GemTek Technology ADV981119G ADSL2+ Residential Gateway User Manual Cisco 4020210A
Gemtek Technology Co., Ltd. ADSL2+ Residential Gateway Cisco 4020210A
Contents
- 1. Manual Part 1
- 2. Manual Part 2
- 3. Manual Part 3
- 4. Manual Part 4
Manual Part 3
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 1218026 |
| Application ID | AGs9kjj+EYULUPAsPlUykw== |
| Document Description | Manual Part 3 |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 264.41kB (3305104 bits) |
| Date Submitted | 2009-12-22 00:00:00 |
| Date Available | 2009-12-22 00:00:00 |
| Creation Date | 2009-12-22 15:13:13 |
| Producing Software | Acrobat Distiller 7.0 (Windows) |
| Document Lastmod | 2009-12-22 15:13:26 |
| Document Title | Cisco, 4020210A |
| Document Creator | Acrobat PDFMaker 7.0 for Word |
| Document Author: | Cisco |
Client Summary Click Show HPNA Client. After processing, the HPNA Info screen opens. This screen shows the role, MAC Address, and the version of HPNA. Click HPNA Update to update the HPNA software of HPNA devices attached to the residential gateway. The Update HPNA Image window opens. In the Software File Name field, enter the name of the file that you want to use to update your system. You can click Browse to locate the file. Click Next and wait for the software for the attached HPNA devices to be updated. Wireless Station List This page shows the attached clients (also known as associated stations) to the wireless access point (AP) of the residential gateway. At this time, there is no limit to the number of simultaneously attached devices. 4020210 Rev A 99 Chapter 5 Home Network Configuration Path: Home Network > Summary > Show Wireless Client Showing Attached Clients To show the attached clients to the wireless access point of the residential gateway, complete the following steps. 100 Click Home Network on the main screen. Click Summary. The Client Summary screen opens. Click Show Wireless Client. The Wireless Station List screen opens. If you have a wireless client attached to the residential gateway, the screen displays the MAC Address of the client and whether the client is associated with the residential gateway. Click Refresh to update the list of attached clients. 4020210 Rev A WAN Quick Setup WAN Quick Setup The WAN Quick Setup screen allows you to set up wide area network (WAN) connections and settings, such as virtual channel identifiers (VCi), virtual path identifiers (VPI), and quality of service (QoS). Path: Home Network > WAN Setup > WAN Quick Setup Configuring the WAN Interface (PPPoE Broadband Type) To configure a WAN interface with the PPP over Ethernet (PPPoE) broadband type, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. 101 Chapter 5 Home Network Configuration 102 Click WAN Setup. The WAN Quick Setup screen opens. 4020210 Rev A WAN Quick Setup Click Add to configure a new WAN interface, or click Edit to edit an existing WAN interface. In the Broadband Type field, select DSL. In the DSL Mode field, select ATM. More fields populate on the screen. Complete the following fields on the screen as follows: Note: This configuration is an example of a specific setting for the residential gateway. Your values may differ depending upon your service provider. 4020210 Rev A In the Broadband Connect Type field, select PPP over Ethernet (PPPoE). In the Encapsulation Mode field, select LLC/SNAP - Bridging. 103 Chapter 5 Home Network Configuration Check the VLAN Mux - Enable Multiple Protocols Over a Single PVC check box, if applicable. In the PPP Username: field, enter the user name for the point-to-point protocol. In the PPP Password: field, enter the password for the point-to-point protocol. In the PPPoE Service Name: field, enter the name for the point-to-point over Ethernet service. In the VPI field, enter the virtual path identifier (VPI). Values are: 0 to 65535. In the VCI field, enter the virtual channel identifier (VCI). Values are: 0 to 65535. In the Service Category field, select ABRI Without PCR. Check the 'Enable Quality of Service' check box if applicable In the Authentication Method field, select AUTO. Check Enable NAT. m Check the Enable IGMP Multicast check box, if applicable Check the Enable WAN Service check box Click Save to save your settings. Click Reboot. This action reboots the residential gateway so that the WAN setup configuration takes effect. Configuring the WAN Interface (MER Broadband Type) To configure a WAN interface for MAC Encapsulation Routing (MER) broadband type, complete the following steps. 104 Click Home Network on the main screen. The Client Summary screen opens. 4020210 Rev A WAN Quick Setup 4020210 Rev A Click WAN Setup. The WAN Quick Setup screen opens. 105 Chapter 5 Home Network Configuration Click Add to add a new WAN interface, or click Edit to modify an existing WAN interface. In the Broadband Type field, enter DSL. In the DSL Mode field, select ATM. More fields populate on the screen. Complete the following fields on the screen as follows: Note: This configuration is an example of a specific setting for the residential gateway. Your values may differ depending upon your service provider. 106 In the Broadband Connect Type field, select MAC Encapsulation Routing (MER). In the Encapsulation Mode field, select LLC/SNAP - Bridging. 4020210 Rev A WAN Quick Setup Select the VLAN Mux - Enable Multiple Protocols Over a Single PVC check box, if applicable. In the VLAN ID[0-4095]: field, enter an ID for the VLAN. Values are: 0 to 4095. In the VPI field, enter the virtual path identifier (VPI). Values are: 0 to 65535. In the VCI field, enter the virtual channel identifier (VCI). Values are: 0 to 65535. In the Service Category field, select UBR Without PCR. Select the Enable Quality of Service check box, if applicable. Select the Obtain an IP address automatically option. Select the Obtain default gateway automatically option. Select the Obtain DNS server addresses automatically option. Select Enable NAT. m Select the Enable IGMP Multicast check box. 4020210 Rev A Select the Enable WAN Service check box. Click Save. The system returns to the previous screen. Click Reboot. This action reboots the residential gateway so that the WAN setup configuration takes effect. 