SMC Networks D3GN301 DOCSIS 3.0 Wireless Cable Modem Gateway User Manual

SMC Networks Inc DOCSIS 3.0 Wireless Cable Modem Gateway

UserManual.wiki >

SMC Networks >

D3GN301 User Manual

User Manual

SMC Networks 20 Mason Irvine, CA. 92618 U.S.A. Copyright © 2011 SMC Networks All Rights Reserved Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, or for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for any purpose without the express written permission of SMC. Microsoft and Windows are registered trademarks of Microsoft Corporation. Apple and Macintosh are registered trademarks of Apple, Inc. All other brands, product names, trademarks, or service marks are property of their respective owners. This product (Model :SMCD3GN3) includes software code developed by third parties, including software code subject to the GNU General Public License (“GPL”) or GNU Lesser General Public License (LGPL”). As applicable, the terms of the GPL and LGPL, and information on obtaining access to the GPL code and LGPL used in this product, are available to you at http://gpl.smc.com/. The GPL code and LGPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors. For details, see the GPL Code and LGPL Code for this product and the terms of the GPL and LGPL. SMCD3GN3 Wireless Cable Modem Gateway Administrator Manual

iii SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Contents Preface..................................................................................................................... vi Key Features..............................................................................................................vii Document Organization.............................................................................................viii Document Conventions.............................................................................................viii Safety and Warnings ...........................................................................................viii Typographic Conventions........................................................................................... ix 1 Getting to Know the Gateway............................................................................ 10 Unpacking Package Contents...................................................................................11 System Requirements...............................................................................................11 Front Panel................................................................................................................12 Configuring Wireless Security ...................................................................................14 Rear Panel ................................................................................................................14 Restoring Factory Defaults........................................................................................15 2 Installing the Gateway........................................................................................ 16 Finding a Suitable Location.......................................................................................17 Connecting to the LAN ..............................................................................................17 Connecting the WAN.................................................................................................18 Powering on the Gateway .........................................................................................18 3 Configuring Your Computer for TCP/IP............................................................ 19 Configuring Microsoft Windows 2000........................................................................20 Configuring Microsoft Windows XP...........................................................................21 Configuring Microsoft Windows Vista........................................................................22 Configuring Microsoft Windows 7..............................................................................24 Configuring an Apple® Macintosh® Computer ...........................................................26 4 Configuring the Gateway ................................................................................... 28 Pre-configuration Guidelines.....................................................................................29 Disabling Proxy Settings......................................................................................29 Disabling Proxy Settings in Internet Explorer ................................................29 Disabling Proxy Settings in Firefox................................................................29 Disabling Proxy Settings in Safari .................................................................30 Disabling Firewall and Security Software ............................................................30 Accessing the Gateway’s Web Management............................................................31 Understanding the Web Management Interface Screens .........................................32

Contents iv SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Web Management Interface Menus and Submenus .................................................33 System Settings Menu.........................................................................................36 Password Settings Menu.....................................................................................38 Remote Management Menu................................................................................43 Customer UI Setup Menu....................................................................................44 WAN Settings Menu ............................................................................................46 MAC Spoofing Menu ...........................................................................................49 LAN Settings Menu..............................................................................................50 Ether Switch Port Control Menu ..........................................................................53 LAN Access Control Menu ..................................................................................54 Controlling LAN Access.................................................................................56 Adding and Deleting Trusted Client Stations.................................................56 Adding and Deleting Untrusted Client Stations .............................................57 Additional Public Lan Menu.................................................................................58 Adding Public Subnets ..................................................................................59 Public IP Access Control Menu ...........................................................................60 QoS Settings Menu .............................................................................................62 Port Based QoS Menu...................................................................................64 CoS Settings Menu........................................................................................65 DSCP Based QoS Menu ...............................................................................67 Queue Settings Menu....................................................................................69 DSCP Remarking Menu ................................................................................71 Routing Menus ....................................................................................................73 Static Routes Menu .......................................................................................73 RIP Control Menu ..........................................................................................75 OSPF Control Menu ......................................................................................79 Adding OSPF Areas to the Cable Interface...................................................81 Wireless Basic Settings Menu.............................................................................83 Wireless Encryption Settings Menu.....................................................................85 WPS Setup..........................................................................................................88 MAC Filtering.......................................................................................................91 Adding and Deleting Wireless Client Stations ...............................................92 Advanced Wireless Settings Menu......................................................................93 NAT Settings .......................................................................................................95 Port Forwarding Menu.........................................................................................96 Adding Predefined Services ..........................................................................97 Adding Customer-Defined Services ..............................................................99 1-to-1 Mapping Menu ........................................................................................102 Security Settings (Firewall) Menu......................................................................105 Enabling or Disabling Firewall .....................................................................105 Configuring Access Control.........................................................................107 Configuring Special Applications.................................................................119

Contents v SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring URL Blocking ...........................................................................122 Configuring Schedule Rules........................................................................124 Configuring Email and Syslog Alerts ...........................................................125 Configuring DMZ Settings ...........................................................................129 Using the Configuration Tools Menu .................................................................130 Switching Working Scripts...........................................................................132 Backing Up the Gateway’s Current Configuration Locally...........................132 Restoring the Gateway’s Current Configuration Locally..............................133 Backing Up the Gateway’s Current Configuration Remotely.......................134 Restoring the Gateway’s Current Configuration Remotely..........................135 Restoring Factory Defaults ..........................................................................136 Using the Reboot Menu to Reboot the Gateway...............................................137 Using the Diagnostics Menu..............................................................................138 Using the Ping Tool .....................................................................................139 Using the Trace Route Tool.........................................................................141 Sending Inspected Traffic to a Log Server ..................................................143 Using the SNTP Menu.......................................................................................144 Configuring VPN Settings..................................................................................145 Using the VPN Menu ...................................................................................145 Using the Access Control Menu to Allow CPEs to Access IPSec VPN Tunnel ............................................................................................147 Using the VPN – Tunnel Configuration Menu..............................................148 Using the VPN – PPTP / L2TP User Configuration Menu ...........................153 Viewing Status Information................................................................................156 Viewing Cable Status Information .....................................................................158 Appendix A - Compliances ................................................................................. 160 Index ..................................................................................................................... 161

vi SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Preface Congratulations on your purchase of the SMCD3GN3 Wireless Cable Modem Gateway. The SMCD3GN3 Wireless Cable Modem Gateway is the ideal all-in-one wired and wireless solution for the home or business environment. SMC is proud to provide you with a powerful, yet simple communication device for connecting your local area network (LAN) to the Internet. This user manual contains all the information administrators need to install and configure your new SMCD3GN3 Wireless Cable Modem Gateway.

Preface vii SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Key Features The following list summarizes the Gateway’s key features. y Integrated, CableLabs-compliant DOCSIS 1.1/ 2.0 /3.0 cable modem y Four 10/100/1000 Mbps Auto-Sensing LAN ports with Auto-MDI/MDIX y High-speed 300 Mbps IEEE 802.11n Wireless Access Point y Dynamic Host Configuration Protocol (DHCP) for dynamic IP configuration, and Domain Name System (DNS) for domain name mapping y One USB 2.0 port y IEEE 802.11 b/g/n interoperability with multiple vendors y Wireless WEP, WPA, and WPA2 encryption, Hide SSID, and MAC Filtering y VPN pass-through support using PPTP, L2TP, or IPSec y Advanced SPI firewall Gateway for enhanced network security from attacks over the Internet: – Firewall protection with Stateful Packet Inspection – Client privileges – Hacker prevention – Protection from denial of service (DoS) attacks – Network Address Translation (NAT) y Universal Plug and Play (UPnP) enables seamless configuration of attached devices y Quality of Service (QoS) ensures high-quality performance with existing networks y Effortless plug-and-play installation y Intuitive graphical user interface (GUI) configuration, regardless of operating system y Comprehensive front panel LEDs for network status and troubleshooting y Compatible with all popular Internet applications

Preface viii SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Document Organization This document consists of four chapters and two appendixes. y Chapter 1 - describes the contents in the Gateway package, system requirements, and an overview of the Gateway’s front and rear panels. y Chapter 2 - describes how to install the Gateway. y Chapter 3 - describes how to configure TCP/IP settings on the computer you will use to configure the Gateway. y Chapter 4 - describes how to configure the Gateway. y Appendix A - contains compliance information. Document Conventions This document uses the following conventions to draw your attention to certain information. Safety and Warnings This document uses the following symbols to draw your attention to certain information. Symbol Meaning Description Note Notes emphasize or supplement important points of the main text. Tip Tips provide helpful information, guidelines, or suggestions for performing tasks more effectively. Warning Warnings indicate that failure to take a specified action could result in damage to the device. Electric Shock Hazard This symbol warns users of electric shock hazard. Failure to take appropriate precautions such as not opening or touching hazardous areas of the equipment could result in injury or death.

Preface ix SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Typographic Conventions This document also uses the following typographic conventions. Convention Description Bold Indicates text on a window, other than the window title, including menus, menu options, buttons, fields, and labels. Italic Indicates a variable, which is a placeholder for actual text provided by the user or system. Angled brackets (< >) are also used to indicate variables. screen/code Indicates text that is displayed on screen or entered by the user. < > angled brackets Indicates a variable, which is a placeholder for actual text provided by the user or system. Italic font is also used to indicate variables. [ ] square brackets Indicates optional values. { } braces Indicates required or expected values. | vertical bar Indicates that you have a choice between two or more options or arguments.

10 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 1 Getting to Know the Gateway Before you install the SMCD3GN3 Wireless Cable Modem Gateway, check the package contents and become familiar with the Gateway’s front and back panels. The topics covered in this chapter are: y Unpacking Package Contents (page 11) y System Requirements (page 11) y Front Panel (page 12) y Configuring Wireless Security (page 14) y Rear Panel (page 14) y Restoring Factory Defaults (page 15)

錯誤! 尚未定義樣式。 11 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Unpacking Package Contents The SMCD3GN3 package should include the following items: y One SMCD3GN3 Wireless Cable Modem Gateway y One power cord y One Category 5E Ethernet cable y One CD that contains this User Manual System Requirements To complete the installation, you will need the following items: y Provisioned Internet access on a cable network that supports cable modem service y A computer with a wired network adapter with TCP/IP installed y A Java-enabled Web browser, such as Microsoft Internet Explorer 5.5 or above y Microsoft® Windows® 2000 or higher for USB driver support

錯誤! 尚未定義樣式。 12 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Front Panel The front panel of the SMCD3GN3 Wireless Cable Modem Gateway contains a set of light-emitting diode (LED) indicators. These LEDs show the status of the Gateway and simplify troubleshooting. The front panel also contains a WPS button for configuring wireless security automatically. Figure 1 shows the front panel of the SMCD3GN3 Wireless Cable Modem Gateway. Table 1 describes the front panel LEDs. Figure 1. Front Panel of the SMCD3GN3 Wireless Cable Modem Gateway

錯誤! 尚未定義樣式。 13 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 1. Front Panel LEDs LED Color Description POWER Green ON = power is supplied to the Gateway. OFF = power is not supplied to the Gateway. Green Blinking = scanning for DS channel. ON = synchronized on 1 channel only. DS Blue ON = synchronized with more than 1 channel (DS Bond mode). DS and US Both DS and US blinking together = operator is performing maintenance. Green Blinking = ranging is in progress. ON = ranging is complete on 1 channel only. OFF = scanning for DS channel. US Blue ON = ranging is complete, operate with more than 1 channel (US Bond mode). ONLINE Green Blinking =.cable interface is acquiring IP, ToD, CM configuration. ON = Gateway is operational. OFF = Gateway is offline. Green Blinking = data is transmitting. ON = connected at 10 or 100 Mbps. OFF = no Ethernet link detected. ETH 1 – ETH 4 Blue Blinking = data is transmitting. ON = connected at 1 Gbps. OFF = no Ethernet link detected. WIFI Green Blinking = data is transmitting. ON = Wi-Fi is enabled. OFF = Wi-Fi is disabled. USB Green Reserved for future use.

錯誤! 尚未定義樣式。 14 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual ⊇ Configuring Wireless Security The front panel has a WPS button for configuring wireless security automatically. Pressing this button for 5 seconds automatically configures wireless security. If the client device supports WPS Push Button Configuration (PBC), press the button on the client within 60 seconds to automatically configure security on the client. After pressing this button for 5 seconds, the WPS LED on the front panel flashes. When a client joins the network successfully, the LED remains ON until the next WPS action or the device reboots. If no client joins, the LED stops blinking after 4 minutes. Rear Panel The rear panel of the SMCD3GN3 Wireless Cable Modem Gateway contains a reset button and the ports for attaching the supplied power adapter and making additional connections. Figure 2 shows the rear panel components and Table 2 describes their meanings. Figure 2. Rear View of the SMCD3GN3 Wireless Cable Modem Gateway Table 2. SMCD3GN3 Wireless Cable Modem Gateway Rear Panel Components Item Description ⊇ USB USB 2.0 high-speed port for storing configurations externally. ⊄ ETH 1 - 4 Four 10/100/1000 auto-sensing RJ-45 switch ports. Connect devices on your local area network such as a computer, hub, or switch to these ports. ⊂ Reset button Use this button to reset the power or restore the default factory settings (see “Restoring Factory Defaults,” below). This button is recessed to prevent accidental resets of the Gateway. ⊆ Cable Connect your coaxial cable line to this port. ∈ Power Connect the supplied power cord to this port. ⊂⊆∈⊄

錯誤! 尚未定義樣式。 15 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Restoring Factory Defaults The Reset button on the back panel can be used to return the Gateway to its factory default settings. As a result, any changes made to the Gateway’s default settings will be lost. If you do not have physical access to the Gateway, you can use the GUI to either power cycle the Gateway (see “Using the Reboot Menu to Reboot the Gateway” on page 137) or return the Gateway to its factory default settings (see “Restoring Factory Defaults” on page 136). The following procedure describes how to use the Reset button to power cycle the Gateway and return it to its original factory default settings. 1. Leave power plugged into the Gateway. 2. Find the Reset button on the back panel, then press and hold it for at least 10 seconds. 3. Release the Reset button.

16 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 2 Installing the Gateway This chapter describes how to install the SMCD3GN3 Wireless Cable Modem Gateway. The topics covered in this chapter are: y Finding a Suitable Location (page 17) y Connecting to the LAN (page 17) y Connecting the WAN (page 18) y Powering on the Gateway (page 18)

錯誤! 尚未定義樣式。 17 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Finding a Suitable Location The SMCD3GN3 Wireless Cable Modem Gateway can be installed in any location with access to the cable network. All of the cables connect to the rear panel of the Gateway for better organization and utility. The LED indicators on the front panel are easily visible to provide users with information about network activity and status. For optimum performance, the location you choose should: y Be close to a working AC power outlet y Allow sufficient air flow around the Gateway to keep the device as cool as possible y Not expose the Gateway to a dusty or wet environment y Be an elevated location such as a high shelf, keeping the number of walls and ceilings between the Gateway and your other devices to a minimum y Be away from electrical devices that are potential sources of interference, such as ceiling fans, home security systems, microwaves, or the base for a cordless phone y Be away from any large metal surfaces, such as a solid metal door or aluminum studs. Large expanses of other materials such as glass, insulated walls, fish tanks, mirrors, brick, and concrete can also affect your wireless signal Connecting to the LAN Using an Ethernet LAN cable, you can connect the Gateway to a desktop computer, notebook, hub, or switch. The SMCD3GN3 Wireless supports auto-MDI/MDIX, so you can use either a standard straight-through or crossover Ethernet cable. 1. Connect either end of an Ethernet cable to one of the four ETH ports on the rear panel of the Gateway (see Figure 3). Figure 3. Connecting to an ETH Port on the Gateway Rear Panel

錯誤! 尚未定義樣式。 18 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 2. Connect the other end of the cable to your computer’s network-interface card (NIC) or to another network device (see Figure 4). Figure 4. Connecting the Gateway to the a Laptop or Desktop Computer Connecting the WAN To connect the Gateway to a Wide Area Network (WAN) interface: 3. Connect a coaxial cable to the port labeled Cable on the rear panel of the Gateway from a cable port in your home or office (see Figure 2 on page 14). Use only manufactured coaxial patch cables with F-type connectors at both ends for all connections. 4. Hand-tighten the connectors to secure the connection. Powering on the Gateway After making your LAN and WAN connections, use the following procedure to power on the Gateway: 1. Connect the supplied power cord to the port on the rear panel of the Gateway (see Figure 2 on page 14). 2. Connect the other end of the power cord to a working power outlet. The Gateway powers on automatically, the POWER LED on the front panel goes ON, and the other front panel LEDs show the Gateway’s status (see Table 1 on page 13). WARNING: Only use the power cord supplied with the Gateway. Using a different power cord can damage the Gateway and void the warranty.

