Planet Technology VRT-311S, VRT-311 User Manual

Broadband VPN Router
VRT-311 / VRT-311S
Users Manual
Copyright (C) 2004 PLANET Technology Corp. All rights reserved. The products and programs described in this Users Manual are licensed products of PLANET
Technology, This Users Manual contains proprietary information protected by copyright, and this Users Manual and all accompanying hardware, software, and documentation are copy­righted.
No part of this Users Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information storage and retrieval systems, for any pur­pose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.
PLANET has made every effort to ensure that this Users Manual is accurate; PLANET dis­claims liability for any inaccuracies or omissions that may have occurred.
Information in this Users Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this Users Manual. PLANET makes no commitment to update or keep current the information in this Users Manual, and reserves the right to make improvements to this Users Manual and/or to the products described in this Users Manual, at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
CE mark Warning
This is a class B device, In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective compa­nies.
Revision
Users Manual for PLANET Broadband VPN Router: Model: VRT-311 / VRT-311S Rev: 1.0 (May. 2004) Part No. EM-VRT311V1
ii
Table of Contents
CHAPTER 1 INTRODUCTION..........................................................................1
VRT-311 /VRT-311S Features...............................................................................1
Package Contents.................................................................................................3
Physical Details.....................................................................................................4
CHAPTER 2 INSTALLATION...........................................................................8
Requirements........................................................................................................8
Procedure..............................................................................................................8
CHAPTER 3 SETUP........................................................................................10
Overview..............................................................................................................10
Configuration Program.......................................................................................11
Setup Wizard.......................................................................................................14
LAN Screen..........................................................................................................17
CHAPTER 4 PC CONFIGURATION...............................................................19
Overview..............................................................................................................19
Windows Clients.................................................................................................19
Macintosh Clients...............................................................................................30
Linux Clients........................................................................................................30
Other Unix Systems............................................................................................30
CHAPTER 5 OPERATION AND STATUS......................................................31
Operation.............................................................................................................31
Status Screen......................................................................................................31
Connection Status - PPPoE...............................................................................33
Connection Status - PPTP..................................................................................35
Connection Status - Telstra Big Pond..............................................................36
Connection Details - SingTel RAS.....................................................................37
Connection Details - Fixed/Dynamic IP Address.............................................39
CHAPTER 6 INTERNET FEATURES.............................................................41
Overview..............................................................................................................41
WAN Port Configuration.....................................................................................42
Advanced Internet...............................................................................................45
Dynamic DNS (Domain Name Server)...............................................................49
Virtual Servers.....................................................................................................51
Options.................................................................................................................53
CHAPTER 7 SECURITY CONFIGURATION..................................................54
Overview..............................................................................................................54
Admin Login........................................................................................................54
Access Control....................................................................................................56
Firewall Rules......................................................................................................60
Logs......................................................................................................................64
E-mail...................................................................................................................67
Security Options.................................................................................................69
Scheduling...........................................................................................................71
i
Services...............................................................................................................72
CHAPTER 8 VPN (IPSEC)..............................................................................73
Overview..............................................................................................................73
Common VPN Situations....................................................................................75
VPN Configuration..............................................................................................77
VPN Examples.....................................................................................................87
Certificates.........................................................................................................105
CRLs...................................................................................................................109
Status.................................................................................................................110
CHAPTER 9 MICROSOFT VPN....................................................................112
Overview............................................................................................................112
Server Setup......................................................................................................112
Client Database.................................................................................................113
Status Screen....................................................................................................115
Windows Client Setup......................................................................................116
CHAPTER 10 OTHER FEATURES & SETTINGS.......................................124
Overview............................................................................................................124
Config File..........................................................................................................125
Network Diagnostics........................................................................................126
PC Database......................................................................................................127
Remote Administration.....................................................................................131
Routing...............................................................................................................133
Upgrade Firmware.............................................................................................138
UPnP...................................................................................................................139
APPENDIX A TROUBLESHOOTING...........................................................140
Overview............................................................................................................140
General Problems.............................................................................................140
Internet Access..................................................................................................140
APPENDIX B SPECIFICATIONS.................................................................142
VRT-311 / VRT-311S..........................................................................................142
FCC Statement..................................................................................................142
CE Marking Warning.........................................................................................143
ii
1
Chapter 1
Introduction
This Chapter provides an overview of VRT-311 / VRT-311S's features and ca­pabilities.
Congratulations on the purchase of your new VRT-311 / VRT-311S . VRT-311 / VRT-311S is a multi-function device providing the following services:
Shared Broadband Internet Access for all LAN users.
VPN Gateway for IPSec VPN connections to remote PCs or sites.
3-Port Switching Hub for 10BaseT or 100BaseT connections.
Figure 1: VRT-311 / VRT-311S

