LINKSYS WRV200 Wireless-G VPN Router with RangeBooster User Manual The Router s Functions
LINKSYS LLC Wireless-G VPN Router with RangeBooster The Router s Functions
LINKSYS >
Manual
Chapter 1: Introduction
What’s in this Guide?
This user guide covers the steps for setting up and using the Wireless-G VPN Router with
RangeBooster.
• Chapter 1: Introduction
This chapter describes the Wireless-G VPN Router with RangeBooster applications and this User
Guide.
• Chapter 2: Planning your Wireless Network
This chapter describes the basics of wireless networking.
• Chapter 3: Getting to Know the Wireless-G VPN Router with RangeBooster
This chapter describes the physical features of the Router.
• Chapter 4: Connecting the Wireless-G VPN Router with RangeBooster
This chapter instructs you on how to connect the Router to your network.
• Chapter 5: Configuring the PCs
This chapter explains how to configure the PCs for your network.
• Chapter 6: Configuring the Router
This chapter explains how to use the Web-Based Utility to configure the settings on the Router.
• Appendix A: Troubleshooting
This appendix describes some problems and solutions, as well as frequently asked questions,
regarding installation and use of the Wireless-G VPN Router with RangeBooster.
• Appendix B: Wireless Security
This appendix explains the risks of wireless networking and some solutions to reduce the risks.
• Appendix C: Configuring IPSec between a Windows 2000 Pc and the Router
This appendix instructs you on how to establish a secure IPSec tunnel using preshared keys to
join a private network inside the VPN Router and a Windows 2000 or XP PC.
• Appendix D: SNMP Functions
This appendix explains SNMP.
• Appendix E: Upgrading Firmware
This appendix instructs you on how to upgrade the firmware on your Router if you should need to
do so.
• Appendix F: Windows Help
This appendix describes how you can use Windows Help for instructions about networking, such
as installing the TCP/IP protocol.
• Appendix G: Finding the MAC Address and IP Address for your Ethernet Adapter.
This appendix describes how to find the MAC address for your computer’s Ethenet adapter so you
can use the MAC filtering and/or MAC address cloning feature of the Router.
• Appendix H: Glossary
This appendix gives a brief glossary of terms frequently used in networking.
• Appendix I: Specifications
This appendix provides the technical specifications for the Router.
• Appendix J: Warranty Information
This appendix supplies the warranty information for the Router..
• Appendix K: Regulatory Information
This appendix supplies the regulatory information regarding the Router.
• Appendix L: Contact Information
This appendix provides contact information for a variety of Linksys resources, including Technical
Support.
Chapter 2: Planning your Wireless
Network
The Router’s Functions
Simply put, a router is a network device that connects two networks together.
In this instance, the Router connects your Local Area Network (LAN), or the group of PCs in your
home or office, to the Internet. The Router processes and regulates the data that travels between
these two networks.
The Router’s NAT feature protects your network of PCs so users on the public, Internet side
cannot “see” your PCs. This is how your network remains private. The Router protects your
network by inspecting every packet coming in through the Internet port before delivery to the
appropriate PC on your network. The Router inspects Internet port services like the web server, ftp
server, or other Internet applications, and, if allowed, it will forward the packet to the appropriate
PC on the LAN side.
Remember that the Router’s ports connect to two sides. The LAN ports connect to the LAN, and
the Internet port connects to the Internet. The LAN and Internet ports transmit data at
10/100Mbps.
IP Addresses
What’s an IP Address?
IP stands for Internet Protocol. Every device on an IP-based network, including PCs, print servers,
and routers, requires an IP address to identify its “location,” or address, on the network. This
applies to both the Internet and LAN connections. There are two ways of assigning an IP address
to your network devices. You can assign static IP addresses or use the Router to assign IP
addresses dynamically.
Static IP Addresses
A static IP address is a fixed IP address that you assign manually to a PC or other device on the
network. Since a static IP address remains valid until you disable it, static IP addressing ensures
that the device assigned it will always have that same IP address until you change it. Static IP
addresses must be unique and are commonly used with network devices such as server PCs or
print servers.
If you use the Router to share your cable or DSL Internet connection, contact your ISP to find out if
they have assigned a static IP address to your account. If so, you will need that static IP address
when configuring the Router. You can get that information from your ISP.
Dynamic IP Addresses
A dynamic IP address is automatically assigned to a device on the network, such as PCs and print
servers. These IP addresses are called “dynamic” because they are only temporarily assigned to
the PC or device. After a certain time period, they expire and may change. If a PC logs onto the
network (or the Internet) and its dynamic IP address has expired, the DHCP server will
automatically assign it a new dynamic IP address.
DHCP (Dynamic Host Configuration Protocol) Servers
PCs and other network devices using dynamic IP addressing are assigned a new IP address by a
DHCP server.
The PC or network device obtaining an IP address is called the DHCP client. DHCP frees you from
having to assign IP addresses manually every time a new user is added to your network.
A DHCP server can either be a designated PC on the network or another network device, such as
the Router. By default, the Router’s DHCP Server function is enabled.
If you already have a DHCP server running on your network, you must disable one of the two
DHCP servers. If you run more than one DHCP server on your network, you will experience
network errors, such as conflicting IP addresses. To disable DHCP on the Router, see the DHCP
section in “Chapter 6: The Router’s Web-based Utility.”
Why do I need a VPN?
Computer networking provides flexibility not available when using an archaic, paper-based system.
With this flexibility, however, comes an increased risk in security. This is why firewalls were first
introduced. Firewalls help to protect data inside of a local network. But what do you do once
information is sent outside of your local network, when emails are sent to their destination, or when
you have to connect to your company's network when you are out on the road? How is your data
protected?
That is when a VPN can help. VPNs are called Virtual Private Networks because they secure data
moving outside of your network as if it were still within that network.
When data is sent out across the Internet from your computer, it is always open to attacks. You
may already have a firewall, which will help protect data moving around or held within your
network from being corrupted or intercepted by entities outside of your network, but once data
moves outside of your network - when you send data to someone via email or communicate with
an individual over the Internet - the firewall will no longer protect that data.
At this point, your data becomes open to hackers using a variety of methods to steal not only the
data you are transmitting but also your network login and security data. Some of the most common
methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are preceded by a
packet header.
These packet headers contain both the source and destination information for that packet to
transmit efficiently.
A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With
this spoofed MAC address, the hacker can also intercept information meant for another user.
2) Data Sniffing
Data "sniffing" is a method used by hackers to obtain network data as it travels through unsecured
networks, such as the Internet. Tools for just this kind of activity, such as protocol analyzers and
network diagnostic tools, are often built into operating systems and allow the data to be viewed in
clear text.
3) Man in the middle attacks
Once the hacker has either sniffed or spoofed enough information, he can now perform a "man in
the middle" attack. This attack is performed, when data is being transmitted from one network to
another, by rerouting the data to a new destination. Even though the data is not received by its
intended recipient, it appears that way to the person sending the data.
These are only a few of the methods hackers use and they are always developing more. Without
the security of your VPN, your data is constantly open to such attacks as it travels over the Internet.
Data traveling over the
Internet will often pass through many different servers around the world before reaching its final
destination.
That's a long way to go for unsecured data and this is when a VPN serves its purpose.
What is a VPN?
A VPN, or Virtual Private Network, is a connection between two endpoints - a VPN Router, for
instance – in different networks that allow private data to be sent securely over a shared or public
network, such as the Internet. This establishes a private network that can send data securely
between these two locations or networks. This is done by creating a "tunnel". A VPN tunnel
connects the two PCs or networks and allows data to be transmitted over the Internet as if it were
still within those networks. Not a literal tunnel, it is a connection secured by encrypting the data
sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated, leased line for a
private network.
Using industry standard encryption and authentication techniques - IPSec, short for IP Security -
the VPN creates a secure connection that, in effect, operates as if you were directly connected to
your local network. Virtual
Private Networking can be used to create secure networks linking a central office with branch
offices, telecommuters, and/or professionals on the road (travelers can connect to a VPN Router
using any computer with VPN client software that supports IPSec, such as SSH Sentinel.)
There are two basic ways to create a VPN connection:
•VPN Router to VPN Router
•Computer (using VPN client software that supports IPSec) to VPN Router
The VPN Router creates a “tunnel” or channels between two endpoints, so that data transmissions
between them are secure. A computer with VPN client software that supports IPSec can be one of
the two endpoints. Any computer with the built-in IPSec Security Manager (Microsoft 2000 and XP )
allows the VPN Router to create a VPN tunnel using IPSec (refer to “Appendix C: Configuring
IPSec between a Windows 2000 or XP PC and the VPN Router”). Other versions of Microsoft
operating systems require additional, third-party VPN client software applications that support
IPSec to be installed.
VPN Router to VPN Router
An example of a VPN Router-to-VPN Router VPN would be as follows.At home, a telecommuter
uses his VPN Router for his always-on Internet connection. His router is configured with his
office's VPN settings.
When he connects to his office's router, the two routers create a VPN tunnel, encrypting and
decrypting data. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the
telecommuter now has a secure connection to the central office's network, as if he were physically
connected.
Computer (using VPN client software that supports IPSec) to VPN Router
The following is an example of a computer-to-VPN Router VPN.In her hotel room, a traveling
businesswoman dials up her ISP. Her notebook computer has VPN client software that is
configured with her office's VPN settings. She accesses the VPN client software that supports
IPSec and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance
is not a factor. Using the VPN, the businesswoman now has a secure connection to the central
office's network, as if she were physically connected.
For additional information and instructions about creating your own VPN, please visit Linksys’s
website at www.linksys.com or refer to “Appendix C: Configuring IPSec between a Windows 2000
or XP PC and the VPN
Router.”
Chapter 3:
Getting to Know the Wireless-G VPN Router
with RangeBooster
The Back Panel
The Router’s ports, where a network cable is connected, are located on the back panel.
Internet: The Internet port connects to your modem.
LAN (1-4): The LAN (Local Area Network) ports connect to your PC and other network devices.
Power: The Power port is where you will connect the power adapter.
Reset Button: There are two ways to Reset the Router's factory defaults. Either press the Reset
Button, for approximately ten seconds, or restore the defaults from the Password tab in the
Router’s Web-Based Utility.
With these, and many other, Linksys products, your networking options are limitless. Go to the
Linksys website at www.linksys.com for more information about products that work with the
Router.
Power: Green. The Power LED lights up when the Router is powered on.
DMZ : The DMZ LED indicates the Router’s self- diagnosis mode during boot-up and restart. It will
turn off upon completing the diagnosis. If this LED stays on for an abnormally long period of time,
refer to Appendix A: Troubleshooting.
Internet: Green. The Internet LED lights whenever there is a successful wireless connection. If
the LED is flickering, the Router is actively sending or receiving data to or from one of the devices
on the network.
Wireless-G: Green. The Wireless-G LED lights whenever there is a successful wireless
connection.
LAN (1-4): Green. The LAN LED serves two purposes. If the LED is continuously lit, the Router is
successfully connected to a device through the LAN port. If the LED is flickering, it is an indication
of any network activity.
Chapter 4:
Connecting the Wireless-G VPN Router with
RangeBooster
Overview
The Router’s setup consists of more than simply plugging hardware together. You will have to
configure your networked PCs to accept the IP addresses that the Router assigns them (if
applicable), and you will also have to configure the Router with setting(s) provided by your Internet
Service Provider (ISP).
The installation technician from your ISP should have left the setup information for your modem
with you after installing your broadband connection. If not, you can call your ISP to request that
data.
Once you have the setup information you need for your specific type of Internet connection, you
can begin installation and setup of the Router.
If you want to use a PC with an Ethernet adapter to configure the Router, continue to “Wired
Connection to a PC.”
If you want to use a PC with a wireless adapter to configure the Router, continue to “Wireless
Connection to a PC.”
Wired Connection to a PC
1. Before you begin, make sure that all of your network’s hardware is powered off, including the
Router, PCs, and cable or DSL modem.
2. Connect one end of an Ethernet network cable to one of the LAN ports (labeled 1-4) on the back
of the Router, and the other end to an Ethernet port on a PC.
3. Repeat this step to connect more PCs, a switch, or other network devices to the Router.
4. Connect a different Ethernet network cable from your cable or DSL modem to the Internet port
on the Router’s rear panel. This is the only port that will work for your modem connection.
5. Power on the cable or DSL modem.
6. Connect the power adapter to the Router’s Power port, and then plug the power adapter into a
power outlet.
• The Power LED on the front panel will light up green as soon as the power adapter is connected
properly.
The Power LED will flash for a few seconds, then it will light up steady when the self-test is
complete. If the LED flashes for one minute or longer, see “Appendix A: Troubleshooting.”
7. Power on one of your PCs that is connected to the Router.
Wireless Connection to a PC
If you want to use a wireless connection to access the Router, follow these instructions:
1. Before you begin, make sure that all of your network’s hardware is powered off, including the
Router, PCs, and cable or DSL modem.
2. Connect an Ethernet network cable from your cable or DSL modem to the Internet port on the
Router’s rear panel. This is the only port that will work for your modem connection.
3. Power on the cable or DSL modem.
4. Connect the power adapter to the Power port, and then plug the power adapter into a power
outlet.
• The Power LED on the front panel will light up green as soon as the power adapter is connected
properly.
The Power LED will flash for a few seconds, then light up steady when the self-test is complete. If
the LED flashes for one minute or longer, see “Appendix A: Troubleshooting.”
5. Power on one of the PCs on your wireless network(s).
6. For initial access to the Router through a wireless connection, make sure the PC’s wireless
adapter has its SSID set to linksys-g (the Router’s default setting), and its WEP encryption is
disabled. After you have accessed the Router, you can change the Router and this PC’s adapter
settings to match the your usual network settings.
The Router’s hardware installation is now complete.
Go to “Chapter 5: Configuring the PCs.”
Chapter 5:
Configuring the PCs
Overview
The instructions in this chapter will help you configure each of your computers to be able to
communicate with the Router.
To do this, you need to configure your PC’s network settings to obtain an IP (or TCP/IP) address
automatically, so your PC can function as a DHCP client. Computers use IP addresses to
communicate with the Router and each other across a network, such as the Internet.
First, find out which Windows operating system your computer is running. You can find out by
clicking the Start button. Read the side panel of the Start menu to find out which operating system
your PC is running.
You may need to do this for each computer you are connecting to the Router.
The next few pages tell you, step by step, how to configure your network settings based on the
type of Windows operating system you are using. Make sure that an Ethernet or wireless adapter
(also known as a network adapter) has been successfully installed in each PC you will configure.
Once you’ve configured your computers, continue to “Chapter 6: Using the Router’s Web-Based
Utility.”
Configuring Windows 98 and Millennium PCs
1. Click the Start button. Select Settings and click the Control Panel icon. Double-click the
Network icon.
2. On the Configuration tab, select the TCP/IP line for the applicable Ethernet adapter, as shown in
Figure 5-1.
Do not choose a TCP/IP entry whose name mentions DUN, PPPoE, VPN, or AOL. If the word
TCP/IP appears by
itself, select that line. Click the Properties button.
3. Click the IP Address tab. Select Obtain an IP address automatically. (See Figure 5-2.)
Figure 5-1: Configuration Tab Figure 5-2: IP Address Tab
4. Now click the Gateway tab, and verify that the Installed Gateway field is blank. Click the OK
button.
5. Click the OK button again. Windows may ask you for the original Windows installation disk or
additional files.
Check for the files at c:\windows\options\cabs, or insert your Windows CD-ROM into your
CD-ROM drive and check the correct file location, e.g., D:\win98, D:\win9x, etc. (if “D” is the letter
of your CD-ROM drive).
6. Windows may ask you to restart your PC. Click the Yes button. If Windows does not ask you to
restart, restart your computer anyway.
Go to “Chapter 6: Using the Router’s Web-Based Utility.”
Configuring Windows 2000 PCs
1. Click the Start button. Select Settings and click the Control Panel icon. Double-click the
Network and Dialup
Connections icon.
2. Select the Local Area Connection icon for the applicable Ethernet adapter (usually it is the first
Local Area Connection listed). Double-click the Local Area Connection. Click the Properties
button. (See Figure 5-3.)
3. Make sure the box next to Internet Protocol (TCP/IP) is checked. Highlight Internet Protocol
(TCP/IP), and click the Properties button. (See Figure 5-4.)
