SMC 7004FW User guide

Barricade
Cable/DSL Broadband Broadband Router with VPN
Cable/DSL Broadband Router with VPN
EZ 3-click Installation Wizard
Simple 3 step installation utility allows for easy configuration
Configurable Parental Control
and keyword blocking
Stateful Packet Inspection Firewall
Plus
Firewall – Client Privileges, Intrusion Detection, NAT
Built-inVPN Tunneling capability
Multi-user Access (up to 253), Single-user Account
User Guide
SMC7004FW
Barricade™ Plus Broadband Router with VPN User Guide
From SMCs Barricade line of Broadband Routers
38 Tesla Irvine, CA 92618 Phone: (949) 679-8000
May 2002
Revision Number: R01
Copyright
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Copyright © 2002 by
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
All rights reserved. Printed in Taiwan
Tra dem ark s:
SMC is a registered trademark; and Barricade Plus is a trademark of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
L
IMITED
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.
W
ARRANTY
i
L
IMITED WARRANTY
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
ii
COMPLIANCES
FCC - Class B
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with instructions, may cause harmful interference to radio communications. However, there is no guarantee that the interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected
• Consult the dealer or an experienced radio/TV technician for help
EC Conformance Declaration - Class B
SMC contact for these products in Europe is:
SMC Networks Europe, Edificio Conata II, Calle Fructuós Gelabert 6-8, 2 08970 - Sant Joan Despí,
Barcelona, Spain.
This information technology equipment complies with the requirements of the Council Directive 89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93/68/ EEC. For the evaluation of the compliance with these Directives, the following standards were applied:
RFI Emission:
Immunity: * Product family standard according to EN 55024:1998
* Limit class B according to EN 55022:1998 * Limit class A for harmonic current emission according to EN 61000-3-2/
1995
* Limitation of voltage fluctuation and flicker in low-voltage supply system
according to EN 61000-3-3/1995
o
, 4a,
iii
C
OMPLIANCES
* Electrostatic Discharge according to EN 61000-4-2:1995 (Contact Discharge:
±4 kV, Air Discharge: ±8 kV)
* Radio-frequency electromagnetic field according to EN 61000-4-3: 1996 (80
- 1000MHz with 1kHz AM 80% Modulation: 3V/m)
* Electrical fast transient/burst according to EN 61000-4-4:1995(AC/DC
power supply: ±1kV, Data/Signal lines: ±0.5kV)
* Surge immunity test according to EN 61000-4-5:1995(AC/DC Line to Line:
±1kV, AC/DC Line to Earth: ±2kV )
* Immunity to conducted disturbances, Induced by radio-frequency fields: EN
61000-4-6:1996(0.15 - 80MHz with 1kHz AM 80% Modulation: 3V/m)
* Power frequency magnetic field immunity test according to EN
61000-4-8:1993(1A/m at frequency 50Hz)
* Voltage dips, short interruptions and voltage variations immunity test
according to EN 61000-4-11:1994(>95% Reduction @10ms, 30% Reduction @500ms, >95% Reduction @5000ms)
LVD: * EN60950(A1/1992; A2/1993; A3/1993; A4/1995; A11/1997)
Industry Canada - Class B
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled “Digital Apparatus,” ICES-003 of the Department of Communications.
Cet appareil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de Classe B prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques,” NMB-003 édictée par le ministère des Communications.
Japan VCCI Class B
Australia AS/NZS 3548 (1995) - Class B
SMC contact for products in Australia is:
SMC Communications Pty. Ltd. Suite 18, 12 Tryon Road, Lindfield NSW2070, Phone: 61-2-94160437 Fax: 61-2-94160474
iv
C
OMPLIANCES
Safety Compliance
Underwriters Laboratories Compliance Statement
Important! Before making connections, make sure you have the correct cord set.
Check it (read the label on the cable) against the following:
Operating Voltage Cord Set Specifications
120 Volts UL Listed/CSA Certified Cord Set
Minimum 18 AWG Type SVT or SJT three conductor cord Maximum length of 15 feet Parallel blade, grounding type attachment plug rated
15A, 125V
240 Volts (Europe only) Cord Set with H05VV-F cord having three conductors
The unit automatically matches the connected input voltage. Therefore, no additional adjustments are necessary when connecting it to any input voltage within the range marked on the rear panel.
with minimum diameter of 0.75 mm IEC-320 receptacle Male plug rated 10A, 250V
Wichtige Sicherheitshinweise (Germany)
1. Bitte lesen Sie diese Hinweise sorgfältig durch.
2. Heben Sie diese Anleitung für den späteren Gebrauch auf.
3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Verwenden Sie keine Flüssigoder Aerosolreiniger. Am besten eignet sich ein angefeuchtetes Tuch zur Reinigung.
4. Die Netzanschlu ßsteckdose soll nahe dem Gerät angebracht und leicht zugänglich sein.
5. Das Gerät ist vor Feuchtigkeit zu schützen.
6. Bei der Aufstellung des Gerätes ist auf sicheren Stand zu achten. Ein Kippen oder Fallen könnte Beschädigungen hervorrufen.
7. Die Belüftungsöffnungen dienen der Luftzirkulation, die das Gerät vor Überhit­zung schützt. Sorgen Sie dafür, daß diese Öffnungen nicht abgedeckt werden.
8. Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte.
9. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber fallen kann. Es sollte auch nichts auf der Leitung abgestellt werden.
10. Alle Hinweise und Warnungen, die sich am Gerät befinden, sind zu beachten.
2
v
C
OMPLIANCES
11. Wird das Gerät über einen längeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer Überspannung eine Beschädigung vermieden.
12. Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen. Dies könnte einen Brand bzw. elektrischen Schlag auslösen.
13. Öffnen sie niemals das Gerät. Das Gerät darf aus Gründen der elektrischen Sicher­heit nur von authorisiertem Servicepersonal geöffnet werden.
14. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu überprüfen:
