ALFA NETWORK AIP-W505 User Manual

Download

SER

UIDE

11n ROUTER

AIP-W505

SER

UIDE

AIP-W505

IEEE 802.11n 150 Mbps Wireless Router with 4 RJ-45 LAN Ports, and 1 RJ-45 WAN Port

AIP-W505

E052010-CS-R01

149100000067W

COMPLIANCES

FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:

◆ Reorient or relocate the receiving antenna

◆ Increase the separation between the equipment and receiver

◆ Connect the equipment into an outlet on a circuit different from that to

which the receiver is connected

◆ Consult the dealer or an experienced radio/TV technician for help

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment.

IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11.

IMPORTANT NOTE: FCC RADIATION EXPOSURE STATEMENT

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator and your body.

– 3 –

OMPLIANCES

EC CONFORMANCE DECLARATION

Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards:

◆ EN 60950-1: 2006 (IEC 60950-1) — Product Safety

◆ EN 55022:2006 + A1:2007, Class B — ITE EMC

◆ EN 55024:1998 + A1:2001 + A2:2003 — ITE EMC

◆ EN 300 328 V1.7.1 (2006-10) — Technical requirements for 2.4 GHz

radio equipment

◆ EN 301 489-1 V1.8.1 (2008-04) — EMC requirements for radio

equipment

◆ EN 301 489-17 V1.3.2 (2008-04) — EMC requirements for radio

equipment

◆ 50385 (2002) — Country-specific SAR requirements

This device is intended for use in the following European Community and EFTA countries:

◆

Austria ◆ Belgium ◆ Bulgaria ◆ Cyprus ◆ Czech Republic

◆ Denmark ◆ Estonia ◆ Finland ◆ France ◆Germany

◆ Greece ◆ Hungary ◆ Iceland ◆ Ireland ◆Italy

◆ Latvia ◆ Lithuania ◆ Luxembourg ◆ Malta ◆ Netherlands

◆ Norway ◆ Poland ◆ Portugal ◆ Romania ◆ Slovakia

◆ Slovenia ◆ Spain ◆ Sweden ◆ Switzerland ◆ United Kingdom

OTE

The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as described below.

◆ This device will automatically limit the allowable channels determined

by the current country of operation. Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other systems. The user is obligated to ensure the device is operating according to the channel limitations, indoor/outdoor restrictions and license requirements for each European Community country as described in this document.

– 4 –

OMPLIANCES

DECLARATION OF CONFORMITY IN LANGUAGES OF THE EUROPEAN COMMUNITY

Czech Česky

Estonian Eesti

English Hereby, Manufacturer, declares that this Radio LAN device is in compliance with the

Finnish Suomi

Dutch Nederlands

French Français

Swedish Svenska

Danish Dansk

German Deutsch

Greek

Ελληνική

Hungarian Magyar

Italian Italiano

Latvian Latviski

Lithuanian Lietuvių

Maltese Malti

Spanish Español

Polish Polski

Portuguese Português

Slovak Slovensky

Slovenian Slovensko

Manufacturer tímto prohlašuje, že tento Radio LAN device je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.

Käesolevaga kinnitab Manufacturer seadme Radio LAN device vastavust direktiivi 1999/ 5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.

essential requirements and other relevant provisions of Directive 1999/5/EC.

Valmistaja Manufacturer vakuuttaa täten että Radio LAN device tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.

Hierbij verklaart Manufacturer dat het toestel Radio LAN device in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG

Bij deze Manufacturer dat deze Radio LAN device voldoet aan de essentiële eisen en aan de overige relevante bepalingen van Richtlijn 1999/5/EC.

Par la présente Manufacturer déclare que l'appareil Radio LAN device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE

Härmed intygar Manufacturer att denna Radio LAN device står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.

Undertegnede Manufacturer erklærer herved, at følgende udstyr Radio LAN device overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF

Hiermit erklärt Manufacturer, dass sich dieser/diese/dieses Radio LAN device in Übereinstimmung mit den grundlegenden Anforderungen und den anderen relevanten Vorschriften der Richtlinie 1999/5/EG befindet". (BMWi)

Hiermit erklärt Manufacturer die Übereinstimmung des Gerätes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999/5/EG. (Wien)

με την παρουσα Manufacturer δηλωνει οτι radio LAN device συμμορφωνεται προσ τισ ουσιωδεισ απαιτησεισ και τισ λοιπεσ σχετικεσ διαταξεισ τησ οδηγιασ 1999/5/

Alulírott, Manufacturer nyilatkozom, hogy a Radio LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.

Con la presente Manufacturer dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.

Ar šo Manufacturer deklarē, ka Radio LAN device atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.

Šiuo Manufacturer deklaruoja, kad šis Radio LAN device atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.

Hawnhekk, Manufacturer, jiddikjara li dan Radio LAN device jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.

Por medio de la presente Manufacturer declara que el Radio LAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE

Niniejszym Manufacturer oświadcza, że Radio LAN device jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.

Manufacturer declara que este Radio LAN device está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE.

Manufacturer týmto vyhlasuje, že Radio LAN device spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.

Manufacturer izjavlja, da je ta radio LAN device v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES.

εκ.

– 5 –

ABOUT THIS GUIDE

PURPOSE This guide gives specific information on how to install the 11n Router and

its physical and performance related characteristics. It also gives information on how to operate and use the management functions of the 11n Router.

AUDIENCE This guide is for users with a basic working knowledge of computers. You

should be familiar with Windows operating system concepts.

CONVENTIONS The following conventions are used throughout this guide to show

information:

OTE

Emphasizes important information or calls your attention to related features or instructions.

AUTION

damage the system or equipment.

ARNING

Alerts you to a potential hazard that could cause loss of data, or

Alerts you to a potential hazard that could cause personal injury.

RELATED PUBLICATIONS The following publication covers the basic hardware features of the 11n

Router, and how to install the unit:

The Quick Installation Guide

As part of the 11n Router’s software, there is an online web-based help that describes all management related features.

REVISION HISTORY This section summarizes the changes in each revision of this guide.

MAY 2010 REVISION

This is the first revision of this guide. This guide is valid for software release v0.0.1.1.

– 6 –

COMPLIANCES 3

BOUT THIS GUIDE 6

ONTENTS 7

IGURES 11

ABLES 14

SECTION I GETTING STARTED 15

1INTRODUCTION 16

Key Hardware Features 16

Description of Capabilities 16

Applications 17

Package Contents 18

Hardware Description 18

LED Indicators 20

Ethernet WAN Port 21

Ethernet LAN Ports 21

Power Connector 21

Reset Button 22

WPS Button 22

2NETWORK PLANNING 23

Internet Gateway Router 23

LAN Access Point 24

Wireless Bridge 25

Wireless Client 26

3INSTALLING THE 11n ROUTER 27

System Requirements 27

Mounting the Device 28

– 7 –

ONTENTS

Mounting on a Wall 28

Mounting on a Horizontal Surface 29

Router Mode Connections 29

Bridge Mode Connections 30

4INITIAL CONFIGURATION 32

ISP Settings 32

Connecting to the Login Page 32

Home Page and Main Menu 33

Common Web Page Buttons 34

Setup Wizard 34

Step 1 - Language Selection 34

Step 2 - Time Settings 35

Step 3 - WAN Settings - DHCP 36

Step 3 - WAN Settings - Static IP 37

Step 3 - WAN Settings - PPPoE 38

Step 3 - WAN Settings - PPTP 39

Step 3 - WAN Settings - L2TP 41

Step 4 - Wireless Security 42

Completion 43

SECTION II WEB CONFIGURATION 44

5OPERATION MODE 45

Logging In 46

Operation Mode Configuration 48

6INTERNET SETTINGS 49

WAN Setting 49

DHCP 50

Static IP 51

PPPoE 52

PPTP 53

L2TP 55

LAN Setting 57

DHCP Clients 59

Advanced Routing 60

– 8 –

ONTENTS

Advanced Routing Settings 60

Routing Table 61

Dynamic Route 62

7WIRELESS CONFIGURATION 63

Basic Settings 63

HT Physical Mode Settings 66

Advanced Settings 67

Advanced Wireless 67

Wi-Fi Multimedia 69

Multicast-to-Unicast Converter 72

WLAN Security 73

Wired Equivalent Privacy (WEP) 74

WPA Pre-Shared Key 75

WPA Enterprise Mode 76

IEEE 802.1X and RADIUS 78

Access Policy 80

Wireless Distribution System (WDS) 80

Wi-Fi Protected Setup (WPS) 83

Station List 86

8 WISP MODE WIRELESS CONFIGURATION 87

Profile 87

Profile Configuration 88

Security Policy 90

WEP Shared-Key Security 91

WPA/WPA2-Personal Security 92

Link Status 93

Site Survey 95

Statistics 96

9FIREWALL CONFIGURATION 98

MAC/IP/Port Filtering 98

Current Filter Rules 100

Virtual Server Settings (Port Forwarding) 101

Current Virtual Servers in system 102

DMZ 102

System Security 103

– 9 –

ONTENTS

Content Filtering 104

10 ADMINISTRATION SETTINGS 106

System Management 107

Time Zone Settings 108

DDNS Settings 109

Firmware Upgrade 110

Configuration Settings 111

System Status 112

Statistics 114

System Log 115

SECTION III APPENDICES 116

ATROUBLESHOOTING 117

Diagnosing LED Indicators 117

If You Cannot Connect to the Internet 117

Before Contacting Technical Support 118

BHARDWARE SPECIFICATIONS 119

ABLES AND PINOUTS 121

Twisted-Pair Cable Assignments 121

10/100BASE-TX Pin Assignments 122

Straight-Through Wiring 122

Crossover Wiring 123

DLICENSE INFORMATION 124

The GNU General Public License 124

GLOSSARY 128

NDEX 132

– 10 –

FIGURES

Figure 1: Top Panel 19

Figure 2: Rear Panel 20

Figure 3: LEDs 20

Figure 4: Operating as an Internet Gateway Router 23

Figure 5: Operating as an Access Point 24

Figure 6: Operating as a Wireless Bridge 25

Figure 7: Operating as a Wireless Repeater 25

Figure 8: Operating as a Wireless Client 26

Figure 9: Wall Mounting 28

Figure 10: Router Mode Connection 29

Figure 11: Bridge Mode Connection 30

Figure 12: Login Page 33

Figure 13: Home Page 33

Figure 14: Wizard Step 1 - Language Selection 34

Figure 15: Wizard Step 2 - Time and SNTP Settings 35

Figure 16: Wizard Step 3 - WAN Settings - DHCP 36

Figure 17: Wizard Step 3 - WAN Settings - Static IP 37

Figure 18: Wizard Step 3 - WAN Settings - PPPoE 38

Figure 19: Wizard Step 3 - WAN Settings - PPTP 39

Figure 20: Wizard Step 3 - WAN Settings - L2TP 41

Figure 21: Wizard Step 4 - Wireless Security 42

Figure 22: Logging On 46

Figure 23: Home Page 47

Figure 24: Operation Mode 48

Figure 25: DHCP Configuration 50

Figure 26: Static IP Configuration 51

Figure 27: PPPoE Configuration 52

Figure 28: PPTP Configuration 53

Figure 29: L2TP Configuration 55

Figure 30: LAN Configuration 57

Figure 31: DHCP Clients 59

– 11 –

IGURES

Figure 32: Advanced Routing (Router Mode) 60

Figure 33: Basic Settings 64

Figure 34: HT Physical Mode Settings 66

Figure 35: Advanced Wireless Settings 67

Figure 36: Wi-Fi Multimedia Settings 70

Figure 37: WMM Configuration 71

Figure 38: Multicast-to-Unicast Converter 72

Figure 39: Security Mode Options 73

Figure 40: Security Mode - WEP 74

Figure 41: Security Mode - WPA-PSK 75

Figure 42: Security Mode - WPA 77

Figure 43: Security Mode - 802.1X 79

Figure 44: Access Policy 80

Figure 45: Manual WDS MAC Address Configuration 81

Figure 46: WDS Configuration Example 81

Figure 47: WDS Configuration 82

Figure 48: Enabling WPS 84

Figure 49: WPS Configuration 84

Figure 50: Station List 86

Figure 51: Station Profile 87

Figure 52: Profile—System Configuration (Infrastructure) 88

Figure 53: Profile—System Configuration (Ad Hoc) 88

Figure 54: Add Profile-Security Policy 90

Figure 55: WEP Security 91

Figure 56: WPA Security 92

Figure 57: Station Site Survey 95

Figure 58: Station Statistics 96

Figure 59: MAC/IP/Port Filtering 99

Figure 60: Virtual Server 101

Figure 61: DMZ 102

Figure 62: System Security 103

Figure 63: Content Filtering 104

Figure 64: System Management 107

Figure 65: Time Zone Settings 108

Figure 66: DDNS Settings (Router Mode) 109

Figure 67: Firmware Upgrade 110

– 12 –

IGURES

Figure 68: Configuration Settings 111

Figure 69: System Status (Router Mode) 112

Figure 70: Statistics 114

Figure 71: System Log 115

Figure 72: RJ-45 Connector 121

Figure 73: Straight-through Wiring 123

Figure 74: Crossover Wiring 123

– 13 –

TABLES

Table 1: Key Hardware Features 16

Table 2: LED Behavior 21

Table 3: WMM Access Categories 70

Table 4: LED Indicators 117

Table 5: 10/100BASE-TX MDI and MDI-X Port Pinouts 122

– 14 –

ECTION

GETTING STARTED

This section provides an overview of the 11n Router, and describes how to install and mount the unit. It also describes the basic settings required to access the management interface and run the setup Wizard.

