Cisco CVR100W User Manual

ADMINISTRATION
Cisco Small Business
CVR100W Wireless-N VPN Router
GUIDE
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
© 2013 Cisco Systems, Inc. All rights reserved. OL-26942-02
Contents
Chapter 1: Introduction 7
Product Overview 7
LAN Ethernet Interface 8
Wireless Access Point 8
Security 8
Firewall and VPN Access 8
Wireless Distribution System 9
Quality of Service 9
Virtual Networks 9
Getting to Know the CVR100W 10
Front Panel 10
Back Panel 12
Default Settings 13
Installing the CVR100W 13
Placement Tips 13
Wall Mounting 14
Connecting the CVR100W 14
Getting Started with the Configuration 15
Changing the Default Administrative Password 16
Using the Connection Status Page 18
Using the Getting Started Page 19
Returning to the Connection Status Page 20
Changing Your Preferred Language 20
Viewing the Help Files 20
Verifying the Hardware Installation 20
Connecting to Your Wireless Network 21
Chapter 2: Viewing CVR100W Status 22
Viewing the Dashboard 22
Viewing System Summary 25
Viewing Connected Devices 27
Cisco CVR100W Wireless-N VPN Router Administration Guide 1
Contents
Viewing DHCP Leased Clients 28
Viewing Port Statistics 29
Viewing Wireless Statistics 30
Viewing Guest Network Status 31
Viewing VPN Status 32
Viewing Logs 33
Viewing IPsec Connection Status 34
Viewing CSC Information 35
Viewing NETSTAT Information 36
Chapter 3: Configuring Network 38
Configuring WAN Settings 38
Configuring Automatic Configuration (DHCP) 39
Configuring PPPoE 39
Configuring Static IP 40
Configuring Optional Settings 41
Cloning the MAC Address 42
Configuring LAN Settings 43
Configuring Basic LAN Settings 43
IPv4 43 Configuring DHCP 44
Configuring VLAN 45
Configuring Static DHCP 47
Configuring a DMZ Host 48
Configuring Routing 48
Configuring Operating Mode 48
Configuring Dynamic Routing 49
Configuring Static Routing 50
Configuring Inter-VLAN Routing 51
Viewing the Routing Table 51
Configuring Dynamic DNS 52
Cisco CVR100W Wireless-N VPN Router Administration Guide 2
Contents
Configuring IP Mode 53
Configuring IPv6 54
Configuring IPv6 WAN Settings 54
Setting the IP Mode 54 Configuring DHCPv6 55 Configuring a Static IP Address 55
Configuring IPv6 LAN Settings 56
Setting the IP Mode 56 Configuring IPv6 LAN Settings 56 Configuring DHCPv6 Settings 57 Configuring IPv6 Address Pools 58
Configuring IPv6 Static Routing 59
Configuring Routing (RIPng) 60
Configuring IPv6-to-IPv4 Tunneling 61
Viewing IPv6 Tunnel Status 61
Configuring Router Advertisement 61
Configuring Advertisement Prefixes 63
Chapter 4: Configuring Wireless Network 65
Wireless Security 65
Wireless Security Tips 65
General Network Security Guidelines 67
CVR100W Wireless Networks 67
Configuring Basic Wireless Settings 68
Configuring Wireless Radio Settings 68
Configuring Wireless Network Settings 69
Configuring Wireless Security 71
Configuring MAC Address Filtering 74
Configuring Time of Day Access 75
Configuring Guest Net 75
Configuring Cisco Simple Connect 76
Configuring Advanced Wireless Settings 79
Configuring WDS 82
Cisco CVR100W Wireless-N VPN Router Administration Guide 3
Contents
Configuring WPS 83
Chapter 5: Configuring Firewall 85
CVR100W Firewall Features 85
Access Rules 85
Port Forwarding 87
Configuring Basic Firewall Settings 87
Managing Firewall Schedules 89
Configuring Service Management 90
Configuring Access Control 91
Default Access Control Policy 91
Configuring Access Rules 91
Configuring Internet Access Rules 94
Configuring Single Port Forwarding 95
Configuring Port Range Forwarding 96
Configuring Port Range Triggering 97
Chapter 6: Configuring VPN 98
VPN Tunnel Types 98
Remote Access with Cisco QuickVPN 98
Site-to-Site VPN 99
Configuring VPN Clients 99
Creating and Managing QuickVPN Users 99
Importing VPN Client Settings 100
Configuring Basic VPN Setup 101
Viewing Default VPN Settings 101
Configuring Basic VPN Settings 102
Configuring Advanced VPN Setup 104
Configuring Global Advanced VPN Settings 104
Managing IKE Policies 105
Configuring VPN Policies 107
Cisco CVR100W Wireless-N VPN Router Administration Guide 4
Contents
Managing Certificates 111
Generating a New Certificate 111
Importing Certificates 112
Exporting Certificates for Admin 112
Exporting Certificates for Client 112
Configuring VPN Passthrough 113
Chapter 7: Configuring Quality of Service (QoS) 114
Configuring Bandwidth Management 114
Configuring Bandwidth 114
Configuring Bandwidth Priority 115
Configuring QoS Port-Based Settings 116
Configuring CoS Settings 117
Configuring DSCP Settings 117
Chapter 8: Administering Your CVR100W 119
Configuring Password Complexity 120
Configuring Administrator Account Settings 121
Configuring Remote Management 122
Configuring Port Management 123
Configuring Do-Not-Disturb Mode 124
Configuring System Time 124
Configuring Bonjour 125
Using Diagnostic Tools 126
Network Tools 126
Configuring Port Mirroring 127
Configuring Logging 128
Configuring Logging Settings 128
Configuring Remote Syslog Server 129
Backing Up and Restoring System Configuration 129
Backing Up Your Current Configuration 130
Cisco CVR100W Wireless-N VPN Router Administration Guide 5
Contents
Restoring Your Configuration from a Saved Configuration File 130
Upgrading Firmware 131
Rebooting the CVR100W 132
Restoring the Factory Defaults 132
Running the Setup Wizard 133
Chapter 9: Using Cisco Simple Connect 136
About Cisco Simple Connect 136
Configuring Cisco Simple Connect 138
Connecting to CSC Wireless Network 140
Customizing Your QR Code 141
Appendix A: Using Cisco QuickVPN 143
Before You Begin 143
Installing the Cisco QuickVPN Software 144
Using the Cisco QuickVPN Software 144
Appendix B: Where to Go From Here 148
Cisco CVR100W Wireless-N VPN Router Administration Guide 6

Introduction

This chapter provides information to familiarize you with the product features, guide you through the installation process, and get started by using web-based Configuration Utility. It includes the following sections:
1
Product Overview
Getting to Know the CVR100W
Installing the CVR100W
Connecting the CVR100W
Getting Started with the Configuration
Changing the Default Administrative Password
Using the Connection Status Page
Using the Getting Started Page
Verifying the Hardware Installation
Connecting to Your Wireless Network

Product Overview

Thank you for choosing the Cisco CVR100W Wireless-N VPN Router. The CVR100W provides simple, affordable, secure business-class connectivity to the Internet for small office/home office (SOHO) and remote professionals.
The CVR100W is an advanced Internet-sharing network solution for your small business needs. It allows multiple computers in your office to share an Internet connection through both wired and wireless connections.
Cisco CVR100W Wireless-N VPN Router Administration Guide 7
Introduction
Product Overview
1

LAN Ethernet Interface

The CVR100W provides four full-duplex 10/100 Fast Ethernet LAN interfaces that can connect up to four devices. You can connect a Cisco Small Business switch to one of the available ports to expand your network as needed.

Wireless Access Point

The CVR100W’s wireless access point supports the 802.11n standard with MIMO technology, which multiplies the effective data rate. This technology results in better throughput and coverage than that provided by 802.11g networks.

Security

The CVR100W implements WPA Personal, WPA Enterprise, WPA2 personal, WPA2 Enterprise, and WEP Security, along with other security features, such as SSID broadcast, MAC address filtering, and access control by schedule per SSID.

Firewall and VPN Access

The CVR100W incorporates a Stateful Packet Inspection (SPI)-based firewall with Denial of Service (DoS) protection, URL filtering, and access control by schedule to help keep business assets safe.
Up to three client-to-gateway VPN tunnels can be established by using QuickVPN to allow mobile or remote workers to securely access your corporate resources through encrypted virtual links. Users connecting through a VPN tunnel are attached to your company’s network with secure access to files, e-mail, and your intranet as if they were in the building.
The CVR100W supports site-to-site VPN for a single gateway-to-gateway VPN tunnel. In this configuration, the CVR100W creates a secure connection to another VPN-enabled router. For example, you can configure the CVR100W at a branch site to connect to the router at the corporate site, so that the branch site can securely access the corporate network. You could have a router like the Cisco RV220W that supports ten site-to-site VPN tunnels and have a CVR100W at each remote site to provide secure connectivity.
Cisco CVR100W Wireless-N VPN Router Administration Guide 8
Introduction
Product Overview
1

Wireless Distribution System

The CVR100W’s wireless access point supports Wireless Distribution System (WDS), which allows the wireless coverage to be expanded without wires.

Quality of Service

The CVR100W supports Wi-Fi Multimedia (WMM) and Wi-Fi Multimedia Power Save (WMM-PS) for quality of service (QoS).
The CVR100W also supports 802.1p, Differentiated Services Code Point (DSCP), and class of service (CoS) for wired QoS, which can improve the quality of your network when using delay-sensitive Voice over IP (VoIP) applications and bandwidth-intensive video streaming applications.

Virtual Networks

The CVR100W supports multiple Service Set Identifiers (SSIDs) for the use of virtual networks (up to four separate virtual networks), with 802.1q-based VLAN support for traffic separation.
Cisco CVR100W Wireless-N VPN Router Administration Guide 9
Introduction

Getting to Know the CVR100W

Getting to Know the CVR100W
Before using the CVR100W, familiarize yourself with its buttons, lights, and interfaces found in this section.

Front Panel

There are three buttons and eight lights on the front panel.
1
Do-Not-Disturb Mode Button
WPS Button This button configures wireless access for devices in your
Wireless Button This button enables or disables the wireless module.
This button turns on or turns off all lights. This button does not affect the normal operation of the CVR100W.
When this button is on, all lights on the front panel are off
and the Do-Not-Disturb Mode light on the back panel is solid green.
When this button is off, all lights on the front panel are on
and the Do-Not-Disturb Mode light on the back panel is off.
network that are WPS-enabled.
Cisco CVR100W Wireless-N VPN Router Administration Guide 10
Introduction
Getting to Know the CVR100W
1
LAN (1-4) The numbered lights correspond to the LAN ports on the back
panel of the CVR100W.
Solid blue when the CVR100W is connected to a device
through the corresponding LAN port (1, 2, 3, or 4).
Flashes blue when the CVR100W is sending or receiving
data over that LAN port.
Off when the LAN port has no connection.
WPS Solid blue when the WPS connection is configured.
Flashes blue once per second when the WPS progress
is experiencing problems.
Off when the WPS connection is configured or there is
no WPS connection.
Wireless Solid blue when the wireless module is enabled with
100% Wi-Fi power.
Solid amber when the wireless module is enabled with
50% Wi-Fi power.
Flashes blue when the CVR100W is sending or receiving
data on the wireless module.
Off when the wireless module is disabled.
WAN Solid blue when the CVR100W is connected to the
Internet through your cable or DSL modem.
Flashes blue when the CVR100W is sending or receiving
data through the WAN port.
Off when the WAN port has no connection.
POWER Solid blue when the CVR100W is powered on and is
operating normally.
Flashes blue when the system is booting or the system
is upgrading the firmware.
Off when the CVR100W is powered off.
Cisco CVR100W Wireless-N VPN Router Administration Guide 11
Introduction
Getting to Know the CVR100W

Back Panel

1
WAN The WAN (Internet) port is connected to your Internet device,
such as a cable or DSL modem.
LAN (1–4) These ports provide the LAN connection to network devices,
such as PCs, print servers, or switches.
RESET The RESET button has two functions:
Reboot: If the CVR100W has problems connecting to
the Internet, press the RESET button for at least one second but no more than five seconds with a paper clip or a pencil tip.
Restore to Factory Defaults: If you are experiencing
extreme problems with the CVR100W and have tried all other troubleshooting measures, press and hold in the RESET button for more than five seconds. This reboots the unit and restores the factory defaults. The settings that you have previously made to the CVR100W are lost.
12VDC The 12VDC port is where you connect the supplied power
adapter (12V/0.5 A).
Power Press this button to power the CVR100W on and off. Do-Not-Disturb
Mode Light
Solid green when the Do-Not-Disturb Mode button is
turned on and the CVR100W is operating normally.
Flashes green when the Do-Not-Disturb Mode button is
turned on, but the Internet connection has problems.
Off when the Do-Not-Disturb Mode button is turned off.
Cisco CVR100W Wireless-N VPN Router Administration Guide 12
Introduction

Installing the CVR100W

NOTE Press and hold the RESET button for more than five seconds to reboot the unit and
1

Default Settings

These are the default settings used when configuring your CVR100W for the first time.
Parameter Default Value
Username cisco
Password cisco
LAN IP 192.168.1.1
DHCP Range 192.168.1.100 to 192.168.1.149
restore the factory defaults. Changes that you have previously made to the CVR100W settings are lost.
Installing the CVR100W
You can place your CVR100W on a desktop or mount it on a wall.

Placement Tips

Ambient Temperature—To prevent the CVR100W from overheating, do not
operate it in an area that exceeds an ambient temperature of 104°F (40°C).
Air Flow—Be sure that there is adequate air flow around the CVR100W.
Mechanical Loading—Be sure that the CVR100W is level and stable to
avoid any hazardous conditions.
Place the CVR100W horizontally on a flat surface so that it sits on its four rubber feet.
Cisco CVR100W Wireless-N VPN Router Administration Guide 13
Introduction
!

