Cisco RV-120W User Manual
Cisco Small Business
RV120W Wireless-N VPN Firewall
ADMINISTRATION
GUIDE
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found
at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (1005R)
Revised June 2011
© 2011 Cisco Systems, Inc. All rights reserved. 78-19307-02
Contents
Chapter 1: Introduction 1
Product Overview 1
LAN Ethernet Interfaces 2
Wireless Access Point 2
Firewall and VPN Client Access 2
Wireless Distribution System 2
Virtual Networks 2
Security 3
Quality of Service 3
Configuration and Administration 3
Getting to Know the Cisco RV120W 4
Front Panel 4
Back Panel 5
Mounting the Cisco RV120W 6
Installation Guidelines 6
Wall Mounting 6
Connecting the Equipment 8
Setting Up the Cisco RV120W Using the Setup Wizard 12
Using the Getting Started Page 13
Initial Settings 14
Quick Access 14
Device Status 15
Other Resources 15
Navigating through the Pages 15
Saving Your Changes 17
Viewing the Help Files 18
Connecting Devices to Your Wireless Network 18
18
Cisco RV120W Administration Guide 1
Contents
Chapter 2: Configuring Networking 19
Configuring the WAN (Internet) Settings 19
Configuring the IPv4 WAN (Internet) 20
Configuring Automatic Configuration (DHCP) 20
Configuring Static IP 21
Configuring PPPoE 21
Configuring PPTP 22
Configuring L2TP 23
Configuring MTU Settings 24
Configuring the MAC Address 24
Configuring PPPoE Profiles 25
Configuring the LAN (Local Network) Settings 27
Configuring IPv4 LAN (Local Network) Settings 27
Configuring the Host Name 27
Configuring the IP Address 27
Configuring DHCP 28
Configuring the DNS Proxy 29
Configuring Virtual LAN (VLAN) Membership 30
Enabling VLANs 30
Creating a VLAN 30
Configuring Multiple VLAN Subnets 31
Configuring Static DHCP 32
Configuring Advanced DHCP Settings 33
Configuring Automatic Configuration Download 33
Adding a DHCP Client to Configuration File Map 34
Viewing DHCP Leased Clients 34
Configuring Routing 34
Choosing the Routing Mode 34
Viewing Routing Information 35
Configuring Static Routes 37
Configuring Dynamic Routing 38
Configuring Port Management 40
Configuring Dynamic DNS (DDNS) 40
Cisco RV120W Administration Guide 2
Contents
Configuring IPv6 42
Configuring the IP Mode 42
Configuring IPv6 WAN Settings 42
Configuring DHCPv6 42
Configuring a Static IP Address 43
Configuring IPv6 LAN Properties 43
Configuring IPv6 Address Pools 45
Configuring IPv6 Routing 45
Configuring Dynamic Routing 45
Configuring Static Routing 46
Configuring Tunneling 47
Viewing IPv6 Tunnel Information 47
Configuring Intra-Site Automatic Tunnel Addressing
Protocol (ISATAP) Tunnels 48
Configuring Router Advertisement 49
Configuring Router Advertisement Prefixes 50
Chapter 3: Configuring the Wireless Network 51
A Note About Wireless Security 51
Wireless Security Tips 52
General Network Security Guidelines 53
Understanding the Cisco RV120W’s Wireless Networks 54
Configuring Basic Wireless Settings 54
Configuring Radio, Mode, and Channel Settings 54
Configuring Wireless Security and Other Settings 55
Configuring Security 56
Configuring MAC Filtering 58
Configuring Wi-Fi Multimedia 59
Configuring Wireless Network (SSID) Scheduling 60
Configuring Advanced Wireless Settings 61
Configuring Wi-Fi Protected Setup 62
Configuring a Wireless Distribution System (WDS) 63
Cisco RV120W Administration Guide 3
Contents
Chapter 4: Configuring the Firewall 65
Cisco RV120W Firewall Features 65
Configuring Access Rules 67
Configuring the Default Outbound Policy 67
Creating an Access Rule 67
Configuring Attack Prevention 71
Configuring Content Filtering 72
Enabling Content Filtering 72
Blocking Web Components 73
Adding Trusted Domains 74
Configuring URL Blocking 74
Configuring Port Triggering 75
Configuring Port Forwarding 76
Configuring a DMZ Host 80
Configuring Advanced Firewall Settings 80
Configuring One-to-One Network Address Translation (NAT) 80
