First Published: --
Last Modified: --
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive
San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be determined by turning the equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures:
•
•
•
•
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
© 2017 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
C H A P T E R 1 |
Introduction 1 |
Getting Started 1
Launch Setup Wizard 3
Troubleshooting Tips 4
User Interface 4
C H A P T E R 2 |
Status and Statistics 5 |
System Summary 5
TCP/IP Services 7
Port Traffic 7
WAN QoS Statistics 8
Application Statistics 9
Connected Devices 10
Routing Status 10
DHCP Bindings 10
Mobile Network 11
VPN Status 11
View Logs 13
C H A P T E R 3 |
Administration 15 |
Reboot 15
File Management 16
Manual Upgrade 17
Auto Update 17
Diagnostic 18
License 19
Smart License Usage 19
Certificate 20
RV345/345P Administration Guide
iii
Contents
|
|
Import Certificate |
20 |
|
|
|
||
|
|
Generate CSR/Certificate |
20 |
|
||||
|
|
Config Management |
21 |
|
|
|
||
|
|
System Configuration 23 |
|
|
|
|
||
C H A P T E R |
4 |
|
|
|
|
|||
|
|
Initial Setup Wizard |
24 |
|
|
|
||
|
|
System 25 |
|
|
|
|
|
|
|
|
Time |
25 |
|
|
|
|
|
|
|
Log |
26 |
|
|
|
|
|
|
|
Email Server 27 |
|
|
|
|
|
|
|
|
Remote Syslog Server |
28 |
|
|
|||
|
|
Email 28 |
|
|
|
|
|
|
|
|
User Accounts 29 |
|
|
|
|
|
|
|
|
Remote Authentication Service |
30 |
|||||
|
|
User Groups 31 |
|
|
|
|
|
|
|
|
IP Address Group |
32 |
|
|
|
|
|
|
|
SNMP 33 |
|
|
|
|
|
|
|
|
Discovery Bonjour |
33 |
|
|
|
||
|
|
LLDP 34 |
|
|
|
|
|
|
|
|
Automatic Updates |
35 |
|
|
|
||
|
|
Service Management |
36 |
|
|
|
||
|
|
Schedule 36 |
|
|
|
|
|
|
|
|
WAN 37 |
|
|
|
|
|
|
C H A P T E R |
5 |
|
|
|
|
|
|
|
|
|
WAN Settings 37 |
|
|
|
|
|
|
|
|
Multi-WAN 40 |
|
|
|
|
|
|
|
|
Mobile Network 42 |
|
|
|
|
||
|
|
Mobile Network Setup |
42 |
|
|
|||
|
|
Bandwidth Cap Setting |
43 |
|
|
|||
|
|
Dynamic DNS 43 |
|
|
|
|
|
|
|
|
Hardware DMZ 44 |
|
|
|
|
|
|
|
|
IPv6 Transition 44 |
|
|
|
|
|
|
|
|
IPv6 in IPv4 Tunnel (6in4) |
45 |
|
||||
|
|
IPv6 Rapid Deployment (6rd) |
45 |
RV345/345P Administration Guide
iv
Contents
C H A P T E R |
6 |
QoS 47 |
|
|
|
|
|
|
|
Traffic Classes |
47 |
|
|
||
|
|
WAN Queuing 48 |
|
|
|||
|
|
WAN Policing |
49 |
|
|
||
|
|
WAN Bandwidth Management |
49 |
||||
|
|
Switch Classification |
50 |
|
|||
|
|
Switch Queuing |
51 |
|
|
||
|
|
LAN 53 |
|
|
|
|
|
C H A P T E R |
7 |
|
|
|
|
|
|
|
|
Port Settings |
53 |
|
|
|
|
|
|
PoE Settings (RV345P) 54 |
|
||||
|
|
VLAN Settings |
|
55 |
|
|
|
|
|
LAN/DHCP Settings |
56 |
|
|||
|
|
Static DHCP |
59 |
|
|
|
|
|
|
802.1X Configuration |
59 |
|
|||
|
|
DNS Local Database |
60 |
|
|||
|
|
Router Advertisement |
60 |
|
|||
|
|
Routing 63 |
|
|
|
|
|
C H A P T E R |
8 |
|
|
|
|
|
|
|
|
IGMP Proxy |
63 |
|
|
|
|
|
|
RIP 64 |
|
|
|
|
|
|
|
Static Routing |
|
65 |
|
|
|
|
|
Firewall 67 |
|
|
|
|
|
C H A P T E R |
9 |
|
|
|
|
|
|
|
|
Basic Settings |
|
67 |
|
|
|
|
|
Access Rules |
68 |
|
|
|
|
|
|
Network Address Translation |
70 |
||||
|
|
Static NAT 70 |
|
|
|
|
|
|
|
Port Forwarding |
71 |
|
|
||
|
|
Port Triggering |
|
72 |
|
|
|
|
|
Session Timeout |
73 |
|
|
||
|
|
DMZ Host 73 |
|
|
|
|
|
|
|
VPN 75 |
|
|
|
|
|
C H A P T E R |
1 0 |
|
|
|
|
|
RV345/345P Administration Guide
v
Contents
VPN Setup Wizard (Site-to-Site) 75
IPsec Profiles 77
Site-to-Site 80
Create a Site-to-Site VPN Connection 81
Creating a Secure GRE Tunnel 83
Client to Site 85
Teleworker VPN Client 89
PPTP Server 91
L2TP Server 91
SSL VPN 92
VPN Passthrough 94
C H A P T E R 1 1 |
Security 97 |
Application Control Wizard 97
Application Control 98
Web Filtering 99
Content Filtering 100
IP Source Guard 100
C H A P T E R 1 2 |
Where To Go From Here 103 |