Connecting the CVR100W

Wall Mounting

The CVR100W can be wall-mounted. The wall-mounting hardware is user-supplied. The ports on the back panel must face either upward or downward when mounting the CVR100W to a wall.
WARNING Insecure mounting might damage the device or cause injury. Cisco is not
responsible for damages incurred by insecure wall-mounting.
Connecting the CVR100W
1
By default, the wireless module of the CVR100W is enabled. For the initial configuration, we recommend that you connect to the CVR100W with an Ethernet cable. Of course, you can also use a wireless connection. To connect the PC to the CVR100W's wireless network for the first time, use the default SSID name and pre-shared key that are provided on the product label at the bottom of the CVR100W. See Connecting to Your Wireless Network for more information.
STEP 1 Power off all equipment, including the cable or DSL modem, the PC that you will
use to connect to the CVR100W, and the CVR100W itself.
STEP 2 Connect the supplied power adapter to the 12VDC port on the back panel of the
CVR100W. Plug the other end of the power adapter into an electrical outlet. Make sure that the POWER button is turned off.
CAUTION Use only the power adapter that is supplied with the unit. Using a different power
adapter could damage the unit.
STEP 3 Connection one end of an Ethernet cable to your cable or DSL modem. Connect
the other end to the WAN port on the back panel.
STEP 4 Connect one end of a different Ethernet cable to one of the LAN ports on the back
panel. Connect the other end to an Ethernet port on the PC that you will use to run web-based Configuration Utility.
NOTE Skip this step if you want to connect the PC to the CVR100W through a
wireless connection.
Cisco CVR100W Wireless-N VPN Router Administration Guide 14
Introduction
Power
Supply
Internet Access Devices
Network
Devices
Wireless
Devices

Getting Started with the Configuration

STEP 5 Power on all connected devices, including the cable or DSL modem and the PC,
and wait until the connections are active.
STEP 6 Press the POWER button on the back panel to power on the CVR100W.
STEP 7 To connect the PC to your wireless network for the first time, you must configure
the wireless connection using the default SSID name and pre-shared key. See
Connecting to Your Wireless Network for more information.
A sample configuration is illustrated here.
1
Getting Started with the Configuration
The Setup Wizard and web-based Configuration Utility are supported on Microsoft Internet Explorer 6.0 or later, Mozilla Firefox 3.0 or later, Apple Safari 3.0 or later, and Google Chrome 5.0 or later.
To log in to web-based Configuration Utility and complete the initial configuration
Cisco CVR100W Wireless-N VPN Router Administration Guide 15
STEP 1 Start a computer that you connected to the CVR100W. The computer becomes a
STEP 2 Launch a web browser and enter 192.168.1.1 in the address bar. This is the
by using the Setup Wizard:
DHCP client of the CVR100W and receives an IP address in the 192.168.1.xxx range.
default IP address of the CVR100W.
Introduction

Changing the Default Administrative Password

NOTE The CVR100W automatically changes its IP address to 10.10.10.1 when its
default IP address conflicts with another device in your network.
STEP 3 When the login page appears, choose the language that you prefer to use in the
utility, and then enter the username and password.
The default username is cisco. The default password is cisco. Both username and password are case sensitive.
STEP 4 Click Log In. The Setup Wizard will now launch.
STEP 5 Follow the on-screen prompts to complete the initial configuration. See Running
the Setup Wizard for more information on completing the Setup Wizard
configuration.
For security reasons, you must change the password from its default setting at your first login. Please write this password down for future reference. A blank password is not recommended.
1
Passwords should not contain dictionary words from any language or be the default password. They should contain a mixture of uppercase and lowercase letters, numbers, and symbols. Passwords must be at least 8 but no more than 64 characters in length.
After the Setup Wizard is complete, the Connection Status page appears. See
Using the Connection Status Page for more information.
Changing the Default Administrative Password
The administrative password protects your CVR100W from unauthorized access. For security reasons, you must change the password from its default setting at your first login.
You can change the default administrative password as instructed by the Setup Wizard (see Running the Setup Wizard) or by following the instructions in the
Configuring Administrator Account Settings section. If you exit the Setup
Wizard without saving your settings at your first login by clicking Exit, the Change Password window opens.
By default, the password strength enforcement is enabled on the CVR100W. The Change Password window displays the minimum password complexity requirements as follows:
Cisco CVR100W Wireless-N VPN Router Administration Guide 16
Introduction
Changing the Default Administrative Password
Passwords cannot be the same as the username.
Passwords cannot be the same as the current password.
Passwords must be at least 8 but no more than 64 characters in length.
Passwords must contain at least three of these character classes:
uppercase letters, lowercase letters, digits, and special characters.
NOTE You can modify the minimum password complexity requirements in the
Administration > Password Complexity page. See Configuring Administrator
Account Settings.
To enter a new password in the Change Password window:
STEP 1 Enter the following information:
Old Password: Enter the current password.
1
New Password: Enter a new password.
Confirm Password: Enter the new password again for confirmation.
Password Strength Meter: Displays the strength of the password that you
entered.
- Red: Password fails to meet the minimum complexity requirements.
- Yel lo w: Password meets the minimum requirements but the password
strength is weak.
- Green: Password is strong.
Disable Password Strength Enforcement: Check to disable password
strength enforcement (nor recommended).
STEP 2 Click Save and Exit to save your changes.
The Connection Status page opens. You are required to log into the utility with the new password before you do any other tasks.
Cisco CVR100W Wireless-N VPN Router Administration Guide 17
Introduction

Using the Connection Status Page

Using the Connection Status Page
The Connection Status page displays the current WAN, LAN, and WLAN status of the CVR100W.
Field Description
WAN
Status Shows whether the WAN port obtains an IP address
successfully or not. If the WAN port is connected to the Internet, the network addressing mode that you use to connect to the Internet will be displayed.
IP IP address of the WAN port that is accessible from the
Internet.
1
Mask Subnet mask for the WAN port.
Gateway Default gateway for the WAN port.
DNS IP addresses for the primary DNS server and the
secondary DNS server.
LAN
Host Name of the LAN host that is connected to the
CVR100W.
IP IP address of the connected LAN host.
MAC MAC address of the connected LAN host.
WLAN
Wi-Fi Power Shows whether the Wi-Fi signal strength is 100%,
50%, or off.
You can perform the following actions:
To refresh the data on the screen, click Refresh.
To log out the utility, click Log out.
To launch the Setup Wizard, click Setup Wizard.
Cisco CVR100W Wireless-N VPN Router Administration Guide 18
Introduction

Using the Getting Started Page

To configure other advanced settings, click Advanced Settings. You will be
first directed to the Getting Started page. See Using the Getting Started
Page for more information.
To learn more information about your CVR100W, click Product Resources.
Using the Getting Started Page
The Getting Started page displays the most common configuration tasks. Use the links on this page to jump to the relevant configuration pages.
Initial Settings
1
Change Default Administrator Password
Launch Setup Wizard Click this link to launch the Setup Wizard.
Configure WAN Settings Click this link to open the Networking > WAN >
Configure LAN Settings Click this link to open the Networking > LAN >
Configure Wireless Settings
Quick Access
Upgrade Router Firmware Click this link to open the Administration >
Click this link to open the Administration > User page where you can change the administrator username and password. See Configuring
Administrator Account Settings.
Internet Setup page. See Configuring WAN
Settings.
LAN Configuration page. See Configuring LAN
Settings.
Click this link to open the Wireless > Basic Settings page. See Configuring Basic Wireless
Settings.
Firmware Upgrade page. See Upgrading
Firmware.
Add VPN Clients Click this link to open the VPN > VPN Clients page.
See Configuring VPN Clients.
Configure Firewall Click this link to open the Firewall > Basic Settings
page. See Configuring Basic Firewall Settings.
Cisco CVR100W Wireless-N VPN Router Administration Guide 19
Introduction

Verifying the Hardware Installation

Device Status
System Summary Click this link to open the Status > System
Wireless Status Click this link to open the Status > Wireless
VPN Status Click this link to open the Status > VPN Status
Other Resources
CVR100W Resources Click this link to open the CVR100W Resources
Support Click this link to visit the Cisco support community.
1
Summary page. See Viewing System Summary.
Statistics page. See Viewing Wireless Statistics.
page. See Viewing VPN Status.
page.

Returning to the Connection Status Page

To return to the Connection Status page, click the Home Page link near the top right corner of the page.

Changing Your Preferred Language

To change the language that you prefer to use in the web-based Configuration Utility, select the language from the Language drop-down menu near the top right corner of the page.

Viewing the Help Files

To view more information about a configuration page, click the Help link near the top right corner of the page.
Verifying the Hardware Installation
To verify the hardware installation, complete the following tasks:
Check the light states. They are described in Getting to Know the
CVR100W.
Cisco CVR100W Wireless-N VPN Router Administration Guide 20
Introduction

Connecting to Your Wireless Network

Connect a computer to an available LAN port and verify that you can
connect to a website on the Internet, such as www.cisco.com.
Configure a device to connect to your wireless network and verify the
wireless network is functional. See Connecting to Your Wireless Network.
Connecting to Your Wireless Network
To connect a device (such as a computer) to your wireless network, configure the wireless connection on the device with the wireless security information you configured for the CVR100W using the Setup Wizard.
NOTE If you want to connect a device to your wireless network to do the initial
configuration for the first time, use the default SSID name and pre-shared key are provided on the product label at the bottom of the CVR100W.
1
The following steps are provided as an example; you may need to configure your device differently. For instructions that are specific to your device, consult its documentation.
STEP 1 Open the wireless connection settings window or program for your device.
Your computer may have special software installed to manage wireless connections, or you may find wireless connections under the Control Panel in the Network Connections or Network and Internet window. (The location depends on your operating system.)
STEP 2 Enter the network name (SSID) you chose for your network in the Setup Wizard.
STEP 3 Choose the type of encryption and enter the security key that you specified in the
Setup Wizard.
If you did not enable security (not recommended), leave the wireless encryption fields that were configured with the security type and passphrase blank.
STEP 4 Verify your wireless connection and save your settings.
Cisco CVR100W Wireless-N VPN Router Administration Guide 21

Viewing CVR100W Status

This chapter describes how to view real-time statistics and other information about the CVR100W and includes the following sections:
Viewing the Dashboard
Viewing System Summary
Viewing Connected Devices
Viewing DHCP Leased Clients
Viewing Port Statistics
Viewing Wireless Statistics
2
Viewing Guest Network Status
Viewing VPN Status
Viewing Logs
Viewing IPsec Connection Status
Viewing CSC Information
Viewing NETSTAT Information

Viewing the Dashboard

The Dashboard page displays information about the CVR100W and its current settings.
To view the Dashboard:
STEP 1 Choose Status > Dashboard.
STEP 2 From the Refresh Rate drop-down menu, choose a refresh rate.
Cisco CVR100W Wireless-N VPN Router Administration Guide 22
Viewing CVR100W Status
Viewing the Dashboard
STEP 3 To display an interactive view of the back panel of the CVR100W, click Show
Panel View.
The view of the back panel shows you which ports are used (colored in green) and allows you to click the port to obtain information about the connection.
The port’s connection information includes:
2
To view a port’s connection information, click the port.
To refresh the port information, click Refresh.
To close the port information sheet, click Close.
Summary
Type Type of the port.
Interface Shows if it is a WAN or a LAN interface.
Link Status Shows if the port is connected or disconnected.
Speed Status Speed and duplex settings of the port.
Auto Negotiation Shows if the Auto Negotiation is enabled or disabled
on this port.
Statistics
TX Frames Number of frames transmitted by the port.
RX Frames Number of frames received by the port.
The Dashboard page displays the following information:
Device Information
System Name Unit name of the CVR100W.
Firmware Version Firmware version that the CVR100W is currently
using.
Serial Number Serial number of the CVR100W.
Resource Utilization
Cisco CVR100W Wireless-N VPN Router Administration Guide 23
Viewing CVR100W Status
Viewing the Dashboard
2
CPU Current CPU utilization.
Memory Current memory utilization.
Current Time Time of day.
System Up Time Duration for which the system has been running.
Do-Not-Disturb Mode Shows if the Do-Not-Disturb mode is enabled or
disabled.
Syslog Summary
Indicates whether logging is enabled for these event categories:
Emergency
Alert
Critical
Error
Warning
To view complete logs, click details. See Viewing Logs for more information.
To configure the logging settings, click manage logging. See Configuring
Logging for more information.
LAN (Local Network) Interface
To view complete LAN settings, click details. See Configuring LAN Settings for more information.
MAC Address MAC address of the CVR100W.
IPv4 Address Local IPv4 address of the CVR100W.
IPv6 Address Local IPv6 address of the CVR100W (if IPv6 is
enabled).
DHCP Server Shows if the DHCP server is enabled or disabled.
DHCPv6 Server Shows if the DHCPv6 server is enabled or disabled (if
IPv6 is enabled).
Cisco CVR100W Wireless-N VPN Router Administration Guide 24
Viewing CVR100W Status

Viewing System Summary

2
WAN (Internet) Information
To view complete WAN settings, click details. See Configuring WAN Settings for more information.
MAC Address MAC address of the WAN port.
IPv4 Address IPv4 address of the WAN port.
IPv6 Address IPv6 address of the WAN port (if IPv6 is enabled).
State Shows if the WAN port is active or inactive for routing.
If the WAN port is active for routing, the WAN state shows “Up.” If the WAN port is inactive for routing, the WAN state shows “Down.”
NOTE The state “Down” means that the network
detection fails.
Wireless
Displays the status of all four predefined SSIDs. To view complete wireless settings, click details. See Viewing Wireless Statistics for more information.
Signal Strength Shows if the Wi-Fi signal strength is 100%, 50%, or
cisco-xxxx Shows if the predefined SSID is enabled or disabled.
VPN
QuickVPN Users Number of QuickVPN users.
Viewing System Summary
The System Summary page displays a summary of the CVR100W’s settings.
To view a summary of system settings:
off.
STEP 1 Choose Status > System Summary.
STEP 2 From the Refresh Rate drop-down menu, choose a refresh rate.
Cisco CVR100W Wireless-N VPN Router Administration Guide 25
Viewing CVR100W Status
Viewing System Summary
The System Summary page displays the following information:
2
System Information
Firmware Version Firmware version that the CVR100W is currently
using.
Firmware MD5 Checksum
System Up Time Duration for which the system has been running.
Current Time Time of day.
PID VID Product ID and version ID of the CVR100W.
IPv4 Configuration
LAN IP LAN address of the CVR100W.
WAN IP WAN address of the CVR100W.
Gateway IP address of default network gateway.
Mode Displays Gateway if NAT is enabled, or Router.
Message-Digest algorithm used to verify the integrity of files.
When the WAN port is configured to obtain an IP address from your ISP using Dynamic Host Configuration Protocol (DHCP), you can click Release to release its IP address, or click Renew to obtain a new IP address.
DNS 1 Primary DNS server IP address of the WAN port.
DNS 2 Secondary DNS server IP address of the WAN port.
DNS 3 Third DNS server IP address of the WAN port.
DDNS Shows if the Dynamic DNS (DDNS) is enabled or
disabled.
IPv6 Configuration (if IPv6 address mode is enabled)
LAN IP LAN address of the CVR100W.
WAN IP WAN address of the CVR100W.
Gateway IP address of default network gateway.
Cisco CVR100W Wireless-N VPN Router Administration Guide 26
Viewing CVR100W Status

