SMC Networks WBR14S-3GN, Barricade SMCWBR14S-3GN User Manual

Download

Page 1

USER GUIDE

BarricadeTM N Draft 11n Wireless 3G Broadband Router

SMCWBR14S-3GN

Page 2

Draft 11n Wireless 3G Broadband Router User Guide

SMC Networks U.S.A 20 Mason Irvine, CA 92618 Phone: (949) 679-8000

SMC Networks Europe C/Fructuós Gelabert 6-8, 2º, 2ª Edificio Conata II 08970 Sant Joan Despí, Barcelona, Spain Phone: +34 93 477 4920

March 2010

Pub. # 149100000029W

E032010-AP-R02

Page 3

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

20 Mason

Irvine, CA 92618

Trade m ark s :

SMC is a registered trademark; and Barricade, EZ Switch, TigerStack, TigerSwitch, and TigerAccess are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

Page 4

WARRANTY AND PRODUCT REGISTRATION

To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http:// www.smc.com.

– 4 –

Page 5

COMPLIANCES

FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:

◆ Reorient or relocate the receiving antenna

◆ Increase the separation between the equipment and receiver

◆ Connect the equipment into an outlet on a circuit different from that to

which the receiver is connected

◆ Consult the dealer or an experienced radio/TV technician for help

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment.

IMPORTANT NOTE: FCC RADIATION EXPOSURE STATEMENT

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator and your body. End users must follow the specific operating instructions for satisfying RF exposure compliance.

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

– 5 –

Page 6

OMPLIANCES

IEEE 802.11b, 802.11g or 802.11n operation of this product in the U.S.A. is firmware-limited to channels 1 through 11.

The availability of some specific channels and/or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user.

Following three 3G cards have passed co-located EMC / RF exposure test with this device and can be used with this device. Other 3G cards may or may not comply with FCC rules, please consult the manufacturer before purchase.

Interface Brand Name Model Name FCC ID NCC ID For Taiwan

USB port HUAWEI E220 QISE220 CCAC063G0260T0

NOVATEL MCD3000 PKRNVWMC

D3000

Novatel MC727 PKRNVWMC7

NCC Only

EC CONFORMANCE DECLARATION

SMC contact for these products in Europe is:

SMC Networks Europe, C/Fructuós Gelabert 6-8, 2 Edificio Conata II, 08970 - Sant Joan Despí, Barcelona, Spain.

Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards:

◆ EN 60950-1: 2006

Safety of Information Technology Equipment

◆ EN 50385: 2002

Generic standard to demonstrate the compliance of electronic and electrical apparatus with the basic restrictions related to human exposure to electromagnetic fields (0 Hz - 300 GHz)

, 2a,

◆ EN 300328 V1.7.1 (2006)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques; Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive

– 6 –

Page 7

OMPLIANCES

◆ EN 301 489-1 V1.8.1 (2008-04) and EN 301 489-17 V1.3.2 (2008-4)

Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission systems and 5 GHz high performance RLAN equipment

This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member states and EFTA countries, except in France and Italy where restrictive use applies.

In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or network services.

This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 - 2483.5 MHz. For detailed information the end-user should contact the national spectrum authority in France.

This device is intended for use in the following European Community and EFTA countries:

◆ Austria ◆ Belgium ◆ Bulgaria ◆ Cyprus ◆ Czech Republic

◆ Denmark ◆ Estonia ◆ Finland ◆ France ◆ Germany

◆ Greece ◆ Hungary ◆ Iceland ◆ Ireland ◆ Italy

◆ Latvia ◆ Lithuania ◆ Luxembourg ◆ Malta ◆Netherlands

◆ Norway ◆Poland ◆Portugal ◆ Romania ◆ Slovakia

◆ Slovenia ◆ Spain ◆ Sweden ◆ Switzerland ◆ United Kingdom

DECLARATION OF CONFORMITY IN LANGUAGES OF THE EUROPEAN COMMUNITY

Czech Česky

Estonian Eesti

English Hereby, Manufacturer, declares that this Radio LAN device is in compliance with the

Finnish Suomi

Dutch Nederlands

French Français

Swedish Svenska

Manufacturer tímto prohlašuje, že tento Radio LAN device je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.

Käesolevaga kinnitab Manufacturer seadme Radio LAN device vastavust direktiivi 1999/ 5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.

essential requirements and other relevant provisions of Directive 1999/5/EC.

Valmistaja Manufacturer vakuuttaa täten että Radio LAN device tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.

Hierbij verklaart Manufacturer dat het toestel Radio LAN device in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG

Bij deze Manufacturer dat deze Radio LAN device voldoet aan de essentiële eisen en aan de overige relevante bepalingen van Richtlijn 1999/5/EC.

Par la présente Manufacturer déclare que l'appareil Radio LAN device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE

Härmed intygar Manufacturer att denna Radio LAN device står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.

– 7 –

Page 8

OMPLIANCES

Danish Dansk

German Deutsch

Greek

Ελληνική

Hungarian Magyar

Italian Italiano

Latvian Latviski

Lithuanian Lietuvių

Maltese Malti

Spanish Español

Polish Polski

Portuguese Português

Slovak Slovensky

Slovenian Slovensko

Undertegnede Manufacturer erklærer herved, at følgende udstyr Radio LAN device overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF

Hiermit erklärt Manufacturer, dass sich dieser/diese/dieses Radio LAN device in Übereinstimmung mit den grundlegenden Anforderungen und den anderen relevanten Vorschriften der Richtlinie 1999/5/EG befindet". (BMWi)

Hiermit erklärt Manufacturer die Übereinstimmung des Gerätes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999/5/EG. (Wien)

με την παρουσα Manufacturer δηλωνει οτι radio LAN device συμμορφωνεται προσ τισ ουσιωδεισ απαιτησεισ και τισ λοιπεσ σχετικεσ διαταξεισ τησ οδηγιασ 1999/5/εκ.

Alulírott, Manufacturer nyilatkozom, hogy a Radio LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.

Con la presente Manufacturer dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.

Ar šo Manufacturer deklarē, ka Radio LAN device atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.

Šiuo Manufacturer deklaruoja, kad šis Radio LAN device atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.

Hawnhekk, Manufacturer, jiddikjara li dan Radio LAN device jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn re

Por medio de la presente Manufacturer declara que el Radio LAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE

Niniejszym Manufacturer oświadcza, że Radio LAN device jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.

Manufacturer declara que este Radio LAN device está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE.

Manufacturer týmto vyhlasuje, že Radio LAN device spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.

Manufacturer izjavlja, da je ta radio LAN device v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES.

levanti li hemm fid-Dirrettiva 1999/5/EC.

TAIWAN NCC

根據國家通信傳播委員會低功率電波輻射性電機管理辦法規定：

第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更

第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應

頻率、加大功率或變更原設計之特性及功能。

立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。

– 8 –

Page 9

ABOUT THIS GUIDE

PURPOSE This guide details the hardware features of the wireless 3G Broadband

Router, including its physical and performance-related characteristics, and how to install the device and use its configuration software.

AUDIENCE This guide is for users with a basic working knowledge of computers. You

should be familiar with Windows operating system concepts.

CONVENTIONS The following conventions are used throughout this guide to show

information:

OTE

Emphasizes important information or calls your attention to related

features or instructions.

AUTION

damage the system or equipment.

ARNING

Alerts you to a potential hazard that could cause loss of data, or

Alerts you to a potential hazard that could cause personal injury.

RELATED PUBLICATIONS The following publication gives basic information on how to install and use

the wireless 3G Broadband Router.

Quick Installation Guide

Also, as part of the wireless 3G Broadband Router’s software, there is online help that describes all configuration related features

REVISION HISTORY This section summarizes the changes in each revision of this guide.

MARCH 2010 REVISION

This is the second revision of this guide. It includes the following changes:

◆ Updated back cover address information.

◆ Updated EU Conformance contact address.

– 9 –

Page 10

DECEMBER 2009 REVISION

This is the first revision of this guide.

BOUT THIS GUIDE

– 10 –

Page 11

CONTENTS

1INTRODUCTION 15

Key Hardware Features 15

Package Contents 15

Hardware Description 16

Antennas 17

LED Indicators 17

Ethernet WAN Port 18

Ethernet LAN Port 18

3G Modem USB Port 18

Power Connector 19

WPS Button 19

Reset Button 19

2INSTALLING THE WIRELESS 3G BROADBAND ROUTER 20

System Requirements 20

Mounting the Device 21

Mounting on a Wall 21

Mounting on a Horizontal Surface 21

Router Mode Connections 22

Bridge Mode Connections 23

3NETWORK PLANNING 25

Internet Gateway Router 25

LAN Access Point 26

Wireless Client 27

Wireless Bridge 27

4INITIAL CONFIGURATION 29

ISP Settings 29

Connecting to the Login Page 29

Home Page and Main Menu 30

Common Web Page Buttons 31

Setup Wizard 32

– 11 –

Page 12

ONTENTS

Step 1 -Operation Mode Configuration 32

Step 2 - Time Settings 32

Step 3 - WAN Settings - DHCP 33

Step 3 - WAN Settings - Static IP 34

Step 3 - WAN Settings - PPPoE 35

Step 3 - WAN Settings - PPTP 36

Step 3 - WAN Settings - L2TP 37

Step 3 - WAN Settings - 3G 39

Step 4 - Wireless Security 41

Completion 42

5OPERATION MODE 43

Logging In 44

Operation Mode 46

6NETWORK SETTINGS 47

WAN Setting 48

DHCP 49

Static IP 49

PPPoE 50

L2TP 51

PPTP 53

3G 54

LAN Setting 58

Advanced Routing 60

Advanced Routing Settings 60

Routing Table 61

Dynamic Route 62

ALG 63

7WIRELESS CONFIGURATION 64

Basic Settings 64

HT Physical Mode Settings 67

Other HT Settings 68

Advanced Settings 69

Advanced Wireless 69

Wi-Fi Multimedia 71

Multicast-to-Unicast Converter 74

– 12 –

Page 13

ONTENTS

WLAN Security 75

Wired Equivalent Privacy (WEP) 76

WPA Pre-Shared Key 77

WPA Enterprise Mode 79

IEEE 802.1X and RADIUS 81

Access Policy 82

Wireless Distribution System (WDS) 83

Wi-Fi Protected Setup (WPS) 86

Station List 88

8FIREWALL CONFIGURATION 89

MAC/IP/Port Filtering 89

Current Filter Rules 91

Virtual Server Settings (Port Forwarding) 92

Current Virtual Servers in system 93

DMZ 93

System Security 94

Content Filtering 95

9ADMINISTRATION SETTINGS 97

System Management 98

Time Zone Settings 99

Green AP Settings 100

DDNS Settings 100

Firmware Upgrade 101

Configuration Settings 102

System Status 103

Statistics 105

DHCP Clients 106

System Log 107

3G Budget Status 108

Reboot 110

ATROUBLESHOOTING 111

Diagnosing LED Indicators 111

If You Cannot Connect to the Internet 111

Before Contacting Technical Support 112

BHARDWARE SPECIFICATIONS 113

– 13 –

Page 14

ONTENTS

CLICENSE INFORMATION 115

The GNU General Public License 115

– 14 –

Page 15

1 INTRODUCTION

The SMCWBR14S-3GN wireless 3G Broadband Router is an IEEE 802.11n wireless gateway router that connects your Internet access device (cable or ADSL modem) to your PC or local area network, or to its own secure wireless network.

The wireless 3G Broadband Router can be automatically configured with other Wi-Fi Protected Setup (WPS) devices by simply pressing its WPS button. For more detailed configuration, the unit can also be set up through its easy-to-use web interface.

KEY HARDWARE FEATURES

The following table describes the main hardware features of the wireless 3G Broadband Router

PACKAGE CONTENTS

Table 1: Key Hardware Features

Feature Description

WAN Port One 100BASE-TX RJ-45 port for connecting to the Internet.

LAN Port One 100BASE-TX RJ-45 port for local network connections.

USB Port One USB slot for a 3G or 3.5G modem.

WPS Button To set up a secure connection to a wireless device.

Reset Button For resetting the unit and restoring factory defaults.

LEDs Provides LED indicators for Power, WAN port, LAN port, and WLAN

Mounting Options Can be mounted on any horizontal surface such as a desktop or

The wireless 3G Broadband Router package includes:

◆ 802.11b/g/n wireless 3G Broadband Router (

◆ RJ-45 Category 5 network cable

status.

shelf, or on a wall using two screws.

