ADMINISTRATION
GUIDE
Cisco Small Business
WRVS4400N Wireless-N Gigabit Security Router
with VPN
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found
at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (1005R)
© 2009 Cisco Systems, Inc. All rights reserved. OL-20048-02
Contents
Chapter 1: Introduction 6
Chapter 2: Networking and Security Basics 8
An Introduction to LANs 8
The Use of IP Addresses 9
The Intrusion Prevention System (IPS) 11
Chapter 3: Planning Your Virtual Private Network (VPN) 13
Why do I need a VPN? 13
What is a VPN? 15
Chapter 4: Getting Started with the WRVS4400N Router 18
Front Panel 19
Back Panel 20
WRVS4400N Antennas 20
Placement Options 21
Installing the Router 24
Configuring the Router 26
Chapter 5: Setting Up and Configuring the WRVS4400N Wireless-N Router 28
Accessing the Web-Based Utility 29
Navigating the Utility 30
Setting Up Your Wireless-N Router 36
Configuring Wireless Settings 68
Configuring Firewall Settings 88
Configuring the ProtectLink Web Service 104
Configuring the VPN Settings 105
Configuring the QoS Settings 118
Configuring the Administration Settings 123
Configuring IPS Settings 135
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 3
Configuring the L2 Switch Settings 141
Viewing Status 152
Contents
Chapter 6: Using the VPN Setup Wizard 160
VPN Setup Wizard 160
Before You Begin 160
Running the VPN Router Software Wizard 161
Appendix A: Troubleshooting 178
Frequently Asked Questions 191
Appendix B: Using Cisco QuickVPN for Windows 2000, XP, or Vista 195
Overview 195
Before You Begin 196
Installing the Cisco QuickVPN Software 197
Using the Cisco QuickVPN Software 199
Distributing Certificates to QuickVPN Users 202
Appendix C: Configuring a Gateway-to-Gateway IPSec Tunnel 203
Introduction 203
Environment 204
Configuring the VPN Settings for the VPN Routers 204
Configuring the Key Management Settings 206
Configuring PC 1 and PC 2 207
Appendix D: Finding Out MAC and IP Addresses 208
Windows 98 or Me Instructions 208
Windows 2000 or XP Instructions 209
For the Router’s Web-based Utility 209
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 4
Contents
Appendix E: Cisco ProtectLink Web Service 210
Overview 210
How to Access the Web-Based Utility 210
How to Purchase, Register, or Activate the Service 211
How to Use the Service 214
Appendix F: Specifications 219
General 219
Performance 220
Management 220
Security 221
QoS 221
Layer 2 222
Environmental 222
Appendix G: Where to Go From Here 223
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 5
Introduction
Thank you for choosing the Cisco WRVS4400N Wireless-N Gigabit Security
Router with VPN. The Wireless-N Gigabit Security Router with VPN is an advanced
Internet-sharing network solution for your small business needs. WRVS4400N lets
multiple computers in your office share an Internet connection through both wired
and wireless connections.
The WRVS4400N wireless router features a built-in 4-Port full-duplex 10/100/
1000 Ethernet switch, which allows you to connect four personal computers
directly, or you can connect more hubs and switches to create as big a network as
you need.
1
You can use the WRVS4400N wireless router as an intranet router to aggregate
traffic to a company backbone network.
The WRVS4400N wireless router has a built-in access point that supports the
latest 802.11n draft specification by IEEE. The WRVS4400N wireless router also
supports 802.11g and 802.11b clients in a mixed environment.
The built-in access point can support an 11n data rate of up to 300 Mbps. In
addition to having a higher data rate, 802.11n technology also promises longer
coverage by using multiple antennas to transmit and receive data streams in
different directions.
The Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN is equipped
with advanced security technologies like Intrusion Prevention System (IPS),
Stateful Packet Inspection (SPI) Firewall, IP based Access List (IP ACL), and
Network Address Port Translation (NAPT, also called NAT as a more generic term).
These technologies work together by providing self-defensive strategy. They
identify, classify, and stop malicious attack traffic in real time while passing
through the WRVS4400N wireless router.
The SPI Firewall provides deep packet inspection to analyze packets in network
layer (IP) and transport layer (TCP, UDP) to block illegal packet transactions. You
can also use IP based ACL to limit traffic to a specific source, destination and
protocol.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 6
Introduction
1
NAPT allows you to open specific TCP/UDP port numbers to the Internet to
provide limited service while minimizing harmful traffic at the same time.
The Virtual Private Network (VPN) capability is another security feature that
creates encrypted “tunnels” through the Internet, allowing up to five remote offices
and five traveling users to securely connect into your office network from off-site.
Users connecting through a VPN tunnel are attached to your company’s network
with secure access to files, e-mail, and your intranet as if they were in the building.
You can also use the VPN capability to allow users on your small office network to
securely connect out to a corporate network.
The QoS features of the Cisco WRVS4400N Wireless-N Gigabit Security Router
with VPN provide consistent voice and video quality throughout your business.
This administration guide gives you all the information you need to connect, set up,
and configure your router.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 7
Networking and Security Basics
This chapter describes networking and security basics. It includes the following
sections:
• An Introduction to LANs, page 8
• The Use of IP Addresses, page 9
• The Intrusion Prevention System (IPS), page11
2
An Introduction to LANs
A router is a network device that connects two networks together.
The router connects your local area network (LAN), or the group of personal
computers in your home or office, to the Internet. The router processes and
regulates the data that travels between these two networks.
The router’s Network Address Translation (NAT) technology protects your network
of personal computers so users on the Internet cannot “see” your personal
computers. This is how your LAN remains private. The router protects your
network by inspecting the first packet coming in through the Internet port before
delivery to the final destination on one of the Ethernet ports. The router inspects
Internet port services like the web server, FTP server, or other Internet
applications, and, if allowed, it will forward the packet to the appropriate personal
computer on the LAN side.
You can use multiple Cisco WRVS4400N Wireless-N Gigabit Security Routers to
connect multiple LANs together. This usually applies to a medium-sized or larger
company where you want to divide your network into multiple IP subnets to
increase the intranet throughput and reduce the size of the IP broadcast domain
and its interference. In this case, you need one WRVS4400N wireless router for
each subnetwork and you can connect all the WAN ports to a second level router
or switch to the Internet.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 8
Networking and Security Basics
The Use of IP Addresses
The second level router only forwards data packets through a wired network so
you don’t have to use the Cisco WRVS4400N Wireless-N Gigabit Security Router.
You can use any wired router in the Cisco family such as RVS4000 that has 4 LAN
ports and 1 WAN port.
2
The Use of IP Addresses
IP stands for Internet Protocol. Every device in an IP-based network, including
personal computers, print servers, and routers, requires an IP address to identify
its location, or address, on the network. This applies to both the Internet and LAN
connections.
There are two ways of assigning IP addresses to your network devices.
A static IP address is a fixed IP address that you assign manually to a personal
computer or other device on the network. Since a static IP address remains valid
until you disable it, static IP addressing ensures that the device assigned it will
always have that same IP address until you change it. Static IP addresses are
commonly used with network devices such as server personal computers or print
servers.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 9
Networking and Security Basics
The Use of IP Addresses
If you use the router to share your cable or DSL Internet connection, contact your
ISP to find out if they have assigned a static IP address to your account. If so, you
will need that static IP address when configuring the router. You can get the
information from your ISP.
A dynamic IP address is automatically assigned to a device on the network. These
IP addresses are called dynamic because they are only temporarily assigned to
the personal computer or other device. After a certain time period, they expire and
may change. If a personal computer logs onto the network (or the Internet) and its
dynamic IP address has expired, the DHCP server will assign it a new dynamic IP
address.
A DHCP server can either be a designated personal computer on the network or
another network device, such as the router. By default, the router’s Internet
Connection Type is Obtain an IP automatically (DHCP).
The personal computer or network device obtaining an IP address is called the
DHCP client. DHCP frees you from having to assign IP addresses manually every
time a new user is added to your network.
2
For DSL users, many ISPs may require you to log on with a user name and
password to gain access to the Internet. This is a dedicated, high-speed
connection type called Point to Point Protocol over Ethernet (PPPoE). PPPoE is
similar to a dial-up connection, but PPPoE does not dial a phone number when
establishing a connection. It also will provide the router with a dynamic IP address
to establish a connection to the Internet.
By default, a DHCP server (on the LAN side) is enabled on the router. If you already
have a DHCP server running on your network, you MUST disable one of the two
DHCP servers. If you run more than one DHCP server on your network, you will
experience network errors, such as conflicting IP addresses. To disable DHCP on
the router, see Configuring Local Area Network (LAN) Settings, page 52
NOTE Since the router is a device that connects two networks, it needs two IP
addresses—one for the LAN, and one for the Internet. In this Administration
Guide, you’ll see references to the “Internet IP address” and the “LAN IP
address”.
Since the router uses NAT technology, the only IP address that can be seen
from the Internet for your network is the router’s Internet IP address.
However, even this Internet IP address can be blocked so the router and
network seem invisible to the Internet.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 10
Networking and Security Basics
The Intrusion Prevention System (IPS)
The Intrusion Prevention System (IPS)
IPS is an advanced technology to protect your network from malicious attacks. IPS
works together with your SPI Firewall, IP Based Access Control List (ACL),
Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to
achieve the highest level of security. IPS works by providing real-time detection
and prevention as an in-line module in a router.
The WRVS4400N wireless router has hardware-based acceleration for real-time
pattern matching for detecting malicious attacks. It actively filters and drops
malicious TCP/UDP/ICMP/IGMP packets and can reset TCP connections. This
protects your client personal computers and servers running various operating
systems including Windows, Linux, and Solaris from network worm attacks.
However, this system does not prevent viruses contained in e-mail attachments.
The P2P (peer to peer) and IM (instant messaging) control allows you to prevent
network users from using those protocols to communicate with people over the
Internet. This helps the administrators to set up company policies on how to use
their Internet bandwidth wisely.
2
The signature file is the heart of the IPS system. It is similar to the virus definition
files on your personal computer’s Anti-Virus programs. IPS uses this file to match
against packets coming in to the Router and performs actions accordingly. As of
today, the Wireless-N Router is shipped with signature file version 1.3.8 and with a
total of 1101 rules. The rules cover the following categories: DDoS, Buffer
Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm, and
Web Attacks.
It is recommended that you update your IPS signature file regularly to thwart new
attack types.
