Page 1
Broadband Router with built-in
ADSL Modem
◆ Compatible with all leading DSLAMs
◆ Firewall (hacker attack logging, DoS, and client filtering)
◆ Supports DMT line modulation
◆ Four auto-negotiating 10/100 Ethernet ports
◆ Built-in print server
◆ PPTP, L2TP, and IPSec pass through
◆ Multiple user Internet access with a single user account
◆ Supports PPPoE and PPPoA
◆ Plug & Play installation
◆ Web-based management
User Guide
SMC7404BRA EU
Page 2
Page 3
Broadband Router with
built-in ADSL Modem
From SMC’s line of award-winning connectivity solutions
December 2002
Part No: 750.9701, UK 750.9735
Pub No: 150000035400A
Page 4
C
OMPLIANCES
FCC - Class B
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates,
uses and can radiate radio frequency energy and, if not installed and used in accordance with
instructions, may cause harmful interference to radio communications. However, there is no
guarantee that the interference will not occur in a particular installation. If this equipment
does cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
• Reorient the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to
which the receiver is connected
• Consult the dealer or an experienced radio/TV technician for help
Note:
In order to maintain compliance with the limits for a Class B digital device, you are
required to use a quality interface cable when connecting to this device. Changes or
modifications not expressly approved by our company could void the user’s
authority to operate this equipment.
FCC - Part 68
This equipment complies with Part 68 of the FCC rules. This equipment comes with a label
attached to it that contains, among other information, the FCC registration number and
ringer equivalence number (REN) for this equipment. If requested, this information must be
provided to the telephone company.
This equipment uses the following USOC jacks: RJ-11C.
The REN is used to determine the quantity of devices that may be connected to the
telephone line. Excessive RENs on the telephone line may result in the devices not ringing in
response to an incoming call. In most, but not all areas, the sum of the RENs should not
exceed five (5.0.) To be certain of the number of devices that may be connected to the line, as
determined by the total RENs, contact the telephone company to determine the maximum
REN for the calling area.
If this equipment causes harm to the telephone network, the telephone company will notify
you in advance that temporary discontinuance of service may be required. If advance notice is
not practical, the telephone company will notify the customer as soon as possible. Also, you
will be advised of your right to file a complaint with the FCC if you believe it is necessary.
The telephone company may make changes in its facilities, equipment, operations, or
procedures that will provide advance notice in order for you to make the necessary
iii
Page 5
C
OMPLIANCES
modifications in order to maintain uninterrupted service.
If trouble is experienced with this equipment, please contact our company at the numbers
shown on back of this manual for repair and warranty information. If the trouble is causing
harm to the telephone network, the telephone company may request you to remove the
equipment from the network until the problem is resolved.
No repairs may be done by the customer.
This equipment cannot be used on telephone company-provided coin service. Connection to
Party Line Service is subject to state tariffs.
When programming and/or making test calls to emergency numbers:
• Remain on the line and briefly explain to the dispatcher the reason for the call.
• Perform such activities in off-peak hours such as early morning or late evenings.
The Telephone Consumer Protection Act of 1991 makes it unlawful for any person to use a
computer or other electronic device to send any message via a telephone facsimile machine
unless such message clearly contains, in a margin at the top or bottom of each transmitted
page or on the first page of the transmission the date and time it is sent and an identification
of the business, other entity, or individual sending the message and the telephone number of
the sending machine or such business, other entity, or individual.
In order to program this information into your facsimile, refer to your communications
software user manual.
Industry Canada - Class B
This digital apparatus does not exceed the Class B limits for radio noise emissions from
digital apparatus as set out in the interference-causing equipment standard entitled “Digital
Apparatus,” ICES-003 of Industry Canada.
Cet appareil numérique respecte les limites de bruits radioélectriques applicables aux appareils
numériques de Classe B prescrites dans la norme sur le matérial brouilleur: “Appareils
Numériques,” NMB-003 édictée par l’Industrie.
Australia AS/NZS 3548 (1995) - Class B
iv
Page 6
C
OMPLIANCES
EC Conformance Declaration - Class B
This information technology equipment complies with the requirements of the Council
Directive 89/336/EEC on the Approximation of the laws of the Member States relating to
Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain
voltage limits and the Amendment Directive 93/68/EEC. For the evaluation of the
compliance with these Directives, the following standards were applied:
RFI Emission:
Immunity:
LVD:
• Limit class B according to EN 55022:1998
• Limit class B for harmonic current emission according to
EN 61000-3-2/1995
• Limitation of voltage fluctuation and flicker in low-voltage supply
system according to EN 61000-3-3/1995
• Product family standard according to EN 55024:1998
• Electrostatic Discharge according to EN 61000-4-2:1995
(Contact Discharge: ±4 kV, Air Discharge: ±8 kV)
• Radio-frequency electromagnetic field according to EN 61000-4-3:1996
(80 - 1000 MHz with 1 kHz AM 80% Modulation: 3 V/m)
• Electrical fast transient/burst according to EN 61000-4-4:1995 (AC/
DC power supply: ±1 kV, Data/Signal lines: ±0.5 kV)
• Surge immunity test according to EN 61000-4-5:1995
(AC/DC Line to Line: ±1 kV, AC/DC Line to Earth: ±2 kV)
• Immunity to conducted disturbances, Induced by radio-frequency
fields: EN 61000-4-6:1996 (0.15 - 80 MHz with
1 kHz AM 80% Modulation: 3 V/m)
• Power frequency magnetic field immunity test according to
EN 61000-4-8:1993 (1 A/m at frequency 50 Hz)
• Voltage dips, short interruptions and voltage variations immunity test
according to EN 61000-4-11:1994 (>95% Reduction @10 ms, 30%
Reduction @500 ms, >95% Reduction @5000 ms)
• EN 60950 (A1/1992; A2/1993; A3/1993; A4/1995; A11/1997)
v
Page 7
C
OMPLIANCES
vi
Page 8
T
ABLE OF
C
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
About the Barricade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Hardware Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Connect the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Connect the ADSL Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Phone Line Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Connect the Power Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
3 Configuring Client PCs . . . . . . . . . . . . . . . . . . . . . . . . 3-1
TCP/IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
4 Configuring the Barricade . . . . . . . . . . . . . . . . . . . . . . 4-1
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Making Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Internet Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Parameter Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Finish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
PPPoE & PPPoA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Finish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Multiple Protocol over ATM Mode . . . . . . . . . . . . . . . . . . . . . . 4-10
Finish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Advanced Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Making Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
i
Page 9
T
ABLE OF CONTENTS
Password Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
PPPoE (PPP over Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
ISP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Address Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Virtual Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Routing System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
Access Control: Add PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
URL Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Schedule Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
ADSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
5 Configuring Client TCP/IP . . . . . . . . . . . . . . . . . . . . . 5-1
Windows 95/98/Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
ii
Page 10
T
ABLE OF CONTENTS
Obtain IP Settings from Your ADSL Router . . . . . . . . . . . . . . . 5-5
Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Obtain IP Settings from Your Barricade . . . . . . . . . . . . . . . . . . . 5-9
Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Obtain IP Settings from Your Barricade . . . . . . . . . . . . . . . . . . 5-13
Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Obtain IP Settings from Your Barricade . . . . . . . . . . . . . . . . . . 5-17
Configuring Your Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Disable HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
Obtain IP Settings from Your Barricade . . . . . . . . . . . . . . . . . . 5-23
6 Configuring Printer Services . . . . . . . . . . . . . . . . . . . . 6-1
Install the Printer Port Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Configure the Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Configure the Network Printer in Windows 95/98/Me/2000 . 6-4
Configure the Network Printer in Windows NT . . . . . . . . . . . . 6-6
Configure the Network Printer in Unix Systems . . . . . . . . . . . . 6-7
A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
B Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Ethernet Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Wiring Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
RJ-45 Port Ethernet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-2
Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
ADSL Cable Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-4
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4
Wiring Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4
C Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
iii
Page 11
T
ABLE OF CONTENTS
iv
Page 12
C
HAPTER
I
NTRODUCTION
Congratulations on your purchase of the Barricade Broadband Router with
built-in ADSL Modem (SMC7404BRA EU.) We are proud to provide you
with a powerful yet simple communication device for connecting your
local area network (LAN) to the Internet. For those who want to surf the
Internet in the most secure way, this Router provides a convenient and
powerful solution.