SMCWBR14S-3GN

)

◆ AC power adapter

◆ SMC Warranty Information Card

– 15 –

Page 16

◆ Quick Installation Guide

◆ EZ Installation & Documentation CD

Inform your dealer if there are any incorrect, missing or damaged parts. If possible, retain the carton, including the original packing materials. Use them again to repack the product in case there is a need to return it.

HARDWARE DESCRIPTION

The wireless 3G Broadband Router, from herein refered to as wireless 3G Broadband Router, connects to the Internet through its RJ-45 WAN port. It connects directly to your PC or to a local area network using its RJ-45 Fast Ethernet LAN port.

The wireless 3G Broadband Router includes an LED display on the front panel for system power and port indications that simplifies installation and network troubleshooting.

HAPTER

| Introduction

Hardware Description

Figure 1: Rear Panel

Antennas

Reset Button

WPS Button

Ethernet WAN

RJ-45 Port

– 16 –

3G USB

Slot

Power Socket

Ethernet LAN

RJ-45 Ports

Page 17

HAPTER

| Introduction

Hardware Description

ANTENNAS The access point includes integrated MIMO antennas for wireless

communications. A MIMO antenna system uses two or more identical antennas to receive and transmit signals, helping to increase data throughput and range. The antennas transmit the outgoing signal as a toroidal sphere (doughnut shaped), with the coverage extending most in a direction perpendicular to the antenna. The antenna should be adjusted to an angle that provides the appropriate coverage for the service area.

LED INDICATORS The wireless 3G Broadband Router includes four status LED indicators, as

described in the following figure and table.

Figure 2: LEDs

Table 2: LED Behavior

LED Status Description

Power On Blue The unit is receiving power and is operating normally.

Off There is no power currently being supplied to the

WLAN On/Blinking Blue The 802.11n radio is enabled and

Off The 802.11n radio is disabled.

WPS On Blue Indicates the WPS authentication of a device has

Fast Blinking Blue Indicates the WPS authentication of a client device is

Slow Blinking

Off The WPS is not in progress.

unit.

transmitting or receiving data through wireless links.

been successfully completed.

in progress. If the WPS authentication of a device does not

complete after 120 seconds, the LED changes to Slow Blinking.

Blue Indicates the WPS authentication of a device did not

complete after 120 seconds. The LED status does not change until the user restarts or disables the WPS connection.

– 17 –

Page 18

HAPTER

| Introduction

Hardware Description

Table 2: LED Behavior (Continued)

LED Status Description

WAN On Blue The Ethernet WAN port is aquiring an IP address.

Blinking The Ethernet WAN port is connected and is

Off The Ethernet WAN port is disconnected or has

LAN (4 LEDs) On Blue The Ethernet LAN port is connected to a PC or server.

Blinking The Ethernet port is connected and is transmitting or

Off The Ethernet port is disconnected or has

3G USB On Blue A 3G connection has been established.

Slow Blinking A 3G connection is in progress.

Ultra Fast Flashing Green

Fast Blinking The wrong 3G PIN code has been entered, or the 3G

5 Blinks Cycle The 3G pre-limit budget has been reached.

Off There is no modem connected to the 3G USB port, or

transmitting/receiving data.

malfunctioned.

receiving data.

malfunctioned.

Indicates that 3G usage is already over the ISP supplied limit.

budget limit has been reached.

the device has failed.

◆ Slow blinking is an on-off cycle of once every 2 seconds.

◆ Fast blinking is an on-off cycle of once of every 0.5 seconds.

◆ Untra Fast flashing is an on-off cycle of once of every 0.2 seconds.

ETHERNET WAN PORT A 100BASE-TX RJ-45 port that can be attached to an Internet access

device, such as a DSL or Cable modem.

ETHERNET LAN PORT The wireless 3G Broadband Router has four 100BASE-TX RJ-45 ports that

can be attached directly to a PC or 10BASE-T/100BASE-TX LAN segments.

These ports support automatic MDI/MDI-X operation, so you can use straight-through cables for all network connections to PCs, switches, or hubs.

3G MODEM USB

The 3G Modem USB Port supports connection to a wireless cellular 3G or

3.5G modem for broadband Internet access.

ORT

– 18 –

Page 19

HAPTER

| Introduction

Hardware Description

POWER CONNECTOR The wireless 3G Broadband Router must be powered with its supplied

power adapter. Failure to do so results in voiding of any warrantly supplied with the product. The power adapter automatically adjusts to any voltage between 100~240 volts at 50 or 60 Hz, and supplies 12 volts DC power to the unit. No voltage range settings are required.

WPS BUTTON Press the WPS button to automatically configure the wireless 3G

Broadband Router with other WPS devices in the WLAN.

RESET BUTTON The Reset button is used to restore the factory default configuration. If you

hold down the button for 5 seconds or more, any configuration changes you may have made are removed, and the factory default configuration is restored to the wireless 3G Broadband Router.

– 19 –

Page 20

2 INSTALLING THE WIRELESS 3G

BROADBAND ROUTER

The wireless 3G Broadband Router has two basic operating modes that can be set through the web-based management interface. For information on setting the mode suitable for your network environment. See “Operation

Mode” on page 46

◆ Router Mode — A router mode that connects a wired LAN and wireless

clients to an Internet access device, such as a cable or DSL modem. This is the factory set default mode.

◆ Bridge Mode — An access point mode that extends a wired LAN to

wireless clients.

In addition to these basic operating modes, the wireless interface supports a Wireless Distribution System (WDS) link to another wireless 3G Broadband Router. These advanced configurations are not described in this section. See “Network Planning” on page 25 for more information.

In a basic configuration, how the wireless 3G Broadband Router is connected depends on the operating mode. The following sections describe connections for basic Router Mode and Bridge Mode operation.

SYSTEM REQUIREMENTS

You must meet the following minimum requirements:

◆ An Internet access device (DSL or Cable modem) with an Ethernet port

◆ An up-to-date web browser: Internet Explorer 6.0 or above or Mozilla

connection.

Firefox 2.0 or above.

– 20 –

Page 21

HAPTER

| Installing the wireless 3G Broadband Router

Mounting the Device

MOUNTING THE DEVICE

The wireless 3G Broadband Router can be mounted on any horizontal surface, or on a wall. The following sections describe the mounting options.

MOUNTING ON A WALL The wireless 3G Broadband Router should be mounted only to a wall or

wood surface that is at least 1/2-inch plywood or its equivalent. To mount the unit on a wall, always use its wall-mounting slots.

To mount on a wall, follow the instructions below.

1. Mark the position of the two screw holes on the wall. For concrete or

brick walls, you will need to drill holes and insert wall plugs for the screws.

2. Insert two 20-mm M4 tap screws (not included) into the holes, leaving

about 2~3 mm (0.08~0.12 inches) clearance from the wall.

MOUNTING ON A

HORIZONTAL SURFACE

3. Line up the two mounting points on the unit with the screws in the wall,

then slide the unit down onto the screws until it is in a secured position.

To keep the wireless 3G Broadband Router from sliding on the surface, the unit has four rubber feet on its base.

It is recommended to select an uncluttered area on a sturdy surface, such as a desktop or table. The unit can also be protected by securing all attached cables to a table leg or other nearby fixed structure.

– 21 –

Page 22

ROUTER MODE CONNECTIONS

Set up wireless devices

Notebook PC

Connect LAN port to PC

Connect AC power adapter to power source

Cable/DSL Modem

Connect WAN port to cable/DSL modem

Internet

In its default Router Mode, the wireless 3G Broadband Router forwards traffic between an Internet connected cable or ADSL modem, and wired or wireless PCs or notebooks. The basic connections are illustrated in the figure below.

Figure 3: Router Mode Connection

HAPTER

| Installing the wireless 3G Broadband Router

Router Mode Connections

To connect the wireless 3G Broadband Router in router mode for use as an Internet gateway, follow these steps:

1. Connect an Ethernet cable from the wireless 3G Broadband Router’s

WAN port to your Internet connected cable or DSL modem.

2. Connect an Ethernet cable from the wireless 3G Broadband Router’s

LAN port to your PC. Alternatively, you can connect to a workgroup switch to support more wired users. The wireless 3G Broadband Router can support up to 253 wired and wireless users.

3. Power on the wireless 3G Broadband Router by connecting the AC

power adapter and plugging it into a power source.

AUTION

Broadband Router. Otherwise, the product may be damaged.

Use ONLY the power adapter supplied with the wireless 3G

When you power on the wireless 3G Broadband Router, verify that the Power LED turns on and that the other LED indicators start functioning as described under “LED Indicators” on page 17.

– 22 –

Page 23

4. Set up wireless devices by pressing the WPS button on the wireless 3G

Set up wireless devices

Notebook PC

Connect LAN port to PC

Connect AC power adapter to power source

Connect LAN and WAN ports to an Ethernet LAN switch or PCs

Broadband Router or by using the web interface. See “Initial

Configuration” on page 29 for more information on accessing the web

interface.

BRIDGE MODE CONNECTIONS

In Bridge Mode, the wireless 3G Broadband Router operates as a wireless access point, extending a local wired network to associated wireless clients (PCs or notebooks with wireless capability). From any nearby location, you can then make a wireless connection to the wireless 3G Broadband Router and access the wired network resources, including local servers and the Internet.

In Bridge Mode, the wireless 3G Broadband Router does not support gateway functions on its WAN port. Both the LAN port and the WAN ports can be connected to a local Ethernet LAN.

HAPTER

| Installing the wireless 3G Broadband Router

Bridge Mode Connections

OTE

Bridge Mode is not the factory default mode and must be manually

set using the web management interface.

Figure 4: Bridge Mode Connection

To connect the wireless 3G Broadband Router for use as an access point, follow these steps:

1. Using Ethernet cable connect the wireless 3G Broadband Router’s LAN

and WAN ports to PCs. Alternatively, you can connect to a workgroup switch to support more wired users.

2. Power on the wireless 3G Broadband Router by connecting the AC

power adapter and plugging it into a power source.

– 23 –

Page 24

AUTION

HAPTER

Use ONLY the power adapter supplied with the wireless 3G

| Installing the wireless 3G Broadband Router

Bridge Mode Connections

Broadband Router. Otherwise, the product may be damaged.

When you power on the wireless 3G Broadband Router, verify that the Power LED turns on and that the other LED indicators start functioning as described under “LED Indicators” on page 17.

3. Set up wireless devices by pressing the WPS button on the wireless 3G

Broadband Router or by using the web interface. See “Initial

Configuration” on page 29 for more information on accessing the web

interface.

– 24 –

Page 25

3 NETWORK PLANNING

Wireless AP/Router

Server

(IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

Cable/DSL

Modem

Internet Service Provider

Notebook PC

(IP: 192.168.2.x)

WAN (IP assigned from ISP)

LAN (IP: 192.168.2.x)

LAN Switch

Modem

3G Internet

Service Provider

The wireless 3G Broadband Router is designed to be very flexible in its deployment options. It can be used as an Internet gateway for a small network, or as an access point to extend an existing wired network to support wireless users. It also supports use as a wireless bridge to connect two wired LANs.

This chapter explains some of the basic features of the wireless 3G Broadband Router and shows some network topology examples in which the device is implemented.

INTERNET GATEWAY ROUTER

The wireless 3G Broadband Router can connect directly to a cable or DSL modem to provide an Internet connection for multiple users through a single service provider account. Users connect to the wireless 3G Broadband Router either through a wired connection to a LAN port, or though the device’s own wireless network. The wireless 3G Broadband Router functions as an Internet gateway when set to Router Mode.

An Internet gateway employs several functions that essentially create two separate Internet Protocol (IP) subnetworks; a private internal network with wired and wireless users, and a public external network that connects to the Internet. Network traffic is forwarded, or routed, between the two subnetworks.

Figure 5: Operating as an Internet Gateway Router

– 25 –

Page 26

LAN ACCESS POINT

Server (IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

LAN Switch

Notebook PC

(IP: 192.168.2.x)

SSID 1

(public)

Notebook PC

(IP: 192.168.2.x)

SSID 2

(private)

Wireless AP/Router

HAPTER

| Network Planning

LAN Access Point

The private local network, connected to the LAN port or wireless interface, provides a Dynamic Host Configuration Protocol (DHCP) server for allocating IP addresses to local PCs and wireless clients, and Network Address Translation (NAT) for mapping the multiple "internal" IP addresses to one "external" IP address.

The public external network, connected to the WAN port, supports DHCP client, Point-to-Point Protocol over Ethernet (PPPoE), static IP for connection, L2TP and PPTP to an Internet service provider (ISP) through a cable or DSL modem.

The 3G Modem link can provide a backup Internet connection with automatic failover and fallback to the primary WAN connection.

