Instruction/ maintenance manual of the product WRT-410 IBM
Go to page of 69
80 2 .11g W ir e les s Broadband Router WRT-410 User ’ s Manual.
Co p y right Copyright 2003 by PLANE T T echnology Corp . A ll righ t s r eserved . No par t of t his publication ma y be reproduced, t r ansmit t ed, t r anscribed, s t ored in a ret r ieval syst.
Federal Communication Commissio n (FCC) Radiation Exposure Statement This equipment complies w ith FCC radia t ion e x posure set f orth for an uncontrolled envi r onment.
T A BLE OF CONTENTS C H A P T ER 1 IN T RODUC T I O N ................................................................................................. .1 1.1 P ACKAGE C ON T ENTS .......................................................................
3.5. 5 Fire w all R u l e .......................................................................................................... . 25 3.6 M ANAGEMENT .................................................................................................
- 1 - Chapter 1 I ntroduction Thank you f or purchasing W R T -410. This device features the latest innovation w ireless technology making the w ireless net w orking w orld happened . This manual guides you on ho w to ins t all and properl y use t he W R T -410 in order to t ake full advan t age of i t s features.
- 2 - 1.4 Speci f ica t ion S t a n dards IEEE 8 02 . 11b , IEEE 8 0 2. 1 1g Si g n a l T y pe DSSS ( D irect Seq u ence S p read Spectru m ) Mod u la t i o n BPSK / QPSK / C C K / OF D M Port W A N: .
- 3 - 1.5 W ireles s P e rf o rmance The follo w ing info r ma t ion w ill help you utilizing t he w ireless performance, and opera t ing co v erage of W R T -410.
- 4 - Chapter 2 H ard w a re Installation Before you p r oceed w ith the ins t allation, it is necessary that you have enough info r ma t ion about the W R T -410.
- 5 - Chapter 3 C onf i gure through Web Br o w ser W eb configura t ion provides a user-f r iendly graphical user in t erface ( w eb pages ) to manage you r W R T -410. A W R T -410 w ith an assigned I P add r ess w ill allo w s you to monitor and configure via w eb bro w ser (e.
- 6 - This page enables you to se t LAN and DHCP properties, such as the host name , IP address, subne t mask, and domain name. L A N and DHCP profiles are lis t ed in the DHCP table a t the bottom o f the screen. Host Name: Type the host name in the te x t bo x .
- 7 - M A C A ddress: If required b y your ISP , type the M AC address fo r the W RT-410 W A N in t erface in this field. Y ou can also copy the MAC address of your PC ’ s ne tw ork card to t he W RT - 410 W A N inter f ace b y clicking “ Clone M AC address ” .
- 8 - W hen using PPT P , enter the f ollo w ing info r ma t ion in t he f ields (some information are pro v ided by your ISP): IP A ddress: Type the IP add r ess w hich your ISP provides . Subnet Mask: Type the Subnet M ask w hich your ISP provides. Gate wa y: Type the IP address of Ga t e w ay w hich your ISP provides.
- 9 - A dministrator: Type the pass w ord the Administrato r w ill use to login to the sys t em . The pass w ord mus t be typed again for confi r ma t ion. User: Users can type a pass w ord t o be used fo r logging in t o the system. The pass w ord mus t be typed again for con f irmation.
- 10 - 3.1.5 D y namic DNS Y ou can configure W R T -410 t o use DDNS service if you already have a regis t ered DDNS account. DDN S : Y ou can enable or disable DDNS func t ion here. Server A ddress : Please type in t he url of you r DDNS ser v ice provide r .
- 11 - Enable/D i sable: Enable or disable w ireless LAN via t he W R T-410. SSID: Type an SSID in the field . The SSI D o f any w ireless device mus t ma t ch the SSI D typed here in order f or the w ireless device t o access the LAN and W A N via the W RT - 410.
- 12 - Lifetime : Select prope r time interval from t he d r op-do w n list. Once t he life t ime e x pires, t he Encryption key w ill be rene w ed by RADIUS server automatically. Encr y ption K e y : Select the E ncryption key length t o be 64 - bits or 128-bits.
- 13 - Beacon Interval: Type the beacon interval in the field . Y ou can specify a value from 20 to 1000. The default beacon interval is 100 . RTS Threshold: Type the RTS (Request-To-Send ) th r eshold in the f ield. This value stabilizes da t a f lo w.
- 14 - Firm w a r e Version : Displays the lates t build o f the W RT-410 f irm w are inter f ace. Af t er upgrading the firm w are in Tools -> Fi r m w are, check this to ensure t hat you r firm w are w as successfully upgraded.