107 Chapter 5 Home Network Configuration LAN Setup The Local Area Network (LAN) Setup screen allows users to set up LAN settings such as Dynamic Host Configuration Protocol (DHCP), Internet Gateway Multicast Protocol (IGMP), and Universal Plug and Play (UPnP). Path: Home Network > LAN Setup Configuring the LAN Interface To configure the LAN interface, complete the following steps. 108 Click Home Network on the main screen. The Client Summary screen opens. 4020210 Rev A LAN Setup Click LAN Setup. The Local Area Network (LAN) setup screen opens. In the IP Address field, enter the IP address for the residential gateway. In the Subnet Mask field, enter the subnet mask for the residential gateway. Do you want to enable UpnP? 4020210 Rev A If no, clear the Enable UPnp check-box. Do you want to Enable the DHCP server? If yes, check the Enable UPnP check-box. If yes, select Enable DHCP Server, and go to step 7. If no, select Disable DHCP Server, and go to step 8. Under Enable DHCP server, enter the following information: In the Start IP Address field, enter the first IP address in the range for the DHCP IP address lease pool. In the End IP Address field, enter the last IP address in the range for the DHCP IP address lease pool. In the Subnet Mask field, enter the subnet mask for the DHCP server. In the Leased Time (hour) field, enter the duration of the DHCP lease address. Click Save to save the changes or click Save/Reboot to save the changes and reboot the residential gateway. 109 Chapter 5 Home Network Configuration Reserving IP Addresses The Address Reservation screen allows you to reserve IP addresses for specific devices. For example, you can reserve IP addresses for your laptop or PC in your home. Path: Home Network > LAN Setup > Address Reservation Reserving IP Addresses To reserve a specific IP address for a specific MAC address, complete the following steps. 110 Click Home Network on the main screen. The Client Summary screen opens. 4020210 Rev A LAN Setup 4020210 Rev A Click LAN Setup. The Local Area Network (LAN) setup screen opens. Click Address Reservation. The Reserve Specific IP Addresses for Specific MAC Addresses screen opens. In the Assign this IP field, enter the IP address you want to assign to the MAC address. In the To this MAC field, enter the MAC address to which you want to assign the IP address. Click Save to save your settings. 111 Chapter 5 Home Network Configuration Wireless Summary The Wireless Summary screen shows the MAC address and security information for the wireless connection. Path: Home Network > Wireless > Summary 112 4020210 Rev A Wireless Basic Wireless Basic The Wireless -- Basic screen allows you to configure the basic features of the wireless LAN interface. You can enable or disable the LAN interface, hide the network from active scans, enter a name for the wireless network, and restrict the channel set based on country requirements. Path: Home Network > Wireless > Basic Enabling the Wireless Network To enable the wireless network, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. 113 Chapter 5 Home Network Configuration Click Wireless. The Wireless Summary screen opens. Click Basic. The Wireless Basic screen opens. Check the Enable Wireless check box to enable the wireless network. The screen populates with additional fields. Do you want to prevent other wireless clients from communicating with the wireless access point (AP) of the residential gateway? If yes, check the Hide Access Point check box. This feature prevents any other wireless client from communicating with the access point of the residential gateway (or disables the wireless connection). If no, uncheck the Hide Access Point check box. In the SSID field, enter the Service Set Identifier (SSID). From the Channel drop-down list, select Auto or a channel from 1 to 11. In the Wireless Mode field, select the wireless mode from the drop-down list: 114 802.11g & 802.11b - Allows you to mix Wireless-B with Wireless-G equipment, but you will lose the higher performance speeds of Wireless-G. 4020210 Rev A Wireless Basic 802.11g only - Features the same benefits as Wireless-B, but offers 5 times the speed at up to 54 Mbps. Wireless-G currently offers the best combination of performance and value. You can mix Wireless-B with Wireless-G equipment, but you will lose the higher performance speeds of Wireless-G. 802.11b only - Operates on the 2.4GHz frequency band and can transmit data at speeds of up to 11 Mbps within a range of up to 100-150 feet. Wireless range can be affected by reflective or signal-blocking obstacles, such as mirrors, walls, devices and location, whether indoors or outdoors. In the 54g Protection field, select Auto or Off. Do not disable 54g Protection if there is a possibility that an 802.11b device may need to use your wireless network. Notes: – 54g Protection allows 802.11g and 802.11b devices to co-exist in the same network without “speaking” at the same time. In Auto Mode, the wireless device will use RTS/CTS to improve 802.11g performance in mixed 802.11g/802.11b networks. Turn protection off to maximize 802.11g throughput under most conditions. – You can enable Wi-Fi Multimedia (WMM) support to help improve the Quality of Service (QoS) for your wireless traffic. It is recommended that you leave these settings unchanged if you are not sure about your configuration. Changing these values may lead to unexpected blockages of traffic on your wireless LAN, and the blockages might be difficult to diagnose. 10 Click Save/Apply to enable the wireless network. Securing Your Wireless Network with WEP WEP is a security protocol for wireless networks. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. A shared key (similar to a password) is used to allow communication between the computers and the residential gateway. WEP offers a basic, but satisfactory level of security for wireless data transmission. To secure your wireless network with Wired Equivalent Privacy (WEP), complete the following steps. 