Actiontec electronic MI408 User Manual

Download

Page 1

Table of Contents

1 Introduction 1

Package Contents 1 Minimum System Requirements 2 Features 2 Getting to Know the Router 3

2 Connecting the Router 7

Setting Up the Router 7 Computer Network Configuration 8 Configuring the Router 10 Home Page 12

3 Configuring My Network Settings 15

Accessing My Network 15 Using My Network 16

4 Using Network Connections 23

Network (Home/Office) 24 Ethernet Connection 29 Broadband Ethernet Connection 32 WAN PPPoE/WAN PPPoE 2 38

5 Configuring the Router’s Security 45

General 47 Access Control 49 Port Forwarding 52 DMZ (Demilitarized Zone) Host 53 Port Triggering 54 Remote Administration 56 Static NAT 58 Advanced Filtering 59 Security Log 62

6 Using Parental Controls 69

Activating Parental Controls 69 Advanced Parental Controls 71

7 Using Advanced Settings 73

Firmware Upgrade 75 Firmware Restore 77 Configuration File 78 System Settings 79 Date and Time 84

Page 2

Actiontec Broadband Router User Manual

Scheduler Rules 85 Routing 87 IP Address Distribution 89 Diagnostics 93 Restoring Default Settings 94 Reboot the Router 94 MAC Cloning 95 ARP (Address Resolution Protocol) Table 95 Users 96 QoS 97 Local Administration 97 Remote Administration 98 Dynamic DNS 98 DNS Server 100 Network Objects 102 Universal Plug and Play (UPnP) 103 Protocols 105

8 Monitoring the Router 107

Router Status 107 Advanced Status 108

9 Troubleshooting 111

A Quality of Service 115

Traffic Priority 115 Traffic Shaping 119

B Specifications 131

General 131 LED Indicators 131 Environmental 132

Notices 133

Regulatory Compliance Notices 133 Modifications 133

Limited Warranty 135

Page 3

Introduction

Thank you for purchasing the Actiontec Broadband Router. The Router features eight Ethernet ports, making it one of the most versatile routers available. If you want to take your home or office networking to the next level, the Actiontec Broadband Router is sure to be one of the keys to your success.

Package Contents

s Actiontec Broadband Router

s Black Power cord

s Yellow cable (Ethernet, 6 ft.)

s White cable (Ethernet, 10 ft.)

s Quick Start Guide

s Installation Guide

s User Manual CD

s Wall-mount template

s Vertical stand

s Warranty

Page 4

Actiontec Broadband Router User Manual

Chapter 1 Introduction

Minimum System Requirements

s Computer with Ethernet capability

s Microsoft Windows 98SE, Me, 2000, or XP; Mac OS 9 or greater; Linux/

BSD, Unix

s Internet Explorer 5.0 or higher; Netscape Navigator 7.0 or higher

s TCP/IP network protocol installed on each computer

Features

s Integrated wired networking with 8-port 10/100 Mbps Ethernet switch

s Enterprise-level security, including :

Fully customizable firewall with Stateful Packet Inspection

Content filtering with URL-keyword based filtering, parental control, customizable filtering policies per computer, and E-mail notification

Denial of service protection against IP spoofing attacks, intrusion and scanning attacks, IP fragment overlap, ping of death, and fragmentation attacks

Event logging

Intrusion detection

MAC address filtering

NAT

DMZ hosting

Access control

ICSA certified

s Other Features

DHCP server option

DHCP server/PPPoE server auto-detection

DNS server

LAN IP and WAN IP address selection

MAC address cloning

Page 5

Chapter 1 Introduction

Power

Broad

Band

Internet

Ethernet

Port forwarding

PPPoE support

QoS support (end to end layer 2/3) featuring Diffserv, 802.1p/q prioritization, configurable upstream/downstream traffic shaping, random early detection and pass-through of WAN-side DSCPs, PHBs, and queuing to

LAN-side devices

Remote management and secured remote management using HTTPS

Reverse NAT

Static NAT

Static routing

Time zone support

VLAN multicast support

VPN IPSec (VPN passthrough only)

Getting to Know the Router

This section contains a quick description of the Router’s lights (LEDs), ports, etc. The Router features several indicator lights on its front panel, and a series of ports and switches on its rear panel.

Front Panel

The front panel of the Router features 11 indicator lights: Power, Broadband, Internet, and Ethernet (8).

Page 6

Actiontec Broadband Router User Manual

Chapter 1 Introduction

Power Light

The Power light displays the Router’s current status. If the Power light glows steadily green, the Router is receiving power and fully operational. When the Power light flashes rapidly, the Router is initializing. If the Power light is not illuminated or glows red when the Power cord is plugged in and the Power switch is turned on, the Router has suffered a critical error and technical support should be contacted.

Broadband Light

The Broadband light illuminates when the Router is connected to a the Internet via Ethernet. If flashing, data traffic is passing across the port.

Internet Light

When the Internet light glows steadily green, the Router is connected to the ISP (Internet Service Provider). If it glows amber, there is a physical connection to the ONT (Optical Network Terminator), but authentication has not taken place (i.e., no IP address is present).

Ethernet Lights (1 - 8)

The Ethernet lights illuminate when the Router is connected to a local network via one or more of its Ethernet ports. If flashing, data traffic is passing across the port(s).

Page 7

Chapter 1 Introduction

12VDC 1.2A

Reset

OFF

100 1

Rear Panel

The rear panel of the Router features ten ports (Ethernet [8], Broadband, and Power), as well as a Reset button and Power switch.

Ethernet Ports (8)

The Ethernet ports connect devices to the Router via Ethernet cables to create a local area network (LAN). The Ethernet ports are 10/100 Mbps auto-sensing ports, and either a straight-through or crossover Ethernet cable can be used when connecting to the ports.

Broadband Port

The Broadband port connects the Router to the ISP using an Ethernet cable.

Reset Button

To restore the Router’s factory default settings, press and hold the Reset button for approximately ten seconds. The reset process will start about ten seconds after releasing the button. When the Router resets, all the lights on the front panel turn off, and then the lights start flashing. The Router has completed its reset process when the Power light glows steadily green.

Caution: Do not unplug the Power cord from the Router dur-

ing the reset process. Doing so may result in the loss of the Router’s configuration information. If this occurs, reset the Router again.

Page 8

Actiontec Broadband Router User Manual

Power Switch

The Power switch powers the Router on and off.

Power Port

The Power port connects the Router to an electrical wall outlet via the Power cord.

Caution: Do not unplug the Power cord from the Router dur-

ing the reset process. Doing so may result in the loss of the Router’s configuration information. If this occurs, reset the Router again.

Page 9

Connecting the Router

Connecting a computer or local network to the Broadband Router is a simple procedure, varying slightly depending on the computer’s operating system but designed to seamlessly integrate the Router with the computer or local network. Moreover, addition configuration to access the GUI is not required when taking advantage of Universal Plug-and-Play support in Windows XP. The Windows default network settings dictate that in most cases, the setup procedure described in the “Computer Network Configuration” will be unnecessary. For example, the default DHCP setting in Windows 2000 is “client,” requiring no further modification. However, Actiontec advises following the setup procedure described below to verify all communication parameters are valid and the physical cable connections are correct.

Setting Up the Router

There are three parts to setting up the Router: Connecting the Cables, Configuring the Router, and Connecting Other Computers/Set Top Boxes.

Connecting the Cables

Note: If a different router was being used, disconnect it. Remove

☞

all router components, including power supplies and cables, since they will not work with the Wireless Broadband Router.

1. Get the Router and black Power cord from the box.

2. Plug the black Power cord in the black port on the back of the Router and

then into a power outlet.

3. Turn the Router on.

4. Make sure the Power light on the front of the Router is glows steadily green.

5. Plug the yellow Ethernet cable from the box into one of the four yellow

Ethernet ports on the back of the Router.

Page 10

Actiontec Broadband Router User Manual

Chapter 2 Connecting the Router

6. Make sure the computer is powered on, then plug the other end of the yellow

Ethernet cable into an Ethernet port on the computer.

7. Make sure at least one of the Ethernet LAN lights on the front of the Router

glows steadily green. This may take a few moments.

8. Locate the Ethernet wall jack the phone company previously installed some-

where in the house.

9. Get the white Ethernet cable from the box and plug one end in the white port

on the back of the Router. Plug the other end of the white Ethernet cable into the high-speed Ethernet jack.

10. Make sure the Ethernet WAN light on the front of the Router glows steadily

green. If connecting via coaxial cable, this may take a few minutes.

Note: If the Ethernet WAN light does not illuminate, make sure

☞

the Ethernet cable is connected properly at both ends.

Computer Network Configuration

Each network interface on the computer should either be configured with a statically defined IP address and DNS address, or instructed to automatically obtain an

IP address using the Network DHCP server. The Router is set up, by default, with

an active DHCP server, and Actiontec recommends leaving this setting as is.

Configuring Dynamic IP Addressing

To set up a computer to use dynamic IP addressing:

Windows XP

1. Select Network Connections in the Control Panel.

2. Right-click Ethernet Local Area Connection, then click Properties.

3. In the “General” tab, select Internet Protocol (TCP/IP), then click

Properties.

4. The “Internet Protocol (TCP/IP) Properties” window appears.

5. Click the “Obtain an IP address automatically” radio button.

Page 11

Chapter 2 Connecting the Router

6. Click the “Obtain DNS server address automatically” radio button.

7. Click OK in the “(TCP/IP) Properties” screen, then click OK in the “Local

Area Connection Properties” screen to save the settings.

Windows 2000

1. Select Network and Dialing Connections in the Control Panel.

2. Right-click on the Ethernet connection’s icon, then click Properties.

3. Select Internet Protocol (TCP/IP) component, then click Properties.

4. The “Internet Protocol (TCP/IP) Properties” window appears.

5. Click the “Obtain an IP address automatically” radio button.

6. Click the “Obtain DNS server address automatically” radio button.

Windows 98/Me

1. Select Network in the Control Panel.

2. Select the TCP/IP settings for the network card, then click Properties.

3. Click the “Obtain an IP address automatically” radio button in the “IP

Address” tab.

4. Click Disable DNS in the DNS configuration tab.

5. Click OK in the “TCP/IP Properties” screen.

6. Click OK in the “Network” screen to reboot and save the settings.

Windows NT

1. Click Network in the Control Panel. The “Network” window appears.

2. In the “Protocol” tab, select Internet Protocol (TCP/IP) then click

Properties.