- 15 - First Page : Vie w the f irst page of the log message list. Last Page : Vie w the last page of the log message list. Previous Page: Vie w the page just before the current page . Next Page : Vie w the page jus t after t he current page. Clear Log : Delete the conten t s of t he log and begin a ne w log.
- 16 - SMTP Server : Type the SMTP server address f or the email that the log w ill be sent t o in the ne x t field. Send to : Type an email address for t he log to be sent to.
- 17 - Click “ Reset ” to erase all s t a t istics and begin logging s t atistics again. Utilization: Separates packe t transmission statistics in t o send and receive categories.
- 18 - Ne t w ork A ddress : Type the static IP add r ess your net w ork uses to access t he In t ernet . Y our ISP or net w ork administ r ator p r ovides you w ith this in f ormation. Ne t w ork Mask : Type the ne tw ork (subnet) mask fo r your net w ork.
- 19 - N A T : Select the op t ion to enable o r disable NAT. Transmit : Select t he option to set t he desired t r ansmit pa r amete r s. Disabled , RIP 1 o r R I P 2. Receive : Select t he option to set t he desi r ed t r ansmi t parameters . Disabled, RIP 1 or RIP 2.
- 20 - 3.5 A ccess 3.5.1 Filte r s This screen enables you to allo w and deny user access based upon the filte r s you set. I f MAC Filte r s i s selected, the screen appea r s as belo w . M A C Filter: Enables you to allo w or deny In t erne t access f o r users w ithin the LA N based upon the M AC address of their net w ork in t er f ace.
- 21 - The follo w ing screen appea r s once you select I P Filte r s . It enables you to de f ine a minimum and ma x imum IP address r ange filter; all IP addresses falling in the range are not allo w ed Internet access . The I P filter p r ofiles are lis t ed in the t able a t the bot t om of the page.
- 22 - Select Domain B locking, and t he follo w ing screen appea r . Domain Blocking : There are three options in this f ield. S elect the proper setting acco r ding t o you r demand. Permitted Domains : Ente r the domain name in the te x t field, and click “ Add ” but t on to add it to t he lis t .
- 23 - Note: W hen selecting i t ems in the t able at t he bottom, click any w here in the item. The line is selected, and the fields automatically load t he item ' s pa r ameters, w hich you can edit. Protocol Fil t er : Enables you t o allo w or deny In t erne t access to use r s based upon t he communications protocol of the origin.
- 24 - Public Port: Type the port number on the W A N t hat w ill be used to p r ovide access to the virtual server. L A N Server: Type the LAN I P address tha t w ill be assigned to the vi r tual server. A d d: Click to add the virtual server to the table at the bottom of the screen.
- 25 - 3.5.4 DMZ This screen enables you to c r eate a D M Z for those compu t ers that cannot access In t ernet applica t ions prope r ly through the W R T -410 and associated secu r ity se t tings. Enable : Click to enable or disable the D M Z. DMZ Host IP: Type a host I P address for t he D M Z.
- 26 - Enable : Click to enable or disable the f ire w all rule p r ofile. Name : Type a desc r iptive name fo r the fire w all r ule profile . A ction : Select w hether to allo w or deny packets that confo r m to t he rule. Source : Defines the source o f the incoming packet t hat t he r ule is applied t o.
- 27 - Enabled/D i sab l ed : Click to enable or disable SN M P. By default is disabled. S y stem Name: Displays the name given t o the W RT-410. S y stem Location : Displays the location of the W RT-410 (normally, t he DNS name ) . S y stem Contact: Displays the con t act in f ormation for t he pe r son r esponsible for the W RT-410.
- 28 - Enable : Click to enable or disable HTTP access for remo t e management. Remote IP Range: Type the r ange of IP addresses t hat can be used f or remote access. A llo w s t o Ping W A N Port : T h is func t ion allo w s remo t e use r s to ping W RT-410 W A N port I P address.
- 29 - Save Settings : Click to save t he current configuration as a profile tha t you can load w hen necessary. Load Settings: Click “ B r o w se ” and go to the location of a s t ored profile. Click Load t o load the p r ofile's settings. Restore Fac t or y Default Settings : Click t o restore t he de f ault set t ings.
- 30 - 3.8 W izard The setup w izard enables you to configure the W RT-410 quickly and conveniently. Click “ W izard ” button, the w indo w belo w w ill appea r . Please click “ Ne x t> ” and follo w the steps to configu r e W RT-410. Y ou are promp t ed to select a pass w ord.
