Instruction/ maintenance manual of the product WBR-5400 LevelOne
Go to page of 82
1 LevelOne WBR -5400 MIMO Wireless 1W ,4L Broadband R outer U s e r ` s M a n u a l V er 1.00-0512.
2 Copyright The contents of th is publication may not be reproduced in any par t or as a whole, stored, transcribed in an information retrieval system, translated into an y language, or transmitted in any form or by an y means, mechanical, magnetic, electr onic, optical, phot ocopying, ma nual, or otherwise, wit hout the prior written permission.
3 T able of Contents CHAPTER 1 INTRODUCTION ............................................................................ 5 F UNCTIONS AND F EA TURES ........................................................................................ 5 P ACKING L IST .
4 APPENDIX B 802.1X SETTING ......................................................................... 76 APPENDIX C RESET T O F A CTOR Y DEF AUL T ............................................. 82 R ESET T O F ACTOR Y D EF AUL T .......................
5 C C C h h h a a a p p p t t t e e e r r r 1 1 1 I I I n n n t t t r r r o o o d d d u u u c c c t t t i i i o o o n n n Congratulat ions on your purchase of this out standing LevelO ne WBR-5400, 1 1g MIMO W ireless Broadband R outer . This product is specifically designed for Sm all Office and Home Of fice needs.
6 Wir eless functions High speed for wireless LAN connection Up to 54Mbps data rate by incorporatin g Orthogonal Frequency Division Multiplexin g (OFDM). Roaming Provides seamless roam ing within the IE EE 802.1 1b (1 1M) and IEEE 802.1 1g (54M) WLAN infrastructure.
7 When SPI Mode is enabled, the rou ter will check every incoming packet to detect if this packet is valid. DoS Attack Detection Supported When this feature is enabled , the router will detect and log the Do S attack comes from the Internet.
8 C C C h h h a a a p p p t t t e e e r r r 2 2 2 H H H a a a r r r d d d w w w a a a r r r e e e I I I n n n s s s t t t a a a l l l l l l a a a t t t i i i o o o n n n 2.1 Panel Layout 2.1.1. Fr ont Panel Figure 2-1 Front Panel LED: LED Function Color S tatus Description POWER Power indication Green On Power is being applied to this product.
9 2.1.2. Rear Panel Ports: Port Description PWR(DC) Power i nlet W AN the port where you will co nnect your cable (or DSL) modem or Ethernet router . Port 1-4 the ports where you will connect network ed computers and other devices.
10 2.2 Procedur e for Hardwar e Installation 2. Decide where to place your Wir eless Broadband Router Y ou can place your W BR-5400, W ireless Broadband Rout er , on a desk or other flat surface, or you can mount it on a wall.
11 C C C h h h a a a p p p t t t e e e r r r 3 3 3 N N N e e e t t t w w w o o o r r r k k k S S S e e e t t t t t t i i i n n n g g g s s s a a a n n n d d d S S S o o o f f f t t t w w w a a a r r r.
12 C C C h h h a a a p p p t t t e e e r r r 4 4 4 C C C o o o n n n f f f i i i g g g u u u r r r i i i n n n g g g W W W i i i r r r e e e l l l e e e s s s s s s B B B r r r o o o a a a d d d b b b.
13 4.1 S tart-up and Log in Activate your brow ser , and disable the proxy or ad d the IP addr ess of this produc t into the exceptions . Then, type this pr oduct’ s IP address in the Location (for Netscape) or Address (for IE) field and press ENTER.
14 4.2 S tatus This option p rovides the functi on for observing this pr oduct’ s working stat us: A. W AN Port S tatus. If the W AN port is assigned a dynam ic IP , there may appear a “ Renew ” or “ Release ” button on the Sidenote column. Y ou can click this button to renew or release IP man ually .
15 4.3 Wiz ard Setup W izard will guide you through a basic configuration pro cedure step by step.Press ”Next >” Setup W izard will automatically det ect your W AN type. If W AN type can not be detected successfully , “Dynamic IP Address” will be assigned.
