IBM WRT-410 User Manual

802.11g Wireless Broadband Router

WRT-410

User’s Manual

Copyright 2003 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.

PLANET makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this manual is sold or licensed "as is". Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes..

All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders.

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio technician for help.

FCC Caution:

To assure continued compliance.(example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1) This device may not cause harmful interference, and (2 ) this Device must accept any interference received, including interference that may cause undesired operation.

Federal Communication Commission (FCC) Radiation Exposure Statement

This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation.

R&TTE Compliance Statement

This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE)

The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8,2000.

Safety

This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.

Revision

User’s Manual for PLANET Wireless Broadband Router Model: WRT-410 Rev: 1.0 (November. 2003) Part No. EM-WRT410

TABLE OF CONTENTS

CHAPTER 1 INTRODUCTION..................................................................................................1

1.1 PACKAGE CONTENTS .........................................................................................................1

1.2 SYSTEM REQUIREMENTS....................................................................................................1

1.3 FEATURES.........................................................................................................................1

1.4 SPECIFICATION ..................................................................................................................2

1.5 WIRELESS PERFORMANCE .................................................................................................3

CHAPTER 2 HARDWARE INSTALLATION.............................................................................4

2.1 HARDWARE CONNECTION...................................................................................................4

2.2 LED INDICATORS...............................................................................................................4

CHAPTER 3 CONFIGURE THROUGH WEB BROWSER.......................................................5

3.1 MAIN.................................................................................................................................5

3.1.1 LAN & DHCP Server................................................................................................5

3.1.2 WAN.........................................................................................................................6

3.1.3 Password..................................................................................................................8

3.1.4 Time..........................................................................................................................9

3.1.5 Dynamic DNS.........................................................................................................10

3.2 WIRELESS .......................................................................................................................10

3.2.1 Basic.......................................................................................................................10

3.2.2 Authentication.........................................................................................................11

3.2.3 Advanced................................................................................................................12

3.3 STATUS ...........................................................................................................................13

3.3.1 Device Information.................................................................................................13

3.3.2 Log.........................................................................................................................14

3.3.3 Log Settings...........................................................................................................15

3.3.4 Statistic...................................................................................................................16

3.3.5 Wireless..................................................................................................................17

3.4 ROUTING.........................................................................................................................17

3.4.1 Static.......................................................................................................................17

3.4.2 Dynamic.................................................................................................................18

3.4.3 Routing Table.........................................................................................................19

3.5 ACCESS...........................................................................................................................20

3.5.1 Filters......................................................................................................................20

3.5.2 Virtual Server..........................................................................................................23

3.5.3 Special AP..............................................................................................................24

3.5.4 DMZ........................................................................................................................25

3.5.5 Firewall Rule...........................................................................................................25

3.6 MANAGEMENT .................................................................................................................26

3.6.1 SNMP.....................................................................................................................26

3.6.2 Remote Management.............................................................................................27

3.7 TOOLS.............................................................................................................................28

3.7.1 Restart....................................................................................................................28

3.7.2 Settings..................................................................................................................28

3.7.3 Firmware................................................................................................................29

3.7.4 Ping Test.................................................................................................................29

3.8 WIZARD...........................................................................................................................30

CHAPTER 4 802.1X AUTHENTICATION SETUP..................................................................31

4.1 802.1X INFRASTRUCTURE................................................................................................31

4.2 RADIUS SERVER SETUP.................................................................................................32

4.2.1 Required Services..................................................................................................32

4.2.2 Setup Procedure....................................................................................................32

4.3 AUTHENTICATOR SETUP ...................................................................................................46

4.4 WIRELESS CLIENT SETUP.................................................................................................47

4.4.1 EAP-MD5 Authentication........................................................................................47

4.4.2 EAP-TLS Authentication.........................................................................................50

CHAPTER 5 TROUBLESHOOTING.......................................................................................58

5.1 FREQUENTLY ASKED QUESTIONS......................................................................................58

5.2 GLOSSARY ......................................................................................................................59

If any of the above items are missing, contact your supplier as soon as

Chapter 1 Introduction

Thank you for purchasing WRT-410. This device features the latest innovation wireless technology making the wireless networking world happened. This manual guides you on how to install and properly use the WRT-410 in order to take full advantage of its features.

1.1 Package Contents

Make sure that you have the following items:

• One WRT-410

• One dipole antenna

• One AC Power Adapter

• One User’s Manual CD

• One Quick Installation Guide

Note:

possible.

1.2 System Requirements

Before installation, please check the following requirements with your equipment.

• Pentium Based (And Above) IBM-Compatible PC System

• CD-ROM drive

• Windows 98/ME/NT/2000/XP Operating System with TCP/IP protocol

1.3 Features

• 2.4GHz ISM band, unlicensed operation

• Strong network security with 802.1X authentication, and 64/128-bit WEP encryption

• Supports WPA (Wi-Fi Protected Access) for both 802.1x and WPA-PSK

• Dual-standard capability: 802.11g and 802.11b compliant

• Super G mode efficiently raises the data transfer rate up to 108Mbps

• Supports DHCP server

• Web Configuration provide a user friendly interface for the user to configure through web

browser

• Support MAC Filter

• Build-in 4 -port switch

• Provides Setup Wizard for the user to configure easily in the first time

- 1 -

Data Encryption

1.4 Specification

Standards IEEE 802.11b, IEEE 802.11g Signal Type DSSS (Direct Sequence Spread Spectrum) Modulation BPSK / QPSK / CCK / OFDM

Port

Antenna One Detachable Dipole Antenna Antenna Gain

Output Power

Sensitivity

WAN: 10/100Base-TX (RJ-45) * 1 LAN: 10/100Base-TX (RJ-45) * 4

2dBi 17dBm

11 Mbps (CCK): -82dBm

802.11b

802.11g

5.5 Mbps (QPSK): - 86dBm 1, 2 Mbps (BPSK): - 90dBm (typically @PER < 8% packet size 1024 and @25ºC + 5ºC) 54 Mbps: -72dBm 48 Mbps: - 72dBm 36 Mbps: -76dBm 24 Mbps: -79dBm 18 Mbps: -82dBm 12 Mbps: -86dBm 9 Mbps: -89dBm 6 Mbps: -90dBm

(typically @PER < 8% packet size 1024 and @25ºC + 5ºC)

64/128-bit WEP encryption

Frequency band 2.4 GHz ~2.484GHz

FCC: 11 Channels (US, Canada)

Channel

Data Rate

Environment

Dimension 200 x 115 x 31mm (W x D x H) Power Supply 5V, 2.5A

ETSI: 13 Channels (Europe) TELEC: 14 Channels (Japan)

Super G mode Up to 108Mbps

802.11g Up to 54Mbps (6/9/12/18/24/36/48/54)

802.11b Up to 11Mbps (1/2/5.5/11) Operating temperature: 0 ~ 55°C Operating humidity: 5 ~ 95%(non-condensing) Storage temperature: -20 ~ 70°C Storage humidity: 0 ~ 95%(non-condensing)

- 2 -

1.5 Wireless Performance

The following information will help you utilizing the wireless performance, and operating coverage of WRT-410.

1. Site selection

To avoid interferences, please locate WRT-410 and wireless clients away from transformers, microwave ovens, heavy-duty motors, refrigerators, fluorescent lights, and other industrial equipments. Keep the number of walls, or ceilings between AP and clients as few as possible; otherwise the signal strength may be seriously reduced. Place WRT-410 in open space or add additional WAP-4000 as needed to improve the coverage.

