SMC WRT-390U User Manual

2.4GHz Wireless 802.11n(DRAFT) GbE Router

WRT-390U

Rev 0.8

User Manual

1

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one of the following measures:

- Reorient or relocate the receiving antenna.

- Increase the separation between the equipment and receiver.

- Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.

- Consult the dealer or an experienced radio/TV technician for help.

FCC Caution: Any changes or modifications not expressly approved by the party
responsible for compliance could void the user's authority to operate this equipment.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following
two conditions: (1) This device may not cause harmful interference, and (2) this device
must accept any interference received, including interference that may cause undesired
operation.

IMPORTANT NOTE:
Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance
20cm between the radiator & your body.

This transmitter must not be co-located or operating in conjunction with any other antenna
or transmitter.

The availability of some specific channels and/or operational frequency bands are country
dependent and are firmware programmed at the factory to match the intended destination.
The firmware setting is not accessible by the end user.

2

Copyright

This publication, including all photographs, illustrations and software, is protected under interna­tional copyright laws, with all rights reserved. Neither this manual, nor any of the material con­tained herein, may be reproduced without written consent of the author.

Copyright 2006

Trademark recognition

All product names used in this manual are the properties of their respective owners and are
acknowledged.

3

Table of Contents

Getting Started with the WRT-390U 3

Package Contents 4
Minimum System Requirements 4

Wireless LAN Networking 5

Introduction 9

Features 9

Hardware Overview 11

LED Indications 11
Rear Panel 11
Installation Considerations 12
Getting Started 12

Using the Configuration Menu 13

Basic 14
Advanced 26
Tools 56
Status 71

Glossary 82

4

Getting Started with the WRT-390U

Congratulations on purchasing the WRT-390U! This manual provides information for setting up
and configuring the WRT-390U. This manual is intended for both home users and professionals.

The following conventions are used in this manual:

THE NOTE SYMBOL INDICATES ADDITIONAL INFORMATION ON THE
TOPIC AT HAND.

THE TIP SYMBOL INDICATES HELPFULL INFORMATION AND TIPS TO
IMPROVE YOUR NETWORK EXPERIENCE.

THE CAUTION SYMBOL ALERTS YOU TO SITUATIONS THAT MAY
DEGRADE YOUR NETWORKING EXPERIENCE OR COMPROMISE

LIKE NOTES AND TIPS, THE IMPORTANT SYMBOL INDICATES
INFORMATION THAT CAN IMPROVE NETWORKING. THIS INFORMATION
SHOULD NOT BE OVERLOOKED.

5

Package Contents



WRT-390U 11n(Draft) Wireless GbE Router



CAT-5 Ethernet Cable (All the WRT-390U’s Ethernet ports are Auto-MDIX)



Power Adapter (12V, 1A)



CD-ROM with Software and Manual



Quick Installation Guide

Using a power supply with a different voltage than the one included with your
product will cause damage and void the warranty for this product.

Minimum System Requirements



Ethernet-Based Cable or DSL Modem



Computers with Windows, Macintosh, or Linux-based operating systems with an installed

Ethernet adapter and CD-ROM Drive



Internet Explorer Version 6.0 or Netscape Navigator Version 7.0 and Above

6

Wireless LAN Networking

This section provides background information on wireless LAN networking technology. Consult
the Glossary for definitions of the terminology used in this section.

T

HE INFORMATION IN THIS SECTION IS FOR YOUR REFERENCE. CHANGING
NETWORK SETTINGS AND PARTICULARLY SECURITY SETTTINGS SHOULD ONLY
BE DONE BY AN AUTHORIZED ADMINISTRATOR.

Transmission Rate (Transfer Rate)

The WRT-390U provides various transmission (data) rate options for you to select. In most
networking scenarios, the factory default Best (automatic) setting proves the most efficient. This
setting allows your WRT-390U to operate at the maximum transmission (data) rate. When the
communication quality drops below a certain level, the WRT-390U automatically switches to a
lower transmission (data) rate. Transmission at lower data speeds is usually more reliable.
However, when the communication quality improves again, the WRT-390U gradually increases the
transmission (data) rate again until it reaches the highest available transmission rate.

