TRENDnet TEW-611BRP User Manual

1 2

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protec tion
against harmful interference in a residential installation. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instructions, may
cause harmful interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning the equipment off and
on, the user is encouraged to try to correct the interference by one of the following measures:

- Reorient or relocate the receiving antenna.

- Increase the separation between the equipment and receiver.

- Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.

- Consult the dealer or an experienced radio/TV technician for help.

FCC Caution: Any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cau se harmful interference, and (2) this device must accept any
interference received, including interference that may cause undesired operation.

Copyright

This publication, including all photographs, illustrations and software, is protected under international
copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein,
may be reproduced without written consent of the author.

Copyright 2005

Trademark recognition

All product names used in this manual are the properties of their respective owners and are
acknowledged.

Table of Contents

Getting Started with the TEW-611BRP ………….....................3

Package Contents ......................................................................4

Minimum System Requirements ................................. …………4

Wireless LAN Networking ........................................................6

Introduction ...............................................................................7

Features ..................................................................................... 7

Hardware Overview ...................................................................8

Rear Panel ……………………………………………………………8

LEDs .........................................................................................9

Installation Considerations ........................................................10

Getting Started ..........................................................................10

Using the Configuration Menu............................................... 11

Basic .......................................................................................12

Advanced ................................................................................25

Tools ..........................................................................................47

Status..........................................................................................58

Glossary ....................................................................................65

3

Getting Started with the TEW-611BRP

Congratulations on purchasing the TEW-611BRP! This manual provides information for setting up and
configuring the TEW-611BRP. This manual is intended for both home users and professionals.

The following conventions are used in this manual:

THE NOTE SYMBOL INDICATES ADDITIONAL INFORMATION ON THE
TOPIC A T HAND.

THE TIP SYMBOL INDICA TES HELPFULL INFORMATION AND TIPS TO
IMPROVE YOUR NETWORK EXPERIENCE.

THE CAUTION SYMBOL ALERTS YOU TO SITUATIONS THAT MAY
DEGRADE YOUR NETWORKING EXPERIENCE OR COMPROMISE

LIKE NOTES AND TIPS, THE IMPO RTANT SYMBOL INDICATES
INFORMA TION THAT CAN IMPROVE NETWORKING. THIS INFORMA TION
SHOULD NOT BE OVERLO OK ED.

4

Package Contents

z TEW-611BRP 108Mbps 11g MIMO Wireless Router
z Power Adapter (5V DC, 2A)
z CD-ROM with Software and Manual
z Quick Installation Guide
z Cat.5 Ethernet Cable

Using a power supply with a different voltage than the one included with your product
will cause damage and void the warranty for this product.

Minimum System Requirements

z Ethernet-Based Cable or DSL Modem

z Computers with Windows, Macintosh, or Linux-based operating systems with an installed

Ethernet adapter and CD-ROM Drive

z Internet Explorer Version 6.0 or Netscape Navigator Version 7.0 and Above

5

Wireless LAN Networking

This section provides background information on wireless LAN networking technology. Consult the
“Glossary

” for definitions of the terminology used in this section.

HE INFORMA TION IN THIS SEC TION IS FOR YOUR REFERENCE . CHANGING NETWORK

T

SETTINGS AND PARTICULARLY SECURITY SETTTINGS SHOULD ONLY B E DONE BY AN
AUTHORIZED ADMINISTRATOR.

6

Introduction

The TEW-611BRP MIMO Wireless Router is an 802.11g high-performance, wireless router that
supports high-speed wireless networking at home, at work or in public places.

Unlike most routers, the TEW-611BRP provides da ta transfers at up to 108 Mbps (compared to the
standard 54Mbps) when used with other Super G MIMO products. The 802.11g standard is backwards
compatible with 802.11b products. This means that you do not need to ch ange your entire network to
maintain connectivity. You may sacrifice some of 802.11g’s speed when you mix 802.11b and 802.11g
devices, but you will not lose the ability to communicate when you incorporate the 802.11g standard
into your 802.11b network. You may choose to slowly change your network by gradually replacing the

802.11b devices with 802.11g devices.