Page 12

Actiontec Broadband Router User Manual

Chapter 2 Connecting the Router

3. In the “IP Address” tab, click the “Obtain an IP address automatically” radio

button.

4. In the “DNS” tab, verify no DNS server is defined in the “DNS Service Search

Order” text box and no suffix is defined in the “Domain Suffix Search Order” text box.

Linux

1. Login into the system as a super-user, by entering “su” at the prompt.

2. Type “ifconfig” to display the network devices and allocated IPs.

3. Type “pump -i <dev>,” where <dev> is the network device name.

4. Type “ifconfig” again to view the newly allocated IP address.

5. Make sure no firewall is active on device <dev>.

Configuring the Router

1. Open a web browser on the computer connected to the Router. In the

“Address” text box, type:

http://192.168.1.1

then press Enter on the keyboard.

2. The “Login” screen appears. Enter the default user name (admin) and pass-

word (password) in the appropriate text boxes, then click OK.

Page 13

Chapter 2 Connecting the Router

3. The “Login Setup” screen appears. Select a new user name and password and

enter them in the appropriate text boxes (the password must be entered twice, for validation purposes). Write the new user name and password down on a piece of paper and keep it in a safe place, since they will be needed to access the Router’s MegaControl Panel™ in the future.

4. In the bottom part of the screen, select the correct time zone from the “Time

Zone” drop-down list, then click OK at the bottom of the screen.

The Router is now configured.

Connecting Other Computers/Set Top Boxes

The Router can connect to other computers via Ethernet. To do this:

1. Get an Ethernet cable and plug one end into one of the open yellow

Ethernet ports on the back of the Router.

2. Plug the other end of the Ethernet cable into an Ethernet port on the computer.

3. Make sure the corresponding Ethernet LAN light on the front of the Router

glows steadily green.

4. Repeat these steps for each computer to be connected to the Router

via Ethernet.

Page 14

Actiontec Broadband Router User Manual

Chapter 2 Connecting the Router

Home Page

After logging into the Router’s MegaControl Panel (see “Configuring the Router” at the beginning of this chapter), the “Home” screen appears.

The Home screen has a “Main Menu” that occupies the top of the screen. Below that, the screen is divided into three columns: “My Router,” “My Network,” and “Action Zone.”

Main Menu

The “Main Menu” contains links to all of the configuration options of the Router:

My Network (explained in chapter 4 of this manual), Firewall (chapter 5), Parental Controls (chapter 6), Advanced (chapter 7), and System Monitoring

(chapter 8).

Page 15

Chapter 2 Connecting the Router

My Router

This section displays the status of the Router’s network and Internet connection. A green light signifies the Router is connected; a yellow light means the Router is attempting to connect; and a red light signifies the Router’s connection is down.

Broadband Connection

The “Broadband Connection” section of My Router displays the state of the Router’s broadband connection (“Connected” or “Disconnected”) for the connection option (“Ethernet Status”), and the WAN IP address of the broadband connection.

Quick Links

The “Quick Links” section of My Router contains a list of frequently accessed settings, including “Change Login User Name & Password,” “Enable Gaming,” and “Logout.”

My Network

The “My Network” section of the Home screen displays the connection type, name, and IP address of all devices connected to the Router’s network. The icon associated with the device will be displayed normally (signifying an active device) or shaded (signifying the device has not been active for at least 60 seconds). The user can also configure the basic settings of each device by clicking on its icon. These settings are described in more detail in chapter 3, “Configuring My Network Settings.”

Action Zone

This section contains links to various Verizon Web sites, and other informational links. Clicking on the icon above “Go to Internet Now” connects the user to the home page configured on the user’s web browser.

Page 16

Actiontec Broadband Router User Manual

This page left intentionally blank.

Page 17

Configuring My Network Settings

Once the Broadband Router is physically connected and the MegaControl Panel’s Home screen is displayed in a web browser, a list of the devices connected to the Router’s network appears in the “My Network” section of the screen. From here, some basic network settings can be configured.

Accessing My Network

To access My Network, click on “My Network” in the Home screen.

The “My Network” screen appears:

On the far right side of the screen, in the “Connected Devices” section, is list of the devices currently connected to the network, listed by connection type and number. The rest of the screen contains the “My Network” section, which displays each device connected to the network, and a series of configuration settings.

Page 18

Actiontec Broadband Router User Manual

Chapter 3 Configuring My Network Settings

Using My Network

Various settings can be accessed for a particular device, as follows.

Access Device

For devices that can be accessed (such as Internet cameras and networked hard drives), locate it in the My Network column, then click Access Devices to use the device over the network.

Access Shared Files

To access the shared files on a particular device, locate the device in the My Network column, then click Access Shared Files. A list of shared files appears on the screen.

Website Blocking

Clicking “Website Blocking” generates the “Parental Control” screen. For more information about using parental controls, see chapter 6, “Using Parental Controls.”

Block Internet Services

Internet services blocking is used to prevent a device on the network from accessing particular services on the Internet, such as receiving E-mail or downloading from FTP sites. To set up Internet services blocking on a networked device, locate the device in the My Network column, then click Block Internet Services. The “Access Control” screen appears.

Page 19

Chapter 3 Configuring My Network Settings

1. Click Add in the “Networked computer/Device” column. The “Add Access

Control Rule” screen appears.

2. If this access control rule applies to all networked devices, select “Any” from

the “Networked Computer/Device” list box. If this rule applies to certain devices only, select “Specify Address” and click Add. Then, add a network object (for more details about adding network objects, see the “Advanced Settings” chapter of this manual).

3. Select the Internet protocol to be blocked from the “Protocol” drop-down list.

4. If this rule will be active all the time, select “Always” from the “When should this

rule occur?” drop-down list. If the rule will only be active at certain times select “Specify Schedule” and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Settings” chapter of this manual).

Note: Make sure the Router’s date and time settings for your time

☞

zone are set correctly for schedule rules to function properly.

5. Click Apply to save the changes. The Access Control screen will display a sum-

mary of the access control rule.

Note: To block a service that is not included in the list select

☞

“Specify Protocol” from the Protocol drop-down menu. The “Edit Service” screen appears. Define the service, then click Apply. The service will then be automatically added to the top section of the “Add Access Control Rule” screen, and will be selectable.

Page 20

Actiontec Broadband Router User Manual

Chapter 3 Configuring My Network Settings

The user may disable an access control and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available only temporarily, with the expectation that the restriction will be reinstated later.

• To temporarily disable an access control clear the check box next to the network computer/device.

• To reinstate the restriction at a later time select the check box next to the network computer/device.

• To remove an access restriction from the Access Control table click the Remove button for the service. The service will be removed from the Access Control table.

Note: When Web Filtering is enabled, HTTP services cannot be

☞

blocked by access control.

Enable Application

Activating “Enable Application” (also known as port forwarding) allows the network to be exposed to the Internet in certain limited and controlled ways, enabling some applications to work from the local network (game, voice, and chat applications, for example), as well as allowing Internet access to servers in the network. To set this up on a networked device, locate the device in the My Network column, then click Enable Applications. The “Port Forwarding” screen appears.

Page 21

Chapter 3 Configuring My Network Settings

1. Click Add. The “Add Port Forwarding Rule” screen appears.

2. Enter the local IP address or the host name of the computer providing the ser-

vice in the “Networked Computer/Device” text box. Note that only one local network computer can be assigned to provide a specific service or application.

3. Select the Internet protocol to be provided from the “Protocol” drop-down

list.

4. To select a port to forward communications to (this is optional), select

“Specify” from the “Forward to Port” drop-down list, then, in the text box that appears, enter the port number. If no port is identified, select “Same as Incoming Port.”

5. If this port will be active all the time, select “Always” from the “When should this

6. Click Apply to save the changes.

Note: Some applications, such as FTP, TFTP, PPTP, and H323,

☞

require the support of special specific Application Level Gateway (ALG) modules to work inside the local network. Data packets associated with these applications contain information that allows them to be routed correctly. An ALG is needed to handle these packets and ensure they reach their intended destinations. The Router is equipped with a robust list of ALG modules, enabling maximum functionality in the local network.

The ALG is automatically assigned based on the destination port.

Page 22

Actiontec Broadband Router User Manual

Chapter 3 Configuring My Network Settings

View Device Details

To view information about a networked device, or to test a device’s connection, locate the device in the My Network column, then click View Device Details. The “Device Information” screen appears.

1. Click Test Connectivity. The “Diagnostics” screen appears.

2. Click Go. The Router runs a ping test, and the results are displayed in the

Diagnostics screen.

Page 23

Chapter 3 Configuring My Network Settings

Rename This Device

To rename a networked device, locate the device in the My Network column, then click Rename This Device. The “Rename Device” screen appears.

Enter the new name of the device in the “New Name” text box and, if needed, select a new icon for the device from the “New Icon” drop-down list.

Timeout for Inactive Device

The amount of time a device continues to be displayed on the network after it has been disconnected is configured in the “Timeout for Inactive Device” screen. To display the screen, click Timeout for Inactive Device.

Select the timeout period from the “Timeout” drop-down list. After the device has been disconnected for this amount of time, it will no longer be displayed in the “My Network” column.

Page 24

Actiontec Broadband Router User Manual

This page left intentionally blank.

Page 25

Using Network Connections

The Broadband Router supports various local area network (LAN) and wide area net- work (WAN, on Internet) connections via Ethernet cables. Network connections are used to configure the various parameters of the Router’s network and Internet connections, and to create new connections.

Caution: The settings covered in this chapter should be config-

ured by experienced network technicians only.

To access the Router’s network connections, in the “My Network” screen, click Network Connections from the menu on the left side. The “Network Connections” screen appears.

Click Advanced to expand the screen and display all connection entries.

Page 26

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

To select a connection, click on its name. The rest of this chapter describes the different network connections available on the Router, as well as the connection types that can be created.

Network (Home/Office)

Select Network (Home/Office) in the Network Connections screen to generate the “Network (Home/Office) Properties” screen. This screen displays a list of the local network’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box).

Note: When a network is disabled, its formerly underlying

☞

devices will not be able to get the DHCP address from the net- work interface to which they were connected.

The Network (Home/Office) connection is used to combine several network devices under one virtual network. For example, a home/office network can be created for Ethernet and other network devices.

Page 27

Chapter 4 Using Network Connections

Configuring the Home/Office Network

Click Settings in the “Network (Home/Office) Properties” screen to generate the “Configure Network (Home/Office)” screen.