Types of Wireless Networks

Wireless LAN networking works in either of the two modes: ad-hoc and infrastructure. In infra­structure mode, wireless devices communicate to a wired LAN via access points. Each access
point and its wireless devices are known as a Basic Service Set (BSS). An Extended Service Set
(ESS) is two or more BSSs in the same subnet. In ad hoc mode (also known as peer-to-peer
mode), wireless devices communicate with each other directly and do not use an access point.
This is an Independent BSS (IBSS).

To connect to a wired network within a coverage area using access points, set the operation mode
to Infrastructure (BSS). To set up an independent wireless workgroup without an access point, use
Ad-hoc (IBSS) mode.

AD-HOC (IBSS) N

Ad-hoc mode does not require an access point or a wired network. Two or more wireless stations
communicate directly to each other. An ad-hoc network may sometimes be referred to as an
Independent Basic Service Set (IBSS).

To set up an ad-hoc network, configure all the stations in ad-hoc mode. Use the same SSID and
channel for each station.

ETWORK

7

When a number of wireless stations are connected using a single access point, you have a Basic
Service Set (BSS).

In the ESS diagram below, communication is done through the access points, which relay data
packets to other wireless stations or devices connected to the wired network. Wireless stations
can then access resources, such as a printer, on the wired network.

8

In an ESS environment, users are able to move from one access point to another without losing the
connection. In the diagram below, when the user moves from BSS (1) to BSS (2) the WLAN client
devices automatically switches to the channel used in BSS (2).

Roaming in an ESS network diagram

9

Introduction

The WRT-390U 11n (Draft) Wireless GbE Router is an high-performance, wireless router that
supports high-speed wireless networking at home, at work or in public places.

Unlike most routers, the WRT-390U provides data transfers at up to 300Mbps when using 11n (Draft)
connection. This router is also back compatible with 802.11g or 11b devices. This means that you do
not need to change your entire network to maintain connectivity. You may sacrifice some of 11n’s
(Draft) speed when you mix 11n (Draft) and 11b/g devices, but you will not lose the ability to
communicate when you incorporate the 11n (Draft) standard into your 11b/g network. You may
choose to slowly change your network by gradually replacing the 11b/g devices with 11n (Draft)
devices.

Features



Compliant Work with Vista requirements



Supports draft IEEE 802.11n & 11b/g 2.4GHz wireless Local Area Network (WLAN) application



2.412 to 2.472GHz frequency band operation (FCC: 2.412 to 2.462GHz)



Compliant with IEEE 802.3 & 3u standards



Support OFDM and CCK modulation



High-Speed up to 300Mbps Data Rate using IEEE 802.11n (draft) connection



Supports Cable/DSL Modems with Dynamic IP, Static IP, PPPoE, PPTP, L2TP or BigPond

Connection Types



Firewall features Network Address Translation (NAT), and Stateful Packet Inspection (SPI)

protects against Dos attacks



Traffic Control with Virtual Server (max 24 configurable servers) and DMZ



UPnP (Universal Plug & Play) and ALGs Support for Internet applications such as Email, FTP,

Gaming, Remote Desktop, Net Meeting, Telnet, and more



Provides Additional Security of Enable/Disable SSID, Internet Access Control (Services, URL and

MAC Filtering)



Supports Multiple and Concurrent IPSec, L2TP and PPTP VPN Pass-Through Sessions



Flash Memory for Firmware Upgrade, Save/Restore Settings



Easy Management via Web Browser (HTTP/HTTPS) and Remote Management



Supports 64/128-bit WEP, WPA/WPA2, and WPA-PSK/WPA2-PSK.



Easy wireless setup via WiFi Protection Setup, or Windows Connect Now (optional).

10



Work with IE6.0 and above, FireFox, Opera, Netescape web browsers.



Support 4 x 10/100/1000Mbps Auto-MDIX LAN Port and 1 x 10/100/1000Mbps WAN Port

(Internet)



Built-in 3 External Antennas to support high speed performance and great coverage.