Where To Go From Here 103
RV345/345P Administration Guide
vi
C H A P T E R 1
Thank you for choosing the Cisco RV345/P router. This guide describes how to install and manage your router. This chapter includes information to help you get started on your device. Your Cisco RV345/P comes with default settings. However, your internet service provider (ISP) might require you to modify the settings. You can modify the settings using a web browser such as Internet Explorer (version 10 and higher), Firefox, or Chrome (for PC) or Safari (for Mac).
This section contains the following topics:
• Getting Started, page 1
• Launch Setup Wizard, page 3
• User Interface, page 4
This page displays the most common configuration tasks on your device. To start the router, follow these steps:
Step 1 Connect a PC to a numbered LAN port on the device. If the PC is configured to become a DHCP client, an IP address in the 192.168.1.x range is assigned to the PC.
Step 2 Start a web browser.
Step 3 In the address bar, enter the default IP address of the device, 192.168.1.1. The browser might issue a warning that the website is untrusted. Continue to the website.
Step 4 When the sign-in page appears, enter the default username cisco and the default password cisco (lowercase).
Step 5 Click Login.
Note During the system boot up, the power LED will progressively keep flashing until the system has fully booted.
The system boot time will be less than 3 minutes typically. If the router is fully configured with all feature configuration settings set to a maximum, it may take up to 7 minutes to fully boot the system.
RV345/345P Administration Guide
1
Introduction
Getting Started
Table 1: Description of Router's LEDs |
|
PWR |
Off when the device is powered off. |
|
Solid green when the device is powered on and booted. |
|
Flashing green when the device is booting up. |
DIAG |
Off when the system is on track to bootup. |
|
Slow blinking red (1Hz) when the firmware upgrade is in progress. |
|
Fast blinking red (3Hz) when the firmware upgrade is failing. |
|
Solid red when the system failed to boot-up with both active and inactive images |
|
or in rescue mode. |
LINK/ACT of WAN1, WAN2 and
LAN 1-16
Off when there is no Ethernet connection. Solid green when the GE Ethernet link is on.
Flashing green when the GE is sending or receiving data.
GIGABITofWAN1,WAN2andLAN 1-16
DMZ
VPN
Solid green when at 1000M speed.
Off when at non-1000M speed.
Solid green when the DMZ is enabled.
Off when the DMZ is disabled.
Off when no VPN tunnel is defined, or all defined VPN tunnels have been disabled.
Solid green when at least one VPN tunnel is up.
Flashing green when sending or receiving data over VPN tunnel. Solid amber when no enabled VPN tunnel is up.
USB1 and USB2 |
Off when no USB device is connected, or is inserted but not recognized. |
|
Solid green when the USB dongle is connected to the ISP successfully. USB |
|
storage is recognized. |
|
Flashing green when sending or receiving data. |
|
Solid amber when the USB dongle is recognized but fails to connect to ISP |
|
(no IP address is assigned). The USB storage access has errors. |
RESET |
To reboot the router, press the reset button with a paper clip or pen tip for less |
|
than 10 seconds. |
|
To reset the router to factory default settings, press and hold the reset button |
|
for 10 seconds. |
|
|
RV345/345P Administration Guide
2
Introduction
Launch Setup Wizard
From the Launch Setup Wizard page, you can follow the instructions that guide you through the process for configuring the device.
To open this page, select Launch Setup Wizard in the navigation tree and follow the on-screen instructions to proceed. Refer to your ISP for the information required to setup your Internet connection.