19 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 3 Configuring Your Computer for TCP/IP After you install the SMCD3GN3 Wireless Cable Modem Gateway, configure the TCP/IP settings on a computer that will be used to configure the Gateway. This chapter describes how to configure TCP/IP for various Microsoft Windows and Apple Macintosh operating systems. The topics covered in this chapter are: y Configuring Microsoft Windows 2000 (page 20) y Configuring Microsoft Windows XP (page 21) y Configuring Microsoft Windows Vista (page 22) y Configuring Microsoft Windows 7 (page 24) y Configuring an Apple® Macintosh® Computer (page 26)

錯誤! 尚未定義樣式。 20 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Microsoft Windows 2000 Use the following procedure to configure your computer if your computer has Microsoft Windows 2000 installed. 1. On the Windows taskbar, click Start, point to Settings, and then click Control Panel. 2. In the Control Panel window, double-click the Network and Dial-up Connections icon. If the Ethernet adapter in your computer is installed correctly, the Local Area Connection icon appears. 3. Double-click the Local Area Connection icon for the Ethernet adapter connected to the Gateway. The Local Area Connection Status dialog box appears (see Figure 5). Figure 5. Local Area Connection Status Window 4. In the Local Area Connection Status dialog box, click the Properties button. The Local Area Connection Properties dialog box appears. 5. In the Local Area Connection Properties dialog box, verify that Internet Protocol (TCP/IP) is checked. Then select Internet Protocol (TCP/IP) and click the Properties button. 6. Click Obtain an IP address automatically to configure your computer for DHCP. 7. Click the OK button to save this change and close the Local Area Connection Properties dialog box. 8. Click OK button again to save these new changes. 9. Restart your computer.

錯誤! 尚未定義樣式。 21 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Microsoft Windows XP Use the following procedure to configure a computer running Microsoft Windows XP with the default interface. If you use the Classic interface, where the icons and menus resemble previous Windows versions, perform the procedure under “Configuring Microsoft Windows 2000” on page 20. 1. On the Windows taskbar, click Start, click Control Panel, and then click Network and Internet Connections. 2. Click the Network Connections icon. 3. Click Local Area Connection for the Ethernet adapter connected to the Gateway. The Local Area Connection Status dialog box appears. 4. In the Local Area Connection Status dialog box, click the Properties button (see Figure 6). The Local Area Connection Properties dialog box appears. Figure 6. Local Area Connection Status Window 5. In the Local Area Connection Properties dialog box, verify that Internet Protocol (TCP/IP) is checked. Then select Internet Protocol (TCP/IP) and click the Properties button. The Internet Protocol (TCP/IP) Properties dialog box appears. 6. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address automatically to configure your computer for DHCP. Click the OK button to save this change and close the Internet Protocol (TCP/IP) Properties dialog box. 7. Click the OK button again to save your changes. 8. Restart your computer.

錯誤! 尚未定義樣式。 22 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Microsoft Windows Vista Use the following procedure to configure a computer running Microsoft Windows Vista with the default interface. If you use the Classic interface, where the icons and menus resemble previous Windows versions, perform the procedure under “Configuring Microsoft Windows 2000” on page 20. 1. On the Windows taskbar, click Start, click Control Panel, and then select the Network and Internet icon. 2. Click View Networks Status and tasks and then click Management Networks Connections. 3. Right-click the Local Area Connection icon and click Properties. 4. Click Continue. The Local Area Connection Properties dialog box appears. 5. In the Local Area Connection Properties dialog box, verify that Internet Protocol (TCP/IPv4) is checked. Then select Internet Protocol (TCP/IPv4) and click the Properties button (see Figure 7). The Internet Protocol Version 4 Properties dialog box appears. Figure 7. Local Area Connection Properties Window

錯誤! 尚未定義樣式。 23 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 6. In the Internet Protocol Version 4 Properties dialog box, click Obtain an IP address automatically to configure your computer for DHCP (see Figure 8). Figure 8. Internet Protocol Properties Window 7. Click the OK button to save your changes and close the dialog box. 8. Click the OK button again to save your changes. Figure 9. Local Area Connection Status Window

錯誤! 尚未定義樣式。 24 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Microsoft Windows 7 Use the following procedure to configure a computer running Microsoft Windows 7. 1. In the Start menu search box, type: ncpa.cpl Figure 10. Typing ncpa.cpl in the Start Menu Box The Network Connections List appears. Figure 11. Example of Network Connections List 2. Right-click the Local Area Connection icon and click Properties. 3. In the Networking tab, click either Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6), and then click Properties.

錯誤! 尚未定義樣式。 25 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 12. Local Area Network Connection Properties Dialog Box 4. In the properties dialog box, click Obtain an IP address automatically to configure your computer for DHCP (see Figure 13).

錯誤! 尚未定義樣式。 26 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 13. Properties Window 5. Click the OK button to save your changes and close the dialog box. 6. Click the OK button again to save your changes. Configuring an Apple® Macintosh® Computer The following procedure describes how to configure TCP/IP on an Apple Macintosh running Mac OS 10.2. If your Apple Macintosh is running Mac OS 7.x or later, the steps you perform and the screens you see may differ slightly from the following. However, you should still be able to use this procedure as a guide to configuring your Apple Macintosh for TCP/IP. a. Pull down the Apple Menu, click System Preferences, and select Network.

錯誤! 尚未定義樣式。 27 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 7. Verify that the NIC connected to the SMCD3GN3 is selected in the Show field. 8. In the Configure field on the TCP/IP tab, select Using DHCP (see Figure 14). 9. Click Apply Now to apply your settings and close the TCP/IP dialog box. Figure 14. Selecting Using DHCP in the Configure Field

28 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 4 Configuring the Gateway This chapter describes how to use a Web browser to configure the Gateway. The topics covered in this chapter are: y Pre-configuration Guidelines (page 29) y Accessing the Gateway’s Web Management (page 31) y Understanding the Web Management Interface Screens (page 32) y Web Management Interface Menus (page 33)

29 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Pre-configuration Guidelines Before you configure the Gateway, observe the guidelines in the following sections. Disabling Proxy Settings Disable proxy settings in your Web browser. Otherwise, you will not be able to view the Gateway’s Web-based configuration pages. Disabling Proxy Settings in Internet Explorer The following procedure describes how to disable proxy settings in Internet Explorer 5 and later. 1. Start Internet Explorer. 2. On your browser’s Tool menu, click Options. The Internet Options dialog box appears. 3. In the Internet Options dialog box, click the Connections tab. 4. In the Connections tab, click the LAN settings button. The Local Area Network (LAN) Settings dialog box appears. 5. In the Local Area Network (LAN) Settings dialog box, uncheck all check boxes. 6. Click OK until the Internet Options window appears. 7. In the Internet Options window, under Temporary Internet Files, click Settings. 8. For the option Check for newer versions of stored pages, select Every time I visit the webpage. 9. Click OK until you close all open browser dialog boxes. Disabling Proxy Settings in Firefox The following procedure describes how to disable proxy settings in Firefox. 1. Start Firefox. 2. On your browser’s Tools menu, click Options. The Options dialog box appears. 3. Click the Advanced tab. 4. In the Advanced tab, click the Network tab. 5. Click the Settings button. 6. Click Direct connection to the Internet. 7. Click the OK button to confirm this change.

錯誤! 尚未定義樣式。 30 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Disabling Proxy Settings in Safari The following procedure describes how to disable proxy settings in Safari. 1. Start Safari. 2. Click the Safari menu and select Preferences. 3. Click the Advanced tab. 4. In the Advanced tab, click the Change Settings button. 5. Choose your location from the Location list (this is generally Automatic). 6. Select your connection method. If using a wired connection, select Built-in Ethernet. For wireless, select Airport. 7. Click the Proxies tab. 8. Be sure each proxy in the list is unchecked. 9. Click Apply Now to finish. Disabling Firewall and Security Software Disable any firewall or security software that may be running on your computer. For more information, refer to the documentation for your firewall.

錯誤! 尚未定義樣式。 31 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Accessing the Gateway’s Web Management After configuring your computer for TCP/IP and performing the preconfiguration guidelines on the previous page, you can now easily configure the Gateway from the convenient Web-based management interface. From your Web browser (Microsoft Internet Explorer version 5.5 or later), you will log in to the interface to define system parameters, change password settings, view status windows to monitor network conditions, and control the Gateway and its ports. To access the SMCD3GN3 Wireless Cable Modem Gateway’s web-based management screens, use the following procedure. 1. Launch a Web browser. Note: The cable modem does not have to be online to configure the Gateway. 2. In the browser address bar, type http://192.168.0.1 and press the Enter key. For example: The Login User Password screen appears (see Figure 15) Figure 15. Login User Password Screen 3. In the Login User Password screen, enter the default administrator username and the default administrator password provided by SMC Networks. Both the username and password are case sensitive. 4. Click the Login button to access the Gateway. The Status page appears, showing connection status information about the Gateway.

錯誤! 尚未定義樣式。 32 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Understanding the Web Management Interface Screens The left side of the management interface contains a menu bar you use to select menus for configuring the Gateway. When you click a menu, information and any configuration settings associated with the menu appear in the main area of the interface (see Figure 16). If the displayed information exceeds what can be shown in the main area, scroll bars appear to the right of the main area so you can scroll up and down through the information. Figure 16. Main Areas on the Web Management Interface Some menus have submenus associated with them. If you click a menu that has submenus, the submenus appear below the menu. For example, if you click the System menu, the submenus Password Settings, Remote Management, and Customer UI Setup appear below the System menu (see Figure 17). Figure 17. Example of System Submenus The top-right side of the page contains a Home button that displays the Home (Status) page and a Logout button for logging out of the Web management interface. Main AreaMenu bar Help, Apply, and Cancel ButtonsHome and Logout Buttons

錯誤! 尚未定義樣式。 33 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual The bottom right side of the screen contains three buttons: y Help displays online help y Apply click this button to save your configuration changes to the displayed page y Cancel click this button to discard any configuration changes made to the current page Web Management Interface Menus and Submenus Table 3 describes the menus and submenus in the Web management interface. Note: Some menus and submenus described in this chapter may not apply to your Gateway. Please check your Gateway’s GUI to see which menus and submenus are available. Table 3. Web Management Interface Menus and Submenus Menus and Submenus Description See Page System Lets you disable all commercial Gateway functions, define a router name, use the router name at command prompts, and enable or disable UPnP and HNAP. Submenus let you: 36 System > Password Settings • Define user and admin password settings, RADIUS authentication, TACACS+ authentication, and TACACS authentication. 38 System > Remote Management • Allow users to manage the Gateway remotely using the Gateway’s Web interface and/or Telnet, and enable or disable remote management of the Gateway’s administrator interface. 43 System > Customer UI Setup • Select which configuration options on the Gateway’s user configuration menus are shown to or hidden from users. 44 WAN Lets you configure Wide Area Network (WAN) and Media Access Channel (MAC) spoofing settings. The submenu lets you: 46 WAN > MAC Spoofing • Clone (“spoof”) the Gateway’s MAC address if necessary. 49 LAN Lets you configure settings for your public and private LAN, auto-negotiation, and duplex mode. The submenu lets you: 50 LAN > Ether Switch Control • Specify fixed speed and duplex settings, and disable individual LAN ports. 53 LAN > Ether Access Control • Allow all EtherLAN client stations to access the Internet through the Gateway, allow certain trusted EtherLAN client stations to access the Internet through the Gateway, or deny certain trusted EtherLAN client stations from accessing the Internet through the Gateway. 54 LAN > Additional Public LAN • Add more than one public subnet, except for 20.20.1, to the LAN interface. 58 LAN > Public LAN IP Access Control • Block specific pubic IP addresses from accessing the Internet. 60 QoS Lets you configure Quality of Service (QoS) settings. If you enable QoS, the following submenus become available for: 62 QoS > Port • Prioritizing performance of the four Gateway LAN ports. 64

錯誤! 尚未定義樣式。 34 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual QoS > COS • Defining four queues to which the Class of Service (CoS) is mapped. 65 QoS > DSCP • Defining the QoS class queue to which the customized DSCP is mapped. 67 QoS > Queue • Specifying whether QoS behavior runs with strict or weighted priority. 69 QoS > DSCP Remarking • Defining the DSCP remarking action and mode. 71 Routing Lets you set up routing tables manually and automatically using the Routing Information Protocol (RIP). Submenus let you: 73 Routing > Static Routes • Add static routes manually. 73 Routing > RIP Control • Configure how the Gateway adjusts to physical changes in the network’s layout and exchange routing tables with other routers. 75 Routing > OSPF Control • Control how the Gateway uses the Open Shortest Path First (OSPS) protocol. 79 Wireless Lets you configure basic wireless settings, such as enabling or disabling wireless operation, selecting wireless mode, and configuring the Service Set Identifier (SSID) and channel settings. Submenus let you: 83 Wireless > Encryption • Use encryption to protect the data transmitted across your wireless network 85 Wireless > WPS • Enable or disable Wi-Fi Protected Setup (WPS). 88 Wireless > MAC Filtering • Allow all wireless client stations or only trusted PCs to connect over a wireless connection. 91 Wireless > Advanced Settings • Configure advanced wireless settings for the Gateway. 93

錯誤! 尚未定義樣式。 35 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual NAT Allows multiple users at your local site to access the Internet using a single pubic IP address. The submenus let you: NAT > Port Forwarding • Configure predefined and custom port forwarding settings to let Internet users access local services such as the Web Server or FTP server at your local site. 95 NAT > 1-to-1 Mapping • Perform 1-to-1 mapping between global IP addresses on the cable modem WAN interface and the private IP address on the LAN. 102 Firewall Lets you enable or disable the Gateway’s firewall. Submenus let you: 105 Firerwall > Access Control • Block traffic at the Gateway's LAN interfaces from accessing the Internet. 107 Firerwall > Special Application • Detect port triggers for detect multiple-session applications and allow them to pass the firewall. 108 Firerwall > URL Blocking • Block access to certain Web sites from local computers by entering either a full URL address or keywords of the Web site. 122 Firerwall > Schedule Rule • Define schedule rules that work with the Gateway’s URL blocking feature. 124 Firerwall > Email/Syslog Alert • Send email notifications or add entries to the syslog when traffic is blocked, attempts are made to intrude onto the network, and local computers try to access block URLs. 125 Firerwall > DMZ • Configure a local client computer for unrestricted two-way Internet access by defining it as a Virtual DMZ host. 129 Tools Provides the following submenus with utilities for performing the following activities: Tools > Configuration Tools Back up and restore Gateway configuration settings locally and remotely over the WAN, and restore Gateway factory default settings. 130 Tools > Reboot Reboot the Gateway. 137 Tools > Diagnostics Perform trace route and ping diagnostic operations. 138 Tools > SNTP Client Configure the Gateway to act as a SNTP client. 144 VPN Lets you enable or disable the Gateway’s VPN functions. When VPN functions are enabled, submenus let you: 145 VPN > Access Control • Allow PC clients behind the Gateway to access the IPSec VPN tunnel. 147 VPN > IPsec Tunnel Configuration • Define up to five tunnels and view, clear, refresh, and save the VPN log. 148 VPN > PPTP/L2TP Configuration • Set up to 50 Point-to-Point Tunneling Protocol (PPTP) / Layer Two Tunneling Protocol (L2TP) user accounts and define a pre-shared phrase. 153 Status Shows the connection status of the Gateway interfaces, firmware, hardware version numbers, illegal attempts to access your network, and information about DHCP client PCs current connected to the Gateway. The submenu lets you: 156 Status > Cable Status • View cable initialization procedures, and cable downstream and upstream status. 158