11

Hardware Overview

LED Indications: (from bottom to top)



PWR



WAN



LAN1



LAN2



LAN3



LAN4



Wireless



WPS



Reserve



Reserve

Rear panel: (from bottom to top)

• DC-IN

• RESET

• WAN

• LAN1

• LAN2

• LAN3

• LAN4

12

Installation Considerations

The WRT-390U 11n (Draft) Wireless Router lets you access your network, using a wireless
connection, from virtually anywhere within its operating range. Keep in mind, however, that the
number, thickness and location of walls, ceilings, or other objects that the wireless signals must pass
through, may limit the range. Typical ranges vary depending on the types of materials and background
RF (radio frequency) noise in your home or business. The key to maximizing wireless range is to
follow these basic guidelines:

1 Keep the number of walls and ceilings between the WRT-390U and other network devices to a

minimum - each wall or ceiling can reduce your wireless product’s range from 3-90 feet
(1-30 meters.) Position your devices so that the number of walls or ceilings is minimized.

2 Be aware of the direct line between network devices. A wall that is 1.5 feet thick (.5 meters), at

a 45-degree angle appears to be almost 3 feet (1 meter) thick. At a 2-degree angle it looks
over 42 feet (14 meters) thick! Position devices so that the signal will travel straight through a
wall or ceiling (instead of at an angle) for better reception.

3 Building Materials can impede the wireless signal - a solid metal door or aluminum studs may

have a negative effect on range. Try to position wireless devices and computers with wireless
adapters so that the signal passes through drywall or open doorways and not other materials.

4 Keep your product away (at least 3-6 feet or 1-2 meters) from electrical devices or appliances

that generate extreme RF noise.

Getting Started

For a typical wireless setup at home, please do the following:

1. You will need broadband Internet access (a Cable or DSL-subscriber line into your home or

office)

2. Consult with your Cable or DSL provider for proper installation of the modem.

3. Connect the Cable or DSL modem to the WRT-390U Wireless Broadband Router (WAN
port).

4. Ethernet LAN ports of the WRT-390U are Auto MDI/MDIX and will work with both
Straight-Through and Cross-Over cable.

13

Using the Configuration Menu

Whenever you want to configure your WRT-390U, you can access the Configuration Menu through
your PC by opening the Web-browser and typing in the IP Address of the WRT-390U. The
WRT-390U’s default IP Address is http://192.168.0.1



Open the Web browser.



Type in the IP Address of the Router (http://192.168.0.1).

If you have changed the default IP Address assigned to the WRT-390U, make sure to
enter the correct IP Address.



Select admin in the User Name field.



Leave the Password blank.



Click Login In.

14

Basic

The Basic tab provides the following configuration options: Internet, Wireless and Network Settings.

Basic_Internet

Internet Connection Setup Wizard

If you are new to networking and have never configured a router before, click on Setup Wizard
and the router will guide you through a few simple steps to get your network up and running.

Manual Internet Connection Setup

If you consider yourself an advanced user and have configured a router before, click Manual

Configure to input all the settings manually.

15

Basic_Wireless

The wireless section is used to configure the wireless settings for your router. Note that changes made
in this section may also need to be duplicated on wireless clients that you want to connect to your
wireless network.

To protect your privacy, use the wireless security mode to configure the wireless security features.
This device supports three wireless security modes including: WEP, WPA-Personal, and
WPA-Enterprise. WEP is the original wireless encryption standard. WPA-Enterprise provides a higher
level of security. WPA-Personal does not require an authentication server. The WPA-Enterprise option
does require a RADIUS authentication server.

Enable Wireless

This indicates the wireless operating status. The wireless can be turned on or off by the slide
switch at the back panel. When the wireless is enabled, the following parameters are in effect.

Wireless Network Name

When you are browsing for available wireless networks, this is the name that will appear in the
list (unless Visibility Status is set to Invisible, see below). This name is also referred to as the
SSID. For security purposes, it is highly recommended to change from the pre-configured
network name.

