Copyright
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of
patents or other rights of third parties which may result from its use. No license is granted
by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right
to change specifications at any time without notice.
The products and programs described in this User Guide are licensed products of SMC. This
User Guide contains proprietary information protected by copyright, and this User Guide and
all accompanying hardware and documentation are copyrighted.
SMC does not warrant that the hardware will work properly in all environments and
applications, and makes no warranty and representation, either implied or expressed, with
respect to the quality, performance, merchantability, or fitness for a particular purpose.
Information in this User Guide is subject to change without notice and does not represent a
commitment on the part of SMC. SMC assumes no responsibility for any inaccuracies that
may be contained in this User Guide.
SMC makes no commitment to update or keep current the information in this User Guide,
and reserves the right to make changes to this User Guide and/or product without notice.
No part of this manual may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or information storage and
retrieval systems, for any purpose other than the purchaser's personal use, without the
express written permission of SMC.
Trademarks
SMC® is a registered trademark; and EZ-Stream, EZ Connect, Barricade and EZ Hub are
trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.
ii
Compliances
FCC - Class B
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
equipment generates, uses and can radiate radio frequency energy and, if not installed and
used in accordance with instructions, may cause harmful interference to radio
communications. However, there is no guarantee that the interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user
is encouraged to try to correct the interference by one or more of the following measures:
• Reorient the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected
• Consult the dealer or an experienced radio/TV technician for help
FCC Caution: To assure continued compliance, (for example - use only shielded interface
cables when connecting to computer or peripheral devices). Any changes or modifications
not expressly approved by the party responsible for compliance could void the user’s
authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cause harmful interference, and (2) this device must
accept any interference received, including interference that may cause undesired
operation.
CAUTION STATEMENT:
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with a minimum distance of 5
centimeters between the radiator and your body. This transmitter must not be co-located or
operating in conjunction with any other antenna or transmitter. Note: In order to maintain
compliance with the limits of a Class B digital device, SMC requires that you use a quality
interface cable when connecting to this device. Changes or modifications not expressly
approved by SMC could void the user’s authority to operate this equipment.
Attach unshielded twisted-pair cable (UTP) to the RJ-45 port and shielded USB cable to the
USB port.
iii
EC Conformance Declaration – Class B
SMC contact for these products in Europe is:
SMC Networks Europe,
Edificio Conata II
Calle Fructuos Gelabert 6-8, 2o, 4a
08970 – Sant Joan Despi
Barcelona, Spain
This equipment complies with the requirements relating to electromagnetic compatibility,
EN 55022/A1 Class B, and EN 50082-1. This meets the essential protection requirements of
the European Council Directive 89/336/EEC on the approximation of the laws of the member
states relation to electromagnetic compatibility.
Important Safety Notices
•Unplug this product from the AC power before cleaning. Do not use liquid cleaners or
aerosol cleaners. Use a dry cloth for cleaning.
•Route the power supply cords so that they are not likely to be walked on or pinched
by items placed upon or against them. Pay particular attention to cords at plugs,
convenience receptacles, and the point where they exit from the product.
•Situate the product away from heat sources such as radiators, heat registers,
stoves, and other products that produce heat.
•To prevent fire or shock hazard, do not expose this unit to rain or moisture. Do not
allow water or any foreign objects to enter the interior. This may cause a fire or
electric shock. In the event that water or other foreign objects get into the product,
immediately unplug the AC adapter from the electrical outlet and contact Customer
Service for inspection and/or repair/replacement options.
•Do not take apart the equipment. This may cause fire, electric shock or other
injuries.
•Do not overload wall outlets and extension cords as this can result in a fire or
electric shock.
•This product is for use with the AC adapter that comes with it. Use with any other AC
power is strongly discouraged as it may cause fire, electric shock, or damage to the
equipment.