About the Barricade
The Barricade provides Internet access to multiple users by sharing a
single-user account. This new technology provides many secure and
cost-effective functions. It is simple to configure and can be up and
running in minutes.
Features and Benefits
1
• Internet connection via an RJ-11 WAN port.
• Local network connection via four 10/100 Mbps Ethernet ports.
• DHCP for dynamic IP configuration, and DNS for domain name
mapping.
• Firewall with Stateful Packet Inspection, client privileges, intrusion
detection, and NAT.
1-1
Page 13
I
NTRODUCTION
• NAT also enables multi-user Internet access via a single user account,
and virtual server functionality (providing protected access to Internet
services such as Web, FTP, e-mail, and Telnet.)
• VPN pass-through (IPSec-ESP Tunnel mode, L2TP, PPTP.)
• User-definable application sensing tunnel supports applications
requiring multiple connections.
• Easy setup through a Web browser on any operating system that
supports TCP/IP.
• Compatible with all popular Internet applications.
1-2
Page 14
Applications
Many advanced networking features are provided by the Barricade:
•Wired LAN
The Barricade provides connectivity to wired 10/100 Mbps devices,
making it easy to create a network in small offices or homes.
• Internet Access
This device supports Internet access through a DSL connection.
Since many DSL providers use PPPoE or PPPoA to establish
communications with end users, the Barricade includes built-in clients
for these protocols, eliminating the need to install these services on
your computer.
• Shared IP Address
The Barricade provides Internet access for up to 253 users via a single
shared IP address. Using only one ISP account, multiple users on your
network can browse the Web at the same time.
A
PPLICATIONS
•Virtual Server
If you have a fixed IP address, you can set the Barricade to act as a
virtual host for network address translation. Remote users access
various services at your site using a constant IP address. Then,
depending on the requested service (or port number), the Barricade
can route the request to the appropriate server (at another internal IP
address.) This secures your network from direct attack by hackers, and
provides more flexible management by allowing you to change
internal IP addresses without affecting outside access to your
network.
1-3
Page 15
I
NTRODUCTION
• DMZ Host Support
Allows a networked computer to be fully exposed to the Internet.
This function is used when NAT and firewall security prevent an
Internet application from functioning correctly.
• Security
The Barricade supports security features that deny Internet access to
specified users, or filter all requests for specific services the
administrator does not want to serve. The Barricade’s firewall also
blocks common hacker attacks, including IP Spoofing, Land Attack,
Ping of Death, IP with zero length, Smurf Attack, UDP port
loopback, Snork Attack, TCP null scan, and TCP SYN flooding.
• Virtual Private Network (VPN)
The Barricade supports three of the most commonly used VPN
protocols – PPTP, L2TP, and IPSec. These protocols allow remote
users to establish a secure connection to their corporate network. If
your service provider supports VPNs, then these protocols can be
used to create an authenticated and encrypted tunnel for passing
secure data over the Internet (i.e., a traditionally shared data network.)
The VPN protocols supported by the Barricade are briefly described
below.
1-4
• Point-to-Point Tunneling Protocol – Provides a secure tunnel for
remote client access to a PPTP security gateway. PPTP includes
provisions for call origination and flow control required by ISPs.
• L2TP merges the best features of PPTP and L2F. Like PPTP,
L2TP requires that the ISP's routers support the protocol.
• IP Security – Provides IP network-layer encryption. IPSec can
support large encryption networks (such as the Internet) by using
digital certificates for device authentication.
Page 16
C
HAPTER
I
NSTALLATION
Before installing the Barricade Broadband Router with built-in ADSL
Modem, verify that you have all the items listed under “Package Contents.”
If any of the items are missing or damaged, contact your local distributor.
Also be sure that you have all the necessary cabling before installing the
Barricade. After installing the Barricade, refer to “Configuring the
Barricade” on page 4-1.
Package Contents
After unpacking the Barricade, check the contents of the box to be sure
you have received the following components:
• Barricade ADSL Router (SMC7404BRA EU)
• Power adapter
2
• One CAT-5 Ethernet cable
• Telephone patch cable
• Documentation CD
•This User Guide
• ADSL service ordering guide
Immediately inform your dealer in the event of any incorrect, missing, or
damaged parts. If possible, please retain the carton and original packing
materials in case there is a need to return the product.
2-1
Page 17
I
NSTALLATION
System Requirements
You must meet the following minimum requirements:
• Internet access from your Internet Service Provider (ISP) using a DSL
modem.
• A PC using a fixed IP address or dynamic IP address assigned via
DHCP, as well as a gateway server address and DNS server address
from your service provider.
• A computer equipped with a 10 Mbps, 100 Mbps, or 10/100 Mbps
Fast Ethernet card, or a USB-to-Ethernet converter.
• TCP/IP network protocols installed on each PC that will access the
Internet.
• A Java-enabled Web browser, such as Microsoft Internet Explorer 4.0
or above or Netscape Communicator 4.0 or above installed on one PC
at your site for configuring the Barricade.
2-2
Page 18
H
ARDWARE DESCRIPTION
Hardware Description
The Barricade contains an integrated DSL modem and connects to the
Internet or to a remote site using its RJ-11 WAN port. It can be connected
directly to your PC or to a local area network using any of the four RJ-45
Fast Ethernet LAN ports.
Access speed to the Internet depends on your service type. Full-rate ADSL
provides up to 8 Mbps downstream and 640 kbps upstream. G.lite (or
splitterless) ADSL provides up to 1.5 Mbps downstream and 512 Kbps
upstream. However, you should note that the actual rate provided by
specific service providers may vary dramatically from these upper limits.
Data passing between devices connected to your local area network can
run at up to 100 Mbps over the Fast Ethernet ports.
The Barricade includes an LED display on the front panel for system
power and port indications that simplifies installation and network
troubleshooting. It also provides the following ports on the rear panel:
Item Description
LAN
Ports
Parallel
printer
port
Reset
Button
Power
Inlet
WAN
Port
Fast Ethernet ports (RJ-45.) Connect devices on your local area
network to these ports (i.e., a PC, hub, or switch.)
One parallel printer port that can be connected to a printer. This
printer can then be shared by all LAN users.
Use this button to reset the power and restore the default factory
settings. To reset without losing configuration settings, see “Reset”
on page 4-55.
Connect the included power adapter to this inlet.
Warning: Using the wrong type of power adapter may cause
damage.
WAN port (RJ-11.) Connect your DSL line to this port.
2-3
Page 19
I
NSTALLATION
LEDs
Verify Status
Check the power and port LED indicators
LED Condition Status
Power On The Barricade is receiving power. Normal
Off Power off or failure.
Ethernet
(4 LEDs)
ADSL Syn On ADSL connection is functioning correctly.
ADSL Data Flashing Send/Receive data.
On Ethernet Link.
Flashing Send/Receive data.
Off No Link.
Flashing Startup.
Off ADSL connection is not established.
Off No data transfering.
.
operation.
2-4
Page 20
C
ONNECT THE SYSTEM
Connect the System
The Barricade can be positioned at any convenient location in your office
or home. No special wiring or cooling requirements are needed. You
should, however, comply with the following guidelines:
• Keep the Barricade away from any heating devices.
• Do not place the Barricade in a dusty or wet environment.
You should also remember to turn off the power, remove the power cord
from the outlet, and keep your hands dry when you install the Barricade.
2-5
Page 21
I
NSTALLATION
Connect the ADSL Line
Run standard telephone cable from the wall jack providing ADSL service
to the WAN port on your Barricade. When inserting an ADSL RJ-11 plug,
be sure the tab on the plug clicks into position to ensure that it is properly
seated. If you are using splitterless ADSL service, be sure you add low-pass
filters between the ADSL wall jack and your telephones. (These filters pass
voice signals through but filter data signals out.)