General

The top part of the Configure Network (Home/Office) screen displays general communication parameters. Actiontec recommends not changing the default values in this section unless familiar with networking concepts.

Status Displays the connection status of the network.

When should this rule occur? Displays when the rule is active. To schedule rules,

see the “Advanced Settings” chapter.

Network Select the type of connection being configured from the drop-down list (options: Broadband Connection, Network [Home/Office], or DMZ).

Connection Type Displays the type of connection.

Physical Address Displays the physical address of the network card used for the

network.

MTU MTU (Maximum Transmission Unit) specifies the largest packet size per-

mitted for Internet transmission. “Automatic” sets the MTU at 1500. Other choic- es include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually.

Page 28

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Internet Protocol

This section has three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address.

No IP Address Select this option if the connection will have no IP address. This is useful if the connection operates under a bridge.

Obtain an IP Address Automatically Select this option if the network connection is required by the ISP to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by entering another subnet mask address.

Use the Following IP Address Select this option if the network connection uses a permanent (static) IP address, then the IP address and subnet mask address.

Bridge

The “Bridge” section of the Configure Network (Home/Office) screen is used to specify which networks can join the network bridge.

Note: When a network is disabled, its formerly underlying

☞

devices inherit the network’s DHCP settings. For example, the removal of a network configured as DHCP client automatically configures the devices formerly constituting the network as

DHCP clients, with the exact DHCP client configuration.

Click in the check box next to the particular network to specify it. Make sure there are no loops in the network configuration, and apply these settings in case the network consists of multiple switches, or other bridges apart from those created by the Router.

Status The “Status” column displays the connection status of a particular device.

STP Click in the device’s “STP” check box to enable Spanning Tree Protocol on

the device. This protocol provides path redundancy while preventing undesirable loops in the network.

Page 29

Chapter 4 Using Network Connections

Action The “Action” column contains an icon that, when clicked, generates the configuration screen of the particular device.

DNS Server

Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. Specify such an address manually, according to the information provided by the ISP. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one pri- mary, the other secondary.

IP Address Distribution

The “IP Address Distribution” section of the Configure Network (Home/Office) screen is used to configure the Router’s Dynamic Host Configuration Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to net- work devices. If enabled, make sure to configure the network devices as “DHCP Clients.” There are three options in this section: Disabled, DHCP Server, and DHCP Relay.

Disabled Select this option if statically assigning IP addresses to the network devices.

DHCP Server To set up the network bridge to function as a DHCP server:

1. Select DHCP Server.

2. Enter the IP address at which the Router starts issuing addresses in the

“Start IP Address” text boxes. Since the Router’s default IP address is

192.168.1.1, the Start IP Address should be 192.168.1.2.

3. Enter the end of the IP address range used to automatically issue IP address-

es in the “End IP Address” text boxes. The “maximum” IP address that can be entered here is 192.168.1.253.

4. Enter the subnet mask address in the “Subnet Mask” text boxes. The subnet

mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion.

Page 30

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

5. If Windows Internet Naming Service (WINS) is being used, enter the WINS

server address in the “WINS Server” text boxes.

6. Enter the amount of time a network device will be allowed to connect to

the Router with its currently issued dynamic IP address in the “Lease Time in Minutes” text box.

7. Click in the “Provide Host Name If Not Specified by Client” check box to

have the Router automatically assign network devices with a host name, in case a host name is not provided by the user.

DHCP Relay Select this option to have the Router function as a DHCP relay, and enter the IP address in the screen that appears.

Routing

The Router can be configured to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, while static routing specifies a fixed routing path to neighboring destinations.

There are two options in the “Routing” section of the Configure Network (Home/Office) screen: Basic or Advanced.

Basic Select this option for basic routing operation.

Advanced To set up the Router’s network bridge for advanced routing:

1. Select Advanced from the “Routing” drop-down menu.

2. Enter a device metric in the “Device Metric” text box. The device metric is

a value used by the Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time.

3. Click in the “Default Route” check box to define this device as a the

default route.

4. Click in the “Multicast - IGMP Proxy Internal” check box to activate

multicasting.

Page 31

Chapter 4 Using Network Connections

Routing Table

Clicking New Route generates the “New Route” window, where a new route can be configured.

Additional IP Addresses

Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the Router via the Network (Home/Office) connection.

Ethernet Connection

An Ethernet connection connects computers to the Router using Ethernet cables, either directly or via network hubs and switches. Click Ethernet in the Network

Connections screen (if needed, click Advanced at the bottom of the screen to reveal the “Ethernet” link below “Network [Home/Office]”) to generate the “Ethernet Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box).

Note: If disabling the connection, the Router must be rebooted

☞

for the change to take effect.

Page 32

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Configuring the Ethernet Connection

Click Settings at the bottom-right of the Ethernet Properties screen to generate the “Configure Ethernet” screen.

General

The top part of the Configure Ethernet screen displays general communication parameters. Actiontec recommends not changing the default values in this section unless familiar with networking concepts.

Status Displays the connection status of the Ethernet switch.

When should this rule occur? Displays when the rule is active. To schedule rules,

see the “Advanced Settings” chapter.

Network Select the type of connection being configured from the drop-down list (Network [Home/Office], Broadband Connection, or DMZ).

Connection Type Displays the type of connection.

Physical Address Displays the physical address of the network card used for

the network.

MTU MTU (Maximum Transmission Unit) specifies the largest packet size per-

Page 33

Chapter 4 Using Network Connections

Additional IP Addresses

Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the Router via the Ethernet connection.

4 Ports Ethernet Switch

This section displays the connection status of the Router’s four Ethernet ports.

Clicking on a connection’s “Action” icon (in the column on the right) generates the “Port VLANs” screen, where ingress and egress policies can be edited.

Page 34

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Broadband Ethernet Connection

A Broadband Ethernet connection connects the Router to the Internet using an Ethernet cable. Click Broadband Connection (Ethernet) from the Network

Connections screen to generate the “Broadband Connection (Ethernet) Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box).

Note: If disabling the connection, the Router must be rebooted

☞

for the change to take effect.

Page 35

Chapter 4 Using Network Connections

Configuring the Broadband Ethernet Connection

Click Settings at the bottom-right of the Broadband Connection (Ethernet) Properties window to generate the “Configure Broadband Connection (Ethernet)” screen.

General

The top part of the screen displays general communication parameters. Actiontec recommends not changing the default values in this section unless familiar with networking concepts.

Status Displays the status of the Ethernet connection (“Down,” “Connected,” etc.)

Schedule Displays when the rule is active. To configure rules, see the “Advanced

Settings” chapter.

Network Select the type of connection being configured from the drop-down list (options: Network (Home/Office), Broadband Connection, or DMZ).

Connection Type Displays the type of connection. Since this is an Ethernet Connection, “Ethernet” is displayed.

Page 36

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Physical Address Displays the physical address of the network card used for the network.

MTU MTU (Maximum Transmission Unit) specifies the largest packet size per-

mitted for Internet transmission. “Automatic, sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually.

Internet Protocol

This section includes three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address.

No IP Address Select this option if the connection has no IP address. This is use- ful if the connection is operating under a bridge.

Obtain an IP Address Automatically Select this option if the ISP requires the con- nection to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by clicking in the “Override Subnet Mask” check box and entering another subnet mask address. Additionally, the DHCP lease can be renewed and/or released by clicking on the appropriate “DHCP Lease” button. The “Expires In” value displays how long until the DHCP lease expires.

Use the Following IP Address Select this option if the connection uses a permanent (static) IP address. The ISP should provide this address, along with a subnet mask address, default gateway address, and, optionally, primary and secondary

DNS server addresses.

DNS Server

The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. This connection can be configured to automatically obtain a DNS server address, or such an address can be specified manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the “DNS Server” drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one pri- mary, the other secondary.

Page 37

Chapter 4 Using Network Connections

IP Address Distribution

The “IP Address Distribution” section of the Configure Broadband Connection

(Ethernet) screen is used to configure the Router’s Dynamic Host Configuration

Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as “DHCP Clients.” There are three options in this section: Disabled, DHCP Server, and DHCP Relay.

Caution: Actiontec strongly recommends leaving this setting

at “Disabled.”

Disabled Select this option if statically assigning IP addresses to the network devices.

DHCP Server To set up the Router to function as a DHCP server:

1. Select DHCP Server.

2. Enter the IP address at which the Router starts issuing addresses in the “Start

IP Address” text boxes. Since the Router’s default IP address is 192.168.1.1,

the Start IP Address must be 192.168.1.2 or higher.

3. Enter the end of the IP address range used to automatically issue IP addresses

in the “End IP Address” text boxes.

4. Enter the subnet mask address in the “Subnet Mask” text boxes. The subnet

mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion.

5. If a Windows Internet Naming Service (WINS) is being used, enter the WINS

server address in the “WINS Server” text boxes.

6. Enter the amount of time a network device will be allowed to connect to the

Router with its currently issued dynamic IP address in the “Lease Time in Minutes” text box. Just before the time is up, the device’s user will need to make a request to extend the lease or get a new IP address.

7. Click in the “Provide Host Name If Not Specified by Client” check box to

have the Router automatically assign network devices with a host name, in case a host name is not provided by the user.

Page 38

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Additionally, to add a new product or product family, click New IP Range in the “Vendor Class ID” column below “IP Address Distriution According to DHCP Option 60 (Vendor Class Identifier).” This generates the “DHCP Server Pool Settings” screen. Set the device name, IP range, and priority level in the appropriate text boxes, then click Apply.

DHCP Relay Select this option to have the Router function as a DHCP relay. To enter a new IP address for the relay, click New IP Address. The “DHCP Relay Server Address” screen appears. Enter the new IP address in the appropriate text boxes, then click Apply.

Routing

There are two options in the “Routing” section of the “Configure WAN Coax Link Ethernet” screen: Basic or Advanced.

Basic Select this option for basic routing operation.

Advanced To set up the Router’s Broadband Ethernet connection for advanced

routing:

1. Select Advanced from the Routing drop-down menu.

2. Enter a device metric in the “Device Metric” text box. The device metric is

a value used by the Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time.

Page 39

Chapter 4 Using Network Connections

3. Click in the “Default Route” check box to define this device as a the

default route.

4. Click in the “Multicast - IGMP Proxy Internal” check box to activate

multicasting.

Routing Table

Clicking New Route generates the “New Route” window, where a new route can be configured.

Internet Connection Firewall

Click in the “Enabled” check box to activate the Router’s firewall on the connection.

