ARRIS 4387WG Wireless Router User Manual Manual Pt4
ARRIS Group, Inc. Wireless Router Manual Pt4
ARRIS >
Contents
- 1. Manual Pt1
- 2. Manual Pt2
- 3. Manual Pt3
- 4. Manual Pt4
- 5. Manual Pt5
Manual Pt4
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 617990 |
| Application ID | YXncT6b4+c7K/aOEX0/UMQ== |
| Document Description | Manual Pt4 |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 188.06kB (2350744 bits) |
| Date Submitted | 2006-01-09 00:00:00 |
| Date Available | 2006-01-09 00:00:00 |
| Creation Date | 2006-01-08 22:41:14 |
| Producing Software | Adobe Acrobat 7.0 Image Conversion Plug-in |
| Document Lastmod | 2006-01-08 22:44:29 |
| Document Title | Manual Pt4 |
| Document Creator | Adobe Acrobat 7.0 |
4 Web Configuration 4.5 Wireless LAN (2.4G) Configuration The Wireless Broadband Router implements Access Point capability which connects Wireless clients to a Wired LAN It allows Wireless nodes to access network resources and share the broadband Internet connection. With the default values, the router (Access Point) can be easily associated by a wireless client. We suggest that you customize the Wireless settings to prevent unauthorized association. P Basic Config uration Access Point Name: The name used for identifying the Access Point. SSID: Service Set ID. lt uniquely identifies a logical network domain name of your WLAN. Do not broadcast SSID: If this option is disabled, the AP (also referred to as an “open" AP) will periodically broadcast its SSID to allow the Wireless clients to recognize their presence. However, this creates a security hole since any wireless station with SSlD set to “any“ or got the broadcast may associate to your AP It is recommended to enable this option to have your AP only accept stations whose SSIDs are the same as this AP’s. BSSID: The MAC address of the AP Chan neI ID: The radio frequency used for communication Select a channel out of the available cannels or use the default, Aulio, to have the AP automatically scan and select a channel when it starts UP > Advanced Configuration We suggest you not to modify the Advanced parameters unless specific requirement is required. The parameters are described as below Beacon Interval: Defines the periodic interval atwhich the Access Point sends out a beacon 31 Wireless Broadband Router User Manual 32 R15 Threshold: Request to send threshold It specifies the packet size beyond which the AP invokes its RTS/CTS mechanism Packets that exceed the specified RTS threshold trigger the RTS/CTS mechanism. Fragment Threshold: It determines Whether packets will be fragmented and at What size On an 802.11 wireless LAN. packets exceed the fragmentation threshold are fragmented. i e.. split into, smaller units suitable for the circuit size. On the other hand, packets smaller than the specified fragmentation threshold value are not fragmented. DTIM Interval: Specifies the Deferred Traffic Indicator Map (DTIM) period. This Value determines at which interval the AP Will send its broadcast traffic The default value is 1 Data Rate: The default setting, Auto, allows the AP to automatically use the fastest possible data rate Selecting a specific rate forces the AP to transmit at a particular speed Operational Mode: This item allows you to choose from these communication options“ O Auto: Both 802.11g draftand 802.11!) clietns can communicate With this AP The data rate Will be automatically adjusted O 802.119: Only 802.119 wirless clients can communicate With the AP. C 802.1“): Only 802.11 b clients can communicate With the AP 4.6 Wireless LAN Security When implementing a wireless network. it is important to secure the data transmitted over the wireless network. This Wireless Broadband Router provides a couple of approaches to protect your Wireless networlc WEP, MAC address access control and 502.1x. 4 Web Configuration P 802.1x The 8021X standard is designed to enhance the security of a Wireless network For more information on 802.1x, please referto the appendix “A Implementing 8021x" P WEP WEP Mode: WEP (Wired Equivalent Privacy) is an authentication algorithm which encrypts your data and protects your Wireless LAN against eavesdropping. WEP is disabled by default If you want to protect your data When it is transferred from one station to another, you should enable this security option. For security ooncern, we strongly suggest you enable WEP function To enable WEP, select 64 bits or 128 bits option as the encryption algorithm The higher the bit number, the greater the oomplexity and the security of the encryption Authentication Mode: Authentication is a process in which the AP validates if Wireless clients are qualified to access the AP’s service This happens prior to any Wireless client can associate to an AP. The IEEE 802 ‘l1 defines two types of algorithms in authentication. the “Open System” and “Shared Key’ ' Open System: The authentication is done through a pseudo process accepting all kinds of requests, mainly used in cases Where connectivity is more important than security. If WEP is disabled, the Authentication Mode is set to Open, C Shared Key: Utilizes WEP capability to further verify if a Wireless client is authorized to share this AP’s resource. If the client has the wrong key or no key, it will fail authentication and will not be allowed to associate with the AP. This option is only available when WEP is enabled