Phone Line Configuration
Installing a Full-rate Connection
If you are using a full-rate (G.dmt) connection, your service provider will
attach the outside ADSL line to a data/voice splitter. In this case you can
connect your phones and computer directly to the splitter as shown below:
Plain Old
Telephone
System (POTS)
Residential
Connection
Point (NID)
Voice
Data
Figure 2-1. Installing With a Splitter
2-6
Splitter
ADSL Router
or
Ethernet
hub or switch
Page 22
C
ONNECT THE SYSTEM
Installing a Splitterless Connection
If you are using a splitterless (G.lite) connection, then your service
provider will attach the outside ADSL line directly to your phone system.
In this case you can connect your phones and computer directly to the
incoming ADSL line, but you will have to add low-pass filters to your
phones as shown below:
Plain Old
Telephone
System (POTS)
Voice
Residential
Connection
Point (NID)
Voice
& Data
Voice
& Data
Data
Filter
ADSL Router
or
Ethernet
hub or switch
Figure 2-2. Installing Without a Splitter
Attach to Your Network Using Ethernet Cabling
The four LAN ports on the Barricade auto-negotiate the connection speed
to 10 Mbps Ethernet or 100 Mbps Fast Ethernet, as well as the
transmission mode to half-duplex or full-duplex.
Use twisted-pair cabling to connect any of the four LAN ports on the
Barricade to an Ethernet adapter on your PC. Otherwise, cascade any of
the LAN ports on the Barricade to an Ethernet hub or switch, and then
connect your PC or other network equipment to the hub or switch. When
2-7
Page 23
I
NSTALLATION
inserting an RJ-45 connector, be sure the tab on the connector clicks into
position to ensure that it is properly seated.
Warning: Do not plug a phone jack connector into an RJ-45 port. This
may damage the Barricade.
Notes: 1. Use 100-ohm shielded or unshielded twisted-pair cable with
RJ-45 connectors for all Ethernet ports. Use Category 3, 4, or 5
for connections that operate at 10 Mbps, and Category 5 for
connections that operate at 100 Mbps.
Notes: 2. Make sure each twisted-pair cable length does not exceed
100 meters (328 feet.)
Connect the Power Adapter
Plug the power adapter into the power socket on the rear of the Barricade,
and the other end into a power outlet.
Check the power indicator on the front panel is lit. If the power i
not lit, refer to
In case of a power input failure, the Barricade will automatically restart and
begin to operate once the input power is restored.
If the Barricade is properly configured, it will take about 30 seconds to
establish a connection with the ADSL service provider after powering up.
During this time the Sync indicator will flash. After the ADSL connection
has been established, the ADSL Sync LED will stay on.
“Troubleshooting” on page A-1.
2-8
ndicator is
Page 24
C
HAPTER
C
ONFIGURING
TCP/IP Configuration
To access the Internet through the Barricade, you must configure the
network settings of the computers on your LAN to use the same IP subnet
as the Barricade. The default network settings for the Barricade are:
IP Address: 192.168.2.1
Subnet Mask: 255.255.255.0
Note: These settings can be changed to fit your network requirements,
but you must first configure at least one computer as described in
“Configuring Client TCP/IP” on page 5-1 to access the
Barricade’s Web configuration interface in order to make the
required changes. (See “Configuring the Barricade” on page 4-1
for instructions on configuring the Barricade.)
C
LIENT
3
PC
S
3-1
Page 25
C
ONFIGURING CLIENT
PC
S
3-2
Page 26
C
HAPTER
C
ONFIGURING THE
B
ARRICADE
After you have configured TCP/IP on a client computer, use a Web
browser to configure the Barricade. The Barricade can be configured by
any Java-supported browser including Internet Explorer 4.0 or above, or
Netscape Navigator 4.0 or above. Using the Web management interface,
you may configure the Barricade and view statistics to monitor network
activity.
To access the Barricade’s management interface, enter the IP address of
the Barricade in your web browser:
http://192.168.2.1
(the Barricade automatically switches to
Port 88 for management access.) Then
click “LOGIN” (by default, there is no
password.)
4
Note: For some browsers it may be
necessary to include “:88” after
the management IP address. For example,
http://192.168.2.1:88
4-1
Page 27
C
ONFIGURING THE BARRICADE
Navigating the Web Browser Interface
The Barricade’s management interface consists of a Setup Wizard and an
Advanced Setup section.
Setup Wizard: Use the Setup Wizard if you want to quickly setup the
Barricade. Go to “Setup Wizard” on page 4-3.
Advanced Setup: Advanced Setup supports more advanced functions like
hacker attack detection, IP and MAC address filtering, virtual server setup,
virtual DMZ host, as well as other functions. Go to “Advanced Setup” on
page 4-13.
Making Configuration Changes
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click the
“Apply” or “Next” button at the bottom of the page to enable the new
setting.
Note: To ensure proper screen refresh after a command entry, be sure
that Internet Explorer 5.0 is configured as follows: Under the
menu “Tools/Internet Options/General/Temporary Internet
Files/Settings,” the setting for “Check for newer versions of
stored pages” should be “Every visit to the page.”
4-2
Page 28
S
Setup Wizard
Time Zone
Click on “Setup Wizard.” The first item in the Setup Wizard is Time Zone
setup.
For accurate timing of log entries and system events, you need to set the
time zone. Select your time zone from the dropdown list.
ETUP WIZARD
If your area requires it, check to enable the clock for daylight saving
changes, and enter the Daylight Saving Time start and end dates for your
location.
4-3
Page 29
C
ONFIGURING THE BARRICADE
Internet Sharing
Select the operation mode. Go to “PPPoE & PPPoA” on page 4-7 if you
will use either of these modes, and go to “Multiple Protocol over ATM
Mode” on page 4-10 if you will use multiple protocol routing mode.
4-4
Page 30
Parameter Setting
Parameter Description
VPI/VCI Data flows are broken up into fixed length cells,
each of which contains a Virtual Path Identifier
(VPI) that identifies the path between two nodes,
and a Virtual Circuit Identifier (VCI) that identifies
the data channel within that virtual path. Each
virtual circuit maintains a constant flow of cells
between the two end points. When there is no data
to transmit, empty cells are sent. And when data
needs to be transmitted, it is immediately inserted
into the cell flows.
S
ETUP WIZARD
4-5
Page 31
C
ONFIGURING THE BARRICADE
Finish
Parameter Description
Protocol Indicates the protocol used.
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit
AAL5 Encapsulation Shows the packet encapsulation type.
Identifier (VCI.)
Your Barricade is now setup. Go to “Troubleshooting” on page A-1 if you
cannot make a connection to the Internet.
4-6
Page 32
PPPoE & PPPoA
Parameter Description
Username Enter the ISP assigned username.
Password Enter your password.
Retype Password Confirm the password.
DNS Enter a domain name server IP address.
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit
Identifier (VCI.)
Data flows are broken up into fixed length cells,
each of which contains a Virtual Path Identifier
(VPI) that identifies the path between two nodes,
and a Virtual Circuit Identifier (VCI) that identifies
the data channel within that virtual path. Each
virtual circuit maintains a constant flow of cells
between the two end points. When there is no data
to transmit, empty cells are sent. And when data
needs to be transmitted, it is immediately inserted
into the cell flows.
S
ETUP WIZARD
4-7
Page 33
C
ONFIGURING THE BARRICADE
Finish
Parameter Description
ADSL Operation Mode
(WAN)
Protocol Indicates the protocol used
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit
AAL5 Encapsulation Shows the packet encapsulation type.
Identifier (VCI.)
4-8
ISP Parameters
Username The ISP assigned username.
Password The password (hidden.)
Page 34
S
ETUP WIZARD
Parameter Description
DHCP Parameters
Default Gateway The default gateway IP address. If the Barricade
Subnet Mask The network subnet mask.
Name Server 1 Primary name server IP address.
Name Server 2 Alternate name server IP address.