4020210 Rev A 115 Chapter 5 Home Network Configuration Click Home Network on the main screen. The Client Summary screen opens. Click Wireless. The Wireless Summary screen opens. Click Security. The Wireless -- Security screen opens. In the Select SSID field, use the drop-down list to choose an option for the service set identifier (SSID). Note: You can add options to this drop-down list on the Wireless -- Basic screen. 116 4020210 Rev A Wireless Basic In the Network Authentication field, choose one of these two options for the authentication method. Open. All devices may access the wireless network when WEP Encryption is disabled. When no authentication is required and if encryption is disabled, then the data that is passing between the access point and the client is also not encrypted. When WEP is enabled, the data is encrypted, but the client is not authenticated. WPA/WPA2. See Securing Your Wireless Network with Encryption Keys (on page 120). In the WEP Encryption field, select Enabled. The Wireless -- Security screen populates with more fields. In the Encryption Strength field, choose one of the following options: 64-bit. Secures your network by 64-bit (10 hex) encryption of all traffic using a static key. 128-bit. Secures your network by 128-bit (26 hex) encryption of all traffic using a static key. Important: These settings must be identical to your wireless client devices. 4020210 Rev A 117 Chapter 5 Home Network Configuration Do you want the system to generate the network key for you? If yes, go to step 11. If no, you must disable Serial Number Encryption and enter your own network key(s) in the field provided. Go to step 9. In the Current Network Key field, select a network key from the drop-down list. Values are: 1, 2, 3, or 4. 10 In the Network Key 1 field, enter the network key you wish to you use based on the encryption strength as discussed in step 7. 11 Based on the encryption strength you chose in step 7, do one of the following. For 64-bit encryption, you can choose to enable Serial Number Encryption. When you enable Serial Number Encryption, the serial number of the gateway is preceded with a 0 (numeric zero) and is then used as the Network Key. Serial Number Encryption is not available for 128-bit encryption. If you don't want to use Serial Number Encryption (64 bit only), disable it by selecting Disabled from the drop-down list. Repeat steps 9 and 10 for keys 1 through 4 if you use 64-bit encryption. Go to step 12. For 128-bit encryption, only one network key is used. Go to step 12. 12 In the WEP Key Paraphrase field, enter your information as follows based on 64bit or 128-bit encryption strength: For 64-bit encryption strength, enter a passphrase (1 to 31 characters) and click Generate. Four keys are generated based on the passphrase. For 128-bit encryption, enter a passphrase (1 to 31 characters) and click Generate. Four keys are generated based on the passphrase. 13 Click Save/Apply. Disabling the Wireless Network To disable the wireless network, complete the following steps. 118 Click Home Network on the main screen. The Client Summary screen opens. 4020210 Rev A Wireless Basic 4020210 Rev A Click Wireless. The Wireless Summary screen opens. Click Basic. The Wireless Basic screen opens. Uncheck the Enable Wireless check box. The wireless network fields are removed from the screen. Click Save/Apply to disable the wireless network. 119 Chapter 5 Home Network Configuration Wireless Security The Wireless Security screen allows you to configure security features of the wireless LAN interface. You can set the network authentication method, select data encryption, specify whether a network key is required to authenticate to this wireless network, and specify the encryption strength. Path: Home Network > Wireless > Security WEP Encryption Disabled Securing Your Wireless Network with Encryption Keys If you choose WPA Personal (also known as Wi-Fi Protected Access-PreShared Key) as the network authentication method, you can secure your network by encrypting all traffic using a pre-shared dynamic key. The following security methods are described: WPA Personal or WPA2 Personal Mixed WPA2 Personal/WPA Personal WPA/WPA2 Enterprise Mixed WPA/WPA2 Enterprise WPA Personal or WPA2 Personal To secure your wireless network with a pre-shared dynamic key, complete the following steps. 120 4020210 Rev A Wireless Security 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. Click Wireless. The Wireless Summary screen opens. Click Security. The Wireless -- Security screen opens. In the Network Authentication field, select WPA Personal or WPA2 Personal from the drop-down list. 121 Chapter 5 Home Network Configuration Select Enabled or Disabled to enable or disable your Serial Number Encryption function. Your serial number is printed on the back label of your device. If you enable this function, the system will automatically use your serial number as the pre-shared key for WPA Authentication. In the WPA Pre-Shared Key field, enter a shared Key (8-63 characters). The system will periodically generate a dynamic key based on the shared key. In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key is regenerated In the WPA Encryption field, select the encryption from the drop-down list. You have the option of choosing TKIP (Temporal Key Integrity Protocol), AES (Advanced Encryption System), or both. Typically AES is seen to be a more reliable form of encryption. Click Save/Apply to save your settings. Mixed WPA2 Personal/WPA Personal The security mode supports simultaneous WPA Personal and WPA2 Personal connections. You can have devices that use either WPA Personal or WPA2 Personal. The access point automatically chooses the encryption algorithm used by each client device. To configure the Mixed WPA Personal and WPA2 Personal security settings for the access point, follow these steps: 122 Click Home Network on the main screen. The Client Summary screen opens. 