The following diagram illustrates a number of IPS scenarios.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 11
Networking and Security Basics
The Intrusion Prevention System (IPS)
2
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 12
3
Planning Your Virtual Private Network (VPN)
This chapter provides information for planning your VPN and includes the
following sections:
• Why do I need a VPN?, page13
• What is a VPN?, page15
Why do I need a VPN?
Computer networking provides a flexibility not available when using an archaic,
paper-based system. With this flexibility, however, comes an increased risk in
security. This is why firewalls were first introduced. Firewalls help to protect data
inside of a local network. But what do you do once information is sent outside of
your local network, when e-mails are sent to their destination, or when you have to
connect to your company’s network when you are out on the road? How is your
data protected?
That is when a VPN can help. VPNs are called Virtual Private Networks because
they secure data moving outside of your network as if it were still within that
network.
When data is sent out across the Internet from your computer, it is always open to
attacks. You may already have a firewall, which will help protect data moving
around or held within your network from being corrupted or intercepted by entities
outside of your network, but once data moves outside of your network—when you
send data to someone via e-mail or communicate with an individual over the
Internet—the firewall will no longer protect that data.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 13
Planning Your Virtual Private Network (VPN)
Why do I need a VPN?
At this point, your data becomes open to hackers using a variety of methods to
steal not only the data you are transmitting but also your network login and
security data. Some of the most common methods are as follows:
• MAC Address Spoo fing, page14
• Data Sniffing, page14
• Man in the Middle Attacks, page14
MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are
preceded by a packet header. These packet headers contain both the source and
destination information for that packet to transmit efficiently. A hacker can use this
information to spoof (or fake) a MAC address allowed on the network. With this
spoofed MAC address, the hacker can also intercept information meant for
another user.
3
Data Sniffing
Data “sniffing” is a method used by hackers to obtain network data as it travels
through unsecured networks, such as the Internet. Tools for just this kind of activity,
such as protocol analyzers and network diagnostic tools, are often built into
operating systems and allow the data to be viewed in clear text.
Man in the Middle Attacks
Once the hacker has either sniffed or spoofed enough information, he can now
perform a “man in the middle” attack. This attack is performed, when data is being
transmitted from one network to another, by rerouting the data to a new
destination. Even though the data is not received by its intended recipient, it
appears that way to the person sending the data.
These are only a few of the methods hackers use and they are always developing
more. Without the security of your VPN, your data is constantly open to such
attacks as it travels over the Internet. Data travelling over the Internet will often
pass through many different servers around the world before reaching its final
destination. That’s a long way to go for unsecured data and this is when a VPN
serves its purpose.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 14
Planning Your Virtual Private Network (VPN)
What is a VPN?
What is a VPN?
A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN
router, for instance—in different networks that allows private data to be sent
securely over a shared or public network, such as the Internet. This establishes a
private network that can send data securely between these two locations or
networks.
This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or
networks and allows data to be transmitted over the Internet as if it were still
within those networks. Not a literal tunnel, it is a connection secured by encrypting
the data sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated,
leased line for a private network. Using industry standard encryption and
authentication techniques—IPSec, short for IP Security—VPN creates a secure
connection that, in effect, operates as if you were directly connected to your local
network. VPN can be used to create secure networks linking a central office with
branch offices, telecommuters, and/or professionals on the road (travelers can
connect to a VPN router using any computer with the Cisco QuickVPN Client
software.)
3
There are two basic ways to create a VPN connection:
• VPN router to VPN router
• Computer (using the Cisco QuickVPN Client software) to VPN router
The VPN router creates a “tunnel” or channel between two endpoints, so that data
transmissions between them are secure. A computer with the Cisco QuickVPN
Client software can be one of the two endpoints (refer to AppendixB, “Using
Cisco QuickVPN for Windows 2000, XP, or Vista”). If you choose not to run the
VPN client software, any computer with the built-in IPSec Security Manager
(Microsoft 2000 and XP) allows the VPN router to create a VPN tunnel using IPSec
(refer to Appendix C, “Configuring a Gateway-to-Gateway IPSec Tunnel.”).
Other versions of Microsoft operating systems require additional, third-party VPN
client software applications that support IPSec to be installed.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 15
Planning Your Virtual Private Network (VPN)
What is a VPN?
VPN Router to VPN Router
An example of a VPN router-to-VPN router VPN would be as follows. At home, a
telecommuter uses his VPN router for his always-on Internet connection. His router
is configured with his office’s VPN settings. When he connects to his office’s router,
the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs
utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now
has a secure connection to the central office’s network, as if he were physically
connected. For more information, refer to AppendixC, “Configuring a Gateway-
to-Gateway IPSec Tunnel.”
3
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 16
Planning Your Virtual Private Network (VPN)
What is a VPN?
Computer to VPN Router
The following is an example of a computer-to-VPN router VPN. In her hotel room, a
traveling businesswoman connects to her ISP. Her notebook computer has the
Cisco QuickVPN Client software, which is configured with her office’s IP address.
She accesses the Cisco QuickVPN Client software and connects to the VPN
router at the central office. As VPNs utilize the Internet, distance is not a factor.
Using the VPN, she now has a secure connection to the central office’s network, as
if she were physically connected.
3
For additional information and instructions about creating your own VPN, please
visit www.cisco.com. You can also refer to Appendix B, “Using Cisco QuickVPN
for Windows 2000, XP, or Vista”, and Appendix C, “Configuring a Gateway-toGateway IPSec Tunnel.”
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 17
4
Getting Started with the WRVS4400N Router
This chapter describes the physical features of the WRVS4400N router and
provides information for installing the router. The following sections are included:
• Front Panel, page19
• Back Panel, page 20
• WRVS4400N Antennas, page 20
• Placement Options, page 21
• Installing the Router, page 24
• Configuring the Router, page 26
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 18
Getting Started with the WRVS4400N Router
Front Panel
Front Panel
The LEDs are located on the front panel of the router.
Front of Router
4
POWER LED—Lights up green to indicate the router is powered on. The LED
flashes when the router is running a diagnostic test.
DIAG LED—If this light is off, the system is ready. The Diag LED blinks red
during firmware upgrades.
IPS LED—The IPS LED lights up when the Intrusion Prevention System (IPS)
function is enabled. If the LED is off, then IPS functions are disabled. The IPS
LED flashes green when an external attack is detected. It flashes red when an
internal attack is detected.
Wireless LED—The WIRELESS LED lights up when the wireless module is
enabled. The LED is off when the wireless module is disabled. The WIRELESS
LED flashes green when the data is transmitting or receiving on the wireless
module.
Ethernet Port LEDs 1-4—For each LAN port, there are three LEDs. If a port
LED is continuously lit green, the router is connected to a device at the speed
indicated through the corresponding port (1, 2, 3, or 4). The LED flashes green
when a router is actively sending or receiving data on that port.
INTERNET LED—The Internet LED lights up green to indicate the line speed of
the device attached to the Internet port. If the router is connected to a cable or
DSL modem, typically the 100 LED will be the only LED lit up, indicating
100 Mbps. Flashing indicates activity.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 19
Getting Started with the WRVS4400N Router
Back Panel
Back Panel
The Ethernet ports, Internet port, Reset button, and Power port are on the back panel of
the router.
4
WRVS4400N Antennas
RESET Button—The Reset button can be used in two ways:
• If the router is having problems connecting to the Internet, press
the Reset button for just a second with a paper clip or a pencil tip.
This is similar to pressing the reset button on your personal
computer to reboot it.
• If you are experiencing extreme problems with the router and
have tried all other troubleshooting measures, press and hold in
the Reset button for 10 seconds. This restores the factory
defaults and clears all of the router settings, such as port
forwarding or a new password.
INTERNET Port—Provides a WAN connection to a cable modem or DSL
modem.
ETHERNET Ports 1-4—Provide a LAN connection to network devices,
such as PCs, print servers, or additional switches.
POWER Port—Connects the router to power via the supplied AC power
adapter.
The router has three non-detachable 1.8dBi omni-directional antennas. The three
antennas have a base that can rotate 90 degrees when in the standing position.
The three antennas support 2X3 MIMO diversity in wireless-N mode.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 20
Getting Started with the WRVS4400N Router
Placement Options
Placement Options
You can place the router horizontally on the rubber feet, mount it in the stand, or
mount it on the wall.
Desktop Option
For desktop placement, place the Cisco WRVS4400N router horizontally on a
surface so it sits on its four rubber feet.
4
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 21
Getting Started with the WRVS4400N Router
Placement Options
Stand Option
To install the router vertically in the supplied stands, follow the steps below.
4
INTERNET
WRVS4400N
1 2 3 4
1000
100
10
POWER DIAG IPS WIRELESS ETHERNET
274945
To place the router vertically, follow these steps.
STEP1 Locate the left side panel of the router.
STEP 2 With the two large prongs of one of the stands facing outward, insert the short
prongs into the little slots in the router and push the stand upward until the stand
snaps into place.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 22
Getting Started with the WRVS4400N Router
193817
Wall
mount
slots
2-9/16
Placement Options
STEP 3 Repeat step 2 with the other stand.
4
Wall Option
To mount the Cisco WRVS4400N router on the wall, follow these steps.
STEP1 Determine where you want to mount the router and install two screws (not
supplied) that are 2-9/16 in. apart (approximately 64.5 mm).
STEP 2 With the back panel pointing up (if installing vertically), line up the router so that the
wall-mount crisscross slots on the bottom of the access point line up with the two
screws.
STEP 3 Place the wall-mount slots over the screws and slide the router down until the
screws fit snugly into the wall-mount slots.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 23
Getting Started with the WRVS4400N Router
Installing the Router
Installing the Router
To prepare the router for installation do the following:
• Obtain the setup information for your specific type of Internet connection
from your Internet Service Provider (ISP).
• Power off all of your network hardware, including the router, PCs, and cable
modem or DSL modem.
Perform the steps in this section to install the hardware.
STEP1 Connect one end of an Ethernet network cable to one of the LAN ports (labeled 1-
4) on the back of the router. Connect the other end to an Ethernet port on a PC.
4
STEP 2 Repeat step 1 to connect up to four PCs, switches, or other network devices to the
router.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 24
Getting Started with the WRVS4400N Router
Installing the Router
STEP 3 Connect an Ethernet network cable from your cable or DSL modem to the Internet
port on the router’s back panel.
4
STEP4 Power on the cable or DSL modem.
STEP 5 Connect the power adapter to the Power port on the router and plug the other end
into an electrical outlet.