Additional IP Addresses

Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the Router via the connection.

Page 40

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

WAN PPPoE/WAN PPPoE 2

WAN Point-to-Point Protocol over Ethernet (PPPoE) relies on two widely accepted

standards: Point-to-Point Protocol and Ethernet. PPPoE enables Ethernet networked computers to exchange information with computers on the Internet.

PPPoE supports the protocol layers and authentication widely used in PPP and

enables a point-to-point connection to be established in the normally multipoint architecture of Ethernet. A discovery process in PPPoE determines the Ethernet

MAC address of the remote device in order to establish a session.

Click WAN PPPoE in the Network Connections screen to generate the “WAN

PPPoE Properties” screen. This screen displays a list of the connection’s proper-

ties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Name” text box).

Page 41

Chapter 4 Using Network Connections

Configuring the WAN PPPoE Connection

Click Settings in the WAN PPPoE Properties screen to generate the “Configure

WAN PPPoE” screen.

General

The top part of the Configure WAN PPPoE screen displays general communica- tion parameters. Actiontec recommends not changing the default values in this section unless familiar with networking concepts.

Status Displays the connection status of the WAN PPPoE connection. (“Down,” “Disabled,” “Connected,” etc.)

When should this rule occur? Displays when the rule is active. To schedule rules, see “Advanced Settings” chapter.

Page 42

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Network Select the type of connection being configured from the drop-down list (Broadband Connection, Network (Home/Office), or DMZ).

Connection Type Displays the type of connection. Since this is PPPoE connection, “PPPoE” is displayed.

MTU MTU (Maximum Transmission Unit) specifies the largest packet size

permitted for Internet transmission. “Automatic, sets the MTU at 1492. Other choices include “Automatic,” which sets the MTU according to the connection to the ISP, and “Manual,” which allows the MTU to be set manually.

Underlying Connection Specify the underlying connection above which the protocol initiates from the drop-down list, which displays all possible underlying devices.

PPP Configuration

Point-to-Point Protocol (PPP) is the most popular method for transporting packets between the user and the ISP.

Service Name Specify the networking peer’s service name, if provided by the ISP, in this text box.

On-Demand To use PPP on demand to initiate the point-to-point protocol session only when packets are actually sent over the Internet, click in this check box. This option should be active on a limited basis

Idle Time Before Hanging Up Enter the amount of idle time, in minutes, before the

PPP session automatically ends .

Time Between Reconnect Attempts In this text box, specify the duration between

PPP reconnect attempts, as provided by the ISP.

PPP Authentication

Point-to-Point Protocol (PPP) currently supports four authentication pro- tocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP versions 1 and 2. Select the authentication protocols the Router may use when negotiating with a

PPTP server in this section. Select all the protocols if no information is available

about the server’s authentication methods. Note that encryption is performed only if Microsoft CHAP, Microsoft CHAP version 2, or both are selected.

Warning: The PPP Authentication settings should not be

changed unless instructed to do so by Verizon.

Page 43

Chapter 4 Using Network Connections

Support Unencrypted Password (PAP) Password Authentication Protocol (PAP)

is a simple, plain-text authentication scheme. The user name and password are requested by the networking peer in plain-text. PAP, however, is not a secure authentication protocol. Man-in-the-middle attacks can easily determine the remote access client’s password. PAP offers no protection against replay attacks, remote client impersonation, or remote server impersonation.

Support Challenge Handshake Authentication (CHAP) Click in this check box to activate CHAP, a challenge-response authentication protocol that uses MD5 to hash the response to a challenge. CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt.

Support Microsoft CHAP Click in this check box if communicating with a peer that uses Microsoft CHAP authentication protocol.

Support Microsoft CHAP Version 2 Select this check box if communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol.

PPP Compression

The PPP Compression Control Protocol (CCP) is responsible for configuring, enabling, and disabling data compression algorithms on both ends of the pointto-point link. It is also used to signal a failure of the compression/ decompression mechanism in a reliable manner.

For each compression algorithm (BSD and Deflate), select one of the following from the drop-down list:

Reject Selecting this option rejects PPP connections with peers that use the com- pression algorithm. If Reject is activated, throughput may diminish.

Allow Selecting this option allows PPP connections with peers that use the com- pression algorithm.

Require Selecting this option insures a connection with a peer using the compression algorithm.

Page 44

Actiontec Broadband Router User Manual

Chapter 4 Using Network Connections

Internet Protocol

Select one of the following Internet Protocol options from the “Internet Protocol” drop-down list:

Obtain an IP Address Automatically This option is selected by default. Change only if required by the ISP. The server that assigns the Router with an IP address also assigns a subnet mask. Override the dynamically assigned subnet mask by selecting the “Override Subnet Mask” and entering a different subnet mask.

Use the Following IP Address Select this option to configure the Router to use a permanent (static) IP address. The ISP should provide this address.

DNS Server

The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The Router can be configured to automatically obtain a DNS server address, or the address can be entered manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the “DNS Server” drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses from the “DNS Server” drop-down list. Up to two different

DNS server addresses can be entered (Primary and Secondary).

Routing

Select Advanced or Basic from the “Routing” drop-down list. If Advanced is selected, additional options appear, as listed below.

Routing Mode Select one of the following Routing modes:

• Route - Select this option to cause the Router to act as a router between two networks.

• NAT - Select this option to activate Network Address Translation (NAT), which translates IP addresses to a valid, public address on the Internet. NAT adds security, since the IP addresses of the devices on the network are not transmitted over the Internet. In addition, NAT allows many addresses to exist behind a single valid address. Use the NAT routing mode only if the local network consists of a single device, or collisions may occur if more than one device attempts to communicate using the same port.

Page 45

Chapter 4 Using Network Connections

• NAPT - Select this option to activate NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation.

Device Metric The device metric is a value used by the Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more.

Default Route Click in this check box to define the connection as a the default route.

Multicast - IGMP Proxy Default Click in this check box to enable the Router to issue

IGMP (Internet Group Management Protocol) host messages on behalf of hosts

the Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devic- es asking to join multicast groups.

Routing Table

Clicking New Route generates the “New Route” window, where a new route can be configured.

Internet Connection Firewall

Click in the “Enabled” check box to activate the Router’s firewall on the WAN

PPPoE connection.

Page 46

Actiontec Broadband Router User Manual

This page left intentionally blank.

Page 47

Configuring the Router’s Security

The Broadband Router’s security suite includes comprehensive and robust security services: Stateful Packet Inspection, a firewall, user authentication protocols, and password protection mechanisms. These features allow users to connect their computers to the Internet and be protected from the security threats.

The Router’s firewall is the cornerstone of the Router’s security suite. It has been exclusively tailored to the needs of the residential/office user and is pre-configured to provide optimum security.

The firewall provides both the security and flexibility home and office users seek. It provides a managed, professional level of network security while enabling the safe use of interactive applications, such as Internet gaming and video-conferencing.

Additional features, including surfing restrictions and access control, can also be configured locally through the Router’s MegaControl Panel, or remotely by a service provider.

The firewall also supports advanced filtering, designed to allow comprehensive control over the firewall’s behavior. Specific input and output rules can be defined, the order of logically similar sets of rules can be controlled, and distinctions between rules that apply to Internet and local network devices can be made.

Page 48

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

This chapter covers these Security features:

• General - select the security level for the firewall.

• Access Control - restrict access from the local network to the Internet.

• Port Forwarding - enable access from the Internet to specified services provided by computers on the local network.

• DMZ Host - configure a network host to receive all traffic arriving at the Router which does not belong to a known session.

• Port Triggering - define port triggering entries to dynamically open the firewall for some protocols or ports.

• Remote Administration - enable remote configuration of the Router from any Internet-accessible computer.

• Website Blocking - block network access to a certain hosts or websites on the Internet.

• Static NAT - allow multiple static NAT IP addresses to be designated to devices on the network.

• Advanced Filtering - control the firewall’s settings and rules.

• Security Log - view and configure the security log.

Page 49

Chapter 5 Configuring the Router’s Security

General

The “General” screen is used to configure the Router’s basic security settings.

The firewall regulates the flow of data between the local network and the Internet. Both incoming and outgoing data are inspected and then either accepted (allowed to pass through the Router) or rejected (barred from passing through the Router) according to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions from the outside, while allowing local network users access to required Internet services.

The firewall rules specify what types of services available on the Internet can be accessed from the local network and what types of services available in the local network can be accessed from the Internet. Each request for a service the firewall receives, whether originating in the Internet or from a computer in the local network, is checked against the firewall rules to determine whether the request should be allowed to pass through the firewall. If the request is permitted to pass, all subsequent data associated with this request (a “session”) will also be allowed to pass, regardless of its direction.

For example, when accessing a website on the Internet, a request is sent out to the Internet for this site. When the request reaches the Router, the firewall identifies the request type and origin (HTTP and a specific computer in the local network, in this case). Unless the Router is configured to block requests of this type from this computer, the firewall allows this request to pass out onto the Internet. When the website is returned from the web server, the firewall will associate it with this session and allow it to pass, regardless of whether HTTP access from the Internet to the local network is blocked or permitted.

Page 50

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Note that it is the origin of the request, not subsequent responses to this request, which determines whether a session can be established or not.

The Router features three pre-defined security levels: Minimum, Typical, and Maximum. The table below summarizes the behavior of the Router for each of the three security levels.

Requests from the Internet

Security Level

Maximum Security

Typical Security

Minimum Security

These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP.

Note: Some applications (such as some Internet messengers and

☞

Peer-To-Peer client applications) tend to use these ports if they cannot connect with their own default ports. When applying this behavior, these applications will not be blocked outbound, even at the Maximum Security level.

(incoming traffic)

Blocked - No access to local network from Internet, except as configured in the Port Forwarding, DMZ host, and Remote Access screens.

Unrestricted - Permits full access from Internet to local network; all connection attempts permitted.

Requests from the local

network (outgoing traffic)

Limited - Only commonly used services, such as web browsing and E-mail, are permitted.

Unrestricted - All services are permitted, except as configured in the Access Control screen.

To configure the Router’s security settings:

1. From the General screen, select a security level by clicking the appropriate radio

button. Using the Minimum Security setting may expose the local network to significant security risks, and thus should only be used for short periods of time.