錯誤! 尚未定義樣式。 36 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual System Settings Menu The System Settings menu lets you: y Enable or disable all commercial Gateway functions y Define the Gateway’s name and enable it for command line prompt y Enable or disable UPnP and HNAP To access the System Settings menu, click System in the menu bar. Figure 18 shows an example of the menu and Table 4 describes the setting you can select. Figure 18. System Settings Menu

錯誤! 尚未定義樣式。 37 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 4. System Settings Menu Option Option Description Disable All Commercial Gateway Functions Enables or disables all commercial Gateway functions. • Checked = all commercial Gateway functions are disabled. • Unchecked = all commercial Gateway functions are enabled. (default) Router Name The name you want to assign to the Gateway. Assign a name so that this device will not be confused with other devices on your wireless network. We recommend you use a name that is meaningful to you so you can identify the Gateway easily. Use router name for command line prompt Determines whether the router name you specified appears in DOS command line prompts (for example, if you Telnet into the Gateway). • Checked = router name appears in command line prompts. • Unchecked = router name foes not appear in command line prompts. (default) Enable UPnP Configures the Gateway as a Universal Plug and Play (UPnP) Internet gateway. UPnP allows for dynamic connectivity between devices on a network. A UPnP-enabled device like the Gateway can obtain an IP address, advertise its capabilities, learn about other connected UPnP devices and then communicate directly with those devices. The same device can end its connection cleanly when it wishes to leave the UPnP community. The intent of UPnP is to support zero-configuration, "invisible" networking of devices including intelligent appliances, PCs, printers, and other smart devices using standard protocols. • Checked = UPnP is enabled on the Gateway. (default) • Unchecked = UPnP is disabled on the Gateway. Enable HNAP Configures the Gateway as a Home Network Administration Protocol (HNAP) device. HNAP allows the Gateway to be configured and managed by remote entities, such as Network Magic or any software application that discovers and manages network devices. • Checked = HNAP is enabled on the Gateway. • Unchecked = HNAP is disabled on the Gateway. (default)

錯誤! 尚未定義樣式。 38 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Password Settings Menu The Password Settings menu lets you change the Gateway’s default administrator username and password and the user’s password. The Password Settings menu also lets you change the number of minutes of inactivity that can occur before your Web management session times out automatically. The default setting is 10 minutes. In addition, you can configure Remote Authentication Dial In User Service (RADIUS), Terminal Access Controller Access-Control System Plus (TACACS+) , and Terminal Access Controller Access-Control System (TACACS) configuration settings. y RADIUS is a networking protocol that provides centralized authentication, authorization, and accounting management for computers to connect and use a network service y TACACS is a remote authentication protocol used to communicate with an authentication server commonly used in UNIX networks. TACACS lets a remote access server communicate with an authentication server determine whether the user has access to the network. y TACACS+ is a Cisco-proprietary protocol that provides access control for the Gateway and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization, and accounting services. To access the Password Settings menu, click System in the menu bar and then click the Password Settings submenu. Figure 19 shows an example of the menu and Table 5 describes the settings you can select.

錯誤! 尚未定義樣式。 39 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual

錯誤! 尚未定義樣式。 40 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 19. Password Settings Menu

錯誤! 尚未定義樣式。 41 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 5. Password Settings Menu Options Option Description Current Password Enter the current case-sensitive administrator password. For security purposes, every typed character appears as a dot (y). The default password is not shown for security purposes. MSO Username Enter the current new case-sensitive administrator username. New Password Enter the new case-sensitive administrator password you want to use. A password can contain up to 32 alphanumeric characters. Spaces count as password characters. For security purposes, every typed character appears as a dot (y). Re-Enter Password for Verification Enter the same case-sensitive administrator password you typed in the New Password field. For security purposes, every typed character appears as a dot (y). Commercial New Password Enter the new case-sensitive password your commercial users will use to log in to the Gateway Web management interface. A password can contain up to 32 alphanumeric characters. Spaces count as password characters. For security purposes, every typed character appears as a dot (y). If you leave this field blank, the default user password will be password. Re-Enter Commercial New Password for Verification Enter the same case-sensitive user password you typed in the Commercial New Password field. For security purposes, every typed character appears as a dot (y). Customer New Password Enter the new case-sensitive password your customers will use to log in to the Gateway Web management interface. A password can contain up to 32 alphanumeric characters. Spaces count as password characters. For security purposes, every typed character appears as a dot (y). If you leave this field blank, the default user password will be password. Re-Enter Customer New Password for Verification Enter the same case-sensitive user password you typed in the Customer New Password field. For security purposes, every typed character appears as a dot (y). Idle Time Out Your Web management interface sessions timeout after 10 minutes of idle time. To change this duration, enter a new timeout value. RADIUS Authentication To enable RADIUS authentication, check this box and then select the options for the primary and secondary authentication servers. Timeout Amount of time the Gateway waits for a response from the RADIUS servers before it tries to connect to the RADIUS servers again. Default is 3 seconds. Retry Maximum number of connection attempts the Gateway makes to connect to the RADIUS servers before giving up. Default is 3. Primary/Secondary For the primary and secondary authentication servers, enter the: • IP address of the RADIUS servers. • Port number that RADIUS uses for authentication. Default is 1812. • Authentication algorithm used for authentication. Choices are CHAP, MS-CHAP, and MS-CHAPv2. Default is CHAP. • Secret shared between the Gateway and RADIUS servers. For security purposes, every typed character appears as a dot (y).

錯誤! 尚未定義樣式。 42 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Option Description TACACS+ Authentication To enable TACACS+ authentication, check this box and then select the options for the primary and secondary authentication servers: • IP address of the TACACS+ servers. • Port number that TACACS+ uses for authentication. Default is 49. • Authentication algorithm used for authentication. Choices are ASCII, PAP, and CHAP. Default is ASCII for the primary server and ASCII for the secondary server. • Secret shared between the Gateway and TACACS+ servers. For security purposes, every typed character appears as a dot (y). TACACS Authentication To enable TACACS authentication, check this box and then select the options for the primary and secondary authentication servers: • IP address of the TACACS+ servers. • Port number that TACACS uses for authentication. Default is 49. • Authentication algorithm used for authentication. Choices are Authentication and Login. Default is Authentication. • Line the request is for. Default is 1. • Style of authentication to be performed.

錯誤! 尚未定義樣式。 43 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Remote Management Menu Administrative users can use the Gateway’s Web-based management or Telnet to manage the device remotely using the public Internet. y To use Web-based management, users specify the WAN IP address and remote management port in the URL entered in the Browser’s address field y For Telnet, users specify the WAN IP address and the remote Telnet management port Using the Remote Management menu, you can enable HTTP, Telnet, HTTPS, and SSH and specify the port numbers for each of these settings. You can also limit remote management to specific IP addresses. To access the Remote Management menu, click System in the menu bar and then click the Remote Management submenu in the menu bar. Figure 20 shows an example of the menu and Table 6 describes the settings you can select. Figure 20. Remote Management Menu

錯誤! 尚未定義樣式。 44 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 6. Remote Management Settings Menu Options Option Description WAN IP Address IP address used to access the Gateway’s Web management interface via the Internet. For example, if the WAN IP address is 123.45.67.8 and the Web management port is 8080, remote users type http://123.45.67.8:8080 to access the Web management interface. To change the value shown, check the box to the right of this option and enter a new value. Http Port Port number used to access the Gateway’s Web management interface. Range is from 1024 to 65535. Default is 8080. To change the value shown, check the box to the right of this option and enter a new value. Telnet Port Port number used to Telnet into the Gateway. Range is from 1 to 65535. Default is 2323. To change the value shown, check the box to the right of this option and enter a new value. Https Port Port number used to access the Gateway via a secure HTTPS connection. Default is 8181. To change the value shown, check the box to the right of this option and enter a new value. SSH Port Port number used to access the Gateway via a Secure Sockets Shell (SSH) connection. Default is 2222. To change the value shown, check the box to the right of this option and enter a new value. Mso remote management Enables or disables remote access to administrator configuration options. • Checked = administrator remote management is enabled. (default) • Unchecked = administrator remote management is disabled. Customer remote management Enables or disables remote access to user configuration options. • Checked = user remote management is enabled. • Unchecked = user remote management is disabled. (default) Limit remote management to By default, enabling remote management makes the device available to all IP addresses. To limit remote management to a subset of IP addresses, uncheck All IP addresses, select Single Address or Address Range from the drop-down list, enter the IP address or address range in the fields, and click Add. The IP addresses appear in Permitted IP Addresses. To delete an IP address or address range, click the address in Permitted IP Addresses and click Delete. No precautionary message appears before you delete an IP address. Customer UI Setup Menu The Customer UI Setup menu lets you select which menus, submenus, and configuration options are shown to (Enable) or hidden from (Disable) users. Using this menu, for example, you can hide options that, if changed by users, could adversely affect the Gateway. These settings do not affect the configuration options displayed for administrators. A Reset to Defaults button at the bottom-left side of the menu lets you return the parameters on this menu to their factory default settings. To access the Customer UI Setup menu, click System in the menu bar and then click the Customer UI Setup submenu in the menu bar. Figure 21 shows an example of the menu.

錯誤! 尚未定義樣式。 45 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual

錯誤! 尚未定義樣式。 46 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 21. Customer UI Setup Menu WAN Settings Menu The Gateway can connect to the cable service provider using either a static IP address or an IP address automatically assigned by a Dynamic Host Configuration protocol (DHCP) server. Using the WAN Settings menu, you can assign your own static WAN IP and DNS addresses to the Gateway. By default, both options are disabled, allowing the Gateway to obtain these settings automatically from a DHCP server. To access the WAN Settings menu, click WAN in the menu bar. Figure 22 shows an example of the menu and Table 7 describes the settings you can select.

錯誤! 尚未定義樣式。 47 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 22. WAN Settings Menu

錯誤! 尚未定義樣式。 48 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 7. WAN Settings Menu Options Option Description Do you want to assign your own WAN IP address? By default, this option is set to No. Cable modem providers typically use dynamic assignment of IP addresses. To assign a static WAN IP address to the Gateway and make the WAN fields below this option available, click Yes. Use public LAN IP as the WAN IP Check this box if you want to use the static public LAN IP address for the WAN IP address. This checkbox is available if Do you want to assign your own WAN IP address is set to Yes. WAN IP Address Enter a unique static IP address the Gateway. WAN IP Subnet Mask Enter the subnet mask for the Gateway WAN Gateway IP Address Enter the Gateway IP address. Release/Renew button Click this button to release and then renew the Gateway’s IP address. This button is available for DHCP only. It is gray and unavailable when Do you want to assign your own WAN IP address is set to Yes. Do you want to assign your own DNS address? By default, this option is set to No. Cable modem providers typically use dynamic assignment of IP addresses. To assign your own IP addresses to primary and secondary DNS servers and make the DNS fields below this option available, click Yes. Primary DNS Enter a primary DNS server IP address. Secondary DNS Enter the secondary DNS server IP address. Host Name This setting is optional. If you will require a host name for DHCP requests, enter it here.

錯誤! 尚未定義樣式。 49 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual MAC Spoofing Menu If you need to re-register your MAC address, you can use the MAC Spoofing menu to clone (or “spoof”) the Gateway’s registered MAC address as necessary. If you use the public static LAN IP address as the WAN IP for NAT translation, no MAC spoofing is necessary, To access the MAC Spoofing menu, click WAN in the menu bar and then click the MAC Spoofing submenu. Figure 23 shows an example of the menu and Table 8 describes the settings you can select. Figure 23. MAC Spoofing Menu Table 8. MAC Spoofing Menu Options Option Description MAC Address List Select the MAC address you want to spoof. Clone MAC Address Clone the MAC address of the NIC communicating with the cable modem.

錯誤! 尚未定義樣式。 50 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual LAN Settings Menu IP addresses are close to being used up and thus very hard to get. One solution to this problem is "private" IP addresses. Private IP addresses are ranges of IP addresses set aside expressly for use by a company or other entity internally. Private IP addresses are non-routable and, therefore, cannot be used to connect directly to the Internet. Some of the advantages of private IP addresses include: y Increased security, since private IP addresses are not routable across the Internet y You conserve the world-wide pool of IP addresses y You do not have to register or pay for these IP addresses in any way The LAN Settings menu lets you configure private LAN IP settings and private IP address pools for the Gateway. To access the LAN Settings menu, click LAN in the menu bar. Figure 24 shows an example of the menu and Table 9 describes the settings you can select.

錯誤! 尚未定義樣式。 51 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 24. LAN Settings Menu

錯誤! 尚未定義樣式。 52 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 9. LAN Settings Menu Options Option Description Pubic LAN IP IP Address IP address of the Gateway’s private LAN settings. Default IP address is 192.168.0.1. if you change this setting, the Gateway reboots after displaying a message. IP Subnet Mask Subnet mask of the Gateway’s private LAN settings. Default subnet mask is 255.255.255.0. Domain Name Domain name of the Gateway’s private LAN settings. As WAN IP Check this box if you want to use the static public LAN IP address for the WAN IP address. Private LAN IP IP Address IP address of the Gateway’s private LAN settings. Default IP address is 192.168.0.1. if you change this setting, the Gateway reboots after displaying a message. IP Subnet Mask Subnet mask of the Gateway’s private LAN settings. Default subnet mask is 255.255.255.0. Domain Name Domain name of the Gateway’s private LAN settings. Enable DHCP Server Enables or disables the DHCP server to allow automatic allocation of IP addresses to LAN client PCs. • Checked = DHCP server is enabled. (default) • Unchecked = DHCP server is disabled. Lease Time Amount of time a DHCP network user is allowed connection to the Gateway with their current dynamic IP address. Default is One Week. This option is available when Enable DHCP Server is checked. Assign DNS Manually Enables or disables the DHCP server to allow automatic allocation of primary and secondary IP addresses for DSN servers on the LAN. • Checked = use static IP addresses for primary and secondary DNS servers. If checked, enter the IP addresses of the primary and secondary DNS server in the Primary DNS and Secondary DNS fields. • Unchecked = allocate IP addresses for primary and secondary DNS servers automatically. (default) Primary DNS Static IP address of the primary DNS server. This option is available when Assign DNS Manually is checked. Secondary DNS Static IP address of the secondary DNS server. This option is available when Assign DNS Manually is checked. Private IP Address Pool Start IP Starting IP address range for the pool of allocated for private IP addresses. End IP Ending IP address range for the pool of allocated for private IP addresses. PPTP IP Address Pool Start IP Starting IP address range for the pool of allocated for point-to-point tunneling protocol (PPTP) IP addresses. End IP Ending IP address range for the pool of allocated for PPTP IP addresses.

錯誤! 尚未定義樣式。 53 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Ether Switch Port Control Menu By default, the Gateway LAN ports are enabled to auto-negotiate the highest supported speed and appropriate duplex mode. If these settings prevent the Gateway from successfully connecting with other devices, you can use the Ether Switch Port Control menu to configure the Gateway to use fixed speed and duplex settings. The Ether Switch Port Control menu also let you disable the individual LAN ports. For your convenience, each port can be configured independently of the other LAN ports on the Gateway. To access the Ether Switch Control menu, click LAN in the menu bar and then click the Ether Switch Control submenu in the menu bar. Figure 25 shows an example of the menu. Figure 25. Ether Switch Port Control Menu

錯誤! 尚未定義樣式。 54 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual The following procedure describes how to change the settings in the Ether Switch Port Control menu. 1. To change a port from auto-negotiation to a fixed speed and duplex setting: a. Uncheck the Auto check box for the port. b. Under Speed (10/100/1000), click the radio that corresponds to the fixed speed you want to use for that port. c. Under the Mode H/F column, leave the check mark for full-duplex mode or uncheck it for half-duplex mode. 2. To disable a port, regardless of the auto-negotiation and duplex settings, uncheck Enable for the port. 3. Click Apply. LAN Access Control Menu Using the LAN Access Control menu, you can: y Allow all EtherLAN client stations to access the Internet through the Gateway. This is the default setting. y Allow certain trusted EtherLAN client stations to access the Internet through the Gateway. You use the add up to 16 trusted clients. y Deny certain trusted EtherLAN client stations from accessing the Internet through the Gateway. You use the add up to 16 untrusted clients. To access the LAN Access Control menu, click LAN in the menu bar and then click the Ether Access Control submenu in the menu bar. Figure 26 shows an example of the menu.