4. Select Obtain an IP address automatically. Once the new window appears, click the OK
button. Click the OK button again to complete the PC configuration. (See Figure 5-5.)
5. Restart your computer.
Go to “Chapter 6: Using the Router’s Web-Based Utility.”
Figure 5-3: Properties Figure 5-4: TCP/IP
Figure 5-5: IP Address
Configuring Windows XP PCs
The following instructions assume you are running Windows XP with the default interface. If you
are using the Classic interface (where the icons and menus look like previous Windows versions),
please follow the instructions for Windows 2000.
1. Click the Start button and then the Control Panel icon. Click the Network and Internet
Connections icon.
Then click the Network Connections icon.
2. Select the Local Area Connection icon for the applicable Ethernet adapter (usually it is the first
Local Area Connection listed). Double-click the Local Area Connection. Click the Properties
button. (See Figure 5-6.)
3. Make sure the box next to Internet Protocol (TCP/IP) is checked. Highlight Internet Protocol
(TCP/IP), and click the Properties button. (See Figure 5-7.)
4. Select Obtain an IP address automatically. (See Figure 5-8.) Once the new window appears,
click the OK button. Click the OK button again to complete the PC configuration.
Go to “Chapter 6: Using the Router’s Web-Based Utility.”
Figure 5-6: Properties Figure 5-7: TCP/IP Figure 5-8: IP Address
Chapter 6: Configuring the Router
Overview
Linksys recommends using the Setup CD-ROM for first-time installation of the Router and setting
up additional computers. If you do not wish to run the Setup Wizard on the Setup CD-ROM, then
follow the steps in this chapter and use the Router’s web-based utility to configure the Router. This
chapter will describe each web page in the Utility and each page’s key functions. The utility can be
accessed via your web browser through use of a computer connected to the Router. For a basic
network setup, most users only have to use the following screens of the Utility:
• Basic Setup. On the Basic Setup screen, enter the settings provided by your ISP.
• Management. Click the Administration tab and then the Management tab. The Router’s default
password is admin. To secure the Router, change the Password from its default.
There are seven main tabs: Setup, Wireless, Security, Access Restrictions, Applications &
Gaming, Administration, and Status. Additional tabs will be available after you click one of the
main tabs.
Setup
• Basic Setup. Enter the Internet connection and network settings on this screen.
• DDNS. To enable the Router’s Dynamic Domain Name System (DDNS) feature, complete the
fields on this screen.
• MAC Address Clone. If you need to clone a MAC address onto the Router, use this screen.
• Advanced Routing. On this screen, you can alter Network Address Translation (NAT), Dynamic
Routing, and Static Routing configurations.
• Hot Spot. Register with your Hot Spot service provider on this screen.
Wireless
• Basic Wireless Settings. You can choose your Wireless Network Mode and Wireless Security on
this screen.
• Wireless Network Access. This screen displays your network access list.
• Advanced Wireless Settings. On this screen you can access the Advanced Wireless features of
Authentication Type, Basic Data Rates, Control Tx Rates, Beacon Interval, DTIM Interval, RTS
Threshold, and Fragmentation Threshold.
Security
• Filter. To block specific users from Internet access, you can set up IP address, port, and MAC
address filtering on the Filter screen.
• VPN. To enable or disable IPSec, L2TP, and/or PPTP Pass-through, and set up VPN tunnels,
use this screen.
• 802.1x. Use this screen to set up RADIUS authentication.
Access Restrictions
• Access Restriction. This screen allows you to prevent or permit only certain users from attaching
to your network.
Applications & Gaming
• Port Range Forwarding. To set up public services or other specialized Internet applications on
your network, click this tab.
• Port Triggering. To set up triggered ranges and forwarded ranges for Internet applications, click
this tab.
• UPnP Forwarding. Use this screen to alter UPnP forwarding settings.
• DMZ. To allow one local user to be exposed to the Internet for use of special-purpose services,
use this screen.
Administration
• Management. On this screen, alter router access privileges and UPnP settings.
• Log. If you want to view or save activity logs, click this tab.
• Diagnostics. Use this screen to check the connection between your Router and PC.
• Factory Defaults. If you want to restore the Router’s factory defaults, then use this screen.
• Firmware Upgrade. Click this tab if you want to upgrade the Router’s firmware.
Status
• Router. This screen provides status information about the Router.
• Local Network. This provides status information about the local network.
How to Access the Web-based Utility
To access the web-based utility, launch Internet Explorer or Netscape Navigator, and enter the
Router’s default IP address, 192.168.1.1, in the Address field. Then press Enter.
A password request page, shown in Figure 6-1 will appear. (non-Windows XP users will see a
similar screen.)
Enter admin (the default user name) in the User Name field, and enter admin (the default
password) in the Password field. Then click the OK button.
Figure 6-1: Password Screen
The Setup Tab
The Basic Setup Tab
The first screen that appears is the Basic Setup tab. (See Figure 6-2.) This tab allows you to
change the Router's general settings. Change these settings as described here and click the Save
Settings button to save your changes or Cancel Changes to cancel your changes.
Internet Setup
• Internet Connection Type. The Router supports four connection types: Automatic Configuration -
DHCP (the default connection type), PPPoE, Static IP, and PPTP. Each Basic Setup screen and
available features will differ depending on what kind of connection type you select.
Automatic Configuration - DHCP
By default, the Router’s Configuration Type is set to Automatic Configuration - DHCP, and it
should be kept only if your ISP supports DHCP or you are connecting through a dynamic IP
address.
Figure 6-2: Setup Tab/DHCP Internet Connection Type
Static (See Figure 6-3.)
Figure 6-3: Static Internet Connection Type
If you are required to use a permanent IP address to connect to the Internet, then select Static IP.
• IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP
will provide you with the IP Address you need to specify here.
• Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet
(including your ISP). Your ISP will provide you with the Subnet Mask.
• Default Gateway. Your ISP will provide you with the Default Gateway Address, which is the ISP
server’s IP address.
• Primary DNS. (Required) and Secondary DNS (Optional). Your ISP will provide you with at least
one DNS (Domain Name System) Server IP Address.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or
click the Cancel Changes button to undo your changes.
PPPoE (See Figure 6-4.)
Figure 6-4: PPPoE Internet Connection Type
Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet
connections. If you are connected to the Internet through a DSL line, check with your ISP to see if
they use PPPoE. If they do, you will have to enable PPPoE.
• User Name and Password. Enter the User Name and Password provided by your ISP.
• Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection
after it has been inactive for a specified period of time (Max Idle Time). If your Internet connection
has been terminated due to inactivity, Connect on Demand enables the Router to automatically
re-establish your connection as soon as you attempt to access the Internet again. If you wish to
activate Connect on
Demand, click the radio button. In the Max Idle Time field, enter the number of minutes you want
to have elapsed before your Internet connection terminates.
• Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your
Internet connection. If you are disconnected, then the Router will automatically re-establish your
connection. To use this option, click the radio button next to Keep Alive. In the Redial Period field,
you specify how often you want the Router to check the Internet connection. The default Redial
Period is 30 seconds.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
PPTP (See Figure 6-5.)
Figure 6-5: PPTP Internet Connection Type
Point to Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe only
(see Figure 6- 8).
• Internet IP Address. This is the Router’s IP address, when seen from the Internet. Your ISP will
provide you with the IP Address you need to specify here.
• Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet
(including your ISP). Your ISP will provide you with the Subnet Mask.
• Default Gateway. Your ISP will provide you with the Default Gateway Address.
• User Name and Password. Enter the User Name and Password provided by your ISP.
• Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection
after it has been inactive for a specified period of time (Max Idle Time). If your Internet connection
has been terminated due to inactivity, Connect on Demand enables the Router to automatically
re-establish your connection as soon as you attempt to access the Internet again. If you wish to
activate Connect on
Demand, click the radio button. In the Max Idle Time field, enter the number of minutes you want
to have elapsed before your Internet connection terminates.
• Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your
Internet connection. If you are disconnected, then the Router will automatically re-establish your
connection. To use this option, click the radio button next to Keep Alive. To use this option, click
the radio button next to
Keep Alive. In the Redial Period field, you specify how often you want the Router to check the
Internet connection. The default Redial Period is 30 seconds.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Optional Settings (Required by some ISPs)
• Host Name and Domain Name. These fields allow you to supply a host and domain name for the
Router. Some ISPs require these names as identification. You may have to check with your ISP to
see if your broadband Internet service has been configured with a host and domain name. In most
cases, leaving these fields blank will work.
• MTU. The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted
for network transmission. Select Enabled and enter the value desired. It is recommended that you
leave this value in the
1200 to 1500 range. For most DSL users, it is recommended to use the value 1492. By default,
MTU is set at 1500 when disabled.
Network Setup
• Gateway IP. The values for the Router’s Local IP Address and Subnet Mask are shown here. In
most cases, keeping the default values will work.
• Local IP Address. The default value is 192.168.1.1.
• Subnet Mask. The default value is 255.255.255.0.
• Network Address Server Settings (DHCP). A Dynamic Host Configuration Protocol (DHCP)
server automatically assigns an IP address to each PC on your network for you. Unless you
already have one, it is highly recommended that you leave the Router enabled as a DHCP server.
• Local DHCP Server. DHCP is already enabled by factory default. If you already have a DHCP
server on your network, set the Router’s DHCP option to Disable. If you disable DHCP, remember
to assign a static IP address to the Router.
• Start IP Address. Enter a value for the DHCP server to start with when issuing IP addresses. This
value must be 192.168.1. 2 or greater, because the default IP address for the Router is
192.168.1.1.
• Number of Address. Enter the maximum number of PCs that you want the DHCP server to
assign IP addresses to. This number cannot be greater than 253. In order to determine the DHCP
IP Address range, add the starting IP address (e.g., 100) to the number of DHCP users. By default,
as shown in Figure 6-9, add 100 to 50, and the range is 192.168.1.100 to 192.168.1.149.
• DHCP Address Range. The range of DHCP addresses is displayed here.
• Time Setting. This is where you set the time for your Router. You can set the time and date
manually or automatically, by setting the time zone.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
The DDNS Tab
The Router offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a
fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting
your own website, FTP server, or other server behind the Router.
Before you can use this feature, you need to sign up for DDNS service at one of two DDNS service
providers,
DynDNS.org or TZO.com.
DDNS
DDNS Service. If your DDNS service is provided by DynDNS.org, then select DynDNS.org in the
drop-down menu.(See Figure 6-6.)
Figure 6-6: DynDNS.org
If your DDNS service is provided by TZO, then select TZO.com. (See Figure 6-7.)
Figure 6-7: TZO.com
The features available on the DDNS screen will vary, depending on which DDNS service provider
you use.
DynDNS.org
• User Name, Password, and Host Name. Enter the User Name, Password, and Host Name of the
account you set up with DynDNS.org.
• Internet IP Address. The Router’s current Internet IP Address is displayed here. Because it is
dynamic, it will change.
• Status. The status of the DDNS service connection is displayed here.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
TZO.com Tab
• Email Address, TZO Password Key, and Domain Name. Enter the Email Address, TZO
Password Key, and
Domain Name of the service you set up with TZO.
• Internet IP Address. The Router’s current Internet IP Address is displayed here. Because it is
dynamic, this will change.
• Status. The status of the DDNS service connection is displayed here.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click
the Cancel Changes button to undo your changes.
MAC Address Clone Tab (See Figure 6-8.)
Figure 6-8: MAC Address Clone
The Router’s MAC address is a 12-digit code assigned to a unique piece of hardware for
identification, like a social security number. If your ISP requires MAC address registration, find
your adapter’s MAC address by following the instructions in “Appendix D: Finding the MAC
Address and IP Address for Your Ethernet Adapter.”
MAC Clone
• MAC Clone Service. To use MAC address cloning, select Enable.
• MAC Address. To manually clone a MAC address, enter the 12 digits of your adapter’s MAC
address in the onscreen fields (see Figure 6-25). Then click the Save Settings button.
• Clone My MAC Address. If you want to clone the MAC address of the PC you are currently using
to configure the Router, then click the Clone My MAC Address button. The Router will
automatically detect your PC’s
MAC address, so you do NOT have to call your ISP to change the registered MAC address to the
Router’s MAC address. It is recommended that the PC registered with the ISP is used to open the
MAC Address Clone tab.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Advanced Routing Tab
The Advanced Routing screen allows you to configure the dynamic routing and static routing
settings. (See Figure 6-9.)
Figure 6-9: Advanced Routing
Advanced Routing
• Operating Mode. Select Gateway or Router for the Operating Mode from the drop-down menu.
• Dynamic Routing. With Dynamic Routing you can enable the Router to automatically adjust to
physical changes in the network’s layout. The Router, using the RIP protocol, determines the
network packets’ route based on the fewest number of hops between the source and the
destination. The RIP protocol regularly broadcasts routing information to other routers on the
network.
• Receive RIP Version To use dynamic routing for reception of network data, select the protocol
you want: RIP1 or RIP2.
• Transmit RIP Version. To use dynamic routing for transmission of network data, select the
protocol you want:
RIP1, RIP1-Compatible, or RIP2.
Static Routing
If the Router is connected to more than one network, it may be necessary to set up a static route
between them.
A static route is a pre-determined pathway that network information must travel to reach a specific
host or network. To create a static route, change the following settings:
• Select Number. Select the number of the static route from the drop-down menu. The Router
supports up to 20 static route entries.
• Delete This Entry. If you need to delete a route, select its number from the drop-down menu, and
click the
Delete Entry button.
• LAN IP Address. The LAN IP Address is the address of the remote network or host to which you
want to assign a static route. Enter the IP address of the host for which you wish to create a static
route. If you are building a route to an entire network, be sure that the network portion of the IP
address is set to 0. For example, the Router’s standard IP address is 192.168.1.1. Based on this
address, the address of the routed network is 192.168.1, with the last digit determining the
Router’s place on the network. Therefore you would enter the IP address 192.168.1.0 if you
wanted to route to the Router’s entire network, rather than just to the Router.
• Subnet Mask. The Subnet Mask (also known as the Network Mask) determines which portion of
an IP address is the network portion, and which portion is the host portion. Take, for example, a
network in which the Subnet Mask is 255.255.255.0. This determines (by using the values 255)
that the first three numbers of a network IP address identify this particular network, while the last
digit (from 1 to 254) identifies the specific host.
• Default Gateway. This IP address should be the IP address of the gateway device that allows for
contact between the Router and the remote network or host.
• metric. This determines the maximum number of steps between network nodes that data packets
will travel.
A node is any device on the network, such as PCs, print servers, routers, etc.
• Interface. Select LAN & Wireless or Internet, depending on the location of the static route’s final
destination.
• Show Routing Table. Click the Show Routing Table button to open a screen displaying how
data is routed through your LAN. For each route, the Destination LAN IP address, Subnet Mask,
Default Gateway, and Interface are displayed. Click the Refresh button to update the information.
See Figure 6-10.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-10: Routing Table
The Wireless Tab
Basic Wireless Settings (See Figure 6-11.)
Figure 6-11: Basic Wireless
This screen allows you to choose your wireless network mode and wireless security.
Wireless Network
• Wireless Network Mode. If you have Wireless-G and 802.11b devices in your network, then keep
the default setting, Mixed. If you have only Wireless-G devices, select G-Only. If you want to
disable wireless networking, select Disable.
• Wireless Network Name. Enter the Wireless Network Name (SSID) into the field. The SSID is
the network name shared among all devices in a wireless network. The SSID must be identical for
all devices in the wireless network. It is case-sensitive and must not exceed 32 alphanumeric
characters, which may be any keyboard character. For added security, Linksys recommends that
you change the default SSID (linksys) to a unique name of your choice.
• Wireless Channel. Select the appropriate channel from the list provided to correspond with your
network settings, between 1 and 11 (in North America). All devices in your wireless network must
use the same channel in order to function correctly.
Wireless Security
• Wireless SSID Broadcast. When wireless clients survey the local area for wireless networks to
associate with, they will detect the SSID broadcast by the Router. To broadcast the Router's SSID,
keep the default setting,
Enabled. If you do not want to broadcast the Router's SSID, then select Disabled.
• WEP. An acronym for Wired Equivalent Privacy, WEP is an encryption method used to protect
your wireless data communications. WEP uses 64-bit or 128-bit keys to provide access control to
your network and encryption security for every data transmission. To decode data transmissions,
all devices-Wireless-G and 802.11b-in a network must use an identical WEP key. Higher
encryption levels offer higher levels of security, but due to the complexity of the encryption, they
may decrease network performance. To enable WEP encryption, click the Enabled radio button.
