3Com OfficeConnect User Guide

OfficeConnect®

Wireless 11g Cable/DSL Router
User Guide

3CRWE554G72T
3CRWE554G72TU

http://www.3com.com/

Part No. DUA0554-TAAA02

Published November 2004

3Com Corporation
350 Campus Drive
Marlborough, MA
USA 01752-3064

Copyright © 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satis34factory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not
be registered in other countries.

3Com, OfficeConnect and the 3Com logo are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows

NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of
Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively
through X/Open Company, Ltd.

Netscape Navigator is a registered trademark of Netscape Communications.

JavaScript is a trademark of Sun Microsystems
Wi-Fi and the Wi-Fi logo are registered trademarks of the WI-Fi Alliance.
IEEE and 802 are trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are
associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.

CONTENTS

ABOUT THIS GUIDE

Naming Convention 7
Conventions 8

Feedback about this User Guide 8
Related Documentation 9

1 INTRODUCING THE ROUTER

OfficeConnect Wireless 11g Cable/DSL Router 11
Router Advantages 13
Package Contents 13
Minimum System and Component Requirements 14
Front Panel 14
Rear Panel 16

2 HARDWARE INSTALLATION

Introduction 19

Safety Information 19

Positioning the Router 19

Using the Rubber Feet 20

Stacking the Router 20
Wall Mounting 20
Before you Install your Router 21
Powering Up the Router 22
Connecting the Router 22

3 SETTING UP YOUR COMPUTERS

Obtaining an IP Address Automatically 25

Windows 2000 25

Windows XP 27

Windows 95/98/ME 27

Macintosh 27
Disabling PPPoE and PPTP Client Software 28
Disabling Web Proxy 28

4 RUNNING THE SETUP WIZARD

Accessing the Wizard 29

Password 32

Time Zone 33

WAN Settings 33

LAN Settings 40

DHCP 40

Wireless Settings 41

Summary 42

5 ROUTER CONFIGURATION

Navigating Through the Router Configuration Pages 45

Main Menu 45

Option Tabs 46
Welcome Screen 46

Notice Board 46

Password 47

Wizard 48
LAN Settings 48

Unit Configuration 48

DHCP Clients List 49
Wireless Settings 51

Configuration 52

Encryption 54

Configuring WPA Encryption 54

Configuring WEP Encryption 57

Connection Control 60

Client List 62

WDS 63

Profile 64
Internet Settings 65

Connection to ISP 66

Firewall 73

Virtual Servers 73
Special Applications 75
PC Privileges 77
URL Filter 80
Content Filter 83
SPI 84

System Tools 87

Restart 88
Time Zone 88
Configuration 89
Upgrade 90

Advanced 91

Static Route 91
RIP 92
Routing Table 94
DDNS 94
Security 96

Status and Logs 98

Status 98
Usage 99
Logs 100

Support/Feedback 100

Support 100
Feedback 101

6 TROUBLESHOOTING

Basic Connection Checks 103
Browsing to the Router Configuration Screens 103
Connecting to the Internet 104
Forgotten Password and Reset to Factory Defaults 105
Wireless Networking 105

Replacement Power Adapters 107
Alert LED 108
Recovering from Corrupted Software 108
Frequently Asked Questions 109

A USING DISCOVERY

Running the Discovery Application 111

Windows Installation (95/98/2000/Me/NT) 111

B IP ADDRESSING

The Internet Protocol Suite 113
Managing the Router over the Network 113

IP Addresses and Subnet Masks 113

How does a Device Obtain an IP Address and Subnet Mask? 115

DHCP Addressing 115
Static Addressing 115
Auto-IP Addressing 115

C TECHNICAL SPECIFICATIONS

D SAFETY INFORMATION

E END USER SOFTWARE LICENSE AGREEMENT

F ISP INFORMATION

GLOSSARY

INDEX

REGULATORY NOTICES FOR THE WIRELESS 11G CABLE/DSL
R

OUTER

Industry Canada - Class B 143

ABOUT THIS GUIDE

This guide describes how to install and configure the OfficeConnect
Wireless 11g Cable/DSL Router (3CRWE554G72T and
3CRWE554G72TU).

This guide is intended for use by those responsible for installing and
setting up network equipment; consequently, it assumes a basic working
knowledge of LANs (Local Area Networks) and Internet Router systems.

If a release note is shipped with the OfficeConnect Wireless 11g
Cable/DSL Router and contains information that differs from the
information in this guide, follow the information in the release note.

Most user guides and release notes are available in Adobe Acrobat
Reader Portable Document Format (PDF) on the 3Com World Wide Web
site:

http://www.3com.com

Naming Convention Throughout this guide, the OfficeConnect Wireless 11g Cable/DSL Router

is referred to as the “Router”.

Category 3 and Category 5 Twisted Pair Cables are referred to as Twisted
Pair Cables throughout this guide.

8 ABOUT THIS GUIDE

Conventions Ta bl e 1 and Tab l e 2 list conventions that are used throughout this guide.

Tab le 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or

instructions.

Caution Information that alerts you to potential loss of data or

potential damage to an application, system, or device.

Warning Information that alerts you to potential personal

injury.

Tab le 2 Text Conventions

Convention Description

The words “enter”
and “type”

Keyboard key names If you must press two or more keys simultaneously, the key

Words in italics Italics are used to:

When you see the word “enter” in this guide, you must type
something, and then press Return or Enter. Do not press
Return or Enter when an instruction simply says “type.”

names are linked with a plus sign (+). Example:

Press Ctrl+Alt+Del

■ Emphasize a point.

■ Denote a new term at the place where it is defined in the

text.

■ Identify menu names, menu commands, and software

button names. Examples:

From the Help menu, select Contents.

Click OK.

Feedback about this

User Guide

Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:

pddtechpubs_comments@3com.com

Please include the following information when commenting:

■ Document title

■ Document part number (on the title page)

■ Page number (if appropriate)

Conventions 9

Example:

■ OfficeConnect Wireless 11g Cable/DSL Router User Guide

■ Part Number DUA0554-TAAA02

■ Page 24

Do not use this e-mail address for technical support questions. For
information about contacting Technical Support, please refer to the
Support and Safety Information sheet.

Related

Documentation

In addition to this guide, each Router document set includes one
Installation Guide. This guide contains the instructions you need to install
and configure your Router.

10 ABOUT THIS GUIDE

1

INTRODUCING THE ROUTER

Welcome to the world of networking with 3Com®. In the modern
business environment, communication and sharing information is crucial.
Computer networks have proved to be one of the fastest modes of
communication but, until recently, only large businesses could afford the
networking advantage. The OfficeConnect
has changed all this, bringing networks to the small office.

The products that compose the OfficeConnect range give you, the small
office user, the same power, flexibility, and protection that has been
available only to large corporations. Now, you can network the
computers in your office, connect them all to a single Internet outlet, and
harness the combined power of all of your computers.

®

product range from 3Com

OfficeConnect Wireless 11g Cable/DSL Router

The OfficeConnect Wireless 11g Cable/DSL Router is designed to provide
a cost-effective means of sharing a single broadband Internet connection
amongst several wired and wireless computers. The Router also provides
protection in the form of an electronic “firewall”, preventing anyone
outside of your network from seeing your files or damaging your
computers. The Router can also prevent your users from accessing Web
sites which you find unsuitable.

Figure 1

only one computer is connected to the Internet. This computer must
always be powered on for the other computers on the network to access
the Internet.

shows an example network without a Router. In this network,

12 CHAPTER 1: INTRODUCING THE ROUTER

Figure 1 Example Network Without a Router

When you use the Router in your network (Figure 2), it becomes your
connection to the Internet. Connections can be made directly to the
Router, or to an OfficeConnect Switch or Hub, expanding the number of
computers you can have in your network.

Figure 2 Example Network Using a Wireless 11g Cable/DSL Router

Wireless 11g Cable/DSL Router

Router Advantages The advantages of the Router include:

■ Shared Internet connection for both wired and wireless computers

■ High speed 802.11g wireless networking

■ No need for a dedicated, “always on” computer serving as your

Internet connection

■ Cross-platform operation for compatibility with Windows, Unix and

Macintosh computers

■ Easy-to-use, Web-based setup and configuration

■ Provides centralization of all network address settings (DHCP)

■ Acts as a Virtual server to enable remote access to Web, FTP, and other

services on your network

■ Security — Firewall protection against Internet hacker attacks and

encryption to protect wireless network traffic

■ Filtered access of inappropriate Web sites using the built-in URL filter

Router Advantages 13

Package Contents The Router kit includes the following items:

■ One OfficeConnect Wireless 11g Cable/DSL Router

■ One power adapter for use with the Router

■ Four rubber feet

■ One Ethernet cable

■ One CD-ROM containing the Router Discovery program and this User

Guide

■ Installation Guide

■ One Support and Safety Information Sheet

■ One Warranty Flyer

If any of these items are missing or damaged, please contact your retailer.

14 CHAPTER 1: INTRODUCING THE ROUTER

Minimum System and Component Requirements

Your Router requires that the computer(s) and components in your
network be configured with at least the following:

■ A computer with an operating system that supports TCP/IP

networking protocols (for example Windows 95/98/NT/Me/2000/XP,
Unix, Mac OS 8.5 or higher).

■ An Ethernet 10Mbps or 10/100 Mbps NIC for each computer to be

connected to the four-port switch on your Router.

■ An 802.11b or 802.11g wireless NIC.

■ A cable modem or DSL modem with an Ethernet port (RJ-45

connector).

■ An active Internet access account.

■ A Web browser that supports JavaScript, such as Netscape 4.7 or

higher, Internet Explorer 5.0 or higher, or Mozilla 1.2.1 or higher.

Front Panel The front panel of the Router contains a series of indicator lights (LEDs)

that help describe the status of various networking and connection
operations.

Figure 3 Router - Front Panel

12345

1 Alert LED

Orange

Indicates a number of different conditions, as described below.

Off - The Router is operating normally.

Flashing quickly - Indicates one of the following conditions:

■ The Router has just been started up and is running a self-test routine,

or

Front Panel 15

■ The administrator has invoked the Reset to Factory Defaults

command, or

■ The system software is in the process of being upgraded

In each of these cases, wait until the Router has completed the current
operation and the alert LED is Off.

Flashing slowly - The Router has completed the Reset to Factory Defaults
process, and is waiting for you to reset the unit. To do this, remove
power, wait 10 seconds and then re-apply power. The Router will then
enter the start-up sequence and resume normal operation.

If you have used a cable to reset the unit to Factory Defaults, follow steps
5 to 7 in “

page 105

Forgotten Password and Reset to Factory Defaults” on

.