Launch Setup Wizard |
|
Initial Setup Wizard |
Directs you to the Initial Setup Wizard. |
VPN Setup Wizards |
Directs you to the VPN Status Wizard. |
Application Control |
Directs you to the Application Control Wizard. |
Wizard |
|
Initial Configurations |
|
Change Administrator |
Directs you to the User Accounts page where you can change the administrator |
Password |
password and set up a guest account. |
Configure WAN Settings Directs you to the WAN Settings page where you can modify the WAN parameters.
Configure USB Settings Directs you to the Mobile Network page where you can modify the USB configurations.
Configure LAN Settings Directs you to the VLAN Membership page where you can configure the VLAN.
Quick Access |
|
Upgrade Router |
Directs you to the File Management page where you can update the device |
Firmware |
firmware. |
Configure Remote |
Directs you to the FireWall >Basic Settings page where you can enable the |
Management Access |
basic features of the device. |
Backup Device |
Directs you to the Config Management page where you can manage the router’s |
Configuration |
configuration. |
Device Status |
|
System Summary |
Directs you to the System Summary page that displays the IPv4 and IPv6 |
|
configuration, and firewall status on the device. |
RV345/345P Administration Guide
3
Introduction
VPN Status |
Directsyoutothe VPN Status pagethatdisplaysthestatusoftheVPNsmanaged |
|
by this device. |
Port Statistics |
Directs you to the Port Traffic page which displays the device’s port status and |
|
port traffic. |
Traffic Statistics |
Directs you to the TCP/IP Services page which displays the device’s port listen |
|
status and the established connection status. |
View System Log |
Directs you to the View Logs page which displays the logs on the device. |
Troubleshooting Tips
If you have trouble connecting to the Internet or the web-based web interface:
•Verify that your web browser is not set to work offline.
•Check the local area network connection settings for your Ethernet adapter. The PC should obtain an IP address through DHCP. Alternatively, the PC can have a static IP address in the 192.168.1.x range with the default gateway set to 192.168.1.1 (the default IP address of the device).
•Verify that you entered the correct settings in the Wizard to set up your Internet connection.
•Reset the modem and the device by powering off both devices. Next, power on the modem and let it sit for about 2 minutes. Then, power on the device. You should now receive a WAN IP address.
•If you have a DSL modem, ask your ISP to put the DSL modem into bridge mode.
The user interface is designed to make it easy for you to set up and manage your device.
Navigation
The major modules of the web interface are represented by buttons in the left navigation pane. Click a button to view more options. Click an option to open a page.
Popup windows
Some links and buttons launch popup windows that display more information or related configuration pages. If your web browser displays a warning message about the popup window, allow the blocked content.
Help
To view information about the selected configuration page, click Help at the top right corner of the web interface. If your web browser displays a warning message about the popup window, allow the blocked content.
Logout
To exit the web interface, click Logout near the top right corner of the web interface. The sign-in page appears.
RV345/345P Administration Guide
4
C H A P T E R 2
This section provides information on the various configuration settings of your device and contains the following topics:
• System Summary, page 5
• TCP/IP Services, page 7
• Port Traffic, page 7
• WAN QoS Statistics, page 8
• Application Statistics, page 9
• Connected Devices, page 10
• Routing Status, page 10
• DHCP Bindings, page 10
• Mobile Network, page 11
• VPN Status, page 11
• View Logs, page 13
The System Summary provides a snapshot of the settings on your device. It displays your device’s firmware, serial number, port traffic, routing status, mobile networks, and VPN server settings. To view this System Summary, click Status and Statistics> System Summary.
System Information
•Host Name — Name of host.
•Serial Number — Serial number of the device.
•System Up Time — Length of time in yy-mm-dd, hours, and minutes that the device has been active.
•Current Time — Current time and date.
RV345/345P Administration Guide
5
Status and Statistics
System Summary
• PID VID — Version number of the hardware.
Firmware Information
•Firmware Version — Version number of the installed firmware.
•Firmware MD5 Checksum — A value used for file validation.
Port Status
•Port ID — Defined name and number of the port.
•Interface — Name of the port used for the connection.
•Enabled — Status of the port.
•Speed — The speed (in Mbps) of the device after auto negotiation.
IPv4 and IPv6
•Interface — Name of the interface.
•IP Address — IP address assigned to the interface.
•Default Gateway — Default gateway for the interface.
•DNS — IP address of the DNS server.
•Dynamic DNS — IP address of the DDNS for the interface: Disabled or Enabled.
•Renew — Click to renew the IP address.
•Release — Click to release the interface.
VPN Status
•Type — Type of the VPN tunnel.
•Active — Is Enabled or Disabled.
•Configured — VPN tunnel’s status whether it is configured or not.
•Max Supported Sessions — The maximum number of tunnels supported on the device.
•Connected Session — Status of the tunnel.