VRT-311 / VRT-311S Features

VRT-311 / VRT-311S incorporates many advanced features, carefully designed to provide sophisticated functions while being easy to use.
Internet Access Features
Shared Internet Access. All users on the LAN or WLAN can access the Internet
through VRT-311 / VRT-311S, using only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT (Network Ad­dress Translation).
DSL & Cable Modem Support. VRT-311 / VRT-311S has a 100BaseT Ethernet port
for connecting a DSL or Cable Modem. All popular DSL and Cable Modems are sup­ported. SingTel RAS and Big Pond (Australia) login support is also included.
PPPoE, PPTP, SingTel RAS and Telstra Big Pond Support. The Internet (WAN
port) connection supports PPPoE (PPP over Ethernet), PPTP (Peer-to-Peer Tunneling Pro­tocol), SingTel RAS and Telstra Big Pond (Australia), as well as "Direct Connection" type services.
1
VRT-311 User Guide
Fixed or Dynamic IP Address. On the Internet (WAN port) connection, VRT-311 /
VRT-311S supports both Dynamic IP Address (IP Address is allocated on connection) and Fixed IP Address.
Advanced Internet Functions
Communication Applications. Support for Internet communication applications, such
as interactive Games, Telephony, and Conferencing applications, which are often difficult to use when behind a Firewall, is included.
Special Internet Applications. Applications which use non-standard connections or
port numbers are normally blocked by the Firewall. The ability to define and allow such applications is provided, to enable such applications to be used normally.
Virtual Servers. This feature allows Internet users to access Internet servers on your
LAN. The required setup is quick and easy.
Multi-DMZ. For each WAN (Internet) IP address allocated to you, one (1) PC on your
local LAN can be configured to allow unrestricted 2-way communication with Servers or individual users on the Internet. This provides the ability to run programs which are in­compatible with Firewalls.
Physical DMZ Port. PCs connected to the DMZ port are effectively isolated from your
LAN, while connected to the Internet. This provides additional security for your LAN while allowing your Servers to be accessed from the Internet.
URL Filter. Use the URL Filter to block access to undesirable Web sites by LAN users.
Internet Access Log. See which Internet connections have been made.
VPN Pass through Support. PCs with VPN (Virtual Private Networking) software
using PPTP, L2TP and IPSec are transparently supported - no configuration is required.
LAN Features
3-Port Switching Hub. VRT-311 / VRT-311S incorporates a 3-port 10/100BaseT
switching hub, making it easy to create or extend your LAN.
DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP
address to PCs and other devices upon request. VRT-311 / VRT-311S can act as a DHCP Server for devices on your local LAN and WLAN.
Multi Segment LAN Support. LANs containing one or more segments are supported,
via VRT-311's / VRT-311S RIP (Routing Information Protocol) support and built-in static routing table.
DMZ Port. Used when allowing Servers on your LAN to be accessed from the Internet,
the DMZ port provides additional protection for both your Servers and your LAN.
Configuration & Management
Easy Setup. Use your WEB browser from anywhere on the LAN or WLAN for configu-
ration.
Remote Management. VRT-311 / VRT-311S can be managed from any PC on your
LAN. And, if the Internet connection exists, it can also (optionally) be configured via the Internet.
UPnP Support. UPnP (Universal Plug and Play) allows automatic discovery and con-
figuration of VRT-311 / VRT-311S. UPnP is by supported by Windows ME, XP, or later.
Configuration File Backup & Restore. You can backup (download) VRT-311 /
VRT-311S 's configuration file to your PC, and restore (upload) a previously-saved con­figuration file to VRT-311 / VRT-311S.
2
Introduction
Security Features
Password - protected Configuration. Optional password protection is provided to
prevent unauthorized users from modifying the configuration data and settings.
NAT Protection. An intrinsic side effect of NAT (Network Address Translation) tech-
nology is that by allowing all LAN users to share a single IP address, the location and even the existence of each PC is hidden. From the external viewpoint, there is no network, only a single device - VRT-311 / VRT-311S.
Stateful Inspection Firewall. All incoming data packets are monitored and all incom-
ing server requests are filtered, thus protecting your network from malicious attacks from external sources.
Protection against DoS attacks. DoS (Denial of Service) attacks can flood your
Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. VRT-311 / VRT-311S in­corporates protection against DoS attacks.
Rule-based Policy Firewall. To provide additional protection against malicious pack-
ets, you can define your own firewall rules. This can also be used to control the Internet services available to LAN users.
IPSec VPN Gateway Features
IPSec.. Support for IPSec standards, including IKE and certificates.
Tunnels. Up to 100 VPN tunnels can be created for VRT-311, and up to 10 VPN tunnels
can be created for VRT-311S..
High performance. High performance encryption engine maintains high throughput
even when using 3DES.
Microsoft VPN Gateway Support
PPTP Server. VRT-311 / VRT-311S emulates a Microsoft PPTP VPN Server, allowing
clients to use the Microsoft VPN client provided in Windows.
Windows Client Support. Remote users can use the Microsoft VPN client (VPN
Adapter) provided in recent versions of Windows.
Easy Setup. For both the Administrator and remote users, the Microsoft VPN is much
easier to configure than IPSec VPN.

