ZyXEL HS100, HS100W User Manual

HS-100 / HS-100W

Parental Control Gateway

User’s Guide

Version 3.62

10/2005

HomeSafe User’s Guide

Copyright

Copyright © 2004 by ZyXEL Communications Corporation.

The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise,
without the prior written permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the patent
rights of others. ZyXEL further reserves the right to make changes in any products described
herein without notice.

This publication is subject to change without notice.

Trademarks

Trademarks mentioned in this publication are used for identification purposes only and may be
properties of their respective owners.

ii Copyright

HomeSafe User’s Guide

Federal Communications Commission

(FCC) Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:

This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause

undesired operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device

pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a commercial environment. This equipment generates, uses, and
can radiate radio frequency energy, and if not installed and used in accordance with the
instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:

Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is

connected.
Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could
void the user's authority to operate the equipment.

Certifications

1. Go to www.zyxel.com.

2. Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3. Select the certification you wish to view from this page.

FCC iii

HomeSafe User’s Guide

Information for Canadian Users

The Industry Canada label identifies certified equipment. This certification means that the
equipment meets certain telecommunications network protective, operation, and safety
requirements. The Industry Canada does not guarantee that the equipment will operate to a user's
satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the
facilities of the local telecommunications company. The equipment must also be installed using
an acceptable method of connection. In some cases, the company's inside wiring associated with a
single line individual service may be extended by means of a certified connector assembly. The
customer should be aware that the compliance with the above conditions may not prevent
degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility
designated by the supplier. Any repairs or alterations made by the user to this equipment, or
equipment malfunctions, may give the telecommunications company cause to request the user to
disconnect the equipment.

For their own protection, users should ensure that the electrical ground connections of the power
utility, telephone lines, and internal metallic water pipe system, if present, are connected together.
This precaution may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the
appropriate electrical inspection authority, or electrician, as appropriate.

Note

This digital apparatus does not exceed the class A limits for radio noise emissions from digital
apparatus set out in the radio interference regulations of Industry Canada.

iv Information for Canadian Users

HomeSafe User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in
materials or workmanship for a period of up to two years from the date of purchase. During the
warranty period, and upon proof of purchase, should the product have indications of failure due to
faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective
products or components without charge for either parts or labor, and to whatever extent it shall
deem necessary to restore the product or components to proper operating condition. Any
replacement will consist of a new or re-manufactured functionally equivalent product of equal
value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product
is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal
working conditions.

NOTE

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser.
This warranty is in lieu of all other warranties, express or implied, including any implied
warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be
held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended
that the unit be insured when shipped. Any returned products without proof of purchase or those
with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the
customer will be billed for parts and labor. All repaired or replaced products will be shipped by
ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal
rights, and you may also have other rights that vary from country to country.

Online Registration

) Register your product online at www.zyxel.com for global

products, or at www.us.zyxel.com for North American
products.

Warranty v

HomeSafe User’s Guide

Customer Support

When you contact your customer support representative please have the following information
ready:

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

LOCATION
WORLDWIDE

AMERICA

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

SALES E-MAIL FAX1 FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

ZyXEL Communications

sales@zyxel.com.tw
support@zyxel.com +1-800-255-4101

sales@zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY
sales@zyxel.de

support@zyxel.es +34 902 195 420 SPAIN
sales@zyxel.es

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk DENMARK
sales@zyxel.dk

support@zyxel.no +47 22 80 61 80 www.zyxel.no NORWAY
sales@zyxel.no

support@zyxel.se +46 31 744 7700 www.zyxel.se SWEDEN
sales@zyxel.se

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi FINLAND
sales@zyxel.fi

+886-3-578-2439 ftp.europe.zyxel.com

+1-714-632-0882

+1-714-632-0858 ftp.us.zyxel.com

+49-2405-6909-99

+33 (0)4 72 52 97 97 FRANCE info@zyxel.fr
+33 (0)4 72 52 19 20

+34 913 005 345

+45 39 55 07 07

+47 22 80 61 81

+46 31 744 7701

+358-9-4780 8448

www.europe.zyxel.com
ftp.zyxel.com

www.us.zyxel.com NORTH

www.zyxel.fr ZyXEL France

www.zyxel.es

REGULAR MAIL

ZyXEL Communications Corp.
6 Innovation Road II
Science Park
Hsinchu 300
Taiwan

ZyXEL Communications Inc.
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.

ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany

1 rue des Vergers
Bat. 1 / C
69760 Limonest
France

Alejandro Villegas 33
1º, 28043 Madrid
Spain

ZyXEL Communications A/S
Columbusvej 5
2860 Soeborg
Denmark

ZyXEL Communications A/S
Nils Hansens vei 13
0667 Oslo
Norway

ZyXEL Communications A/S
Sjöporten 4, 41764 Göteborg
Sweden

ZyXEL Communications Oy
Malminkaari 10
00700 Helsinki
Finland

1

“+” is the (prefix) number you enter to make an international telephone call.

vi Customer Support

HomeSafe User’s Guide

Table of Contents

Getting Starte d..................................................................................................................................................I

Chapter 1 Getting to Know Your HomeSafe..............................................................................................1-1

1.1 HomeSafe Parental Control Gateway Overview.........................................................................1-1

1.2 HomeSafe Features ........................................................................................................................1-1

1.3 Applications for the HomeSafe .....................................................................................................1-5

Chapter 2 Introducin g the Web C onfigurator...........................................................................................2-1

2.1 Web Configurator Overview.........................................................................................................2-1

2.2 Accessing the HomeSafe Web Configurator................................................................................2-1

2.3 Step 1 : System Administrator Password Setup...........................................................................2-2

2.4 Step 2 : WLAN Setup.....................................................................................................................2-2

2.5 Step 3 : Internet Configuration Setup..........................................................................................2-5

2.6 Step 4 : Parental Control Wizard..................................................................................................2-8

2.7 Step 5 : Content Filter Service Activation..................................................................................2-18

2.8 Accessing the Internet via the HomeSafe Gateway...................................................................2-19

2.9 Accessing the HomeSafe Web Configurator..............................................................................2-20

2.10 Resetting the HomeSafe..........................................................................................................2-21

2.11 HomeSafe Main Menu ............................................................................................................2-21

Chapter 3 Connection Wizard.....................................................................................................................3-1

3.1 Connection Wizard Overview.......................................................................................................3-1

3.2 Connection Wizard : General Setup and System Name .............................................................3-1

3.3 Connection Wizard: Screen 2........................................................................................................3-2

3.4 Connection Wizard : Screen 3.......................................................................................................3-3

3.5 Connection Wizard : Screen 4.......................................................................................................3-4

3.6 Connection Wizard : Screen 5.......................................................................................................3-8

3.7 Basic Setup Complete..................................................................................................................3-11

System, LAN, WLAN and WAN ...................................................................................................................II

Chapter 4 System Screens............................................................................................................................4-1

4.1 System Overview............................................................................................................................4-1

4.2 Configuring General Setup...........................................................................................................4-1

4.3 Dynamic DNS.................................................................................................................................4-2

4.4 Configuring Dynamic DNS............................................................................................................4-2

4.5 Configuring Password ...................................................................................................................4-4

4.6 Configuring T ime Setting..............................................................................................................4-4

Chapter 5 LAN Screens ...............................................................................................................................5-1

5.1 LAN Overview................................................................................................................................5-1

5.2 DHCP Setup....................................................................................................................................5-1

5.3 LAN TCP/IP...................................................................................................................................5-1

5.4 Any IP.............................................................................................................................................5-2

5.5 Configuring IP................................................................................................................................5-4

5.6 Configuring Static DHCP..............................................................................................................5-6

5.7 Configuring IP Alias.......................................................................................................................5-7

Chapter 6 Wireless Configuration and Roaming.......................................................................................6-1

Table of Contents vii

HomeSafe User’s Guide

6.1 Wireless LAN Overview ................................................................................................................6-1

6.2 Wireless LAN Basics......................................................................................................................6-3

6.3 Configuring Wireless .....................................................................................................................6-4

6.4 Configuring Roaming....................................................................................................................6-5

Chapter 7 Wireless Security ........................................................................................................................7-1

7.1 Wireless Security Overview...........................................................................................................7-1

7.2 Security Parameters Summary.....................................................................................................7-3

7.3 WEP Overview ...............................................................................................................................7-3

7.4 Configuring WEP Encryption.......................................................................................................7-5

7.5 Introduction to WPA......................................................................................................................7-6

7.6 Configuring WPA-PSK Authentication........................................................................................7-8

7.7 Wireless Client WPA Supplicants.................................................................................................7-9

7.8 Configuring WPA Au thentication...............................................................................................7-10

7.9 802.1x Overview ........................................................................................................................... 7-11

7.10 Dynamic WEP Key Exchange ................................................................................................7-12

7.11 Configuring 802.1x and Dynamic WEP Key Exchange .......................................................7-12

7.12 Configuring 802.1x and Static WEP Key Exchange.............................................................7-13

7.13 Configuring 802.1x..................................................................................................................7-16

7.14 MAC Filter...............................................................................................................................7-17

7.15 Introduction to Local User Database.....................................................................................7-19

7.16 Configuring Local User Database..........................................................................................7-19

7.17 Introduction to RADIUS.........................................................................................................7-20

7.18 Configuring RADIUS..............................................................................................................7-21

Chapter 8 WAN Screens...............................................................................................................................8-1

8.1 WAN Overview...............................................................................................................................8-1

8.2 TCP/IP Priority (Metric) ...............................................................................................................8-1

8.3 Configuring Route..........................................................................................................................8-1

8.4 Configuring WAN ISP ...................................................................................................................8-2

8.5 Configuring WAN IP......................................................................................................................8-6

8.6 Configuring WAN MAC................................................................................................................8-8