Firewall Setting Status
•Stateful Packet Inspection (SPI) —also known as dynamic packet filtering, monitors the state of active connections and uses this information to determine which network packets are allowed through the firewall.
•Denial of Service (Dos) — Status of the Dos filter service is enabled (On) or disabled (Off). A DoS attack is an attempt to make a machine or network resource unavailable to its intended users.
RV345/345P Administration Guide
6
Status and Statistics
•Block WAN Request — Makes it difficult for outside users to work their way into your network by hiding the network ports from Internet devices and preventing the network from being detected by other Internet users.
•Remote Management — Indicates that a remote connection for managing the device is allowed or denied.
•Access Rule — Number of access rules that have been set.
Log Setting Status
•Syslog Server — Status of system logs.
•Email Log — Status of logs to send using email.
TCP/IP Services
The TCP/IP Services page displays the statistics of the protocol, port, and IP address. To view the TCP/IP Services, click Status and Statistics > TCP/IP Services.
Port Listen Status
•Protocol — Type of protocol used for communication.
•Listen IP Address — The listening IP address on the device.
•Listen Port — The listening port on the device.
Established Connection Status
•Protocol — Type of protocol used for communication.
•Local IP Address — IP address of the system.
•Local Port — Listening ports on different services.
•Foreign Address — IP address of the device connected.
•Foreign Port — Port of the device connected.
•Status — Connection status of the session.
The Port Traffic page displays the statistics and status of the interfaces of the device. To view the device’s Port Traffic page, click Status and Statistics >Port Traffic.
Port Traffic
•Port ID — Defined name and number of the port.
•Link Status — Status of the interface.
RV345/345P Administration Guide
7
Status and Statistics
•Rx Packets — Number of packets received on the port.
•Rx Bytes — Number of packets received, measured in bytes.
•Tx Packets — Number of packets sent on the port.
•Tx Bytes — Number of packets sent and measured in bytes.
•Packet Error — Details about the error packets.
•Refresh — To refresh the displayed statistics.
•Reset Counters — To reset all values to zero.
Port Status
•Port ID — Defined name and number of the port.
•Link Status — Status of the interface.
•Port Activity — Status of the port (example: port enabled or disabled or connected).
•Speed Status — The speed (in Mbps) of the device after auto negotiation.
•Duplex Status — Duplex mode: Half or Full.
•Auto Negotiation —Status of the auto negotiation parameter. When enabled (On), it detects the duplex mode, and if the connection requires a crossover, automatically chooses the MDI or MDIX configuration that matches the other end of the link.
WAN QoS Statistics
The WAN QoS Statics page displays the statistics of the outbound and inbound WAN QoS. To view the device’s WAN QoS Statics page, click Status and Statistics > WAN QoS Statistics.
•Interface — Name of the interface.
•Policy Name — Name of the policy.
•Description — Description of the WAN QoS statistics.
•Clear Counters — Click to clear the counters.
Outbound QoS Statistics
•Queue — Number of outbound queues.
•Traffic Class — Name of traffic class assigned to queue.
•Packets Sent — Number of outbound packets of the traffic class sent.
•Packets Dropped — Number of outbound packets dropped.
Inbound QoS Statistics
• Queue — Number of inbound queues.
RV345/345P Administration Guide
8
Status and Statistics
•Traffic Class — Name of traffic class assigned to queue.
•Packets Sent — Number of traffic class inbound packets sent.
•Packets Dropped — Number of inbound packets dropped.
Application Statistics
The Application Statistics displays the usage data of the router. To view the Application Statistics page, click
Status and Statistics > Applications Statistics.
• Clear Counters — To reset all the table statistics.
Top Applications by Category
•Category — List of application categories accessed.
•Traffic Volume — Traffic volume in megabytes.
Top Applications by Name
•Applications — List of applications accessed.
•Traffic Volume — Traffic volume in megabytes.
Top Talkers
•Talkers — List of IP addresses accessed.
•Traffic Volume — Traffic volume in megabytes.
Top Talkers by Device Type
•Device — List of devices accessed.
•Traffic Volume — Traffic volume in megabytes.
Top Talkers by OS Type
•OS — List of operating systems used.
•Traffic Volume — Traffic volume in megabytes.
Note A pop-up stating AVC disabled or license expired may appear if the AVC is disabled or the license is expired.
RV345/345P Administration Guide
9
Status and Statistics
Connected Devices
The Connected Devices page lists all the connected devices on the router. To view this Connected Devices page, click Status and Statistics > Connected Devices.
IPv4
•Hostname — Name of the connected device.
•IPv4 Address — Connected device’s IP Address.
•MAC Address — MAC address of the connected device.
•Type — Type of device IP address.
•Interface — The interface it is connected to.