This section includes these chapters:

◆ “Introduction” on page 16

◆ “Network Planning” on page 23

◆ “Installing the 11n Router” on page 27

◆ “Initial Configuration” on page 32

– 15 –

1 INTRODUCTION

The 11n Router (AIP-W505) supports routing from an Internet Service Provider (ISP) connection (DSL or cable modem) to a local network. It is simple to configure and can be up and running in minutes.

KEY HARDWARE FEATURES

The following table describes the main hardware features of the 11n Router.

Table 1: Key Hardware Features

Feature Description

WAN Port One 100BASE-TX RJ-45 port for connecting to the Internet.

4 LAN Ports Four 100BASE-TX RJ-45 ports for local network connections.

WPS Button To set up a secure connection to a wireless device.

Reset Button For resetting the unit and restoring factory defaults.

LEDs Provides LED indicators for Power, WAN port, LAN ports, WLAN,

Mounting Options Can be mounted on any horizontal surface such as a desktop or

DESCRIPTION OF CAPABILITIES

◆ Internet connection through an RJ-45 WAN port.

◆ Local network connection through four 10/100 Mbps Ethernet ports.

◆ DHCP for dynamic IP configuration.

◆ Firewall with Stateful Packet Inspection, client privileges, intrusion

detection, and NAT.

◆ NAT also enables multi-user Internet access via a single user account,

and virtual server functionality (providing protected access to Internet services such as Web, FTP, e-mail, and Telnet).

and WPS status.

shelf, or on a wall using two screws.

◆ VPN passthrough (IPsec, PPTP, or L2TP).

◆ User-definable application sensing tunnel supports applications

requiring multiple connections.

– 16 –

HAPTER

Description of Capabilities

| Introduction

◆ Easy setup through a Web browser on any operating system that

supports TCP/IP.

◆ Compatible with all popular Internet applications.

In addition, the 11n Router offers full network management capabilities through an easy-to-configure web interface.

APPLICATIONS Many advanced networking features are provided by the 11n Router:

◆ Wired LAN — The 11n Router provides connectivity to wired

10/100 Mbps devices, making it easy to create a network in small offices or homes.

◆ Internet Access — This device supports Internet access through a

WAN connection. Since many DSL providers use PPPoE to establish communications with end users, the 11n Router includes built-in clients for these protocols, eliminating the need to install these services on your computer.

◆ Shared IP Address — The 11n Router provides Internet access for up

to 253 users via a single shared IP address. Using only one ISP account, multiple users on your network can browse the Web at the same time.

◆ Virtual Server — If you have a fixed IP address, you can set the 11n

Router to act as a virtual host for network address translation. Remote users access various services at your site using a constant IP address. Then, depending on the requested service (or port number), the 11n Router can route the request to the appropriate server (at another internal IP address). This secures your network from direct attack by hackers, and provides more flexible management by allowing you to change internal IP addresses without affecting outside access to your network.

◆ DMZ Host Support — Allows a networked computer to be fully

exposed to the Internet. This function is used when NAT and firewall security prevent an Internet application from functioning correctly.

◆ Security — The 11n Router supports security features that deny

Internet access to specified users, or filter all requests for specific services the administrator does not want to serve. WPA (Wi-Fi Protected Access) and MAC filtering provide security over the wireless network.

◆ Virtual Private Network (VPN) Passthrough — The 11n Router

supports the passthrough of three of the most commonly used VPN protocols – IPsec, PPTP, and L2TP. These protocols allow remote users to establish a secure connection to their corporate network. If your service provider supports VPNs, then these protocols can be used to create an authenticated and encrypted tunnel for passing secure data over the Internet (i.e., a traditionally shared data network). The VPN-

– 17 –

PACKAGE CONTENTS

HAPTER

passthrough protocols supported by the 11n Router are briefly described below.

■

Internet Protocol Security — IPsec encrypts and authenticates entire IP packets and encapsulates them into new IP packets for secure communications between networks.

■

Point-to-Point Tunneling Protocol — Provides a secure tunnel for remote client access to a PPTP security gateway. PPTP includes provisions for call origination and flow control required by ISPs.

■

Layer 2 Tunneling Protocol — L2TP merges the best features of PPTP and the Layer 2 Forwarding (L2F) protocol. Like PPTP, L2TP requires that the ISP’s routers support the protocol.

The 11n Router package includes:

| Introduction

Package Contents

◆ 11n Router (AIP-W505)

◆ RJ-45 Category 5 network cable

◆ AC power adapter

◆ Quick Installation Guide

◆ Documentation CD

Inform your dealer if there are any incorrect, missing or damaged parts. If possible, retain the carton, including the original packing materials. Use them again to repack the product in case there is a need to return it.

HARDWARE DESCRIPTION

The 11n Router connects to the Internet using its RJ-45 WAN port. It connects directly to your PC or to a local area network using its RJ-45 Fast Ethernet LAN ports.

The 11n Router includes an LED display on the front panel for system power and port indications that simplifies installation and network troubleshooting.

– 18 –

Figure 1: Top Panel

LED Indicators

HAPTER

| Introduction

Hardware Description

– 19 –

Figure 2: Rear Panel

RJ-45 WAN Port

RJ-45 LAN Ports

Reset Button

DC Power Socket

WPS Button

LAN 1~4

WLAN

Power

WAN

WPS

HAPTER

| Introduction

Hardware Description

LED INDICATORS The 11n Router includes eight status LED indicators, as described in the

following figure and table.

Figure 3: LEDs

– 20 –

Table 2: LED Behavior

LED Status Description

HAPTER

| Introduction

Hardware Description

Power On Blue The unit is receiving power and is operating

Off There is no power currently being supplied to

WLAN On/Blinking Blue The 802.11n radio is enabled and

Off The 802.11n radio is disabled.

WPS Blinking WPS authentication is in progress.

Off WPS authentication is not in progress.

WAN On Blue The Ethernet WAN port is aquiring an IP

Blinking The Ethernet WAN port is connected and is

Off The Ethernet WAN port is disconnected or has

LAN1~LAN4 On Blue The Ethernet LAN port is connected to a PC or

Blinking The Ethernet port is connected and is

Off The Ethernet port is disconnected or has

normally.

the unit.

transmitting or receiving data through wireless links.

address.

transmitting/receiving data.

malfunctioned.

server.

transmitting/receiving data.

malfunctioned.

ETHERNET WAN PORT A 100BASE-TX RJ-45 port that can be attached to an Internet access

device, such as a DSL or Cable modem.

ETHERNET LAN

ORTS

The 11n Router has four 100BASE-TX RJ-45 ports that can be attached directly to 10BASE-T/100BASE-TX LAN segments.

These port support automatic MDI/MDI-X operation, so you can use straight-through cables for all network connections to PCs, switches, or hubs.

POWER CONNECTOR The 11n Router must be powered with its supplied power adapter. Failure

to do so results in voiding of any warrantly supplied with the product. The power adapter automatically adjusts to any voltage between 100~240 volts at 50 or 60 Hz, and supplies 5 volts DC power to the unit. No voltage range settings are required.

– 21 –

HAPTER

| Introduction

Hardware Description

RESET BUTTON This button is used to restore the factory default configuration. If you hold

down the button for 5 seconds or more, any configuration changes you may have made are removed, and the factory default configuration is restored to the 11n Router.

WPS BUTTON Press to automatically configure the 11n Router with other WPS devices in

the WLAN.

– 22 –

2 NETWORK PLANNING

Wireless AP/Router

Server

(IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

Cable/DSL

Modem

Internet Service Provider

Notebook PC

(IP: 192.168.2.x)

WAN (IP assigned from ISP)

LAN (IP: 192.168.2.x)

LAN Switch

The 11n Router is designed to be very flexible in its deployment options. It can be used as an Internet gateway for a small network, or as an access point to extend an existing wired network to support wireless users. It also supports use as a wireless bridge to connect up to four wired LANs, or as a wireless client to connect to another wireless network.

This chapter explains some of the basic features of the 11n Router and shows some network topology examples in which the device is implemented.

INTERNET GATEWAY ROUTER

The 11n Router can connect directly to a cable or DSL modem to provide an Internet connection for multiple users through a single service provider account. Users connect to the 11n Router either through a wired connection to a LAN port, or though the device’s own wireless network. The 11n Router functions as an Internet gateway when set to Router Mode.

An Internet gateway employs several functions that essentially create two separate Internet Protocol (IP) subnetworks; a private internal network with wired and wireless users, and a public external network that connects to the Internet. Network traffic is forwarded, or routed, between the two subnetworks.

Figure 4: Operating as an Internet Gateway Router

– 23 –

LAN ACCESS POINT

Server (IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

LAN Switch

Notebook PC

(IP: 192.168.2.x)

Wireless AP/Router

HAPTER

| Network Planning

LAN Access Point

The private local network, connected to the LAN port or wireless interface, provides a Dynamic Host Configuration Protocol (DHCP) server for allocating IP addresses to local PCs and wireless clients, and Network Address Translation (NAT) for mapping the multiple “internal” IP addresses to one “external” IP address.

The public external network, connected to the WAN port, supports DHCP client, Point-to-Point Protocol over Ethernet (PPPoE) and static IP for connection to an Internet service provider (ISP) through a cable or DSL modem.

The 11n Router can provide an access point service for an existing wired LAN, creating a wireless extension to the local network. The 11n Router functions as purely an access point when set to Bridge Mode. When used in this mode, there are no gateway functions between the WAN port and the LAN and wireless interface.

A Wi-Fi wireless network is defined by its Service Set Identifier (SSID) or network name. Wireless clients that want to connect to a network must set their SSID to the same SSID of the network service.

Figure 5: Operating as an Access Point

– 24 –

WIRELESS BRIDGE

Desktop PCs

Cable/DSL

Modem

Gateway Router

(Bridge Mode)

WDS Link

Internet Service Provider

Gateway Router

(Router Mode)

Cable/DSL

Modem

Gateway Router

(Bridge Mode)

WDS Link

Internet Service Provider

Notebook PC

Gateway Router

(Router Mode)

Notebook PC

HAPTER

| Network Planning

Wireless Bridge

The IEEE 802.11 standard defines a Wireless Distribution System (WDS) for bridge connections between access points. The 11n Router can use WDS to forward traffic on links between units.

Up to four WDS links can be specified for the 11n Router.

The WDS feature enables two basic functions to be configured in the wireless network. Either a repeater function that extends the range of the wireless network, or a bridge function that connects a remote LAN segment to an Internet connection.