STEP 6 The Power and Internet LEDs on the front panel will light up green as soon as the
power adapter is connected properly.
STEP 7 Power on the PCs.
The router hardware installation is now complete.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 25
Getting Started with the WRVS4400N Router
Configuring the Router
Configuring the Router
To configure the WRVS4400N router, plug a PC into the router and launch the webbased configuration utility as follows.
NOTE Before setting up the router, make sure your PCs are configured to obtain an IP (or
TCP/IP) address automatically from the router.
STEP1 Launch a web browser, such as Internet Explorer or Mozilla Firefox.
STEP 2 In the Address field enter http://192.168.1.1 and press Enter.
STEP 3 In the User Name and Password fields, enter admin.
4
The default user name and password is admin.
STEP4 Click OK.
For added security, you should later set a new password using the Administration
> Management window of the web-based utility.
STEP 5 The web-based utility will appear with the Setup menu and Summary selected.
Click WAN under the Setup menu.
STEP 6 If requested by your ISP (usually cable ISPs), complete the Host Name and Domain
Name fields, and the MTU and MTU Size fields. Otherwise, leave the defaults.
STEP 7 In the WAN window, choose an Internet Connection Type from the
drop-down menu. Depending on which internet connection type you select,
additional setup may be required.
The Internet Connection Types are:
• Automatic Configuration - DHCP: If you are connecting through DHCP or a
dynamic IP address from your ISP, keep this default setting.
• Static IP: If your ISP assigns you a static IP address, select Static IP from the
drop-down menu. Complete the Internet IP Address, Subnet Mask, Default
Gateway, and DNS fields. Enter at least one DNS address.
• PPPoE: If you are connecting through PPPoE, select PPPoE from the drop-
down menu. Complete the User Name and Password fields.
• PPTP: PPTP is a service used in Europe only. If you are using a PPTP
connection, check with your ISP for the necessary setup information.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 26
Getting Started with the WRVS4400N Router
Configuring the Router
• Heartbeat Signal: Heartbeat Signal is used primarily in Australia. Check with
your ISP for the necessary setup information.
• L2TP: L2TP is used mostly in Europe. Check with your ISP for the necessary
setup information.
STEP 8 When you are finished entering your Internet connection settings, click Save.
STEP 9 Restart or power on your PC to obtain the new router setting.
STEP10 Test the setup by opening your web browser from any computer and entering
http://www.cisco.com/smb.
Congratulations! The installation of the router is complete.
4
NOTE For more information about advanced settings and security options, refer to the
Cisco
WRVS4400N Wireless-N Gigabit Security Router with VPN Administration
Guide on your CD-ROM. You can also access this guide and other related
documentation on Cisco.com, as indicated in the next section.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 27
5
Setting Up and Configuring the WRVS4400N Wireless-N Router
The Wireless-N router works right out of the box with the default settings.
However, to change these settings, you can use the router’s web-based
configuration utility.
You can access the web-based configuration utility via a web browser (such as
Microsoft Internet Explorer or Mozilla Firefox) from a computer connected to the
same network the router is connected to.
This chapter includes the following sections:
• Accessing the Web-Based Utilit y, page 29
• Navigating the Utility, page 30
• Setting Up Your Wireless-N Router, page 36
• Configuring Wireless Settings, page 68
• Configuring Firewall Settings, page 88
• Configuring the ProtectLink Web Service, page104
• Configuring the VPN Settings, page105
• Configuring the QoS Settings, page118
• Configuring the Administration Settings, page123
• Configuring IPS Settings, page135
• Configuring the L2 Switch Settings, page141
• Viewing Status, page152
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 28
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Accessing the Web-Based Utility
Accessing the Web-Based Utility
There are two ways to connect to your wireless router for the first time:
• Physically connect your personal computer to one of the four LAN ports on
the router. Then, configure your personal computer to obtain its IP address
automatically from a DHCP server.
• Wirelessly connect your personal computer to the router (not
recommended), by configuring the wireless interface of your personal
computer to obtain its IP address automatically from a DHCP server.
NOTE Wirelessly connecting your personal computer to the router for initial
configuration is not recommended because you might lose the
connection while making wireless configuration changes.
5
To access the router’s web-based utility, follow these steps:
STEP1 Launch a web browser, such as Internet Explorer or Mozilla Firefox, and enter the
router’s default IP address, 192.168.1.1, in the Address field. Then, press Enter.
The Authentication Required dialog box appears.
STEP 2 Enter admin in the User Name field, and enter your password (default password is
admin) in the Password field. Then, click OK.
The Summary window appears.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 29
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
5
Navigating the Utility
The web-based utility consists of the following main windows:
• Setup
• Wireless
• Firewall
• ProtectLink
• VPN
• QoS
• Administration
• IPS
• L2 Switch
• Status
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 30
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
Additional windows branch out from these main windows. The following briefly
describes the windows of the utility.
Setup
This window allows you to configure the router’s basic functionality and set its
time through the following windows:
• Summary—Displays a read-only summary of the router's basic information.
• WAN—Displays, and allows the modification of, Internet connection
settings on this window.
• LAN—Displays, and allows the modification of, Local Area Network (LAN)
settings on this window.
• DMZ—Allows the use of the DMZ (Demilitarized Zone) Host feature to allow
a local user to access special-purpose Internet services such as Internet
gaming and video conferencing.
5
• MAC Address Clone—Enables the cloning of your network adapter's MAC
address onto the router. This obviates the need to call your ISP to have the
registered MAC address changed to the router's MAC address, should your
ISP require that you register your MAC address.
• Advanced Routing—Enables you to select the router’s operation mode
(dynamic or static routing) while connecting to either the Internet or Intranet
(NAT is only enabled while connecting to the Internet). The router supports
Routing Information Protocol (RIP) versions 1 and 2 to automatically
exchange routing information and establish the router’s routing table.
• Time—Sets up the router’s time settings.
• IP Mode—Provides options for the IPv4 mode or the Dual-Stack IPv4 and
IPv6 mode.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 31
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
Wireless
This window allows you to enter a variety of wireless settings for the built-in
access point of the router through the following windows:
• Basi c Setti ngs—Chooses the wireless network mode (for example, B/G/N-
Mixed), SSID, and radio channel.
• Security Settings—Configures the built-in access point’s security settings.
• Connec tion Control—Controls the wireless connections from client
devices to the router.
• Advanced Settings—Configures the built-in access point’s more advanced
wireless settings (for example, Tx Rate Limiting and Channel Bandwidth).
• VLAN & QoS—Configures the 802.1Q VLAN and the Quality of Service
(QoS) settings.
5
• WDS—Configures Wireless Distribution System (WDS) settings.
Firewall
This window allows you to configure basic firewall settings, IP access list, and
Network Address Port Translation (NAT) settings for your network’s security
through the following windows:
• Basic Settings—Configures basic firewall settings.
• IP Based ACL—Defines an IP-based access list to block specific hosts,
networks, and protocols (services).
• Internet Access Policy—Defines the time schedule to allow or block
complete Internet access or access to specific URLs from the router.
• Single Port Forwarding—Sets up public services or other specialized
Internet applications that use a single port on your network.
• Port Range Forwarding—Sets up public services or other specialized
Internet applications on your network that use a range of ports.
• Port Range Triggering—Sets up triggered ranges and forwarded ranges
to allow special Internet applications to pass through this NAT router.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 32
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
ProtectLink
This window allows you to check e-mail messages, filter website addresses
(URLs), and block potentially malicious websites for the Cisco ProtectLink Web
hosted service, thereby providing security for your network.
VPN
This window allows you to configure VPN tunnels and accounts to establish a
secured channel through the Internet through the following windows:
• Summary—Displays IPSec tunnel status summary.
• IPSec VPN—Allows the VPN router to create one or multiple tunnels (or
secure channels) each connecting between two endpoints, so that the
transmitted data or information between these endpoints is secure.
5
• VPN Client Accounts—Designates VPN clients and their passwords.
• VPN Pass Through—Allows you to disable IPSec Passthrough, PPTP
Passthrough, and L2TP Passthrough.
QoS
This window allows you to configure the two types of QoS traffic supported by
the router through the following windows:
• Band w idth M anag e m e nt—Allows you to perform bandwidth management
by selecting either the Rate Control or Priority setting.
• QoS Setup—Allows users to configure the QoS Trust Mode for each LAN
port.
• DSCP Settings —Allows you to set the Differentiated Services Code Point
(DSCP).
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 33
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
Administration
This window allows you to administer the router through the following windows:
• Management—Allows you to alter the router’s password, its access
privileges, SNMP settings, and UPnP settings.
• Log—Allows the configuration of Log settings.
• Diagnostics—Allows you to check the connection between the router and
another network device on the LAN or Internet.
• Backup & Restore—Allows you to back up and restores the Gateway's
configuration file.
• Factory Defa ults—Allows you to restore the router’s factory defaults.
• Reboot—Allows you to reboot the router.
5
• Firmware Upgrade—Allows you to upgrade the router’s firmware.
IPS
This window allows you to carry out advanced configuration of the built-in
Intrusion Prevention System (IPS) inside the router through the following windows:
• Configure—Enables or disables IPS functions.
• P2P/IM—Allows or blocks specific Peer-to-Peer (P2P) networks and
Instant Messaging (IM) applications.
• Report—Provides reports of network traffic and malicious attacks.
• Information—Provides the signature file version and the protection scope
of the IPS system.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 34
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Navigating the Utility
L2 Switch
This window allows you to configure layer 2 switching features on the 4 port
Ethernet switch (LAN ports only) through the following windows:
• Create VLAN—Creates a Virtual Local Area Network (VLAN) assignment.
• VLAN & Port Assignment—Configures VLAN and port settings.
• RADIUS—Configures Remote Authorization Dial-In User Service (RADIUS)
settings.
• Port Setting—Configures port speeds and duplex operation.
• Statistics—Displays statistics for both received and transmitted packets.
• Port Mirroring—Configures port mirroring.
• RSTP—Configures RSTP (Rapid Spanning Tree Protocol) settings.
5
Status
This window allows you to monitor the current status of the router through the
following windows:
• Gateway—Provides basic information like firmware version and status
information on the WAN port.
• Local Network—Provides status information about the local network (four
Ethernet ports).
• Wireless LAN—Provides status information on Wireless LAN.