Page 51

Chapter 5 Configuring the Router’s Security

2. Check the “Block IP Fragments” box to protect the local network from a com-

mon type of hacker attack that uses fragmented data packets to sabotage the network. Note that VPN over IPSec and some UDP-based services make legiti- mate use of IP fragments. IP fragments must be allowed to pass into the local network to use these services.

3. Click Apply to save changes.

Access Control

Access control is used to block specific computers within the local network (or even the whole network) from accessing certain services on the Internet. For example, one computer can be prohibited from surfing the Internet, another computer from transferring files using FTP, and the whole network from receiving incoming E-mail.

Access control defines restrictions on the types of requests that can pass from the local network out to the Internet, and thus may block traffic flowing in both directions. In the E-mail example given above, computers in the local network can be prevented from receiving E-mail by blocking their outgoing requests to POP3 serv- ers on the Internet.

Access control also incorporates a list of preset services in the form of applications and common port settings.

Page 52

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Allow or Restrict Services

To view and allow/restrict these services:

1. Select Access Control from the left side of any Security screen. The “Access

Control” screen appears.

Note: The “Allowed” section is only visible when the firewall is

☞

set to “Maximum.”

2. Click Add. The “Add Access Control Rule” screen appears.

Note: To block a service, click Add in the “Blocked” section of

☞

the Access Control screen. To allow outgoing traffic, click Add in the “Allowed” section of the screen.

Page 53

Chapter 5 Configuring the Router’s Security

3. If this access control rule applies to all networked devices, select “Any” from

the “Networked Computer/Device” list box. If this rule applies to certain devices only, select “Specify Address” and click Add. Then, create and add a network object (for more details about adding network objects, see the “Advanced Settings” chapter of this manual).

4. Select the Internet protocol to be allowed or blocked from the “Protocol”

drop-down list.

5. If the rule will be active all the time, select Always from the “When should this

rule occur?” drop-down list. If the rule will only be active at certain times, select Specify Schedule and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Settings” chapter of this manual).

6. Click Apply to save the changes. The Access Control screen will display a sum-

mary of the new access control rule.

Note: To block a service not included in the list, select Specify

☞

Protocol from the Protocol drop-down menu. The “Edit Service” screen appears. Define the service, then click OK. The service will then be automatically added to the top section of the “Add Access Control Rule” screen, and will be selectable.

An access control can be disabled and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available temporarily, with the expectation that the restriction will be reinstated later.

• To temporarily disable an access control, clear the check box next to the service name.

• To reinstate the restriction at a later time, select the check box next to the service name.

• To remove an access restriction from the Access Control table, click Remove for the service. The service will be removed from the Access Control table.

Page 54

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Port Forwarding

In its default state, the Router blocks all external users from connecting to or communicating with the network, making it safe from hackers who may try to intrude on the network and damage it. However, the network can be exposed to the Internet in certain limited and controlled ways to enable some applications to work from the local network (game, voice, and chat applications, for example) and to enable Internet access to servers in the network. Port forwarding (sometimes referred to as local servers) supports both of these functions.

To grant Internet users access to servers inside the local network, each service provided, as well as the computer providing it, must be identified. To do this:

1. Select Port Forwarding from the left side of any Security screen. The “Port

Forwarding” screen appears.

2. Click Add. The “Add Port Forwarding Rule” screen appears.

3. Enter the local IP address or the host name of the computer providing the

service in the “Networked Computer/Device” text box, or select them from the drop-down list. Note that only one local network computer can be assigned to provide a specific service or application.

Page 55

Chapter 5 Configuring the Router’s Security

4. Select the Internet protocol to be provided from the “Protocol” drop-down

list. To see all options, select All Services.

5. Select a WAN connection type from the “WAN Connection Type” drop-down

list. Actiontec recommends selecting All Broadband Devices.

6. To select a port to forward communications to (this is optional), select Specify

from the “Forward to Port” drop-down list, then, in the text box that appears, enter the port number. If no port is identified, select Same as Incoming Port.

7. If this port will be active all the time, select Always from the “When should this

8. Click Apply to save the changes.

How many computers can use a service or play a game simultaneously? Well, the answer may be a bit confusing. All the computers on the network can behave as clients and use a specific service simultaneously. Being a client means the computer within the network initiates the connection; for example, a computer on the network can open an FTP connection with an FTP server on the Internet. But only one computer on the network can operate as a server and respond to requests from computers on the Internet (outside the local network).

DMZ (Demilitarized Zone) Host

The DMZ host feature allows one device on the network to operate outside the fire- wall. Designate a DMZ host:

• To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available.

• To expose one computer to all services without restriction or security.

Warning: A DMZ host is not protected by the firewall and may be

vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security implications and protect it if necessary.

Page 56

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

To designate a local computer as a DMZ host:

1. Select DMZ Host from the left side of any Security screen. The “DMZ Host”

screen appears.

2. Click in the “DMZ Host IP Address” check box, then enter the IP address of the

computer to be designated as a DMZ host. Note that only one network computer can be a DMZ host at any time.

3. Click Apply.

Click in the “DMZ Host IP Address” check box again to disable the DMZ host.

Port Triggering

Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, inbound traffic is allowed to arrive at a specific network host using ports different than those used for the outbound traffic. The outbound traffic triggers which ports inbound traffic is directed.

For example, a gaming server is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In this case, port triggering must be used, since it conflicts with the following default firewall settings:

• The firewall blocks inbound traffic by default.

• The server replies to the Router’s IP, and the connection is not sent back to the host, since it is not part of a session.

To resolve the conflict, a port triggering entry must be defined, which allows inbound traffic on UDP port 3333, only after a network host generated traffic to

UDP port 2222. This results in accepting the inbound traffic from the gaming

server, and sending it back to the network host which originated the outgoing traffic to UDP port 2222.

Page 57

Chapter 5 Configuring the Router’s Security

To use port triggering:

1. Select Port Triggering from the left side of any Security screen. The “Port

Triggering” screen appears.

2. Select either “Specify Protocol” or “Show All Services” from the drop-down list

next to “Add.”

3. Click Add. An “Edit Service” screen appears.

4. Specify the port triggering entries by clicking New Trigger Ports and New

Opened Ports and entering the protocol and protocol number in the succeeding screens. For example, to set up port triggering for the scenario laid out on the previous page, the service ports would be set to UDP and 2222, while the opened ports would be set to UDP and 3333.

Page 58

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Remote Administration

The Router can be accessed and controlled not only from within the local network, but also from the Internet using remote adminstration.

To access, select Remote Administration from the left side of any Security screen. The “Remote Administration” screen appears.

Telnet

Telnet is used to create a command-line session and gain access to all system settings and parameters using a text-based terminal. Select the Telnet port to be used by clicking in the appropriate check box, then click Apply.

Page 59

Chapter 5 Configuring the Router’s Security

MegaControl Panel

MegaControl Panel is used to obtain access to the Router’s MegaControl Panel and gain access to all settings and parameters,using a web browser. Both secure (HTTPS) and non-secure (HTTP) access is available. Select the port to be used by clicking in the appropriate text box, then click Apply.

Note: Telnet and MegaControl Panel remote administration

☞

access may be used to modify or disable firewall settings. Local

IP addresses and other settings can also be changed, making

it difficult or impossible to access the Router from the local network. Therefore, remote adminstration access to Telnet or MegaControl Panel services should be activated only when absolutely necessary.

Diagnostic Tools

Diagnostic Tools are used for troubleshooting and remote system management by a user or the ISP.

Note: Encrypted remote administration is performed using a

☞

secure SSL connection, and requires an SSL certificate. When accessing the Router for the first time using encrypted remote administration, a warning appears regarding certificate authentication because the Router’s SSL certificate is self-generated. When encountering this message under these circumstances, ignore it and continue. Even though this message appears, the self-generated certificate is safe, and provides a secure SSL connection.

Page 60

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Static NAT

This option allows multiple public addresses to be designated to devices on the network. Static NAT allows devices behind a firewall and configured with private IP addresses appear to have public IP addresses on the Internet. This allows an inter- nal host, such as a web server, to have an unregistered (private) IP address and still be reachable over the Internet. To do this:

1. Select Static NAT from any Security screen. The “Static NAT” screen appears.

2. Click Add. The “Add Static NAT” screen appears.

3. Enter the name of the computer to be used as the local host, or, to enter a

specific IP address, select Specify Address from the “Networked Computer/ Device” drop-down list and enter the IP address in the box on the right.

4. Enter a public IP address assigned by the ISP in the “Public IP Address”

text box.

5. Select a connection from the “WAN Connection Type” drop-down list.

6. Select the protocol that needs to be accessible from the public IP address by

clicking in the check box next to “Enable Port Forwarding for Static NAT,” then selecting a protocol from the drop-down menu. Use “Any” to pass all data. Click Apply, and Apply again.

Repeat these steps to add more static IP addresses from the network.

Page 61

Chapter 5 Configuring the Router’s Security

Advanced Filtering

Advanced filtering is designed to allow comprehensive control over the firewall’s behavior. Specific input and output rules can be defined, the order of logically similar sets of rules controlled, and distinctions made between rules that apply to Internet and local network devices.

To access, select Advanced Filtering from any Security screen. The “Advanced Filtering” screen appears.

Two sets of rules can be configured: input rules and output rules. Each set of rules comprises three subsets: initial rules, network devices rules, and final rules. These subsets determine the sequence by which the rules will be applied. Following is a description of the set ordering for inbound and outbound packets.

Page 62

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

Inbound Packets - Input Rule Sets

• Initial rules

• All rules defined for the network device on which the packet is

• Local servers rules from the local server tab in the security screen

• Rules to accept all the packets on a device in case the firewall check box “Internet Connection Firewall” in the connection settings screen is unchecked

• Remote administration rules from the remote administration tab

• DMZ host rules from the DMZ tab

• Final rules

Outbound Packets - Output Rules Sets

• Initial rules

• All rules defined for the network device on which the packet is

• Rules to accept all the packets on a device in case the firewall check box “Internet Connection Firewall” in the connection settings screen is unchecked

• IP/hostname filtering rules and access control rules from the tabs in the security screen

• Final rules

There are numerous rules automatically inserted by the firewall in order to provide improved security and block harmful attacks.

Page 63

Chapter 5 Configuring the Router’s Security

To configure advanced filtering rules, click Add next to the rule title. The “Add Advanced Filter” screen appears.

To add an advanced filtering rule, define the following rule parameters:

Matching

To apply a firewall rule, a match must be made between IP addresses or ranges and ports. Use the “Source Address” and “Destination Address” drop-down lists to define the coupling of source and destination traffic. Port matching will be defined when selecting protocols. For example, if the FTP protocol is selected, port 21 will be checked for matching traffic flow between the defined source and destination IPs.