16 Setup Wi zard - Select W AN T ype : For detail settings, please refer to 4.4. 1 primary setup. For the rest of the steps, Setup W izard will guide you through a basic configuration.
17 4.4 Basic Setting.
18 4.4.1 Primary Setup – W AN T ype, V irtual Computers Press “Change”.
19 This option is primary to enable this product to work properly . The settin g items and the web appearance de pend on the W AN type. Choose correct W AN type before you sta rt. 1. LAN IP Addr ess : the local IP address of this device. The computers o n your network m ust use the LAN IP address of your product as their Defa ult Gateway .
20 4.4.1.5 PPTP 1. My IP Address and My Subnet Mask: the pr ivate IP address and subn et mask your ISP assigned to you. 2. Server IP Address: the IP address of the PPTP server . 3. PPTP Account and Passwo rd: the account an d password your ISP assigned to you.
21 4.4.1.6 L 2TP 1. IP Mode: The IP Mode assign ed by your ISP. Y ou can select eit her Static IP Address or Dynamic IP address. 2. My IP Addr ess and My Subnet Mask: the priv ate IP address and sub net mask your ISP assigned to you when your IP Mode is Static IP Address.
22 4.4.1.7 V irtual Computers V irtual Computer enab les you to use the original NA T feature, and allows you to setup the one-to-one mapping of multiple global IP address and local IP address. • Global IP: Enter the global IP address assigned by y our ISP .
23 4.4.2 DHCP Server Press “Mor e>>”.
24 The settings of a TCP/IP en vironment include host IP , Subnet Mask, Gateway , and DNS configuration s. It is not easy to manually conf igure all the computers and devices in your network. Fortunately , DHCP Server provid es a rather sim ple approach to ha ndle all these settings.
25 W ireless settings allow you to set the wireless configuration items. 1. Wir eless function : Enab le or disable wireless fun ction. 2. Network ID (SSID) : Network ID is used for identifyi ng the Wireless LAN (WLAN). Client stations can roam freely over this product and ot her Access Points that have the same Network ID.
26 802.1X Se tting 802.1 X Check Box wa s used to switch t he function of t he 802.1X. When the 802. 1X function is enabl ed, the W ireless user must authenticate to t his router first to use the Network service. RADIUS Server IP IP address or t he 802.
27 WP A-PSK 1.Encryption. There are two encr yption methods, TK IP and AES. 1. Select Preshare Key Mode 2. Fill in the key, Ex 12345678 Pre-share Key Mode: Either ASCII or HEX can be selected. Pre-share Key: Please input either 32 ASCII characte rs or 64 Hexadecimal digit s as Pre-share key .
28 WP A Check Box was used to switch the fun ction of the WP A. When the WP A function is enabled, the W ireless user must authenticate to t his router first to use th e Network service. RADIUS Server IP address or t he 802.1X server’ s domai n-name.
29 WP A2-PSK(AES) : Accept WP A2 clients only a nd Pre-share key (encryption key) must be entere d manually . Y ou can input either 32 ASCII ch aracter s or 64 Hexadeci mal digits as Pre -share key . • Pre-shar e Key Mode: Either ASCII or HEX can be selected.
30 WP A2(AES) : Accept WP A2 clients only and work simultaneously with RADIUS Server . The encryption key is got from RA DIUS Server dynamically . • RADIUS Server IP: The 802.1X server's IP address. • RADIUS port : The 802.1X serve r's service port.
31 WP A-PSK / WP A2-PSK : Accept WP A1 or WP A2 clients to co nnect simultaneously and Pre-share key (encrypt ion key) must be entered manua lly . Y ou can input either 32 ASCII characters o r 64 Hexadecimal digits as Pre-s hare key . • Pre-shar e Key Mode: Either ASCII or HEX can be selected.
32 WP A1/WP A2 : Accept WP A1 or WP A2 clients to connect simultaneously and work simultaneously with RADIUS Server . The encryption key is got from RADIUS Server dy namically . • RADIUS Server IP: The 802.1X server's IP address. • RADIUS port : The 802.