On for 2 seconds, and then off - The Router has detected and prevented

a hacker from attacking your network from the Internet.

Continuously on - A fault has been detected with your Router during the
start-up process. Refer to Chapter 6

“Troubleshooting”.

2Power LED

Green

Indicates that the Router is powered on.

3 Wireless LAN (WLAN) Status LED

Yellow

If the LED is on it indicates that wireless networking is enabled. If the LED
is flashing, data is being transmitted or received. If the LED is off, the
Wireless LAN has been disabled in the Router, or there is a problem. Refer
to Chapter 6

“Troubleshooting”.

4 Four LAN Status LEDs

Green (100 Mbps link) / yellow (10 Mbps link)

If the LED is on, the link between the port and the next piece of network
equipment is OK. If the LED is flashing, the link is OK and data is being
transmitted or received. If the LED is off, nothing is connected, the
connected device is switched off, or there is a problem with the
connection (refer to Chapter 6

“Troubleshooting”). The port will

automatically adjust to the correct speed and duplex.

16 CHAPTER 1: INTRODUCING THE ROUTER

5 Cable/DSL Status LED

Green (100 Mbps link) / yellow (10 Mbps link)

If the LED is on, the link between the Router and the cable or DSL modem
is OK. If the LED is flashing, the link is OK and data is being transmitted or
received. If the LED is off, nothing is connected, the modem is switched
off or there is a problem (refer to Chapter 6

“Troubleshooting”).

Rear Panel The rear panel (Figure 4) of the Router contains four LAN ports, one

Ethernet Cable/DSL port, a power adapter OK LED, and a power adapter
socket.

Figure 4 Router - Rear Panel

6 Wireless Antennae

6

10

7

9

6

8

12VDC

POWER

1.25AMAX

OK

3

4

21LAN

Cable/DSL

The antennae on the product should be placed in a ‘V’ position when
initially installed.

CAUTION: Do not force the antennae beyond their mechanical stops.
Rotating the antennae further may cause damage.

7 Power Adapter Socket

Only use the power adapter supplied with this Router. Do not use any
other adapter.

8 Power Adapter OK LED

Green

Indicates that the power adapter is supplying power to the Router. If the
LED is off, there may be a problem with the power adapter or adapter
cable.

9 Ethernet Cable/DSL port

Use the supplied patch cable to connect the Router to the Ethernet port
on your cable or DSL modem. The port will automatically adjust to the

Rear Panel 17

correct speed and duplex, and will set itself to MDI or MDIX depending
on the device to which they are connected and the type of cable used.

10 Four 10/100 LAN ports

Using suitable RJ-45 cable, you can connect your Router to a computer,
or to any other piece of equipment that has an Ethernet connection (for
example, a hub or a switch). The LAN ports will automatically set
themselves to MDI or MDIX depending on the device to which they are
connected and the type of cable used.

18 CHAPTER 1: INTRODUCING THE ROUTER

HARDWARE INSTALLATION

2

Introduction This chapter will guide you through a basic installation of the Router,

including:

■ Connecting the Router to the Internet.

■ Connecting the Router to your network.

■ Setting up your computers for networking with the Router.

Safety Information

Positioning the Router

WARNING: Please read the “
before you start.

VORSICHT: Bitte lesen Sie den Abschnitt “
sorgfältig durch, bevor Sie das Gerät einschalten.

AVERTISSEMENT: Veuillez lire attentivement la section “

importantes de sécurité” avant de mettre en route.

You should place the Router in a location that:

■ is conveniently located for connection to the cable or DSL modem that

will be used to connect to the Internet.

■ is centrally located to the wireless computers that will connect to the

Router. A suitable location might be on top of a high shelf or similar

furniture to optimize wireless connections to computers in both

horizontal and vertical directions, allowing wider coverage.

■ allows convenient connection to the computers that will be connected

to the four LAN ports on the rear panel, if desired.

■ allows easy viewing of the front panel LED indicator lights, and access

to the rear panel connectors, if necessary.

Safety Information” section in Appendix D

Wichtige Sicherheitshinweise”

Consignes

20 CHAPTER 2: HARDWARE INSTALLATION

When positioning your Router, ensure:

■ It is out of direct sunlight and away from sources of heat.

■ Cabling is away from power lines, fluorescent lighting fixtures, and

sources of electrical noise such as radios, transmitters and broadband
amplifiers.

■ Water or moisture cannot enter the case of the unit.

■ Air flow around the unit and through the vents in the side of the case

is not restricted. 3Com recommends you provide a minimum of
25 mm (1 in.) clearance.

Using the Rubber

Feet

Use the four self-adhesive rubber feet to prevent your Router from
moving around on your desk or when stacking with other flat top
OfficeConnect units. Only stick the feet to the marked areas at each
corner of the underside of your Router.

Stacking the Router If you are stacking your Router with other OfficeConnect units, install the

Router at the top of the stack. Refer to the documentation supplied with
your other OfficeConnect unit for details on using the stacking clip.

A stacking clip is not supplied with the Router. Use the stacking clip
supplied with another stackable OfficeConnect unit.

Wall Mounting There are two slots on the underside of the Router that can be used for

wall mounting.

When wall mounting the unit, ensure that it is within reach of the power
outlet.

You will need two suitable screws to wall mount the unit. To do this:

1 Ensure that the wall you use is smooth, flat, dry and sturdy and make two

screw holes which are 150 mm (5.9 in.) apart.

2 Fix the screws into the wall, leaving their heads 3 mm (0.12 in.) clear of

the wall surface.

3 Remove any connections to the unit and locate it over the screw heads.

When in line, gently push the unit on to the wall and move it downwards
to secure.

Before you Install your Router 21

When making connections, be careful not to push the unit up and off the
wall.

CAUTION: Only wall mount single units, do not wall mount stacked
units.

Before you Install your Router

Before you install and configure your Router, you need the following
additional information. If you do not have this information, contact your
Internet Service Provider (ISP). Space is provided below for you to record
this information.

If you have a DSL connection and your ISP allocates IP information
dynamically over PPPoE, you need a User Name and Password:

PPPoE User Name : ______________________

PPPoE Password : ______________________

PPPoE Service Name : ______________________

You only need a PPPoE Service Name if your ISP requires one. Do not
enter anything if your ISP does not require this information.

If you have a DSL connection and your ISP allocates IP information
dynamically over PPTP, you need a User Name, Password and PPTP Server
Address:

PPTP User Name : ______________________

PPTP Password : ______________________

PPTP Server Address : ____.____.____.____

22 CHAPTER 2: HARDWARE INSTALLATION

If your ISP allocates fixed or static IP information, you need the following
information:

IP Address : ____.____.____.____

Subnet Mask : ____.____.____.____

Default Router address : ____.____.____.____

DNS address : ____.____.____.____

If your ISP allocates IP information dynamically over a protocol other than
PPPoE, you do not need any further information. This configuration is
typical of cable connections.

Powering Up the Router

Connecting the Router

To power up the Router:

1 Plug the power adapter into the power adapter socket located on the

back panel of the Router.

2 Plug the power adapter into a standard electrical wall socket.

The first step for installing your Router is to physically connect it to a
cable or DSL modem and then connect it to a computer in order to be
able to access the Internet. See Figure 5

:

Figure 5 Connecting the Router

Connecting the Router 23

Power
Supply Unit

11g Cable/DSL
Router

D

V
2
1

M

A
5
2
.
1

Your existing
Cable/DSL Modem

C

X

A

L

S
D
/

e
l

b
a
C

K

O
R
E

W
O
P

N
A
L

1

2

3

4

Wireless
Users

Internet

Your PC

To use your Router to connect to the Internet through an external cable
or DSL modem:

1 Insert one end of the supplied Ethernet (RJ-45 Category 5) cable into the

Cable/DSL port on the rear panel of the Router.

2 Insert the other end of the cable into the RJ-45 port on your cable or DSL

modem. Check that the Cable/DSL status LED lights on the Router.

3 Connect the cable or DSL modem to the Internet.

4 Connect your computer to one of the four LAN ports on the Router using

a Category 5 twisted pair cable. Check that the corresponding LAN status
LED on the Router lights.

You have now completed the hardware installation of your Router. Next
you need to set up your computers so that they can make use of the
Router to communicate with the Internet.

3Com recommends that you perform the initial Router configuration
from a computer that is directly connected to one of the LAN ports.

If you configure the Router from a wireless computer, note that you may
lose contact with the Router if you change the wireless configuration.

24 CHAPTER 2: HARDWARE INSTALLATION

To communicate wirelessly with your Router, your wireless NIC should be
set as follows:

■ Encryption — none

■ Service Area Name/SSID — 3Com

■ Channel — 11

3

SETTING UP YOUR COMPUTERS

The Router has the ability to dynamically allocate network addresses to
the computers on your network, using DHCP. However, your computers
need to be configured correctly for this to take place. To change the
configuration of your computers to allow this, follow the instructions in
this chapter. If your computers are configured with fixed or static
addresses and you do not wish to change this, then you should use the
Discovery program on the Router CD-ROM to detect and configure your
Router. Refer to Appendix A
program.

for information on using the Discovery

Obtaining an IP Address Automatically

Windows 2000 If you are using a Windows 2000-based computer, use the following

Refer to the section below which relates to your operating system for
details on how to obtain an IP address automatically.

procedure to change your TCP/IP settings:

1 From the Windows Start Menu, select Settings > Control Panel.

2 Double click on Network and Dial-Up Connections.

3 Double click on Local Area Connection.

4 Click on Properties.

5 A screen similar to Figure 6

TCP/IP and click on Properties.

should be displayed. Select Internet Protocol

26 CHAPTER 3: SETTING UP YOUR COMPUTERS

Figure 6 Local Area Properties Screen

6 Ensure that the options Obtain an IP Address automatically, and Obtain

DNS server address automatically are both selected as shown in Figure 7
Click OK.

.

Figure 7 Internet Protocol (TCP/IP) Properties Screen

7 Restart your computer.

Obtaining an IP Address Automatically 27

Windows XP If you are using a Windows XP computer, use the following procedure to

change your TCP/IP settings:

1 From the Windows Start menu, select Control Panel.

2 Click on Network and Internet Connections.

3 Click on the Network Connections icon.

4 Double click on LAN or High Speed Connection icon. A screen titled Local

Area Connection Status will appear.

5 Select Internet Protocol TCP/IP and click on Properties.

6 Ensure that the options Obtain an IP Address automatically, and Obtain

DNS servers automatically are both selected. Click OK.

7 Restart your computer.

Windows 95/98/ME If you are using a Windows 95/98/ME computer, use the following

procedure to change your TCP/IP settings:

1 From the Windows Start Menu, select Settings > Control Panel.

2 Double click on Network. Select the TCP/IP item for your network card

and click on Properties.