Configuring MAC Address Filtering 81
Configuring IP/MAC Address Binding 82
Creating Custom Services 83
Creating Firewall Schedules 84
Configuring Sessions 84
Configuring Internet Group Management Protocol (IGMP) 85
Configuring LAN (Local Network) Groups 86
Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG) 87
Firewall Configuration Examples 87
Chapter 5: Configuring Virtual Private Networks (VPNs) and Security 92
Configuring VPNs 92
Creating Cisco QuickVPN Client Users 93
Cisco RV120W Administration Guide 4
Contents
Configuring a Basic VPN 93
Viewing the Default VPN Settings 94
Configuring Advanced VPN Parameters 94
Configuring IKE Policies 95
Configuring VPN Policies 98
Configuring VPN Clients 103
Monitoring VPN Tunnel Status 104
Configuring VPN Users 105
Configuring a PPTP Server 105
Adding New VPN Users 106
Configuring VPN Passthrough 106
Configuring Security 107
Using Certificates for Authentication 107
Generating New Certificates 108
Importing a Certificate from a File 108
Exporting the Router’s Current Certificate 109
Using the Cisco RV120W With a RADIUS Server 109
Configuring 802.1x Port-Based Authentication 110
Chapter 6: Configuring Quality of Service (QoS) 112
Configuring WAN QoS Profiles 112
Configuring Profile Binding 114
Configuring CoS Settings 115
Mapping CoS Settings to DSCP Values 116
Chapter 7: Administering Your Cisco RV120W 117
Configuring Password Rules 118
Using the Management Interface 118
Configuring Web Access 119
Configuring Remote Management 119
Configuring User Accounts 120
Setting the Session Timeout Value 120
Cisco RV120W Administration Guide 5
Contents
Configuring Network Management 121
Configuring SNMP 121
Editing SNMPv3 Users 121
Adding SNMP Traps 122
Configuring Access Control Rules 122
Configuring Additional SNMP Information 123
Configuring the WAN Traffic Meter 123
Using Network Diagnostic Tools 125
Using PING 125
Using Traceroute 125
Performing a DNS Lookup 126
Capturing and Tracing Packets 126
Configuring Logging 126
Configuring Logging Policies 127
Configuring Firewall Logs 127
Configuring Remote Logging 128
Configuring Email Logging 129
Configuring the Discovery Settings 130
Configuring Bonjour 130
Configuring UPnP 131
Configuring Time Settings 132
Backing Up and Restoring the System 132
Upgrading Firmware 134
Rebooting the Cisco RV120W 134
Restoring the Factory Defaults 135
Chapter 8: Viewing the Cisco RV120W Status 136
Viewing the Dashboard 136
Viewing the System Summary 139
Viewing the Wireless Statistics 142
IPsec Connection Status 143
Viewing VPN Client Connection Status 144
Cisco RV120W Administration Guide 6
Viewing Logs 145
Viewing Available LAN Hosts 146
Viewing Port Triggering Status 147
Viewing Port Statistics 148
Viewing Open Ports 149
Contents
Appendix A: Using Cisco QuickVPN for Windows 7, 2000, XP, or Vista 150
Overview 150
Before You Begin 150
Installing the Cisco QuickVPN Software 151
Installing from the CD-ROM 151
Downloading and Installing from the Internet 151
Using the Cisco QuickVPN Software 152
Appendix B: Where to Go From Here 154
Cisco RV120W Administration Guide 7
Introduction
This chapter describes the features of the Cisco RV120W, guides you through the
installation process, and gets you started using the Device Manager, a browserbased utility for configuring the Cisco RV120W.
1
• Product Overview, page 1
• Getting to Know the Cisco RV120W, page 4
• Mounting the Cisco RV120W, page 6
• Connecting the Equipment, page 8
• Setting Up the Cisco RV120W Using the Setup Wizard, page12
• Using the Getting Started Page, page 13
• Navigating through the Pages, page 15
• Saving Your Changes, page 17
• Viewing the Help Files, page 18
• Connecting Devices to Your Wireless Network, page 18
Product Overview
Thank you for choosing the Cisco Small Business RV120W Wireless-N VPN
Firewall.