Viewing Connected D evices

2
DNS 1 IP address of the primary DNS server.
Wireless Summary
SSIDx Name of the wireless network.
Security Security setting for the wireless network.
Firewall Setting Status
DoS (Denial of Service) Shows if DoS protection is on or off.
Block WAN Request Shows if WAN request blocking is on or off.
Remote Management Shows if remote management is on or off.
VPN Setting Status
Available QuickVPN Connections
Connected QuickVPN Users
Viewing Connected Devices
The Connected Devices page displays information about the active devices connected to the CVR100W.
NOTE The Connected Devices page displays information from devices that have
responded to the CVR100W’s Address Resolution Protocol (ARP) request. If a device does not respond to the request, it is removed from the list.
To view connected devices:
STEP 1 Choose Status > Connected Devices.
Number of available QuickVPN connections.
Number of connected QuickVPN users.
STEP 2 To specify the types of interfaces to display, choose an option from the View
according to interface type drop-down menu. You can choose one of the
following options:
Cisco CVR100W Wireless-N VPN Router Administration Guide 27
Viewing CVR100W Status

Viewing DHCP Leased Clients

The ARP table displays the following information:
2
All Displays a list of all devices connected to the
CVR100W.
Wireless Displays a list of all wireless devices connected to the
CVR100W.
Wired Displays a list of all devices connected through the
Ethernet ports on the CVR100W.
WDS Displays a list of all Wireless Distribution System
(WDS) devices connected to the CVR100W.
Name Name of the device connected to the CVR100W.
IP Address IP address of the connected device.
MAC Address MAC address of the connected device.
Type Connection type of the connected device.
Static DHCP Shows if Static DHCP is enabled or disabled on the
Interface Type Device interface type, such as Wired, WDS, and so on.
Viewing DHCP Leased Clients
To view information for the DHCP clients:
STEP 1 Choose Status > DHCP Leased Clients.
connected device.
For every VLAN defined on the CVR100W, this page displays a list of the clients associated with the VLAN.
Host Name Name of the device connected to the CVR100W.
Cisco CVR100W Wireless-N VPN Router Administration Guide 28
Viewing CVR100W Status

Viewing Port Statistics

IP Address IP Address of the connected device.
MAC Address MAC Address of the connected device.
Static DHCP Binding Check to enable Static DHCP Binding for this device.
STEP 2 Click Save to apply your settings.
Viewing Port Statistics
The Port Statistics page displays port statistics.
2
The CVR100W will always assign this IP address to the device.
To view port statistics:
STEP 1 Choose Status > Port Statistics.
STEP 2 From the Refresh Rate drop-down menu, choose a refresh rate. This causes the
page to re-read the statistics from the CVR100W and refresh the page.
STEP 3 (Optional) By default, byte data is displayed in bytes and other numerical data is
displayed in long form. To show the bytes in kilobytes (KB) and the numerical data in round-up form, check Show Simplified Statistic Data and click Save.
STEP 4 To reset the port statistics counters, click Clear Counters.
The Port Statistics table displays the data transfer statistics for the WAN, LAN, and WLAN ports:
Interface Name of the network interface.
Packet Number of the received and sent packets through the
interface.
Byte Number of the received and sent bytes of information
per second.
Error Number of the received and sent packet errors.
Cisco CVR100W Wireless-N VPN Router Administration Guide 29
Viewing CVR100W Status

Viewing Wireless Statistics

Dropped Number of the received and sent packets that were
Multicast Number of multicast packets sent over this radio.
Collisions Number of signal collisions that occurred on this port.
Viewing Wireless Statistics
2
dropped.
A collision occurs when the port tries to send data at the same time as a port on another router or computer that is connected to this port.
The Wireless Statistics page shows a cumulative total of relevant wireless statistics for the radio on the CVR100W.
To view wireless statistics:
STEP 1 Choose Status > Wireless Statistics.
STEP 2 From the Refresh Rate drop-down menu, choose a refresh rate.
STEP 3 (Optional) By default, byte data is displayed in bytes and other numerical data is
displayed in long form. To show the bytes in kilobytes (KB) and the numerical data in round-up form, check Show Simplified Statistic Data and click Save.
STEP 4 To reset the wireless statistics counters, click Clear Counters.
The Wireless Statistics table displays the following information:
SSID Name Name of the wireless network.
Packet Number of received and sent wireless packets for
each SSID, and total number of received and sent wireless packets for all SSIDs.
Byte Number of received and sent bytes of information for
each SSID, and total number of received and sent bytes of information for all SSIDs.
Cisco CVR100W Wireless-N VPN Router Administration Guide 30
Viewing CVR100W Status

Viewing Guest Network Status

2
Error Number of received and sent packet errors for each
SSID, and total number of received and sent packet errors for all SSIDs.
Dropped Number of received and sent packets dropped by
each SSID, and total number of received and sent packets dropped by all SSIDs.
Multicast Number of multicast packets sent over each SSID, and
total number of multicast packets sent over all SSIDs.
Collisions Number of packet collisions reported to each SSID,
and total number of packet collisions for all SSIDs.
Viewing Guest Network Status
The Guest Network Status page displays information for all wireless guests connected to the SSID4 of the CVR100W.
Up to ten wireless guests can be allowed to simultaneously connect to the SSID4. The default value is five. The CVR100W will block the new requests when the number of the connected guests reaches the limitation. A warning message will be appeared at this time.
The CVR100W limits the time (two hours) that each guest can be connected to the SSID4. The guest connection will be terminated over the time limit. You can also manually terminate the guest connection at any time.
To view guest network status:
STEP 1 Choose Status > Guest Network Status.
The Guest Network Status table displays the following information:
Host Name Name of the device connected to the SSID4 of the
CVR100W.
IP Address IP address of the connected device.
MAC Address MAC address of the connected device.
Cisco CVR100W Wireless-N VPN Router Administration Guide 31
Viewing CVR100W Status

Viewing VPN Status

Time Left Time left for the guest connection.
Status Shows if the device is connected to the Internet using
STEP 2 To manually disconnect the guest connection, click Disconnect.
Viewing VPN Status
The VPN Status page displays the status of client-to-gateway VPN connections.
To view VPN user connection status:
2
the CVR100W.
STEP 1 Choose Status > VPN Status.
The VPN User Connection Status table displays the following information:
Username Username of the VPN user associated with the
QuickVPN tunnel.
Remote IP IP address of the remote QuickVPN client. This could
be a NAT/Public IP if the client is behind the NAT router.
Status Current status of QuickVPN client. OFFLINE means that
the QuickVPN tunnel is not initiated or established by the VPN user. ONLINE means that the QuickVPN tunnel, initiated or established by the VPN user, is active.
Start Time Time of the VPN user establishing a connection.
End Time Time of the VPN user ending a connection.
Duration (Seconds) Duration between the VPN user establishing and
ending a connection.
Protocol Protocol that the user uses, such as QuickVPN.
STEP 2 To manually terminate a VPN session, click Disconnect.
Cisco CVR100W Wireless-N VPN Router Administration Guide 32
Viewing CVR100W Status

Viewing Logs

Viewing Logs
The View Logs page allows you to view the CVR100W logs.
To view the logs:
STEP 1 Choose Status > View Logs.
STEP 2 Click Refresh Logs to display the latest log entries.
STEP 3 To filter logs, or specify the severity of logs to display, check the boxes next to the
log type and click Go. Note that all log types above a selected log type are automatically included and you cannot deselect them.
For example, choosing Error logs automatically includes emergency, alert, and critical logs in addition to Error logs.
2
The event severity levels are listed from the highest severity to the lowest severity as follows:
Emergency System is not usable.
Alert Action is needed.
Critical System is in a critical condition.
Error System is in error condition.
Warning System warning occurred.
Notification System is functioning properly, but a system notice
occurred.
Information Device information.
Debugging Provides detailed information about an event.
The System Log table displays the following information:
Log Index Index number of the log.
Log Time Time of the log.
Log Severity Severity of the log.
Cisco CVR100W Wireless-N VPN Router Administration Guide 33
Viewing CVR100W Status

Viewing IPsec Connection Status

Description Description of the log.
STEP 4 To delete all entries in the table, click Clear Logs.
STEP 5 To save all log messages to your local PC, click Save Logs.
STEP 6 To specify the number of entries to show per log, choose a number from the drop-
down menu.
STEP 7 Use the page navigation buttons to move between log pages.
Viewing IPsec Connection Status
2
The IPSec Connection Status page displays the status of all site-to-site VPN policies on the CVR100W. These policies are configured on the VPN > Advanced VPN Setup page.
To view the IPsec connection status:
STEP 1 Choose Status > IPSec Connection Status.
STEP 2 From the Refresh Rate drop-down menu, choose a refresh rate. This action
causes the page to reread the status and statistics from the CVR100W and refresh the page.
STEP 3 (Optional) By default, byte data is displayed in bytes and other numerical data is
displayed in long form. To show the bytes in kilobytes (KB) and the numerical data in rounded-up form, check Show Simplified Statistic Data and click Save.
In the Active IPSec Security Association Tab le , the following information for each site-to-site VPN policy is displayed:
Policy Name Name of the VPN policy for which data is displayed.
Local Local IP address.
Remote Remote IP address.
Start Time Start time of the IPsec VPN connection.
End Time End time of the IPsec VPN connection.
Cisco CVR100W Wireless-N VPN Router Administration Guide 34
Viewing CVR100W Status

Viewing CSC Information

STEP 4 Click Connect to manually establish a VPN connection, or click Disconnect to
manually terminate an active VPN connection.
2
Duration Elapsed time for which the connection is or was active.
Packet Received (Rx) and transmitted (Tx) packets on the
connection.
Byte Received (Rx) and transmitted (Tx) bytes on the
connection.
State State of the connection (for example, active or not
connected).
Viewing CSC Information
The CSC Information page displays the status for all wireless clients that are associated with the Cisco Simple Connect (CSC) wireless network of the CVR100W.
To view information for all CSC wireless clients:
STEP 1 Choose Status > CSC Information.
The following information for each CSC wireless client is displayed:
MAC Address MAC address of the connected wireless client.
Login Mode Method how the wireless client connects to the CSC
Leave Time Remaining online time for this wireless client if the
wireless network of the CVR100W.
CVR100W limits the time to access the Internet.
STEP 2 Click Disconnect to manually terminate a CSC wireless connection.
Cisco CVR100W Wireless-N VPN Router Administration Guide 35
Viewing CVR100W Status

Viewing NETSTAT Information

Viewing NETSTAT Information
The NETSTAT page displays information for all active Internet connections.
To see complete details for active Internet connections, click Status > NETSTAT. The following information is displayed:
Proto The protocol (TCP, UDP, or raw) used by the socket.
Recv-Q The count of bytes not copied by the user program
Send-Q The count of bytes not acknowledged by the remote
2
connected to this socket.
host.
Local Address Address and port number of the local end of the
socket.
Foreign Address Address and port number of the remote end of the
socket.
Cisco CVR100W Wireless-N VPN Router Administration Guide 36
Viewing CVR100W Status
Viewing NETSTAT Information
2
State The state of the socket. Since there are no states in
raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values:
ESTABLISHED: The socket has an established
connection.
SYN_SENT: The socket is actively attempting to
establish a connection.
SYN_RECV: A connection request has been
received from the network.
FIN_WAIT1: The socket is closed, and the
connection is shutting down.
FIN_WAIT2: The connection is closed, and the
socket is waiting for a shutdown from the remote end.
TIME_WAIT: The socket is waiting after close to
handle packets still in the network.
CLOSED: The socket is not being used.
CLOSE_WAIT: The remote end has shut down,
waiting for the socket to close.
LAST_ACK: The remote end has shut down,
and the socket is closed. Waiting for acknowledgement.
LISTEN: The socket is listening for incoming
connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
CLOSING: Both sockets are shut down but we
still do not have all our data sent.
UNKNOWN: The state of the socket is unknown.
Cisco CVR100W Wireless-N VPN Router Administration Guide 37

Configuring Network

This chapter describes how to configure the CVR100W's network settings. It includes the following sections:
Configuring WAN Settings
Configuring LAN Settings
Configuring Routing
Configuring Dynamic DNS
Configuring IP Mode
Configuring IPv6
3

Configuring WAN Settings

Configuring WAN properties for an IPv4 network differs depending on which type of Internet connection that you have.
The Internet Setup page allows you to configure how to connect the WAN interface to the Internet. The CVR100W supports four types of Internet connections:
Configuring Automatic Configuration (DHCP)
Configuring PPPoE
Configuring Static IP
Configuring Optional Settings
Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address.
Cloning the MAC Address
Cisco CVR100W Wireless-N VPN Router Administration Guide 38
Configuring Network
Configuring WAN Settings
STEP 1 Choose Networking > WAN > Internet Setup.
STEP 2 From the Internet Connection Type drop-down menu, choose Automatic
STEP 3 (Optional) To configure other optional settings, see Configuring Optional
STEP 4 Click Save.
3

Configuring Automatic Configuration (DHCP)

If your Internet Service Provider (ISP) uses the Dynamic Host Control Protocol (DHCP) to assign you an IP address, you will receive a dynamic IP address that is newly generated each time you log in.
To configure the DHCP settings:
Configuration - DHCP.
Settings.

Configuring PPPoE

To configure the PPPoE settings:
STEP 1 Choose Networking > WAN > Internet Setup.
STEP 2 From the Internet Connection Type drop-down menu, choose PPPoE.
STEP 3 In the PPPoE Settings area, enter the following information (you may need to
contact your ISP to obtain your PPPoE login information):
Username Enter your username assigned to you by the ISP.
Password Enter your password assigned to you by the ISP.
Connect on Demand Select this option if your ISP charges based on the
amount of time that you are connected. When you select this option, the Internet connection is on only when traffic is present. If the connection is idle—that is, no traffic is flowing—the connection is closed. If you click Connect on Demand, enter the number of minutes after which the connection shuts off in the Max Idle Time field.
Cisco CVR100W Wireless-N VPN Router Administration Guide 39
Configuring Network
Configuring WAN Settings
3
Keep Alive When you select this option, the Internet connection is
always on.
If you click Keep Alive, enter the number of seconds that the CVR100W attempts to reconnect after it is disconnected in the Redial period field.
Authentication Type Choose the authentication type:
Auto Negotiation: The server sends a
configuration request specifying the security algorithm set on it. Then, the CVR100W sends back authentication credentials with the security type sent earlier by the server.
PAP : The CVR100W uses the Password
Authentication Protocol (PAP) to connect to the ISP.
CHAP: The CVR100W uses the Challenge
Handshake Authentication Protocol (CHAP) when connecting with the ISP.
MS-CHAP or MS-CHAPv2: The CVR100W
uses Microsoft Challenge Handshake Authentication Protocol when connecting with the ISP.
STEP 4 (Optional) To configure other optional settings, see Configuring Optional
Settings.
STEP 5 Click Save.

