LINKSYS WRVS4400N Users Manual

Wireless-N Gigabit Security Router with VPN

P2P/IM

This tab allows the system administrator to set up policies on using P2P or IM software across the Internet.

Peer to Peer

When users download files from the Internet by Peer to Peer (P2P) software, the WAN port bandwidth will be occupied. You can enable the blocking to the following P2P software applications. The defaults are non-block for the following applications:

GNUTELLA(EZPEER), FASTTRACK, KURO, EDONKEY2000, BITTORRECT, DIRECTCONNECT, PIGO, and WINMX.

Instant Messenger

Users might use IM software to chat with friends or transferring files (bandwidth hogging). You can enable the blocking to the following IM software applications. The defaults are non-block for the following applications.

MSN, ICQ, YAHOO MESSEGER, SKYPE, IRC, ODIGO, REDIFF, GOOGLE TALK, and IM QQ.

Change these settings as described here and click Save Settings to apply your changes, or click Cancel

Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details.

Figure 6-60: IPS - P2P / IM

Chapter 6: Setting Up and Configuring the Router IPS Tab

Wireless-N Gigabit Security Router with VPN

Report

This screen provides the network history status, including network traffic and attack counts, through diagram and tables.

Report Diagram: Twenty-four hour diagram displays network traffic and attacks.

Attacker

Displays the IP Address of attackers and the frequency (number of times) of the attacks in a table.

Attacked Category

Displays the category (type) of attack and the frequency (number of times) of the attacks in a table.

Click the View Log button to view the log.

Chapter 6: Setting Up and Configuring the Router IPS Tab

Figure 6-61: IPS - Report

Figure 6-62: IPS Log Raw Data

Wireless-N Gigabit Security Router with VPN

Information

Signature Version. The Signature Version displays the version of the signature patterns file loaded in the Wireless Router that protects against malicious threats.

Last Time Upload. This displays when the signature patterns file in the Wireless Router were last updated.

Protect Scope. Displays a list of the categories of attacks that the IPS feature in the Router protects against.

Those includes DoS/DDoS, Buffer Overflow, Web Attack, Scan, Trojan Horse, and IM / P2P.

Figure 6-63: IPS - Information

Chapter 6: Setting Up and Configuring the Router IPS Tab

Wireless-N Gigabit Security Router with VPN

L2 Switch Tab

The Layer 2 Switch Tab provides configurations to the layer 2 switching features on the four Ethernet LAN ports of the Wireless Router. They include VLAN, port configuration, cable diagnostics, and RADIUS authentication.

VLAN

VLAN Configuration

The Wireless Router supports Port-based VLAN. You can assign each port to one of the four VLANs or VLAN Trunk. The VLAN tags are attached internally inside the switch. No packets will leave the switch with VLAN tags.

VLANs are broadcast and multicast domains. Broadcast and multicast traffic is transmitted only within the VLAN in which the traffic is generated. The Wireless Router currently supports only one IP subnet so PCs on different VLANs cannot communicate with each other. PCs connected to the VLAN Trunk port can be accessed on all VLANs.

Trunk Port. Select one of the LAN ports to accept traffic from and to all VLANs. The default is None.

Figure 6-64: L2 Switch - VLAN

Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details.

Chapter 6: Setting Up and Configuring the Router L2 Switch Tab

Wireless-N Gigabit Security Router with VPN

RADIUS

RADIUS mode provides authentication on devices connecting to the LAN ports. It requires installation of a RADIUS server on your local network.

Mode. Select Enabled or Disabled, as desired.

RADIUS IP. Enter the RADIUS server IP address.

RADIUS UDP Port. Identifies the UDP port. The UDP port is used to verify the RADIUS server authentication.

RADIUS Secret. Indicates the Key string used for authenticating and encrypting all RADIUS communications

between the Wireless Router and the RADIUS server. This key must match the RADIUS server’s configuration.

Administration State. Specifies if each port needs RADIUS authentication. The defaults are Force Authorized so no authentication is needed. The possible field values are:

• Auto. The controlled port state is set by the RADIUS Mode.

• Force Authorized. The controlled port state is set to Force-Authorized (forward traffic). All connections can be made.

• Force Unauthorized. The controlled port state is set to Force-Unauthorized (discard traffic). All connections are blocked.