The Cisco RV120W is an advanced Internet-sharing network solution for your
small business needs. It allows multiple computers in your office to share an
Internet connection through both wired and wireless connections.
The Cisco RV120W provides a Wireless-N access point, combined with support
for Virtual Private Networks (VPNs) to make your network more secure. Its 10/100
Ethernet WAN interface connects directly to your broadband DSL or Cable
modem.
Cisco RV120W Administration Guide 1
Introduction
Product Overview
1
LAN Ethernet Interfaces
The Cisco RV120W provides four full-duplex 10/100 Ethernet LAN interfaces that
can connect up to four devices.
Wireless Access Point
The wireless access point supports the 802.11n standard with MIMO technology,
which multiplies the effective data rate. This technology provides better
throughput and coverage than 802.11g networks.
Firewall and VPN Client Access
The Cisco RV120W incorporates a Stateful Packet Inspection (SPI)-based firewall
with Denial of Service (DoS) prevention and a Virtual Private Network (VPN)
engine for secure communication between mobile or remote workers and branch
offices.
The Cisco RV120W supports up to ten gateway-to-gateway IP Security (IPsec)
tunnels to facilitate branch office connectivity through encrypted virtual links.
Users connecting through a VPN tunnel are attached to your company’s network
with secure access to files, e-mail, and your intranet as if they were in the building.
You can also use the VPN capability to allow users on your small office network to
securely connect out to a corporate network
Wireless Distribution System
The Cisco RV120W’s wireless access point supports Wireless Distribution
System (WDS), which allows the wireless coverage to be expanded without wires.
Virtual Networks
The access point also supports multiple SSIDs for the use of virtual networks (up
to 4 separate virtual networks), with 802.1Q-based VLAN support for traffic
separation.
Cisco RV120W Administration Guide 2
Introduction
Product Overview
1
Security
The Cisco RV120W implements WPA2-PSK, WPA2-ENT, and WEP encryption,
along with other security features including the disabling of SSID broadcasts,
MAC-based filtering, and allowing or denying “time of day” access per SSID.
Quality of Service
The Cisco RV120W supports Wi-Fi Multimedia (WMM) and Wi-Fi Multimedia
Power Save (WMM-PS) for wireless Quality of Service (QoS). It supports 802.1p,
Differentiated Services Code Point (DSCP), and Type of Service (ToS) for wired
QoS, which can improve the quality of your network when using delay-sensitive
Voice over IP (VoIP) applications and bandwidth-intensive video streaming
applications.
Configuration and Administration
With the Cisco RV120W’s embedded web server, you can configure the firewall’s
settings using the browser-based Device Manager. The Cisco RV120W supports
Internet Explorer, Firefox, and Safari web browsers.
Cisco RV120W Administration Guide 3
Introduction
Getting to Know the Cisco RV120W
The Cisco RV120W also provides a setup wizard. The setup wizard allows you to
easily configure the Cisco RV120W’s basic settings.
Getting to Know the Cisco RV120W
Front Panel
1
POWER—The Power LED lights up green to indicate the device is powered on.
Flashes green when the power is coming on or software is being upgraded.
WAN LED—The WAN (Internet) LED lights up green when the device is connected
to your cable or DSL modem. The LED flashes green when the device is sending
or receiving data over the WAN port.
WIRELESS—The Wireless LED lights up green when the wireless module is
enabled. The LED is off when the wireless module is disabled. The LED flashes
green when the device is transmitting or receiving data on the wireless module.
LAN—These four LEDs correspond to the four LAN (Ethernet) ports of the Cisco
RV120W. If the LED is continuously lit green, the Cisco RV120W is connected to a
device through the corresponding port (1, 2, 3, or 4). The LED for a port flashes
green when the Cisco RV120W is actively sending or receiving data over that port.
Cisco RV120W Administration Guide 4
Introduction
Getting to Know the Cisco RV120W
Back Panel
1
RESET Button—The Reset button has two functions:
• If the Cisco RV120W is having problems connecting to the Internet, press
the RESET button for less than five seconds with a paper clip or a pencil tip.