2. Environmental factors

The wireless network is easily affected by many environmental factors. Every environment is unique with different obstacles, construction materials, weather, etc. It is hard to determine the exact operating range of WRT-410 in a specific location without testing.

3. Antenna adjustment

The bundled antenna of WRT-410 is adjustable. Firstly install the antenna pointing straight up, then smoothly adjust it if the radio signal strength is poor. But the signal reception is definitely weak in some certain areas, such as location right down the antenna. Moreover, the original antenna of WRT-410 can be replaced with other external antennas to extend the coverage. Please check the specification of the antenna you want to use, and make sure it can be used on WRT-410.

4. WLAN type

If WRT-410 is installed in an 802.11b and 802.11g mixed WLAN, its performance will reduced significantly. Because every 802.11g OFDM packet needs to be preceded by an RTS-CTS or CTS packet exchange that can be recognized by legacy 802.11b devices. This additional overhead lowers the speed. If there are no 802.11b devices connected, or if connections to all 802.11b devices are denied so that WRT-410 can operate in 11g-only mode, then its data rate should actually 54Mbps and 108Mbps in Super G mode.

- 3 -

0. Otherwise, the product may be

0 to default settings, press and hold the Reset button over 5

Link is established

Packet

Link is established

Packet

Link is established

Green

Link is established

Chapter 2 Hardware Installation

Before you proceed with the installation, it is necessary that you have enough information about the WRT-410.

2.1 Hardware Connection

1. Locate an optimum location for the WRT-410. The best place for your WRT-410 is usually at

the center of your wireless network, with line of sight to all of your mobile stations.

2. Adjust the antennas of WRT-410. Try to adjust them to a position that can best cover your wireless network. The antenna’s position will enhance the receiving sensitivity.

3. Connect RJ-45 cable to WRT-410 LAN port. Connect one of the LAN ports on WRT-410 to your LAN switch/hub with a RJ-45 cable.

4. Connect RJ-45 cable to WRT-410 WAN port. Connect ADSL/Cable Modem to the WAN port on WRT-410. Use the cable supplied with your modem. If no cable was supplied with your modem, please use a RJ-45 Ethernet cable

5. Plug in power adapter and connect to power source. After power on, WRT-410 will start to operate.

Note: ONLY use the power adapter supplied with the WRT-41

damaged.

Note: If you want to reset WRT-41

seconds. And then wait for 10 seconds for WRT-410 restart.

2.2 LED Indicators

WRT-410

LED STATE MEANING

Green Device power on PWR Off

STATUS Green Indicates a connection error

Green WAN link status is on WAN Blinking Green Green WLAN link status is on WLAN

Blinking Green WLAN activity

LAN

Green Blinking Green Green

Blinking Green Green

STATUSPWRWANWLAN1234

Device power off

WAN activity

s are transmitting or receiving

LAN

802.11g

Wireless Router

Blinking Green Packets are transmitting or receiving

- 4 -

Chapter 3 Configure through Web Browser

Web configuration provides a user-friendly graphical user interface (web pages) to manage your WRT-410. A WRT-410 with an assigned IP address will allows you to monitor and configure via web browser (e.g., MS Internet Explorer or Netscape).

1. Open your web browser.

2. Enter the IP address of your WRT-410 in the address field (default IP address is http://192.168.1.1).

3. A User Name and Password dialog box will appear. Please enter your User Name and Password here. Default User Name and Password are both “admin”. Click “OK”.

4. Then you will see the WRT-410 web configuration page.

5. When the first time you enter WRT-410, Setup Wizard will pop up. Please refer to our Quick Installation Guide to use the Setup Wizard to configure. Setup Wizard will guide you through configuration step by step.

3.1 Main

3.1.1 LAN & DHCP Server

You can configure WRT-410’s IP settings and DHCP server function in this screen. When configuration is completed, please click “Apply” to save and restart WRT-410.

- 5 -

This page enables you to set LAN and DHCP properties, such as the host name, IP address, subnet mask, and domain name. LAN and DHCP profiles are listed in the DHCP table at the bottom of the screen.

Host Name: Type the host name in the text box. The host name is required by some ISPs. The default host name is "AP-Router."

IP Address: This is the IP address of the router. The default IP address is 192.168.1.1. Subnet Mask: Type the subnet mask for the router in the text box. The default subnet mask is

255.255.255.0.

DHCP Server: Enables the DHCP server to allow the router to automatically assign IP addresses to devices connecting to the WLAN or LAN. DHCP is enabled by default. All DHCP client computers are listed in the table at the bottom of the page, providing the host name, IP address, and MAC address of the client.

Start IP: Type an IP address to serve as the start of the IP range that DHCP will use to assign IP addresses to all LAN devices connected to the WRT-410.

End IP: Type an IP address to serve as the end of the IP range that DHCP will use to assign IP addresses to all LAN devices connected to the WRT-410.

Domain Name: Type the local domain name of the network in the text box. This item is optional. Lease Time: Select the proper expired duration of the IP leased by DHCP server.

3.1.2 WAN

Please refer to your Internet connection method to select the Connection Type. And please configure those settings per the information your ISP provides.

Connection Type: Select the connection type, DHCP client/Fixed IP, PPPoE, or PPTP from the drop-down list.

When using DHCP client/Fixed IP, enter the following information in the fields (some information are provided by your ISP):

WAN IP: Select whether you want to specify an IP address manually, or want DHCP to obtain an IP address automatically. When “Specify IP” is selected, type the IP address, subnet mask, and default gateway in the fields. Your ISP will provide you with this information.

DNS 1/2/3: Type up to three DNS numbers in the fields. Your ISP will provide you with this DNS information.

- 6 -

MAC Address: If required by your ISP, type the MAC address for the WRT-410 WAN interface in this field. You can also copy the MAC address of your PC’s network card to the WRT-410 WAN interface by clicking “Clone MAC address”.

When using PPPoE, enter the following information in the fields (some information are provided by your ISP):

WAN IP: Select whether you want the ISP to provide the IP address automatically, or whether you want to assign a static IP address to the WRT-410 WAN interface. When “Specify IP” is selected, type the PPPoE IP address in the field. Your ISP will provide you with this information.

DNS 1/2/3: Type up to three DNS numbers in the fields. Your ISP will provide you with this DNS information.

User Name: Type your PPPoE user name. Password: Type your PPPoE password. Connect on Demand: Enables or disables the connect on demand function, which enables WRT-410 to

initiate a connection with your ISP when an Internet request is made to the WRT-410. When enabled, the WRT-410 automatically connects to the Internet when you open your browser.

Idle Time Out: Specify the time that will elapse before the WRT-410 times out of a connection. MTU: Type the MTU value in the field.

- 7 -

When using PPTP, enter the following information in the fields (some information are provided by your ISP):

IP Address: Type the IP address which your ISP provides. Subnet Mask: Type the Subnet Mask which your ISP provides. Gateway: Type the IP address of Gateway which your ISP provides. Server IP: Type the IP address of server which offers Internet service. Your ISP will provide you with this

information.

PPTP Account: Type your PPTP account. PPTP Password: Type your PPTP password. PPTP Retype password: Confirm your PPTP password again. Maximum Idle Time: Specify the time that will elapse before the WRT-410 times out of a connection. Auto-reconnect: If this function is enabled, WRT-410 will try to rebuild Internet connection once the link

is down.

3.1.3 Password

You can change the Administrator and User’s password in this screen. These passwords are used to gain access to the router interface. When you login with user name “User”, you don’t have permission to configure WRT-410.

- 8 -

Administrator: Type the password the Administrator will use to login to the system. The password must be typed again for confirmation.