• System Performanc e —Provides traffic statistics on LAN and Wireless
LAN ports.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 35
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Setting Up Your Wireless-N Router
This section describes how to configure the general settings of your router:
• Configuring B asic Setup Settings on page 37
• Displaying A Read-Only Summary of the Basic Router Information on
page 38
• Configuring Internet Connection Settings on page 40
• Configuring DDNS Service Settings on page 50
• Configuring Local Area Network (LAN) Settings on page 52
• Using The DMZ (Demilitarized Zone) Host Feature to Access Special
Purpose Internet Services on page 55
5
• Cloning Your Network Adapter ’s MAC Address onto Your Router on
page 57
• Configuring the Router’s Advanced Settings on page 58
• Changing the Router’s Time Settings on page 62
• Selecting IPv4 Mode or Dual Stack IPv4 And IPv6 Mode on page 64
The Setup window contains all of the router’s basic setup functions. You can use
the router in most network settings without changing any of the default values.
Some users may need to enter additional information to connect to the Internet
through an ISP (Internet Service Provider) or broadband (DSL, cable modem)
carrier.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 36
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Configuring Basic Setup Settings
You can configure the following basic setup settings:
• WAN
Click Setup > WAN and select the appropriate Internet connection type
according to your ISP if connecting your WAN port to the WAN (DSL or
cable modem). Otherwise, most cases can use the default setting to get a
WAN port IP address from a DHCP server.
• Advanced Routing
Click Setup > Advanced Routing. If you are connecting the router to the
Internet, use the default setting. Otherwise, select Router in the Operation
Mode field to disable NAT (Network Address Translation).
• Management
5
Click Administration > Management and change the access password for
the router’s web-based utility. The default username and password are
admin.
You can also customize the wireless settings:
• Wireless
Click Wireless > Basic Sett ings and change the default SSID on the
window. Select the level of security in the Wireless > Security Settings
window and complete the options for the selected security mode. When
the appropriate security mode is configured, disable SSID Broadca st on
the Basic Settings window.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 37
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Displaying A Read-Only Summary of the Basic Router Information
The Setup > Summary window displays read-only information about the router.
5
To view the Setup > Summary window, follow these steps:
STEP1 Click Setup > Summary.
STEP 2 Click Refresh to display the latest router settings.
The Summary window displays the following information:
• System Information
- Firmware version—Displays the router's current software version.
- CPU—Displays the router's CPU type.
- System up time—Displays the length of time that has elapsed since the
router was last reset.
- DRAM—Displays the amount of DRAM installed in the router.
- Flash—Displays the amount of flash memory installed in the router.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 38
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Port Statistics
This section displays the following color-coded status information on the
router's Ethernet ports:
- Green—Indicates that the port has a connection.
- Black (unlit)—Indicates that the port has no connection.
• Network Setting Status
- LAN IP—Displays the IP address of the router's LAN interface.
- WAN IP —Displays the IP address of the router's WAN interface. If this
address was assigned using DHCP, click DHCP Release to release the
address, or click DHCP Renew to renew the address.
- Mode—Displays the operating mode (Gateway or Router).
5
- DNS 1-2—Displays the IP addresses of the Domain Name System
(DNS) servers that the router is using.
- DDNS—Indicates whether the Dynamic Domain Name System (DDNS)
feature is enabled.
- DMZ—Indicates whether the DMZ Hosting feature is enabled.
• Firewall Setting Status
- DoS (Denial of Service)—Indicates whether the DoS (Denial of Service)
protection feature is enabled to block DoS attacks.
- Block WAN Request—Indicates whether the Block WAN Request
feature is enabled.
- Remote Management—Indicates whether the Remote Management
feature is enabled.
• IPSec VPN Setting Status
- IPSec VPN Summary—Displays the VPN > Summary window.
- Tunnel(s) Used—Displays the number of VPN tunnels currently being
used.
- Tunnel(s) Available—Displays the number of VPN tunnels that are
available.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 39
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Log Setting Status
- E-mail—If this entry appears in the window, email cannot be sent
because you have not specified an outbound SMTP server address.
Click E-mail to display the Administration > Log window where you can
configure the SMTP mail server.
Configuring Internet Connection Settings
The Setup > WAN Setup window displays Internet Connection Type and DDNS
settings for configuring WAN port of the wireless router.
To configure the WAN settings for the router, follow these steps:
STEP1 Find out the Internet connection type and the settings used by your ISP. If the
router is used as an Intranet router, you can in most cases use the default settings.
5
STEP 2 If you wish to use the dynamic DNS feature, sign up for a DDNS service.
STEP 3 In the router’s web-based configuration utility, click Setup > WAN.
STEP4 From the Internet Connection Type drop-down menu, select a connection type.
Based on your selection, the web-based utility displays relevant fields.
The router supports six connection types. For more information on how to
configure the settings for these connection types, see the following sections:
• Automatic Configuration - DHCP Server on page 42
• Static IP on page 43
• PPPoE on page 44
• PPTP on page 45
• Heart Beat Signal on page 47
• L2TP on page 48
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 40
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
STEP 5 If required by your ISP, configure the following settings:
• Host Name—Enter the host-name provided by your ISP if you have
broadband/cable Internet service and your ISP requires you to use a hostname as network identification. In most cases you can leave this field blank.
• Domain Name—Enter the domain name provided by your ISP if you have
broadband/cable Internet service and your ISP requires you to use a domain
name as network identification. In most cases you can leave this field blank.
• MTU—MTU is the Maximum Transmission Unit. It specifies the largest
packet size permitted for Internet transmission. Select Manual if you want to
manually enter the largest packet size to be transmitted. To have the router
select the best MTU for your Internet connection, keep the default setting,
Auto.
• Size—If you select Manual in the MTU field, this option is enabled. The
recommended setting for this field is 1500 (standard MTU size on Ethernet
media).
5
STEP 6 To configure the DDNS service, see Configuring DDNS Service Settings on page
50.
STEP 7 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 41
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Automatic Configuration - DHCP Server
5
To have the router automatically get its IP address from your ISP’s DHCP server,
leave the connection type at its default setting of Automatic Configuration -
DHCP Ser ver. Most cable modem ISPs use the default option.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 42
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Static IP
5
To use a permanent IP address to connect to the Internet, select Static IP from the
Internet Connection Type drop-down menu and fill in the following settings:
• Internet IP Address—Enter the IP address provided by your ISP. This is the
router’s IP address on the WAN port that can be reached from the Internet.
• Subnet Mask—Enter the subnet mask provided by your ISP. This is the
router’s subnet mask on the WAN port.
• Default Gateway—Enter the default gateway provided by your ISP. This is
the router’s default gateway to reach the Internet.
• Primary DNS (Required) and Secondary DNS (Optional)—Enter the IP
addresses of the primary and secondary DNS server your ISP provided
you with. These servers resolve domain-name-to-IP address mappings.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 43
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
PPPoE
5
If your ISP is DSL-based and uses Point-to-Point Protocol over Ethernet (PPPoE) to
establish Internet connections, select PPPoE from the Internet Connection Type
drop-down menu to enable it, and do the following:
• User Name and Password—Enter the user name and password provided
by your ISP for PPPoE authentication.
• Connect on Demand—Max Idle Time—Configure the router to cut the
Internet connection after it has been inactive for a specified period of time
(Max Idle Time). If your Internet connection has been terminated due to
inactivity, Connect on Demand enables the router to automatically reestablish your connection as soon as you attempt to access the Internet
again. If you wish to activate Connect on Demand, click the Connect on
Demand option and enter the number of minutes you want to have elapsed
before your Internet connection terminates in the Max Idle Time field. Use
this option to minimize your DSL connection time if it is charged based on
time. This option is disabled by default.
• Keep Alive Redial period—Allows the router to periodically check your
Internet connection. If you are disconnected, the router automatically
reestablishes your connection. To use this option, click the option next to
Keep Alive. In the Redial Period field, you specify how often you want the
router to check the Internet connection. This option is enabled by default
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 44
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
and the default Redial Period is 30 seconds. Use this option to minimize
your Internet connection response time as it is always connected.
PPTP
5
In Europe and Israel only, select PPTP from the Internet Connection Type drop-
down menu if you wish to use the Point-to-Point Tunneling Protocol (PPTP) service,
and enter the following:
• IP Address—Enter the IP address provided by your ISP. This is the router’s
IP address, when seen from the WAN, or the Internet.
• Subnet Mask—Enter the subnet mask provided by your ISP along with your
IP address. This is the router’s Subnet Mask.
• Default Gateway—Enter the default gateway IP address provided by your
ISP.
• PPTP Server—Enter the IP address of the PPTP server.
• User Name and Password—Enter the user name and password provided
by your ISP.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 45
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Connect on Demand: Max Idle Time—Configure the router to cut the
Internet connection after it has been inactive for a specified period of time
(Max Idle Time). If your Internet connection has been terminated due to
inactivity, Connect on Demand enables the router to automatically reestablish your connection as soon as you attempt to access the Internet
again. If you wish to activate Connect on Demand, click the Connect on
Demand option and enter the number of minutes you want to have elapsed
before your Internet connection terminates in the Max Idle Time field. Use
this option to minimize your DSL connection time if it is charged based on
time. This option is disabled by default.
• Keep Alive Redial period—If you select this option, the router periodically
checks your Internet connection. If you are disconnected, then the router
automatically reestablishes your connection. To use this option, click the
option next to Keep Alive. In the Redial Period field, you specify how often
you want the router to check the Internet connection. This option is enabled
by default and the default Redial Period is 30 seconds. Use this option to
minimize your Internet connection response time as it is always connected.
5
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 46
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Heart Beat Signal
5
In Australia, select Heart Beat Signal from the Internet Connection Type drop-
down menu to use this service. Check with your ISP for the necessary setup
information, and enter the following:
• User Name and Password—Enter the user name and password provided
by your ISP.
• Heart Beat Server—Enter the IP address of the Heart Beat server.
• Connect on Demand: Max Idle Time—Configure the router to cut the
Internet connection after it has been inactive for a specified period of time
(Max Idle Time). If your Internet connection has been terminated due to
inactivity, Connect on Demand enables the router to automatically reestablish your connection as soon as you attempt to access the Internet
again. If you wish to activate Connect on Demand, click the Connect on
Demand option and enter the number of minutes you want to have elapsed
before your Internet connection terminates in the Max Idle Time field. Use
this option to minimize your DSL connection time if it is charged based on
time. This option is disabled by default.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 47
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Keep Alive: Redial period—Select this option, to have the router
periodically check your Internet connection. If you are disconnected, then
the router automatically reestablishes your connection. To use this option,
click the option next to Keep Alive. In the Redial Period field, specify how
often you want the router to check the Internet connection. This option is
enabled by default and the default Redial Period is 30 seconds. Use this
option to minimize your Internet connection response time as it is always
connected.