This is similar to pressing the reset button on your PC to reboot it.
• If you are experiencing extreme problems with the Cisco RV120W and have
tried all other troubleshooting measures, press and hold in the RESET
button for 10 seconds. This will restore the factory defaults and clear all of
the Cisco RV120W settings.
LAN Ports (1-4)—These ports provide a LAN connection to network devices,
such as PCs, print servers, or additional switches.
WAN Por t—The WAN port is connected to your Internet device, such as a cable or
DSL modem.
ON/OFF Power Switch—Press this button to turn the Cisco RV120W on and off.
When the button is pushed in, power is on.
Power Port—The power port is where you connect the AC power cable.
Cisco RV120W Administration Guide 5
Introduction
195114
Wall
mount
slots
2-7/16
Mounting the Cisco RV120W
Mounting the Cisco RV120W
You can place your Cisco RV120W on a desktop or mount it on a wall.
Installation Guidelines
• Ambient Temperature—To prevent the device from overheating, do not
operate it in an area that exceeds an ambient temperature of
104°F (40°C).
• Air Flow—Be sure that there is adequate air flow around the device.
• Mechanical Loading—Be sure that the device is level and stable to avoid
any hazardous conditions.
For desktop placement, place the Cisco RV120W device horizontally on a flat
surface so that it sits on its four rubber feet.
1
Wall Mounting
STEP 1 Determine where you want to mount the device and install two screws (not
supplied) that are 2-7/16 in. apart (approximately 61 mm). Mounting screws should
have a head that is approximately 5.5 mm in diameter and 2 mm deep, with a shaft
that is at least15.5 mm long and approximately 3.5 mm wide. (Your wall may
require shorter or longer screws, or drywall anchors.)
Do not mount the screw heads flush with the wall; the screw heads must fit inside
the back of the device.
STEP 2 With the back panel pointing up (if installing vertically), line up the device so that
the wall-mount slots on the bottom of the device line up with the two screws.
Cisco RV120W Administration Guide 6
Introduction
Mounting the Cisco RV120W
STEP 3 Place the wall-mount slots over the screws and slide the device down until the
1
screws fit snugly into the wall-mount slots.
Cisco RV120W Administration Guide 7
Introduction
Connecting the Equipment
Connecting the Equipment
Before you begin the installation, make sure that you have the following equipment
and services:
Required
• Functional Internet Connection (Broadband DSL or cable modem).
• Ethernet cable for WAN (Internet) connection.
• PC with functional network adapter (Ethernet connection) to run the Setup
Wizard or the Device Manager. The Setup Wizard is supported on Microsoft
Windows 2000, Windows XP, Windows Vista, and Windows 7. The Device
Manager is supported on the following web browsers:
- Microsoft Internet Explorer 6.0 and later
1
- Mozilla Firefox 3.0 and later
- Apple Safari 3.0 or later.
• Ethernet cable (provided) to connect the firewall to a PC for configuration.
Optional
• Uninterruptible Power Supply (UPS) to provide backup power to essential
devices (strongly recommended).
• Ethernet cables for LAN interfaces, if you want to connect additional
devices to the firewall’s LAN ports.
Cisco RV120W Administration Guide 8
Introduction
Connecting the Equipment
STEP 1 Power off all equipment, including the cable or DSL modem, the PC you will use to
STEP 2 Use an Ethernet cable to connect the WAN port of the Cisco RV120W to your
1
To connect your firewall to the Internet:
connect to the RV120W, and the RV120W.
cable or DSL modem.
Cisco RV120W Administration Guide 9
Introduction
Connecting the Equipment
STEP 3 Connect one end of a different Ethernet cable to one of the LAN (Ethernet) ports on
1
the back of the RV120W. (In this example, the LAN 2 port is used.) Connect the other
end of the cable to an Ethernet port on the PC.
STEP 4 Power on the cable or DSL modem and wait until the connection is active.
Cisco RV120W Administration Guide 10
Introduction
!
Connecting the Equipment
STEP 5 Connect the power adapter to the Cisco RV120W power port (12VDC).
CAUTION Use only the power adapter that is supplied with the device. Using a different
1
power adapter could damage the device.