Name Server 3 Alternate name server IP address.
Start IP Address Start IP Address of DHCP assigned IP addresses.
Number of IP Number of IPs available for assignment by the
cannot find the destination address within its local
network, it will forward the packets to the Default
Gateway (usually your ISP will supply this address)
DHCP server.
Your Barricade is now setup. Go to “Troubleshooting” on page A-1 if you
cannot make a connection to the Internet.
4-9
Page 35
C
ONFIGURING THE BARRICADE
Multiple Protocol over ATM Mode
Parameter Description
DNS Enter a domain name server IP address.
WAN IP Enter an IP Address for the Barricade WAN interface.
Subnet Mask Enter a subnet mask.
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit Identifier
(VCI.)
Data flows are broken up into fixed length cells, each of which
contains a Virtual Path Identifier (VPI) that identifies the path
between two nodes, and a Virtual Circuit Identifier (VCI) that
identifies the data channel within that virtual path. Each virtual
circuit maintains a constant flow of cells between the two end
points. When there is no data to transmit, empty cells are sent.
And when data needs to be transmitted, it is immediately
inserted into the cell flows.
Default Gateway Enter a default gateway IP address. If the Barricade cannot find
the destination address within its local network, it will forward
the packets to the Default Gateway (usually your ISP will
supply this address.)
4-10
Page 36
Finish
Parameter Description
ADSL Operation Mode
(WAN)
Protocol Indicates the protocol used
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit
AAL5 Encapsulation Shows the packet encapsulation type.
Identifier (VCI.)
S
ETUP WIZARD
Network Layer Parameters
(WAN)
IP Address Shows the WAN IP address.
Subnet Mask Shows the WAN Subnet Mask.
Default Gateway Shows the WAN Default Gateway.
4-11
Page 37
C
ONFIGURING THE BARRICADE
Parameter Description
DHCP Parameters
Default Gateway The default gateway IP address. If the Barricade
Subnet Mask The network subnet mask.
Name Server 1 Primary name server IP address.
Name Server 2 Alternate name server IP address.
Name Server 3 Alternate name server IP address.
Start IP Address Start IP Address of DHCP assigned IP addresses.
Number of IP Number of IPs available for assignment by the
cannot find the destination address within its local
network, it will forward the packets to the Default
Gateway (usually your ISP will supply this
address.)
DHCP server.
Your Barricade is now setup. Go to “Troubleshooting” on page A-1 if you
cannot make a connection to the Internet.
4-12
Page 38
A
DVANCED SETUP
Advanced Setup
Clicking “Advanced Setup” displays the main menu on the left-hand side
of the screen and descriptive information on the right-hand side. The Main
Menu links are used to navigate to other menus that display configuration
parameters and statistics.
Navigating the Web Browser Interface
The Barricade’s advanced management interface contains ten main menu
items – System, WAN, LAN, NAT, Routing system, Firewall, SNMP,
ADSL, Tools, and Status.
4-13
Page 39
C
ONFIGURING THE BARRICADE
The following table briefly describes the “Advanced Setup” menu items.
Menu Description
System Sets the local time zone, the password for
administrator access, the IP address of a PC that
will be allowed to manage the Barricade remotely,
and the IP address of a domain name server.
WAN Specifies the Internet connection settings.
LAN Sets the TCP/IP configuration for the Barricade
NAT Shares a single ISP account with multiple users,
Routing system Sets routing parameters and displays the current
Firewall Configures a variety of security and specialized
SNMP Community string and trap server setting.
ADSL Sets the ADSL operation type and shows the
Tools Contains options to backup & restore the current
Status Provides WAN connection type and status,
LAN interface and DHCP clients.
sets up virtual servers.
routing table.
functions including: Access Control, URL
blocking, Internet access control scheduling,
Intruder detection, and DMZ.
ADSL status.
configuration, restore all configuration settings to
the factory defaults, update system firmware, or
reset the system.
firmware and hardware version numbers, system
IP settings, as well as DHCP, NAT, Firewall info.
Displays the number of attached clients, the
firmware versions, the physical MAC address for
each media interface, and the hardware version
and serial number.
Shows the security and DHCP client log.
4-14
Page 40
M
AKING CONFIGURATION CHANGES
Making Configuration Changes
Configurable parameters have a dialog box or a drop-down list.
Once a configuration change has been made on a page, be sure to
click the “APPLY” or “NEXT” button at the bottom of the page
to make the new settings active.
Note: To ensure proper screen refresh after a command entry, check that
Internet Explorer 5.0 is configured as follows: Under the menu
“Tools/Internet Options/General/Temporary Internet Files/
Settings,” the setting for “Check for newer versions of stored
pages” should be “Every visit to the page.”
4-15
Page 41
C
ONFIGURING THE BARRICADE
System Settings
Time Zone
Set your local time zone. This information is used for log entries and client
filtering.
4-16
Page 42
S
YSTEM SETTINGS
Password Settings
Use this page to restrict access based on a password. By default, there is no
password. For security you should assign one before exposing the
Barricade to the Internet.
Passwords can contain from 3–12 alphanumeric characters and are not
case sensitive.
Note: If your password is lost, or you cannot gain access to the user
interface, press the reset button (colored blue) on the rear panel
(holding it down for at least five seconds) to restore the factory
defaults. (Default is no password.)
4-17
Page 43
C
ONFIGURING THE BARRICADE
Remote Management
By default, management access is only available to users on your local
network. However, you can also manage the Barricade from a remote host
by entering the IP address of a remote computer on this screen. Check the
“Enabled” box to enable this function.
Note: If you check “Enable” and specify an IP address of 0.0.0.0, any
host can manage the Barricade.
4-18
Page 44
DNS
Domain Name Servers are used to map a domain name
(e.g., www.smc.com) to the equivalent numerical IP address
(e.g., 64.147.25.20.) Your ISP should provide the IP address of one or
more domain name servers. Enter those addresses on this page.
S
YSTEM SETTINGS
4-19
Page 45
C
ONFIGURING THE BARRICADE
WAN
PPPoE (PPP over Ethernet)
Parameter Description
Enable/Disable Enables/Disables the PPPoE Interface.
IP Address If your IP address is assigned by the ISP each time
you connect, leave this field all zeros. Otherwise,
enter your ISP supplied static IP address here.
Subnet Mask If your subnet mask is assigned by the ISP each
time you connect, leave this field all zeros.
Otherwise, enter your subnet mask here.
4-20
Page 46
WAN
Parameter Description
VPI/VCI Virtual Path Identifier (VPI) and Virtual Circuit
Identifier (VCI.)
Data flows are broken up into fixed length cells,
each of which contains a Virtual Path Identifier
(VPI) that identifies the path between two nodes,
and a Virtual Circuit Identifier (VCI) that
identifies the data channel within that virtual path.
Each virtual circuit maintains a constant flow of
cells between the two end points. When there is
no data to transmit, empty cells are sent. When
data needs to be transmitted, it is immediately
inserted into the cell flows.
Encapsulation Specifies how to handle multiple protocols at the
ATM transport layer.
• VC-MUX. Point to Point Protocol over
ATM Virtual Circuit Multiplexer (null
encapsulation) allows only one protocol
running per virtual circuit with less
overhead.
• LLC. Point to Point Protocol over ATM
Logical Link Control allows multiple
protocols running over one virtual circuit
(uses slightly more overhead.)
Idle Time (Minute) Enter the maximum idle time for the Internet
ISP Name Choose the ISP to whom this connection will
connection. After this time has been exceeded the
connection will be terminated.
apply.
4-21
Page 47
C
ONFIGURING THE BARRICADE
ATM
Parameter Description
Protocol • Disable: Disables the connection.
• 1483 Bridging: Bridging is a standardized layer 2 technology.
It is typically used in corporate networks to extend the
physical reach of a single LAN segment and increase the
number of stations on a LAN without compromising
performance. Bridged data is encapsulated using the
RFC1483 protocol to enable data transport.
4-22
• PPPoA: Point-to-Point Protocol over ATM is a method of
encapsulating data for transmission to a far point.