3 In the TCP/IP dialog, select the IP Address tab, and ensure that Obtain IP

address automatically is selected. Click OK.

Macintosh If you are using a Macintosh computer, use the following procedure to

change your TCP/IP settings:

1 From the desktop, select Apple Menu, Control Panels, and TCP/IP.

2 In the TCP/IP control panel, set Connect Via: to “Ethernet”.

3 In the TCP/IP control panel, set Configure: to “Using DHCP Server.”

4 Close the TCP/IP dialog box, and save your changes.

5 Restart your computer.

28 CHAPTER 3: SETTING UP YOUR COMPUTERS

Disabling PPPoE and PPTP Client Software

If you have PPPoE or PPTP client software installed on your computer, you
will need to disable it. To do this:

1 From the Windows Start menu, select Settings > Control Panel.

2 Double click on Internet Options.

3 Select the Connections Tab. A screen similar to Figure 8

displayed.

4 Select the Never Dial a Connection option.

Figure 8 Internet Properties Screen

should be

Disabling Web Proxy

You may wish to remove the PPPoE client software from your computer
to free resources, as it is not required for use with the Router.

Ensure that you do not have a web proxy enabled on your computer.

Go to the Control Panel and click on Internet Options. Select the
Connections tab and click LAN Settings at the bottom. Make sure that
the Use Proxy Server option is unchecked.

4

RUNNING THE SETUP WIZARD

Accessing the Wizard

The Router setup program is Web-based, which means that it is accessed
through your Web browser (Netscape Navigator 4.7 or higher, Internet
Explorer 5.0 or higher, or Mozilla 1.2.1 or higher).

To use the Setup Wizard:

1 Ensure that you have at least one computer connected to the Router.

Refer to Chapter 2

2 Launch your Web browser on the computer.

3 Enter the following URL in the location or address field of your browser:

http://192.168.1.1 (Figure 9

Figure 9 Web Browser Location Field (Factory Default)

4 To log in as an administrator, enter the password (the default setting is

admin) in the System Password field and click Log in (Figure 10

for details on how to do this.

). The Login screen displays.

).

30 CHAPTER 4: RUNNING THE SETUP WIZARD

Figure 10 Router Login Screen

5 If the password is correct, the Country Selection screen will appear. Select

the country you wish to configure the Router for, then click Apply.
(Figure 11

)

If your purchased your Router in the United States, you do not see this
screen, as it is automatically set.

Figure 11 Country Selection Screen

Accessing the Wizard 31

6 When you have selected a country either:

■ The Welcome screen will appear (Figure 12). Select the Wizard tab

and click Wizard.

or

■ If your Router has not been configured before, the Wizard will launch

automatically (refer to Figure 13

).

7 Click Next.

8 You will be guided step by step through a basic setup procedure.

Figure 12 Welcome Screen

32 CHAPTER 4: RUNNING THE SETUP WIZARD

Figure 13 Wizard Screen

Password Figure 14 Change Administration Password Screen

When the Change Administration Password screen (Figure 14) appears,
type the Old Password, then a new password in both the New Password
and Confirm Password boxes.

3Com recommends entering a new password when setting up the Router
for the first time. The Router is shipped from the factory with a default
password, admin.

1. Password is case sensitive.

Accessing the Wizard 33

2. Write the new password down and keep it in a safe place, so that you
can change your settings in the future.

Time Zone

WAN Settings

Click Next to display the Time Zone setup screen (Figure 15

Figure 15 Time Zone Screen

).

Select your time zone from the pull-down menu, check the daylight
savings option if required, and then click Next.

The Daylight Savings option advances the system clock by one hour. It
does not cause the system clock to be updated for daylight savings time
automatically.

Figure 16 Internet Settings Screen

This Internet Addressing Mode window allows you to set up the Router
for the type of Internet connection you have. Before setting up your

34 CHAPTER 4: RUNNING THE SETUP WIZARD

Internet connection mode, have the modem setting information from
your ISP ready.

Select an Internet Addressing mode from the following:

■ PPPoE is required (typically DSL users only) see page 34

■ ISP provides configuration dynamically (via DHCP) see page 35

■ ISP has provided a static IP address see page 36

■ PPTP is required (some DSL users in Europe) see page 37

■ L2TP is required (some DSL users in Europe) see page 39

and click Next.

For further information on selecting a mode see “Internet Settings” on

page 65

.

PPPoE Mode

Figure 17 PPPoE Screen

To setup the Router for use with a PPP over Ethernet (PPPoE) connection,
use the following procedure:

1 Enter your PPP over Ethernet user name in the PPPoE User Name text box.

2 Enter your PPP over Ethernet password in the PPPoE Password text box.

Accessing the Wizard 35

3 Enter your PPP over Ethernet service name in the PPPoE Service Name text

box.

Do not enter anything in this box if your ISP does not require a service
name.

4 Enter the MTU value supplied by your ISP in the MTU text box. If your ISP

has not supplied an MTU value, leave this at the default value. The
default is 1454.

5 Select an idle time from the Maximum Idle Time drop down list. This is

the amount of time without Internet activity that you want to allow
before the Router ends the PPPoE session.

6 Check all of your settings, and then click Next. Refer to “

on page 40

for more information.

LAN Settings”

Dynamic IP Address Mode

To setup the Router for use with a dynamic IP address connection:

1 Select the ISP provides configuration dynamically (via DHCP) and then

click Next. See Figure 16

Figure 18 Hostname Screen

.

2 Some ISPs require a host name. If your ISP has this requirement, enter the

host name in the Host Name text box (Figure 18

) and click Next. The

Clone MAC Address screen displays.

36 CHAPTER 4: RUNNING THE SETUP WIZARD

Figure 19 Clone MAC Address Screen

3 If your ISP requires an assigned MAC address, select Yes, I would like to

enter a MAC address manually and enter the values for a MAC address if
required (Figure 19
was previously connected directly to the cable modem, choose Yes,
please clone the MAC address from the PC I’m currently using.

Static IP Mode

To setup the Router for use with a static IP address connection, use the
following procedure:

). If the computer you are now using is the one that

1 Select ISP has provided a static IP address, (see Figure 16

Next. Figure 20

Figure 20 Static IP Mode Screen

displays.

2 Enter your IP Address in the IP Address text box.

3 Enter your subnet mask in the Subnet Mask text box.

) and then click

Accessing the Wizard 37

4 Enter your ISP Router address in the Internet (ISP) Gateway Address text

box.

5 Enter your primary DNS address in the Primary DNS Address text box.

6 Enter your secondary DNS address in the Secondary DNS Address text

box.

This step is optional. Not all ISPs require a secondary DNS address.

7 Check all of your settings, and then click Next.

PPTP Mode

Figure 21 PPTP Mode Screen

To setup the Router for use with a PPTP connection, use the following
procedure:

1 Enter your PPTP server address in the PPTP Server Address text box.

2 Enter your PPTP user name in the PPTP User Name text box.

3 Enter your PPTP password in the PPTP Password text box.

4 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

5 Enter the value supplied by your ISP in the MTU text box. If your ISP has

not supplied an MTU value, leave this at the default value. The default is

1460.

38 CHAPTER 4: RUNNING THE SETUP WIZARD

6 Select an idle time from the Maximum Idle Time drop-down list. This is

the amount of time without Internet activity that you want to allow
before the Router ends the PPTP session.

7 Check all of your settings, and then click Next. Figure 22

Figure 22 PPTP IP Settings

displays.

8 IP settings must be used when establishing a PPTP connection. Fill in the

Initial IP Address and the Initial Subnet Mask fields if your ISP has
provided you with these settings. Alternatively, if the PPTP server is
located in your DSL modem, click Suggest to select an IP address on the
same subnet as the PPTP server.

Accessing the Wizard 39

L2TP Mode

Figure 23 L2TP Mode Screen

To set up the Router for use with an L2TP connection, use the following
procedure:

1 Enter your L2TP server address in the L2TP Server Address text box.

2 Enter your L2TP user name in the L2TP User Name text box.

3 Enter your L2TP password in the L2TP Password text box.

4 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses.
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

5 Enter the value supplied by your ISP in the MTU text box. If your ISP has

not supplied an MTU value, leave this at the default value. The default is

1440.

6 Select an idle time from the Maximum Idle Time drop-down list. This is

the amount of time without Internet activity that you want to allow
before the Router ends the L2TP session.

40 CHAPTER 4: RUNNING THE SETUP WIZARD

LAN Settings Figure 24 LAN IP Address Screen

This screen displays a suggested LAN IP address and subnet mask of the
Router. It also allows you to change the IP address and subnet mask.

DHCP The Router contains a Dynamic Host Configuration (DHCP) server that

can automatically configure the TCP/IP settings of every computer on
your network.

Figure 25 DHCP Server Setup Screen

To activate the DHCP Server option, select Enable the DHCP server with
the following settings: and specify the IP pool range. The largest available
continuous IP pool will be automatically entered; if this is not appropriate,
make your required changes. To disable DHCP, select Do not enable the
DHCP server. Click Next when you have finished.

Wireless Settings Figure 26 Wireless Configuration Screen

This screen displays the Channel and Service Area Name. It also allows
you to change these settings. There are a maximum of 14 channels, the
number available to you is dependent on the country you reside in.
Selecting Clear Channel Select from the Channel drop-down list allows
the Router to automatically select an available channel when first
powered on.

Accessing the Wizard 41

The Service Area Name default for 3Com products is “3Com”. Up to 32
(case sensitive) characters can be entered for the Service Area Name.

3Com strongly recommends that you change the SSID to something
other than the default.

Click Next when you have finished.

If you are configuring the Router from a wireless computer any changes
you make to the wireless configuration will result in communication
between the Router and your computer being lost. This is why 3Com
strongly recommends that you configure the Router from a wired
computer.

It is very important that you set up your wireless clients to use the same
Service Area Name or SSID as the one you use on this screen. If your
clients use a different Service Area Name then they will not be able to
communicate with the Router.

The choice of channel is less important as Clients will generally search all
of the available channels. You should however make a note of the

42 CHAPTER 4: RUNNING THE SETUP WIZARD

channel you select as this may be useful if you experience problems with
your clients.

Summary Figure 27 Configuration Summary Screen

When you complete the Setup Wizard, a configuration summary will
display. 3Com recommends that you verify the configuration information
of the Router and then print this page for your records. Click Finish to
display the Wizard completed screen, shown in Figure 28

Accessing the Wizard 43

Figure 28 Wizard Completed Screen

If you have made changes to the LAN Settings or wireless configuration
options, you may need to reconfigure the computer you are using in
order to make contact with the Router again.