Operation

This is where the action the rule will take is defined. Select one of the following radio buttons:

• Drop - Deny access to packets that match the source and destination IP addresses and protocol ports defined in “Matching.”

• Reject - Deny access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen, and send an ICMP error or a TCP reset to the origination peer.

Page 64

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

• Accept - Allow access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen. The data transfer session will be handled using Stateful Packet Inspection (SPI).

• Accept Packet - Allow access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen. The data transfer session will not be handled using Stateful Packet Inspection (SPI), so other packets that match this rule will not be automatically allowed access. This setting is useful when creating rules that allow broadcasting.

Logging

Click in this check box to add entries relating to this rule to the security log.

Scheduler (When should this rule occur?)

If advanced filtering needs to be active all the time, select “Always” from the “When should this rule occur?” drop-down list. If the rule will only be active at certain times select Specify Schedule and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Settings” chapter of this manual)

Security Log

The security log displays a list of firewall-related events, including attempts to establish inbound and outbound connections, attempts to authenticate at an administrative interface (MegaControl Panel or Telnet terminal), firewall configuration, and system start-up.

To access the security log, select Security Log from any Security screen. The “Security Log” screen appears.

Page 65

Chapter 5 Configuring the Router’s Security

Time

The time (based on the Router’s date and time settings) the event occurred.

Event

There are five kinds of events listed in the system log:

• Inbound Traffic - a result of an incoming packet

• Outbound Traffic - a result of an outgoing packet.

• Firewall Setup - configuration message

• WBM Login - a user logged in to WBM

• CLI Login - a user logged in to the command line interface via Telnet

Event-Type

Displays a textual description of the event.

Details

The “Details” column displays more information about the packet or the event, such as protocol, IP addresses, ports, etc. The following are the available event types that can be recorded in the security log:

• Firewall internal - from the firewall internal mechanism, in case this eventtype is recorded, an accompanying explanation will be added.

• Firewall status changed - the firewall changed status from up to down or the vice versa, as specified in the event type description.

• STP packet - an STP (Spanning Tree Protocol) packet has been accepted/ rejected.

• Illegal packet options - the options field in the packet’s header is either illegal or forbidden.

• Fragmented packet - a fragment has been rejected.

• WinNuke protection - a WinNuke attack has been blocked.

• ICMP replay - an ICMP (Internet Control Message Protocol) replay mes-

Page 66

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

sage has been blocked.

• ICMP redirect protection - an ICMP redirected message has been blocked.

• Packet invalid in connection - an invalid connection packet has been blocked.

• ICMP protection - a broadcast ICMP message has been blocked.

• Broadcast/Multicast protection - a packet with a broadcast/multicast source IP has been blocked.

• Spoofing protection - a packet from the Internet with a source IP belong- ing the local network has been blocked.

• DMZ network packet - a packet from a demilitarized zone network has been blocked.

• Trusted device - a packet from a trusted device has been accepted.

• Default policy - a packet has been accepted/blocked according to the default policy.

• Remote administration - a packet designated for the Router management has been accepted/blocked.

• Access control - a packet has been accepted/blocked because of an access control rule.

• Parental control - a packet has been blocked because of parental control.

• NAT out failed - NAT failed for this packet.

• DHCP request - the Router sent a DHCP request (depends on the distribution)

• DHCP response - the Router received a DHCP response (depends on the distribution)

• DHCP relay agent - a DHCP relay packet has been received (depends on the distribution)

• IGMP packet - an IGMP packet has been accepted.

• Multicast IGMP connection - a multicast packet has been accepted.

• PPTP connection - a packet inquiring whether the Router is ready to

Page 67

Chapter 5 Configuring the Router’s Security

receive a PPTP connection has been accepted.

• AUTH:113 request - an outbound packet for AUTH protocol has been accepted (for maximum security level).

• IPV6 over IPV4 - an IPv6 over IPv4 packet has been accepted.

• ARP - an ARP packet has been accepted.

• PPP Discover - a PPP discover packet has been accepted.

• PPP Session - a PPP session packet has been accepted.

• 802.1Q - a 802.1Q (VLAN) packet has been accepted.

• Outbound Auth1X - an outbound Auth1X packet has been accepted.

• IP Version 6 - an IPv6 packet has been accepted.

• Router initiated traffic - all traffic the Router initiates is recorded.

• Maximum security enabled service - a packet has been accepted because it belongs to a permitted service in the maximum security level.

• SynCookies Protection - a SynCookies packet has been blocked.

• ICMP Flood Protection - a packet has been blocked, stopping an ICMP flood.

• UDP Flood Protection - a packet has been blocked, stopping a UDP flood.

• Service - a packet has been accepted because of a certain service, as specified in the event type.

• Advanced Filter Rule - a packet has been accepted/blocked because of an advanced filter rule.

• Fragmented packet, header too small - a packet has been blocked because, after defragmentation, the header was too small.

• Fragmented packet, header too big - a packet has been blocked because, after defragmentation, the header was too big.

• Fragmented packet, bad align - a packet has been blocked because, after defragmentation, the packet was badly aligned.

Page 68

Actiontec Broadband Router User Manual

Chapter 5 Configuring the Router’s Security

• Fragmented packet, packet too big - a packet has been blocked because, after defragmentation, the packet was too big.

• Fragmented packet, packet exceeds - a packet has been blocked because, after defragmentation, the packet exceeded.

• Fragmented packet, no memory - a fragmented packet has been blocked because there is no memory for fragments.

• Fragmented packet, overlapped - a packet has been blocked because, after defragmentation, there were overlapping fragments.

• Defragmentation failed - the fragment has been stored in memory and blocked until all fragments have arrived and defragmentation can be performed.

• Connection opened - debug message regarding connection.

• Wildcard connection opened - debug message regarding connection.

• Wildcard connection hooked - debug message regarding connection.

• Connection closed - debug message regarding connection.

• Echo/Chargen/Quote/Snork protection - a packet has been blocked due to Echo/Chargen/Quote/Snork protection.

• First packet in connection is not a SYN packet - a packet has been blocked due to a TCP connection that started without a SYN packet.

• Error : No memory - a new connection has not been established because of lack of memory.

• NAT Error : connection pool is full. No connection created -a connection has not been created because the connection pool is full.

• NAT Error: No free NAT IP - no free NAT IP, so NAT has failed.

• NAT Error: Conflict Mapping already exists - a conflict occurred because the NAT mapping already exists, so NAT failed.

• Malformed packet: Failed parsing - a packet has been blocked because it is malformed.

• Passive attack on ftp-server: Client attempted to open Server ports - a packet has been blocked.

Page 69

Chapter 5 Configuring the Router’s Security

• FTP port request to 3rd party is forbidden (Possible bounce attack) - a packet has been blocked.

• Firewall Rules were changed - the firewall rule set has been modified.

• User authentication - a message arrived during login time, including both successful and failed authentication.

Security Log Settings

To view or change the security log settings:

1. Click Settings in the Security Log screen. The “Security Log Settings” screen

appears.

2. Select the type of activities that will generate a log message:

• Accepted Incoming Connections - activating this check box generates a log message for each successful attempt to establish an inbound connection to the local network.

• Accepted Outgoing Connections - activating this check box generates a log message for each successful attempt to establish an outgoing connection to the public network.

Page 70

Actiontec Broadband Router User Manual

3. Select the type of blocked events to be listed in the log:

• All Blocked Connection Attempts - activating this check box generates log messages for all blocked events.

• Other Blocked Events - if “All Blocked Connection Attempts” is unchecked, select specific blocked events from this list to generate log messages.

4. Click in the “Remote Administration Attempts” check box to write a log mes-

sage for each remote-administration connection attempt, whether successful or not.

5. Click in the “Connection States” check box to track connection handling by

the firewall and Application Level Gateways (ALGs).

6. Click Apply to save changes.

Page 71

Using Parental Controls

The abundance of harmful information on the Internet poses a serious challenge for employers and parents alike - “How can I regulate what my employee/child does on the Internet?” The Broadband Router’s Parental Controls allows users to regulate, control, and monitor Internet access. By classifying and categorizing online content, it is possible to create numerous Internet access policies and easily apply them to networked computers.

Activating Parental Controls

To create a basic access policy for a computer on the Router’s network, click Parental Control from the top of the Home screen and follow these instructions:

1. The “Parental Control” screen appears. Click in the “Enable” check box to activate

the access policy mechanism.

2. Enter a “Rule Name” and “Description” for the access policy in the appropriate

text boxes.

Page 72

Actiontec Broadband Router User Manual

Chapter 6 Parental Controls

3a. Click the circle next to “Block the following Websites” to block access to a

list of websites, or click the circle next to “Allow the following Websites” to allow access to a list of websites.

3b. Enter the URL of the websites to be included on the list in the text box below.

For example, enter “www.sample.com.”

3c. Additionally, the Router can block or allow access to websites based on “key-

words.” For example, to block any website with “example” in its title, click in the circle next to “Block the Following URL Keywords,” then enter “example” in the text box below. To allow access to any website with “example” in its title, click in the circle next to “Allow the Following URL Keywords,” then enter “example” in the text box.

4. When finished, click Apply to have the access policy take effect.

Page 73

Chapter 6 Parental Controls

5a. Select the computer or device on the network on which the access policy will

be enforced from the “Network Computer/Device” drop-down menu.

5a. Select the time period during which the access policy will be enforced from

the “Network Computer/Device” drop-down menu. If “Specify Schedule” is selected, see “Scheduler Rules” in the “Advanced Settings” chapter for more infomation.

6. An overview of the rule (or access policy) is displayed at the bottom of

the screen.

Advanced Parental Controls

Clicking Advanced from the menu on the left side generates the “Advanced” screen.

Here, all Internet access to a particular computer or device on the network can be blocked. To do this:

1. Select the computer or device on the network on which the access policy will

be enforced from the “Network Computer/Device” drop-down menu.

Page 74

Actiontec Broadband Router User Manual

2. Select the time period during which the access policy will be enforced from

the “Network Computer/Device” drop-down menu. If “Specify Schedule” is selected, see “Scheduler Rules” in the “Advanced Settings” chapter for more infomation.

3. When finished, click Apply to have the access policy take effect.

4. An overview of the rule (or access policy) is displayed at the bottom of

the screen.