The wireless 3G Broadband Router can provide an access point service for an existing wired LAN, creating a wireless extension to the local network. The wireless 3G Broadband Router functions as purely an access point when set to Bridge Mode. When used in this mode, there are no gateway functions between the WAN port and the LAN and wireless interface.

A Wi-Fi wireless network is defined by its Service Set Identifier (SSID) or network name. Wireless clients that want to connect to a network must set their SSID to the same SSID of the network service. The wireless 3G Broadband Router supports two separate wireless interfaces, that is two SSIDs or Virtual Access Points (VAPs). The two VAP interfaces can be configured separately to support different security settings or other wireless functions.

Figure 6: Operating as an Access Point

– 26 –

Page 27

WIRELESS CLIENT

Cable/DSL

Modem

Internet Service Provider

Wireless AP/Router

Server

(IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

Notebook PC

(IP: 192.168.2.x)

Wireless Client WAN

(IP from external network)

LAN Port

(IP: 192.168.2.x)

LAN Switch

Access Point

(External SSID)

HAPTER

| Network Planning

Wireless Client

The wireless 3G Broadband Router can operate as a wireless client on one VAP interface, which enables a connection to another Wi-Fi network. When the wireless client option is enabled as a WAN connection, the client VAP interface functions as an external gateway WAN port. When the wireless client option is enabled as a LAN connection, the other VAP interface and LAN ports all function as the local network within the same IP subnet.

Figure 7: Operating with a Wireless Client WAN Connection

WIRELESS BRIDGE

The IEEE 802.11 standard defines a Wireless Distribution System (WDS) for bridge connections between access points. The wireless 3G Broadband Router can use WDS to forward traffic on links between units.

A single WDS bridge link can be specified for the WLAN1 interface. One end

of a link must be configured as the “WDS Parent” and the other as the “WDS Child.”

OTE

parent.

The network domain of WDS child has to be the same as WDS

– 27 –

Page 28

Figure 8: Operating as a Wireless Bridge

Wireless AP/Router

(Gateway Mode)

Server

(IP: 192.168.2.x)

Desktop PC

(IP: 192.168.2.x)

Cable/DSL

Modem

Internet Service Provider

WAN

(IP from ISP)

LAN

(IP: 192.168.2.x)

LAN Switch

Desktop PC

(IP: 192.168.2.x)

WDS Child

WDS Parent

WDS Link

Wireless AP/Router

(Bridge Mode)

HAPTER

| Network Planning

Wireless Bridge

– 28 –

Page 29

4 INITIAL CONFIGURATION

The wireless 3G Broadband Router offers a user-friendly web-based management interface for the configuration of all the unit’s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer (version 6.0 or above).

ISP SETTINGS

If you are not sure of your connection method, please contact your Internet Service Provider. There are several connection types to choose from: Static IP, DHCP (cable connection), PPPoE (DSL connection), PPTP, L2TP and 3G.

OTE

If using the PPPoE option, you will need to remove or disable any

PPPoE client software on your computers.

CONNECTING TO THE LOGIN PAGE

It is recommended to make initial configuration changes by connecting a PC directly to the wireless 3G Broadband Router’s LAN port. The wireless 3G Broadband Router has a default IP address of 192.168.2.1 and a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same subnet as the wireless 3G Broadband Router (that is, the PC and wireless 3G Broadband Router addresses must both start 192.168.2.x).

To access the wireless 3G Broadband Router’s management interface, follow these steps:

1. Use your web browser to connect to the management interface using

the default IP address of 192.168.2.1.

2. Log into the interface by entering the default username “admin” and

password “smcadmin,” then click OK.

OTE

It is strongly recommended to change the default password the first time you access the web interface. For information on changing passwords, See “System Management” on page 98.

– 29 –

Page 30

Figure 9: Login Page

HAPTER

| Initial Configuration

Home Page and Main Menu

HOME PAGE AND MAIN MENU

After logging in to the web interface, the Home page displays. The Home page shows the main menu and the method to access the Setup Wizard.

Figure 10: Home Page

– 30 –

Page 31

HAPTER

| Initial Configuration

Common Web Page Buttons

COMMON WEB PAGE BUTTONS

The list below describes the common buttons found on most web management pages:

◆ Apply – Applies the new parameters and saves them to memory. Also

displays a screen to inform you when it has taken affect. Clicking ‘Apply’ returns to the home page.

◆ Cancel – Cancels the newly entered settings and restores the previous

settings.

◆ Next – Proceeds to the next step.

◆ Previous – Returns to the previous screen.

– 31 –

Page 32

SETUP WIZARD

HAPTER

The Wizard is designed to help you configure the basic settings required to get the the wireless 3G Broadband Router up and running. There are only a few basic steps you need to set up the the wireless 3G Broadband Router and provide a connection. Follow these steps:

Launch the Setup Wizard by clicking “Setup Wizard” on the left side of the screen to enter the setup wizard page.

| Initial Configuration

Setup Wizard

STEP 1 -OPERATION

MODE CONFIGURATION

STEP 2 - TIME

SETTINGS

Select the operation mode required for the network environment. Click “Next” to continue the setup.

Figure 11: Wizard Step 1 - Operation Mode

The Step 2 page of the Wizard configures time zone and SNTP settings.

Select a time zone according to where the device is operated. Click Next after completing the setup.

Figure 12: Wizard Step 2 - Time Zone Settings

– 32 –

Page 33

HAPTER

| Initial Configuration

Setup Wizard

STEP 3 - WAN

SETTINGS - DHCP

The Step 3 page of the Wizard specifies the Internet connection parameters for the wireless 3G Broadband Router’s WAN port. Click Next after completing the setup.

By default, the WAN port is configured with DHCP enabled. The options are Static IP, DHCP (cable modem), PPPoE (DSL modem), PPTP, and L2TP. Each option changes the parameters that are displayed on the page.

You can also enable support for a USB 3G modem as a WAN connection, either as a primary (Master) link, or as a backup to the WAN port link.

Figure 13: Wizard Step 3 - WAN Settings - DHCP

The following items are displayed on this page:

◆ Ethernet Port — Select “Cable/Dynamic IP (DHCP)” for the WAN port

connection from the drop-down list. (Default: DHCP)

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “Step 3 - WAN Settings - 3G” on

page 39. (Default: Disabled)

◆ Hostname — Specifies the host name of the DHCP client.

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

specified MAC address of one PC, which is registered with the ISP. This setting allows you to manually change the MAC address of the wireless 3G Broadband Router’s WAN port to match the PC MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the box provided. Otherwise, connect only the PC with the registered MAC address to the wireless 3G Broadband Router, then click the “Clone Your PC’s MAC Address.” (Default: Disabled)

– 33 –

Page 34

HAPTER

| Initial Configuration

Setup Wizard

STEP 3 - WAN

SETTINGS - STATIC IP

Configures a static IP for the WAN port.

Figure 14: Wizard Step 3 - WAN Settings - Static IP

The following items are displayed on this page:

◆ Ethernet Port — Select “Static (Fixed IP)” for the WAN port connection

from the drop-down list.

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “Step 3 - WAN Settings - 3G” on

page 39. (Default: Disabled)

◆ IP Address — The IP address of the wireless 3G Broadband Router.

Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.

◆ Subnet Mask — The mask that identifies the host address bits used for

routing to specific subnets.

◆ Default Gateway — The IP address of the gateway router for the

wireless 3G Broadband Router, which is used if the requested destination address is not on the local subnet.

◆ Primary DNS Server — The IP address of the Primary Domain Name

Server. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. To specify a DNS server, type the IP addresses in the text field provided. Otherwise, leave the text field blank.

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server.

– 34 –

Page 35

HAPTER

| Initial Configuration

Setup Wizard

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

specified MAC address. This setting allows you to manually change the MAC address of the wireless 3G Broadband Router's WAN interface to match the PC's MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the boxes provided. Otherwise, connect only the PC with the registered MAC address to the wireless 3G Broadband Router, then click the “Clone Your PC’s MAC Address.” (Default: Disabled)

STEP 3 - WAN

SETTINGS - PPPOE

Enable the wireless 3G Broadband Router IP address to be assigned automatically from an Internet service provider (ISP) through a DSL modem using Point-to-Point Protocol over Ethernet (PPPoE).

Figure 15: Wizard Step 3 - WAN Settings - PPPoE

The following items are displayed on this page:

◆ Ethernet Port — Select “PPPoE (ADSL)” for the WAN port connection

from the drop-down list.

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “Step 3 - WAN Settings - 3G” on

page 39. (Default: Disabled)

◆ User Name — Sets the PPPoE user name for the WAN port.

(Default: pppoe_user; Range: 1~32 characters)

◆ Password — Sets a PPPoE password for the WAN port.

(Default: pppoe_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

– 35 –

Page 36

HAPTER

| Initial Configuration

Setup Wizard

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

STEP 3 - WAN

SETTINGS - PPTP

Enables the Point-to-Point Tunneling Protocol (PPTP) for implementing virtual private networks. The service is provided in many European countries.

Figure 16: Wizard Step 3 - WAN Settings - PPTP

The following items are displayed on this page:

◆ Ethernet Port — Select “PPTP” for the WAN port connection from the

drop-down list.

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “Step 3 - WAN Settings - 3G” on

page 39. (Default: Disabled)

◆ Server IP — Sets the PPTP server IP Address. (Default: pptp_server)

◆ User Name — Sets the PPTP user name for the WAN port.

(Default: pptp_user; Range: 1~32 characters)

– 36 –

Page 37

HAPTER

| Initial Configuration

Setup Wizard

◆ Password — Sets a PPTP password for the WAN port. (Default:

pptp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a PPTP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when PPTP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when PPTP Network Mode is set to static IP.)

◆ Default Gateway — The IP address of a router that is used when the

requested destination IP address is not on the local subnet.

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

STEP 3 - WAN

SETTINGS - L2TP

Enables the Layer 2 Tunneling Protocol (L2TP) for implementing virtual private networks. The service is provided in many European countries.

Figure 17: Wizard Step 3 - WAN Settings - L2TP

– 37 –

Page 38

HAPTER

| Initial Configuration

Setup Wizard

The following items are displayed on this page:

◆ Ethernet Port — Select “L2TP” for the WAN port connection from the

drop-down list.

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “Step 3 - WAN Settings - 3G” on

page 39. (Default: Disabled)

◆ Server IP — Sets the L2TP server IP Address. (Default: l2tp_server)

◆ User Name — Sets the L2TP user name for the WAN port.

(Default: l2tp_user; Range: 1~32 characters)

◆ Password — Sets a L2TP password for the WAN port. (Default:

l2tp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a L2TP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when L2TP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when L2TP Network Mode is set to static IP.)

◆ Default Gateway — The IP address of a router that is used when the

requested destination IP address is not on the local subnet.

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

– 38 –

Page 39

HAPTER

| Initial Configuration

Setup Wizard

STEP 3 - WAN

SETTINGS - 3G

Enables support for a USB 3G modem as a WAN connection, either as a primary (Master) link, or as a backup to the WAN port link.

Figure 18: Wizard Step 3 - WAN Settings - 3G

The following items are displayed on this page:

◆ Ethernet Port — Select the WAN port connection type from the drop-

down list. Alternatively, you can disable the Ethernet WAN port connection and just use the USB 3G modem connection.

– 39 –

Page 40

HAPTER

| Initial Configuration

Setup Wizard

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. When enabled, you can select if the 3G modem connection operates as the Master or Backup WAN link. (Default: Disabled)

◆ Master WAN — Enables the USB 3G modem WAN connection to

operate as the primary WAN link. The Ethernet WAN port then operates as the backup link. (Default: Disabled)

◆ Backup WAN — Enables the USB 3G modem WAN connection to

operate as the backup to the Ethernet WAN port link. (Default: Enabled)

◆ Fallback of Dual WAN — The operation of the fallback between dual

WAN connections is as follows: (Default: Disabled)

■

Enabled — The Master WAN connection is used first. Whenever this connection is lost, the device automatically switches to the Backup WAN. During the operation of the Backup WAN, the Master WAN link is monitored for recovery of the lost connection. If the Master WAN link is re-established, the WAN connection automatically switches back to the Master from the Backup WAN connection.

■

Disabled — The Master WAN connection is used first. Whenever this connection is lost, the device automatically switches to the Backup WAN. The device will only switch back to the Master WAN if the Backup connection is lost.

◆ WAN connection test: Sets known IP addresses to ping on the WAN

links to check for connectivity.

■

Detect IP Address of Master WAN — An IP address to which a ping packet is sent to detect if the Master WAN connection is valid.

■

Detect IP Address of Backup WAN — An IP address to which a ping packet is sent to detect if the Backup WAN connection is valid.