IPv6
•IPv6 Address — The IPv6 address of the connected device.
•MAC Address — MAC address of the connected device.
Routing is the process of moving packets across a network from one host to a another. The Routing Status of this process is displayed on a routing table. The routing table contains information about the topology of the network immediately around it. To view the device’s Routing Status for IPv4 and IPv6, click Status and Statistics > Routing Status.
IPv4 and IPv6 Routes
•Destination — IP Address and subnet mask of the connection.
•Next Hop — IP address of the next hop. Maximum number of hops (the maximum is 15 hops) that a packet passes through.
•Metric —Number of routing algorithms when determining the optimal route for sending network traffic.
•Interface — Name of the interface to which the route is attached to.
•Source — Source of the route.
The DHCP Bindings page displays the statistics of the DHCP client information such as IP address, MAC address, Lease Expire Time and Type of Binding (static or dynamic). To view the device’s DHCP Bindings, click Status and Statistics > DHCP Bindings.
In the DHCP Binding Table, the following is displayed:
RV345/345P Administration Guide
10
Status and Statistics
•IPv4 Address — Assigned IP address.
•MAC Address — The MAC address of the clients’ assigned IP address.
•Lease Expires — Lease time for the client’s system.
•Type — Status of the connection (Static or Dynamic).
Mobile Network
Mobile networks enables a router and its subnets to be mobile while continuing to maintain IP connectivity transparent to the IP hosts connecting to the network through this mobile router. To view the router’s mobile network, click Status and Statistics > Mobile Network. Next, select the Interfaces from the drop-down list (USB1 or USB2). Click Refresh to refresh mobile network status.
Connection
•Internet IP Address — IP address served by the service provider.
•Subnet Mask — Mask served by the service provider.
•Default Gateway — Default gateway served by the service provider.
•Connection Up Time — Time duration of connected device.
•Current Dial-Up Session Usage — Data usage per session.
•Monthly Usage — Monthly data usage.
Data Card Status
•Manufacturer — Manufacturer of the device.
•Card Firmware — Firmware version provided by the manufacturer.
•SIM Status — Status of the SIM.
•IMSI — Unique number of the device.
•Carrier — Name or type of data carrier.
•Service Type — Data service type.
•Signal Strength — Strength of data signal.
•Card Status — Card status disconnected or connected.
The VPN Status displays the tunnel status of the Site-to-Site, Client-to-Site, SSL VPN, PPTP, L2TP, and Teleworker VPN Client. To view the device’s VPN status, click Status and Statistics > VPN Status.
RV345/345P Administration Guide
11
Status and Statistics
VPN Status
Site-to-Site Tunnel Status
•Tunnel(s) Used — VPN tunnels in use.
•Tunnel(s) Available — Available VPN tunnels.
•Tunnel(s) Enabled — VPN tunnels enabled.
•Tunnel(s) Defined — Defined VPN tunnels.
In the Connection Table, you can add, edit, delete, or refresh a tunnel. (See Site-to-Site, on page 80). You can also click on Column Display Selection to select the column headers displayed in the Connection Table.
Client-to-Site Tunnel Status
In this mode, the client from Internet connects to the server to access the corporate network/LAN behind the server. For a secure connection, you can implement a client-to-site VPN. You can view all the Client-to-Tunnel connections, add, edit, or delete the connections in the Connection Table. (See Client to Site, on page 85).
The Connection Table displays the following:
•Group or Tunnel Name — Name of the VPN tunnel. This is for reference purposes only and does not match the name used at the other end of the tunnel.
•Connections — Status of the connection.
•Phase2 Encryption/Auth/Group — Phase 2 encryption type (NULL/DES/3DES/AES-128/AES-192/AES-256), authentication method (NULL/MD5/SHA1), and DH group number (1/2/5).
•Local Group — IP address and subnet mask of the local group.
SSL VPN Status
A Secure Sockets Layer virtual private network (SSLVPN) allows users to establish a secure, remote-access VPN tunnel to this device by using a web browser. SSL VPN provides secure, easy access to a broad range of web resources and web-enabled applications from almost any computer on the Internet. Here, you can view the status of the SSL VPN tunnels.
•Tunnel(s) Used — SSL VPN Tunnels used for connection.
•Tunnel(s) available — Available tunnels for the SSL VPN connection.
The Connection Table shows the status of the established tunnels. You can also add edit or delete connections.
•Policy Name — Name of the policy applied on the tunnel.
•Session — Number of sessions.
You can also add, edit or delete a SSL VPN. (See SSL VPN, on page 92).
PPTP Tunnel Status
Point-to-Point Tunneling Protocol has the capability to encrypt data with 128-bit. It is used to ensure that messages sent from one VPN node to another are secure.