Then click the Edit WEP Settings button to configure the WEP settings. To disable WEP
encryption, keep the default setting, Disabled.
WEP (See Figure 6-12.)
Figure 6-12: WEP
The WEP screen allows you to configure your WEP settings. WEP encryption should always be
enabled to increase the security of your wireless network. Default Transmit Key Select which WEP
key (1-4) will be used when the Router sends data. Make sure the receiving device is using the
same key.
• WEP Encryption. Select the level of WEP encryption you wish to use, 64-bit 10 hex digits or
128-bit 26 hex digits. Higher encryption levels offer higher levels of security, but due to the
complexity of the encryption, they may decrease network performance.
• Passphrase. Instead of manually entering WEP keys, you can enter a Passphrase. This
Passphrase is used to generate one or more WEP keys. It is case-sensitive and should not be
longer than 16 alphanumeric characters. (This Passphrase function is compatible with Linksys
wireless products only. If you want to communicate with non-Linksys wireless products, enter the
WEP key manually on the non-Linksys wireless products.) After you enter the Passphrase, click
the Generate button to create WEP keys.
• Keys 1-4. WEP keys enable you to create an encryption scheme for wireless LAN transmissions.
If you are not using a Passphrase, then manually enter a set of values. (Do not leave a key field
blank, and do not enter all zeroes. These are not valid key values.)
If you are using 64-bit WEP encryption, then the key must be exactly 10 hexadecimal characters in
length. If you are using 128-bit WEP encryption, then the key must be exactly 26 hexadecimal
characters in length.
Valid hexadecimal characters are “0”-“9” and “A”-“F”.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click
the Cancel Changes button to undo your changes.
Wireless Network Access (See Figure 6-13.)
Figure 6-13: Wireless Network Access
Wireless Network Access. If this function is enabled, only the computers on the list will be allowed
access to the wireless network. To add a computer to the network, click the Permit to access
button, and enter the MAC address in the fields. Click the Select MAC Address From Networked
Computers button, and the screen in Figure 6-15 will appear.
Select the MAC Address from the list and click the Select button.
To prevent access, click the Prevent from accessing button, then click Select MAC Address
from the list.
From the screen in Figure 6-14, select the MAC Address from the list, and click the Select button.
Click the Refresh button if you want to refresh the screen. Click the Close button to return to th
previous screen.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-14: Networked Computers
Advanced Wireless Settings (See Figure 6-15.)
Figure 6-15: Advanced Wireless Settings
On this screen you can access the Advanced Wireless features, including Authentication Type,
Basic Data Rates,
Control Tx Rates, Beacon Interval, DTIM Interval, RTS Threshold, and Fragmentation Threshold.
• Authentication Type. The default is set to Auto, which allows either Open System or Shared Key
authentication to be used. For Open System authentication, the sender and the recipient do NOT
use a WEP key for authentication. For Shared Key authentication, the sender and recipient use a
WEP key for authentication. If you want to use only Shared Key authentication, then select
Shared Key.
• Basic Data Rates. Select 1-2 Mbps, All, or Default, from the drop-down menu.
• Control Tx Rates. The default transmission rate is Auto. The range is from 1 to 54Mbps. The rate
of data transmission should be set depending on the speed of your wireless network. You can
select from a range of transmission speeds, or keep the default setting, Auto, to have the Router
automatically use the fastest possible data rate and enable the Auto-Fallback feature.
Auto-Fallback will negotiate the best possible connection speed between the Router and a
wireless client.
• Beacon Interval. The default value is 100. Enter a value between 1 and 65,535 milliseconds. The
Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet
broadcast by the Router to synchronize the wireless network.
• DTIM Interval The default value is 3. This value, between 1 and 255 milliseconds, indicates the
interval of the Delivery Traffic Indication Message (DTIM). A DTIM field is a countdown field
informing clients of the next window for listening to broadcast and multicast messages. When the
Router has buffered broadcast or multicast messages for associated clients, it sends the next
DTIM with a DTIM Interval value. Its clients hear the beacons and awaken to receive the broadcast
and multicast messages.
• RTS Threshold This value should remain at its default setting of 2347. The range is 0-2347 bytes.
Should you encounter inconsistent data flow, only minor modifications are recommended. If a
network packet is smaller than the preset RTS threshold size, the RTS/CTS mechanism will not be
enabled. The Router sends Request to
Send (RTS) frames to a particular receiving station and negotiates the sending of a data frame.
After receiving an RTS, the wireless station responds with a Clear to Send (CTS) frame to
acknowledge the right to begin transmission.
• Fragmentation Threshold This value should remain at its default setting of 2346. The range is
256-2346 bytes. It specifies the maximum size for a packet before data is fragmented into multiple
packets. If you experience a high packet error rate, you may slightly increase the Fragmentation
Threshold. Setting the Fragmentation Threshold too low may result in poor network performance.
Only minor modifications of this value are recommended.
The Security Tab
Firewall
When you click the Security tab, you will see the Firewall screen (see Figure 6-16). This screen
contains Filters and Block WAN Requests. Filters block specific internal users from accessing the
Internet and block anonymous Internet requests and/or multicasting.
• Firewall. To add Firewall Protection, click Enabled. If you do not want Firewall Protection, click
Disabled.
• Filter Proxy. Use of WAN proxy servers may compromise the Router's security. Denying Filter
Proxy will disable access to any WAN proxy servers. To enable proxy filtering, click Enabled.
• Filter Cookies. A cookie is data stored on your PC and used by Internet sites when you interact
with them. To enable cookie filtering, click Enabled.
• Filter Java Applets. Java is a programming language for websites. If you deny Java Applets, you
run the risk of not having access to Internet sites created using this programming language. To
enable Java Applet filtering, click Enabled.
• Filter ActiveX. ActiveX is a programming language for websites. If you deny ActiveX, you run the
risk of not having access to Internet sites created using this programming language. To enable
ActiveX filtering, click
Enabled.
• Filter Multicast. Multicasting allows for multiple transmissions to specific recipients at the same
time. If multicasting is permitted, then the Router will allow IP multicast packets to be forwarded to
the appropriate computers. Select Enabled to filter multicasting, or Disabled to disable this
feature.
• Block Anonymous Internet Requests. This keeps your network from being “pinged” or detected
and reinforces your network security by hiding your network ports, so it is more difficult for
intruders to work their way into your network. Select Enabled to block anonymous Internet
requests, or Disabled to allow anonymous Internet requests.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-16: Firewall
VPN
Virtual Private Networking (VPN) is a security measure that basically creates a secure connection
between two remote locations. This connection is very specific as far as its settings are concerned;
this is what creates the security. The VPN screen, shown in Figure 6-17, allows you to configure
your VPN settings to make your network more secure.
VPN PassThrough
• IPSec Passthrough. Internet Protocol Security (IPSec) is a suite of protocols used to implement
secure exchange of packets at the IP layer. To allow IPSec Passthrough, click the Enabled button.
To disable IPSec
Passthrough, click the Disabled button.
• PPTP Pass Through. Point-to-Point Tunneling Protocol Passthrough is the method used to
enable VPN sessions to a Windows NT 4.0 or 2000 server. To allow PPTP Passthrough, click the
Enabled button. To disable PPTP Passthrough, click the Disabled button.
• L2TP Pass Through. Layering 2 Tunneling Protocol Passthrough is an extension of the
Point-to-Point Tunneling Protocol (PPTP) used by to enable the operation of a virtual private
network (VPN) over the Internet.To allow L2TP Passthrough, click the Enabled button. To disable
L2TP Passthrough, click the Disabled button.
Figure 6-17: VPN
VPN Tunnel
The VPN Router creates a tunnel or channel between two endpoints, so that the data or
information between these endpoints is secure.
• To establish this tunnel, select the tunnel you wish to create in the Select Tunnel Entry
drop-down box. It is possible to create up to 100 simultaneous tunnels. Then click Enabled to
enable the tunnel. Once the tunnel is enabled, enter the name of the tunnel in the Tunnel Name
field. This is to allow you to identify multiple tunnels and does not have to match the name used at
the other end of the tunnel.
• Local Secure Group and Remote Secure Group. The Local Secure Group is the computer(s) on
your LAN that can access the tunnel. The Remote Secure Group is the computer (s) on the remote
end of the tunnel that can access the tunnel. Enter the IP Address and Subnet Mask of the local
VPN Router in the fields. To allow access to the entire IP subnet, enter 0 for the last set of IP
Addresses. (e.g. 192.168.1.0).
• Remote Security Gateway. The Remote Security Gateway is the VPN device, such as a second
VPN Router, on the remote end of the VPN tunnel. Enter the IP Address of the VPN device at the
other end of the tunnel. The remote VPN device can be another VPN Router, a VPN Server, or a
computer with VPN client software that supports IPSec. The IP Address may either be static
(permanent) or dynamic (changing), depending on thesettings of the remote VPN device. Make
sure that you have entered the IP Address correctly, or the connection cannot be made.
Remember, this is NOT the IP Address of the local VPN Router, but the IP
Address of the remote VPN Router or device with which you wish to communicate.
• Encryption. Using Encryption also helps make your connection more secure. There are two
different types of encryption: DES or 3DES (3DES is recommended because it is more secure).
You may choose either of these, but it must be the same type of encryption that is being used by
the VPN device at the other end of the tunnel.
Or, you may choose not to encrypt by selecting Disable. In Figure 6-18, DES (which is the default)
has been selected.
• Authentication. Authentication acts as another level of security. There are two types of
authentication: MD5 and SHA (SHA is recommended because it is more secure). As with
encryption, either of these may be selected, provided that the VPN device at the other end of the
tunnel is using the same type of authentication.
Or, both ends of the tunnel may choose to Disable authentication. In Figure 6-18, MD5 (the default)
has been selected.
• Key Management. Key Exchange Method. Select Auto (IKE) or Manual for the Key Exchange
Method. The two methods are described below.
Auto (IKE) Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field.
Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and
IKE proposals are secure. Based on this word, which MUST be entered at both ends of the tunnel
if this method is used, a key is generated to scramble (encrypt) the data being transmitted over the
tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or
letters in this field. No special characters or spaces are allowed.
In the Key Lifetime field, you may optionally select to have the key expire at the end of a time
period of your choosing. Enter the number of seconds you’d like the key to be useful, or leave it
blank for the key to last indefinitely.
Manual (See Figure 6-18.)
Figure 6-18: Manual Key Management
Select Manual, then select the Encryption Algorithm from the drop-down menu. Enter the
Encryption Key in the field (If, for your Encryption Algorithm, you chose DES, enter 16
hexadecimal characters. If you chose 3DES, enter 48 hexadecimal characters.) Select the
Authentication Algorithm from the drop-down menu.
Enter the Authentication Key in the field (If, for your Authentication Algorithm, you chose MD5,
enter 32 hexadecimal characters. If you chose SHA1, enter 40 hexadecimal characters.) . Enter
the Inbound and Outbound SPIs in the respective fields.
• Status. Click the Advanced VPN Tunnel Setup key and the Advanced VPN Tunnel Setup
screen will appear. See Figure 6-20.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes. Advanced VPN Tunnel
Setup From the Advance VPN Tunnel Setup screen, shown in Figure 6-19, you can adjust the
settings for specific VPN tunnels.
Phase 1
• Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is
completed,
Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.
• Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE
payloads in different sequences. Main mode is more common; however, some people prefer
Aggressive mode because it is faster. Main mode is for normal usage and includes more
authentication requirements than Aggressive mode. Main mode is recommended because it is
more secure. No matter which mode is selected, the VPN Router will accept both Main and
Aggressive requests from the remote VPN device.
• Encryption. Select the length of the key used to encrypt/decrypt ESP packets. There are two
choices: DES and 3DES. 3DES is recommended because it is more secure.
• Authentication. Select the method used to authenticate ESP packets. There are two choices:
MD5 and SHA. SHA is recommended because it is more secure.
• Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman
refers to a cryptographic technique that uses public and private keys for encryption and
decryption.
• Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the
end of a time period of your choosing. Enter the number of seconds you’d like the key to be used
until a re-key negotiation between each endpoint is completed.
Phase 2
• Encryption. The encryption method selected in Phase 1 will be displayed.
• Authentication. The authentication method selected in Phase 1 will be displayed.
• Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman
refers to a cryptographic technique that uses public and private keys for encryption and
decryption.
• Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the
end of a time period of your choosing. Enter the number of seconds you’d like the key to be used
until a re-key negotiation between each endpoint is completed.
Figure 6-19: Advanced VPN Tunnel Setup
Other Options
• Unauthorized IP Blocking. Click Enabled to block unauthorized IP addresses. Enter in the
Rejects Number field to specify how many times IKE must fail before blocking that unauthorized IP
address. Enter the length of time that you specify (in seconds) in the Block Period field.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes. For further help on this tab,
click the Help button.
Security
802.1x (See Figure 6-20.)
Figure 6-20: 802.1x
• Radius Server IP Address. Enter the Radius Server IP Address in the fields.
• Radius Server Port. Enter the Radius Server Port in the field.
• Shared Secret. Enter the Shared Secret in the field.
• Authentication Type. To enable EAP-TLS, click EAP-TLS. To enable EAP-TTLS, click EAP-TTLS.
To enable EAPMD5, click EAP-MD5,. To disable authentication, click Disable.
• WEP Settings. Click the WEP Settings button to edit the settings and Figure 7-22 will appear.
• Dynamic WEP Key Length. Select 64 or 128 bits from the drop-down menu.
• Key Renewal Timeout. Enter the time in seconds for key renewal.
• Port Inactivity Timeout. Enter the time in seconds for port inactivity.
• Port Connectivity Timeout. Enter the time in seconds for port connectivity.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
WEP
The WEP screen allows you to configure your WEP settings. (See Figure 6-21.) WEP encryption
should always be enabled to increase the security of your wireless network. Default Transmit Key.
Select which WEP key (1-4) will be used when the Router sends data. Make sure that the
receiving device is using the same key.
• WEP Encryption. Select the level of WEP encryption you wish to use, 64-bit 10 hex digits or
128-bit 26 hex
digits. Higher encryption levels offer higher levels of security, but due to the complexity of the
encryption, they may decrease network performance.
• Passphrase. Instead of manually entering WEP keys, you can enter a Passphrase. This
Passphrase is used to generate one or more WEP keys. It is case-sensitive and should not be
longer than 16 alphanumeric characters. (This Passphrase function is compatible with Linksys
wireless products only. If you want to communicate with non-Linksys wireless products, enter the
WEP key manually on the non-Linksys wireless products.) After you enter the Passphrase, click
the Generate button to create WEP keys.
• Keys 1-4. WEP keys enable you to create an encryption scheme for wireless LAN transmissions.
If you are not using a Passphrase, then manually enter a set of values. (Do not leave a key field
blank, and do not enter all zeroes. These are not valid key values.)
If you are using 64-bit WEP encryption, then the key must be exactly 10 hexadecimal characters in
length. If you are using 128-bit WEP encryption, then the key must be exactly 26 hexadecimal
characters in length. Valid hexadecimal characters are “0”-“9” and “A”-“F”.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-21: WEP
The Access Restrictions Tab
Access Restriction
The Access Restrictions tab, shown in Figure 6-22, allows you to block or allow specific kinds of
Internet usage.
Figure 6-22: Access Restriction
You can set up Internet access policies for specific PCs and set up filters by using network port
numbers.
• Internet Access Policy. Multiple Filters can be saved as Internet Access Policies. When you wish
to edit one, select the number of the Policy from the drop-down menu. The tab will change to
reflect the settings of this
Policy. If you wish to delete this Policy, click the Delete button. To see a summary of all Policies,
click the Summary button.
The summaries are listed on this screen, shown in Figure 6-23, with their name and settings. To
return to the Filters tab, click the Close button.
• Enter Policy Name. Policies are created from the fields presented here.
To create an Internet Access policy:
1. Enter a Policy Name in the field provided. Select Internet Access as the Policy Type.
2. Click the Edit List button. This will open the List of PCs screen, shown in Figure 6-24. From this
screen, you can enter the IP address or MAC address of any PC to which this policy will apply.
You can even enter ranges of PCs by IP address. Click the Apply button to save your settings, the
Cancel button to undo any changes, and the Close button to return to the Filters tab.
3. If you wish to Deny or Allow Internet access for those PCs you listed on the List of PCs screen,
click the option.
