users to share Internet Access IP routing and NAT/PAT support Supporting PPPoE client function for xDSL connection Supporting Mac clone for cable modem connection Supporting Multimedia application(ICQ, Netmeeting, CUSeeMe, Quick Time, etc) Supporting Virtual Server
Standards
IEEE 802.3/802.3u IEEE 802.11b Wireless LAN, WiFi compatible
Protocol Support
PPP PPPoE IP routing, RIP-1/2 NAT/PAT IPX Transparent bridging L2TP
Management
Cisco-like Command Line Interface(CLI) Embedded Telnet server for remote Console management Customized Web-based GUI Firmware upgrade via Web-based GUI/Console port
A-1
Configuration data upload and download via TFTP Internet Access time restriction feature Support DHCP server/client SNMP MIB support, easily for MIS staff Multiple connection profile
Monitoring
Runtime traffic monitoring Connection log Syslog
Security
Natural firewall, private IP addresses not accessible from the Internet MAC address packet filtering IP Packet filtering (IP address/ Protocol/Port number) IPX Packet filtering( Network number/Node number/Socket number) PPP PAP/CHAP/MS-CHAP authentication DES Encryption with L2TP protocol support
VPN
L2TP with DES Encryption
Physical Specification
Electrical Specification External power adapter with AC 9V/1A input Dimensions H: 38 mm W:157 mm D: 222 mm Weight 550g EMI Certification FCC part 15, CE, VCCI Class B
Hardware Configuration
LAN: 4-Port 10BaseT/100BaseT Ethernet switch, with Uplink Switch EWAN: 1 10BaseT RJ-45 EWAN port for connecting Internet through ADSL/ Cable modem Console/COM: 1 RJ-45 port direct connection of management console or directly connect to external modem/ISDN TA
A-2
LED: 17 LEDs for Power.WLAN; WAN: KN/ACT, COL; LAN: 10/100, LNK/ ACT, FDX/COL for port 1, 2, 3, 4; PPPoE 1 power jack for AC Adapter 9V/1A 1 Power Switch
A-3
BWireless
Glossary
This section provides some common networking terms you may find in this user guide.
Bit, Byte
These are units of information as stored in computers. A bit has a binary value of 0 and 1, which is the most basic unit for representing information. A byte consists of 8 bits, and therefore can have a value of between 0 and 255. A byte can represent any character you can see on a computer keyboard, including upper case and lower case characters. Therefore a document of a certain number of characters can be represented in a computer as the same number of bytes plus some additional bytes that represent other information such as the font of each character and the format of the document.
BootP
The Bootstrap Protocol (BootP) is an older version of the Dynamic Host Control Protocol (see DHCP).
Bridge
A bridge is an intelligent, internetworking device that forwards or filters packets between different networks based on data link layer (MAC) address information.
B-1
Broadcast, Unicast
A data packet contains data, the senders address and the receivers address - just like a letter to be mailed. There is a special type of data packet that is delivered to every destination on the network. This is called a broadcast packet. When there is only a single receiving party, it is called a unicast packet.
CHAP
CHAP stands for Challenge Handshake Authentication Protocol. It is an authentication protocol used in PPP for communication devices to authenticate each other remotely. The password is first encrypted before it is sent to the remote side. This is as opposed to the PAP protocol, which sends the password in clear text.
Compression
Since data bandwidth over the WAN is usually quite expensive, data is usually compressed first before it is sent out over the WAN, and decompressed when data is received from the WAN. Different types of compression algorithms are oriented towards different types of data, but generally, certain data patterns are recognized and are abbreviated before transmission. At the receiving end, the abbreviation is restored to the full data pattern. A good compression algorithm can achieve a compression ratio of 4 to 1, depending on the nature of the data being compressed.
Connection Profile
A connection profile contains all necessary information required to set up a dial-up connection. For example, an Internet access connection profile contains the ISPs phone number, the account name and the account password, among other information.
CPE
CPE stands for Customer Premises Equipment. It refers to any equipment that resides on the customer premises.
Default IP Route
The default route is a special IP route in the IP routing table. When a packet is received by the router, if destination network cannot be found in its routing table, the packet will be forwarded over the default route to the next-hop IP router. Such a router often has a more complete routing table, and therefore is more knowledgeable about how to route the packet.