• Tunnel(s) Used — PPTP Tunnels used for the VPN connection.
RV345/345P Administration Guide
12
Status and Statistics
• Tunnel(s) Available — Available tunnels for the PPTP connection.
The Connection Table — shows the status of the established tunnels. You can also connect or disconnect these connections.
•Session ID — Session ID of the proposed or current connection.
•Username — Name of the connected user.
•Remote Access — IP address of the remotely connected or proposed connection.
•Tunnel IP — IP address of the tunnel.
•Connect Time — Time of the tunneling time.
•Action — Connect or disconnect the tunnel.
L2TP Tunnel Status
Layer 2 Tunneling Protocol is the method used to enable Point-to-Point sessions by using the Internet at Layer
2.You can find the status of L2TP Tunnel Status.
•Tunnel(s) Used — L2TP tunnels used for the VPN connection.
•Tunnel(s) available — Available tunnels for the L2TP connection.
The Connection Table — Shows the status of the established tunnels. You can also connect or disconnect these connections.
•Session ID — Session ID of the proposed or current connection.
•Username — Name of the connected user.
•Remote Access — IP address of the remotely connected or proposed connection.
•Tunnel IP — IP address of the tunnel.
•Connect Time — Time of the tunneling time.
•Action — Connect or disconnect the tunnel.
View Logs
The View Logs page displays all of the device’s logs. You can filter these logs based on category, severity, or keyword. You can also refresh, clear, and export these logs to a PC or USB. To view the device’s logs, follow these steps:
Step 1 Click Status and Statistics > View Logs.
Step 2 Under Logs Filtered By, select the appropriate option.
RV345/345P Administration Guide
13
Status and Statistics
View Logs
Category |
Click any of the following to view logs: |
•All — Displays all the logs.
•Category — Displays the selected category logs.
Severity |
Select one of the options displayed to view the logs based on the severity. |
Keyword |
Enter a keyword to display the logs based on the keyword. |
Step 3 Click Show Logs.
Note To configure log settings, see Log, on page
26.
Step 4 Click any of the following options:
•Refresh — Click to refresh logs.
•Clear Logs — Click to clear logs.
•Export Logs to PC — Click to export logs to PC.
•Export Logs to USB — Click to export logs on to a USB storage device.
RV345/345P Administration Guide
14
C H A P T E R 3
This section describes the device's administration features and contains the following topics:
• Reboot, page 15
• File Management, page 16
•Diagnostic, page 18
•License, page 19
•Certificate, page 20
•Config Management, page 21
The Reboot allows users to restart the device with active or inactive images.
To access Reboot page, follow these steps:
Step 1 Click Administration >Reboot.
Step 2 In the Active Image after Reboot section, select an option (Active Image x.x.xx.xx or Inactive Image x.x.xx.xx) from the drop-down list.
Step 3 Select the preferred reboot option.
•Reboot the device.
•Return to factory default settings after reboot.
•Return to factory default settings including certificates after reboot.
Step 4 Click Reboot to reboot device.
RV345/345P Administration Guide
15
Administration
File Management
The File Management provides a snapshot of your device. To view the File Management info, follow these steps:
Step 1 Click Administration> File Management. to see the following information:
System Information
•Device Model — Model number of the device.
•PID VID— PID and VID number of the router.
•Current Firmware Version — Current firmware version.
•Latest Updated — Date of last firmware update.
•Latest Version Available on Cisco.com — Latest firmware version.
•Last Checked — Date when last checked.
Signature
•Current Signature Version — Version of the signature.
•Last Update — Last date of when an update was performed.
•Latest Version Available on Cisco.com — Latest signature version.
•Last Checked — Date when last checked.
USB Dongle Driver
•Current Dongle Driver Version — Version of built-in USB dongle driver.
•Last Update — Last date of when an update was performed.
•Latest Version Available on Cisco.com — Latest dongle driver version.
•Last Checked — Date when last checked.
Language Package
•Current Language Package Version — Version of the language package.
•Last Update — Date when last updated.
•Latest Version Available on Cisco.com — Latest language package version.
•Last Checked — Date when last checked.
Manual Upgrade
In the Manual Upgrade section, you can upload and upgrade to a newer version of the firmware, signature file, USB dongle driver or language file.
RV345/345P Administration Guide
16
Administration
Caution During a firmware upgrade, do not try to go online, turn off the device, shut down the PC, or interrupt the process in any way until the operation is complete. This process takes about a minute, including the reboot process. Interrupting the upgrade process at specific points when the flash memory is being written to may
corrupt it and render the router unusable.
Step 2 If you select to upgrade from the USB drive, the router will search the USB flash drive for a firmware image file whose name has one or more of the following: PID, MAC address, and Serial Number. If there are multiple firmware files in the USB flash drive, the router will check the one with the most specific name, i.e. priority from high to low.