User: Users can type a password to be used for logging in to the system. The password must be typed again for confirmation.

3.1.4 Time

This screen enables you to set the time and date for the router's real time clock, select your time zone, specify an NTP server, and enable or disable daylight saving.

Local Time: Displays the local time and date. Time Zone: Select your time zone from the pull-down list. Default NTP Server: Type the NTP server IP address in the field to enable the WRT-410 to

automatically synchronize the time with Internet NTP server. Set the Time: Select the date and time from the pull-down lists, and click “Set Time” to set the

WRT-410's internal clock to the correct date and time. Daylight Saving: Enables you to enable or disable daylight saving time. When enabled, select the start

and end date for daylight saving time.

- 9 -

3.1.5 Dynamic DNS

You can configure WRT-410 to use DDNS service if you already have a registered DDNS account.

DDNS: You can enable or disable DDNS function here. Server Address: Please type in the url of your DDNS service provider. Currently, WRT-410 supports

DynDNS only, thus you have to key in “www.dyndns.org” in this field.

Host Name: Enter the host name you registered to DDNS provider. User Name: Enter the user name you registered to DDNS provider. Password: Enter the password of your registered account.

3.2 Wireless

3.2.1 Basic

This page enables you to enable and disable the wireless LAN function, enter a SSID, and set the channel for wireless communications.

- 10 -

Enable/Disable: Enable or disable wireless LAN via the WRT-410. SSID: Type an SSID in the field. The SSID of any wireless device must match the SSID typed here in

order for the wireless device to access the LAN and WAN via the WRT-410. Channel: Select a work channel for wireless communications. The channel of any wireless device must

match the channel selected here in order for the wireless device to access the LAN and WAN via the WRT-410.

3.2.2 Authentication

This screen enables you to set authentication types and the parameters for secure wireless communications.

Authentication Type: Select the type from the listed options. If Open System or Shared Key is selected, the screen would appear as above.

WEP: You can enable or disable WEP function here. Mode: Select the key code you want to use for WEP Key, HEX or ASCII. When Hex is selected, you may

enter alphanumeric characters in the range of “A-F”, “a-f” and “0-9” in the WEP Key entry field. Alternatively, you may enter digit hexadecimal values in the range of “a-z”, “A-Z” and “0-9”.

WEP Key: Select the level of encryption you want from the drop-down list. WRT-410 supports 64, and 128-bit encryption.

Key 1 ~ Key 4: There are 4 keys available, please ensure you have enter correct number for the key values with different Key Length and coding (Hex or ASCII) as 64bit (10 Hex digit / 5 ASCII), 128bit (26 Hex digit / 13 ASCII) or 256bit (58 Hex digit / 29 ASCII), please select one of them and enter the key you want to use. Click “Clear” to erase key values.

Note: 128bit WEP encryption will require more system resources than 64bit encryption. Use 64-bit

encryption for better performance.

If WPA or 802.1x is selected in the Authentication Type field, the screen appears as below.

- 11 -

Lifetime: Select proper time interval from the drop-down list. Once the lifetime expires, the Encryption key will be renewed by RADIUS server automatically.

Encryption Key: Select the Encryption key length to be 64-bits or 128-bits. RADIUS Server 1: Enter the IP address, communicate port number, and shared secret key of your

primary RADIUS server. RADIUS Server 2: Enter the IP address, communicate port number, and shared secret key of your

secondary RADIUS server.

Note: As soon as 802.1X authentication is enabled, all the wireless client stations that are connected

to the Router currently will be disconnected. The wireless clients must be configured manually to authenticate themselves with the RADIUS server to be reconnected.

If WPA-PSK is selected, the screen appears as below. Please enter a hard-to-guess passphrase (between 8 and 63 characters) in the field.

3.2.3 Advanced

This screen enables you to configure advanced wireless functions.

- 12 -

Beacon Interval: Type the beacon interval in the field. You can specify a value from 20 to 1000. The default beacon interval is 100.

RTS Threshold: Type the RTS (Request-To-Send) threshold in the field. This value stabilizes data flow. If data flow is irregular, choose values between 1 and 2346 until data flow is normalized.

Fragmentation Threshold: Type the fragmentation threshold in the field. If packet transfer error rates are high, choose values between 256 and 2346 until packet transfer rates are minimized. Please note that setting the fragmentation threshold value may diminish system performance.

DTIM Interval: Type a DTIM (Delivery Traffic Indication Message) interval in the field. You can specify a value between 1 and 255. The default value is 1.

TX Rates (MBps): Select one of the wireless communications transfer rates, based upon the speed of wireless adapters connected to the WLAN.

11g only mode: Enable 11g only mode will improve the performance of a 802.11g WLAN, but non-802.11g clients cannot connect to WRT-410.

Antenna Transmit Power: You can control the transmit power of WRT-410 here. There are five options available: full, half, quarter, eighth, and min.

Super G Mode: There are four options selectable: Disabled, Super G without Turbo, Super G with Dynamic Turbo, and Super G with Static Turbo. When you use Super G mode, it is recommended to enable 11g only for best performance.

3.3 Status

3.3.1 Device Information

This screen enables you to view the router LAN, wireless LAN, and WAN configuration.

- 13 -

Firmware Version: Displays the latest build of the WRT-410 firmware interface. After upgrading the firmware in Tools -> Firmware, check this to ensure that your firmware was successfully upgraded.

LAN: This field displays the WRT-410 LAN interface MAC address, IP address, subnet mask, and DHCP server status. Click “DHCP Table” to view a list of client stations currently connected to the WRT-410 LAN interface.

Wireless: Displays the WRT-410 wireless connection information, including the WRT-410 wireless interface MAC address, connection status, SSID status, which channel is being used and whether WEP is enabled or not.

WAN: This field displays the WRT-410 WAN interface MAC address, DHCP client status, IP address, subnet mask, default gateway and DNS. Click “DHCP Release” to release IP addresses get from ISP for the WAN port. Click “DHCP Renew” to get a new IP addresses from ISP for the WAN port.

3.3.2 Log

This screen will show you a running log of system statistics, events and activities. The log displays up to 200 entries. Older entries are overwritten by new entries. You can save logs via the Log Settings option

-> “Send to”. The Log screen commands and information meaning are as follows

- 14 -

First Page: View the first page of the log message list. Last Page: View the last page of the log message list. Previous Page: View the page just before the current page. Next Page: View the page just after the current page. Clear Log: Delete the contents of the log and begin a new log. Refresh: Renew log statistics. Time: Displays the time and date that the log entry was created. Message: Displays summary information about the log entry. Source: Displays the source of the communication. Destination: Displays the destination of the communication. Note: Displays the IP address of the communication.

3.3.3 Log Settings

This screen allows you to set WRT-410 logging parameters.

- 15 -

SMTP Server: Type the SMTP server address for the email that the log will be sent to in the next field. Send to: Type an email address for the log to be sent to. Click “Email Log Now” to send the current log

immediately. Syslog Server: Type the IP address of the Syslog Server if you want the WRT-410 to listen and receive

incoming SysLog messages.

Log Type: Select what items will be included in the log: System Activity: Displays information related to WRT-410 operation. Debug Information: Displays information related to errors and system malfunction. Attacks: Displays information about any malicious activity on the network. Dropped Packets: Displays information about packets that have not been transferred successfully. Notice: Displays important notices by the system administrator.

3.3.4 Statistic

This screen displays a table that shows the rate of packet transmission via the WRT-410 LAN, WLAN and WAN ports (in bytes per second).