a. Netzkabel oder Netzstecker sind beschädigt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetzt. d. Wenn das Gerät nicht der Bedienungsanleitung entsprechend funktioniert oder
Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e. Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt. f. Wenn das Gerät deutliche Anzeichen eines Defektes aufweist.
15. Stellen Sie sicher, da? die Stromversorgung dieses Ger‰tes nach der EN 60950 gepr¸ft ist. Ausgangswerte der Stromversorgung sollten die Werte von AC 7,5-8V, 50-60Hz nicht ¸ber oder unterschreiten sowie den minimalen Strom von 1A nicht unterschreiten..
Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 beträgt 70dB(A) oder weniger.
vi
T
ABLE OF CONTENTS
T
ABLE OF
C
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
About the Barricade Plus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Description of Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Connect the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Basic Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Attach to Your Network Using Ethernet Cabling . . . . . . . 2-6
Attach the Barricade Plus to the Internet . . . . . . . . . . . . . . 2-8
Connecting the Power Adapter . . . . . . . . . . . . . . . . . . . . . . 2-8
Verify Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
3 Configuring Client PCs . . . . . . . . . . . . . . . . . . . . . . . . 3-1
TCP/IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
4 Configuring the Barricade Plus . . . . . . . . . . . . . . . . . 4-1
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Making Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Broadband Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Cable Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Fixed-IP xDSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Advanced Setup Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Making Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
vii
T
ABLE OF CONTENTS
Set Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
WAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Dynamic IP Address – DHCP . . . . . . . . . . . . . . . . . . . . . . 4-15
PPP over Ethernet – PPPoE . . . . . . . . . . . . . . . . . . . . . . . 4-16
Static IP Address – Fixed IP . . . . . . . . . . . . . . . . . . . . . . . 4-17
DNS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
LAN Gateway and DHCP Settings . . . . . . . . . . . . . . . . . . . . . . 4-19
Configuring Client Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
NAT - Network Address Translation . . . . . . . . . . . . . . . . . . . . 4-20
Address Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
Virtual Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
URL Blocking Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Schedule Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
Virtual Private Networks (VPN) Tunnel . . . . . . . . . . . . . . 4-32
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
5 Configuring Client TCP/IP . . . . . . . . . . . . . . . . . . . . . 5-1
Installing TCP/IP Protocol on Your PC . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Windows 95/98/ME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Setting TCP/IP to Work with the Barricade Plus . . . . . . . . . . . . . . . . . 5-5
Windows 95/98/ME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Configuring Your Computer with Windows 95/98/ME . . . . . . 5-8
Step 1. Configure TCP/IP Settings . . . . . . . . . . . . . . . . . . . 5-8
Step 2. Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . 5-11
Step 3. Obtain IP Settings from Your Barricade Plus . . . . 5-13
Configuring Your Computer with Windows 2000 . . . . . . . . . . 5-15
viii
T
ABLE OF CONTENTS
Step 1. Configure TCP/IP Settings . . . . . . . . . . . . . . . . . . 5-15
Step 2. Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . 5-18
Step 3. Obtain IP Settings From Your Barricade Plus . . . 5-20
Configuring Your Computer with Windows XP . . . . . . . . . . . 5-22
Step 1. Configure TCP/IP Settings . . . . . . . . . . . . . . . . . . 5-22
Step 2. Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . 5-25
Step 3. Obtain IP Settings From Your Barricade Plus . . . 5-27
Configuring Your Computer with Windows NT 4.0 . . . . . . . . 5-29
Step 1. Configure TCP/IP Settings . . . . . . . . . . . . . . . . . . 5-29
Step 2. Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . 5-33
Step 3. Obtain IP Settings From Your Barricade Plus . . . 5-35
Configuring Your Macintosh Computer . . . . . . . . . . . . . . . . . . 5-36
Step 1. Configure TCP/IP Settings . . . . . . . . . . . . . . . . . . 5-36
Step 2. Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . 5-38
Step 3. Obtain IP Settings From Your Barricade Plus . . . 5-41
Dynamic IP Allocation via a DHCP Server . . . . . . . . . . . . . . . 5-43
Manual IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44
Verifying Your TCP/IP Connection . . . . . . . . . . . . . . . . . . . . . 5-45
A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
B Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Ethernet Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Twisted-pair Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Straight-through Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
Crossover Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
RJ-45 Port Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3
C Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
D Ordering Information . . . . . . . . . . . . . . . . . . . . . . . . . D-1
ix
T
ABLE OF CONTENTS
x
C
HAPTER
I
NTRODUCTION
Congratulations on your purchase of the Barricade Plus Broadband Router with VPN. SMC is proud to provide you with a powerful yet simple communication device for connecting your local area network (LAN) to the Internet. For those who want to surf the Internet in the most secure way, this Broadband Router provides a convenient and powerful solution.