8.2 | Tunnel between a SMCBR14VPN and standalone client. 53
8.3 | PPTP/ L2TP configuration example 54
9 | TROUBLESHOOTING 56
9.1 | Questions and Awnsers 59
10 | TECHNICAL SPECIFICATIONS 60
11 | TERMINOLOGY 62
vi
1 | System Requirements
•Internet access from your local telephone company or Internet Service Provider
(ISP) using a DSL modem, cable modem, Dial-Up modem, or ISDN modem
•A PC using a fixed IP address or dynamic IP address assigned via DHCP, as well as a
Gateway server address and DNS server address from your service provider
•A computer equipped with a 10 Mbps, 100 Mbps, or 10/100 Mbps Fast Ethernet card,
or a USB-to-Ethernet converter
• TCP/IP network protocol installed on each PC that needs to access the internet
• A Java-enabled web browser, such as Microsoft Internet Explorer 5.0 or above, or
Netscape Communicator 4.0 or above installed on one PC at your site for configuring
the router.
2 | Equipment Checklist
After unpacking the Barricade™ VPN Cable/DSL Broadband Router, check the contents of
the box to be sure you have received the following components:
• 1 Barricade™ VPN Cable/DSL Broadband Router
• 1 EZ Installation Wizard and Documentation CD
• 1 Ethernet (CAT5-UTP/Straight-Through) Cable
• 1 Power Adapter
• 1 Quick Installation Guide
Immediately inform your dealer in the event of any incorrect, missing or damaged parts. If
possible, please retain the carton and original packing materials in case there is a need to
return the product.
Please register this product and upgrade the product warranty at SMC's Web site:
http://www.smc.com
1
3 | Functions and Features
Broadband Modem and NAT
Router
10/100 Mbps Ethernet Interface Provides a 10/100 Base-TX interface to connect to a DSL
Auto-sensing Ethernet Switch Equipped with a 4/8-port auto-sensing Ethernet switch.
VPN Supported Supports multiple IPSec sessions and has built-in PPTP
Firewall All unwanted packets from outside sources are blocked
DHCP Server Supported All networked computers can retrieve TCP/IP settings
Web-based Configuration Configurable by any networked computer’s Web browser
Network Filter Supported The Packet Filter lets you control access to a network by
Universal Plug and Play (UPnP)
Supported
Virtual Server Supported Lets you make your Website, FTP site, and other services
User Defined Application Sensing
Tunnel
DMZ Host Supported Enables a computer to be fully accessible to the Internet.
SNMP Supported SNMP (Simple Network Management Protocol) is a
System Time Supported Lets you synchronize system time with the network time
Virtual Computers Supported The virtual computer lets you use the original NAT
URL Blocking Supported Lets you block hundreds of Website connections by
Schedule Rule Lets you set a time schedule for different services.
Connects multiple computers to a broadband (cable or
DSL) modem, and/or Ethernet router to access the
Internet.
or cable modem for broadband Internet access.
and L2TP VPN servers.
to protect your intranet.
automatically from this device.
using Netscape or Internet Explorer.
analyzing the incoming and outgoing packets; this lets
you either letting them pass or halt based on the IP
address or the source and destination.
Enables devices such as PCs, routers and printers to be
plugged into a network and ensure automatic recognition.
on your LAN accessible to Internet users.
Lets you define the attributes to support special
applications that require multiple connections like
Internet gaming, video conferencing, Internet telephony,
and so on. This device can sense the application type and
opens a multi-port tunnel for it.
This function is used when the special application sensing
tunnel feature is insufficient to allow an application to
function correctly.
protocol that lets users remotely manage a computer
network by polling and setting terminal values, and
monitoring network events.
server.
feature, which lets you setup the one-to-one mapping of
multiple global and local IP addresses.
simply entering a keyword.
Routing Table Supported Allows you to determine which physical interface address
to use for outgoing IP data grams. If you have more than
one router and subnet, enable the routing table to allow
packets to find the proper routing path and the different
subnets to communicate with each other.