Parameters button. Click this button to configure RADIUS re-authentication and timeout period for re-authentication and EAP.

Change these settings as described here and click Save Settings to apply your changes, or click Cancel

Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details.

Figure 6-65: L2 Switch - RADIUS

Figure 6-66: L2 Switch - RADIUS

Chapter 6: Setting Up and Configuring the Router L2 Switch Tab

Wireless-N Gigabit Security Router with VPN

Port Settings

Port. Specifies the number of the four LAN ports.

Link. Displays the port duplex mode (Full or Half) and speed (10/100/1000 Mbps). Full indicates that the interface

supports transmission between the device and its link partner in both directions simultaneously. Half indicates that the interface supports transmission between the device and the client in only one direction at a time.

Mode. Specifies port duplex mode (Full or Half) and speed (10/100/1000 Mbps). Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode and flow control abilities to its partner. Default is Auto Negotiation.

Flow Control. Configure the flow control setting on the port. Select to enable. The default is disabled.

MaxFrame. Configure the maximum ethernet frame size sent or received on the port. Default is 1518. You can set

only to a value lower than 1518.

Change these settings as described here and click Save Settings to apply your changes, or click Cancel

Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details.

Cable Diagnostics

This screen provides a utility to help troubleshoot ethernet-cable-related connectivity issues.

Port. Select the port number, then click the Apply button and the diagnostics will start.

Pair. Each cable consists of eight pins (four pairs).

Cable Length. The length of the cable.

Status. The status of the pair.

Figure 6-67: L2 Switch - Port Settings

Chapter 6: Setting Up and Configuring the Router L2 Switch Tab

Wireless-N Gigabit Security Router with VPN

Status Tab

The Status Tab provides current status on this Wireless Router including WAN, LAN, Wireless LAN, System Performance, VPN client connections, and IPsec VPN connections.

WAN / Gateway

This screen provides some basic information on the Wireless Router (e.g. firmware version, time) and WAN port MAC/IP address and connection status.

Firmware Version. Displays the current firmware version.

MAC Address. Displays the WAN port MAC Address, as seen by your ISP.

Current Time. Displays the time on this Wireless Router according to your settings on the Setup->Time tab.

Internet Connection

Connection Mode. Displays the Internet connection type setting on WAN port.

Interface. Displays the WAN port Interface status (Up or Down).

IP Address. Displays the WAN port IP Address.

Subnet Mask. Displays the WAN port IP subnetmask.

Default Gateway. Displays the default Router to reach Internet or other networks from the WAN port.

DNS. Shown here are the DNS (Domain Name System) IP addresses currently used by this Wireless Router.

DHCP Release button. Click this button to release IP address on WAN port if using DHCP.

DHCP Renew button. Click this button to renew IP address on the WAN port if using DHCP.

Figure 6-68: L2 Switch - Cable Diagnostics

Chapter 6: Setting Up and Configuring the Router Status Tab

Wireless-N Gigabit Security Router with VPN

LAN

This screen provides some basic information on the LAN ports of this Wireless Router.

IP Versions. Displays the IP versions configured on the LAN side.

MAC Address. Displays the LAN port MAC Address. All four LAN ports share the same MAC address.

IP Address. Displays the LAN port IPv4 Address. All four LAN ports share the same MAC address.

Subnet Mask. Displays the LAN port IPv4 subnetmask.

IPv6 Address. Displays the LAN port IPv6 IP address, if IPv6 is enabled.

DHCP Server. Displays the status of the Router's DHCP server.

Start IP Address. Displays the beginning of the range of IP addresses used by the DHCP Server.

End IP Address. Displays the end of the range of IP addresses used by the DHCP Server.

DHCP Client Table button. Click this button to open the DHCP Client Table screen, which shows you which PCs

have been assigned an IP address from the Wireless Router’s DHCP server. You will see a list of DHCP clients (PCs and other network devices) with the following information: Client Host Name, IP Address, MAC Address, and the length of time (in second) before its assigned IP address expires.

ARP Table button. Click this button will open the ARP Table screen, which shows you the ARP Table on the Wireless Router. The ARP Table provides IP address to MAC address mapping. On the ARP Table screen, you will see a list of address mapping between IP (layer 3) and MAC (layer 2).