■

Ping Timeout — Sets the ping time out. (Range: 1~5 seconds; Default: 3 seconds)

◆ Pin Code Protect — Enables the use of a PIN code (personal

identification number) to encrypt access to the 3G modem connection. Some service providers do not require PIN code authentication. If a PIN code is not required for your 3G or 3.5G modem, disable this function. (Default: Disabled)

◆ Dial Code — A dialled access code that connects the USB device to the

service provider.

◆ APN Service — The access point name (APN) that uniquely identifies

the 3G or 3.5G service provider.

◆ User Name — The user name of the account registered with the 3G or

3.5G service provider.

– 40 –

Page 41

HAPTER

| Initial Configuration

Setup Wizard

◆ Password — The password of the account registered with the 3G or

3.5G service provider.

◆ Budget Control — Enables a monthly limit on time or total data. For

more information, see “3G” on page 54. (Default: Disabled)

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

STEP 4 - WIRELESS

SECURITY

The Step 4 page of the Wizard configures the wireless network name and security options.

Figure 19: Wizard Step 4 - Wireless Security

The following items are displayed on this page:

◆ Network Name (SSID) — The name of the wireless network service

provided by the wireless 3G Broadband Router. Clients that want to connect to the network must set their SSID to the same as that of the wireless 3G Broadband Router. (Default: “SMC”)

◆ Security Mode — Specifies the security mode for the SSID. Select the

security method and then configure the required parameters. For more information, see “WLAN Security” on page 75. (Options: Disable, Open, Shared, WEP-AUTO, WPA-PSK, WPA2-PSK, WPA-PSK_WPA2-PSK, ; Default: Disable)

– 41 –

Page 42

HAPTER

OTE

To keep your wireless network protected and secure, you should

| Initial Configuration

Setup Wizard

implement the highest security possible. For small networks, it is recommended to select WPA2-PSK using AES encryption as the most secure option. However, if you have older wireless devices in the network that do not support AES encryption, select TKIP as the encryption algorithm.

COMPLETION After completion of the Wizard, the screen returns to the Home Page.

– 42 –

Page 43

5 OPERATION MODE

The following sections are contained in this chapter:

◆ “Logging In” on page 44

◆ “Operation Mode” on page 46

– 43 –

Page 44

LOGGING IN

HAPTER

| Operation Mode

Logging In

It is recommended to make initial configuration changes by connecting a PC directly to the wireless 3G Broadband Router's LAN port. The wireless 3G Broadband Router has a default IP address of 192.168.2.1 and a subnet mask of 255.255.255.0. If your PC is set to “Obtain an IP address automatically” (that is, set as a DHCP client), you can connect immediately to the web interface. Otherwise, you must set your PC IP address to be on the same subnet as the wireless 3G Broadband Router (that is, the PC and wireless 3G Broadband Router addresses must both start 192.168.2.x).

To access the configuration menu, follow these steps:

1. Use your web browser to connect to the management interface using

the default IP address of 192.168.2.1.

2. Log into the wireless 3G Broadband Router management interface by

entering the default user name “admin” and password “smcadmin,” then click OK.

OTE

It is strongly recommended to change the default password the first time you access the web interface. For information on changing passwords, see “Administration Settings” on page 97.

Figure 20: Logging On

– 44 –

Page 45

HAPTER

| Operation Mode

Logging In

The home page displays the main menu items at the top of the screen and the Setup Wizard. See “Setup Wizard” on page 32.

Figure 21: Home Page

OTE

the unit is in Router or Bridge Mode. See “Operation Mode” on page 46.

The displayed pages and settings may differ depending on whether

– 45 –

Page 46

OPERATION MODE

HAPTER

| Operation Mode

Operation Mode

The Operation Mode Configuration page allows you to set up the mode suitable for your network environment.

Figure 22: Operation Mode

The following items are displayed on this page:

◆ Bridge Mode — An access point mode that extends a wired LAN to

wireless clients.

◆ Router Mode — The Router mode that connects a wired LAN and

wireless clients to an Internet access device, such as a cable or DSL modem. This is the factory set default mode.

– 46 –

Page 47

6 NETWORK SETTINGS

The Network Settings pages allow you to manage basic system configuration settings. It includes the following sections:

◆ “WAN Setting” on page 48

■

“DHCP” on page 49

■

“Static IP” on page 49

■

“PPPoE” on page 50

■

“L2TP” on page 51

■

“PPTP” on page 53

■

“3G” on page 54

◆ “LAN Setting” on page 58

◆ “Advanced Routing” on page 60

◆ “ALG” on page 63

OTE

In Bridge mode, the wireless 3G Broadband Router’s Network Settings options are significantly reduced, with only LAN Settings and the Client List being available to the user.

– 47 –

Page 48

WAN SETTING

HAPTER

| Network Settings

WAN Setting

The WAN Setting page specifies the Internet connection parameters. Click on “Network Settings” followed by “WAN”.

By default, the WAN port is configured with DHCP enabled. The options are Static IP, DHCP (cable modem), PPPoE (DSL modem), PPTP, and L2TP. You can also enable support for a USB 3G modem as a WAN connection, either as a primary (Master) link, or as a backup to the WAN port link. Each option selected changes the parameters that are displayed on the page.

◆ Ethernet Port — Select the connection type for the WAN port from the

drop-down list. (Default: DHCP).

■

Cable/Dynamic IP (DHCP) — See “DHCP” on page 49.

■

Static (Fixed IP) — See “Static IP” on page 49.

■

PPPoE (ADSL) — See “PPPoE” on page 50.

■

PPTP — See “PPTP” on page 53.

■

L2TP — See “L2TP” on page 51.

■

Disabled — Disables a WAN connection on the WAN port. A single WAN connection can still be provided using the 3G USB port (see

“3G” on page 54).

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. For more information, see “3G” on page 54. (Default: Disabled)

◆ Enable MAC Clone — Some ISPs limit Internet connections to a

specified MAC address of one PC, which is registered with the ISP. This setting allows you to manually change the MAC address of the Mini 3G Broadband Router’s WAN port to match the PC MAC address provided to your ISP for registration. You can enter the registered MAC address manually by typing it in the box provided. Otherwise, connect only the PC with the registered MAC address to the Mini 3G Broadband Router, then click the “Clone Your PC’s MAC Address.” (Default: Disabled)

OTE

If you are unsure of the PC MAC address originally registered by your ISP, call your ISP and request to register a new MAC address for your account. Register the MAC address of the Mini 3G Broadband Router.

– 48 –

Page 49

HAPTER

| Network Settings

WAN Setting

DHCP Enables Dynamic Host Configuration Protocol (DHCP) for the WAN port.

This setting allows the wireless 3G Broadband Router to automatically obtain an IP address from a DHCP server normally operated by the Internet Service Provider (ISP).

Figure 23: DHCP Configuration

The following items are displayed on this page:

◆ Hostname (Optional) — The name of the DHCP client.

STATIC IP Configures a static IP for the WAN port.

Figure 24: Static IP Configuration

– 49 –

Page 50

HAPTER

| Network Settings

WAN Setting

The following items are displayed on this page:

◆ IP Address — The IP address of the wireless 3G Broadband Router.

Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.

◆ Subnet Mask — The mask that identifies the host address bits used for

routing to specific subnets.

◆ Default Gateway — The IP address of the gateway router for the

wireless 3G Broadband Router, which is used if the requested destination address is not on the local subnet.

◆ Primary DNS Server — The IP address of the Primary Domain Name

Server on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. If you have one or more DNS servers located on the local network, type the IP addresses in the text fields provided. Otherwise, leave the addresses as all zeros (0.0.0.0).

◆ Secondary DNS Server — The IP address of the Secondary Domain

Name Server on the network.

PPPOE Enables the wireless 3G Broadband Router IP address to be assigned

automatically from an Internet service provider (ISP) through a DSL modem using Point-to-Point Protocol over Ethernet (PPPoE).

Figure 25: PPPoE Configuration

– 50 –

Page 51

HAPTER

| Network Settings

WAN Setting

The following items are displayed on this page:

◆ PPPoE User Name — Sets the PPPoE user name for the WAN port.

(Default: pppoe_user; Range: 1~32 characters)

◆ PPPoE Password — Sets a PPPoE password for the WAN port.

(Default: pppoe_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Operation Mode — Selects the operation mode as Keep Alive, On

Demand or Manual. (Default: Keep Alive)

■

Keep Alive Mode: The wireless 3G Broadband Router will periodically check your Internet connection and automatically reestablish your connection when disconnected. (Default: 60 seconds)

■

On Demand Mode: The maximum length of inactive time the unit will stay connected to the DSL service provider before disconnecting. (Default: 5 minutes)

L2TP Enables the Layer 2 Tunneling Protocol (L2TP) for implementing virtual

private networks. The service is provided in many European countries.

Figure 26: L2TP Configuration

– 51 –

Page 52

HAPTER

| Network Settings

WAN Setting

The following items are displayed on this page:

◆ Server IP — Sets the L2TP server IP Address. (Default: l2tp_server)

◆ User Name — Sets the L2TP user name for the WAN port.

(Default: l2tp_user; Range: 1~32 characters)

◆ Password — Sets a L2TP password for the WAN port. (Default:

l2tp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a L2TP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when L2TP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when L2TP Network Mode is set to static IP.)

◆ Default Gateway — The IP address of the gateway router for the

wireless 3G Broadband Router, which is used if the requested destination address is not on the local subnet.

◆ Operation Mode — Selects the operation mode as Keep Alive, or

Manual. (Default: Keep Alive)

■

Keep Alive Mode: The wireless 3G Broadband Router will periodically check your Internet connection and automatically reestablish your connection when disconnected. (Default: 60 seconds)

■

Manual Mode: The unit will remain connected to the Internet without disconnecting.

– 52 –

Page 53

HAPTER

| Network Settings

WAN Setting

PPTP Enables the Point-to-Point Tunneling Protocol (PPTP) for implementing

virtual private networks. The service is provided in many European countries.

Figure 27: PPTP Configuration

The following items are displayed on this page:

◆ Server IP — Sets a PPTP server IP Address. (Default: pptp_server)

◆ User Name — Sets the PPTP user name for the WAN port. (Default:

pptp_user; Range: 1~32 characters)

◆ Password — Sets a PPTP password for the WAN port. (Default:

pptp_password; Range: 1~32 characters)

◆ Verify Password — Prompts you to re-enter your chosen password.

◆ Address Mode — Sets a PPTP network mode. (Default: Static)

◆ IP Address — Sets the static IP address. (Default: 0.0.0.0, available

when PPTP Network Mode is set to static IP.)

◆ Subnet Mask — Sets the static IP subnet mask. (Default:

255.255.255.0, available when PPTP Network Mode is set to static IP.)

– 53 –

Page 54

HAPTER

| Network Settings

WAN Setting

◆ Default Gateway — The IP address of the gateway router for the

wireless 3G Broadband Router, which is used if the requested destination address is not on the local subnet.

◆ Operation Mode — Selects the operation mode as Keep Alive, or

Manual. (Default: Keep Alive)

■

Keep Alive Mode: The wireless 3G Broadband Router will periodically check your Internet connection and automatically reestablish your connection when disconnected. (Default: 60 seconds)

■

Manual Mode: The unit will remain connected to the Internet without disconnecting.

3G Enables support for a USB 3G modem as a WAN connection, either as a

primary (Master) link, or as a backup to the WAN port link.

Figure 28: 3G Configuration - Dual WAN Mode

The following items are displayed in this section on this page:

◆ USB Port — Enables support for a WAN connection using a USB 3G

modem. When enabled, you can select if the 3G modem connection operates as the Master or Backup WAN link. (Default: Disabled)

◆ Master WAN — Enables the USB 3G modem WAN connection to

operate as the primary WAN link. The Ethernet WAN port then operates as the backup link. (Default: Disabled)

◆ Backup WAN — Enables the USB 3G modem WAN connection to

operate as the backup to the Ethernet WAN port link. (Default: Enabled)

– 54 –

Page 55

HAPTER

| Network Settings

WAN Setting

◆ Fallback of Dual WAN — The operation of the fallback between dual

WAN connections is as follows: (Default: Disabled)

■

◆ WAN connection test: Sets known IP addresses to ping on the WAN

links to check for connectivity.

■

Detect IP Address of Master WAN — An IP address to which a ping packet is sent to detect if the Master WAN connection is valid.

■

Detect IP Address of Backup WAN — An IP address to which a ping packet is sent to detect if the Backup WAN connection is valid.

■

Ping Timeout — Sets the ping time out. (Range: 1~5 seconds; Default: 3 seconds)

Figure 29: 3G Configuration - Account Setup

The following items are displayed in this section on this page:

◆ Pin Code Protect — Enables the use of a PIN code (personal

◆ Dial Code — A dialled access code that connects the USB device to the

service provider.

