GemTek Technology ADV981119G ADSL2+ Residential Gateway User Manual Cisco 4020210A

Gemtek Technology Co., Ltd. ADSL2+ Residential Gateway Cisco 4020210A

Manual Part 3

Client Summary 4020210 Rev A 99 3 Click Show HPNA Client. After processing, the HPNA Info screen opens. This screen shows the role, MAC Address, and the version of HPNA. 4 Click HPNA Update to update the HPNA software of HPNA devices attached to the residential gateway. The Update HPNA Image window opens. 5 In the Software File Name field, enter the name of the file that you want to use to update your system. You can click Browse to locate the file. 6 Click Next and wait for the software for the attached HPNA devices to be updated. Wireless Station List This page shows the attached clients (also known as associated stations) to the wireless access point (AP) of the residential gateway. At this time, there is no limit to the number of simultaneously attached devices.
Chapter 5 Home Network Configuration 100 4020210 Rev A Path: Home Network > Summary > Show Wireless Client Showing Attached Clients To show the attached clients to the wireless access point of the residential gateway, complete the following steps. 1 Click Home Network on the main screen. 2 Click Summary. The Client Summary screen opens. 3 Click Show Wireless Client. The Wireless Station List screen opens. If you have a wireless client attached to the residential gateway, the screen displays the MAC Address of the client and whether the client is associated with the residential gateway. 4 Click Refresh to update the list of attached clients.
WAN Quick Setup 4020210 Rev A 101 WAN Quick Setup The WAN Quick Setup screen allows you to set up wide area network (WAN) connections and settings, such as virtual channel identifiers (VCi), virtual path identifiers (VPI), and quality of service (QoS). Path: Home Network > WAN Setup > WAN Quick Setup Configuring the WAN Interface (PPPoE Broadband Type) To configure a WAN interface with the PPP over Ethernet (PPPoE) broadband type, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Chapter 5 Home Network Configuration 102 4020210 Rev A 2 Click WAN Setup. The WAN Quick Setup screen opens.
WAN Quick Setup 4020210 Rev A 103 3 Click Add to configure a new WAN interface, or click Edit to edit an existing WAN interface. 4 In the Broadband Type field, select DSL. 5 In the DSL Mode field, select ATM. More fields populate on the screen. 6 Complete the following fields on the screen as follows: Note: This configuration is an example of a specific setting for the residential gateway. Your values may differ depending upon your service provider. a In the Broadband Connect Type field, select PPP over Ethernet (PPPoE). b In the Encapsulation Mode field, select LLC/SNAP - Bridging.
Chapter 5 Home Network Configuration 104 4020210 Rev A c Check the VLAN Mux - Enable Multiple Protocols Over a Single PVC check box, if applicable. d In the PPP Username: field, enter the user name for the point-to-point protocol. e In the PPP Password: field, enter the password for the point-to-point protocol. f In the PPPoE Service Name: field, enter the name for the point-to-point over Ethernet service. g In the VPI field, enter the virtual path identifier (VPI). Values are: 0 to 65535. h In the VCI field, enter the virtual channel identifier (VCI). Values are: 0 to 65535. i In the Service Category field, select ABRI Without PCR. j Check the 'Enable Quality of Service' check box if applicable k In the Authentication Method field, select AUTO. l Check Enable NAT. m Check the Enable IGMP Multicast check box, if applicable n Check the Enable WAN Service check box 7 Click Save to save your settings. 8 Click Reboot. This action reboots the residential gateway so that the WAN setup configuration takes effect. Configuring the WAN Interface (MER Broadband Type) To configure a WAN interface for MAC Encapsulation Routing (MER) broadband type, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
WAN Quick Setup 4020210 Rev A 105 2 Click WAN Setup. The WAN Quick Setup screen opens.
Chapter 5 Home Network Configuration 106 4020210 Rev A 3 Click Add to add a new WAN interface, or click Edit to modify an existing WAN interface. 4 In the Broadband Type field, enter DSL. 5 In the DSL Mode field, select ATM. More fields populate on the screen. 6 Complete the following fields on the screen as follows: Note: This configuration is an example of a specific setting for the residential gateway. Your values may differ depending upon your service provider. a In the Broadband Connect Type field, select MAC Encapsulation Routing (MER). b In the Encapsulation Mode field, select LLC/SNAP - Bridging.
WAN Quick Setup 4020210 Rev A 107 c Select the VLAN Mux - Enable Multiple Protocols Over a Single PVC check box, if applicable. d In the VLAN ID[0-4095]: field, enter an ID for the VLAN. Values are: 0 to 4095. e In the VPI field, enter the virtual path identifier (VPI). Values are: 0 to 65535. f In the VCI field, enter the virtual channel identifier (VCI). Values are: 0 to 65535. g In the Service Category field, select UBR Without PCR. h Select the Enable Quality of Service check box, if applicable. i Select the Obtain an IP address automatically option. j Select the Obtain default gateway automatically option. k Select the Obtain DNS server addresses automatically option. l Select Enable NAT. m Select the Enable IGMP Multicast check box. n Select the Enable WAN Service check box. 7 Click Save. The system returns to the previous screen. 8 Click Reboot. This action reboots the residential gateway so that the WAN setup configuration takes effect.