Configuring Static IP

If your ISP assigned you a permanent IP address, perform the following steps to configure your WAN settings:
STEP 1 Choose Networking > WAN > Internet Setup.
STEP 2 From the Internet Connection Type drop-down menu, choose Static IP.
STEP 3 In the Static IP Settings area, enter the following information:
Cisco CVR100W Wireless-N VPN Router Administration Guide 40
Configuring Network
Configuring WAN Settings
STEP 4 (Optional) To configure other optional settings, see Configuring Optional
STEP 5 Click Save.
3
Internet IP Address Enter the IP address of the WAN port.
Subnet Mask Enter subnet mask of the WAN port.
Default Gateway Enter the IP address of the default gateway.
Static DNS 1 Enter the IP address of the primary DNS server.
Static DNS 2 Enter the IP address of the secondary DNS server.
Settings.

Configuring Optional Settings

To configure optional WAN settings:
STEP 1 Choose Networking > WAN > Internet Setup.
STEP 2 In the Optional Settings area, enter the following information:
Host Name Enter the host name of the CVR100W.
Domain Name Enter the domain name for your network.
MTU The Maximum Transmit Unit (MTU) is the size of the
largest packet that can be sent over the network.
The standard MTU value for Ethernet networks is usually 1500 bytes. For PPPoE connections, the value is 1492 bytes.
Unless a change is required by your ISP, Cisco recommends that you choose Auto. The default MTU size is 1500 bytes.
If your ISP requires a custom MTU setting, choose
Manual and enter the MTU size.
Size Enter the MTU size.
Cisco CVR100W Wireless-N VPN Router Administration Guide 41
Configuring Network
Configuring WAN Settings
STEP 3 Click Save.
3

Cloning the MAC Address

Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address. This is called MAC address cloning.
For example, some ISP registers your computer’s NIC card MAC address when the service is first installed. When you place a router behind the cable modem or DSL modem, the MAC address from the CVR100W’s WAN port is not recognized by the ISP.
In this case, to configure your CVR100W to be recognized by the ISP, clone the MAC address of the WAN port to be the same as your computer’s MAC address.
To configure a MAC address clone:
STEP 1 Choose Networking > WAN > MAC Address Clone.
STEP 2 In the MAC Address Clone field, check Enable to enable MAC address cloning.
STEP 3 Set the MAC address of the CVR100W’s WAN port, do one of the following:
To set the MAC address of the WAN port to your PC’s MAC address,
click Clone My PC’s MAC.
To specify a different MAC address, enter it in the MAC Address field.
STEP 4 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 42
Configuring Network

Configuring LAN Settings

Configuring LAN Settings
The default DHCP and TCP/IP settings work for most applications. You can assign an IP address to each additional logical subnet on the CVR100W.

Configuring Basic LAN Settings

You can configure the CVR100W’s IP address and DHCP settings.
IPv4
To configure the default LAN IP address of the CVR100W:
STEP 1 Choose Networking > LAN > LAN Configuration.
3
STEP 2 In the IPv4 area, enter the following information:
VLAN Choose the VLAN number from the drop-down menu.
Local IP Address Enter the LAN IP address of the CVR100W.
Make sure the address is not in use by another device.
Subnet mask Choose the subnet mask for the new IP address from
the drop-down menu. The default subnet is
255.255.255.0.
STEP 3 Click Save.
After the CVR100W’s LAN IP address is changed, your PC is no longer connected to the CVR100W.
STEP 4 To reconnect your PC to the CVR100W, do one of the following:
If DHCP is configured on the CVR100W, release and renew your PC’s IP
address.
Manually assign an IP address to your PC. The address must be on the same
subnet as the CVR100W. For example, if you change the CVR100W’s IP address to 10.0.0.1, assign your PC an IP address in the range of 10.0.0.2 to
10.0.0.255.
Cisco CVR100W Wireless-N VPN Router Administration Guide 43
Configuring Network
Configuring LAN Settings
STEP 5 Open a new browser window and enter the new IP address of the CVR100W to
3
reconnect.
Configuring DHCP
By default, the CVR100W functions as a DHCP server to the hosts on the Wireless LAN (WLAN) or LAN network, assigns IP addresses, and provides DNS server addresses.
With DHCP enabled, the CVR100W’s IP address serves as the gateway address to your LAN. The CVR100W assigns IP addresses to PCs on the LAN from a pool of addresses. The CVR100W tests each address before it is assigned to avoid duplicate addresses on the LAN.
By default, the CVR100W assigns an IP address to each host on the LAN from the default IP address pool (192.168.1.100 to 192.168.1.149). If you need to set any host with a static IP address, use an IP address from the 192.168.1.2 to 192.168.1.99 IP address pool. This prevents conflicts with the default IP address pool.
To configure the DHCP settings:
STEP 1 Choose Networking > LAN > LAN Configuration.
STEP 2 (Optional) Select the VLAN that you want to edit from the drop-down menu.
STEP 3 In the DHCP Server field, select one of the following options:
Enable Click this radio button to allow the CVR100W to act as
the DHCP server in the network.
Disable Click this radio button to disable DHCP on the
CVR100W.
If you want another device on your network to be the DHCP server, or to manually configure the network settings of all of your PCs, disable DHCP.
DHCP Relay Click this radio button to select DHCP Relay to
configure the CVR100W to act as a relayer of IP addresses by a different DHCP server.
STEP 4 If you select Enable, enter the following information:
Cisco CVR100W Wireless-N VPN Router Administration Guide 44
Configuring Network
Configuring LAN Settings
3
Starting IP Address Enter the first address in the IP address pool. Any new
DHCP client joining the LAN is assigned an IP address in this range (the ending IP address in the pool is determined by the value that you enter in the
Maximum Number of DHCP Users field).
Maximum Number of DHCP Users
IP Address Range (Read-only) Displays the range of IP addresses
Client Lease time Enter the duration (in hours) for which IP addresses are
Static DNS 1 Enter the IP address of the primary DNS server.
Static DNS 2 Enter the IP address of the secondary DNS server.
Static DNS 3 Enter the IP address of the tertiary DNS server.
WINS Enter the IP address of the primary WINS server.
STEP 5 If you select DHCP Relay, enter the address of the relay gateway in the Remote
DHCP Server field. The relay gateway transmits DHCP messages between
multiple subnets.
STEP 6 Click Save.
Enter the maximum number of DHCP clients.
available to the DHCP clients.
leased to clients.

Configuring VLAN

A Virtual LAN (VLAN) is a group of endpoints in a network that are associated by function or other shared characteristics. Unlike LANs, which are usually geographically based, VLANs can group endpoints without regard to the physical location of the equipment or users.
To c re a te a V L A N :
STEP 1 Choose Networking > LAN > VLAN Configuration.
STEP 2 Click Add Row.
STEP 3 Enter the following information:
Cisco CVR100W Wireless-N VPN Router Administration Guide 45
Configuring Network
Configuring LAN Settings
3
VLAN ID Enter the numerical VLAN ID to assign to endpoints in
the VLAN membership. The number that you enter must be between 4 and 15. VLAN ID 1 is reserved for the default VLAN, which is used for untagged frames received on the interface. VLAN ID 2 is reserved cannot be used. VLAN ID 3 is reserved for the guest network.
Description Enter a description to identify the VLAN.
Port 1 You can associate VLANs on the CVR100W to the LAN
Port 2
Port 3
ports on the device. By default, all 4 ports belong to VLAN1. You can edit these ports to associate them with other VLANs.
Port 4
STEP 4 Click Save.
STEP 5 To edit the settings of a VLAN, select the VLAN and click Edit. To delete a selected
VLAN, click Delete. Click Save to apply your changes.
Choose the outgoing frame type for each port:
Untagged: The port is an untagged member of
the VLAN. Frames of the VLAN are sent untagged to the port VLAN.
Tagged: The port is a tagged member of the
VLAN. Frames of the VLAN are sent tagged to the port VLAN.
Excluded: The port is currently not a member of
the VLAN. This is the default for all the ports when the VLAN is first created.
Cisco CVR100W Wireless-N VPN Router Administration Guide 46
Configuring Network
Configuring LAN Settings
STEP 1 Choose Networking > LAN > Static DHCP.
STEP 2 From the VLAN drop-down menu, choose a VLAN number.
STEP 3 Click Add Row.
STEP 4 Enter the following information:
3

Configuring Static DHCP

You can configure the CVR100W to assign a specific IP address to a device with a specific MAC address.
To configure static DHCP:
Description Enter a description of the client.
IP Address Enter the IP address of the device.
The assigned IP address should be outside the pool of the DHCP addresses configured. The DHCP pool is treated as a generic pool and all reserved IPs should be outside this pool.
Static DHCP assignment means that the DHCP server assigns the same IP to the defined MAC address every time the device is connected to the network.
The DHCP server serves the reserved IP address when the device using the corresponding MAC address requests an IP address.
MAC Address Enter the MAC address of the device.
The format for the MAC address is XX:XX:XX:XX:XX:XX where X is a number from 0 to 9 (inclusive) or an alphabetical letter between A and F (inclusive).
STEP 5 To edit the settings of a static DHCP client, select the client and click Edit. To
delete a selected DHCP client, click Delete. Click Save to apply your changes.
Cisco CVR100W Wireless-N VPN Router Administration Guide 47
Configuring Network

Configuring Routing

3

Configuring a DMZ Host

The CVR100W supports demilitarized zones (DMZ). A DMZ is a subnetwork that is open to the public but behind the firewall. A DMZ allows you to redirect packets going to your WAN port IP address to a particular IP address in your LAN.
We recommended that you place hosts that must be exposed to the WAN (such as web or e-mail servers) in the DMZ network. You can configure firewall rules to allow access to specific services and ports in the DMZ from both the LAN or WAN.
In the event of an attack on any of the DMZ nodes, the LAN is not necessarily vulnerable.
You must configure a fixed (static) IP address for the endpoint that you designate as the DMZ host. You should assign the DMZ host an IP address in the same subnet as the CVR100W’s LAN IP address, but it cannot be identical to the IP address given to the LAN interface of this gateway.
To configure DMZ:
STEP 1 Choose Networking > LAN > DMZ Host.
STEP 2 Check Enable to enable DMZ on the network.
STEP 3 From the VLAN drop-down menu, choose the VLAN where DMZ is enabled.
STEP 4 In the Host IP Address field, enter the IP address of the DMZ host.
STEP 5 Click Save.
Configuring Routing

Configuring Operating Mode

To configure the CVR100W’s operating mode:
STEP 1 Choose Networking > Routing.
STEP 2 In the Operating Mode field, select one of the following options:
Cisco CVR100W Wireless-N VPN Router Administration Guide 48
Configuring Network
Configuring Routing
STEP 3 Click Save.
3
Gateway (Recommended) Click this radio button to set the
CVR100W to act as a gateway.
Keep this default setting if the CVR100W is hosting your network’s connection to the Internet.
Router Click this radio button to set the CVR100W to act as a
router.
Select this option if the CVR100W is on a network with other routers.
Enabling the Router mode disables NAT (Network Address Translation) on the CVR100W.

Configuring Dynamic Routing

Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks. It allows the router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
Dynamic Routing enables the CVR100W to automatically adjust to physical changes in the network’s layout and exchange routing tables with the other routers.
The router determines the network packets’ route based on the fewest number of hops between the source and the destination.
NOTE RIP is disabled by default on the CVR100W.
To configure dynamic routing:
STEP 1 Choose Networking > Routing.
STEP 2 In the Dynamic Routing area, configure the following settings:
RIP Check Enable to enable RIP. This allows the CVR100W
to use RIP to route traffic.
Cisco CVR100W Wireless-N VPN Router Administration Guide 49
Configuring Network
!
Configuring Routing
3
RIP Send Packet Version
RIP Recv Packet Version
STEP 3 Click Save.

Configuring Static Routing

You can configure static routes to direct packets to the destination network. A static route is a pre-determined pathway that a packet must travel to reach a specific host or network.
Select the RIP Send Packet Version (RIPv1 or RIPv2).
The version of RIP used to send routing updates to other routers on the network depends on the configuration settings of the other routers.
It is best to check with your network administrator to see which version of RIP is supported on your network.
RIPv2 is backward compatible with RIPv1.
Choose the RIP Receive Packet Version.
Some ISPs require static routes to build your routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router.
You can also use static routes to reach peer routers that do not support dynamic routing protocols. Static routes can be used together with dynamic routes.
CAUTION Be careful not to introduce routing loops in your network.
To configure static routing:
STEP 1 Choose Networking > Routing.
STEP 2 In the Static Routing area, choose a route entry from the Route Entries drop-
down menu.
To delete the route entry, click Delete This Entry.
STEP 3 Configure the following settings for the selected route entry:
Cisco CVR100W Wireless-N VPN Router Administration Guide 50
Configuring Network
Configuring Routing
3
Enter Route Name Enter the name of the route.
Destination LAN IP Enter the IP address of the destination LAN.
Subnet Mask Enter the subnet mask of the destination network.
Gateway Enter the IP address of the gateway used for this route.
Interface Select the interface to which packets for this route are
sent:
LAN: Click this radio button to direct packets to
the LAN.
WAN: Click this radio button to direct packets to
the Internet (WAN).
STEP 4 Click Save.

Configuring Inter-VLAN Routing

To configure inter-VLAN routing:
STEP 1 Choose Networking > Routing.
STEP 2 In the Inter-VLAN Routing area, check Enable to enable inter-VLAN routing.
STEP 3 Click Save.