– 55 –

Page 56

HAPTER

| Network Settings

WAN Setting

◆ APN Service — The access point name (APN) that uniquely identifies

the 3G or 3.5G service provider.

◆ User Name — The user name of the account registered with the 3G or

3.5G service provider.

◆ Password — The password of the account registered with the 3G or

3.5G service provider.

Figure 30: 3G Configuration - Budget Control

The following items are displayed in this section on this page:

◆ Budget Control — Enables a monthly limit on time or total data.

(Default: Disabled)

◆ Budget Criterion — Specifies budget limits set by time or data.

■

Time Budget — Specify the amount of time (in hours) that can be used for the 3G connection per month. (Range: 1~999 hours; Default: 1 hour)

■

Data Budget — Specify how much Download/Upload data (in MBytes) is allowed per month for the 3G connection. The drop-down list specifies if the data budget is for download, upload, or download and upload. (Range: 3~4000 MBytes; Default: 3 MBytes)

◆ Budget Policy — Specifies the action to take when budget limits have

been reached.

■

Action if Over Budget — Specifies the the action to take when a budget limit has been exceeded:

■

Drop Current Connection — Immediately drop the current connection. (Default: Enabled)

– 56 –

Page 57

HAPTER

| Network Settings

WAN Setting

■

Disallow New Connection — Do not permit any new connections. (Default: Enabled)

■

Trigger by Limit Budget — Specifies the percentage of the time or data budget at which to start sending E-mail alerts at the indicated time interval. When E-mail alerts are enabled, be sure to configure the E-mail settings. (Default: 90% of budget, E-mail Alerts disabled, recurring every 10 minutes)

◆ Budget Counter — Select the day of the month on which to reset the

time/data budget counters. (Default: 1st day per month)

Figure 31: 3G Configuration - E-mail Settings

The following items are displayed in this section on this page:

◆ E-mail Settings — The unit can use SMTP (Simple Mail Transfer

Protocol) to send E-mail messages when triggered by the specified budget policy limits.

■

Mail SMTP Authentication — Specifies a user name and password for SMTP server authentication. (Options: PLAIN, LOGIN, or Disabled.)

■

User Name — Enter the user name for the SMTP server account.

■

Password — Enter the password for the SMTP server account.

■

Mail Server — Specifies the URL of the SMTP mail server that will send the alert messages.

■

Mail Sender — Specifies an E-mail address on the SMTP server that will send the alert messages.

◆ Mail Recipient — The E-mail address of the recipient of the alert

messages.

– 57 –

Page 58

LAN SETTING

HAPTER

| Network Settings

LAN Setting

The wireless 3G Broadband Router must have a valid IP address for management using a web browser and to support other features. The unit has a default IP address of 192.168.2.1. You can use this IP address or assign another address that is compatible with your existing local network. Click on “Network Settings” followed by “LAN.”

Figure 32: LAN Configuration

– 58 –

Page 59

HAPTER

| Network Settings

LAN Setting

The following items are displayed on this page:

◆ MAC Address — The physical layer address for the wireless 3G

Broadband Router’s LAN port.

◆ IP Address — Valid IP addresses consist of four decimal numbers, 0 to

255, separated by periods. (Default: 192.168.2.1)

◆ Subnet Mask — Indicate the local subnet mask.

(Default: 255.255.255.0.)

◆ DHCP Server — Enable this feature to assign IP settings to wired and

wireless clients connected to the wireless 3G Broadband Router. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to clients. (Options: Enable, Disable; Default: Enable)

◆ Start/End IP Address — Specify the start and end IP addresses of a

range that the DHCP server can allocate to DHCP clients. Note that the address pool range is always in the same subnet as the unit’s IP setting. The maximum clients that the unit can support is 253.

◆ Primary DNS Server – The IP address of Domain Name Servers on

the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.

◆ Secondary DNS Server – The IP address of the Secondary Domain

Name Server on the network.

◆ Default Gateway – The default gateway is the IP address of the router

for the wireless 3G Broadband Router, which is used if the requested destination address is not on the local subnet.

◆ Lease Time — Select a time limit for the use of an IP address from the

IP pool. When the time limit expires, the client has to request a new IP address. The lease time is expressed in we eks, days or hours. (Options: Forever, Two weeks, One week, Two days, One day, Half day, Two hours, One hour, Half hour; Default: One week)

– 59 –

Page 60

ADVANCED ROUTING

HAPTER

| Network Settings

Advanced Routing

◆ LLTD — Link Layer Topology Discovery (LLTD) is a Microsoft proprietary

discovery protocol which can be used for both wired and wireless networks. (Options: Disable/Enable, Default: Enabled)

◆ IGMP Proxy — Enables IGMP proxy on the wireless 3G Broadband

Router. (Options: Disable/Enable, Default: Disabled)

◆ UPNP — Allows the device to advertise its UPnP capabilities. (Default:

Enabled)

◆ PPPoE Relay — When enabled, the wireless 3G Broadband Router will

forward PPPoE messages to clients. Clients are then able to connect to the PPPoE service through the WAN port. (Options: Disable/Enable, Default: Disabled)

Routing setup allows a manual method to set up routing between networks. The network administrator configures static routes by entering routes directly into the routing table. Static routing has the advantage of being predictable and easy to configure.

ADVANCED ROUTING

SETTINGS

This screen is used to manually configure static routes to other IP networks, subnetworks, or hosts. Click “Network Settings” followed by “Advanced Routing.” (Maximum 32 entries are allowed.)

Figure 33: Advanced Routing (Router Mode)

The following items are displayed on this page:

◆ Destination — A destination network or specific host to which packets

can be routed.

◆ Type — Defines the type of destination. (Options: Host/Net, Default:

Host)

– 60 –

Page 61

HAPTER

| Network Settings

Advanced Routing

◆ Gateway — The IP address of the router at the next hop to which

matching frames are forwarded.

◆ Interface — The selected interface to which a static routing subnet is

to be applied.

◆ Comment — Enters a useful comment to help identify this route.

ROUTING TABLE This page displays the information necessary to forward a packet along the

best path toward its destination. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network.

OTE

The Routing Table is only available when the wireless 3G Broadband Router is set to Router Mode.

Figure 34: Routing Table (Router Mode)

◆ Destination — Displays all destination networks or specific hosts to

which packets can be routed.

◆ Netmask — Displays the subnetwork associated with the destination.

◆ Gateway — Displays the IP address of the router at the next hop to

which matching frames are forwarded.

◆ Flags — Flags – Possible flags identify as below

■

0: reject route

■

1: route is up

3: route is up, use gateway

5: route is up, target is a host

7: route is up, use gateway, target is a host

– 61 –

Page 62

HAPTER

| Network Settings

Advanced Routing

◆ Metric — A number used to indicate the cost of the route so that the

best route, among potentially multiple routes to the same destination, can be selected.

◆ Ref — Number of references to this route.

◆ Use — Count of lookups for the route.

◆ Interface — Interface to which packets for this route will be sent.

◆ Comment — Displays a useful comment to identify the routing rules.

DYNAMIC ROUTE ◆ The wireless 3G Broadband Router supports RIP 1 and RIP 2 dynamic

routing protocol. Routing Information Protocol (RIP) is the most widely used method for dynamically maintaining routing tables. RIP uses a distance vector-based approach to routing. Routes are chosen to minimize the distance vector, or hop count, which serves as a rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table. This allows all routers on the network to build consistent tables of next hop links which lead to relevant subnets.

Figure 35: Dynamic Route (Router Mode)

◆ RIP — Enables or disable the RIP protocol for the WAN or LAN

interface. (Options: Disable/v1/v2, Default: Disable)

– 62 –

Page 63

ALG

HAPTER

| Network Settings

ALG

The application gateway settings provide a filter for certain protocol data (such as FTP and SIP) to pass through the wireless 3G Broadband Router NAT and firewall restrictions.

Figure 36: ALG Settings (Router Mode)

◆ FTP Support — Allows FTP packets to pass through the wireless 3G

Broadband Router.

◆ TFTP Support — Allows TFTP packets to pass through the wireless 3G

Broadband Router.

◆ H.323 Support — Allows H.323 packets to pass through the wireless

3G Broadband Router to support audio, data and video conferencing for teleconferencing.

◆ SIP Support — Allows SIP packets to pass through the wireless 3G

Broadband Router.

– 63 –

Page 64

7 WIRELESS CONFIGURATION

The wireless settings section displays configuration settings for the access point functionality of the wireless 3G Broadband Router. It includes the following sections:

◆ “Basic Settings” on page 64

◆ “Advanced Settings” on page 69

◆ “WLAN Security” on page 75

◆ “Wireless Distribution System (WDS)” on page 83

◆ “Wi-Fi Protected Setup (WPS)” on page 86

◆ “Station List” on page 88

BASIC SETTINGS

The IEEE 802.11n interface includes configuration options for radio signal characteristics and wireless security features.

The wireless 3G Broadband Router’s radio can operate in six modes, mixed

802.11b/g/n, mixed 802.11b/g, mixed 802.11g/n, 802.11n only, 802.11b only, or 802.11g only. Note that 802.11g is backward compatible with

802.11b, and 802.11n is backward compatible with 802.11b/g at slower data transmit rates.

The wireless 3G Broadband Router supports two virtual access point (VAP) interfaces. One VAP is the primary (Network Name SSID), and the other one is referred to as "Multiple SSID1." Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings. However, most radio signal parameters apply to all VAP interfaces.

Traffic to specific VAPs can be segregated based on user groups or application traffic. All VAPs can have up to 64 wireless clients, whereby the clients associate with these VAPs the same as they would with a physical access point.

OTE

The radio channel settings for the access point are limited by local regulations, which determine the number of channels that are available.

– 64 –

Page 65

HAPTER

| Wireless Configuration

Basic Settings

The Basic Settings page allows you to configure the wireless network name (Service Set Identifier or SSID) and set the wireless security method.

Click on “Wireless Settings,” followed by “Basic.”

OTE

There are several variables to consider when selecting a radio mode that make it fully functional. Simply selecting the mode you want is not enough to ensure full compatibility for that mode. Information on these variables may be found in the Advanced Setting section.

Figure 37: Basic Settings

The following items are displayed on this page:

◆ Wireless On/Off — Enables or Disable the radio. (Default: Enabled)

◆ Network Mode — Defines the radio operating mode. (Default: 11b/g/

n Mixed)

■

11b/g mixed: Both 802.11b and 802.11g clients can communicate with the wireless 3G Broadband Router (up to 108 Mbps), but data transmission rates may be slowed to compensate for 802.11b clients. Any 802.11n clients will also be able to communicate with the wireless 3G Broadband Router, but they will be limited to

802.11g protocols and data transmission rates.

11b only: All 802.11b, 802.11g, and 802.11n clients will be able to communicate with the wireless 3G Broadband Router, but the

802.11g and 802.11n clients will be limited to 802.11b protocols and data transmission rates (up to 11 Mbps).

– 65 –

Page 66

HAPTER

■

11g only: Both 802.11g and 802.11n clients will be able to

| Wireless Configuration

Basic Settings

communicate with the wireless 3G Broadband Router, but the

802.11n clients will be limited to 802.11g protocols and data transmission rates (up to 54 Mbps). Any 802.11b clients will not be able to communicate with the wireless 3G Broadband Router.

■

11n only: Only 802.11n clients will be able to communicate with the wireless 3G Broadband Router (up to 150 Mbps).

■

11b/g/n Mixed: All 802.11b/g/n clients can communicate with the wireless 3G Broadband Router (up to 150 Mbps), but data transmission rates may be slowed to compensate for 802.11b/g clients.

◆ Network Name (SSID) — The name of the wireless network service

provided by the wireless 3G Broadband Router. Clients that want to connect to the network must set their SSID to the same as that of the wireless 3G Broadband Router. (Default: “SMC”; Range: 1-32 characters)

◆ Multiple SSID1 — One additional VAP interface supported on the

device. (Default: no name configured; Range: 1-32 characters)

◆ Broadcast Network Name (SSID) — By default, the wireless 3G

Broadband Router always broadcasts the SSID in its beacon signal. Disabling the SSID broadcast increases security of the network because wireless clients need to already know the SSID before attempting to connect. When set to disable, the Network Name SSID, and SSID1 are automatically set to “Hide.” (Default: Enabled)

◆ AP Isolation — The wireless 3G Broadband Router will isolate

communincation between all clients in order to protect them. Normally for users who are at hotspots. (Default: Disabled)

◆ MBSSID AP Isolation — The wireless 3G Broadband Router will

isolate wireless clients from different SSID.