Chapter 5 Home Network Configuration 108 4020210 Rev A LAN Setup The Local Area Network (LAN) Setup screen allows users to set up LAN settings such as Dynamic Host Configuration Protocol (DHCP), Internet Gateway Multicast Protocol (IGMP), and Universal Plug and Play (UPnP). Path: Home Network > LAN Setup Configuring the LAN Interface To configure the LAN interface, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
LAN Setup 4020210 Rev A 109 2 Click LAN Setup. The Local Area Network (LAN) setup screen opens. 3 In the IP Address field, enter the IP address for the residential gateway. 4 In the Subnet Mask field, enter the subnet mask for the residential gateway. 5 Do you want to enable UpnP?  If yes, check the Enable UPnP check-box.  If no, clear the Enable UPnp check-box. 6 Do you want to Enable the DHCP server?  If yes, select Enable DHCP Server, and go to step 7.  If no, select Disable DHCP Server, and go to step 8. 7 Under Enable DHCP server, enter the following information: a In the Start IP Address field, enter the first IP address in the range for the DHCP IP address lease pool. b In the End IP Address field, enter the last IP address in the range for the DHCP IP address lease pool. c In the Subnet Mask field, enter the subnet mask for the DHCP server. d In the Leased Time (hour) field, enter the duration of the DHCP lease address. 8 Click Save to save the changes or click Save/Reboot to save the changes and reboot the residential gateway.
Chapter 5 Home Network Configuration 110 4020210 Rev A Reserving IP Addresses The Address Reservation screen allows you to reserve IP addresses for specific devices. For example, you can reserve IP addresses for your laptop or PC in your home. Path: Home Network > LAN Setup > Address Reservation Reserving IP Addresses To reserve a specific IP address for a specific MAC address, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
LAN Setup 4020210 Rev A 111 2 Click LAN Setup. The Local Area Network (LAN) setup screen opens. 3 Click Address Reservation. The Reserve Specific IP Addresses for Specific MAC Addresses screen opens. 4 In the Assign this IP field, enter the IP address you want to assign to the MAC address. 5 In the To this MAC field, enter the MAC address to which you want to assign the IP address. 6 Click Save to save your settings.
Chapter 5 Home Network Configuration 112 4020210 Rev A Wireless Summary The Wireless Summary screen shows the MAC address and security information for the wireless connection. Path: Home Network > Wireless > Summary
Wireless Basic 4020210 Rev A 113 Wireless Basic The Wireless -- Basic screen allows you to configure the basic features of the wireless LAN interface. You can enable or disable the LAN interface, hide the network from active scans, enter a name for the wireless network, and restrict the channel set based on country requirements. Path: Home Network > Wireless > Basic Enabling the Wireless Network To enable the wireless network, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Chapter 5 Home Network Configuration 114 4020210 Rev A 2 Click Wireless. The Wireless Summary screen opens. 3 Click Basic. The Wireless Basic screen opens. 4 Check the Enable Wireless check box to enable the wireless network. The screen populates with additional fields. 5 Do you want to prevent other wireless clients from communicating with the wireless access point (AP) of the residential gateway?  If yes, check the Hide Access Point check box. This feature prevents any other wireless client from communicating with the access point of the residential gateway (or disables the wireless connection).  If no, uncheck the Hide Access Point check box. 6 In the SSID field, enter the Service Set Identifier (SSID). 7 From the Channel drop-down list, select Auto or a channel from 1 to 11. 8 In the Wireless Mode field, select the wireless mode from the drop-down list:  802.11g & 802.11b - Allows you to mix Wireless-B with Wireless-G equipment, but you will lose the higher performance speeds of Wireless-G.
Wireless Basic 4020210 Rev A 115  802.11g only - Features the same benefits as Wireless-B, but offers 5 times the speed at up to 54 Mbps. Wireless-G currently offers the best combination of performance and value. You can mix Wireless-B with Wireless-G equipment, but you will lose the higher performance speeds of Wireless-G.  802.11b only - Operates on the 2.4GHz frequency band and can transmit data at speeds of up to 11 Mbps within a range of up to 100-150 feet. Wireless range can be affected by reflective or signal-blocking obstacles, such as mirrors, walls, devices and location, whether indoors or outdoors. 9 In the 54g Protection field, select Auto or Off. Do not disable 54g Protection if there is a possibility that an 802.11b device may need to use your wireless network. Notes: – 54g Protection allows 802.11g and 802.11b devices to co-exist in the same network without “speaking” at the same time. In Auto Mode, the wireless device will use RTS/CTS to improve 802.11g performance in mixed 802.11g/802.11b networks. Turn protection off to maximize 802.11g throughput under most conditions. – You can enable Wi-Fi Multimedia (WMM) support to help improve the Quality of Service (QoS) for your wireless traffic. It is recommended that you leave these settings unchanged if you are not sure about your configuration. Changing these values may lead to unexpected blockages of traffic on your wireless LAN, and the blockages might be difficult to diagnose. 10 Click Save/Apply to enable the wireless network. Securing Your Wireless Network with WEP WEP is a security protocol for wireless networks. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. A shared key (similar to a password) is used to allow communication between the computers and the residential gateway. WEP offers a basic, but satisfactory level of security for wireless data transmission. To secure your wireless network with Wired Equivalent Privacy (WEP), complete the following steps.