• 1483 Routing: 1483 Routing allows a simple, low cost
connection to the Internet via a standard 10BASE-T port.
The router looks up the network address for each packet
seen on the LAN port. If the address is listed in the routing
table as local, it is filtered. If the address is listed under the
ADSL port, it is forwarded. Or if the address is not found,
then it is automatically forwarded to the default router (i.e.,
the ADSL router at the head end.)
IP Address IP address of the ATM interface.
Subnet Mask Subnet mask of the ATM interface.
Page 48
Parameter Description
VPI/VCI Virtual Path Indicator: Each connection must have a unique pair
EncapsulationSpecifies how to handle multiple protocols at the ATM transport
ISP
WAN
of VPI/VCI settings.
Virtual Channel Indicator: Each connection must have a unique
pair of VPI/VCI settings.
layer.
• VC-MUX. Point to Point Protocol over ATM Virtual
Circuit Multiplexer (null encapsulation) allows only one
protocol running per virtual circuit with less overhead.
• LLC. Point to Point Protocol over ATM Logical Link
Control allows multiple protocols running over one virtual
circuit with a little bit more overhead.
Enter the Internet Service Provider name, username, and password for
each ISP connection you have.
4-23
Page 49
C
ONFIGURING THE BARRICADE
LAN
Parameter Description
LAN IP
IP Address The IP address of the Barricade.
IP Subnet Mask Virtual Path Identifier (VPI) and Virtual Circuit
DHCP Server To dynamically assign an IP address to client PCs,
Lease Time Set the DHCP lease time.
Identifier (VCI.)
enable the DHCP (Dynamic Host Configuration
Protocol) Server.
4-24
Page 50
LAN
Parameter Description
IP Address Pool
Start IP Address Specify the start IP address of the DHCP pool. Do
End IP Address Specify the end IP address of the DHCP pool.
Domain Name If your network uses a domain name, enter it here.
Remember to configure your client PCs for dynamic address allocation
(See “Configuring Client PCs” on page 3-1 for details.)
not include the gateway address of the Barricade in
the client address pool. If you change the pool
range, make sure the first three octets match the
gateway’s IP address, i.e., 192.168.2.xxx.
otherwise leave this field blank
4-25
Page 51
C
ONFIGURING THE BARRICADE
NAT
Some applications require multiple connections, such as Internet gaming,
videoconferencing, Internet telephony, and others. These applications may
not work when Network Address Translation (NAT) is enabled. If you
need to run applications that require multiple connections, use these pages
to specify the additional public ports to be opened for each application.
4-26
Page 52
Address Mapping
NAT
Use “Address Mapping” to allow a limited number of public IP addresses
to be translated into multiple private IP addresses for use on the internal
LAN network. This also hides the internal network for increased privacy
and security.
4-27
Page 53
C
ONFIGURING THE BARRICADE
Virtual Server
If you configure the Barricade as a virtual server, remote users accessing
services such as Web or FTP at your local site via public IP addresses can
be automatically redirected to local servers configured with private IP
4-28
Page 54
NAT
addresses. In other words, depending on the requested service (TCP/UDP
port number), the Barricade redirects the external service request to the
appropriate server (located at another internal IP address.)
For example, if you set Type/Public Port to TCP/80 (HTTP or Web) and
the Private IP/Port to 192.168.2.2/80, then all HTTP requests from
outside users will be transferred to 192.168.2.2 on port 80. Therefore, by
just entering the IP Address provided by the ISP, Internet users can access
the service they need at the local address to which you redirect them.
The more common TCP service ports include:
HTTP: 80, FTP: 21, Telnet: 23, and POP3: 110.
Note: The WAN interface should have a fixed IP address to best utilize
this function. If your ISP only provides dynamic IP addresses, a
search for “free dynamic IP” on any major search engine will turn
up tools that will allow you to use the same domain name even
though your IP address changes each time you log in to the ISP.
4-29
Page 55
C
ONFIGURING THE BARRICADE
Routing System
These pages define routing related parameters, including static routes and
RIP (Routing Information Protocol) parameters.
Static Route
Parameter Description
Index Check the box of the route you wish to delete or
modify.
Network Address Enter the IP address of the remote computer you
wish to set a static route to.
Subnet Mask Enter the subnet mask of the remote network you
wish to set a static route to.
Gateway Enter the WAN IP address of the gateway to the
remote network.
Click “Add” to add a new static route to the list, or check the box of an
already entered route and click “Modify.” Clicking “Delete” will remove an
entry from the list.
4-30
Page 56
R
RIP
Parameter Description
Interface The WAN interface to be configured.
Operation Mode Disable: RIP disabled on this interface.
Enable: RIP enabled on this interface.
Silent: Listens for route broadcasts and updates
its route table. It does not participate in sending
route broadcasts.
Version Sets the RIP (Routing Information Protocol)
version to use on this interface.
Poison Reverse A poison reverse is a way in which a router tells its
neighbor routers that one of the routers is no
longer connected.
OUTING SYSTEM
4-31
Page 57
C
ONFIGURING THE BARRICADE
Parameter Description
Authentication Required • None: No authentication.
• Password: A password authentication key is
included in the packet. If this does not
match what is expected, the packet will be
discarded. This method provides very little
security as it is possible to learn the
authentication key by watching RIP packets.
MD5: MD5 is an algorithm that is used to verify
data integrity through the creation of a 128-bit
message digest from data input (which may be a
message of any length) that is claimed to be as
unique to that specific data as a fingerprint is to a
specific individual.
Authentication Code Password or MD5 Authentication key.
RIP sends routing-update messages at regular intervals and when the
network topology changes. When a router receives a routing update that
includes changes to an entry, it updates its routing table to reflect the new
route. RIP routers maintain only the best route to a destination. After
updating its routing table, the router immediately begins transmitting
routing updates to inform other network routers of the change.
4-32
Page 58
R
OUTING SYSTEM
Routing Table
Parameter Description
Flags Indicates the route status:
C = Direct connection on the same subnet.
S = Static route.
R = RIP (Routing Information Protocol) assigned route.
I = ICMP (Internet Control Message Protocol) Redirect route.
Network
Address
Netmask The subnetwork associated with the destination.
Gateway The IP address of the router at the next hop to which matching frames
Interface The local interface through which the next hop of this route is reached.
Metric When a router receives a routing update that contains a new or
Destination IP address.
This is a template that identifies the address bits in the destination
address used for routing to specific subnets. Each bit that corresponds
to a “1” is part of the network/ subnet number; each bit that
corresponds to “0” is part of the host number.
are forwarded.
changed destination network entry, the router adds 1 to the metric
value indicated in the update and enters the network in the routing
table.
Note: Most modern routers support RIP-2 so there is usually no need for
a static route table.
4-33
Page 59
C
ONFIGURING THE BARRICADE
Firewall
The Barricade’s firewall enables access control of client PCs, blocks
common hacker attacks, including IP Spoofing, Land Attack, Ping of
Death, IP with zero length, Smurf Attack, UDP port loopback, Snork
Attack, TCP null scan, and TCP SYN flooding. The firewall does not
significantly affect system performance and we advise leaving it enabled to
protect your network.
Note: When you check a radio button in the “Enable or disable Firewall
module function” field, be sure to click the “APPLY” button.
4-34
Page 60
Access Control
F
IREWALL
Access Control allows users to define the outgoing traffic permitted or
4-35
Page 61
C
ONFIGURING THE BARRICADE
not-permitted through the WAN interface. The default is to permit all
outgoing traffic. (See the following page for details.)
The Barricade can also limit the access of hosts within the local area
network (LAN.) The MAC Filtering Table allows the Barricade to enter up
to 32 MAC addresses that are not allowed access to the WAN port.
The following items are on the “Access Control” screen:
Parameter Description
Normal Filtering Table Displays the IP address (or an IP address range)
MAC Filtering Table Displays the MAC (Media Access Control)
Note: Click “Add PC” and define the appropriate settings for client PC
filtering table.
address filtering table.
services. (As shown on the following screen.)