◆ BSSID — The identifier (MAC address) of the wireless 3G Broadband

Router in the Basic Service Set (BSS) network.

◆ Frequency (Channel) — The radio channel that the wireless 3G

Broadband Router uses to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least five channels apart to avoid interference with each other. For example, you can deploy up to three access points in the same area using channels 1, 6, 11. Note that wireless clients automatically set the channel to the same as that used by the wireless 3G Broadband Router to which it is linked. Selecting Auto Select enables the wireless 3G Broadband Router to automatically select an unoccupied radio channel. (Default: 2437MHz)

– 66 –

Page 67

HAPTER

| Wireless Configuration

Basic Settings

HT PHYSICAL MODE

SETTINGS

The HT Physical Mode section on the Wireless Settings Advanced page includes additional parameters for 802.11n operation.

Figure 38: HT Physical Mode Settings

The following items are displayed in this section on this page:

◆ HT Operation Mode — Packets from 802.11n clients are referred to as

High Throughput (HT) Greenfield packets, in other words packets that can be transmitted at rates of up to 300 Mbps assuming that HT Channel Bandwidth is set to 20/40Mhz, see HT Channel Bandwidth next page.

OTE

Some 802.11n wireless clients may be capable of transmission rates of up to 600 Mbps, however the wireless 3G Broadband Router will only be able to connect to them at a maximum transmission rate of 300 Mbps.

802.11b/g packets are referred to as non-HT packets, being transmitted at lower throughput rates. HT mixed format frames contain a preamble compatible with the non-HT receivers. HT Greenfield frames do not contain a non-HT compatible part. Support for HT Greenfield format is optional. An HT station that does not support the reception of an HT Greenfield format frame must be able to detect that an HT Greenfield format frame is an HT transmission (as opposed to a non-HT transmission). In this case the receiver must decode the high throughput signal (HT-SIG) in the packet header and determine if the HT-SIG cyclic redundancy check (CRC) passes. (Default: Mixed)

◆ HT Channel Bandwidth — The wireless 3G Broadband Router

provides a channel bandwidth of 40 MHz by default giving an 802.11g connection speed of 108 Mbps (sometimes referred to as Turbo Mode) and a 802.11n connection speed of up to 150 Mbps. Setting the HT Channel Bandwidth to 20 MHz slows connection speed for 802.11g and

802.11n to 54 Mbps and 74 Mbps respectively and ensures backward compliance for slower 802.11b devices. (Default: 20MHz)

– 67 –

Page 68

HAPTER

| Wireless Configuration

Basic Settings

◆ Guard Interval — The guard interval between symbols helps receivers

overcome the effects of multipath delays. When you add a guard time, the back portion of useful signal time is copied and appended to the front. (Default: Auto)

◆ MCS — The Modulation and Coding Scheme (MCS) is a value that

determines the modulation, coding and number of spatial channels. (Options: value [range] = 0~7 (1 Tx Stream), 8~15 (2 TxStream), 32 and auto (33). Default: auto)

◆ Reverse Direction Grant (RDG) — When Reverse Direction Grant is

enabled, the wireless 3G Broadband Router can reduce the transmitted data packet collision by using the reverse direction protocol. During TXOP (Transmission Opportunity) period, the receiver could use remaining transmission time to transmit data to a sender. The RDG improves transmission performance and scalability in a wireless environment.

◆ Aggregate MSDU (A-MSDU) — This option enables Mac Service Data

Unit (MSDU) aggregation. (Default: Disabled)

◆ Auto Block ACK — Select to block ACK (Acknowledge Number) or not

during data transferring.

◆ Decline BA Request — Select to reject peer BA-Request or not.

OTHER HT SETTINGS Figure 39: HT Physical Mode Settings

◆ HT TxStream – HT means High Throughput. The number of HT

TxStream means how many antennas will transmit data simultaneously. (Options: 1 or 2. Default: 2)

◆ HT RxStream – The number of HT RxStream means how many

antennas will receive data simultaneously. (Options: 1 or 2. Default: 2)

– 68 –

Page 69

HAPTER

| Wireless Configuration

Advanced Settings

ADVANCED SETTINGS

The Advanced Settings page includes additional parameters concerning the wireless network and Wi-Fi Multimedia settings.

OTE

ADVANCED WIRELESS The Advanced Wireless section on the Wireless Settings Advanced page

includes additional radio parameters.

Figure 40: Advanced Wireless Settings

The following items are displayed in this section on this page:

◆ BG Protection Mode — Enables a backward compatible protection

mechanism for 802.11b clients. There are three modes: (Default: Auto)

■

Auto — The unit enables its protection mechanism for 802.11b clients when they are detected in the network. When 802.11b clients are not detected, the protection mechanism is disabled.

– 69 –

Page 70

HAPTER

■

On — Forces the unit to always use protection for 802.11b clients,

| Wireless Configuration

Advanced Settings

whether they are detected in the network or not. Note that enabling b/g Protection can slow throughput for 802.11g/n clients by as much as 50%.

■

Off — Forces the unit to never use protection for 802.11b clients. This prevents 802.11b clients from connecting to the network.

◆ Beacon Interval — The rate at which beacon signals are transmitted

from the access point. The beacon signals allow wireless clients to maintain contact with the access point. They may also carry powermanagement information. (Range: 20-999 TUs; Default: 100 TUs)

◆ Data Beacon Rate (DTIM) — The rate at which stations in sleep

mode must wake up to receive broadcast/multicast transmissions. Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using Power Save mode. The default value of one beacon indicates that the access point will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. (Range: 1-255 beacons; Default: 1 beacon)

◆ Fragmentation Threshold – Configures the minimum packet size that

can be fragmented when passing through the access point. Fragmentation of the PDUs (Package Data Unit) can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size. If there is significant interference present, or collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. (Range: 2562346 bytes; Default: 2346 bytes)

◆ RTS Threshold — Sets the packet size threshold at which a Request to

Send (RTS) signal must be sent to a receiving station prior to the sending station starting communications. The access point sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an RTS frame, the station sends a CTS (clear to send) frame to notify the sending station that it can start sending data. If the RTS threshold is set to 0, the access point always sends RTS signals. If set to 2347, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled.

The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2347 bytes: Default: 2347 bytes)

– 70 –

Page 71

HAPTER

| Wireless Configuration

Advanced Settings

◆ Short Preamble — Sets the length of the signal preamble that is used

at the start of a data transmission. Use a short preamble (96 microseconds) to increase data throughput when it is supported by all connected 802.11g clients. Use a long preamble (192 microseconds) to ensure all 802.11b clients can connect to the network. (Default: Disabled)

◆ Short Slot — Sets the basic unit of time the access point uses for

calculating waiting times before data is transmitted. A short slot time (9 microseconds) can increase data throughput on the access point, but requires that all clients can support a short slot time (that is, 802.11gcompliant clients must support a short slot time). A long slot time (20 microseconds) is required if the access point has to support

802.11b clients. (Default: Enabled)

◆ TX Burst — A performance enhancement that transmits a number of

data packets at the same time when the feature is supported by compatible clients. (Default: Enabled)

◆ Packet Aggregate — A performance enhancement that combines data

packets together when the feature is supported by compatible clients. (Default: Enabled)

WI-FI MULTIMEDIA The wireless 3G Broadband Router implements Quality of Service (QoS)

using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the developing IEEE 802.11e QoS standard and it enables access points to interoperate with both WMMenabled clients and other devices that may lack any WMM functionality.

WMM defines four access categories (ACs): voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags (see Tab le 3 ). The direct mapping of the four ACs to 802.1D priorities is specifically intended to facilitate interoperability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WMM allows the priority levels to be configured to match any network-wide QoS policy. WMM also specifies a protocol that access points can use to communicate the configured traffic priority levels to QoS-enabled wireless clients.

– 71 –

Page 72

Table 3: WMM Access Categories

HAPTER

| Wireless Configuration

Advanced Settings

Access Category

AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive

AC_VI (AC2) Video High priority, minimum delay. Time-sensitive

AC_BE (AC0) Best Effort Normal priority, medium delay and throughput.

AC_BK (AC1) Background Lowest priority. Data with no delay or

WMM Designation

Description 802.1D

data such as VoIP (Voice over IP) calls.

data such as streaming video.

Data only affected by long delays. Data from applications or devices that lack QoS capabilities.

throughput requirements, such as bulk data transfers.

Tags

7, 6

5, 4

0, 3

2, 1

The Wi-Fi Multimedia section on the Wireless Settings Advanced page allows you to enable WMM and set detailed QoS parameters.

Figure 41: Wi-Fi Multimedia Settings

The following items are displayed in this section on this page:

◆ WMM — Sets the WMM operational mode on the access point. When

enabled, the QoS capabilities are advertised to WMM-enabled clients in the network. WMM must be supported on any device trying to associated with the access point. Devices that do not support this feature will not be allowed to associate with the access point. (Default: Enabled)

◆ APSD — When WMM is enabled, Automatic Power Save Delivery

(APSD) can also be enabled. APSD is an efficient power management method that enables client devices sending WMM packets to enter a low-power sleep state between receiving and transmitting data. (Default: Disabled)

◆ WMM Parameters — Click the WMM Configuration button to set

detailed WMM parameters.

– 72 –

Page 73

Figure 42: WMM Configuration

HAPTER

| Wireless Configuration

Advanced Settings

The following items are displayed in the WMM Configuration window:

◆ AIFSN (Arbitration Inter-Frame Space) — The minimum amount of

wait time before the next data transmission attempt. Specify the AIFS value in the range 0-15 microseconds.

◆ CWMin (Minimum Contention Window) — The initial upper limit of the

random backoff wait time before wireless medium access can be attempted. The initial wait time is a random value between zero and the CWMin value. Specify the CWMin value in the range 0-15 microseconds. Note that the CWMin value must be equal or less than the CWMax value.

◆ CWMax (Maximum Contention Window) — The maximum upper limit

of the random backoff wait time before wireless medium access can be attempted. The contention window is doubled after each detected collision up to the CWMax value. Specify the CWMax value in the range 0-15 microseconds. Note that the CWMax value must be greater or equal to the CWMin value.

◆ Txop (Transmit Opportunity Limit) — The maximum time an AC

transmit queue has access to the wireless medium. When an AC queue is granted a transmit opportunity, it can transmit data for a time up to the TxOpLimit. This data bursting greatly improves the efficiency for high data-rate traffic. Specify a value in the range 0-65535 microseconds.

– 73 –

Page 74

HAPTER

| Wireless Configuration

Advanced Settings

◆ ACM — The admission control mode for the access category. When

enabled, clients are blocked from using the access category. (Default: Disabled)

◆ AckPolicy — By default, all wireless data transmissions require the

sender to wait for an acknowledgement from the receiver. WMM allows the acknowledgement wait time to be turned off for each Access Category (AC) 0-3. Although this increases data throughput, it can also result in a high number of errors when traffic levels are heavy. (Default: Acknowledge)

MULTICAST-TO-

UNICAST CONVERTER

The Multicast-to-Unicast Converter section on the Wireless Settings Advanced page allows you to enable multicast traffic conversion.

Converting multicast traffic to unicast before sending to wireless clients allows a longer DTIM (Data Beacon Rate) interval to be set. A longer DTIM interval prevents clients in power-save mode having to activate their radios to receive the multicast data, which saves battery life.

Figure 43: Multicast-to-Unicast Converter

The following items are displayed in this section on this page:

◆ Multicast-to-Unicast — Enables multicast traffic streams to be

converted to unicast traffic before delivery to wireless clients. (Default: Disabled)

– 74 –

Page 75

WLAN SECURITY

HAPTER

| Wireless Configuration

WLAN Security

The wireless 3G Broadband Router’s wireless interface is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with a configured SSID of “ANY” can read the SSID from the beacon, and automatically set their SSID to allow immediate connection to the wireless network.

To implement wireless network security, you have to employ one or both of the following functions:

◆ Authentication — It must be verified that clients attempting to

connect to the network are authorized users.

◆ Traffic Encryption — Data passing between the unit and clients must

be protected from interception and eavesdropping.

The wireless 3G Broadband Router supports supports ten different security mechanisms that provide various levels of authentication and encryption depending on the requirements of the network.

The wireless 3G Broadband Router supports two SSID interfaces. Each SSID interface functions as a separate access point, and can be configured with its own security settings.

Click on “Wireless Settings,” followed by “Basic”.

