Comtrend AR-5389 AR-5389 User Manual AR 5389 4

Comtrend Corporation AR-5389 AR 5389 4

AR-5389_user manual-4

 140 Appendix A - Firewall STATEFUL PACKET INSPECTION Refers to an architecture, where the firewall keeps track of packets on each connection traversing all its interfaces and makes sure they are valid. This is in contrast to static packet filtering which only examines a packet based on the information in the packet header. DENIAL OF SERVICE ATTACK Is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Various DoS attacks the device can withstand are ARP Attack, Ping Attack, Ping of Death, Land, SYN Attack, Smurf Attack, and Tear Drop. TCP/IP/PORT/INTERFACE FILTER These rules help in the filtering of traffic at the Network layer (i.e. Layer 3). When a Routing interface is created, Enable Firewall must be checked. Navigate to Advanced Setup  Security  IP Filtering. OUTGOING IP FILTER Helps in setting rules to DROP packets from the LAN interface. By default, if the Firewall is Enabled, all IP traffic from the LAN is allowed. By setting up one or more filters, specific packet types coming from the LAN can be dropped.    Example 1:  Filter Name      : Out_Filter1 Protocol        : TCP Source IP address    : 192.168.1.45 Source Subnet Mask  : 255.255.255.0 Source Port      : 80 Dest. IP Address    : NA Dest. Subnet Mask   : NA Dest. Port      : NA  This filter will Drop all TCP packets coming from the LAN with IP Address/Subnet Mask of 192.168.1.45/24 having a source port of 80 irrespective of the destination. All other packets will be Accepted.  Example 2:  Filter Name      : Out_Filter2 Protocol        : UDP Source IP Address    : 192.168.1.45 Source Subnet Mask  : 255.255.255.0 Source Port      : 5060:6060 Dest. IP Address    : 172.16.13.4 Dest. Subnet Mask   : 255.255.255.0 Dest. Port      : 6060:7070  This filter will drop all UDP packets coming from the LAN with IP Address / Subnet Mask of 192.168.1.45/24 and a source port range of 5060 to 6060, destined to 172.16.13.4/24 and a destination port range of 6060 to 7070. INCOMING IP FILTER Helps in setting rules to Allow or Deny packets from the WAN interface. By default, all incoming IP traffic from the WAN is Blocked, if the Firewall is Enabled. By setting up one or more filters, specific packet types coming from the WAN can be Accepted.
 141 Example 1:  Filter Name      : In_Filter1 Protocol        : TCP Policy        : Allow Source IP Address    : 210.168.219.45 Source Subnet Mask  : 255.255.0.0 Source Port      : 80 Dest. IP Address    : NA Dest. Subnet Mask   : NA Dest. Port      : NA Selected WAN interface : br0  This filter will ACCEPT all TCP packets coming from WAN interface “br0” with IP Address/Subnet Mask 210.168.219.45/16 with a source port of 80, irrespective of the destination. All other incoming packets on this interface are DROPPED.  Example 2:  Filter Name      : In_Filter2 Protocol        : UDP Policy        : Allow Source IP Address    : 210.168.219.45 Source Subnet Mask  : 255.255.0.0 Source Port      : 5060:6060 Dest. IP Address    : 192.168.1.45 Dest. Sub. Mask    : 255.255.255.0 Dest. Port      : 6060:7070 Selected WAN interface : br0    This rule will ACCEPT all UDP packets coming from WAN interface “br0” with IP Address/Subnet Mask 210.168.219.45/16 and a source port in the range of 5060 to 6060, destined to 192.168.1.45/24 and a destination port in the range of 6060 to 7070. All other incoming packets on this interface are DROPPED.   MAC LAYER FILTER These rules help in the filtering of Layer 2 traffic. MAC Filtering is only effective in Bridge mode. After a Bridge mode connection is created, navigate to Advanced Setup  Security  MAC Filtering in the WUI.  Example 1:  Global Policy      : Forwarded Protocol Type      : PPPoE Dest. MAC Address   : 00:12:34:56:78:90 Source MAC Address  : NA Src. Interface     : eth1 Dest. Interface    : eth2  Addition of this rule drops all PPPoE frames going from eth1 to eth2 with a Destination MAC Address of 00:12:34:56:78:90 irrespective of its Source MAC Address. All other frames on this interface are forwarded.  Example 2:  Global Policy      : Blocked Protocol Type      : PPPoE Dest. MAC Address   : 00:12:34:56:78:90 Source MAC Address  : 00:34:12:78:90:56 Src. Interface     : eth1 Dest. Interface    : eth2  Addition of this rule forwards all PPPoE frames going from eth1 to eth2 with a Destination MAC Address of 00:12:34:56:78 and Source MAC Address of 00:34:12:78:90:56. All other frames on this interface are dropped.