錯誤! 尚未定義樣式。 55 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 26. LAN Access Control Menu

錯誤! 尚未定義樣式。 56 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Controlling LAN Access By default, All EtherLAN LAN stations is selected at the top of the menu. This setting allows all client stations to access the Internet through the Gateway. To restrict LAN access, click one of the following radio buttons and click Apply: y Trusted PC List = restricts Internet access through the Gateway to client stations in the Lan Trusted Table. To add client station to this table, see “Adding and Deleting Trusted Client Stations”, below. y Untrusted PC list = prevents client stations in the Lan Untrusted Table from accessing the Internet through the Gateway. To add client stations to this table, see “Adding and Deleting Untrusted Client Stations” on page 57. Adding and Deleting Trusted Client Stations To restrict Internet access through the Gateway to certain trusted EtherLAN client stations, define the client stations as trusted clients. Using this procedure you can define up to 16 trusted client stations. 1. Click Trusted PC list at the top of the menu. 2. To add client stations that the Gateway automatically learned on the network, perform the following steps under Auto-Learned Lan Devices: a. Click a client station that the Gateway learned automatically. b. Under Trusted?, click Y. c. Click Add. The client station is added to the Lan Trusted Table. d. To add more auto-learned client stations (up to 16), repeat steps 2a through 2c. 3. To manually add trusted client stations, perform the following steps under Manually-Added Lan Devices: a. Under Device Name, enter a name for the device. b. Under MAC Address, enter the MAC address of the device. c. Under Trusted?, click Y. d. Click Add to add the client station to the Lan Trusted Table. e. To manually add more client stations (up to 16), repeat steps 3a through 3d.

錯誤! 尚未定義樣式。 57 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 4. To delete client stations from the Lan Trusted Table, click the radio button corresponding to the client station you want to delete and click the Delete button. A precautionary message does not appear before deleting a client station. 5. To enforce this policy, click Trusted PC list at the top of the menu. 6. When you finish, click Apply. Adding and Deleting Untrusted Client Stations To prevent certain trusted EtherLAN client stations from accessing the Internet through the Gateway, define the client stations as untrusted clients. Using this procedure you can define up to 16 untrusted client stations 1. Click Untrusted PC list at the top of the menu. 2. To add client stations that the Gateway automatically learned on the network, perform the following steps under Auto-Learned Lan Devices: a. Click a client station that the Gateway learned automatically. b. Under Trusted?, click N. c. Click Add to add the client station to the Lan Untrusted Table. d. To add more auto-learned client stations, repeat steps 2a through 2c. 3. To manually add client stations, perform the following steps under Manually-Added Lan Devices: a. Under Device Name, enter the name of the device. b. Under MAC Address, enter the MAC address of the device. c. Under Trusted?, click N. d. Click Add to add the client station to the Lan Untrusted Table. e. To add more client stations manually, repeat steps 3a through 3d. 4. To delete client stations from the untrusted list, in the Lan Untrusted Table. click the radio button corresponding to the client station you want to delete and click the Delete button. A precautionary message does not appear before deleting an untrusted client station. 5. To enforce this policy, click Untrusted PC list at the top of the menu. 6. When you finish, click Apply.

錯誤! 尚未定義樣式。 58 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Additional Public Lan Menu Using the Additional Public Lan menu, you can add more than one public subnet to the LAN interface. To access the Additional Public Lan menu, click LAN in the menu bar and then click the Additional Public Lan submenu in the menu bar. Figure 27 shows an example of the menu. Figure 27. Additional Public Lan Menu

錯誤! 尚未定義樣式。 59 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Public Subnets Using the following procedure, you can add up to 5 public subnets to the LAN interface. 1. In the Additional Pubic LAN menu, click the Add button The Adding Public Lan menu in Figure 28 appears. Figure 28. Adding Public Lan Menu 2. In the IP Address row, enter the IP address for the new public subnet. 3. In the Subnet Mask row, add the subnet mask for the new public subnet. 4. Click Apply to add the IP address and subnet. (Or click Back to return to the previous menu or Cancel to cancel the operation .) If you clicked Apply, the IP address and subnet mask are added to the Additional Public Lan Table. 5. By default the IP address and subnet you specified are active. To make then inactive, uncheck the check box below Active. 6. Click Apply in the Additional Public Lan menu to save your settings. 7. To add more public subnets (up to 5), repeat steps 1 through 6.

錯誤! 尚未定義樣式。 60 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 8. To change the settings for a subnet, click the radio button to the left of the subnet you want to change and click the Edit button. When the Adding Public Lan menu appears, edit the IP address and subnet mask as necessary and click Apply. Click Apply in the Additional Public Lan menu to save your settings. 9. To delete a subnet, click the radio button to the left of the subnet you want to delete and click the Delete button. No precautionary message appears before you delete a subnet. Click Apply in the Additional Public Lan menu to save your settings. Public IP Access Control Menu Using the Public IP Access Control menu, you can block specific pubic IP addresses from accessing the Internet. To access the Public IP Access Control, click LAN in the menu bar and then click the Public IP Access Control submenu in the menu bar. Figure 29 shows an example of the menu and Table 10 describes the settings you can select. Figure 29. Public IP Access Control Menu

錯誤! 尚未定義樣式。 61 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 10. Public IP Access Control Menu Options Option Description Enable Public IP Access Control Check this check box to make the fields on this page available. Single Address / Address Range From the first drop-down list, select whether you want to block a single IP address or a range of IP addresses. • If you select Single Address, type the four octets of the IP address you want to block. The second set of four fields in unavailable. • If you select Address Range, in the first four fields, type the first four octets of the IP address in the starting IP address range you want to block. In the last four fields, type the last four octets of the IP address in the ending IP address you want to block. The IP address or address range appears in the Deny IP Addresses list. Delete To remove an IP address or address range from the Deny IP Addresses list, click the IP address or address range and click Delete.

錯誤! 尚未定義樣式。 62 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual QoS Settings Menu Quality of Service (QoS) refers to a collection of techniques for identifying data whose delivery across the network is time sensitive, and managing its delivery through both bandwidth allocation and prioritization schemes Using the QoS Settings menu, you can enable the Gateway’s QoS module to provide guarantees on the ability of the network to deliver predictable results. To access the QoS menu, click QOS in the menu bar. Figure 30 shows an example of the menu. By default, QoS is enabled. To enable the Gateway’s QoS module, check Enable QOS Module and click Apply. To disable the Gateway’s QoS module, uncheck Enable QOS Module and click Apply. If you enable the Gateway’s QoS module, the following submenus appear under QOS in the menu bar: y Port - lets you configure the priority queue to which the switch port is mapped. See page 64. y COS - lets you define four queues to which the CoS is mapped. See page 65. y DSCP - lets you define the QoS class queue to which the customized DSCP is mapped. See page 67. y Queue - lets you specify whether QoS behavior runs with strict or weighted priority. See page 69. y DSCP Remarking - lets you define the DSCP remarking action and mode. See page 71.

錯誤! 尚未定義樣式。 63 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 30. QoS Settings Menu

錯誤! 尚未定義樣式。 64 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Port Based QoS Menu The Port Based QoS menu lets you prioritize performance of the four Gateway LAN ports. To access the Port Based QoS menu, click QOS in the menu bar and then click the Port submenu in the menu bar. Figure 31 shows an example of the menu. Note: The Port submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 62). Figure 31. Port Based QoS Menu To define port-based QoS settings: 1. Check Enable Port Based QOS. 2. For each port, select a priority queue number from 0 to 3. Higher priority values are evaluated as being of higher importance than lower priority values. 3. Click Apply.

錯誤! 尚未定義樣式。 65 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual CoS Settings Menu Given that there will always be points in the network where multiple traffic streams merge or where network links will change speed and capacity, it is important to move traffic on the basis of relative importance. Without CoS prioritization, less important traffic can consume network bandwidth and slow down or halt the delivery of more important traffic. For example, without CoS, most traffic received by the Gateway is forwarded with the same priority it had upon entering the Gateway. In many cases, such traffic is ‘‘normal’’ priority and competes for bandwidth with all other normal-priority traffic, regardless of its relative importance to your requirements. CoS helps to keep the most important network traffic moving at an acceptable speed, regardless of current bandwidth usage. This means you can manage available bandwidth so that the switch transmits the most important traffic first. The CoS Settings menu lets you configure a CoS priority of 0 through 7 for an outbound packet. When the packet is then sent to a port, the CoS priority determines which outbound queue the packet uses. After configuring CoS priority for outbound packets, use this menu to map the classes of service to the Gateway’s four ports. To access the CoS Settings menu, click QOS in the menu bar and then click the CoS submenu in the menu bar. Figure 32 shows an example of the menu. Note: The COS submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 62).

錯誤! 尚未定義樣式。 66 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 32. CoS Settings Menu To define CoS settings: 1. Check Enable QoS Class based on CoS. 2. For each class of service, assign a queue number from 0 to 3. Higher priority values are evaluated as being of higher importance than lower priority values. 3. Under Port Default CoS, map the Gateway’s four ports to the classes of service you defined in the previous step. y CoS setting from 0 to 3 = normal priority. Packets in this queue leave the port after the high-priority queue is emptied. y CoS setting from 4 to 7 = high priority. Packets in this queue leave the port first. 4. Click Apply.

錯誤! 尚未定義樣式。 67 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual DSCP Based QoS Menu The DSCP Based QoS menu lets you classify and prioritize traffic using DSCP tags. DSCP allows the Gateway to determine how traffic classes should be prioritized. Using the DSCP Based QoS menu, you can use DSCP to provide different levels of service to conforming and non-conforming traffic by appropriately selecting the DSCP values in this menu. The Gateway uses the Hierarchical Token Bucket queuing algorithm, which divides the 64 possible DSCP code values into 8 queues. Table 11 shows the actual queuing. Table 11. Queuing for DSCP-Based QoS Name Precedence DSCP Range Priority Routing (default) 000 (0) 000000(0) – 000111 (7) 8 Priority 001 (1) 001000 (8) – 001111 (15) 7 Immediate 010 (2) 010000 (16) – 010111 (23) 6 Flash 011 (3) 011000 (24) – 011111 (31) 5 Flash Override 100 (4) 100000 (32) – 100111 (39) 4 Critical 101 (5) 101000 (40) – 101111 (47) 3 Internetwork Control 110 (6) 111000 (48) – 110111 (55) 2 Network Control 111 (7) 111000 (56) – 111111 (63 1 To access the DSCP Based QoS menu, click QOS in the menu bar and then click the DSCP submenu in the menu bar. Figure 33 shows an example of the menu. Note: The DSCP submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 62).

錯誤! 尚未定義樣式。 68 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 33. DSCP Based QoS Menu To define DSCP-based QoS settings: 1. Check Enable DSCP Based QoS. 2. For each index, select a DSCP value from 0 to 63. 3. Under Queue, select a queue (from 0 to 3) you want to map to this DSCP value. Higher priority values are evaluated as being of higher importance than lower priority values. 4. To define DSCP-based QoS values for other queues, repeat steps 2 and 3. 5. Click Apply.

錯誤! 尚未定義樣式。 69 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Queue Settings Menu The Queue Settings menu lets you configure QoS behavior as either strict priority or weighted priority. y Strict priority – allows delay-sensitive data such as voice to be sent before packets in other queues. y Weighted priority – lets you assign each queue with a certain weight indicating the amount of guaranteed capacity, with high priority packets served before any low priority packets. To access the Queue Settings menu, click QOS in the menu bar and then click the Queue submenu in the menu bar. Figure 34 shows an example of the menu. Note: The Queue submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 62). Figure 34. Queue Settings Menu

錯誤! 尚未定義樣式。 70 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual By default, the Gateway uses strict priority. To change to weighted priority: 1. For Queue Type, select Weighted Priority. The options in Figure 35 appear. Figure 35. Weighted Priority Options 2. For Weight Base, select a queue weight to ensure that some sets of queues get higher thresholds than others. Queue weight directs the Gateway to set the queue thresholds proportionately. Choices are 8 or 10. Queues with a weight of 10 are longer than those with a queue weight of 8. 3. For each Gateway queue, select a weight. Each weight corresponds to a percentage of consumed bandwidth, as shown in the % of Bandwidth column. 4. When you finish, click Apply.

錯誤! 尚未定義樣式。 71 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual DSCP Remarking Menu The DSCP Remarking menu lets you configure the Gateway’s DSCP remarking mode and actions. To access the Queue Settings menu, click QOS in the menu bar and then click the DSCP Remarking submenu in the menu bar. Figure 36 shows an example of the menu. Note: The DSCP Remarking submenu is not available in the menu bar if Enable QOS Module is not checked in the QoS Settings menu (see page 62). Figure 36. DSCP Remarking Menu

錯誤! 尚未定義樣式。 72 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual To configure DSCP remarking settings: 1. Check Enable DSCP Remarking. 2. Complete the options in the menu and refer to Table 12. 3. When you finish, click Apply. Table 12. DSCP Remarking Options Option Description Dscp remarking mode Lets you select the DSCP remarking mode that the Gateway is to use. Choices are: • Map frame priority to AF code points = select this option for Quality of Service configurations that use assured forwarding (AF) code points to mark packets. AF guarantees a certain amount of bandwidth to an AF class and allows access to extra bandwidth, if available. (default) • Map frame priority to CS code points = select this option for Quality of Service configurations that use class selector (CS) code points to mark packets. CS provides code points that can be used for backward compatibility with IP Precedence. IP Precedence is a legacy technology that the Gateway supports for backwards compatibility. Request a remarking action when DSCP equals one of the following CPs Expedited Forwarding Code Point Expedited forwarding provides a low-loss, low-latency, low-jitter, and assured bandwidth service. Applications such as VoIP, video, and other time sensitive applications require a robust network treatment like expedited forwarding. When checked, the Gateway requests a remarking action if DSCP equals an expedited forwarding code point. By default, this option is not checked. Assured Forwarding Code Points Assured forwarding defines a method by which packets can be given different forwarding assurances. Traffic can be divided into different classes and then each class given a certain percentage of bandwidth. For example, one class could have 50% of the available link bandwidth, another class could have 30%, and another 20% of the bandwidth. When checked, the Gateway requests a remarking action if DSCP equals an assured forwarding code point. By default, this option is not checked. Class Selector Code Points Class Selector code points are code points that can be used for backward compatibility with IP Precedence models. When checked, lets the Gateway request a remarking action if DSCP equals a class selector code point. By default, this option is checked, but does not take effect until the OSPF Status changes to ENABLE. Zero When checked, lets the Gateway request a remarking action if DSCP equals zero. By default, this option is checked, but does not take effect until the OSPF Status changes to ENABLE. Others When checked, lets the Gateway request a remarking action if DSCP equals a non-zero value. By default, this option is checked, but does not take effect until the OSPF Status changes to ENABLE.

