Cisco Small Business
RV110W Wireless-N VPN Firewall
ADMINISTRATION
GUIDE
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks,
go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
Revised March 2012
© 2011-2012 Cisco Systems, Inc. All rights reserved 78-20157-03 (formerly OL-21745-01)
Contents
Chapter 1: Introduction 8
Product Overview 8
Getting to Know the Cisco RV110W 10
Front Panel 10
Back Panel 12
Installing the Cisco RV110W 13
Placement Tips 13
Connecting the Equipment 13
Using the Setup Wizard 15
Using the Getting Started Page 16
Navigating through the Pages 18
Saving Changes 19
Viewing the Help Files 19
Configuration Next Steps 20
Verifying the Hardware Installation 20
Connecting to Your Wireless Network 21
Chapter 2: Configuring Networking 22
Configuring the WAN Settings 22
Configuring Automatic Configuration (DHCP) 22
Configuring Static IP 23
Configuring PPPoE 23
Configuring PPTP 25
Configuring L2TP 26
Configuring Optional Settings 28
Configuring the LAN Settings 29
Changing the Default Cisco RV110W IP Address 30
Configuring DHCP 31
Configuring VLANs 32
Configuring Static DHCP 34
Viewing DHCP Leased Clients 35
Cisco RV110W Administration Guide 3
Configuring a DMZ Host 35
Configuring RSTP 36
Port Management 37
Contents
Cloning the MAC Address 39
Configuring Routing 40
Configuring the Operating Mode 40
Configuring Dynamic Routing 40
Configuring Static Routing 41
Configuring Inter-VLAN Routing 42
Viewing the Routing Table 43
Configuring Dynamic DNS 43
Configuring the IP Mode 44
Configuring IPv6 45
Configuring the WAN for an IPv6 Network 45
Configuring IPv6 LAN Settings 49
Configuring IPv6 Static Routing 52
Configuring Routing (RIPng) 54
Configuring Tunneling 54
Viewing IPv6 Tunnel Status 55
Configuring Router Advertisement 56
Configuring Advertisement Prefixes 57
Chapter 3: Configuring the Wireless Network 60
Wireless Security 60
Wireless Security Tips 60
General Network Security Guidelines 62
Cisco RV110W Wireless Networks 62
Configuring Basic Wireless Settings 63
Editing the Wireless Network Settings 65
Configuring the Security Mode 66
Configuring MAC Filtering 69
Cisco RV110W Administration Guide 4
Configuring Time of Day Access 70
Configuring the Wireless Guest Network 71
Contents
Configuring Advanced Wireless Settings 73
Configuring WDS 76
Configuring WPS 77
Chapter 4: Configuring the Firewall 79
Cisco RV110W Firewall Features 79
Configuring Basic Firewall Settings 81
Configuring Remote Management 83
Configuring Universal Plug and Play 84
Managing Firewall Schedules 85
Adding or Editing a Firewall Schedule 85
Configuring Services Management 85
Configuring Access Rules 86
Adding Access Rules 87
Creating an Internet Access Policy 90
Adding or Editing an Internet Access Policy 90
Configuring Port Forwarding 91
Configuring Single Port Forwarding 92
Configuring Port Range Forwarding 93
Configuring Port Range Triggering 93
Chapter 5: Configuring VPN 95
VPN Tunnel Types 95
VPN Clients 96
Configuring PPTP 96
Configuring NetBIOS Over VPN 97
Creating and Managing PPTP Users 97
Creating and Managing QuickVPN Users 98
Importing VPN Client Settings 99
Cisco RV110W Administration Guide 5
Contents
Configuring Basic VPN Settings (Site-to-Site VPN) 100
Viewing Default Values 101
Configuring Advanced VPN Parameters 102
Managing IKE Policies 102
Managing VPN Policies 103
Configuring Certificate Management 108
Configuring VPN Passthrough 109
Chapter 6: Configuring Quality of Service (QoS) 111
Configuring Bandwidth Management 111
Configuring Bandwidth 111
Configuring Bandwidth Priority 112
Configuring QoS Port-Based Settings 113
Configuring CoS Settings 114
Configuring DSCP Settings 114
Chapter 7: Administering Your Cisco RV110W 116
Setting Password Complexity 117
Configuring User Accounts 118
Setting the Session Timeout Value 119
Configuring Simple Network Management (SNMP) 119
Configuring SNMP System Information 119
Editing SNMPv3 Users 120
Configuring the SNMP Traps 121
Using Diagnostic Tools 122
Network Tools 122
Configuring Port Mirroring 124
Configuring Logging 124
Configuring Logging Settings 124
Configuring the E-Mailing of Logs 126
Configuring Bonjour 128
Cisco RV110W Administration Guide 6
Contents
Configuring Date and Time Settings 128
Backing Up and Restoring the System 129
Backing Up the Configuration Settings 130
Restoring the Configuration Settings 131
Copying the Configuration Settings 131
Generating an Encryption Key 132
Upgrading Firmware or Change the Language 132
Restarting the Cisco RV110W 134
Restoring the Factory Defaults 134
Running the Setup Wizard 134
Chapter 8: Viewing the Cisco RV110W Status 136
Viewing the Dashboard 137
Viewing the System Summary 139
Viewing the Wireless Statistics 141
Viewing the VPN Status 142
Viewing the IPSec Connection Status 143
Viewing Logs 144
Viewing Connected Devices 145
Viewing Port Statistics 146
Viewing the GuestNet Status 147
Appendix A: Using Cisco QuickVPN 148
Overview 148
Before You Begin 148
Installing the Cisco QuickVPN Software 149
Installing from the CD-ROM 149
Downloading and Installing from the Internet 151
Using the Cisco QuickVPN Software 151
Appendix B: Where to Go From Here 154
Cisco RV110W Administration Guide 7
Introduction
This chapter provides information to familiarize you with the product features,
guide you through the installation process, and get started using the
browser-based Device Manager.
1
• Product Overview
• Getting to Know the Cisco RV110W
• Installing the Cisco RV110W
• Connecting the Equipment
• Using the Setup Wizard
• Verifying the Hardware Installation
• Connecting to Your Wireless Network
Product Overview
Thank you for choosing the Cisco Small Business RV110W Wireless-N VPN
Firewall.
The Cisco RV110W is an advanced Internet-sharing network solution for your
small business needs. It allows multiple computers in your office to share an
Internet connection through both wired and wireless connections.
The Cisco RV110W provides a Wireless-N access point, combined with support
for Virtual Private Network (VPN) clients to make remote access to your network
more secure.
The router 10/100 Fast Ethernet WAN interface connects directly to your
broadband DSL or Cable modem.
Cisco RV110W Administration Guide 8
Introduction
Product Overview
1
LAN Ethernet Interfaces
The Cisco RV110W provides four full-duplex 10/100 Fast Ethernet LAN interfaces
that can connect up to four devices. You can connect a Cisco Small Business
switch to one of the available ports to expand your network as needed.
Wireless Access Point
The Cisco RV110W wireless access point supports the 802.11n standard with
MIMO technology, which multiplies the effective data rate. This technology results
in better throughput and coverage than that provided by 802.11g networks.
Firewall and VPN Client Access
The Cisco RV110W incorporates a Stateful Packet Inspection (SPI)-based firewall
with Denial of Service (DoS) prevention and a Virtual Private Network (VPN)
engine for secure communication between mobile or remote workers and branch
offices.
The Cisco RV110W supports up to five client-to-gateway VPN tunnels to facilitate
branch office connectivity through encrypted virtual links. Users connecting
through a VPN tunnel are attached to your company network with secure access
to files, e-mail, and your intranet as if they were in the building.
Security
The Cisco RV110W implements WPA Personal, WPA Enterprise, WPA2 personal,
WPA2 Enterprise, and WEP Security, along with other security features including
the disabling of SSID broadcasts, MAC- based filtering, and allowing or denying
“time of day” access per SSID.
Quality of Service
The Cisco RV110W supports Wi-Fi Multimedia (WMM) and Wi-Fi Multimedia
Power Save (WMM-PS) for Quality of Service (QoS).
The Cisco RV110W also supports 802.1p, Differentiated Services Code Point
(DSCP), and Type of Service (ToS) for wired QoS, which can improve the quality of
your network when using delay-sensitive Voice over IP (VoIP) applications and
bandwidth-intensive video streaming applications.
Wireless Distribution System
The Cisco RV110W wireless access point supports Wireless Distribution System
(WDS), which allows the wireless coverage to be expanded without wires.
Cisco RV110W Administration Guide 9
Introduction
Getting to Know the Cisco RV110W
Virtual Networks
The Cisco RV110W also supports multiple Service Set Identifiers (SSIDs) for the
use of virtual networks (up to four separate virtual networks), with 802.1Q-based
VLAN support for traffic separation.
Configuration and Administration
With the Cisco RV110W embedded web server, you can configure the
Cisco RV110W settings using the browser-based Device Manager. The
Cisco RV110W supports Internet Explorer, Firefox, and Safari web browsers.
The Cisco RV110W also provides a Setup Wizard that allows you to easily and
quickly configure the Cisco RV110W basic settings.
Getting to Know the Cisco RV110W
1
Front Panel
Power The Power light is green to indicate the unit is powered
WPS The Wi-Fi Protected Setup (WPS) button is used to
on. The light flashes green when the power is coming
on.
configure wireless access for devices in your network
that are WPS-enabled. See Configuring WPS, page 77
for more information.
Cisco RV110W Administration Guide 10
Introduction
Getting to Know the Cisco RV110W
1
Power The Power light is green to indicate the unit is powered
on. The light flashes green when the power is coming
on.
WAN The WAN (Internet) light is green when the
Cisco RV110W is connected to the Internet through
your cable or DSL modem. The light is off when the
Cisco RV110W is not connected to the Internet. The
light flashes green when it is sending or receiving data
Wireless The Wireless light is green when the wireless module is
enabled. The light is off when the wireless module is
disabled. The light flashes green when the firewall is
transmitting or receiving data on the wireless module.
LAN Ports The numbered lights correspond to the LAN ports on
the Cisco RV110W.
If the lights are continuously green, the Cisco RV110W
is connected to a device through the corresponding
port (1, 2, 3, or 4). The light for a port flashes green when
the firewall is actively sending or receiving data over
that port.
Cisco RV110W Administration Guide 11
Introduction
Getting to Know the Cisco RV110W
Back Panel
RESET If the Cisco RV110W has problems connecting to
1
the Internet, press the RESET button for at least 3
but no more than 10 seconds with a paper clip or
similar object. This is similar to pressing the reset
button on your PC to reboot it.
If you are experiencing extreme problems with the
Cisco RV110W and have tried all other
troubleshooting measures, press and hold in the
RESET button for more than 10 seconds. This
reboots the unit and restores the factory defaults.
Changes you have previously made to the
Cisco RV110W settings are lost.
LAN (1–4) LAN connections to network devices, such as PCs,
print servers, or switches.
WAN The WAN (Internet) port is connected to your
Internet device, such as a cable or DSL modem.
POWER Press to turn the Cisco RV110W on or off.
12VDC Connect the provided 12V AC power adapter to
the 12VDC port.
Cisco RV110W Administration Guide 12
Introduction
Installing the Cisco RV110W
Installing the Cisco RV110W
Placement Tips
• Ambient Temperature—To prevent the firewall from overheating, do not
operate it in an area that exceeds an ambient temperature of 104°F (40°C).
• Air Flow—Be sure that there is adequate air flow around the firewall.
• Mechanical Loading—Be sure that the firewall is level and stable to avoid
any hazardous conditions.
Place the Cisco RV110W horizontally on a flat surface so that it sits on its rubber
feet .
1
Connecting the Equipment
You must connect a PC with an Ethernet cable for the purpose of the initial
configuration. After you complete the initial configuration, administrative tasks can
be performed by using a wireless connection.
STEP 1 Power off all equipment, including the cable or DSL modem, the PC, and the
Cisco RV110W.
STEP 2 You should already have an Ethernet cable connecting your PC to your current
cable or DSL modem. Unplug one end of the cable from your PC and plug it into
the port marked “WAN” on the unit.
Cisco RV110W Administration Guide 13
Introduction
!
Connecting the Equipment
STEP 3 Connect one end of a different Ethernet cable to one of the LAN (Ethernet) ports on
1
the back of the unit. (In this example, the LAN 1 port is used.) Connect the other
end to an Ethernet port on the PC that you will use to run the web-based Setup
Wizard and Device Manager.
STEP 4 Power on the cable or DSL modem and wait until the connection is active.
STEP 5 Connect the power adapter to the Cisco RV110W power port (12VDC).
CAUTION Use only the power adapter that is supplied with the unit. Using a different power
adapter could damage the unit.
Cisco RV110W Administration Guide 14
Introduction
Using the Setup Wizard
STEP 6 Plug the other end of the adapter into an electrical outlet. You may need to attach a
STEP 7 On the Cisco RV110W, push the POWER button in to turn on the firewall.
1
specific plug (supplied) for your country.
The power light on the front panel is green when the power adapter is connected
properly and the unit is turned on.
Using the Setup Wizard
The Setup Wizard and Device Manager are supported on Microsoft Internet
Explorer 6.0 or later, Mozilla Firefox 3.0 or later, and Apple Safari 3.0 or later.
To u s e t h e S e t u p W i z a r d:
STEP 1 Start the computer that you connected to the LAN1 port in Step 2 of the
Connecting the Equipment section.
Your computer becomes a DHCP client of the Cisco RV110W and receives an IP
address in the 192.168.1.xxx range.
STEP 2 Launch a web browser and enter 192.168.1.1 in the Address bar. This is the
default IP address of the Cisco RV110W.
A message appears about the site security certificate. The Cisco RV110W uses a
self-signed security certificate and this message appears because the
Cisco RV110W is not known to your computer.
STEP 3 Click Continue to this website (or the option shown on your particular web
browser) to go to the web site.
STEP 4 When the login page appears, enter the user name and password.
Cisco RV110W Administration Guide 15
Introduction
Using the Getting Started Page
The default user name is cisco. The default password is cisco. Passwords are
case sensitive.
STEP 5 Click Log In. The Setup Wizard starts.
STEP 6 Follow the on-screen instructions to set up the Cisco RV110W.
The Setup Wizard tries to automatically detect and configure your connection. If it
cannot, the Setup Wizard may ask you for information about your Internet
connection. You may need to contact your ISP to obtain this information.
NOTE: When using the Setup Wizard, you can only set up one wireless network, or
SSID. The Cisco RV110W supports up to four wireless networks. If you want to
configure additional wireless networks, use the web-based Device Manager. See
Configuring the Wireless Network.
After the Setup Wizard is done configuring the Cisco RV110W, you are required to
change the default password. We recommend that you use password complexity;
see Setting Password Complexity.
1
After changing the default password, the Getting Started page appears. See
Using the Getting Started Page for more information.