Features

¾ Wi-Fi Compliant with IEEE 802.11g and IEEE 802.11b Standards
¾ 4 x 10/100Mbps Auto-MDIX LAN Port and 1 x 10/100Mbps WAN Port (Internet)
¾ Supports Cable/DSL Modems with Dynamic IP, Static IP, PPPoE, PPTP, L2TP or BigPong

Connection Types

¾ Supports Super G Technology with Data Rate up to 108Mbps (8X Faster)
¾ Enhance Wireless Coverage up to 800% More Coverage with MIMO Technology
¾ DHCP Server Feature Allocates up to 252 Client IP Addresses and up to 64 Reservations
¾ Supports 64/128-bit WEP(Hex), WPA/WPA2 & WPA-PSK/WPA2-PSK Encryptions
¾ Firewall features Network Address Translation (NAT), and Stateful Packet Inspection (SPI)

protects against Dos attacks

¾ Traffic Control with Virtual Server (max 64 configurable servers) and DMZ
¾ UPnP (Universal Plug & Play) and ALGs Support for Internet applications such as Email, FTP,

Gaming, Remote Desktop, Net Meeting, Telnet, and more

¾ Provides Additional Security of Enable/Disable SSID, Internet Access Control (Services, URL and

MAC Filtering)

¾ Supports Static DHCP Client, Static Routing (RIP v1 Announcer) and Dynamic DNS (8 Verified

Services)

¾ Supports Multiple and Concurrent IPSec, L2TP and PPTP VPN Pass-Through Sessions
¾ Flash Memory for Firmware Upgrade, Save/Restore Settings
¾ Easy Management via Web Browser (HTTP) and Remote Management
¾ Compliant with Windows 95/98/NT/2000/XP/2003 Server, Linux and Mac OS

7

Hardware Overview

Real Panel

DC-IN

The DC power input connector is a single jack socket to supply power to the TEW-611BRP.

Please use the Power Adapter provided on the TEW-611BRP package.

Auto-MDIX LAN Ports
These ports automatically sense the cable type when connecting to Ethernet-enabled computers.

Auto-MDIX WAN Port
This is the connection for the Ethernet cable to the Cable or DSL modem

WLAN Slide Switch

Turn ON/OFF of wireless function.

Reset Button
Pressing the reset button restores the router to its original factory default settings.

8

LEDs

POWER LED

A solid light indicates a proper connection to the power supply.

LAN1~LAN4 LED

A solid light indicates a connection to an Ethernet-enabled computer on ports 1-4. This LED blinks
during data transmission.

WAN LED
A solid light indicates connection on the WAN port. This LED blinks during data transmission.

WLAN LED
A solid light indicates that the wireless segment is ready.

This LED blinks during wireless data

transmission.

9

Installation Considerations

The TEW-611BRP MIMO Wireless Router lets you access your network, using a wireless connection,
from virtually anywhere within its op erating range. Keep in mind, h owever, that the number, thi ckness
and location of walls, ceilings, or other objects that the wireless signals must pass throu gh, may limit
the range. Typical ranges vary depending on the types of materials and background RF (radio
frequency) noise in your home or bus iness. The key to maximizing wireless range is to follow these
basic guidelines:

1 Keep the number of walls and ceilings between the TEW-611BRP and other network devic es

to a minimum - each wall or ceiling can reduce your wireless product’s range from 3-90 feet
(1-30 meters.) Position your devices so that the number of walls or ceilings is minimized.

2 Be aware of the direct line between network devices. A wall that is 1.5 feet thick (.5 me ters), at

a 45-degree angle appears to be almost 3 fee t (1 meter) thick. At a 2-degree angle it looks
over 42 feet (14 meters) thick! Position devices so that the signal will travel straight through a
wall or ceiling (instead of at an angle) for better reception.

3 Building Materials can impede the wireless signal - a solid metal door or aluminum studs may

have a negative effect on range. Try to position wireless devices and computers with wireless
adapters so that the signal passes through drywall or open doorways and not other materials.

4 Keep your product away (at least 3-6 feet or 1-2 meters) from electrical devices or appliances

that generate extreme RF noise.