Figure 6-69: Status - WAN / Gateway

Chapter 6: Setting Up and Configuring the Router Status Tab

Wireless-N Gigabit Security Router with VPN

Wireless LAN

This screen provides some basic information on the Wireless LAN of this Wireless Router.

MAC Address. Displays the MAC address on the Wireless LAN interface.

Network Mode. Displays the Wireless network operating mode (e.g. B/G/N-Mixed).

Wireless SSID. Displays the Wireless network name.

Channel Bandwidth. Displays the wireless channel bandwidth setting.

Wireless Channel. Displays the radio channel number used.

Security. Displays the Wireless Security mode.

SSID Broadcast. Displays the setting on SSID Broadcast.

Figure 6-70: Status - LAN

Figure 6-71: LAN DHCP Client Table

Figure 6-72: LAN ARP Table

Chapter 6: Setting Up and Configuring the Router Status Tab

Wireless-N Gigabit Security Router with VPN

System Performance

This screen provides data packet statistics on the LAN switch and Wireless LAN of the Router.

All LAN Ports / WLAN

The All LAN Ports column shows the aggregate traffic statistics from all four LAN ports.

Packets Received. This shows the number of packets received.

Packets Sent. This shows the number of packets sent.

Bytes Received. This shows the number of bytes received.

Bytes Sent. This shows the number of bytes sent.

Error Packets Received. This shows the number of error packets received.

Drop Received Packets. This shows the number of packets being dropped after they were received.

L2 Switch Ports

Tx Bytes. Displays the number of Bytes transmitted from the selected port.

Tx Frames. Displays the number of Ethernet Frames transmitted from the selected port.

Rx Bytes. Displays the number of Bytes received on the selected port.

Rx Frames. Displays the number of Ethernet frames received on the selected port.

Tx Errors. Displays the number of error frames transmitted from the selected port.

Rx Errors. Displays the number of error frames received from the selected port.

Figure 6-73: Status - Wireless LAN

Chapter 6: Setting Up and Configuring the Router Status Tab

Wireless-N Gigabit Security Router with VPN

VPN Clients

This screen displays the VPN Clients’ connection status. VPN Clients are configured under VPN->VPN Client Accounts and provide users that are running Linksys QuickVPN to establish a IPsec connection with a remote Wireless Router.

Username. Displays the username of the VPN Client.

Status. Displays the connection status of the VPN Client.

Start Time. Displays the start time of the most recent VPN session for the specified VPN Client.

End Time. Displays the end time of a VPN session, if the VPN Client has disconnected.

Duration. Displays the total connection time of the latest VPN session.

Refresh button. Updates the screen with the latest VPN Client information.

Disconnect button. Select the Disconnect box at the end of each row in the VPN Clients Table and then click the Disconnect button to disconnect a VPN Client session.

IPsec VPN

Figure 6-74: Status - System Performance

This screen displays the IPsec VPN (gateway to gateway) connection status. IPsec VPN are configured under VPN->IPsec VPN to establish a IPsec connection with a remote Linksys VPN Router.

Tunnel Na m e. Displays the Tunnel Name of the IPsec VPN connection.

Status. Displays the connection status of the VPN Client.

Action. Use the Connect and Disconnect button to manage your IPsec VPN connection.

Chapter 6: Setting Up and Configuring the Router Status Tab

Wireless-N Gigabit Security Router with VPN

Figure 6-75: Status - VPN Clients

Chapter 6: Setting Up and Configuring the Router Status Tab

Figure 6-76: Status - IPsec VPN

Wireless-N Gigabit Security Router with VPN

Appendix A: Troubleshooting

This appendix provides solutions to problems that may occur during the installation and operation of the Router. Read the descriptions below to help solve your problems. If you can't find an answer here, check the Linksys website at www.linksys.com.

Common Problems and Solutions

1. I need to set a static IP address on a PC.

The Router, by default, assigns an IP address range of 192.168.1.100 to 192.168.1.149 using the DHCP server on the Router. To set a static IP address, you can only use the ranges 192.168.1.2 to 192.168.1.99 and

192.168.1.150 to 192.168.1.254. Each PC or network device that uses TCP/IP must have a unique address to

identify itself in a network. If the IP address is not unique to a network, Windows will generate an IP conflict error message. You can assign a static IP address to a PC by performing the following steps:

For Windows 98 and Millennium:

A. Click Start, Setting, and Control Panel. Double-click Network. B. In The following network components are installed box, select the TCP/IP-> associated with your

Ethernet adapter. If you only have one Ethernet adapter installed, you will only see one TCP/IP line with no association to an Ethernet adapter. Highlight it and click the Properties button.