Enable Auto Channel Scan

If you select this option, the router automatically finds the channel with least interference and
uses that channel for wireless networking. If you disable this option, the router uses the
channel that you specify with the following Wireless Channel option.

16

Wireless Channel

A wireless network uses specific channels in the wireless spectrum to handle communication
between clients. Some channels in your area may have interference from other electronic
devices. Choose the clearest channel to help optimize the performance and coverage of your
wireless network.

802.11 Mode

If all of the wireless devices you want to connect with this router can connect in the same
transmission mode, you can improve performance slightly by choosing the appropriate "Only"
mode. If you have some devices that use a different transmission mode, choose the
appropriate "Mixed" mode.

Channel Width

The "Auto 20/40 MHz" option is usually best. The other options are available for special
circumstances.

Transmission Rate

By default the fastest possible transmission rate will be selected. You have the option of
selecting the speed if necessary.

Number of Spatial Streams

Selecting more than one spatial stream can increase throughput, but can in some cases
decrease signal quality. Select the option that works best for your installation.

Visibility Status

The Invisible option allows you to hide your wireless network. When this option is set to Visible,
your wireless network name is broadcast to anyone within the range of your signal. If you're not
using encryption then they could connect to your network. When Invisible mode is enabled,
you must enter the Wireless Network Name (SSID) on the client manually to connect to the
network.

Security Mode

Unless one of these encryption modes is selected, wireless transmissions to and from your
wireless network can be easily intercepted and interpreted by unauthorized users.

WEP

A method of encrypting data for wireless communication intended to provide the same level of
privacy as a wired network. WEP is not as secure as WPA encryption. To gain access to a
WEP network, you must know the key. The key is a string of characters that you create. When
using WEP, you must determine the level of encryption. The type of encryption determines the
key length. 128-bit encryption requires a longer key than 64-bit encryption. Keys are defined by
entering in a string in HEX (hexadecimal - using characters 0-9, A-F) or ASCII (American
Standard Code for Information Interchange - alphanumeric characters) format. ASCII format is
provided so you can enter a string that is easier to remember. The ASCII string is converted to
HEX for use over the network. Four keys can be defined so that you can change keys easily. A
default key is selected for use on the network.

Example:

64-bit hexadecimal keys are exactly 10 characters in length. (12345678FA is a valid string of 10
characters for 64-bit encryption.)

128-bit hexadecimal keys are exactly 26 characters in length. (456FBCDF123400122225271730
is a valid string of 26 characters for 128-bit encryption.)

17

64-bit ASCII keys are up to 5 characters in length (DMODE is a valid string of 5 characters for
64-bit encryption.)

128-bit ASCII keys are up to 13 characters in length (2002HALOSWIN1 is a valid string of 13
characters for 128-bit encryption.)

Note that, if you enter fewer characters in the WEP key than required, the remainder of the key
is automatically padded with zeros.

WPA-Personal and WPA-Enterprise

Both of these options select some variant of Wi-Fi Protected Access (WPA) -- security
standards published by the Wi-Fi Alliance. The WPA Mode further refines the variant that the
router should employ.

WPA Mode: WPA is the older standard; select this option if the clients that will be used with the
router only support the older standard. WPA2 is the newer implementation of the stronger
IEEE 802.11i security standard. With the "WPA2" option, the router tries WPA2 first, but falls
back to WPA if the client only supports WPA. With the "WPA2 Only" option, the router
associates only with clients that also support WPA2 security.

Cipher Type: The encryption algorithm used to secure the data communication. TKIP
(Temporal Key Integrity Protocol) provides per-packet key generation and is based on WEP.
AES (Advanced Encryption Standard) is a very secure block based encryption. With the "TKIP
and AES" option, the router negotiates the cipher type with the client, and uses AES when
available.

Group Key Update Interval: The amount of time before the group key used for broadcast and
multicast data is changed.

Group Key Update Interval: The amount of time before the group key used for broadcast and
multicast data is changed.