Figure 6: Operating as a Wireless Bridge

Figure 7: Operating as a Wireless Repeater

– 25 –

WIRELESS CLIENT

Cable/DSL

Modem

Internet Service Provider

Server

(IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

Notebook PC

(IP: 192.168.2.x)

Wireless Client WAN

(IP from external network)

LAN Port

(IP: 192.168.2.x)

LAN Switch

Access Point

(External SSID)

HAPTER

| Network Planning

Wireless Client

The 11n Router can operate as a wireless client on one SSID interface, which enables a connection to another Wi-Fi network, such as a Wireless Internet Service Provider (WISP). When the wireless client (or WISP mode) option is enabled, the client SSID interface functions as an external gateway WAN port, and the other SSID interface and LAN ports all function as the local network within the same IP subnet.

Figure 8: Operating as a Wireless Client

– 26 –

3 INSTALLING THE 11n ROUTER

The 11n Router has two basic operating modes that can be set through the web-based management interface. For information on setting the mode suitable for your network environment. See “Operation Mode

Configuration” on page 48.

◆ Router Mode — A gateway mode that connects a wired LAN and

wireless clients to an Internet access device, such as a cable or DSL modem. This is the factory set default mode.

◆ Bridge Mode — An access point mode that extends a wired LAN to

wirelessclients.

In addition to these basic operating modes, the wireless interface supports Wireless Distribution System (WDS) links to other 11n Routers, and a Wireless Internet Service Provider (WISP) Mode for a link to another wireless network. These advanced configurations are not described in this section. See “Network Planning” on page 23 for more information.

In a basic configuration, how the 11n Router is connected depends on the operating mode. The sections in this chapter describe connections for basic Router Mode and Bridge Mode operation.

SYSTEM REQUIREMENTS

You must meet the following minimum requirements:

◆ An Internet access device (DSL or Cable modem) with an Ethernet port

◆ An up-to-date web browser: Internet Explorer 6.0 or above or Mozilla

connection.

Firefox 2.0 or above.

– 27 –

Mounting Slots

HAPTER

| Installing the 11n Router

Mounting the Device

MOUNTING THE DEVICE

The 11n Router can be mounted on any horizontal surface, or on a wall. The following sections describe the mounting options.

MOUNTING ON A WALL The 11n Router should be mounted only to a wall or wood surface that is at

least 1/2-inch plywood or its equivalent. To mount the unit on a wall, always use its wall-mounting slots. The unit must be mounted with the RJ45 cable connector oriented upwards to ensure proper operation.

Figure 9: Wall Mounting

To mount on a wall, follow the instructions below.

1. Mark the position of the two screw holes on the wall. For concrete or

brick walls, you will need to drill holes and insert wall plugs for the screws.

2. Insert two 20-mm M4 tap screws (not included) into the holes, leaving

about 2~3 mm (0.08~0.12 inches) clearance from the wall.

3. Line up the two mounting points on the unit with the screws in the wall,

then slide the unit down onto the screws until it is in a secured position.

– 28 –

Set up wireless devices

Notebook PC

Connect AC power adapter to power source

Connect LAN port to PC

Cable/DSL Modem

Connect WAN port to cable/DSL modem

Internet

HAPTER

| Installing the 11n Router

Router Mode Connections

MOUNTING ON A

HORIZONTAL SURFACE

To keep the 11n Router from sliding on the surface, the 11n Router has four rubber feet on the bottom of the unit.

It is recommended to select an uncluttered area on a sturdy surface, such as a desktop or table. The unit can also be protected by securing all attached cables to a table leg or other nearby fixed structure.

ROUTER MODE CONNECTIONS

In its default Router Mode, the 11n Router forwards traffic between an Internet connected cable or DSL modem, and wired or wireless PCs or notebooks. The basic connections are illustrated in the figure below.

Figure 10: Router Mode Connection

To connect the 11n Router in Router Mode for use as an Internet gateway, follow these steps:

1. Connect an Ethernet cable from the 11n Router’s WAN port to your

Internet connected cable or DSL modem.

2. Connect an Ethernet cable from the 11n Router’s LAN ports to your

PCs. Alternatively, you can connect to a workgroup switch to support more wired users. The 11n Router can support up to 253 wired and wireless users.

3. Power on the 11n Router by connecting the AC power adapter and

plugging it into a power source.

AUTION

Otherwise, the product may be damaged.

Use ONLY the power adapter supplied with the 11n Router.

When you power on the 11n Router, verify that the Power LED turns on and that the other LED indicators start functioning as described under see “LED Indicators” on page 20.

– 29 –

4. Set up wireless devices by pressing the WPS button on the 11n Router

Set up wireless devices

Notebook PC

Connect AC power adapter to power source

Connect LAN port to PC

Connect LAN and WAN ports

to PCs or an Ethernet LAN switch

or by using the web interface. See “Initial Configuration” on page 32 for more information on accessing the web interface.

BRIDGE MODE CONNECTIONS

In Bridge Mode, the 11n Router operates as a wireless access point, extending a local wired network to associated wireless clients (PCs or notebooks with wireless capability). From any nearby location, you can then make a wireless connection to the 11n Router and access the wired network resources, including local servers and the Internet.

In Bridge Mode, the 11n Router does not support gateway functions on its WAN port. Both the LAN port and the WAN ports can be connected to a local Ethernet LAN.

OTE

Bridge Mode is not the factory default mode and must be manually set using the web management interface.

HAPTER

| Installing the 11n Router

Bridge Mode Connections

Figure 11: Bridge Mode Connection

To connect the 11n Router for use as an access point, follow these steps:

1. Using Ethernet cable connect the 11n Router’s LAN and WAN ports to

PCs or a LAN switch.

2. Power on the 11n Router by connecting the AC power adapter and

plugging it into a power source.

AUTION

Use ONLY the power adapter supplied with the 11n Router.

Otherwise, the product may be damaged.

When you power on the 11n Router, verify that the Power LED turns on and that the other LED indicators start functioning as described under

“LED Indicators” on page 20.

– 30 –

HAPTER

| Installing the 11n Router

Bridge Mode Connections

3. Connect an Ethernet cable from the 11n Router’s LAN ports to your

PCs. Alternatively, you can connect to a workgroup switch to support more wired users. The 11n Router can support up to 253 wired and wireless users

4. Set up wireless devices by pressing the WPS button on the 11n Router

or by using the web interface. See “Initial Configuration” on page 32 for more information on accessing the web interface.

– 31 –

4 INITIAL CONFIGURATION

The 11n Router offers a user-friendly web-based management interface for the configuration of all the unit’s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer (version 6.0 or above).

ISP SETTINGS

If you are not sure of your connection method, please contact your Internet Service Provider. There are several connection types to choose from: Static IP, DHCP (cable connection), PPPoE (DSL connection), PPTP, and L2TP.

OTE

If using the PPPoE option, you will need to remove or disable any PPPoE client software on your computers.

CONNECTING TO THE LOGIN PAGE

It is recommended to make initial configuration changes by connecting a PC directly to one of the 11n Router’s LAN ports. The 11n Router has a default IP address of 192.168.2.1 and a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same subnet as the 11n Router (that is, the PC and 11n Router addresses must both start

192.168.2.x).

To access the 11n Router’s management interface, follow these steps:

1. Use your web browser to connect to the management interface using

the default IP address of 192.168.2.1.

2. Log into the interface by entering the default user name “admin” and

password “admin,” then click Login.

OTE

It is strongly recommended to change the default user name and password the first time you access the web interface. For information on changing user names and passwords, See “System Management” on

page 107.

– 32 –

Figure 12: Login Page

HAPTER

| Initial Configuration

Home Page and Main Menu

HOME PAGE AND MAIN MENU

After logging in to the web interface, the Home page displays. The Home page shows the main menu and the method to access the Setup Wizard.

Figure 13: Home Page

– 33 –

COMMON WEB PAGE BUTTONS

The list below describes the common buttons found on most web management pages:

◆ Apply – Applies the new parameters and saves them to memory. Also

displays a screen to inform you when it has taken affect. Clicking “Apply” returns to the home page.

◆ Cancel – Cancels the newly entered settings and restores the previous

settings.

◆ Next – Proceeds to the next step.

◆ Previous – Returns to the previous screen.

SETUP WIZARD

HAPTER

| Initial Configuration

Common Web Page Buttons

STEP 1 - LANGUAGE

SELECTION

The Wizard is designed to help you configure the basic settings required to get the the 11n Router up and running. There are only a few basic steps you need to set up the the 11n Router and provide a connection.

Follow these steps:

Select between English, Spanish, German, Traditional Chinese, Simplified Chinese, or Korean. Click Next to proceed to the next step of the wizard.

Figure 14: Wizard Step 1 - Language Selection

The following items are displayed on the first page of the Setup Wizard:

◆ Select Language — Selects English, Spanish, German, Traditional

Chinese, Simplified Chinese, or Korean as the interface language.

– 34 –

HAPTER

| Initial Configuration

Setup Wizard

STEP 2 - TIME

SETTINGS

The Step 2 page of the Wizard configures time zone and SNTP settings.

Select a time zone according to where the device is operated. Click Next after completing the setup.

Figure 15: Wizard Step 2 - Time and SNTP Settings

The following items are displayed on this page:

◆ Current Time — Receives a time and date stamp from an SNTP server.

◆ Time Zone — Select the time zone that is applicable to your region.

◆ SNTP Server — Enter the address of an SNTP server to receive time

updates.

◆ SNTP synchronization (hours) — Specify the interval between SNTP

server updates.

– 35 –

HAPTER

| Initial Configuration

Setup Wizard

STEP 3 - WAN

SETTINGS - DHCP

The Step 3 page of the Wizard specifies the Internet connection parameters for the 11n Router’s WAN port. Click Next after completing the setup.

By default, the access point WAN port is configured with DHCP enabled. The options are Static IP, DHCP (cable modem), PPPoE (DSL modem), PPTP, and L2TP. Each option changes the parameters that are displayed on the page.

Figure 16: Wizard Step 3 - WAN Settings - DHCP

The following items are displayed on this page:

◆ WAN Connection Type — Select the connection type for the WAN port

from the drop down list. (Default: DHCP)

◆ Hostname — Specifies the host name of the DHCP client.

(Default: SMCWBR14S-N)

◆ Primary DNS Server — The IP address of the Primary Domain Name

Server. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. To specify a DNS server, type the IP addresses in the text field provided. Otherwise, leave the text field blank.

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

address of one PC, which is registered with the ISP. This setting allows you to manually change the MAC address of the 11n Router’s WAN interface to match the PC’s MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the 11n Router, then click the “Clone your PC’s MAC Address”. (Default: Disabled)

– 36 –

HAPTER

OTE

If you are unsure of the PC MAC address originally registered by

| Initial Configuration

Setup Wizard

your ISP, call your ISP and request to register a new MAC address for your account. Register the default MAC address of the 11n Router.

STEP 3 - WAN

SETTINGS - STATIC IP

Configures a static IP for the WAN port.

Figure 17: Wizard Step 3 - WAN Settings - Static IP

The following items are displayed on this page:

◆ WAN Connection Type — Select the connection type for the WAN port

from the drop down list. (Default: DHCP)

◆ IP Address — The IP address of the 11n Router. Valid IP addresses

consist of four decimal numbers, 0 to 255, separated by periods.

◆ Subnet Mask — The mask that identifies the host address bits used for

routing to specific subnets.

◆ Default Gateway — The IP address of the gateway router for the 11n

Router, which is used if the requested destination address is not on the local subnet.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

– 37 –

HAPTER

| Initial Configuration

Setup Wizard

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

address. This setting allows you to manually change the MAC address of the 11n Router's WAN interface to match the PC's MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the W11n Router, then click the “Clone your PC’s MAC Address” (Default: Disable)

STEP 3 - WAN

SETTINGS - PPPOE

Enable the 11n Router IP address to be assigned automatically from an Internet service provider (ISP) through a DSL modem using Point-to-Point Protocol over Ethernet (PPPoE).

Figure 18: Wizard Step 3 - WAN Settings - PPPoE

The following items are displayed on this page:

◆ User Name — Sets the PPPoE user name for the WAN port.

(Default: pppoe_user; Range: 1~32 characters)

◆ Password — Sets a PPPoE password for the WAN port.