4020210 Rev A Wireless Security 4020210 Rev A Click Wireless. The Wireless Summary screen opens. Click Security. The Wireless -- Security screen opens. In the Network Authentication field, select Mixed WPA2 Personal/WPA Personal from the drop-down list. Select Enabled or Disabled to enable or disable your Serial Number Encryption function. Your serial number will be printed on the back label of your device. If you enable this function, the system will automatically use your serial number as the network key for your WEP encryption. In the WPA Pre-Shared Key field, enter a shared Key (8-63 characters). The system will periodically generate a dynamic key based on the shared key. In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key is regenerated In the WPA Encryption field, select the encryption from the drop-down list. Click Save/Apply to save your settings. 123 Chapter 5 Home Network Configuration WPA/WPA2 Enterprise WPA/WPA2 Enterprise is used in coordination with a Remote Authentication Dial-In Use Service (RADIUS) server for client authentication.. If you choose this to be your authentication method, make sure that a RADIUS server is available in the network for authentication. To configure the WPA/WPA2 Enterprise security settings for the access point, complete the following steps. 124 Click Home Network on the main screen. The Client Summary screen opens. Click Wireless. The Wireless Summary screen opens. In the Network Authentication field, select WPA/WPA2 Enterprise from the drop-down list. Select Enabled or Disabled for your WPA2 Pre-authentication. 4020210 Rev A Wireless Security Note: In pre-authentication, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point. In the Network Re-auth Interval, enter the interval at which the re-authentication occurs. In the WPA Group Rekey Interval field, enter the group key renewal time period (in seconds). This time defines how often the dynamic key will be regenerated. In the RADIUS Server IP Address enter the IP address for your RADIUS server. In the RADIUS Port field, enter the port number for your RADIUS server. The default port is 1812. In the Radius Key field, please enter the secret key used by the access point and RADIUS server. 10 In the WPA Encryption field, please select your data encryption method from TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard). 11 Click Save/Apply to save your settings. Mixed WPA/WPA2 Enterprise The security mode supports simultaneous WPA Enterprise and WPA2 Enterprise connections. You can have devices that use either WPA Enterprise or WPA2 Enterprise. The access point automatically chooses the encryption algorithm used by each client device. To configure the Mixed WPA/WPA2 Enterprise security settings for the access point, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. 125 Chapter 5 Home Network Configuration Click Wireless. The Wireless Summary screen opens. In the Network Authentication field, select Mixed WPA2 Enterprise/WPA Enterprise from the drop-down list. Select Enabled or Disabled for you WPA2 Pre-authentication. Note: In pre-authentication, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point. In the Network Re-auth Interval, enter the interval at which the re-authentication occurs. In the WPA Group Rekey Interval field, enter the group key renewal time period. This time defines how often the dynamic key will be regenerated. In the RADIUS Server IP Address, enter the IP address for your RADIUS server. In the RADIUS Port field, enter the port number for your RADIUS server. The default port is 1812. In the Radius Key field, enter the secret key used by the access point and RADIUS server. 10 In the WPA Encryption field, select your data encryption method from TKIP (Temporal Key Integrity Protocol), AES (Advanced Encryption Standard), or TKIP+AES. 11 Click Save/Apply to save your settings. 126 4020210 Rev A Wireless MAC Filtering Wireless MAC Filtering The Wireless -- MAC Filtering screen allows you to allow or block certain wireless clients from accessing the residential gateway. If you know the MAC address of the client you want to block, you can use this screen to provide access to the residential gateway or block that client from accessing it. Path: Home Network > Wireless > Advanced > MAC Filter Allowing Wireless Clients to Access the Residential Gateway You can allow wireless clients to access the residential gateway if you know the client's MAC address. MAC restrict mode must be enabled. To allow wireless clients to access the residential gateway, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. 127 Chapter 5 Home Network Configuration 128 Click Wireless. The Wireless Summary screen opens. Click Advanced. The Wireless Advanced Settings screen opens. Click MAC Filter. The Wireless MAC Filtering screen opens. In the MAC Restrict Mode field, click Allow to enable the MAC restrict mode. Click Add. The Wireless -- MAC Filter screen opens. In the MAC Address field, enter the MAC address of the client that you want to allow access to the residential gateway. Click Save/Apply to allow this wireless client to access the residential gateway. 4020210 Rev A Wireless MAC Filtering Blocking Wireless Clients You can block wireless clients from accessing the residential gateway if you know the client's MAC address. MAC restrict mode must be enabled. To prevent wireless clients from accessing the residential gateway, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. Click Wireless. The Wireless Summary screen opens. Click Advanced. The Wireless Advanced Settings screen opens. 129 Chapter 5 Home Network Configuration 130 Click MAC Filter. The Wireless MAC Filtering screen opens. In the MAC Restrict Mode field, click Deny to enable the MAC restrict mode. Click Add. The Wireless -- MAC Filter screen opens. In the MAC Address field, enter the MAC address of the client that you want to prevent from accessing the residential gateway. Click Save/Apply to prevent this wireless client from accessing the residential gateway. 