Manual Upgrade
To update the router with a newer version of the firmware.
Step 1 Select Administration > File Management.
Step 2 In the Manual Upgrade section, select the file type (Firmware Image, Signature File, USB Dongle Driver or Language File).
Step 3 In the Upgrade From section, select an option (Cisco.com, PC, or USB) and click Refresh.
Step 4 Check Reset all configuration/setting to factory defaults to reset all the configuration and apply factory defaults.
Step 5 Click Upgrade to upload the selected image to the device.
The router supports loading a firmware from USB flash drive if the USB stick is present during the system bootup. The router will search the USB flash drive for a firmware image file whose name has one or more of the following: PID, MAC address, and Serial Number. If there are multiple firmware files in the USB flash drive, the router will check the one with the most specific name, i.e. priority from high to low.
•PID-MAC-SN.IMG
•PID-SN.IMG
•PID-MAC.IMG
•PID.IMG
The files with other names will be ignored. If the version is higher than the current version, it will be upgraded to this image and the DUT will reboot. After that, the upgrade process will start again.
If it does not find a more recent image in the USB1, then it will check the USB2 using the same logic.
The router also supports loading a configuration file from a USB flash drive during the system bootup.
•The behavior only happens when the router is in factory default and attached with a USB flash drive before it is
powered on.
RV345/345P Administration Guide
17
Administration
•The router will search the USB flash drive for a config file whose name has one or more of the following: PID,
MAC address, and Serial Number. If there are multiple firmware files in the USB flash drive, the router will check
the one with the most specific name, i.e. priority from high to low.
◦PID-MAC-SN.xml
◦PID-SN.xml
◦PID-MAC.xml
◦PID.xml
The files with the other names will be ignored.
Firmware Auto Fallback Mechanism
The device includes two firmware images in the flash to provide an Auto Fallback Mechanism so that the device can automatically switch to the secondary firmware when the active firmware is corrupted or cannot boot up successfully after five trials.
The Auto Fallback Mechanism operates as follows:
1 The device first boots up with the active firmware.
2If the firmware is corrupted, it will switch to the secondary firmware automatically after the active firmware has failed to boot up after 5 times. If the router gets stuck does not reboot automatically, you can turn off the power, power on, wait for 30 seconds, then turn off the power, for 5 times to switch to the secondary or inactive firmware.
3After booting up with the secondary or inactive firmware, please check to see if anything is wrong with the active firmware.
4 Reload the new firmware again if necessary.
Diagnostic
Your device provides several diagnostic tools to help you with troubleshooting network issues. Use the following diagnostic tools to monitor the overall health of your network.
Using Ping or Trace
RV345/345P Administration Guide
18
Administration
You can use the Ping or Trace utility to test connectivity between this router and another device on the network. To use Ping or Trace, follow these steps:
Step 1 Select Administration > Diagnostic.
Step 2 In the Ping or Trace an IP Address section, in the IP Address/Domain Name field, enter an IP address or domain name.
Step 3 Click Ping. The ping results appear. This tells you if the device is accessible. Or click Traceroute. The traceroute results appear.
Step 4 To perform a DNS lookup, enter the IP address or domain name in the Perform a DNS Lookup>IPAddress/Domain Name field and click Lookup.
License
In the License section, you can configure the licenses or register the router. It simplifies the Cisco software experience and helps you understand how the Cisco software is used.
Smart Software Licensing Status
The Smart Software Licensing Status section displays your device’s license information.
Registration Status — Registered or Unregistered, and date of registration.
License Authorization Status — Authorized or Evaluation Mode or Out of Compliance or Authorization Expired or Evaluation Period Expired and the date of license authorization.
Export-Controlled Functionality — Not allowed by default.
You can select the Smart License to be used for the router. Make sure that you have enough of licenses in the virtual account for the router, otherwise it is not compliant.
To configure the Smart License, follow these steps:
Step 1 Under Smart License Usage, click Choose Licenses.
Step 2 Check the applicable licenses and enter a number under Count.
Step 3 |
Click Save. |
Step 4 A License Authorization Renewal pop-up will appear, click OK.
RV345/345P Administration Guide
19
Administration
Certificate
Certificates are important in the communication process. The certificate signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, data may be encrypted, however, the party you are communicating with may not be the one whom you think.
A list of certificates with the certificate details are displayed on this page. You can export a Self signed, local, and CSR certificate. Or, you can import a CA, Local, or PKCS#12 certificate. You can also import a certificate file (from PC/USB) to a new certificate.
If a device certificate is imported, it replaces its corresponding CSR certificate.