8.7 Traffic Redirect ..............................................................................................................................8-9

8.8 Configuring Traffic Redirect....................................................................................................... 8-10

SUA/NAT and Static Route...........................................................................................................................III

Chapter 9 Network Address Translation (NAT) Screens..........................................................................9-1

9.1 NAT Overview................................................................................................................................9-1

9.2 Using NAT.......................................................................................................................................9-4

9.3 SUA Server......................................................................................................................................9-4

9.4 Configuring SUA Server................................................................................................................9-6

9.5 Configuring Address Mapping......................................................................................................9-7

9.6 Trigger Port Forwarding...............................................................................................................9-9

9.7 Configuring Trigger Port Forwarding .......................................................................................9-10

Chapter 10 Static Route Screens...............................................................................................................10-1

10.1 Static Route Overview.............................................................................................................10-1

10.2 Configuring IP Static Route....................................................................................................10-1

viii Table of Contents

HomeSafe User’s Guide

UPnP, Parental Control and Firewall..........................................................................................................IV

Chapter 11 UPnP........................................................................................................................................ 11-1

11.1 Universal Plug and Play Overview.........................................................................................11-1

11.2 UPnP and ZyXEL.................................................................................................................... 11-1

11.3 Configuring UPnP...................................................................................................................11-2

11.4 Installing UPnP in W indows Example................................................................................... 11-2

11.5 Using UPnP in Windows XP Example................................................................................... 11-4

Chapter 12 Parental C ontrol.....................................................................................................................12-1

12.1 Parental Control Overview.....................................................................................................12-1

12.2 Parental Control Logins..........................................................................................................12-1

12.3 Parental Control Application.................................................................................................. 12-2

12.4 Configuring Parental Control ................................................................................................12-3

12.5 Parental Control Gr oup Edit Filter.......................................................................................12-6

12.6 Parental Control Group Edit Configuration.........................................................................12-7

12.7 Customizing Keyword Blocking URL Checking ................................................................12-13

12.8 Parental Control Edit............................................................................................................12-13

12.9 Parental Control Bypass List................................................................................................12-18

Chapter 13 Firewall....................................................................................................................................13-1

13.1 Introduction.............................................................................................................................13-1

13.2 Firewall Settings Screen..........................................................................................................13-2

13.3 The Firewall, NAT and Remote Management ......................................................................13-3

13.4 Services.....................................................................................................................................13-4

Remote Management...................................................................................................................................... V

Chapter 14 Remote Management Screens................................................................................................14-1

14.1 Remote Management Overview.............................................................................................14-1

14.2 Configuring WWW.................................................................................................................14-2

14.3 Configuring Telnet...................................................................................................................14-3

14.4 Configuring TELNET.............................................................................................................14-3

14.5 Configuring FTP......................................................................................................................14-4

14.6 SNMP........................................................................................................................................14-5

14.7 Configuring DNS..................................................................................................................... 14-9

14.8 Configuring Security.............................................................................................................14-10

Logs and Maintenance..................................................................................................................................VI

Chapter 15 Centralized Logs.....................................................................................................................15-1

15.1 View Log...................................................................................................................................15-1

15.2 Log Settings..............................................................................................................................15-2

Chapter 16 Maintenance............................................................................................................................16-1

16.1 Maintenance Overview ...........................................................................................................16-1

16.2 Status Screen............................................................................................................................16-1

16.3 DHCP Table Screen.................................................................................................................16-3

16.4 Any IP Table.............................................................................................................................16-4

16.5 Association List........................................................................................................................16-4

16.6 F/W Upload Screen..................................................................................................................16-5

16.7 Configuration Screen..............................................................................................................16-6

16.8 Restart Screen..........................................................................................................................16-9

Table of Contents ix

HomeSafe User’s Guide

SMT General Configuration.......................................................................................................................VII

Chapter 17 Introducing the SMT..............................................................................................................17-1

17.1 SMT Introduction....................................................................................................................17-1

17.2 Navigating the SMT Interface................................................................................................17-2

17.3 Changing the System Password..............................................................................................17-4

Chapter 18 Menu 1 General Setup............................................................................................................18-1

18.1 General Setup ..........................................................................................................................18-1

18.2 Procedure To Configure Menu 1............................................................................................18-1

Chapter 19 Menu 2 WAN Setup................................................................................................................19-1

19.1 Introduction to WAN...............................................................................................................19-1

19.2 WAN Setup...............................................................................................................................19-1

Chapter 20 Menu 3 LAN Setup.................................................................................................................20-1

20.1 LAN Setup................................................................................................................................20-1

20.2 Protocol Dependent Ethernet Setup.......................................................................................20-1

20.3 TCP/IP Ethernet Setup and DHCP........................................................................................20-1

20.4 Wireless LAN Setup................................................................................................................ 20-5

Chapter 21 Internet Access........................................................................................................................ 21-1

21.1 Introduction to Internet Access Setup ...................................................................................21-1

21.2 Ethernet Encapsulation...........................................................................................................21-1