Getting Started

For a typical wireless setup at home, please do the following:

1. You will need broadband Internet access (a Cable or DSL-subscriber line into your home or

office)

2. Consult with your Cable or DSL provider for proper installation of the modem.

3. Connect the Cable or DSL modem to the TEW-611BRP Wireless Broadband Router (WAN port).

4. Ethernet LAN ports of the TEW-611BRP are Auto-MDIX and will work with both Straight-Through

and Cross-Over cable.

10

Using the Configuration Menu

Whenever you want to configure your TEW-611BRP, you can access the Configuration Menu by
opening the Web-browser and typing in the IP Address of the TEW-611BRP. The TEW-611BRP’s
default IP Address is http://192.168.0.1

¾ Open the Web browser.
¾ Type in the IP Address of the Router (http://192.168.0.1

).

If you have changed the default IP Address assigned to the TEW-611BRP, make sure to
enter the correct IP Address.

¾ Type admin in the User Name field.
¾ Leave the Password blank.
¾ Click Login In.

11

Basic

The Basic tab provides the following configuration options: Wizard, WAN, LAN, DHCP, and Wireless.

Basic_Wizard

Internet Connection Setup Wizard

This wizard guides you through the following basic router setup steps:

• Set your Password

• Select your Time Zone

• Configure your Internet Connection

12

Wireless Security Setup Wizard

This wizard guides you through the following steps for setting up security for your wireless
network:

• Name your Wireless Network

• Secure your Wireless Network

Basic_WAN

The WAN (Wide Area Network) section is where you configure your Internet Connection type. There
are several connection types to choose from: Static IP, DHCP, PPPoE, PPTP, L2TP, and BigPond. If
you are unsure of your connection method, please contact your Internet Service Provider. Note: If
using the PPPoE option, you will need to ensure that any PPPoE client software on your computers is
removed or disabled.

13

Static WAN Mode

Used when your ISP provides you a set IP address that does not change. The IP information is
manually entered in your IP configuration settings. You must enter the IP address, Subnet
Mask, Gateway, Primary DNS Server, and Secondary DNS Server. Your ISP provides you
with all of this information.

DHCP W AN Mode

A method of connection where the ISP assigns your IP address when your router requests one
from the ISP's server. Some ISP's require you to make some settings on your side before your
router can connect to the Internet.

Host Name: Some ISP's may check your computer's Host Name. The Host Name identifies
your system to the ISP's server. This way they know your computer is eligible to receive an IP
address. In other words, they know that you are paying for their service.

Enable BigPond: Check this option to connect to the internet through Telstra BigPond Cable
Broadband in Australia. Telstra BigPond provides the values for BigPond Server, BigPond

User Id, and BigPond Password.

PPPoE

Select this option if your ISP requires you to use a PPPoE (Point to Point Protocol over
Ethernet) connection. DSL providers typically use this option. This method of connection
requires you to enter a Username and Password (provided by your Internet Service Provider)
to gain access to the Internet.

PPTP

Service Name: Some ISP's may require that you enter a Service Name. Only enter a Service

Name if your ISP requires one.
Reconnect Mode: Typically PPPoE connections are not always on. The Wireless router allows

you to set the reconnection mode. The settings are:

• Always on: A connection to the Internet is always maintained.

• On demand: A connection to the Internet is made as needed.

• Manual: You have to open up the Web-based management interface and click the

Connect button manually any time that you wish to connect to the Internet.

Maximum Idle Time: Time interval the machine can be idle before the PPPoE connection is
disconnected. The Maximum Idle Time value is only used for the "On demand" connection
mode.

PPTP (Point to Point T unneling Protocol) uses a virtual private network to connect to your ISP.
This method of connection is primarily used in Europe. This method of connection requires you
to enter a Username and Password (provided by your Internet Service Provider) to gain
access to the Internet. The ISP provides the values for PPTP IP Address , PPTP Subnet
Mask , PPTP Gateway IP Address, and PPTP Server IP Address (may be the same as the
gateway).

Reconnect Mode: Typically PPTP connections are not always on. The Wireless router allows
you to set the reconnection mode. The settings are:

14

L2TP

• Always on: A connection to the Internet is always maintained.

• On demand: A connection to the Internet is made as needed.

• Manual: You have to open up the Web-based management interface and click the

Connect button manually any time that you wish to connect to the Internet.