Using the Getting Started Page
The Getting Started page displays the most common Cisco RV110W
configuration tasks. Use the links on this page to jump to the relevant configuration
page.
By default, this page appears when you start the Device Manager. However, you
can change this behavior by checking Don’t show on start up at the bottom of the
page.
Cisco RV110W Administration Guide 16
Introduction
Using the Getting Started Page
Initial Settings
1
Change Default
Administrator Password
Launch Setup Wizard Click to launch the Setup Wizard.
Configure WAN Settings Click to open the Internet Setup page. See
Configure LAN Settings Click this link to open the LAN Configuration page.
Configure Wireless
Settings
Quick Access
Upgrade Router
Firmware
Click to open the Users page where you can
change the administrator password. See
Configuring User Accounts.
Configuring the WAN Settings.
See Configuring the LAN Settings.
Click to open the Basic Settings page. See
Configuring Basic Wireless Settings.
Click to open the Firmware/Language Upgrade
page. See Upgrading Firmware or Change the
Language.
Add VPN Clients Click to open the VPN Clients page. See VPN
Clients.
Configure Remote
Management Access
Device Status
System Summary Click to open the System Summary page. See
Wireless Status Click to open the Wireless Statistics page. See
VPN Status Click to open the VPN Status page. See Viewing
Click to open the Basic Settings page. See
Configuring Basic Firewall Settings.
Viewing the System Summary.
Viewing the Wireless Statistics.
the VPN Status.
Cisco RV110W Administration Guide 17
Introduction
Using the Getting Started Page
Other Resources
Navigating through the Pages
Use the navigation tree in the left pane to open the configuration pages.
Click a menu item on the left panel to expand it. Under it, click a menu name to
perform an action or display a sub-menu.
1
Support Click to open the Cisco support page.
Forums Click to visit Cisco online support forums.
Cisco RV110W Administration Guide 18
Introduction
Using the Getting Started Page
Saving Changes
When you finish making changes on a configuration page, click Save to save the
changes, or click Cancel to undo your changes.
1
Viewing the Help Files
To view more information about a configuration page, click the Help link near the
top right corner of the page.
Cisco RV110W Administration Guide 19
Introduction
Verifying the Hardware Installation
Configuration Next Steps
Although the Setup Wizard automatically configures the Cisco RV110W, we
recommend that you change some default settings to provide better security and
performance.
In addition, you may need to manually configure some settings. A suggested
outline of steps follows:
1. Change the idle timeout value—By default, The Device Manager logs you out
2. (Optional) If you already have a DHCP server on your network, and you do not
3. Configure your wireless network, especially wireless security. See Chapter 3,
1
after 10 minutes of inactivity. This can be frustrating if you are trying to configure
your device. See Setting the Session Timeout Value.
want the Cisco RV110W to act as a DHCP server, see Configuring the LAN
Settings.
“Configuring the Wireless Network.”
4. Configure your Virtual Private Network (VPN) using QuickVPN. The QuickVPN
software is found on the documentation and software CD that shipped with your
firewall. See Appendix A, “Using Cisco QuickVPN.”
Verifying the Hardware Installation
To verify the hardware installation, complete the following tasks:
• Check the LED states. They are described in Getting to Know the
Cisco RV110W.
• Connect a computer to an available LAN port and verify that you can
connect to a website on the Internet, such as www.cisco.com.
• Configure a device to connect to your wireless network and verify the
wireless network is functional. See Connecting to Your Wireless Network.
Cisco RV110W Administration Guide 20
Introduction
Connecting to Your Wireless Network
Connecting to Your Wireless Network
To connect a device (such as a computer) to your wireless network, configure the
wireless connection on the device with the wireless security information you
configured for the Cisco RV110W by using the Setup Wizard.
The following steps are provided as an example; you may need to configure your
device differently. For instructions that are specific to your device, consult its
documentation.
STEP 1 Open the wireless connection settings window or program for your device.
Your computer may have special software installed to manage wireless
connections, or you may find wireless connections under the Control Panel in the
Network Connections or Network and Internet window. (The location depends
on your operating system.)
1
STEP 2 Enter the network name (SSID) you chose for your network in the Setup Wizard.
STEP 3 Choose the type of encryption and enter the security key that you specified in the
Setup Wizard.
If you did not enable security (not recommended), leave the wireless encryption
fields that were configured with the security type and passphrase blank.
STEP 4 Verify your wireless connection and save your settings.
Cisco RV110W Administration Guide 21
Configuring Networking
This chapter describes how to configure the Cisco RV110W network settings.
• Configuring the WAN Settings
• Configuring the LAN Settings
• Cloning the MAC Address
• Configuring Routing
2
• Port Management
• Configuring Dynamic DNS
• Configuring the IP Mode
• Configuring IPv6
Configuring the WAN Settings
Configuring WAN properties for an IPv4 network differs depending on which type
of Internet connection you have.
Configuring Automatic Configuration (DHCP)
If your Internet Service Provider (ISP) uses the Dynamic Host Control Protocol
(DHCP) to assign you an IP address, you receive a dynamic IP address that is
newly generated each time you log in.
To configure DHCP WAN settings:
STEP 1 Choose Networking > WAN.
STEP 2 From the Internet Connection Type drop-down menu, choose Automatic
Configuration - DHCP.
Cisco RV110W Administration Guide 22
Configuring Networking
Configuring the WAN Settings
STEP 3 (Optional) To configure the optional settings, see Configuring Optional Settings.
STEP 4 Click Save.
STEP 1 Choose Networking > WAN.
STEP 2 From the Internet Connection Type drop-down menu, choose Static IP.
STEP 3 Enter this information:
2
Configuring Static IP
If your ISP assigned you a permanent IP address, perform the following steps to
configure your WAN settings:
Internet IP Address Enter the IP address of the WAN port.
Subnet mask Enter subnet mask of the WAN port.
Default Gateway Enter the IP address of the default gateway.
Static DNS 1 Enter the IP address of the primary DNS server.
Static DNS 2 Enter the IP address of the secondary DNS server.
STEP 4 (Optional) To configure the optional settings, see Configuring Optional Settings.
STEP 5 Click Save.
Configuring PPPoE
To configure the PPPoE settings:
STEP 1 Choose Networking > WAN.
STEP 2 From the Internet Connection Type drop-down menu, choose PPPoE.
STEP 3 Enter the following information (you may need to contact your ISP to obtain your
PPPoE login information):
Cisco RV110W Administration Guide 23
Configuring Networking
Configuring the WAN Settings
2
Username Enter your username assigned to you by the ISP.
Password Enter your password assigned to you by the ISP.
Connect on Demand Select this option if your ISP charges based on the
amount of time that you are connected. When you
select this option, the Internet connection is on only
when traffic is present. If the connection is idle—
that is, no traffic is flowing—the connection is
closed. If you click Connect on Demand, enter the
number of minutes after which the connection
shuts off in the Max Idle Time field.
Keep alive When you select this option, the Internet
connection is always on. In the redial period field,
enter the number of seconds after which the
Cisco RV110W attempts to reconnect if it is
disconnected.
Authentication Type Choose the authentication type:
Auto-negotiation—The server sends a
configuration request specifying the security
algorithm set on it. Then, the Cisco RV110W sends
back authentication credentials with the security
type sent earlier by the server.
PAP—The Cisco RV110W uses the Password
Authentication Protocol (PAP) to connect to the ISP.
CHAP—The Cisco RV110W uses the Challenge
Handshake Authentication Protocol (CHAP) when
connecting with the ISP.
MS-CHAP or MS-CHAPv2—The Cisco RV110W
uses Microsoft Challenge Handshake
Authentication Protocol when connecting with the
ISP.
STEP 4 (Optional) To configure the optional settings, see Configuring Optional Settings.
STEP 5 Click Save.
Cisco RV110W Administration Guide 24
Configuring Networking
Configuring the WAN Settings
STEP 1 Choose Networking > WAN.
STEP 2 From the Internet Connection Type drop-down menu, choose PPTP.
STEP 3 Enter this information:
2
Configuring PPTP
To configure the PPTP settings:
Internet IP Address Enter the IP address of the WAN port.
Subnet mask Enter subnet mask of the WAN port.
Default Gateway Enter the IP address of the default gateway.
PPTP Server Enter the IP address of the PPTP server.
Username Enter your username assigned to you by the ISP.
Password Enter your password assigned to you by the ISP.
Connect on Demand Select this option if your ISP charges based on the
amount of time that you are connected. When you
select this option, the Internet connection is on only
when traffic is present. If the connection is idle—
that is, no traffic is flowing—the connection is
closed. If you click Connect on Demand, enter the
number of minutes after which the connection
shuts off in the Max Idle Time field.
Cisco RV110W Administration Guide 25
Configuring Networking
Configuring the WAN Settings
2
Keep alive When you select this option, the Internet
connection is always on. In the redial period field,
enter the number of seconds after which the
Cisco RV110W attempts to reconnect if it is
disconnected.
Authentication Type Choose the authentication type:
Auto-negotiation—The server sends a
configuration request specifying the security
algorithm set on it. Then, the Cisco RV110W sends
back authentication credentials with the security
type sent earlier by the server.
PAP—The Cisco RV110W uses the Password
Authentication Protocol (PAP) to connect to the ISP.
CHAP—The Cisco RV110W uses the Challenge
Handshake Authentication Protocol (CHAP) when
connecting with the ISP.
MS-CHAP or MS-CHAPv2—The Cisco RV110W
uses Microsoft Challenge Handshake
Authentication Protocol when connecting with the
ISP.
STEP 4 (Optional) To configure the optional settings, see Configuring Optional Settings.
STEP 5 Click Save.
Configuring L2TP
To configure the L2TP settings:
STEP 1 Choose Networking > WAN.
STEP 2 From the Internet Connection Type drop-down menu, choose L2TP.
Cisco RV110W Administration Guide 26
Configuring Networking
Configuring the WAN Settings
STEP 3 Enter this information:
2
Internet IP Address Enter the IP address of the WAN port.
Subnet mask Enter subnet mask of the WAN port.
Default Gateway Enter the IP address of the default gateway.
L2TP Server Enter the IP address of the L2TP server.
Username Enter your username assigned to you by the ISP.
Password Enter your password assigned to you by the ISP.
Connect on Demand Select this option if your ISP charges based on the
amount of time that you are connected. When you
select this option, the Internet connection is on only
when traffic is present. If the connection is idle—
that is, no traffic is flowing—the connection is
closed. If you click Connect on Demand, enter the
number of minutes after which the connection
shuts off in the Max Idle Time field.
Cisco RV110W Administration Guide 27
Configuring Networking
Configuring the WAN Settings
2
Keep alive When you select this option, the Internet
connection is always on. In the redial period field,
enter the number of seconds after which the
Cisco RV110W attempts to reconnect if it is
disconnected.
Authentication Type Choose the authentication type:
Auto-negotiation—The server sends a
configuration request specifying the security
algorithm set on it. Then, the Cisco RV110W sends
back authentication credentials with the security
type sent earlier by the server.
PAP—The Cisco RV110W uses the Password
Authentication Protocol (PAP) to connect to the ISP.
CHAP—The Cisco RV110W uses the Challenge
Handshake Authentication Protocol (CHAP) when
connecting with the ISP.
MS-CHAP or MS-CHAPv2—The Cisco RV110W
uses Microsoft Challenge Handshake
Authentication Protocol when connecting with the
ISP.
STEP 4 (Optional) To configure the optional settings, see Configuring Optional Settings.
STEP 5 Click Save.
Configuring Optional Settings
To configure optional settings:
STEP 1 In the Optional Settings section, configure the following settings:
Host Name Enter the host name of the Cisco RV110W.
Domain Name Enter the domain name for your network.
Cisco RV110W Administration Guide 28
Configuring Networking
Configuring the LAN Settings
STEP 2 Click Save.
2
MTU The Maximum Transmit Unit (MTU) is the size of the
largest packet that can be sent over the network.
The standard MTU value for Ethernet networks is
usually 1500 bytes. For PPPoE connections, the
value is 1492 bytes.
Unless a change is required by your ISP, Cisco
recommends that you choose Auto. The default
MTU size is 1500 bytes.
If your ISP requires a custom MTU setting, choose
Manual and enter the MTU size.
Size Enter the MTU size.
Configuring the LAN Settings
The default DHCP and TCP/IP settings work for most applications. If you want
another PC on your network to be the DHCP server, or if you want to manually
configure the network settings of all of your PCs, disable DHCP.
Also, instead of using a DNS server, which maps Internet domain names (for
example, www.cisco.com) to IP addresses, you can use a Windows Internet
Naming Service (WINS) server. A WINS server is the equivalent of a DNS server
but uses the NetBIOS protocol to resolve hostnames. The Cisco RV110W includes
the IP address of the WINS server in the DHCP configuration the Cisco RV110W
sends to DHCP clients.
NOTE If the Cisco RV110W is connected to a modem or device that has a configured
network on the same subnet (192.168.1.x), the Cisco RV110W automatically
changes the LAN subnet to a random subnet based on 10.x.x.x, so there is no
conflict with the subnet on the WAN side of the Cisco RV110W.
You can assign an IP address to each additional subnet on the Cisco RV110W.
Cisco RV110W Administration Guide 29
Configuring Networking
Configuring the LAN Settings
STEP 1 Choose Networking > LAN > LAN Configuration.
STEP 2 In the IPv4 section, enter this information:
2
Changing the Default Cisco RV110W IP Address
To configure the default LAN IP address of the Cisco RV110W:
VLAN Choose the VLAN number from the drop-down
menu.
Local IP Address Enter the LAN IP address of the Cisco RV110W.
Make sure the address is not in use by another
device.
Subnet mask Choose the subnet mask for the new IP address
from the drop-down menu. The default subnet is
255.255.255.0.
STEP 3 Click Save.
After changing the Cisco RV110W LAN IP address, your PC is no longer
connected to the Cisco RV110W.
STEP 4 To reconnect your PC to the Cisco RV110W, do one of the following:
• If DHCP is configured on the Cisco RV110W, release and renew your PC IP
address.
• Manually assign an IP address to your PC. The address must be on the same
subnet as the Cisco RV110W. For example, if you change the Cisco RV110W
IP address to 10.0.0.1, assign your PC an IP address in the range of 10.0.0.2
to 10.0.0.255.
STEP 5 Open a new browser window and enter the new IP address of the Cisco RV110W
to reconnect.
Cisco RV110W Administration Guide 30
Configuring Networking
Configuring the LAN Settings
2
Configuring DHCP
By default, the Cisco RV110W functions as a DHCP server to the hosts on the
Wireless LAN (WLAN) or LAN network, assigns IP addresses, and provides DNS
server addresses.