Figure 44: Security Mode Options

The supported security mechanisms and their configuration parameters are described in the following sections:

◆ OPEN, SHARED, WEP-AUTO — See “Wired Equivalent Privacy (WEP)”

on page 76

◆ WPA-PSK, WPA2-PSK, WPA-PSK_WPA2-PSK — See “WPA Pre-

Shared Key” on page 77

◆ WPA, WPA2, WPA1_WPA2 — See “WPA Enterprise Mode” on

page 79

– 75 –

Page 76

HAPTER

| Wireless Configuration

◆ 802.1X — See “IEEE 802.1X and RADIUS” on page 81

WLAN Security

WIRED EQUIVALENT

PRIVACY (WEP)

WEP provides a basic level of security, preventing unauthorized access to the network, and encrypting data transmitted between wireless clients and an access point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network.

When you select to use WEP, be sure to define at least one static WEP key for user authentication or data encryption. Also, be sure that the WEP shared keys are the same for each client in the wireless network.

Figure 45: Security Mode - WEP

The following items are displayed in this section on this page:

Security Mode — Configures the WEP security mode used by clients. When using WEP, be sure to define at least one static WEP key for the wireless 3G Broadband Router and all its clients. (Default: Disabled)

◆ OPEN — Open-system authentication accepts any client attempting to

connect the wireless 3G Broadband Router without verifying its identity. In this mode the default data encryption type is “WEP.”

◆ SHARED — The shared-key security uses a WEP key to authenticate

clients connecting to the network and for data encryption.

◆ WEP-AUTO — Allows wireless clients to connect to the network using

Open-WEP (uses WEP for encryption only) or Shared-WEP (uses WEP for authentication and encryption).

◆ Encrypt Type — Selects WEP for data encryption (OPEN mode only).

– 76 –

Page 77

HAPTER

| Wireless Configuration

WLAN Security

◆ Default Key — Selects the WEP key number to use for authentication

or data encryption. If wireless clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys. (Default: 1; Range: 1~4)

◆ WEP Keys 1 ~ 4 — Sets WEP key values. The user must first select

ASCII or hexadecimal keys. Each WEP key has an index number. Enter key values that match the key type and length settings. Enter 5 alphanumeric characters or 10 hexadecimal digits for 64-bit keys, or enter 13 alphanumeric characters or 26 hexadecimal digits for 128-bit keys. (Default: Hex, no preset value)

WPA PRE-SHARED

KEY

Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP pending the adoption of a more robust wireless security standard. WPA2 includes the complete wireless security standard, but also offers backward compatibility with WPA. Both WPA and WPA2 provide an “enterprise” and “personal” mode of operation.

For small home or office networks, WPA and WPA2 provide a simple “personal” operating mode that uses just a pre-shared key for network access. The WPA Pre-Shared Key (WPA-PSK) mode uses a common password phrase for user authentication that is manually entered on the access point and all wireless clients. Data encryption keys are automatically generated by the access point and distributed to all clients connected to the network.

Figure 46: Security Mode - WPA-PSK

The following items are displayed in this section on this page:

Security Mode — Configures the WPA-PSK and WPA2-PSK security modes used by clients. When using WPA-PSK or WPA2-PSK, be sure to define the shared key for the wireless 3G Broadband Router and all its clients. (Default: Disabled)

◆ WPA-PSK — Clients using WPA with a Pre-shared Key are accepted for

authentication. The default data encryption type for WPA is TKIP.

– 77 –

Page 78

HAPTER

| Wireless Configuration

WLAN Security

◆ WPA2-PSK — Clients using WPA2 with a Pre-shared Key are accepted

for authentication. The default data encryption type for WPA is AES.

◆ WPA-PSK_WPA2-PSK — Clients using WPA or WPA2 with a Pre-

shared Key are accepted for authentication. The default data encryption type is TKIP/AES.

◆ WPA Algorithms — Selects the data encryption type to use. (Default

is determined by the Security Mode selected.)

■

TKIP — Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys.

■

AES — Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AESCCMP) provides extremely robust data confidentiality using a 128bit key. Use of AES-CCMP encryption is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware.

■

TKIP/AES — Uses either TKIP or AES keys for encryption. WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for each client.

◆ Pass Phrase — The WPA Preshared Key can be input as an ASCII

string (an easy-to-remember form of letters and numbers that can include spaces) or Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64 Hexadecimal digits)

◆ Key Renewal Interval — Sets the time period for automatically

changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds)

– 78 –

Page 79

HAPTER

| Wireless Configuration

WLAN Security

WPA ENTERPRISE

MODE

For enterprise deployment, WPA and WPA2 use IEEE 802.1X for user authentication and require a RADIUS authentication server to be configured on the wired network. Data encryption keys are automatically generated and distributed to all clients connected to the network.

Figure 47: Security Mode - WPA

The following items are displayed in this section on this page:

Security Mode — Configures the WPA and WPA2 security modes used by clients. When using WPA or WPA2, be sure there is a RADIUS server in the connected wired network, and that the RADIUS settings are configured. See “IEEE 802.1X and RADIUS” on page 81 for more information. (Default: Disable)

◆ WPA — Clients using WPA with an 802.1X authentication method are

accepted for authentication. The default data encryption type for WPA is TKIP.

◆ WPA2 — Clients using WPA2 with an 802.1X authentication method

are accepted for authentication. The default data encryption type for WPA is AES.

– 79 –

Page 80

HAPTER

| Wireless Configuration

WLAN Security

◆ WPA1_WPA2 — Clients using WPA or WPA2 with an 802.1X

authentication method are accepted for authentication. The default data encryption type is TKIP/AES.

◆ WPA Algorithms — Selects the data encryption type to use. (Default

is determined by the Security Mode selected.)

■

◆ Key Renewal Interval — Sets the time period for automatically

changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds)

◆ PMK Cache Period — WPA2 provides fast roaming for authenticated

clients by retaining keys and other security information in a cache, so that if a client roams away from an access point and then returns reauthentication is not required. This parameter sets the time for deleting the cached WPA2 Pairwise Master Key (PMK) security information. (Default: 10 minutes)

◆ Pre-Authentication — When using WPA2, pre-authentication can be

enabled that allows clients to roam to another access point and be quickly associated without performing full 802.1X authentication. (Default: Disabled)

– 80 –

Page 81

HAPTER

| Wireless Configuration

WLAN Security

IEEE 802.1X AND

RADIUS

IEEE 802.1X is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. The 802.1X standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, user names and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the client can access the network.

Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.

The WPA and WPA2 enterprise security modes use 802.1X as the method of user authentication. IEEE 802.1X can also be enabled on its own as a security mode for user authentication. When 802.1X is used, a RADIUS server must be configured and be available on the connected wired network.

OTE

This guide assumes that you have already configured RADIUS server(s) to support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software.

Figure 48: Security Mode - 802.1X

The following items are displayed in this section on this page:

Security Mode — Configures the 802.1X security mode used by clients. When using 802.1X, either with WPA/WPA2 or on its own, be sure there is a configured RADIUS server in the connected wired network. (Default: Disabled)

– 81 –

Page 82

HAPTER

| Wireless Configuration

WLAN Security

802.1X WEP: Selects WEP keys for data encryption. When enabled, WEP encryption keys are automatically generated by the RADIUS server and distributed to all connected clients. (Default: Disabled)

RADIUS Server — Configures RADIUS server settings.

◆ IP Address — Specifies the IP address of the RADIUS server.

◆ Port — The User Datagram Protocol (UDP) port number used by the

RADIUS server for authentication messages. (Range: 1024-65535; Default: 1812)

◆ Shared Secret — A shared text string used to encrypt messages

between the access point and the RADIUS server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string. (Maximum length: 20 characters)

◆ Session Timeout — Number of seconds the access point waits for a

reply from the RADIUS server before resending a request. (Range: 160 seconds; Default: 0)

◆ Idle Timeout — Sets the maximum time (in seconds) of client

inactivity before a session is terminated.

ACCESS POLICY The wireless 3G Broadband Router provides a MAC address filtering facility.

The access policy can be set to allow or reject specific station MAC addresses. This feature can be used to connect known wireless devices that may not be able to support the configured security mode.

Figure 49: Access Policy

The following items are displayed in this section on this page:

◆ Access Policy — The access policy can be set to allow or reject specific

station MAC addresses.

◆ Add a station MAC — Enter the MAC address of the station that you

want to filter. MAC addresses must be entered in the format xx:xx:xx:xx:xx:xx.

– 82 –

Page 83

WIRELESS DISTRIBUTION SYSTEM (WDS)

The radio interface can be configured to operate in a mode that allows it to forward traffic directly to other wireless 3G Broadband Router units. This feature can be used to extend the range of the wireless network to reach remote clients, or to link disconnected network segments to an Internet connection.

To set up links between units, you must configure the Wireless Distribution System (WDS) forwarding table by specifying the wireless MAC address of all units to which you want to forward traffic.

OTE

All units in a WDS wireless network must be configured with the same SSID and use the same radio channel. Also each WDS link must be configured with the same encryption key on both units in the link.

Up to four WDS links can be specified for each unit in the WDS network. The following figures illustrate an example WDS network. Figure 50 shows the manual set up of MAC addresses for units in the WDS network.

Figure 51 shows the basic configuration required on each unit in the WDS

network.

HAPTER

Wireless Distribution System (WDS)

| Wireless Configuration

Figure 50: Manual WDS MAC Address Configuration

– 83 –

Page 84

HAPTER

Wireless Distribution System (WDS)

Figure 51: WDS Configuration Example

| Wireless Configuration

A WDS link between two units can be configured in any of the following Operation Mode combinations:

1. Both units in a link are configured as Router Mode.

2. One unit in a link is configured in Router Mode and the other in Bridge

Mode.

3. Both units in a link are configured as Bridge Mode.

When two or more units in the WDS network are set to Router Mode, be sure to check these settings:

◆ Be sure each unit is configured with a different LAN IP address.

◆ Be sure that only one unit has an Internet access on its WAN port.

◆ Be sure the DHCP server is enabled only on one unit. When one unit is

providing Internet access, enable the DHCP server on that unit.

OTE

When using WDS Lazy mode in the network, at least one unit must be set to Bridge or Repeater mode.

– 84 –

Page 85

HAPTER

Wireless Distribution System (WDS)

Figure 52: WDS Configuration

| Wireless Configuration

The WDS settings configure WDS related parameters. Up to four MAC addresses can be specified for each unit in the WDS network. WDS links may either be manually configured (Bridge and Repeater modes) or autodiscovered (Lazy mode).

The following items are displayed on this page:

◆ WDS Mode — Selects the WDS mode of the SSID. (Options: Disabled,

Lazy, Bridge, Repeater. Default: Disabled)

■

Disabled: WDS is disabled.

■

Lazy: Operates in an automatic mode that detects and learns WDS peer addresses from received WDS packets, without the need to configure a WDS MAC list entry. This feature allows the wireless 3G Broadband Router to associate with other wireless 3G Broadband Routers in the network and use their WDS MAC list. Lazy mode requires one other wireless 3G Broadband Router within the wireless network that is configured in Bridge or Repeater mode, and has a configured MAC address list.

■

Bridge: Operates as a standard bridge that forwards traffic between WDS links (links that connect to other units in Repeater or Lazy mode). The MAC addresses of WDS peers must be configured on the wireless 3G Broadband Router.

■

Repeater: Operates as a wireless repeater, extending the range for remote wireless clients and connecting them to an AP connected to the wired network. The MAC addresses of WDS peers must be configured on the wireless 3G Broadband Router.

◆ Physical — The radio media coding used on all WDS links. CCK

corresponds to 11b, OFDM corresponds to 11g, and HTMIX corresponds to 11n.

– 85 –

Page 86

◆ Encryption Type — The data encryption used on the WDS link. Be

sure that both ends of a WDS link are configured with the same encryption type and key. (Options: None, WEP, TKIP, AES. Default: None)

◆ Encryption Key — The encryption key for the WDS link. The key type

and length varies depending on the encryption type selected. For WEP, enter 5 alphanumeric characters or 10 hexadecimal digits for 64-bit keys, or 13 alphanumeric characters or 26 hexadecimal digits for 128bit keys. For TKIP or AES, enter a password key phrase of between 8 to 63 ASCII characters, which can include spaces, or specify exactly 64 hexadecimal digits.

◆ AP MAC Address — The MAC address of the other wireless 3G

Broadband Router in the WDS link.

WI-FI PROTECTED SETUP (WPS)

HAPTER

| Wireless Configuration

Wi-Fi Protected Setup (WPS)

Wi-Fi Protected Setup (WPS) is designed to ease installation and activation of security features in wireless networks. WPS has two basic modes of operation, Push-button Configuration (PBC) and Personal Identification Number (PIN). The WPS PIN setup is optional to the PBC setup and provides more security. The WPS button on the wireless 3G Broadband Router can be pressed at any time to allow a single device to easily join the network.