STEP 6 Plug the other end of the adapter into an electrical outlet. You may need to use a
specific plug (supplied) for your country.
Cisco RV120W Administration Guide 11
Introduction
Setting Up the Cisco RV120W Using the Setup Wizard
STEP 7 On the Cisco RV120W, push in the ON/OFF power button.
1
The power light on the front panel is green when the power adapter is connected
properly and the unit is turned on.
Setting Up the Cisco RV120W Using the Setup Wizard
With the RV120W powered on and connected to a PC, use the Setup Wizard to
configure the Cisco RV120W.
To use the Setup Wizard:
STEP 1 Start the PC connected to the RV120W.
Your computer becomes a DHCP client of the RV120W and receives an IP address
in the 192.168.1.xxx range.
STEP 2 Launch a web browser and enter 192.168.1.1 in the Address field.
This is the default IP address of the RV120W.
STEP 3 When the login page appears, enter the user name and password.
The default user name is admin. The default password is admin. The password is
case sensitive.
Cisco RV120W Administration Guide 12
Introduction
Using the Getting Started Page
STEP 4 Click Log In.
The Setup Wizard starts.
STEP 5 Follow the Setup Wizard’s on-screen instructions to set up the RV120W.
The Setup Wizard tries to automatically detect and configure your connection. If it
cannot, the Setup Wizard asks you for information about your Internet connection.
If you don not have it, contact your Internet Service Provider (ISP) to obtain this
information.
During the setup process, the Setup Wizard asks you to enter a new password. To
protect your firewall from unauthorized access, create a new password that is
hard to figure out by others. While you are entering the password, the Setup
Wizard provides you with instant feedback regarding the strength of the
password.
After the Setup Wizard is done configuring the RV120W, the Getting Started
page appears. See Using the Getting Started Page, page 13 for more
information.
1
Using the Getting Started Page
The Getting Started page displays the most common Cisco RV120W
configuration tasks. Use the links on this page to jump to the relevant configuration
page.
By default, this page appears when you start the Device Manager. However, you
can change this behavior by checking Don’t show this on start up at the bottom
of the page.
Cisco RV120W Administration Guide 13
Introduction
Using the Getting Started Page
Initial Settings
1
Run Setup Wizard Click this link to launch the Setup Wizard.
Configure WAN
(Internet) Settings
Configure LAN
(Local Network)
Settings
Configure Wireless
Settings
Add VPN Clients See Configuring VPN Users, page 105.
Click this link to open the Internet Setup page.
See Configuring the IPv4 WAN (Internet),
page 20.
Click this link to open the LAN Configuration page.
See Configuring IPv4 LAN (Local Network)
Settings, page 27.
Click this link to open the Basic Settings page.
See Configuring Basic Wireless Settings,
page 54.
Quick Access
Upgrade Device
Firmware
Click this link to open the
Firmware Upgrade page.
See Upgrading Firmware, page 134.
Backup/Restore
Settings
Configure Site to Site
VPN
Configure Web Access Click this link to open the Web Access page.
Cisco RV120W Administration Guide 14
Click this link to open the
Backup and Restore page.
See Backing Up and Restoring the System,
page132
Click this link to open the Basic VPN Setup page.
See Configuring a Basic VPN, page 93.
See Configuring Web Access, page 119.
Introduction
Navigating through the Pages
1
Device Status
Dashboard Click this link to open the Dashboard page.
See Viewing the Dashboard, page 136.
System Summary Click this link to open the System Summary page.
See Viewing the System Summary, page 139.
Wireless Status Click this link to open the Wireless Statistics page.
See Viewing the Wireless Statistics, page 142.
VPN Status Click this link to open the IPsec Connection Status
page.
See IPsec Connection Status, page 143.
Other Resources
Support Click this link to open Cisco’s support page.
Forums Click this link to visit Cisco’s online support forums.
Navigating through the Pages
Use the navigation tree in the left pane to open the configuration pages.
Cisco RV120W Administration Guide 15
Introduction
Navigating through the Pages
1
Click a menu item on the left panel to expand it. Click the menu names displayed
underneath to perform an action or view a sub-menu.
Cisco RV120W Administration Guide 16
Introduction
Saving Your Changes
Saving Your Changes
When you finish making changes on a configuration page, click Save to save the
changes, or click Cancel to undo your changes.