4-36
Page 62
Access Control: Add PC
F
IREWALL
4-37
Page 63
C
ONFIGURING THE BARRICADE
URL Blocking
The Barricade allows the user to block access to Web sites from a
particular PC by entering either a full URL address or just a keyword. This
feature can be used to protect children from accessing violent or
pornographic web sites.
4-38
Page 64
Schedule Rule
You may filter Internet access for local clients based on rules.
Each access control rule may be activated at a scheduled time. Define the
schedule on the “Schedule Rule” page, and apply the rule on the “Access
Control” page.
F
IREWALL
1. Click “Add Schedule Rule.”
2. Define the appropriate settings for a schedule rule. (As shown on the
following screen.)
4-39
Page 65
C
ONFIGURING THE BARRICADE
3. Click “OK” and then click “APPLY” to save your settings.)
4-40
Page 66
Intrusion Detection
F
IREWALL
4-41
Page 67
C
ONFIGURING THE BARRICADE
The Barricade’s firewall inspects packets at the application layer, maintains
TCP and UDP session information including timeouts and number of
active sessions, and provides the ability to detect and prevent certain types
of network attacks such as DoS attacks.
Network attacks that deny access to a network device are called
Denial-of-Service (DoS) attacks. Denial of Service (DoS) attacks are aimed
at devices and networks with a connection to the Internet. Their goal is
not to steal information, but to disable a device or network so users no
longer have access to network resources.
The Barricade protects against the following DoS attacks: Ping of Death
(Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork
Attack etc.
Note: The firewall does not significantly affect system performance, so
we advise enabling the prevention features to protect your
network.
Parameter Defaults Description
Enable SPI and
Anti-DoS firewall
protection
Yes The Intrusion Detection feature of the Barricade
4-42
limits the access of the incoming traffic at the
WAN port. When the SPI feature is turned on,
all incoming packets are blocked except those
types marked with a check in the Stateful Packet
Inspection section at the top of the screen.
Page 68
Parameter Defaults Description
Stateful Packet
Inspection
This option allows you to select different
application types that are using dynamic port
numbers. If you wish to use Stateful Packet
Inspection (SPI) for blocking packets, click on
the “Yes” radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then
check the inspection type that you need, such as
Packet Fragmentation, TCP Connection, UDP
Session, FTP Service, H.323 Service, and TFTP
Service.
It is called a “stateful” packet inspection because
it examines the contents of the packet to
determine what the state of the communication
is, i.e. it ensures that the stated destination
computer has previously requested the current
communication. This is a way of ensuring that all
communications are initiated by the recipient
computer and are taking place only with sources
that are known and trusted from previous
interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection
firewalls also close off ports until connection to
the specific port is requested.
When particular types of traffic are checked, only
the particular type of traffic initiated from the
Internal LAN will be allowed. For example, if the
user only checks “FTP Service” in the Stateful
Packet Inspection section, all incoming traffic
will be blocked except FTP connections initiated
from the local LAN.
F
IREWALL
Hacker Prevention
Feature
Discard Ping
from WAN
Discard Prevents a PING on the Gateway’s WAN port
from being routed to the network.
4-43
Page 69
C
ONFIGURING THE BARRICADE
Parameter Defaults Description
RIP Defect Enabled If an IPX RIP request packet is not replied to by
When hackers
attempt to enter
your network, we
can alert you by
e-mail
Your E-Mail
Address
SMTP Server
Address
POP3 Server
Address
User Name Enter your email account user name.
Password Enter your email account password.
Connection Policy
Fragmentation
half-open wait
TCP SYN wait 30 sec Defines how long the software will wait for a
TCP FIN wait 5 sec Specifies how long a TCP session will be
TCP connection
idle timeout
UDP session
idle timeout
10 sec Configures the number of seconds that a packet
3600 seconds
(1 hour)
30 sec The length of time for which a UDP session will
the router, it will stay in the input queue and not
be released. Accumulated packets could cause
the input queue to fill, causing severe problems
for all protocols. Enabling this feature prevents
the packets accumulating.
Enter your e-mail address.
Enter your SMTP server address (usually the part
of the e-mail address following the “@” sign.)
Enter your POP3 server address (usually the part
of the e-mail address following the “@” sign.)
state structure remains active. When the timeout
value expires, the router drops the unassembled
packet, freeing that structure for use by another
packet.
TCP session to reach an established state before
dropping the session.
managed after the firewall detects a
FIN-exchange.
The length of time for which a TCP session will
be managed if there is no activity.
be managed if there is no activity.
4-44
Page 70
Parameter Defaults Description
H.323 data
channel idle
timeout
DoS Detect
Criteria
Total
incomplete
TCP/UDP
sessions HIGH
Total
incomplete
TCP/UDP
sessions LOW
Incomplete
TCP/UDP
sessions (per
min) HIGH
Incomplete
TCP/UDP
sessions (per
min) LOW
Maximum
incomplete
TCP/UDP
sessions number
from same host
Incomplete
TCP/UDP
sessions detect
sensitive time
period
Maximum
half-open
fragmentation
packet number
from same host
Half-open
fragmentation
detect sensitive
time period
Flooding cracker
block time
180 sec The length of time for which an H.323 session
will be managed if there is no activity.
300 sessions Defines the rate of new unestablished sessions
that will cause the software to start deleting
half-open sessions.
250 sessions Defines the rate of new unestablished sessions
that will cause the software to stop deleting
half-open sessions.
250 sessions Maximum number of allowed incomplete TCP/
UDP sessions per min.
200 sessions Set this to 0 as no minimum setting is required
and setting it to anything higher will adversly
affect performance.
10 Maximum number of incomplete TCP/UDP
sessions from the same host.
300 m sec Lengt h of time be fore a n incomple te TCP /UDP
session is detected as incomplete.
30 Maximum number of half-open fragmentation
packets from the same host.
10000 msec Length of time before a half-open fragmentation
session is detected as half-open.
300 sec Length of time from detecting a flood attack to
blocking of the attack.
F
IREWALL
4-45
Page 71
C
ONFIGURING THE BARRICADE
DMZ
If you have a client PC that cannot run an Internet application properly
from behind the firewall, you can open the client up to unrestricted
two-way Internet access. Enter the IP address of a DMZ (Demilitarized
Zone) host on this screen. Adding a client to the DMZ may expose your
local network to a variety of security risks, so only use this option as a last
resort.
4-46
Page 72
SNMP
Community
Use the SNMP configuration screen to display and modify parameters for
the Simple Network Management Protocol (SNMP.) A computer attached
to the network, called a Network Management Station (NMS), can be used
to access this information. Access rights to the agent are controlled by
community strings. To communicate with the Barricade, the NMS must
first submit a valid community string for authentication.
SNMP
Parameter Description
Community A community name authorized for management
access.
Access Management access is restricted to Read only
(Read) or Read/Write (Write.)
Valid Enables/disables the entry.
Note: Up to 5 community names may be entered.
4-47
Page 73
C
ONFIGURING THE BARRICADE
Trap
Parameter Description
IP Address Traps are sent to this address when errors or
specific events occur on the network.
Community A community string (password) specified for trap
management. Enter a word, something other than
public or private, to prevent unauthorized
individuals from reading information on your
system.
Version Sets the trap status to disabled, or enabled with
V1 or V2c.
The v2c protocol was proposed in late 1995 and
includes enhancements to v1 that are universally
accepted. These include a get-bulk command to
reduce network management traffic when
retrieving a sequence of MIB variables, and a
more elaborate set of error codes for improved
reporting to a Network Management Station.
4-48
Page 74
ADSL
Parameters
Parameter Description
Operation Mode • Automatic
Address 3C etc. Reserved.
ADSL
• ETSI DTS/TM-06006 standard.
•G.992.1 standard
4-49
Page 75
C
ONFIGURING THE BARRICADE
Status
4-50
Page 76
Parameter Description
Status
Line Status Shows the current status of the ADSL line.