C. In the TCP/IP properties window, select the IP address tab, and select Specify an IP address. Enter a

unique IP address that is not used by any other computer on the network connected to the Router. You can only use an IP address in the ranges 192.168.1.2 to 192.168.1.99 and 192.168.1.151 to 192.168.1.254. Make sure that each IP address is unique for each PC or network device.

D. Click the Gateway tab, and in the New Gateway prompt, enter 192.168.1.1, which is the default IP

address of the Router. Click the Add button to accept the entry.

E. Click the DNS tab, and make sure the DNS Enabled option is selected. Enter the Host and Domain names

(e.g., John for Host and home for Domain). Enter the DNS entry provided by your ISP. If your ISP has not provided the DNS IP address, contact your ISP to get that information or go to its website for the information.

F. Click the OK button in the TCP/IP properties window, and click Close or the OK button for the Network

window.

G. Restart the computer when asked.

Appendix A: Troubleshooting Common Problems and Solutions

Wireless-N Gigabit Security Router with VPN

For Windows 2000:

A. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. B. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and

select the Properties option.

C. In the Components checked are used by this connection box, highlight Internet Protocol (TCP/IP), and

click the Properties button. Select Use the following IP address option.

D. Enter a unique IP address that is not used by any other computer on the network connected to the Router.

You can only use an IP address in the ranges 192.168.1.2 to 192.168.1.99 and 192.168.1.151 to

192.168.1.254.

E. Enter the Subnet Mask, 255.255.255.0. F. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address). G. Toward the bottom of the window, select Use the following DNS server addresses, and enter the

Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information.

H. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK button in the

Local Area Connection Properties window.

I. Restart the computer if asked.

For Windows XP:

The following instructions assume you are running Windows XP with the default interface. If you are using the Classic interface (where the icons and menus look like previous Windows versions), please follow the instructions for Windows 2000.

A. Click Start and Control Panel. B. Click the Network and Internet Connections icon and then the Network Connections icon. C. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and

select the Properties option.

D. In the This connection uses the following items box, highlight Internet Protocol (TCP/IP). Click the

Properties button.

E. Enter a unique IP address that is not used by any other computer on the network connected to the Router.

You can only use an IP address in the ranges 192.168.1.2 to 192.168.1.99 and 192.168.1.151 to

192.168.1.254.

F. Enter the Subnet Mask, 255.255.255.0. G. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address). H. Toward the bottom of the window, select Use the following DNS server addresses, and enter the

Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information.

I. Click the OK button in the Internet Protocol (TCP/IP) Properties window. Click the OK button in the Local

Area Connection Properties window.

Appendix A: Troubleshooting Common Problems and Solutions

Wireless-N Gigabit Security Router with VPN

2. I want to test my Internet connection.

A. Check your TCP/IP settings.

For Windows 98 and Millennium:

Refer to Windows Help for details. Make sure Obtain IP address automatically is selected in the settings.

For Windows 2000:

1. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections.

2. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and select the Properties option.

3. In the Components checked are used by this connection box, highlight Internet Protocol (TCP/IP), and click the Properties button. Make sure that Obtain an IP address automatically and Obtain DNS server address automatically are selected.

4. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK button in the Local Area Connection Properties window.

5. Restart the computer if asked.

6. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK button in the Local Area Connection Properties window.

7. Restart the computer if asked.

For Windows XP:

1. Click Start and Control Panel.

2. Click the Network and Internet Connections icon and then the Network Connections icon.

3. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and select the Properties option.

4. In the This connection uses the following items box, highlight Internet Protocol (TCP/IP), and click the Properties button. Make sure that Obtain an IP address automatically and Obtain DNS server address automatically are selected.

B. Open a command prompt.

• For Windows 98 and Millennium, click Start and Run. In the Open field, type command. Press the Enter key or click the OK button.

Appendix A: Troubleshooting Common Problems and Solutions

+ 35 hidden pages