Your Router is now configured and ready for use.

For information on improving your Wireless network security see

Wireless Settings” on page 51.

“

See Chapter 5 for a detailed description of the Router configuration
screens.

44 CHAPTER 4: RUNNING THE SETUP WIZARD

5

ROUTER CONFIGURATION

Navigating Through the Router Configuration Pages

Main Menu At the left side of all screens is a main menu, as shown in Figure 29

This chapter describes all the screens available through the Router
configuration pages, and is provided as a reference. To get to the
configuration pages, browse to the Router by entering the URL in the
location bar of your browser. The default URL is http://192.168.1.1
but if you changed the Router LAN IP address during initial configuration,
use the new IP address instead. When you have browsed to the Router,
log in using your system password (default admin).

on

page 46

appear in the main part of the screen.

■ Welcome — displays the firmware version of the Router, allows you to

■ LAN Settings — allows you to configure IP address and subnet mask

■ Wireless Settings — enables /disables access from wireless computers,

■ Internet Settings — sets up Internet addressing modes such as PPPoE

. When you click on a topic from the main menu, that page will

change your password, and launch the Wizard

information, set up DHCP server parameters, and display the DHCP
client list.

configures WPA or WEP encryption, and provides facilities for
improving the security of the wireless network.

and PPTP connections, allows you to clone the Router’s MAC address,
and set up dynamic IP address allocation and static IP address settings.

■ Firewall — allows configuration of the Router’s firewall features:

Virtual Servers, Special Applications, PCs Privileges, URL Filtering,
Content Filtering and SPI options

■ System Tools — allows the administrator to perform maintenance

activities on the Router.

46 CHAPTER 5: ROUTER CONFIGURATION

■ Advanced — allows you to monitor and configure the Router’s

advanced features, including RIP, DDNS and Security.

■ Status and Logs — displays the current status and activity logs of the

Router.

■ Support/Feedback — contains a comprehensive online help system

and allows you to provide 3Com with feedback on your Router.

Option Tabs Each corresponding menu page may also provide sub-sections which are

accessed through the use of tabs (see Figure 29

for example). To access a

sub-section, simply click on the required tab.

Getting Help

On every screen, a Help button is available which provides access to the
context-sensitive online help system. Click Help for further assistance and
guidance relating to the current screen.

Welcome Screen The Welcome section allows you to view the Notice board and to change

your Password. You can also gain access to the Configuration Wizard.

Accessing the Wizard” on page 29 for details).

(See “

Notice Board

Figure 29 Notice Board Screen

Welcome Screen 47

The Notice Board is used to display configuration warning messages. For
example, you would be warned if you had disabled wireless networking
or wireless encryption.

Password

Figure 30 Password Screen

Changing the Administration Password

You can change the password to prevent unauthorized access to the
Administration System. To do this:

1 Enter the current password in the Old Password field

2 Enter the new password in the New Password field

3 Enter the new password again in the Confirm Password field

4 Click Apply to save the new password

The password is case sensitive.

If you have forgotten your password you need to reset the Router. See

Forgotten Password and Reset to Factory Defaults” on page 105

“

48 CHAPTER 5: ROUTER CONFIGURATION

Wizard Figure 31 Wizard Screen

Click WIZARD... to launch the configuration wizard. Refer to Chapter 4
for information on how to run the wizard.

LAN Settings The LAN Settings menu provides the following options:

Unit Configuration

Figure 32 Unit Configuration Screen

LAN Settings 49

The LAN Settings screen is used to specify the LAN IP address of your
Router, and to configure the DHCP server.

1 Select Unit Configuration and then specify the Router IP Address and

Subnet Mask in the LAN Settings section. The default IP address of the

Router is 192.168.1.1.

2 If you want to use the Router as a DHCP Server, check the Enable check

box.

3 Clicking Auto Range will automatically choose the largest available range

of addresses for your network. Alternatively, you can change the address
range by changing the last digit(s) of the IP Pool Start Address, or the IP
Pool End Address, or both.

4 If you use 3Com NBX telephones, enter the IP address of the NBX call

processor at 3Com NBX Call Processor.

5 Check all of your settings, and then click Apply.

The DHCP server will give out addresses to both wired and wireless
clients.

DHCP Clients List

Figure 33 DHCP Clients List Screen

The DHCP Clients List provides details on the devices that have received IP
addresses from the Router. The list is only created when the Router is set
up as a DHCP server. For each device that is connected to the LAN the
following information is displayed:

50 CHAPTER 5: ROUTER CONFIGURATION

■ IP address — The Internet Protocol (IP) address issued to the client

machine.

■ Host Name — The client machine’s host name, if configured.

■ MAC Address — The Media Access Control (MAC) address of the

client’s network card.

■ Client Type — Whether the client is connected to the Router by wired

or wireless connection.

■ Fix — This box is checked if the IP address is fixed to the MAC address

of the client’s network card. Clients that have fixed addresses will get
the same IP address each time they connect.

Check the box to fix an association. Clear the check box to remove the
fixed association.

As you connect more devices, the client list will grow to a maximum
number of 253 clients.

The release button allows the lease time for the IP address that has been
issued to a device to be cleared. The lease time is set at 12 hours. If a PC
has been switched off, using the Release button would allow the 12 hour
lease time to be cleared. The IP address would then be available for
another device if there were no other IP addresses available.

Adding Fixed DHCP Mappings

You can add Fixed Mappings so that the Router allocates an IP address
chosen by you when it encounters a particular device.

Click New to display the DHCP Fixed Mapping Setup screen, as shown in

Figure 34

Wireless Settings 51

Figure 34 DHCP Fixed Mapping Setup Screen

You only need to create Fixed Mappings for devices that need a specific IP
address. For devices that do not need a specific IP address, the Router will
automatically allocate addresses.

To add a Fixed Mapping:

1 Enter the IP Address that you want to reserve in the IP Address for client

box.

2 Enter the MAC Address for which you want to create a Fixed Mapping in

the MAC Address of client box.

The MAC Address must be entered as 6 hexadecimal pairs, for example
12-34-56-78-90-ab.

3 Click Apply to add the Fixed Mapping, or Close to close the window

without adding the Fixed Mapping.

The Fixed DHCP Mapping will be displayed in the DHCP Clients list as a
Fixed Association.

Wireless Settings The Wireless Settings menu provides options described in the following

sections.

To improve the security of your wireless network, 3Com recommends
that you:

1. Change the SSID from its default value - see page 53

2. Enable Encryption - see page 54

3. Enable Connection Control - see page 60

52 CHAPTER 5: ROUTER CONFIGURATION

Configuration Figure 35 Configuration Screen

Enable Wireless Networking

Use this check box to enable or disable the wireless section of your LAN.
When disabled, no wireless PCs can gain access to either the Internet or
other PCs on your Wired or Wireless LAN through this Router.

Channel Selection

Select a number from the drop-down list to specify which Channel the
Router will transmit and receive on. If another access point or Router
nearby is using the same Channel as you, there will be a reduction in the
performance of your network. If this seems to be the case, you should
select a different channel number. Usually the Wireless computers will
scan to find the correct channel, but if they don't you must configure
them to use the same Channel number as the Router.

Choose the Clear Channel Select option to automatically choose the
clearest channel. The Router will check for the clearest channel whenever
it is rebooted, powered up, and when the Clear Channel Select option is
first applied.

Valid channels are country dependent. See “

Channels” on page 139 for

a list of channels approved by each country.

Wireless Settings 53

Service Area Name/SSID

This allows you to name your Wireless network. The Service Area
Name/SSID field will accept any alphanumeric string and has a maximum

length of 32 characters. Your Wireless computers must be configured
with exactly the same name or you will not establish a connection. The
Service Area Name may also be referred to as “ESSID” depending on your
networking vendor. By default the Router uses the name “3Com”. 3Com
recommends that you change the default name.

In order that your wireless computers can connect to the Router, you
must:

■ Use Infrastructure Mode, not Ad hoc Mode.

■ Have the same Service Area Name as the Router.

■ Have the same Channel number as the Router.

■ Use the same encryption type and keys as the Router.

■ Ensure that the PC is included in the authorized Wireless PCs list if

Connection Control is enabled. See page 60

.

Enable Broadcast SSID

Disable this feature after you have installed your wireless network to
improve the security of your network. When the check box is checked,
the Router will broadcast the Service Area Name/SSID of your wireless
network, which reduces the security of your Router as it allows any
wireless client to see your wireless LAN.

If you have a wireless client that can detect all the available SSIDs in your
area, your client will not list the Router SSID unless this feature is enabled.
The clients will still be able to connect, provided that they are supplied
with the SSID.

3Com recommends that you install your wireless network with this
feature enabled and then disable it once you have set up the Router and
wireless clients.

Device Name

If required, enter a name that you want to use to uniquely identify the
device at the Device Name prompt.

54 CHAPTER 5: ROUTER CONFIGURATION

Nitro Mode

The presence of an 11b device in your network can adversely affect the
performance of an 11g device, such as the Router. Nitro Mode ensures
that the effects of an 11b device are minimized. 3Com recommends that
you enable Nitro Mode if you have one or more 11b devices in your
network. Check the Enable Nitro Mode check box to activate Nitro Mode.

The client machines must also support Nitro Mode for this feature to
work.

Encryption When setting up wireless networks, it is important to remember that with

encryption disabled, anyone with a Wireless PC can eavesdrop on your
network. 3Com recommends that you get the network working with
encryption disabled first and then enable it as the last step. This will
simplify setting up your network.

The Router supports two types of encryption:

■ WPA — Wi-Fi Protected Access (WPA) is a 256 bit encryption method

with keys that change over time.

Configuring WPA

Encryption

■ WEP — Wireless Equivalent Privacy (WEP) is a 64 bit or 128 bit

encryption method with user configurable fixed keys.

WPA provides a higher level of security, provided by its longer key and
dynamic changes made to the key over time. 3Com recommends that
you use WPA with any clients which support it.

If you enable encryption on the Router, you must reconfigure your
wireless PCs to use exactly the same Encryption Type and Keys otherwise
the devices will not understand each other.

The encryption methods used by the Router secure data transmitted
through wireless communications between the Router and its wireless
clients. Enabling encryption has no security effect on data transmitted
through wired (Ethernet) connections or through your connections to the
Internet.

The only configuration that is needed for WPA is to set up an
authentication method. You can choose to use a RADIUS server to
authenticate clients, or you can specify a pre-shared key.

Wireless Settings 55

The pre-shared key is used to start the dialog between the Router and the
client. During this dialog, a new key is agreed, making it more difficult to
eavesdrop on wireless networks encrypted using WPA, than those
encrypted using WEP.