(Default: pppoe_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Operation Mode — Enables and configures the keep alive time and

configures the on-demand idle time.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

address of one PC. This setting allows you to manually change the MAC address of the 11n Router's WAN interface to match the PC’s MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the

– 38 –

HAPTER

| Initial Configuration

Setup Wizard

11n Router, then click the “Clone your PC’s MAC Address” (Default: Disable)

STEP 3 - WAN

ETTINGS - PPTP

Enables the Point-to-Point Tunneling Protocol (PPTP) for implementing virtual private networks. The service is provided in many European countries.

Figure 19: Wizard Step 3 - WAN Settings - PPTP

The following items are displayed on this page:

◆ Server IP — Sets the PPTP server IP Address. (Default: pptp_server)

◆ User Name — Sets the PPTP user name for the WAN port.

(Default: pptp_user; Range: 1~32 characters)

◆ Password — Sets a PPTP password for the WAN port. (Default:

pptp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a PPTP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when PPTP Network Mode is set to static IP.)

– 39 –

HAPTER

| Initial Configuration

Setup Wizard

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when PPTP Network Mode is set to static IP.)

◆ Default Gateway — The IP address of a router that is used when the

requested destination IP address is not on the local subnet.

◆ Operation Mode — Enables and configures the keep alive time.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

address of one PC. This setting allows you to manually change the MAC address of the 11n Router’s WAN interface to match the PC’s MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the 11n Router, then click the “Clone your PC’s MAC Address” (Default: Disable)

– 40 –

HAPTER

| Initial Configuration

Setup Wizard

STEP 3 - WAN

SETTINGS - L2TP

Enables the Layer 2 Tunneling Protocol (L2TP) for implementing virtual private networks. The service is provided in many European countries.

Figure 20: Wizard Step 3 - WAN Settings - L2TP

The following items are displayed on this page:

◆ Server IP — Sets the L2TP server IP Address. (Default: l2tp_server)

◆ User Name — Sets the L2TP user name for the WAN port.

(Default: l2tp_user; Range: 1~32 characters)

◆ Password — Sets a L2TP password for the WAN port. (Default:

l2tp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a L2TP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when L2TP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when L2TP Network Mode is set to static IP.)

– 41 –

HAPTER

| Initial Configuration

Setup Wizard

◆ Default Gateway — The IP address of a router that is used when the

requested destination IP address is not on the local subnet.

◆ Operation Mode — Enables and configures the keep alive time.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

STEP 4 - WIRELESS

SECURITY

The Step 4 page of the Wizard configures the wireless network name and security options.

Figure 21: Wizard Step 4 - Wireless Security

The following items are displayed on this page:

◆ SSID Choice — The name of the wireless network service provided by

the 11n Router. Clients that want to connect to the network must set their SSID to the same as that of the 11n Router. (Default: “ALFA”)

◆ Security Mode — Specifies the security mode for the SSID. Select the

security method and then configure the required parameters. For more

– 42 –

HAPTER

| Initial Configuration

Setup Wizard

information, see “WLAN Security” on page 73. (Options: Disabled, Open, Shared, WEP-AUTO, WPA-PSK, WPA2-PSK, WPA-PSK_WPA2-PSK, WPA, WPA2, WPA1_WPA2, 802.1X; Default: Disabled)

OTE

To keep your wireless network protected and secure, you should implement the highest security possible. For small networks, it is recommended to select WPA2-PSK using AES encryption as the most secure option. However, if you have older wireless devices in the network that do not support AES encryption, select TKIP as the encryption algorithm.

◆ Access Policy — The 11n Router provides a MAC address filtering

facility. The access policy can be set to allow or reject specific station MAC addresses. This feature can be used to connect known wireless devices that may not be able to support the configured security mode.

◆ Add a station MAC — Enter the MAC address of the station that you

want to filter. MAC addresses must be entered in the format xx:xx:xx:xx:xx:xx.

COMPLETION After completion of the Wizard, the screen returns to the Home Page.

– 43 –

ECTION

WEB CONFIGURATION

This section provides details on configuring the 11n Router using the web browser interface.

This section includes these chapters:

◆ “Operation Mode” on page 45

◆ “Internet Settings” on page 49

◆ “Wireless Configuration” on page 63

◆ “Firewall Configuration” on page 98

◆ “Administration Settings” on page 106

– 44 –

5 OPERATION MODE

The following sections are contained in this chapter:

◆ “Logging In” on page 46

◆ “Operation Mode Configuration” on page 48

– 45 –

LOGGING IN

HAPTER

| Operation Mode

Logging In

It is recommended to make initial configuration changes by connecting a PC directly to one of the 11n Router’s LAN ports. The 11n Router has a default IP address of 192.168.2.1 and a subnet mask of 255.255.255.0. If your PC is set to “Obtain an IP address automatically” (that is, set as a DHCP client), you can connect immediately to the web interface. Otherwise, you must set your PC IP address to be on the same subnet as the 11n Router (that is, the PC and 11n Router addresses must both start

192.168.2.x).

To access the configuration menu, follow these steps:

1. Use your web browser to connect to the management interface using

the default IP address of 192.168.2.1.

2. Log into the 11n Router management interface by entering the default

user name “admin” and password “admin,” then click Login.

OTE

It is strongly recommended to change the default user name and password the first time you access the web interface. For information on changing user names and passwords, see “Administration Settings” on

page 106.

Figure 22: Logging On

– 46 –

HAPTER

| Operation Mode

Logging In

The home page displays the main menu items at the top of the screen and the Setup Wizard. See “Setup Wizard” on page 34.

Figure 23: Home Page

OTE

The displayed pages and settings may differ depending on whether the unit is in Router or Bridge Mode. See “Operation Mode Configuration”

on page 48.

– 47 –

OPERATION MODE CONFIGURATION

The Operation Mode Configuration page allows you to set up the mode suitable for your network environment.

Figure 24: Operation Mode

HAPTER

Operation Mode Configuration

| Operation Mode

The following items are displayed on this page:

◆ Bridge Mode — An access point mode that extends a wired LAN to

wireless clients.

◆ Router Mode — The internet gateway mode that connects a wired LAN

and wireless clients to an Internet access device, such as a cable or DSL modem. This is the factory set default mode.

◆ WISP Mode — (Wireless Internet Service Provider mode) The 11n

Router acts as a client connecting to an available wireless network provided by another access point or wireless router. This functionality allows other Ethernet-enabled devices, like gaming consoles, NAS storage servers, or PCs/laptops without built-in wireless support, to be added into a wireless network.

In order to connect to a wireless network in WISP mode, it is necessary to know the following information: the network name (SSID), the frequency channel (1-13), the type of security (WEP, WPA/ WPA2), and the security password (if any). For more information, see “WISP Mode

Wireless Configuration” on page 87.

– 48 –

6 INTERNET SETTINGS

The Internet Settings pages allow you to manage basic system configuration settings. It includes the following sections:

◆ “WAN Setting” on page 49

■

“DHCP” on page 50

■

“Static IP” on page 51

■

“PPPoE” on page 52

■

“PPTP” on page 53

■

“L2TP” on page 55

◆ “LAN Setting” on page 57

WAN SETTING

◆ “DHCP Clients” on page 59

◆ “Advanced Routing” on page 60

OTE

In Bridge mode, the 11n Router’s Internet Settings options are significantly reduced, with only LAN Settings and the Client List being available to the user.

The WAN Setting page specifies the Internet connection parameters. Click on “Internet Settings” followed by “WAN”.

◆ WAN Connection Type — By default, the access point WAN port is

configured with DHCP enabled. After you have network access to the access point, you can use the web browser interface to modify the initial IP configuration, if needed. The options are Static IP, DHCP (cable modem), PPPoE (DSL modem), and PPTP. Each option changes the parameters displayed below it. (Default: DHCP).

– 49 –

HAPTER

| Internet Settings

WAN Setting

DHCP Enables Dynamic Host Configuration Protocol (DHCP) for the WAN port.

This setting allows the 11n Router to automatically obtain an IP address from a DHCP server normally operated by the Internet Service Provider (ISP).

Figure 25: DHCP Configuration

The following items are displayed on this page:

◆ Hostname (Optional) — The hostname of the DHCP client.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

OTE

If you are unsure of the PC MAC address originally registered by your ISP, call your ISP and request to register a new MAC address for your account. Register the default MAC address of the 11n Router.

– 50 –

STATIC IP Configures a static IP for the WAN port.

Figure 26: Static IP Configuration

HAPTER

| Internet Settings

WAN Setting

The following items are displayed on this page:

◆ IP Address — The IP address of the 11n Router. Valid IP addresses

consist of four decimal numbers, 0 to 255, separated by periods.

◆ Subnet Mask — The mask that identifies the host address bits used for

routing to specific subnets.

◆ Default Gateway — The IP address of the gateway router for the 11n

Router, which is used if the requested destination address is not on the local subnet.

◆ Primary DNS Server — The IP address of the Primary Domain Name

Server on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. If you have one or more DNS servers located on the local network, type the IP addresses in the text fields provided. Otherwise, leave the addresses as all zeros (0.0.0.0).

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server on the network.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

– 51 –

HAPTER

| Internet Settings

WAN Setting

11n Router, then click the “Clone your PC’s MAC Address” (Default: Disable)

PPPOE Enables the 11n Router IP address to be assigned automatically from an

Internet service provider (ISP) through a DSL modem using Point-to-Point Protocol over Ethernet (PPPoE).

Figure 27: PPPoE Configuration

The following items are displayed on this page:

◆ PPPoE User Name — Sets the PPPoE user name for the WAN port.

(Default: pppoe_user; Range: 1~32 characters)

◆ PPPoE Password — Sets a PPPoE password for the WAN port.

(Default: pppoe_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Operation Mode — Selects the operation mode as Keep Alive, On

Demand or Manual. (Default: Keep Alive)

■

Keep Alive Mode: The 11n Router will periodically check your Internet connection and automatically re-establish your connection when disconnected. (Default: 60 seconds)

■

On Demand Mode: The maximum length of inactive time the unit will stay connected to the DSL service provider before disconnecting. (Default: 5 minutes)

– 52 –

HAPTER

| Internet Settings

WAN Setting

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

address of one PC. This setting allows you to manually change the MAC address of the 11n Router's WAN interface to match the PC's MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the 11n Router, then click the “Clone your PC’s MAC Address” (Default: Disable)

PPTP Enables the Point-to-Point Tunneling Protocol (PPTP) for implementing

virtual private networks. The service is provided in many European countries.

Figure 28: PPTP Configuration

The following items are displayed on this page:

◆ Server IP — Sets a PPTP server IP Address. (Default: pptp_server)

◆ User Name — Sets the PPTP user name for the WAN port. (Default:

pptp_user; Range: 1~32 characters)

– 53 –

HAPTER

| Internet Settings

WAN Setting

◆ Password — Sets a PPTP password for the WAN port. (Default:

pptp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a PPTP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when PPTP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when PPTP Network Mode is set to static IP.)

◆ Default Gateway — The IP address of the gateway router for the 11n

Router, which is used if the requested destination address is not on the local subnet.

◆ Operation Mode — Selects the operation mode as Keep Alive, or

Manual. (Default: Keep Alive)

■

Keep Alive Mode: The 11n Router will periodically check your Internet connection and automatically re-establish your connection when disconnected. (Default: 60 seconds)

■

Manual Mode: The unit will remain connected to the Internet without disconnecting.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

– 54 –

HAPTER

| Internet Settings

WAN Setting

L2TP Enables the Layer 2 Tunneling Protocol (L2TP) for implementing virtual

private networks. The service is provided in many European countries.

Figure 29: L2TP Configuration

The following items are displayed on this page:

◆ Server IP — Sets the L2TP server IP Address. (Default: l2tp_server)

◆ User Name — Sets the L2TP user name for the WAN port.

(Default: l2tp_user; Range: 1~32 characters)

◆ Password — Sets a L2TP password for the WAN port. (Default:

l2tp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a L2TP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when L2TP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when L2TP Network Mode is set to static IP.)

– 55 –

HAPTER

| Internet Settings

WAN Setting

◆ Default Gateway — The IP address of the gateway router for the 11n

Router, which is used if the requested destination address is not on the local subnet.