Package Contents

The following items should be included:
VRT-311 / VRT-311S Unit
Power Adapter
Quick Installation Guide
CD-ROM containing the on-line manual.
If any of the above items are damaged or missing, please contact your dealer immediately.
3
VRT-311 User Guide

Physical Details

Front-mounted LEDs
Figure 2: VRT-311s Front Panel
Figure 3: VRT-311Ss Front Panel
Power On - Power on.
Off - No power.
Status (Red) On - Error condition.
Off - Normal operation. Blinking - This LED blinks during start up.
LAN
DMZ
Each port has 2 LEDs
LNK/ACT
On - Corresponding LAN (hub) port is active.
Off - No active connection on the corresponding LAN (hub) port.
Flashing - Data is being transmitted or received via the corre-
sponding LAN (hub) port.
100
On - Corresponding LAN (hub) port is using 100BaseT.
Off - Corresponding LAN (hub) port connection is using
10BaseT, or no active connection.
LNK/ACT
On - DMZ port is active.
Off - No active connection to the DMZ port.
Flashing - Data is being transmitted or received via the DMZ
port.
100
On - DMZ port is using 100BaseT.
Off - DMZ port connection is using 10BaseT, or no active con-
nection.
WAN On - Connection to the modem attached to the WAN (Internet) port is
established.
4
Off - No connection to a modem on the WAN (Internet) port. Flashing - Data is being transmitted or received via the WAN port.
Introduction
PPPoE (For VRT-311
only)
On - PPPoE connection established. Off - No PPPoE connection.
5
VRT-311 User Guide
Rear Panel
Figure 4: VRT-311 Rear Panel
Figure 5: VRT-311S Rear Panel
Reset Button
WAN port (10/100BaseT)
DMZ port
10/100BaseT LAN connections
This button has two (2) functions:
Reboot. When pressed and released, VRT-311 / VRT-311S will
reboot (restart).
Clear All Data. This button can also be used to clear ALL data
and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power Off.
2. Hold the Reset Button down while you Power On.
3. Keep holding the Reset Button for a few seconds, until the RED LED has flashed TWICE.
4. Release the Reset Button. VRT-311 / VRT-311S is now using the factory default values.
Connect the DSL or Cable Modem here. If your modem came with a cable, use the supplied cable. Otherwise, use a standard LAN cable.
PCs or devices connected to the DMZ port are isolated from the LAN.
If you have a server you wish to make available to the public, you can connect it here. To use multiple servers, use a standard LAN cable to connect the DMZ port to a normal port on another hub, and connect your servers to the hub.
Use standard LAN cables (RJ45 connectors) to connect your PCs to these ports.
Power port
Note:
Any LAN port on VRT-311 / VRT-311S will automatically function as an "Uplink" port when required. Just connect any port to a normal port on the other hub, using a standard LAN cable.
Connect the supplied power adapter here.
6
Introduction
Using the DMZ Port
The DMZ port is intended for connection of a server you wish to make available to the public. To use multiple servers, use a standard LAN cable to connect the DMZ port to a normal port on another hub, and connect your servers to the hub.
Please note the following points regarding the DMZ port.
Although physically attached to the hub ports, the DMZ port is not part of the built-in hub.
It is a separate single port which is isolated from the hub.