33 4.4.4 Chan ge Password Y ou can change Password here. W e strong ly recommend y ou to change th e system password for security reason..
34 4.5 Forwarding Rules.
35 4.5.1 V irtual Server This product’ s NA T firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this product are invisi ble to the outside wo rld. If you wish, you can make som e of them accessible by enabling the V irtual Server Mapping.
36 The Private port is used for multi-comput ers, which might use the same service. For example, if you setup thr ee W eb server(80) in your LAN, which are 192.168.1 23.7, 192.168.1 23.10, and 19 2.168.123.77. Y ou can assign di fferent p ublic port t o diffe rent IP .
37 4.5.2 Special AP Some applicat ions require m ultiple connections, l ike Internet games, V ideo conferenci ng, Internet telephony , etc. Because of the firewall function, thes e a pplications cannot work with a pure NA T router . The Special Appl ications feature allows som e of these applicatio ns to work with this produc t.
38 4.5.3 Miscellaneous Items IP Address of DMZ Host DMZ (DeMilitarized Zone) Host is a host without the pr otection of firewall. It a llows a computer to be exposed to unre stricted 2-way communi cation for Internet gam es, V ideo conferenci ng, Internet telephony a nd other special applications.
39 4.6 Security Settings.
40 4.6.1 Packet Filter Packet Filter enables you to con trol what packets are allowed to pass the router . Outbound filter applies on all outbound packets. However, Inbound filter applies on p ackets that destined to V irtual Servers or DMZ host only .
41 addresses (4.3.2 .1-4.3.2.25 4). An empty implies all I P addresses. For source or destination port, you can define a single por t (80) or a range of ports (1000 -1999). Add prefix "T" or "U" to specify TCP or UDP protocol. For exampl e, T80, U53, U2000-2999.
42 Example 2: (1.2.3.100- 1.2.3.1 19) They can do everything except read net news (p ort 1 19) and tra nsfer files via FTP (port 21) Others are all allowed.
43 Outbound Filter: To enab le Outbound Packet Filter click the check box nex t to Enable in the Outbound Packet Filter field. Example 1: (192.168.123.100-1 92.168.123.149) They are allowed to se nd mail (port 25), recei ve mail (port 1 10), and browse Internet ( port 80); port 53 (DNS) is necessa ry to resolve the domain name.
44 Example 2: (192.168.1 23.100-192.168 .123.1 19) They can do everything e xcept read net new s (port 1 19) and transfer files via FTP (port 21) Others are allowed After Outbound Packet Filter setting is configured, click the save button.
45 4.6.2 Domain Filter Domain Filter let you pre vent users under t his device from accessing specific URLs. Domain Filter Enable Check if you want to enab le Domain Filter . Log DNS Query Check if you want to log the action wh en someone accesses the specific URLs.
46 Example: In this example: 1. URL include “www .msn.com” will be blocked, and the action will b e record in log-file. 2. URL include “www .sina.com” will not be bloc ke d, but the action will be record in log-file. 3. URL include “www .google.
47 4.6.3 URL Blocking URL Blocking will block LAN computers to connect to pre-defined W ebsites. The major difference between “Domain filter” and “URL Blocking” is Domain filter require user to input suf fix (like .com or .org , etc), while URL Blocking re quire user to input a keyword only .
48 In this example: 1.URL include “msn” will be blocked, and the actio n will be record in log-file. 2.URL include “sina” will be blocked, an d the action will be record in log-file 3.URL include “cnnsi” will be blocked, and the action will be record in log-file.
49 4.6.4 MAC Address Contr ol MAC Address C ontrol allows you t o assign diffe rent access right for diffe rent users and to assi gn a specific IP address to a certain MAC address. MAC Address Cont rol Check “Enable” to ena ble the “M AC Address Control”.
50 Control table "Control table" is the tab le at the bottom of the "MAC Address Control" page. Each r ow of this table indicat es the MAC address and the expected IP address mapping of a client. There are four columns in this table: MAC Address MAC address indicates a specific client.