WPA-Personal

This option uses Wi-Fi Protected Access with a Pre-Shared Key (PSK).
Pre-Shared Key: The key is entered as a pass-phrase of up to 63 alphanumeric characters in

ASCII (American Standard Code for Information Interchange) format at both ends of the
wireless connection. It cannot be shorter than eight characters, although for proper security it
needs to be of ample length and should not be a commonly known phrase. This phrase is used
to generate session keys that are unique for each wireless client.

Example:
Wireless Networking technology enables ubiquitous communication

WPA-Enterprise

This option works with a RADIUS Server to authenticate wireless clients. Wireless clients
should have established the necessary credentials before attempting to authenticate to the
Server through this Gateway. Furthermore, it may be necessary to configure the RADIUS
Server to allow this Gateway to authenticate users.

Authentication Timeout: Amount of time before a client will be required to re-authenticate.

18

RADIUS Server IP Address: The IP address of the authentication server.
RADIUS Server Port: The port number used to connect to the authentication server.
RADIUS Server Shared Secret: A pass-phrase that must match with the authentication server.
MAC Address Authentication: If this is selected, the user must connect from the same

computer whenever logging into the wireless network.

Advanced:

Optional Backup RADIUS Server
This option enables configuration of an optional second RADIUS server. A second RADIUS
server can be used as backup for the primary RADIUS server. The second RADIUS server is
consulted only when the primary server is not available or not responding. The fields Second
RADIUS Server IP Address, RADIUS Server Port, Second RADIUS server Shared Secret,
Second MAC Address Authentication provide the corresponding parameters for the second
RADIUS Server.

19

Basic_Network Settings

Use this section to configure the internal network settings of your router. The IP Address that is
configured here is the IP Address that you use to access the Web-based management interface. If you
change the IP Address here, you may need to adjust your PC’s network settings to access the
network again.

20

Router Settings

These are the settings of the LAN (Local Area Network) interface for the router. The
router's local network (LAN) settings are configured based on the IP Address and Subnet
Mask assigned in this section. The IP address is also used to access this Web-based
management interface. It is recommended that you use the default settings if you do not
have an existing network.

IP Address

The IP address of your router on the local area network. Your local area network settings are
based on the address assigned here. For example, 192.168.0.1.

Subnet Mask

The subnet mask of your router on the local area network.

Local Domain Name

This entry is optional. Enter a domain name for the local network. LAN computers will assume
this domain name when they get an address from the router's built in DHCP server. So, for
example, if you enter mynetwork.net here, and you have a LAN side laptop with a name of
chris, that laptop will be known as chris.mynetwork.net. Note, however, the entered domain
name can be overridden by the one obtained from the router's upstream DHCP server.

DNS Relay

When DNS Relay is enabled, the router plays the role of a DNS server. DNS requests sent to
the router are forwarded to the ISP's DNS server. This provides a constant DNS address that
LAN computers can use, even when the router obtains a different DNS server address from the
ISP upon re-establishing the WAN connection. You should disable DNS relay if you implement
a LAN-side DNS server as a virtual server.

If WAN Port Mode is set to "Bridge Mode", the following choices are displayed in place of the
above choices, because the device is functioning as a bridge in a network that contains
another router.

Router IP Address

The IP address of the this device on the local area network. Assign any unused IP address in

21

the range of IP addresses available for the LAN. For example, 192.168.0.101.

Subnet Mask

The subnet mask of the local area network.

Gateway

The IP address of the router on the local area network. For example, 192.168.0.1.

Primary DNS Server, Secondary DNS Server

Enter the IP addresses of the DNS Servers. Leave the field for the secondary server empty if
not used.

DHCP Server Settings

DHCP stands for Dynamic Host Configuration Protocol. The DHCP section is where you
configure the built-in DHCP Server to assign IP addresses to the computers and other devices
on your local area network (LAN).

Enable DHCP Server

Once your router is properly configured and this option is enabled, the DHCP Server will
manage the IP addresses and other network configuration information for computers and other
devices connected to your Local Area Network. There is no need for you to do this yourself.