About the Barricade Plus

The Barricade Plus provides Internet access to multiple users by sharing a single-user account. The most outstanding feature of the Barricade Plus is Network (VPN) services.
This new Barricade Plus technology provides many secure and cost-effective functions. It is simple to configure and can be up and running in minutes.
its extensive firewall protection and Virtual Private
1
1-1
F
EATURES AND BENEFITS

Features and Benefits

Internet connection to xDSL or cable modem via a 10/100 Mbps WAN port
Local network connection via 10/100 Mbps Ethernet ports
DHCP for dynamic IP configuration, and DNS for domain name mapping
Firewall with Stateful Packet Inspection, client privileges, intrusion detection, VPN, and NAT
NAT also enables multi-user access with a single-user account, and virtual server functionality (providing protected access to Internet services such as Web, FTP, mail and Telnet)
• Supports VPN (Virtual Private Network) tunneling with IPSec and PPTP
User-definable application sensing tunnel supports applications requiring multiple connections
Easy setup through a Web browser on any operating system that supports TCP/IP
Compatible with all popular Internet applications
1-2

Applications

Many advanced applications are provided by the Barricade Plus, such as:
LAN Access
The Barricade Plus provides connectivity to 10/100 Mbps devices, making it easy to create a network in small offices or homes.
Internet Access
This device supports Internet access through an xDSL, or Cable connection. Since many DSL providers use PPPoE to establish communications with end users, the Barricade Plus includes a built-in client for this protocol, eliminating the need to install this service on your computer.
Shared IP Address
The Barricade Plus provides Internet access for up to 253 users with a shared IP address. Using only one ISP account, multiple users on your network can browse the Web at the same time.
I
NTRODUCTION
•Virtual Server
If you have a fixed IP address, you can set up the Barricade Plus to act as a virtual host for network address translation. Remote users access various services at your site using a constant IP address. Then, depending on the requested service (or port number), the Barricade Plus can route the request to the appropriate server (at another internal IP address). This secures your network from direct attack by hackers, and provides more flexible management by allowing you to change internal IP addresses without affecting outside access to your network.
1-3
A
PPLICATIONS
DMZ Host Support
Allows a networked computer to be fully exposed to the Internet. This function is used when the special application sensing tunnel feature is insufficient to allow an application to function correctly.
Security
The Barricade Plus supports security features that can deny Internet access to specified users, or filter all requests for specific services the administrator does not want to serve. The Barricade Plus’ firewall can also block common hacker attacks, including IP Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding.
Stateful Packet Inspection
Stateful Packet Inspection (SPI) is one of the firewall features provided by the Barricade Plus. The SPI ensures that the data coming into your network was requested by an end node computer on your network. The Barricade Plus examines the incoming data and compares it to a database of trusted information. As traffic leaves the network it is defined by certain characteristics. Incoming information is then compared to these sets of characteristics. If the incoming data matches the predefined set of characteristics the incoming traffic is allowed. If no match is found the incoming traffic is discarded.
Virtual Private Network (VPN)
The Barricade Plus supports two of the most commonly used VPN protocols – PPTP and IPSec. These protocols allow remote users to establish a secure connection to their corporate network. If your service provider supports VPNs, then any of these protocols can be used to create an authenticated and encrypted tunnel for passing secure data over the Internet (i.e., a
1-4
I
NTRODUCTION
traditionally shared data network). The VPN protocols supported by the Barricade Plus are briefly described below.
Point-to-Point Tunneling Protocol – Provides a secure tunnel for remote client access to a PPTP security gateway. PPTP includes provisions for call origination and flow control required by ISPs.
IP Security – Provides IP network-layer encryption. IPSec can support large encryption networks (such as the Internet) by using digital certificates for device authentication.
1-5
A
PPLICATIONS
1-6
C
HAPTER
I
NSTALLATION
Before installing the Barricade Plus Broadband Router, verify that you have all the items listed under “Package Contents.” If any of the items are missing or damaged, contact your local SMC distributor. Also be sure that you have all the necessary cabling before installing the Barricade Plus. After installing the Barricade Plus, refer to the Web-based configuration program in Chapter 4 for information on configuring the router.