錯誤! 尚未定義樣式。 73 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Routing Menus The Routing menu provides the following submenus for configuring Gateway routing: y Static routes – lets you manually add static routes to create specific paths to desired destinations. See page 73. y RIP control – lets you select how the Gateway adjusts to physical changes in the network’s layout and exchange routing tables with other routers. See page 75. y OSPF control – lets you control how the Gateway works with the OSPF protocol. See page 79. Static Routes Menu A static route is a pre-determined pathway that network information must travel to reach a specific host or network. Using the Static Routes menu, you can manually add static routes to create specific paths to desired destinations. To access the Static Routes menu, click Routing in the menu bar and then click the Static Routes submenu. Figure 37 shows an example of the menu. Figure 37. Static Routes Menu

錯誤! 尚未定義樣式。 74 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the Static Routes menu, you can add up to eight static routes, containing different networks and subnets, to routers connected to the Gateway. The following example describes how to configure a static route For example, assume that a router called SMC is connected to the Gateway with subnet address 111.222.33.0 attached to it. Also, assume that the router’s IP address in the Gateway subnet is 192.168.100.33. In this example, you can add a static route named SMC, with a destination IP address of 111.222.33.0, a subnet mask of 255.255.255.0, and a gateway IP address of 192.168.100.33. Adding Static Routes To add static routes: 1. In the Static Routes menu, click Add. The Add Static Routes menu in Figure 38 appears. Figure 38 Add Static Routes Menu 2. Complete the fields in the Add Static Routes menu (see Table 18). 3. Click Apply. (Or click Back to return to the Static Routes menu or Cancel to cancel any selections you made.) If you clicked Apply, the static route is added to the Static Routing Table. 4. To define additional static routes (up to eight), repeat steps 1 through 3. 5. To change the settings for a static route, click the radio button to the left of the static route you want to change and click the Edit button. When the Add Static Routes menu appears, edit the settings as necessary (see Table 18) and click Apply.

錯誤! 尚未定義樣式。 75 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 6. To delete a static route, click the radio button to the left of the static route you want to delete and click the Delete button. No precautionary message appears before you delete a static route. Table 13. Add Static Routes Menu Options Option Description Name Name used to identify the route. Destination IP IP address of the destination network. Subnet Mask Subnet mask of the destination network. The subnet mask determines which part of the Destination IP address is the network portion and which part is the host portion. Gateway IP Locally assigned IP address on the Gateway that allows contact between the Gateway and the remote network or host. RIP Control Menu RIP sends routing-update messages at regular intervals. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send. In general, when a router sends a routing update, the following authentication sequence occurs 1. A router sends a routing update with a key and the corresponding key number to the neighbor router. 2. The receiving (neighbor) router checks the received key against the same key stored in its own memory. 3. If the two keys match, the receiving router accepts the routing update packet. If the two keys do not match, it rejects the routing update packet. Using the RIP Control menu, you can configure the way how the Gateway adjusts to physical changes in the network’s layout and exchange routing tables with other routers. To access the RIP Control menu, click Routing in the menu bar and then click the RIP Control submenu. Figure 46 shows an example of the menu and Table 21 describes the options.

錯誤! 尚未定義樣式。 76 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 39. RIP Control Menu

錯誤! 尚未定義樣式。 77 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 14. RIP Control Menu Options Option Description WPS Summary Interface Name Select the name of the interface. Choices are • Cable (default) • CPE RIP Send Version Select the format and the broadcasting method of the RIP packets that the Gateway sends. Choices are: • Do Not Send (default) • RIP1 • RIP2 • RIP1/2 Your selection should match the version supported by other routers on your network. RIP Receive Version Select the format and the broadcasting method of the RIP packets that the Gateway receives. Choices are: • Do Not Receive (default) • RIP1 • RIP2 • RIP1/2 Your selection should match the version supported by other routers on your network. Update Interval How often, in seconds, the Gateway sends routing-update messages. Default is 30 seconds. Default Metric Number by which the metric value for the path increases when the Gateway receives a routing update that includes changes to an entry. Choices are 1 – 15. Default is 1. Authentication Type The authentication mechanism used, if any. Choices are: • No Authentication = no authentication is used. If you keep this default setting, the Authentication Key & ID fields are gray and unavailable. (default) • Simple Password = an authentication method where a clear text password is sent to participating neighbors on the network. This selection sends the authenticating password over the network, possible making it available to individuals who can access packets off the network. Do not use this option as part of your security strategy, Rather, use it to avoid accidental changes to the routing infrastructure. If you select this setting, the first field in the Authentication Key & ID option becomes available for entering the password. • MD5 = an authentication method that works much like Simple Password authentication, except that MD5 does not send the key over the network. Instead, a router uses the MD5 algorithm to produce a message digest of the key (also called a hash). The router sends the message digest instead of the key itself, which ensures that no one can eavesdrop on the network and learn keys during transmission. If you select this setting, the first field in the Authentication Key & ID option becomes available for entering the key and the second field becomes available for entering the ID. Authentication Key & ID Specify the appropriate information based on the Authentication Type selected: • No Authentication – no entry required; fields are gray and unavailable. (default) • Simple Password = in the first field, enter the clear-text password to be used for authentication. The second field requires no entry, and is gray and unavailable. • MD5 = in the first field, enter the MD5-hash password. In the second field, enter the Key Identifier that identifies the key used to create the authentication data for this message.

錯誤! 尚未定義樣式。 78 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Neighbor Enter the IP address of the Gateway’s RIP neighbor router.

錯誤! 尚未定義樣式。 79 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual OSPF Control Menu OSPF is a router protocol used in larger autonomous system networks in preference to RIP, an older routing protocol that is installed in many of today's corporate networks. Using OSPF, a host that obtains a change to a routing table or detects a change in the network immediately multicasts the information to all other hosts in the network, so that all have the same routing table information. Unlike RIP, in which the entire routing table is sent, the host using OSPF sends only the part that has changed. With RIP, the routing table is sent to a neighbor host at a pre-determined interval. OSPF multicasts the updated information only when a change has taken place. Using the OSPF Control menu, you can control how the Gateway uses OSPF. You can also add more than one OSPF area to the cable interface. To access the OSPF Control menu, click Routing in the menu bar and then click the OSPF Control submenu. Figure 40 shows an example of the menu and Table 15 describes the options. Figure 40. OSPF Control Menu

錯誤! 尚未定義樣式。 80 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 15. OSPF Control Menu Options Option Description Interface Name A read-only field that shows the name of the interface. OSPF Status Enables or disables OSPF. • ENABLE = OSPF is enabled and the remaining fields on this menu, except Interface Name, become available. • DISABLE = OSPF is disabled. (default) Network Type The type of network on which OSPF will be used if OSPF is enabled. Choices are: • Broadcast = broadcast network. (default) • Not Broadcast = not broadcast network. • Point-to-Multipoint = point-to-multipoint network. • Point-to-Point = point-to-point network. Router Dead Interval Interval, in seconds, during which at least one hello packet must be received from a neighbor before the Gateway declares that a neighbor is down. Default is 40 seconds. Interface Cost Cost of sending a packet on an OSPF interface. Range is 1 – 65535. Default is 1. Authentication Type The authentication mechanism used, if any. Choices are: • No Authentication – no authentication is used. If you keep this default setting, the Authentication Key & ID fields are gray and unavailable. (default) • Simple Password = an authentication method where a clear text password is sent to participating neighbors on the network. This selection sends the authenticating password over the network, possible making it available to individuals who can access packets off the network. Do not use this option as part of your security strategy, Rather, use it to avoid accidental changes to the routing infrastructure. If you select this setting, the first field in the Authentication Key & ID option becomes available for entering the password. • MD5 = an authentication method that works much like Simple Password authentication, except that MD5 does not send the key over the network. Instead, a router uses the MD5 algorithm to produce a message digest of the key (also called a hash). The router sends the message digest instead of the key itself, which ensures that no one can eavesdrop on the network and learn keys during transmission. If you select this setting, the first field in the Authentication Key & ID option becomes available for entering the key and the second field becomes available for entering the ID. Authentication Key & ID Specify the appropriate information based on the Authentication Type selected: • No Authentication – no entry required; fields are gray and unavailable. (default) • Simple Password = in the first field, enter the clear-text password to be used for authentication. The second field requires no entry, and is gray and unavailable. • MD5 = in the first field, enter the MD5-hash password. In the second field, enter the Key Identifier that identifies the key used to create the authentication data for this message. Area ID for Cable OSPF supports two-level hierarchical routing by using OSPF areas. This approach allows the routing table size, memory and CPU demands to be kept to a manageable levels. Each area is identified by 32-bit Area ID. This field allows the Gateway to associate packets to the appropriate OSPF area.

錯誤! 尚未定義樣式。 81 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding OSPF Areas to the Cable Interface To add OSPF areas to the cable interface: 1. In the OSPF Control menu, be sure OSPF Status is set to ENABLE. Otherwise, you will not be able to add OSPF areas to the cable interface. 2. Click the Add button below the Additional OSPF area Table. The Adding OSPF Area menu appears (see Figure 41). 3. Complete the fields in the Adding OSPF Area menu (see Table 16). 4. Click Apply. (Or click Back to return to the OSPF Control menu or Cancel to cancel any selections you made.) If you clicked Apply, the OSPF area is added to the Additional OSPF area Table. 5. To configure additional OSPF area (up to 5), repeat steps 1 through 4. When you finish, click Apply in the OSPF Control menu to save your settings. 6. To change the settings for an OSPF area, click the radio button to the left of the OSPF area you want to change and click the Edit button. When the Adding OSPF Area menu appears, edit the settings as necessary (see Table 16) and click Apply. 7. To delete a predefined service, click the radio button to the left of the OSPF area you want to delete and click the Delete button. No precautionary message appears before you delete an OSPF area. 8. Click Apply on the OSPF Control menu.

錯誤! 尚未定義樣式。 82 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 41. Adding OSPF Area Menu Table 16. Adding OSPF Area Menu Options Option Description Area ID Area ID associated with the OSPF interface. IP Address IP address associated with the OSPF interface. Subnet Mask Subnet mask associated with the OSPF interface. Default Cost for Area Cost for sending a packet on the OSPF interface.

錯誤! 尚未定義樣式。 83 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Wireless Basic Settings Menu The Wireless Basic Settings menu lets you configure basic wireless settings, such as: y Enabling or disabling the Gateway’s wireless operation y Selecting a wireless mode y Configuring primary and multiple SSIDs y Configuring channel settings To access the Wireless Basic Settings menu, click Wireless in the menu bar. Figure 42 shows an example of the menu and Table 17 describes the settings you can select. Figure 42. Wireless Basic Settings Menu

錯誤! 尚未定義樣式。 84 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 17. Wireless Basic Settings Menu Options Option Description Wireless ON/OFF Enables or disables the Gateway’s wireless operation. • ENABLE = Gateway’s wireless operation is active. Selecting this option activates the options in this menu. Clicking Apply displays the submenus below the Wireless menu. • DISABLE = Gateway’s wireless operation is not active. Selecting this option deactivates the options in this menu. Clicking Apply hides the submenus below the Wireless menu. (default) Wireless Mode If wireless operation is enabled for the Gateway, this option selects the wireless mode used by the Gateway. Choices are: • 11B/G Mixed = use this setting if you have a combination of IEEE 802.11b and IEEE 802.11g devices on your network. • 11B Only = use this setting if you have only IEEE 802.11b devices on your network or want to limit your network to IEEE 802.11b devices. • 11G Only = use this setting if you have only IEEE 802.11g devices on your network or want to limit your network to IEEE 802.11g devices. • 11N Only = use this setting if you have only IEEE 802.11n devices on your network or want to limit your network to IEEE 802.11n devices. • 11G/N Mixed = use this setting if you have a combination of IEEE 802.11g and IEEE 802.11n devices on your network. • 11B/G/N Mixed = use this setting if you have a combination of IEEE 802.11b, IEEE 802.11g, and IEEE 802.11n devices on your network. (default) Primary/Multiple SSID settings SSID is the network name shared among all devices in a wireless network. The SSID must be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32 alpha-numeric characters, which may be any keyboard character. Be sure these settings are the same for all devices in your wireless network. You can set up a primary SSID and seven additional SSIDs, designated Multiple SSID(2) through Multiple SSID(8). Each SSID can be hidden or configured for Wi-Fi Multimedia (WMM) mode. Each SSID, except the primary SSID, can also be configured to be in or out of service. • Hidden = when checked, hides the SSID. Use this setting to block illegal connections. Users cannot reconnect automatically or manually to a wireless network that uses a hidden SSID. The wireless network that uses a hidden SSID does not appear in the Microsoft Windows Wireless Network Connection window. • In-service = when checked, broadcasts the Gateway’s SSID. • WMM Mode = when checked, enables WMM. Enabling WMM can help control latency and jitter when transmitting multimedia content over a wireless connection. Channel Select the appropriate channel from the list provided to correspond with your network settings, between 1 and 11 (in North America). Default is Auto, which selects the appropriate channel automatically. All devices in your wireless network must use the same channel to work properly.

錯誤! 尚未定義樣式。 85 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Wireless Encryption Settings Menu Using the Wireless Encryption Settings menu, you can protect the data transmitted across your wireless network. The same encryption keys you specify here must also be configured on your other wireless client devices on your wireless network. To access the Wireless Encryption Settings menu, click Wireless in the menu bar and then click the Encryption submenu. Figure 43 shows an example of the menu and Table 18 describes the settings you can select. Note: The Encryption submenu is not available in the menu bar if wireless operation is disabled in the Wireless Basic Settings menu (see page 83). Figure 43. Wireless Encryption Settings Menu

錯誤! 尚未定義樣式。 86 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 18. Wireless Encryption Settings Menu Options Option Description SSID Network name of the primary wireless carrier. This field can be changed by administrators, but not by users. Security Mode Selects the security mode used to protect transmissions across the wireless network. • None = no security is used over the wireless network. • WEP = Wired Equivalency Privacy encryption is used over the wireless network. Select this option if your wireless adapters support WEP but not WPA-Personal. WEP provides basic security, but is not as secure as WPA-Personal. If you select WEP, select the options in Figure 44 and Table 19. • WPA-Personal = select this option if your wireless adapters support WPA-Personal. This encryption method is superior to WEP and offers two cipher types, TKIP and AES, with dynamic encryption keys. If you select WPA-Personal, select the options in • Figure 45 and Table 20. (default)

錯誤! 尚未定義樣式。 87 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 44. WEP Options

錯誤! 尚未定義樣式。 88 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 19. WEP Options Option Description WEP Key Length Level of WEP encryption applied to all WEP keys. Choices are 64-bit (10 hex digits) and 128-bit (26 hex digits). WEP Key 1 – WEP Key 4 Fields for entering up to four WEP keys manually. Alternatively, you can click the Generate Keys button to generate these keys automatically. Default WEP Key Specifies which of the four WEP keys the Gateway is to use as its default. Authentication Authentication used. Choices are: • Open System = clients can only associate to the wireless access point using Open Option. (default) • Shared Key = all wireless stations share the same secret key. • Automatic = clients can associate to the wireless access point using Open System or Shared Key. Passphrase A sequence of words or text that can be used to automatically generate WEP keys. A passphrase can consist of from 8 to 63 ASCII characters. You can use upper-case, lower-case, and numeric characters to from your passphrase. A Generate Keys button next to this field lets the Gateway generate a passphrase based on the characters typed in this field. Figure 45. WPA_Personal Options

錯誤! 尚未定義樣式。 89 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 20. WPA_Personal Options Option Description WPA Mode Lets administrators select the WPA mode they want to use. Choices are: • WPA-PSK = select this setting if your access points and wireless clients support WPA-Pre-Shared Key (PSK) Authentication. • WPA2-PSK = select this setting if your access points and wireless clients support WPA2-PSK Authentication. • Auto (WPA-PSK or PWA2-PSK) = select this setting if your access points and wireless clients support either WPA-PSK or WPA2-PSK. (default) Cipher type Algorithm encryption to be used. Choices are: • TKIP = automatic encryption with WPA-PSK; requires pre-shared key. • AES = automatic encryption with WPA2-PSK; requires pre-shared key. • TKIP and AES = uses both TKIP and AES cipher types; requires pre-shared key. (default) Group Key Update Interval Number of seconds that instructs the Gateway how often it should change the encryption keys. Usually the security level is higher if you set the period shorter to change encryption keys more often. Default value is 3600 seconds (6 minutes). Type 0 to disable group key update interval. Pre-shared Key Shared secret between the Gateway and access points and wireless clients. Please check whether a default pre-shared key is required. Pre-Authentication Enables secure fast roaming, without noticeable signal latency. By default, this option is disabled. WPS Setup Using the WPS Setup menu, you can enable or disable WPS. WPS is a standard for easy and secure wireless network set up and connections. The advantages of WPS are: y WPS automatically configures the network name (SSID) and WPA security key for the Gateway and for the access point and wireless devices that join the network. y You do not need to know the network name and security keys or passphrases to use WPS to join a wireless network. y No one can guess your security keys or passphrase because they are generated randomly. y WPS uses the Extensible Authentication Protocol (EAP), which is a strong authentication protocol used in WPA2. The disadvantages of WPS are: y Unless all the Wi-Fi devices on the network are WPS-compatible, you cannot take advantage of the ease of securing the network. y Not all wireless equipment supports WPS.