The computers (and other devices) connected to your LAN also need to have their TCP/IP
configuration set to "DHCP" or "Obtain an IP address automatically".

When you set Enable DHCP Server, the following options are displayed.

DHCP IP Address Range

These two IP values (from and to) define a range of IP addresses that the DHCP Server uses
when assigning addresses to computers and devices on your Local Area Network. Any
addresses that are outside of this range are not managed by the DHCP Server; these could,
therefore, be used for manually configured devices or devices that cannot use DHCP to obtain
network address details automatically.

It is possible for a computer or device that is manually configured to have an address that does
reside within this range. In this case the address should be reserved (see
below), so that the DHCP Server knows that this specific address can only be used by a
specific computer or device.

Your router, by default, has a static IP address of 192.168.0.1. This means that addresses

192.168.0.2 to 192.168.0.254 can be made available for allocation by the DHCP Server.

Example:

Your router uses 192.168.0.1 for the IP address. You've assigned a computer that you want to
designate as a Web server with a static IP address of 192.168.0.3. You've assigned another
computer that you want to designate as an FTP server with a static IP address of 192.168.0.4.
Therefore the starting IP address for your DHCP IP address range needs to be 192.168.0.5 or
greater.

Example:

DHCP Reservation

Suppose you configure the DHCP Server to manage addresses From 192.168.0.100 To

192.168.0.199. This means that 192.168.0.3 to 192.168.0.99 and 192.168.0.200 to

192.168.0.254 are NOT managed by the DHCP Server. Computers or devices that use

22

addresses from these ranges are to be manually configured. Suppose you have a web server
computer that has a manually configured address of 192.168.0.100. Because this falls within
the "managed range" be sure to create a reservation for this address and match it to the
relevant computer (see Static DHCP Client below).

DHCP Lease Time

The amount of time that a computer may have an IP address before it is required to renew the
lease. The lease functions just as a lease on an apartment would. The initial lease designates
the amount of time before the lease expires. If the tenant wishes to retain the address when
the lease is expired then a new lease is established. If the lease expires and the address is no
longer needed than another tenant may use the address.

Always Broadcast

If all the computers on the LAN successfully obtain their IP addresses from the router's DHCP
server as expected, this option can remain disabled. However, if one of the computers on the
LAN fails to obtain an IP address from the router's DHCP server, it may have an old DHCP
client that incorrectly turns off the broadcast flag of DHCP packets. Enabling this option will
cause the router to always broadcast its responses to all clients, thereby working around the
problem, at the cost of increased broadcast traffic on the LAN.

NetBIOS Advertisement

Check this box to allow the DHCP Server to offer NetBIOS configuration settings to the LAN
hosts. NetBIOS allows LAN hosts to discover all other computers within the network, e.g. within
Network Neighbourhood.

Learn NetBIOS information from WAN

If NetBIOS advertisement is swicthed on, switching this setting on causes WINS information to
be learned from the WAN side, if available. Turn this setting off to configure manually.

Primary WINS Server IP address

Configure the IP address of the preferred WINS server. WINS Servers store information
regarding network hosts, allowing hosts to 'register' themselves as well as discover other
available hosts, e.g. for use in Network Neighbourhood. This setting has no effect if the 'Learn
NetBIOS information from WAN' is activated.

Secondary WINS Server IP address

Configure the IP address of the backup WINS server, if any. This setting has no effect if the
'Learn NetBIOS information from WAN' is activated.

NetBIOS Scope

This is an advanced setting and is normally left blank. This allows the configuration of a
NetBIOS 'domain' name under which network hosts operate. This setting has no effect if the
'Learn NetBIOS information from WAN' is activated.