B-2
Edge Router
A router that resides at the edge of a network. It is like a gateway that is used to communicate with the outside network.
Encryption
A method for scrambling data which inhibits unauthorized snooping. To ensure privacy of data sent over the network, the data is often encrypted before it is sent out, and decrypted when it is received. This is used to protect private data from being pirated, especially when data is sent over the WAN.
Dial-on-Demand, Bandwidth-on-Demand
If the user uses a switched (dial-up) service to access the Internet, the associated telecomm cost is often directly proportional to the amount of time the user uses the network service to connect to the Internet. Therefore often it is designed so that the connection will be triggered only when there is a need - such as when a user tries to use a web browser to access the Internet. For ISDN, when there is a demand, the device will first bring up one B channel to provide 64Kbps (or 56Kbps) data bandwidth. If traffic is heavy, such as when more users want to access the Internet, the user can configure the device to bring up the second B channel to provide higher data bandwidth. Such a capability is called Bandwidth-on-Demand.
EWAN
The EWAN(Ethernet Wide Area Network) Port is where you will connect your cable or DSL modem
Flash Memory
This is a special read-write memory in a computer system that allows the computer program (firmware) or the user configuration data to be stored. Its content will continue to exist even when the power is turned off.
ICMP
The Internet Control Message Protocol (ICMP) is part of the TCP/IP protocol suite, which is often used for error reporting and control purposes, including the use of the diagnostic PING command.
Idle Timeout
The Idle Timeout is an amount of time during which no productive data transfer
B-3
occurs. If the user uses a dial-up service to access the Internet, the associated telecommunication cost is often directly proportional to the amount of time the user uses the network service to connect to the Internet. Therefore, the Idle Timeout is designed so that after there is no traffic to the Internet for a pre-configured amount of time, the connection will automatically be taken down.
IGMP
IP Group Multicast Protocol, a protocol that is used as part of the IP multicast protocol.
IP Packet Filter
A feature that allows selective IP packets to be filtered (thrown away). This feature means each and every packet to or from an outside network will be inspected to see if it matches the user defined criteria. When there is a match, the packet will either be filtered or forwarded depending on the configuration.
B-4
This feature can be used to block certain types of data, such as for security reasons, or when parents want to make sure that their children do not access certain web sites.
IP Multicast
A protocol that allows only one copy of data to be sent out for multiple destinations in the network. This allows the network bandwidth to be used most effectively for multimedia applications.
IPX Address
The network layer address for the IPX protocol, which contains a 4-byte network number (unique for each LAN segment and frame type combination), the 6-byte MAC address of the device, and the 2-byte socket number that maps to the particular application in the device.
IPX RIP
The IPX Routing Information Protocol, which is used for exchanging and maintaining the IPX routing table with neighboring routers.
IPX SAP
IPX SAP (Service Advertising Protocol) is a protocol used for advertising services available from IPX devices and for exchanging server tables among IPX SAP devices (agents). For example, the SAP table is broadcasted either periodically or whenever there is a change in the SAP table, or when the IPX SAP device receives SAP table queries from other IPX SAP devices.
MAC Address
The Media Access Control (MAC) address is a unique identifier for a device with an Ethernet interface. It is comprised of two parts: 3 bytes of data that corresponds to the Manufacturer ID (unique for each manufacturer), plus 3 bytes that are often used as the product serial number.
B-5
Multilink PPP
Multilink PPP is an extension of the PPP protocol for utilizing multiple connections for one single communication. Each connection can be an async modem connection, a leased line, or an ISDN B channel connection. Common multilink applications are as follows: (1) back-up: when the primary PPP connection such as a leased line is down, a secondary back-up ISDN or modem connection will be set up automatically to take over the communication. For a modem router, such a feature would not apply; (2) load-sharing over 2 modem connections: to allow data to be communicated over two modem connections simultaneously in order to achieve higher combined data throughput; (3) overflow: when the traffic load on a primary modem connection exceeds a certain predefined high threshold, a secondary modem connection will be set up automatically, until the traffic load falls below a low threshold. Note that for the Wireless Router, only LAN-to-LAN connections (between two Wireless Router) support Multilink PPP.