- 16 -

Click “Reset” to erase all statistics and begin logging statistics again. Utilization: Separates packet transmission statistics into send and receive categories. Peak indicates

the maximum packet transmission recorded since logging began, while Average indicates the average of the total packet transmission since recording began.

3.3.5 Wireless

This screen will show you which wireless devices that are connected to this WRT-410 via wireless interface.

Connected Time: Displays how long the wireless device has been connected to the LAN via the WRT-410.

MAC Address: Displays the devices wireless LAN interface MAC address.

3.4 Routing

3.4.1 Static

You can set parameters by which the WRT-410 forwards data to its destination if your network has a static IP address.

- 17 -

Network Address: Type the static IP address your network uses to access the Internet. Your ISP or network administrator provides you with this information.

Network Mask: Type the network (subnet) mask for your network. If you do not type a value here, the network mask defaults to 255.255.255.255. Your ISP or network administrator provides you with this information.

Gateway Address: Type the gateway address of your network. Your ISP or network administrator provides you with this information.

Interface: Select the interface WAN or LAN that you will use to connect to the Internet. Metric: Select which metric you want to apply to this configuration. Add: Click to add a configuration to the static IP address table at the bottom of this page. Update: Select one of the entries in the static IP address table at the bottom of the page and, after

changing parameters, click “Update” to confirm the changes. Delete: Select one of the entries in the static IP address table at the bottom of the page and click “Delete”

to remove the entry.

New: Click “New” to clear the fields and add required information to create a new entry.

3.4.2 Dynamic

This screen allows you to set the NAT parameters.

- 18 -

NAT: Select the option to enable or disable NAT. Transmit: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2. Receive: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2.

3.4.3 Routing Table

This screen will show you the routing table of WRT-410. The routing table is a database created by the WRT-410 that displays the network interconnection topology.

Network Address: Displays the network IP address of the connected node. Network Mask: Displays the network (subnet) mask of the connected node. Gateway Address: Displays the gateway address of the connected node. Interface: Displays whether the node is connected via a WAN or LAN. Metric: Displays the metric of the connected node. Type: Displays whether the node has a static or dynamic IP address.

- 19 -

3.5 Access

3.5.1 Filters

This screen enables you to allow and deny user access based upon the filters you set. If MAC Filters is selected, the screen appears as below.

MAC Filter: Enables you to allow or deny Internet access for users within the LAN based upon the MAC address of their network interface. Click the radio button next to disable or enable the MAC filter.

Disabled: All users are allowed Internet access. Enable: All users are allowed Internet access except those users listed in MAC table. MAC Table: Use this section to create a table to which Internet access is denied or allowed. The user

profiles are listed in the table at the bottom of the page.

Note: When selecting items in the table at the bottom, click anywhere in the item. The line is

selected, and the fields automatically load the item's parameters, which you can edit.

Name: Type the name of the user to be denied access. MAC Address: Type the MAC address of the user's network interface. Add: Click to add the user to the list at the bottom of the page. Update: Click to update information for the user, if you have changed any of the fields. Delete: Select a user from the table at the bottom of the list and click “Delete” to remove the user profile. Clear: Click “Clear” to erase all fields and enter new information.

If URL Blocking is selected, the screen appears as below. In the text field, enter the keyword of the url you want to block, then click the “Add” button. The word would appear on the list immediately. If you want to remove any existing word, just select it from the list and click “Delete” button.

- 20 -

The following screen appears once you select IP Filters. It enables you to define a minimum and maximum IP address range filter; all IP addresses falling in the range are not allowed Internet access. The IP filter profiles are listed in the table at the bottom of the page.

Note: When selecting items in the table at the bottom, click anywhere in the item. The line is

selected, and the fields automatically load the item's parameters, which you can edit.

Enable: Click to enable or disable the IP address filter. Range Start: Type the minimum address for the IP range. IP addresses falling between this value and

the Range End are not allowed to access the Internet. Range End: Type the minimum address for the IP range. IP addresses falling between this value and the

Range Start are not allowed to access the Internet.

Add: Click to add the IP range to the table at the bottom of the screen. Update: Click to update information for the range if you have selected a list item and have made

changes.

Delete: Select a list item and click “Delete” to remove the item from the list. Clear: Click “Clear” to erase all fields and enter new information.

- 21 -

Select Domain Blocking, and the following screen appear.

Domain Blocking: There are three options in this field. Select the proper setting according to your demand.

Permitted Domains: Enter the domain name in the text field, and click “Add” button to add it to the list. Blocked Domains: Enter the domain name in the text field, and click “Add” button to add it to the list.

Select Protocol Filter, the screen appears as below. It enables you to allow or deny access based upon a communications protocol list you create. The protocol filter profiles are listed in the table at the bottom of the page.

- 22 -

Note: When selecting items in the table at the bottom, click anywhere in the item. The line is

selected, and the fields automatically load the item's parameters, which you can edit.

Protocol Filter: Enables you to allow or deny Internet access to users based upon the communications protocol of the origin. Click the radio button next to Disabled to disable the protocol filter.

Disable List: Select this option to disable Protocol Filter. Enable List: All protocols in the list are not allowed to connect to the Internet via the LAN. (Create list

items in section under Add Protocol Filter.) Edit Protocol Filter in List: Use this section to create a profile for the protocol you want to deny Internet

access to.

Enable: Click to enable or disable the protocol filter. Name: Type a descriptive name for the protocol filter. Protocol: Select the protocol (TCP, UDP or ICMP) you want to allows/deny Internet access to from the

pull-down list. Port Range: If you are creating a profile for ICMP, type a minimum and maximum port range in the two

fields.

Add: Click to add the protocol filter to the list at the bottom of the page. Update: Click to update information for the protocol filter, if you have changed any of the fields. Delete: Select a filter profile from the table at the bottom of the list and click “Delete” to remove the

profile.

New: Click “New” to erase all fields and enter new information.

3.5.2 Virtual Server

This screen enables you to create a virtual server via the WRT-410. If the WRT-410 is set as a virtual server, remote users requesting Web or FTP services through the WAN are directed to local servers in the LAN. The WRT-410 redirects the request via the protocol and port numbers to the correct LAN server. The Virtual Sever profiles are listed in the table at the bottom of the page.

Enable: Click to enable or disable the virtual server. Name: Type a descriptive name for the virtual server. Protocol: Select the protocol (TCP or UDP) you want to use for the virtual server. Private Port: Type the port number of the computer on the LAN that is being used to act as a virtual

server.

- 23 -

Public Port: Type the port number on the WAN that will be used to provide access to the virtual server. LAN Server: Type the LAN IP address that will be assigned to the virtual server. Add: Click to add the virtual server to the table at the bottom of the screen. Update: Click to update information for the virtual server if you have selected a list item and have made

changes.

Delete: Select a list item and click “Delete” to remove the item from the list. Clear: Click “Clear” to erase all fields and enter new information.

3.5.3 Special AP

This screen allows you to specify special applications, such as games, that require multiple connections that are inhibited by NAT.

The special applications profiles are listed in the table at the bottom of the page.

Enable: Click to enable or disable the application profile. When enabled, users will be able to connect to the application via the WRT-410 WAN connection. Click Disabled on a profile to prevent users from accessing the application on the WAN.

Name: Type a descriptive name for the application. Trigger: Defines the outgoing communication that determines whether the user has legitimate access to

the application.

Protocol: Select the protocol (TCP, UDP or ICMP) that can be used to access the application. Port Range: Type the port range that can be used to access the application in the fields. Incoming: Defines which incoming communications users are permitted to connect with. Protocol: Select the protocol (TCP, UDP or ICMP) that can be used by the incoming communication. Port: Type the port number that can be used for the incoming communication. Add: Click to add the special application profile to the table at the bottom of the screen. Update: Click to update information for the special application if you have selected a list item and have

made changes.