Viewing the Routing Table

To show the routing table:
STEP 1 Choose Networking > Routing.
STEP 2 To view the IPv4 routing information on your network, click Show IPv4 Routing
Table in the Routing Table area.
STEP 3 To view the IPv6 routing information on your network, click Show IPv6 Routing
Table in the Routing Table area.
Cisco CVR100W Wireless-N VPN Router Administration Guide 51
Configuring Network

Configuring Dynamic DNS

3
The routing table displays the following information:
Destination LAN IP (IPv4) IP address of the destination LAN.
Subnet Mask (IPv4) Subnet mask of the destination network.
Gateway (IPv4) IP address of the gateway used for this route.
Interface (IPv4) Physical network interface through which this
route is accessible.
Destination (IPv6) IP address of the destination LAN.
Next Hop (IPv6) IP address of the gateway/router through which
the destination host/network can be reached.
Interface (IPv6) Physical network interface through which this
route is accessible.
Configuring Dynamic DNS
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must set up an account with a DDNS provider, such as oray.org or 3322.org.
The router notifies dynamic DNS servers of changes in the WAN IP address so that any public services on your network can be accessed by using the domain name.
To configure DDNS:
STEP 1 Choose Networking > Dynamic DNS.
STEP 2 From the DDNS Service drop-down menu, choose Disable to disable this service
or choose the DDNS service to use.
STEP 3 If you do not have a DDNS account, click the URL of the service to visit the
selected DDNS service's website so that you can create an account.
STEP 4 Configure the following information:
Username Enter the username of the DDNS account.
Cisco CVR100W Wireless-N VPN Router Administration Guide 52
Configuring Network

Configuring IP Mode

STEP 5 To test the DDNS configuration, click Test Configuration.
3
Password Enter the password of the DDNS account.
Host Name (3322.org) Enter the host name of the DDNS server.
Internet IP Address (3322.org) Internet IP address of the CVR100W.
Status (3322.org) Displays the status if the DDNS update has
completed successfully or if the account update information sent to the DDNS server failed.
Domain Name (oray.org) Displays the domain name of the account.
User Level (oray.org) Displays the user level of the account.
Status (oray.org) Displays the status if the DDNS update has
completed successfully or if the account update information sent to the DDNS server failed.
STEP 6 Click Save.
Configuring IP Mode
Wide area network configuration properties are configurable for both IPv4 and IPv6 networks. You can enter information about your Internet connection type and other parameters.
To select an IP mode:
STEP 1 Choose Networking > IP Mode.
STEP 2 From the IP Mode drop-down menu, choose one of the following options:
LAN:IPv4, WAN:IPv4 Choose this option to use IPv4 in the LAN and WAN
ports.
LAN:IPv6, WAN:IPv4 Choose this option to use IPv6 in the LAN ports and
IPv4 in the WAN ports.
LAN:IPv6, WAN:IPv6 Choose this option to use IPv6 in the LAN and WAN
ports.
Cisco CVR100W Wireless-N VPN Router Administration Guide 53
Configuring Network

Configuring IPv6

3
LAN:IPv4+IPv6, WAN:IP v4
LAN:IPv4+IPv6, WAN:IPv4+IPv6
STEP 3 (Optional) If you are using 6to4 tunneling, which allows IPv6 packets to be
transmitted over an IPv4 network, do the following:
The 6to4 tunneling feature is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network.
STEP 4 Click Save.
Configuring IPv6
Choose this option to use IPv4 and IPv6 in the LAN ports and IPv4 in the WAN ports.
Choose this option to use IPv4 and IPv6 in the LAN and WAN por ts .
Click Show Static 6to4 DNS Entry.
In the Domain and IP fields, enter up to 5 domain-to-IP mappings.

Configuring IPv6 WAN Settings

Configuring WAN properties for an IPv6 network depends on the type of internet connection that you have. You can configure the CVR100W to be a DHCPv6 client of the ISP for this WAN or to use a static IPv6 address provided by the ISP.
Setting the IP Mode
To configure IPv6 WAN settings on your CVR100W, you must first set the IP mode to LAN:IPv6, WAN:IPv6 or LAN:IPv4+IPv6, WAN:IPv4+IPv6.
See Configuring IP Mode for more information.
Cisco CVR100W Wireless-N VPN Router Administration Guide 54
Configuring Network
Configuring IPv6
STEP 1 Choose Networking > IPv6 Configuration > IPv6 WAN Configuration.
STEP 2 In the WAN Connection Type field, click the Automatic Configuration-DHCPv6
STEP 3 Click Save.
3
Configuring DHCPv6
If your ISP provides you with a dynamically assigned address, configure the CVR100W to use be a DHCPv6 client.
To configure the CVR100W to be a DHCPv6 client:
radio button.
Configuring a Static IP Address
If your ISP assigns you a fixed address to access the Internet, configure the CVR100W to use a static IPv6 address.
To configure the CVR100W to use a static IPv6 address:
STEP 1 Choose Networking > IPv6 Configuration > IPv6 WAN Configuration.
STEP 2 In the WAN Connection Type field, click the Static IPv6 radio button.
STEP 3 In the Static IP Address area, enter the following information:
IPv6 Address Enter the IPv6 address of the WAN port.
IPv6 Prefix Length Enter the IPv6 prefix length defined by the ISP.
The IPv6 network (subnet) is identified by the initial bits of the address which are called the prefix.
For example, in the 2001:0DB8:AC10:FE01:: IP address, 2001 is the prefix.
All hosts in the network have identical initial bits for their IPv6 address; you set the number of common initial bits in the network’s addresses in this field.
Default IPv6 Gateway
Cisco CVR100W Wireless-N VPN Router Administration Guide 55
Enter the IPv6 address of the default gateway. This is the IP address of the server at the ISP that this router connects to for accessing the Internet.
Configuring Network
Configuring IPv6
STEP 4 Click Save.
3
Static DNS 1 Enter the IP address of the primary DNS server on the
ISP’s IPv6 network.
Static DNS 2 Enter the IP address of the secondary DNS server on
the ISP’s IPv6 network.

Configuring IPv6 LAN Settings

In the IPv6 mode, the LAN DHCP server is enabled by default (similar to the IPv4 mode). The DHCPv6 server assigns IPv6 addresses from configured address pools that use the IPv6 prefix length assigned to the LAN.
Setting the IP Mode
To configure IPv6 LAN settings on your CVR100W, you must first set the IP mode to one of the following modes:
LAN:IPv6, WAN:IPv4
LAN:IPv6, WAN:IPv6
LAN:IPv4+IPv6, WAN:IPv4
LAN:IPv4+IPv6, WAN:IPv4+IPv6
See Configuring IP Mode for more information.
Configuring IPv6 LAN Settings
To configure IPv6 LAN settings:
STEP 1 Choose Networking > IPv6 Configuration > IPv6 LAN Configuration.
STEP 2 In the IPv6 area, enter the following information to configure the IPv6 LAN address:
IPv6 Address Enter the IPv6 address of the CVR100W.
The default IPv6 address for the gateway is fec0::1. You can change this 128-bit IPv6 address based on your network requirements.
Cisco CVR100W Wireless-N VPN Router Administration Guide 56
Configuring Network
Configuring IPv6
STEP 3 Click Save.
3
IPv6 Prefix Length Enter the IPv6 prefix length.
The IPv6 network (subnet) is identified by the initial bits of the address called the prefix. By default, the prefix is 64 bits long.
All hosts in the network have the identical initial bits for their IPv6 address; you set the number of common initial bits in the network’s addresses in this field.
Configuring DHCPv6 Settings
To configure DHCPv6 settings:
STEP 1 Choose Networking > IPv6 Configuration > IPv6 LAN Configuration.
STEP 2 In the Server Settings (DHCPv6) area, enter the following information to
configure the DHCPv6 settings:
DHCP Status Check to enable the DHCPv6 server.
If enabled, the CVR100W assigns an IP address within the specified range plus additional specified information to any LAN endpoint that requests DHCP­served addresses.
Domain Name Enter the domain name of the DHCPv6 server.
Server Preference Enter the server preference level of this DHCP server.
DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages.
The default is 255.
Static DNS 1 Enter the IPv6 address of the primary DNS server on
the ISP’s IPv6 network.
Static DNS 2 Enter the IPv6 address of the secondary DNS server
on the ISP’s IPv6 network.
Cisco CVR100W Wireless-N VPN Router Administration Guide 57
Configuring Network
Configuring IPv6
STEP 3 Click Save.
3
Client Lease Time Enter the client lease time.
Enter the duration for which IPv6 addresses are leased to endpoints on the LAN.
Configuring IPv6 Address Pools
You can define the IPv6 delegation prefix for a range of IPv6 addresses to be served by the CVR100W’s DHCPv6 server. Using a delegation prefix, you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix.
To configure IPv6 address pools:
STEP 1 Choose Networking > IPv6 Configuration > IPv6 LAN Configuration.
STEP 2 In the IPv6 Address Pools table, click Add Row.
STEP 3 Enter the following information:
Start Address Enter the starting IPv6 address of the pool.
End Address Enter the ending IPv6 address of the pool.
IPv6 Prefix Length Enter the prefix length.
This field determines the number of common initial bits in the network’s addresses.
STEP 4 Click Save.
STEP 5 To edit the settings of a pool, select the pool and click Edit. To delete a selected
pool, click Delete. Click Save to apply your changes.
Cisco CVR100W Wireless-N VPN Router Administration Guide 58
Configuring Network
Configuring IPv6
STEP 1 Choose Networking > IPv6 Configuration > IPv6 Static Routing.
3

Configuring IPv6 Static Routing

You can configure static routes to direct packets to the destination network. A static route is a predetermined pathway that a packet must travel to reach a specific host or network.
Some ISPs require static routes to build your routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router.
You can also use static routes to reach peer routers that do not support dynamic routing protocols. Static routes can be used together with dynamic routes. Be careful not to introduce routing loops in your network.
To create an IPv6 static route:
STEP 2 In the IPv6 Static Routing table, click Add Row.
STEP 3 Enter the following information:
Name Enter the route’s name.
Destination Enter the IPv6 address of the destination host or net-
work for this route.
Prefix Length Enter the number of prefix bits in the IPv6 address that
define the destination subnet.
Gateway Enter the IPv6 address of the gateway through which
the destination host or network can be reached.
Interface Choose the interface for the route from the
drop-down menu: LAN, WAN, or 6to4.
Metric Enter the priority of the route by choosing a value
between 2 and 15. If multiple routes to the same desti­nation exist, the route with the lowest metric is used.
Cisco CVR100W Wireless-N VPN Router Administration Guide 59
Configuring Network
Configuring IPv6
STEP 4 Click Save.
STEP 5 To edit the settings of a route, select the route and click Edit. To delete a selected
3
Active Check to make the route active.
When you add a route in an inactive state, it gets listed in the routing table, but is not used by the CVR100W. You can always activate the route later.
This feature is useful if the network that the route con­nects to is not available when you added the route. When the network becomes available, you can enable the route.
route, click Delete. Click Save to apply your changes.

Configuring Routing (RIPng)

RIP Next Generation (RIPng) is a routing protocol based on the distance vector (D-V) algorithm. RIPng uses UDP packets to exchange routing information through port 521.
RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric, or cost. The hop count from a router to a directly-connected network is 0. The hop count between two directly-connected routers is 1. When the hop count is greater than or equal to 16, the destination network or host is unreachable.
By default, the routing update is sent every 30 seconds. If the router receives no routing updates from a neighbor after 180 seconds, the routes learned from the neighbor are considered as unreachable. After another 240 seconds, if no routing update is received, the router removes these routes from the routing table.
On the CVR100W, RIPng is disabled by default.
To configure RIPng:
STEP 1 Choose Networking > IPv6 Configuration > Routing (RIPng).
STEP 2 Check Enable.
STEP 3 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 60
Configuring Network
Configuring IPv6
STEP 1 Select Networking > IPv6 Configuration > 6 to 4 Tunneling.
STEP 2 Check Enable.
STEP 3 Click Save.
3

Configuring IPv6-to-IPv4 Tunneling

IPv6-to-IPv4 tunneling (6-to-4 tunneling) allows IPv6 packets to be transmitted over an IPv4 network. 6to4 tunneling is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network.
To configure IPv6-to-IPv4 tunneling:

Viewing IPv6 Tunnel Status

To view IPv6 tunnel status:
STEP 1 Choose Networking > IPv6 Configuration > IPv6 Tunnels Status.
This page displays information about the automatic tunnel set up through the dedicated WAN interface. The table shows the name of tunnel and the IPv6 address that is created on the device.
STEP 2 Click Refresh to refresh the data on this page.

Configuring Router Advertisement

The Router Advertisement Daemon (RADVD) on the CVR100W listens for router solicitations in the IPv6 LAN and responds with router advertisements as required. This is stateless IPv6 auto configuration, and the CVR100W distributes IPv6 prefixes to all nodes on the network.
To configure the RADVD:
STEP 1 Choose Networking > IPv6 Configuration > Router Advertisement.
STEP 2 Enter the following information:
Cisco CVR100W Wireless-N VPN Router Administration Guide 61
Configuring Network
Configuring IPv6
3
RADVD Status Check Enable to enable RADVD, or check Disable to
disable RADVD.
Advertise Mode Select one of the following modes:
Unsolicited Multicast: Select this mode to
send Router Advertisements (RAs) to all interfaces belonging to the multicast group.
Unicast Only: Select this mode to restrict
advertisements to well-known IPv6 addresses only (RAs are sent to the interface belonging to the known address only).
Advertise Interval If you choose Unsolicited Multicast as the advertise
mode, enter the advertise interval (4 to 1800). The default is 30. The advertise interval is a random value between the Minimum Router Advertisement Interval (MinRtrAdvInterval) and Maximum Router Advertisement Interval (MaxRtrAdvInterval).
MinRtrAdvInterval = 0.33 * MaxRtrAdvInterval
RA Flags Check Managed to use the administered/stateful
protocol for address auto configuration.
Check Other to use the administered/stateful protocol of other, non-address information auto configuration.
Router Preference Choose low, medium, or high from the drop-down
menu. The default is medium.
The router preference provides a preference metric for default routers. The low, medium and high values are signaled in unused bits in RA messages. This extension is backward compatible, both for routers (setting the router preference value) and hosts (interpreting the router preference value). These values are ignored by hosts that do not implement router preference. This feature is useful if there are other RADVD-enabled devices on the LAN.
Cisco CVR100W Wireless-N VPN Router Administration Guide 62
Configuring Network
Configuring IPv6
STEP 3 Click Save.
3
MTU Enter the MTU size (0 or 1280 to 1500). The default is
1500 bytes.
The MTU is the size of the largest packet that can be sent over the network. The MTU is used in RAs to ensure all nodes on the network use the same MTU value when the LAN MTU is not well-known.
Router Life Time Enter the router lifetime value, or the time in seconds
that the advertisement messages exists on the route. The default is 3600 seconds.