1
Cisco RV120W Administration Guide 17
Introduction
Viewing the Help Files
Viewing the Help Files
To view more information about a configuration page, click the Help link near the
top right corner of the page.
1
Connecting Devices to Your Wireless Network
To connect a device such as a PC or printer to your wireless network, you must
configure the wireless connection on the device using the security information you
configured for the Cisco RV120W:
• Network name or Service Set Identifier (SSID). The default SSID is
ciscosb-1.
• If applicable, the encryption type and security key.
Cisco RV120W Administration Guide 18
Configuring Networking
The networking page allows you to configure networking settings. This chapter
contains the following sections:
• Configuring the WAN (Internet) Settings, page 19
• Configuring the LAN (Local Network) Settings, page 27
• Configuring Routing, page 34
2
• Configuring Port Management, page 40
• Configuring Dynamic DNS (DDNS), page 40
• Configuring IPv6, page 42
NOTE Cisco recommends you use the Setup Wizard to configure basic networking on the
Cisco RV120W. You can then make changes and provision advanced features using
the Device Manager.
Configuring the WAN (Internet) Settings
If you have an IPv4 network, use these sections to configure your network. If you
have an IPv6 network, see Configuring IPv6, page 42.
Cisco RV120W Administration Guide 19
Configuring Networking
Configuring the WAN (Internet) Settings
Configuring the IPv4 WAN (Internet)
STEP 1 Choose Networking > WAN (Internet) > IPV4 WAN (Internet).
STEP 2 Choose the type of Internet connection you have. The type of connection you have
determines the rest of the information you need to enter. See the sections below
for more information:
• Configuring Automatic Configuration (DHCP), page 20
• Configuring Static IP, page 21
• Configuring PPPoE, page 21
• Configuring PPTP, page 22
• Configuring L2TP, page 23
2
Configuring Automatic Configuration (DHCP)
If your Internet Service Provider (ISP) uses the Dynamic Host Configuration
Protocol (DHCP) to assign you an IP address, you receive a dynamic IP address
from your ISP.
To configure DHCP WAN settings:
STEP 1 Choose Networking > WAN (Internet) > IPv4 WAN (Internet).
STEP 2 From the Internet Connection Type drop-down menu, choose
Automatic Configuration - DHCP.
STEP 3 Enter MTU information. (See Configuring MTU Settings, page 24.)
STEP 4 Enter MAC Address information. (See Configuring the MAC Address, page 24.)
STEP 5 Click Save.
Cisco RV120W Administration Guide 20
Configuring Networking
Configuring the WAN (Internet) Settings
Configuring Static IP
If your ISP assigned you a permanent IP address, perform the following steps to
configure your WAN settings:
STEP 1 Choose Networking > WAN (Internet) > IPv4 WAN (Internet).
STEP 2 From the Internet Connection Type drop-down menu, choose Static IP.
STEP 3 Enter this information:
IP Address Enter the IP address of the WAN port.
Subnet mask Enter subnet mask of the WAN port.
Default Gateway Enter the IP address of the default gateway.
Primary DNS Server Enter the IP address of the primary DNS server.
2
Secondary DNS Server (Optional) Enter the IP address of the secondary
DNS server.
STEP 4 Enter MTU information. (See Configuring MTU Settings, page 24.)
STEP 5 Enter MAC Address information. (See Configuring the MAC Address, page 24.)
STEP 6 Click Save.
Configuring PPPoE
If you have a Point-to-Point Protocol over Ethernet (PPPoE) connection to the
Internet:
STEP 1 Choose Networking > WAN (Internet) > IPv4 WAN (Internet).
STEP 2 From the Internet Connection Type drop-down menu, choose PPPoE.
STEP 3 From the PPPoE Profile Name drop-down menu, choose a PPPoE profile.
If no profile is listed, click Configure Profile to create a new profile.
To see the details of available profiles, choose
Networking > WAN (Internet) > PPPoE Profiles. See Configuring PPPoE
Profiles, page 25 for more information.
STEP 4 Enter MTU information. (See Configuring MTU Settings, page 24.)
Cisco RV120W Administration Guide 21
Loading...