21.3 Configuring the PPTP Client..................................................................................................21-2

21.4 Configuring the PPPoE Client ...............................................................................................21-3

21.5 Basic Setup Complete..............................................................................................................21-4

Chapter 22 Remote Node Configuration..................................................................................................22-1

22.1 Introduction to Remote Node Setup......................................................................................22-1

22.2 Remote Node Profile Setup.....................................................................................................22-1

22.3 Edit IP.......................................................................................................................................22-5

22.4 Remote Node Filter .................................................................................................................22-6

Chapter 23 Static Route Setup ..................................................................................................................23-1

23.1 IP Static Route Setup...............................................................................................................23-1

Chapter 24 Dial-in User Setup...................................................................................................................24-1

24.1 Dial-in User Setup....................................................................................................................24-1

Chapter 25 Network Address Translation (NAT) ....................................................................................25-1

25.1 Using NAT................................................................................................................................25-1

25.2 Applying NAT..........................................................................................................................25-1

25.3 NAT Setup................................................................................................................................25-2

25.4 Configuring a Server behind NAT .........................................................................................25-6

25.5 General NAT Examples...........................................................................................................25-7

25.6 Configuring T r igger Port Forwarding.................................................................................25-12

Chapter 26 Enabling the Firewall.............................................................................................................26-1

26.1 Remote Management and the Firewall..................................................................................26-1

26.2 Access Methods........................................................................................................................26-1

26.3 Enabling the Firewall..............................................................................................................26-1

SMT Advanced Management....................................................................................................................VIII

Chapter 27 Filter Configuration ...............................................................................................................27-1

x Table of Contents

HomeSafe User’s Guide

27.1 Introduction to Filters.............................................................................................................27-1

27.2 Configuring a Filter Set ..........................................................................................................27-3

27.3 Example Filter.........................................................................................................................27-9

27.4 Filter Types and NAT............................................................................................................27-11

27.5 Firewall Versus Filters ..........................................................................................................27-12

27.6 Applying a Filter....................................................................................................................27-12

Chapter 28 SNMP Configuration..............................................................................................................28-1

28.1 About SNMP............................................................................................................................28-1

28.2 Supported MIBs ......................................................................................................................28-2

28.3 SNMP Con figuration...............................................................................................................28-2

28.4 SNMP Traps.............................................................................................................................28-3

Chapter 29 System Security.......................................................................................................................29-1

29.1 System Security........................................................................................................................29-1

Chapter 30 System Information and Diagnosis.......................................................................................30-1

30.1 System Status...........................................................................................................................30-1

30.2 System Information.................................................................................................................30-3

30.3 Log and Trace ..........................................................................................................................30-4

30.4 Diagnostic.................................................................................................................................30-6

Chapter 31 Firmware and Configur ation File Maintenance..................................................................31-1

31.1 Filename Conventions.............................................................................................................31-1

31.2 Backup Configuration.............................................................................................................31-2

31.3 Restore Configuration.............................................................................................................31-4

31.4 Uploading Firmware and Configuration Files......................................................................31-5

Chapter 32 System Maintenance...............................................................................................................32-1

32.1 Command Interpreter Mode..................................................................................................32-1

32.2 Call Control Support...............................................................................................................32-2

32.3 Time and Date Setting.............................................................................................................32-4

Chapter 33 Remote Management..............................................................................................................33-1

33.1 Remote Management...............................................................................................................33-1

Chapter 34 Call Scheduling.......................................................................................................................34-1

34.1 Introduction to Call Scheduling.............................................................................................34-1

Appendices and Index...................................................................................................................................IX

Appendix A T roubleshooting...................................................................................................................... A-1

Appendix B PPPoE...................................................................................................................................... B-1

Appendix C PPTP ....................................................................................................................................... C-1

Appendix D Log Descriptions.....................................................................................................................D-1

Appendix E Setting up Your Computer’s IP Address............................................................................... E-1

Appendix F Wireless LAN and IEEE 802.11..............................................................................................F-1

Appendix G Wireless LAN With IEEE 802.1x..........................................................................................G-1

Appendix H Types of EAP Authentication................................................................................................H-1

Appendix I Antenna Selection and Positioning Recommendation........................................................... I-1

Appendix J Brute-Force Password Guessing Protection ..........................................................................J-1

Appendix K Triangle Route........................................................................................................................K-1

Appendix L Index........................................................................................................................................ L-1

Table of Contents xi

HomeSafe User’s Guide

List of Figures

Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem.....................................................1-5

Figure 1-2 HomeSafe Parental Control Gateway Application..................................................................... 1-5

Figure 1-3 Wir e less LAN Application Example..........................................................................................1-6

Figure 2-1 Welcome Menu..........................................................................................................................2-1

Figure 2-2 Wizard Step 1 : Administrator Password ...................................................................................2-2

Figure 2-3 Wiz ard Step 2 : Wireless LAN Setup.........................................................................................2-3