4020210 Rev A Wireless Bridge Wireless Bridge Wireless LAN Bridging (also referred to as a Wireless Distribution System, WDS) refers to two or more 802.11 access points that send traffic between them (from access point to access point) as opposed to between access point and a client computer. The Wireless Bridge screen allows you to configure the wireless bridge features of the wireless LAN interface as follows: Select Wireless Bridge in the AP mode to disable access point functionality. Select Access Point in the AP mode to enables access point functionality. Wireless bridge functionality will still be available and wireless stations will be able to associate to the AP. Select Disabled in the Bridge Restrict field to disable wireless bridge restriction so any device can communicate with the residential gateway over the wireless bridge. Select Enabled in the Bridge Restrict field to enable wireless bridge restriction to restrict the bridges that can communicate with the residential gateway over the wireless interface. Enter the MAC Address of the remote bridge in the Remote Bridges MAC Address field Path: Home Network > Wireless > Advanced > Wireless Bridge Bridge Restrict Disabled 4020210 Rev A 131 Chapter 5 Home Network Configuration Bridge Restrict Enabled 132 4020210 Rev A Wireless Station List Wireless Station List This page shows associated wireless MAC addresses and status. Path: Home Network > Wireless > Advanced > Station Info Showing MAC Addresses and Clients To show the wireless MAC Address and clients, complete the following steps. 4020210 Rev A Click Home Network on the main screen. Click Wireless. The Wireless Summary screen opens. Click Advanced. The Wireless Advanced Settings screen opens. 133 Chapter 5 Home Network Configuration 134 Click Station Info. The Wireless Station List opens. Click Refresh to update the list of MAC addresses and associated status. 4020210 Rev A Wi-Fi Protected Setup Wi-Fi Protected Setup Wi-Fi Protected Setup (WPS) is a standard for easy and secure establishment of a wireless home network. You can choose to use either the PBC or PIN method for connecting the wireless networks using WPS. But first, you will still need to configure the appropriate authentication on your router. For more information, see Security Configuration (on page 141). Note: Ensure that your wireless client supports WPS. If your wireless client does not support WPS, you cannot use this functionality. Path: Home Network > Wireless > Wi-Fi Protected Setup PBC Method The PBC method requires the user to press a button (either actual or virtual) on both the DDR2200 and the new wireless client device to establish the wireless connection. To set up your wireless network using the PBC method, complete the following steps. 4020210 Rev A Click Home Network on the main screen. Click Wi-Fi Protected Setup. The Wi-Fi Protected Setup screen opens. For the WPS status drop-down field, select Enabled to enable the WPS status. 135 Chapter 5 Home Network Configuration Click the button at the right-hand-side on the page or the Wi-Fi-sec button on the device. Then, within 2 minutes, push another button on your client adapter's WPS setup screen. It should start the process of configuring the wireless security on your client station. PIN Method The PIN method requires the user to enter a personal identification number (PIN) from a label on the new device to establish the wireless connection. To set up your wireless network using a PIN: 136 Click Home Network on the main screen. Click Wi-Fi Protected Setup. The Wi-Fi Protected Setup screen opens. For the WPS status drop-down field, select Enabled to enable the WPS status. In the PIN field, enter the same PIN number (8-digit number, sometimes it will be shipped with your client's adapter if it supports WPS) for both of the wireless router and station. Then click Register to start the process of configuring the wireless security on your client station. 4020210 Rev A HPNA Information HPNA Information The HPNA Info screen allows you to view the HPNA devices connected to the residential gateway. Path: Home Network > HPNA > HPNA Info Updating HPNA Information To update the HPNA information, complete the following steps. 4020210 Rev A Click Home Network on the main screen. The Client Summary screen opens. 137 Chapter 5 Home Network Configuration 138 Click HPNA. After a moment of processing, the HPNA Info screen opens. Click HPNA Update to update the HPNA software of HPNA devices attached to the residential gateway The Update HPNA Image window opens. In the Software File Name field, enter the name of the file that you want to use to update your system. You can click Browse to locate the file. Click Next. The software for the attached HPNA devices is updated. 4020210 Rev A HPNA Statistics Information HPNA Statistics Information The HPNA Statistics Info screen displays the statistics for the HPNA devices connected to the residential gateway. Path: Home Network > HPNA > HPNA Statistics Info 4020210 Rev A 139 6 Chapter 6 Security Configuration The Security tab allows you to check the security configuration and modify the configuration. Use this chapter to help you check the status of the security configuration or make changes to the configuration. In This Chapter 4020210 Rev A MAC Filtering Setup .......................................................................... 142 Incoming IP Filtering.......................................................................... 148 Outgoing IP Filtering ......................................................................... 154 Parental Control Setup - Filtering Function .................................... 159 URL Filtering Function ...................................................................... 165 Stateful Packet Inspection.................................................................. 170 Local Certificates................................................................................. 173 Trusted CA Certificates...................................................................... 178 141 Chapter 6 Security Configuration MAC Filtering Setup The MAC Filtering Setup screen allows you to set up filters for packets containing configured MAC addresses. With the MAC Filtering feature, you can restrict access to certain servers based on their MAC address. MAC Filtering is only effective on ATM PVCs configured in Bridge mode. Path: Security > Packet Filtering > MAC Filtering Forwarded MAC Filtering Forwarded MAC Filtering means that all MAC layer frames will be FORWARDED except those that match any of the specified rules in the following screen. 