Maximum Idle Time: Time interval the machine can be idle before the PPTP connection is
disconnected. The Maximum Idle Time value is only used for the "On demand" connection
mode.

L2TP (Layer Two Tunneling Protocol) uses a virtual private network to connect to your ISP.
This method of connection requires you to enter a Username and Password (provided by
your Internet Service Provider) to gain access to the Internet. The ISP provides the values for

L2TP IP Address, L2TP Subnet Mask, L2TP Gateway IP Address, and L2TP Server IP
Address (may be the same as the gateway).

Reconnect Mode: Typically L2TP connections are not always on. The Wireless router allows

you to set the reconnection mode. The settings are:

• Always on: A connection to the Internet is always maintained.

• On demand: A connection to the Internet is made as needed.

• Manual: You have to open up the Web-based management interface and click the

Maximum Idle Time: Time interval the machine can be idle before the L2TP connection is
disconnected. The Maximum Idle Time value is only used for the "On demand" connection
mode.

Advanced

These options apply to all WAN modes.
Use These DNS Servers: This option should be enabled if your ISP requires you to enter the

DNS Server information. You will then be able to enter a primary and secondary DNS server.
Use the default MTU: If this option is checked (the default case), the router selects the usual

MTU settings for the type of WAN interface in use. If this option is unchecked, the router uses
the value of the MTU option (which follow s) .

MTU: The Maximum Transmission Unit (MTU) is a parameter that determines the largest
packet size (in bytes) that the router will send to the WAN. If LAN devices send larger packets,
the router will break them into smaller packets. Ideally, you should set this to match the MTU of
the connection to your ISP. Typical values are 1500 bytes for an Ethernet connection and 1492
bytes for a PPPoE connection. If the router's MTU is set too high, packets will be fragmented
downstream. If the router's MTU is set too low, the router will fragment packets unnecessarily
and in extreme cases may be unable to establish some connections. In either case, network
performance can suffer.

Connect button manually any time that you wish to connect to the Internet.

WAN Port Speed: Normally, this is set to "auto". If you have trouble connecting to the WAN, try
the other settings.

Respond to WAN Ping: If you leave this option unchecked, you are causing the public WAN

15

IP address of the router not to respond to ping commands. Pinging public WAN IP addresses
is a common method used by hackers to test whether your WAN IP address is valid.

WAN Ping Inbound Filter: Select a filter that controls access as needed for WAN pings. If you
do not see the filter you need in the list of filters, go to the Advanced -> Inbound Filter screen
and create a new filter.

MAC Cloning Enabled: Some ISP's may check your computer's MAC address. Each
networking device has it's own unique MAC address defined by the hardware manufacturer.
Some ISP's record the MAC address of the network adapter in the computer or router used to
initially connect to their service. The ISP will then only grant Internet access to requests from a
computer or router with this particular MAC address. Your new Wireless router has a different
MAC address than the computer or router that initially connected to the ISP. To resolve this
problem, the Wireless router has a special feature that allows you to clone (that is, replace the
router's MAC address with) another MAC address.

MAC Address: If you have enabled MAC Cloning, you can either type in an alternate MAC
address (for example, the MAC address of the router initially connected to the ISP) or copy the
MAC address of a PC. To copy the MAC address of the computer that initially connected to the
ISP, connect to the Wireless router using that computer and click the Clone Your PC's MAC

Address button. The WAN port will then use the MAC address of the network adapter in your

computer.

16

Basic_LAN

These are the settings of the LAN (Local Area Network) interface for the router. The router's local
network (LAN) settings are configured based on the IP Address and Subnet Mask assigned in this
section. The IP address is also used to access this Web-based management interface. It is
recommended that you use the default settings if you do not have an existing network.

IP Address. The IP address of your router on the local area network. Your local area network settings
are based on the address assigned here. For example, 192.168.0.1.

Subnet Mask. The subnet mask of your router on the local area network.
RIP Announcement. Used with multiple routers to broadcast routing information.
Router Metric. The metric or cost of the routes advertised in RIP announcements.

17

Basic_DHCP

DHCP stands for Dynamic Host Configuration Protocol. The DHCP section is where you configure the
built-in DHCP Server to assign IP addresses to the computers and other devices on your local area
network (LAN).