2
4 | Panel Layout
The following figure shows the front panel layout, which is followed by a table describing in
detail the status and function of each LED.
SMCBR14VPN Front Panel
SMCBR18VPN Front Panel
LED Function Color Status Description
Power Power
indicator
M1 System
status
indicator
activity
Link/Act.
1–4/8
Speed
10/100
SMCBR14VPN Rear Panel: 4 LAN, 1 WAN, and 1 COM port
Link status Green
Data rate Green Steady Data is transmitted at 100 Mbps
Green Steady Power is being applied to this
device
Orange Blinking M1 is flashing once every second to
indicate that the system has power
Green
Steady The WAN port is connected WAN Wan port
Blinking The WAN port is sending or
receiving data
Steady An active station is connected to
the LAN port
Blinking The corresponding LAN port is
sending or receiving data
3
SMCBR18VPN Front Panel: 8 LAN, 1 WAN, and 1 COM port
Port Type Description
5 VDC Receptor for power adapter:
5 VDC, 2 A (minimum)
WAN This is the connection for the Ethernet cable to
the Ethernet port on the cable or DSL modem
Port 1–4/8 These are the connections for Ethernet cables to
your Ethernet enabled computers
COM Serial port (connection for an analog modem or
console cable)
5 | Hardware Installation
The router can be placed anywhere in your office or home. No special wiring or cooling
requirements are necessary. However, you should comply with the following guidelines:
• Place your router on a flat, horizontal surface
• Be sure to place your router away from any heating devices
• Avoid dusty and/or humid areas
1) Setup LAN Connection: Connect an Ethernet cable from your computer’s Ethernet
port to one of the LAN ports of the router.
2) Step WAN Connection: Insert one end of the Ethernet cable into the WAN port on
the back panel of your router, and the other end to the cable/DSL modem. You may
connect an analog modem (optional) to function as a backup connection.
3) Power Up: The router automatically enters the self-testing phase once the power
cord is plugged into a wall outlet. When in self-testing phase, the M1 indicator LED
illuminates for about five seconds to indicate proper connection. The M1 LED flashes
twice as soon as the self-testing phase is completed. After the completion of the
self-testing phase, the M1 LED should flash once per second to indicate that the
router is functioning properly.
6 | Network Settings and Software Installation
Default Settings
IP Address 192.168.2.1
Subnet Mask 255.255.255.0
Administrator Password smcadmin
User Password password
4
You must first verify that the TCP/IP communication protocol is properly installed and the
computer is configured to get its IP address via the DHCP Server that is built-into this
router. If you have not previously installed TCP/IP protocols on your client PCs, refer to the
following section.
6.1 | Installing TCP/IP
Windows 95/98/Me
1. Click Start/Settings/Control Panel.
2. Double-click the Network icon and select the Configuration tab in the Network
window.
3. Click the Add button.
4. Double-click Protocol.
5. Select Microsoft in the manufacturers list. Select TCP/IP in the Network Protocols
list. Click the OK button to return to the Network window.
6. The TCP/IP protocol will be listed in the Network window.
7. Click OK. The operating system may prompt you to restart your system. Click Yes
and the computer will shut down and restart.
Windows 2000/XP
1. Click the Start button and choose Settings, then click the Network and Dial-up
Connections icon.
2. Double-click the Local Area Connection icon, and click the Properties button on the
General tab.
3. Click the install button.
4. Double-click Protocol.
5. Choose Internet Protocol (TCP/IP). Click the OK button to return to the Network
window.
6. The TCP/IP protocol will be listed in the Network window. Click OK to complete the
installation procedure.
6.2 | Setting up TCP/IP
Windows 95/98/Me
You may find that the instructions here do not exactly match your version of Windows. This
is because these steps and screenshots were created in Windows 98. Windows 95 and
Windows Millennium Edition are very similar, but not identical, to Windows 98.