◆ Operation Mode — Selects the operation mode as Keep Alive, or

Manual. (Default: Keep Alive)

■

Keep Alive Mode: The 11n Router will periodically check your Internet connection and automatically re-establish your connection when disconnected. (Default: 60 seconds)

■

Manual Mode: The unit will remain connected to the Internet without disconnecting.

◆ Primary DNS Server — The IP address of the Primary Domain Name

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

◆ MAC Clone — Some ISPs limit Internet connections to a specified MAC

– 56 –

LAN SETTING

HAPTER

| Internet Settings

LAN Setting

The 11n Router must have a valid IP address for management using a web browser and to support other features. The unit has a default IP address of

192.168.2.1. You can use this IP address or assign another address that is compatible with your existing local network. Click on “Internet Settings” followed by “LAN.”

Figure 30: LAN Configuration

The following items are displayed on this page:

◆ LAN IP Address — Valid IP addresses consist of four decimal

numbers, 0 to 255, separated by periods. The default setting is

192.168.2.1.

◆ Subnet Mask — Indicate the local subnet mask. (Default:

255.255.255.0.)

– 57 –

HAPTER

| Internet Settings

LAN Setting

◆ MAC Address — The shared physical layer address for the 11n

Router’s LAN ports.

◆ DHCP Server — Enable this feature to assign IP settings to wired and

wireless clients connected to the 11n Router. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to clients. (Options: Enable, Disable; Default: Enable)

◆ Start/End IP Address — Specify the start and end IP addresses of a

range that the DHCP server can allocate to DHCP clients. Note that the address pool range is always in the same subnet as the unit’s IP setting. The maximum clients that the unit can support is 253.

◆ Primary DNS Server — The IP address of Domain Name Servers on

the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server on the network.

◆ Default Gateway — The default gateway is the IP address of the

router for the 11n Router, which is used if the requested destination address is not on the local subnet.

◆ Lease Time — Select a time limit for the use of an IP address from the

IP pool. When the time limit expires, the client has to request a new IP address. The lease time is expressed in seconds. (Options: Forever, Two weeks, One week, Two days, One day, Half day, Two hours, One hour, Half hour; Default: One week)

◆ Statically Assigned — Up to three devices with specific MAC

addresses can be assigned static IP addresses. That is, the DHCP server always assigns these devices the same IP addresses.

◆ LLTD — Link Layer Topology Discovery (LLTD) is a Microsoft proprietary

discovery protocol which can be used for both wired and wireless networks. (Options: Disable/Enable, Default: Enable)

◆ IGMP Proxy — Enables IGMP proxy on the 11n Router. (Options:

Disable/Enable, Default: Disable)

◆ UPNP — Allows the device to advertise its UPnP capabilities. (Default:

Enable)

◆ Router Advertisement — Enables the sending and receiving of

routing advertisements to discover the existence of neighboring routers. (Options: Disable/Enable, Default: Disable)

◆ PPPoE Relay — When enabled, the 11n Router will forward PPPoE

messages to clients. Clients are then able to connect to the PPPoE service through the WAN port. (Options: Disable/Enable, Default: Disable)

– 58 –

DHCP CLIENTS

HAPTER

| Internet Settings

DHCP Clients

◆ DNS Proxy — Enables DNS proxy on the LAN port. DNS Proxy receives

DNS queries from the local network and forwards them to an Internet DNS server. (Default: Enable)

The DHCP Clients page displays information on connected client stations that have been assigned IP addresses from the DHCP address pool.

Figure 31: DHCP Clients

The following items are displayed on this page:

Host name — The name of the connected client station.

MAC Address — The MAC address of the connected client station.

IP Address — The IP address assigned to the client from the IP pool.

Expires in — The time limit for the use of the IP address from the IP pool.

When the time limit expires, the client has to request a new IP address.

– 59 –

ADVANCED ROUTING

HAPTER

Routing setup allows a manual method to set up routing between networks. The network administrator configures static routes by entering routes directly into the routing table. Static routing has the advantage of being predictable and easy to configure.

| Internet Settings

Advanced Routing

ADVANCED ROUTING

SETTINGS

This screen is used to manually configure static routes to other IP networks, subnetworks, or hosts. Click “Internet Settings” followed by “Advanced Routing”. (Maximum 32 entries are allowed.)

Figure 32: Advanced Routing (Router Mode)

– 60 –

HAPTER

| Internet Settings

Advanced Routing

The following items are displayed on this page:

◆ Destination — A destination network or specific host to which packets

can be routed.

◆ Type — Defines the type of destination. (Options: Host/Net, Default:

Host)

◆ Gateway — The IP address of the router at the next hop to which

matching frames are forwarded.

◆ Interface — The selected interface to which a static routing subnet is

to be applied.

◆ Comment — Enters a useful comment to help identify this route.

ROUTING TABLE This page displays the information necessary to forward a packet along the

best path toward its destination. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network.

OTE

The Routing Table is only available when the 11n Router is set to Router Mode.

◆ Destination — Displays all destination networks or specific hosts to

which packets can be routed.

◆ Netmask — Displays the subnetwork associated with the destination.

◆ Gateway — Displays the IP address of the router at the next hop to

which matching frames are forwarded.

◆ Flags — Flags – Possible flags identify as below

■

0: reject route

■

1: route is up

■

3: route is up, use gateway

■

5: route is up, target is a host

■

7: route is up, use gateway, target is a host

◆ Metric — A number used to indicate the cost of the route so that the

best route, among potentially multiple routes to the same destination, can be selected.

– 61 –

HAPTER

| Internet Settings

Advanced Routing

◆ Ref — Number of references to this route.

◆ Use — Count of lookups for the route.

◆ Interface — Interface to which packets for this route will be sent.

◆ Comment — Displays a useful comment to identify the routing rules.

DYNAMIC ROUTE ◆ The 11n Router supports RIP 1 and RIP 2 dynamic routing protocol.

Routing Information Protocol (RIP) is the most widely used method for dynamically maintaining routing tables. RIP uses a distance vectorbased approach to routing. Routes are chosen to minimize the distance vector, or hop count, which serves as a rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table. This allows all routers on the network to build consistent tables of next hop links which lead to relevant subnets.

◆ RIP — Enables or disable the RIP protocol for the WAN or LAN

interface. (Options: Disable/v1/v2, Default: Disable)

– 62 –

7 WIRELESS CONFIGURATION

The wireless settings section displays configuration settings for the access point functionality of the 11n Router. It includes the following sections:

◆ “Basic Settings” on page 63

◆ “Advanced Settings” on page 67

◆ “WLAN Security” on page 73

◆ “Wireless Distribution System (WDS)” on page 80

◆ “Wi-Fi Protected Setup (WPS)” on page 83

◆ “Station List” on page 86

BASIC SETTINGS

The IEEE 802.11n interface includes configuration options for radio signal characteristics and wireless security features.

The 11n Router’s radio can operate in six modes, mixed 802.11b/g/n, mixed 802.11b/g, mixed 802.11g/n, 802.11n only, 802.11b only, or

802.11g only. Note that 802.11g is backward compatible with 802.11b, and

802.11n is backward compatible with 802.11b/g at slower data transmit rates.

The 11n Router supports two virtual access point (VAP) interfaces. One VAP is the primary (Network Name SSID), and the other one is referred to as “Multiple SSID1.” Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings. However, most radio signal parameters apply to all VAP interfaces.

Traffic to specific VAPs can be segregated based on user groups or application traffic. All VAPs can have up to 64 wireless clients, whereby the clients associate with these VAPs the same as they would with a physical access point.

OTE

The radio channel settings for the access point are limited by local regulations, which determine the number of channels that are available.

– 63 –

HAPTER

| Wireless Configuration

Basic Settings

The Basic Settings page allows you to configure the wireless network name (Service Set Identifier or SSID) and set the wireless security method.

Click on “Wireless Settings,” followed by “Basic.”

Figure 33: Basic Settings

The following items are displayed on this page:

◆ Wireless On/Off — Enables or Disable the radio. (Default: Enable)

◆ Network Mode — Defines the radio operating mode.

(Default: 11b/g/n Mixed)

■

11b/g mixed: Both 802.11b and 802.11g clients can communicate with the 11n Router (up to 108 Mbps), but data transmission rates may be slowed to compensate for 802.11b clients. Any 802.11n clients will also be able to communicate with the 11n Router, but they will be limited to 802.11g protocols and data transmission rates.

■

11b only: All 802.11b, 802.11g, and 802.11n clients will be able to communicate with the 11n Router, but the 802.11g and 802.11n clients will be limited to 802.11b protocols and data transmission rates (up to 11 Mbps).

■

11g only: Both 802.11g and 802.11n clients will be able to communicate with the 11n Router, but the 802.11n clients will be limited to 802.11g protocols and data transmission rates (up to 54 Mbps). Any 802.11b clients will not be able to communicate with the 11n Router.

■

11n only: Only 802.11n clients will be able to communicate with the 11n Router (up to 150 Mbps).

– 64 –

HAPTER

■

11g/n mixed: Both 802.11g and 802.11n clients can communicate

| Wireless Configuration

Basic Settings

with the 11n Router (up to 150 Mbps), but data transmission rates may be slowed to compensate for 802.11g clients.

■

11b/g/n Mixed: All 802.11b/g/n clients can communicate with the 11n Router (up to 150 Mbps), but data transmission rates may be slowed to compensate for 802.11b/g clients.

◆ Network Name (SSID) — The name of the wireless network service

provided by the 11n Router. Clients that want to connect to the network must set their SSID to the same as that of the 11n Router. (Default: “ALFA”; Range: 1-32 characters)

◆ Multiple SSID1 — One additional VAP interface supported on the

device. (Default: no name configured; Range: 1-32 characters)

◆ Broadcast Network Name (SSID) — By default, the 11n Router

always broadcasts the SSID in its beacon signal. Disabling the SSID broadcast increases security of the network because wireless clients need to already know the SSID before attempting to connect. When set to disable, the Network Name SSID, and SSID1 are automatically set to “Hide.” (Default: Enabled)

◆ AP Isolation — The 11n Router will isolate communincation between

all clients in order to protect them. Normally for users who are at hotspots. (Default: Disabled)

◆ MBSSID AP Isolation — The 11n Router will isolate wireless clients

from different SSID.

◆ BSSID — The identifier (MAC address) of the 11n Router in the Basic

Service Set (BSS) network.

◆ Frequency (Channel) — The radio channel that the 11n Router uses

to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least five channels apart to avoid interference with each other. For example, you can deploy up to three access points in the same area using channels 1, 6, 11. Note that wireless clients automatically set the channel to the same as that used by the 11n Router to which it is linked. Selecting Auto Select enables the 11n Router to automatically select an unoccupied radio channel. (Default: AutoSelect)

– 65 –

HAPTER

| Wireless Configuration

Basic Settings

HT PHYSICAL MODE

SETTINGS

The HT Physical Mode section on the Wireless Settings Advanced page includes additional parameters for 802.11n operation.

Figure 34: HT Physical Mode Settings

The following items are displayed in this section on this page:

◆ HT Channel Bandwidth — The 11n Router provides a channel

bandwidth of 40 MHz by default giving an 802.11g connection speed of 108 Mbps (sometimes referred to as Turbo Mode) and a 802.11n connection speed of up to 150 Mbps. Setting the HT Channel Bandwidth to 20 MHz slows connection speed for 802.11g and 802.11n to 54 Mbps and 74 Mbps respectively and ensures backward compliance for slower

802.11b devices. (Default: 20MHz)

◆ Guard Interval — The guard interval between symbols helps receivers

overcome the effects of multipath delays. When you add a guard time, the back portion of useful signal time is copied and appended to the front. (Default: Auto)

◆ MCS — The Modulation and Coding Scheme (MCS) is a value that

determines the modulation, coding and number of spatial channels. (Options: value [range] = 0~7 (1 Tx Stream), 8~15 (2 TxStream), 32 and auto (33). Default: auto)

◆ Reverse Direction Grant (RDG) — When Reverse Direction Grant is

enabled, the 11n Router can reduce the transmitted data packet collision by using the reverse direction protocol. During TXOP (Transmission Opportunity) period, the receiver could use remaining transmission time to transmit data to a sender. The RDG improves transmission performance and scalability in a wireless environment.