■ To use a RADIUS Server to authenticate each user before they join the

network, refer to “

■ To set up the pre-shared key manually as a 256-bit series of

hexadecimal digits, refer to “

page 56

■ To set up the pre-shared key manually as a pass-phrase, refer to

Using Pre-Shared Passphrase”. on page 57.

“

.

Using Enterprise Mode” on page 55.

Using Manual Pre-Shared Key” on

Using Enterprise Mode

Figure 36 WPA Encryption Screen - Enterprise Mode

To set up Enterprise Mode as the WPA Type:

1 Select Enterprise Mode from the WPA Type drop-down box. The screen

shown in Figure 36

displays.

2 Select the edit button next to Primary RADIUS Server. The RADIUS Server

Settings pop-up window opens.

3 Enter the RADIUS Server IP address.

4 Enter the Server Port. The default is 1812.

5 Enter a Secret value.

56 CHAPTER 5: ROUTER CONFIGURATION

6 Select the Modify button to save the changes and return to the

Encryption screen, or select Close to exit without saving the changes.

7 If required, repeat steps 2 to 6 for a Secondary RADIUS Server.

8 Click Apply to generate the key.

Using Manual Pre-Shared Key

Figure 37 WPA Encryption Screen - Manual Pre-shared Key

To set up Manual Pre-shared Key as the WPA Type:

1 Select Manual Pre-shared Key from the WPA Type drop-down box. The

screen shown in Figure 37

displays.

2 Enter a pair of hexadecimal digits in each of the 32 Key fields. Each field

can contain a hexadecimal number from 00 to ff, for example 1a.

3 Click Apply to generate the key.

Wireless Settings 57

Using Pre-Shared Passphrase

Figure 38 WPA Encryption Screen - Pre-Shared Passphrase

Configuring WEP

Encryption

To set up Pre-Shared Passphrase as the WPA Type:

1 Select Pre-Shared Passphrase from the WPA Type drop-down box. The

screen shown in Figure 38

displays.

2 Enter a phrase of between 8 and 63 characters in length in the

Passphrase field. This passphrase will be used to generate a 256 bit key.

3 Click Apply to generate the key.

There are two levels of WEP encryption available, 64 bit (sometimes
referred to as 40 bit) and 128 bit. Use the WEP Encryption Type box to
select the desired level.

58 CHAPTER 5: ROUTER CONFIGURATION

Encryption Keys

Figure 39 128 bit Encryption Keys Screen - WEP configuration

Figure 40 40 bit/64 bit Encryption Keys Screen - WEP Configuration

A Key is a hexadecimal (0-9, A-F) number used to encrypt and decrypt the
data. There can be up to 4 keys and each key can be as long as 26 digits.
The Router also offers a number of methods for converting plain text into
hex keys. The text is much easier to remember than hex keys but it relies

Wireless Settings 59

on your wireless adapters also supporting this feature. Different
manufacturers have developed different ways of converting plain text
and so interoperability is not guaranteed. If you are experiencing
difficulty, the Manual Hex Key method is supported by most vendors.

To set up WEP encryption:

1 Select 128 bit encryption or 40 bit/64 bit encryption from the WEP

Encryption Type drop-down list.

2 Select a key generation method from the drop down list. If you have

other wireless products choose the scheme that is compatible with these,
then enter the appropriate information. The key generation method can
be one of the following:

■ Manual Hex Key - This method allows you to manually enter hex keys.

Virtually all manufacturers support this scheme. Enter a two digit
hexadecimal number in every box. Hexadecimal numbers are formed
from 0-9 and A-F.

■ 3Com Encryption String - This method is supported by 3Com Wireless

products. The string can contain any alphanumeric characters and
must be between 6 and 30 characters long. A single string will
automatically generate 4 unique keys for 64 or 128 bit WEP.

■ ASCII - This method is supported by some adapter cards running

under Windows XP. The string must be exactly 5 characters for 64 bit
WEP and 13 characters for 128 bit WEP. You must enter a separate
string for each of the 4 Keys. You can leave a string blank provided
this Key is not selected as the Active Transmit Key.

■ Passphrase - This is another common method and similar to the 3Com

Encryption string. In 64 bit WEP, the passphrase will generate 4
different keys. However, in 128 bit WEP, this method only generates 1
key which is replicated for all 4 keys. The passphrase can be up to 31
characters long and may contain any alphanumeric characters.

If you encounter any difficulty when you enable WEP ensure that you
check that each key on your wireless computer is exactly the same as
each key on your Router. In other words, Key number 1 on the Wireless
computer must have the same Hex number as Key number 1 on the
Router, Key 2 on the Wireless computer must match Key 2 on the Router
and so on.

60 CHAPTER 5: ROUTER CONFIGURATION

3 Select the Active Transmit Key, which is the key the Router uses when it

transmits. You can change the selected key periodically to increase the
security of your network.

Some wireless adapters have only one key available on their WEP
configuration page. If this is the case ensure it is the same as Key 1 on the
Router and that it is selected as the active transmit key.

Connection Control

Figure 41 Connection Control Screen

A higher level of security can be achieved for your wireless network if, in
addition to using encryption, you specify that only certain wireless
computers can connect to the Router. By default, any wireless computer
that has the same Service Area Name/SSID, channel and encryption
settings as the Router can connect to it.

To specify that only certain wireless computers can connect to the Router,
select Only Authorized Wireless PCs can connect to the Router, and then
click New. The screen shown in Figure 42

displays.

If you enable this feature from a Wireless PC, it will automatically be
added to the Authorized Wireless PC list.

Wireless Settings 61

Authorized Wireless PCs

Figure 42 Connection Control Detail Screen

To create a list of Wireless computers that can access the Router:

1 Select the MAC addresses of the Wireless PC(s) for which you want to

allow access.

To select multiple MAC addresses, hold down the Ctrl key while clicking
on the addresses.

The drop down list on the Connection Control window will contain the
MAC addresses of all Wireless PCs that are in range, currently operating,
and have the same Service Area Name/SSID, channel and encryption
settings as the Router. You will find this screen easier to use if you set up
and make a note of all of your wireless PC's on your network first. You
may also add the entries manually if you know the MAC address.

To add a MAC address that is not in the list, enter the MAC address in
the Manual Entry section. A MAC address consists of 12 characters. Valid
characters are '0-9', and 'A-F'.

2 Press Add.

Click Close to discard all changes.

62 CHAPTER 5: ROUTER CONFIGURATION

Modifying a MAC Address

To modify a MAC address from the Connection Control screen:

1 Click on the MAC address to be modified. An example list is shown in

Figure 43

2 Modify the MAC address.

3 Press Apply to accept the changes.

Figure 43 MAC Address Table

Click Close to discard all changes.

Deleting a MAC Address

The connection rights for a Wireless PC listed in the table can be removed
by pressing Delete for that entry in the table.

.

Client List

Once an entry has been deleted it cannot be undone. Please wait 30
seconds for changes to take effect.

Figure 44 Client List Screen

Wireless Settings 63

The Wireless Client List provides details on the devices that are connected
to the Wireless LAN. The list is only created when Wireless Networking is
enabled. For each device that is connected to the Wireless LAN, the MAC
address and Connection Speed of that device is displayed. As you
connect more devices to the Wireless LAN, the client list will grow to a
maximum of 32 (the maximum number of wireless devices that the
Router can support).

WDS

Figure 45 WDS Screen

The Router supports the Wireless Distribution System (WDS) repeater
mode. WDS repeating enables one or more Access Points to rebroadcast
received signals to extend range and reach, though this can affect the
overall throughput of data. To enable wireless repeating, check the
Enable WDS check box, and then enter the MAC address(es) of one or
more Access Points in the AP MAC Address table.

64 CHAPTER 5: ROUTER CONFIGURATION

Profile Figure 46 Profile Screen

Some 3Com Wireless Network Adapters allow you to import Wireless
configurations via a ‘profile’. The Router can generate a profile so that
you do not need to configure your Wireless PCs manually.

The profile contains three items as follows:

■ Service Area Name/SSID of the Router

This is configured on the Configuration tab under the Wireless
Settings option.

■ Encryption settings from the Router

This is configured on the Encryption tab under the Wireless Settings
option.

■ Profile Name

This is used to identify the profile once it has been imported into the
Wireless Network Adapter configuration software.

To set up a profile (once the Service Area Name/SSID and Encryption
settings have been configured in the Router):

1 Enter a Profile Name (up to 25 alphanumeric characters) and then click

Save Profile.

2 Your browser will then prompt you to enter a file name and folder

location in which to save the profile. Once the profile has been saved it

Internet Settings 65

can be copied on to another PC and imported into the 3Com Wireless
Network Adapter.

For instructions on how to import a profile, refer to the User Guide that
accompanies your 3Com Wireless Network Adapter(s).

If, once the profile is imported, the Wireless Network Adapter cannot
connect to the Router, check that the adapter is within range of the
Router

if Connection Control has been enabled in the Router, the MAC address
of the Wireless Network Adapter must be included in the list of
authorized Wireless PCs.

Internet Settings Before you can configure the Router, you need to know the IP

information allocation method used by your ISP. There are four different
ways that ISPs can allocate IP information, as described below:

1 Static IP Address (DSL or Cable)

The ISP provides the IP addressing information for you to enter manually.
To configure the Router you will need to know the following:

■ IP Address

■ Subnet Mask

■ ISP Router

■ DNS address(es)

2 Dynamic IP Address (DSL or Cable)

Dynamic IP addressing (or DHCP) automatically assigns the Router IP
information. This method is popular with Cable providers. This method is
also used if your modem has a built in DHCP server.

3 PPPoE (DSL only)

If the installation instructions that accompany your modem ask you to
install a PPPoE client on your PC, then select this option. To configure the
Router you will need to know the following:

■ User name

■ Password

■ Service Name (if required by your ISP)

66 CHAPTER 5: ROUTER CONFIGURATION

When you install the Router, you will not need to use the PPPoE software
on your PC.

4 PPTP (DSL or Cable)

PPTP is only used by some European providers. If the installation
instructions that accompany your modem ask you to setup a dialup
connection using a PPTP VPN tunnel then select this option. To configure
the Router you will need to know the following:

■ User name

■ Password

■ VPN Server address (usually your modem)

When you install the Router, you will not need to use the dialup VPN on
your PC anymore.

5 L2TP (DSL or Cable)

L2TP is supported by some Internet Service Providers (ISPs). Check with
your ISP to make sure L2TP is supported before selecting this option. To
configure the Router you will need to know the following:

■ User name

■ Password

■ L2TP Server address

Connection to ISP Before beginning this section, ensure you have the required information

from your ISP. (See “Before you Install your Router” on page 21.)

