Belkin F5D623142 Users Manual

USING THE WEB-BASED ADVANCED USER INTERFACE

Using the Accept “ANY” SSID Feature

Note: This advanced feature should be employed by advanced users only. A feature of wireless networking is the ability to scan for networks and connect to them easily. For instance, you can set up a wireless-equipped computer to connect to and an SSID called “ANY”. This forces the wireless network adapter in the computer to look for any network in the area and connect to it. For ease-of-use this is very convenient, but in some cases you may want users to have to specify the name of the network. You can program the Router to reject a wireless-equipped computer looking for an SSID of “ANY”. Remove the check mark in the box next to “Accept ‘ANY’ SSID”, then click “Apply Changes”. The change is immediate. Each computer now needs to be set to connect to your specific SSID; an SSID of “ANY” will no longer be accepted. Refer to the documentation of your wireless network adapter for information on making this change.

Using the Broadcast SSID Feature

Note: This advanced feature should be employed by advanced users only. For security, you can choose not to broadcast your network’s SSID. Doing so will keep your network name hidden from computers that are scanning for the presence of wireless networks. To turn off the broadcast of the SSID, remove the check mark from the box next to “Broadcast SSID”, then click “Apply Changes”. The change is immediate. Each computer now needs to be set to connect to your specific SSID; an SSID of “ANY” will no longer be accepted. Refer to the documentation of your wireless network adapter for information on making this change.

Changing the Wireless Encryption Settings

Clicking on the “Encryption” link in the “Wireless” tab will take you to the Encryption settings screen. To make setting up your network for the first time easy, the Router ships with encryption turned off. If you wish to turn on encryption, you can do so from this page. Turning on encryption will require you to set each of your wireless-equipped computers with the same encryption settings that you make in the Router. Refer to the documentation of your wireless network adapter for information on making this change.

There are two types of encryption to choose from: 64-bit and 128-bit encryption. Using encryption will make your network more secure, but will slow down the network performance. Although network performance will be reduced, it is likely the change will not be detectable to users of the network.

USING THE WEB-BASED ADVANCED USER INTERFACE

Setting Encryption Automatically Using a Passphrase

Note to Mac users: The Passphrase option will not operate with Apple® AirPort®. To configure encryption for your Mac computer, set the encryption using the manual method described in the next section.

1. Select “64-bit

automatically” or “128-bit automatically” from the drop-down menu.

2. Type in a passphrase. A passphrase is like a password. It can be a mixture

of numbers and letters. After you type in your passphrase, click “Generate”. When you click “Generate”, the key fields below will become populated. Note:

64-bit encryption will generate four keys and 128-bit encryption will generate only one key. Select the

key you want to use by clicking the radio button next to it. Click “Apply Changes”.

3. Encryption in the Router is now set. Each of your computers on your

wireless network will now need to be configured with the same passphrase. Refer to the documentation of your wireless network adapter for information on making this change.

USING THE WEB-BASED ADVANCED USER INTERFACE

Setting Encryption Manually Using a Hexadecimal Key

A hexadecimal key is a mixture of numbers and letters from A–F and 0–9. 64-bit keys are five 2-digit numbers. 128-bit keys are 13 2-digit numbers.

For instance: AF 0F 4B C3 D4 = 64-bit key C3 03 0F AF 0F 4B B2 C3 D4 4B C3 D4 E7 = 128-bit key

In the boxes below, make up your key by writing in two characters between A–F and 0–9. You will use this key to program the encryption settings on your Router and your wireless computers.

Note to Mac users: Original Apple AirPort products support 64-bit encryption only. Apple AirPort 2 products can support 64-bit or 128-bit encryption. Please check your product to see which version you are using. If you cannot configure your network with 128-bit encryption, try 64-bit encryption.

1. Select “64-bit

manually” or “128-bit manually” from the drop-down menu.

2. If using 64-bit

encryption, there will be four key fields. If using 128-bit encryption, there will be one key field. In the key field(s), type in the hexadecimal key(s) that you wish to use. When finished typing in your keys, select which key you want to use by clicking the radio button next to it. Click “Apply Changes”.

3. Encryption in the Router is now set. Each of your computers on your

wireless network will now need to be configured with the same hexadecimal key. Refer to the documentation of your wireless network adapter for information on making this change.

USING THE WEB-BASED ADVANCED USER INTERFACE

Using the Access Point Mode

Note: This advanced feature should be employed by advanced users only. The Router can be configured to work as a wireless network access point. Using this mode will defeat the NAT IP sharing feature and DHCP server. In AP mode, the Router will need to be configured with an IP address that is in the same subnet as the rest of the network that you will bridge to. The default IP address is

192.168.2.254 and subnet mask is 255.255.255.0. These can be customized for your need.

1. Enable the AP mode my selecting “Enable” in the “Use as Access Point only”

page. When you select this option, you will be able to change the IP settings.

2. Set your IP settings to match your network. Click “Apply Changes”.

3. Connect a cable from the WAN port on the Router to your existing network.

The Router is now acting as an Access Point. To access the Router advanced user interface again, type the IP address you specified into your browser’s navigation bar. You can set the encryption settings, MAC address filtering, SSID and channel normally.