With DHCP enabled, the Cisco RV110W IP address serves as the gateway
address to your LAN. The Cisco RV110W assigns IP addresses to network
devices on the LAN from a pool of addresses. The Cisco RV110W tests each
address before it is assigned to avoid duplicate addresses on the LAN.
By default the Cisco RV110W assigns an IP address to each host on the LAN from
the default IP address pool (192.168.1.100 to 192.168.1.149). If you need to set any
host with a static IP address, use an IP address from the 192.168.1.2 to
192.168.1.99 IP address pool. This prevents conflicts with the default IP address
pool.
To configure DHCP settings:
STEP 1 Choose Networking > LAN > LAN Configuration.
STEP 2 (Optional) Select the VLAN you want to edit from the drop-down list.
STEP 3 In the DHCP Server field, select one of the following options:
Enable Click this button to allow the Cisco RV110W to act
as the DHCP server in the network.
Disable Click this button to disable DHCP on the
Cisco RV110W.
If you want another device on your network to be
the DHCP server, or to manually configuring the
network settings of all of your PCs, disable DHCP.
DHCP Relay Click this button to select DHCP Relay to configure
the Cisco RV110W to act as a relayer of
IP addresses by a different DHCP server.
Cisco RV110W Administration Guide 31
Configuring Networking
Configuring the LAN Settings
STEP 4 If you selected Enable, enter this information:
2
Starting IP Address Enter the first address in the IP address pool. Any
new DHCP client joining the LAN is assigned an IP
address in this range (the ending IP address in the
pool is determined by the value you enter in the
Maximum Number of DHCP Users field).
Maximum Number of
DHCP Users
IP Address Range (Read-only) Displays the range of IP addresses
Client Lease time Enter the duration (in hours) for which IP addresses
Static DNS 1 Enter the IP address of the primary DNS server.
Static DNS 2 Enter the IP address of the secondary DNS server.
Static DNS 3 Enter the IP address of the tertiary DNS server.
WINS Enter the IP address of the primary WINS server.
STEP 5 If you selected DHCP Relay, enter the address of the relay gateway in the Remote
DHCP Server field. The relay gateway transmits DHCP messages between
multiple subnets.
STEP 6 Click Save.
Enter the maximum number of DHCP clients.
available to the DHCP clients.
are leased to clients.
Configuring VLANs
A Virtual LAN (VLAN) is a group of endpoints in a network that are associated by
function or other shared characteristics. Unlike LANs, which are usually
geographically based, VLANs can group endpoints without regard to the physical
location of the equipment or users.
The Cisco RV110W has a default VLAN (VLAN 1), which cannot be edited or
changed. You can create four other VLANs on the Cisco RV110W.
Cisco RV110W Administration Guide 32
Configuring Networking
Configuring the LAN Settings
STEP 1 Choose Networking > LAN > VLAN Membership.
STEP 2 Click Add Row.
STEP 3 Enter this information:
2
To c re at e a VL A N :
VLAN ID Enter the numerical VLAN ID to assign to endpoints
in the VLAN membership. The number you enter
must be between 3 to 4094. VLAN ID 1 is reserved
for the default VLAN, which is used for untagged
frames received on the interface. VLAN IDs 1 and 2
are reserved and cannot be used.
Description Enter a description to identify the VLAN.
Port 1 You can associate VLANS on the Cisco RV110W to
Port 2
Port 3
Port 4
STEP 4 Click Save.
the LAN ports on the device. By default, all 4 ports
belong to VLAN1. You can edit these ports to
associate them with other VLANS. Choose the
outgoing frame type for each port:
Untagged—The interface is an untagged member
of the VLAN. Frames of the VLAN are sent
untagged to the port VLAN.
Ta gg e d—The port is a tagged member of the
VLAN. Frames of the VLAN are sent tagged to the
port VLAN.
Excluded—The port is currently not a member of
the VLAN. This is the default for all the ports when
the VLAN is first created.
To edit the settings of a VLAN, select the VLAN and click Edit. To delete a selected
VLAN, click Delete. Click Save to apply changes.
Cisco RV110W Administration Guide 33
Configuring Networking
Configuring the LAN Settings
STEP 1 Choose Networking > LAN > Static DHCP.
STEP 2 From the VLAN drop-down menu, choose a VLAN number.
STEP 3 Click Add Row.
STEP 4 Enter this information:
2
Configuring Static DHCP
You can configure the Cisco RV110W to assign a specific IP address to a device
with a specific MAC address.
To configure static DHCP:
Description Enter a description of the client.
IP Address Enter the IP address of the device.
The IP address assigned should be outside the
pool of the DHCP addresses configured. The DHCP
pool is treated as a generic pool and all reserved IP
addresses should be outside this pool.
Static DHCP assignment means the DHCP server
assigns the same IP to the defined MAC address
every time the device is connected to the network.
The DHCP server serves the reserved IP address
when the device using the corresponding MAC
address requests an IP address.
MAC Address Enter the MAC address of the device.
The format for the MAC Address is
XX:XX:XX:XX:XX:XX where X is a number from 0 to
9 (inclusive) or an alphabetical letter between A
and F (inclusive).
To edit the settings of a static DHCP client, select the client and click Edit. To
delete a selected DHCP client, click Delete. Click Save to apply changes.
Cisco RV110W Administration Guide 34
Configuring Networking
Configuring the LAN Settings
STEP 1 In the row of the connected device, check the Add to Static DHCP box.
STEP 2 Click Save.
2
Viewing DHCP Leased Clients
You can view a list of endpoints on the network (identified by Host Name, IP
address, or MAC address) and see the IP addresses assigned to them by the
DHCP server. The VLAN of the endpoints is also displayed.
To view the DHCP clients, choose Networking > LAN > DHCP Leased Clients.
For every VLAN defined on the Cisco RV110W, a table displays a list of the clients
associated with the VLAN.
To assign a static IP address to one of the connected devices:
The DHCP server on the Cisco RV110W will then always assign the IP address
shown when the device requests an IP address.
Configuring a DMZ Host
The Cisco RV110W supports demilitarized zones (DMZ). A DMZ is a subnetwork
that is open to the public but behind the firewall. A DMZ allows you to redirect
packets going to your WAN port IP address to a particular IP address in your LAN.
We recommended that you place hosts that must be exposed to the WAN (such as
web or e-mail servers) in the DMZ network. You can configure firewall rules to
allow access to specific services and ports in the DMZ from both the LAN or WAN.
In the event of an attack on any of the DMZ nodes, the LAN is not necessarily
vulnerable.
You must configure a fixed (static) IP address for the endpoint that you designate
as the DMZ host. You should assign the DMZ host an IP address in the same
subnet as the Cisco RV110W LAN IP address, but it cannot be identical to the IP
address given to the LAN interface of this gateway.
To configure DMZ:
STEP 1 Choose Networking > LAN > DMZ Host.
STEP 2 Check Enable to enable DMZ on the network.
Cisco RV110W Administration Guide 35
Configuring Networking
Configuring the LAN Settings
STEP 3 From the VLAN drop-down menu, choose the ID of the VLAN where DMZ is
STEP 4 In the Host IP Address field, enter the IP address of the DMZ host. The DMZ host
STEP 5 Click Save.
2
enabled.
is the endpoint that receives the redirected packets.
Configuring RSTP
Rapid Spanning Tree Protocol (RSTP) is a network protocol prevents loops in the
network and dynamically reconfigures which physical links should forward frames.
To configure Rapid Spanning Tree Protocol (RTSP):
STEP 1 Choose Networking > LAN > RSTP.
STEP 2 Configure the following settings:
System Priority Choose the system priority from the drop-down
menu. You can choose from a system priority from
0 to 61440 in increments of 4096. Valid values are
0, 4096, 8192, 12288, 16384, 20480, 24576,
28672, 32768, 40960, 45056, 49152, 53248,
57344, and 61440.
The lower the system priority, the more likely the
Cisco RV110W is to become the root in the
spanning tree. The default is 327688.
Hello Time The hello time is the time period that the root of the
spanning tree waits before sending hello
messages. Enter a number from 1 to 10. The default
is 2.
Max Age The max age is the time period that the router waits
to receive a hello message. If the max age is
reached, the router tries to change the spanning
tree. Enter a number from 6 to 40. The default is 20.
Cisco RV110W Administration Guide 36
Configuring Networking
Configuring the LAN Settings
STEP 3 In the Setting Table, configure the following settings:
2
Forward Delay The forward delay is the interval after which an
interface changes from the blocking to forwarding
state. Enter a number from 4 to 30. The default is
15.
Force Version Select the default protocol version to use. Select
Normal (use RSTP) or Compatible (compatible
with old STP). The default is Normal.
Protocol Enable Check to enable RSTP on the associated port.
RSTP is disabled by default.
Edge Check to specify that the associated port is an
edge por t (end station). Uncheck to specify that the
associated port is a link (bridge) to another STP
device. Edge port is enabled by default.
Path Cost Enter the RSTP path cost for the designated ports.
Use 0 for the default value (the Cisco RV110W
automatically determines the path value). You can
also enter a number from 2 to 200000000.
STEP 4 Click Save.
Port Management
You can configure the speed and flow control settings of the Cisco RV110W LAN
ports.
To configure port speeds and flow control:
STEP 1 Choose Networking > Port Management.
Cisco RV110W Administration Guide 37
Configuring Networking
Configuring the LAN Settings
STEP 2 Configure this information:
2
Port The port number.
Link The port speed. If no device is connected to the
port, this field displays Down.
Mode Choose from the drop-down menu one of the
following port speeds:
• Auto Negotiation—The Cisco RV110W and
the connected device choose a common
speed.
• 10Mbps Half—10 Mbps in both directions,
but only one direction at a time.
Flow Control Check to enable flow control for this port.
STEP 3 Click Save.
• 10Mbps Full—10 Mbps in both directions
simultaneously.
• 100Mbps Half—100 Mbps in both
directions, but only one direction at a time.
• 100Mbps Full—100 Mbps in both
directions simultaneously.
Flow control is the process of managing the rate of
data transmission between two nodes to prevent a
fast sender from outrunning a slow receiver. It
provides a mechanism for the receiver to control
the transmission speed, so that the receiving node
is not overwhelmed with data from the transmitting
node.
Cisco RV110W Administration Guide 38
Configuring Networking
Cloning the MAC Address
Cloning the MAC Address
Sometimes, you may need to set the MAC address of the Cisco RV110W WAN
port to be the same MAC address as your PC or some other MAC address. This is
called MAC address cloning.
For example, some ISPs register your computer NIC card MAC address when the
service is first installed. When you place a router behind the cable modem or DSL
modem, the MAC address from the Cisco RV110W WAN port is not recognized by
the ISP.
In this case, to configure your Cisco RV110W to be recognized by the ISP, clone
the MAC address of the WAN port to be the same as your computer MAC address.
To configure a MAC address clone:
2
STEP 1 Choose Networking > MAC Address Clone.
STEP 2 In the MAC Address Clone field, check Enable to enable MAC address cloning.
STEP 3 To set the MAC address of the Cisco RV110W WAN port, do one of the following:
• To set the MAC address of the WAN port to your PC MAC address, click
Clone My PC’s MAC.
• To specify a different MAC address, enter it in the MAC Address field.
STEP 4 Click Save.
Cisco RV110W Administration Guide 39
Configuring Networking
Configuring Routing
Configuring Routing
Configure the routing options.
Configuring the Operating Mode
To configure the Cisco RV110W operating mode:
STEP 1 Choose Networking > Routing.
STEP 2 In the Operating Mode field, select one of the following options:
Gateway (Recommended) Click this button to set the
2
Cisco RV110W to act as a gateway.
Router (For advanced users only) Click this button to set
STEP 3 Click Save.
Configuring Dynamic Routing
Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is
commonly used in internal networks. It allows the router to exchange its routing
information automatically with other routers, and allows it to dynamically adjust its
routing tables and adapt to changes in the network.
Keep this default setting if the Cisco RV110W is
hosting your network connection to the Internet
and is performing the routing functions.
the Cisco RV110W to act as a router.
Select this option if the Cisco RV110W is on a
network with other routers.
Enabling the Router mode disables NAT (Network
Address Translation) on the Cisco RV110W.
Dynamic Routing (RIP) enables the Cisco RV110W to automatically adjust to
physical changes in the network layout and exchange routing tables with the other
routers.
Cisco RV110W Administration Guide 40
Configuring Networking
Configuring Routing
NOTE RIP is disabled by default on the Cisco RV110W.
STEP 1 Choose Networking > Routing.
STEP 2 Configure the following settings:
2
The router determines the network packets’ route based on the fewest number of
hops between the source and the destination. RIP is disabled by default.
To configure dynamic routing:
RIP Check Enable to enable RIP. This allows the
Cisco RV110W to use RIP to route traffic.
RIP Send Packet Version Select the RIP Send Packet Version (RIPv1 or
RIPv2).
RIP Recv Packet Version Choose the RIP Receive Packet Version.
STEP 3 Click Save.
Configuring Static Routing
You can configure static routes to direct packets to the destination network. A
static route is a pre-determined pathway that a packet must travel to reach a
specific host or network.
Some ISPs require static routes to build your routing table instead of using
dynamic routing protocols. Static routes do not require CPU resources to
exchange routing information with a peer router.
You can also use static routes to reach peer routers that do not support dynamic
routing protocols. Static routes can be used together with dynamic routes. The
Cisco RV110W supports up to 30 static routes.
The version of RIP used to send routing updates to
other routers on the network depends on the
configuration settings of the other routers. RIPv2 is
backward compatible with RIPv1.
Be careful not to introduce routing loops in your network.
Cisco RV110W Administration Guide 41
Configuring Networking
Configuring Routing
STEP 1 Choose Networking > Routing.
STEP 2 From the Route Entries drop-down menu, choose a route entry.
STEP 3 Configure the following settings for the selected route entry:
2
To configure static routing:
To delete the route entry, click Delete This Entry.
Enter Route Name Enter the name of the route.
Destination LAN IP Enter the IP address of the destination LAN.
Subnet Mask Enter the subnet mask of the destination network.
Gateway Enter the IP address of the gateway used for this
Interface Select the interface to which packets for this route
STEP 4 Click Save.
Configuring Inter-VLAN Routing
Check the Inter-VLAN Routing box to enable routing between the separate VLANs
on the Cisco RV110W.
route.
are sent:
• LAN & Wireless—Click this button to direct packets
to the LAN and wireless network.
• Internet (WAN)—Click this button to direct packets
to the Internet (WAN).
Cisco RV110W Administration Guide 42
Configuring Networking
Viewing the Routing Table
Viewing the Routing Table
The routing table contains information about the topology of the network
immediately around it.
To view the routing information on your network, choose Networking > Routing
Ta bl e and choose one of the following:
• Show IPv4 Routing Table—The routing table is displayed with the fields
configured in the Networking > Routing page.