 142 Appendix B - Specifications Hardware Interface   RJ-11 X 1 for ADSL  RJ-45 X 4 for LAN (10/100 Base-T auto-sense)  WPS Button X 1  Wi-Fi On/Off Button X 1  Power Switch X 1  Wi-Fi Antenna X 1  WAN Interface   Downstream  up  to  8M  for  ADSL,  24  Mbps  for  ADSL2+;  Upstream  up  to 1Mbps,for ANNEX M Upstream up to 2.4Mbps  ANSI T1.413 issue 2, ITU-T G.992.2 Annex A (G.lite), ITU-T G.992.3 Annex A, L, M (ADSL2), TU-T G.992.5 Annex A, M (ADSL2+), ITU-T G 994.1, ITU-T G.997.1, ETSI ETR-328  LAN Interface     Standard IEEE 802.3, IEEE 802.3u  Wireless Interface   IEEE802.11b/g/n  64, 128-bit Wired Equivalent Privacy (WEP) Data Encryption  11 Channels (US, Canada)/ 13 Channels (Europe)/ 14 Channels (Japan)  WPA/WPA2       Yes   Management   SNMP V2C  Remote upgrade  TFTP/FTP upgrade    Support TR069  Telnet remote access support  Support Web based configuration    Support for backup & restore configuration to/from PC  Support TR-64 for LAN management  Networking Protocols   ARFC 2684 IP Bridging  RFC 2684 IP Routing  RFC 2516, PPPoE (Point over Ethernet) over ATM  RFC 2364 PPPoA  Support 8 PVCs    QoS based on PVC  Routing: RIP v1, RIP v2  Support Static Routing  NAT & PAT (RFC 1631)  DMZ support  NAT with Application Layer Gateway  IP Routing: TCP, UDP, ICMP, ARP
 143  DHCP Client/Server for IP management  DHCP Relay  IP multicasting IGMP v1/v2  Pass through/open/redirection and port mapping  The Range of private IP support 192.168.1.2 to 192.168.1.254  QoS mechanism support for mapping of PVC with different traffic classes  HTTP (web based) for firmware upgrade & configuration  IP filtering & raw filtering  IGMP Snooping support  IEEE 802.1D Transparent Bridging  DNS Relay  Security Functions   PAP, CHAP, TCP/IP/Port filtering rules    Port triggering/Forwarding,    Packet and MAC address filtering, Access control, SSH access  QoS   Port-based QoS,  802.1 bit marking  Firewall/Filtering       Stateful Inspection Firewall    Stateless Packet Filter  Denial of Service (DOS): ARP attacks, Ping attacks, Ping of Death, LAND,SYNC, Smurf, Unreachable, Teardrop    TCP/IP/Port/interface filtering rules Support both incoming and outgoing filtering  NAT/NAPT   Support Port Triggering and Port forwarding    Symmetric port-overloading NAT, Full-Cone NAT  Dynamic NAPT (NAPT N-to-1)  Support DMZ host    Virtual Server  VPN Passthrough (PPTP, L2TP, IPSec)  Application Passthrough PPTP, L2TP, IPSec, VoIP, Yahoo messenger, ICQ, RealPlayer, NetMeeting, MSN, X-box, etc.   Power Supply ................................................Input:  100 - 240 Vac     Output:  12 Vdc / 0.5 A Environment Condition    Operating temperature............................0 ~ 50 degrees Celsius                 Non-operating temperature………………………..-20 ~ 70 degrees Celsius                                 Humidity…………………….10 ~ 90% (non-condensing, standard operating)              Humidity……………………………….5 ~ 95% (non-condensing, non-operating)             Dimensions .....................................143 mm (W) x 35 mm (H) x 120 mm (D)