Chapter 5 Home Network Configuration 116 4020210 Rev A 1 Click Home Network on the main screen. The Client Summary screen opens. 2 Click Wireless. The Wireless Summary screen opens. 3 Click Security. The Wireless -- Security screen opens. 4 In the Select SSID field, use the drop-down list to choose an option for the service set identifier (SSID). Note: You can add options to this drop-down list on the Wireless -- Basic screen.
Wireless Basic 4020210 Rev A 117 5 In the Network Authentication field, choose one of these two options for the authentication method.  Open. All devices may access the wireless network when WEP Encryption is disabled. When no authentication is required and if encryption is disabled, then the data that is passing between the access point and the client is also not encrypted. When WEP is enabled, the data is encrypted, but the client is not authenticated.  WPA/WPA2. See Securing Your Wireless Network with Encryption Keys (on page 120). 6 In the WEP Encryption field, select Enabled. The Wireless -- Security screen populates with more fields. 7 In the Encryption Strength field, choose one of the following options:  64-bit. Secures your network by 64-bit (10 hex) encryption of all traffic using a static key.  128-bit. Secures your network by 128-bit (26 hex) encryption of all traffic using a static key. Important: These settings must be identical to your wireless client devices.
Chapter 5 Home Network Configuration 118 4020210 Rev A 8 Do you want the system to generate the network key for you?  If yes, go to step 11.  If no, you must disable Serial Number Encryption and enter your own network key(s) in the field provided. Go to step 9. 9 In the Current Network Key field, select a network key from the drop-down list. Values are: 1, 2, 3, or 4. 10 In the Network Key 1 field, enter the network key you wish to you use based on the encryption strength as discussed in step 7. 11 Based on the encryption strength you chose in step 7, do one of the following.  For 64-bit encryption, you can choose to enable Serial Number Encryption. When you enable Serial Number Encryption, the serial number of the gateway is preceded with a 0 (numeric zero) and is then used as the Network Key. Serial Number Encryption is not available for 128-bit encryption. If you don't want to use Serial Number Encryption (64 bit only), disable it by selecting Disabled from the drop-down list. Repeat steps 9 and 10 for keys 1 through 4 if you use 64-bit encryption. Go to step 12.  For 128-bit encryption, only one network key is used. Go to step 12. 12 In the WEP Key Paraphrase field, enter your information as follows based on 64-bit or 128-bit encryption strength:  For 64-bit encryption strength, enter a passphrase (1 to 31 characters) and click Generate. Four keys are generated based on the passphrase.  For 128-bit encryption, enter a passphrase (1 to 31 characters) and click Generate. Four keys are generated based on the passphrase. 13 Click Save/Apply. Disabling the Wireless Network To disable the wireless network, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Wireless Basic 4020210 Rev A 119 2 Click Wireless. The Wireless Summary screen opens. 3 Click Basic. The Wireless Basic screen opens. 4 Uncheck the Enable Wireless check box. The wireless network fields are removed from the screen. 5 Click Save/Apply to disable the wireless network.
Chapter 5 Home Network Configuration 120 4020210 Rev A Wireless Security The Wireless Security screen allows you to configure security features of the wireless LAN interface. You can set the network authentication method, select data encryption, specify whether a network key is required to authenticate to this wireless network, and specify the encryption strength. Path: Home Network > Wireless > Security WEP Encryption Disabled Securing Your Wireless Network with Encryption Keys If you choose WPA Personal (also known as Wi-Fi Protected Access-PreShared Key) as the network authentication method, you can secure your network by encrypting all traffic using a pre-shared dynamic key. The following security methods are described:  WPA Personal or WPA2 Personal  Mixed WPA2 Personal/WPA Personal  WPA/WPA2 Enterprise  Mixed WPA/WPA2 Enterprise WPA Personal or WPA2 Personal To secure your wireless network with a pre-shared dynamic key, complete the following steps.
Wireless Security 4020210 Rev A 121 1 Click Home Network on the main screen. The Client Summary screen opens. 2 Click Wireless. The Wireless Summary screen opens. 3 Click Security. The Wireless -- Security screen opens. 4 In the Network Authentication field, select WPA Personal or WPA2 Personal from the drop-down list.
Chapter 5 Home Network Configuration 122 4020210 Rev A 5 Select Enabled or Disabled to enable or disable your Serial Number Encryption function. Your serial number is printed on the back label of your device. If you enable this function, the system will automatically use your serial number as the pre-shared key for WPA Authentication. 6 In the WPA Pre-Shared Key field, enter a shared Key (8-63 characters). The system will periodically generate a dynamic key based on the shared key. 7 In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key is regenerated 8 In the WPA Encryption field, select the encryption from the drop-down list. You have the option of choosing TKIP (Temporal Key Integrity Protocol), AES (Advanced Encryption System), or both. Typically AES is seen to be a more reliable form of encryption. 9 Click Save/Apply to save your settings. Mixed WPA2 Personal/WPA Personal The security mode supports simultaneous WPA Personal and WPA2 Personal connections. You can have devices that use either WPA Personal or WPA2 Personal. The access point automatically chooses the encryption algorithm used by each client device. To configure the Mixed WPA Personal and WPA2 Personal security settings for the access point, follow these steps: 1 Click Home Network on the main screen. The Client Summary screen opens.