and you need to configure the WEP keys used for authentication and data encryptiong. WEP Key Type: Select ASCII or Hexadecimal as the key format you want to use 33 WHCICSS Broadband Router User Manual 34 WEP Keys: Enter one to four WEP keys in either ASClI or Hexadecimal format as specified The key length depends on the encryption algorithm (64 bits or 128 bits) you selected. Note that when using Hexadecimal format, only digits 0-9 and letters A»F: a»f are allowed. Valid key length for each encryption type is as below: ASCII Format HEX Format 64 Bit 5 ASClI characters 10 hexadecimal digits 128 Bit 13 ASCII characters 26 hexadecimal digits Specifing a default key to encrypt outging data Aside from entering yourWEP keys, you should select one of the entered keys to encrypt the data before being transmitted The AP always transmits data encrypted using this WEP Key The key number (1,234) is also transmitted. The receiving station will use the key number to determine which key to use for decryption If the key value does not match With the transmitting station, the decryption will fail. To ensure successful decryption: have your wireless stations set identical key tables. Note: All wireless stations must use identical encryption algorithm level and key values (same key position in its key table) to ensure successful data transmission > Access Control MAC Address Access Control: This AP has the capability to control the wireless client access based on the MAC address of a Wireless client We offer you the flexibility to customize your own control policy based on these options ' Allow: lf selected, only the wireless client Whose MAC address is in the MAC Address List is allowed to access this AP C Deny If selected: only the wireless client whose MAC address is in the list cannot access this AP Others cliens are granted access ' Disable: No access control. All the clients are allowed to access this AP 4. Web Configuration When enterlng MAC address m the list, up [a 12 MAC enmes are allowed mun-Autumn mm M. w mmmm ... r... ..r..r,..r.. 4m -7 rr. 94mm...»- rm." mun-mm; W rm Dull-m run—A awn-mum m Mimi Figure 443 Wirekass LAN Configurafiun rm. m w “m“ w n» mm- mm “M”, "2311: Z?“%err"rr"rir"w mama mm...“ n rm. ”mm.” mum-Lb: [7 [7 ,7 EM Figure 414 Wireless LAN Security Configuration 35 WHCICSS Broadband Router User Manual 36 4.6 Filters When your Wireless Broadband Router operates as a router, the built-in NAT function provides your LAN With the lriternet access via the single public IP of the WAN port That means all network devices are allowed to access various Internet service Under this circumstance. network security becomes an important issue arid system administrators may need to build access control to protect the network The filter feature serves as a basic firewall security measure for your network When filter function is enabled, the Wireless Broadband Router inspects all data packets arrive from LAN side and determines if packets are allowed to pass through the WAN port depending on whether packets match your filter rules and whether your filter type is Listed Pass or Listed Block ln addition to filter settings the Filters page also allows to configure other firewall settings. including WAN Management, WAN Port Ping Reply and Report Log to Tl—"I'P Server Specifing Your IP Filter Rules lf you are going to specify your filter rules, follow the procedures below 1. in the Firewall item, select the Enable option. 2. in the Filter Type item, select the action (Listed Pass or Listed Black) to be performed on the IP packets matching your filter rules 3. ln the four filter types, select Wnether to enable or disable each filter 4 if a filter is enabled. enter the criteria in provided fields Click More to add more criteria if required See next section for more information. 5 Click Apply to commit your changes 4 Web Configuration Filter Types When setting up filter rules: you can define the Filter rules based on the LAN machine’s MAC address, IP address or the protocol type of the data packet. Each filter type is described as below. Note: Based on OSi reference model: MAC Filters demand higher priority than IP Filters while IP Filters higher than Port Filters MAC Filters: The MAC address of the LAN machine fromwhich packets are allowed (or prohibited) to pass through the WAN port. Up to 12 entries are allowed IP Filters: The range of IP addresses of the LAN machines from which packets are allowed (or prohibited) to pass through the WAN port. You may enter the same address in both (Start arid Ehd) fields to define a single IP address Up to 5 entries are allowed. TCP Port Filters: Allows (or prohibits) certain LAN machine to use TCP based service in the specified port range through the WAN port: Up to 12 entries are allowed. For example, to allow (or prohibit) local PC 192 1681210 to use FTP service (using TCP port 21) iP Address Start Ehd 192.1681 210 20 21 UDP Port Filters: This field allows you to allow (or prohibit) oertain LAN machine to use UDP based sen/ice in the specified port rahge through the WAN port. Up to 12 entries are allowed For example, to allow (or prohibit) local PC 192 158.1210 to use pihg service (using UDP port 53): iP Address Start End 192.1681 210 53 53 37 Wireless Broadband Router Uscr Manual Filter Scenario of the Wireles Broadband Router When seltlng up your firewall policy, note the filter scenario used by the router When Filter Type is Listed Block: If all the filters are disabled: No filter rule is specified to block any packet, All packets can pass through the WAN part (Delaults) If any filter is enabled: only the packets matching the specified rule are blocked; other packets can pass through the WAN port. When Filter Type is Llstsd Pass: If all the filters are disabled: No filter rule is specified to allow any packet to pass, All packets are blocked. Ilany filter Is enabled: Only the packets matchan the speclfled rule can pass; other packets are blocked. u. M w m m u. m m m... mu murm- i.