Delete: Select a list item and click “Delete” to remove the item from the list. Clear: Click “Clear” to erase all fields and enter new information.

- 24 -

3.5.4 DMZ

This screen enables you to create a DMZ for those computers that cannot access Internet applications properly through the WRT-410 and associated security settings.

Enable: Click to enable or disable the DMZ. DMZ Host IP: Type a host IP address for the DMZ. The computer with this IP address acts as a DMZ

host with unlimited Internet access. Apply: Click to save the settings.

Note: Any clients added to the DMZ exposes the clients to security risks such as viruses and

unauthorized access.

3.5.5 Firewall Rule

This screen enables you to set up the firewall. The WRT-410 provides basic firewall functions, by filtering all the packets that enter the WRT-410 using a set of rules. The rules are in an order sequence list the lower the rule number, the higher the priority the rule has.

The rule profiles are listed in the table at the bottom of the page.

- 25 -

Enable: Click to enable or disable the firewall rule profile. Name: Type a descriptive name for the firewall rule profile. Action: Select whether to allow or deny packets that conform to the rule. Source: Defines the source of the incoming packet that the rule is applied to. Interface: Select which interface (WAN or LAN) the rule is applied to. IP Range Start: Type the start IP address that the rule is applied to. IP Range End: Type the end IP address that the rule is applied to. Destination: Defines the destination of the incoming packet that the rule is applied to. Interface: Select which interface (WAN or LAN) the rule is applied to. IP Range Start: Type the start IP address that the rule is applied to. IP Range End: Type the end IP address that the rule is applied to. Protocol: Select the protocol (TCP, UDP or ICMP) of the destination. Port Range: Select the port range. Add: Click to add the rule profile to the table at the bottom of the screen. Update: Click to update information for the rule if you have selected a list item and changed. Delete: Select a list item and click “Delete” to remove the item from the list. New: Click “New” to erase all fields and enter new information. Priority Up: Select a rule from the list and click “Priority” Up to increase the priority of the rule. Priority Down: Select a rule from the list and click “Priority Down” to decrease the priority of the rule. Update Priority: After increasing or decreasing the priority of a rule, click “Update Priority” to save the

changes.

3.6 Management

3.6.1 SNMP

This screen allows you to configure SNMP.

- 26 -

Enabled/Disabled: Click to enable or disable SNMP. By default is disabled. System Name: Displays the name given to the WRT-410. System Location: Displays the location of the WRT-410 (normally, the DNS name). System Contact: Displays the contact information for the person responsible for the WRT-410. Community: SNMP system name for exchanging SNMP community messages. The name can be used

to limit SNMP messages passing through the network. The default name is “public”.

Trap Receiver: Type the name of the destination PC that will receive trap messages.

3.6.2 Remote Management

This screen enables you to set up remote management. Using remote management, the WRT-410 can be configured through the WAN via a Web browser. A user name and password are required to perform remote management.

HTTP: Enables you to set up HTTP access for remote management.

- 27 -

Enable: Click to enable or disable HTTP access for remote management. Remote IP Range: Type the range of IP addresses that can be used for remote access. Allows to Ping WAN Port: This function allows remote users to ping WRT-410 WAN port IP address. Enable: Click to enable or disable WAN port pinged function. Remote IP Range: Type the range of IP addresses that can ping from remote locations. UPNP Enable: Click to enable or disable UPNP. Gaming mode: Click to enable or disable Game mode. PPTP: Click to enable or disable PPTP passthrough. IPSec: Click to enable or disable IPSec passthrough.

3.7 Tools

3.7.1 Restart

Click Restart to restart the system in the event the system is not performing correctly.

3.7.2 Settings

This screen allows you to save settings as a profile and load profiles for different circumstances. You can also load the factory default settings, and run a setup wizard to configure the WRT-410 and WRT-410 interface.

- 28 -

Save Settings: Click to save the current configuration as a profile that you can load when necessary. Load Settings: Click “Browse” and go to the location of a stored profile. Click Load to load the profile's

settings. Restore Factory Default Settings: Click to restore the default settings. All configuration changes you

have made will be lost.

3.7.3 Firmware

You can upgrade your WRT-410 with new firmware in this screen. Please follow these instructions:

1. Download the latest firmware from PLANET's website, and save it to your disk.

2. Click “Browse” and find out the location of the downloaded file.

3. Select the file and click “Upgrade” to update WRT-410 to the latest firmware.

3.7.4 Ping Test

You can ping an IP address or host which is present on the Internet. Type the IP address or host name in the field and click Ping.

- 29 -

3.8 Wizard

The setup wizard enables you to configure the WRT-410 quickly and conveniently. Click “Wizard” button, the window below will appear. Please click “Next>” and follow the steps to configure WRT-410.

You are prompted to select a password. Type a password in the text box, and then type it again for verification. Click Next.

Select your time zone from the drop-down list. Click Next. Type the LAN IP address in the text box. The default IP address is 192.168.1.1. Type the subnet mask in the text box. Enable DHCP Server if you want DHCP to automatically assign IP addresses. Type a beginning IP

address and an end IP address for the DHCP server to use in assigning IP addresses. Click Next. Select how the router will set up the Internet connection. If you have enabled DHCP server,

choose "Obtain IP automatically (DHCP client)" to have the router assign IP addresses automatically. Click to enable or disable wireless LAN. If you enable the wireless LAN, type the SSID in the text box and

select a communications channel. The SSID and channel must be the same as wireless devices attempting communication to the router.

Click Next. You are prompted to restart save the settings and restart the router interface. Click Restart to complete the wizard.

- 30 -

Chapter 4 802.1X Authentication Setup

4.1 802.1X Infrastructure

An 802.1X Infrastructure is composed of three major components: Authenticator, Authentication server, and Supplicant.

Authentication server: An entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.

Authenticator: An entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link.

Supplicant: An entity at one end of a point-to-point LAN segment that is being authenticated by an authenticator attached to the other end of that link.

In the following sections, we will guide you to build an 802.1X Infrastructure step by step. The instructions are divided into three parts:

RADIUS Server Setup: Microsoft Windows 2000 server. Authenticator Setup: WRT-410. Wireless Client Setup: Microsoft Windows XP.

The above graph shows the network topology of the solution we are going to introduce. As illustrated, a group of wireless clients is trying to build a wireless network with WRT-410 in order to have access to both Internet and Intranet. With 802.1X authentication, each of these wireless clients would have to be authenticated by RADIUS server. If the client is authorized, WRT-410 would be notified to open up a communication port to be used for the client. There are 2 Extensive Authentication Protocol (EAP) methods supported: (1) MD5 and (2) TLS.

MD5 authentication is simply a validation of existing user account and password that is stored in a database of RADIUS server. Therefore, wireless clients will be prompted for account/password validation to build the link. TLS authentication is a more complicated authentication, which is using certificate that is issued by RADIUS server for authentication. TLS authentication is a more secure authentication, since not only RADIUS server authenticates the wireless client, but also the client can validate RADIUS server by the certificate that it issues. The TLS authentication request from wireless clients and reply by Radius Server and WRT-410 can be briefed as follows:

1. The client sends an EAP start message to WRT-410.

2. WRT-410 replies with an EAP Request ID message.

3. The client sends its Network Access Identifier (NAI) – its user name – to WRT-410 in an EAP

Respond message.