Wireless Security 4020210 Rev A 123 2 Click Wireless. The Wireless Summary screen opens. 3 Click Security. The Wireless -- Security screen opens. 4 In the Network Authentication field, select Mixed WPA2 Personal/WPA Personal from the drop-down list. 5 Select Enabled or Disabled to enable or disable your Serial Number Encryption function. Your serial number will be printed on the back label of your device. If you enable this function, the system will automatically use your serial number as the network key for your WEP encryption. 6 In the WPA Pre-Shared Key field, enter a shared Key (8-63 characters). The system will periodically generate a dynamic key based on the shared key. 7 In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key is regenerated 8 In the WPA Encryption field, select the encryption from the drop-down list. 9 Click Save/Apply to save your settings.
Chapter 5 Home Network Configuration 124 4020210 Rev A WPA/WPA2 Enterprise WPA/WPA2 Enterprise is used in coordination with a Remote Authentication Dial-In Use Service (RADIUS) server for client authentication.. If you choose this to be your authentication method, make sure that a RADIUS server is available in the network for authentication. To configure the WPA/WPA2 Enterprise security settings for the access point, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens. 2 Click Wireless. The Wireless Summary screen opens. 3 In the Network Authentication field, select WPA/WPA2 Enterprise from the drop-down list. 4 Select Enabled or Disabled for your WPA2 Pre-authentication.
Wireless Security 4020210 Rev A 125 Note: In pre-authentication, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point. 5 In the Network Re-auth Interval, enter the interval at which the re-authentication occurs. 6 In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key will be regenerated. 7 In the RADIUS Server IP Address enter the IP address for your RADIUS server. 8 In the RADIUS Port field, enter the port number for your RADIUS server. The default port is 1812. 9 In the Radius Key field, please enter the secret key used by the access point and RADIUS server. 10 In the WPA Encryption field, please select your data encryption method from TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard). 11 Click Save/Apply to save your settings. Mixed WPA/WPA2 Enterprise The security mode supports simultaneous WPA Enterprise and WPA2 Enterprise connections. You can have devices that use either WPA Enterprise or WPA2 Enterprise. The access point automatically chooses the encryption algorithm used by each client device. To configure the Mixed WPA/WPA2 Enterprise security settings for the access point, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Chapter 5 Home Network Configuration 126 4020210 Rev A 2 Click Wireless. The Wireless Summary screen opens. 3 In the Network Authentication field, select Mixed WPA2 Enterprise/WPA Enterprise from the drop-down list. 4 Select Enabled or Disabled for you WPA2 Pre-authentication. Note: In pre-authentication, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point. 5 In the Network Re-auth Interval, enter the interval at which the re-authentication occurs. 6 In the WPA Group Rekey Interval field, enter the group key renewal time period. This time defines how often the dynamic key will be regenerated. 7 In the RADIUS Server IP Address, enter the IP address for your RADIUS server. 8 In the RADIUS Port field, enter the port number for your RADIUS server. The default port is 1812. 9 In the Radius Key field, enter the secret key used by the access point and RADIUS server. 10 In the WPA Encryption field, select your data encryption method from TKIP (Temporal Key Integrity Protocol), AES (Advanced Encryption Standard), or TKIP+AES. 11 Click Save/Apply to save your settings.
Wireless MAC Filtering 4020210 Rev A 127 Wireless MAC Filtering The Wireless -- MAC Filtering screen allows you to allow or block certain wireless clients from accessing the residential gateway. If you know the MAC address of the client you want to block, you can use this screen to provide access to the residential gateway or block that client from accessing it. Path: Home Network > Wireless > Advanced > MAC Filter Allowing Wireless Clients to Access the Residential Gateway You can allow wireless clients to access the residential gateway if you know the client's MAC address. MAC restrict mode must be enabled. To allow wireless clients to access the residential gateway, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Chapter 5 Home Network Configuration 128 4020210 Rev A 2 Click Wireless. The Wireless Summary screen opens. 3 Click Advanced. The Wireless Advanced Settings screen opens. 4 Click MAC Filter. The Wireless MAC Filtering screen opens. 5 In the MAC Restrict Mode field, click Allow to enable the MAC restrict mode. 6 Click Add. The Wireless -- MAC Filter screen opens. 7 In the MAC Address field, enter the MAC address of the client that you want to allow access to the residential gateway. 8 Click Save/Apply to allow this wireless client to access the residential gateway.
Wireless MAC Filtering 4020210 Rev A 129 Blocking Wireless Clients You can block wireless clients from accessing the residential gateway if you know the client's MAC address. MAC restrict mode must be enabled. To prevent wireless clients from accessing the residential gateway, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens. 2 Click Wireless. The Wireless Summary screen opens. 3 Click Advanced. The Wireless Advanced Settings screen opens.