Select Internet Settings from the main menu to display Connection to ISP.
Choose an IP Allocation Mode from the drop down box.

Select an IP Allocation Mode from the following:

■ Static IP address (to be specified manually) see page 67

■ Dynamic IP address (automatically allocated) see page 68

■ PPPoE (used by DSL providers only) see page 69

■ PPTP (used by some European providers) see page 70

■ L2TP (supported by some ISPs) see page 72

Internet Settings 67

Static IP Address

Figure 47 Connection Parameters Screen - Static IP

To setup the Router for use with a Static IP address connection:

1 Select Static IP Address (to be specified manually) in the IP Allocation

Mode field (Figure 47

).

2 Enter your IP Address in the IP Address text box.

This information, along with the rest of the information in this screen,
should be provided to you by your ISP. If the information is already
entered, your ISP has pre-configured your Router, and you should go to

.

step 7

3 Enter your subnet mask in the Subnet Mask text box.

4 Enter your ISP Router address in the ISP Gateway Address text box.

5 Enter your primary DNS address in the Primary DNS Address text box.

6 Enter your secondary DNS address in the Secondary DNS Address text

box.

This step is optional. Not all ISPs require a secondary DNS address.

7 Check all of your settings, and then click Apply.

68 CHAPTER 5: ROUTER CONFIGURATION

Dynamic IP Address

Figure 48 Connection Parameters Screen - Dynamic IP

If this mode is selected, your IP Address, Subnet Mask, and DNS Address
will be obtained automatically from your ISP. They are not displayed on
this screen, but may be viewed on the Status screen (click on Status and
Logs on the left hand menu bar).

To setup the Router for use with a dynamic IP address connection:

1 Select Dynamic IP Address (automatically allocated) in the IP Allocation

Mode field. (Figure 48

)

2 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

3 Enter the Host Name (optional).

Some ISPs require a host name. If your ISP has this requirement, enter the
host name in the Host Name text box.

4 If you use ‘Cable’, your ISP may use your MAC address to authenticate

you. If this is the case, you will need to ‘Clone’ your MAC address. There
are three options:

■ Use the Router’s original Internet MAC address - This field is selected

by default and is automatically filled in with the MAC address of the
Router.

Internet Settings 69

■ Use this PC’s MAC address - This field is automatically filled in with the

MAC address of the PC you are using to configure the Router. You
should use this address only if you were previously using this
computer to connect directly to your modem.

■ Enter a new MAC address manually - Use this option if you want to

specify a new MAC address. Enter the new MAC address.

5 Check all settings and click Apply.

PPP over Ethernet

Figure 49 PPPoE Setup Screen

To setup the Router for use with a PPP over Ethernet connection, use the
following procedure:

1 Select PPP over Ethernet in the IP Allocation Mode field. (Figure 49

2 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

3 Enter the Host Name (optional).

Some ISPs require a host name. If your ISP has this requirement, enter the
host name in the Host Name text box.

)

70 CHAPTER 5: ROUTER CONFIGURATION

4 Enter your PPP over Ethernet user name in the PPPoE User Name text box.

5 Enter a password in the PPPoE Password text box.

6 Enter your PPP over Ethernet service name in the PPPoE Service Name text

box. Not all ISPs require a PPPoE service name. Only enter a service name
if your ISP requires this.

7 Enter the MTU value supplied by your ISP. If you do not know this, leave it

at the default value. The default is 1454.

8 Select an idle time from the Maximum Idle Time drop-down list.

This value will correspond to the amount of idle time (no Internet activity)
that will pass before the Router automatically ends your PPP over
Ethernet session.

Since the Router contains its own PPPoE client, you no longer need to run
PPPoE client software on your computer to access the Internet.

PPTP

Figure 50 PPTP Setup Screen

Internet Settings 71

To setup the Router for use with a PPTP connection, use the following
procedure:

1 Select PPTP (used by some European providers) in the IP Allocation Mode

field. (Figure 50

)

2 Enter your PPTP server address in the PPTP Server Address text box (this is

typically the address of your modem).

3 Enter your PPTP user name in the PPTP User Name text box.

4 Enter your password in the PPTP Password text box.

5 Enter your Primary DNS Address and Secondary DNS address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

6 Enter the MTU value supplied by your ISP. If you do not know this, leave it

at the default value. The default is 1460.

7 Select an idle time from the Maximum Idle Time drop-down list.

This value will correspond to the amount of idle time (no Internet activity)
that will pass before the Router automatically ends your PPTP session.

8 IP settings must be used when establishing a PPTP connection. To obtain

an IP address, either:

■ Check the Get IP By DHCP check box, if you want to obtain an IP

address from a DHCP Server on the network.

With this check box enabled, you can click Release to release the WAN
IP Address for the Router, or click Renew to renew the current WAN IP
Address, using DHCP.

■ Fill in the Initial IP Address, Initial Subnet Mask and Initial Gateway

fields if your ISP has provided you with these settings. Alternatively, if
the PPTP server is located in your DSL modem, click Suggest to select
an IP address on the same subnet as the PPTP server.

Check all of your settings, and then click Apply.

72 CHAPTER 5: ROUTER CONFIGURATION

L2TP

Figure 51 L2TP Setup Screen

Check with your ISP to make sure they support L2TP.

To set up the Router for use with an L2TP connection, use the following
procedure:

1 Select L2TP (used by some European providers) in the IP Allocation Mode

field.

2 Enter your L2TP server address in the L2TP Server Address text box.

3 Enter your L2TP user name in the L2TP User Name text box.

4 Enter your L2TP password in the L2TP Password text box.

5 Enter your Primary DNS Address and Secondary DNS Address.

Your ISP may provide you with primary and secondary DNS addresses. If
they have been provided, enter the addresses in the appropriate text
boxes. If not, leave 0.0.0.0 in the boxes.

6 Enter the MTU value supplied by your ISP. If you do not know this, leave it

at the default value. The default is 1440.

7 Select an idle time from the Maximum Idle Time drop-down list.

This value will correspond to the amount of idle time (no Internet activity)
that will pass before the Router automatically ends your PPTP session.

8 IP settings must be used when establishing an L2TP connection. To obtain

an IP address, either:

Firewall 73

■ Check the Get IP by DHCP check box if you want to obtain the IP

information from a DHCP Server on the network.

With this check box enabled, you can click Release to release the WAN
IP Address for the Router, or click Renew to renew the current WAN IP
Address, using DHCP.

■ Fill in the Initial IP Address, Initial Subnet Mask and Initial Gateway

fields if your ISP has provided you with these settings. Alternatively, if
the L2TP server is located in your DSL modem, click Suggest to select
an IP address on the same subnet as the L2TP server.

Check all of your settings, and then click Apply.

Firewall On the main frame of the Firewall setup screen is a menu with six tabs:

Virtual Servers, Special Applications, PCs Privileges, URL Filter, Content
Filter and SPI.

Virtual Servers Selecting the Firewall option on the main menu displays the Virtual

Servers setup screen. (Figure 52

)

Virtual DMZ

Figure 52 Virtual Servers Screen

DMZ (De-Militarized Zone) Host is a computer without the protection of
the firewall. This feature allows a single computer to be exposed to
unrestricted 2-way communication from outside of your network. This

74 CHAPTER 5: ROUTER CONFIGURATION

feature should be used only if the Virtual Server or Special Applications
options do not provide the level of access needed for certain applications.

To configure one of your computers as a DMZ host, enter the last digit(s)
of the IP address of the computer in the IP Address of DMZ Host text box,
and then click Apply.

Virtual Server

Activating and configuring a virtual server allows one or more of the
computers on your network to function as a public server. For example,
one of your computers could be configured as an FTP server, allowing
others outside of your office network to download files of your choosing.
Or, if you have created a Web site, you can configure one of your
computers as a Web server, so that others can view your Web site.

To configure a virtual server:

1 Click New on the right side of the screen to open the Virtual Server

Settings dialogue box. (Figure 53

)

2 Enter the last digit(s) of the IP address of the computer in the Server IP

Address text box.

3 Either:

■ Select a Local Service other than Custom from the drop-down list.

(Figure 53

Figure 53 Virtual Servers Settings Screen

■ Select Custom from the drop-down list to display screen shown in

Figure 54

), or

. Specify a suitable name for the service and then enter the

port numbers required for that service.

Firewall 75

Figure 54 Custom Setup Screen

Click Add to return to the Virtual Server Settings screen.

4 Click Apply to save the settings.

The port numbers are specified using a comma-separated list, with
hyphens to denote port number ranges. So for example, entering 2, 3,
5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.

Special Applications

Figure 55 Special Applications Screen

Select Special Apps tab to display Authorized Application setup screen.
(Figure 55

)

Some software applications require special or multiple connections to the
Internet and these would normally be blocked by the firewall. For
example Internet Telephony or Video conferences require multiple
connections.

So that these special applications can work properly and are not blocked,
the firewall needs to be told about them. In each instance there will be a

76 CHAPTER 5: ROUTER CONFIGURATION

trigger port and incoming port(s), where traffic on the trigger port tells
the firewall to open the incoming ports.

Each defined Special Application only supports a single computer user,
and up to 10 Special Applications can be defined. Any incoming ports
opened by a Special Application trigger will be closed after five minutes
of inactivity.

To configure special applications:

1 Click New to display the Special Application Settings screen (Figure 56

Figure 56 Special Application Settings Screen

2 Either:

■ Select the application from the Choose Application drop-down list, or

■ Select Other to specify an Application Name for the special application

and then enter a value in the Tr igg er P or t and Incoming Ports text
boxes (Figure 57

). These values correspond to the outbound port

numbers issued by the application.

The port numbers are specified using a comma-separated list, with
hyphens to denote port number ranges. So for example, entering 2, 3,
5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.

).

The Router will automatically allow FTP and NetMeeting sessions. You do
not need to configure these as Special Applications.

Firewall 77

PC Privileges

Figure 57

Other Applications Setup Screen

Click Add to save your settings.

3 Click Add in the Special Application Settings screen (Figure 56

), to save

the configuration.

Only one computer on your network can use the special application at
any one time.

Figure 58 PC Privileges Screen

Select PC Privileges to display the PC Privilege setup screen (Figure 58).

Access from the local network to the Internet can be controlled on a
computer-by-computer basis. In the default configuration the Router will
allow all connected computers unlimited access to the Internet.

PC Privileges allows you to assign different access rights for different
computers on your network.

78 CHAPTER 5: ROUTER CONFIGURATION

To use access control for all computers:

1 Click PCs access authorized services only.

2 Select All PCs to set up the access rights for all computers connected to

the Router. The screen shown in Figure 59

Figure 59 All PCs Setup Screen

3 If required, check the Bypass URL Filter check box to override the URL

Filter settings. Refer to “

displays.