錯誤! 尚未定義樣式。 90 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual y If your wireless devices do not support WPS, it can be hard to join a network that was set up with WPS because the wireless network name and security key are random sequences of letters and numbers. To access the WPS Setup menu, click Wireless in the menu bar and then click the WPS submenu. Figure 46 shows an example of the menu. Using the WPS Config drop-down list, select the appropriate option to enable or disable WPS setup. Figure 46. WPS Setup Menu

錯誤! 尚未定義樣式。 91 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual By default, WPS is disabled. If you select ENABLE and click Apply, the options in Figure 47 are displayed. Table 21 describes the options shown. Figure 47. WPS Setup Menu with WPS Config Enabled

錯誤! 尚未定義樣式。 92 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 21. WPS Summary and WPS Progress Options Option Description WPS Config Enables or disables the Gateway’s WPS setup. • ENABLE = Gateway’s WPS setup is available. (default) • DISABLE = Gateway’s WPS setup is unavailable. WPS Summary WPS Current Status A read-only field that shows whether WPS is currently being used. WPS Configured A read-only field that whether WPS has been configured. AP PIN A read-only field that shows the personal identification number (PIN) for the access point. WPS Progress WPS mode Determines whether WPS can be configured using a PIN or the WPS button on the front panel of the Gateway. • PIN = requires users to enter a PIN in the WPS Setup menu to configure WPS. • PBC = Push Button Configuration. Allows users to use the WPS button on the front panel of the Gateway to configure WPS. WPS PIN If PIN was selected for WPS mode, enter the PIN that users must enter to enable WPS. The PIN must be 8 alpha-numeric characters long.

錯誤! 尚未定義樣式。 93 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual MAC Filtering The MAC Filtering menu allows wireless client stations to connect over a wireless connection in two ways: y By allowing all wireless station access. y By allowing only trusted PCs. To access the MAC Filtering menu, click Wireless in the menu bar and then click the MAC Filtering submenu. Figure 48 shows an example of the menu and Table 22 describes the settings you can select. Note: The MAC Filtering submenu is not available in the menu bar if wireless operation is disabled in the Wireless Basic Settings menu (see page 83).

錯誤! 尚未定義樣式。 94 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 48. MAC Filtering Menu

錯誤! 尚未定義樣式。 95 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 22. MAC Filtering Options Option Description SSID Network name of the primary wireless carrier. MAC Filtering Mode Determines which wireless client stations can connect to the Gateway. The choices are: • Allow- All = all wireless client stations can connect to the Gateway. (default) • Allow = allow only the wireless client stations in the MAC filter table to connect to the Gateway. • Deny = no wireless client stations can connect to the Gateway. Wireless Control List Shows the device name and MAC address of up to 16 devices that you manually added to the MAC filter table. To delete a device, click the radio button to the left of the device you want to delete and click the Delete button. A precautionary message does not appear before deleting the MAC address, so be sure you do not need the MAC address before deleting it. Auto-Learned Wireless Devices Shows the wireless devices whose presence the Gateway has automatically learned. Manually-Added Wireless Devices Enter a unique name and MAC address of the wireless devices that you want to manually add to the Wireless Control List (MAC filter table). Click Add to add the device to the Wireless Control List. Adding and Deleting Wireless Client Stations To allow wireless client stations to access the Internet through the Gateway, use the following procedure to define up to 16 wireless client stations. 1. To add wireless client stations that the Gateway automatically learned on the network, perform the following steps under Auto-Learned Lan Devices: a. Click a wireless client station that the Gateway learned automatically. b. Click Add. The wireless client station is added to the Wireless Control List. c. To add more auto-learned wireless client stations (up to 16), repeat steps 1a and 1b. 2. To manually add wireless client stations, perform the following steps under Manually-Added Wireless Devices: a. Under Device Name, enter a unique name for the device (that is, a name that does not already appear in the Wireless Control List). b. Under MAC Address, enter the MAC address of the device. c. Click Add to add the wireless client station to the Wireless Control List. d. To manually add more wireless client stations (up to 16), repeat steps 2a through 2c. 3. To delete wireless client stations from the Wireless Control List, click the radio button corresponding to the wireless client station you want to delete and click the Delete button. A precautionary message does not appear before deleting a wireless client station. 4. When you finish, click Apply.

錯誤! 尚未定義樣式。 96 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Advanced Wireless Settings Menu Using the Advanced Wireless Settings Filtering menu, you can configure advanced wireless settings for the Gateway. To access the Advanced Wireless Settings menu, click Wireless in the menu bar and then click the Advanced Wireless Settings submenu. Figure 49 shows an example of the menu and Table 23 describes the settings you can select. Note: The Advanced Wireless Settings submenu is not available in the menu bar if wireless operation is disabled in the Wireless Basic Settings menu (see page 83).

錯誤! 尚未定義樣式。 97 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 49. Wireless Advanced Settings Menu

錯誤! 尚未定義樣式。 98 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 23. Wireless Advanced Settings Options Option Description BG Protection Mode This mode is a protection mechanism that prevents collisions among 802.11b/g modes. Choices are: • Auto = BG protection mode goes on or off automatically as needed. • Always-On = BG protection mode is always on. • Always-Off = BG protection mode is always off. (default) IGMP Snooping Enables or disables the Gateway from forwarding multicast traffic intelligently. • Enable = Gateway listens to IGMP membership reports, queries, and leave messages to identify the Gateway ports that are members of multicast groups. Multicast traffic will only be forwarded to ports identified as members of the specific multicast group or groups. • Disable = Gateway does not analyze all IGMP packets. (default) WMM Configuration Displays a screen for selecting WMM settings for your wireless access point(s). HT Physical Mode Operating Mode Lets you select between Mixed Mode and Green Field. • Mixed Mode = provides backward compatibility with IEEE 802.11n/a/g/b devices. (default) • Green Field = used for pure network of 802.11n access points and clients, taking full advantage of the high-throughput capabilities of the 11n MIMO architecture Channel BandWidth Select a channel bandwidth of 20 or 20/40. • 20 = allows only single-channel operation (e.g., 20 MHz). • 20/40 = allows both single channel operation (20 MHz) and the wider bandwidth operation (40 MHz) by using two or more adjacent (contiguous channels). A 20/40 BSS is a wireless network that allows a wider bandwidth operation mode. (default) Guard Interval The guard interval is the period in nanoseconds that the Gateway listens between packets. Choices are: • Long = 800 ns guard interval. • Short = 400 ns guard interval (default) MCS Modulation Coding Scheme (MCS) is a specification of PHY parameters consisting of modulation order (BPSK, QPSK, 16-QAM, 64-QAM) and FEC code rate (1/2, 2/3, 3/4, 5/6). MCS is used in the Gateway to define 32 symmetrical settings. MCS provides for potentially greater throughput. High throughput data rates are a function of MCS, bandwidth, and guard interval. Default is auto. Extension Channel Defines a second 20-MHz channel. 40-MHz stations can use this channel in addition to using the control channel simultaneously. Aggregation MSDU(A_MSDU) Enables or disables aggregation of multiple MSDUs in one MPDU. Default is disable.

錯誤! 尚未定義樣式。 99 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual NAT Settings Using the NAT Settings menu, you can enable the Gateway’s Network Address Translation (NAT) table and allow multiple users at your local site to access the Internet. To access the NAT Settings menu, click NAT in the menu bar. Figure 50 shows an example of the menu. By default, the Gateway’s NAT module is enabled. To disable it, uncheck Enable NAT Module and click Apply. To enable it, check Enable NAT Module and click Apply. If you enable the Gateway’s NAT module, the following submenus appear under NAT in the menu bar: y Port Forwarding - lets you configure the Gateway to provide port-forwarding services that let Internet users access predefined services. See page 96. y 1-to-1 Mapping - lets you use the NAT to perform 1-to-1 mapping between global IP addresses on the cable modem WAN interface and the private IP address on the LAN. See page 102. Note: If you change this setting, the Gateway reboots automatically. Figure 50. NAT Settings Menu

錯誤! 尚未定義樣式。 100 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Port Forwarding Menu The Port Forwarding menu lets you configure the Gateway to provide port-forwarding services that let Internet users access predefined services such as HTTP (80), FTP (20/21), and AIM/ICQ (5190) as well as custom-defined services. You perform port forwarding by redirecting the WAN IP address and the service port to the local IP address and service port. You can configure a maximum of 100 predefined and custom-defined services. To access the Port Forwarding menu, click NAT in the menu bar and then click the Port Forwarding submenu in the menu bar. Figure 51 shows an example of the menu. Figure 51. Port Forwarding Menu

錯誤! 尚未定義樣式。 101 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Predefined Services Using the following procedure, you can select well-known services and specify the LAN host IP address(es) that will provide the service to the Internet. 1. In the Port Forwarding menu, be sure Disable Port Forwarding Function is not checked (unchecked is the default setting). 2. Click the Add button below the Predefined Service Table. The Predefined Service menu appears (see Figure 52). 3. Complete the fields in the Predefined Service menu (see Table 24). 4. Click Apply. (Or click Back to return to the Port Forwarding menu or Cancel to cancel any selections you made.) If you clicked Apply, the predefined service is added to the Predefined Service Table. 5. To configure additional predefined services (up to 100, including customer-defined services), repeat steps 1 through 3. 6. To change the settings for a predefined service, click the radio button to the left of the service you want to change and click the Edit button. When the Predefined Service menu appears, edit the settings as necessary (see Table 24) and click Apply. 7. To delete a predefined service, click the radio button to the left of the service you want to delete and click the Delete button. No precautionary message appears before you delete a predefined service.

錯誤! 尚未定義樣式。 102 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 52. Predefined Service Menu Table 24. Predefined Service Menu Options Option Description Service List of predefined services from which you can choose. LAN Server IP IP address of the LAN PC or server that is running the service. Remote IPs Forwards the service to any remote IP address, one remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field. • If you select a range of remote IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To forward to: • A single remote IP address, enter the remote IP address. • A range of remote IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any remote IP addresses. End IP Enter the ending IP address in the remote IP address range. This field is unavailable if the Gateway is configured for any remote IP addresses or for a single remote IP address.

錯誤! 尚未定義樣式。 103 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Customer-Defined Services Using the following procedure, you can define special application services you want to provide to the Internet. The following example shows how to set port forwarding for a Web server on an Internet connection, where port 80 is blocked from the WAN side, but port 8000 is available. Name: Web Server Type: TCP LAN Server IP: 192.168.0.100 Remote IPs: Any (allow access to any public IP) Public Port: 8000 Private Port: 80 With this configuration, all HTTP (Web) TCP traffic on port 8000 from any IP address on the WAN side is redirected through the firewall to the Internal Server with the IP address 192.168.0.100 on port 80. To create your own customized services: 1. In the Port Forwarding menu, be sure Disable Port Forwarding Function is not checked (unchecked is the default setting). 2. Click the Add button below the Customer Defined Service Table. The Customer Defined Service menu appears (see Figure 53). 3. Complete the fields in the Customer Defined Service menu (see Table 25). 4. Click Apply. (Or click Back to return to the Port Forwarding menu or Cancel to cancel any selections you made.) If you clicked Apply, the customer-defined service is added to the Customer Defined Service Table. 5. To configure additional customer-defined services (up to 100, including predefined services), repeat steps 1 through 3. 6. To change the settings for a customer-defined service, click the radio button to the left of the service you want to change and click the Edit button. When the Customer Defined Service menu appears, edit the settings as necessary (see Table 25) and click Apply. 7. To delete a customer-defined service, click the radio button to the left of the service you want to delete and click the Delete button. No precautionary message appears before you delete a customized service.

錯誤! 尚未定義樣式。 104 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 53. Customer Defined Service Menu

錯誤! 尚未定義樣式。 105 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 25. Customer Defined Service Page Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol. Choices are TCP, UDP, and TCP/UDP. Default is TCP. LAN Server IP IP address of the LAN PC or server that is running the service. Remote IPs Forwards the service to any remote IP address, one remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field. • If you select a range of remote IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To specify: • A single remote IP address, enter the remote IP address. • A range of remote IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any remote IP addresses. End IP Ending IP address in the remote IP address range. This field is unavailable if the Gateway is configured for any remote IP addresses or a single remote IP address. Public IP Ports A single public IP port or a range of public IP ports on which the service is provided. If necessary, contact the application vendor for this information. • If you select a single public port, enter the port number in the Start Public Port field. • If you select a range of public ports, enter the starting port number in the Start Public Port field and the ending port number in the End Public Port field. Start Public Port Starting number of the port on which the service is provided. End Public Port Ending number of the port on which the service is provided. This field is unavailable if the Gateway is configured for a single public IP port. Private Ports Numbers of the ports whose traffic the Gateway forwards to the LAN. If there is a range of ports, enter the starting private port here and check Enable Port Range. The Gateway automatically calculates the end private port. The LAN PC server listens for traffic/data on this port (or these ports).

錯誤! 尚未定義樣式。 106 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 1-to-1 Mapping Menu Using the 1-to-1 Mapping menu, you can use the NAT to perform 1-to-1 mapping between global IP addresses on the cable modem WAN interface and the private IP address on the LAN. To access the 1-to-1 Mapping menu, click NAT in the menu bar and then click the 1-to-1 Mapping submenu. Figure 54 shows an example of the menu. By default, 1-to-1 mapping is disabled. To enable it, uncheck Disable NAT 1-to-1 Mapping Function and click Apply. To disable it, check Disable NAT 1-to-1 Mapping Function and click Apply. Note: The 1-to-1 Mapping submenu is not available in the menu bar if Enable NAT Module is not checked in the NAT Settings menu (see page 91).

錯誤! 尚未定義樣式。 107 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 54. 1-to-1 Mapping Menu If you enable (uncheck) NAT 1-to-1 mapping, use the following procedure to define the mapping between global IP addresses on the cable modem WAN interface and the private IP address on the LAN. 1. In the 1-to-1 Mapping menu, uncheck Disable NAT 1-to-1 Mapping Function if it is selected. 2. Click the Add button below 1-to-1 Mapping Table. The Adding NAT 1-to-1 Mapping Entry menu appears (see Figure 55). 3. Complete the fields in the Predefined Service menu (see Table 26). 4. Click Apply. (Or click Back to return to the 1-to-1 Mapping menu or click Cancel to cancel any selections you made.) If you clicked Apply, the mapping is added to the 1-to-1 Mapping Table. 5. To configure additional mappings, repeat steps 1 through 3. When you finish, click Apply in the 1-to-1 Mapping menu to save your settings. 6. To change the settings for a mapping, click the radio button to the left of the mapping you want to change and click the Edit button. When the Adding NAT 1-to-1 Mapping Entry

錯誤! 尚未定義樣式。 108 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual menu appears, edit the settings as necessary (see Table 26) and click Apply. Click Apply in the 1-to-1 Mapping menu to save your settings. 7. To delete a mapping, click the radio button to the left of the mapping you want to delete and click the Delete button. No precautionary message appears before you delete a mapping. 8. Click Apply in the 1-to-1 Mapping menu to save your settings. Figure 55. Adding NAT 1-to-1 Mapping Entry Table 26. Adding NAT 1-to-1 Mapping Entry Options Option Description WAN start IP Staring range of the IIP addresses on the WAN that are to be mapped. LAN start IP Staring range of the IIP addresses on the LAN that are to be mapped. IP count Count of the IP addresses to be mapped. Default is 1.