NetBIOS Registration mode

Indicates how network hosts are to perform NetBIOS name registration and discovery.
H-Node, this indicates a Hybrid-State of operation. First WINS servers are tried, if any, followed
by local network broadcast. This is generally the preferred mode if you have configured WINS
servers.
M-Node (default), this indicates a Mixed-Mode of operation. First Broadcast operation is
performed to register hosts and discover other hosts, if broadcast operation fails, WINS servers
are tried, if any. This mode favours broadcast operation which may be preferred if WINS

23

servers are reachable by a slow network link and the majority of network services such as

and hit Enter.

servers and printers are local to the LAN.
P-Node, this indicates to use WINS servers ONLY. This setting is useful to force all NetBIOS
operation to the configured WINS servers. You must have configured at least the primary
WINS server IP to point to a working WINS server.
B-Node, this indicates to use local network broadcast ONLY. This setting is useful where there
are no WINS servers available, however, it is preferred you try M-Node operation first.
This setting has no effect if the 'Learn NetBIOS information from WAN' is activated.

Add/Edit DHCP Reservation

This option lets you reserve IP addresses, and assign the same IP address to the network
device with the specified MAC address any time it requests an IP address. This is almost the
same as when a device has a static IP address except that the device must still request an IP
address from the router. The router will provide the device the same IP address every time.
DHCP Reservations are helpful for server computers on the local network that are hosting
applications such as Web and FTP. Servers on your network should either use a static IP
address or use this option.

Computer Name

You can assign a name for each computer that is given a reserved IP address. This may help
you keep track of which computers are assigned this way. Example: Game Server.

IP Address:

The LAN address that you want to reserve.

MAC Address

To input the MAC address of your system, enter it in manually or connect to the router's
Web-Management interface from the system and click the Copy Your PC's MAC Address
button.
A MAC address is usually located on a sticker on the bottom of a network device. The MAC
address is comprised of twelve digits. Each pair of hexadecimal digits are usually separated by
dashes or colons such as 00-0D-88-11-22-33 or 00:0D:88:11:22:33. If your network device is a
computer and the network card is already located inside the computer, you can connect to the
router from the computer and click the Copy Your PC's MAC Address button to enter the
MAC address.

As an alternative, you can locate a MAC address in a specific operating system by following
the steps below:

Go to the Start menu, select Run, type in winipcfg, and hit Enter. A popup
Windows 98
Windows Me

Windows 2000
Windows XP

Mac OS X

window will be displayed. Select the appropriate adapter from the pull-down

menu and you will see the Adapter Address. This is the MAC address of the

device.

Go to your Start menu, select Programs, select Accessories, and select

Command Prompt. At the command prompt type ipconfig /all

The physical address displayed for the adapter connecting to the router is

the MAC address.

Go to the Apple Menu, select System Preferences, select Network, and

select the Ethernet Adapter connecting to the router. Select the Ethernet

button and the Ethernet ID will be listed. This is the same as the MAC

address.

Enable

24

Specifies whether the entry will be active or inactive.

Save/Update

Record the changes you have made into the following list.

Clear

Re-initialize this area of the screen, discarding any changes you have made.

DHCP Reservations List

This shows clients that you have specified to have reserved DHCP addresses. Click the
Enable checkbox at the left to directly activate or de-activate the entry. An entry can be
changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click
the Edit icon, the item is highlighted, and the "Edit DHCP Reservation" section is activated for
editing.

Number of Dynamic DHCP Clients

In this section you can see what LAN devices are currently leasing IP addresses.

Revoke

The Revoke option is available for the situation in which the lease table becomes full or nearly
full, you need to recover space in the table for new entries, and you know that some of the
currently allocated leases are no longer needed. Clicking Revoke cancels the lease for a
specific LAN device and frees an entry in the lease table. Do this only if the device no longer
needs the leased IP address, because, for example, it has been removed from the network.

Reserve

The Reserve option converts this dynamic IP allocation into a DHCP Reservation and adds the
corresponding entry to the DHCP Reservations List.

25

Advanced

The Advanced tab provides the following configuration options: Virtual Server, Port Forwarding,
Application Rules, StreamEngine, Routing, Access Control, Website Filter, Network Filter,
Firewall Settings, Inbound Filter, Advanced Wireless, WISH, Wi-Fi Protected Setup, and
Advanced Network

Advanced_Virtual Server

The Virtual Server option gives Internet users access to services on your LAN. This feature is useful
for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a
public port on your router for redirection to an internal LAN IP Address and LAN port.