Figure 2-4 Wizard Step 2 : Wireless LAN Setup Basic Security................................................................. 2-4

Figure 2-5 Wizard Step 2 : Wireless LAN Setup Extend Security .............................................................. 2-5

Figure 2-6 Wizard Step 3 : Internet Access Setup .......................................................................................2-5

Figure 2-7 Wiz ard Step 3 : ISP Parameters .................................................................................................2-6

Figure 2-8 Wizard Step 3 : Internet Access Setup .......................................................................................2-7

Figure 2-9 Wizard Step 3 : Internet Access Static IP Address Setup ...........................................................2-7

Figure 2-10 Wizard Step 3 : Internet Setup Complete................................................................................. 2-8

Figure 2-11 Wizard Step 4 : Parental Control W izar d.................................................................................2-9

Figure 2-12 Wizard Step 4 : Parental Control Time Setup ........................................................................ 2-10

Figure 2-13 Wizard Step 4 : Create or Edit a Profile................................................................................. 2-11

Figure 2-14 Wizard Step 4 : Parental Control Profile Information............................................................ 2-12

Figure 2-15 Wizard Step 4 : Parental Control User Group........................................................................2-12

Figure 2-16 Wizard Step 4 : Parental Control Time Allowance ................................................................2-13

Figure 2-17 Wizard Step 4 : Parental Control Application Blocking.........................................................2-15

Figure 2-18 Wizard Step 4 : Parental Control Summary........................................................................... 2-16

Figure 2-19 Content Filtering Lookup Procedure......................................................................................2-17

Figure 2-20 Wizard Step 4 : Content Filter Registration........................................................................... 2-18

Figure 2-21 Content Filter Activation in Progress..................................................................................... 2-18

Figure 2-22 Content Filter Activation in Progress..................................................................................... 2-18

Figure 2-23 Content Filter Activation Failure...........................................................................................2-19

Figure 2-24 Content Filter Setup Complete............................................................................................... 2-19

Figure 2-25 Password Screen.................................................................................................................... 2-20

Figure 2-26 Change Password Screen.......................................................................................................2-20

Figure 2-27 The MAIN MENU Screen of the Web Configurator ............................................................. 2-21

Figure 3-1 Connection Wizard : General Setup...........................................................................................3-2

Figure 3-2 Connection Wizar d : Wireless LAN Setup.................................................................................3-2

Figure 3-3 Connection Wizard: Wireless LAN Setup: Basic Security ........................................................ 3-3

Figure 3-4 Connection Wizard: Wireless LAN Setup: Extend Security...................................................... 3-4

Figure 3-5 Connection Wizard : Ethernet Encapsulation ............................................................................ 3-5

Figure 3-6 Connection Wizar d : PPPoE Encapsulation...............................................................................3-6

Figure 3-7 Connection Wizar d : PPTP Encapsulation.................................................................................3-7

Figure 3-8 Connection Wizard : WAN Setup ............................................................................................3-10

Figure 3-9 Connection Wizard Finish........................................................................................................3-11

Figure 3-10 Connection Wizard Problems ................................................................................................3-12

Figure 4-1 SYSTEM : General Setup.......................................................................................................... 4-1

List of Figures xiii

HomeSafe User’s Guide

Figure 4-2 SYSTEM : DDNS......................................................................................................................4-3

Figure 4-3 SYSTEM : Password.................................................................................................................4-4

Figure 4-4 SYSTEM : Time Setting............................................................................................... ............. 4-5

Figure 5-1 Any IP Example Application......................................................................................................5-3

Figure 5-2 LAN : IP .................................................................................................................................... 5-4

Figure 5-3 LAN : Static DHCP...................................................................................................................5-6

Figure 5-4 LAN : IP Alias ...........................................................................................................................5-7

Figure 6-1 IBSS (Ad-hoc) Wireless LAN ................................................................................................... 6-1

Figure 6-2 Basic Service set........................................................................................................................ 6-2

Figure 6-3 Extended Service Set.................................................................................................................6-2

Figure 6-4 RT S/CTS....................................................................................................................................6-3

Figure 6-5 WLAN : Wireless.......................................................................................................................6-4

Figure 6-6 Roaming Example......................................................................................................................6-6

Figure 6-7 WLAN : Roaming......................................................................................................................6-7

Figure 7-1 HomeSafe Wireless Security Levels.......................................................................................... 7-1

Figure 7-2 WLAN : Wireless : No Security ................................................................................................ 7-2

Figure 7-3 WEP Authentication Steps.........................................................................................................7-4

Figure 7-4 WLAN : Wireless : Static WEP Encryption............................................................................... 7-5

Figure 7-5 WPA - PSK A uthentication........................................................................................................7-7

Figure 7-6 WLAN : Wireless : WPA-PSK................................................................................................... 7-8

Figure 7-7 WPA with RADIUS Application Example...............................................................................7-10

Figure 7-8 Wireless: WPA.........................................................................................................................7-10

Figure 7-9 WLAN : Wireless : 802.1x and Dynamic WEP....................................................................... 7-12