142 4020210 Rev A MAC Filtering Setup Blocked MAC Filtering Blocked MAC Filtering means that all MAC layer frames will be BLOCKED except those that match any of the specified rules in the following screen. Adding MAC Filtering To add MAC Filtering, complete the following steps. 4020210 Rev A Click Security on the main screen. The Packet Filtering tab opens by default. 143 Chapter 6 Security Configuration 144 Click MAC Filtering. The MAC Filtering screen opens. Check the Enable Filtering Function check box. Click Add to open a blank MAC Filtering screen. 4020210 Rev A MAC Filtering Setup In the Protocol Type field, select one of the following protocols from the dropdown menu. PPPoE IPv4 IPv6 AppleTalk IPX NetBEUI IGMP In the Destination MAC Address field, enter the frame's destination MAC address. In the Source MAC Address field, enter the frame's source MAC address. In the Frame Direction field, select one of the following choices from the dropdown menu: LAN<->WAN WAN<->LAN Do you want to select all WAN interfaces? If yes, check the Select All WAN Interfaces check box under the WAN Interfaces (Configured in Bridge mode only) field. If no, uncheck the Select All WAN Interfaces check box under the WAN Interfaces (Configured in Bridge mode only) field. 10 Click Save/Apply to add the MAC Filter. Forwarding or Blocking MAC Layer Frames You can change the policy on how MAC layer frames are forwarded or blocked. FORWARDED means that all MAC layer frames will be forwarded except those matching with any of the specified rules in the table on the screen. BLOCKED means that all MAC layer frames will be blocked except those matching with any of the specified rules in the table on the screen. To change the policy on how MAC layer frames are forwarded or blocked, complete the following steps. 4020210 Rev A Click Security on the main screen. The Packet Filtering tab opens by default. 145 Chapter 6 Security Configuration 146 Click MAC Filtering. The MAC Filtering screen opens. Check the Enable Filtering Function check box. Click Change Policy. The Change MAC Filtering Global Policy screen opens. In this example, the global policy for MAC filtering is "Blocked." Do you want to change the Global Policy? If yes, click Yes. If the policy is forwarded, clicking Yes changes the policy to blocked and vise versa. If no, click No and the policy remains unchanged. 4020210 Rev A MAC Filtering Setup Removing MAC Filtering To remove a MAC filtering rule you have set up, complete the following steps. 4020210 Rev A Click Security on the main screen. The Packet Filtering tab opens by default. Click MAC Filtering. The MAC Filtering screen opens. From the MAC Filtering screen, select Remove in the Remove column next to the MAC filtering rule you wish to remove. Click Remove to remove the MAC filtering. 147 Chapter 6 Security Configuration Incoming IP Filtering By default, all incoming IP traffic from the WAN is blocked when the firewall is enabled. However, some IP traffic can be accepted by setting up filters. Path: Security > Packet Filtering > Incoming IP Filtering Adding an Incoming IP Filter You can create a filter rule to identify incoming IP traffic by specifying a new filter name and at least one condition for the filter. All of the specified conditions in this filter rule must be satisfied for the rule to take effect. To add an incoming IP filter, complete the following steps. 148 4020210 Rev A Incoming IP Filtering 4020210 Rev A Click Security on the main screen. The MAC Filtering screen opens by default. Select the Incoming IP Filtering tab. The Incoming IP Filtering screen opens. 149 Chapter 6 Security Configuration Click Add. The Add IP Filter Incoming screen opens. In the Filter Name field, enter the name of the filter. In the Protocol field, select one of the following protocols: TCP/UDP TCP UDP ICMP In the Source IP address field, enter the source IP address of the server sending the incoming packets. In the Source Subnet Mask field, enter the subnet mask of the server sending the incoming packets. In the Source Port field, enter the port number of the server sending the incoming packets. You can enter one port or a range of ports using the following format: port or port:port. Example: 0:5 indicates ports 0 through 5. In the Destination IP address field, enter the destination IP address for the server receiving the packets. 10 In the Destination Subnet Mask field, enter the subnet mask for the server receiving the packets. 150 4020210 Rev A Incoming IP Filtering 11 In the Destination Port field, enter the port number for the server receiving the packets. You can enter one port or a range of ports using the following format: port or port:port. Example: 0:5 indicates ports 0 through 5. 12 Do you want to select all of the WAN interfaces? If yes, check the Select All field under WAN Interfaces (Configured in Routing mode and with firewall enabled only). If no, clear the Select All field under WAN Interfaces (Configured in Routing mode and with firewall enabled only). 13 Click Save/Apply to add the filter. Enabling the Filtering Function To enable the filtering function, complete the following steps. 4020210 Rev A Click Security on the main screen. The MAC Filtering screen opens by default. 151 Chapter 6 Security Configuration Click Incoming IP Filtering. The Incoming IP Filtering screen opens. Check the Enable Filtering Function check box to enable the filtering function. Removing an Incoming IP Filter To remove an incoming IP filter, complete the following steps. 152 Click Security on the main screen. The MAC Filtering screen opens by default. 4020210 Rev A Incoming IP Filtering 4020210 Rev A Select the Incoming IP Filtering tab. The Incoming IP Filtering screen opens. From the Incoming IP Filtering screen, select Remove in the Remove column next to the filter you wish to remove. Click Remove to remove the filter. 