 144  Certifications................................... CE, FCC                              Kit Weight  (1*AR-5389, 1*RJ11 cable, 1*RJ45 cable, 1*power adapter, 1*CD-ROM)                             NOTE:    Specifications are subject to change without notice
 145 Appendix C - SSH Client Unlike Microsoft Windows, Linux OS has a ssh client included.    For Windows users, there is a public domain one called “putty” that can be downloaded from here:  http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html  To access the ssh client you must first enable SSH access for the LAN or WAN from the Management  Access Control  Services menu in the web user interface.      To access the router using the Linux ssh client    For LAN access, type: ssh -l admin 192.168.1.1  For WAN access, type: ssh -l support WAN IP address  To access the router using the Windows “putty” ssh client  For LAN access, type: putty -ssh -l admin 192.168.1.1  For WAN access, type: putty -ssh -l support WAN IP address  NOTE:  The WAN IP address can be found on the Device Info  WAN screen
 146 Appendix D - WPS OPERATION This Section shows the basic AP WPS Operation procedure.   D1 Add Enrollee with Pin Method  1) Select Enabled from the Enable WPS dropdown menu. 2) Click the Apply/Save button at the bottom of the screen.     3) When the screen refreshes select the Radio button “Enter STA Pin” 4) Input Pin from Enrollee Station (67782789 in this example) 5) Click “Add Enrollee”
 147    4) Operate Station to start WPS Adding Enrollee.              D2 Add Enrollee with PBC Method  1) Press the WPS button at back of the device to activate WPS PBC operation.      2) Operate Station (your dongle for example) to start WPS Adding Enrollee.
 148 D3 Configure AP    1) Select Enabled from the Enable WPS dropdown menu. 2) Select Unconfigured from the Set WPS AP Mode dropdown menu.   3) Click the Apply/Save button at the bottom of the screen.    The following page will show these additional items.     Lock Device PIN   When enabled, device PIN is locked and cannot be used for WPS operation.
 149 4) Read the Device Pin (31957199 in this example) and input to External Registrar(ER – your dongle for example) when ER asks Device Pin ER could be wired (for example Windows Vista) or wireless (Intel Station).    5) Do Web Page refresh after ER complete AP Configuration to check the new parameters setting.
 150 Appendix E - Connection Setup Creating a WAN connection is a two-stage process.    1 - Setup a Layer 2 Interface (ATM, PTM or Ethernet).   2 - Add a WAN connection to the Layer 2 Interface.  The following sections describe each stage in turn. E1 ~ Layer 2 Interfaces Layer2 interface supports VLAN Mux modes, which allow for multiple connections over a single interface. PPPoE, IPoE, and Bridge are supported while PPPoA and IPoA connections are not.   The figure below shows multiple connections over a single VLAN Mux interface.  VLAN MUX MODE    This mode uses VLAN tags to allow for multiple connections over a single interface. PPPoE, IPoE, and Bridge are supported while PPPoA and IPoA connections are not.   The figure below shows multiple connections over a single VLAN Mux interface.