錯誤! 尚未定義樣式。 109 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Security Settings (Firewall) Menu The Security Settings (Firewall) menu lets you enable or disable the Gateway’s firewall. If you enable the Gateway firewall module, the following submenus appear in the menu bar: y Configure access control settings ⎯ see page 107 y Configure the Gateway for special applications ⎯ see page 108 y Set up URL blocking ⎯ see page 122 y Schedule routes ⎯ see page 124 y Receive email or syslog alert notifications ⎯ see page 125 y Configure a local client computer as a local DMZ for unrestricted two-way Internet access ⎯ see page 129 Enabling or Disabling Firewall The Security Settings (Firewall) menu provides an option for enabling or disabling the Gateway’s firewall setting. To access the Security Settings (Firewall) menu, click Firewall in the menu bar. Figure 56 shows an example of the menu.

錯誤! 尚未定義樣式。 110 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual By default, the Gateway’s firewall settings are enabled. To disable the firewall, uncheck Enable Firewall Module and click Apply. Disabling the firewall hides the submenus below the Firewall menu. The Security Settings (Firewall) menu also provides an option for enabling or disabling the Session Initiation Protocol (SIP) application-layer gateway service on the Gateway firewall. This option allows SIP signaling requests to traverse directly through the Gateway to the destination device. Figure 56. Security Settings (Firewall) Menu

錯誤! 尚未定義樣式。 111 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Access Control The Access Control menu lets you enable access control to block traffic at the Gateway's LAN interfaces from accessing the Internet. To access the Access Control menu, click Firewall in the menu bar and then click the Access Control submenu in the menu bar. Note: The Access Control submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105). By default, the Gateway does not block attempts to access the LAN from the Internet. To enable access control, check Enable Access Control if it is unchecked and click Apply. When Access Control is enabled, you can configure up to 35 predefined and customer-defined filtering tables. Figure 57. Access Control Menu

錯誤! 尚未定義樣式。 112 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Predefined Access Rules Using the following procedure, you can select a well-known service and specify whether to block all LAN hosts, a single LAN host, or a range of LAN hosts. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Predefined Service Table, click the Add button. The Predefined Access Rules menu appears (see Figure 58). 3. Complete the fields in the Predefined Access Rules menu (see Table 27). 4. Click Apply. (Or click Back to return to the Access Control menu or Cancel to cancel any selections you made.) If you clicked Apply, the rule for the predefined access rule is added to the Predefined Service Table. 5. To configure additional access control rules for predefined services (up to 35, including access rules for customer-defined services), repeat steps 1 through 4. When you finish, click Apply in the Access Control menu to save your settings. 6. To change the rule for a predefined rule, click the radio button to the left of the rule you want to change and click the Edit button. When the Predefined Access Rules menu appears, edit the settings as necessary (see Table 27) and click Apply. Click Apply in the Access Control menu to save your settings. 7. To delete a predefined rule, click the radio button to the left of the rule you want to delete and click the Delete button. No precautionary message appears before you delete a rule. Click Apply in the Access Control menu to save your settings.

錯誤! 尚未定義樣式。 113 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 58. Predefined Access Rules Menu

錯誤! 尚未定義樣式。 114 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 27. Predefined Access Rules Menu Options Option Description Service List of predefined services from which you can choose. Remote IPs Allows access to any remote IP address, one remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field. • If you select a range of remote IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To forward to: • A single remote IP address, enter the remote IP address. • A range of remote IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any remote IP addresses. End IP Enter the ending IP address in the remote IP address range. This field is unavailable if the Gateway is configured for any remote IP addresses or for a single remote IP address. Local IPs Lets you specify any local IP addresses, a single local IP address, or a range of local IP addresses to which the access rule is applied. • If you select one local IP address, enter the IP address in the Start IP field. • If you select a range of local IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To apply the predefined access rule to: • A single local IP address, enter the local IP address. • A range of local IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any local IP addresses. End IP Ending IP address in the local IP address range to which the access rule will be applied. This field is unavailable if the Gateway is configured for any local IP address or a single local IP address.

錯誤! 尚未定義樣式。 115 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Customer-Defined Access Rules Using the following procedure, you can define your own rules regarding the type of traffic allowed from the Internet to the public LAN site. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Customer Defined Service Table, click the Add button. The Customer Defined Access Rules menu appears (see Figure 59). 3. Complete the fields in the Customer Defined Access Rules menu (see Table 28). 4. Click Apply. (Or click Back to return to the Access Control menu or Cancel to cancel any selections you made.) If you clicked Apply, the rule for the customer-defined rule is added to the Customer Defined Service Table. 5. To configure additional access control rules for customer-defined services (up to 35, including access rules for predefined services), repeat steps 1 through 4. When you finish, click Apply in the Access Control menu to save your settings. 6. To change the rule for a customer-defined service, click the radio button to the left of the rule you want to change and click the Edit button. When the Customer-Defined Access Rules menu appears, edit the settings as necessary (see Table 28) and click Apply. Click Apply in the Access Control menu to save your settings. 7. To delete a customer-defined rule, click the radio button to the left of the rule you want to delete and click the Delete button. No precautionary message appears before you delete a rule. Click Apply in the Access Control menu to save your settings.

錯誤! 尚未定義樣式。 116 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 59. Customer Defined Access Rules Menu

錯誤! 尚未定義樣式。 117 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 28. Customer Defined Access Rules Menu Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol you want to access rule. Choices are TCP, UDP, and TCP/UDP. Default is TCP. Remote IPs Lets you apply the access rule to any remote IP addresses, a single remote IP address, or a range of remote IP addresses. • If you select one remote IP address, enter the IP address in the Start IP field. • If you select a range of remote IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To specify: • A single remote IP address, enter the remote IP address. • A range of remote IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any remote IP addresses. End IP Ending IP address in the LAN IP address range to which the access rule will be applied. This field is unavailable if the Gateway is configured for any LAN IP address or a single LAN IP address. Local IPs Lets you specify any local IP addresses, a single local IP address, or a range of local IP addresses to which the access rule is applied. • If you select one local IP address, enter the IP address in the Start IP field. • If you select a range of local IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To apply the predefined access rule to: • A single local IP address, enter the local IP address. • A range of local IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any local IP addresses. End IP Ending IP address in the local IP address range to which the access rule will be applied. This field is unavailable if the Gateway is configured for any local IP address or a single local IP address. From Port Starting port number on which the access rule will be applied. If necessary, contact the application vendor for this information. To Port Ending port number on which the access rule will be applied. If necessary, contact the application vendor for this information.

錯誤! 尚未定義樣式。 118 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Predefined Filters Using the following procedure, you can add predefined filters that block certain types of traffic from the LAN side of the Gateway to the Internet side of the Gateway . 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Predefined Filtering Table, click the Add button. The Predefined Filter menu appears (see Figure 60). 3. Complete the fields in the Predefined Filter menu (see Table 29). 4. Click Apply. (Or click Back to return to the Access Control menu or Cancel to cancel any selections you made.) If you clicked Apply, the predefined filter is added to the Predefined Filtering Table. 5. To define additional filters for access control (up to 35, including customer-defined filters), repeat steps 1 through 4. When you finish, click Apply in the Access Control menu to save your settings. 6. To change the settings for a predefined filter, click the radio button to the left of the service you want to change and click the Edit button. When the Predefined Filter menu appears, edit the settings as necessary (see Table 29) and click Apply. Click Apply in the Access Control menu to save your settings. 7. To delete a predefined filter, click the radio button to the left of the filter you want to delete and click the Delete button. No precautionary message appears before you delete a predefined filter. Click Apply in the Access Control menu to save your settings.

錯誤! 尚未定義樣式。 119 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 60. Predefined Filter Menu Table 29. Predefined Filter Menu Options Option Description Service List of predefined services from which you can choose. LAN IPs Lets you apply the filter to any LAN IP addresses, a single LAN IP address, or a range of LAN IP addresses. • If you select one LAN IP address, enter the IP address in the Start IP field. • If you select a range of LAN IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To apply the predefined filter to: • A single local IP address, enter the local IP address. • A range of local IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any local IP addresses. End IP Ending IP address in the local IP address range to which the filter will be applied. This field is unavailable if the Gateway is configured for any local IP address or a single local IP address.

錯誤! 尚未定義樣式。 120 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Adding Customer-Defined Filters Using the following procedure, you can add customer-defined filters that block certain types of traffic from the LAN side of the Gateway to the Internet side of the Gateway. 1. In the Access Control menu, check Enable Access Control if it is not checked and click the Apply button. The remaining fields in the menu become available. 2. Under Customer Defined Filtering Table, click the Add button. The Customer Defined Filter menu appears (see Figure 61). 3. Complete the fields in the Customer Defined Filter menu (see Table 30). 4. Click Apply. (Or click Back to return to the Access Control menu or Cancel to cancel any selections you made.) If you clicked Apply, the customer-defined filter is added to the Customer Defined Filtering Table. 5. To define additional filters for access control (up to 35, including predefined filters), repeat steps 1 through 4. When you finish, click Apply in the Access Control menu to save your settings. 6. To change the settings for a customer-defined filter, click the radio button to the left of the filter you want to change and click the Edit button. When the Customer Defined Filter menu appears, edit the settings as necessary (see Table 30) and click Apply. Click Apply in the Access Control menu to save your settings. 7. To delete a customer-defined filter, click the radio button to the left of the filter you want to delete and click the Delete button. No precautionary message appears before you delete a customer-defined filter. Click Apply in the Access Control menu to save your settings.

錯誤! 尚未定義樣式。 121 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 61. Customer Defined Filter Menu

錯誤! 尚未定義樣式。 122 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Table 30. Customer Defined Filter Menu Options Option Description Name Name for identifying the custom service. The name is for reference purposes only. Type The type of protocol you want to filter. Choices are TCP, UDP, and TCP/UDP. Default is TCP. LAN IPs Lets you apply the filter to any LAN IP addresses, a single LAN IP address, or a range of LAN IP addresses. • If you select one LAN IP address, enter the IP address in the Start IP field. • If you select a range of LAN IP addresses, enter the starting IP address in the Start IP field and the ending IP address in the End IP field. Start IP To specify: • A single remote IP address, enter the remote IP address. • A range of remote IP addresses, enter the starting IP address here and the ending IP address range in the next field. This field is unavailable if the Gateway is configured for any remote IP addresses. End IP Ending IP address in the LAN IP address range to which the filter will be applied. This field is unavailable if the Gateway is configured for any LAN IP address or a single LAN IP address. From Port Starting port number on which the filter will be applied. If necessary, contact the application vendor for this information. To Port Ending port number on which the filter will be applied. If necessary, contact the application vendor for this information. Responding to or Ignoring Pings When the Gateway firewall module is enabled, the Gateway can respond to pings sent to its WAN port from an external IP over the Internet and sent to its public LAN port. To have the WAN port of the Gateway ignore ping requests from the Internet that are sent to the Gateway’s WAN IP address, uncheck Respond to Ping on Internet WAN Port at the bottom of the Access Control menu and click Apply. To have the public LAN port of the Gateway ignore ping requests from the Internet that are sent to the Gateway’s WAN IP address, uncheck Respond to Ping on Public LAN Port at the bottom of the Access Control menu and click Apply.

錯誤! 尚未定義樣式。 123 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Special Applications Using the Special Application menu, you can configure the Gateway to detect port triggers for detect multiple-session applications and allow them to pass the firewall. For special applications, besides the initial communication session, there are multiple related sessions created during the protocol communications. Normally, a normal treats the triggered sessions as independent sessions and blocks them. However, the Gateway can co-relate the triggered sessions with the initial session and group them together in the NAT session table. As a result, you need only specify which protocol type and port number you want to track, as well as some other related parameters. In this way, the Gateway can pass the special applications according to the supplied information. Assume, for example, that to use H.323 in a Net Meeting application, a local client starts a session A to a remote host. The remote host uses session A to communicate with the local host, but it also could initiate another session B back to the local host. Since there is only session A recorded in the NAT session table when the local host starts the communication, session B is treated as an illegal access from the outside and is blocked. Using the Special Application menu, you can configure the Gateway to co-relate sessions A and B and automatically open the port for the incoming session B. To display the Special Applications menu, click Firewall in the menu bar and then click the Special Application submenu. Figure 62 shows an example of the menu. The maximum allowed triggers is 50. To enable the special application function, check the Enable Triggering checkbox and click Apply. To disable it, uncheck the Enable Triggering checkbox and click Apply. Note: The Special Application submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105).

錯誤! 尚未定義樣式。 124 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 62. Special Application Menu To enable port triggering: 1. In the Special Application menu, check Enable Triggering if it is unchecked and click the Apply button. The Trigger Table becomes available. 2. Click the Add button below Trigger Table. The Trigger menu appears (see Figure 63). 3. Complete the fields in fields Trigger menu (see Table 31). 4. Click Apply. (Or click Back to return to the Trigger menu or Cancel to cancel any selections you made.) If you clicked Apply, the trigger is added to the Trigger Table. 5. To configure additional triggers (up to 20), repeat steps 1 through 4. When you finish, click Apply in the Special Applications menu to save your settings. 6. To change the settings for a trigger, click the radio button to the left of the trigger you want to change and click the Edit button. When the Trigger menu appears, edit the settings as necessary (see Table 31) and click Apply. Click Apply in the Special Application menu to save your settings. 7. To delete a trigger, click the radio button to the left of the trigger you want to delete and click the Delete button. No precautionary message appears before you delete a trigger. Click Apply in the Special Application menu to save your settings.

錯誤! 尚未定義樣式。 125 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 63. Trigger Menu Table 31. Trigger Menu Options Option Description Name Name for identifying the trigger. The name is for reference purposes only. Type The type of protocol you want to use with the trigger. Choices are TCP and UDP. Default is TCP. For example, to track the H.323 protocol, the protocol type should be TCP. Trigger Port From and To port ranges of the special application. For example, to track the H.323 protocol, the From and To ports should be 1720. Target Port From and To port ranges for the target port listening for the special application. Interval Specify the interval between 50 and 30000 between two continuous sessions. If the interval exceeds this time interval setting, the sessions are considered to be unrelated. IP Replacement Select the IP replacement according to the application. Some applications embed the source host's IP in the datagram and normal NAT would not translate the IP address in the datagram. To make sure the network address translation is complete, IP replacement is necessary for these special applications, such as H.323. Allow sessions initiated from/to the 3rd host Decide whether the sessions can start from/to a third host. To prevent hacker attacks from a third host, this feature usually is not allowed. However, for some special applications, such as MGCP in a VOIP application, a session initiated from a third host is permitted. For example, assume Client A is trying to make a phone call to a host B. Client A tries to communicate with the Media Gateway Controller (MGC) first and provides host B's number to MGC. Then MGC checks its own database to find B and communicate with B to provide B the information about A. B uses this information to communicate directly to A. So initially, A is talking to MGC, but the final step has B initiating a session to A. If the third-party host-initiated session is not allowed in this example, the whole communication fails.

錯誤! 尚未定義樣式。 126 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring URL Blocking Using the URL Blocking menu, you can configure the Gateway to block access to certain Web sites from local computers by entering either a full URL address or keywords of the Web site. The Gateway examines all the HTTP packets to block the access to those particular sites. This feature can be used to protect children from accessing inappropriate Web sites. You can block up to 50 sites. Using URL blocking, you can also make up to 10 computers exempt from URL blocking and have full access to all Web sites at any time. To display the URL Blocking menu, click Firewall in the menu bar and then click the URL Blocking submenu. Figure 64 shows an example of the menu. Note: The URL Blocking submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105). Tip: The Gateway provides a Schedule Rules feature that lets you configure URL blocking for certain days, if desired. For more information, see “Configuring Schedule Rules” on page 124.

錯誤! 尚未定義樣式。 127 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 64. URL Blocking Menu To enable URL blocking: 1. In the URL Blocking menu, check Enable Keyword Blocking if it is not checked and click Apply. 2. To exempt a computer from URL blocking, enter the computer’s MAC address in the Add exempted PC field and click the Add Trusted Host button. The MAC address you entered appears in the Exempted PC List. – Repeat this step for each additional computer (up to 10) you want to make exempt from URL blocking. – To remove a computer from being exempted, use the Delete or Delete All buttons next to the field to delete selected or all MAC addresses.