The WPS Settings page includes configuration options for setting WPS device PIN codes and activating the virtual WPS button.

Click on “Wireless Settings,” followed by “WPS”.

Figure 53: Enabling WPS

The following items are displayed on this page:

◆ WPS — Enables WPS, locks security settings, and refreshes WPS

configuration information. (Default: Disabled)

– 86 –

Page 87

Figure 54: WPS Configuration

HAPTER

| Wireless Configuration

Wi-Fi Protected Setup (WPS)

The following items are displayed on this page:

WPS Summary — Provides detailed WPS statistical information.

◆ WPS Current Status — Displays if there is currently any WPS traffic

connecting to the wireless 3G Broadband Router. (Options: Start WSC Process; Idle)

◆ WPS Configured — States if WPS for wireless clients has been

configured for this device.

◆ WPS SSID — The service set identifier for the unit.

◆ WPS Auth Mode — The method of authentication used.

◆ WPS Encryp Type — The encryption type used for the unit.

◆ WPS Default Key Index — Displays the WEP default key (1~4).

◆ WPS Key (ASCII) — Displays the WPS security key (ASCII) which can

be used to ensure the security of the wireless network.

◆ AP PIN — Displays the PIN Code for the wireless 3G Broadband Router.

The default is exclusive for each unit. (Default: 64824901)

– 87 –

Page 88

HAPTER

| Wireless Configuration

Station List

◆ Reset WPS to Default — Resets the WPS settings to factory default

values.

WPS Config — Configures WPS settings for the wireless 3G Broadband Router.

◆ WPS Mode — Selects between methods of broadcasting the WPS

beacon to network clients wanting to join the network:

■

PIN: The wireless 3G Broadband Router, along with other WPS devices, such as notebook PCs, cameras, or phones, all come with their own eight-digit PIN code. When one device, the WPS enrollee, sends a PIN code to the wireless 3G Broadband Router, it becomes the WPS registrar. After configuring PIN-Code information you must press “Apply” to send the beacon, after which you have up to two minutes to activate WPS on devices that need to join the network.

■

PBC: This has the same effect as pressing the physical WPS button that is located on the front of the wireless 3G Broadband Router. After checking this option and clicking “Apply” you have up to two minutes to activate WPS on devices that need to join the network.

STATION LIST

Displays the station information which associated to this wireless 3G Broadband Router.

Figure 55: Station List

– 88 –

Page 89

8 FIREWALL CONFIGURATION

The wireless 3G Broadband Router provides extensive firewall protection by restricting connection parameters to limit the risk of intrusion and defending against a wide array of common hacker attacks.

Firewall Configuration contains the following sections:

◆ “MAC/IP/Port Filtering” on page 89

◆ “Virtual Server Settings (Port Forwarding)” on page 92

◆ “DMZ” on page 93

◆ “System Security” on page 94

◆ “Content Filtering” on page 95

MAC/IP/PORT FILTERING

MAC/IP/Port filtering restricts connection parameters to limit the risk of intrusion and defends against a wide array of common hacker attacks. MAC/IP/Port filtering allows the unit to permit, deny or proxy traffic through its MAC addresses, IP addresses and ports.

The wireless 3G Broadband Router allows you define a sequential list of permit or deny filtering rules (up to 32). This device tests ingress packets against the filter rules one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the packet is either accepted or dropped depending on the default policy setting.

– 89 –

Page 90

Figure 56: MAC/IP/Port Filtering

HAPTER

| Firewall Configuration

MAC/IP/Port Filtering

The following items are displayed on this page:

◆ MAC/IP/Port Filtering — Enables or disables MAC/IP/Port Filtering.

(Default: Disabled)

◆ Default Policy — When MAC/IP/Port Filtering is enabled, the default

policy will be enabled. If you set the default policy to “Dropped”, all incoming packets that don’t match the rules will be dropped. If the policy is set to "Accepted," all incoming packets that don't match the rules are accepted. (Default: Dropped)

◆ MAC Address — Specifies the MAC address to block or allow traffic

from.

◆ Destination IP Address — Specifies the destination IP address to

block or allow traffic from.

◆ Source IP Address — Specifies the source IP address to block or allow

traffic from.

– 90 –

Page 91

HAPTER

| Firewall Configuration

MAC/IP/Port Filtering

◆ Protocol — Specifies the destination port type, TCP, UDP or ICMP.

(Default: None).

◆ Destination Port Range — Specifies the range of destination port to

block traffic from the specified LAN IP address from reaching.

◆ Source Port Range — Specifies the range of source port to block

traffic from the specified LAN IP address from reaching.

◆ Action — Specifies if traffic should be accepted or dropped. (Default:

Accept)

◆ Comment — Enter a useful comment to help identify the filtering rules.

CURRENT FILTER

RULES

The Current Filter Table displays the configured IP addresses and ports that are permitted or denied access to and from the wireless 3G Broadband Router.

◆ Select — Selects a table entry.

◆ MAC Address — Displays a MAC address to filter.

◆ Destination IP Address — Displays the destination IP address.

◆ Source IP Address — Displays the source IP address.

◆ Protocol — Displays the destination port type.

◆ Destination Port Range — Displays the destination port range.

◆ Source Port Range — Displays the source port range.

◆ Action — Displays if the specified traffic is accepted or dropped.

◆ Comment — Displays a useful comment to identify the routing rules.

– 91 –

Page 92

VIRTUAL SERVER SETTINGS (PORT FORWARDING)

Virtual Server (sometimes referred to as Port Forwarding) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. (Maximum 32 entries are allowed.)

Figure 57: Virtual Server

HAPTER

Virtual Server Settings (Port Forwarding)

| Firewall Configuration

The following items are displayed on this page:

◆ Virtual Server Settings — Selects between enabling or disabling port

forwarding the virtual server. (Default: Disabled)

◆ IP Address — Specifies the IP address on the local network to allow

external access.

◆ Port Range — Specifies the port range through which traffic is

forwarded.

◆ Protocol — Specifies a protocol to use for port forwarding, either TCP,

UDP or TCP&UDP.Disabled

◆ Comment — Enter a useful comment to help identify the forwarded

port service on the network.

– 92 –

Page 93

HAPTER

| Firewall Configuration

DMZ

CURRENT VIRTUAL

SERVERS IN SYSTEM

DMZ

The Current Port Forwarding Table displays the entries that are allowed to forward packets through the wireless 3G Broadband Router’s firewall.

◆ No. — The table entry number.

◆ IP Address — Displays an IP address on the local network to allow

external access to.

◆ Port Mapping — Displays the port the server is mapped.

◆ Protocol — Displays the protocol used for forwarding of this port.

◆ Comment — Displays a useful comment to identify the nature of the

port to be forwarded.

Enables a specified host PC on the local network to access the Internet without any firewall protection. Some Internet applications, such as interactive games or video conferencing, may not function properly behind the wireless 3G Broadband Router's firewall. By specifying a Demilitarized Zone (DMZ) host, the PC's TCP ports are completely exposed to the Internet, allowing open two-way communication. The host PC should be assigned a static IP address (which is mapped to its MAC address) and this must be configured as the DMZ IP address.

Figure 58: DMZ

The following items are displayed on this page:

◆ DMZ Settings — Sets the DMZ status. (Default: Disabled)

◆ DMZ IP Address — Specifies an IP address on the local network

allowed unblocked access to the WAN.

– 93 –

Page 94

SYSTEM SECURITY

HAPTER

| Firewall Configuration

System Security

The wireless 3G Broadband Router includes the facility to manage it from a remote location. The unit can also be sent a ping message from a remote location.

Figure 59: System Security

The following items are displayed on this page:

◆ Remote Management — Denies or allows management access to the

wireless 3G Broadband Router through the WAN interface. (Default: Deny)

◆ Ping from WAN Filter — When enabled, the wireless 3G Broadband

Router does not respond to ping packets received on the WAN port. (Default: Disabled)

◆ Stateful Packet Inspection (SPI) — The Stateful Packet Inspection

(SPI) firewall protects your network and computers against attacks and intrusions. A stateful packet firewall looks at packet contents to check if the traffic may involve some type of security risk. (Default: Disabled)

– 94 –

Page 95

CONTENT FILTERING

HAPTER

| Firewall Configuration

Content Filtering

The wireless 3G Broadband Router provides a variety of options for blocking Internet access based on content, URL and host name.

Figure 60: Content Filtering

– 95 –

Page 96

HAPTER

| Firewall Configuration

Content Filtering

The following items are displayed on this page:

Web URL Filter Settings — By filtering inbound Uniform Resource Locators (URLs) the risk of compromising the network can be reduced. URLs are commonly used to point to websites. By specifying a URL or a keyword contained in a URL traffic from that site may be blocked.

◆ Current URL Filters — Displays current URL filter.

◆ Add a URL Filter — Adds a URL filter to the settings. For example,

myhost.example.com.

Web Host Filter Settings — The wireless 3G Broadband Router allows Internet content access to be restricted based on web address keywords and web domains. A domain name is the name of a particular web site. For example, for the address www.FUNGAMES.com, the domain name is FUNGAMES.com. Enter the Keyword then click “Add.”

◆ Current Host Filters — Displays current Host filter.

◆ Add a Host Filter — Enters the keyword for a host filtering.

– 96 –

Page 97

9 ADMINISTRATION SETTINGS

The wireless 3G Broadband Router’s Administration Settings menu provides the same configuration options in both Router and Bridge Mode. These settings allow you to configure a management access password, set the system time, upgrade the system software, display the system status and statistics.

Administration Settings contains the following sections:

◆ “System Management” on page 98

◆ “Time Zone Settings” on page 99

◆ “Green AP Settings” on page 100

◆ “DDNS Settings” on page 100

◆ “Firmware Upgrade” on page 101

◆ “Configuration Settings” on page 102

◆ “System Status” on page 103

◆ “Statistics” on page 105

◆ “DHCP Clients” on page 106

◆ “System Log” on page 107

◆ “3G Budget Status” on page 108

– 97 –

Page 98

SYSTEM MANAGEMENT

The System Management commands allow you to change the language settings displayed in the interface, and change the user password.

Figure 61: System Management

HAPTER

| Administration Settings

System Management

The following items are displayed in the first two sections on this page:

◆ Language Settings — You can change the language displayed in web

interface. Select the language of your choice from the drop-down list, then click “Apply.” (Options: English, Traditional Chinese or Simple Chinese. Default: English)

◆ Web Interface Settings — To protect access to the management

interface, you need to configure a new Administrator’s password as soon as possible. If a new password is not configured, then anyone having access to the wireless 3G Broadband Router may be able to compromise the unit's security by entering the default value.

■

User Name — The name of the user. The user name for access to the unit is fixed as “admin” and cannot be changed.

■

Password — The password for management access. The default password preset for access to the unit is “smcadmin”. (Length: 1-32 characters, case sensitive)

■

Confirm New Password — Prompts you to enter the password again for verification.

– 98 –

Page 99

TIME ZONE SETTINGS

HAPTER

| Administration Settings

Time Zone Settings

The System Management page allows you to manually configure time settings or enable the use of a Simple Network Time Protocol (SNTP) or NTP server.

Figure 62: Time Zone Settings

The following items are displayed in this section on this page:

◆ Current Time — Displays the current system time on the unit.

◆ Sync with host — Updates the unit's time from the web management

PC's system time.

◆ Time Zone — Specifies the time zone in relation to Greenwich Mean

Time (GMT).

◆ Primary/Secondary NTP Server – The IP address or URL of the NTP

server to be used.

– 99 –

Page 100

GREEN AP SETTINGS

HAPTER

| Administration Settings

Green AP Settings

The GreenAP feature is used for reducing the wireless 3G Broadband Router's power consumption. Before setting the Green AP duration, you need to configure the Time Zone Settings first, then choose one of the options from Action drop-down list. The WiFi Tx Power indicates how much antenna power you want to use. Less power means the wireless 3G Broadband Router can only cover a shorter range. The final step is to set the GreenAP duration. For example, you might set the TxPower 25% during your sleeping hours, or TxPower OFF while you are away.

Figure 63: Green AP Settings

DDNS SETTINGS

Dynamic DNS (DDNS) provides users on the Internet with a method to tie a specific domain name to the unit’s dynamically assigned IP address. DDNS allows your domain name to follow your IP address automatically by changing your DNS records when your IP address changes.

The wireless 3G Broadband Router provides access to three DDNS service providers, DynDns.org, Non-IP.com and ZoneEdit.com. To set up an DDNS account, visit the websites of these service providers at www.dyndns.org, www.non-ip.com, or www.zoneedit.com.

Figure 64: DDNS Settings (Router Mode)

– 100 –