USING THE WEB-BASED ADVANCED USER INTERFACE

Configuring the Firewall

Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including:

• IP Spoofing

• Land Attack

• Ping of Death (PoD)

• Denial of Service (DoS)

• IP with zero length

• Smurf Attack

• TCP Null Scan

• SYN flood

• UDP flooding

• Tear Drop Attack

• ICMP defect

• RIP defect

• Fragment flooding

The firewall also masks common ports that are frequently used to attack networks. These ports appear to be “Stealth” meaning that for all intents and purposes, they do not exist to a would-be hacker. You can turn the firewall function off if needed, however, it is recommended that you leave the firewall enabled. Disabling the firewall protection will not leave your network completely vulnerable to hacker attacks, but it is recommended that you leave the firewall enabled.

USING THE WEB-BASED ADVANCED USER INTERFACE

Configuring the Port Forwarding Settings

Application gateways let you select ports to be open for certain applications to work properly with the Network Address Translation (NAT) feature of the Router. A list of popular applications has been included to choose from. You can select an application from the drop-down list and the proper settings will be programmed into the Router. If the application you want to set up for is not here, check the “Virtual Servers” page by clicking “Virtual Servers” on the left side of the screen. If you cannot find your application in either the “Application Gateways” screen or the “Virtual Servers” screen, you will need to check with the application vendor to determine which ports need to be configured. You can manually input this port information into the Router.

USING THE WEB-BASED ADVANCED USER INTERFACE

Choosing an Application

Select your application from the drop-down list. Click “Add”. The settings will be transferred to the next available space in the screen. Click “Apply Changes” to save the setting for that application. To remove an application, select the number of the row that you want to remove then click “Clear”.

USING THE WEB-BASED ADVANCED USER INTERFACE

Configuring Internal Forwarding Settings

The Virtual Servers function will allow you to route external (Internet) calls for services such as a web server (port 80), FTP server (Port 21), or other applications through your Router to your internal network. Since your internal computers are protected by a firewall, computers outside your network (over the Internet) cannot get to them because they cannot be “seen”. A list of common applications has been provided in case you need to configure the Virtual Server function for a specific application. If your application is not listed, you will need to contact the application vendor to find out which port settings you need.

USING THE WEB-BASED ADVANCED USER INTERFACE

Choosing an Application

Manually Entering Settings into the Virtual Server

To manually enter settings, enter the IP address in the space provided for the internal (server) machine, the port(s) required to pass (use a comma between multiple ports), select the port type (TCP or UDP), and click “Apply Changes”. You can only pass one port per internal IP address. Opening ports in your firewall can pose a security risk. You can enable and disable settings very quickly. It is recommended that you disable the settings when you are not using a specific application.

USING THE WEB-BASED ADVANCED USER INTERFACE

Setting Client IP Filters

The Router can be configured to restrict access to the Internet, e-mail, or other network services at specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers.

To restrict Internet access to a single computer for example, enter the IP address of the computer you wish to restrict access to in the IP fields

(1). Next, enter

“88” in both the port fields

(2). Select “Both” (3). Select “Block” (4). You can

also select “Always” to block access all of the time. Select the day to start on top (5), the time to start on top (6), the day to end on the bottom (7), and the time to stop

(8) on the bottom. Select “Enable” (9). Click “Apply Changes”.

The computer at the IP address you specified will now be blocked from Internet access at the times you specified. Note: Be sure you have selected the correct time zone under “Utilities> System Settings> Time Zone”.

(1) (2)

(9)

(3) (4) (7) (8)

(5) (6)

USING THE WEB-BASED ADVANCED USER INTERFACE

Setting MAC Address Filtering

The MAC address filter is a powerful security feature that allows you to specify which computers are allowed on the network. Any computer attempting to access the network that is not specified in the filter list will be denied access. When you enable this feature, you must enter the MAC address of each client (computer) on your network to allow network access to each. The “Block” feature lets you turn on and off access to the network easily for any computer without having to add and remove the computer’s MAC address from the list.

To enable this feature, select “Enable MAC Address Filtering”

(1). Next, enter the

MAC address of each computer on your network by clicking in the space provided (2) and entering the MAC address of the computer you want to add to the list. Click “Add”

(3), then “Apply Changes” to save the settings. To delete a MAC

address from the list, simply click “Delete” next to the MAC address you wish to delete. Click “Apply Changes” to save the settings.

Note: You will not be able to delete the MAC address of the computer you are using to access the Router's administrative functions (the computer you are using now).

(3)

(1)

(2)

USING THE WEB-BASED ADVANCED USER INTERFACE

Enabling the Demilitarized Zone (DMZ)

The DMZ feature allows you to specify one computer on your network to be placed outside of the firewall. This may be necessary if the firewall is causing problems with an application such as a game or video conferencing application. Use this feature on a temporary basis. The computer in the DMZ is NOT protected from hacker attacks.

To put a computer in the DMZ, enter the last digits of its IP address in the IP field and select “Enable”. Click “Apply Changes” for the change to take effect. If you are using multiple static WAN IP addresses, it is possible to select which WAN IP address the DMZ host will be directed to. Type in the WAN IP address you wish the DMZ host to direct to, enter the last two digits of the IP address of the DMZ host computer, select “Enable” and click “Apply Changes”.

USING THE WEB-BASED ADVANCED USER INTERFACE

Blocking an ICMP Ping

Computer hackers use what is known as “pinging” to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there.

The Router can be set up so it will not respond to an ICMP ping from the outside. This heightens the level of security of your Router.

To turn off the ping response, select “Block ICMP Ping” (1) and click “Apply Changes”. The Router will not respond to an ICMP ping.

(1)

+ 28 hidden pages