L2TP
5
In European countries that provides this service, select L2TP from the Internet
Connection Type drop-down menu to use the Layer 2 Tunneling Protocol (L2TP)
service that tunnels Point-to-Point Protocol (PPP) across the Internet. Check with
your ISP for the necessary setup information, and enter the following:
• IP Address—Enter the user name and password provided by your ISP. This
is the router’s IP address, when seen from the WAN or the Internet.
• Subnet Mask—Enter the subnet mask provided by your ISP along with your
IP address. This is the router’s Subnet Mask.
• Gateway—Enter the default gateway IP address provided by your ISP.
• L2TP Server—Enter the IP address of the L2TP server.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 48
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• User Name and Password—Enter the user name and password provided
by your ISP.
• Connect on Demand: Max Idle Time—Configure the router to cut the
Internet connection after it has been inactive for a specified period of time
(Max Idle Time). If your Internet connection has been terminated due to
inactivity, Connect on Demand enables the router to automatically reestablish your connection as soon as you attempt to access the Internet
again. If you wish to activate Connect on Demand, click the Connect on
Demand option and enter the number of minutes you want elapsed before
your Internet connection terminates, in the Max Idle Time field. Use this
option to minimize your DSL connection time if it is charged based on time.
This option is disabled by default.
• Keep Alive Redial period—If you select this option, the router periodically
checks your Internet connection. If you are disconnected, then the router
automatically reestablishes your connection. To use this option, click the
option next to Keep Alive. In the Redial Period field, you specify how often
you want the router to check the Internet connection. This option is enabled
by default and the default Redial Period is 30 seconds. Use this option to
minimize your Internet connection response time as it is always connected.
5
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 49
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Configuring DDNS Service Settings
DDNS lets you assign a fixed host and domain name to a dynamic Internet IP
address. It is useful when you are hosting your own website, FTP server, or other
server behind the router.
By default, DDNS service is disabled.
To enable and configure the DDNS settings for your router, follow these steps:
STEP1 To use DDNS service, sign up for one at DynDNS.org or TZO.com.
STEP 2 To configure your router to use DynDNS.org:
5
a. From the DDNS Service drop-down menu, select DynDNS.org.
b. Configure the DynDNS.org settings:
• User Name, Password, and Host Name—Enter the User Name, Password,
and Host Name of the account you set up with DynDNS.org.
• Status—The status of the DDNS service connection.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 50
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
STEP 3 To configure your router to use TZO.com:
5
a. From the DDNS Service drop-down menu, select TZO.com.
b. Configure the TZO.com settings:
• E-mail Address, TZO Password, and Domain Name—Enter the E-mail
address, password, and domain name of the account you set up with TZO.
• Status—The status of the TZO service connection.
• Connect—To manually update your IP address information on the DDNS
server when DDNS is enabled, use this button. The Status area on this
window also updates.
STEP4 Click Save.
After entering the necessary information, the router advises the DDNS service of
your current WAN (Internet) IP address whenever this address changes.
NOTE If you are using TZO, do not use the TZO software to perform this IP address
update.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 51
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Configuring Local Area Network (LAN) Settings
The Setup > LAN Setup window displays the router’s local network settings for
the four Ethernet ports.
5
To configure the LAN settings for the router, follow these steps:
STEP1 Click Setup > LAN Setup.
STEP 2 Configure the LAN settings:
• IPv4—This section displays the settings for the router’s local IPv4 address
and subnet mask. In most cases, you can use the default values.
- Local IP Address—Enter the IPv4 address on the LAN side. The default
value is 192.168.1.1.
- Subnet Mask—Select the subnet mask from the drop-down menu. The
default value is 255.255.255.0.
- IP Reserved for Internal Usage—Enter a value between 1 and 254 to
specify the IP address to use internally.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 52
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Server Settings (DHCP)—Unless you already have a DHCP server, it is
highly recommended that you leave the router enabled as a DHCP server.
To use the router as your network’s DHCP (Dynamic Host Configuration
Protocol) server, so that it automatically assigns an IP address to each
personal computer on your network, Enable DHCP server. (DHCP is
enabled by default.)
If you already have a DHCP server on your network, or you don't want a
DHCP server, then select Disable (no DHCP features will be available).
If you already have a DHCP server on your network, but you want the router
to act as a relay for that DHCP Server, select DHCP Relay, then enter the
DHCP Server IP address.
- Starting IP Address—Enter a value for the DHCP server to start with
when issuing IP addresses. This value automatically follows your local IP
address settings.
5
- Normally, you would assign the first IP address for the router (for example,
192.168.1.1) so that you can assign an IP address to other devices starting
from the 2nd IP address (for example, 192.168.1.2).
- The last address in the subnet is for subnet broadcast (for example,
192.168.1.255) so that the address cannot be assigned to any host.
- Maximum Number of DHCP Users—Enter the maximum number of
personal computers to which you want the DHCP server to assign IP
addresses.
- This number cannot be greater than the available host addresses in the
subnet (for example, 253 for /24 subnet).
- In order to determine the DHCP IP address range, add the starting IP
address (for example, 100) to the number of DHCP users.
- Client Lease Time—Enter the amount of time you want a DHCP client to
keep the assigned IP address before it sends a renewal request to the
DHCP server. The default value is 0, which actually means one day.
- Static DNS 1-3—If applicable, enter the IP address(es) of your DNS
servers.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 53
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
- WINS—If you have a WINS server, enter that server's IP address in the
field. Otherwise, leave this blank. The Windows Internet Naming Service
(WINS) performs name resolution function (similar to DNS) in the
Windows network environment. It can help you to determine the IP
address of a remote Windows personal computer from its computer
name.
5
• IPv6—This section displays the settings for the router’s IPv6 Address, Prefix
Length, and Router Advertisement options.
- IPv6 Address—If you would select the dual-stack option under IP
Versions Setup window, enter the IPv6 address on the LAN side of the
router in the field.
- Prefix Length—Enter the IPv6 prefix length. The default is 64, which
should not need to be changed.
- Router Advertisement—Enable this option to allow the router to send
out IPv6 router advertisement packets periodically. This helps IPv6 hosts
to learn their IPv6 prefix and setup their IPv6 address automatically.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 54
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• DHCPv6—To enable the DHCP v6 feature, select Enable.
To disable DHCP v6, select Disable.
- Lease time—Enter the lease time in minutes.
- DHCP address range start—Enter the starting DHCP v6 IP address.
- DHCP address range end—Enter the ending DHCP v6 IP address.
- Primary DNS—Enter the Primary IPv6 DNS server address.
- Secondary DNS —Enter the Secondary IPv6 DNS server address.
STEP 3 Click Save.
5
Using The DMZ (Demilitarized Zone) Host Feature to Access Special Purpose Internet Services
The Setup > DMZ window displays the settings for configuring DMZ Hosting, to
allow one local personal computer to be exposed to the Internet for use of a
special-purpose service, such as Internet gaming and video-conferencing.
DMZ Hosting forwards traffic to all the ports for the specified personal computer
simultaneously, unlike Port Range Forwarding that can only forward a maximum of
15 ranges of ports.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 55
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
5
To configure DMZ Hosting, follow these steps:
STEP1 Click Setup > DMZ
STEP 2 Fill in the DMZ Hosting settings:
• DMZ Hosting—To allow one local personal computer to be exposed to the
Internet for use of a special-purpose service such as Internet gaming and
video-conferencing, select Enable.
- To disable the DMZ feature, select Disable.
• DMZ Host IP Address—Enter (complete) the IP address of the computer to
be exposed to the Internet, for DMZ hosting.
STEP 3 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 56
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Cloning Your Network Adapter’s MAC Address onto Your Router
Some ISPs require that you register a MAC address.
The Setup > MAC Address Clone window allows the cloning of your personal
computer network adapter's MAC address onto the router, instead of you having to
call your ISP again to now change the registered MAC address to that of the router.
The router's MAC address is a 6-byte hexadecimal number assigned to a unique
piece of hardware for electronic identification.
5
To clone your network adapter’s MAC address onto your router, follow these steps:
STEP1 Click Setup > MAC Address Clone.
STEP 2 Complete the MAC Address Clone settings:
• Mac Address Clone—Select Enable or Disable. The default is Enable.
• Mac Address—Enter in this field the MAC address registered with your ISP.
• Clone My PC’s MAC button—When Mac Address Clone is enabled, click
this button to copy the MAC address of the network adapter in the computer
that you are using to connect to the Web-based utility.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 57
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
STEP 3 Click Save.
Configuring the Router’s Advanced Settings
The Setup > Advanced Routing window allows you to configure the router’s
Operating Mode and settings for Dynamic Routing, Static Routing, and Inter-VLAN
routing.
To configure your router’s advanced settings, follow these steps:
STEP1 Click Setup > Advanced Routing
STEP 2 Fill in the settings for advanced routing configuration:
5
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 58
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• To s e l e ct t h e operating mode in which the router functions:
- Select Gateway to allow all devices on your LAN to share the same WAN
(Internet) IP address, the normal mode of operation—in Gateway mode,
the NAT (Network Address Translation) mechanism is enabled.
Select Router to use another router as the Internet Gateway, or to have
all personal computers on your LAN assigned (fixed) Internet IP
addresses—in Intranet Router mode, the NAT mechanism is disabled.
STEP 3 Configure Dynamic Routing if appropriate.
5
The router's dynamic routing feature can be used to automatically establish a
routing table through a database exchange with peer routers (running the same
routing protocol). The router supports RIP (Routing Information Protocol) versions 1
& 2.
To configure Dynamic Routing, follow these steps:
a. Enable RIP (Routing Information Protocol) for the router to use the RIP protocol
and calculate the most efficient route for the network’s data packets to travel
between the source and the destination, based upon the shortest paths.
b. For RIP Send Packet Version, choose the version of RIP packets you want to
send to peers (RIPv1 or RIPv2) to match the version supported by other
routers on your LAN.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 59
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
c. For RIP Recv Packet Version, choose the version of RIP packets you want to
receive from peers (RIPv1 or RIPv2) to match the version supported by other
routers on your LAN.