4. WRT-410 forwards the NAI to the RADIUS server with a RADIUS Access Request message.

5. The RADIUS server responds to the client with its digital certificate.

- 31 -

6. The client validates the digital certificate, and replies its own digital certificate to the RADIUS server.

7. The RADIUS server validates client’s digital certificate.

8. The client and RADIUS server derive encryption keys.

9. The RADIUS server sends WRT-410 a RADIUS ACCEPT message, including the client’s WEP key.

10. WRT-410 sends the client an EAP Success message along with the broadcast key and key length,

all encrypted with the client’s WEP key.

4.2 RADIUS Server Setup

4.2.1 Required Services

After Windows 2000 server has been installed, please install Service Pack 2 also and other latest security patch.

Furthermore, the following service components are needed: n Active Directory (Please consult with your network administrator or an engineer who is familiar with

Windows 2000 server to install Active Directory; otherwise your system or network might be unstable.)

n IAS (Internet Authentication Service) n Web Server (IIS) n Certificate Service

4.2.2 Setup Procedure

1. Login into Windows 2000 Server as Administrator, or account that has Administrator authority.

2. Go to Start > Control Panel, and double-click “Add or Remove Programs”.

3. Click on “Add/Remove Windows components”.

4. Check “Certificate Services”, and click “Next” to continue.

5. Select “Enterprise root CA”, and click “Next” to continue.

- 32 -

6. Enter the information that you want for your Certificate Service, and click “Next” to continue.

7. Go to Start > Program > Administrative Tools > Certificate Authority.

8. Right-click on the “Policy Setting”, select “new”.

9. Select “Certificate to Issue”.

10. Select “Authenticated Session” and “Smartcard Logon” by holding down to the Ctrl key, and click

“OK” to continue.

- 33 -

11. Go to Start > Program > Administrative Tools > Active Directory Users and Computers.

12. Right-click on domain, and select ”Properties” to continue.

13. Select “Group Policy” tab and click “Properties” to continue.

- 34 -

14. Go to “Computer Configuration” > “Security Settings” > “Public Key Policies”

15. Right-click “Automatic Certificate Request Setting”, and select “New”

16. Click “Automatic Certificate Request ...”

- 35 -

17. The Automatic Certificate Request Setup Wizard will guide you through the Automatic Certificate

Request setup, simply click “Next” through to the last step.

18. Click “Finish” to complete the Automatic Certificate Request Setup

19. Go to Start > Run, and type “command” and click “Enter” to open Command Prompt.

20. Type “secedit/refreshpolicy machine_policy” to refresh policy.

Adding Internet Authentication Service

21. Go to Start > Control Panel > Add or Remove Programs.

22. Select “Add/Remove Windows Components” from the panel on the left.

23. Select “Internet Authentication Service”, and click “OK” to install.

- 36 -

Setting Internet Authentication Service

24. Go to Start > Program > Administrative Tools > Internet Authentication Service.

25. Right-click “Client”, and select “New Client”.

26. Enter the IP address of WRT-410 in the Client address text field, a memorable name for WRT-410 in

the Client-Vendor text field, the access password used by WRT-410 in the Shared secret text field. Re-type the password in the Confirmed shared secret text field.

27. Click “Finish”.

- 37 -

28. In the Internet Authentication Service, right-click “Remote Access Policies”

29. Select “New Remote Access Policy”.

30. Select “Day-And-Time-Restriction”, and click “Add” to continue.

- 38 -

31. Unless you want to specify the active duration for 802.1X authentication, click “OK” to accept for

having 802.1x authentication enabled at all times.

32. Select “Grant remote access permission”, and click “Next” to continue.

- 39 -

33. Click “Edit Profile”.

For TLS Authentication Setup (Steps 34 ~ 35)

34. Select “Authentication” Tab.

35. Enable “Extensible Authentication Protocol”, and select “Smart Card or other Certificate” for

TLS authentication. Click “OK”. Then go to step 38.

- 40 -

For MD5 Authentication Setup (Steps 36 ~ 37)

36. Select “Authentication” Tab.

37. Enable “Extensible Authentication Protocol”. Select “MD5-Challenge” and enable “Encrypted

Authentication (CHAP)” for MD5 authentication. Click “OK”.

- 41 -

38. Select “Internet Authentication Service (Local)”, click on “Action” from top panel. Then click

“Register Service in Active Directory”.

39. Go to Start > Program > Administrative Tools > Active Directory Users and Computers.

40. Right click on the domain, and select “Properties”.

41. Select “Group Policy” tab, and click “Edit” to edit the Group Policy.

- 42 -

42. Go to “Computer Configuration” > “Windows Settings” > “Security Settings” > “Account

Policies” > “Password Policies”. Double click on “Store password using reversible encryption for all users in the domain”.

- 43 -

43. Click “Define this policy setting”, select “Enabled”, and click “OK” to continue.

44. Go to Start > Program > Administrative Tools > Active Directory Users and Computers.

45. Go to Users. Right-click on the user that you are granting access, and select “Properties”.

46. Go to “Account” tab, and enable “Store password using reversible encryption”.

47. Click “Apply” to continue.

- 44 -

48. Go to the “Dial-in” tab, and check “Allow access” option for Remote Access Permission and “No

Call-back” for Callback Options. Then click “OK”.

- 45 -

4.3 Authenticator Setup

1. For EAP-MD5 Authentication, WEP key must be set previously. Go to Wireless>Authentication.

Enable WEP key, and enter a desired key string. You can skip this step if using EAP-TLS Authentication.

2. Click on 802.1X for detailed configuration.

3. Enable 802.1X Authentication by selecting “Enable”.

4. If EAP-MD5 is used, you can leave the settings in Encryption Key Length and Lifetime as default. If

you are using EAP-TLS authentication, set the Encryption Key Length ranging from 64 to 256 Bits and the Lifetime from 5 Minutes to 1 Day. As soon as the lifetime expires, the Encryption Key will be renewed by RADIUS server.

5. Enter the IP address, Port number, and Shared Secret Key used by the Primary Radius Server.

- 46 -

6. Enter the IP address, Port number, and Shared Secret Key used by the Secondary Radius Server.

7. Click “Apply”. The 802.1x settings will take effect right after WRT-410 reboots itself.

4.4 Wireless Client Setup

Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an

802.1X client utility is needed. The following procedures show how to configure 802.1X Authentication

with WL-3555 in Windows XP. Please note that if you want to change the 802.1x authentication type of a wireless client, i.e. switch to EAP-TLS from EAP-MD5, you must remove the current existing wireless network from your preferred connection first, and add it in again.

4.4.1 EAP-MD5 Authentication

1. Go to Start > Control Panel, double-click on “Network Connections”.

2. Right-click on the Wireless Network Connection which using WL-3555.

3. Click “Properties” to open up the Properties setting window.

4. Click on the “Wireless Network” tab.

- 47 -

5. Click “Properties” of one available wireless network, which you want to associate with.

6. Select “Data encryption (WEP enabled)” option, but leave other options unselected.

- 48 -

7. Enter the network key in “Network key” text box. The string must be the same as the first set of WEP

key which you set to WRT-410.

8. Click “OK”.

9. Select “Authentication” tab.

10. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication.

11. Select “MD-5 Challenge” from the drop-down list box for EAP type.

- 49 -

12. Click “OK”.

13. When wireless client has associated with WRT-410, a user authentication notice appears in system

tray. Click on the notice to continue.

14. Enter the user name, password and the logon domain that your account belongs.

15. Click “OK” to complete the validation process.

4.4.2 EAP-TLS Authentication

Get Digital Certificate from Server

The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a

- 50 -

CA server. Furthermore, you must have a valid account/password to access the server.