NetBIOS
NetBIOS is an interface used by Microsoft Windows networking applications that transfers Windows information and data from one Windows machine to other networked Windows machines.
NetWare
The name of an IPX based Network Operating System developed by Novell. It has evolved to work with the IP protocol equally well now.
PPPoE
Short for PPP over Ethrenet, relying on two widely accepted standards, Ethernet and the Point-to-Point Protocol. It is a communications protocol for transmitting information over Ethrenet between devices from different manufacturers
PAP
PAP stands for Password Authentication Protocol. It is an authentication protocol used in PPP for communication devices to authenticate each other. The password is in a clear text form when it is sent to the remote side. This is as opposed to CHAP protocol, which sends the password in an encrypted form.
Ping
A utility that can be used to send a special packet to a remote device to be echoed back. This is often used to check if a remote device is reachable or not, and what the round trip delay is. Some variation of the utility such as trace-route can provide detailed information all intermediate routers the echo packet has gone through, so that if the packet does not come back, the break in the path can easily be identified.
PPP
Point-To-Point Protocol, one that is frequently used in modem dial-up or ISDN connections.
Private Network
When a device uses a technology called PAT (Port Address Translation) to
B-6
communicate with the Internet, all devices on the LAN will be assigned private IP addresses. Although they are free to communicate with the outside world, they are not reachable from the Internet, making the LAN a private network to the outside world.
Protocol
A protocol is a set of rules for interaction agreed upon between multiple parties so that when they interface with each other based on such a protocol, the interpretation of their behavior is well defined and can be made objectively, without confusion or misunderstanding. A communication protocol is a set of rules defined for data communication that potentially define the format and the meaning of messages exchanged between communicating devices. The idea is to define a standard that every product conforms to, so that devices from different vendors can communicate with each other without confusion or misunderstanding. Such a standard definition is important today since users have learned their lessons over the years not to be locked in to any company's proprietary way of communicating with each other. For example, the Point-to-Point Protocol (PPP) is the most popular protocol that is used when a user connects through an ISP to the Internet using a modem or an ISDN line. It defines a sequence of message exchanges between the user's device and the ISP's device for the purpose of authenticating the user (asking for the user account name and password) and assigning an IP address to the user. Other commonly used protocols are Ethernet, ATM, TCP/IP, ISDN call set-up/take-down, etc.
Router
An intelligent, internetworking device that will forward or filter packets between different networks based on data link layer (MAC) address information. A router is an intelligent, internetwork device that forwards packets between different networks based on network layer address information. An IP router uses IP addresses, while an IPX router uses IPX addresses. When a packet is received, the destination network address contained in the packet is looked up in the routing table to determine which next-hop router to forward the packet to. (The next-hop router is in theory one hop closer to the destination.)
Routing Table
A router relies on a routing table to determine where to forward a received packet.
B-7
The routing table normally contains, for each destination network, the network address of the next hop router, the hop count to the destination network, an aging count, among other information. The aging count is for information aging purposes: the routing table is periodically exchanged and kept up-to-date. If a router fails, any network reachable only through this router will become unreachable. The routing table will reflect such failure either by (1) a router detecting the failure, and broadcasting the failure to everyone else, or (2) when the corresponding routing entries in the routing table age out (no update for a long time).
RSVP
RSVP (ReSerVation Protocol) is a protocol that is used for QOS (Quality Of Service) negotiation in a network, to reserve resources in order to support multimedia applications.
SPX
This is a reliable transport layer protocol used in the IPX environment. While IP is equivalent to IPX in functions it performs, SPX is equivalent to TCP.
Static Route
A route in the routing table that is manually configured rather then learned through routing table exchanges.
TCP/IP, UDP
Both TCP (Transmission Control Protocol) and UDP (Unreliable Datagram Protocol) are transport layer protocol. TCP performs proper error detection and error recovery, and thus is reliable. UDP on the other hand is not reliable. They both run on top of IP (Internet Protocol), a network layer protocol.
Un-numbered/numbered Link
When the connection of a router to the WAN (Wide Area Network) is assigned an IP address, it is called a numbered link. Otherwise, it is called an un-numbered link.