URL Filter” on page 80.

4 Select the authorized services by clicking in the appropriate check box(es).

5 In addition to the four authorized services listed, you can choose to allow

or block access to other services. You can either:

■ Allow all other services, or allow all other services with exceptions, or

■ Block all other services, or block all other services with exceptions.

To do this, select Allow or Block from the drop down menu and, if
required, enter the exceptions into the text box.

The port numbers are specified using a comma-separated list, with
hyphens to denote port number ranges. So for example, entering 2, 3,

5-7 would cause ports 2, 3, 5, 6, and 7 to be activated.

For example, to block access to all services except Web (80) and a service
that uses ports 2,3,5,6 and 7:

1. Tick the Web(80) check box.

2. Select ‘Block’ all other services.

3. Enter ‘2, 3, 5-7’ in the ‘except (specify ports) box. See Figure 59

.

6 If required, you can schedule when PCs can access the Internet. By

default, all PCs can access the internet all day, every day. To change the

Firewall 79

schedule, check the appropriate check box for each day you want to
allow access, and enter the permitted access times for each day in
24-hour clock format.

For example, to allow access Monday through Friday between 9 am and
5 pm, check the check boxes for Mon, Tue , Wed, Thu and Fri, and enter
09:00 and 17:00 in the text boxes next to each of these days.

7 Click Modify to save the settings or Close to discard them.

To assign different access rights for different computers:

1 If not already selected, click PCs access authorized services only.

2 Click New to set up access rights for individual computers. The PC

Privileges setting screen displays, as shown in Figure 60

Figure 60 Individual PCs Setup Screen

.

3 Enter the last digit(s) of the IP address of the computer in the PC’s IP

Address text box.

4 If required, check the Bypass URL Filter check box to override the URL

Filter settings. Refer to “

URL Filter” on page 80.

5 Select authorized services by clicking in the appropriate check box(es).

6 In addition to the four authorized services listed, you can choose to allow

or block access to other services. You can either:

■ Allow all other services, or allow all other services with exceptions, or

■ Block all other services, or block all other services with exceptions.

To do this, select Allow or Block from the drop down menu and, if
required, enter the exceptions into the text box.

See step 6

of the previous section for more details.

7 If required, you can schedule when this PC can access the Internet. To set

the schedule, check the appropriate check box for each day you want to

80 CHAPTER 5: ROUTER CONFIGURATION

allow access, and enter the permitted access times in 24-hour clock
format.

For example, to allow access Monday through Friday between 9 am and
5 pm, check the check boxes for Mon, Tue , Wed, Thu and Fri, and enter
09:00 and 17:00 in the text boxes next to each of these days.

8 Click Add to save the settings.

URL Filter Select the URL Filter tab to set the URLs you want your clients to be able

to access. The Router’s URL Filter has three settings:

■ Disabled — Users can browse all Web sites. None will be filtered.

■ Deny List — Users can browse all Web sites apart from those sites

listed in the deny list and those whose URLs contain keywords listed in
the deny list. See “

■ Allow List — Users are unable to browse any Web sites except of

those listed in the allow list and those whose URLs contain keywords
listed in the allow list. See “

Deny List

To allow users access to all Web sites except for those you choose to
block, choose Deny List in the URL Filter Type drop-down box (Figure 61).

Deny List” on page 80.

Allow List” on page 81.

Figure 61 URL Filter Screen showing Deny List

Firewall 81

To filter a specific site, enter the URL for that site. For example, to stop
your users from browsing a site called www.badsite.com, enter
www.badsite.com or badsite.com in one of the fields.

If badsite.com has multiple sub-domains, such as this.badsite.com and
that.badsite.com then you can either:

■ Block them individually by entering this.badsite.com in one field

and that.badsite.com in another.

or

■ Block them by entering the keyword badsite.com into one of the

fields. This will block all URLs containing the string badsite.com. As
well as blocking this.badsite.com and that.badsite.com,
the keyword badsite.com would block searches that mentioned
badsite.com in their domain name, for example
www.notabadsite.com.

To filter a generic keyword enter it into one of the fields. You should
exercise caution when choosing a keyword as many keywords are
contained within other words. For example, filtering the word sex would
filter the following example URLs:

■ www.sussex.com

■ www.thisexample.com

You can filter up to 30 keywords and URLs.

Computers that should not be subject to URL filtering can be excluded by
ticking the Bypass URL Filter check box in the PC Privileges setup screen.

PC Privileges” on page 77.

See “

Allow List

To stop users from accessing any Web sites that you have not specifically
allowed, choose Allow List in the URL Filter Type drop-down box
(Figure 62

).

82 CHAPTER 5: ROUTER CONFIGURATION

Figure 62 URL Filter Screen showing Allow List

To allow a specific site, enter the URL for that site. For example, to let
your users browse a site called www.goodsite.com, enter
www.goodsite.com or goodsite.com in one of the fields.

If goodsite.com has multiple sub-domains, such as
this.goodsite.com and that.goodsite.com then you can
either:

■ Allow them individually by entering this.goodsite.com in one

field and that.goodsite.com in another.

or

■ Allow them by entering the keyword goodsite.com into one of the

fields. This will allow all URLs containing the string goodsite.com.
As well as allowing this.goodsite.com and
that.goodsite.com, the keyword goodsite.com would allow
sites that had the string goodsite.com in their URL, for example
xxxgoodsite.com.

To filter a generic keyword enter it into one of the fields. You should
exercise caution when choosing a keyword as sites that you may wish to
block may be allowed if you choose too general a keyword.

Firewall 83

The Router filters all traffic from domains that have been blocked using
the URL filter. If you need to access an external mail server, FTP server or
other named device outside your network, you must list it in one of the
allow fields.

You can filter up to 30 keywords and URLs.

Computers that should not be subject to URL filtering can be excluded by
ticking the Bypass URL Filter checkbox in the PC Privileges setup screen.

PC Privileges” on page 77.

See “

Content Filter You can subscribe to the 3Com Content Filter Service, which enables you

to block or allow the URLs of a number of pre-defined categories.

The Router comes with a 14-day free trial of the 3Com Content Filter
Service. To activate the 14-day free trial of the service, you must first
register your Router at

www.3com.com. To continue using the service after

the trial period, you must purchase the full 3Com Content Filter Service
(3CSBCFS).

URL filtering rules supersede content filtering rules. If the 3Com Content
Filter is blocking certain Web sites that you want to allow, you can add
these sites to URL Filter’s allow list. Refer to “

Allow List” on page 81 for

more information.

84 CHAPTER 5: ROUTER CONFIGURATION

To activate Content Filtering:

1 Select Firewall from the main menu, then select the Content Filter tab.

The Content Filter screen displays (Figure 63

Figure 63 Content Filter Screen

2 Make sure the Enable Content Filter check box is checked.

).

3 Select the Content Filter Server that you require from the drop-down list.

If you select custom entry, enter the server IP address in the text box.

4 Select the Server Timeout value in milliseconds. The default is 3000

milliseconds (3 seconds).

5 Select Allow or Deny for each displayed category, as required.

Click Apply to save the settings.

SPI Stateful Packet Inspection (SPI) inspects, and if required blocks packets at

the application layer. SPI also maintains TCP and UDP session
information, including timeouts and the number of active sessions, and
provides the ability to detect and prevent certain types of network attacks
such as DoS attacks.

Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. The goal is not to steal information, but to
disable a device or network so users no longer have access to network
resources.

To configure SPI information on your Router:

Firewall 85

1 Select Firewall from the main menu, then select the SPI tab to display the

SPI screen (Figure 64

Figure 64 SPI Screen - upper section

Figure 65 SPI Screen - lower section

and Figure 65):

Intrusion Detection Feature

The Intrusion Detection feature limits access for incoming traffic at the
WAN ports.

2 Check the Enable SPI and Anti-DoS firewall protection check box to

enable SPI. When this feature is enabled, all incoming packets will be
blocked except for those types that you allow in the Stateful Packet
Inspection section.

86 CHAPTER 5: ROUTER CONFIGURATION

3 If required, check the Enable RIP defect check box. This feature stops

unacknowledged packets from accumulating in the input queue.

Stateful Packet Inspection

4 The Stateful Packet Inspection section displays a list of traffic types. If you

leave the check box for a traffic type blank, this traffic type is blocked. If
you check the check box, the Router allows this type of incoming traffic,
but only if the connection was initiated from the local LAN.

For example, if you check only the Enable FTP Service check box, all
incoming traffic is blocked except for FTP connections initiated from the
local LAN.

Alert by E-mail

5 In the Your E-mail Address text box, enter the e-mail address you want

alerts to be sent in the event of a hacker attack.

6 Enter your SMTP Server Address.

7 Enter your SMTP Server User Name.

8 Enter your SMTP Server Password.

Connection Policy

9 In the Fragmentation half-open wait text box, enter the length of time, in

seconds, that you want an unassembled packet to remain active before
the Router drops it. The default is 10 seconds.

10 In the TCP SYN wait text box, enter the length of time, in seconds, that

you want the Router to wait for a TCP session to synchronize before it
drops the session. The default is 30 seconds.

11 In the TCP FIN wait text box, enter the length of time, in seconds, that

you want a TCP session to remain active after the Router detects a FIN
packet. The default is 5 seconds.

12 In the TCP connection idle timeout text box, enter the length of time, in

seconds, that you want a TCP session to remain active if there is no
activity. The default is 3600 seconds (1 hour).

13 In the UDP session idle timeout text box, enter the length of time, in

seconds, that you want a UDP session to remain active if there is no
activity. The default is 30 seconds.

14 In the H.323 data channel idle timeout text box, enter the length of time,

in seconds, that you want an H.323 session to remain active if there is no
activity. The default is 180 seconds.

System Tools 87

DoS Detect Criteria

15 In the Total incomplete TCP/UDP sessions HIGH text box, enter the

number of unestablished sessions that will cause the software to start
deleting half-open sessions. The default is 300.

16 In the Total incomplete TCP/UDP sessions LOW text box, enter the

number of unestablished sessions that must be reached before the
software stops deleting half-open sessions. The default is 250.

17 In the Incomplete TCP/UDP sessions (per min) HIGH text box, enter the

maximum number of incomplete TCP/UDP sessions allowed per minute.
The default is 250 sessions.

18 In the Incomplete TCP/UDP sessions (per min) LOW text box, enter the

minimum number of incomplete TCP/UDP sessions allowed per minute.
The default is 200 sessions.

19 In the Maximum incomplete TCP/UDP sessions number from the same

host text box, enter the maximum number of incomplete sessions

allowed from the same host. The default is 10 sessions.