• Show IPv6 Routing Table—The routing table is displayed with the fields
configured in the Networking > IPv6 pages.
Configuring Dynamic DNS
2
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public
IP addresses to be located using Internet domain names. To use DDNS, you must
set up an account with a DDNS provider such as DynDNS.com, TZO.com,
3322.org, or noip.com.
The router notifies dynamic DNS servers of changes in the WAN IP address, so
that any public services on your network can be accessed by using the domain
name.
To configure DDNS:
STEP 1 Choose Networking > Dynamic DNS.
STEP 2 From the DDNS Service drop-down menu, choose Disable to disable this service
or choose the DDNS service to use.
STEP 3 If you do not have a DDNS account, click the URL of the service to visit the
selected DDNS service's website so that you can create an account.
STEP 4 Configure this information:
E-mail Address (TZO.com and noip.com) Enter the email address
you used to create the DDNS account.
Username (DynDNS.com and 3322.org) Enter the username of
the DDNS account.
Cisco RV110W Administration Guide 43
Configuring Networking
Configuring the IP Mode
2
Password Enter the password of the DDNS account.
Verify Password (TZO.com, DynDNS.com, and noip.com) Reenter
the password of the DDNS account.
Host Name (DynDNS.com, 3322.org, and noip.com) Enter the
host name of the DDNS server.
Domain Name (TZO.com) Enter the name of the domain that is
used to access the network.
Internet IP Address (Read-only) The Internet IP address of the
Cisco RV110W.
Status (Read-only) Status is displayed if the DDNS update
has completed successfully or if the account
update information sent to the DDNS server failed.
STEP 5 To test the DDNS configuration, click Test Configuration.
STEP 6 Click Save.
Configuring the IP Mode
Wide area network configuration properties are configurable for both IPv4 and
IPv6 networks. You can enter information about your Internet connection type and
other parameters in these pages.
To select an IP mode:
STEP 1 Choose Networking > IP Mode.
STEP 2 From the IP Mode drop-down menu, choose one of the following options:
LAN:IPv4, WAN:IPv4 Choose this option to use IPv4 in the LAN and WAN
ports.
LAN:IPv6, WAN:IPv4 Choose this option to use IPv6 in the LAN ports and
IPv4 in the WAN ports.
Cisco RV110W Administration Guide 44
Configuring Networking
Configuring IPv6
2
LAN:IPv6, WAN:IPv6 Choose this option to use IPv6 in the LAN and WAN
ports.
LAN:IPv4+IPv6,
WAN:IP v4
LAN:IPv4+IPV6,
WAN:IPv4+IPv6
LAN:IPv4, WAN:IPv6 Choose this option to use IPv4 in the LAN and IPv6
STEP 3 (Optional) If you are using 6to4 tunneling, which allows IPv6 packets to be
transmitted over an IPv4 network, do the following:
a. Click Show Static 6to4 DNS Entry.
b. In the Domain and IP fields, enter up to five domain-to-IP mappings.
The 6to4 tunneling feature is typically used when a site or end user wants to
connect to the IPv6 Internet using the existing IPv4 network.
STEP 4 Click Save.
Choose this option to use IPv4 and IPv6 in the LAN
ports and IPv4 in the WAN ports.
Choose this option to use IPv4 and IPv6 in both the
LAN and WAN ports.
in the WAN ports.
Configuring IPv6
Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP) intended
to succeed Internet Protocol version 4 (IPv4). Configuring WAN properties for an
IPv6 network depends on the type of internet connection that you have.
Configuring the WAN for an IPv6 Network
You can configure the Cisco RV110W to be a DHCPv6 client of the ISP for this
WAN or to use a static IPv6 address provided by the ISP.
Setting the IP Mode
To configure IPv6 WAN settings on your Cisco RV110W, you must first set the IP
mode to LAN:IPv6, WAN:IPv6 or LAN:IPv4+IPv6, WAN:IPv4+IPv6.
See Configuring the IP Mode for more information.
Cisco RV110W Administration Guide 45
Configuring Networking
Configuring IPv6
STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration.
STEP 2 In the WAN Connection Type field, select Automatic Configuration-DHCPv6.
STEP 3 Click Save.
2
Configuring DHCPv6
If your ISP provides you with a dynamically-assigned address, configure the
Cisco RV110W to use be a DHCPv6 client.
To configure the Cisco RV110W to be a DHCPv6 client:
Configuring a Static WAN IP Address
If your ISP assigns you a fixed address to access the Internet, configure the
Cisco RV110W to use a static IPv6 address.
To configure the Cisco RV110W to use a static IPv6 address:
STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration.
STEP 2 In the WAN Connection Type field, select Static IPv6.
STEP 3 Enter this information:
IPv6 Address Enter the IPv6 address of the WAN port.
IPv6 Prefix Length Enter the IPv6 prefix length defined by the ISP.
The IPv6 network (subnet) is identified by the initial
bits of the address which are called the prefix.
For example, in the 2001:0DB8:AC10:FE01::
IP address, 2001 is the prefix.
All hosts in the network have identical initial bits for
their IPv6 address; you set the number of common
initial bits in the network addresses in this field.
Default IPv6 Gateway Enter the IPv6 address of the default gateway. This
is the IP address of the server at the ISP that this
router connects to for accessing the Internet.
Cisco RV110W Administration Guide 46
Configuring Networking
Configuring IPv6
STEP 4 Click Save.
2
Static DNS 1 Enter the IP address of the primary DNS server on
the ISP IPv6 network.
Static DNS 2 Enter the IP address of the secondary DNS server
on the ISP IPv6 network.
Configuring PPPoE IPv6 Settings
If you choose this option, your IPv6 WAN PPPoE settings must match your IPv4
WAN P PPoE set ti ng s . Se e Configuring PPPoE.
To configure the Cisco RV110W PPPoE IPv6 settings:
STEP 1 Choose Networking > IPv6 > IPv6 WAN Configuration.
STEP 2 In the WAN Connection Type field, choose PPPoE IPv6.
STEP 3 Enter the following information (you may need to contact your ISP to obtain your
PPPoE login information):
Username Enter your username assigned to you by the ISP.
Password Enter your password assigned to you by the ISP.
Connect on Demand Select this option if your ISP charges based on the
amount of time that you are connected. When you
select this option, the Internet connection is on only
when traffic is present. If the connection is idle—
that is, no traffic is flowing—the connection is
closed. If you click Connect on Demand, enter the
number of minutes after which the connection
shuts off in the Max Idle Time field.
Keep alive When you select this option, the Internet
connection is always on. In the redial period field,
enter the number of seconds after which the
Cisco RV110W attempts to reconnect if it is
disconnected.
Cisco RV110W Administration Guide 47
Configuring Networking
Configuring IPv6
2
Authentication Type Choose the authentication type:
Auto-negotiation—The server sends a
configuration request specifying the security
algorithm set on it. Then, the Cisco RV110W sends
back authentication credentials with the security
type sent earlier by the server.
PAP—The Cisco RV110W uses the Password
Authentication Protocol (PAP) to connect to the ISP.
CHAP—The Cisco RV110W uses the Challenge
Handshake Authentication Protocol (CHAP) when
connecting with the ISP.
MS-CHAP or MS-CHAPv2—The Cisco RV110W
uses Microsoft Challenge Handshake
Authentication Protocol when connecting with the
ISP.
Service Name Your ISP may configure a service name that is
needed to log onto the PPPoE server. If so, enter it
here.
MTU The Maximum Transmit Unit (MTU) is the size of the
largest packet that can be sent over the network.
The standard MTU value for Ethernet networks is
usually 1500 bytes. For PPPoE connections, the
value is 1492 bytes.
Unless a change is required by your ISP, Cisco
recommends that you choose Auto. The default
MTU size is 1500 bytes.
If your ISP requires a custom MTU setting, choose
Manual and enter the MTU size.
Size Enter the MTU size.
Address Mode Choose dynamic or static address mode. If you
choose
below.
dynamic
, enter the IPv6 address in the field
static
IPv6 Prefix Length If you chose
prefix length field.
Cisco RV110W Administration Guide 48
address mode, enter the IPv6
Configuring Networking
Configuring IPv6
STEP 4 Click Save.
2
Default IPv6 Gateway Enter the IP address of the default IPv6 gateway.
static
Static DNS 1 If you chose
address of the primary DNS server.
Static DNS 2 If you chose
address of the secondary DNS server.
Configuring IPv6 LAN Settings
In the IPv6 mode, the LAN DHCP server is enabled by default (similar to the IPv4
mode). The DHCPv6 server assigns IPv6 addresses from configured address
pools that use the IPv6 prefix length assigned to the LAN.
address mode, enter the IP
static
address mode, enter the IP
Setting the IP Mode
To configure IPv6 LAN settings on your Cisco RV110W, you must first set the IP
mode to one of the following modes:
• LAN:IPv6, WAN:IPv4
• LAN:IPv6, WAN:IPv6
• LAN:IPv4+IPv6, WAN:IPv4
• LAN:IPv4+IPv6, WAN:IPv4+IPv6
See Configuring the IP Mode for more information.
Configuring a Static LAN IP Address
To configure IPv6 LAN settings:
STEP 1 Choose Networking > IPv6 > IPv6 LAN Configuration.
Cisco RV110W Administration Guide 49
Configuring Networking
Configuring IPv6
STEP 2 Enter the following information to configure the IPv6 LAN address:
2
IPv6 Address Enter the IPv6 address of the Cisco RV110W.
The default IPv6 address for the gateway is fec0::1
(or FEC0:0000:0000:0000:0000:0000:0000:0001).
You can change this 128-bit IPv6 address based on
your network requirements.
IPv6 Prefix Length Enter the IPv6 prefix length.
The IPv6 network (subnet) is identified by the initial
bits of the address called the prefix. By default, the
prefix is 64 bits long.
All hosts in the network have the identical initial bits
for their IPv6 address; you set the number of
common initial bits in the network addresses in this
field.
STEP 3 Click Save.
Configuring DHCPv6 Settings
To configure IPv6 LAN settings:
STEP 1 Choose Networking > IPv6 > IPv6 LAN Configuration.
STEP 2 Enter the following information to configure the DHCPv6 settings:
DHCP Status Check to enable the DHCPv6 server.
If enabled, the Cisco RV110W assigns an IP
address within the specified range plus additional
specified information to any LAN endpoint that
requests DHCP-served addresses.
Domain Name (Optional) Enter the domain name of the DHCPv6
server.
Cisco RV110W Administration Guide 50
Configuring Networking
Configuring IPv6
2
Server Preference Enter the server preference level of this DHCP
server.
DHCP advertise messages with the highest server
preference value to a LAN host are preferred over
other DHCP server advertise messages.
The default is 255.
Static DNS 1 Enter the IPv6 address of the primary DNS server
on the ISP IPv6 network.
Static DNS 2 Enter the IPv6 address of the secondary DNS
server on the ISP IPv6 network.
Client Lease Time Enter the client lease time.
Enter the duration (in seconds) for which IPv6
addresses are leased to endpoints on the LAN.
STEP 3 Click Save.
Configuring IPv6 Address Pools
You can define the IPv6 delegation prefix for a range of IPv6 addresses to be
served by the Cisco RV110W DHCPv6 server.
Using a delegation prefix, you can automate the process of informing other
networking equipment on the LAN of DHCP information specific for the assigned
prefix.
To configure IPv6 Address Pools:
STEP 1 Choose Networking > IPv6 > IPv6 LAN Configuration.
STEP 2 In the IPv6 Address Pools Table, click Add Row.
Cisco RV110W Administration Guide 51
Configuring Networking
Configuring IPv6
STEP 3 Enter this information:
STEP 4 Click Save.
2
Start Address Enter the starting IPv6 address of the pool.
End Address Enter the ending IPv6 address of the pool.
IPv6 Prefix Length Enter the prefix length.
This field determines the number of common initial
bits in the network addresses.
To edit the settings of a pool, select the pool and click Edit. To delete a selected
pool, click Delete. Click Save to apply changes.
Configuring IPv6 Static Routing
You can configure static routes to direct packets to the destination network. A
static route is a predetermined pathway that a packet must travel to reach a
specific host or network.
Some ISPs require static routes to build your routing table instead of using
dynamic routing protocols. Static routes do not require CPU resources to
exchange routing information with a peer router.
You can also use static routes to reach peer routers that do not support dynamic
routing protocols. Static routes can be used together with dynamic routes. Be
careful not to introduce routing loops in your network.
To create a static route:
STEP 1 Choose Networking > IPv6 > IPv6 Static Routing.
STEP 2 In the list of static routes, click Add Row.
Cisco RV110W Administration Guide 52
Configuring Networking
Configuring IPv6
STEP 3 Enter this information:
2
Name Enter the route name.
Destination Enter the IPv6 address of the destination host or
network for this route.
Prefix Length Enter the number of prefix bits in the IPv6 address
that define the destination subnet.
Gateway Enter the IPv6 address of the gateway through
which the destination host or network can be
reached.
Interface Choose the interface for the route from the
drop-down menu: LAN, WAN, or 6to4.
Metric Enter the priority of the route by choosing a value
Active Check to make the route active.
STEP 4 Click Save.
To edit the settings of a route, select the route and click Edit. To delete a selected
route, click Delete. Click Save to apply changes.
between 2 and 15. If multiple routes to the same
destination exist, the route with the lowest metric is
used.
When you add a route in an inactive state, it gets
listed in the routing table, but is not used by the
Cisco RV110W. You can always activate the route
later.
This feature is useful if the network that the route
connects to is not available when you added the
route. When the network becomes available, you
can enable the route.
Cisco RV110W Administration Guide 53
Configuring Networking
Configuring IPv6
2
Configuring Routing (RIPng)
RIP Next Generation (RIPng) is a routing protocol based on the distance vector
(D-V) algorithm. RIPng uses UDP packets to exchange routing information through
port 521.
RIPng uses a hop count to measure the distance to a destination. The hop count is
referred to as metric, or cost. The hop count from a router to a directly-connected
network is 0. The hop count between two directly-connected routers is 1. When
the hop count is greater than or equal to 16, the destination network or host is
unreachable.
By default, the routing update is sent every 30 seconds. If the router receives no
routing updates from a neighbor after 180 seconds, the routes learned from the
neighbor are considered as unreachable. After another 240 seconds, if no routing
update is received, the router removes these routes from the routing table.
On the Cisco RV110W, RIPng is disabled by default.
To configure RIPng:
STEP 1 Choose Networking > IPv6 > Routing (RIPng).
STEP 2 Check Enable.
STEP 3 Click Save.
Configuring Tunneling
6 to 4 Tunneling
IPv6-to-IPv4 tunneling (6-to-4 tunneling) allows IPv6 packets to be transmitted
over an IPv4 network. 6-to-4 tunneling is typically used when a site or end user
wants to connect to the IPv6 Internet using the existing IPv4 network.