Chapter 5 Home Network Configuration 130 4020210 Rev A 4 Click MAC Filter. The Wireless MAC Filtering screen opens. 5 In the MAC Restrict Mode field, click Deny to enable the MAC restrict mode. 6 Click Add. The Wireless -- MAC Filter screen opens. 7 In the MAC Address field, enter the MAC address of the client that you want to prevent from accessing the residential gateway. 8 Click Save/Apply to prevent this wireless client from accessing the residential gateway.
Wireless Bridge 4020210 Rev A 131 Wireless Bridge Wireless LAN Bridging (also referred to as a Wireless Distribution System, WDS) refers to two or more 802.11 access points that send traffic between them (from access point to access point) as opposed to between access point and a client computer. The Wireless Bridge screen allows you to configure the wireless bridge features of the wireless LAN interface as follows:  Select Wireless Bridge in the AP mode to disable access point functionality.  Select Access Point in the AP mode to enables access point functionality. Wireless bridge functionality will still be available and wireless stations will be able to associate to the AP.  Select Disabled in the Bridge Restrict field to disable wireless bridge restriction so any device can communicate with the residential gateway over the wireless bridge.  Select Enabled in the Bridge Restrict field to enable wireless bridge restriction to restrict the bridges that can communicate with the residential gateway over the wireless interface.  Enter the MAC Address of the remote bridge in the Remote Bridges MAC Address field Path: Home Network > Wireless > Advanced > Wireless Bridge Bridge Restrict Disabled
Chapter 5 Home Network Configuration 132 4020210 Rev A Bridge Restrict Enabled
Wireless Station List 4020210 Rev A 133 Wireless Station List This page shows associated wireless MAC addresses and status. Path: Home Network > Wireless > Advanced > Station Info Showing MAC Addresses and Clients To show the wireless MAC Address and clients, complete the following steps. 1 Click Home Network on the main screen. 2 Click Wireless. The Wireless Summary screen opens. 3 Click Advanced. The Wireless Advanced Settings screen opens.
Chapter 5 Home Network Configuration 134 4020210 Rev A 4 Click Station Info. The Wireless Station List opens. 5 Click Refresh to update the list of MAC addresses and associated status.
Wi-Fi Protected Setup 4020210 Rev A 135 Wi-Fi Protected Setup Wi-Fi Protected Setup (WPS) is a standard for easy and secure establishment of a wireless home network. You can choose to use either the PBC or PIN method for connecting the wireless networks using WPS. But first, you will still need to configure the appropriate authentication on your router. For more information, see Security Configuration (on page 141). Note: Ensure that your wireless client supports WPS. If your wireless client does not support WPS, you cannot use this functionality. Path: Home Network > Wireless > Wi-Fi Protected Setup PBC Method The PBC method requires the user to press a button (either actual or virtual) on both the DDR2200 and the new wireless client device to establish the wireless connection. To set up your wireless network using the PBC method, complete the following steps. 1 Click Home Network on the main screen. 2 Click Wi-Fi Protected Setup. The Wi-Fi Protected Setup screen opens. 3 For the WPS status drop-down field, select Enabled to enable the WPS status.
Chapter 5 Home Network Configuration 136 4020210 Rev A 4 Click the button at the right-hand-side on the page or the Wi-Fi-sec button on the device. Then, within 2 minutes, push another button on your client adapter's WPS setup screen. It should start the process of configuring the wireless security on your client station. PIN Method The PIN method requires the user to enter a personal identification number (PIN) from a label on the new device to establish the wireless connection. To set up your wireless network using a PIN: 1 Click Home Network on the main screen. 2 Click Wi-Fi Protected Setup. The Wi-Fi Protected Setup screen opens. 3 For the WPS status drop-down field, select Enabled to enable the WPS status. 4 In the PIN field, enter the same PIN number (8-digit number, sometimes it will be shipped with your client's adapter if it supports WPS) for both of the wireless router and station. Then click Register to start the process of configuring the wireless security on your client station.
HPNA Information 4020210 Rev A 137 HPNA Information The HPNA Info screen allows you to view the HPNA devices connected to the residential gateway. Path: Home Network > HPNA > HPNA Info Updating HPNA Information To update the HPNA information, complete the following steps. 1 Click Home Network on the main screen. The Client Summary screen opens.
Chapter 5 Home Network Configuration 138 4020210 Rev A 2 Click HPNA. After a moment of processing, the HPNA Info screen opens. 3 Click HPNA Update to update the HPNA software of HPNA devices attached to the residential gateway The Update HPNA Image window opens. 4 In the Software File Name field, enter the name of the file that you want to use to update your system. You can click Browse to locate the file. 5 Click Next. The software for the attached HPNA devices is updated.