<.,m.,..lw.i. .l.m.i.m...i.m. mmmtm.m...<.mm... mmmmmmnnm-m m- nm N linulrllMH um lilfli Mm:- Figure 415 Fillers 38 4 Web Configuration Viewing Filter Log When filter feature is enabled, the router Wl|| keep a record of the packets discarded. To View the firewall activity log, go to System Overview > Firewall > Activity Leg and click the Show Log button. Filter activity log is displayed in a separatewmdowwith a maximum of 32 entries. Clicking the Update button allows to refresh the log With newly reported data The log types are defined as below: Type Description i Blocked packets, from WAN Side, by me (Deny of Service) prdection mechanism. 2 Blocked packets, from LAN side, by MAC/IP/TCP/UDP filter. Other Firewall Settings WAN Management: Available only when Firewall is enabled If available, this item is disabled by default that rejects any external access from the WAN port. If this option is enabled, a WAN Port filed isdisplayed with the default value 80. If required, you may enter another port number used by the external WAN access. if WAN Management is enabled using a non780 port, the routers HTTP service (Web Configuration Utility) will be accessible via the router’s WAN port lP address foIIOWing by a colon and the non-80 port: http./I, For example, if 7234 is entered, a remote user can access and configure the router at http ”203.123.1234 where 203.123 indicates the WAN port’s lP address if WAN Management is enabled using standard port 80, no suffix is required if WAN Management is enabled using port 80, your publicly accessible Web server (ifany) on LAN side should use a non-80 39 WHCICSS Broadband Router User Manual 40 HTTP port. And you need to use the Forwarding feature to shift external HTTP requests to the non-80 port number used by the Web server on LAN side. WAN Port ng Reply: Ava|lable only when Flrewall IS enabled If available, this setting determines lf an external host erI get reply when trying to ping the lP address of your WAN port. It‘s disabled by default. Report Log to TFTP Server: Available only when Firewall is enabled. if available it specifies Whether to report firewall event log to your TFTP sewer if enabled, a LAN TFTP Sewer f|e|d lS present for you to specify the IP address of the TFTP server. All the filter logs are sent to TFTP server although only 32 entries are d|splayed in Show Log Window (see System 0verv|ew page) 4 Web Configuration 4.7 Forwarding This page allows you to configure the Forwarding and DMZ (De-Militanzed Zone) features Unlike Filter which governs outgoing traffic, Forwarding is used to provide external access to your local machines. This is commonly used when you have publicly accessible virtual servers on your local network. By default‘ forwarding entry is empty and any external access to your LAN is blocked Once you define a forwarding entry, incoming packets (identified by its port number) that match your Forwarding criteria vmll be forwarded to the port range of the specified local machine Otherwise packets are blocked. Forwarding serves as a measure of security that protects your network from hazardous packets However, if you designate a DMZ sever, incoming packets that do not match the forwarding criteria erI be redirected to the DMZ IP address. That is, forwarding demands a higher priority than DMZ. Setting Up Forwarding Entries To set up your forwarding entries, enter these fields. DMZ IP Address: DMZ setting allows a local machine to be exposed to the lnternet. If you specify a DMZ host here‘ the incoming packets containing no port information specified in the Forwarding table are forwarded to the DMZ host TCP Port FonNards: In the first Start and End fields, define the port range for the incoming TCP sen/roe you want to forward In the IP Address filed‘ enter the l? address of the virtual server to which packets are forwarded. The Start/End fields on right side define the port range for the TCP service on the virtual sewer For example, you have avirtual server 192 168.1210 running FTP service and you allow external access by the setting below: Start End lP Address Start End 20 21 192.1631 210 20 21 41 WHCICSS Broadband Router User Manual 42 UDP Port Forwards: The configuration is the same as setting TCP Port Forwards, only that the entry applies to UDP sewice When the router gets outside TCP/UDP requests destined for the WAN port, it determines Whether the services are allowed according to your forwarding settings. For example. if you do not specify FFPvirtual sewice in Forwarding table, incoming l—"I'P requests (identified by port number in packets) are blocked or otherwise sent to DMZ host (if specified) On the other hand, if an l—"I'P forwarding entry has been set up. the FTP requests will be able to be forwarded to the specified