Package Contents

After unpacking the Barricade Plus Broadband Firewall Router, check the contents of the box to be sure you have received the following components:
• Barricade Plus Broadband Router
Power adapter 12V
2
One CAT-5 Ethernet cable
Four rubber feet
CD with this User Guide and EZ 3-Click Installation Wizard
Quick Installation Guide
SMC Warranty Registration Card
Immediately inform your dealer in the event of any incorrect, missing or damaged parts. If possible, please retain the carton and original packing materials in case there is a need to return the product.
2-1
I
NSTALLATION
Please fill out and return the Warranty Registration Card to SMC or register on SMC’s Web site at www.smc.com. The Barricade Plus Broadband Router with VPN is covered by a limited lifetime warranty.

Description of Hardware

The Barricade Plus can be connected to the Internet or to a remote site using its RJ-45 WAN port. It can be connected directly to your PC or to a local area network using any of the Fast Ethernet LAN ports.
Access speed to the Internet depends on your service type. Full-rate ADSL can provide up to 8 Mbps downstream and 640 Mbps upstream. G.lite (or splitterless) ADSL provides up to 1.5 Mbps downstream and 512 Kbps upstream. Cable modems can provide up to 36 Mbps downstream and 2 Mbps upstream. However, you should note that the actual rate provided by specific service providers may vary dramatically from these upper limits.
Although access speed to the Internet is determined by the modem type connected to your Barricade Plus, data passing between devices connected to your local area network can run up to 100 Mbps over the Fast Ethernet ports.
The Barricade Plus includes an LED display on the front panel for system power and port indications that simplifies installation and network troubleshooting. It also provides 4 RJ-45 LAN ports on the front panel, as well as one RJ-45 WAN port on the rear panel.
2-2
I
NSTALLATION
4 RJ-45 ports for connection to a 10BASE-T/100BASE-TX Ethernet Local Area Network (LAN). These ports can auto­negotiate the operating speed to 10/100 Mbps, the mode to half/full duplex, and the pin signals to MDI/MDI-X (i.e., allowing these ports to be connected to any network device with straight-through cable). These ports can be connected directly to a PC or to a server equipped with an Ethernet network interface card, or to a networking device such as an Ethernet hub or switch.
One RJ-45 port for connection to an xDSL or cable modem. This port is fixed at 10/100 Mbps, full duplex. This port only supports MDI-X pin signals, so you will have to use either straight- through or crossover cable depending on the port type used on the modem.
The following figure shows the components of the Barricade Plus:
SMC7004FW
Figure 2-1. Front and Rear Panels
2-3
I
NSTALLATION
Item Description
Reset Button
LEDs Power, WAN and LAN port status indicators.
LAN Ports
WAN Port
Power Inlet
Use this button to reset the power and restore the default factory settings.
(See Verify Port Status on page 2-9.)
Fast Ethernet ports (RJ-45). Connect devices on your local area network to these ports (such as a PC, hub or switch).
WAN port (RJ-45). Connect your cable modem, xDSL modem, or an Ethernet router to this port.
Connect the included power adapter to this inlet.
Warning: Using the wrong type of power adapter may cause damage.