Figure 7-10 WLAN : Wireless : 802.1x and Static WEP...........................................................................7-14

Figure 7-11 WL AN : Wireless: 802.1x...................................................................................................... 7-16

Figure 7-12 WLAN : MAC Address Filter................................................................................................7-18

Figure 7-13 WLAN : Local User Database............................................................................................... 7-19

Figure 7-14 EAP Authentication ...............................................................................................................7-21

Figure 7-15 WLAN : RADIUS ................................................................................................................. 7-22

Figure 8-1 WAN : Route..............................................................................................................................8-1

Figure 8-2 WAN ISP : Ethernet Encapsulation........................................................................................... 8-2

Figure 8-3 WAN ISP : PPPoE Encapsulation.............................................................................................. 8-4

Figure 8-4 WAN ISP : PPTP Encapsulation................................................................................................8-5

Figure 8-5 WAN : IP.................................................................................................................................... 8-6

Figure 8-6 WAN : MAC Setup....................................................................................................................8-8

Figure 8-7 Traffic Redirect WAN Setup ......................................................................................................8-9

Figure 8-8 Traffic Redirect LAN Setup.......................................................................................................8-9

Figure 8-9 WAN : Traffic Redirect............................................................................................................ 8-10

Figure 9-1 How NAT Works........................................................................................................................9-2

Figure 9-2 NAT Application W ith IP Alias.................................................................................................. 9-3

Figure 9-3 Multiple Servers Behind NAT Example ....................................................................................9-6

Figure 9-4 SUA/NAT Setup ........................................................................................................................ 9-7

Figure 9-5 Address Mapping.......................................................................................................................9-8

Figure 9-6 Address Mapping Edit ...............................................................................................................9-9

xiv List of Figures

HomeSafe User’s Guide

Figure 9-7 Trigger Port Forwarding Process: Example.............................................................................9-10

Figure 9-8 Trigger Port.............................................................................................................................. 9-11

Figure 10-1 Example of Static Routing Topology..................................................................................... 10-1

Figure 10-2 Static Route............................................................................................................................ 10-1

Figure 10-3 Static Route: Edit................................................................................................................... 10-2

Figure 11-1 Configuring UPnP.................................................................................................................. 11-2

Figure 12-1 HomeSafe Network User Login.............................................................................................12-1

Figure 12-3 User Status Window...............................................................................................................12-2

Figure 12-4 HomeSafe Parental Control Wireless Gateway Application.................................................. 12-3

Figure 12-5 Parental Control..................................................................................................................... 12-4

Figure 12-6 Content Filtering Lookup Procedure......................................................................................12-6

Figure 12-7 Parental Control : Filter ......................................................................................................... 12-8

Figure 12-8 Parental Control : Edit ......................................................................................................... 12-16

Figure 12-9 Parental Control : Bypass List ............................................................................................. 12-18

Figure 13-1 Firewall: Settings...................................................................................................................13-2

Figure 13-2 Firewall Rule Directions........................................................................................................13-3

Figure 13-3 Firewall: Service.................................................................................................................... 13-5

Figure 14-1 Remote Management : WWW............................................................................................... 14-2

Figure 14-2 Telnet Configuration on a TCP/IP Network........................................................................... 14-3

Figure 14-3 Remote Management : Telnet ................................................................................................ 14-4

Figure 14-4 Remote Management : FTP...................................................................................................14-5

Figure 14-5 SNMP Management Model...................................................................................................14-6

Figure 14-6 Remote Management : SNMP...............................................................................................14-8

Figure 14-7 Remote Management : DNS.................................................................................................. 14-9

Figure 14-8 Remote Management : Security........................................................................................... 14-10

Figure 15-1 View Logs.............................................................................................................................. 15-1

Figure 15-2 Log Settings........................................................................................................................... 15-3

Figure 16-1 Maintenance : Status..............................................................................................................16-1

Figure 16-2 Maintenance : System Statistics.............................................................................................16-2

Figure 16-3 Maintenance : DHCP Table.................................................................................................... 16-3

Figure 16-4 Maintenance : Any IP............................................................................................................16-4

Figure 16-5 Maintenance : Association List.............................................................................................. 16-4

Figure 16-6 Maintenance : Firmware Upload............................................................................................16-5

Figure 16-7 Upload Warning.....................................................................................................................16-6

Figure 16-8 Network Temporarily Disconnected ...................................................................................... 16-6

Figure 16-9 Upload Error Message...........................................................................................................16-6

Figure 16-10 Maintenance : Configuration ............................................................................................... 16-7

Figure 16-11 Configuration : Restore Successful...................................................................................... 16-8

Figure 16-12 Temporarily Disconnected................................................................................................... 16-8

Figure 16-13 Configuration Restore Error ................................................................................................ 16-8

Figure 16-14 Factory Defaults................................................................................................................... 16-9

Figure 16-15 Maintenance : System Restart.............................................................................................. 16-9