PCs connected to the DMZ port are on the same LAN segment as PCs connected to the
Hub ports. They must use the same IP address range.
PCs connected to the DMZ port are NOT visible to PCs on the hub (LAN) ports. So you
cannot use Microsoft networking or other networking protocols to connect to PCs on the DMZ. The connection must be made via the Internet.
PCs connected to the DMZ port still share the WAN port IP address for Internet access.
To make PCs on the DMZ port available from the Internet, the "Virtual Server" (Port
Forwarding) feature must be configured to send incoming traffic to the appropriate server.
Advantages of the DMZ Port
If running any Servers on your LAN, you should connect them to the DMZ port, for the follow­ing reasons:
Traffic passing between the DMZ and LAN passes through the firewall. The firewall will
protect your LAN if your Server is compromised and used to launch an attack on your LAN.
When using the Virtual Servers feature, (see Virtual Servers in Chapter 6) a firewall rule to
allow incoming traffic from the Internet (WAN) to the DMZ is automatically created. If the Server is connected to the LAN (hub) ports, you must add the firewall rule manually.
7
2
Chapter 2
Installation
This Chapter covers the physical installation of VRT-311 / VRT-311S.

Requirements

Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors.
TCP/IP protocol must be installed on all PCs.
For Internet Access, an Internet Access account with an ISP, and a Broadband modem
(usually, DSL or Cable modem).

Procedure

Figure 6: Installation Diagram
1. Choose an Installation Site
Select a suitable place on the network to install VRT-311 / VRT-311S. Ensure VRT-311 / VRT-311S and the DSL/Cable modem are powered OFF.
2. Connect LAN Cables
Use standard LAN cables to connect PCs to the Switching Hub ports on VRT-311 / VRT-
311S. Both 10BaseT and 100BaseT connections can be used simultaneously.
If required, you can connect any LAN port to another Hub. Any LAN port on VRT-311 /
VRT-311S will automatically function as an "Uplink" port when required. Just connect any LAN port to a normal port on the other hub, using a standard LAN cable.
8
Installation
If desired, connect a PC (server) to the DMZ port. To use multiple servers, use a standard
LAN cable to connect the DMZ port to a normal port on another hub, and connect your servers to the hub. PCs connected to the DMZ port are isolated from your LAN.
3. Connect WAN Cable
Connect the Broadband modem to the WAN port on VRT-311 / VRT-311S. Use the cable supplied with your Broadband modem. If no cable was supplied, use a standard LAN cable.
4. Power Up
Power on the Broadband modem.
Connect the supplied power adapter to VRT-311 / VRT-311S and power up.
Use only the power adapter provided. Using a different one may cause hardware damage
5. Check the LEDs
The Power LED should be ON.
The Status LED should blink during start up, then turn Off. If it stays on, there is a hard-
ware error.
For each LAN (PC) connection, the LAN Link/Act LED should be ON (provided the PC is
also ON.)
If a PC is connected to the DMZ port, the DMZ port's Link/Act LED should be ON (pro-
vided the PC is also ON.)
The WAN LED should be ON. For more information, refer to Front-mounted LEDs in Chapter 1.
9
3
Chapter 3
Setup
This Chapter provides Setup details of VRT-311 / VRT-311S.