4. You can filter access to various services accessed over the Internet, such as FTP or Telnet, by
selecting a service from the drop-down menus next to Blocked Services. If a service isn’t listed,
you can click the Add
Service button to open the Service screen, shown in Figure 6-25, and add a service to the list.
You will need to enter a Service name, as well as the Protocol and Port Range used by the
service.
5. By selecting the appropriate setting next to Days and Time, choose when Internet access will be
filtered.
6. Lastly, click the Save Settings button to activate the policy.
To create an Inbound Traffic Policy
1. Enter a Policy Name in the field provided. Select Inbound Traffic as the Policy Type.
2. Enter the IP Address from which you want to block. Select the Protocol: TCP, UDP, or Both.
Enter the port number or select Any. Enter the IP Address to which you want to block.
3. Select Deny or Allow as appropriate.
4. By selecting the appropriate setting next to Days and Time, choose when the Inbound Traffic
will be filtered.
Lastly, click the Save Settings button to activate the policy.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Internet Access can also be filtered by URL Address, the address entered to access Internet sites,
by entering the address in one of the Website Blocking by URL Address fields. If you do not know
the URL Address, filtering can be done by Keyword by entering a keyword in one of the Website
Blocking by Keyword fields.
Figure 6-23: Internet Filter Summary
Figure 6-24: List of PCs
Figure 6-25: Blocked Services
The Applications and Gaming Tab
Port Range Forwarding
The Port Forwarding screen sets up public services on your network, such as web servers, ftp
servers, e-mail servers, or other specialized Internet applications. (Specialized Internet
applications are any applications that use Internet access to perform functions such as
videoconferencing or online gaming. Some Internet applications may not require any forwarding.)
(See Figure 6-26.)
Figure 6-26: Port Range Forwarding
When users send this type of request to your network via the Internet, the Router will forward
those requests to the appropriate PC. Any PC whose port is being forwarded must have its DHCP
client function disabled and must have a new static IP address assigned to it because its IP
address may change when using the DHCP function.
• Application. Enter the name you wish to give each application.
• Start and End. Enter the starting and ending numbers of the port you wish to forward.
• Protocol. Select the type of protocol you wish to use for each application: TCP, UDP, or Both.
• IP Address. Enter the IP Address and Click Enabled.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Port Triggering
Port Triggering is used for special Internet applications whose outgoing ports differ from the
incoming ports. For this feature, the Router will watch outgoing data for specific port numbers.
(See Figure 6-27.)
Figure 6-27: Port Triggering
The Router will remember the IP address of the computer that sends a transmission requesting
data, so that when the requested data returns through the Router, the data is pulled back to the
proper computer by way of IP address and port mapping rules.
• Application. Enter the name you wish to give each application.
• Start Port and End Port. Enter the starting and ending Triggered range numbers and the
Forwarded Range numbers of the port you wish to forward.
• Protocol. Select the type of protocol you wish to use for each application: TCP, UDP, or Both.
• Click Enabled.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
UPnP Forwarding
The UPnP screen provides options for customization of port services for applications. (See Figure
6-28.)
Enter the Application in the field. Then, enter the External and Internal Port numbers in the fields.
Select the type of protocol you wish to use for each application: TCP, UDP, or Both. Enter the IP
Address in the field. Click
Enabled to enable UPnP Forwarding for the chosen application.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-28: UPnP Forwarding
DMZ
The DMZ screen (see Figure 6-29) allows one local user to be exposed to the Internet for use of a
special-purpose service such as Internet gaming and videoconferencing, through Software DMZ,
or a user can use LAN Port 4 as a
DMZ Port, through Hardware DMZ. Whereas Port Range Forwarding can only forward a maximum
of 10 ranges of ports, DMZ hosting forwards all the ports for one PC at the same time.
• Software DMZ. This feature allows one local user to be exposed to the Internet for use of a
special-purpose service such as Internet gaming and videoconferencing. To use this feature,
select Enabled. To disable DMZ , select Disabled.
• DMZ Host IP Address. To expose one PC, enter the computer’s IP address. To get the IP
address of a computer, refer to “Appendix D: Finding the MAC Address and IP Address for Your
Ethernet Adapter.”
Deactivate DMZ by entering a 0 in the field.
• Hardware DMZ. This feature allows a user to use LAN Port 4 as a DMZ Port. To use this feature,
select
Enabled. To disable DMZ , select Disabled.
• Hardware DMZ IP Address. Enter the IP Address of the computer in the fields.
• Hardware DMZ Netmask. Enter the Netmask in the fields.
• Destination IP Address. Enter the IP Address of the destination in the fields.
• Subnet Mask. Enter the Subnet Mask of the destination in the fields.
• Default Gateway. Enter the Default Gateway in the fields.
• metric. Enter the metric in the field.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-29: DMZ
The Administration Tab
Management
The Management screen, shown in Figure 6-30, allows you to change the Router’s access
settings as well as configure the SNMP and UPnP (Universal Plug and Play) features.
Figure 6-30: Management
Router Password
Local Router Access. To ensure the Router’s security, you will be asked for your password when
you access the
Router’s Web-based Utility. The default password is admin.
• User Name. Enter the default admin.
• Router Password. It is recommended that you change the default password to one of your
choice.
• Re-enter to confirm. Re-enter the Router’s new Password to confirm it.
Remote Router Access. This feature allows you to access the Router from a remote location, via
the Internet.
• Remote Management. This feature allows you to manage the Router from a remote location, via
the Internet.
To enable Remote Management, click Enabled.
• Mangagement Port. Select the port number you will use to remotely access the Router from the
drop-down menu.
SNMP
Simple Network Management Protocol (SNMP) is a popular network monitoring and management
protocol. To enable SNMP, click Enabled. To disable SNMP, click Disabled.
• Identification. In the Contact field, enter contact information for the Router. In the Device Name
field, enter the name of the Router. In the Location field, specify the area or location where the
Router resides.
• Get Community. Enter the password that allows read-only access to the Router’s SNMP
information.
• Set Community. Enter the password that allows read/write access to the Router’s SNMP
information.
• SNMP Trusted Host. You can restrict access to the Router’s SNMP information by IP address.
Enter the IP address in the SNMP Trusted Host field. If this field is left blank, then access is
permitted from any IP address.
• SNMP Trap-Community. Enter the password required by the remote host computer that will
receive trap messages or notices sent by the Router.
• SNMP Trap-Destination. Enter the IP address of the remote host computer that will receive the
trap
messages.
UPnP
UPnP allows Windows XP to automatically configure the Router for various Internet applications,
such as gaming and videoconferencing. To enable UPnP, click Enabled.
• Allow User to make Configuration Changes. When enabled, this feature allows you to make
manual changes while still using the UPnP feature.
• Allow users to disable Internet access. When enabled, this feature allows you to prohibit any and
all Internet connections.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Log
The Log tab, shown in Figure 6-31, provides you with a log of all incoming and outgoing URLs or
IP addresses for your Internet connection.
Email Alert
To enable E-Mail Alert, click Enabled.
• E-Mail Address for General Logs. Enter the E-Mail Address for General Logs in the field.
• E-Mail Address for Alert Logs. Enter the E-Mail Address for Alert Logs in the field.
• Return E-Mail address. Enter the address for the return E-Mail.
• E-Mail Server IP Address. Enter the IP Address of the E-Mail Server in the fields.
Figure 6-31: Log
Syslog Notification
To enable Syslog, click Enabled.
• Device Name. Enter the Device Name in the field.
• Syslog Server IP Address. Enter the IP Address of the Syslog Server.
• Syslog Priority. Select the priority from the drop-down list.
Notification Queue Length
• Log queue Length. Enter the number of entries in the log queue in the field.
• Log Time Threshold. Enter the time for the threshold in the field.
Alert Log
Select the type of attacks that you want to be alerted to. Select Syn Flooding, IP Spoofing, Win
Nuke, Ping of Death, or Unauthorized Login attempt.
General Log.
Select the type of activity you would like to log. Select System Error Messages, Deny Policies,
Allow Policies,
Content Filtering, Data Inspection, authorized Login, or Configuration Changes.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Diagnostics
Ping Test (See Figure 6-32.)
Figure 6-32: Ping Test
Ping Test Parameters
Ping Target IP. Enter the IP Address that you want to ping in the field.
No. of Pings. Enter the number of times that you want to ping.
Ping Size. Enter the size of the ping packets.
Ping Interval. Enter the ping interval in Milliseconds.
Ping Timeout. Enter the time in Milliseconds.
Click the Start Test button to start the Ping Test. Click the Abort Test button to stop the test. Click
the Clear
Result button to clear the results. The results of the test will display in the window.
Factory Default (See Figure 6-33.)
If you have exhausted all other options and wish to restore the Router to its factory default settings
and lose all your settings, click Yes.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Figure 6-33: Factory Default
Firmware Upgrade (See Figure 6-34.)
To upgrade the Router’s firmware:
1. Click the Browse button to find the firmware upgrade file that you downloaded from the Linksys
website and then extracted.
2. Double-click the firmware file you downloaded and extracted. Click the Upgrade button, and
follow the instructions there.
Figure 6-34: Firmware Upgrade
Status
Router
This screen displays information about your Router and its WAN (Internet) Connections. (See
Figure 6-35.)
Information
The information displayed is the Hardware Version, Software Version, MAC Address, Local MAC
Address, and System Up Time.
WAN Connections
The WAN Connections displayed are the Network Access, WAN IP Address, Subnet Mask,
Default Gateway, and DNS.
Click the Refresh button if you want to Refresh your screen.
Figure 6-35: Router
Local Network
The Local Network information that is displayed is the IP Address, Subnet Mask, DHCP Server,
and DHCP Client Lease Info. To view the DHCP Clients Table, click the DHCP Clients button.
See Figure 6-36.
The DHCP Active IP Table, Figure 6-37, displays the computer name, IP Address, MAC Address
and the expiration time. Click the Close button to return to the Local Network screen.
Figure 6-36: Local Network
Figure 6-37: DHCP Active IP Table
Wireless
The Wireless Network information that is displayed is the MAC Address, Mode, SSID, Channel,
and Encryption Function. (See Figure 6-38.)
Click the Refresh button if you want to Refresh your screen.
System Performance
The System Peformance information that is displayed is the Wireless, Internet, and/or LAN
information for the IP Address, MAC Address, Connection Status, Packets Received, Packets
Sent, Bytes Received, Bytes Sent, Error Packes Received, and Dropped Packets Received. (See
Figure 6-39.)
Click the Refresh button if you want to Refresh your screen.
Figure 6-38: Wireless
Figure 6-39: System Performance
Appendix A: Troubleshooting
This appendix consists of two parts: “Common Problems and Solutions” and “Frequently Asked
Questions.”
Provided are possible solutions to problems that may occur during the installation and operation of
the Router.
Read the descriptions below to help you solve your problems. If you can’t find an answer here,
check the Linksys website at www.linksys.com.
Common Problems and Solutions
1. I need to set a static IP address on a PC.
You can assign a static IP address to a PC by performing the following steps:
• For Windows 98 and Me:
1. Click Start, Settings, and Control Panel. Double-click Network.
2. In The following network components are installed box, select the TCP/IP-> associated with
your Ethernet adapter. If you only have one Ethernet adapter installed, you will only see one
TCP/IP line with no association to an Ethernet adapter. Highlight it and click the Properties button.
3. In the TCP/IP properties window, select the IP address tab, and select Specify an IP address.
Enter a unique IP address that is not used by any other computer on the network connected to the
Router.
Make sure that each IP address is unique for each PC or network device.
4. Click the Gateway tab, and in the New Gateway prompt, enter 192.168.1.1, which is the default
IP address of the Router. Click the Add button to accept the entry.
5. Click the DNS tab, and make sure the DNS Enabled option is selected. Enter the Host and
Domain names (e.g., John for Host and home for Domain). Enter the DNS entry provided by your
ISP. If your ISP has not provided the DNS IP address, contact your ISP to get that information or
go to its website for the information.
6. Click the OK button in the TCP/IP properties window, and click Close or the OK button for the
Network window.
7. Restart the computer when asked.
• For Windows 2000:
1. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections.
2. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using,
and select the Properties option.
3. In the Components checked are used by this connection box, highlight Internet Protocol
(TCP/IP), and click the Properties button. Select Use the following IP address option.
4. Enter a unique IP address that is not used by any other computer on the network connected to
the Router.
5. Enter the Subnet Mask, 255.255.255.0.
6. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address).
7. Toward the bottom of the window, select Use the following DNS server addresses, and enter
the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or
go on its website to find the information.
8. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK
button in the Local Area Connection Properties window.
9. Restart the computer if asked.
• For Windows XP:
The following instructions assume you are running Windows XP with the default interface. If you
are using the Classic interface (where the icons and menus look like previous Windows versions),
please follow the instructions for Windows 2000.
1. Click Start and Control Panel.
2. Click the Network and Internet Connections icon and then the Network Connections icon.
3. Right-click the Local Area Connection that is associated with the Ethernet adapter you are
using, and select the Properties option.
4. In the This connection uses the following items box, highlight Internet Protocol (TCP/IP).
Click the Properties button.
5. Enter a unique IP address that is not used by any other computer on the network connected to
the Router.
6. Enter the Subnet Mask, 255.255.255.0.
7. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address).
8. Toward the bottom of the window, select Use the following DNS server addresses, and enter
the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or
go on its website to find the information.
9. Click the OK button in the Internet Protocol (TCP/IP) Properties window. Click the OK button in
the Local Area Connection Properties window.
2. I want to test my Internet connection.
A Check your TCP/IP settings.
For Windows 98, Me, 2000, and XP:
• Refer to “Chapter 4: Configure the PCs” for details. Make sure Obtain IP address automatically is
selected in the settings.
For Windows NT 4.0:
• Click Start, Settings, and Control Panel. Double-click the Network icon.
• Click the Protocol tab, and double-click on TCP/IP Protocol.
• When the window appears, make sure you have selected the correct Adapter for your Ethernet
adapter and set it for Obtain an IP address from a DHCP server.
• Click the OK button in the TCP/IP Protocol Properties window, and click the Close button in the
Network window.
• Restart the computer if asked.
B Open a command prompt.
For Windows 98 and Me:
• Click Start and Run. In the Open field, type in command. Press the Enter key or click the OK
button.
For Windows NT, 2000, and XP:
• Click Start and Run. In the Open field, type cmd. Press the Enter key or click the OK button. In
the command prompt, type ping 192.168.1.1 and press the Enter key.
• If you get a reply, the computer is communicating with the Router.
• If you do NOT get a reply, please check the cable, and make sure Obtain an IP address
automatically is selected in the TCP/IP settings for your Ethernet adapter.
C In the command prompt, type ping followed by your Internet or WAN IP address and press the
Enter key.
The Internet or WAN IP Address can be found on the Status screen of the Router’s web-based
utility. For example, if your Internet or WAN IP address is 1.2.3.4, you would enter ping 1.2.3.4 and
press the Enter key.
• If you get a reply, the computer is connected to the Router.
• If you do NOT get a reply, try the ping command from a different computer to verify that your
original computer is not the cause of the problem.
D In the command prompt, type ping www.yahoo.com and press the Enter key.
• If you get a reply, the computer is connected to the Internet. If you cannot open a webpage, try
the ping command from a different computer to verify that your original computer is not the cause
of the problem.
• If you do NOT get a reply, there may be a problem with the connection. Try the ping command
from a different computer to verify that your original computer is not the cause of the problem.
3. I am not getting an IP address on the Internet with my Internet connection.
• Refer to “Problem #2, I want to test my Internet connection” to verify that you have connectivity.
1. If you need to register the MAC address of your Ethernet adapter with your ISP, please see
“Appendix D: Finding the MAC address and IP Address for Your Ethernet Adapter.” If you need to
clone the MAC address of your Ethernet adapter onto the Router, see the System section of
“Chapter 6: The Router’s Web-based Utility” for details.
2. Make sure you are using the right Internet connection settings. Contact your ISP to see if your
Internet connection type is DHCP, Static IP Address, or PPPoE (commonly used by DSL
consumers). Please refer to the Setup section of “Chapter 6: The Router’s Web-based Utility” for
details on Internet connection settings.
3. Make sure you have the right cable. Check to see if the Internet column has a solidly lit Link/Act
LED.