Enable DHCP Server

Once your Wireless router is properly configured and this option is enabled, the DHCP Server
will manage the IP addresses and other network configuration information for computers and
other devices connected to your Local Area Network. There is no need for you to do this
yourself.

The computers (and other devices) connected to your LAN also need to have their TCP/IP
configuration set to "DHCP" or "Obtain an IP address automatically".

When you set Enable DHCP Server, the following options are displayed.

18

DHCP IP Address Range

These two values (from and to) define a range of addresses that the DHCP Server uses when
assigning addresses to computers and devices on your Local Area Network. Any addresses
that are outside of this range are not managed by the DHCP Server; these could, therefore, be
used for manually configured devices or devices that cannot use DHCP to obtain network
address details automatically .

It is possible for a computer or device that is manually configured to have an address that does
reside within this range. In this case the address should be reserved (see Static DHCP Client
below), so that the DHCP Server knows that this specific address can only be used by a
specific computer or device.

Your Wireless router, by default, has a static IP address of 192.168.0.1. This means that
addresses 192.168.0.2 to 192.168.0.254 (from 2 to 254) can be made available for allocation
by the DHCP Server.

Example:

Your Wireless router uses 192.168.0.1 for the IP address. You've assigned a computer that you
want to designate as a Web server with a static IP address of 192.168.0.3. You've assigned
another computer that you want to designate as an FTP server with a static IP address of

192.168.0.4. Therefore the starting IP address for your DHCP IP address range needs to be 5
or greater.

Example:

Suppose you configure the DHCP Server to manage addresses From 100 To 199. This means
that 3 to 99 and 200 to 254 are NOT managed by the DHCP Server. Computers or devices that
use addresses from these ranges are to be manually configured. Suppose you have a web
server computer that has a manually configured address of 192.168.0.100. Because this falls
within the "managed range" be sure to create a reservation for this address and match it to the
relevant computer (see Static DHCP Client below).

DHCP Lease Time

The amount of time that a computer may have an IP address before it is required to renew the
lease. The lease functions just as a lease on an apartment would. The initial lease designates
the amount of time before the lease expires. If the tenant wishes to retain the address when
the lease is expired then a new lease is established. If the lease expires and the address is no
longer needed than another tenant may use the address.

Always Broadcast

If all the computers on the LAN successfully obtain their IP addresses from the router's DHCP
server as expected, this option can remain disabled. However, if one of the computers on the
LAN fails to obtain an IP address from the router's DHCP server, it may have an old DHCP
client that incorrectly turns off the broadcast flag of DHCP packets. Enabling this option will
cause the router to always broadcast its responses to all clients, thereby working around the
problem, at the cost of increased broadcast traffic on the LAN.

Number of Dynamic DHCP Clients

In this section you can see what LAN devices are currently leasing IP addresses.

Revoke: The Revoke option is available for the situation in which the lease table becomes full

19

or nearly full, you need to recover space in the table for new entries, and you know that some
of the currently allocated leases are no longer needed. Clicking Revoke cancels the lease for a
specific LAN device and frees an entry in the lease table. Do this only if the device no longer
needs the leased IP address, because, for example, it has been removed from the network.

Add/Edit Static DHCP Client

This option lets you reserve IP addresses, and assign the same IP address to the network
device with the specified MAC address any time it requests an IP address. This is almost the
same as if a device has a static IP address except that it must still request an IP address from
the Wireless router. The Wireless router will provide the device the same IP address every time.
St atic DHCP is helpf ul for server computers on the local network that are hosting applications
such as Web and FTP. Servers on your network should either use a static IP address or use
this option.

MAC Address: To input the MAC address of your system, enter it in manually or connect to
the Wireless router's Web-Management interface from the system and click the Copy Your

PC's MAC Address button.

A MAC address is usually located on a sticker on the bottom of a network device. The MAC
address is comprised of twelve digits. Each pair of hexadecimal digits are usually separated by
dashes or colons such as 00-0D-88-11-22-33 or 00:0D:88:11:22:33. If your network device is a
computer and the network card is already located inside the computer, you can connect to the
Wireless router f rom the computer and click the Copy Yo ur PC's MAC Address button to
enter the MAC address.