20 In the Incomplete TCP/UDP sessions detect sensitive time period text box,

enter the length of time that must elapse before an incomplete TCP/UDP
session is detected as incomplete. The default is 300 msec.

21 In the Maximum half-open fragmentation packet number from the same

host text box, enter the maximum number of half-open fragmentation

packets allowed from the same host. The default is 30 packets.

22 In the Half-open fragmentation detect sensitive time period text box,

enter the length of time that must elapse before a half-open
fragmentation session is detected as half-open. The default is 10000
msec.

23 In the Flooding cracker block time text box, enter the length of time that

must elapse between detection of a flood attack and blocking the attack.
The default is 300 seconds.

Click Apply to save the settings.

System Tools The main frame of the System Tools screen includes four administration

items: Restart, Time Zone, Configuration, and Upgrade (Figure 66

).

88 CHAPTER 5: ROUTER CONFIGURATION

Restart Figure 66 Restart Screen

If your Router is not operating correctly, you can choose to restart the
Router by selecting Restart the Router, simulating the effect of power
cycling the unit. No configuration information will be lost but the log files
will be erased. This function may be of use if you are experiencing
problems and you wish to re-establish your Internet connection. Any
network users who are currently accessing the Internet will have their
access interrupted whilst the restart takes place, and they may need to
reboot their computers when the restart has completed and the Router is
operational again.

Time Zone

Figure 67 Time Zone Screen

System Tools 89

Choose the time zone that is closest to your actual location. The time
zone setting is used by the system clock when displaying the correct time
in the log files.

If you use Daylight saving tick the Enable Day Light savings box, and then
click Apply (Figure 67

).

The Router reads the correct time from NTP servers on the Internet and
sets its system clock accordingly. The Daylight Savings option merely
advances the system clock by one hour. It does not cause the system
clock to be updated for daylight savings time automatically.

Configuration

Figure 68 Configuration Screen

Select the Configuration tab to display the Configuration screen
(Figure 68

).

Backup Configuration

Click BACKUP to save the current Router configuration. You will be
prompted to download and save a file to disk.

90 CHAPTER 5: ROUTER CONFIGURATION

Restore Configuration Data

If you want to reinstate the configuration settings previously saved to a
file, press Browse to locate the backup file on your computer, and then
click RESTORE to copy the data into the Router's memory.

The password will remain unchanged.

Reset to Factory Default

If you want to reset the settings on your Router to those that were loaded
at the factory, click RESET. You will lose all your configuration changes.
The Router LAN IP address will revert to 192.168.1.1, and the DHCP
server on the LAN will be enabled. You may need to reconfigure and
restart your computer to re-establish communication with the Router.

Upgrade

Figure 69 Upgrade Screen

The Upgrade facility allows you to install on the Router any new releases
of system software that 3Com may make available. To install new
software, you first need to download the software from the 3Com
support web site to a folder on your computer. Once you have done this,
select Browse to tell your web browser where this file is on your
computer, and then click Apply. The file will be copied to the Router, and
once this has completed, the Router will restart. Although the upgrade
process has been designed to preserve your configuration settings, it is
recommended that you make a backup of the configuration beforehand,
in case the upgrade process fails for any reason (for example, the
connection between the computer and the Router is lost while the new
software is being copied to the Router).

Advanced 91

The upgrade procedure can take up to two minutes, and is complete
when the Alert LED has stopped flashing and is permanently off. Make
sure that you do not interrupt power to the Router during the upgrade
procedure; if you do, the software may be corrupted and the Router may
not start up properly afterwards. If the Alert LED comes on continuously
after a failed upgrade, refer to Chapter 6

, “Troubleshooting”.

Advanced Selecting Advanced from the main menu displays the following five tabs

in your Web browser window: Static Route, RIP, Routing Table, DDNS
and Security.

Static Route The Router supports static route functionality. Select the Static Route tab

to display the screen shown in Figure 70

Figure 70 Static Route screen

The following information is displayed for each static route:

■ Index - the index of the static route

■ Network Address - the network address of the route. If network

address and subnet mask are both set to 0.0.0.0, this is the default
route.

■ Subnet Mask - the subnet mask of the route. If network address and

subnet mask are both set to 0.0.0.0, this is the default route.

92 CHAPTER 5: ROUTER CONFIGURATION

■ Gateway - the gateway used to route data to the network specified by

the network address.

RIP The Router supports the Routing Information Protocol (RIP). RIP allows

you to set up routing information on one RIP enabled device, and have
that routing information replicated to all RIP enabled devices on the
network. LAN and WAN interfaces can be configured independently of
each other.

Select the RIP tab to display the screen shown in Figure 71

Figure 71 RIP screen

Setting Up RIP

Check the Enable Auto Summary check box if you want the Router to
send simplified routing data to other RIP devices, instead of full routing
data.

Advanced 93

Check the Enable RIP Mode check box to configure RIP on the Router.
The screen shown in Figure 72

Figure 72 Enable RIP Mode screen

displays

The screen displays RIP information for the LAN interface and WAN
interface. To set up or change the information for one or both interfaces:

1 Select one of Disable, Enable or Silent from the Operation Mode

drop-down list. If you select Enable, the Router transmits RIP update
information to other RIP enabled devices. If you select Silent, the Router
only receives RIP update messages.

2 Select either 1 (for RIPv1) or 2 (for RIPv2) from the Version drop-down list.

3Com recommends that you use RIPv1 if there is any RIP enabled device
on your network that does not support RIPv2. In all other case, select
RIPv2.

3 Select either Enable or Disable from the Poison Reverse drop-down list.

Poison Reverse is a feature that helps prevent data loops.

4 Select one of None, Password or MD5 from the Authentication Required

drop-down list. If you select Password, an unencrypted text password
must be set on all RIP-enabled devices. If you select MD5, the password
must be encrypted using the MD5 encryption algorithm.

5 If you selected Password or MD5 at step 4, enter a password at the

Authentication Code prompt.

94 CHAPTER 5: ROUTER CONFIGURATION

Routing Table Select the Routing table tab to display routing information used by the

Router. The information is displayed in the format shown in Figure 73

Figure 73 Routing Table screen

DDNS Dynamic Domain Name Server (DDNS) enables you to map a static

domain name to a dynamic IP address. The Router supports two DDNS
providers, TZO.com and DYNDNS.org. Before you can set up DDNS, you
must obtain an account, password and static domain name from your
DDNS provider. DDNS is disabled by default.

Advanced 95

To set up DDNS:

1 Select Advanced from the main menu, then select the DDNS tab. The

DDNS screen displays (Figure 74

Figure 74 DDNS screen

).

2 Select a DDNS Service provider from the drop-down list. This can be

either TZO.com or DynDNS.org.

TZO.com

If you select TZO.com:

1 In the Domain Name text box, enter the domain name.

2 In the Username/E-mail text box, enter the account name.

3 In the Key text box, enter the account password.

4 In the Refresh Time box, enter how often you want the service to

automatically refresh, in days. The default is three days.

5 Click Apply to make this service active.

DynDNS.org

If you select DYNDNS.org:

1 In the Host Name text box, enter the host name.

2 In the Username text box, enter the account name.

3 In the Password text box, enter the account password.

96 CHAPTER 5: ROUTER CONFIGURATION

4 In the Refresh Time box, enter how often you want the service to

automatically refresh, in days. The default is three days.

5 Click Apply to make this service active.

Security Select Security to display the Security screen (Figure 75

Figure 75 Security Screen

The Internet connects millions of computer users throughout the world. The vast majority of the computer users on the Internet are friendly and have no intention of breaking into, stealing from, or damaging your network. However, there are hackers who may try to break into your network. The options in the Security tab features help you to protect your network.

).

Using Advanced Settings

The Advanced Settings section of the Security screen displays the
following options:

■ Enable universal plug and play - Universal plug and play allows

compatible software to read and change some the Router’s firewall
settings. This reduces the configuration required but lessens your
control of the Router’s firewall.

Check on the check box to enable this feature, and then select Apply.

Advanced 97

3Com recommends that you leave this feature disabled for maximum
security.

■ Allow PING from the Internet - PING is a utility, which is used to

determine whether a device is active at the specified IP address. PING
is normally used to test the physical connection between two devices,
to ensure that everything is working correctly.

By default the Router has PING disabled in order to make the device
more difficult to find on the Internet and less prone to attack.

Check on the check box to enable this feature, and then select Apply.

3Com recommends that you leave this feature disabled for maximum
security.

■ Disable NAT - Network Address Translation (NAT) is the method by

which the Router shares the single IP address assigned by your ISP
with the computers on the network. Only disable NAT if your ISP
assigns you multiple IP addresses or you need NAT disabled for an
advanced system configuration. If you have a single IP address and
your turn NAT off, the computers on your network will not be able to
access the Internet. Other problems may also occur.

Check on the check box to disable NAT, and then select Apply.

3Com recommends that you leave this feature enabled for maximum
security.

Enabling Remote Administration

It is possible to administer the Router remotely. Select one of the
following options for remote administration:

■ Disable Remote Administration - This option is set as default.

■ Enable administration from a single Internet Host - Only the specified

Host IP Address can manage the Router. Any other users will be
rejected.

■ Enable administration from a whole subnet - This option allows a

number of users within the specified Host Network Address and
Subnet Mask to administer the Router.

■ Enable administration from any Internet Host - This option allows any

host to access the administration pages.

To remotely administer your Router, enter
http://xxx.xxx.xxx.xxx:8000 in the location bar of the browser
running on the remote computer, where xxx.xxx.xxx.xxx is the Internet IP

98 CHAPTER 5: ROUTER CONFIGURATION

address of the Router. You may then login using the administration
password.

Your Internet IP address can be found at the bottom of the screen. See

Figure 75

.

Status and Logs Selecting Status and Logs from the main menu displays the Status, Usage,

and Logs screens in your Web browser window.

Status The Status screen displays a tabular representation of your network and

Internet connection. (Figure 76

Figure 76 Status Screen - upper section

and Figure 77).

Status and Logs 99

Figure 77 Status Screen - lower section

Usage Usage displays an approximate count of the traffic since the Router was

last reset. (Figure 78

)

The counts are approximate and should be used as a guide only. Contact
your ISP for accurate logging information.

Figure 78 Usage Screen

100 CHAPTER 5: ROUTER CONFIGURATION

Logs Logs will allow you to view both the normal events, and security threats

logged by the Router.

Figure 79 Logs Screen

You may be asked to refer to the information on the Status and Logs
screens if you contact your supplier for technical support.

Support/Feedback Selecting Support/Feedback from the main menu displays the Support

and Feedback screens.

Support Figure 80 Support Screen