4. Make sure the cable connecting from your cable or DSL modem is connected to the Router’s
Internet port. Verify that the Status page of the Router’s web-based utility shows a valid IP address
from your ISP.
5. Turn off the computer, Router, and cable/DSL modem. Wait 30 seconds, and then turn on the
Router, cable/DSL modem, and computer. Check the Status tab of the Router’s web-based utility
to see if you get an IP address.
4. I am not able to access the Setup page of the Router’s web-based utility.
• Refer to “Problem #2, I want to test my Internet connection” to verify that your computer is
properly connected to the Router.
1. Refer to “Appendix D: Finding the MAC Address and IP address for Your Ethernet Adapter” to
verify that your computer has an IP Address, Subnet Mask, Gateway, and DNS.
2. Set a static IP address on your system; refer to “Problem #1: I need to set a static IP address.”
3. Refer to “Problem #10: I need to remove the proxy settings or the dial-up pop-up window (for
PPPoE users).”
5. I can’t get my Virtual Private Network (VPN) working through the Router.
Access the Router’s web interface by going to http://192.168.1.1 or the IP address of the Router,
and go to the Security tab. Make sure you have IPsec pass-through and/or PPTP pass-through
enabled.
• VPNs that use IPSec with the ESP (Encapsulation Security Payload known as protocol 50)
authentication will work fine. At least one IPSec session will work through the Router; however,
simultaneous IPSec sessions may be possible, depending on the specifics of your VPNs.
• VPNs that use IPSec and AH (Authentication Header known as protocol 51) are incompatible
with the Router. AH has limitations due to occasional incompatibility with the NAT standard.
• Change the IP address for the Router to another subnet to avoid a conflict between the VPN IP
address and your local IP address. For example, if your VPN server assigns an IP address
192.168.1.X (X is a number from 1 to 254) and your local LAN IP address is 192.168.1.X (X is the
same number used in the VPN IP address), the Router will have difficulties routing information to
the right location. If you change the Router’s IP address to 192.168.2.1, that should solve the
problem. Change the Router’s IP address through the Setup tab
• of the web interface. If you assigned a static IP address to any computer or network device on
the network, you need to change its IP address accordingly to 192.168.2.Y (Y being any number
from 1 to 254). Note that each IP address must be unique within the network.
• Your VPN may require port 500/UDP packets to be passed to the computer that is connecting to
the IPSec server. Refer to “Problem #7, I need to set up online game hosting or use other Internet
applications” for details.
• Check the Linksys website for more information at www.linksys.com.
6. I need to set up a server behind my Router and make it available to the public.
To use a server like a web, ftp, or mail server, you need to know the respective port numbers they
are using.
For example, port 80 (HTTP) is used for web; port 21 (FTP) is used for FTP, and port 25 (SMTP
outgoing) and port 110 (POP3 incoming) are used for the mail server. You can get more
information by viewing the documentation provided with the server you installed.
• Follow these steps to set up port forwarding through the Router’s web-based utility. We will be
setting up web, ftp, and mail servers.
1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the
Router.
Go to the Applications and Gaming => Port Forwarding tab.
2. Enter any name you want to use for the Customized Application.
3. Enter the External Port range of the service you are using. For example, if you have a web
server, you would enter the range 80 to 80.
4. Check the protocol you will be using, TCP and/or UDP.
5. Enter the IP address of the PC or network device that you want the port server to go to. For
example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in
the field provided. Check “Appendix D: Finding the MAC Address and IP Address for Your
Ethernet Adapter” for details on getting an IP address.
6. Check the Enable option for the port services you want to use. Consider the example below:
Customized External Port TCP UDP IP Address Enable
Application
Web server 80 to 80 X X 192.168.1.100 X
FTP server 21 to 21 X 192.168.1.101 X
SMTP (outgoing)25 to 25 X X 192.168.1.102 X
POP3 (incoming)110 to 110 X X 192.168.1.102 X
When you have completed the configuration, click the Save Settingsbutton.
7. I need to set up online game hosting or use other Internet applications.
If you want to play online games or use Internet applications, most will work without doing any port
forwarding or DMZ hosting. There may be cases when you want to host an online game or Internet
application. This would require you to set up the Router to deliver incoming packets or data to a
specific computer. This also applies to the Internet applications you are using. The best way to get
the information on what port services to use is to go to the website of the online game or
application you want to use. Follow these steps to set up online game hosting or use a certain
Internet application:
1. Access the Router’s web interface by going to http://192.168.1.1 or the IP address of the Router.
Go to the Applications and Gaming => Port Forwarding tab.
2. Enter any name you want to use for the Customized Application.
3. Enter the External Port range of the service you are using. For example, if you want to host
Unreal Tournament (UT), you would enter the range 7777 to 27900.
4. Check the protocol you will be using, TCP and/or UDP.
5. Enter the IP address of the PC or network device that you want the port server to go to. For
example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in
the field provided. Check “Appendix D: Finding the MAC Address and IP Address for Your
Ethernet Adapter” for details on getting an IP address.
6. Check the Enable option for the port services you want to use. Consider the example below:
Customized External Port TCP UDP IP Address Enable
Application
UT 7777 to 27900 X X 192.168.1.100 X
Halflife 27015 to 27015 X X 192.168.1.105 X
PC Anywhere5631 to 5631 X 192.168.1.102 X
VPN IPSEC 500 to 500 X 192.168.1.100 X
When you have completed the configuration, click the Save Settings button.
8. I can’t get the Internet game, server, or application to work.
If you are having difficulties getting any Internet game, server, or application to function properly,
consider exposing one PC to the Internet using DeMilitarized Zone (DMZ) hosting. This option is
available when an application requires too many ports or when you are not sure which port
services to use. Make sure you disable all the forwarding entries if you want to successfully use
DMZ hosting, since forwarding has priority over DMZ hosting. (In other words, data that enters the
Router will be checked first by the forwarding settings.
If the port number that the data enters from does not have port forwarding, then the Router will
send the data to whichever PC or network device you set for DMZ hosting.)
• Follow these steps to set DMZ hosting:
1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the
Router.
Go to the Applications and Gaming => DMZ tab.
2. Disable or remove the entries you have entered for forwarding. Keep this information in case
you want to use it at a later time.
• Once completed with the configuration, click the Save Settings button.
9. I forgot my password, or the password prompt always appears when I am saving settings
to the Router.
• Reset the Router to factory default by pressing the Reset button for 10 seconds and then
releasing it. If you are still getting prompted for a password when saving settings, then perform the
following steps:
1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the
Router. Enter the default password admin, and click the Administrations => Management tab.
2. Enter a different password in the Router Password field, and enter the same password in the
second field to confirm the password.
3. Click the Save Settings button.
10. I am a PPPoE user, and I need to remove the proxy settings or the dial-up pop-up
window.
If you have proxy settings, you need to disable these on your computer. Because the Router is the
gateway for the Internet connection, the computer does not need any proxy settings to gain
access. Please follow these directions to verify that you do not have any proxy settings and that
the browser you use is set to connect directly to the LAN.
• For Microsoft Internet Explorer 5.0 or higher:
1. Click Start, Settings, and Control Panel. Double-click Internet Options.
2. Click the Connections tab.
3. Click the LAN settings button and remove anything that is checked.
4. Click the OK button to go back to the previous screen.
5. Click the option Never dial a connection. This will remove any dial-up pop-ups for PPPoE
users.
• For Netscape 4.7 or higher:
1. Start Netscape Navigator, and click Edit, Preferences, Advanced, and Proxies.
2. Make sure you have Direct connection to the Internet selected on this screen.
3. Close all the windows to finish.
11. To start over, I need to set the Router to factory default.
Hold the Reset button for 10 seconds and then release it. This will return the password, forwarding,
and other settings on the Router to the factory default settings. In other words, the Router will
revert to its original factory configuration.
12. I need to upgrade the firmware.
In order to upgrade the firmware with the latest features, you need to go to the Linksys website
and download the latest firmware at www.linksys.com.
• Follow these steps:
1. Go to the Linksys website at http://www.linksys.com and download the latest firmware.
2. To upgrade the firmware, follow the steps in the System section found in “Chapter 6: The
Router’s Web-based Utility.”
13. The firmware upgrade failed, and/or the Power LED is flashing.
The upgrade could have failed for a number of reasons. Follow these steps to upgrade the
firmware and/or make the Power LED stop flashing:
• If the firmware upgrade failed, use the TFTP program (it was downloaded along with the
firmware). Open the pdf that was downloaded along with the firmware and TFTP program, and
follow the pdf’s instructions.
• Set static IP address on the PC; refer to “Problem #1, I need to set a static IP address.” Use the
following IP address settings for the computer you are using:
IP Address: 192.168.1.50
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
• Perform the upgrade using the TFTP program or the Router’s web-based utility through its
Administration tab.
14.My DSL service’s PPPoE is always disconnecting.
PPPoE is not actually a dedicated or always-on connection. The DSL ISP can disconnect the
service after a period of inactivity, just like a normal phone dial-up connection to the Internet.
• There is a setup option to “keep alive” the connection. This may not always work, so you may
need to reestablish connection periodically.
1. To connect to the Router, go to the web browser, and enter http://192.168.1.1 or the IP address
of the Router.
2. Enter the password, if asked. (The default password is admin.)
3. On the Setup screen, select the option Keep Alive, and set the Redial Period option at 20
(seconds).
4. Click the Save Settings button.
5. Click the Status tab, and click the Connect button.
6. You may see the login status display as Connecting. Press the F5 key to refresh the screen,
until you see the login status display as Connected.
• Click the Save Settings button to continue.
• If the connection is lost again, follow steps 1- 6 to re-establish connection.
15. I can’t access my e-mail, web, or VPN, or I am getting corrupted data from the Internet.
The Maximum Transmission Unit (MTU) setting may need to be adjusted. By default, the MTU is
set at 1500.
For most DSL users, it is strongly recommended to use MTU 1492.
• If you are having some difficulties, perform the following steps:
1. To connect to the Router, go to the web browser, and enter http://192.168.1.1 or the IP address
of the Router.
2. Enter the password, if asked. (The default password is admin.)
3. Look for the MTU option, and select Manual. In the Size field, enter 1492.
4. Click the Save Settings button to continue.
• If your difficulties continue, change the Size to different values. Try this list of values, one value at
a time, in this order, until your problem is solved:
1462
1400
1362
1300
16. The Power LED flashes continuously.
The Power LED lights up when the device is first powered up. Meantime, the system will boot up
itself and check for proper operation. After finishing the checking procedure, the LED remains
steady to show that the system is working fine. If the LED continues to flash after this time, the
device is not working properly. Try to flash the firmware by assigning a static IP address to the
computer, and then upgrade the firmware. Try using the following settings, IP Address:
192.168.1.50 and Subnet Mask: 255.255.255.0.
17.When I enter a URL or IP address, I get a time-out error or am prompted to retry.
• Check if other PCs work. If they do, ensure that your workstation’s IP settings are correct (IP
Address, Subnet Mask, Default Gateway, and DNS). Restart the computer that is having a
problem.
• If the PCs are configured correctly, but still not working, check the Router. Ensure that it is
connected and powered on. Connect to it and check its settings. (If you cannot connect to it, check
the LAN and power connections.)
• If the Router is configured correctly, check your Internet connection (DSL/cable modem, etc.) to
see if it is working correctly. You can remove the Router to verify a direct connection.
• Manually configure the TCP/IP settings with a DNS address provided by your ISP.
• Make sure that your browser is set to connect directly and that any dial-up is disabled. For
Internet Explorer, click Tools, Internet Options, and then the Connection tab. Make sure that
Internet Explorer is set to Never dial a connection. For Netscape Navigator, click Edit,
Preferences, Advanced, and Proxy.
Make sure that Netscape Navigator is set to Direct connection to the Internet.
Frequently Asked Questions
What is the maximum number of IP addresses that the Router will support?
The Router will support up to 253 IP addresses.
Is IPSec Pass-Through supported by the Router?
Yes, it is a built-in feature that the Router automatically enables.
Where is the Router installed on the network?
In a typical environment, the Router is installed between the cable/DSL modem and the LAN. Plug
the Router into the cable/DSL modem’s Ethernet port.
Does the Router support IPX or AppleTalk?
No. TCP/IP is the only protocol standard for the Internet and has become the global standard for
communications.
IPX, a NetWare communications protocol used only to route messages from one node to another,
and AppleTalk, a communications protocol used on Apple and Macintosh networks, can be used
for LAN to LAN connections, but those protocols cannot connect from the Internet to a LAN.
Does the Internet connection of the Router support 100Mbps Ethernet?
The Router’s current hardware design supports up to 100Mbps Ethernet on its Internet port;
however, the Internet connection speed will vary depending on the speed of your broadband
connection. The Router also supports 100Mbps over the auto-sensing Fast Ethernet 10/100
switch on the LAN side of the Router.
What is Network Address Translation and what is it used for?
Network Address Translation (NAT) translates multiple IP addresses on the private LAN to one
public address that is sent out to the Internet. This adds a level of security since the address of a
PC connected to the private LAN is never transmitted on the Internet. Furthermore, NAT allows
the Router to be used with low cost Internet accounts, such as DSL or cable modems, when only
one TCP/IP address is provided by the ISP. The user may have many private addresses behind
this single address provided by the ISP.
Does the Router support any operating system other than Windows 95, Windows 98SE,
Windows Millennium, Windows 2000, or Windows XP?
Yes, but Linksys does not, at this time, provide technical support for setup, configuration or
troubleshooting of any non-Windows operating systems.
Does the Router support ICQ send file?
Yes, with the following fix: click ICQ menu -> preference -> connections tab->, and check I am
behind a firewall or proxy. Then set the firewall time-out to 80 seconds in the firewall setting. The
Internet user can then send a file to a user behind the Router.
I set up an Unreal Tournament Server, but others on the LAN cannot join. What do I need to
do?
If you have a dedicated Unreal Tournament server running, you need to create a static IP for each
of the LAN computers and forward ports 7777, 7778, 7779, 7780, 7781, and 27900 to the IP
address of the server. You can also use a port forwarding range of 7777 ~ 27900. If you want to
use the UT Server Admin, forward another port.
(Port 8080 usually works well but is used for remote admin. You may have to disable this.) Then in
the [UWeb.WebServer] section of the server.ini file, set the ListenPort to 8080 (to match the
mapped port above) and ServerName to the IP assigned to the Router from your ISP.
Can multiple gamers on the LAN get on one game server and play simultaneously with just
one public IPaddress?
It depends on which network game or what kind of game server you are using. For example,
Unreal Tournament supports multi-login with one public IP.
How do I get Half-Life: Team Fortress to work with the Router?
The default client port for Half-Life is 27005. The computers on your LAN need to have “+clientport
2700x” added to the HL shortcut command line; the x would be 6, 7, 8, and on up. This lets
multiple computers connect to the same server. One problem: Version 1.0.1.6 won’t let multiple
computers with the same CD key connect at the same time, even if on the same LAN (not a
problem with 1.0.1.3). As far as hosting games, the HL server does not need to be in the DMZ.
Just forward port 27015 to the local IP address of the server computer.
How can I block corrupted FTP downloads?
If you are experiencing corrupted files when you download a file with your FTP client, try using
another FTP program.
The web page hangs; downloads are corrupt, or nothing but junk characters are being
displayed on the screen. What do I need to do?
Force your Ethernet adapter to 10Mbps or half duplex mode, and turn off the “Auto-negotiate”
feature of your Ethernet adapter as a temporary measure. (Please look at the Network Control
Panel in your Ethernet adapter’s Advanced Properties tab.) Make sure that your proxy setting is
disabled in the browser. Check our website at www.linksys.com for more information.
If all else fails in the installation, what can I do?
Reset the Router by holding down the reset button until the Power LED fully turns on and off.
Reset your cable or DSL modem by powering the unit off and then on. Obtain and flash the latest
firmware release that is readily
available on the Linksys website, www.linksys.com.
How will I be notified of new Router firmware upgrades?
All Linksys firmware upgrades are posted on the Linksys website at www.linksys.com, where they
can be downloaded for free. To upgrade the Router’s firmware, use the System tab of the Router’s
web-based utility. If the Router’s Internet connection is working well, there is no need to download
a newer firmware version, unless that version contains new features that you would like to use.
Downloading a more current version of Router firmware will not enhance the quality or speed of
your Internet connection, and may disrupt your current connection stability.
Will the Router function in a Macintosh environment?