STEP4 Configure Static Routing if necessary:
Some ISPs require static routes to build your routing table instead of using
dynamic routing protocols. Static routes do not require CPU resources to
exchange routing information with a peer router. You can also use static routes to
reach peer routers that do not support dynamic routing protocols. Static routes
can be used together with dynamic routes. Be careful not to introduce routing
loops in your network.
a. To set up static routing, add route entries in the routing table that tell the router
where to forward packets to specific IP destinations.
To create a static route entry, provide the following information:
5
• Select Set Number—Select the set number (routing table entry number)
that you wish to view or configure. If necessary, click Delete This Entry to
clear the entry.
• Destination IP Address—Enter the network address of the remote LAN
segment. For a standard Class C IP domain, the network address is the first
three fields of the Destination LAN IP; the last field should be zero.
• Subnet Mask—Enter the Subnet Mask used on the destination LAN IP
domain. For Class C IP domains, the Subnet Mask is 255.255.255.0.
• Gateway—If this router is used to connect your network to the Internet, then
your gateway IP is the router's IP address. If you have another router handling
your network's Internet connection, enter the IP address of that router
instead.
• Hop Count (max. 15)—Gives the number of routers that a data packet
passes through before reaching its destination. It is used to define the
priority on which route to use if there is a conflict between a static route and
dynamic route.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 60
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
STEP 5 View the Routing Table if necessary to verify routing.
To view the routing table established either through dynamic or static routing
methods, click the Show Routing Table button.
STEP 6 Enable Inter-VLAN Routing if needed.
Select Enable to allow packets to be routed between VLANs that are in different
subnets. The default is Enable.
5
STEP 7 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 61
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Changing the Router’s Time Settings
The Setup > Time window allows you to either define your router’s time manually
or automatically through the Time Server. The default is Automatically.
To define your router’s time, follow these steps:
STEP1 Click Setup > Time.
STEP 2 Specify how to set the local time:
5
a. Manually
• Set the loca l time Manually—If you wish to enter the time and date
manually, select the Date from the drop-down fields and enter the hour,
minutes, and seconds in the Time field using 24 hour format (example
10:00pm would be entered 22:0:0).
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 62
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
5
b. Automatically
• Set the loca l time using Network Time Protocol (NTP) Automatically—If
you wish to use a Network Time Protocol server to set the time and date,
select this option, then complete the following fields.
- Time Zone—Select the time zone for your location and your setting
- Auto Daylight Saving—If your location observes daylight savings time,
- User Defined NTP Server—To use your own NTP server, select the
- NTP Server IP Address—Enter the IP address of your own NTP server.
STEP 3 Click Save.
synchronizes over the Internet with public NTP (Network Time Protocol)
Servers.
select the Enable option.
Enabled option. The default is Disabled.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 63
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
Selecting IPv4 Mode or Dual Stack IPv4 And IPv6 Mode
The Setup > IP Mode window allows you to choose IP Mode settings for the router.
To configure IP Mode settings for the router, follow these steps:
STEP1 Click Setup > IP Mode.
STEP 2 Configure the IP Mode settings:
• IPv4 Only—Select this option to use IPv4 on the Internet and local network.
5
• Dual-Stack IP—Select this option to use IPv4 on the Internet and IPv4 and
IPv6 on the local network.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 64
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
5
• 6to4 Tunnel—Allows your IPv6 network to connect to other IPv6 networks
via tunnels through IPv4 (per RFC3056). The remote router also needs to
support 6to4. Because the tunnel can be automatically formed based on
traffic, there is no limit as to how many tunnels you can have.
• 6 to 4 Gateway Access Control—By default, this route allows 6to4
connections to or from any other 6to4 gateway. By enabling this Access
Control, you can have a better control which IPv6 clouds this router is
connecting to. A list of IP addresses can be entered in the Access List. Those
should be the IPv4 addresses of the remote 6to4 gateways.
- Permit following sites—Allow only a limited set of 6to4 gateways to
establish tunnel with the router. Up to 20 sites can be configured and they
can send traffic simultaneously.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 65
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
5
- Block following sites—Prevent a limited set of 6to4 gateways from
establishing tunnels with the router. Up to 20 sites can be configured.
.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 66
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Setting Up Your Wireless-N Router
• Static 6to4 DNS entry—Allow users to configure static DNS entry to map
hostname to IPv6 address. This provides a convenient way for users to
access remote IPv6 hosts.
STEP 3 Click Save.
5
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 67
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
Configuring Wireless Settings
This section describes how to configure the wireless settings of the router:
• Configuring Basic Settings on page 68
• Configuring Wireles s Security on page 72
• Configuring Advanced Wireless Settings on page 81
• Configuring Connection Control on page 80
• Configuring Advanced Wireless Settings on page 81
Configuring Basic Settings
5
The Wireless > Basic Settings window allows you to change the basic wireless
network settings.
.
To change the basic wireless settings of the router, follow these steps:
STEP1 Click Wireless > Ba sic Settings
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 68
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
STEP 2 Configure the basic wireless settings:
• Wireless Net work Mode—Select one of the following modes. The default
is B/G/N-Mixed.
5
- B-Only—All the wireless client devices can be connected to the router at
Wireless-B data rates with a maximum speed of 11Mbps.
- G-Only—Both Wireless-N and Wireless-G client devices can be
connected at Wireless-G data rates with a maximum speed of 54Mbps.
Wireless-B clients cannot be connected in this mode.
- N-Only—Only Wireless-N client devices can be connected at Wireless-
N data rates with a maximum speed of 300Mbps.
- B/G-Mixed—Both Wireless-B and Wireless-G client devices can be
connected at their respective data rates. Wireless-N devices can be
connected at Wireless-G data rates.
- G/N-Mixed—Both Wireless-G and Wireless-N client devices can be
connected at their respective data rates. Wireless-B clients cannot be
connected in this mode.
- B/G/N-Mixed—All the wireless client devices can be connected at their
respective data rates in this mixed mode.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 69
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
- Disabled—To disable wireless connectivity completely. This might be
useful during system maintenance.
• Wireless Channel—Select the appropriate channel to be used between
your wireless router and your client devices. The default is channel 6. You
can also select Auto so that your router selects the channel with the lowest
amount of wireless interference while the system is booting up. Auto channel
selection starts when you click Save, and it takes several seconds to scan
through all the channels to find the best channel. For the Wireless-N 40MHz
channel option (see Configuring Advanced Wireless Settings on page 81),
the router automatically selects the adjacent 20MHz channel to combine
them into a wider channel.
5
• Multiple BSSID—Select Enabled or Disabled as required.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 70
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
5
• SSID N a m e —The SSID is the unique name shared between all devices in a
wireless network. It is case-sensitive, must not exceed 32 alphanumeric
characters, and may be any keyboard character. Make sure this setting is the
same for all devices in your wireless network. The default SSID name is
ciscosb.
• SSID Broadcast—Allows the SSID to be broadcast on your network. You
may want to enable this function while configuring your network, but make
sure that you disable it when you are finished. With this enabled, someone
could easily obtain the SSID information with site survey software or
Windows XP and gain unauthorized access to your network. Click Enabled
to broadcast the SSID to all wireless devices in range. Click Disabled to
increase network security and prevent the SSID from being seen on
networked personal computers. The default is Enabled in order to help
users configure their network before use.
STEP 3 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 71
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
Configuring Wireless Security
The Wireless > Wireless Security window allows you to configure the wireless
router’s wireless security settings.
To change the router’s wireless security settings, follow these steps:
STEP1 Click Wireless > Wireless Security.
STEP 2 Configure the wireless security settings for Wireless Isolation:
• Wireless Isolation (between SSID w/o VLAN)—Prevents wireless
personal computers that are associated to the same network name (SSID)
from seeing, or transferring files between, each other.
Enable this feature to prevent Wireless personal computers from seeing
each other.
5
Disable this feature to allow wireless personal computers to see each other
and to exchange files between themselves.
This feature is very useful when setting up a wireless hotspot location. The
default is Disable.
STEP 3 Select the wireless security mode you want to use, WEP, WPA-Personal, WPA2-
Personal, WPA2-Personal Mixed, WPA-Enterprise, WPA2-Enterprise, or
WPA2-Enterprise Mixed. (WPA stands for Wi-Fi Protected Access, which is a
security standard stronger than WEP encryption and forward compatible with IEEE
802.11e. WEP stands for Wired Equivalent Privacy, Enterprise refers to using
RADIUS server for authentication, while RADIUS stands for Remote Authentication
Dial-In User Service.) Refer to the appropriate instructions below after you select
the Authentication Type and SSID Interoperability settings.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 72
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
The following section describes the detailed options for each Security Mode.
• Disable—To disable wireless security completely, select Disable.
5
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 73
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WEP—This security mode is defined in the original IEEE 802.11. This mode is
not recommended now due to its weak security protection. Users are urged
to migrate to WPA or WPA2.
5
- Authentication Type—Choose the 802.11 authentication type as either
Open System or Shared Key. The default is Open System.
- Encryption—Select a level of WEP encryption, 64 bits (10 hex digits) or
128 bits (26 hex digits).
- Passphrase—If you want to generate WEP keys using a Passphrase,
then enter the Passphrase in the field provided and click the Generate
key.
- Key 1-4—If you want to manually enter WEP keys, then complete the
fields provided. Each WEP key can consist of the letters “A” through “F”
and the numbers “0” through “9”. It should be 10 characters in length for
64-bit encryption or 26 characters in length for 128-bit encryption.
- Tx Key—Select one of the keys to be used for data encryption (when you
manually enter multiple WEP keys).
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 74
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WPA-Personal (also known as WPA-PSK)
5
- Encryption—WPA offers you two encryption methods, TKIP and AES for
data encryption. Select the type of algorithm you want to use, TKIP or
AES. The default is TKIP.
- Shared Key—Enter a WPA Shared Key of 8-63 characters.
- Key Renewal—Enter a key renewal timeout period, which instructs the
router how often it should change the encryption keys. The default is
3600 seconds.
• WPA2-Personal
- Encryption—WPA2 always uses AES for data encryption.
- Shared Key—Enter a WPA Shared Key of 8-63 characters.
- Key Renewal—Enter a Key Renewal Timeout period, which instructs the
router how often it should change the encryption keys. The default is
3600 seconds.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 75
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WPA2-Personal Mixed—This security mode supports the transition from
WPA-Personal to WPA2-Personal. You can have client devices that use
either WPA-Personal or WPA2-Personal. The router automatically chooses
the encryption algorithm used by each client device.
5
- Encryption—Mixed Mode automatically chooses TKIP or AES for data
encryption.