To configure 6-to-4 tunneling:
STEP 1 Select Networking > IPv6 > Tunneling.
STEP 2 In the 6 to 4 Tunneling field, check Enable.
STEP 3 Choose the type of tunneling (6to4 or 6RD [Rapid Deployment]).
STEP 4 For 6RD Tunneling, choose auto or manual.
Cisco RV110W Administration Guide 54
Configuring Networking
Configuring IPv6
STEP 5 Enter the following information:
STEP 6 Click Save.
2
• IPv6 Prefix
• IPv6 Prefix Length
• Border Relay
• IPv4 Mask Length.
4 to 6 Tunneling
IPv4 to IPv6 tunneling (4-to-6 tunneling) allows IPv4 packets to be transmitted over
an IPv6 network. To configure 4-to-6 tunneling:
STEP 1 Select Networking > IPv6 > Tunneling.
STEP 2 In the 4 to 6 Tunneling field, check Enable.
STEP 3 Enter the local WAN IPv6 address on the Cisco RV110W.
STEP 4 Enter the Remote IPv6 address, or the IP address of the remote endpoint.
STEP 5 Click Save.
Viewing IPv6 Tunnel Status
To view IPv6 tunnel status:
STEP 1 Choose Networking > IPv6 > IPv6 Tunnels Status.
STEP 2 Click Refresh to display the most up-to-date information.
This page displays information about the automatic tunnel set up through the
dedicated WAN interface. The table shows the name of tunnel and the IPv6
address that is created on the device.
Cisco RV110W Administration Guide 55
Configuring Networking
Configuring IPv6
STEP 1 Choose Networking > IPv6 > Router Advertisement.
STEP 2 Enter this information:
2
Configuring Router Advertisement
The Router Advertisement Daemon (RADVD) on the Cisco RV110W listens for
router solicitations in the IPv6 LAN and responds with router advertisements as
required. This is stateless IPv6 auto configuration, and the Cisco RV110W
distributes IPv6 prefixes to all nodes on the network.
To configure the RADVD:
RADVD Status Check Enable to enable RADVD.
Advertise Mode Select one of the following modes:
Unsolicited Multicast—Select this mode to send
Router Advertisements (RAs) to all interfaces
belonging to the multicast group.
Unicast only—Select this mode to restrict
advertisements to well-known IPv6 addresses only
(RAs are sent to the interface belonging to the
known address only).
Advertise Interval If you choose Unsolicited Multicast as the
advertise mode, enter the advertise interval
(4–1800). The default is 30. The advertise interval is
a random value between the Minimum Router
Advertisement Interval (MinRtrAdvInterval) and
Maximum Router Advertisement Interval
(MaxRtrAdvInterval).
MinRtrAdvInterval = 0.33 * MaxRtrAdvInterval
RA Flags Check Managed to use the administered/stateful
protocol for address auto configuration.
Check Other to use the administered/stateful
protocol of other, non-address information auto
configuration.
Cisco RV110W Administration Guide 56
Configuring Networking
Configuring IPv6
2
Router Preference Choose low, medium, or high from the drop-down
menu. The default is medium.
The router preference provides a preference
metric for default routers. The low, medium and
high values are signaled in unused bits in RA
messages. This extension is backward compatible,
both for routers (setting the router preference
value) and hosts (interpreting the router preference
value). These values are ignored by hosts that do
not implement router preference. This feature is
useful if there are other RADVD-enabled devices
on the LAN.
MTU Enter the MTU size (0 or 1280 to 1500). The default
is 1500 bytes.
The MTU is the size of the largest packet that can
be sent over the network. The MTU is used in RAs
to ensure all nodes on the network use the same
MTU value when the LAN MTU is not well-known.
Router Life Time Enter the router lifetime value, or the time in
seconds that the advertisement messages exists
on the route. The default is 3600 seconds.
STEP 3 Click Save.
Configuring Advertisement Prefixes
To configure the RADVD available prefixes:
STEP 1 Choose Networking > IPv6 > Advertisement Prefixes.
STEP 2 Click Add Row.
Cisco RV110W Administration Guide 57
Configuring Networking
Configuring IPv6
STEP 3 Enter this information:
2
IPv6 Prefix Type Choose one of the following types from the
drop-down menu:
6to4—6to4 is a system that allows IPv6 packets to
be transmitted over an IPv4 network. It is used
when an end user wants to connect to the IPv6
Internet using their existing IPv4 connection
Global/Local—A locally unique IPv6 address that
you can use in private IPv6 networks or a globally
unique IPv6 Internet address.
SLA ID If you choose 6to4 as the IPv6 prefix type, enter
the Site-Level Aggregation Identifier (SLA ID).
IPv6 Prefix If you choose Global/Local as the IPv6 prefix type,
IPv6 Prefix Length If you choose Global/Local as the IPv6 prefix type,
Prefix Lifetime Enter the prefix lifetime, or the length of time over
STEP 4 Click Save.
The SLA ID in the 6to4 address prefix is set to the
interface ID of the interface on which the
advertisements are sent.
enter the IPv6 prefix. The IPv6 prefix specifies the
IPv6 network address.
enter the prefix length. The prefix length variable is
a decimal value that indicates the number of
contiguous, higher-order bits of the address that
make up the network portion of the address.
which the requesting router is allowed to use the
prefix.
Cisco RV110W Administration Guide 58
Configuring Networking
Configuring IPv6
2
Cisco RV110W Administration Guide 59
Configuring the Wireless Network
This chapter describes how to configure the Cisco RV110W wireless network.
• Wireless Security
• Cisco RV110W Wireless Networks
• Configuring Basic Wireless Settings
• Configuring Advanced Wireless Settings
3
• Configuring WDS
• Configuring WPS
Wireless Security
Wireless networks are convenient and easy to install, so small businesses and
homes with high-speed Internet access are adopting them at a rapid pace.
Because wireless networking operates by sending information over radio waves,
it can be more vulnerable to intruders than a traditional wired network.
Wireless Security Tips
You cannot physically prevent someone from connecting to your wireless network,
but you can take the following steps to keep your network secure:
• Change the default wireless network name or SSID.
Wireless devices have a default wireless network name or SSID. This is the
name of your wireless network, and can be up to 32 characters in length.
To protect your network, change the default wireless network name to a
unique name to distinguish your wireless network from other wireless
networks that may exist around you.
Cisco RV110W Administration Guide 60
Configuring the Wireless Network
Wireless Security
When choosing names, do not use personal information (such as your Social
Security number) because this information may be available for anyone to
see when browsing for wireless networks.
• Change the default password.
For wireless products such as access points, routers, and gateways, you
are asked for a password when you want to change their settings. These
devices have a default password. The default password is often cisco.
Hackers know these default values and may try to use them to access your
wireless device and change your network settings. To thwart unauthorized
access, customize the device password so it is hard to guess.
• Enable MAC address filtering.
Cisco routers and gateways give you the ability to enable MAC address
filtering. The MAC address is a unique series of numbers and letters
assigned to every networking device.
3
With MAC address filtering enabled, wireless network access is provided
solely for wireless devices with specific MAC addresses. For example, you
can specify the MAC address of each computer in your network so that only
those computers can access your wireless network.
• Enable encryption.
Encryption protects data transmitted over a wireless network. Wi-Fi
Protected Access (WPA/WPA2) and Wired Equivalency Privacy (WEP) offer
different levels of security for wireless communication. Currently, devices
that are Wi-Fi certified are required to support WPA2, but are not required
to support WEP.
A network encrypted with WPA /WPA2 is more secure than a network
encrypted with WEP, because WPA/WPA2 uses dynamic key encryption.
To protect the information as it passes over the airwaves, enable the highest
level of encryption supported by your network equipment.
WEP is an older encryption standard and may be the only option available
on some older devices that do not support WPA.
• Keep wireless routers, access points, or gateways away from exterior walls
and windows.
Cisco RV110W Administration Guide 61
Configuring the Wireless Network
Cisco RV110W Wireless Networks
• Turn wireless routers, access points, or gateways off when they are not
being used (at night, during vacations).
• Use strong passphrases that are at least eight characters in length.
Combine letters and numbers to avoid using standard words that can be
found in the dictionary.
General Network Security Guidelines
Wireless network security is useless if the underlying network is not secure. Cisco
recommends that you take the following precautions:
• Password-protect all computers on the network and individually password-
protect sensitive files.
• Change passwords on a regular basis.
3
• Install anti-virus software and personal firewall software.
• Disable file sharing (peer-to-peer) to prevent applications from using file
sharing without your consent.
Cisco RV110W Wireless Networks
The Cisco RV110W provides four virtual wireless networks, or four SSIDs (Service
Set Identifier): ciscosb1, ciscosb2, ciscosb3, and ciscosb4. These are the default
names or SSIDs of these networks, but you can change these names to more
meaningful names. This table describes the default settings of these networks:
SSID Name ciscosb1 ciscosb2 ciscosb3 ciscosb4
Enabled YesNoNoNo
SSID
Broadcast
Enabled Disabled Disabled Disabled
Security
Mode
MAC Filter Disabled Disabled Disabled Disabled
VLAN 1111
Cisco RV110W Administration Guide 62
Disabled
1
Disabled Disabled Disabled
Configuring the Wireless Network
Configuring Basic Wireless Settings
SSID Name ciscosb1 ciscosb2 ciscosb3 ciscosb4
3
Wireless
Isolation
with SSID
WMM Enabled Enabled Enabled Enabled
WPS
Hardware
Button
1. When using the Setup Wizard, select Best Security or Better Security to protect the
Cisco RV110W from unauthorized access.
Disabled Disabled Disabled Disabled
Enabled Disabled Disabled Disabled
Configuring Basic Wireless Settings
You can use the Basic Settings page (Wireless > Basic Settings) to configure
basic wireless settings.
To configure basic wireless settings:
STEP 1 Choose Wireless > Basic Settings.
STEP 2 In the Radio field, check Enable to turn on the wireless radio. By default there is
only one wireless network enabled, ciscosb1.
STEP 3 In the Wireless Network Mode field, choose one of these options from the
drop-down menu:
B/G/N-Mixed Choose this option if you have Wireless-N,
Wireless-B, and Wireless-G devices in your
network. This is the default setting (recommended).
B Only Choose this option if you have only Wireless-B
devices in your network.
G Only Choose this option if you have only Wireless-G
devices in your network.
N Only Choose this option if you have only Wireless-N
devices in your network.
Cisco RV110W Administration Guide 63
Configuring the Wireless Network
Configuring Basic Wireless Settings
B/G-Mixed Choose this option if you have Wireless-B and
G/N-Mixed Choose this option if you have Wireless-G and
STEP 4 If you chose B/G/N-Mixed, N-Only, or G/N Mixed, in the Wireless Band Selection
field, select the wireless bandwidth on your network (20MHz or 20/40MHz). If
you chose N-Only, you must use WPA2 security on your network. See Configuring
the Security Mode.
STEP 5 In the Wireless Channel field, choose the wireless channel from the drop-down
menu.
STEP 6 In the AP Management VLAN field, choose VLAN 1 if you are using the default
settings.
3
Wireless-G devices in your network.
Wireless-N devices in your network.
If you create additional VLANs, choose a value that corresponds with the VLAN
configured on other switches in the network. This is done for security purposes.
You might need to change the management VLAN to limit access to the
Cisco RV110W Device Manager.
STEP 7 (Optional) In the U-APSD (WMM Power Save) field, check Enable to enable the
Unscheduled Automatic Power Save Delivery (U-APSD) feature, also referred to as
WMM Power Save, that allows the radio to conserve power.
U-APSD is a power saving scheme optimized for real-time applications, such as
VoIP, transferring full-duplex data over WLAN. By classifying outgoing IP traffic as
Voice data, these types of applications can increase battery life by approximately
25% and minimize transmit delays.
STEP 8 (Optional) Configure the settings of the four wireless networks (see Editing the
Wireless Network Settings).
STEP 9 Click Save.
Cisco RV110W Administration Guide 64
Configuring the Wireless Network
Configuring Basic Wireless Settings
Editing the Wireless Network Settings
The Wireless Table in the Basic Settings page (Wireless > Basic Settings) lists
the settings of the four wireless networks supported on the Cisco RV110W.
To configure wireless network settings:
STEP 1 Check the box for the networks you want to configure.
STEP 2 Click the Edit button.
STEP 3 Configure these settings:
Enable SSID Click On to enable the network.
SSID Name Enter the name of the network.
3
SSID Broadcast Check this box to enable SSID broadcast. If
VLAN Choose the VLAN associated with the network.
Wireless Isolation with SSID Check this box to enable wireless isolation
WMM (Wi-Fi Multimedia) Check this box to enable WMM.
WPS Hardware Button Check this box to map the Cisco RV110W WPS
STEP 4 Click Save.
SSID broadcast is enabled, the wireless router
advertises its availability to wireless-equipped
devices in the range of the router.
within the SSID.
button on the front panel to this network.
Cisco RV110W Administration Guide 65
Configuring the Wireless Network
Configuring Basic Wireless Settings
Configuring the Security Mode
You can configure one of the following security modes for wireless networks:
Configuring WEP
The WEP security mode offers weak security with a basic encryption method that
is not as secure as WPA. WEP may be required if your network devices do not
support WPA.
NOTE If you do not have to use WEP, we recommend that you use WPA2. If you are using
the Wireless-N only mode, you must use WPA2.
To configure the WEP security mode:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network
you want to configure.
3
STEP 2 Click Edit Security Mode.
The Security Settings page appears.
STEP 3 In the Select SSID field, choose the SSID for which to configure the security
settings.
STEP 4 From the Security Mode menu, choose WEP.
STEP 5 In the Authentication Type field, choose one of the following options:
• Open System—This is the default option.
• Shared Key—Select this option if your network administrator recommends
this setting. If you are unsure, select the default option.
In both cases, the wireless client must provide the correct shared key (password)
to access the wireless network.
STEP 6 In the Encryption field, choose the encryption type:
• 10/64-bit(10 hex digits)—Provides a 40-bit key.
• 26/128-bit(26 hex digits)—Provides a a 104-bit key, which offers stronger
encryption, making the key more difficult to crack. We recommend 128-bit
encryption.
Cisco RV110W Administration Guide 66
Configuring the Wireless Network
Configuring Basic Wireless Settings
STEP 7 (Optional) In the Passphrase field, enter an alphanumeric phrase (longer than eight
characters for optimal security) and click Generate Key to generate four unique
WEP keys in the WEP Key fields below.
If you want to provide your own key, enter it directly in the Key 1 field
(recommended). The length of the key should be 5 ASCII characters (or 10
hexadecimal characters) for 64-bit WEP and 13 ASCII characters (or 26
hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are 0 to 9
and A to F.
STEP 8 In the TX Key field, choose which key to use as the shared key that devices must
use to access the wireless network.