51 4.6.5 Miscellaneous Items Remote Administrator Host/Port In general, only Intranet user can browse the built-in web pages to perform admin istration task. This feature enables you to perform administration task from remote host. If this feature is enabled, only the specified IP address can per form remote admi nistration.
52 packet to detect if this packet is valid. DoS Attack Detection When this feature is enabled, the router will detect and log the DoS attack comes from the Internet. Currently , the router can detect th e following DoS attack: SYN Attack, W inNuke, Port Scan, Ping of Death, Land Attack etc.
53 4.7 Advanced Settings 4.7.1 System T ime.
54 Get Date and Time by NTP Protocol Selected if you want to Get Date and T ime by NTP Pro tocol. Time Server Select a NTP time server to consult UTC time Time Z one Select a time zone where this device locates. Get Date and Time using PC`s Date and T ime Selected if you want to synchronize the router time setting with your connected PC.
55 4.7.2 System Log This page s upport two m ethods to export sy stem logs to s pecific destinatio n by means of sy slog(UDP) and SMTP(TC P). The it ems you have t o setup including: IP Address for Syslog Server Host IP of destination wh ere syslogs will b e sent to.
56 4.7.3 Dynamic DNS To host your s erver on a changi ng IP address, you have to use dynam ic domain nam e service (DDNS). So that anyone wishing to reach your host only needs to know the name of it. Dynamic DNS will map the name of your host to your curr ent IP address, which changes eac h time you conn ect your Intern et service provid er.
57 Example: After Dynamic DNS setting is configured, click the save button. The new settings will be ef fective after reboot..
58 4.7.4 SNMP Setting In brief, S NMP, the Simpl e Network Mana gement Protoc ol, is a protocol designed to give a user the capability to remotely manage a co mputer network by polling and setting terminal values and monitori ng network events . Enable SNMP Y ou must check either Local or Remote or both to enable SNMP function.
59 Example: 1. This device will response to SNMP client which’ s get co mmunity is set as “public” 2. This device will response to SNMP client which’ s set community is set as “priv ate”.
60 4.7.5 Routing T able Routing T ables allow you to determine which physical int e rface address to use for outgoing IP data grams. If you have more than one routers and subnets, you will need to enable routing table to allow packets to fin d proper routing path and allow di fferent su bnets to comm unicate with each othe r .
61 Example: Configurati on on NA T Router Destination SubnetMask Gateway Hop Enabled 192.168.1.0 255.255 .255.0 192.1 68.123.216 1 ˇ 192.168.0.0 255.255 .255.0 192.1 68.123.103 1 ˇ So if, for example, the clien t3 wanted to send an IP data gram to 192.
62 4.7.6 Schedule Rule Y ou can set the schedule time to decid e which service will be tu rned on or off. Select the “enable” item. Press “Add New Rule”.
63 Y ou can write a rule name and set which day and what time to schedule from “S tart T ime” to “End T ime”. The following example confi gure “ftp time” as everyday 14:10 to 16:20.
64 After c onfigure Rule 1 Schedule Enable Selected if you want to Enable the Scheduler . Edit T o edit the schedule rule. Delete T o delete the schedule rule, an d the rule# of th e rules behind the d eleted one will decrease one automatically .
65 Exanple1: Vi rtual Server – Apply Rule#1 (f tp time: everyday 14:10 to 16:20) Exanple2: Packet Filter – Apply Rule#1 (ftp time: everyday 1 4:10 to 16:20).
66 4.8 T oolbox.
67 4.8.1 Sys tem Log Y ou can V iew system log by clicking the Vi e w L o g button.
68 4.8.2 Firmwar e Upgrade Y ou can upgrade fi rmware by clicki ng Firmware Upgrade butto n..
69 4.8.3 Backup Setting Y ou can backup your settings by clicking the Backup Setting button and save it as a bin file. Once you want to restore these settings, please click Firmware Up grade button and use the bin f ile you saved. 4.8.4 Reset to default Y ou can also reset this product to factor y default by clicking the Reset to default button.