- Shared Key—Enter a WPA Shared Key of 8-63 characters.
- Key Renewal—Enter a Key Renewal Timeout period, which instructs the
router how often it should change the encryption keys. The default is
3600 seconds.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 76
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WPA-Enterprise—This option features WPA used in coordination with a
RADIUS server for client authentication. (This should only be used when a
RADIUS server is connected to the router.)
5
- Encryption—WPA offers you two encryption methods, TKIP and AES for
data encryption. Select the type of algorithm you want to use, TKIP or
AES. The default is TKIP.
- RADIUS Server—Enter the RADIUS server’s IP address.
- RADIUS Port—Enter the port number used by the RADIUS server. The
default is 1812.
- Shared Key—Enter the Shared Secret key used by the router and
RADIUS server.
- Key Renewal—Enter a Key Renewal Timeout period, which instructs the
router how often it should change the encryption keys. The default is
3600 seconds.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 77
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WPA2-Enterprise—This option features WPA2 used in coordination with a
RADIUS server for client authentication. (This should only be used when a
RADIUS server is connected to the router.)
5
- Encryption—WPA2 always uses AES for data encryption.
- RADIUS Server—Enter the RADIUS server’s IP address.
- RADIUS Port—Enter the port number used by the RADIUS server. The
default is 1812.
- Shared Key—Enter the Shared Secret key used by the router and
RADIUS server.
- Key Renewal—Enter a Key Renewal Timeout period, which instructs the
router how often it should change the encryption keys. The default is
3600 seconds.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 78
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• WPA2-Enterprise Mixed—This security mode supports the transition from
WPA-Enterprise to WPA2-Enterprise. You can have client devices that use
either WPA-Enterprise or WPA2-Enterprise. The wireless router chooses the
encryption algorithm used by each client device.
5
- Encryption—Mixed Mode automatically chooses TKIP or AES for data
- RADIUS Server—Enter the RADIUS server’s IP address.
- RADIUS Port—Enter the port number used by the RADIUS server. The
- Shared Key—Enter the Shared Secret key used by the router and
- Key Renewal—Enter a Key Renewal Timeout period, which instructs the
STEP4 Click Save.
encryption.
default is 1812.
RADIUS server.
router how often it should change the encryption keys. The default is
3600 seconds.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 79
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
Configuring Connection Control
The Wireless > Connection Control window displays the Connection Control
settings for the router, giving you two ways to control the connection (association)
of wireless client devices. You can either prevent specific devices from
connecting to the router, or you can allow only specific client devices to connect to
the router. The client devices are specified by their MAC addresses. The default is
to allow only specific client devices.
5
To configure connection control for the router, follow these steps:
STEP1 Click Wireless > Connection Control
STEP 2 Configure the Connection Control List to either permit or block specific wireless
client devices connecting to (associating with) the wireless router:
• Select SSID—Select the desired SSID.
• Enabled/Disabled—Enable or disable wireless connection control. The
default is Disabled.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 80
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• Connection Control—Prevent or Allow specific MAC addresses access to
the Wireless Network.
- Prevent—Denies connection to the Wireless Network through the router,
for the MAC addresses specified below.
- Allow—Grants connection to the Wireless Network through the router, for
the MAC addresses specified below.
• Connection Control List—The Wireless > Connection Control List displays
the MAC addresses of selected wireless client devices to be controlled.
- Wireless Client List—Instead of manually entering the MAC addresses
of each client, the router provides a convenient way to select a specific
client device from the client association table. Click this button and a
window appears to let you select a MAC address from the table. The
selected MAC address are entered into the Connection Control List.
5
- MAC 01-20—The MAC addresses of the wireless client devices you
STEP 3 Click Save.
Configuring Advanced Wireless Settings
The Wireless > Advanced Settings window displays the advanced settings for the
router. The router adopts several new parameters to adjust the channel bandwidth
and guard intervals to improve the data rate dynamically.
It is recommended that you let your router automatically adjust the parameters for
maximum data throughput.
want to control (i.e. the Connection Control List).
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 81
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
5
To configure advanced wireless settings for the router, follow these steps:
STEP1 Click Wireless > Advanced Settings.
STEP 2 Configure the advanced wireless settings as needed by changing the following
advanced parameters (some only for Wireless-N) for this router.
Wireless-N data rates are classified into 16 MCS numbers (0-15). MCS stands for
Modulation and Coding Scheme. For the same MCS number, the data rate
changes according to the Channel Bandwidth and Guard Interval settings.
• Channel Bandwidth—Select the channel bandwidth manually for Wireless-
N connections. When it is set to 20MHz, only the 20MHz channel is used.
When it is set to 40MHz, Wireless-N connections use 40MHz channel but
Wireless-B and Wireless-G connections still use 20MHz channel. The default
is Auto.
• Guard Interval—Select the guard interval manually for Wireless-N
connections. The two options are Short (400ns) and Long (800ns). The
default is Auto.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 82
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
• CTS Protection Mode—CTS (Clear-To-Send) Protection Mode function
boosts the router’s ability to catch all wireless transmissions, but severely
decrease performance. Keep the default setting, Auto, so the router can use
this feature as needed, when the Wireless-N/G products are not able to
transmit to the router in an environment with heavy 802.11b traffic. Select
Disabled if you want to permanently disable this feature.
• Beacon Interval— Indicates the frequency interval of the beacon. A beacon
is a packet broadcast by the router to keep the network synchronized. A
beacon includes the wireless networks service area, the router address, the
Broadcast destination addresses, a time stamp, Delivery Traffic Indicator
Maps, and the Traffic Indicator Message (TIM). The default is 100 ms.
• DTIM Interval—Indicates how often the router sends out a Delivery Traffic
Indication Message (DTIM). Lower settings result in more efficient
networking, while preventing your personal computer from dropping into
power-saving sleep mode. Higher settings allow your personal computer to
enter sleep mode, thus saving power, but interferes with wireless
transmissions. The default is 1 ms.
5
• RTS Threshold— Determines how large a packet can be before the router
coordinates transmission and reception to ensure efficient communication.
This value should remain at its default setting of 2346. If you encounter
inconsistent data flow, only minor modifications are recommended.
STEP 3 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 83
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
Configuring VLAN & QoS Settings
The Wireless > VLAN & QoS window displays the QoS and VLAN settings for the
router’s Access Point. The QoS (Quality of Service) feature allows you specify
priorities for different traffic. Lower priority traffic slows down to allow greater
throughput or less delay for high priority traffic.
The 802.1Q VLAN feature allows traffic from different sources to be segmented.
Combined with the multiple SSID feature, this provides a powerful tool to control
access to your LAN.
5
To configure the VLAN and QoS settings for the router, follow these steps:
STEP1 Click Wireless > VLAN & QoS
STEP 2 Configure the VLAN and QoS settings for the router:
• VLAN
- Enable/Disable VLAN—Enable this feature only if the hubs/switches on
your LAN support the VLAN standard.
- AP Management VLAN—Define the VLAN ID used for management.
- VLAN ID—Enter the VLAN ID.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 84
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
5
• QoS
- U- APSD(WMM Power Save)—Select Enabled or Disabled as required.
- WMM—Wi-Fi Multimedia is a QoS feature defined by WiFi Alliance
STEP 3 Click Save.
before IEEE 802.11e was finalized. Now it is part of IEEE 802.11e. When it
is enabled, it provides four priority queues for different types of traffic. It
automatically maps the incoming packets to the appropriate queues
based on QoS settings (in IP or layer 2 header). WMM provides the
capability to prioritize traffic in your environment. The default is Enabled.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 85
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
Configuring Router WDS Settings
The Wireless > WDS window displays the WDS (Wireless Distribution System)
settings for the device.
To configure the WDS settings for the router, follow these steps:
STEP1 Click Wireless > WDS.
STEP 2 Configure the WDS settings:
5
• WDS MAC Address—Displays the read-only MAC address for the WDS.
• Allow wireless signal to be repeated by a repeate—Select Auto or Manual
as required.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 86
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Wireless Settings
5
• Remote Access Point's MAC Address—Either enter the MAC address
directly, or, if the other access point is on-line, you can click the Site Survey
button and select from a list of available access points.
STEP 3 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 87
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Configuring Firewall Settings
This section describes how to configure the Firewall settings of the router:
• Configuring Basic Settings on page 89
• Configuring IP Based ACL on page 91
• Editing IP ACL Rules on page 93
• Configuring Internet Ac cess Policy on page 94
• Configuring Single Port Forwarding on page 99
• Configuring Port Range Forwarding on page 100
• Configuring Port Range Triggering on page 102
5
Configure software security features like SPI (Stateful Packet Inspection) Firewall,
IP based Access List, restricting LAN users on Internet (WAN port) access, and
NAPT (Network Address Port Translation) to limited services to specific ports.
Settings only work when NAT is enabled.
NOTE For WAN traffic, NAPT settings are applied first, then the SPI Firewall
settings, followed by IP based Access List (which requires more CPU
power).
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 88
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Configuring Basic Settings
The Firewall > Basic Settings window displays the firewall-specific settings of the
router.
To configure basic firewall settings for the router, follow these steps:
STEP1 Click Firewall > Basic Settings.
STEP 2 Configure the basic firewall settings:
5
• Firewall—Enable this feature to perform deep packet inspection on all the
traffic going through the router and drop the packets that do not follow the
pre-defined protocol behavior. The default is Enable.
• DoS Protection—When enabled, the router prevents DoS (Denial of
Service) attacks coming in from the Internet. DoS attacks consume most of
the router’s resources and as a result they can prevent legitimate traffic from
passing through the router. The default Is Enable.
• Bloc k W AN R eques t—When enabled, the router ignores PING Request from
the Internet so it seems to be hidden. The default is Enable.
• Remote Management—When enabled, the router allows the web-based
utility to be accessed from the Internet. The default is Disable.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 89
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
• Multicast Pass-through—When enabled, the router allows IP Multicast
traffic to come in from the Internet. The default is Disable.
• SIP Application Layer Gatewa y—When enabled, the SIP Application Layer
Gateway (ALG) allows Session Initiation Protocol (SIP) packets (used for
Voice over IP) to traverse the NAT firewall. This feature can be disabled if the
VoIP service provider is using other NAT traversal solutions such as STUN,
TURN, and ICE.
• Block—Select the Web features that you wish to restrict. All those features
could place security concern to your personal computers on the LAN side.
You have to balance your needs on those applications and security. The
default is unselected.