Page 75

Using Advanced Settings

The “Advanced” section of the Broadband Router’s MegaControl Panel is intended primarily for more advanced users. Some changes to settings within this section could adversely affect the operation of the Router and the local network, and should be made with caution.

To access the Router’s Advanced Settings, click Advanced at the top of the Home screen, which generates the “Advanced” screen.

The following settings are explained in this chapter:

Firmware Upgrade - download and install new versions of the Router’s firmware

Firmware Restore - restores firmware to previous version loaded in flash memory

Configuration File - manage configuration files

System Settings - modify the system’s settings

Date and Time - set the local date and time

Scheduler Rules - schedule firewall activation

Routing - manage routing policies

IP Address Distribution - manage the IP addresses of devices on the network

Diagnostics - perform diagnostic tests on the Router

Page 76

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Restore Defaults - reset the Router to its default settings

Reboot Router - restart the Router

MAC Cloning - clone MAC addresses

ARP Table - display active devices and their IP and MAC addresses, etc.

Users - create and manage remote users

Local Administration - configure and manage local administration policies

Dynamic DNS - configure Dynamic DNS settings

DNS Server - manage the local (LAN) network for host name and IP address

Network Objects - create and manage network objects (discrete LAN subsets)

Universal Plug and Play - configure Universal Plug and Play settings

Protocols - manage and create open ports for various Internet protocols or cus-

tomize an application

About - view information about the Router

Radius - manage the RADIUS (Remote Authentication Dial-in User Service) server

Remote Administration is explained in the “Security” chapter of this manual. QoS is explained in Appendix A of this manual.

Page 77

Chapter 7 Using Advanced Settings

Firmware Upgrade

The Router offers a built-in mechanism for upgrading its firmware without losing custom configurations and settings. There are two methods for upgrading the firmware:

• Upgrading from a local computer - use a software image file pre-downloaded to the computer’s disk drive or located on the accompanying evaluation CD.

• Upgrading from the Internet - use this method to upgrade the Router’s firmware by remotely downloading an updated software image file.

Upgrading From a Local Computer

To upgrade from a local computer:

1. Click Firmware Upgrade from the Advanced screen. The “Firmware

Upgrade” screen appears.

Page 78

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

2. In the “Upgrade From a Computer in the Network” section, click Upgrade

Now. The “Upgrade From a Computer in the Network” screen appears.

3. Enter the path of the software image file, or press the “Browse” button to

browse for the file, and click Apply. Make sure to only use files with an “rmt” extension when performing the firmware upgrade procedure.

4. When loading is completed, a confirmation screen appears, asking whether

to upgrade to the new version. Click Apply. The upgrade process begins and should take no longer than one minute to complete.

At the conclusion of the upgrade process the Router automatically reboots. The new firmware will run, maintaining any custom configurations and settings.

Upgrading From the Internet

The Router’s firmware can be automatically updated via the Internet. From the drop-down list next to the globe icon near the top of the Firmware Upgrade screen, a list of options appears, as described below.

Automatically Check and Upgrade

If “Automatically Check for New Version and Upgrade Broadband Router” is selected, enter the period of time the Router checks for a new upgrade, and the

URL at which to get the upgrade, in the appropriate text boxes. The Router will

then check at each time interval for upgrades and, if one is available, upgrade the Router’s firmware.

Automatically Check and Send E-mail

If “Automatically Check for New Version and Notify via Email” is selected, enter the period of time the Router checks for a new upgrade, and the URL at which to get the upgrade, in the appropriate text boxes. The Router will then check at each time interval for firmware upgrades and, if one is available, send an E-mail to the E-mail address listed in the System Settings.

Page 79

Chapter 7 Using Advanced Settings

Automatic Check Disabled

If “Automatically Check Disabled” is selected, the Router will not automatically check for firmware upgrades.

Manual Checking and Upgrading

To manually upgrade the Router’s firmware:

1. Click Check Now in the Firmware Upgrade screen.

2. If a new version is available, click Force Upgrade. A download process will

begin. When downloading is completed, a confirmation screen appears, asking whether to upgrade to the new version.

3. Click Apply. The upgrade process will begin and should take no longer than

one minute to complete.

At the conclusion of the upgrade process the Router automatically reboots. The new firmware runs, maintaining any custom configurations and settings.

Firmware Restore

Firmware restore allows the Router’s firmware to return to an earlier version, if the current version is unstable or does not meet specified needs. Click Firmware Restore from the Advanced screen to generate the “Firmware Restore” screen.

The screen displays the “Active Firmware” and the “Backup Firmware.” To restore the firmware to the backup firmware, click Restore Backup Firmware. A confirmation screen appears. Click OK to finish restoring the Router’s firmware.

Page 80

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Configuration File

Use the Router’s Configuration File feature to view, save, and load configuration files, which are used to backup and restore the Router’s current configuration: To do this:

1. Click Configuration File in the Advanced screen. The “Configuration File”

screen appears.

2. Click Load Configuration File to load the previous configuration from a file

and restart the Router.

3. Click Save Configuration File to backup the current configuration to a file.

Page 81

Chapter 7 Using Advanced Settings

System Settings

Clicking System Settings in the Advanced screen generates the “System Settings” screen, where various system and management parameters can be configured.

Page 82

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

System

Use the “System” section of this screen to configure the following two options:

Broadband Router’s Hostname

Specify the Router’s host name by entering it into the this text box. The host name is also the Router’s URL address, so it can be entered here rather than

192.168.1.1.

Local Domain

Specify the network’s local domain by entering it into this text box.

Broadband Router

Use this section to configure the following:

Automatic Refresh of System Monitoring Web Pages

Click in this check box to activate the automatic refresh of system monitoring web pages.

Warn User Before Network Configuration Changes

Click in this check box to activate user warnings before network configuration changes take effect.

Session Lifetime

After the Router has been inactive for a period of time, the user must reenter a user name and password to continue accessing the MegaControl Panel. To change the length of this time period, enter the amount of time (in seconds) in the “Session Lifetime” text box.

Configure a number of concurrent users…

Used to limit the number of users that can access the Router at the same time. Select the number of users from the drop-down list.

Page 83

Chapter 7 Using Advanced Settings

Management Application Ports

This section allows the following management application ports to have their default port numbers to be changed:

• Primary/secondary HTTP ports

• Primary/secondary HTTPS ports

• Primary/secondary Telnet ports

• Secure Telnet over SSL ports

System Logging

Use this section to configure the following system log options.

Enable Logging

Click in this check box to activate system logging.

Low Capacity Notification Enabled

Click in this check box to activate low capacity notification (works in tandem with “Allowed Capacity Before Email Notification” and “System Log Buffer Size” options).

Allowed Capacity Before Email Notification

Enter the percentage of system log buffer capacity reached to trigger an E-mail notification.

System Log Buffer Size

Enter the size of the system log buffer in this text box.

Remote System Notify Level

This feature is used to specify the type of information received for remote system logging. Options include None, Error, Warning, and Information.

Page 84

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Security Logging

Use this section to configure the following security log options.

Enable Logging

Click in this check box to activate security logging.

Low Capacity Notification Enabled

Click in this check box to activate low capacity notification (works in tandem with “Allowed Capacity Before Email Notification” and “Security Log Buffer Size” options).

Allowed Capacity Before Email Notification

Enter the percentage of security log buffer capacity reached to trigger an E-mail notification.

Security Log Buffer Size

Enter the size of the security log buffer in this text box.

Remote System Notify Level

This feature is used to specify the type of information received for security logging. Options include None, Error, Warning, and Information.

Outgoing Mail Server

Use this section to configure the outgoing mail server options. This server is used format and send system and security log E-mail notifications.

Server

Enter the host name of the outgoing (SMTP) server in this text box.

From Email Address

E-mail notifications require a “from” address. Enter a “from” E-mail address in this text box.

Page 85

Chapter 7 Using Advanced Settings

Port

Enter the port number of the E-mail server in this text box.

Server Requires Authentication

If the E-mail server requires authentication, click in this check box, then enter a user name and password in the “User Name” and “Password” text boxes that appear.

Auto WAN Detection

When activated, Auto WAN Detection causes the Router to automatically search for a WAN connection.

Enable Logging

Clicking in this check box activates automatic WAN detection.

PPP Timeout

Enter the amount of time (in seconds) before the Router stops attempting to establish a broadband PPP connection.

DHCP Timeout

Enter the amount of time (in seconds) before the Router stops attempting to establish a broadband DHCP connection.

Number of Cycles

Enter the number of times the Router attempts to detect a broadband PPP and

DHCP connection.

Auto Detection Continuous Trying

Click in this check box to cause the Router to indefinitely search for a broadband connection.

Page 86

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Date and Time

To configure date, time, and daylight savings time settings perform the following:

1. Click Date and Time in the Advanced screen. The “Date and Time” screen

appears.

2. Select the local time zone from the drop-down list. The Router can automati-

cally detect daylight saving setting for selected time zones. If the daylight saving settings for a time zone are not automatically detected, the following fields will be displayed:

• Enabled - Select this check box to enable daylight saving time.

• Start - Date and time when daylight saving starts.

• End - Date and time when daylight saving ends.

• Offset - The time amount daylight saving time changes.

Page 87

Chapter 7 Using Advanced Settings

To perform an automatic time update:

1. Click in the “Enabled” check box in the “Automatic Time Update” section.

2. Select the protocol to be used to perform the time update by selecting either

the “Time of Day” or “Network Time Protocol” radio button.

3. Specify how often to perform the update in the “Update Every” text box.

4. Define time server addresses by clicking Add on the bottom of the “Automatic

Time Update” section and entering the IP address or domain name of the time server in the “Time Server Settings” screen.

Scheduler Rules

Scheduler rules are used for limiting the activation of firewall rules to specific time periods, either for days of the week, or for hours of each day.

To define a rule:

1. Make sure the Router’s date and time are set correctly. To do this, see the “Date

and Time” section in this chapter.

2. Click Scheduler Rules in the Advanced screen. The “Scheduler Rules” screen

appears.

Page 88

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

3. Click Add. The “Set Rule Schedule” screen appears.

4. Enter a name for the rule in the “Rule Name” text box.

5. Specify if the rule will be active or inactive during the designated time period

by clicking the appropriate “Rule Settings” radio button.

6. Click Add Rule Schedule. The “Edit Rule Schedule” screen appears.

7. Select or active or inactive days of the week by clicking in the appropriate

text boxes.