1. From the Windows desktop, click Start/Settings/Control Panel.
2. In the Control Panel, locate and double-click the Network icon.
3. On the Network window Configuration tab, double-click the TCP/IP entry for your
network card.
4. Click the IP Address tab.
5. Click the “Obtain an IP address” option.
6. Next click on the Gateway tab and verify the Gateway field is blank. If there are IP
addresses listed in the Gateway section, highlight each one and click Remove until
the section is empty.
7. Click the OK button to close the TCP/IP Properties window.
8.
On the Network Properties Window, click the OK button to save these new settings.
Note: Windows may ask you for the original Windows installation disk or additional
files. Check for the files at c:\windows\options\cabs, or insert your Windows CD-ROM
5
into your CDROM drive and check the correct file location, e.g., D:\win98, D:\win9x.
(if D is the letter of your CD-ROM drive).
9. Windows may prompt you to restart the PC. If so, click the Yes button. If Windows
does not prompt you to restart your computer, do so to insure your settings.
Windows NT
1. From the Windows desktop click Start/Settings/Control Panel.
2. Double-click the Network icon.
3. Click on the Protocols tab.
4. Double-click TCP/IP Protocol.
5. Click on the IP Address tab.
6. In the Adapter drop-down list, be sure your Ethernet adapter is selected.
7. Click on “Obtain an IP address from a DHCP server.”
8. Click OK to close the window.
9. Windows may copy files and will then prompt you to restart your system. Click Yes
and your computer will shut down and restart.
Windows 2000/XP
1. Access your Network settings by clicking Start, then choose Settings and then select
Control Panel.
2. In the Control Panel, locate and double-click the Network and Dial-up Connections
icon.
3. Locate and double-click the Local Area Connection icon for the Ethernet adapter
that is connected to the Router. When the Status dialog box window opens, click the
Properties button.
4. In the Local Area Connection Properties box, verify the box next to Internet Protocol
(TCP/IP) is checked. Then highlight the Internet Protocol (TCP/IP), and click the
Properties button.
5. Select “Obtain an IP address automatically” to configure your computer for DHCP.
Click the OK button to save this change and close the Properties window.
6. Click the OK button again to save these new changes.
7. Reboot your PC.
6.3 | Obtaining an IP Address
Windows 95/98/Me
1. Click Start/Run.
2. Type WINIPCFG and click OK.
3. From the drop-down menu, select your network card. Click Release and then Renew.
Verify that your IP address is now 192.168.2.xxx, your Subnet Mask is 255.255.255.0
and your Default Gateway is 192.168. 2.1. These values confirm that the Router is
functioning. Click OK to close the IP Configuration window.
Windows 2000/XP
1. On the Windows desktop, click Start/Programs/Command Prompt.
2. In the Command Prompt window, type IPCONFIG /RELEASE and press the <ENTER>
key.
3. Type IPCONFIG /RENEW and press the <ENTER> key. Verify that your IP Address is
now 192.168.2.xxx, your Subnet Mask is 255.255.255.0 and your Default Gateway is
192.168.2.254. These values confirm that the Router is functioning
4. Type EXIT and press <ENTER> to close the Command Prompt window.
6
6.4 | Configuring a Macintosh Computer
You may find that the instructions here do not exactly match your screen. This is because
these steps and screen shots were created using Mac OS 10.2. Mac OS 7.x and above are all
very similar, but may not be identical to Mac OS 10.2.
1. Pull down the Apple Menu. Click System Preferences and select Network.
2. Make sure that Built-in Ethernet is selected in the Show field.
3. On the TCP/IP tab, select Using DHCP in the Configure field.
4. Close the TCP/IP dialog box.
6.5 | Verifying Your TCP/IP Connection
After installing the TCP/IP communication protocols and configuring an IP address in the
same network as the Router, use the ping command to check if your computer has
successfully connected to the Router. The following example shows how the ping procedure
can be executed in an MS-DOS window. First, execute the ping command:
ping 192.168.2.1
If a message similar to the following appears:
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
…a communication link between your computer and the Router has been successfully
established.