 151 E1.1 ATM Interfaces Follow these procedures to configure an ATM interface.  NOTE:  The AR-5389 supports up to 16 ATM interfaces.   STEP 1:  Go to Advanced Setup  Layer2 Interface  ATM Interface.       This table is provided here for ease of reference.  Heading  Description Interface  WAN interface name. VPI  ATM VPI (0-255)   VCI  ATM VCI (32-65535) DSL Latency  {Path0}  port ID = 0   {Path1}  port ID = 1 {Path0&1}  port ID = 4   Category  ATM service category Peak Cell Rate  Maximum allowed traffic rate for the ATM PCR service connection Sustainable Cell Rate The average allowable, long-term cell transfer rate on the VBR service connection Max Burst Size  The maximum allowable burst size of cells that can be transmitted contiguously on the VBR service connection Link Type  Choose EoA (for PPPoE, IPoE, and Bridge), PPPoA, or IPoA. Connection Mode  Default Mode – Single service over one connection Vlan Mux Mode – Multiple Vlan service over one connection IP QoS  Quality of Service (IP QoS) status Remove  Select items for removal   STEP 2:  Click Add to proceed to the next screen.    NOTE:  To add WAN connections to one interface type, you must delete existing connections from the other interface type using the remove button.
 152   There are many settings here including: VPI/VCI, DSL Latency, DSL Link Type, Encapsulation Mode, Service Category, Connection Mode and Quality of Service.       Here are the available encapsulations for each xDSL Link Type:   EoA- LLC/SNAP-BRIDGING, VC/MUX  PPPoA- VC/MUX, LLC/ENCAPSULATION  IPoA- LLC/SNAP-ROUTING, VC MUX   STEP 3:  Click Apply/Save to confirm your choices.    On the next screen, check that the ATM interface is added to the list. For example, an ATM interface on PVC 0/35 in Default Mode with an EoA Link type is shown below.
 153   To add a WAN connection go to E2 ~ WAN Connections. E1.2 PTM Interfaces Follow these procedures to configure a PTM interface.      NOTE:  The AR-5389 can support two PTM interfaces.    STEP 4:  Go to Advanced Setup  Layer2 Interface  PTM Interface.    This table is provided here for ease of reference.  Heading  Description Interface  WAN interface name. DSL Latency  {Path0}  portID = 0   {Path1}  port ID = 1 {Path0&1}  port ID = 4   PTM Priority  Normal or High Priority (Preemption). Connection Mode  Default Mode – Single service over one interface. Vlan Mux Mode – Multiple Vlan services over one interface. MSC Mode – Multiple Services over one interface.   QoS  Quality of Service (QoS) status. Remove  Select interfaces to remove.  STEP 5:  Click Add to proceed to the next screen.    NOTE:  To add WAN connections to one interface type, you must delete existing connections from the other interface type using the remove button.
 154   There are many settings that can be configured here including:   DSL Latency, PTM Priority, Connection Mode and Quality of Service.  STEP 6:  Click Apply/Save to confirm your choices.    On the next screen, check that the PTM interface is added to the list.    For example, an PTM interface in Default Mode is shown below.      To add a WAN connection go to E2 ~ WAN Connections.  E1.3 Ethernet WAN Interface Some models of the AR-5389 support a single Ethernet WAN interface over the ETH WAN port. Follow these procedures to configure an Ethernet WAN interface.    NOTE:  To add WAN connections to one interface type, you must delete existing connections from the other interface type using the remove button.
 155 STEP 1:  Go to Advanced Setup  Layer2 Interface  ETH Interface.      This table is provided here for ease of reference.  Heading  Description Interface/ (Name) ETH WAN Interface Connection Mode Default Mode – Single service over one connection Vlan Mux Mode – Multiple Vlan service over one connection MSC Mode – Multiple Service over one Connection Remove  Select the checkbox and click Remove to remove the connection.  STEP 2:  Click Add to proceed to the next screen.     STEP 3:  STEP 4: Click Apply/Save to confirm your choice.    The figure below shows an Ethernet WAN interface configured in VlanMuxMode.    To add a WAN connection go to Appendix E - Connection Setup.