Yes, but the Router’s setup pages are accessible only through Internet Explorer 4.0 or Netscape
Navigator 4.0 or higher for Macintosh.
I am not able to get the web configuration screen for the Router. What can I do?
You may have to remove the proxy settings on your Internet browser, e.g., Netscape Navigator or
Internet Explorer. Or remove the dial-up settings on your browser. Check with your browser
documentation, and make sure that your browser is set to connect directly and that any dial-up is
disabled. Make sure that your browser is set to connect directly and that any dial-up is disabled.
For Internet Explorer, click Tools, Internet Options, and then the Connection tab. Make sure that
Internet Explorer is set to Never dial a connection. For Netscape Navigator, click Edit, Preferences,
Advanced, and Proxy. Make sure that Netscape Navigator is set to Direct connection to the
Internet.
What is DMZ Hosting?
Demilitarized Zone (DMZ) allows one IP address (computer) to be exposed to the Internet. Some
applications require multiple TCP/IP ports to be open. It is recommended that you set your
computer with a static IP if you want to use DMZ Hosting. To get the LAN IP address, see
“Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter.”
If DMZ Hosting is used, does the exposed user share the public IP with the Router?
No.
Does the Router pass PPTP packets or actively route PPTP sessions?
The Router allows PPTP packets to pass through.
Is the Router cross-platform compatible?
Any platform that supports Ethernet and TCP/IP is compatible with the Router.
How many ports can be simultaneously forwarded?
Theoretically, the Router can establish 520 sessions at the same time, but you can only forward 10
ranges of ports.
What are the advanced features of the Router?
The Router’s advanced features include Advanced Wireless settings, Filters, Port Forwarding,
Routing, and DDNS.
What is the maximum number of VPN sessions allowed by the Router?
The maximum number depends on many factors. At least one IPSec session will work through the
Router; however, simultaneous IPSec sessions may be possible, depending on the specifics of
your VPNs.
How can I check whether I have static or DHCP IP Addresses?
Consult your ISP to obtain this information.
How do I get mIRC to work with the Router?
Under the Port Forwarding tab, set port forwarding to 113 for the PC on which you are using
mIRC.
Can the Router act as my DHCP server?
Yes. The Router has DHCP server software built-in.
Can I run an application from a remote computer over the wireless network?
This will depend on whether or not the application is designed to be used over a network. Consult
the application’s documentation to determine if it supports operation over a network.
What is the IEEE 802.11g standard?
It is one of the IEEE standards for wireless networks. The 802.11g standard allows wireless
networking hardware from different manufacturers to communicate, provided that the hardware
complies with the 802.11g standard.
The 802.11g standard states a maximum data transfer rate of 54Mbps and an operating frequency
of 2.4GHz.
What IEEE 802.11b features are supported?
The product supports the following IEEE 802.11b functions:
• CSMA/CA plus Acknowledge protocol
• Multi-Channel Roaming
• Automatic Rate Selection
• RTS/CTS feature
• Fragmentation
• Power Management
What is ad-hoc mode?
When a wireless network is set to ad-hoc mode, the wireless-equipped computers are configured
to communicate directly with each other. The ad-hoc wireless network will not communicate with
any wired network.
What is infrastructure mode?
When a wireless network is set to infrastructure mode, the wireless network is configured to
communicate with a wired network through a wireless access point.
What is roaming?
Roaming is the ability of a portable computer user to communicate continuously while moving
freely throughout an area greater than that covered by a single access point. Before using the
roaming function, the workstation must make sure that it is the same channel number with the
access point of dedicated coverage area.
To achieve true seamless connectivity, the wireless LAN must incorporate a number of different
functions. Each node and access point, for example, must always acknowledge receipt of each
message. Each node must maintain contact with the wireless network even when not actually
transmitting data. Achieving these functions simultaneously requires a dynamic RF networking
technology that links access points and nodes. In such a system, the user’s end node undertakes
a search for the best possible access to the system. First, it evaluates such factors as signal
strength and quality, as well as the message load currently being carried by each access point and
the distance of each access point to the wired backbone. Based on that information, the node next
selects the right access point and registers its address. Communications between end node and
host computer can then be transmitted up and down the backbone.
As the user moves on, the end node’s RF transmitter regularly checks the system to determine
whether it is in touch with the original access point or whether it should seek a new one. When a
node no longer receives acknowledgment from its original access point, it undertakes a new
search. Upon finding a new access point, it then re-registers, and the communication process
continues.
What is ISM band?
The FCC and their counterparts outside of the U.S. have set aside bandwidth for unlicensed use in
the ISM (Industrial, Scientific and Medical) band. Spectrum in the vicinity of 2.4 GHz, in particular,
is being made available worldwide. This presents a truly revolutionary opportunity to place
convenient high-speed wireless capabilities in the hands of users around the globe.
What is Spread Spectrum?
Spread Spectrum technology is a wideband radio frequency technique developed by the military
for use in reliable, secure, mission-critical communications systems. It is designed to trade off
bandwidth efficiency for reliability, integrity, and security. In other words, more bandwidth is
consumed than in the case of narrowband transmission, but the trade-off produces a signal that is,
in effect, louder and thus easier to detect, provided that the receiver knows the parameters of the
spread-spectrum signal being broadcast. If a receiver is not tuned to the right frequency, a
spread-spectrum signal looks like background noise. There are two main alternatives,
Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS).
What is DSSS? What is FHSS? And what are their differences?
Frequency-Hopping Spread-Spectrum (FHSS) uses a narrowband carrier that changes frequency
in a pattern that is known to both transmitter and receiver. Properly synchronized, the net effect is
to maintain a single logical channel. To an unintended receiver, FHSS appears to be
short-duration impulse noise. Direct-Sequence Spread-
Spectrum (DSSS) generates a redundant bit pattern for each bit to be transmitted. This bit pattern
is called a chip (or chipping code). The longer the chip, the greater the probability that the original
data can be recovered. Even if one or more bits in the chip are damaged during transmission,
statistical techniques embedded in the radio can recover the original data without the need for
retransmission. To an unintended receiver, DSSS appears as low power wideband noise and is
rejected (ignored) by most narrowband receivers.
Will the information be intercepted while it is being transmitted through the air?
WLAN features two-fold protection in security. On the hardware side, as with Direct Sequence
Spread Spectrum technology, it has the inherent security feature of scrambling. On the software
side, WLAN offers the encryption function (WEP) to enhance security and access control.
What is WEP?
WEP is Wired Equivalent Privacy, a data privacy mechanism based on a 64-bit or 128-bit shared
key algorithm, as described in the IEEE 802.11 standard.
What is a MAC Address?
The Media Access Control (MAC) address is a unique number assigned by the manufacturer to
any Ethernet networking device, such as a network adapter, that allows the network to identify it at
the hardware level. For all practical purposes, this number is usually permanent. Unlike IP
addresses, which can change every time a computer logs onto the network, the MAC address of a
device stays the same, making it a valuable identifier for the network.
How do I reset the Router?
Press the Reset button on the back panel for about ten seconds. This will reset the Router to its
default settings.
How do I resolve issues with signal loss?
There is no way to know the exact range of your wireless network without testing. Every obstacle
placed between the Router and a wireless PC will create signal loss. Lead glass, metal, concrete
floors, water and walls will inhibit the signal and reduce range. Start with the Router and your
wireless PC in the same room and move it away in small increments to determine the maximum
range in your environment.
You may also try using different channels, as this may eliminate interference affecting only one
channel.
I have excellent signal strength, but I cannot see my network.
WEP is probably enabled on the Router, but not on your wireless adapter (or vice versa). Verify
that the same WEP keys and levels (64 or 128) are being used on all nodes of your wireless
network.
How many channels/frequencies are available with the Router?
There are eleven available channels, ranging from 1 to 11 (in North America).
If your questions are not addressed here, refer to the Linksys website, www.linksys.com.
Appendix B: Wireless Security
A Brief Overview
Whenever data - in the form of files, emails, or messages - is transmitted over your wireless
network, it is open to attacks. Wireless networking is inherently risky because it broadcasts
information on radio waves. Just like signals from your cellular or cordless phone can be
intercepted, signals from your wireless network can also be compromised. What are the risks
inherent in wireless networking? Read on.
What Are The Risks?
Computer network hacking is nothing new. With the advent of wireless networking, hackers use
methods both old and new to do everything from stealing your bandwidth to stealing your data.
There are many ways this is done, some simple, some complex. As a wireless user, you should be
aware of the many ways they do this.
Every time a wireless transmission is broadcast, signals are sent out from your wireless PC or
router, but not always directly to its destination. The receiving PC or router can hear the signal
because it is within that radius.
Just as with a cordless phone, cellular phone, or any kind of radio device, anyone else within that
radius, who has their device set to the same channel or bandwidth can also receive those
transmission.
Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your
wireless PC will typically first listen for "beacon messages". These are identifying packets
transmitted from the wireless network to announce its presence to wireless nodes looking to
connect. These beacon frames are unencrypted and contain much of the network's information,
such as the network's SSID (Service Set Identifier) and the IP address of the network PC or router.
The SSID is analogous to the network's name. With this information broadcast to anyone within
range, hackers are often provided with just the information they need to access that network.
One result of this, seen in many large cities and business districts, is called "Warchalking". This is
the term used for hackers looking to access free bandwidth and free Internet access through your
wireless network. The marks they chalk into the city streets are well documented in the Internet
and communicate exactly where available wireless bandwidth is located for the taking.
Even keeping your network settings, such as the SSID and the channel, secret won't prevent a
hacker from listening for those beacon messages and stealing that information. This is why most
experts in wireless networking strongly recommend the use of WEP (Wireless Equivalent Privacy).
WEP encryption scrambles your wireless signals so they can only be recognized within your
wireless network.
But even WEP has its problems. WEP's encryption algorithm is referred to as "simple", which also
means "weak", because the technology that scrambles the wireless signal isn't too hard to crack
for a persistent hacker.
There are five common ways that hackers can break into your network and steal your bandwidth
as well as your data. The five attacks are popularly known as:
1. Passive Attacks
2. Jamming Attacks
3. Active Attacks
4. Dictionary-building or Table Attacks
5. Man-in-the-Middle Attacks
Passive Attacks
There's no way to detect a passive attack because the hacker is not breaking into your network.
He is simply listening (eavesdropping, if you will) to the information your network broadcasts.
There are applications easily available on the Internet that can allow a person to listen into your
wireless network and the information it broadcasts. Information such as MAC addresses, IP
addresses, usernames, passwords, instant message conversations, emails, account information,
and any data transmitted wirelessly, can easily be seen by someone outside of your network
because it is often broadcast in clear text. Simply put, any information transmitted on a wireless
network leaves both the network and individual users vulnerable to attack. All a hacker needs is a
"packet sniffer", software available on the Internet, along with other freeware or shareware
hacking utilities available on the Internet, to acquire your WEP keys and other network information
to defeat security.
Jamming Attacks
Jamming Attacks, when a powerful signal is sent directly into your wireless network, can
effectively shut down your wireless network. This type of attack is not always intentional and can
often come about simply due to the technology. This is especially possible in the 2.4 GHz
frequency, where phones, baby monitors, and microwave ovens can create a great deal of
interference and jam transmissions on your wireless network. One way to resolve this is by moving
your wireless devices into the 5 GHz frequency, which is dedicated solely to information
transmissions.
Active Attacks
Hackers use Active Attacks for three purposes: 1) stealing data, 2) using your network, and 3)
modifying your network so it's easier to hack in the next time.
In an Active Attack, the hacker has gained access to all of your network settings (SSID, WEP keys,
etc.) and is in your network. Once in your wireless network, the hacker has access to all open
resources and transmitted data on the network. In addition, if the wireless network's router is
connected to a switch, the hacker will also have access to data in the wired network.
Further, spammers can use your Internet connection and your ISP's mail server to send tens of
thousands of e-mails from your network without your knowledge.
Lastly, the hacker could make hacking into your network even easier by changing or removing
safeguards such as MAC address filters and WEP encryption. He can even steal passwords and
user names for the next time he wants to hack in.
Dictionary Building or Table Attacks
Dictionary building, or Table attacks, is a method of gaining network settings (SSID, WEP keys,
etc.) by analyzing about a day's worth of network traffic, mostly in the case of business networks.
Over time, the hacker can build up a table of network data and be able to decrypt all of your
wireless transmissions. This type of attack is more effective with networks that transmit more data,
such as businesses.
Man-in-the-Middle Attacks
A hacker doesn't need to log into your network as a user - he can appear as one of the network's
own routers, setting himself up as the man-in-the-middle. To do this, the hacker simply needs to
rig a router with your network's settings and send out a stronger signal that your router. In this way,
some of your network's PCs may associate with this rogue router, not knowing the difference, and
may begin sending data through it and to this hacker.
The trade-off for the convenience and flexibility wireless networking provides is the possibility of
being hacked into through one of the methods described here. With wireless networks, even with
WEP encryption, open to the persistent hacker, how can you protect your data? The following
section will tell you how to do just that.
Maximizing Wireless Security
Security experts will all tell you the same thing: Nothing is guaranteed. No technology is secure by
itself. An unfortunate axiom is that building the better mousetrap can often create a better mouse.
This is why, in the examples below, your implementation and administration of network security
measures is the key to maximizing wireless security.
No preventative measure will guarantee network security but it will make it more difficult for
someone to hack into your network. Often, hackers are looking for an easy target. Making your
network less attractive to hackers, by making it harder for them to get in, will make them look
elsewhere.
How do you do this? Before discussing WEP, let's look at a few security measures often
overlooked.
1)Network Content
Now that you know the risks assumed when networking wirelessly, you should view wireless
networks as you would the Internet. Don't host any systems or provide access to data on a
wireless network that you wouldn't put on the Internet.
2)Network Layout
When you first lay out your network, keep in mind where your wireless PCs are going to be located
and try to position your router towards the center of that network radius. Remember that access
points transmit indiscriminately in a radius; placing an access point at the edge of the physical
network area reduces network performance and leaves an opening for any hacker smart enough
to discover where the router is transmitting.
This is an invitation for a man-in-the-middle attack, as described in the previous section. To
perform this type of attack, the hacker has to be physically close to your network. So, monitoring
both your network and your property is important. Furthermore, if you are suspicious of
unauthorized network traffic, most wireless products come with a log function, with which you can
view activity on your network and verify if any unauthorized users have had access.
3)Network Devices
With every wireless networking device you use, keep in mind that network settings (SSID, WEP
keys, etc.) are stored in its firmware. If they get into the hands of a hacker, so do all of your
settings. So keep an eye on them.
4)Administrator passwords
Your network administrator is the only person who can change network settings. If a hacker gets a
hold of the administrator's password, he, too, can change those settings. So, make it harder for a
hacker to get that information. Change the administrator's password regularly.
5)SSID
There are a few things you can do to make your SSID more secure:
a. Disable Broadcast
b. Make it unique
c. Change it often
Most wireless networking devices will give you the option of broadcasting the SSID. This is a
option for convenience, allowing anyone to log into your wireless network. In this case, however,
anyone includes hackers.
So don't broadcast the SSID.
A default SSID is set on your wireless devices by the factory. (The Linksys default SSID is
"linksys".) Hackers know these defaults and can check these against your network. Change your
SSID to something unique and not something related to your company or the networking products
you use.
Changing your SSID regularly will force any hacker attempting to gain access to your wireless
network to start looking for that new SSID.
With these three steps in mind, please remember that while SSIDs are good for segmenting
networks, they fall short with regards to security. Hackers can usually find them quite easily.
6)MAC addresses
Enable MAC address filtering if your wireless products allow it. MAC address filtering will allow you
to provide access to only those wireless nodes with certain MAC addresses. This makes it harder
for a hacker using a random MAC address or spoofing (faking) a MAC address.
7) Firewalls
You can use the same firewall technology to protect your wired network from hackers coming in
through your wireless network as you did for the Internet. The firewall will protect your network
from any transmissions entering via your wireless network.
8)WEP
Wired Equivalent Privacy (WEP) is often looked upon as a panacea for wireless security concerns.
This is overstating WEP's ability. Again, this can only provide enough security to make a hacker's
job more difficult.
WEP encryption implementation was not put in place with the 802.11 standard. This means that
there are about as many methods of WEP encryption as there are providers of wireless
networking products. In addition, WEP is not completely secure. One piece of information still not
encrypted is the MAC address, which hackers can use to break into a network by spoofing (or
faking) the MAC address.