◆ Extension Channel — When 20/40MHz channel bandwidth has been

set, the extension channel option will be enabled. The extension channel will allow you to get extra bandwidth. (Options: 2417MHz/ Channel 2, 2457MHz/Channel 10. Default: AutoSelect.)

– 66 –

ADVANCED SETTINGS

HAPTER

| Wireless Configuration

Advanced Settings

◆ Aggregate MSDU (A-MSDU) — This option enables Mac Service Data

Unit (MSDU) aggregation. (Default: Disable)

◆ Auto Block ACK — Select to block ACK (Acknowledge Number) or not

during data transferring.

◆ Decline BA Request — Select to reject peer BA-Request or not.

The Advanced Settings page includes additional parameters concerning the wireless network and Wi-Fi Multimedia settings.

OTE

There are several variables to consider when selecting a radio mode that make it fully functional. Simply selecting the mode you want is not enough to ensure full compatibility for that mode. Information on these variables may be found in the HT Physcial Mode Setting section.

ADVANCED WIRELESS The Advanced Wireless section on the Wireless Settings Advanced page

includes additional radio parameters.

Figure 35: Advanced Wireless Settings

The following items are displayed in this section on this page:

◆ BG Protection Mode — Enables a backward compatible protection

mechanism for 802.11b clients. There are three modes: (Default: Auto)

– 67 –

HAPTER

■

Auto — The unit enables its protection mechanism for 802.11b

| Wireless Configuration

Advanced Settings

clients when they are detected in the network. When 802.11b clients are not detected, the protection mechanism is disabled.

■

On — Forces the unit to always use protection for 802.11b clients, whether they are detected in the network or not. Note that enabling b/g Protection can slow throughput for 802.11g/n clients by as much as 50%.

■

Off — Forces the unit to never use protection for 802.11b clients. This prevents 802.11b clients from connecting to the network.

◆ Beacon Interval — The rate at which beacon signals are transmitted

from the access point. The beacon signals allow wireless clients to maintain contact with the access point. They may also carry powermanagement information. (Range: 20-999 TUs; Default: 100 TUs)

◆ Data Beacon Rate (DTIM) — The rate at which stations in sleep

mode must wake up to receive broadcast/multicast transmissions.

Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using Power Save mode. The default value of one beacon indicates that the access point will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. (Range: 1-255 beacons; Default: 1 beacon)

◆ Fragmentation Threshold – Configures the minimum packet size that

can be fragmented when passing through the access point. Fragmentation of the PDUs (Package Data Unit) can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size. If there is significant interference present, or collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. (Range: 2562346 bytes; Default: 2346 bytes)

◆ RTS Threshold — Sets the packet size threshold at which a Request to

If the RTS threshold is set to 0, the access point always sends RTS signals. If set to 2347, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS

– 68 –

HAPTER

| Wireless Configuration

Advanced Settings

threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled.

The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2347 bytes: Default: 2347 bytes)

◆ Short Preamble — Sets the length of the signal preamble that is used

at the start of a data transmission. Use a short preamble (96 microseconds) to increase data throughput when it is supported by all connected 802.11g clients. Use a long preamble (192 microseconds) to ensure all 802.11b clients can connect to the network. (Default: Disabled)

◆ Short Slot — Sets the basic unit of time the access point uses for

calculating waiting times before data is transmitted. A short slot time (9 microseconds) can increase data throughput on the access point, but requires that all clients can support a short slot time (that is, 802.11gcompliant clients must support a short slot time). A long slot time (20 microseconds) is required if the access point has to support

802.11b clients. (Default: Enabled)

◆ TX Burst — A performance enhancement that transmits a number of

data packets at the same time when the feature is supported by compatible clients. (Default: Enabled)

◆ Packet Aggregate — A performance enhancement that combines data

packets together when the feature is supported by compatible clients. (Default: Enabled)

WI-FI MULTIMEDIA The 11n Router implements Quality of Service (QoS) using the Wi-Fi

Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the developing IEEE 802.11e QoS standard and it enables access points to interoperate with both WMM-enabled clients and other devices that may lack any WMM functionality.

WMM defines four access categories (ACs): voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags (see Tab le 3). The direct mapping of the four ACs to 802.1D priorities is specifically intended to facilitate interoperability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WMM allows the priority levels to be configured to match any network-wide QoS policy. WMM also specifies a protocol that access points can use to communicate the configured traffic priority levels to QoS-enabled wireless clients.

– 69 –

Table 3: WMM Access Categories

HAPTER

| Wireless Configuration

Advanced Settings

Access Category

AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive

AC_VI (AC2) Video High priority, minimum delay. Time-sensitive

AC_BE (AC0) Best Effort Normal priority, medium delay and throughput.

AC_BK (AC1) Background Lowest priority. Data with no delay or

WMM Designation

Description 802.1D

data such as VoIP (Voice over IP) calls.

data such as streaming video.

Data only affected by long delays. Data from applications or devices that lack QoS capabilities.

throughput requirements, such as bulk data transfers.

WLAN Security

The 11n Router’s wireless interface is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with a configured SSID of “ANY” can read the SSID from the beacon, and automatically set their SSID to allow immediate connection to the wireless network.

To implement wireless network security, you have to employ one or both of the following functions:

◆ Authentication — It must be verified that clients attempting to

connect to the network are authorized users.

◆ Traffic Encryption — Data passing between the unit and clients must

be protected from interception and eavesdropping.

The 11n Router supports supports ten different security mechanisms that provide various levels of authentication and encryption depending on the requirements of the network.

The 11n Router supports two SSID interfaces. Each SSID interface functions as a separate access point, and can be configured with its own security settings.

Click on “Wireless Settings,” followed by “Basic”.

Figure 39: Security Mode Options

– 73 –

HAPTER

| Wireless Configuration

WLAN Security

The supported security mechanisms and their configuration parameters are described in the following sections:

◆ OPEN, SHARED, WEP-AUTO — See “Wired Equivalent Privacy (WEP)”

on page 74

◆ WPA-PSK, WPA2-PSK, WPA-PSK_WPA2-PSK — See “WPA Pre-

Shared Key” on page 75

◆ WPA, WPA2, WPA1_WPA2 — See “WPA Enterprise Mode” on

page 76

◆ 802.1X — See “IEEE 802.1X and RADIUS” on page 78

WIRED EQUIVALENT

PRIVACY (WEP)

WEP provides a basic level of security, preventing unauthorized access to the network, and encrypting data transmitted between wireless clients and an access point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network.

When you select to use WEP, be sure to define at least one static WEP key for user authentication or data encryption. Also, be sure that the WEP shared keys are the same for each client in the wireless network.

Figure 40: Security Mode - WEP

The following items are displayed in this section on this page:

Security Mode — Configures the WEP security mode used by clients. When using WEP, be sure to define at least one static WEP key for the 11n Router and all its clients. (Default: Disable)

◆ OPEN — Open-system authentication accepts any client attempting to

connect the 11n Router without verifying its identity. In this mode the default data encryption type is “WEP.”

◆ SHARED — The shared-key security uses a WEP key to authenticate

clients connecting to the network and for data encryption.

– 74 –

HAPTER

| Wireless Configuration

WLAN Security

◆ WEP-AUTO — Allows wireless clients to connect to the network using

Open-WEP (uses WEP for encryption only) or Shared-WEP (uses WEP for authentication and encryption).

◆ Encrypt Type — Selects WEP for data encryption (OPEN mode only).

◆ Default Key — Selects the WEP key number to use for authentication

or data encryption. If wireless clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys. (Default: 1; Range: 1~4)

◆ WEP Keys 1 ~ 4 — Sets WEP key values. The user must first select

ASCII or hexadecimal keys. Each WEP key has an index number. Enter key values that match the key type and length settings. Enter 5 alphanumeric characters or 10 hexadecimal digits for 64-bit keys, or enter 13 alphanumeric characters or 26 hexadecimal digits for 128-bit keys. (Default: Hex, no preset value)

WPA PRE-SHARED

KEY

Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP pending the adoption of a more robust wireless security standard. WPA2 includes the complete wireless security standard, but also offers backward compatibility with WPA. Both WPA and WPA2 provide an “enterprise” and “personal” mode of operation.

For small home or office networks, WPA and WPA2 provide a simple “personal” operating mode that uses just a pre-shared key for network access. The WPA Pre-Shared Key (WPA-PSK) mode uses a common password phrase for user authentication that is manually entered on the access point and all wireless clients. Data encryption keys are automatically generated by the access point and distributed to all clients connected to the network.

Figure 41: Security Mode - WPA-PSK

The following items are displayed in this section on this page:

Security Mode — Configures the WPA-PSK and WPA2-PSK security modes used by clients. When using WPA-PSK or WPA2-PSK, be sure to define the shared key for the 11n Router and all its clients. (Default: Disable)

◆ WPA-PSK — Clients using WPA with a Pre-shared Key are accepted for

authentication. The default data encryption type for WPA is TKIP.

– 75 –

HAPTER

| Wireless Configuration

WLAN Security

◆ WPA2-PSK — Clients using WPA2 with a Pre-shared Key are accepted

for authentication. The default data encryption type for WPA is AES.

◆ WPA-PSK_WPA2-PSK — Clients using WPA or WPA2 with a Pre-

shared Key are accepted for authentication. The default data encryption type is TKIP/AES.

◆ WPA Algorithms — Selects the data encryption type to use. (Default

is determined by the Security Mode selected.)

■

TKIP — Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys.

■

AES — Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AESCCMP) provides extremely robust data confidentiality using a 128bit key. Use of AES-CCMP encryption is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware.

WPA ENTERPRISE

MODE

■

TKIP/AES — Uses either TKIP or AES keys for encryption. WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for each client.

◆ Pass Phrase — The WPA Preshared Key can be input as an ASCII

string (an easy-to-remember form of letters and numbers that can include spaces) or Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64 Hexadecimal digits)

◆ Key Renewal Interval — Sets the time period for automatically

changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds)

For enterprise deployment, WPA and WPA2 use IEEE 802.1X for user authentication and require a RADIUS authentication server to be configured on the wired network. Data encryption keys are automatically generated and distributed to all clients connected to the network.

– 76 –

Figure 42: Security Mode - WPA

HAPTER

| Wireless Configuration

WLAN Security

The following items are displayed in this section on this page:

Security Mode — Configures the WPA and WPA2 security modes used by clients. When using WPA or WPA2, be sure there is a RADIUS server in the connected wired network, and that the RADIUS settings are configured. See “IEEE 802.1X and RADIUS” on page 78 for more information. (Default: Disable)

◆ WPA — Clients using WPA with an 802.1X authentication method are

accepted for authentication. The default data encryption type for WPA is TKIP.

◆ WPA2 — Clients using WPA2 with an 802.1X authentication method

are accepted for authentication. The default data encryption type for WPA is AES.

◆ WPA1_WPA2 — Clients using WPA or WPA2 with an 802.1X

authentication method are accepted for authentication. The default data encryption type is TKIP/AES.

◆ WPA Algorithms — Selects the data encryption type to use. (Default

is determined by the Security Mode selected.)

■

AES — Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for

– 77 –

HAPTER

| Wireless Configuration

WLAN Security

message integrity. The AES Counter-Mode/CBCMAC Protocol (AESCCMP) provides extremely robust data confidentiality using a 128bit key. Use of AES-CCMP encryption is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware.

■

◆ Key Renewal Interval — Sets the time period for automatically

changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds)

◆ PMK Cache Period — WPA2 provides fast roaming for authenticated

clients by retaining keys and other security information in a cache, so that if a client roams away from an access point and then returns reauthentication is not required. This parameter sets the time for deleting the cached WPA2 Pairwise Master Key (PMK) security information. (Default: 10 minutes)

IEEE 802.1X AND

RADIUS

◆ Pre-Authentication — When using WPA2, pre-authentication can be

enabled that allows clients to roam to another access point and be quickly associated without performing full 802.1X authentication. (Default: Disabled)

IEEE 802.1X is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. The 802.1X standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, user names and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the client can access the network.

Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.

The WPA and WPA2 enterprise security modes use 802.1X as the method of user authentication. IEEE 802.1X can also be enabled on its own as a security mode for user authentication. When 802.1X is used, a RADIUS server must be configured and be available on the connected wired network.

OTE

This guide assumes that you have already configured RADIUS server(s) to support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software.

– 78 –

HAPTER

Figure 43: Security Mode - 802.1X

| Wireless Configuration

The following items are displayed in this section on this page:

WLAN Security

Security Mode — Configures the 802.1X security mode used by clients. When using 802.1X, either with WPA/WPA2 or on its own, be sure there is a configured RADIUS server in the connected wired network. (Default: Disable)

802.1X WEP: Selects WEP keys for data encryption. When enabled, WEP encryption keys are automatically generated by the RADIUS server and distributed to all connected clients. (Default: Disabled)

RADIUS Server — Configures RADIUS server settings.

◆ IP Address — Specifies the IP address of the RADIUS server.

◆ Port — The User Datagram Protocol (UDP) port number used by the

RADIUS server for authentication messages. (Range: 1024-65535; Default: 1812)

◆ Shared Secret — A shared text string used to encrypt messages

between the access point and the RADIUS server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string. (Maximum length: 20 characters)

◆ Session Timeout — Number of seconds the access point waits for a

reply from the RADIUS server before resending a request. (Range: 160 seconds; Default: 0)

◆ Idle Timeout — Sets the maximum time (in seconds) of client

inactivity before a session is terminated.

– 79 –

HAPTER

Wireless Distribution System (WDS)

| Wireless Configuration

ACCESS POLICY The 11n Router provides a MAC address filtering facility. The access policy

can be set to allow or reject specific station MAC addresses. This feature can be used to connect known wireless devices that may not be able to support the configured security mode.

Figure 44: Access Policy

The following items are displayed in this section on this page:

◆ Access Policy — The access policy can be set to allow or reject specific

station MAC addresses.

◆ Add a station MAC — Enter the MAC address of the station that you

want to filter. MAC addresses must be entered in the format xx:xx:xx:xx:xx:xx.

WIRELESS DISTRIBUTION SYSTEM (WDS)

The radio interface can be configured to operate in a mode that allows it to forward traffic directly to other 11n Router units. This feature can be used to extend the range of the wireless network to reach remote clients, or to link disconnected network segments to an Internet connection.

To set up links between units, you must configure the Wireless Distribution System (WDS) forwarding table by specifying the wireless MAC address of all units to which you want to forward traffic.

OTE

All units in a WDS wireless network must be configured with the same SSID and use the same radio channel. Also each WDS link must be configured with the same encryption key on both units in the link.

Up to four WDS links can be specified for each unit in the WDS network. The following figures illustrate an example WDS network. Figure 45 shows the manual set up of MAC addresses for units in the WDS network.

Figure 46 shows the basic configuration required on each unit in the WDS

network.

– 80 –

Internet Service Provider

MAC: 00-22-2D-62-EA-11

WDS MAC List: 00-22-2D-62-EA-22 00-22-2D-62-EA-33 00-22-2D-62-EA-44

MAC: 00-22-2D-62-EA-22

WDS MAC List: 00-22-2D-62-EA-11

Cable/DSL

Modem

WDS Link

MAC: 00-22-2D-62-EA-33

WDS MAC List: 00-22-2D-62-EA-11

MAC: 00-22-2D-62-EA-44

WDS MAC List: 00-22-2D-62-EA-11

WDS Link

Internet Service Provider

Operation Mode: Router

DHCP Server: Enable LAN IP Address: 192.168.2.1

WDS Mode: Bridge

Operation Mode: Bridge WDS Mode: Repeater DHCP Server: Disable LAN IP Address: 192.168.2.2

Cable/DSL

Modem

WDS Link

Operation Mode: Bridge WDS Mode: Lazy DHCP Server: Disable LAN IP Address: 192.168.2.3

Operation Mode: WDS Mode: Lazy DHCP Server: Disable LAN IP Address: 192.168.2.4

Router

WDS Link

HAPTER

Wireless Distribution System (WDS)

Figure 45: Manual WDS MAC Address Configuration

Figure 46: WDS Configuration Example

| Wireless Configuration

A WDS link between two units can be configured in any of the following Operation Mode combinations:

1. Both units in a link are configured as Router Mode.

2. One unit in a link is configured in Router Mode and the other in Bridge

3. Both units in a link are configured as Bridge Mode.

When two or more units in the WDS network are set to Router Mode, be sure to check these settings:

◆ Be sure each unit is configured with a different LAN IP address.

Mode.

– 81 –

HAPTER

Wireless Distribution System (WDS)

| Wireless Configuration

◆ Be sure that only one unit has an Internet access on its WAN port.

◆ Be sure the DHCP server is enabled only on one unit. When one unit is

providing Internet access, enable the DHCP server on that unit.

OTE

When using WDS Lazy mode in the network, at least one unit must be set to Bridge or Repeater mode.

Figure 47: WDS Configuration

The WDS settings configure WDS related parameters. Up to four MAC addresses can be specified for each unit in the WDS network. WDS links may either be manually configured (Bridge and Repeater modes) or autodiscovered (Lazy mode).

The following items are displayed on this page:

◆ WDS Mode — Selects the WDS mode of the SSID. (Options: Disable,

Lazy, Bridge, Repeater. Default: Disable)

■

Disable: WDS is disabled.

■

Lazy: Operates in an automatic mode that detects and learns WDS peer addresses from received WDS packets, without the need to

– 82 –

HAPTER

| Wireless Configuration

Wi-Fi Protected Setup (WPS)

configure a WDS MAC list entry. This feature allows the 11n Router to associate with other 11n Routers in the network and use their WDS MAC list. Lazy mode requires one other 11n Router within the wireless network that is configured in Bridge or Repeater mode, and has a configured MAC address list.

■

Bridge: Operates as a standard bridge that forwards traffic between WDS links (links that connect to other units in Repeater or Lazy mode). The MAC addresses of WDS peers must be configured on the 11n Router.

■

Repeater: Operates as a wireless repeater, extending the range for remote wireless clients and connecting them to an AP connected to the wired network. The MAC addresses of WDS peers must be configured on the 11n Router.

◆ Physical — The radio media coding used on all WDS links. CCK

corresponds to 11b, OFDM corresponds to 11g, and HTMIX corresponds to 11n.

◆ Encryption Type — The data encryption used on the WDS link. Be

sure that both ends of a WDS link are configured with the same encryption type and key. (Options: None, WEP, TKIP, AES. Default: None)

◆ Encryption Key — The encryption key for the WDS link. The key type

and length varies depending on the encryption type selected. For WEP, enter 5 alphanumeric characters or 10 hexadecimal digits for 64-bit keys, or 13 alphanumeric characters or 26 hexadecimal digits for 128bit keys. For TKIP or AES, enter a password key phrase of between 8 to 63 ASCII characters, which can include spaces, or specify exactly 64 hexadecimal digits.

◆ AP MAC Address — The MAC address of the other 11n Router in the

WDS link.

WI-FI PROTECTED SETUP (WPS)

Wi-Fi Protected Setup (WPS) is designed to ease installation and activation of security features in wireless networks. WPS has two basic modes of operation, Push-button Configuration (PBC) and Personal Identification Number (PIN). The WPS PIN setup is optional to the PBC setup and provides more security. The WPS button on the 11n Router can be pressed at any time to allow a single device to easily join the network.

The WPS Settings page includes configuration options for setting WPS device PIN codes and activating the virtual WPS button.

Click on “Wireless Settings,” followed by “WPS”.

– 83 –

HAPTER

Figure 48: Enabling WPS

| Wireless Configuration

Wi-Fi Protected Setup (WPS)

The following items are displayed on this page:

◆ WPS — Enables WPS, locks security settings, and refreshes WPS

configuration information. (Default: Disabled)

Figure 49: WPS Configuration

The following items are displayed on this page:

WPS Summary — Provides detailed WPS statistical information.

◆ WPS Current Status — Displays if there is currently any WPS traffic

connecting to the 11n Router. (Options: Start WSC Process; Idle)

– 84 –

HAPTER

| Wireless Configuration

Wi-Fi Protected Setup (WPS)

◆ WPS Configured — States if WPS for wireless clients has been

configured for this device.

◆ WPS SSID — The service set identifier for the unit.

◆ WPS Auth Mode — The method of authentication used.

◆ WPS Encryp Type — The encryption type used for the unit.

◆ WPS Default Key Index — Displays the WEP default key (1~4).

◆ WPS Key (ASCII) — Displays the WPS security key (ASCII) which can

be used to ensure the security of the wireless network.

◆ AP PIN — Displays the PIN Code for the 11n Router. The default is

exclusive for each unit. (Default: 64824901)

◆ Reset WPS to Default — Resets the WPS settings to factory default

values.

WPS Config — Configures WPS settings for the 11n Router.

◆ WPS Mode — Selects between methods of broadcasting the WPS

beacon to network clients wanting to join the network:

■

PIN: The 11n Router, along with other WPS devices, such as notebook PCs, cameras, or phones, all come with their own eightdigit PIN code. When one device, the WPS enrollee, sends a PIN code to the 11n Router, it becomes the WPS registrar. After configuring PIN-Code information you must press “Apply” to send the beacon, after which you have up to two minutes to activate WPS on devices that need to join the network.

■

PBC: This has the same effect as pressing the physical WPS button that is located on the front of the 11n Router. After checking this option and clicking “Apply” you have up to two minutes to activate WPS on devices that need to join the network.

– 85 –

STATION LIST

HAPTER

| Wireless Configuration

Station List

Displays the station information which associated to this 11n Router.

Figure 50: Station List

– 86 –

8 WISP MODE WIRELESS

CONFIGURATION

This chapter describes configuration settings for the 11n Router to function as a wireless client for connecting to another wireless network, such as a Wireless Internet Service Provider (WISP). It includes the following sections:

◆ “Profile” on page 87

◆ “Link Status” on page 93

◆ “Site Survey” on page 95

◆ “Statistics” on page 96

PROFILE

The Station Profile page shows the list of configuration profiles for connecting to preferred Wi-Fi networks.

Figure 51: Station Profile

For a selected profile in the list, you can click Activate to connect to the specified network, Edit to modify the configuration details, or Delete to remove the profile from the list. Click Add to manually set up details for a new wireless network.

– 87 –

HAPTER

| WISP Mode Wireless Configuration

Profile

PROFILE

CONFIGURATION

The profile settings page allows you to configure and save wireless settings for a specific wireless network connection.

Figure 52: Profile—System Configuration (Infrastructure)

Figure 53: Profile—System Configuration (Ad Hoc)

The following items are displayed on this page:

◆ Profile Name — A name that identifies the profile (0-32 ASCII

characters are allowed; no spaces can be used).

◆ SSID — The name of the wireless network to which the client will

connect.

◆ Network Type — The type of wireless network.

(Default: Infrastructure)

■

Infrastructure: An integrated wireless and wired LAN. Select Infrastructure to associate to an AP.

– 88 –

HAPTER

■

802.11 Ad hoc: A group of wireless devices connected as an

| WISP Mode Wireless Configuration

Profile

independent wireless LAN. Select “Ad hoc” to associate to a peer computer.

◆ Power Saving Mode — Only available when “Infrastructure” is

selected as the network type.

■

CAM (Constantly Awake Mode): Power saving mode is disabled.

■

Power Saving Mode: Enables the power save operation.

◆ Channel — The radio channel used to communicate with wireless peers

in an ad hoc network. The channel has to be the same for all peer computers. (Only available when “Ad hoc” is selected as the network type.)