1. Active web browser, enter “http://192.168.1.10/certsrv” in the Address field which 192.168.1.10 is the

IP address of our server. This will directly access to Certificate Service of a Windows 2000 server. A dialog box will prompt you to enter user name and password.

2. Enter a valid user name and password, then click “OK” to continue.

3. Select “Request a certificate”, and click “Next” to continue.

4. Select “User Certificate request”, and click “Next” to continue.

- 51 -

5. Click “Submit >” to continue.

6. The Certificate Service is now processing the certificate request.

- 52 -

7. The certificate is issued by the server, click “Install this certificate” to download and store the

certificate to your local computer.

8. Click “Yes” to store the certificate to your local computer.

9. Certificate is now installed.

Wireless Adapter Setup

1. Go to Start > Control Panel, double-click on “Network Connections”.

- 53 -

2. Right-click on the Wireless Network Connection which using WL-3555.

3. Click “Properties” to open up the Properties setting window.

4. Click on the “Wireless Network” tab.

5. Click “Properties” of one available wireless network, which you want to associate with.

- 54 -

6. Select “The key is provided for me automatically” option.

7. Click “OK”.

- 55 -

8. Click “Authentication” tab

9. Select “Enable network access control using IEEE 802.1X” option to enable 802.1x authentication.

10. Select “Smart Card or other Certificate” from the drop-down list box for EAP type.

11. Click “OK”.

12. When wireless client has associated with WRT-410, Windows XP will prompt you to select a

certificate for wireless network connection. If you only have one certificate in local computer, system will automatically use it for authenticate. If you have multiple certificates in local computer, click on the network connection icon in the system tray to continue.

- 56 -

13. Select the certificate that was issued by the server (in our demonstration: WirelessCA), and click

“OK” to continue.

14. Make sure this certificate is issued by correct server, and click “OK” to complete the authentication

process.

- 57 -

Chapter 5 Troubleshooting

This chapter provides solutions to problems usually encountered during the installation and operation of the Wireless Broadband Router. Read the description below to solve your problems.

5.1 Frequently Asked Questions

What is WPA (Wi-Fi Protected Access)?

WPA resolves the issue of weak WEP headers, which are called initialization vectors (IV), and provides a way of insuring the integrity of the messages passed through MIC (called Michael or message integrity check) using TKIP (the Temporal Key Integrity Protocol) to enhance data encryption. WPA-PSK is a special mode of WPA for home users without an enterprise authentication server and provides the same strong encryption protection. WPA is not an official IEEE standard, but is based on and is expected to be compatible with the upcoming 802.11i security standard

Can I run an application from a remote computer over the wireless network?

This will depend on whether or not the application is designed to be used over a network. Consult the application’s user guide to determine if it supports operation over a network.

Can I play games with other members of the wireless network?

Yes, as long as the game supports multiple plays over a LAN (local area network). Refer to the game’s user guide for more information.

What is the IEEE 802.11b standard?

The IEEE 802.11b Wireless LAN standards subcommittee, which is formulating a standard for the industry. The objective is to enable wireless LAN hardware from different manufactures to communicate.

What IEEE 802.11 features are supported?

The product supports the following IEEE 802.11 functions:

• CSMA/CA plus Acknowledge protocol

• Multi-Channel Roaming

• Automatic Rate Selection

• RTS/CTS feature

• Fragmentation

• Power Management

What is PBCC?

- 58 -

This new products use the ACX100 chip from Texas Instruments. In addition to meeting the existing standard, the chip also supports a new modulation scheme developed by TI, called Packet Binary Convolution Code (PBCC). It's this scheme that gives the products the extra kick: Even at lower speeds, PBCC provides better performance at greater distances, and it can also work at 22 Mbps.

What is Ad-hoc?

An Ad-hoc integrated wireless LAN is a group of computers, each with a WLAN adapter, connected as an independent wireless LAN. Ad hoc wireless LAN is applicable at a departmental scale for a branch or SOHO operation.

What is Infrastructure?

An integrated wireless and wired LAN is called an Infrastructure configuration. Infrastructure is applicable to enterprise scale for wireless access to central database, or wireless application for mobile workers.

What is Roaming?

Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than that covered by a single Wireless Network Access Point. Before using the roaming function, the workstation must make sure that it is the same channel number with the Wireless Network Access Point of dedicated coverage area.

5.2 Glossary

ACCESS POINT

Access points are way stations in a wireless LAN that are connected to an Ethernet hub or server. Users can roam within the range of access points and their wireless device connections are passed from one access point to the next.

AUTHENTICATION

Authentication refers to the verification of a transmitted message's integrity.

DMZ

DMZ (DeMilitarized Zone) is a part of an network that is located between a secure LAN and an insecure WAN. DMZs provide a way for some clients to have unrestricted access to the Internet.

BEACON INTERVAL

Refers to the interval between packets sent sent by access points for the purposes of synchronizing wireless LANs.

DHCP

DHCP (Dynamic Host Configuration Protocol) software automatically assigns IP addresses to client stations logging onto a TCP/IP network, which eliminates the need to manually assign permanent IP addresses.

- 59 -

DNS

DNS stands for Domain Name System. DNS converts machine names to the IP addresses that all machines on the net have. It translates from name to address and from address to name.

DOMAIN NAME

The domain name typically refers to an Internet site address.

DTIM

DTIM (Delivery Traffic Indication Message) provides client stations with information on the next opportunity to monitor for broadcast or multicast messages.

FILTER

Filters are schemes which only allow specified data to be transmitted. For example, the router can filter specific IP addresses so that users cannot connect to those addresses.

FIREWALL

Firewalls are methods used to keep networks secure from malicious intruders and unauthorized access. Firewalls use filters to prevent unwanted packets from being transmitted. Firewalls are typically used to provide secure access to the Internet while keeping an organization's public Web server separate from the internal LAN.

FIRMWARE

Firmware refers to memory chips that retain their content without electrical power (for example, BIOS ROM). The router firmware stores settings made in the interface.

FRAGMENTATION

Refers to the breaking up of data packets during transmission.

FTP

FTP (File Transfer Protocol) is used to transfer files over a TCP/IP network, and is typically used for transferring large files or uploading the HTML pages for a Web site to the Web server.

GATEWAY

Gateways are computers that convert protocols enabling different networks, applications, and operating systems to exchange information.

HOST NAME

The name given to a computer or client station that acts as a source for information on the network.

HTTP

HTTP (HyperText Transport Protocol) is the communications protocol used to connect to servers on the World Wide Web. HTTP establishes a connection with a Web server and transmits HTML pages to client browser (for example Windows IE). HTTP addresses all begin with the prefix 'http://' prefix (for example, http://www.yahoo.com).

ICMP

ICMP (Internet Control Message Protocol) is a TCP/IP protocol used to send error and control messages over the LAN (for example, it is used by the router to notify a message sender that the destination node is not available).

- 60 -

IP (Internet Protocol) is the protocol in the TCP/IP communications protocol suite that contains a network address and allows messages to be routed to a different network or subnet. However, IP does not ensure delivery of a complete message—TCP provides the function of ensuring delivery.

IP ADDRESS

The IP (Internet Protocol) address refers to the address of a computer attached to a TCP/IP network. Every client and server station must have a unique IP address. Clients are assigned either a permanent address or have one dynamically assigned to them via DHCP. IP addresses are written as four sets of numbers separated by periods (for example, 211.23.181.189).

ISP

An ISP is an organization providing Internet access service via modems, ISDN (Integrated Services Digital Network), and private lines.

LAN

LANs (Local Area Networks) are networks that serve users within specific geographical areas, such as in a company building. LANs are comprised of servers, workstations, a network operating system, and communications links such as the router.