錯誤! 尚未定義樣式。 128 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 3. To block a site, click in the Keyword/Domain Name field, enter keyword or domain name of the site you want to block, and click Add Keyword. The keyword or domain appears in the Blocked Keyword/Domain List. – Repeat this step for each additional keyword or domain (up to 50) you want to make exempt from URL blocking. – To remove a site from being blocked by a keyword or domain name, use the Delete or Delete All buttons next to the field to delete selected or all keywords and/or domains. 4. Click Apply. Configuring Schedule Rules Schedule rules work with the Gateway’s URL blocking feature (described on page 122) to tell the Gateway when to perform URL blocking. To access the Schedule Rule menu, click Firewall in the menu bar and then click the Schedule Rule submenu in the menu bar. Figure 65 shows an example of the menu. Note: The Schedule Rule submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105). Figure 65. Schedule Rule Menu

錯誤! 尚未定義樣式。 129 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual By default, the Gateway is configured to apply schedule rules to URL blocking 24 hours every day. To change these settings: 1. To change the days when schedule rules are applied to URL blocking, uncheck Every Day under Week Day. Then check the days when you want to apply schedule rules to URL blocking. 2. To change the hours when schedule rules are applied to URL blocking, uncheck All Day. Then specify the start and end times when you want to apply schedule rules to URL blocking. Select AM or PM, where AM refers to times from Midnight to Noon and PM refers to times from Noon to Midnight. 3. Click Apply. Configuring Email and Syslog Alerts The Gateway inspects packets at the application layer, and stores TCP and UDP session information, including timeouts and number of active sessions. This information is helpful when detecting and preventing Denial of Service (DoS) and other network attacks. If you enabled the Gateway’s firewall or content-filtering feature, you can use the Email/Syslog Alert menu to configure the Gateway to send email notifications or add entries to the syslog when: y Traffic is blocked y Attempts are made to intrude onto the network y Local computers try to access block URLs You can configure the Gateway to generate email notifications or syslog entries immediately or at a preconfigured time.

錯誤! 尚未定義樣式。 130 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual To access the Email/Syslog Alert menu, click Firewall in the menu bar and then click the Email/Syslog Alert submenu in the menu bar. Figure 66 shows an example of the menu. The menu has three sections: y The top area lets you configure the Gateway to send email notifications. y The middle area lets you add syslog entries. y The bottom area lets you define the alerting schedule. Note: The Email/Syslog Alert submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105).

錯誤! 尚未定義樣式。 131 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 66. Email/Syslog Alert Menu

錯誤! 尚未定義樣式。 132 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Email Alerts The following procedure describes how to configure the Gateway to send email notifications. This procedure assumes that your mail server is working properly. 1. In the Email/Syslog Alert menu, under Mail Server Configuration, enter the following information: – SMTP Server Address = IP address of the SMTP server that will forward the email notification to recipients. – Sender’s Email Address = name that will appear as the sender in the email notifications. 2. Under Mail Server Authentication, enter the following information: – User Name = your email name. – Password = your email password. 3. Under Recipient list, click Add. When the Recipient Adding menu appears (see Figure 67), enter the name of the person who will receive email notifications and the person’s email address, and then click Apply. (Or click Back to return to the Email/Syslog Alert menu or Cancel to cancel any selections you made.) If you clicked Apply, the email account is added to the Recipient list. To send email to additional email accounts (up to 4), repeat this step. 4. To change the settings for an email recipient, click the radio button to the left of the recipient you want to change and click the Edit button. When the Recipient Adding menu appears, edit the settings as necessary and click Apply. 5. To delete an email recipient, click the radio button to the left of the recipient and click Delete. No precautionary message appears before you delete the email recipient. 6. Click Apply. Figure 67. Recipient Adding Menu

錯誤! 尚未定義樣式。 133 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring Syslog Entries To have the Gateway add a syslog entry when traffic is blocked, attempts are made to intrude onto the network, or local computers try to access block URLs: 1. In the Email/Syslog Alert menu, under Syslog Server Configuration, enter the syslog server address. 2. Click Apply. Configuring Alert Options Using the options in the Alert Options area, you can configure the Gateway to send an email to recipients you define in this menu and/or send entries to a syslog defined in this menu if the Gateway detects an intrusion. To configure the Gateway to send an email to the configured email addresses if it detects an intrusion: 1. Perform steps 1 through 3 under “Configuring Email Alerts” on page 127. 2. Under Alert Options, check Send Email next to When intrusion is detected. 3. Click Apply. To configure the Gateway to send an entry to a syslog if it detects an intrusion: 1. Perform step 1 under “Configuring Syslog Entries” on page 128. 2. Under Alert Options, check Send Syslog next to When intrusion is detected. 3. Click Apply.

錯誤! 尚未定義樣式。 134 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Configuring DMZ Settings If you have a local client computer that cannot run an Internet application properly behind the NAT firewall, you can configure it for unrestricted two-way Internet access by defining it as a Virtual Demilitarized Zone (DMZ) host. Adding a client to the DMZ may expose your local network to various security risks because the client in the DMZ is not protected by the firewall. To access the DMZ (Demilitarized Zone) menu, click Firewall in the menu bar and then click the DMZ submenu in the menu bar. Figure 68 shows an example of the menu. Note: The DMZ submenu is not available in the menu bar if Enable Firewall Module is disabled in the Security Settings (Firewall) menu (see page 105). Figure 68. DMZ (Demilitarized Zone) Menu

錯誤! 尚未定義樣式。 135 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual To configure DMZ settings: 1. In the DMZ (Demilitarized Zone) menu, check Enable DMZ Host. The 2 rightmost fields next to this option become available. 2. Enter the last two octets in the IP addresses of the computer to be used as the DMZ server. 3. Click Apply. Using the Configuration Tools Menu Gateways often get upgraded or swapped out for a number of reasons. There also times when a Gateway might fail. In such cases, having a backup file containing your configuration settings allows you to restore a configuration by importing the configuration settings back into the Gateway. Using the Configuration Tools menu, you can: y Switch working scripts. See page 132. y Back up the Gateway’s current configuration settings locally. See page 132. y Restore the configuration settings locally from a back-up copy. See page 133. y Remotely back up the current configuration settings over the WAN. See page 134. y Remotely restore the configuration settings from a backup copy over the WAN. See page 135. y Restore the Gateway’s factory default settings. See page 136. To access the Configuration Tools menu, click Tools in the menu bar and then click the Configuration Tools submenu in the menu bar.

錯誤! 尚未定義樣式。 136 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 69 shows an example of the menu.

錯誤! 尚未定義樣式。 137 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 69. Configuration Tools Menu

錯誤! 尚未定義樣式。 138 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Switching Working Scripts If more than one working script appears below Configuration file settings, you can switch to another working script. 1. Under Configuration file settings, click the Switch Working Script button. 2. When a prompt asks whether you want to switch scripts, click OK to switch or Cancel to keep the current working script. Backing Up the Gateway’s Current Configuration Locally To back up the Gateway’s current configuration locally: 1. If one or more scripts appear to the left of the Back Up button under Locally backup current settings, click the script you want to back up. (running) appears next to the script that is currently running. 2. Click the Back Up button. 3. When the File Download dialog box appears (see Figure 70), click Save. (Or click Open to view the file prior to saving it. If you open the file, you will have to repeat steps 1 and 2 to save it.) 4. When the Save As dialog box appears, go to the location where you want to save the configuration file and click the Save button. The file is saved as smc.cfg. 5. When the save operation is complete, the Download complete dialog box appears (see Figure 71). Click Open to open the configuration file, Open Folder to open the folder containing the configuration file, or Close to close the dialog box. Tip: If you click Open and a message tells you that an application could not be found to open the configuration file, open the file in a text editor such as WordPad.

錯誤! 尚未定義樣式。 139 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 70. File Download Dialog Box Figure 71. Download Complete Dialog Box Restoring the Gateway’s Current Configuration Locally If you backed up the Gateway’s configuration settings locally, use the following procedure to restore the settings locally. Note: Restoring the Gateway’s settings from a configuration file erases all of the Gateway’s current settings. 1. If one or more scripts appear to the left of the Restore button under Locally restore saved settings from file, click the script you want to restore. (running) appears next to the script that is currently running. 2. Click the Browse button.

錯誤! 尚未定義樣式。 140 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual 3. When the Choose File dialog box appears, go to the location where you saved the smc.cfg file. Then either double-click the file, or click it and click the Open button. The file path and name appear to the left of the Browse button. 4. Click the Restore button. The message in Figure 72 appears. 5. Click OK to override the Gateway’s current configuration with the one in the configuration file or click Cancel to not restore the configuration from the file. Figure 72. Warning Message when Restoring from a Configuration File Backing Up the Gateway’s Current Configuration Remotely You can back up the Gateway’s current configuration remotely by uploading the smc.cfg file to a TFTP server. 1. Under Remotely backup/restore Gateway settings, enter the IP address of the TFTP server in the TFTP Server Address field. 2. In the Gateway Config Filename field, enter the name of the configuration file. 3. If one or more scripts appear to the left of the Backup button, select the script you want to restore. (running) appears next to the script that is currently running. 4. Click the Backup button.

錯誤! 尚未定義樣式。 141 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Restoring the Gateway’s Current Configuration Remotely If you backed up the Gateway’s configuration settings to a TFTP server, use the following procedure to restore the settings remotely. Note: Restoring the Gateway’s settings from a configuration file erases all of the Gateway’s current settings. 1. Under Remotely backup/restore Gateway settings, enter the IP address of the TFTP server in the TFTP Server Address field. 2. In the Gateway Config Filename field, enter the name of the configuration file. 3. If one or more scripts appear to the left of the Restore button, select the script you want to restore. (running) appears next to the script that is currently running. 4. Click the Restore button. The message in Figure 72 appears. 5. Click OK to override the Gateway’s current configuration with the one in the configuration file or click No to not restore the configuration from the file.

錯誤! 尚未定義樣式。 142 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Restoring Factory Defaults One way to restore the Gateway’s factory default settings is by using the Reset switch on the Gateway’s rear panel (see “Restoring Factory Defaults” on page 15). Another way is to use the Configuration Tools menu to power-cycle the Gateway. Note: Rebooting the Gateway removes any customized overrides you made to the default settings. To reboot the Gateway and retain any customized settings, use the Reboot menu (see “Using the Reboot Menu to Reboot the Gateway“ on page 137). 1. Under Restore to Factory Defaults, click Factory Reset. The warning message in Figure 73 appears. 2. Click OK to restore the Gateway’s factory default settings or click Cancel to retain the Gateway’s current settings. Figure 73. Warning Message when Restoring Factory Defaults

錯誤! 尚未定義樣式。 143 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the Reboot Menu to Reboot the Gateway Using the Reboot menu, you can reset the Gateway and retain all changes that have been made to the Gateway’s factory default settings. To access the Reboot menu, click Tools in the menu bar and then click the Reboot submenu in the menu bar. Figure 74 shows an example of the menu. Figure 74. Reboot Menu To reboot the Gateway and retain all changes made to its factory default settings: 1. In the Reboot menu, click Apply. The precautionary message in Figure 75 appears. 2. Click OK to reboot the Gateway or click Cancel to not reboot it. If you clicked OK, the reboot is complete when the POWER LED stops blinking and you will need to log in to the Web interface again. Figure 75. Precautionary Message When Rebooting the Gateway

錯誤! 尚未定義樣式。 144 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the Diagnostics Menu The Diagnostics menu lets you use “traceroute” to trace the routing path from the Gateway to the destination and router, and use ping to ascertain whether the destination is available. This menu also lets you specify the IP address for a log server, and the sniffing time to record the upstream and downstream traffic. To access the Diagnostics menu, click Tools in the menu bar and then click the Diagnostics submenu in the menu bar. Figure 76 shows an example of the menu. Figure 76. Diagnostics Menu

錯誤! 尚未定義樣式。 145 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the Ping Tool Using the ping tool, you can check the connectivity between the Gateway and another local or remote device. The Gateway provides a ping tool for conducting the ping with the default Gateway, across the RF interface, or across the WAN interface. This tool sends a small packet of data and then waits for a reply. When you ping a computer IP address and receive a reply, it confirms that the device is connected to the Gateway. To perform ping activities, use the following procedure under Ping on the Diagnostics menu. 1. Enter the IP address or domain name of a target host in the Ping field. 2. In the drop-down list to the right of the IP address or domain name, select whether the ping is to be sent to the default Gateway, across the Gateway’s RF interface, or across the Gateway’s WAN interface. 3. Click the ping button. The results appear in the Diagnostics – Ping Results screen (see Figure 77 and Figure 78). The results screen may flash as the contents refresh during the ping. 4. To close the results screen, click the Back button. Figure 77. Example of Results for a Ping

錯誤! 尚未定義樣式。 146 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 78. Example of Results for a WAN Ping

錯誤! 尚未定義樣式。 147 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the Trace Route Tool The Gateway provides a trace route tool for conducting the trace route with the default Gateway, across the RF interface, or across the WAN interface. This tool provides a supplemental role to the ping tool. While the ping tool confirms IP network reachability, you cannot pinpoint and improve some isolated problems. Consider the following situations: y When there are many hops (for example, gateways or routes) between the Gateway and the destination, and there seems to be a problem somewhere along the path. The destination system may have a problem, but you need to know where a packet is actually lost. y The ping tools do not tell you the reasons for a lost packet. The trace route tool can inform you where the packet is located and why the route is lost. Using the trace route tools, you can map the network path in real time from the Gateway to a local or public host. To perform trace route activities, use the following procedure under Trace Route on the Diagnostics menu. 1. Enter the IP address or domain name of a target host in the Trace Route field. 2. In the drop-down list to the right of the IP address or domain name, select whether the trace route is to be sent to the default Gateway, across the Gateway’s RF interface, or across the Gateway’s WAN interface. 3. Click the tracert button. The trace route results appear in the Diagnostics – Trace Route Results screen, as the Gateway sends UDP packets to each device between the Gateway and the destination (see Figure 79 and Figure 80). It starts with the nearest device and expands the search by one hop until the destination is reached or the trace route times out. The results screen may flash as the contents refresh during the trace route operation. 4. To close the screen, click the Back button.

錯誤! 尚未定義樣式。 148 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Figure 79. Example of Results for Trace Route Figure 80. Example of Results for a WAN Trace Route

錯誤! 尚未定義樣式。 149 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Sending Inspected Traffic to a Log Server The Gateway can inspect upstream and downstream traffic, and log the results to the syslog server, where they can be further examined. To send inspected traffic to a log server, perform the following procedure under Send inspected traffic to Log Server on the Diagnostics menu. 1. In the first four fields, enter the IP address of the log server. 2. In the for field, enter the number of seconds that inspected traffic is to be sent to the log server. 3. Click the Apply button. 4. The Gateway sniffs the traffic, logs the traffic to the syslog, and displays the message in Figure 81 when the number of seconds elapses. 5. Click OK to close the message. You can now examine the sniffed traffic using appropriate syslog daemons and applications. Figure 81. Sniffing Complete Message

$錯誤! 尚未定義樣式。 150 SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual Using the SNTP Menu The SNTP Settings menu lets you configure the Gateway to act as an SNTP client. SNTP is a simplified, client-only version of NTP, a standard protocol used to synchronize system clocks on computer systems. SNTP can be enabled on the Gateway to keep the Gateway’s time accurate up to fractions of a second. The service is constantly updating the Gateway’s clock, and can be used as a master time source for other systems on your network. Note: While SNTP typically provides time within 100 milliseconds of the accurate time, it does not provide the complex filtering and statistical mechanisms of NTP. In addition, SNTP does not authenticate traffic. An SNTP client is more vulnerable to misbehaving servers than an NTP client, and should only be used in situations where strong authentication is not required. To access the SNTP Settings menu, click Tools in the menu bar and then click the SNTP Client submenu in the menu bar. Figure 82 shows an example of the menu and Table 32 describes the options you can select. Figure 82. SNTP Settings Menu$

SMC Networks D3GN301 DOCSIS 3.0 Wireless Cable Modem Gateway User Manual

SMC Networks Inc DOCSIS 3.0 Wireless Cable Modem Gateway

User Manual

Navigation menu

Namespaces

Views

Navigation