STEP 9 Click Save to save your settings.
STEP 10 Click Back to go back to the Basic Settings page.
3
Configuring WPA-Personal, WPA2-Personal, and WPA2-Personal Mixed
The WPA Personal, WPA2 Personal, and the WPA2 Personal Mixed security
modes offer strong security to replace WEP.
• WPA-Personal—WPA is part of the wireless security standard (802.11i)
standardized by the Wi-Fi Alliance and was intended as an intermediate
measure to take the place of WEP while the 802.11i standard was being
prepared. WPA-Personal supports Temporal Key Integrity Protocol (TKIP)
and Advanced Encryption Standard (AES) encryption.
• WPA2-Personal—(Recommended) WPA2 is the implementation of the
security standard specified in the final 802.11i standard. WPA2 supports
AES encryption and this option uses Preshared Key (PSK) for authentication.
• WPA2-Personal Mixed—Allows both WPA and WPA2 clients to connect
simultaneously using PSK authentication.
The personal authentication is the PSK that is an alphanumeric passphrase shared
with the wireless peer.
To configure the WPA Personal security mode:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network
you want to configure.
STEP 2 Click Edit Security Mode. The Security Settings page appears.
Cisco RV110W Administration Guide 67
Configuring the Wireless Network
Configuring Basic Wireless Settings
STEP 3 In the Select SSID field, choose the SSID for which to configure the security
settings.
STEP 4 From the Security Mode menu, choose one of the three WPA Personal options.
STEP 5 (WPA-Personal only) In the Encryption field, choose one of the following options:
• TKIP/AES—Choose TKIP/AES to ensure compatibility with older wireless
devices that may not support AES.
• AES—This option is more secure.
STEP 6 In the Security Key field, enter an alphanumeric phrase (8–63 ASCII characters or
64 hexadecimal digits). The password strength meter shows how secure the key
is: below minimum, weak, strong, very strong, or secure. We recommend using a
security key that registers on the strength meter as secure.
STEP 7 To show the security key as you are entering it, check the Unmask Password box.
3
STEP 8 In the Key Renewal field, enter the duration of time (600–7200 seconds) between
key renewals. The default value is 3600.
STEP 9 Click Save to save your settings.
STEP 10 Click Back to go back to the Basic Settings page.
Configuring WPA-Enterprise, WPA2-Enterprise, and WPA2-Enterprise Mixed
The WPA Enterprise, WPA2 Enterprise, and the WPA2 Enterprise Mixed security
modes allow you to use RADUIS server authentication.
• WPA-Enterprise—Allows you to use WPA with RADIUS server
authentication.
• WPA2-Enterprise—Allows you to use WPA2 with RADIUS server
authentication.
• WPA2-Enterprise Mixed—Allows both WPA and WPA2 clients to connect
simultaneously using RADIUS authentication.
To configure the WPA Enterprise security mode:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network
you want to configure.
STEP 2 Click Edit Security Mode.
Cisco RV110W Administration Guide 68
Configuring the Wireless Network
Configuring Basic Wireless Settings
STEP 3 In the Select SSID field, choose the SSID for which to configure the security
settings.
STEP 4 From the Security Mode menu, choose one of the three WPA Enterprise options.
STEP 5 (WPA-Enterprise only) In the Encryption field, choose one of the following options:
• TKIP/AES—Choose TKIP/AES to ensure compatibility with older wireless
devices that may not support AES.
• AES—This option is more secure.
STEP 6 In the RADIUS Server field, enter the IP address of the RADIUS server.
STEP 7 In the RADIUS Port field, enter the port used to access the RADIUS server.
STEP 8 In the Shared Key field, enter an alphanumeric phrase (8–63 ASCII characters or
64 hexadecimal digits).
3
STEP 9 In the Key Renewal field, enter the duration of time (600–7200 seconds) between
key renewals. The default value is 3600.
STEP 10 Click Save to save your settings.
STEP 11 Click Back to go back to the Basic Settings page.
Configuring MAC Filtering
You can use MAC Filtering to permit or deny access to the wireless network based
on the MAC (hardware) address of the requesting device. For example, you can
enter the MAC addresses of a set of computers and only allow those computers to
access the network. You can configure MAC Filtering for each network or SSID.
To configure MAC filtering:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network
you want to configure.
STEP 2 Click Edit MAC Filtering. The Wireless MAC Filter page appears.
STEP 3 In the Edit MAC Filtering field, check the Enable box to enable MAC Filtering for
this SSID.
Cisco RV110W Administration Guide 69
Configuring the Wireless Network
Configuring Basic Wireless Settings
STEP 4 In the Connection Control field, choose the type of access to the wireless
network:
• Prevent—Select this option to prevent devices with the MAC addresses
listed in the MAC Address Table from accessing the wireless network. This
option is selected by default.
• Permit—Select this option to allow devices with the MAC addresses listed
in the MAC Address Table to access the wireless network.
STEP 5 To show computers and other devices on the wireless network, click
Show Client List.
STEP 6 In the Save to MAC Address Filter List filed, check the box to add the device to
the list of devices to be added to the MAC Address Table.
STEP 7 Click Add to MAC to add the selected devices in the Client List Table to the
MAC Address Table.
3
STEP 8 Click Save to save your settings.
STEP 9 Click Back to go back to the Basic Settings page.
Configuring Time of Day Access
To further protect your network, you can restrict access to it by specifying when
users can access the network.
To configure Time of Day Access:
STEP 1 In the Wireless Table (Wireless > Basic Settings), check the box for the network
you want to configure.
STEP 2 Click Time of Day Access. The Time of Day Access page appears.
STEP 3 In the Active Time field, check Enable to enable Time of Day Access.
STEP 4 In the Start Time and Stop Time fields, specify the time of day period when
access to the network is allowed.
STEP 5 Click Save.
Cisco RV110W Administration Guide 70
Configuring the Wireless Network
Configuring Basic Wireless Settings
Configuring the Wireless Guest Network
The Cisco RV110W supports a wireless “guest” network that is separated from
the other wireless SSIDs, or networks, on the router. This router provides secure
guest access that is isolated from the rest of the network, and can be configured
to restrict access time and bandwidth used. The following restrictions and
configuration guidelines apply:
• One guest network can be configured for each Cisco RV110W
• The guest network is configured as one of the four available SSIDs on the
Cisco RV110W
• The guest network cannot be configured on the AP Management VLAN
(VLAN ID 1).
To configure the guest network:
3
Create a new VLAN
STEP 1 In the Management Interface, choose Networking > LAN > VLAN Membership.
STEP 2 In the
click Add Row and enter the following:
STEP 3 Leave the ports as tagged and click Save.
Set up the Guest network:
STEP 1 In the Management Interface, choose Wireless > Basic Settings.
STEP 2 In the
the guest network.
STEP 3 Click Edit. Change the SSID name to reflect the “guest” designation (for example,
“
VLAN Setting Table
• VLAN ID—Enter a number for the VLAN (for example, 4).
• Description—Enter a name for the VLAN (for example, guest-net).
Wireless Table
guest-net
”).
, add a new VLAN for the guest network. For example,
, choose the SSID or network that you want to designate as
STEP 4 Check the
wireless connection to clients searching for networks.
STEP 5 Check the
Cisco RV110W Administration Guide 71
SSID Broadcast
Guest Network
box so that the network will appear as an available
box to configure this SSID as the guest network.
Configuring the Wireless Network
Configuring Basic Wireless Settings
STEP 6 Choose the VLAN you created for the guest network (or, if you have not yet
created a network, select Add New VLAN).
STEP 7 Click Save. The system notifies you that the physical Ethernet ports on the
Cisco RV110W are excluded from the VLAN that you have assigned to the guest
network. In addition, Wireless Isolation with SSID and WMM are automatically
enabled.
Configure the Password and Other Options
STEP 1 In the Management Interface, choose Wireless > Basic Settings.
3
STEP 2 Under the
STEP 3 Enter a password that users will enter to access the guest network.
STEP 4 Enter the password again to confirm.
STEP 5 Enter the time, in minutes, that the guest connection will be available for users.
STEP 6 (Optional) To restrict bandwidth usage by the guest network, check
Bandwidth Restriction
Management page if you need to configure QoS.) In the
enter the percentage of bandwidth to allocate to the guest network.
STEP 7 Click Save.
Wireless Table
. (QoS must be enabled first; click the link to the Bandwidth
, click Edit Guest Net.
Enable Guest
Available Bandwidth
field,
Cisco RV110W Administration Guide 72
Configuring the Wireless Network
Configuring Advanced Wireless Settings
Configuring Advanced Wireless Settings
Advanced wireless settings should be adjusted only by an expert administrator;
incorrect settings can reduce wireless performance.
To configure advanced wireless settings:
STEP 1 Choose Wireless > Advanced Settings. The Advanced Settings page appears.
STEP 2 Configure these settings:
Frame Burst Enable this option to provide your wireless networks
with greater performance, depending on the
manufacturer of your wireless products. If you are not
sure how to use this option, keep the default (enabled).
3
WMM No
Acknowledgement
Basic Rate The Basic Rate setting is not the rate of transmission but
Click to enable this feature.
Enabling WMM No Acknowledgement can result in more
efficient throughput, but higher error rates in a noisy
Radio Frequency (RF) environment. Default setting is
disabled
a series of rates at which the Services Ready Platform
can transmit. The Cisco RV110W advertises its basic
rate to the other wireless devices in your network, so
they know which rates will be used. The Services Ready
Platform will also advertise that it will automatically
select the best rate for transmission.
The default setting is Default, when the Cisco RV110W
can transmit at all standard wireless rates (1 Mbps, 2
Mbps, 5.5 Mbps, 11 Mbps, 18 Mbps, 24 Mbps, 36 Mbps,
48 Mbps, and 54 Mbps). In addition to B and G speeds,
the Cisco RV110W supports N speeds. Other options
are 1-2 Mbps, for use with older wireless technology,
and All, when the Cisco RV110W can transmit at all
wireless rates.
The Basic Rate is not the actual rate of data transmission.
If you want to specify the Cisco RV110W rate of data
transmission, configure the Transmission Rate setting.
Cisco RV110W Administration Guide 73
Configuring the Wireless Network
Configuring Advanced Wireless Settings
Transmission Rate The rate of data transmission should be set depending
3
on the speed of your wireless network. You can select
from a range of transmission speeds, or you can select
Auto to have the Cisco RV110W automatically use the
fastest possible data rate and enable the Auto-Fallback
feature. Auto-Fallback will negotiate the best possible
connection speed between the Cisco RV110W and a
wireless client. The default is Auto.
N Transmission
Rate
CTS Protection
Mode
Beacon Interval The Beacon Interval value indicates the frequency
The rate of data transmission should be set depending
on the speed of your Wireless-N networking. You can
select from a range of transmission speeds, or you can
select Auto to have the Cisco RV110W automatically
use the fastest possible data rate and enable the AutoFallback feature. Auto-Fallback will negotiate the best
possible connection speed between the Cisco RV110W
and a wireless client. The default is Auto.
The Cisco RV110W will automatically use CTS (Clear-ToSend) Protection Mode when your Wireless-N and
Wireless-G devices are experiencing severe problems
and are not able to transmit to the Cisco RV110W in an
environment with heavy 802.11b traffic.
This function boosts the Cisco RV110W ability to catch
all Wireless-N and Wireless-G transmissions but will
severely decrease performance. The default is Auto.
interval of the beacon. A beacon is a packet broadcast
by the Cisco RV110W to synchronize the wireless
network.
Enter a value between 40 and 3,500 milliseconds. The
default value is 100.
Cisco RV110W Administration Guide 74
Configuring the Wireless Network
Configuring Advanced Wireless Settings
DTIM Interval This value, between 1 and 255, indicates the interval of
3
the Delivery Traffic Indication Message (DTIM). A DTIM
field is a countdown field informing clients of the next
window for listening to broadcast and multicast
messages.
When the Cisco RV110W has buffered broadcast or
multicast messages for associated clients, it sends the
next DTIM with a DTIM Interval value. Its clients hear the
beacons and awaken to receive the broadcast and
multicast messages. The default value is 1.
Fragmentation
Threshold
RTS Threshold If you encounter inconsistent data flow, enter only minor
This value specifies the maximum size for a packet
before data is fragmented into multiple packets. If you
experience a high packet error rate, you may slightly
increase the Fragmentation Threshold.
Setting the Fragmentation Threshold too low may result
in poor network performance. Only minor reduction of
the default value is recommended. In most cases, it
should remain at its default value of 2346.
reductions. The default value of 2347 is recommended.
If a network packet is smaller than the preset Request to
Send (RTS) threshold size, the RTS/Clear to Send (CTS)
mechanism will not be enabled. The Services Ready
Platform sends RTS frames to a particular receiving
station and negotiates the sending of a data frame.
After receiving an RTS, the wireless station responds
with a CTS frame to acknowledge the right to begin
transmission.
STEP 3 Click Save.
Cisco RV110W Administration Guide 75
Configuring the Wireless Network
Configuring WDS
Configuring WDS
A Wireless Distribution System (WDS) is a system that enables the wireless
interconnection of access points in a network. It allows a wireless network to be
expanded using multiple access points without the need for a wired backbone to
link them.
To establish a WDS link, the Cisco RV110W and other remote WDS peers must be
configured in the same wireless network mode, wireless channel, wireless band
selection, and encryption types (None and WEP).
NOTE WDS is supported on one SSID only.
To configure a WDS:
STEP 1 Choose Wireless > WDS.
3
STEP 2 Check the Allow wireless signal to be repeated by a repeater box to enable
WDS.
STEP 3 To manually enter the MAC address of a repeater, click the Manual button, or
choose Auto to have the router automatically detect the remote access points.
STEP 4 (Optional) Click the Show Site Survey button.
The Available Networks Table appears listing the available wireless network
access points.
a. (Optional) Click the Refresh button to update the entries in the table.
b. In the Available Networks Table, select up to three access points to use as
repeaters.
c. To add the MAC addresses of the selected access points to the MAC fields
below the table, click Connect.
STEP 5 If you clicked the Manual button, enter the MAC addresses of up to three access
points to use as repeaters in the MAC 1, MAC 2, and MAC 3 fields.
STEP 6 Click Save.
Cisco RV110W Administration Guide 76
Configuring the Wireless Network
Configuring WPS
Configuring WPS
You can configure WPS on the Cisco RV110W to allow WPS-enabled devices to
more easily connect to the wireless network.
To configure WPS on client devices:
STEP 1 Choose Wireless > WPS. The Wi-Fi Protected Setup page appears
STEP 2 From the SSID drop-down menu, choose the wireless network on which to enable
WPS.
STEP 3 In the WPS field, check Enable to enable WPS. To disable WPS, uncheck the box.