Configuring Advertisement Prefixes

To configure the RADVD available prefixes:
STEP 1 Choose Networking > IPv6 Configuration > Advertisement Prefixes.
STEP 2 Click Add Row.
STEP 3 Enter the following information:
IPv6 Prefix Type Choose one of the following types:
6to4: 6to4 is a system that allows IPv6 packets
to be transmitted over an IPv4 network. It is used when an end user wants to connect to the IPv6 Internet using their existing IPv4 connection.
Global/Local: A locally unique IPv6 address
that you can use in private IPv6 networks or a globally unique IPv6 Internet address.
SLA ID If you choose 6to4 as the IPv6 prefix type, enter the
Site-Level Aggregation Identifier (SLA ID).
The SLA ID in the 6to4 address prefix is set to the interface ID of the interface on which the advertise­ments are sent.
Cisco CVR100W Wireless-N VPN Router Administration Guide 63
Configuring Network
Configuring IPv6
STEP 4 Click Save.
3
IPv6 Prefix If you choose Global/Local as the IPv6 prefix type,
enter the IPv6 prefix. The IPv6 prefix specifies the IPv6 network address.
IPv6 Prefix Length If you choose Global/Local as the IPv6 prefix type,
enter the prefix length. The prefix length variable is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the net­work portion of the address.
Prefix Lifetime Enter the prefix lifetime, or the length of time over
which the requesting router is allowed to use the pre­fix.
Cisco CVR100W Wireless-N VPN Router Administration Guide 64

Configuring Wireless Network

This chapter describes how to configure your wireless network. It includes the following sections:
Wireless Security
CVR100W Wireless Networks
Configuring Basic Wireless Settings
Configuring Advanced Wireless Settings
Configuring WDS
Configuring WPS
4

Wireless Security

Wireless networks are convenient and easy-to-install, so small businesses and homes with high-speed Internet access are adopting them at a rapid pace.
Because wireless networking operates by sending information over radio waves, it can be more vulnerable to intruders than a traditional wired network.

Wireless Security Tips

You cannot physically prevent someone from connecting to your wireless network, but you can take the following steps to keep your network secure:
Change the default wireless network name or SSID.
Wireless devices have a default wireless network name or SSID. This is the name of your wireless network, and can be up to 32 characters in length.
Cisco CVR100W Wireless-N VPN Router Administration Guide 65
Configuring Wireless Network
Wireless Security
Change the default password.
4
To protect your network, change the default wireless network name to a unique name to distinguish your wireless network from other wireless networks that may exist around you.
When choosing names, do not use personal information (such as your Social Security number) because this information may be available for anyone to see when browsing for wireless networks.
For wireless products such as access points, routers, and gateways, you are asked for a password when you want to change their settings. These devices have a default password. The default password is often cisco.
Hackers know these default values and may try to use them to access your wireless device and change your network settings. To thwart unauthorized access, customize the device’s password so it is hard to guess.
Enable MAC address filtering.
Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device.
With MAC address filtering enabled, wireless network access is provided solely for wireless devices with specific MAC addresses. For example, you can specify the MAC address of each computer in your network so that only those computers can access your wireless network.
Enable encryption.
Encryption protects data transmitted over a wireless network. Wi-Fi Protected Access (WPA/WPA2) and Wired Equivalency Privacy (WEP) offer different levels of security for wireless communication. Currently, devices that are Wi-Fi certified are required to support WPA2, but are not required to support WEP.
A network encrypted with WPA/WPA2 is more secure than a network encrypted with WEP, because WPA/WPA2 uses dynamic key encryption.
To protect the information as it passes over the airwaves, enable the highest level of encryption supported by your network equipment.
WEP is an older encryption standard and may be the only option available on some older devices that do not support WPA.
Keep wireless routers, access points, or gateways away from exterior walls
and windows.
Cisco CVR100W Wireless-N VPN Router Administration Guide 66
Configuring Wireless Network

CVR100W Wireless Networks

Turn off wireless routers, access points, or gateways when they are not
Use strong passphrases that are at least eight characters in length.

General Network Security Guidelines

Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions:
Password-protect all computers on the network and individually
Change passwords on a regular basis.
4
used (at night, during vacations).
Combine letters and numbers to avoid using standard words that can be found in the dictionary.
password-protect sensitive files.
Install anti-virus software and personal firewall software.
Disable file sharing (peer-to-peer) to prevent applications from using file
sharing without your consent.
CVR100W Wireless Networks
The CVR100W provides four virtual wireless networks or four SSIDs (Service Set Identifier).
This table describes the default settings of these networks:
SSID Name cisco-xxxx cisco-SSID2 cisco-SSID3 cisco-guest
Enabled YesNoNoNo
SSID Broadcast
Enabled Disabled Disabled Enabled
Security Mode
MAC Filter Disabled Disabled Disabled Disabled
VLAN 1113
Cisco CVR100W Wireless-N VPN Router Administration Guide 67
WPA2 mixed Disabled Disabled Disabled
Configuring Wireless Network

Configuring Basic Wireless Settings

SSID Name cisco-xxxx cisco-SSID2 cisco-SSID3 cisco-guest
SSID Isolation Disabled Disabled Disabled Enabled
WMM Enabled Enabled Enabled Enabled
4
WPS Hardware Button
Enabled Disabled Disabled Disabled
Configuring Basic Wireless Settings
The Basic Settings page allows you to configure basic wireless settings.

Configuring Wireless Radio Settings

To configure the wireless radio settings:
STEP 1 Choose Wireless > Basic Settings.
STEP 2 In the Radio field, check Enable to turn the wireless radio on.
This field enables the wireless radio itself. By default there is only one wireless network enabled, cisco-xxxx.
STEP 3 In the Wi-Fi Power field, select the Wi-Fi power on your network.
STEP 4 In the Wireless Network Mode field, choose one of these options from the
drop-down menu:
B/G/N-Mixed Choose this option if you have Wireless-N, Wireless-B, and
Wireless-G devices in your network. This is the default setting (recommended).
B-Only Choose this option if you have only Wireless-B devices in your
network.
G-Only Choose this option if you have only Wireless-G devices in
your network.
N-Only Choose this option if you have only Wireless-N devices in your
network.
Cisco CVR100W Wireless-N VPN Router Administration Guide 68
Configuring Wireless Network
Configuring Basic Wireless Settings
B/G-Mixed Choose this option if you have Wireless-B and Wireless-G
G/N-Mixed Choose this option if you have Wireless-G and Wireless-N
STEP 5 In the Wireless Band Selection field, choose either 20MHz or 20/40MHz as the
wireless bandwidth on your network.
STEP 6 In the Wireless Channel field, choose the wireless channel from the drop-down
menu or choose Auto to let the system determine the optimal channel to use based on the environmental noise levels for the available channels.
STEP 7 In the AP Management VLAN field, choose VLAN 1 if you are using the default
settings.
If you create additional VLANs, choose a value that corresponds with the VLAN configured on other switches in the network. This is done for security purposes. You might need to change the management VLAN to limit access to the CVR100W’s Configuration Utility.
4
devices in your network.
devices in your network.
STEP 8 (Optional) In the U-APSD (WMM Power Save) field, check Enable to enable the
Unscheduled Automatic Power Save Delivery (U-APSD) feature, also referred to as WMM Power Save, that allows the radio to conserve power.
U-APSD is a power saving scheme optimized for real-time applications, such as VoIP, transferring full-duplex data over WLAN. By classifying outgoing IP traffic as Voice data, these types of applications can increase battery life by approximately 25 percent and minimize transmit delays.
STEP 9 Click Save.

Configuring Wireless Network Settings

The Wireless Table in the Basic Settings page lists the settings of the four wireless networks supported on the CVR100W.
To configure the settings for a wireless network:
STEP 1 Check the box for the network that you want to configure, and click the Edit button.
STEP 2 Configure these settings:
Cisco CVR100W Wireless-N VPN Router Administration Guide 69
Configuring Wireless Network
Configuring Basic Wireless Settings
Enable SSID Check to enable the wireless network.
SSID Name Enter the name of the wireless network.
SSID Broadcast Check to enable SSID broadcast.
Security Mode (Read Only) Displays the current security settings of
MAC Filter (Read Only) Displays whether MAC Filter is enabled or
4
the SSID.
Refer to the Configuring Wireless Security section to modify the security settings of the SSID.
disabled.
Refer to the Configuring MAC Address Filtering section to enable or disable this feature on the SSID.
CSC (Only applicable for SSID1, SSID2, and SSID3) Check
VLAN Choose the VLAN associated with the network.
SSID Isolation Check to enable wireless isolation within the SSID.
WMM (Wi-Fi Multimedia)
WPS Hardware Button
STEP 3 Click Save.
to set this SSID as the Cisco Simple Connect (CSC) wireless access point.
Refer to the Configuring Cisco Simple Connect section for more information about the Cisco Simple Connect (CSC) feature.
Check to enable WMM.
Check to map the CVR100W’s WPS button on the front panel to this network.
Cisco CVR100W Wireless-N VPN Router Administration Guide 70
Configuring Wireless Network
Configuring Basic Wireless Settings

Configuring Wireless Security

For security purposes, we strongly recommend that you configure each SSID with the highest level of security that is supported by the devices into your wireless network. You can configure one of the following security modes for the wireless network:
The WEP security mode offers weak security with a basic encryption method that is not as secure as WPA. WEP may be required if your network devices do not support WPA. If you do not have to use WEP, we recommend that you use WPA2.
The WPA-Personal, WPA2-Personal, and the WPA2-Personal Mixed security modes offer strong security to replace WEP.
WPA-Personal: WPA is part of the wireless security standard (802.11i)
4
standardized by the Wi-Fi Alliance and was intended as an intermediate measure to take the place of WEP while the 802.11i standard was being prepared. WPA-Personal supports Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) encryption.
WPA2-Personal: (Recommended) WPA2 is the implementation of the
security standard specified in the final 802.11i standard. WPA2 supports AES encryption and this option uses Pre-shared Key (PSK) for authentication.
WPA2-Personal Mixed: Allows both WPA and WPA2 clients to connect
simultaneously using PSK authentication. The personal authentication is the PSK that is an alphanumeric passphrase shared with the wireless peer.
The WPA-Enterprise, WPA2-Enterprise, and the WPA2-Enterprise Mixed security modes allow you to use RADIUS server authentication.
WPA-Enterprise: Allows you to use WPA with RADIUS server
authentication.
WPA2-Enterprise: Allows you to use WPA2 with RADIUS server
authentication.
WPA2-Enterprise Mixed: Allows both WPA and WPA2 clients to connect
simultaneously using RADIUS authentication.
To configure the security settings for a SSID:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the SSID that you want
to configure.
STEP 2 Click Edit Security Mode. The Security Settings page opens.
Cisco CVR100W Wireless-N VPN Router Administration Guide 71
Configuring Wireless Network
Configuring Basic Wireless Settings
STEP 3 From the Security Mode menu, choose a security mode and specify the
corresponding settings. The following table lists the security settings for different security modes.
Disabled
If you choose this option, any wireless device that is in range can connect to the SSID. This is the default setting but not recommended.
This mode means that any data transferred to and from the SSID is not encrypted. This security mode can be useful during initial network configuration or for problem solving, but it is not recommended for regular use on the internal network because it is not secure.
WEP
4
Authentication Type Choose Open System or Shared Key if your network
administrator recommends this setting. If you are unsure, select the default option (Open System).
In both cases, the wireless client must provide the correct shared key (password) to access the wireless network.
Encryption Choose the encryption type:
10/64-bit (10 hex digits): Provides a 40-bit key.
26/128-bit (26 hex digits): Provides a 104-bit
key, which offers stronger encryption, making the key more difficult to crack. We recommend 128-bit encryption.
Passphrase (Optional) Enter an alphanumeric phrase (longer than
eight characters for optimal security) and click
Generate to generate four unique WEP keys in the Key1-4 fields below.
If you want to provide your own key, enter it directly in the Key 1 field (recommended). The length of the key should be 5 ASCII characters (or 10 hexadecimal characters) for 64-bit WEP and 13 ASCII characters (or 26 hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are 0 to 9 and A to F.
Cisco CVR100W Wireless-N VPN Router Administration Guide 72
Configuring Wireless Network
Configuring Basic Wireless Settings
Show Password Check to show the password in plaintext.
WPA-Personal, WPA2-Personal, or WPA2-Personal Mixed
Encryption For WPA-Personal, choose one of the following
4
options:
TKIP/AES: Choose TKIP/AES to ensure
compatibility with older wireless devices that may not support AES.
AES: This option is more secure.
WPA2-Personal always uses AES for data encryption.
WPA2-Personal Mixed automatically uses TKIP or AES for data encryption.
Security Key Enter an alphanumeric phrase (8 to 63 ASCII
characters or 64 hexadecimal digits).
Show Password Check to show the password in plaintext.
Key Renewal Enter the duration of time (600 to 7200 seconds)
between key renewals. The default value is 3600.
WPA-Enterprise, WPA2-Enterprise, or WPA2-Enterprise Mixed
Encryption For WPA-Enterprise, choose one of the following
options:
TKIP/AES: Choose TKIP/AES to ensure
compatibility with older wireless devices that may not support AES.
AES: This option is more secure.
WPA2-Enterprise always uses AES for data encryption.
WPA2-Enterprise Mixed automatically uses TKIP or AES for data encryption.
RADIUS Server Enter the IP address of the RADIUS server.
RADIUS Port Enter the port used to access the RADIUS server.
Shared Key Enter an alphanumeric phrase (8 to 63 ASCII
characters or 64 hexadecimal digits).
Cisco CVR100W Wireless-N VPN Router Administration Guide 73
Configuring Wireless Network
Configuring Basic Wireless Settings
Key Renewal Enter the duration of time (600 to 7200 seconds)
STEP 4 Click Save.
STEP 5 Click Back to go back to the Basic Settings page.

Configuring MAC Address Filtering

You can use MAC address filtering to permit or deny access to the wireless network based on the MAC (hardware) address of the requesting device. For example, you can enter the MAC addresses of a set of computers and only allow those computers to access the network. You can configure MAC address filtering for each network or SSID.
4
between key renewals. The default value is 3600.
To configure MAC address filtering:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the SSID that you want
to configure.
STEP 2 Click Edit MAC Filtering. The Wireless MAC Filtering page opens.
STEP 3 In the Wireless MAC Filtering field, check Enable to enable MAC address filtering
for this SSID.
STEP 4 In the Connection Control field, choose the type of access to the wireless
network:
Prevent: Select this option to prevent devices with the MAC addresses
listed in the MAC Address Table from accessing the wireless network. This option is selected by default.
Permit: Select this option to allow devices with the MAC addresses listed in
the MAC Address Table to access the wireless network.
STEP 5 To show computers and other devices on the wireless network, click Show Client
List.
STEP 6 If you want to add a device in the client list to the MAC Address Table, check the
box in the Save to MAC Address Filter List column and click Add to MAC to add the selected device to the MAC Address Table.
STEP 7 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 74
Configuring Wireless Network
Configuring Basic Wireless Settings
STEP 8 Click Back to go back to the Basic Settings page.

Configuring Time of Day Access

To further protect your network, you can restrict access to it by specifying when users can access the network.
To configure Time of Day Access:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the SSID that you want
to configure.
STEP 2 Click Time of Day Access. The Time of Day Access page opens.
STEP 3 In the Active Time field, check Enable to enable Time of Day Access.
4
STEP 4 In the Start Time and Stop Time fields, specify the time of day period when
access to the network is allowed.
STEP 5 Click Save.
STEP 6 Click Back to go back to the Basic Settings page.