System Requirements

You must have an ISP that meets the following minimum requirements:
Internet access from your Internet Service Provider (ISP) using an xDSL modem, or cable modem.
A PC using a fixed IP address or dynamic IP address assignment via DHCP, as well as a gateway server address and DNS server address from your service provider.
A computer equipped with a 10 Mbps, 100 Mbps, or 10/100 Mbps Fast Ethernet card, or a USB-to-Ethernet converter.
2-4
TCP/IP network protocol installed on each PC that needs to access the Internet.
A Java-enabled Web browser, such as Microsoft Internet Explorer 5.0 or above or Netscape Communicator 4.0 or above installed on one PC at your site for configuring the Barricade Plus.

Connect the System

The Barricade Plus can be positioned at any convenient location in your office or home. No special wiring or cooling requirements are needed. You should, however comply with the following guidelines:
Keep the Barricade Plus away from any heating devices.
Do not place the Barricade Plus in a dusty or wet environment.
You should also remember to turn off the power, remove the power cord from the outlet, and keep your hands dry when you install the Barricade Plus.
I
NSTALLATION

Basic Installation Procedure

1. Connect the LAN:
PC, or to a hub or switch. Run Ethernet cable from one of the LAN ports on the front of the Barricade Plus to your computer’s network adapter or to another network device.
2. Connect the WAN: Prepare an Ethernet cable for connecting the
Barricade Plus to a cable/xDSL modem or Ethernet router.
You can connect the Barricade Plus to your
2-5
I
NSTALLATION
3. Power on: Connect the power adapter to the Barricade Plus.
Internet
Internet Access Device
SMC7004FW Broadband Router
SOHO Office or Residence
Figure 2-2. Connecting the Barricade Plus
Attach to Your Network Using Ethernet Cabling
The 4 LAN ports on the Barricade Plus can auto-negotiate the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet, as well as the transmission mode to half-duplex or full-duplex. These LAN ports support auto-configuration for pin signals (auto-MDI/ MDI-X) that allow you to use straight-through cabling for connecting the Barricade Plus to any network device. (See Appendix B for details on wiring.)
Use twisted-pair cabling to connect any of the 4 LAN ports on the Barricade Plus to an Ethernet adapter on your PC. Otherwise, you can cascade any of LAN ports on the Barricade Plus to an Ethernet hub or switch, and then connect your PC or other network equipment to the hub or switch. When inserting an RJ-45 plug, be sure the tab on the plug clicks into position to ensure that it is properly seated.
2-6
I
NSTALLATION
Warning: Do not plug a phone jack connector into any RJ-45 port.
This may damage the Barricade Plus. Instead, use only twisted-pair cables with RJ-45 connectors that conform with FCC standards.
Notes: 1. Use 100-ohm shielded or unshielded twisted-pair cable
with RJ-45 connectors for all connections. Use Category 3, 4 or 5 for connections that operate at 10 Mbps, and Category 5 for connections that operate at 100 Mbps.
2. Make sure each twisted-pair cable does not exceed 100 meters (328 feet).
Figure 2-3. Making LAN Connections
2-7
I
NSTALLATION
Attach the Barricade Plus to the Internet
If Internet services are provided through an xDSL or cable modem, use unshielded or shielded twisted-pair Ethernet cable (Category 3 or greater) with RJ-45 plugs to connect the broadband modem directly to the WAN port on the Barricade Plus. Use either straight through or crossover cabling depending on the port type provided by the modem (see Appendix B).
12V 1A
ISP
DSL/Cable Modem
WAN
(Primary)
Figure 2-4. Making WAN Connections
Note: When connecting to the WAN port, use 100-ohm Category 3,
4 or 5 shielded or unshielded twisted-pair cable with RJ-45 connectors at both ends for all connections.
Connecting the Power Adapter
Plug the power adapter into the power socket on the Barricade Plus, and the other end into a power outlet. Check the indicator marked Power on the front panel to be sure it is on. If the Power i does not light up, refer to Troubleshooting in Appendix A
ndicator
.
2-8

Verify Port Status

I
NSTALLATION
Check the power and port indicators as shown in the following table
LED Condition Status
Power (Green)
WAN (Green)
Link/Act (Green)
10/100 (Amber)
On Barricade Plus is receiving power.
On The WAN port has established a valid network
connection and operates at 10 Mbps.
Flashing The WAN port is transmitting or receiving
traffic at 100 Mbps.
On The indicated LAN port has established a valid
network connection.
Flashing The indicated LAN port is transmitting or
receiving traffic.
On
Off The indicated LAN port is operating at 10 Mbps.
The indicated LAN port is operating at 100 Mbps.
.
2-9
I
NSTALLATION
2-10
Loading...
+ 106 hidden pages