Programs exist on the Internet that are designed to defeat WEP. The best known of these is
AirSnort. In about a day, AirSnort can analyze enough of the wireless transmissions to crack the
WEP key. Just like a dictionarybuilding attack, the best prevention for these types of programs is
by not using static settings, periodically changing WEP keys, SSID, etc.
There are several ways that WEP can be maximized:
a) Use the highest level of encryption possible
b) Use multiple WEP keys
c) Change your WEP key regularly
Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit
WEP, swap out your old wireless units for 128-bit encryption right away. Where encryption is
concerned, the bigger and more complex, the better. A WEP key is a string of hexadecimal
characters that your wireless network uses in two ways. First, nodes in your wireless network are
identified with a common WEP key. Second, these WEP keys encrypt and decrypt data sent over
your wireless network. So, a higher level of security ensures that hackers will have a harder time
breaking into your network.
Setting one, static WEP key on your wireless network leaves your network open the threats even
as you think it is protecting you. While it is true that using a WEP key increases wireless security,
you can increase it further by using multiple WEP keys.
Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and
can be used to hack into the network if a card or access point falls into the wrong hands. Also,
should someone hack into your network, there would be nothing preventing someone access to
the entire network, using just one static key.
The solution, then, is to segment your network up into multiple groups. If your network had 80
users and you used four WEP keys, a hacker would have access to only ¼ of your wireless
network resources. In this way, multiple keys reduce your liability.
Finally, be sure to change your WEP key regularly, once a week or once a day. Using a "dynamic"
WEP key, rather than one that is static, makes it even harder for a hacker to break into your
network and steal your resources.
2.4GHz/802.11b and 802.11g WEP Encryption
WEP encryption for the Wireless-G VPN Broadband Router is configured through the Web-Utility's
Wireless tab.
Enable WEP from this tab and click the Edit WEP Settings button, which will open the WEP
screen, shown in Figure B-1.
Figure B-1: WEP
From this screen, you can select the type of WEP encryption to use as well as set the WEP Key for
that encryption.
Select which WEP key (1-4) will be used when the Router sends data, then select that number as
the Default Transmit Key. Make sure the receiving device is using the same key.
Select the level of WEP encryption you wish to use, 64-bit 10 hex digits or 128-bit 26 hex digits.
Higher encryption levels offer higher levels of security, but due to the complexity of the encryption,
they may decrease network performance.
If you wish to use a WEP Pass phrase, it can be a maximum of 16 alphanumeric characters. This
pass phrase may not work with non-Linksys products due to possible incompatibility with other
vendors' pass phrase generators.
The WEP Key can be generated using your Pass phrase or you can enter it manually.
If you wish to enter the WEP Key manually, type the key into the appropriate Key field on the left.
The WEP key must consist of the letters "A" through "F" and the numbers "0" through "9" and
should be 10 characters in length for 64-bit encryption or 26 characters in length for 128-bit
encryption. All points in your wireless network must use the same WEP key to utilize WEP
encryption.
Once the Pass phrase is entered, click the Generate key to generate a WEP key.
When finished making your changes on this tab, click the Save Settings button to save these
changes, or click the Cancel Changes button to undo your changes.
Appendix C: Configuring IPSec between a
Windows 2000 PC and the Router
Introduction
This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join
a private network inside the VPN Router and a Windows 2000 or XP PC. You can find detailed
information on configuring the Windows 2000 server at the Microsoft website:
Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000
http://support.microsoft.com/support/kb/articles/Q252/7/35.asp
Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000
http://support.microsoft.com/support/kb/articles/Q257/2/25.asp
Environment
The IP addresses and other specifics mentioned in this appendix are for illustration purposes only.
Windows 2000 or Windows XP
IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
BEFSX41
WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
How to Establish a Secure IPSec Tunnel
Step 1: Create an IPSec Policy
1. Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security
Setting screen will appear as shown in Figure C-1.
2. Right-click IP Security Policies on Local Computer, and click Create IP Security Policy.
3. Click the Next button, and then enter a name for your policy (for example, to_router). Then, click
Next.
4. Deselect the Activate the default response rule check box, and then click the Next button.
5. Click the Finish button, making sure the Edit check box is checked.
Step 2: Build Filter Lists
Filter List 1: win->router
1. In the new policy’s properties screen, verify that the Rules tab is selected, as shown in Figure
C-2. Deselect the Use Add Wizard check box, and click the Add button to create a new rule.
2. Make sure the IP Filter List tab is selected, and click the Add button. (See Figure C-3.)
Figure C-1: Password Screen
Figure C-2: Setup Tab
Figure C-3: IP Filter List Tab
3. The IP Filter List screen should appear, as shown in Figure C-4. Enter an appropriate name,
such as win- >router, for the filter list, and de-select the Use Add Wizard check box. Then, click
the Add button.
4. The Filters Properties screen will appear, as shown in Figure C-5. Select the Addressing tab. In
the Source address field, select My IP Address. In the Destination address field, select A specific
IP Subnet, and fill in the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (These are
the Router’s default settings. If you have changed these settings, enter your new values.)
5. If you want to enter a description for your filter, click the Description tab and enter the
description there.
6. Click the OK button. Then, click the OK (for Windows XP) or Close (for Windows 2000) button
on the IP Filter List window.
Filter List 2: router=>win
7. The New Rule Properties screen will appear, as shown in Figure C-6. Select the IP Filter List tab,
and make sure that win -> router is highlighted. Then, click the Add button.
Figure C-4: IP Filter List
Figure C-5: Filters Properties
Figure C-6: New Rule Properties
8. The IP Filter List screen should appear, as shown in Figure C-7. Enter an appropriate name,
such as router- >win for the filter list, and de-select the Use Add Wizard check box. Click the Add
button.
9. The Filters Properties screen will appear, as shown in Figure C-8. Select the Addressing tab. In
the Source address field, select A specific IP Subnet, and enter the IP Address: 192.168.1.0 and
Subnet mask:
255.255.255.0. (Enter your new values if you have changed the default settings.) In the
Destination address field, select My IP Address.
10. If you want to enter a description for your filter, click the Description tab and enter the
description there.
11. Click the OK button and the New Rule Properties screen should appear with the IP Filer List
tab selected, as shown in Figure C-9. There should now be a listing for “router -> win” and “win ->
router”. Click the OK (for WinXP) or Close (for Win2000) button on the IP Filter List window.
Figure C-7: IP Filter List
Figure C-8: Filters Properties
Figure C-9: New Rule Properties
Step 3: Configure Individual Tunnel Rules
Tunnel 1: win->router
1. From the IP Filter List tab, shown in Figure C-10, click the filter list win->router.
2. Click the Filter Action tab (as in Figure C-11), and click the filter action Require Security radio
button. Then, click the Edit button.
3. From the Security Methods tab, shown in Figure C-12, verify that the Negotiate security option
is enabled, and deselect the Accept unsecured communication, but always respond using
IPSec check box. Select Session key Perfect Forward Secrecy, and click the OK button.
Figure C-10: IP Filter List Tab
Figure C-11: Filter Action Tab
Figure C-12: Security Methods Tab
4. Select the Authentication Methods tab, shown in Figure C-13, and click the Edit button.
5. Change the authentication method to Use this string to protect the key exchange
(preshared key), as shown in Figure C-14, and enter the preshared key string, such as
XYZ12345. Click the OK button.
6. This new Preshared key will be displayed in Figure C-15. Click the OK or Close button to
continue.
Figure C-13: Authentication Methods
Figure C-14: Preshared Key
Figure C-15: New Preshared Key
7. Select the Tunnel Setting tab, shown in Figure C-16, and click The tunnel endpoint is
specified by this IP Address radio button. Then, enter the Router’s WAN IP Address.
8. Select the Connection Type tab, as shown in Figure C-17, and click All network connections.
Then, click the OK or Close button to finish this rule.
Tunnel 2: router->win
9. In the new policy’s properties screen, shown in Figure C-18, make sure that “win -> router” is
selected and deselect the Use Add Wizard check box. Then, click the Add button to create the
second IP filter.
Figure C-16: Tunnel Setting Tab
Figure C-17: Connectin Type Tab
Figure C-18: Properties Screen
10. Go to the IP Filter List tab, and click the filter list router->win, as shown in Figure C-19.
11. Click the Filter Action tab, and select the filter action Require Security, as shown in Figure
C-20. Then, click the Edit button.
12. Click the Authentication Methods tab, and verify that the authentication method Kerberos is
selected, as shown in Figure C-21. Then, click the Edit button.
Figure C-19: IP Filter List Tab
Figure C-20: Filter Action Tab
Figure C-21: Authentication Methods Tab
13. Change the authentication method to Use this string to protect the key exchange
(preshared key), and enter the preshared key string, such as XYZ12345, as shown in Figure
C-22. (This is a sample key string.
Yours should be a key that is unique but easy to remember.) Then click the OK button.
14. This new Preshared key will be displayed in Figure C-23. Click the OK button to continue.
15. From the Tunnel Setting tab, shown in Figure C-24, click the radio button for The tunnel
endpoint is specified by this IP Address, and enter the Windows 2000/XP computer’s IP
Address.
Figure C-22: Preshared Key
Figure C-23: New Preshared Key
Figure C-24: Tunnel Seting Tab
16. Click the Connection Type tab, shown in Figure C-25, and select All network connections.
Then click the OK (for Windows XP) or Close (for Windows 2000) button to finish.
17. From the Rules tab, shown in Figure C-26, click the OK button to return to the secpol screen.
Step 4: Assign New IPSec Policy
In the IP Security Policies on Local Computer window, shown in Figure C-27, right-click the policy
named to router, and click Assign. A green arrow appears in the folder icon.
Figure C-25: Connection Type
Figure C-26: Rules
Figure C-27: Local Computer
Step 5: Create a Tunnel Through the Web-Based Utility
1. Open your web browser, and enter 192.168.1.1 in the Address field. Press the Enter key.
2. When the User name and Password field appears, enter the default the user name and
password admin.
Press the Enter key.
3. From the Setup tab, click the VPN tab.
4. From the VPN tab, shown in Figure C-28, select the tunnel you wish to create in the Select
Tunnel Entry dropdown box. Then click Enabled. Enter the name of the tunnel in the Tunnel Name
field. This is to allow you to identify multiple tunnels and does not have to match the name used at
the other end of the tunnel.
5. Enter the IP Address and Subnet Mask of the local VPN Router in the Local Secure Group fields.
To allow access to the entire IP subnet, enter 0 for the last set of IP Addresses. (e.g. 192.168.1.0).
6. Enter the IP Address and Subnet Mask of the VPN device at the other end of the tunnel (the
remote VPN Router or device with which you wish to communicate) in the Remote Security
Gateway fields.
7. Select fromtwo different types of encryption: DES or 3DES (3DES is recommended because it
is more secure).
You may choose either of these, but it must be the same type of encryption that is being used by
the VPN device at the other end of the tunnel. Or, you may choose not to encrypt by selecting
Disable.
8. Select from two types of authentication: MD5 and SHA (SHA is recommended because it is
more secure). As with encryption, either of these may be selected, provided that the VPN device at
the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel
may choose to disable authentication.
9. Select the Key Management. Select Auto (IKE) and enter a series of numbers or letters in the
Pre-shared Key field. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the
initial key exchange and IKE proposals are secure. You may use any combination of up to 24
numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime
field, you may optionally select to have the key expire at the end of a time period of your choosing.
Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last
indefinitely.
10. Click the Save Settings button to save these changes.
Your tunnel should now be established.
Figure C-28: VPN Tab
Appendix D: Finding the MAC Address and IP
Address for Your
Ethernet Adapter
This section describes how to find the MAC address for your computer’s Ethernet adapter so you
can use the MAC filtering and/or MAC address cloning feature of the Router. You can also find the
IP address of your computer’s Ethernet adapter. This IP address is used for the Router’s filtering,
forwarding, and/or DMZ features. Follow the steps in this appendix to find the adapter’s MAC or IP
address in Windows 98, Me, 2000, or XP.
Windows 98 or Me Instructions
1. Click Start and Run. In the Open field, enter winipcfg. Then press the Enter key or the OK
button.
2. When the IP Configuration screen appears, select the Ethernet adapter you have connected to
the Router via a CAT 5 Ethernet network cable. See Figure E-1.
3. Write down the Adapter Address as shown on your computer screen (see Figure E-2). This is
the MAC address for your Ethernet adapter and is shown as a series of numbers and letters.
The MAC address/Adapter Address is what you will use for MAC address cloning or MAC filtering.
The example in Figure E-3 shows the Ethernet adapter’s IP address as 192.168.1.100. Your
computer may show something different.
Figure D-1: IP Configuration Screen
Figure D-2: MAC Address/Adapter Address
Windows 2000 or XP Instructions
1. Click Start and Run. In the Open field, enter cmd. Press the Enter key or click the OK button.
2. At the command prompt, enter ipconfig /all. Then press the Enter key.
3. Write down the Physical Address as shown on your computer screen (Figure E-3); it is the MAC
address for your Ethernet adapter. This appears as a series of numbers and letters.
The MAC address/Physical Address is what you will use for MAC address cloning or MAC filtering.
The example in Figure E-3 shows the Ethernet adapter’s IP address as 192.168.1.100. Your
computer may show something different.
Figure D-3: MAC Address/Physical Address
Appendix E: SNMP Functions
SNMP (Simple Network Management Protocol) is a widely-used network monitoring and control
protocol. Data is passed from a SNMP agent, such as the VPN Router, to the workstation console
used to oversee the network.
The Router then returns information contained in a MIB (Management Information Base), which is
a data structure that defines what is obtainable from the device and what can be controlled (turned
off, on, etc.).
SNMP functions, such as statistics, configuration, and device information, are not available without
third-party Management Software. The Router is compatible with all HP Openview compliant
software.
Appendix F: Upgrading Firmware
The Router's firmware is upgraded through the Web-Utility's Firmware Upgrade tab from the
Administration tab.
Follow these instructions:
1. Click the Browse button to find the firmware upgrade file that you downloaded from the Linksys
website and then extracted.
2. Double-click the firmware file you downloaded and extracted. Click the Upgrade button, and
follow the instructions there.
Figure F-1: Upgrade Firmware
Appendix G: Windows Help
All wireless products require Microsoft Windows. Windows is the most used operating system in
the world and comes with many features that help make networking easier. These features can be
accessed through Windows Help and are described in this appendix.
TCP/IP
Before a computer can communicate with the Access Point, TCP/IP must be enabled. TCP/IP is a
set of instructions, or protocol, all PCs follow to communicate over a network. This is true for
wireless networks as well. Your PCs will not be able to utilize wireless networking without having
TCP/IP enabled. Windows Help provides complete instructions on enabling TCP/IP.
Shared Resources
If you wish to share printers, folder, or files over your network, Windows Help provides complete
instructions on utilizing shared resources.
Network Neighborhood/My Network Places
Other PCs on your network will appear under Network Neighborhood or My Network Places
(depending upon the version of Windows you're running). Windows Help provides complete
instructions on adding PCs to your network.
Appendix H: Glossary
802.11a - An IEEE wireless networking standard that specifies a maximum data transfer rate of
54Mbps and an operating frequency of 5GHz.
802.11b - An IEEE wireless networking standard that specifies a maximum data transfer rate of
11Mbps and an operating frequency of 2.4GHz.
802.11g - An IEEE wireless networking standard that specifies a maximum data transfer rate of
54Mbps, an operating frequency of 2.4GHz, and backward compatibility with 802.11b devices.
Access Point - Device that allows wireless-equipped computers and other devices to
communicate with a wired network. Also used to expand the range of a wireless network.
Adapter - This is a device that adds network functionality to your PC.
Ad-hoc - A group of wireless devices communicating directly with each other (peer-to-peer)
without the use of an access point.
Backbone - The part of a network that connects most of the systems and networks together, and
handles the most data.
Bandwidth - The transmission capacity of a given device or network.
Beacon Interval - The frequency interval of the beacon, which is a packet broadcast by a router to
synchronize a wireless network.
Bit - A binary digit.
Boot - To start a device and cause it to start executing instructions.
Bridge - A device that connects two different kinds of local networks, such as a wireless network
to a wired Ethernet network.
Broadband - An always-on, fast Internet connection.
Browser - A browser is an application program that provides a way to look at and interact with all
the information on the World Wide Web.
Buffer - A block of memory that temporarily holds data to be worked on later when a device is
currently too busy to accept the data.