B-8
having to pay long distance charges. It consists of two parts: (1) a method to create a tunnel between two communicating devices, and (2) a method to encrypt/decrypt out-going/in-coming data. The standard tunneling protocol is L2TP, which stands for Layer 2 Tunnel Protocol. PPTP, a de facto standard from Microsoft, is being gradually replaced by it. IPSec is a framework of open standards for ensuring secure private communications over the Internet. IPSec sensures confidenn tially integrity and athenticity of data communicatons accross a public network.
WINS Server
The Windows Internet Naming Service provides a means of Windows name-toaddress resolution in a network which includes Windows machines. The WINS Server is an NT based application which maintains the WINS database and provides service to requesting WINS clients.
B-9
CWirelessyear
Warranty
Wireless Router Products are provided with a limited one year Warranty. Details of the warranty and return process are explained in the Warranty Policy below. Warranty service is subject to the terms and conditions of company Warranty Policy. 1. WARRANTY: Wireless Router (the "Product") carry a one (1) year limited warranty, except for the power supply units, which carry a one (1) year limited warranty (collectively the Warranty). The Warranty covers: (1) Defects in materials and workmanship of the Product under normal use and service (Product Defects). (2) Failure of the Product to perform in accordance with product specifications published by company (Product Performance). This Warranty is in lieu of all other express warranties that might otherwise arise with respect to the Product. No individual or organization of whatever form, connected to company or not, has authority to change or add to this Warranty. This Warranty does not apply to any failure of the Product which results from accident, abuse, misapplication, alteration, or failure due to attached equipment, and company assumes no liability as a consequence of such events under the terms of this Warranty. While company has made every effort to provide clear and accurate technical information about the application of the Product, company assumes no liability for any event arising out of the use of this technical information. INCIDENTAL AND CONSEQUENTIAL DAMAGES CAUSED BY MALFUNCTION, DESIGN DEFECT, OR OTHERWISE WITH RESPECT TO BREACH OF THIS WARRANTY, OR ANY OTHER EXPRESS OR IMPLIED WARRANTY, ARE NOT THE RESPONSIBILITY OF US AND ARE HEREBY EXCLUDED BOTH FOR PROPERTY AND FOR PERSONAL INJURY DAMAGE.
2. PERIOD OF WARRANTY COVERAGE: The period of coverage is one (1) year from the date the equipment is purchased. There shall be no warranty after expiration of the period of coverage. ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR USE SHALL HAVE NO GREATER DURATION THAN THE PERIOD OF COVERAGE STATED HEREIN AND SHALL TERMINATE AUTOMATICALLY UPON THE EXPIRATION OF SUCH PERIOD. 3. REPAIR, REPLACEMENT AND REFUND: In the event of a malfunction attributable directly to Product Defect or Product Performance, company will, at its option, repair or replace the Product to whatever extent company deems necessary to restore the Product to proper operating condition
C-1
without charge to the customer. If, in the company opinion, it is impractical for any reason to repair or replace the Product, company may at its option refund or pay an amount equal to the lesser of (1) the purchase price paid for the product or (2) the then effective company estimated purchase price for the Product. The company may replace the Product with a new or re-manufactured functionally equivalent product of equal value at the company option. 4. HARDWARE SERVICE: To obtain hardware service, contact the dealer from whom you purchased the Product. Product under warranty will be repaired or replaced according to the terms of the company Warranty Policy. After expiration of the warranty, you may elect to have the Product repaired, in accordance with the terms of this Warranty, except that you shall be responsible for all costs of repair, replacement and shipping and handling. 5. SHIPPING AND HANDLING: For equipment covered by warranty, Customers are responsible for shipping of products requiring repair or replacement to and from the company Center, and for all shipping and handling charges incurred.
Copyrights
A number of trademarks and registered trademarks appear in this manual. The company acknowledges all trademarks and the rights of the trademarks owned by the companies referred to herein. The following list of trademarks may not include all trademarks referenced in this manual. Windows, Windows 95, Windows NT, Windows NT Server, and Windows NT Workstation,Windows ME, Windows 2000 are registered trademarks of Microsoft Corporation. All other trademarks, service marks, registered trademarks, or registered service marks mentioned in this manual are the property of their respective owners.
C-2