◆ 11B Preamble Type — Sets the length of the signal preamble that is

used at the start of a data transmission. Use a long preamble (192 microseconds) to ensure connection to all 802.11b devices. When set to Auto, a short (96 microseconds) or long preamble will be used depending on the capabilities of other ad hoc network devices. (Only available when “Ad hoc” is selected as the network type.) (Default: Auto)

◆ RTS Threshold — Sets the packet size threshold at which a Request to

Send (RTS) signal must be sent to a receiving station prior to the sending station starting communications. The access point sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an RTS frame, the station sends a CTS (clear to send) frame to notify the sending station that it can start sending data. If the RTS threshold is set to 0, the access point always sends RTS signals. If set to 2347, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled. The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 0-2347 bytes)

◆ Fragment Threshold — Configures the minimum packet size that can

be fragmented when passing through the access point. Fragmentation of the PDUs (Package Data Unit) can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size. If there is significant interference present, or collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. (Range: 2562346 bytes; Default: 2346 bytes)

– 89 –

HAPTER

| WISP Mode Wireless Configuration

SECURITY POLICY Configures authentication and encryption to match the security of the

wireless network. For an infrastructure network, four security modes are supported, including Open, Shared, WPA-Personal, and WPA2-Personal. For an ad hoc network, Open, Shared, and WPA-NONE (same as WPAPersonal) modes are supported.

Figure 54: Add Profile-Security Policy

The following items are available for the Security Mode:

Profile

◆ Open: Open-system authentication accepts any client attempting to

connect to the access point without verifying its identity.

◆ Shared: Uses Wired Equivalent Privacy (WEP) to verify client identity

by distributing a shared key to clients before attempting authentication.

◆ WPA-Personal: Wi-Fi Protected Access (WPA) employs a combination

of technologies to provide an enhanced security solution for wireless networks. The WPA Pre-shared Key (WPA-PSK, or WPA-Personal) mode for small networks uses a common password phrase that must be manually distributed to all clients that want to connect to a network.

◆ WPA2-Personal: A security enhancement to WPA that includes

stronger encryption based on the AES algorithm, which is considered the strongest security possible. The WPA2-Personal mode also requires a common password phrase that must be manually distributed to all clients that want to connect to a network.

– 90 –

HAPTER

| WISP Mode Wireless Configuration

Profile

WEP SHARED-KEY

SECURITY

Wired Equivalent Privacy (WEP) provides a basic level of security, preventing unauthorized access to the network and encrypting data transmitted between wireless clients. WEP uses static shared keys (fixedlength hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. When WEP shared-key security is enabled, you must configure at least one key.

Figure 55: WEP Security

The following items are displayed for WEP Shared-key security:

◆ WEP Key Length — Sets the length of the WEP key. (Default: 64 bit;

Options: 64 bit, 128 bit)

◆ WEP Key Entry Method — Specifies the method for entering the WEP

key values. (Default: Hexadecimal; Options: Hexadecimal, Ascii Text)

◆ Key 1 ~ Key 4 — Sets WEP key values. The user must first choose

between ASCII or Hexadecimal keys. At least one key must be specified. Each WEP key has an index number. Enter key values that match the key type and length settings. Standard keys are either 5 or 13 alphanumeric characters; or 10 or 26 hexadecimal digits.

◆ Default Key — Sets the WEP key used for authentication. (Default: 1;

Range: 1~4)

– 91 –

HAPTER

| WISP Mode Wireless Configuration

Profile

WPA/WPA2-

PERSONAL SECURITY

For small home or office networks, WPA and WPA2 provide a simple “personal” operating mode that uses a pre-shared key for network access. This mode uses a common password phrase for user authentication that is manually entered on an AP and all wireless clients.

Figure 56: WPA Security

The following items are displayed for WPA-personal security:

◆ WPA Algorithms — Configure the encryption algorithm for WPA/

WPA2-Personal security. The selection options are TKIP and AES.

■

TKIP — Use Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys.

■

AES — Use Advanced Encryption Standard (AES) keys for encryption. AES (AES-CCMP) provides extremely robust data confidentiality using a 128-bit key and is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware.

◆ Pass Phrase — The WPA pre-shared Key can be entered as an ASCII

string (an easy-to-remember form of letters and numbers that can include spaces) or Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64 Hexadecimal digits)

– 92 –

LINK STATUS

HAPTER

| WISP Mode Wireless Configuration

Link Status

The Link Status page displays the current status of the connection to the wireless network.

The following items are displayed on this page:

◆ Status — The service set identifier of the wireless network and the

MAC address of the connected AP.

◆ Extra Info — Indicates if the link is active.

◆ Channel — Specifies the current channel in use.

◆ Link Speed — The current transmitting and receiving rates.

◆ Throughput — The transmitting and receiving throughputs.

◆ Link Quality — The strength of the receive signal compared to other

interference and noise.

◆ Signal Strength 1~3 — The current receive signal strength indication.

◆ Noise Level — A value that indicates the amount of radio noise on the

current channel.

◆ dBm Format — Displays the signal strength and noise values in dBm.

– 93 –

HAPTER

| WISP Mode Wireless Configuration

Link Status

◆ BW (Channel Bandwidth) — The 11n Router provides a channel

802.11b devices.

◆ GI (Guard Interval) — The guard interval between symbols helps

receivers overcome the effects of multipath delays. When you add a guard time, the back portion of useful signal time is copied and appended to the front.

◆ STBC — Indicates if Space Time Block Coding (STBC) is being used.

STBC is a MIMO mechanism that allows a unit with only one antenna to leverage multiple antennas on other 802.11n devices to improve performance and range.

◆ MCS — The Modulation and Coding Scheme (MCS) is a value that

determines the modulation, coding and number of spatial channels. (Options: value [range] = 0~7 (1 Tx Stream), 8~15 (2 TxStream), 32 and auto (33))

◆ SNR (0/1) — The signal-to-noise ratio value for the MIMO spatial

channels 0 and 1.

– 94 –

SITE SURVEY

HAPTER

| WISP Mode Wireless Configuration

Site Survey

Site survey page displays information of detected wireless networks. You can select one of these networks to connect to, or add it as a profile.

Figure 57: Station Site Survey

The following items are displayed on this page:

◆ SSID — The name of a detected wireless network.

◆ BSSID — The MAC address of the detected AP.

◆ RSSI — The receive signal strength of the detected AP.

◆ Channel — The radio channel used by the detected AP.

◆ Encryption — The data encryption type used by the detected AP.

◆ Authentication — The authentication method used by the detected

AP.

◆ Network Type — The type of wireless network detected;

infrastructure or ad hoc.

– 95 –

STATISTICS

HAPTER

| WISP Mode Wireless Configuration

Statistics

◆ Connect — Click to attempt a connection to the selected wireless

network.

◆ Rescan — Click to scan all radio channels for nearby wireless

networks.

◆ Add Profile — Click to add the selected network as a profile. This

action opens the Profile Configuration page (see “Profile Configuration”

on page 88).

The statistics page displays the connection-related statistics with detail counter information.

Figure 58: Station Statistics

The following items are displayed on this page:

◆ Frames Transmitted Successfully — The number of data frames

transmitted from the client and successfully received by the AP or network peer.

◆ Frames Transmitted Successfully Without Retry — The number of

data frames transmitted from the client and successfully received by the AP or network peer without the need of a retransmit.

– 96 –

HAPTER

| WISP Mode Wireless Configuration

Statistics

◆ Frames Transmitted Successfully After Retry(s) — The number of

data frames transmitted from the client and successfully received by the AP or network peer after being retransmited.

◆ Frames Fail To Receive ACK After All Retries — The number of

data frames transmitted from the client that were not successfully received by the AP or network peer.

◆ RTS Frames Successfully Receive CTS — The number of Request to

Send frames transmitted from the client that resulted in a Clear to Send frame being successfully received.

◆ RTS Frames Fail to Receive CTS — The number of Request to Send

frames transmitted from the client that did not result in a Clear to Send frame being received.

◆ Frames Received Successfully — The number of data frames

successfully received by the client.

◆ Frames Received With CRC Error — The number of data frames

received by the client that had CRC errors.

◆ Frames Dropped Due To Out-of-Resource — The number of data

frames dropped by the client due to a lack of resources in the device.

◆ Duplicate Frames Received — The number of duplicate data frames

received by the client.

◆ Reset Counters — Click to set all the statistics counters back to zero.

– 97 –

9 FIREWALL CONFIGURATION

The 11n Router provides extensive firewall protection by restricting connection parameters to limit the risk of intrusion and defending against a wide array of common hacker attacks.

Firewall Configuration contains the following sections:

◆ “MAC/IP/Port Filtering” on page 98

◆ “Virtual Server Settings (Port Forwarding)” on page 101

◆ “DMZ” on page 102

◆ “System Security” on page 103

◆ “Content Filtering” on page 104

MAC/IP/PORT FILTERING

MAC/IP/Port filtering restricts connection parameters to limit the risk of intrusion and defends against a wide array of common hacker attacks. MAC/IP/Port filtering allows the unit to permit, deny or proxy traffic through its MAC addresses, IP addresses and ports.

The 11n Router allows you define a sequential list of permit or deny filtering rules (up to 32). This device tests ingress packets against the filter rules one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the packet is either accepted or dropped depending on the default policy setting.

– 98 –

Figure 59: MAC/IP/Port Filtering

HAPTER

| Firewall Configuration

MAC/IP/Port Filtering

The following items are displayed on this page:

◆ MAC/IP/Port Filtering — Enables or disables MAC/IP/Port Filtering.

(Default: Disable)

◆ Default Policy — When MAC/IP/Port Filtering is enabled, the default

policy will be enabled. If you set the default policy to “Dropped”, all incoming packets that don’t match the rules will be dropped. If the policy is set to "Accepted," all incoming packets that don't match the rules are accepted. (Default: Dropped)

◆ MAC Address — Specifies the MAC address to block or allow traffic

from.

– 99 –

HAPTER

| Firewall Configuration

MAC/IP/Port Filtering

◆ Destination IP Address — Specifies the destination IP address to

block or allow traffic from.

◆ Source IP Address — Specifies the source IP address to block or allow

traffic from.

◆ Protocol — Specifies the destination port type, TCP, UDP or ICMP.

(Default: None).

◆ Destination Port Range — Specifies the range of destination port to

block traffic from the specified LAN IP address from reaching.

◆ Source Port Range — Specifies the range of source port to block

traffic from the specified LAN IP address from reaching.

◆ Action — Specifies if traffic should be accepted or dropped. (Default:

Accept)

◆ Comment — Enter a useful comment to help identify the filtering rules.

CURRENT FILTER

RULES

The Current Filter Table displays the configured IP addresses and ports that are permitted or denied access to and from the 11n Router.

◆ Select — Selects a table entry.

◆ MAC Address — Displays a MAC address to filter.

◆ Destination IP Address — Displays the destination IP address.

◆ Source IP Address — Displays the source IP address.

◆ Protocol — Displays the destination port type.

◆ Destination Port Range — Displays the destination port range.

◆ Source Port Range — Displays the source port range.

◆ Action — Displays if the specified traffic is accepted or dropped.

◆ Comment — Displays a useful comment to identify the routing rules.

– 100 –

ALFA NETWORK AIP-W505 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

COMPLIANCES

ABOUT THIS GUIDE

CONTENTS

FIGURES

TABLES

GETTING STARTED

KEY HARDWARE FEATURES

DESCRIPTION OF CAPABILITIES

Package Contents

HARDWARE DESCRIPTION

INTERNET GATEWAY ROUTER

LAN Access Point

Wireless Bridge

Wireless Client

SYSTEM REQUIREMENTS

Mounting the Device

Router Mode Connections

Bridge Mode Connections

ISP SETTINGS

CONNECTING TO THE LOGIN PAGE

Home Page and Main Menu

SETUP WIZARD

Common Web Page Buttons

WEB CONFIGURATION

Logging In

Operation Mode Configuration

WAN SETTING

DHCP Enables Dynamic Host Configuration Protocol (DHCP) for the WAN port.

PPTP Enables the Point-to-Point Tunneling Protocol (PPTP) for implementing

L2TP Enables the Layer 2 Tunneling Protocol (L2TP) for implementing virtual

LAN Setting

DHCP Clients

Advanced Routing

BASIC SETTINGS

Advanced Settings

WLAN Security

Wireless Distribution System (WDS)

Wi-Fi Protected Setup (WPS)

Station List

PROFILE

Link Status

Site Survey

Statistics

MAC/IP/PORT FILTERING