As an alternative, you can locate a MAC address in a specific operating system by following
the steps below:

Windows 98SE
Windows Me

Windows 2000
Windows XP

Mac OS X Go to the Apple Menu, select System Preferences, select Network, and

Computer Name: You can assign a name for each computer that is given a static IP address.
This may help you keep track of which computers are assigned this way.

Example:

Game Server

Static DHCP Client List

Go to the Start menu, select Run, type in winipcfg, and hit Enter. A popup
window will be displayed. Select the appropriate adapter from the
pull-down menu and you will see the Adapter Address. This is the MAC
address of the device.

Go to your Start menu, select Programs, select Accessories, and select
Command Prompt. At the command prompt type ipconfig /all and hit
Enter. The physical address displayed for the adapter connecting to the
router is the MAC address.

select the Ethernet Adapter connecting to the Wireless router. Select the
Ethernet button and t he Ethernet ID will be listed. This is the same as the
MAC address.

This shows clients that you have specified to have static DHCP address. An entry can be
changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the
Edit icon, the item is highlighted, and the "Edit Static DHCP Client" section is activated for
editing.

20

Basic_Wireless

The wireless section is used to configure the wireless settings for your Wireless router. Please note
that changes made on this section may also need to be duplicated on your Wireless Client.

To protect your privacy, use the wireless security mode to configure the wireless security features.
This device supports three wireless security modes including: WEP, WPA-Personal, and
WPA-Enterprise. WEP is the original wireless encryption standard. WPA provides a higher level of
security. WPA-Personal does not require an authentication server. The WPA-Enterprise option does
require a RADIUS authentication server.

Enable Wireless Radio

This option turns off and on the wireless connection feature of the router. When you set this
option, the following parameters are displayed.

21

Wireless Network Name

When you are browsing for available wireless networks, this is the name that will appear in the
list (unless Visibility Status is set to Invisible, see below). This name is also referred to as the
SSID. For security purposes, it is highly recommended to change from the pre-configured
network name.

Visibility Status

The Invisible option allows you to hide your wireless network. When this option is set to Visible,
your wireless network name is broadcast to anyone within the range of your signal. If you're not
using encryption then they could connect to your network. When Invisible mode is enabled,
you must enter the Wireless Network Name (SSID) on the client manually to connect to the
network.

Auto Channel Select

If you select this option, the router automatically finds the channel with least interference and
uses that channel for wireless networking. If you disable this option, the router uses the
channel that you specify with the following Channel option.

Channel

A wireless network uses specific channels in the 2.4GHz wireless spectrum to handle
communication between clients. Some channels in your area may have interference from other
electronic devices. Choose the clearest channel to help optimize the performance and
coverage of your wireless network.

Tr ansm i ssion Rat e

By default the fastest possible transmission rate will be selected. You have the option of
selecting the speed if necessary.

802.11 Mode

If all of your devices can connect in 802.11g Mode, you can change the mode to 802.11g only.
If you have some devices that are 802.11b, leave the setting at Mixed.

Super G™ Mode

Super G Turbo Modes must use channel 6 for communication. For Super G with St atic Turbo,

802.11g Mode must be set to 802.11g. For proper operation, RTS threshold and
Fragmentation Threshold on the Advanced -> Advanced Wireless screen should both be set to
their default values.

Super G without T urbo: Performance enhancing features such as Packet Bursting, Fast
Frames, and Compression.

Super G with Static Turbo: This mode is not backwards compatible with non-Turbo (legacy)
devices. This mode should only be enabled when all devices on the wireless network are Static
Turbo enabled.

Super G with Dynamic Turbo: This mode is backwards compatible with non-Turbo (legacy)
devices. This mode should be enabled when some devices on the wireless network are not
Turbo enabled but support other Super G features mentioned above.

22

WEP

A method of encrypting data for wireless communication intended to provide the same level of
privacy as a wired network. WEP is not as secure as WP A encryption. To gain access to a
WEP network, you must know the key. The key is a string of characters that you create. When
using WEP, you must determine the level of encryption. The type of encryption determines the
key length. 128-bit encryption requires a longer key than 64-bit encryption. Keys are defined by
entering in a string in HEX (hexadecimal - using characters 0-9, A-F) or ASCII (American
Standard Code for Information Interchange - alphanumeric characters) format. ASCII format is
provided so you can enter a string that is easier to remember. The ASCII string is converted to
HEX for use over the network. Four keys can be defined so that you can change keys easily. A
default key is selected for use on the network.