HPNA Statistics Information 4020210 Rev A 139 HPNA Statistics Information The HPNA Statistics Info screen displays the statistics for the HPNA devices connected to the residential gateway. Path: Home Network > HPNA > HPNA Statistics Info
4020210 Rev A 141 The Security tab allows you to check the security configuration and modify the configuration. Use this chapter to help you check the status of the security configuration or make changes to the configuration. 6 Chapter 6 Security Configuration In This Chapter  MAC Filtering Setup .......................................................................... 142  Incoming IP Filtering.......................................................................... 148  Outgoing IP Filtering ......................................................................... 154  Parental Control Setup - Filtering Function.................................... 159  URL Filtering Function ...................................................................... 165  Stateful Packet Inspection.................................................................. 170  Local Certificates................................................................................. 173  Trusted CA Certificates...................................................................... 178
Chapter 6 Security Configuration 142 4020210 Rev A MAC Filtering Setup The MAC Filtering Setup screen allows you to set up filters for packets containing configured MAC addresses. With the MAC Filtering feature, you can restrict access to certain servers based on their MAC address. MAC Filtering is only effective on ATM PVCs configured in Bridge mode. Path: Security > Packet Filtering > MAC Filtering Forwarded MAC Filtering Forwarded MAC Filtering means that all MAC layer frames will be FORWARDED except those that match any of the specified rules in the following screen.
MAC Filtering Setup 4020210 Rev A 143 Blocked MAC Filtering Blocked MAC Filtering means that all MAC layer frames will be BLOCKED except those that match any of the specified rules in the following screen. Adding MAC Filtering To add MAC Filtering, complete the following steps. 1 Click Security on the main screen. The Packet Filtering tab opens by default.
Chapter 6 Security Configuration 144 4020210 Rev A 2 Click MAC Filtering. The MAC Filtering screen opens. 3 Check the Enable Filtering Function check box. 4 Click Add to open a blank MAC Filtering screen.
MAC Filtering Setup 4020210 Rev A 145 5 In the Protocol Type field, select one of the following protocols from the drop-down menu.  PPPoE  IPv4  IPv6  AppleTalk  IPX  NetBEUI  IGMP 6 In the Destination MAC Address field, enter the frame's destination MAC address. 7 In the Source MAC Address field, enter the frame's source MAC address. 8 In the Frame Direction field, select one of the following choices from the drop-down menu:  LAN<->WAN  WAN<->LAN 9 Do you want to select all WAN interfaces?  If yes, check the Select All WAN Interfaces check box under the WAN Interfaces (Configured in Bridge mode only) field.  If no, uncheck the Select All WAN Interfaces check box under the WAN Interfaces (Configured in Bridge mode only) field. 10 Click Save/Apply to add the MAC Filter. Forwarding or Blocking MAC Layer Frames You can change the policy on how MAC layer frames are forwarded or blocked. FORWARDED means that all MAC layer frames will be forwarded except those matching with any of the specified rules in the table on the screen. BLOCKED means that all MAC layer frames will be blocked except those matching with any of the specified rules in the table on the screen. To change the policy on how MAC layer frames are forwarded or blocked, complete the following steps. 1 Click Security on the main screen. The Packet Filtering tab opens by default.
Chapter 6 Security Configuration 146 4020210 Rev A 2 Click MAC Filtering. The MAC Filtering screen opens. 3 Check the Enable Filtering Function check box. 4 Click Change Policy. The Change MAC Filtering Global Policy screen opens. In this example, the global policy for MAC filtering is "Blocked." 5 Do you want to change the Global Policy?  If yes, click Yes. If the policy is forwarded, clicking Yes changes the policy to blocked and vise versa.  If no, click No and the policy remains unchanged.
MAC Filtering Setup 4020210 Rev A 147 Removing MAC Filtering To remove a MAC filtering rule you have set up, complete the following steps. 1 Click Security on the main screen. The Packet Filtering tab opens by default. 2 Click MAC Filtering. The MAC Filtering screen opens. 3 From the MAC Filtering screen, select Remove in the Remove column next to the MAC filtering rule you wish to remove. 4 Click Remove to remove the MAC filtering.
Chapter 6 Security Configuration 148 4020210 Rev A Incoming IP Filtering By default, all incoming IP traffic from the WAN is blocked when the firewall is enabled. However, some IP traffic can be accepted by setting up filters. Path: Security > Packet Filtering > Incoming IP Filtering Adding an Incoming IP Filter You can create a filter rule to identify incoming IP traffic by specifying a new filter name and at least one condition for the filter. All of the specified conditions in this filter rule must be satisfied for the rule to take effect. To add an incoming IP filter, complete the following steps.
Incoming IP Filtering 4020210 Rev A 149 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Select the Incoming IP Filtering tab. The Incoming IP Filtering screen opens.
Chapter 6 Security Configuration 150 4020210 Rev A 3 Click Add. The Add IP Filter Incoming screen opens. 4 In the Filter Name field, enter the name of the filter. 5 In the Protocol field, select one of the following protocols:  TCP/UDP  TCP  UDP  ICMP 6 In the Source IP address field, enter the source IP address of the server sending the incoming packets. 7 In the Source Subnet Mask field, enter the subnet mask of the server sending the incoming packets. 8 In the Source Port field, enter the port number of the server sending the incoming packets. You can enter one port or a range of ports using the following format: port or port:port. Example: 0:5 indicates ports 0 through 5. 9 In the Destination IP address field, enter the destination IP address for the server receiving the packets. 10 In the Destination Subnet Mask field, enter the subnet mask for the server receiving the packets.