153 Chapter 6 Security Configuration Outgoing IP Filtering By default, all outgoing IP traffic from LAN is allowed, but some IP traffic can be BLOCKED by setting up filters. Path: Security > Packet Filtering > Outgoing IP Filtering Enabling the Filtering Function To enable the outgoing IP filtering function, complete the following steps. 154 4020210 Rev A Outgoing IP Filtering Click Security on the main screen. The MAC Filtering screen opens by default. Click Outgoing IP Filtering. The Outgoing IP Filtering screen opens. Check the Enable Filtering Function check box to enable the filtering function. Adding an Outgoing IP Filter To add an outgoing IP filter, complete the following steps. 4020210 Rev A 155 Chapter 6 Security Configuration 156 Click Security on the main screen. The MAC Filtering screen opens by default. Select the Outgoing IP Filtering tab. The Outgoing IP Filtering screen opens. 4020210 Rev A Outgoing IP Filtering Click Add. The Add IP Filter Outgoing screen opens. In the Filter Name field, enter the name of the filter. Note: You cannot use blank spaces in the filter name. In the Protocol field, select one of the following protocols: TCP/UDP TCP UDP ICMP In the Source IP address field, enter the source IP address for the server sending the incoming packets. In the Source Subnet Mask field, enter the subnet mask for the server sending the incoming packets. In the Source Port field, enter the port number for the server sending the incoming packets. Use the following format: port or port:port. In the Destination IP address field, enter the destination IP address for the server receiving the packets. 10 In the Destination Subnet Mask field, enter the subnet mask for the server receiving the packets. 11 In the Destination Port field, enter the port number for the server receiving the packets. Use the following format: port or port:port. 12 Click Save/Apply to add the filter. 4020210 Rev A 157 Chapter 6 Security Configuration Removing an Outgoing IP Filter To remove an outgoing IP filter, complete the following steps. 158 Click Security on the main screen. The MAC Filtering screen opens by default. Select the Outgoing IP Filtering tab. The Outgoing IP Filtering screen opens. From the Outgoing IP Filtering screen, select Remove in the Remove column next to the filter you wish to remove. Click Remove to remove the filter. 4020210 Rev A Parental Control Setup - Filtering Function Parental Control Setup - Filtering Function The Client IP/MAC Filtering Setup screen allows you to configure the residential gateway to restrict access to the Internet, email, or other network services at specific days and times. You can set time restrictions for a single computer, a range or computers, or multiple computers. Path: Security >Firewall > Parental Control Adding Time of Day Restrictions The Filtering Function screen allows you to block access to the Internet for certain times of the day. This screen adds time of day restriction to a special LAN device connected to the residential gateway. The browser's MAC Address automatically displays the MAC address of the LAN device where the browser is running. To restrict other LAN devices, select the Other MAC Address option and enter the MAC address of the other LAN device. To find out the MAC address of a Windows based PC, go to a command window and type ipconfig /all. Path: Security > Firewall > Parental Control To add time of day restrictions, complete the following steps. 4020210 Rev A 159 Chapter 6 Security Configuration 160 Click Security on the main screen. The MAC Filtering screen opens by default. Click the Firewall tab. The Filtering Function screen opens. 4020210 Rev A Parental Control Setup - Filtering Function 4020210 Rev A Check the Enable Filtering Function check box to enable the filtering function. The Client IP MAC Filtering screen populates with any time restrictions that are set. Click Add PC. The Add Filtering Function screen opens. 161 Chapter 6 Security Configuration In the Client PC Description field, enter a description of the PC for which you want to block services. In the Choose mode field, select IP mode or MAC mode from the drop-down menu. Enter the IP address in the Client PC IP Address field, or enter the MAC address in the MAC address field depending upon the mode you selected in step 6. Under Service Name area, check the Blocking check box for every service that you wish to filter. In the Scheduling Week Day area, check the check boxes next to each day where you want to set up time of day restrictions. If you want to apply the time of day restrictions to everyday, check the Everyday check box. For example, check the F, Sa, and Su check boxes to apply time of day restrictions to Friday, Saturday, and Sunday. 10 In the Time area set the time as follows: Click the 24Hours option to apply the restrictions 24 hours a day Click the option where you select the time from the drop-down menus. Use the drop down menus to enter the time when you want the restriction to start and end. 11 Click Save/Apply to enable the time of day restrictions. Removing Time of Day Restrictions To remove time of day restrictions, complete the following steps. 162 4020210 Rev A Parental Control Setup - Filtering Function 4020210 Rev A Click Security on the main screen. The MAC Filtering screen opens by default. Click the Firewall tab. The Filtering Function screen opens. 163 Chapter 6 Security Configuration 164 Check the Enable Filtering Function check box to enable the filtering function. The Client IP/MAC Filtering Setup screen populates with any time restrictions that are set. From the Configure field select Remove in the Remove column next to the time of day restriction that you wish to remove. Click Remove to remove the restriction. 4020210 Rev A URL Filtering Function URL Filtering Function The URL Filtering Function screen allows you to block websites based on the URL address and/or key words used in the website. For example, if you have children in the home, you may want to block websites that are inappropriate for children by entering the URL or key words. Path: Security > Firewall > URL Filter Enabling URL Filtering To enable URL filtering for the firewall, complete the following steps. 