- Java—Java is a programming language for websites. If you deny Java,
you run the risk of not having access to Internet sites created using this
programming language.
5
- Cookies—A cookie is data stored on your personal computer and used
- ActiveX—ActiveX is a Microsoft (Internet Explorer) programming
- Acce ss to Proxy HTTP Server—If local users have access to WAN
STEP 3 Click Save.
by Internet sites when you interact with them, so you may not want to
deny cookies.
language for websites. If you deny ActiveX, you run the risk of not having
access to Internet sites using this programming language. Also, Windows
Update uses ActiveX, so if this is blocked, Windows Update does not
work.
proxy servers, they may be able to circumvent the router's content filters
and access Internet sites blocked by the router. Denying Proxy blocks
access to any WAN proxy servers.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 90
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Configuring IP Based ACL
The Firewall > IP Based ACL window displays a summary of the configured
IP-based access control list. The access list restricts traffic going through the
router either from WAN or LAN port.
There are two ways to restrict data traffic. You can block specific types of traffic
according to your ACL definitions. Or you can allow only specific types of traffic
according to your ACL definition. The ACL rules are read according to their priority.
If there is a match for a packet, the action is taken and the following lower priority
rules are not checked against this packet.
NOTE The higher the number of rules that need to be checked against packets, the lower
the throughput. Use ACL rules with caution.
5
There are two default rules in the table that cannot be deleted. The first rule allows
all traffic coming in from LAN port to pass the router. The second rule allows all
traffic coming in from WAN port. These two rules have the lowest priority, so
without adding any user defined rules, all the packets can be passed through from
both WAN and LAN sides. The rule is enabled if the Enable button is checked and
if the date and time are matched. If any of the conditions are not met, the rule is not
used to check against packets.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 91
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
To configure the IP Based ACL for the router, follow these steps:
STEP1 Click Firewall > IP Based ACL.
STEP 2 Configure the IP based ACL settings for the router:
• Priority—Defines the order on which rule is checked against first. The
smaller number has higher priority. The default rules is always be checked
last.
• Enable—Tells the router if the rule is active or not. You can have rules defined
in the ACL Table but in an inactive state. The administrator can decide on
when to enable specific ACL rules manually.
• Action—Defines how the rule is to affect the traffic. It can be either Allow or
Deny. If the rule is matched and the action is Allow, the packet is forwarded.
If the rule is matched and the action is Deny, the packet is dropped.
5
• Service—Select one of the pre-defined services in the drop-down menu or
you can define new services by clicking Service Managemen t. When you
define your own service, it is listed on the top of the drop-down menu. You
can also select ALL to allow or block all types of IP traffic.
• The user-defined service GUI page can be either accessed from the New
Rule window by clicking Servi ce M ana gem en t, or you can access it directly
from the 2nd layer page under Firewall.
• Source Interface—Select LAN, WAN, or ANY interface.
• Source—The source IP address to be matched against. You can define a
Single IP address, a Range of IP addresses (start IP and end IP), a Network
(IP Prefix and Network Mask), or ANY IP addresses.
• Destination—The destination IP address to be matched against. You can
define a Single IP address, a Range of IP addresses (start IP and end IP), a
Network (IP Prefix and Network Mask), or ANY IP addresses.
• Time—Displays the time period in which this rule is enabled (used together
with Date). It can be set to Any Time.
• Date—Displays the days in a week in which this rule is enabled (used
together with Time). It can be set to Any Day.
• Edit button—Use this button to go to Edit IP ACL Rule window and modify
this rule.
• Delete button—Use this button to delete the ACL rule from the list.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 92
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
• Page Selections—Select specific page of ACL list from the drop-down
menu to be displayed. Or navigate them page by page through Previous
Page and Next Page button.
• Add New Ru le—Click this button to enter the page to define a new ACL rule.
• Disable All Rule—Click this button to disable all the user defined rules.
• Delete All Rule—Click this button to delete all the user defined rules.
Editing IP ACL Rules
The Firewall > Edit IP ACL Rule window displays the settings for the IP Based ACL
rule being added or edited.
To add an IP ACL Rule, follow these steps:
5
STEP1 Click Firewall > Edit IP ACL Rule.
STEP 2 Fill in the fields defining the current rule:
• Action—Select either Allow or Deny. Default is Allow.
• Service—Select ALL or pre-defined (or user-defined) services from the
drop-down menu.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 93
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
• Log—If checked, this ACL rule is logged when a packet match happens.
• Log Prefix—This string is attached in front of the log for the matched event.
• Source Interface—Select LAN, WAN, or ANY interface.
• Source—The source IP address to be matched against. You can define a
Single IP address, a Range of IP addresses (start IP and end IP), a Network
(IP Prefix and Network Mask), or ANY IP addresses.
• Destination—The destination IP address to be matched against. You can
define a Single IP address, a Range of IP addresses (start IP and end IP), a
Network (IP Prefix and Network Mask), or ANY IP addresses.
• Service Ma na ge m en t Button—Click this button and the Service Tab to add
new service type to the Service drop-down menu.
• Scheduling
5
- Time—Enter the time period in which this rule is applied (used together
- Date—Enter the days in a week on which this rule is applied (used
STEP 3 Click Save.
Configuring Internet Access Policy
The Firewall > Internet Access Policy window displays the policies that are used
by the router to control access to the Internet. A policy consists of four
components:
• The MAC- or IP- addresses of the personal computers to which to apply this
policy
• Whether to Deny or Allow Internet service for this policy
• The time and date on which to enable this policy, and
with Date). It can be set to Any Time.
together with Time). It can be set to Any Day.
• The URLs or Keywords to apply this policy.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 94
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
5
To configure Internet access policy for the router, follow these steps:
STEP1 Click Firewall > Internet Access Policy.
STEP 2 Configure the router’s Internet access policy settings by creating, modifying,
verifying, and deleting policies as appropriate.
• Creating a Policy on page 96
• Deleting a Policy on page 98
• Viewing all Policies on page 98
• Viewing or Changing the List of Personal Computers Covered by the
Current Policy on page 98
STEP 3 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 95
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Creating a Policy
To create an Internet access policy, follow these steps:
STEP1 Select a policy number from the Internet Access Policy drop-down menu.
STEP 2 Enter a Policy Name in the field provided.
STEP 3 Enable this policy by clicking the Enable option.
STEP4 Click the Edit List of PCs button to select which personal computers are affected
by the policy. The List of PCs window appears. You can select a personal
computer by MAC address or IP address. You can also enter a range of IP
addresses if you want this policy to affect a group of personal computers. After
making your changes, click Save to apply your changes.
STEP 5 Click the appropriate option, Deny or Allow, depending on whether you want to
block or allow Internet access for the personal computers you listed on the List of
PCs window.
5
STEP 6 Decide what Days and what Times you want this policy to be enforced. Select the
individual days during which the policy is in effect, or select Everyday. Enter a
range of hours and minutes during which the policy is in effect, or select 24 Hours.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 96
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
STEP 7 If you wish to block access to Web sites, use the Website Blocking by URL
Address or Website Blocking by Keyword feature.
• Website Blocking by URL Address—Enter the URL or domain name of the
web sites you wish to block.
5
• Website Blocking by Keyword—Enter the keywords you wish to block in
the fields provided. If any of these keywords appears in the URL of a web
site, access to the site is blocked.
NOTE Only the URL is checked, not the content of each Web page.
STEP 8 Click Save.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 97
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Deleting a Policy
To delete a policy, select it from the drop-down menu, then click the Delete button.
Viewing all Policies
To view a summary of all the policies, click the Summary button. On the Summary
window, the policies are listed with the following information: No., Policy Name,
Days, Time, and a check box to delete (clear) the policy. To delete a policy from the
Summary window, check the check box in the Delete column, and click the Delete
button.
Viewing or Changing the List of Personal Computers Covered by the Current Policy
To view or change the list of personal computers covered by the current policy,
click the Edit List of PCs button.
5
On the List of PCs window, you can define personal computers by MAC address
or IP address. You can also enter a range of IP addresses if you want this policy to
affect a group of personal computers.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 98
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
Configuring Single Port Forwarding
The Firewall > Single Port Forwarding window displays the specific port and other
settings associated with each public service that uses just a single port.
Single Port Forwarding is one of the NAPT features and allows users of the
Internet to access this server by using the WAN port address and the matched
external port number.
When users send these types of request to your WAN port IP address via the
Internet, the NAT router forwards those requests to the appropriate servers on
your LAN.
To configure single port forwarding for the router, follow these steps:
STEP1 Click Firewall > Single Port Forw arding.
5
STEP 2 Configure single port forwarding settings for the router:
• Application—Enter the name of the application you wish to configure.
• External Port—Port number used by the service or Internet application.
Internet users must connect using this port number. Check with the software
documentation of the Internet application for more information.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 99
Setting Up and Co nfiguring the WRVS4400N Wirele ss-N Router
Configuring Firew all Settings
• Internal Port—Port number used by the router when forwarding Internet
traffic to the personal computer or server on your LAN and is usually the
same as the External Port number. If it is different, the router performs a Port
Translation, so that the port number used by Internet users is different from
the port number used by the server or Internet application.
For example, you could configure your Web Server to accept connections
on both port 80 (standard) and port 8080. Then, enable Port Forwarding, set
the External Port to 80 and the Internal Port to 8080.
Now, any traffic from the Internet to your Web server uses port 8080, even
though the Internet users used the standard port, 80. (Users on the local
LAN can and should connect to your Web Server using the standard port
80.)
• Protocol—Select the protocol used for this application, TCP or UDP.
5
• IP Address—For each application, enter the IP address of the personal
computer running the specific server application.
• Enabled—Select Enabled to enable port forwarding for the relevant server
application.
STEP 3 Click Save.
Configuring Port Range Forwarding
The Firewall > Port Range Forwarding window displays the settings associated
with public services accessed on your network that use single or multiple port
numbers, such as web servers, FTP servers, e-mail servers, or other specialized
Internet applications that use one or multiple port numbers (for example, video
conferencing). Port Range Forwarding is one of the NAPT (Network Address Port
Translation) features.
The Port Range Forwarding window allows you to configure access to these
public services on your network. The port numbers being used does not change
while forwarding to the local network. This allows users on the Internet to access
this server by using the WAN port IP address and the pre-defined port numbers.
When users send these types of requests to your WAN port IP address via the
Internet, the NAT router forwards those requests to the appropriate servers on
your LAN.
Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 100
Loading...