Example:

64-bit hexadecimal keys are exactly 10 characters in length. (12345678FA is a valid string of
10 characters for 64-bit encryption.)

128-bit hexadecimal keys are exactly 26 characters in length.
(456FBCDF123400122225271730 is a valid string of 26 characters for 128-bit encryption.)

64-bit ASCII keys are up to 5 characters in length (DMODE is a valid string of 5 characters for
64-bit encryption.)

128-bit ASCII keys are up to 13 characters in length (2002HALOSWIN1 is a valid string of 13
characters for 128-bit encryption.)

WPA-Personal and WP A-Enterprise

Both of these options select some variant of Wi-Fi Protected Access (WPA) -- security
standards published by the Wi-Fi Alliance. The WPA Mode further refines the variant that the
router should employ .

WPA Mode: WPA is the older standard; select this option if the clients that will be used with the
router only support the older standard. WPA2 is the newer implementation of the stronger IEEE

802.11i security standard. With the "WPA2" option, the router tries WPA2 first, but falls back to
WPA if the client only supports WPA. With the "WPA2 Only" option, the router associates only
with clients that also support WPA2 security.

Cipher Type: The encryption algorithm used to secure the data communication. TKIP
(Temporal Key Integrity Protocol) provides per-packet key generation and is based on WEP.
AES (Advanced Encryption Standard) is a very secure block based encryption. With the "TKIP
and AES" option, the router negotiates the cipher type with the client, and uses AES when
available.

Group Key Update Interval: The amount of time before the group key used for broadcast and
multicast data is changed.

WPA-Personal

This option uses Wi-Fi Protected Access with a Pre-Shared Key (PSK).
Pre-Shared Key: The key is entered as a pass-phrase of up to 63 alphanumeric characters in

ASCII (American Standard Code for Information Interchange) format at both ends of the
wireless connection. It cannot be shorter than eight characters, although for proper security it
needs to be of ample length and should not be a commonly known phrase. This phrase is used

23

to generate session keys that are unique for each wireless client.

Example:
Wireless Networking technology enables ubiquitous communication

WPA-Enterprise

This option works with a RADIUS Server to authenticate wireless clients. Wireless clients
should have established the necessary credentials before attempting to authenticate to the
Server through this Gateway. Furthermore, it may be necessary to configure the RADIUS
Server to allow this Gateway to authenticate users.

Authentication Timeout: Amount of time before a client will be required to re-authenticate.
RADIUS Server IP Address: The IP address of the authentication server.
RADIUS Serve r Port: The port number used to connect to the authentication server.
RADIUS Server Shared Secret: A pass-phrase that must match with the authentication

server.
MAC Address Authentication: If this is selected, the user must connect from the same

computer whenever logging into the wireless network.

Advanced:
Optional Backup RADIUS Server

This option enables configuration of an optional second RADIUS server. A second RADIUS
server can be used as backup for the primary RADIUS server. The second RADIUS server is
consulted only when the primary server is not available or not responding. The fields Second

RADIUS Server IP Address, RADIUS Server Port, Second RADIUS server Shared Secret,
Second MAC Address Authentication provide the corresponding parameters for the second

RADIUS Server.

24

Advanced

The Advanced tab provides the following configuration options: Virtual Server, Special Applications,
Gaming, Traffic Shaping, Routing, Access Control, WEB Filter, MAC Address Filter, Firewall, Inbound
Filter, Advanced Wireless and Schedules.

Advanced_Virtual Server

The Virtual Server option gives Internet users access to services on your LAN. This feature is useful
for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a
public port on your router for redirection to an internal LAN IP Address and LAN port.

Example:

You are hosting a Web Server on a PC that has LAN IP Address of 192.168.0.50 and your ISP
is blocking Port 80.

1. Name the Virtual Server (for example: Web Server)

2. Enter the IP Address of the machine on your LAN (for example: 192.168.0.50

3. Enter the Private Port as [80]

4. Enter the Public Port as [8888]

25