On Certificate Table, the certificates that are associated to the router are displayed. You can you delete, export, view the details, or import a certificate that is listed in the Certificate Table.
To import a certificate, follow these steps:
Step 1 Click Import Certificate.
Step 2 Select the type of certificate to import from the drop-down list:
•Local Certificate
•CA Certificate
•PKCS#12 encoded file.
Step 3 Enter a certificate name. (For PKCS#12, you must enter a password).
Step 4 Check Import from PC and click Choose File to upload and import the certificate from a specific location.
Step 5 Check Import From USB and click Refresh to upload and import the certificate from a USB key.
Step 6 Click Upload.
Step 1 Click Generate CSR/Certificate.
Step 2 Select the type of certificate to generate from the drop-down list.
Step 3 Enter the following information:
Certificate Name |
Enter a name for certificate. Certificate name should not contain spaces or special |
|
characters. |
Subject Alternative Name Enter a name and select one of the following: IP Address, FQDN, or Email.
RV345/345P Administration Guide
20
Administration
|
Country Name |
Select a country from the drop-down list. |
|
State or Province Name |
Enter a State or Province. |
|
Locality Name |
Enter a locality name. |
|
Organization Name |
Enter the name of the organization. |
|
Organization Unit Name |
Enter the name of the organization unit. |
|
Common Name |
Enter a common name. |
|
Email Address |
Enter the email address. |
|
Key Encryption Length |
Select the Key Encryption Length from the drop-down menu. It should be 512, or 2048. |
|
Valid Duration |
Enter the number of days (Range 1-10950, Default: 360). |
Step 4 |
Click Generate. |
|
|
|
|
Config Management
Config Management page provides details on the router’s file configurations.
Configuration File Name
The Configuration File Name displays the last changed time details on the following:
•Running Configuration
•Startup Configuration
•Mirror Configuration
•Backup Configuration
Copy/Apply Configuration
The Copy/Apply Configuration section displays the default configuration of the device uses the running configuration file, which is unstable and does not retain the settings between reboots. You can save this running configuration file to the startup configuration file.
•Source File Name — Select the source file name from the drop-down list.
•Destination File Name — Select the destination file name from the drop-down list.
•Save Icon Blinking — Indicates whether an icon blinks when there is unsaved data. To disable/enable this feature, click Disable Save Icon Blinking.
RV345/345P Administration Guide
21
Administration
Config Management
RV345/345P Administration Guide
22
C H A P T E R 4
The System Configuration Wizard provides guidance when installing and configuring the router. This section contains the following topics:
• Initial Setup Wizard, page 24
•System, page 25
•Time, page 25
•Log, page 26
•Email, page 28
• |
User Accounts, page 29 |
• |
User Groups, page 31 |
• |
IP Address Group, page 32 |
• |
SNMP, page 33 |
• |
Discovery Bonjour, page 33 |
• |
LLDP, page 34 |
• |
Automatic Updates, page 35 |
• |
Service Management, page 36 |
• |
Schedule, page 36 |
RV345/345P Administration Guide
23
System Configuration
Initial Setup Wizard
You can check the connection and configure the basic router settings on the Initial Setup Wizard page. From the Run Setup Wizard page, you can follow the instructions that guide you through the process for configuring the device.
Step 1 |
Click System Configuration > Initial Setup Wizard. |
|
Step 2 |
Click Next to go to Check Connection page. If your router has detected a connection, the connection details are displayed |
|
|
on this page. |
|
Step 3 |
Select Interface from the drop-down list. |
|
Step 4 |
Click Next. |
|
Step 5 |
Under Configure Router Select Connection Type, select your internet connection type. |
|
Step 6 |
If you select Dynamic IP or DHCP, click Next. |
|
Step 7 |
If you select Static IP Address, click Next and configure the settings below. |
|
|
Static IP Address |
Enter the static IP address. |
|
Subnet Mask |
Enter the subnet mask. |
|
Gateway IP |
Enter the gateway IP. |
|
DNS |
Enter the IP address of the DNS. |
Step 8 |
If you select PPPoE, click Next and configure the settings below. |
|
|
Account Name |
Enter the account name. |
|
Password |
Enter the password. |
|
Confirm Password |
Confirm the password. |
Step 9 |
If you select PPTP or L2TP, click Next and configure the settings below. |
|
|
Account Name |
Enter the account name. |
|
Password |
Enter the password. |
|
Confirm Password |
Confirm the password. |
|
Static IP Address |
Enter the static IP address. |
|
Subnet Mask |
Enter the subnet mask. |
|
Gateway IP |
Enter the gateway IP. |
|
Remote Server |
Enter the remote server. |
|
DNS |
Enter the IP address of the DNS. |
RV345/345P Administration Guide
24