Cable Modem - A device that connects a computer to the cable television network, which in turn
connects to the Internet.
CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) - A method of data transfer that is
used to prevent data loss in a network.
CTS (Clear To Send) - A signal sent by a device to indicate that it is ready to receive data.
Daisy Chain - A method used to connect devices in a series, one after the other.
Database - A collection of data that is organized so that its contents can easily be accessed,
managed, and updated.
DDNS (Dynamic Domain Name System) - The capability of having a website, FTP, or e-mail
server-with a dynamic IP address-use a fixed domain name.
Default Gateway - A device that forwards Internet traffic from your local area network.
DHCP (Dynamic Host Configuration Protocol) - A protocol that lets one device on a local network,
known as a DHCP server, assign temporary IP addresses to the other network devices, typically
computers.
DMZ (Demilitarized Zone) - Removes the Router's firewall protection from one PC, allowing it to be
"seen" from the Internet.
DNS (Domain Name Server) - The IP address of your ISP's server, which translates the names of
websites into IP addresses.
Domain - A specific name for a network of computers.
Download - To receive a file transmitted over a network.
DSL (Digital Subscriber Line) - An always-on broadband connection over traditional phone lines.
DSSS (Direct-Sequence Spread-Spectrum) - A type of radio transmission technology that includes
a redundant bit pattern to lessen the probability of data lost during transmission. Used in 802.11b
networking.
DTIM (Delivery Traffic Indication Message) - A message included in data packets that can
increase wireless efficiency.
Dynamic IP Address - A temporary IP address assigned by a DHCP server.
Encryption - Encoding data to prevent it from being read by unauthorized people.
Ethernet - An IEEE standard network protocol that specifies how data is placed on and retrieved
from a common transmission medium.
Finger - A program that tells you the name associated with an e-mail address.
Firewall - Security measures that protect the resources of a local network from intruders.
Firmware - 1. In network devices, the programming that runs the device. 2. Programming loaded
into read-only memory (ROM) or programmable read-only memory (PROM) that cannot be altered
by end-users.
Fragmentation - Breaking a packet into smaller units when transmitting over a network medium
that cannot support the original size of the packet.
FTP (File Transfer Protocol) - A standard protocol for sending files between computers over a
TCP/IP network and the Internet.
Full Duplex - The ability of a networking device to receive and transmit data simultaneously.
Gateway - A system that interconnects networks.
Half Duplex - Data transmission that can occur in two directions over a single line, but only one
direction at a time.
Hardware - The physical aspect of computers, telecommunications, and other information
technology devices.
HTTP (HyperText Transport Protocol) - The communications protocol used to connect to servers
on the World Wide Web.
IEEE (The Institute of Electrical and Electronics Engineers) - An independent institute that
develops networking standards.
Infrastructure - Currently installed computing and networking equipment.
Infrastructure Mode - Configuration in which a wireless network is bridged to a wired network via
an access point.
IP (Internet Protocol) - A protocol used to send data over a network.
IP Address - The address used to identify a computer or device on a network.
IPCONFIG - A Windows 2000 and XP utility that displays the IP address for a particular
networking device.
IPSec (Internet Protocol Security) - A VPN protocol used to implement secure exchange of
packets at the IP layer.
ISM band - Radio band used in wireless networking transmissions.
ISP (Internet Service Provider) - A company that provides access to the Internet.
LAN (Local Area Network) - The computers and networking products that make up the network in
your home or office.
MAC (Media Access Control) Address - The unique address that a manufacturer assigns to each
networking device.
Mbps (Megabits Per Second) - One million bits per second; a unit of measurement for data
transmission.
Multicasting - Sending data to a group of destinations at once.
NAT (Network Address Translation) - NAT technology translates IP addresses of a local area
network to a different IP address for the Internet.
Network - A series of computers or devices connected for the purpose of data sharing, storage,
and/or transmission between users.
NNTP (Network News Transfer Protocol) - The protocol used to connect to Usenet groups on the
Internet.
Node - A network junction or connection point, typically a computer or work station.
OFDM (Orthogonal Frequency Division Multiplexing) - A type of modulation technology that
separates the data stream into a number of lower-speed data streams, which are then transmitted
in parallel. Used in 802.11a, 802.11g, and powerline networking.
Packet - A unit of data sent over a network.
Passphrase - Used much like a password, a passphrase simplifies the WEP encryption process
by automatically generating the WEP encryption keys for Linksys products.
Ping (Packet INternet Groper) - An Internet utility used to determine whether a particular IP
address is online.
POP3 (Post Office Protocol 3) - A standard protocol used to retrieve e-mail stored on a mail
server.
Port - 1. The connection point on a computer or networking device used for plugging in a cable or
an adapter. 2. The virtual connection point through which a computer uses a specific application
on a server.
PPPoE (Point to Point Protocol over Ethernet) - A type of broadband connection that provides
authentication (username and password) in addition to data transport.
PPTP (Point-to-Point Tunneling Protocol) - A VPN protocol that allows the Point to Point Protocol
(PPP) to be tunneled through an IP network. This protocol is also used as a type of broadband
connection in Europe.
Preamble - Part of the wireless signal that synchronizes network traffic.
RJ-45 (Registered Jack-45) - An Ethernet connector that holds up to eight wires.
Roaming - The ability to take a wireless device from one access point's range to another without
losing the connection.
Router - A networking device that connects multiple networks together, such as a local network
and the Internet.
RTS (Request To Send) - A packet sent when a computer has data to transmit. The computer will
wait for a CTS (Clear To Send) message before sending data.
Server - Any computer whose function in a network is to provide user access to files, printing,
communications, and other services.
SMTP (Simple Mail Transfer Protocol) - The standard e-mail protocol on the Internet.
SNMP (Simple Network Management Protocol) - A widely used network monitoring and control
protocol.
Software - Instructions for the computer. A series of instructions that performs a particular task is
called a "program".
Spread Spectrum - Wideband radio frequency technique used for more reliable and secure data
transmission.
SSID (Service Set IDentifier) - Your wireless network's name.
Static IP Address - A fixed address assigned to a computer or device that is connected to a
network.
Static Routing - Forwarding data in a network via a fixed path.
Subnet Mask - An address code that determines the size of the network.
Switch - 1. Device that is the central point of connection for computers and other devices in a
network, so data can be shared at full transmission speeds. 2. A device for making, breaking, or
changing the connections in an electrical circuit.
TCP/IP (Transmission Control Protocol/Internet Protocol) - A network protocol for transmitting data
that requires acknowledgement from the recipient of data sent.
Telnet - A user command and TCP/IP protocol used for accessing remote PCs.
TFTP (Trivial File Transfer Protocol) - A version of the TCP/IP FTP protocol that uses UDP and
has no directory or password capability.
Throughput - The amount of data moved successfully from one node to another in a given time
period.
Topology - The physical layout of a network.
TX Rate - Transmission Rate.
UDP (User Datagram Protocol) - A network protocol for transmitting data that does not require
acknowledgement from the recipient of the data that is sent.
Upgrade - To replace existing software or firmware with a newer version.
Upload - To transmit a file over a network.
URL (Uniform Resource Locator) - The address of a file located on the Internet.
VPN (Virtual Private Network) - A security measure to protect data as it leaves one network and
goes to another over the Internet.
WAN (Wide Area Network) - The Internet.
WEP (Wired Equivalent Privacy) - A method of encrypting data transmitted on a wireless network
for greater security.
WINIPCFG - A Windows 98 and Millennium utility that displays the IP address for a particular
networking device.
WLAN (Wireless Local Area Network) - A group of computers and associated devices that
communicate with each other wirelessly.
Appendix I: Specifications
Standards IEEE 802.3, 802.11b and 802.11g
Ports One Internet, Ethernet (1-4), Power
Buttons One Reset Button
Cabling Type UTP CAT 5 or better
Data Rate Up to 54Mbps
Transmit Power 19dBm
LEDs Power, Internet, Ethernet (1, 2, 3, 4), Wireless-G, DMZ
Security Features WEP, 802.1x Authentication
WEP Key Bits 64, 128
Dimensions
(W x H x D) (170 mm x 170 mm x 38 mm)
Unit Weight
Power External, 12V DC, 1A
Certifications FCC, IC-03
Operating Temp. 0ºC to 40ºC (32ºF to 104ºF)
Storage Temp. -20ºC to 70ºC (-4ºF to 158ºF)
Operating Humidity 10% to 85% Non-Condensing
Storage Humidity 5% to 90% Non-Condensing
Appendix J: Warranty Information
LIMITED WARRANTY
Linksys warrants to the original end user purchaser ("You") that, for a period of three years, (the
"Warranty Period") Your Linksys product will be free of defects in materials and workmanship
under normal use. Your exclusive remedy and Linksys's entire liability under this warranty will be
for Linksys at its option to repair or replace the product or refund Your purchase price less any
rebates.
If the product proves defective during the Warranty Period call Linksys Technical Support in order
to obtain a Return Authorization Number. BE SURE TO HAVE YOUR PROOF OF PURCHASE
ON HAND WHEN CALLING. When returning a product, mark the Return Authorization Number
clearly on the outside of the package and include a copy of your original proof of purchase.
RETURN REQUESTS CANNOT BE PROCESSED WITHOUT PROOF OF PURCHASE. You are
responsible for shipping defective products to Linksys. Linksys pays for UPS Ground shipping
from Linksys back to you only. Customers locate outside of the United States of America and
Canada are responsible for all shipping and handling charges.
ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE ARE LIMITED TO THE DURATION OF THE WARRANTY PERIOD.
ALL OTHER EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF NON-INFRINGEMENT, ARE
DISCLAIMED. Some jurisdictions do not allow limitations on how long an implied warranty lasts,
so the above limitation may not apply to You. This warranty gives
You specific legal rights, and you may also have other rights, which vary by jurisdiction.
TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL LINKSYS BE LIABLE FOR
ANY LOST DATA, REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED
REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE
OF OR INABILITY TO USE THE PRODUCT, EVEN IF LINKSYS HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL LINKSYS' LIABILITY EXCEED THE
AMOUNT PAID BY YOU FOR THE PRODUCT.
The foregoing limitations will apply even if any warranty or remedy provided under this Section
fails of its essential purpose. Some jurisdictions do not allow the exclusion or limitation of
incidental or consequential damages, so the above limitation or exclusion may not apply to You.
Please direct all inquiries to: Linksys, P.O. Box 18558, Irvine, CA 92623 USA.
Appendix K: Regulatory Information
FCC STATEMENT
This product has been tested and complies with the specifications for a Class B digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This equipment generates, uses, and can
radiate radio frequency energy and, if not installed and used according to the instructions, may
cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this
equipment does cause harmful interference to radio or television reception, which is found by
turning the equipment off and on, the user is encouraged to try to correct the interference by one
or more of the following measures:
• Reorient or relocate the receiving antenna
• Increase the separation between the equipment or devices
• Connect the equipment to an outlet other than the receiver's
• Consult a dealer or an experienced radio/TV technician for assistance
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cause harmful interference, and (2) this device must accept
any interference received, including interference that may cause undesired operation.
FCC Caution: Any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance 20cm
between the radiator & your body.
This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.
Linksys declares that WRV200 ( FCC ID: Q87-WRV200 ) is limited in CH1~CH11 for 2.4 GHz
by specified firmware controlled in U.S.A.
INDUSTRY CANADA (IC) statement
Operation is subject to the following two conditions:
1) This device may not cause interference and
2) This device must accept any interference, including interference that may cause
undesired operation of the device.
IMPORTANT NOTE:
IC Radiation Exposure Statement:
This equipment complies with IC radiation exposure limits set forth for an uncontrolled
environment. End users must follow the specific operating instructions for satisfying RF
exposure compliance. To maintain compliance with IC RF exposure compliance requirements,
please avoid direct contact to the transmitting antenna during transmitting.
This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter. Règlement d’Industry Canada
Les conditions de fonctionnement sont sujettes à deux conditions:
1) Ce périphérique ne doit pas causer d’interférence et.
2) Ce périphérique doit accepter toute interférence, y compris les interférences pouvant
perturber le bon fonctionnement de ce périphérique.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
The use of this device in a system operating either partially or completely outdoors may require the
user to obtain a license for the system according to the Canadian regulations.
EC DECLARATION OF CONFORMITY (EUROPE)
Linksys Group declares that the Instant Wireless™ Series products included in the Instant
Wireless™ Series conform to the specifications listed below, following the provisions of the EMC
Directive 89/336/EEC and Low
Voltage Directive 73/23/EEC:
ETS 300-826, 301 489-1 General EMC requirements for Radio equipment.
EN 609 50 Safety
ETS 300-328-2 Technical requirements for Radio equipment.
Note: This equipment is intended to be used in all EU and EFTA countries. Outdoor use may be
restricted to certain frequencies and/or may require a license for operation. For more details,
contact Linksys Corporate
Compliance.
Note: Combinations of power levels and antennas resulting in a radiated power level of above 100
mW are considered as not compliant with the above mentioned directive and are not allowed for
use within the European community and countries that have adopted the European R&TTE
directive 1999/5/EC and/or the CEPT recommendation Rec 70.03. For more details on legal
combinations of power levels and antennas, contact Linksys Corporate Compliance.
Linksys Group™ vakuuttaa täten että Instant Wireless IEEE 802.11 PC Card tyyppinen laite on
direktiivin 1999/5/ EY, direktiivin 89/336/EEC ja direktiivin 73/23/EEC oleellisten vaatimusten ja
sitä koskevien näiden direktiivien muiden ehtojen mukainen.
Linksys Group™ déclare que la carte PC Instant Wireless IEEE 802.11 est conforme aux
conditions essentielles et aux dispositions relatives à la directive 1999/5/EC, la directive
89/336/EEC, et à la directive 73/23/EEC.
Belgique B L'utilisation en extérieur est autorisé sur le canal 11 (2462 MHz), 12 (2467 MHz), et 13
(2472 MHz).
Dans le cas d'une utilisation privée, à l'extérieur d'un bâtiment, au-dessus d'un espace public,
aucun enregistrement n'est nécessaire pour une distance de moins de 300m. Pour une distance
supérieure à 300m un enregistrement auprès de l'IBPT est requise. Pour une utilisation publique à
l'extérieur de bâtiments, une licence de l'IBPT est requise. Pour les enregistrements et licences,
veuillez contacter l'IBPT.
France F: Bande de fréquence restreinte: seuls les canaux 10, 11, 12, 13 (2457, 2462, 2467, et
2472 MHz respectivement) doivent être utilisés en France.
Toute utilisation, qu'elle soit intérieure ou extérieure, est soumise à autorisation. Vous pouvez
contacter l'Autorité de Régulation des Télécommuniations
(<http://www.art-telecom.fr>) pour la procédure à suivre.
France F: Restricted frequency band: only channels 10, 11, 12, 13 (2457, 2462, 2467, and 2472
MHz respectively) may be used in France. License required for every indoor and outdoor
installations. Please contact ART for procedure to follow.
Deutschland D: Anmeldung im Outdoor-Bereich notwending, aber nicht genehmigungspflichtig.
Bitte mit Händler die Vorgehensweise abstimmen.
Germany D: License required for outdoor installations. Check with reseller for procedure to follow
Italia I: E' necessaria la concessione ministeriale anche per l'uso interno. Verificare con i rivenditori
la procedura da seguire. L'uso per installazione in esterni non e' permessa.
Italy I: License required for indoor use. Use with outdoor installations not allowed. the Netherlands
NL License required for outdoor installations. Check with reseller for procedure to follow.
Nederlands NL Licentie verplicht voor gebruik met buitenantennes. Neem contact op met verkoper
voor juisteprocedure.
Appendix L: Contact Information
Need to contact Linksys?
Visit us online for information on the latest products and updates to your existing products
at: http://www.linksys.com or ftp.linksys.com
Can't find information about a product you want to buy on the web? Do you want to know
more about networking with Linksys products? Give our advice line a call at:
800-546-5797 (LINKSYS)
Or fax your request in to: 949-261-8868
If you experience problems with any Linksys product, you can call us at: 800-326-7114
Don't wish to call? You can e-mail us at: support@linksys.com
If any Linksys product proves defective during its warranty period, you can call the
Linksys Return Merchandise Authorization department for obtaining a Return
Authorization Number at: 949-261-1288
(Details on Warranty and RMA issues can be found in the Warranty
Information section in this Guide.)