Incoming IP Filtering 4020210 Rev A 151 11 In the Destination Port field, enter the port number for the server receiving the packets. You can enter one port or a range of ports using the following format: port or port:port. Example: 0:5 indicates ports 0 through 5. 12 Do you want to select all of the WAN interfaces?  If yes, check the Select All field under WAN Interfaces (Configured in Routing mode and with firewall enabled only).  If no, clear the Select All field under WAN Interfaces (Configured in Routing mode and with firewall enabled only). 13 Click Save/Apply to add the filter. Enabling the Filtering Function To enable the filtering function, complete the following steps. 1 Click Security on the main screen. The MAC Filtering screen opens by default.
Chapter 6 Security Configuration 152 4020210 Rev A 2 Click Incoming IP Filtering. The Incoming IP Filtering screen opens. 3 Check the Enable Filtering Function check box to enable the filtering function. Removing an Incoming IP Filter To remove an incoming IP filter, complete the following steps. 1 Click Security on the main screen. The MAC Filtering screen opens by default.
Incoming IP Filtering 4020210 Rev A 153 2 Select the Incoming IP Filtering tab. The Incoming IP Filtering screen opens. 3 From the Incoming IP Filtering screen, select Remove in the Remove column next to the filter you wish to remove. 4 Click Remove to remove the filter.
Chapter 6 Security Configuration 154 4020210 Rev A Outgoing IP Filtering By default, all outgoing IP traffic from LAN is allowed, but some IP traffic can be BLOCKED by setting up filters. Path: Security > Packet Filtering > Outgoing IP Filtering Enabling the Filtering Function To enable the outgoing IP filtering function, complete the following steps.
Outgoing IP Filtering 4020210 Rev A 155 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click Outgoing IP Filtering. The Outgoing IP Filtering screen opens. 3 Check the Enable Filtering Function check box to enable the filtering function. Adding an Outgoing IP Filter To add an outgoing IP filter, complete the following steps.
Chapter 6 Security Configuration 156 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Select the Outgoing IP Filtering tab. The Outgoing IP Filtering screen opens.
Outgoing IP Filtering 4020210 Rev A 157 3 Click Add. The Add IP Filter Outgoing screen opens. 4 In the Filter Name field, enter the name of the filter. Note: You cannot use blank spaces in the filter name. 5 In the Protocol field, select one of the following protocols:  TCP/UDP  TCP  UDP  ICMP 6 In the Source IP address field, enter the source IP address for the server sending the incoming packets. 7 In the Source Subnet Mask field, enter the subnet mask for the server sending the incoming packets. 8 In the Source Port field, enter the port number for the server sending the incoming packets. Use the following format: port or port:port. 9 In the Destination IP address field, enter the destination IP address for the server receiving the packets. 10 In the Destination Subnet Mask field, enter the subnet mask for the server receiving the packets. 11 In the Destination Port field, enter the port number for the server receiving the packets. Use the following format: port or port:port. 12 Click Save/Apply to add the filter.
Chapter 6 Security Configuration 158 4020210 Rev A Removing an Outgoing IP Filter To remove an outgoing IP filter, complete the following steps. 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Select the Outgoing IP Filtering tab. The Outgoing IP Filtering screen opens. 3 From the Outgoing IP Filtering screen, select Remove in the Remove column next to the filter you wish to remove. 4 Click Remove to remove the filter.
Parental Control Setup - Filtering Function 4020210 Rev A 159 Parental Control Setup - Filtering Function The Client IP/MAC Filtering Setup screen allows you to configure the residential gateway to restrict access to the Internet, email, or other network services at specific days and times. You can set time restrictions for a single computer, a range or computers, or multiple computers. Path: Security >Firewall > Parental Control Adding Time of Day Restrictions The Filtering Function screen allows you to block access to the Internet for certain times of the day. This screen adds time of day restriction to a special LAN device connected to the residential gateway. The browser's MAC Address automatically displays the MAC address of the LAN device where the browser is running. To restrict other LAN devices, select the Other MAC Address option and enter the MAC address of the other LAN device. To find out the MAC address of a Windows based PC, go to a command window and type ipconfig /all. Path: Security > Firewall > Parental Control To add time of day restrictions, complete the following steps.
Chapter 6 Security Configuration 160 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens.
Parental Control Setup - Filtering Function 4020210 Rev A 161 3 Check the Enable Filtering Function check box to enable the filtering function. The Client IP MAC Filtering screen populates with any time restrictions that are set. 4 Click Add PC. The Add Filtering Function screen opens.
Chapter 6 Security Configuration 162 4020210 Rev A 5 In the Client PC Description field, enter a description of the PC for which you want to block services. 6 In the Choose mode field, select IP mode or MAC mode from the drop-down menu. 7 Enter the IP address in the Client PC IP Address field, or enter the MAC address in the MAC address field depending upon the mode you selected in step 6. 8 Under Service Name area, check the Blocking check box for every service that you wish to filter. 9 In the Scheduling Week Day area, check the check boxes next to each day where you want to set up time of day restrictions. If you want to apply the time of day restrictions to everyday, check the Everyday check box. For example, check the F, Sa, and Su check boxes to apply time of day restrictions to Friday, Saturday, and Sunday. 10 In the Time area set the time as follows:  Click the 24Hours option to apply the restrictions 24 hours a day  Click the option where you select the time from the drop-down menus. Use the drop down menus to enter the time when you want the restriction to start and end. 11 Click Save/Apply to enable the time of day restrictions. Removing Time of Day Restrictions To remove time of day restrictions, complete the following steps.