Overview

This chapter describes the setup procedure for:
Internet Access
LAN configuration
PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Con­figuration.
Other configuration may also be required, depending on which features and functions of VRT­311 / VRT-311S you wish to use. Use the table below to locate detailed instructions for the required functions.
To Do this: Refer to:
Configure PCs on your LAN. Chapter 4:
PC Configuration
Check VRT-311 / VRT-311S operation and Status. Chapter 5:
Operation and Status
Use any of the following Internet features:
WAN Port
Advanced Setup
Dynamic DNS
Virtual Servers
Options
Change any of the following Security-related settings:
Admin Login
Access Control
Firewall Rules
Logs
E-mail
Security Options
Scheduling
Services
Chapter 6: Internet Features
Chapter 7: Security Configuration
Use the IPSec VPN features:
VPN Policies
Certificates
CRLs
VPN Status
Chapter 8: VPN (IPSec)
10
Setup
Use the Microsoft VPN feature:
PPTP Server in VRT-311 / VRT-311S.
User and Client setup.
Checking VPN connection Status.
Configure or use any of the following:
Configuration File backup and restore.
Network Diagnostic
PC Database
Remote Administration
Routing
Upgrade Firmware
UPnP
Where use of a certain feature requires that PCs or other LAN devices be configured, this is also explained in the relevant chapter.

Configuration Program

Chapter 9: Microsoft VPN
Chapter 9: Other Features and Settings
VRT-311 / VRT-311S contains an HTTP server. This enables you to connect to it, and config­ure it, using your Web Browser. Your Browser must support JavaScript. The configuration program has been tested on the following browsers:
Netscape V4.08 or later
Internet Explorer V4 or later
Preparation
Before attempting to configure VRT-311 / VRT-311S, please ensure that:
Your PC can establish a physical connection to VRT-311 / VRT-311S. The PC and VRT-
311 / VRT-311S must be directly connected (using the Hub ports on VRT-311 / VRT­311S) or on the same LAN segment.
VRT-311 / VRT-311S must be installed and powered ON.
If VRT-311 / VRT-311Ss default IP Address (192.168.0.1) is already used by another
device, the other device must be turned OFF until VRT-311 / VRT-311S is allocated a new IP Address during configuration.
Using UPnP
If your Windows system supports UPnP, an icon for VRT-311 / VRT-311S will appear in the system tray, notifying you that a new network device has been found, and offering to create a new desktop shortcut to the newly-discovered device.
Unless you intend to change the IP Address of VRT-311 / VRT-311S, you can accept the
desktop shortcut.
Whether you accept the desktop shortcut or not, you can always find UPnP devices in My
Network Places (previously called Network Neighborhood).
11
VRT-311 User Guide
Double - click the icon for VRT-311 / VRT-311S (either on the Desktop, or in My Network
Places) to start the configuration. Refer to the following section Setup Wizard for details of
the initial configuration process.
Using your Web Browser
To establish a connection from your PC to VRT-311 / VRT-311S:
1. After installing VRT-311 / VRT-311S in your LAN, start your PC. If your PC is already running, restart it.
2. Start your WEB browser.
3. In the Address box, enter "HTTP://" and the IP Address of VRT-311 / VRT-311S, as in this example, which uses VRT-311 / VRT-311S 's default IP Address:
HTTP://192.168.0.1
If you can't connect
If VRT-311 / VRT-311S does not respond, check the following:
VRT-311 / VRT-311S is properly installed, LAN connection is OK, and it is
powered ON. You can test the connection by using the "Ping" command:
Open the MS-DOS window or command prompt window.
Enter the command:
ping 192.168.0.1 If no response is received, either the connection is not working, or your PC's IP address is not compatible with VRT-311 / VRT-311Ss IP Ad­dress. (See next item.)
If your PC is using a fixed IP Address, its IP Address must be within the range
192.168.0.2 to 192.168.0.254 to be compatible with VRT-311 / VRT-311S 's default IP Address of 192.168.0.1. Also, the Network Mask must be set to
255.255.255.0. See Chapter 4 - PC Configuration for details on checking your PC's TCP/IP settings.
Ensure that your PC and VRT-311 / VRT-311S are on the same network
segment. (If you don't have a router, this must be the case.)
4. You will be prompted for a username and password, as shown below.
Figure 7: Password Dialog
Enter admin for the User Name, and leave the Password blank.
12
Setup
These are the default values. Both the name and password can (and should) be changed, using the Admin Login screen. Once you have changed either the name or the password, you must use the current values.
13
VRT-311 User Guide