Data Rate
Upstream Actual and maximum upstream data rate.
Downstream Actual and maximum downstream data rate.
Operation Data/
Defect Indication
Noise Margin
Upstream: Minimum noise margin upstream.
Downstream: Minimum noise margin downstream.
Output Power Maximum fluctuation in the output power.
Attenuation
Upstream: Maximum reduction in the strength of the upstream
Downstream: Maximum reduction in the strength of the downstream
Fast Path FEC
Correction
Interleaved Path
FEC Correction
Fast Path CRC
Error
Interleaved Path
CRC Error
signal.
signal.
There are two latency paths that may be used: fast and
interleaved. For either path a forward error correction
(FEC) scheme is employed to ensure higher data
integrity. For maximum noise immunity, an interleaver
may be used to supplement FEC.
An interleaver is basically a buffer used to introduce a
delay, allowing for additional error correction techniques
to handle noise. Interleaving slows the data flow and may
not be optimal for real time signals such as video
transmission.
Indicates the number of Fast Path Cyclic Redundancy
Check errors.
Indicates the number of Interleaved Path Cyclic
Redundancy Check errors.
ADSL
4-51
Page 77
C
ONFIGURING THE BARRICADE
Parameter Description
Loss of Signal
Defect
Loss of Frame
Defect
Loss of Power
Defect
Fast Path HEC
Error
Interleaved Path
HEC Error
Statistics Superframes represent the highest level of data
Received
Superframes
Interleaved
Transmitted
Superframes
Interleaved
Received
Superframes Fast
Transmitted
Superframes Fast
Momentary signal discontinuities.
Failures due to loss of frames.
Failures due to loss of power.
Fast Path Header Error Concealment errors.
Interleaved Path Header Error Concealment errors.
presentation. Each superframe contains regular ADSL
frames, one of which is used to provide superframe
synchronization, identifying the start of a superframe.
Some of the remaining frames are also used for special
functions.
Number of interleaved Superframes received.
Number of interleaved Superframes transmitted.
Number of fast Superframes received.
Number of fast Superframes transmitted.
4-52
Page 78
Tools
Use the “Tools” menu to backup the current settings, to restore previously
saved settings, or restore the factory default settings.
Configuration Tools
T
OOLS
Check “Backup” and click “More Configuration” to save your Barricade’s
configuration to a file named config.bin on your PC. You can then check
the “Restore” radio button and click “More Configuration” to restore the
saved backup configuration file.
To restore the factory settings, check “Restore to Factory Defaults” and
click “More Configuration.” You will be asked to confirm your decision.
4-53
Page 79
C
ONFIGURING THE BARRICADE
Firmware Upgrade
Use this screen to update the firmware or user interface to the latest
versions. In the “Upgrade Target” field, choose “Firmware” or “User
Interface” depending on which you want to update. Then click “Browse”
to browse for the previously downloaded file.
Note: For latest firmware/user interface version information and
download, visit SMC’s Web site at www.smc-europe.com.
4-54
Page 80
Reset
Perform a reset from this page. The configurations will not be changed
back to the factory default settings.
T
OOLS
Note: If you use the reset button on the rear panel, the Barricade
performs a power reset and restores the factory settings.
4-55
Page 81
C
ONFIGURING THE BARRICADE
Status
The Status screen displays WAN/LAN connection status, firmware and
hardware version numbers, as well as information on DHCP clients
connected to your network.
The security log may be saved to a file by clicking “Save” and choosing a
location.
4-56
Page 82
S
TATUS
The following items are included on this screen:
Parameter Description
INTERNET Displays WAN connection type and status.
GATEWAY Displays system IP settings, as well as DHCP
INFORMATION Displays the number of attached clients, the
Security Log Displays illegal attempts to access your network.
DHCP Client Log Displays information on DHCP clients on your
Server and Firewall status.
firmware versions, the physical MAC address for
each media interface, and for the Barricade, as
well as the hardware version and serial number.
network.
4-57
Page 83
C
ONFIGURING THE BARRICADE
4-58
Page 84
C
HAPTER
C
ONFIGURING
After completing hardware setup by connecting all your network devices, you
need to configure your computer to connect to the Barricade. First determine
how your ISP issues your IP address. Many ISPs issue these numbers
automatically using Dynamic Host Configuration Protocol (DHCP.) Other
ISPs provide a static IP address and associated numbers, which you must
enter manually. How your ISP assigns your IP address determines how you
need to configure your computer. See this section for Windows 95/98/Me
configuration. See “Windows NT 4.0” on page 5-6, “Windows 2000” on page
5-11, “Windows XP” on page 5-15, or “Configuring Your Macintosh
Computer” on page 5-19 depending on your operating system.
C
LIENT
TCP/IP
Windows 95/98/Me
You may find that the instructions in this
section do not exactly match your version of
Windows. This is because these steps and
screenshots were created from Windows 98.
Windows 95 and Windows Millennium
Edition are similar, but not identical, to
Windows 98.
5
1. From the Windows desktop, click the
“Start” button. Choose “Settings,” and
then click “Control Panel.”
5-1
Page 85
C
ONFIGURING CLIENT
2. In “Control Panel”
double-click the “Network”
icon.
3. In the “Network” window,
under the “Configuration”
tab, double-click the “TCP/
IP” item listed for your
network card.
4. Select the “IP Address” tab.
5. If “Obtain an IP address
automatically” is already
selected, your computer is
already configured for
DHCP. Click “Cancel” to
close each window, and skip
to “Disable HTTP Proxy”
on page 5-4.” If not, locate
your IP address and subnet
mask. Record the numbers
in the space provided on the
following page.
TCP/IP
5-2
Page 86
W
INDOWS
95/98/M
E
6. Click the “Gateway” tab and
record the numbers listed
under “Installed gateways.”
7. Click the “DNS
Configuration” tab. Locate
the DNS servers listed
under “DNS Server Search
Order.” Record any listed
addresses.
8. After writing down your
settings, check to make sure
you have recorded them
correctly. Click the “IP
Address” tab and then click
“Obtain an IP address
automatically.” Click “OK.”
9. Windows may need your
Windows 95/98/Me CD to
copy some files. After it
finishes copying, it will
prompt you to restart your
system. Click “Yes” and
your computer will shut
down and restart.
TCP/IP Configuration Setting
IP Address ____.____.____.____
Subnet Mask ____.____.____.____
Primary DNS Server ____.____.____.____
Secondary DNS Server ____.____.____.____
Default Gateway ____.____.____.____
Host Name ____.____.____.____
5-3
Page 87
C
ONFIGURING CLIENT
TCP/IP
Disable HTTP Proxy
You need to verify that the “HTTP Proxy” feature of your Web browser is
disabled. This is so that your browser can view the Barricade’s HTML
configuration pages. The following steps are for Internet Explorer and
Netscape. Determine which browser you use and follow the appropriate
steps.
Internet Explorer
1. Open Internet Explorer and
click the stop button. Click
“Tools,” then “Internet
Options.”
2. In the “Internet Options”
window, click the
“Connections” tab. Next,
click the “LAN Settings...”
button.
3. Clear all the checkboxes.
4. Click “OK,” and then click
“OK” again to close the
“Internet Options” window.
5-4
Page 88
W
INDOWS
95/98/M
E
Netscape
1. Open Netscape and click
the stop button. Click
“Edit,” then click
“Preferences...”
2. In the “Preferences”
window, under
“Category”
double-click
“Advanced,” then
click “Proxies.” Select
“Direct connection
to the Internet.” Click
“OK.”
3. Repeat these steps for
each Windows 95/
98/Me computer
connected to your Barricade.
Obtain IP Settings from Your ADSL Router
Now that you have configured your computer to
connect to your Barricade, it needs to obtain new
network settings. By releasing old DHCP IP settings
and renewing them with settings from your Barricade,
you can also verify that you have configured your
computer correctly.
1. Click “Start,” then “Run...”
5-5
Page 89
C
ONFIGURING CLIENT
2. Type “WINIPCFG” and click
“OK.” It may take a second or two
for the “IP Configuration”
window to appear.