Parental Control Setup - Filtering Function 4020210 Rev A 163 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens.
Chapter 6 Security Configuration 164 4020210 Rev A 3 Check the Enable Filtering Function check box to enable the filtering function. The Client IP/MAC Filtering Setup screen populates with any time restrictions that are set. 4 From the Configure field select Remove in the Remove column next to the time of day restriction that you wish to remove. 5 Click Remove to remove the restriction.
URL Filtering Function 4020210 Rev A 165 URL Filtering Function The URL Filtering Function screen allows you to block websites based on the URL address and/or key words used in the website. For example, if you have children in the home, you may want to block websites that are inappropriate for children by entering the URL or key words. Path: Security > Firewall > URL Filter Enabling URL Filtering To enable URL filtering for the firewall, complete the following steps.
Chapter 6 Security Configuration 166 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens by default.
URL Filtering Function 4020210 Rev A 167 3 Click the URL Filter tab. The URL Filtering Function screen opens. 4 Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. 5 For each rule, enter the URL or keyword that you want to block. 6 In the Week Day area, select Everyday or select the individual days on which you want the filter to take effect. 7 In the Time area, select 24Hours or select the individual times that you want the filter to take effect. 8 Click Save. Removing a URL Filter To remove a URL filter from the firewall, complete the following steps.
Chapter 6 Security Configuration 168 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens by default. 3 Click the URL Filter tab. The URL Filtering Function screen opens.
URL Filtering Function 4020210 Rev A 169 4 Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. 5 Click Del next to each rule that you want to delete. If you want to remove all the rules, click Remove All. 6 Click Save.
Chapter 6 Security Configuration 170 4020210 Rev A Stateful Packet Inspection The Stateful Packet Inspection screen allows the gateway to inspect packets passing through it to deny network attacks. Path: Security > Firewall > Stateful Packet Inspection Enabling Stateful Packet Inspection To enable stateful packet inspection (SPI), complete the following steps.
Stateful Packet Inspection 4020210 Rev A 171 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click the Firewall tab. The Filtering Function screen opens by default.
Chapter 6 Security Configuration 172 4020210 Rev A 3 Click the Stateful Packet Inspection tab. The Intrusion Detection screen opens. 4 Select the Enable SPI, Hacker Pattern and Anti-Dos Firewall field. 5 Select the Enable Email Alert field and fill in the email address and SMTP server address that you want to notify when the DSL must be rebooted. 6 Click Save/Apply to enable stateful packet inspection.
Local Certificates 4020210 Rev A 173 Local Certificates The Local Certificates screen allows you to load certificates onto the residential gateway. Local certificates are used by peers to verify your identity. A maximum of four certificates can be stored on the residential gateway. Path: Security > Certificate > Local > Local Certificates Creating Certificates The Create Certificate screen allows you to generate a certificate by specifying certificate parameters shown in this screen. To create a certificate, complete the following steps.
Chapter 6 Security Configuration 174 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens. 2 Click Add. The Local Certificates screen opens.
Local Certificates 4020210 Rev A 175 3 Click Create Certificate Request. The Create New Certificate Request screen opens. 4 In the Certificate Name field, enter the name for the certificate. 5 In the Common Name field, enter the common name of the certificate. 6 In the Organization Name field, enter the name of the organization that owns the certificate. 7 In the State/Province Name field, enter the state or province where you want to register the certificate. 8 In the Country/Region Name field, use the drop-down list to select the country or region where you want to register the certificate. 9 Click Apply to create the certificate. The certificate signing request screen opens. 10 Click Load Signed Certificate to save the certificate on the residential gateway.
Chapter 6 Security Configuration 176 4020210 Rev A Importing Local Certificates The Import Certificate screen allows you to import a pre-existing certificate to the residential gateway. To import a certificate, complete the following steps. 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click Certificate. The Local Certificates screen opens.
Local Certificates 4020210 Rev A 177 3 Click Import Certificate. The Import certificate screen opens. 4 In the Certificate Name field, enter the name of the certificate. 5 In the Certificate area, copy and paste the contents of the certificate file provided by the service provider. 6 In the Private Key area, copy and paste the private key from the certificate file provided by the service provider. 7 Click Apply to save the certificate on the residential gateway.
Chapter 6 Security Configuration 178 4020210 Rev A Trusted CA Certificates The Trusted CA (Certificate Authority) Certificates screen allows you to load certificates onto the residential gateway. You can use CA certificates to verify peers' certificates. A maximum of four certificates can be stored. Path: Security > Certificate > Trusted CA > Trusted CA (Certificate Authority) Certificates Importing Trusted CA Certificates The Import CA certificate screen allows you to import a pre-existing trusted CA certificate to the residential gateway.

Navigation menu