Setup Wizard

The first time you connect to VRT-311 / VRT-311S, the Setup Wizard will run automatically. (The Setup Wizard will also run if VRT-311 / VRT-311S 's default setting are restored.)
1. Step through the Wizard until finished.
You need to know the type of Internet connection service used by your ISP. Check the
data supplied by your ISP.
The common connection types are explained in the tables below.
2. On the final screen of the Wizard, run the test and check that an Internet connection can be established.
3. If the connection test fails:
Check your data, the Cable/DSL modem, and all connections.
Check that you have entered all data correctly.
If using a Cable modem, your ISP may have recorded the MAC (physical) address of
your PC. Run the Wizard, and on the Cable Modem screen, use the "Clone MAC ad­dress" button to copy the MAC address from your PC to VRT-311 / VRT-311S.
Common Connection Types
Cable Modems
Type Details ISP Data required
Dynamic IP Address
Static (Fixed) IP Address
DSL Modems
Type Details ISP Data required
Dynamic IP Address
Your IP Address is allocated automatically, when you connect to you ISP.
Your ISP allocates a perma­nent IP Address to you.
Your IP Address is allocated automatically, when you connect to you ISP.
Usually, none. However, some ISP's may
require you to use a particular Hostname, Domain name, or MAC (physical) address.
IP Address allocated to you, mask and gateway (if provided), and DNS address.
Some ISP's may also require you to use a particular Host­name, Domain name, or MAC (physical) address.
None.
Static (Fixed) IP Address
PPPoE You connect to the ISP only
Your ISP allocates a perma­nent IP Address to you.
when required. The IP address is usually allocated automati­cally.
IP Address allocated to you, mask and gateway (if provided), and DNS address.
User name and password.
14
Setup
PPTP Mainly used in Europe.
You connect to the ISP only when required. The IP address is usually allocated automati­cally, but may be Static (Fixed).
Other Modems (e.g. Broadband Wireless)
Type Details ISP Data required
Dynamic IP Address
Static (Fixed) IP Address
Your IP Address is allocated automatically, when you connect to you ISP.
Your ISP allocates a perma­nent IP Address to you.
Big Pond Cable (Australia)
For this connection method, the following data is required:
User Name
Password
Big Pond Server IP address
PPTP Server IP Address.
User name and password.
IP Address allocated to you,
if Static (Fixed).
Usually, none. However, some ISP's may
require you to use a particular Hostname, Domain name, or MAC (physical) address.
IP Address allocated to you, mask and gateway (if provided), and DNS address.
SingTel RAS
For this connection method, the following data is required:
User Name
Password
RAS Plan
15
VRT-311 User Guide
Home Screen
After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below.
Figure 8: Home Screen
Navigation & Data Input
Use the menu bar on the top of the screen, and the "Back" button on your Browser, for navigation.
Changing to another screen without clicking "Save" does NOT save any changes you may have made. You must "Save" before changing screens or your data will be ignored.
On each screen, clicking the "Help" button will display help for that screen.
From any help screen, you can access the list of all help files (help index).
16