Configuring Guest Net

The SSID4 (default name: cisco-guest) is used for guest access. The guests can access the Internet through this SSID and the internal network security would not be affected.
To configure the Guest Net settings:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check SSID 4.
STEP 2 Click Edit Guest Net. The Guest Net Settings page appears.
STEP 3 In the Guest Password field, enter an alphanumeric phrase (8 to 63 ASCII
characters or 64 hexadecimal digits).
STEP 4 Check Hide Password to show the password in ciphertext.
STEP 5 In the Lease Time field, set the guest least time. (Range: 1 to 9999 minutes,
default: 120 minutes)
Cisco CVR100W Wireless-N VPN Router Administration Guide 75
Configuring Wireless Network
Configuring Basic Wireless Settings
STEP 6 In the Total Guest Allowed field, set the maximum number of the guest
connections allowed.
STEP 7 Click Save.
STEP 8 Click Back to go back to the Basic Settings page.

Configuring Cisco Simple Connect

Cisco Simple Connect (CSC) provides a safe and convenient way for CSC­enabled devices to connect with a Wi-Fi access point by simply touching the RFiD or scanning the QR code of the CSC card. Cisco Simple Connect makes accessing wireless access points simple and allows you to expand more business applications. See Using Cisco Simple Connect for more information.
4
By default, Cisco Simple Connect (CSC) is disabled on the CVR100W. You can set one of the SSIDs (SSID1, SSID2, or SSID3) of the CVR100W as the CSC wireless access point. The wireless clients that are associated with the CSC wireless access point can only access the Internet through the CVR100W.
When configuring Cisco Simple Connect, note the following:
Only SSID1, SSID2, or SSID3 can be set as the CSC wireless access point.
Enabling Cisco Simple Connect on a SSID does not affect the normal
operation of other SSIDs.
SSID1 must be set as the CSC wireless access point when WDS is enabled
on the CVR100W.
The VLAN to which the CSC wireless access point is mapped cannot be
the same as the VLANs of other SSIDs. You must assign a different VLAN to the CSC wireless access point.
When enabling Cisco Simple Connect on a SSID, the CVR100W
automatically saves the current settings of the SSID before the CSC settings are applied on the SSID, and restores the saved settings after CSC is disabled on the SSID.
By default, the CSC wireless access point is automatically named as Cisco-
Simple-Connect when enabling Cisco Simple Connect for the first time. The wireless security mode, SSID broadcast, and SSID Isolation are disabled on the CSC wireless access point. For security purposes, we strongly recommend that you configure the CSC wireless access point with the
Cisco CVR100W Wireless-N VPN Router Administration Guide 76
Configuring Wireless Network
Configuring Basic Wireless Settings
To enable Cisco Simple Connect and configure the settings of the CSC wireless access point:
STEP 1 Choose Wireless > Basic Settings. The Basic Settings page opens.
STEP 2 In the Wireless Table, check the SSID that you want to configure and click Edit.
STEP 3 Check the Enable SSID box to enable this SSID.
STEP 4 Check the CSC box to enable Cisco Simple Connect on this SSID.
STEP 5 Select a VLAN from the VLAN drop-down menu to which all traffic from the CSC
wireless network is mapped. The VLAN that is associated with the CSC wireless network cannot be the same as the VLANs of other SSIDs.
4
highest level of security that is supported by the devices into your wireless network.
STEP 6 (Optional) Configure the following settings for the CSC wireless access point:
SSID Name: Enter a unique name for the CSC wireless access point. By
default, the name of the CSC wireless access point is set to Cisco-Simple­Connect after you enable Cisco Simple Connect for the first time.
Generally, you can enter the SSID name that is provided on your CSC Simple card in this field. If you want to customize the name of the CSC wireless access point, enter a new SSID name in this field.
NOTE When you customize a new name of the CSC wireless access
point, you are asked to regenerate and print the QR code of the CSC card. See Customizing Your QR Code for more information.
Security Mode: By default, the security mode of the CSC wireless access
point is disabled. You can modify its security settings by clicking Edit Security Mode. For security purposes, we strongly recommend that you configure the CSC wireless access point with the highest level of security that is supported by the devices into your wireless network.
Generally, you can choose WPA or WPA2 as the security mode and enter the security key that is provided on your CSC card. If you want to customize the security key of the CSC wireless access point, enter a new security key. See
Configuring Wireless Security for more information.
NOTE When you customize a new security key of the CSC wireless
access point, you are asked to regenerate and print the QR code of the CSC card. See Customizing Your QR Code for more information.
Cisco CVR100W Wireless-N VPN Router Administration Guide 77
Configuring Wireless Network
Configuring Basic Wireless Settings
MAC Filter: By default, MAC address filtering is disabled on the CSC
Time of Day Access: By default, Time of Day Access is disabled on the CSC
SSID Broadcast, WMM, and SSID Isolation: By default, these features are
STEP 7 Click Save.
STEP 8 Click Edit CSC to limit the time to access the Internet for all associated CSC
wireless clients.
4
wireless access point. You can enable this feature and configure the corresponding settings by clicking Edit MAC Filter. See Configuring MAC
Address Filtering for more information.
wireless access point. You can enable this feature and configure the corresponding settings by clicking Time of Day Access. See Configuring
Time of Day Access for more information.
enabled on the CSC wireless access point. See Configuring Wireless
Network Settings for more information.
STEP 9 Enter the following information:
SSID Name Displays the current name of the CSC wireless access
point. By default, it is named as Cisco-Simple-Connect after Cisco Simple Connect is enabled for the first time.
Security Mode Displays the current security mode used on the CSC
wireless access point. By default, the security mode is disabled on the CSC wireless access point.
Security Key Displays the current security key of the CSC wireless
access point.
Show Password Check the box to display the password in plaintext.
Access Network Time
STEP 10 Click Save.
See Connecting to CSC Wireless Network for more information about how to connect to the CSC wireless network and get the authority to access the Internet.
Enter a value from 0 to 1440 seconds. The default value is 0, which means that there is no limit.
Cisco CVR100W Wireless-N VPN Router Administration Guide 78
Configuring Wireless Network
!

Configuring Advanced Wireless Settings

Configuring Advanced Wireless Settings
CAUTION Advanced wireless settings should be adjusted only by an expert administrator;
incorrect settings can reduce wireless performance.
To configure advanced wireless settings:
STEP 1 Choose Wireless > Advanced Settings. The Advanced Settings page appears.
STEP 2 Configure these settings:
4
Frame Burst Check Enable to enable this feature to provide your
wireless networks with greater performance, depending on the manufacturer of your wireless products. If you are not sure how to use this option, keep the default (enabled).
WMM No Acknowledgement
Check Enable to enable this feature. Enabling WMM No Acknowledgement can result in more efficient throughput, but higher error rates in a noisy Radio Frequency (RF) environment. Default setting is disabled.
Cisco CVR100W Wireless-N VPN Router Administration Guide 79
Configuring Wireless Network
Configuring Advanced Wireless Settings
Basic Rate The Basic Rate setting is not the rate of transmission
4
but a series of rates at which the Services Ready Platform can transmit.
The CVR100W advertises its basic rate to the other wireless devices in your network, so they know which rates will be used.
The Services Ready Platform will also advertise that it will automatically select the best rate for transmission.
The default setting is Default, when the CVR100W can transmit at all standard wireless rates (1-2 Mbps, 5.5 Mbps, 11 Mbps, 18 Mbps, 24 Mbps, and so on). In addition to B and G speeds, the CVR100W supports N speeds.
Other options are 1-2 Mbps, for use with older wireless technology, and All, when the CVR100W can transmit at all wireless rates.
The Basic Rate is not the actual rate of data transmission. If you want to specify the CVR100W’s rate of data transmission, configure the Transmission Rate setting.
Transmission Rate The rate of data transmission should be set depending
on the speed of your wireless network.
You can select from a range of transmission speeds, or you can select Auto to have the CVR100W automatically use the fastest possible data rate and enable the Auto-Fallback feature.
Auto-Fallback will negotiate the best possible connection speed between the CVR100W and a wireless client. The default is Auto.
Cisco CVR100W Wireless-N VPN Router Administration Guide 80
Configuring Wireless Network
Configuring Advanced Wireless Settings
N Transmission Rate The rate of data transmission should be set depending
CTS Protection Mode The CVR100W will automatically use CTS (Clear-To-
4
on the speed of your Wireless-N networking.
You can select from a range of transmission speeds, or you can select Auto to have the CVR100W automatically use the fastest possible data rate and enable the Auto-Fallback feature.
Auto-Fallback will negotiate the best possible connection speed between the CVR100W and a wireless client. The default is Auto.
Send) Protection Mode when your Wireless-N and Wireless-G devices are experiencing severe problems and are not able to transmit to the CVR100W in an environment with heavy 802.11b traffic.
This function boosts the CVR100W’s ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance. The default is Auto.
Beacon Interval The Beacon Interval value indicates the frequency
interval of the beacon. A beacon is a packet broadcast by the CVR100W to synchronize the wireless network.
Enter a value between 40 and 3500 milliseconds. The default value is 100.
DTIM Interval This value, between 1 and 255, indicates the interval of
the Delivery Traffic Indication Message (DTIM). A DTIM field is a countdown field informing clients of the next window for listening to broadcast and multicast messages.
When the CVR100W has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the beacons and awaken to receive the broadcast and multicast messages. The default value is 1.
Cisco CVR100W Wireless-N VPN Router Administration Guide 81
Configuring Wireless Network

Configuring WDS

4
Fragmentation Threshold
RTS Threshold If you encounter inconsistent data flow, enter only
This value specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the Fragmentation Threshold.
Setting the Fragmentation Threshold too low may result in poor network performance. Only minor reduction of the default value is recommended. In most cases, it should remain at its default value of 2346.
minor reductions. The default value of 2347 is recommended.
If a network packet is smaller than the preset Request to Send (RTS) threshold size, the RTS/Clear to Send (CTS) mechanism will not be enabled. The Services Ready Platform sends RTS frames to a particular receiving station and negotiates the sending of a data frame.
After receiving an RTS, the wireless station responds with a CTS frame to acknowledge the right to begin transmission.
STEP 3 Click Save.
Configuring WDS
A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points in a network. It allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them.
To establish a WDS link, the CVR100W and other remote WDS peers must be configured in the same wireless network mode, wireless channel, wireless band selection, and encryption types (None and WEP).
NOTE WDS is supported on SSID 1 only.
Cisco CVR100W Wireless-N VPN Router Administration Guide 82
Configuring Wireless Network

Configuring WPS

To configure a WDS:
STEP 1 Choose Wireless > WDS.
STEP 2 Check Allow wireless signal to be repeated by a repeater to enable WDS.
STEP 3 To manually enter the MAC address of a repeater, click the Manual radio button.
STEP 4 Enter the MAC addresses of up to three access points to use as repeaters in the
MAC 1, MAC 2, MAC 3 fields.
STEP 5 (Optional) Click the Show Site Survey button.
The Available Networks table lists the available wireless network access points.
(Optional) Click the Refresh button to update the entries in the table.
In the Available Networks Table, select up to three access points to use as
4
repeaters.
STEP 6 Click Save.
Configuring WPS
You can configure WPS on the CVR100W to allow WPS-enabled devices to more easily connect to the wireless network.
To enable WPS on your CVR100W:
STEP 1 Choose Wireless > WPS.
STEP 2 From the SSID drop-down menu, choose the wireless network on which the WPS
settings are applied.
STEP 3 In the WPS field, check Enable to enable WPS. To disable WPS, uncheck the box.
To add the MAC addresses of the selected access points to the MAC fields
below the table, click Connect.
STEP 4 Use one of the following methods to configure WPS on client devices:
If your client device has a WPS button, first click the WPS button on the client
device, and then click the WPS button on this page.
Cisco CVR100W Wireless-N VPN Router Administration Guide 83
Configuring Wireless Network
Configuring WPS
If the client device has a WPS PIN number, enter the PIN number and click
If the client device requires a PIN number from the router, use the number
After you configure WPS, the following information appears at the bottom of the WPS page: Wi-Fi Protected Setup Status, Network Name (SSID), and Security.
The status of the WPS light on the front panel provides information about the WPS operation.
4
Register. After configuration is completed, click OK.
Refer to your client device or its documentation for further instructions.
listed in item 3 on the WPS page.
WPS Successfully Started
WPS During Startup WPS light flashes (0.5 Hz) for 30 seconds.
WPS Errors Occurred
WPS Session Overlap
WPS Enabled or Disabled
WPS light turns on for 120 seconds.
WPS light flashes (1 Hz) for 30 seconds.
WPS light flashes (0.1 Hz) in one second and turns off next second for 120 seconds.
WPS light is off.
Cisco CVR100W Wireless-N VPN Router Administration Guide 84

Configuring Firewall

This chapter describes how to configure the firewall settings. It includes the following sections:
CVR100W Firewall Features
Configuring Basic Firewall Settings
Managing Firewall Schedules
Configuring Service Management
Configuring Access Control
Configuring Single Port Forwarding
5
Configuring Port Range Forwarding
Configuring Port Range Triggering

CVR100W Firewall Features

Access Rules

You can secure your network by creating and applying rules that the CVR100W uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following:
Services or traffic types (examples: web browsing, VoIP, other standard
services and also custom services that you define) that the CVR100W should allow or block.
Direction for the traffic by specifying the source and destination of traffic.
Schedules as to when the CVR100W should apply rules.
Cisco CVR100W Wireless-N VPN Router Administration Guide 85
Configuring Firewall
CVR100W Firewall Features
5
Keywords (in a domain name or on a URL of a webpage) that the CVR100W
should allow or block.
MAC addresses of devices whose inbound access to your network that the
CVR100W should block.
Port triggers that signal the CVR100W to allow or block access to specified
services as defined by port number.
You can, for example, establish restricted-access policies based on time-of-day, web addresses, and web address keywords. You can block Internet access by applications and services on the LAN, such as chat rooms or games. You can block just certain groups of PCs on your network from being accessed by the WAN.
Inbound (WAN to LAN) rules restrict access to traffic entering your network, selectively allowing only specific outside users to access specific local resources. By default, all access from the insecure WAN side is blocked from accessing the secure LAN, except in response to requests from the LAN. To allow outside devices to access services on the secure LAN, you must create a firewall rule for each service.
If you want to allow incoming traffic, you must make the CVR100W's WAN port IP address known to the public. This is called “exposing your host.” How you make your address known depends on how the WAN ports are configured; for the CVR100W, you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can be used.
Outbound (LAN to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources. The default outbound rule is to allow access from the secure zone (LAN) to insecure WAN. To block hosts on the secure LAN from accessing services on the outside (insecure WAN), you must create a firewall rule for each service.
Cisco CVR100W Wireless-N VPN Router Administration Guide 86
Configuring Firewall
!