MAC ADDRESS

A MAC address is a unique serial number burned into hardware adapters, giving the adapter a unique identification.

METRIC

A number that indicates how long a packet takes to get to its destination.

MTU

MTU (Maximum Transmission/Transfer Unit) is the largest packet size that can be sent over a network. Messages larger than the MTU are divided into smaller packets.

NAT

NAT (Network Address Translation - also known as IP masquerading) enables an organization to present itself to the Internet with one address. NAT converts the address of each LAN node into one IP address for the Internet (and vice versa). NAT also provides a certain amount of security by acting as a firewall by keeping individual IP addresses hidden from the WAN.

(NETWORK) ADMINISTRATOR

The network administrator is the person who manages the LAN within an organization. The administrator's job includes ensuring network security, keeping software, hardware, and firmware up-to-date, and keeping track of network activity.

NTP

NTP (Network Time Protocol) is used to synchronize the realtime clock in a computer. Internet primary and secondary servers synchronize to Coordinated Universal Time (UTC).

PACKET

A packet is a portion of data that is transmitted in network communications. Packets are also sometimes called frames and datagrams. Packets contain not only data, but also the destination IP address.

- 61 -

PING

Ping (Packet INternet Groper) is a utility used to find out if a particular IP address is present online, and is usually used by networks for debugging.

PORT

Ports are the communications pathways in and out of computers and network devices (routers and switches). Most PCs have serial and parallel ports, which are external sockets for connecting devices such as printers, modems, and mice. All network adapters use ports to connect to the LAN. Ports are typically numbered.

PPPOE

PPPoE (Point-to-Point Protocol Over Ethernet) is used for running PPP protocol (normally used for dial-up Internet connections) over an Ethernet.

PREAMBLE

Preamble refers to the length of a CRC (Cyclic Redundancy Check) block that monitors communications between roaming wireless enabled devices and access points.

PROTOCOL

A protocol is a rule that governs the communication of data.

RIP

RIP (Routing Information Protocol) is a routing protocol that is integrated in the TCP/IP protocol. RIP finds a route that is based on the smallest number of hops between the source of a packet and its destination.

RTS

RTS (Request To Send) is a signal sent from the transmitting station to the receiving station requesting permission to transmit data.

SERVER

Servers are typically powerful and fast machines that store programs and data. The programs and data are shared by client machines (workstations) on the network.

SMTP

SMTP (Simple Mail Transfer Protocol) is the standard Internet e-mail protocol. SMTP is a TCP/IP protocol defining message format and includes a message transfer agent that stores and forwards mail.

SNMP

SNMP (Simple Network Management Protocol) is a widely used network monitoring and control protocol. SNMP hardware or software components transmit network device activity data to the workstation used to oversee the network.

SSID

SSID (Service Set Identifier) is a security measure used in WLANs. The SSID is a unique identifier attached to packets sent over WLANs. This identifier emulates a password when a wireless device attempts communication on the WLAN. Because an SSID distinguishes WLANS from each other, access points and wireless devices trying to connect to a WLAN must use the same SSID.

SUBNET MASK

Subnet Masks (SUBNETwork masks) are used by IP protocol to direct messages into a specified network segment (i.e., subnet). A subnet mask is stored in the client machine, server or router and is compared

- 62 -

with an incoming IP address to determine whether to accept or reject the packet.

SYSLOG SERVER

A SysLog server monitors incoming Syslog messages and decodes the messages for logging purposes.

TCP

(Transmission Control Protocol) is the transport protocol in TCP/IP that ensures messages over the network are transmitted accurately and completely.

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the main Internet communications protocol. The TCP part ensures that data is completely sent and received at the other end. Another part of the TCP/IP protocol set is UDP, which is used to send data when accuracy and guaranteed packet delivery are not as important (for example, in realtime video and audio transmission).

The IP component of TCP/IP provides data routability, meaning that data packets contain the destination station and network addresses, enabling TCP/IP messages to be sent to multiple networks within the LAN or in the WAN.

TELNET

Telnet is a terminal emulation protocol commonly used on the Internet and TCP- or IP-based networks. Telnet is used for connecting to remote devices and running programs. Telnet is an integral component of

the TCP/IP communications protocol.

UDP

(User Datagram Protocol) is a protocol within TCP/IP that is used to transport information when accurate delivery isn't necessary (for example, realtime video and audio where packets can be dumped as there is no time for retransmitting the data).

VIRTUAL SERVERS

Virtual servers are client servers (such as Web servers) that share resources with other virtual servers (i.e., it is not a dedicated server).

WEP

WEP (Wired Equivalent Privacy) is the de facto security protocol for wireless LANs, providing the "equivalent" security available in hardwired networks.

WIRELESS LAN

Wireless LANs (WLANs) are local area networks that use wireless communications for transmitting data. Transmissions are usually in the 2.4 GHz band. WLAN devices do not need to be lined up for communications like infrared devices. WLAN devices use access points which are connected to the wired LAN and provide connectivity to the LAN. The radio frequency of WLAN devices is strong enough to be transmitted through non-metal walls and objects, and can cover an area up to a thousand feet. Laptops and notebooks use wireless LAN PCMCIA cards while PCs use plug-in cards to access the WLAN.

WLAN

WLANs (Wireless LANs) are local area networks that use wireless communications for transmitting data. Transmissions are usually in the 2.4 GHz band. WLAN devices do not need to be lined up for communications like infrared devices. WLAN devices use access points which are connected to the wired LAN and provide connectivity to the LAN. The radio frequency of WLAN devices is strong enough to be transmitted through non-metal walls and objects, and can cover an area up to a thousand feet. Laptops and notebooks use wireless LAN PCMCIA cards while PCs use plug-in cards to access the

- 63 -

WLAN.

WAN

WAN (Wide Area Network) is a communications network that covers a wide geographic area such as a country (contrasted with a LAN, which covers a small area such as a company building).

- 64 -

IBM WRT-410 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Chapter 1 Introduction

1.1 Package Contents

1.2 System Requirements

1.3 Features

1.4 Specification

1.5 Wireless Performance

Chapter 2 Hardware Installation

2.1 Hardware Connection

2.2 LED Indicators

Chapter 3 Configure through Web Browser

3.1 Main

3.1.1 LAN & DHCP Server

3.1.2 WAN

3.1.3 Password

3.1.4 Time

3.1.5 Dynamic DNS

3.2 Wireless

3.2.1 Basic

3.2.2 Authentication

3.2.3 Advanced

3.3 Status

3.3.1 Device Information

3.3.2 Log

3.3.3 Log Settings

3.3.4 Statistic

3.3.5 Wireless

3.4 Routing

3.4.1 Static

3.4.2 Dynamic

3.4.3 Routing Table

3.5 Access

3.5.1 Filters

3.5.2 Virtual Server

3.5.3 Special AP

3.5.4 DMZ

3.5.5 Firewall Rule

3.6 Management

3.6.1 SNMP

3.6.2 Remote Management

3.7 Tools

3.7.1 Restart

3.7.2 Settings

3.7.3 Firmware

3.7.4 Ping Test

3.8 Wizard

Chapter 4 802.1X Authentication Setup

4.1 802.1X Infrastructure

4.2 RADIUS Server Setup

4.2.1 Required Services

4.2.2 Setup Procedure

4.3 Authenticator Setup

4.4 Wireless Client Setup

4.4.1 EAP-MD5 Authentication

4.4.2 EAP-TLS Authentication

Chapter 5 Troubleshooting

5.1 Frequently Asked Questions

5.2 Glossary