If you get the following message:
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
…there may be something wrong in your installation procedure.
Check the following items in sequence:
1. Is the Ethernet cable correctly connected between the Router and the computer? The LAN
LED on the Router and the Link LED of the network card on your computer must be on.
2. Is TCP/IP properly configured on your computer? If the IP address of the Router is
192.168.2.1, the IP address of your PC must be from 192.168.2.2 - 254 and the default
gateway must be 192.168.2.1. If you can successfully ping the Router you are now ready to
connect to the Internet!
7
7 | Configuring Your Broadband VPN Router
Before you attempt to log into the web-based Administration, please verify the following.
1. Your browser is configured properly (see below).
2. Disable any firewall or security software that may be running.
3. Confirm that you have a good link LED where your computer is plugged into the
Router. If you don’t have a link light, then try another cable until you get a good link.
7.1 | Browser Configuration
Confirm your browser is configured for a direct connection to the Internet using the
Ethernet cable that is installed in the computer. This is configured through the
options/preference section of your browser.
You will also need to verify that the HTTP Proxy feature of your web browser is disabled.
This is so that your web browser will be able to view the Router configuration pages. The
following steps are for Internet Explorer and for Netscape. Determine which browser you use
and follow the appropriate steps.
Internet Explorer 5 or above (For Windows)
1. Open Internet Explorer. Click Tools, and then select Internet Options.
2. In the Internet Options window, click the Connections tab.
3. Click the LAN Settings button.
4. Clear all the check boxes and click OK to save these LAN settings changes.
5. Click OK again to close the Internet Options window.
Internet Explorer (For Macintosh)
1. Open Internet Explorer. Click Explorer/Preferences.
2. In the Internet Explorer Preferences window, under Network, select Proxies.
3. Uncheck all check boxes and click OK.
7.2 | Web Management
To access the Router’s management interface, enter the Router IP address in your web
browser http://192.168.2.1.
8
Note that there are two different Web user interfaces, one for general users and one for the
system administrator. To log on as an administrator, enter the system password (default
password is smcadmin) and click the LOGIN button. If you typed the password correctly, the
left panel of the Web user interface changes to the administrator configuration mode as
shown in the following figures.
7.3 | Setup Wizard
Time Zone
After logging into the web management, click on SETUP WIZARD on the top left navigation
panel. The first item is Time Zone. For accurate timing of client filtering and log events, you
need to set the time zone. Select your time zone from the drop-down list.
Broadband Type
The following screen lets you select a WAN type. Click one of the five options and then click
[Next].
9
Cable Modem
The cable modem option allows you to configure a host name and MAC Address. The Host
Name is optional, but may be required by some ISPs. The default MAC address is set to the
WAN’s physical interface on the Router. Use this address when registering for Internet
service, and do not change it unless required by your ISP. If your ISP used the MAC address
of an Ethernet card as an identifier when first setting up your broadband account, only
connect the PC with the registered MAC address to the Router and click the Clone MAC
Address button. This will replace the current Router MAC address with the already
registered Ethernet card MAC address. If you are unsure of which PC was originally set up by
the broadband technician, call your ISP and request that they register a new MAC address
for your account. Register the default MAC address of the Router.
10
Fixed-IP xDSL
Some xDSL Internet Service Providers may assign a fixed (static) IP address. If you have
been provided with this information, choose this option and enter the assigned IP address,
gateway IP address, DNS IP addresses, and subnet mask.