Configuring Basic Firewall Settings

Port Forwarding

Port forwarding is used to redirect traffic from the Internet from one port on the WAN to another port on the LAN. Common services are available or you can define a custom service and associated ports to forward.
CAUTION Port forwarding is not appropriate for servers on the LAN, since there is a
dependency on the LAN device making an outgoing connection before incoming ports are opened.
Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The CVR100W must send all incoming data for that application only on the required port or range of ports.
5
The CVR100W has a list of common applications and games with corresponding outbound and inbound ports to open. You can also specify a port forwarding rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when enabled.
Configuring Basic Firewall Settings
To configure basic firewall settings:
STEP 1 Choose Firewall > Basic Settings.
STEP 2 Configure the following firewall settings:
DoS Protection Check Enable to enable Denial of Service (DoS)
protection.
Block WAN Request Check Enable to block ping requests to the CVR100W
from the WAN.
IPv4 Multicast Passthrough
IPv4 Multicast Immediate Leave
Cisco CVR100W Wireless-N VPN Router Administration Guide 87
Check Enable to enable multicast passthrough for IPv4.
Check Enable to enable IGMP proxy immediate leave.
Configuring Firewall
Configuring Basic Firewall Settings
5
IPv4 Multicast Snooping
UPnP Check Enable to enable Universal Plug and Play
Allow Users to Configure
Allow Users to Disable Internet Access
Block Java Check to block Java applets.
Check Enable to enable IGMP Snooping.
(UPnP).
(UPnP) Check to allow UPnP port-mapping rules to be set by users who have UPnP support enabled on their computers or other UPnP enabled devices. If disabled, the CVR100W does not allow application to add the forwarding rule.
(UPnP) Check to allow users to disable Internet access.
Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can be used to compromise or infect computers.
Enabling this setting blocks Java applets from being downloaded. Click Auto to automatically block Java, or click Manual Port and enter a specific port on which to block Java.
Block Cookies Check to block cookies.
Cookies are used to store session information by websites that usually require login. However, several websites use cookies to store tracking information and browsing habits.
Enabling this option filters out cookies from being created by a website. Click Auto to automatically block cookies, or click Manual Port and enter a specific port on which to block cookies.
NOTE Many websites require that cookies be accepted in
order for the site to be accessed properly. Blocking cookies can cause many websites to not function properly.
Cisco CVR100W Wireless-N VPN Router Administration Guide 88
Configuring Firewall

Managing Firewall Schedules

5
Block ActiveX Check to block ActiveX content. Similar to Java
applets, ActiveX controls are installed on a Windows computer while running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers.
Enabling this setting blocks ActiveX applets from being downloaded. Click Auto to automatically block ActiveX, or click Manual Port and enter a specific port on which to block ActiveX.
Block Proxy Check to block proxy servers. A proxy server (or
proxy) allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules.
For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective.
STEP 3 Click Save.
Managing Firewall Schedules
You can create firewall schedules to apply firewall rules on specific days or at specific times of the day.
To create a schedule:
STEP 1 Choose Firewall > Schedule Management.
STEP 2 Click Add Row.
Enabling this feature blocks proxy servers. Click Auto to automatically block proxy servers, or click Manual Port and enter a specific port on which to block proxy servers.
STEP 3 In the Schedule Name field, enter a unique name to identify the schedule.
Cisco CVR100W Wireless-N VPN Router Administration Guide 89
Configuring Firewall

Configuring Service Management

STEP 4 Under Scheduled Days, select whether you want the schedule to apply to all days
or specific days. If you choose Specific Days, check the boxes next to the days you want to include in the schedule.
STEP 5 Under Scheduled Time of Day, select the time of day that you want the schedule
to apply. You can choose either All Times or Specific Times. If you choose
Specific Times, enter the start and end times.
STEP 6 Click Save.
STEP 7 Click Back to go back to the Schedule Management page.
STEP 8 To edit an entry, select the entry and click Edit. Make your changes, then click
Save.
5
Configuring Service Management
When you create a firewall rule, you can specify a service that is controlled by the rule. Common types of services are available for selection, and you can create your own custom services.
The Service Management page allows you to create custom services against which firewall rules can be defined. Once defined, the new service appears in the list of Services Ta bl e .
To create a custom service:
STEP 1 Choose Firewall > Service Management.
STEP 2 Click Add Row.
STEP 3 In the Service Name field, enter the service name for identification and
management purposes.
STEP 4 In the Protocol field, choose the Layer 4 protocol that the service uses from the
drop-down menu:
TCP
UDP
TCP & UDP
ICMP
Cisco CVR100W Wireless-N VPN Router Administration Guide 90
Configuring Firewall

Configuring Access Control

STEP 5 In the Start Port field, enter the first TCP or UDP port of the range that the service
uses.
STEP 6 In the End Port field, enter the last TCP or UDP port of the range that the service
uses.
STEP 7 Click Save.
STEP 8 To edit an entry, select the entry and click Edit. Make your changes, then click
Save.
Configuring Access Control
5

Default Access Control Policy

You can configure the default access control policy for the traffic that is directed from the secure network (LAN) to the non-secure network (dedicated WAN/ optional).
To configure the default access control policy:
STEP 1 Choose Firewall > Access Control > Default Access Control Policy.
STEP 2 Choose Allow or Deny.
STEP 3 Click Save.

Configuring Access Rules

All configured access rules on the CVR100W are displayed in the Access Rules Ta bl e .
To create an access rule:
STEP 1 Choose Firewall > Access Control > Access Rules.
STEP 2 Click Add Row.
STEP 3 In the Connection Type field, choose the source of originating traffic:
Cisco CVR100W Wireless-N VPN Router Administration Guide 91
Configuring Firewall
Configuring Access Control
STEP 4 From the Action drop-down menu, choose the action:
STEP 5 From the Schedule drop-down menu, choose the schedule to apply this rule.
5
Outbound (LAN > WAN): Choose this option to create an outbound rule.
Inbound (WAN > LAN): Choose this option to create an inbound rule.
Always block: Always block the selected type of traffic.
Always allow: Never block the selected type of traffic.
Block by schedule: Blocks the selected type of traffic according to a
schedule.
Allow by schedule: Allows the selected type of traffic according to a
schedule.
(Optional) Click Configure Schedules to go to the Schedule Management page to configure the services before applying access rules to them.
STEP 6 From the Services drop-down menu, choose the service to allow or block for this
rule. Choose All Traffic to allow the rule to apply to all applications and services, or choose a single application to block.
Domain Name System (DNS)
File Transfer Protocol (FTP)
Hypertext Transfer Protocol (HTTP)
HTTP Secondary
Secure Hypertext Transfer Protocol (HTTPS)
HTTPS Secondary
Trivial File Transfer Protocol (TFTP)
Internet Message Access Protocol (IMAP)
Network News Transport Protocol (NNTP)
Post Office Protocol (POP3)
Simple Network Management Protocol (SNMP)
Simple Mail Transfer Protocol (SMTP)
Te l n e t
Te l ne t S e c o n d a r y
Cisco CVR100W Wireless-N VPN Router Administration Guide 92
Configuring Firewall
Configuring Access Control
STEP 7 In the Source IP field, select the users to which the access rule applies:
STEP 8 In the Destination IP field, select the users to which the access rule applies:
5
Telnet SSL
Voice (SIP)
(Optional) Click Configure Services to go to the Service Management page to configure the services before applying access rules to them.
Any: The rule applies to traffic originating on any host in the local network.
Single Address: The rule applies to traffic originating on a single IP address
in the local network. Enter the address in the Start IP field.
Address Range: The rule applies to traffic originating from an IP address
located in a range of addresses. Enter the starting IP address in the Start IP field, and the ending IP address in the Finish field.
Any: The rule applies to traffic originating on any host in the local network.
Single Address: The rule applies to traffic originating on a single IP address
in the local network. Enter the address in the Start IP field.
Address Range: The rule applies to traffic originating from an IP address
located in a range of addresses. Enter the starting IP address in the Start IP field, and the ending IP address in the Finish field.
STEP 9 In the Log field, specify whether the packets for this rule should be logged.
To log details for all packets that match this rule, choose Always from the drop­down menu. For example, if an outbound rule for a schedule is selected as Always block, for every packet that tries to make an outbound connection for that service, a message with the packet's source address and destination address (and other information) is recorded in the log.
Enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only.
Choose Never to disable logging.
STEP 10 In the QoS Priority field, assign a priority to IP packets of this service.
The priorities are defined by QoS Level: (1 (lowest), 2, 3, 4 (highest)).
STEP 11 In the Rule Status field, check to enable the new access rule.
STEP 12 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 93
Configuring Firewall
Configuring Access Control
STEP 13 Click Back to go back to the Access Rules page.
STEP 1 Choose Firewall > Access Control > Internet Access Rules.
5

Configuring Internet Access Rules

The CVR100W supports several options for blocking Internet access. You can block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block access to Internet sites by specifying keywords to block. If these keywords are found in the site's name (for example, web site URL or newsgroup name), the site is blocked.
To create a Internet access rule:
STEP 2 Click Add Row.
STEP 3 In the Rule Status field, check Enable to enable the Internet access rule.
STEP 4 In the Enter Policy Name filed, enter a policy name for identification and
management purposes.
STEP 5 From the Action drop-down menu, choose the type of access restriction that you
need:
Block All: Block all Internet traffic.
Block URL: Block Internet traffic to specified Internet sites.
Block All by Schedule: Blocks all types of traffic according to a schedule.
Block URL by Schedule: Blocks the specified Internet sites according to a
schedule.
STEP 6 If you choose Block All by Schedule or Block URL by Schedule, choose a
schedule from the Schedule drop-down menu.
(Optional) Click Configure Schedules to go to the Schedule Management page to configure the services before applying the Internet access rules to them.
STEP 7 Apply the Internet access rule to specific PCs. Address filtering allows you to
block traffic coming from specific devices.
Cisco CVR100W Wireless-N VPN Router Administration Guide 94
Configuring Firewall

Configuring Single Port Forwarding

In the Apply Access Policy to the Following PCs table, click Add Row.
From the Type drop-down menu, choose how to identify the PC (by MAC address, by IP address, or by providing a range of IP addresses).
In the Value field, depending on what you chose in the previous step, enter one of the following:
MAC address (xx:xx:xx:xx:xx:xx) of the PC to which the Internet access rule
The IP address of the PC to which the Internet access rule applies.
The starting and ending IP addresses to block (for example, 192.168.1.2 to
STEP 8 In the Website Blocking table, click Add Row.
From the Type drop-down menu, choose how to block a website (by specifying the URL or by specifying a keyword that appears in the URL).
5
applies.
192.168.1.30).
In the Value field, enter the URL or keyword used to block the website.
For example, to block the example.com URL, choose URL Address from the drop­down menu and enter example.com in the Value field. To block a URL that has the keyword “example” in the URL, choose Keyword from the drop-down menu and enter example in the Value field.
STEP 9 Click Save.
STEP 10 Click Back to go back to the Internet Access Rules page.
Configuring Single Port Forwarding
To add a single port forwarding rule:
STEP 1 Choose Firewall > Single Port Forwarding. A pre-existing list of applications is
displayed.
STEP 2 In the Service Name field, enter the name of the service to configure port
forwarding for.
STEP 3 In the External Port field, enter the port number that triggers this rule when a
connection request from outgoing traffic is made.
Cisco CVR100W Wireless-N VPN Router Administration Guide 95
Configuring Firewall

Configuring Port Range Forwarding

STEP 4 In the Internal Port field, enter the port number used by the remote system to
respond to the request it receives.
STEP 5 From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP &
UDP).
STEP 6 In the IP Address field, enter the IP address.
STEP 7 In the Enable field, check the box to enable the rule.
STEP 8 Click Save.
Configuring Port Range Forwarding
5
To add a port range forwarding rule:
STEP 1 Choose Firewall > Port Range Forwarding.
STEP 2 In the Service Name field, enter the name of the service to configure port
forwarding.
STEP 3 In the Start Port field, specify the port number that begins the range of ports to
forward.
STEP 4 In the End Port field, specify the port number that ends the range of ports to
forward.
STEP 5 From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP &
UDP).
STEP 6 In the IP Address field, enter the IP address.
STEP 7 In the Enable field, check the box to enable the rule.
STEP 8 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 96
Configuring Firewall

Configuring Port Range Triggering

Configuring Port Range Triggering
Port triggering allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/ DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic.
Port triggering is a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming ports. Port triggering opens an incoming port for a specific type of traffic on a defined outgoing port. Port triggering is more flexible than static port forwarding (available when configuring firewall rules) because a rule does not have to reference a specific LAN IP or IP range. Ports are also not left open when not in use, thereby providing a level of security that port forwarding does not offer.
To add a port triggering rule:
5
STEP 1 Choose Firewall > Port Range Triggering.
STEP 2 In the Service Name field, enter the name of the service to configure port
triggering for.
STEP 3 In the Triggered Range fields, enter the port number or range of port numbers that
will trigger this rule when a connection request from outgoing traffic is made. If the outgoing connection uses only one port, enter the same port number in both fields.
STEP 4 In the Forwarded Range fields, enter the port number or range of port numbers
used by the remote system to respond to the request it receives. If the incoming connection uses only one port, then specify the same port number in both fields.
STEP 5 In the Enable field, check the box to enable the rule.
STEP 6 Click Save.
Cisco CVR100W Wireless-N VPN Router Administration Guide 97

Configuring VPN

This chapter describes how to configure Virtual Private Networks (VPNs) that allow remote workers to access your network resources. It includes the following sections:
VPN Tunnel Types
Configuring VPN Clients
Configuring Basic VPN Setup
Configuring Advanced VPN Setup
Managing Certificates
Configuring VPN Passthrough
6

VPN Tunnel Types

A VPN provides a secure communication channel (tunnel) between two gateway routers or a remote worker and a gateway router. You can create different types of VPN tunnels, depending on the needs of your business.

Remote Access with Cisco QuickVPN

For quick setup with basic VPN security settings, distribute the Cisco QuickVPN software to your users, who can then securely access your network resources. Use this option if you want to simplify the VPN setup process. You do not have to configure VPN policies. Remote users can connect securely with the Cisco QuickVPN client and an Internet connection.
1. Add the users in the VPN > VPN Clients page. See Configuring VPN Clients.
2. Instruct users to obtain the free Cisco QuickVPN software from Cisco.com, and install it on their computers. For more information, see Using Cisco QuickVPN.
Cisco CVR100W Wireless-N VPN Router Administration Guide 98
Loading...