3. From the drop-down menu, select
your network card. Click “Release”
and then “Renew.” Verify that your
IP address is now 192.168.2.xxx,
your Subnet Mask is
255.255.255.0 and your Default
Gateway is 192.168.2.1. These
values confirm that your Barricade
is functioning. Click “OK” to close the “IP Configuration” window.
TCP/IP
Windows NT 4.0
After completing hardware setup by connecting your network devices, you
need to configure your computer to connect to the Barricade. First
determine how your ISP issues your IP address. Many ISPs issue these
numbers automatically using Dynamic Host Configuration Protocol
(DHCP.) Other ISPs provide a static IP address and associated numbers,
which you must enter manually. How your ISP assigns your IP address
determines how you need to configure your computer.
5-6
Page 90
Follow these instructions:
1. From the Windows
desktop click “Start/
Settings/Control
Panel.”
2. Double-click the
“Network” icon.
3. Select the
“Protocols” tab.
4. Double-click
“TCP/IP Protocol.”
5. Select the “IP Address”
tab.
6. In the “Adapter”
drop-down list, be sure
your Ethernet adapter is
selected.
W
INDOWS
NT 4.0
7. If “Obtain
an IP address
automatically” is already
selected, your computer
is already configured for
DHCP. Click “Cancel”
to close each window,
and skip to “Disable
HTTP Proxy” on page
5-9.
8. In the “TCP/IP
Properties” dialog box,
5-7
Page 91
C
ONFIGURING CLIENT
under the IP address tab, locate your IP address, subnet mask, and
default gateway. Record these values in the spaces provided below.
9. Click the “DNS” tab to
see the primary and
secondary DNS servers.
Record these values in
the spaces provided
below.
10. After writing down your
IP settings, click the IP
address tab. Select
“Obtain IP address
automatically” and click
“OK.” Click “OK” again
to close the “Network”
window.
11. Windows may copy some
files, and will then prompt you to restart your system. Click “Yes” and
your computer will shut down and restart.
TCP/IP
5-8
TCP/IP Configuration Setting
IP Address ____.____.____.____
Subnet Mask ____.____.____.____
Default Gateway ____.____.____.____
Primary DNS Server ____.____.____.____
Secondary DNS Server ____.____.____.____
Host Name ____.____.____.____
Page 92
W
INDOWS
Disable HTTP Proxy
You need to verify that the “HTTP Proxy” feature of your Web browser is
disabled. This is so that your browser can view the Barricade’s HTML
configuration pages. Determine which browser you use and refer to
“Internet Explorer” on page 5-4 or “Netscape” on page 5-5.
Obtain IP Settings from Your Barricade
Now that you have configured your computer to connect to your
Barricade, it needs to obtain new network settings. By releasing old DHCP
IP settings and renewing them with settings from your Barricade, you will
verify that you have configured your computer correctly.
NT 4.0
1. From the Windows desktop,
click “Start/Programs/ and
then click “Command
Prompt.”
2. In the “Command Prompt”
window, type “IPCONFIG
/RELEASE” and press the
<ENTER> key.
5-9
Page 93
C
ONFIGURING CLIENT
3. Type “IPCONFIG /RENEW” and press the <ENTER> key. Verify
that your IP Address is now 192.168.2.xxx, your Subnet Mask is
255.255.255.0 and your Default Gateway is 192.168.2.1. These values
confirm that your Barricade is functioning.
TCP/IP
4. Type “EXIT” and press <ENTER> to close the “Command Prompt”
window.
Your computer is now configured to connect to the Barricade.
5-10
Page 94
Windows 2000
1. On the Windows desktop,
click “Start/Settings/
Network and Dial-Up
Connections.”
2. Click the icon that
corresponds to the
connection to your
Barricade.
3. The connection status
screen will open. Click
“Properties.”
W
INDOWS
2000
5-11
Page 95
C
ONFIGURING CLIENT
4. Double-click “Internet
Protocol (TCP/IP.)”
5. If there is IP Address
information on the
“Internet Protocol (TCP/
IP) Properties” dialog box,
it should be recorded. Use
the spaces below to record
the current settings.
6. If “Obtain an IP address
automatically” and “Obtain
DNS server address
automatically” are already
selected, your computer is
already configured for
DHCP. Click “Cancel” to
close each window, and skip
to “Disable HTTP Proxy”
on page 5-13.”
TCP/IP
7. Select “Obtain an IP address automatically” and “Obtain DNS server
address automatically.” Click “OK” or “Close” to close each window.
TCP/IP Configuration Setting
IP Address ____.____.____.____
Subnet Mask ____.____.____.____
Default Gateway ____.____.____.____
Preferred DNS Server ____.____.____.____
Alternate DNS Server ____.____.____.____
5-12
Page 96
W
Disable HTTP Proxy
You need to verify that the “HTTP Proxy” feature of your Web browser is
disabled. This is so that your browser can view the Barricade’s HTML
configuration pages. Determine which browser you use and refer to
“Internet Explorer” on page 5-4 or “Netscape” on page 5-5.
Obtain IP Settings from Your Barricade
Now that you have configured your computer to connect to your
Barricade, it needs to obtain new network settings. By releasing old DHCP
IP settings and renewing them with settings from your Barricade, you can
verify that you have configured your computer correctly.
1. From the Windows
desktop, click “Start/
Programs/Accessories,”
and then “Command
Prompt.”
INDOWS
2000
2. In the “Command
Prompt” window, type “IPCONFIG/RELEASE” and press the
<ENTER> key.
3. Type “IPCONFIG /RENEW” and press the <ENTER> key. Verify
5-13
Page 97
C
ONFIGURING CLIENT
that your IP Address is now 192.168.2.xxx, your Subnet Mask is
255.255.255.0 and your Default Gateway is 192.168.2.1. These values
confirm that your ADSL Router is functioning.
TCP/IP
4. Type “EXIT” and press <ENTER> to close the “Command Prompt”
window.
Your computer is now configured to connect to the Barricade.
5-14
Page 98
Windows XP
1. Click “start/Control Panel.”
2. In “Control Panel” click
“Network and Internet
Connections.”
3. The “Network
Connections” screen will
open. Double-click the
connection for this device.
W
INDOWS
XP
4. On the connection status
screen, click “Properties.”
5-15
Page 99
C
ONFIGURING CLIENT
5. Double-click “Internet
Protocol (TCP/IP.)”
6. If there is IP Address
information on the “Internet
Protocol (TCP/IP)
Properties” dialog box, it
should be recorded. Use the
spaces below to record the
current settings.
7. If “Obtain an IP address
automatically” and “Obtain
DNS server address
automatically” are already
selected, your computer is
already configured for
DHCP. Click “Cancel” to
close each window, and skip
to “Disable HTTP Proxy”
on page 5-17.”
TCP/IP
8. Select “Obtain an IP address automatically” and “Obtain DNS server
address automatically.” Click “OK” or “Close” to close each window.
TCP/IP Configuration Setting
IP Address ____.____.____.____
Subnet Mask ____.____.____.____
Default Gateway ____.____.____.____
Preferred DNS Server ____.____.____.____
Alternate DNS Server ____.____.____.____
5-16
Page 100
Disable HTTP Proxy
You need to verify that the “HTTP Proxy” feature of your Web browser is
disabled. This is so that your browser can view the Barricade’s HTML
configuration pages. Determine which browser you use and refer to
“Internet Explorer” on page 5-4 or “Netscape” on page 5-5.
Obtain IP Settings from Your Barricade
Now that you have configured your computer to connect to your
Barricade, it needs to obtain new network settings. By releasing old DHCP
IP settings and renewing them with settings from your Barricade, you can
verify that you have configured your computer correctly.
1. From the Windows
desktop, click “start/
Programs/
Accessories/
Command Prompt.”
W
INDOWS
XP
2. In the “Command Prompt” window, type “IPCONFIG/RELEASE”
and press the <ENTER> key.
5-17
Loading...