 156 E2 ~ WAN Connections In Default Mode, the AR-5389 supports up to 16 connections.  To setup a WAN connection follow these instructions.  STEP 1:  Go to the Advanced Setup  WAN Service screen.   STEP 2:  Click Add to create a WAN connection. The following screen will display.     STEP 3:  Choose a layer 2 interface from the drop-down box and click Next.   The WAN Service Configuration screen will display as shown below.
 157   NOTE:  The WAN services shown here are those supported by the layer 2 interface you selected in the previous step. If you wish to change your selection click the Back button and select a different layer 2 interface.  STEP 4:  For VLAN Mux Connections, you must enter Priority & VLAN ID tags.    STEP 5:  You will now follow the instructions specific to the WAN service type you wish to establish. This list should help you locate the correct procedure: (1) For PPP over ETHERNET (PPPoE), go to page 152. (2) For IP over ETHERNET (IPoE), go to page 158. (3) For Bridging, go to page 164. (4) For PPP over ATM (PPPoA), go to page 166. (5) For IP over ATM (IPoA), go to page 171.      The subsections that follow continue the WAN service setup procedure.
 158 E2.1 PPP over ETHERNET (PPPoE) STEP 1:  Select the PPP over Ethernet radio button and click Next. You can also enable IPv6 by ticking the checkbox  at the bottom of this screen.     STEP 2:  On the next screen, enter the PPP settings as provided by your ISP.   Click Next to continue or click Back to return to the previous step.
 159
 160  The settings shown above are described below. PPP SETTINGS The PPP Username, PPP password and the PPPoE Service Name entries are dependent on the particular requirements of the ISP.    The user name can be a maximum of 256 characters and the password a maximum of 32 characters in length. For Authentication Method, choose from AUTO, PAP, CHAP, and MSCHAP. ENABLE FULLCONE NAT This option becomes available when NAT is enabled. Known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host, by sending a packet to the mapped external address. DIAL ON DEMAND The AR-5389 can be configured to disconnect if there is no activity for a period of time by selecting the Dial on demand checkbox .    You must also enter an inactivity timeout period in the range of 1 to 4320 minutes.       PPP IP EXTENSION The PPP IP Extension is a special feature deployed by some service providers.   Unless your service provider specifically requires this setup, do not select it.    PPP IP Extension does the following:   Allows only one PC on the LAN.  Disables NAT and Firewall.  The device becomes the default gateway and DNS server to the PC through DHCP using the LAN interface IP address.  The device extends the IP subnet at the remote service provider to the LAN PC.    i.e. the PC becomes a host belonging to the same IP subnet.  The device bridges the IP packets between WAN and LAN ports, unless the packet is addressed to the device’s LAN IP address.  The public IP address assigned by the remote side using the PPP/IPCP protocol is actually not used on the WAN PPP interface.    Instead, it is forwarded to the PC LAN interface through DHCP.    Only one PC on the LAN can be connected to the remote, since the DHCP server within the device has only a single IP address to assign to a LAN device. ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox . The NAT submenu will appear in the Advanced Setup menu after reboot.   On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox  should not be selected to free up system resources for better performance.     ENABLE FIREWALL If this checkbox  is selected, the Security submenu will be displayed on the Advanced Setup menu after reboot. If firewall is not necessary, this checkbox  should not be selected to free up system resources for better performance.