Figure 17-1 Login Screen..........................................................................................................................17-1

Figure 17-2 SMT Menu Overview............................................................................................................ 17-2

List of Figures xv

HomeSafe User’s Guide

Figure 17-3 SMT Main Menu ................................................................................................................... 17-3

Figure 17-4 Menu 23 System Password.................................................................................................... 17-4

Figure 18-1 Menu 1 General Setup ........................................................................................................... 18-1

Figure 18-2 Menu 1.1 Configure Dynamic DNS......................................................................................18-3

Figure 19-1 Menu 2 WAN Setup............................................................................................................... 19-1

Figure 20-1 Menu 3 LAN Setup................................................................................................................ 20-1

Figure 20-2 Menu 3.1 LAN Port Filter Setup............................................................................................20-1

Figure 20-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup......................................................................... 20-2

Figure 20-4 Physical Network & Partitioned Logical Networks............................................................... 20-4

Figure 20-5 Menu 3.2.1: IP Alias Setup ....................................................................................................20-4

Figure 20-6 Menu 3.5 Wireless LAN Setup.............................................................................................. 20-5

Figure 20-7 Menu 3.5 Wireless LAN Setup.............................................................................................. 20-7

Figure 20-8 Menu 3.5.1 WLAN MAC Address Filter............................................................................... 20-8

Figure 20-9 Menu 3.5 Wireless LAN Setup.............................................................................................. 20-9

Figure 20-10 Menu 3.5.2 Roaming Configuration....................................................................................20-9

Figure 21-1 Menu 4 Internet Access Setup................................................................................................21-1

Figure 21-2 Internet Access Setup (PPTP)................................................................................................21-3

Figure 21-3 Internet Access Setup (PPPoE)..............................................................................................21-3

Figure 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation................................................22-1

Figure 22-2 Menu 11.1 Remote Node Profile for PPPoE Encapsulation ..................................................22-3

Figure 22-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation....................................................22-4

Figure 22-4 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation..................... 22-5

Figure 22-5 Menu 11.5: Remote Node Filter (Ethernet Encapsulation).................................................... 22-7

Figure 22-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation)........................................22-7

Figure 22-7 Menu 11.6: Traffic Redirect Setup......................................................................................... 22-7

Figure 23-1 Menu 12 IP Static Route Setup..............................................................................................23-1

Figure 23-2 Menu12.1 Edit IP Static Route...............................................................................................23-1

Figure 24-1 Menu 14- Dial-in User Setup................................................................................................. 24-1

Figure 24-2 Menu 14.1- Edit Dial-in User................................................................................................24-1

Figure 25-1 Menu 4 Applying NAT for Internet Access............................................................................25-1

Figure 25-2 Menu 11.3 Applying NAT to the Remote Node..................................................................... 25-2

Figure 25-3 Menu 15 NAT Setup..............................................................................................................25-2

Figure 25-4 Menu 15.1 Address Mapping Sets.........................................................................................25-3

Figure 25-5 Menu 15.1.255 SUA Address Mapping Rules.......................................................................25-3

Figure 25-6 Menu 15.1.1 First Set............................................................................................................. 25-4

Figure 25-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set...........................................25-5

Figure 25-8 Menu 15.2.1 NAT Server Setup.............................................................................................25-6

Figure 25-9 Multiple Servers Behind NAT Example ................................................................................ 25-7

Figure 25-10 NAT Example 1 ...................................................................................................................25-7

Figure 25-11 Menu 4 Internet Access & NA T Example............................................................................ 25-7

Figure 25-12 NAT Example 2 ...................................................................................................................25-8

Figure 25-13 Menu 15.2.1 Specifying an Inside Server............................................................................25-8

Figure 25-14 NAT Example 3 ...................................................................................................................25-9

Figure 25-15 Example 3: Menu 11.3......................................................................................................... 25-9

xvi List of Figures

HomeSafe User’s Guide

Figure 25-16 Example 3: Menu 15.1.1.1.................................................................................................25-10

Figure 25-17 Example 3: Final Menu 15.1.1...........................................................................................25-10

Figure 25-18 NAT Example 4 .................................................................................................................25-11

Figure 25-19 Example 4: Menu 15.1.1.1 Address Mapping Rule ........................................................... 25-11

Figure 25-20 Example 4: Menu 15.1.1 Address Mapping Rules............................................................. 25-12

Figure 25-21 Menu 15.3 Trigger Port Setup............................................................................................ 25-12

Figure 26-1 Menu 21.2 Firewall Setup...................................................................................................... 26-1

Figure 27-1 Outgoing Packet Filtering Process......................................................................................... 27-1

Figure 27-2 Filter Rule Process................................................................................................................. 27-2

Figure 27-4 Menu 21: Filter and Firewall Setup.......................................................................................27-3

Figure 27-5 Menu 21.1: Filter Set Configuration...................................................................................... 27-3

Figure 27-6 Menu 21.1.1.1 TCP/IP Filter Rule.........................................................................................27-5