70 4.8.6 Miscella neous Items MAC Address for W ake-on-LAN W ake-on -LAN is a technology that enables you to power up a networked device remotely . In orde r to enjoy this feat ure, the tar get device must be W ake-on-LA N enabled and you have to know the MAC address of this device, say 00-11- 22-33-44-55.
71 A A A p p p p p p e e e n n n d d d i i i x x x A A A T T T C C C P P P / / / I I I P P P C C C o o o n n n f f f i i i g g g u u u r r r a a a t t t i i i o o o n n n f f f o o o r r r W W W i i i.
72 6. The TCP/IP protocol shall be listed in the Network window . Click OK to co mplete the install procedure and restart your PC to e nable the TCP/IP protocol. A.2 Set TCP/IP Protocol f or W orking with NA T Router 1. Clic k St a r t button and choose Settings , then click Control Panel .
73 a. Select Obtain an IP addr ess automatically in the IP Address tab. b. Don’t input any val ue in the Gateway tab ..
74 c. Choose Disable DNS in the DNS Configuration tab. B. Configure I P m anually a. Select Specify an IP addres s in th e IP Add ress tab. The defau lt IP address of this product is 192.1 68.123.254. So please use 192.168.12 3.xxx (xxx is between 1 and 253) for IP Address field and 255.
75 b. In the Gat eway tab, ad d the IP address of this product (de fault IP is 192.168.123.2 54) in the New gateway field and click Add butt on. c. In the DNS Co nfiguration tab, add t he DNS values which a re provided by t he ISP into DNS Server Se arch Order field and click Add button.
76 A A A p p p p p p e e e n n n d d d i i i x x x B B B 8 8 8 0 0 0 2 2 2 . . . 1 1 1 x x x S S S e e e t t t t t t i i i n n n g g g Figure 1: T esting Environm ent (Use W indows 200 0 Radius Serve r) 1 Equipment Details PC1 OS: Microsoft Win dows XP Professional without Service Pack 1.
77 5.Set RADIU S serv er shar ed key . 6.Configure WEP key and 802.1X settin g. The following test will use th e inbuilt 802.1X authentication method such as ,E AP_TLS, PEAP_CHAPv 2(W indows XP with SP1 o nly), and PEAP_TL S(W indows XP with SP1 only) using the Sm art Card or other Certifi cate of the W indows XP Pr ofessional.
78 Figure 2: Enable IEEE 802.1X access control.
79 Figure 3: Sm art card or cer tificate properties 4. W indows 2000 RADIUS server Authenticati on testing: 4.1DUT aut henticate PC1 using certificate. (P C2 follows the same test procedures.) 1. Download and install the certificate on PC1. (Fig 4) 2.
80 Figure 4: Certificate in formation on PC1 Figure 5: Authenticating.
81 Figure 6: Authentication success 4.2 DUT authenticate PC2 using PEAP-TLS. 1. PC2 choose the SSID of DUT as the Access Point. 2. Set authentication type of wireless client and RADIUS server both to PEAP_TLS. 3. Disable the wireless connection and e nable again.
82 A A A p p p p p p e e e n n n d d d i i i x x x C C C R R R e e e s s s e e e t t t t t t o o o f f f a a a c c c t t t o o o r r r y y y d d d e e e f f f a a a u u u l l l t t t Reset to factory Default There are 2 methods to reset to default. 1.
An important point after buying a device LevelOne WBR-5400 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought LevelOne WBR-5400 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data LevelOne WBR-5400 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, LevelOne WBR-5400 you will learn all the available features of the product, as well as information on its operation. The information that you get LevelOne WBR-5400 will certainly help you make a decision on the purchase.
If you already are a holder of LevelOne WBR-5400, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime LevelOne WBR-5400.
However, one of the most important roles played by the user manual is to help in solving problems with LevelOne WBR-5400. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device LevelOne WBR-5400 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center