 161 USE STATIC IPv4 ADDRESS Unless your service provider specially requires it, do not select this checkbox .    If selected, enter the static IP address in the IPv4 Address field.   Don’t forget to adjust the IP configuration to Static IP Mode as described in Section 3.2   MTU Maximum Transmission Unit. The size (in bytes) of largest protocol data unit which the layer can pass onwards. This value is 1500 for PPPoA.  ENABLE PPP DEBUG MODE When this option is selected, the system will put more PPP connection information into the system log.   This is for debugging errors and not for normal usage.  BRIDGE PPPOE FRAMES BETWEEN WAN AND LOCAL PORTS   (This option is hidden when PPP IP Extension is enabled) When Enabled, this creates local PPPoE connections to the WAN side. Enable this option only if all LAN-side devices are running PPPoE clients, otherwise disable it.   The VR-3025u supports pass-through PPPoE sessions from the LAN side while simultaneously running a PPPoE client from non-PPPoE LAN devices.   ENABLE IGMP MULTICAST PROXY Tick the checkbox  to enable Internet Group Membership Protocol (IGMP) multicast. This protocol is used by IPv4 hosts to report their multicast group memberships to any neighboring multicast routers. NO MULTICAST VLAN FILTER   Tick the checkbox  to Enable/Disable multicast VLAN filter.  Enable WAN interface with base MAC  Enable this option to use the router’s base MAC address as the MAC address for this WAN interface.   STEP 3:  Choose an interface to be the default gateway.
 162     Click Next to continue or click Back to return to the previous step.  Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered.
 163   Click Next to continue or click Back to return to the previous step.  STEP 5:  The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them.    After clicking Apply/Save, the new service should appear on the main screen.   To activate it you must reboot. Go to Management  Reboot and click Reboot.
 164 E2.2 IP over ETHERNET (IPoE) STEP 1:  *Select the IP over Ethernet radio button and click Next.       * For tagged service, enter valid 802.1P Priority and 802.1Q VLAN ID. For untagged service, set -1 to both 802.1P Priority and 802.1Q VLAN ID.  STEP 2:  The WAN IP settings screen provides access to the DHCP server settings.      You can select the Obtain an IP address automatically radio button to enable DHCP (use the DHCP Options only if necessary). However, if you prefer, you can instead use the Static IP address method to assign WAN IP address, Subnet Mask and Default Gateway manually.
 165    NOTE:  If IPv6 networking is enabled, an additional set of instructions, radio buttons, and text entry boxes will appear at the bottom of the screen.   These configuration options are quite similar to those for IPv4 networks.    Click Next to continue or click Back to return to the previous step.  STEP 3:  This screen provides access to NAT, Firewall and IGMP Multicast settings. Enable each by selecting the appropriate checkbox . Click Next to continue or click Back to return to the previous step.
 166   ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox .    The NAT submenu will appear in the Advanced Setup menu after reboot.    On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox  should not be selected, so as to free up system resources for improved performance. ENABLE FULLCONE NAT     This option becomes available when NAT is enabled. Known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host, by sending a packet to the mapped external address. ENABLE FIREWALL If this checkbox  is selected, the Security submenu will be displayed on the Advanced Setup menu after reboot.    If firewall is not necessary, this checkbox  should not be selected so as to free up system resources for better performance.     ENABLE IGMP MULTICAST Tick the checkbox  to enable Internet Group Membership Protocol (IGMP) multicast.    IGMP is a protocol used by IPv4 hosts to report their multicast group memberships to any neighboring multicast routers.     Enable WAN interface with base MAC  Enable this option to use the router’s base MAC address as the MAC address for this WAN interface.
 167  STEP 4:  To choose an interface to be the default gateway.      Click Next to continue or click Back to return to the previous step.  STEP 5:  Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered.
 168     If IPv6 is enabled, an additional set of options will be shown.    IPv6: Select the configured WAN interface for IPv6 DNS server information OR enter the static IPv6 DNS server Addresses.  Note that selecting a WAN interface for IPv6 DNS server will enable DHCPv6 Client on that interface.    Click Next to continue or click Back to return to the previous step.
 169  STEP 6:  The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them.    After clicking Apply/Save, the new service should appear on the main screen.   To activate it you must reboot. Go to Management  Reboot and click Reboot.
 170 E2.3 Bridging NOTE:  This connection type is not available on the Ethernet WAN interface.   STEP 1:  *Select the Bridging radio button and click Next.         * For tagged service, enter valid 802.1P Priority and 802.1Q VLAN ID. For untagged service, set -1 to both 802.1P Priority and 802.1Q VLAN ID.  STEP 2:  The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to return to the previous screen.