STEP 4 Configure the WPS on client devices in one of the following three ways:
• WPS Method 1
3
• WPS Method 2
• WPS Method 3
After you configure WPS, the following information appears at the bottom of the
WPS page: Wi-Fi Protected Setup Status, Network Name (SSID), Security,
Encryption, and Passphrase.
WPS Method 1
Use this method if your client device has a WPS button.
STEP 1 Click or press the WPS button on the client device.
STEP 2 On the WPS page, click the WPS button. When WPS configuration is completed, a
dialog box appears.
STEP 3 Click OK.
Refer to your client device or its documentation for additional instructions on
setting up your client device.
Cisco RV110W Administration Guide 77
Configuring the Wireless Network
Configuring WPS
WPS Method 2
Use this method if the client device has a WPS PIN number.
STEP 1 On the WPS page, enter the PIN number in the field.
STEP 2 Click Register.
STEP 3 After configuration is completed, click OK.
Refer to your client device or its documentation for further instructions on setting
up your client device.
WPS Method 3
If the client device requires a PIN number from the router, use the number listed in
item 3 on the WPS page.
3
Cisco RV110W Administration Guide 78
Configuring the Firewall
This chapter describes how to configure the firewall properties of the RV110W.
• Cisco RV110W Firewall Features
• Configuring Basic Firewall Settings
• Managing Firewall Schedules
• Configuring Services Management
4
• Configuring Access Rules
• Creating an Internet Access Policy
• Configuring Port Forwarding
Cisco RV110W Firewall Features
You can secure your network by creating and applying rules that the
Cisco RV110W uses to selectively block and allow inbound and outbound Internet
traffic. You then specify how and to what devices the rules apply. To do so, you
must define the following:
• Services or traffic types (examples: web browsing, VoIP, other standard
services and also custom services that you define) that the router should
allow or block.
• Direction for the traffic by specifying the source and destination of traffic;
this is done by specifying the “From Zone” (LAN/WAN/DMZ) and “To Zone”
(LAN/WAN/DMZ).
• Schedules as to when the router should apply rules.
• Keywords (in a domain name or on a URL of a web page) that the router
should allow or block.
Cisco RV110W Administration Guide 79
Configuring the Firewall
Cisco RV110W Firewall Features
You can, for example, establish restricted-access policies based on time-of-day,
web addresses, and web address keywords. You can block Internet access by
applications and services on the LAN, such as chat rooms or games. You can block
just certain groups of PCs on your network from being accessed by the WAN or
public DMZ network.
Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your network,
selectively allowing only specific outside users to access specific local resources.
By default, all access from the insecure WAN side is blocked from accessing the
secure LAN, except in response to requests from the LAN or DMZ. To allow
outside devices to access services on the secure LAN, you must create a firewall
rule for each service.
4
• Rules for allowing or blocking inbound and outbound Internet traffic for
specified services on specified schedules.
• MAC addresses of devices whose inbound access to your network the
router should block.
• Port triggers that signal the router to allow or block access to specified
services as defined by port number.
• Reports and alerts that you want the router to send to you.
If you want to allow incoming traffic, you must make the router's WAN port IP
address known to the public. This is called “exposing your host.” How you make
your address known depends on how the WAN ports are configured; for the
Cisco RV110W, you may use the IP address if a static address is assigned to the
WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can
be used.
Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network,
selectively allowing only specific local users to access specific outside resources.
The default outbound rule is to allow access from the secure zone (LAN) to either
the public DMZ or insecure WAN. To block hosts on the secure LAN from
accessing services on the outside (insecure WAN), you must create a firewall rule
for each service.
Cisco RV110W Administration Guide 80
Configuring the Firewall
Configuring Basic Firewall Settings
Configuring Basic Firewall Settings
To configure basic firewall settings:
STEP 1 Choose Firewall > Basic Settings.
STEP 2 Configure the following firewall settings:
Firewall Check Enable to configure firewall settings.
DoS Protection Check Enable to enable Denial of Service
protection.
Block WAN Request Blocks ping requests to the Cisco RV110W from
the WAN.
4
Web Access Choose the type of web access that can be used
to connect to the firewall: HTTP or HTTPS (secure
HTTP).
Remote Management
Remote Access
Remote Upgrade
Allowed Remote IP
Address
Remote Management
Port
IPv4 Multicast
Passthrough (IGMP
Proxy)
IPv6 Multicast
Passthrough (IGMP
Proxy)
UPnP
Allow Users to Configure
Allow Users to Disable
Internet Access
See Configuring Remote Management.
Check Enable to enable multicast passthrough for
IPv4.
Check Enable to enable multicast passthrough for
IPv6.
See Configuring Universal Plug and Play.
Cisco RV110W Administration Guide 81
Configuring the Firewall
Configuring Basic Firewall Settings
Block Java Check to block Java applets. Java applets are
Block Cookies Check to block cookies. Cookies are used to store
4
small programs embedded in web pages that
enable dynamic functionality of the page. A
malicious applet can be used to compromise or
infect computers.
Enabling this setting blocks Java applets from
being downloaded. Click Auto to automatically
block Java, or click Manual and enter a specific
port on which to block Java.
session information by websites that usually
require login. However, several websites use
cookies to store tracking information and browsing
habits. Enabling this option filters out cookies from
being created by a website.
Many websites require that cookies be accepted in
order for the site to be accessed properly. Blocking
cookies can cause many websites to not function
properly.
Click Auto to automatically block cookies, or click
Manual and enter a specific port on which to block
cookies.
Block ActiveX Check to block ActiveX content. Similar to Java
applets, ActiveX controls are installed on a
Windows computer while running Internet Explorer.
A malicious ActiveX control can be used to
compromise or infect computers.
Enabling this setting blocks ActiveX applets from
being downloaded.
Click Auto to automatically block ActiveX, or click
Manual and enter a specific port on which to block
ActiveX.
Cisco RV110W Administration Guide 82
Configuring the Firewall
Configuring Basic Firewall Settings
Block Proxy Check to block proxy servers. A proxy server (or
STEP 3 Click Save.
4
proxy) allows computers to route connections to
other computers through the proxy, thus
circumventing certain firewall rules.
For example, if connections to a specific IP address
are blocked by a firewall rule, the requests can be
routed through a proxy that is not blocked by the
rule, rendering the restriction ineffective. Enabling
this feature blocks proxy servers.
Click Auto to automatically block proxy servers, or
click Manual and enter a specific port on which to
block proxy servers.
Configuring Remote Management
You can enable remote management so you can access the Cisco RV110W from a
remote WAN network.
To configure remote management, configure these settings on the Basic Settings
page:
Remote Management Check Enable to enable remote management.
Remote Access Choose the type of web access that can be used
to connect to the firewall: HTTP or HTTPS (secure
HTTP).
Remote Upgrade To allow remote upgrades of the Cisco RV110W,
check Enable.
Allowed Remote IP
Address
Click the Any IP Address button to allow remote
management from any IP address, or enter a
specific IP address in the address field.
Cisco RV110W Administration Guide 83
Configuring the Firewall
!
Configuring Basic Firewall Settings
4
Remote Management
Port
CAUTION When remote management is enabled, the router is accessible to anyone who
knows its IP address. Because a malicious WAN user can reconfigure the
Cisco RV110W and misuse it, it is highly recommended that you change the
administrator and any guest passwords before continuing.
Enter the port on which remote access is allowed.
The default port is 443. When remotely accessing
the router, you must enter the remote management
port as part of the IP address. For example:
https://<
168.10.1.11:443
remote-ip
>:<
remote-port
>, or https://
Configuring Universal Plug and Play
Universal Plug and Play (UPnP) allows automatic discovery of devices that can
communicate with the Cisco RV110W.
To configure UPnP, configure these settings on the Basic Settings page:
UPnP Check Enable to enable UPnP.
Allow Users to Configure Check this box to allow UPnP port-mapping rules
to be set by users who have UPnP support enabled
on their computers or other UPnP enabled devices.
If disabled, the Cisco RV110W does not allow
application to add the forwarding rule.
Allow Users to Disable
Internet Access
Check this box to allow users to disable Internet
access.
Cisco RV110W Administration Guide 84
Configuring the Firewall
Managing Firewall Schedules
Managing Firewall Schedules
You can create firewall schedules to apply firewall rules on specific days or at
specific times of the day.
Adding or Editing a Firewall Schedule
To create or edit a schedule:
STEP 1 Choose Firewall > Schedule Management.
STEP 2 Click Add Row.
STEP 3 In the Name field, enter a unique name to identify the schedule. This name is
available on the Firewall Rule Configuration page in the Select Schedule list. (See
Configuring Access Rules.)
4
STEP 4 Under Scheduled Days, select whether you want the schedule to apply to all days
or specific days. If you choose Specific Days, check the box next to the days you
want to include in the schedule.
STEP 5 Under Scheduled Time of Day, select the time of day that you want the schedule
to apply. You can either choose All Times, or choose Specific Time. If you choose
Specific Time, enter the start and end times.
STEP 6 Click Save.
Configuring Services Management
When you create a firewall rule, you can specify a service that is controlled by the
rule. Common types of services are available for selection, and you can create
your own custom services.
The Services Management page allows you to create custom services against
which firewall rules can be defined. Once defined, the new service appears in the
List of Available Custom Services table.
Cisco RV110W Administration Guide 85
Configuring the Firewall
Configuring Access Rules
STEP 1 Choose Firewall > Service Management.
STEP 2 Click Add Row.
STEP 3 In the Service Name field, enter the service name for identification and
STEP 4 In the Protocol field, choose the Layer 4 protocol that the service uses from the
4
To create a custom service:
management purposes.
drop-down menu:
• TCP
• UDP
• TCP & UDP
• ICMP
STEP 5 In the Start Port field, enter the first TCP or UDP port of the range that the service
uses.
STEP 6 In the End Port field, enter the last TCP or UDP port of the range that the service
uses.
STEP 7 Click Save.
To edit an entry, select the entry and click Edit. Make your changes, then click
Save.
Configuring Access Rules
Configuring the Default Outbound Policy
The Access Rules page allows you to configure the default outbound policy for
the traffic that is directed from the secure network (LAN) to the non-secure
network (dedicated WAN/optional).
The default inbound policy for traffic flowing from the non-secure zone to the
secure zone is always blocked and cannot be changed.
Cisco RV110W Administration Guide 86
Configuring the Firewall
Configuring Access Rules
STEP 1 Choose Firewall > Access Rules.
STEP 2 Choose Allow or Deny.
STEP 3 Click Save.
4
To configure the default outbound policy:
Note: Ensure that IPv6 support is enabled on the Cisco RV110W to configure an
IPv6 firewall. See Configuring IPv6.
Reordering Access Rules
The order in which access rules are displayed in the access rules table indicates
the order in which the rules are applied. You may want to reorder the table to have
certain rules applied before other rules. For example, you may want to apply a rule
allowing certain types of traffic before blocking other types of traffic.
To r e o r d er a c c e s s r u l e s :
STEP 1 Choose Firewall > Access Rules.
STEP 2 Click Reorder.
STEP 3 Check the box in the row of the rule that you want to move up or down and click
the up or down arrow to move the rule up or down one line, or select the desired
position of the rule in the drop-down list and click Move to.
STEP 4 Click Save.
Adding Access Rules
All configured firewall rules on the Cisco RV110W are displayed in the Access
Rules Table. This list also indicates whether the rule is enabled (active) and gives a
summary of the “from/to” zone as well as the services and users the rule affects.
To create an access rule:
STEP 1 Choose Firewall > Access Rules.
STEP 2 Click Add Row.
Cisco RV110W Administration Guide 87
Configuring the Firewall
Configuring Access Rules
STEP 3 In the Connection Type field, choose the source of originating traffic:
STEP 4 From the Action drop-down menu, choose the action:
4
• Outbound (LAN > WAN)—Choose this option to create an outbound rule.
• Inbound (WAN > LAN)—Choose this option to create an inbound rule.
• Inbound (WAN > DMZ)—Choose this option to create an inbound rule.
• Always Block—Always block the selected type of traffic.
• Always Allow—Never block the selected type of traffic.
• Block by schedule, otherwise allow—Blocks the selected type of traffic
according to a schedule.
• Allow by schedule, otherwise block—Allows the selected type of traffic
according to a schedule.
STEP 5 From the Services drop-down menu, choose the service to allow or block for this
rule. Choose All Traffic to allow the rule to apply to all applications and services,
or choose a single application to block:
• Domain Name System (DNS), UDP or TCP
• File Transfer Protocol (FTP)
• Hyptertext Transfer Protocol (HTTP)
• Secure Hypertext Transfer Protocol (HTTPS)
• Trivial File Transfer Protocol (TFTP)
• Internet Message Access Protocol (IMAP)
• Network News Transport Protocol (NNTP)
• Post Office Protocol (POP3)
• Simple Network Management Protocol (SNMP)
• Simple Mail Transfer Protocol (SMTP)
• Te l n e t
• STRMWORKS
• Terminal Access Controller Access-Control System (TACACS)
• Te l ne t ( c o m m an d )
Cisco RV110W Administration Guide 88
Configuring the Firewall
Configuring Access Rules
STEP 6 (Optional) Click Configure Services to go to the Service Management page to
STEP 7 In the Source IP field, select the users to which the firewall rule applies:
4
• Te l ne t S e c on d a r y
• Te l ne t S S L
• Voice (SIP)
configure the services before applying access rules to them.
See Configuring Services Management for more information.
• Any—The rule applies to traffic originating on any host in the local network.
• Single Address—The rule applies to traffic originating on a single IP address
in the local network. Enter the address in the Start field.
• Address Range—The rule applies to traffic originating from an IP address
located in a range of addresses. Enter the starting IP address in the Start
field, and the ending IP address in the Finish field.
STEP 8 In the Log field, specify whether the packets for this rule should be logged.
To log details for all packets that match this rule, choose Always from the dropdown menu. For example, if an outbound rule for a schedule is selected as Block
Always, for every packet that tries to make an outbound connection for that
service, a message with the packet's source address and destination address
(and other information) is recorded in the log.
Enabling logging may generate a significant volume of log messages and is
recommended for debugging purposes only.
Choose Never to disable logging.
Note: When traffic is going from the LAN or DMZ to the WAN, the system requires
rewriting the source or destination IP address of incoming IP packets as they pass
through the firewall.
STEP 9 In the QoS Priority field, assign a priority to IP packets of this service. The priorities
are defined by QoS Level: (1 (lowest), 2, 3, 4 (highest)).
STEP 10 In the Rule Status field, check the box to enable the new access rule.
STEP 11 Click Save.
Cisco RV110W Administration Guide 89
Configuring the Firewall
Creating an Internet Access Policy
Creating an Internet Access Policy
The Cisco RV110W supports several options for blocking Internet access. You can
block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block
access to Internet sites by specifying keywords to block. If these keywords are
found in the site's name (for example, web site URL or newsgroup name), the site is
blocked.