PPPoE xDSL
Enter the PPPoE User Name and Password assigned by your Service Provider. The Service
Name is normally optional, but may be required by some service providers. Leave the
Maximum Transmission Unit (MTU) at the default value unless you have a particular reason
to change it. Enter a Maximum Idle Time (in minutes) to define a maximum period of time for
which the Internet connection is maintained during inactivity. If the connection is inactive for
longer than the Maximum Idle Time, it will be dropped. (Default: 10) Configure the Connect
mode option to the desired settings. “Always On Line” signifies that the broadband router
will maintain your Internet connection consistently and automatically connect to the
Internet after any disconnection. “Manual Connect” signifies that the broadband router will
establish an Internet connection only when the administrator logs into the web management
and manually presses the “Connect” button. While using the “Connect On Demand” option, if
the connection is inactive for longer than the Maximum Idle Time, it will be dropped and will
automatically re-establish the connection as soon as you attempt to access the Internet
again.
11
PPTP
Point-to-Point Tunneling Protocol is a common connection method used for xDSL
connections in Europe. It can be used to join different physical networks using the Internet
as an intermediary.
If you have been provided with the information as shown on the screen, enter the assigned IP
address, subnet mask, default gateway IP address, user ID and password, and PPTP
Gateway. Configure the Connect mode option to the desired settings. “Always On Line”
signifies that the broadband router will maintain your Internet connection consistently and
automatically connect to the Internet after any disconnection. “Manual Connect” signifies
that the broadband router will establish an Internet connection only when the administrator
logs into the web management and manually presses the “Connect” button. While using the
“Connect On Demand” option, if the connection is inactive for longer than the Maximum Idle
Time, it will be dropped and will automatically re-establish the connection as soon as you
attempt to access the Internet again.
12
BigPond
If you use the BigPond Internet Service which is available in Australia, enter your username
and password and apply the changes.
L2TP
Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in
Europe. It can be used to join different physical networks using the Internet as an
intermediary.
If you have been provided with the information as shown on the screen, enter the assigned IP
address, subnet mask, default gateway IP address, user ID and password, and L2TP Gateway.
Configure the Connect mode option to the desired settings. “Always On Line” signifies that
the broadband router will maintain your Internet connection consistently and automatically
connect to the Internet after any disconnection. “Manual Connect” signifies that the
broadband router will establish an Internet connection only when the administrator logs into
the web management and manually presses the “Connect” button. While using the “Connect
On Demand” option, if the connection is inactive for longer than the Maximum Idle Time, it
13
will be dropped and will automatically re-establish the connection as soon as you attempt to
access the Internet again.
Dial-Up
Most Dial-up users will select this option to connect to their ISP through an analog dial-up
modem. This feature can be used as a back-up when your broadband connectivity is
unavailable. Enter the phone number, account name and password assigned to you by your
ISP. The baud rate is the communication rate between the broadband router and your
modem. Set this to the desired rate. If you have received DNS addresses from your ISP,
enter them here, otherwise leave these addresses at their default settings. The modem
initialization string setting is most commonly used to optimize the communication quality
between the ISP and your analog dial-up modem. If you are using the dial up modem as a
backup, Enable the “Auto Backup/Failover” option. Configure the Connect mode option to
the desired settings. “Always On Line” signifies that the broadband router will maintain your
Internet connection consistently and automatically connect to the Internet after any
disconnection. “Manual Connect” signifies that the broadband router will establish an
Internet connection only when the administrator logs into the web management and
manually presses the “Connect” button. While using the “Connect On Demand” option, if the
connection is inactive for longer than the Maximum Idle Time, it will be dropped and will
automatically re-establish the connection as soon as you attempt to access the Internet
again.
14
15
7.4 | Advanced Setup – SYSTEM
Time Zone
Use the section below to configure the Barricade's system time. Select your timezone and
configure the daylight savings option based on your location. This information is used for the
time/date parental rules you can configure with the Barricade's Advanced Firewall. This
information is also used for your network logging.
Once you set you time zone, you can automatically update the Barricade's internal clock by
synchronizing with a public time server over the Internet. To configure this setting, choose
one of the options below - each option allows a different method of updating.
16
Loading...
+ 51 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.