- 31 - Chapter 4 802 . 1X A uthenticat i on Setup 4.1 8 02. 1 X Infra s tructure An 802.1 X Infrastructu r e is composed o f three majo r componen t s: Authenticato r , Au t hen t ication serve r , and Supplicant. A uthentication server: An entity t hat provides an authentication service to an authenticator .
- 32 - 6. The client validates the digi t al cer t ificate, and replies i t s o w n digi t al cer t ifica t e to t he R A DIUS serve r . 7. The RADIUS server valida t es client ’ s digi t al cer t ificate. 8. The client and RADIUS se r ver derive encryption keys.
- 33 - 6. Enter the info r ma t ion tha t you w ant for your Ce r tifica t e Service, and click “ Next ” to continue . 7. Go to S t art > Program > A dministra t ive Tools > Certif i cate A uthori t y . 8. Right-click on the “ Poli c y S etting ” , select “ new ” .
- 34 - 11. Go to Start > Program > A dministrative Tools > A ctive Director y Users and Computers . 12. Right-click on domain, and select ” Properties ” to con t inue. 13. Selec t “ Group Pol i cy ” tab and click “ Properties ” to con t inue .
- 35 - 14. Go to “ Compu t er Configuration ” > “ Securi t y Settings ” > “ Public K e y Policies ” 15. Right-click “ A utomatic Certificate Request S etting ” , and select “ New ” 16. Click “ A utomatic Certif i cate Request .
- 36 - 17. The Au t oma t ic C erti f icate Request Setup W iza r d w ill guide you th r ough the Automa t ic Certi f icate Request setup , simply click “ Next ” th r ough to t he last step. 18. Click “ Fin i sh ” to complete the Au t omatic Certi f icate Request Setup 19.
- 37 - Setting In t ernet Authenticat i on Service 24. Go to Start > Program > A dministrative Tools > Inte r net A uthentication Service . 25.
- 38 - 28. In the Inte r net Authentication Service, right - click “ R emo t e A ccess Pol i cies ” 29. Selec t “ New Remote A ccess Pol i cy ” .
- 39 - 31. Unless you w ant to specif y the active dura t ion for 802.1 X authentication, click “ OK ” to accept for having 802.1 x authentication enabled a t all times. 32. Selec t “ Grant remo t e access pe r miss i on ” , and click “ Next ” to continue.
- 40 - 33. C lic k “ Edit Profile ” . For TLS Authenticat i on Setup (Steps 34 ~ 35 ) 34. Selec t “ A uthentication ” Tab. 35. Enable “ Extensible A uthentication Protocol ” , and select “ Smart C ard or other Cert i ficate ” f or TLS au t hen t ication.
- 41 - For M D5 Authentication S e t up (Steps 36 ~ 37 ) 36. Selec t “ A uthentication ” Tab. 37. Enable “ Extensible A uthentication Protocol ” . Select “ MD5-Challenge ” and enable “ E ncr y pted A uthentication (CH A P) ” for MD5 authentication.
- 42 - 38. Selec t “ Internet A uthentication Service (Local) ” , click on “ Action ” f r om t op panel. Then click “ Register Service i n A ctive Directory ” . 39. Go to Start > Program > A dministrative Tools > A ctive Director y Users and Computers.
- 43 - 42. Go to “ Computer Conf i guration ” > “ Windows S ettings ” > “ Securi t y Settings ” > “ A ccount Policies ” > “ Password Pol i c i es ” . D ouble click on “ S t ore password us i ng reversib l e enc r y ption for all users in the domain ” .
- 44 - 43. Click “ Define this poli c y s etting ” , select “ E nab l ed ” , and click “ OK ” to continue . 44. Go to Start > Program > A dministrative Tools > A ctive Director y Users and Computers . 45. Go to Users . R ight - click on the use r tha t you are granting access, and selec t “ Propert i es ” .
- 45 - 48. Go to the “ Dial-in ” tab , and check “ A llo w access ” op t ion for Remote Access Pe r mission and “ No Call-back ” for Callback Options.
- 46 - 4.3 A uthenticator Setup 1. For E A P-MD5 Au t hen t ication, W E P key must be set previously. Go t o Wireless> A uthentication. Enable W E P key, and ente r a desi r ed key string. Y ou can skip this step i f using E A P-TLS Authen t ication .
- 47 - 6. En t er the IP address, Por t number, and S hared Secre t K e y used by the Secondar y Radius Server. 7. Click “ A pp ly ” . The 802.1 x settings w ill t ake effect r igh t af t er W RT-410 reboo t s i t sel f. 4.4 W ireles s Clie n t Setup W indo w s XP is originally 802 .