Page 89

Chapter 7 Using Advanced Settings

8. If applicable, click New Hours Range Entry to define an active/inactive hourly

range. The “Edit Hour Range” screen appears. Enter a start and end time in the appropriate text boxes.

9. Click Apply.

Note: Make sure the Router’s date and time settings are properly

☞

configured for the time zone.

Routing

Access the routing table rules by clicking Routing in the Advanced screen. The “Routing” screen appears.

Routing rules can be added, edited, or deleted from the Routing screen. To add a router, click New Route. The “Route Settings” screen appears.

Page 90

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

When adding a routing rule, the following parameters must be specified:

• Rule Name- Select the type of network from the drop-down list.

• Destination - The destination is the destination host, subnet address, network address, or default route. The destination for a default route is 0.0.0.0.

• Netmask - The network mask is used in conjunction with the destination to determine when a route is used.

• Gateway - Enter the Router’s IP address.

• Metric - A measurement of the preference of a route. Typically, the lowest metric is the most preferred route. If multiple routes exist to a given destination network, the route with the lowest metric is used.

IGMP Multicasting

The Router provides support for IGMP multicasting, which allows hosts connected to a network to be updated whenever an important change occurs in the network. A multicast is simply a message that is sent simultaneously to a pre-defined group of recipients. When joining a multicast group, all messages addressed to the group will be received by the user, much like when an E-mail message is sent to a mailing list.

IGMP multicasting enables UPnP capabilities over networks and may also be useful

when connected to the Internet through the Router. When an application running on a computer in the network sends out a request to join a multicast group, the Router intercepts and processes the request. If the Router is set to “Minimum Security” no further action is required. However, if the Router is set to “Typical Security” or “Maximum Security,” the group’s IP address must be added to the Router’s “Multicast Groups” screen. This will allow incoming messages addressed to the group to pass through the firewall and on to the correct networked computer.

1. Select Routing in the Advanced screen.

2. Activate the “Internet Group Management Protocol” check-box.

3. Click Apply.

Page 91

Chapter 7 Using Advanced Settings

Domain Routing

Domain routing is used in multi-router local network configurations. Normally, to accesss a device connected to one router from another router on the network, its

IP address must be used. Activating domain routing (by clicking in the appropriate

check box) allows the user to access to the computer by name (as well as IP address).

IP Address Distribution

The Router’s DHCP server makes it possible to easily add computers configured as

DHCP clients to the network. It provides a mechanism for allocating IP addresses to

these hosts and for delivering network configuration parameters to them.

For example, a client (host) sends out a broadcast message on the network requesting an IP address for itself. The DHCP server then checks its list of available address- es and leases a local IP address to the host for a specific period of time and simultaneously designates this IP address as “taken.” At this point, the host is configured with an IP address for the duration of the lease.

The host can choose to renew an expiring lease or let it expire. If it chooses to renew a lease, it will also receive current information about network services, as it did with the original lease, allowing it to update its network configurations to reflect any changes that occurred since it first connected to the network. If the host wishes to terminate a lease before its expiration, it can send a release message to the

DHCP server, which will then make the IP address available for use by others.

The Router’s DHCP server:

• Displays a list of all DHCP hosts devices connected to the Router.

• Defines the range of IP addresses that can be allocated in the network.

• Defines the length of time for which dynamic IP addresses are allocated.

• Provides the above configurations for each network device and can be configured and enabled/disabled separately for each network device.

• Can assign a static lease to a network computer so that it receives the same IP address each time it connects to the network, even if this IP address is within the range of addresses that the DHCP server may assign to other computers.

• Provides the DNS server with the host name and IP address of each computer connected to the network.

Page 92

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

To view a summary of the services currently being provided by the DHCP server, click IP Address Distribution in the Advanced screen. The “IP Address Distribution” screen appears.

Editing DHCP Server Settings

To edit the DHCP server settings for a device:

1. Click the appropriate icon in the “Action” column. The “DHCP Settings” screen

for the device appears.

2. Select the “IP Address Distribution” from the drop-down list. Options include

DHCP Server, DHCP Relay, or Disable.

Page 93

Chapter 7 Using Advanced Settings

3. Complete the following fields:

• Start IP Address Range, End IP Address Range - determines the number of hosts connected to the network in this subnet. “Start” specifies the first IP address assigned in this subnet and “End” specifies the last IP address in the range.

• Subnet Mask - used to determine to which subnet an IP address belongs. An example of a subnet mask value is 255.255.0.0.

• WINS Server - The WINS (Windows Internet Naming Service) server determines the IP address associated with a network device.

• Lease Time - each device will be assigned an IP address by the DHCP server for a limited time (“Lease Time”) when it connects to the network. When the lease expires, the server will determine if the computer has disconnected from the network. If it has, the server may reassign this IP address to a newly-connected computer. This feature ensures that IP addresses not in use will become available for other computers on the network.

• Provide host name if not specified by client - when activated, the Router assigns the client a default name if the DHCP client does not have a host name.

4. Click Apply to save the changes.

DHCP Connections

To view a list of computers currently recognized by the DHCP server, click Connection List at the bottom of the IP Address Distribution screen. The “DHCP Connections” screen appears.

Page 94

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

To define a new connection with a fixed IP address:

1. Click New Static Connection in the DHCP Connections screen. The “DHCP

Connection Settings” screen appears.

2. Enter a host name for this connection.

3. Enter the fixed IP address to assign to the computer.

4. Enter the MAC address of the computer’s network card.

5. Click the Apply to save changes.

Note: A device’s fixed IP address is actually assigned to the spe-

☞

cific network card’s MAC address installed on the network computer. If this network card is replaced, the device’s entry in the

DHCP Connections list must be updated with the new network

card’s MAC address.

To remove a host from the table, click the appropriate “Delete” icon in the Action column.

Page 95

Chapter 7 Using Advanced Settings

Diagnostics

The Diagnostics screen can assist in testing network connectivity. This feature pings (ICMP echo) an IP address and displays the results, such as the number of packets transmitted and received, round trip time, and success status.

To diagnose network connectivity:

1. Click Diagnostics from the Advanced screen. The “Diagnostics” screen

appears.

2. Enter the IP address or domain name to be tested in the “Destination” field.

3. Click Go.

4. In a few seconds, diagnostics statistics will be displayed. If no new information

is displayed, click Refresh.

Page 96

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Restoring Default Settings

If the Router’s factory default settings need to be restored (to build a new network from the beginning, for example), use the following procedure:

1. If needed click Save Configuration File to save the Router’s current con-

figuration to a file. The Router’s current settings can then be reapplied (see “Configuraton File” in this chapter for more information).

2. Click Restore Defaults. The Router will restart, and factory default settings

will be applied

Note: All of the Router’s settings and parameters will be restored

☞

to their default values after performing the Restore Default procedure. This includes the administrator password; a user-specified password will no longer be valid.

Reboot the Router

To reboot the Router:

1. Click Restart in the Advanced screen. The “Restart” screen appears.

2. Click OK to restart the Router. This may take up to one minute.

To reenter the MegaControl Panel after restarting the Router, click the web browser’s “Refresh” button.

Page 97

Chapter 7 Using Advanced Settings

MAC Cloning

A MAC (Media Access Control) address is a unique hexadecimal code that identifies a device on a network. All networkable devices have a MAC address. When replac- ing another network device with the Router, the installation process can be simplified by copying the MAC address of the existing computer to the Router. To do this:

1. Click MAC Cloning in the Advanced screen. The “MAC Cloning” screen

appears.

2. Enter the MAC address to be cloned in the “To Physical Address” text boxes.

3. Click Clone My MAC Address to capture the MAC address of the computer cur-

rently accessing the MegaControl Panel. The Router will now have the new

MAC address.

ARP (Address Resolution Protocol) Table

Clicking ARP Table in the Advanced screen generates the “ARP Table” screen. This screen displays the IP and MAC addresses of each DHCP connection.

Page 98

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Users

To manage individual users:

1. Click Users in the Advanced screen, which generates the “Users” screen.

2. Click New User, which generates the “User Settings” screen.

When adding a user, specify the following parameters:

• Full Name - The user’s full name.

• User Name - The name a remote user will use to access the home or office network. This entry is case-sensitive.

• New Password/Retype New Password - The password for the user (and enter again to confirm).

• Permissions - The level of access the user is allowed. Options include Administrator or Limited.

Page 99

Chapter 7 Using Advanced Settings

• E-mail Notification - E-mail notification can be used to receive indications of system events for a predefined severity classification. The available types of events are “System” or “Security” events. The available severity of events are Error, Warning, and Information.

To configure E-mail notification for a specific user:

1. Make sure an outgoing mail server has been configured in “System

Settings”. If not, click Configure Notification Mail Server to configure the outgoing mail server.

2. Enter the user’s E-mail address in the “Notification Address” text box.

3. Select the “System” and “Security” notification levels in the “System

Notify Level” and “Security Notify Level” drop-down lists.

Note: Changing any of the user parameters will prompt the con-

☞

nection associated with the user to terminate. For changes to take effect, activate the connection manually after modifying user parameters.

QoS

The Router’s QoS (Quality of Service) capabilities are covered in detail in Appendix A of this manual.

Local Administration

Clicking Administration in the Advanced screen generates the “Administration” screen. This screen allows the user to allow local Telnet access using a particular Telnet port.

To use, select a Telnet port by clicking in the appropriate check box, then click Apply.

Page 100

Actiontec Broadband Router User Manual

Chapter 7 Using Advanced Settings

Remote Administration

The Router’s Remote Administration capabilities are covered in detail in the “Security” chapter of this manual.

Dynamic DNS

Dynamic DNS (Domain Name Server) a dynamic IP address to be aliased to a static hostname, allowing a computer on the network to be more easily accessible from the Internet. Typically, when connecting to the Internet, the service provider assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of a specific connection. Dynamically assigning addresses extends the usable pool of available IP addresses, while maintaining a constant domain name. This allows to user to access a device (a camera, for example) from a remote location, since the device will always have the same IP address.

When using Dynamic DNS, each time the IP address provided by the ISP changes, the DNS database changes accordingly to reflect the change. In this way, even though the IP address of the computer changes often, its domain name remains constant and accessible.

Opening a Dynamic DNS Account

To use Dynamic DNS, a free Dynamic DNS account must be opened at http:// www.dyndns.org/account/create.html.

When applying for an account, a user name and password must be specified. Have them available when customizing the Router’s Dynamic DNS feature. For more information regarding Dynamic DNS, refer to http://www.dyndns.org.