26

Example:

You are hosting a Web Server on a PC that has LAN IP Address of 192.168.0.50 and your ISP is
blocking Port 80.

1. Name the Virtual Server (for example: Web Server)

2. Enter the IP Address of the machine on your LAN (for example: 192.168.0.50)

3. Enter the Private Port as [80]

4. Enter the Public Port as [8888]

5. Select the Protocol (for example TCP).

6. Ensure the schedule is set to Always

7. Click Save to add the settings to the Virtual Servers List

8. Repeat these steps for each Virtual Server Rule you wish to add.
With this Virtual Server entry, all Internet traffic on Port 8888 will be redirected to your internal web

server on port 80 at IP Address 192.168.0.50.

Add/Edit Virtual Server

Enable

Specifies whether the entry will be active or inactive.

Name

Assign a meaningful name to the virtual server, for example Web Server. Several well-known
types of virtual server are available from the "Application Name" drop-down list. Selecting one
of these entries fills some of the remaining parameters with standard values for that type of
server.

IP Address

The IP address of the system on your internal network that will provide the virtual service, for
example 192.168.0.50. You can select a computer from the list of DHCP clients in the
"Computer Name" drop-down menu, or you can manually enter the IP address of the server
computer.

Protocol

Select the protocol used by the service. The common choices -- UDP, TCP, and both UDP and
TCP -- can be selected from the drop-down menu. To specify any other protocol, select "Other"
from the list, then enter the corresponding protocol number (as assigned by the IANA) in the

Protocol box.

Private Port

The port that will be used on your internal network.

Public Port

The port that will be accessed from the Internet.

Schedule

Select a schedule for when the service will be enabled. If you do not see the schedule you
need in the list of schedules, go to the Tools → Schedules screen and create a new schedule.

27

Inbound Filter

Select a filter that controls access as needed for this virtual server. If you do not see the filter
you need in the list of filters, go to the
filter.

Save/Update

Record the changes you have made into the following list.

Clear

Re-initialize this area of the screen, discarding any changes you have made.

Virtual Server List

This is a list of the defined Virtual Servers. Click the Enable checkbox at the left to directly
activate or de-activate the entry. An entry can be changed by clicking the Edit icon or can be
deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and
the "Edit Virtual Servers" section is activated for editing.

You might have trouble accessing a virtual server using its public identity (WAN-side
IP-address of the gateway or its dynamic DNS name) from a machine on the LAN. Your
requests may not be looped back or you may be redirected to the "Forbidden" page.

This will happen if you have an Access Control Rule configured for this LAN machine.

Advanced → Inbound Filter screen and create a new

The requests from the LAN machine will not be looped back if Internet access is blocked at the time of
access. To work around this problem, access the LAN machine using its LAN-side identity.

Requests may be redirected to the "Forbidden" page if web access for the LAN machine is restricted
by an Access Control Rule. Add the WAN-side identity (WAN-side IP-address of the router or its
dynamic DNS name) on the Advanced → Web Filter screen to work around this problem.

28

Advanced_Special Applications

An application rule is used to open single or multiple ports on your router when the router senses data
sent to the Internet on a "trigger" port or port range. An application rule applies to all computers on
your internal network.

Add/Edit Application Rule

Example:

You need to configure your router to allow a software application running on any computer on
your network to connect to a web-based server or another user on the Internet.

Enable

Specifies whether the entry will be active or inactive.

Name

Enter a name for the Special Application Rule, for example Game App, which will help you
identify the rule in the future. Alternatively, you can select from the Application list of common
applications.

Application

Instead of entering a name for the Special Application rule, you can select from this list of
common applications, and the remaining configuration values will be filled in accordingly.

Trigger Port

Enter the outgoing port range used by your application (for example 6500-6700).

Trigger Traffic Type

Select the outbound protocol used by your application (for example Both).

Firewall Port

Enter the port range that you want to open up to Internet traffic (for example 6000-6200).

29