4020210 Rev A 165 Chapter 6 Security Configuration 166 Click Security on the main screen. The MAC Filtering screen opens by default. Click the Firewall tab. The Filtering Function screen opens by default. 4020210 Rev A URL Filtering Function Click the URL Filter tab. The URL Filtering Function screen opens. Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. For each rule, enter the URL or keyword that you want to block. In the Week Day area, select Everyday or select the individual days on which you want the filter to take effect. In the Time area, select 24Hours or select the individual times that you want the filter to take effect. Click Save. Removing a URL Filter To remove a URL filter from the firewall, complete the following steps. 4020210 Rev A 167 Chapter 6 Security Configuration 168 Click Security on the main screen. The MAC Filtering screen opens by default. Click the Firewall tab. The Filtering Function screen opens by default. Click the URL Filter tab. The URL Filtering Function screen opens. 4020210 Rev A URL Filtering Function 4020210 Rev A Click Enable URL Filtering Function. The URL Filtering Function screen updates with blank fields for entering the URLs that you want to block. Click Del next to each rule that you want to delete. If you want to remove all the rules, click Remove All. Click Save. 169 Chapter 6 Security Configuration Stateful Packet Inspection The Stateful Packet Inspection screen allows the gateway to inspect packets passing through it to deny network attacks. Path: Security > Firewall > Stateful Packet Inspection Enabling Stateful Packet Inspection To enable stateful packet inspection (SPI), complete the following steps. 170 4020210 Rev A Stateful Packet Inspection 4020210 Rev A Click Security on the main screen. The MAC Filtering screen opens by default. Click the Firewall tab. The Filtering Function screen opens by default. 171 Chapter 6 Security Configuration 172 Click the Stateful Packet Inspection tab. The Intrusion Detection screen opens. Select the Enable SPI, Hacker Pattern and Anti-Dos Firewall field. Select the Enable Email Alert field and fill in the email address and SMTP server address that you want to notify when the DSL must be rebooted. Click Save/Apply to enable stateful packet inspection. 4020210 Rev A Local Certificates Local Certificates The Local Certificates screen allows you to load certificates onto the residential gateway. Local certificates are used by peers to verify your identity. A maximum of four certificates can be stored on the residential gateway. Path: Security > Certificate > Local > Local Certificates Creating Certificates The Create Certificate screen allows you to generate a certificate by specifying certificate parameters shown in this screen. To create a certificate, complete the following steps. 4020210 Rev A 173 Chapter 6 Security Configuration 174 Click Security on the main screen. The MAC Filtering screen opens. Click Add. The Local Certificates screen opens. 4020210 Rev A Local Certificates Click Create Certificate Request. The Create New Certificate Request screen opens. In the Certificate Name field, enter the name for the certificate. In the Common Name field, enter the common name of the certificate. In the Organization Name field, enter the name of the organization that owns the certificate. In the State/Province Name field, enter the state or province where you want to register the certificate. In the Country/Region Name field, use the drop-down list to select the country or region where you want to register the certificate. Click Apply to create the certificate. The certificate signing request screen opens. 10 Click Load Signed Certificate to save the certificate on the residential gateway. 4020210 Rev A 175 Chapter 6 Security Configuration Importing Local Certificates The Import Certificate screen allows you to import a pre-existing certificate to the residential gateway. To import a certificate, complete the following steps. 176 Click Security on the main screen. The MAC Filtering screen opens by default. Click Certificate. The Local Certificates screen opens. 4020210 Rev A Local Certificates 4020210 Rev A Click Import Certificate. The Import certificate screen opens. In the Certificate Name field, enter the name of the certificate. In the Certificate area, copy and paste the contents of the certificate file provided by the service provider. In the Private Key area, copy and paste the private key from the certificate file provided by the service provider. Click Apply to save the certificate on the residential gateway. 177 Chapter 6 Security Configuration Trusted CA Certificates The Trusted CA (Certificate Authority) Certificates screen allows you to load certificates onto the residential gateway. You can use CA certificates to verify peers' certificates. A maximum of four certificates can be stored. Path: Security > Certificate > Trusted CA > Trusted CA (Certificate Authority) Certificates Importing Trusted CA Certificates The Import CA certificate screen allows you to import a pre-existing trusted CA certificate to the residential gateway. 178 4020210 Rev A
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Encryption : Standard V2.3 (128-bit) User Access : Print, Copy, Extract, Print high-res XMP Toolkit : 3.1-701 Modify Date : 2009:12:22 15:13:26+08:00 Create Date : 2009:12:22 15:13:13+08:00 Metadata Date : 2009:12:22 15:13:26+08:00 Creator Tool : Acrobat PDFMaker 7.0 for Word Format : application/pdf Title : Cisco, 4020210A Description : Installation and Operation Guide - DDR2200-CL Series Residential Gateway Creator : Cisco Document ID : uuid:da4acaa1-1fa7-472f-86f4-9492bb237771 Instance ID : uuid:96b8957e-0335-4e1b-a1a9-da8d30dfe2e8 Producer : Acrobat Distiller 7.0 (Windows) Has XFA : No Page Count : 80 Subject : Installation and Operation Guide - DDR2200-CL Series Residential Gateway Author : CiscoEXIF Metadata provided by EXIF.tools