 171    After clicking Apply/Save, the new service should appear on the main screen.   To activate it you must reboot. Go to Management  Reboot and click Reboot.  NOTE:  If this bridge connection is your only WAN service, the AR-5389 will be inaccessible for remote management or technical support from the WAN.
 172 E2.4 PPP over ATM (PPPoA)     STEP 1:  Click Next to continue.    STEP 2:  On the next screen, enter the PPP settings as provided by your ISP.   Click Next to continue or click Back to return to the previous step.
 173  PPP SETTINGS The PPP username and password are dependent on the requirements of the ISP.   The user name can be a maximum of 256 characters and the password a maximum of 32 characters in length. (Authentication Method: AUTO, PAP, CHAP, or MSCHAP.)  ENABLE FULLCONE NAT This option becomes available when NAT is enabled. Known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host, by sending a packet to the mapped external address.
 174  DIAL ON DEMAND The AR-5389 can be configured to disconnect if there is no activity for a period of time by selecting the Dial on demand checkbox . You must also enter an inactivity timeout period in the range of 1 to 4320 minutes.       PPP IP EXTENSION The PPP IP Extension is a special feature deployed by some service providers.   Unless your service provider specifically requires this setup, do not select it.    PPP IP Extension does the following:   Allows only one PC on the LAN.  Disables NAT and Firewall.  The device becomes the default gateway and DNS server to the PC through DHCP using the LAN interface IP address.  The device extends the IP subnet at the remote service provider to the LAN PC.    i.e. the PC becomes a host belonging to the same IP subnet.  The device bridges the IP packets between WAN and LAN ports, unless the packet is addressed to the device’s LAN IP address.  The public IP address assigned by the remote side using the PPP/IPCP protocol is actually not used on the WAN PPP interface.    Instead, it is forwarded to the PC LAN interface through DHCP.    Only one PC on the LAN can be connected to the remote, since the DHCP server within the device has only a single IP address to assign to a LAN device. ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox . The NAT submenu will appear in the Advanced Setup menu after reboot.   On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox  should not be selected to free up system resources for better performance.     ENABLE FIREWALL If this checkbox  is selected, the Security submenu will be displayed on the Advanced Setup menu after reboot. If firewall is not necessary, this checkbox  should not be selected to free up system resources for better performance.     USE STATIC IPv4 ADDRESS Unless your service provider specially requires it, do not select this checkbox .    If selected, enter the static IP address in the IP Address field. Also, don’t forget to adjust the IP configuration to Static IP Mode as described in Section 3.2.  Fixed MTU Fixed Maximum Transmission Unit. The size (in bytes) of largest protocol data unit which the layer can pass onwards. This value is 1500 for PPPoA. ENABLE PPP DEBUG MODE When this option is selected, the system will put more PPP connection information into the system log. This is for debugging errors and not for normal usage.
 175 ENABLE IGMP MULTICAST Tick the checkbox  to enable Internet Group Membership Protocol (IGMP) multicast. IGMP is a protocol used by IPv4 hosts to report their multicast group memberships to any neighboring multicast routers.  NO MULTICAST VLAN FILTER Tick the checkbox  to have the multicast packets bypass the VLAN filter.  Enable WAN interface with base MAC    STEP 3: Choose an interface to be the default gateway.   Click Next to continue or click Back to return to the previous step.  STEP 4:  Choose an interface to be the default gateway.   Click Next to continue or click Back to return to the previous step.
 176 STEP 5:  The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them.    After clicking Apply/Save, the new service should appear on the main screen.   To activate it you must reboot. Go to Management  Reboot and click Reboot.
 177 E2.5 IP over ATM (IPoA)   STEP 1:  Click Next to continue.  STEP 2:  Enter the WAN IP settings provided by your ISP. Click Next to continue.    STEP 3:  This screen provides access to NAT, Firewall and IGMP Multicast settings. Enable each by selecting the appropriate checkbox . Click Next to continue or click Back to return to the previous step.