- 48 - 5. Click “ Properties ” of one a v ailable w ireless net w ork, w hich you w ant to associate w ith . 6. Select “ Da t a encr y ption (WEP enabled ) ” option, but leave othe r op t ions unselected .
- 49 - 7. Enter the net w ork key in “ N e t w ork k ey ” t e x t bo x . The string must be t he same as the fi r st set o f W E P key w hich you set t o W RT-410. 8. Click “ OK ” . 9. Select “ A uthentication ” tab. 10. Selec t “ Enab l e ne t work access contro l using IEEE 802.
- 50 - 12. Click “ OK ” . 13. W hen w ireless client has associated w ith W RT - 410, a user authen t ica t ion no t ice appears in system tray. Click on the no t ice to continue. 14. En t er the user name , pass w ord and the logon domain t hat your account belongs.
- 51 - CA server. Fu r the r more , you mus t have a valid account/pass w ord to access the server . 1. Ac t ive w eb bro w ser, en t er “ http:/ / 192 . 168 . 1.10/ce r tsrv ” in t he Add r ess field w hich 192.168.1.10 is the IP address of our server.
- 52 - 5. Click “ Submit > ” to con t inue. 6. The Certi f icate Service is no w processing the cer t ificate request..
- 53 - 7. The cer t ifica t e is issued by t he server, click “ Install t his certificate ” t o do w nload and sto r e the certi f icate t o your local compu t er. 8. Click “ Y es ” to s t ore the certifica t e to your local computer . 9. Certi f icate is no w installed.
- 54 - 2. Right-click on the W ireless Net w ork Connection w hich using W L - 3555. 3. Click “ Properties ” to open up the P r oper t ies setting w indo w . 4. Click on the “ Wireless Ne t work ” t ab. 5. Click “ Properties ” of one a v ailable w ireless net w ork, w hich you w ant to associate w ith .
- 55 - 6. Select “ The k e y is provided for me automatica l ly ” option. 7. Click “ OK ” ..
- 56 - 8. Click “ A uthentication ” tab 9. Select “ Enable ne t work access control using IEEE 802 . 1X ” op t ion t o enable 802.1 x authen t ica t ion. 10. Selec t “ Smart Card or other Certificate ” from the drop-do w n list bo x for EAP type.
- 57 - 13. Selec t the cer t ifica t e that w as issued by the server (in ou r demons t ration: W irelessCA), and click “ OK ” to continue. 14. M ake su r e this cer t ificate is issued by correct server, and click “ OK ” to complete the au t hentica t ion process.
- 58 - Chapter 5 Troubleshooting This chapter provides solutions to problems usually encoun t ered during the ins t alla t ion and ope r ation of the Wireless Broadband Router .
- 59 - This ne w produc t s use the A CX 100 chip from T e x as Instrumen t s. In addition to mee t ing t he e x isting s t andard, t he chip also suppo rt s a ne w modulation scheme developed by TI, called Packet Binar y Convolution C ode (PBCC).
- 60 - DNS DNS s t ands for D omain Name Sys t em . DNS conver t s machine names to the I P add r esses tha t a l l machines on the net have. It t r anslates from name to address and from address t o name . DOM A IN N A ME The domain name typically re f ers to an I nte r net site add r ess .
- 61 - IP I P (Internet Pro t ocol) is the protocol in the TCP/I P communications protocol suite that con t ains a net w or k address and allo w s messages to be routed to a di f ferent net w ork or subnet. H o w eve r , I P does not ensu r e delivery of a complete message — TC P provides the f unction of ensuring deliver y .
- 62 - PING Ping (Packet INte r net Groper) is a utility used to find out if a p articular I P address is present online, and is usually used by net w orks f or debugging. PORT Por t s a r e the communications pa t h w ays in and out of compu t ers and net w ork devices (route r s and s w itches ) .
- 63 - w ith an incoming I P address to dete r mine w hether t o accept or reject t he p acket. SYSLOG SERVER A SysLog server monitors incoming Syslog messages and decodes the messages f or logging purposes.
- 64 - W LAN. W AN W A N ( W ide Area Net w ork ) is a communica t ions net w ork t hat covers a w ide geographic area such as a country (cont r as t ed w ith a L A N, w hich cove r s a small area such as a com p any building).
An important point after buying a device IBM WRT-410 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought IBM WRT-410 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data IBM WRT-410 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, IBM WRT-410 you will learn all the available features of the product, as well as information on its operation. The information that you get IBM WRT-410 will certainly help you make a decision on the purchase.
If you already are a holder of IBM WRT-410, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime IBM WRT-410.
However, one of the most important roles played by the user manual is to help in solving problems with IBM WRT-410. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device IBM WRT-410 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center