Adding or Editing an Internet Access Policy
To create a Internet access policy:
STEP 1 Choose Firewall > Internet Access Policy.
STEP 2 Click Add Row.
4
STEP 3 In the Status field, check Enable.
STEP 4 Enter a policy name for identification and management purposes.
STEP 5 From the Action drop-down menu, choose the type of access restriction you need:
• Always block—Always block Internet traffic. This blocks Internet traffic to
and from all endpoints. If you want to block all traffic but allow certain
endpoints to receive Internet traffic, see Step 7.
• Always allow—Always allow Internet traffic. You can refine this to block
specified endpoints from Internet traffic; see Step 7. You can also allow all
Internet traffic except for certain websites; see Step 8.
• Block by schedule—Blocks Internet traffic according to a schedule (for
example, if you wanted to block Internet traffic during the weekday business
hours, but allow it after hours and on weekends).
• Allow by schedule—Allows Internet traffic according to a schedule.
If you chose Block by schedule or Allow by schedule, click Configure Schedules
to create a schedule. See Managing Firewall Schedules.
STEP 6 Choose a schedule from the drop-down menu.
Cisco RV110W Administration Guide 90
Configuring the Firewall
Configuring Port Forwarding
STEP 7 (Optional) Apply the access policy to specific PCs to allow or block traffic coming
STEP 8 To block traffic from specific websites:
4
from specific devices:
a. In the Apply Access Policy to the Following PCs table, click Add Row.
b. From the Type drop-down menu, choose how to identify the PC (by MAC
address, by IP address, or by providing a range of IP addresses).
c. In the Value field, depending on what you chose in the previous step, enter the
one of the following:
• MAC address (xx:xx:xx:xx:xx:xx) of the PC to which the policy applies.
• The IP address of the of the PC to which the policy applies.
• The starting and ending IP addresses of the range of addresses to block (for
example, 192.168.1.2-192.168.1.253).
a. In the Website Blocking table, click Add Row.
b. From the Type drop-down menu, choose how to block a website (by
specifying the URL or by specifying a keyword that appears in the URL).
c. In the Value field, enter the URL or keyword used to block the website.
For example, to block the example.com URL, choose URL Address from the
drop-down menu and enter example.com in the Value field. To block a URL
that has the keyword “example” in the URL, choose Keyword from the dropdown menu and enter example in the Value field.
STEP 9 Click Save.
Configuring Port Forwarding
Port forwarding is used to redirect traffic from the Internet from one port on the
WAN to another port on the LAN. Common services are available or you can define
a custom service and associated ports to forward.
The Single Port Forwarding Rules and Port Range Forwarding Rules pages list
all the available port forwarding rules for this device and allow you to configure
port forwarding rules.
Cisco RV110W Administration Guide 91
Configuring the Firewall
Configuring Port Forwarding
NOTE Port forwarding is not appropriate for servers on the LAN, since there is a
4
dependency on the LAN device making an outgoing connection before incoming
ports are opened.
Some applications require that, when external devices connect to them, they
receive data on a specific port or range of ports in order to function properly. The
router must send all incoming data for that application only on the required port or
range of ports.
The gateway has a list of common applications and games with corresponding
outbound and inbound ports to open. You can also specify a port forwarding rule
by defining the type of traffic (TCP or UDP) and the range of incoming and
outgoing ports to open when enabled.
Configuring Single Port Forwarding
To add a single port forwarding rule:
STEP 1 Choose Firewall > Single Port Forwarding. A pre-existing list of applications is
displayed.
STEP 2 In the Application field, enter the name of the application for which to configure
port forwarding.
STEP 3 In the External Port field, enter the port number that triggers this rule when a
connection request from outgoing traffic is made.
STEP 4 In the Internal Port field, enter the port number used by the remote system to
respond to the request it receives.
STEP 5 From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP & UDP).
STEP 6 In the IP Address field, enter the IP address of the host on the LAN side to which
the specific IP traffic will be forwarded. For example, you can forward http traffic
to port 80 of the IP address of a web server on the LAN side.
STEP 7 In the Enable field, check the Enable box to enable the rule.
STEP 8 Click Save.
Cisco RV110W Administration Guide 92
Configuring the Firewall
Configuring Port Forwarding
STEP 1 Choose Firewall > Port Range Forwarding.
STEP 2 In the Application field, enter the name of the application for which to configure
STEP 3 In the External Port field, specify the port number that will trigger this rule when a
STEP 4 In the Start field, specify the port number that begins the range of ports to
STEP 5 In the End field, specify the port number that ends the range of ports to forward.
STEP 6 From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP & UDP).
4
Configuring Port Range Forwarding
To add a port range forwarding rule:
port forwarding.
connection request from outgoing traffic is made.
for ward.
STEP 7 In the IP Address field, enter the IP address of the host on the LAN side to which
the specific IP traffic will be forwarded.
STEP 8 In the Enable field, check the Enable box to enable the rule.
STEP 9 Click Save.
Configuring Port Range Triggering
Port triggering allows devices on the LAN or DMZ to request one or more ports to
be forwarded to them. Port triggering waits for an outbound request from the LAN/
DMZ on one of the defined outgoing ports, and then opens an incoming port for
that specified type of traffic.
Port triggering is a form of dynamic port forwarding while an application is
transmitting data over the opened outgoing or incoming ports. Port triggering
opens an incoming port for a specific type of traffic on a defined outgoing port.
Port triggering is more flexible than static port forwarding (available when
configuring firewall rules) because a rule does not have to reference a specific
LAN IP or IP range. Ports are also not left open when not in use, thereby providing a
level of security that port forwarding does not offer.
NOTE Port triggering is not appropriate for servers on the LAN, since there is a
dependency on the LAN device making an outgoing connection before incoming
ports are opened.
Cisco RV110W Administration Guide 93
Configuring the Firewall
Configuring Port Forwarding
STEP 1 Choose Firewall > Port Range Triggering.
STEP 2 In the Application field, enter the name of the application for which to configure
STEP 3 In the Triggered Range fields, enter the port number or range of port numbers that
4
Some applications require that, when external devices connect to them, they
receive data on a specific port or range of ports in order to function properly. The
router must send all incoming data for that application only on the required port or
range of ports. The gateway has a list of common applications and games with
corresponding outbound and inbound ports to open. You can also specify a port
triggering rule by defining the type of traffic (TCP or UDP) and the range of
incoming and outgoing ports to open when enabled.
To add a port triggering rule:
port forwarding.
will trigger this rule when a connection request from outgoing traffic is made. If the
outgoing connection uses only one port, enter the same port number in both fields.
STEP 4 In the Forwarded Range fields, enter the port number or range of port numbers
used by the remote system to respond to the request it receives. If the incoming
connection uses only one port, then specify the same port number in both fields.
STEP 5 In the Enable field, check the Enable box to enable the rule.
STEP 6 Click Save.
Cisco RV110W Administration Guide 94
Configuring VPN
This chapter describes how to configure VPN and security for the Cisco RV110W.
• VPN Tunnel Types, page 95
• VPN Clients, page 96
• Configuring Certificate Management, page 108
• Configuring VPN Passthrough, page 109
5
VPN Tunnel Types
A VPN provides a secure communication channel (“tunnel”) between two gateway
routers or a remote worker and a gateway router. You can create different types of
VPN tunnels, depending on the needs of your business. Several scenarios are
described below. Read these descriptions to understand the options and the
steps required to set up your VPN.
Remote access using PPTP
In this scenario, a remote user with a Microsoft computer connects to a PPTP
server at your site to access network resources. Use this option to simplify VPN
setup. You do not have to configure VPN policies. Remote users can connect by
using the PPTP client from a Microsoft computer. There is no need to install a VPN
client. However, be aware that security vulnerabilities have been found in this
protocol.
Enter the PPTP server settings and add the users on the VPN > VPN Clients page,
in the VPN Client Setting Table. Choose PPTP as the user protocol. See Creating
and Managing PPTP Users.
Cisco RV110W Administration Guide 95
Configuring VPN
VPN Clients
5
Remote Access with Cisco QuickVPN
For quick setup with basic VPN security settings, distribute Cisco QuickVPN
software to your users, who can then securely access your network resources.
Use this option if you want to simplify the VPN setup process. You do not have to
configure VPN policies. Remote users can connect securely with the Cisco
QuickVPN client and an Internet connection.
1. Add the users on the VPN > VPN Clients page, in the VPN Client Setting Table.
Choose QuickVPN as the user protocol. See Importing VPN Client Settings.
2. Instruct users to obtain the free Cisco QuickVPN software from Cisco.com, and
install it on their computers. For more information, see Appendix A, “Using
Cisco QuickVPN.”
To enable access via Cisco QuickVPN on this router, you must enable remote
management to open port 443 for SSL. See Configuring Basic Firewall Settings.
VPN Clients
Site-to-Site VPN
The Cisco RV110W supports Site-to-Site VPN for a single gateway-to-gateway
VPN tunnel. For example, you can configure the Cisco RV110W at a branch site to
connect to the router at the corporate site, so that the branch site can securely
access the corporate network. The site-to-site VPN is configured in the VPN >
Basic VPN Setup page.
VPN client software is required to establish a VPN tunnel between the router and
remote endpoint. Open source software (such as OpenVPN or Openswan) as well
as Microsoft IPsec VPN software can be configured to establish an IPsec VPN
tunnel. Refer to the client software guide for detailed instructions on setup as well
as the router online help.
Configuring PPTP
Point to Point Tunneling Protocol (PPTP) is a network protocol that enables the
secure transfer of data from a remote client to a business network by creating a
secure VPN connection across public networks, such as the Internet.
NOTE When enabling the VPN on the Cisco RV110W, the LAN subnet on the
Cisco RV110W is automatically changed to avoid IP address conflicts between the
remote network and the local network.
Cisco RV110W Administration Guide 96
Configuring VPN
VPN Clients
STEP 1 Choose VPN > VPN Clients.
STEP 2 Do the following:
5
To configure the PPTP VPN service:
PPTP Server Check to enable the PPTP server.
IP Address for PPTP
Server
IP Address for PPTP
Clients
MPPE Encryption Check the Enable box to enable MPPE encryption.
STEP 3 Click Save.
Enter the IP address of the PPTP server.
Enter the IP address range of PPTP clients.
Microsoft Point-to-Point Encryption (MPPE) is used
when users set up and use a PPTP VPN client to
connect to the Cisco RV110W.
Configuring NetBIOS Over VPN
To enable NetBIOS over VPN:
STEP 1 In the NetBIOS over VPN field, check the box to allow NetBIOS broadcasts to
travel over the VPN tunnel. By default, the NetBIOS feature is available to client
policies.
STEP 2 Click Save.
Creating and Managing PPTP Users
To create PPTP users:
STEP 1 In the VPN Client Setting Table, click Add Row.
Cisco RV110W Administration Guide 97
Configuring VPN
VPN Clients
STEP 2 Enter this information:
STEP 3 Click Save.
5
Enable Check to enable the user.
Username Enter the username of the PPTP user
(4 to 32 characters).
Password Enter the password (4 to 32 characters).
Protocol Choose PPTP from the drop-down menu.
To edit the settings of a PPTP user, check its box and click Edit. When you are
done, click Save.
To delete a PPTP user, check its box and click Delete.
Creating and Managing QuickVPN Users
To create QuickVPN users:
STEP 1 In the VPN Client Setting Table, click Add Row.
STEP 2 Enter this information:
Enable Check to enable the user.
Username Enter the username of the QuickVPN user
(4 to 32 characters).
Password Enter the password (4 to 32 characters).
Allow User to Change
Password
Protocol Choose QuickVPN from the drop-down menu.
Check to allow the user to change the password.
STEP 3 Click Save.
To edit the settings of a QuickVPN user, check its box and click Edit. When you are
done making changes, click Save.
Cisco RV110W Administration Guide 98
Configuring VPN
!
VPN Clients
5
To delete a QuickVPN user, check its box and click Delete. Then, click Save.
For more information about QuickVPN, see Appendix A, “Using Cisco
QuickVPN.”
Importing VPN Client Settings
You can import VPN client setting files that contain the username and passwords
of clients in a Comma Separated Value (CSV) text file.
You can use a program such as Microsoft Excel to create a CSV file containing the
VPN client settings. The file should contain one row for the headings and one or
more rows for the VPN clients.
For example, the following specifies the settings of two users (a PPTP user and a
QuickVPN user) to import:
PROTOCOL USERNAME PASSWORD
PPTP pptp-user-1 12345678
QuickVPN qv-user-1 12345678
CAUTION Importing VPN client settings deletes existing settings.
To import VPN client settings:
STEP 1 Click Browse to locate the file.
STEP 2 Click Import to load the file.
STEP 3 When prompted, to delete existing VPN user settings and import the settings in
the CSV file, click Ye s.
Cisco RV110W Administration Guide 99
Configuring VPN
Configuring Basic VPN Settings (Site-to-Site VPN)
Configuring Basic VPN Settings (Site-to-Site VPN)
The Cisco RV110W supports Site-to-Site VPN for a single gateway-to-gateway
VPN tunnel. In this configuration, the Cisco RV110W creates a secure connection
to another VPN-enabled router. For example, you can configure the Cisco RV110W
at a branch site to connect to the router at the corporate site, so that the branch
site can securely access the corporate network. You could have a router like the
Cisco RV220W that supports ten site-to-site VPN tunnels and have an
Cisco RV110W at each remote site to provide secure connectivity.
To configure basic VPN settings for a site-to-site connection:
STEP 1 Choose VPN > Basic VPN Setup.
STEP 2 In the Connection Name field, enter a name for the VPN tunnel.
5
STEP 3 In the Pre-Shared Key field, enter the pre-shared key, or password, that will be
exchanged between the two routers. It must be between 8 and 49 characters.
STEP 4 In the Endpoint Information fields, enter the following information:
• Remote Endpoint—Choose the way the remote endpoint, or the router to
which the Cisco RV110W will connect, is identified (by IP address - for
example,
cisco.com
• Remote WAN (Internet) IP Address—Enter the public IP address or domain
name of the remote endpoint.
• Local WAN (Internet) IP Address—Enter the public IP address or domain
name of the local endpoint (Cisco RV110W).
STEP 5 In the Secure Connection Remote Accessibility fields, enter the following
information:
• Remote LAN (Local Network) IP Address—Enter the private network (LAN)
address of the remote endpoint. This is the IP address of the internal network
at the remote site.
• Remote LAN Subnet Mask—Enter the private network (LAN) subnet mask
of the remote endpoint.
192.168.1.1
).
- or fully-qualified domain name - for example,
• Local LAN (Local Network) IP Address—Enter the private network (LAN)
address of the local network. This is the IP address of the internal network
on the Cisco RV110W.
Cisco RV110W Administration Guide 100
Loading...