 178  ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox .    The NAT submenu will appear in the Advanced Setup menu after reboot. On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox  should not be selected, so as to free up system resources for improved performance. ENABLE FULLCONE NAT This option becomes available when NAT is enabled. Known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host by sending a packet to the mapped external address. ENABLE FIREWALL If this checkbox  is selected, the Security submenu will be displayed on the Advanced Setup menu after reboot.    If firewall is not necessary, this checkbox  should not be selected so as to free up system resources for better performance.     ENABLE IGMP MULTICAST Tick the checkbox  to enable Internet Group Membership Protocol (IGMP) multicast. IGMP is a protocol used by IPv4 hosts to report their multicast group memberships to any neighboring multicast routers.    Enable WAN interface with base MAC  Enable this option to use the router’s base MAC address as the MAC address for this WAN interface.
 179   STEP 4:  Choose an interface to be the default gateway.      Click Next to continue or click Back to return to the previous step.  NOTE:  If the DHCP server is not enabled on another WAN interface then the following notification will be shown before the next screen.        STEP 5:  Choose an interface to be the default gateway.
 180     Click Next to continue or click Back to return to the previous step.  STEP 6:  The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them.    After clicking Apply/Save, the new service should appear on the main screen.   To activate it you must reboot. Go to Management  Reboot and click Reboot.
    FCC INFORMATION  This  equipment  complies  with  CFR  47,  Part  15.19 of  the  FCC  rules.  Operation of  the  equipment is subject  to the  following conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received; including interference that may cause undesired operation. THIS DEVICE MUST NOT BE CO-LOCATED OR OPERATING IN CONJUNCTION WITH ANY OTHER ANTENNA OR TRANSMITTER NOTE: THE MANUFACTURER IS NOT RESPONSIBLE FOR ANY RADIO OR TV INTERFERENCE CAUSED BY UNAUTHORIZED MODIFICATIONS TO THIS EQUIPMENT. SUCH MODIFICATIONS COULD VOID THE USER’S AUTHORITY TO OPERATE THE EQUIPMENT. Federal Communications Commission (FCC) Requirements, Part 15   This equipment has been tested and found to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This  equipment  generates,  uses  and  can radiate  radio frequency  energy  and,  if not  installed  and used  in  accordance  with  the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: ---Reorient or relocate the receiving antenna. ---Increase the separation between the equipment and receiver. ---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. ---Consult the dealer or an experienced radio/TV technician for help.  REGULATORY INFORMATION / DISCLAIMERS Installation  and  use  of  this  Wireless  LAN  device  must  be  in  strict  accordance  with  the  instructions  included  in  the  user documentation provided with the product. Any changes or modifications (including the antennas) made to this device that are not expressly  approved  by  the  manufacturer  may  void  the  user’s  authority  to  operate  the  equipment.  The  manufacturer  is  not responsible for any radio or television interference caused by unauthorized modification of this device, or the substitution  of the connecting cables and equipment other than manufacturer specified. It is the responsibility of the user to correct any interference caused by such unauthorized modification, substitution or attachment. Manufacturer and its authorized resellers or distributors will assume no liability for any damage or violation of government CAUTION:  To maintain  compliance with  FCC’s RF exposure guidelines, this equipment  should be installed and operated with minimum distance 20cm between the radiator and your body. Use on the supplied antenna. Unauthorized antenna, modification, or attachments could damage the transmitter and may violate FCC regulations. MPE Statement (Safety Information) Your device contains a low power transmitter. When device is transmitted it sends out Radio Frequency (RF) signal. SAFETY INFORMATION In  order  to maintain  compliance  with the  FCC  RF exposure  guidelines, this  equipment  should be  installed  and  operated with minimum distance 20cm between the radiator and your body. Use only with supplied antenna. Unauthorized antenna, modification, or attachments could damage the transmitter and may violate FCC regulations.

Navigation menu