LAN Screen

Use the LAN link on the main menu to reach the LAN screen An example screen is shown below.
Figure 9: LAN Screen
Data - LAN Screen
TCP/IP
Setup
IP Address
Subnet Mask
DHCP Server
Buttons
Save
IP address for VRT-311 / VRT-311S, as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN.
The default value 255.255.255.0 is standard for small (class "C") networks. For other networks, use the Subnet Mask for the LAN segment to which VRT-311 / VRT-311S is attached (the same value as the PCs on that LAN segment).
If Enabled, VRT-311 / VRT-311S will allocate IP Addresses to
PCs (DHCP clients) on your LAN when they start up. The default (and recommended) value is Enabled.
If you are already using a DHCP Server, this setting must be
Disabled, and the existing DHCP server must be re-configured to treat VRT-311 / VRT-311S as the default Gateway. See the following section for further details.
The Start IP Address and Finish IP Address fields set the values
used by the DHCP server when allocating IP Addresses to DHCP clients. This range also determines the number of DHCP clients supported.
See the following section for further details on using DHCP.
Save the data on screen.
Cancel
The "Cancel" button will discard any data you have entered and reload the file from VRT-311 / VRT-311S.
17
VRT-311 User Guide
DHCP
What DHCP Does
A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request.
The client request is made when the client device starts up (boots).
The DHCP Server provides the Gateway and DNS addresses to the client, as well as
allocating an IP Address.
VRT-311 / VRT-311S can act as a DHCP server.
Windows 95/98/ME and other non-Server versions of Windows will act as a DHCP client.
This is the default Windows setting for the TCP/IP network protocol. However, Windows uses the term Obtain an IP Address automatically instead of "DHCP Client".
You must NOT have two (2) or more DHCP Servers on the same LAN segment. (If your LAN does not have other Routers, this means there must only be one (1) DHCP Server on your LAN.)
Using VRT-311 / VRT-311S 's DHCP Server
This is the default setting. The DHCP Server settings are on the LAN screen. On this screen, you can:
Enable or Disable VRT-311 / VRT-311S 's DHCP Server function.
Set the range of IP Addresses allocated to PCs by the DHCP Server function.
You can assign Fixed IP Addresses to some devices while using DHCP, provided that the Fixed IP Addresses are NOT within the range used by the DHCP Server.
Using another DHCP Server
You can only use one (1) DHCP Server per LAN segment. If you wish to use another DHCP Server, rather than VRT-311 / VRT-311S 's, the following procedure is required.
1. Disable the DHCP Server feature in VRT-311 / VRT-311S. This setting is on the LAN screen.
2. Configure the DHCP Server to provide VRT-311 / VRT-311S 's IP Address as the Default Gateway.
To Configure your PCs to use DHCP
This is the default setting for TCP/IP under Windows 95/98/ME. See Chapter 4 - Client Configuration for the procedure to check these settings.
18
4
Chapter 4
PC Configuration
This Chapter details the PC Configuration required on the local ("Internal") LAN.