machine Ifyou have a Web sewer on your network... if you enable WAN Management (i.e., allow external access from the WAN port. see “4 6 Filters”) and want to designate another Web sewer on your local network, take either of the procedures belowto avoid port confliction: Option 1: In Filters page. With WAN Management enabled, enter a port number other than 80 (for example, 1234) and reserve the number 50 for your Web sewer. if any external host wants to access your Web management server through the WAN port, it should use the address below http'l/204 71200 143 (I e , the WAN IP address)’1234 Option 2: Have WAN Management to use the standard port number 50 and your Web server (e,g , 192.168 1.4) to use another port number leg, 8080) In this case, you need to shift the incoming HTTP request (destined for local Web sewer) to port 5050 of your Web server. the forwarding entry may look like this. Start End lP Address Start End 5050 8080 192.1681 4 8080 5050 With the settings above, an external host trying to access your local Web sewer should use the address like this http:/1204.71 200.743 (ie , the WAN IP address):8080 4. Web Configuraliou ll you do not enter the suffix “$080", the external host's packets will contain the standard port number 80 and the router WI|| not forward the packets s|nce no forwarding entry matches. As a result, if a WAN computeriries to access the LAN‘s Web server‘ it will turn to access lhe Web service on the WAN port, i a, the Web Configuration Utility 0! the router instead. mmwwmmm mu lF Mm l—‘ l l l if i747 lili mm- Figure 4—16 Forwarding 43 Wireless Broadband Router User Manual 44 4.8 Administration > system Clock Configuration Network administrators may want to synchronize date and time among network devices This can be done by synchronizing the local clockto an available NTP server or manually specifying the date and time in this router for your network Option 1: Using an existing NTP server. 1 in Set by item, enable the Network Time Protocol option 2. ln NTP Serverfield. enter the IP address of the NTP server. 3. ln Update Interval item. select your update interval as 1, 2 or 7 days. 4. in Time Zone field, select a time zone according your geographic location. Option 2: Specifying the router as your network NTP sewer. 1. in Set by item, enable the Manual Setup option. 2 Manually enter the date and time information in respective fields. > Management Setup Username&Password: For administration security, specify required User Name and Password and re—enter password in corresponding field for confirmation. This setting limits your Web-based manager access to users With the correct credentials By default. the user name is empty and the password is admin > Firmware Upgrade This option allows you to upgrade the Wireless Broadband Router with new firmware After upgrading, your customized configuration will still exist and not reset to the factory defaults. To upgrade, dovrmload required firmware file to your host PC and followthe steps below. 4 Web Configuration 1. ln the Locate New Firmware fleld, click Browse to locate the firmware file 2. Cllck the Upgrade button to start upgrade and then wait fora few minutes as the utility prompts You will return to the Admlnlstration page while the process ls complete. Note: Do not lnterrupt the upgrade process otherwise it might cause damage to your Wireless Broadband Router. After upgrade, you can see the new firmware version in Current Firmware version field. > User Configu rations Save Cu rrent Configurations: Allows you to save your customlzed settlngs to the devlce Once your router lS properly conflgured, you may wish to save current settings. The saved settings can be retrieved easily if required, even after you reload factory defaults: Retrieve User Configurations: If you have loaded factory defaults (either via the Load Default button on the back panel or via the Restore button ln thls group), you can restore your settings by clicking the Retrieve button Important: After retrlevlng your des|red oonf|gurat|on flle, you must reboot the device to enable the retrieved settings. Restore Factory Defaults: To restore factory defaults, C|le the Restore button and then want for a few seconds as the ut|l|ty prompts. You will return to the Adminlstration page while the process is complete, This feature is basically the same as resettlng vla the Load Default button (see “Rear Panel and Connectors”) on the device but lt allows you to remotely perform the reset task P System Reboot: This option allows to you remotely reboot the devlce 45 Wireless Bmadbzmd Router User Manual 4s mm... sum Hm um— um (nu-m,- m“. mum-u- mmmmw 19mm" mmm Mm .— mnhmer‘rmnw c mum» 1— Wm m PM" w w, r— mm m h mum u, If mm m fizmu ¢mm1 MM mm mm, mm 17m, w Figure 417 Administratmn
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : No Encryption : Standard V2.3 (128-bit) User Access : Print, Copy, Extract, Print high-res XMP Toolkit : 3.1-702 Modify Date : 2006:01:08 22:44:29-08:00 Create Date : 2006:01:08 22:41:14-08:00 Metadata Date : 2006:01:08 22:44:29-08:00 Creator Tool : Adobe Acrobat 7.0 Format : application/pdf Document ID : uuid:8f6f57d6-7a74-4007-85ca-dfc1890af7ca Instance ID : uuid:30517483-8317-43a9-9cfb-e8217a253f85 Producer : Adobe Acrobat 7.0 Image Conversion Plug-in Has XFA : No Page Count : 16 Creator : Adobe Acrobat 7.0EXIF Metadata provided by EXIF.tools