Overview

For each PC, the following may need to be configured:
TCP/IP network settings
Internet Access configuration

Windows Clients

This section describes how to configure Windows clients for Internet access via VRT-311 / VRT-311S.
The first step is to check the PC's TCP/IP settings. VRT-311 / VRT-311S uses the TCP/IP network protocol for all functions, so it is essential that
the TCP/IP protocol be installed and configured on each PC.
TCP/IP Settings - Overview
If using the default VRT-311 / VRT-311S settings, and the default Win­dows TCP/IP settings, no changes need to be made.
By default, VRT-311 / VRT-311S will act as a DHCP Server, automatically providing a suitable IP Address (and related information) to each PC when the PC boots.
For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP client.
If using a Fixed (specified) IP address, the following changes are re­quired:
The Gateway must be set to the IP address of VRT-311 / VRT-311S.
The DNS should be set to the address provided by your ISP.
If your LAN has a Router, the LAN Administrator must re­configure the Router itself. Refer to Chapter 8 - Other Features and Operations for details.
19
Broadband VPN Router Users Manual
Checking TCP/IP Settings - Windows 9x/ME:
1. Select Control Panel - Network. You should see a screen like the following:
Figure 10: Network Configuration
2. Select the TCP/IP protocol for your network card.
3. Click on the Properties button. You should then see a screen like the following.
Figure 11: IP Address (Win 95)
Ensure your TCP/IP settings are correct, as follows:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, VRT-311 / VRT-311S will act as a DHCP Server.
Restart your PC to ensure it obtains an IP Address from VRT-311 / VRT-311S.
Using "Specify an IP Address"
If your PC is already configured, check with your network administrator before making the following changes:
20
PC Configuration
On the Gateway tab, enter VRT-311 / VRT-311S 's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to VRT-311 / VRT-311S.
Figure 32: Gateway Tab (Win 95/98)
On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add.
Figure 3: DNS Tab (Win 95/98)
21
Broadband VPN Router Users Manual
Checking TCP/IP Settings - Windows NT4.0
1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below.
Figure 14: Windows NT4.0 - TCP/IP
2. Click the Properties button to see a screen like the one below.
Figure 15: Windows NT4.0 - IP Address
3. Select the network card for your LAN.
22
PC Configuration
4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below.
Obtain an IP address from a DHCP Server
This is the default Windows setting. Using this is recommended. By default, VRT-311 / VRT­311S will act as a DHCP Server.
Restart your PC to ensure it obtains an IP Address from VRT-311 / VRT-311S.
Specify an IP Address
If your PC is already configured, check with your network administrator before making the following changes.
1. The Default Gateway must be set to the IP address of VRT-311 / VRT-311S. To set this:
Click the Advanced button on the screen above.
On the following screen, click the Add button in the Gateways panel, and enter VRT-
311 / VRT-311S 's IP address, as shown in Figure below.
If necessary, use the Up button to make VRT-311 / VRT-311S the first entry in the
Gateways list.
Figure 16: Windows NT4.0 - Add Gateway
2. The DNS should be set to the address provided by your ISP, as follows:
Click the DNS tab.
On the DNS screen, shown below, click the Add button (under DNS Service Search
Order), and enter the DNS provided by your ISP.
23
Broadband VPN Router Users Manual
Figure17: Windows NT4.0 - DNS
24
PC Configuration
Checking TCP/IP Settings - Windows 2000:
1. Select Control Panel - Network and Dial-up Connection.
2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following:
Figure18: Network Configuration (Win 2000)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure19: TCP/IP Properties (Win 2000)
25
Broadband VPN Router Users Manual
5. Ensure your TCP/IP settings are correct, as described below.
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, VRT-311 / VRT-311S will act as a DHCP Server.
Restart your PC to ensure it obtains an IP Address from VRT-311 / VRT-311S.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured, check with your network administrator before making the following changes.
Enter VRT-311 / VRT-311S 's IP address in the Default gateway field and click OK. (Your LAN administrator can advise you of the IP Address they assigned to VRT-311 / VRT­311S.)
If the DNS Server fields are empty, select Use the following DNS server addresses, and enter the DNS address or addresses provided by your ISP, then click OK.
26
Loading...
+ 117 hidden pages