Figure 27-7 Executing an IP Filter ............................................................................................................27-7

Figure 27-8 Menu 21.1.4.1 Generic Filter Rule ........................................................................................ 27-8

Figure 27-9 Telnet Filter Example............................................................................................................. 27-9

Figure 27-10 Example Filter: Menu 21.1.3.1..........................................................................................27-10

Figure 27-11 Example Filter Rules Summary: Menu 21.1.3................................................................... 27-11

Figure 27-12 Protocol and Device Filter Sets..........................................................................................27-12

Figure 27-13 Filtering LAN Traffic......................................................................................................... 27-12

Figure 27-14 Filtering Remote Node Traffic ........................................................................................... 27-13

Figure 28-1 SNMP Management Model...................................................................................................28-1

Figure 28-2 Menu 22 SNMP Configuration..............................................................................................28-2

Figure 29-1 Menu 23 System Security...................................................................................................... 29-1

Figure 29-2 Menu 23 System Security...................................................................................................... 29-1

Figure 29-3 Menu 23.2 System Security : RADIUS Server...................................................................... 29-1

Figure 29-4 Menu 23 System Security...................................................................................................... 29-2

Figure 29-5 Menu 23.4 System Security : IEEE802.1x ............................................................................ 29-3

Figure 30-1 Menu 24 System Maintenance............................................................................................... 30-1

Figure 30-2 Menu 24.1 System Maintenance : Status...............................................................................30-2

Figure 30-3 Menu 24.2 System Information and Console Port Spee d......................................................30-3

Figure 30-4 Menu 24.2.1 System Maintenance : Information................................................................... 30-3

Figure 30-5 Menu 24.2.2 System Maintenance : Change Console Port Speed .........................................30-4

Figure 30-6 Menu 24.3.2 System Maintenance : Syslog Logging.............................................................30-4

Figure 30-7 Call-Triggering Packet Example............................................................................................30-6

Figure 30-8 Menu 24.4 System Maintenance : Diagnostic........................................................................30-7

Figure 30-9 LAN & WAN DHCP ............................................................................................................. 30-7

Figure 31-1 Telnet in Menu 24.5............................................................................................................... 31-2

Figure 31-2 FTP Session Example ............................................................................................................31-2

Figure 31-3 Telnet into Menu 24.6............................................................................................................ 31-5

Figure 31-4 Restore Using FTP Session Example..................................................................................... 31-5

Figure 31-5 Telnet Into Menu 24.7.1 Upload System Firmware...............................................................31-6

Figure 31-6 Telnet Into Menu 24.7.2 System Maintenance....................................................................... 31-6

Figure 31-7 FTP Session Example of Firmware File Upload.................................................................... 31-7

Figure 32-1 Command Mode in Menu 24................................................................................................. 32-1

List of Figures xvii

HomeSafe User’s Guide

Figure 32-2 Valid Commands....................................................................................................................32-2

Figure 32-3 Menu 24.9 System Maintenance : Call Control ..................................................................... 32-2

Figure 32-4 Budget Management..............................................................................................................32-2

Figure 32-5 Call History............................................................................................................................ 32-3

Figure 32-6 Menu 24: System Maintenance..............................................................................................32-4

Figure 32-7 Menu 24.10 System Maintenance: Tim e and Date Setting.................................................... 32-4

Figure 33-1 Menu 24.11 – Remote Management Control......................................................................... 33-1

Figure 34-1 Menu 26 Schedule Setup ....................................................................................................... 34-1

Figure 34-2 Menu 26.1 Schedule Set Setup..............................................................................................34-2

Figure 34-3 Applying Sche dule Set(s) to a Remote Node (PPPoE)..........................................................34-3

xviii List of Figures

HomeSafe User’s Guide

List of Tables

Table 1-1 IEEE 802.11b ..............................................................................................................................1-2

Table 1-2 IEEE 802.11g ..............................................................................................................................1-3

Table 2-1 Wizard Step 1 : Administrator Password..................................................................................... 2-2

Table 2-2 Wizard Step 2 : Wireless LAN Setup..........................................................................................2-3

Table 2-3 Wizard Step 2 : Wireless LAN Setup Basic Security ..................................................................2-4

Table 2-4 Wizard Step 2 : Wireless LAN Setup Extend Security................................................................ 2-5

Table 2-5 Wizard Step 3 : Internet Access Setup......................................................................................... 2-6

Table 2-6 Wizard Step 3 : ISP Parameters...................................................................................................2-6

Table 2-7 Wizard Step 3 : Internet Access Setup......................................................................................... 2-7

Table 2-8 Wizard Step 3 : Internet Access Static IP Address Setup............................................................. 2-8

Table 2-9 Wizard Step 4 : Parental Control Wizard.....................................................................................2-9

Table 2-10 Wizard Step 4 : Parental Control Time Setup..........................................................................2-10

Table 2-11 Wizard Step 4 : Create or Edit a Profile................................................................................... 2-11

Table 2-12 Wizard Step 4 : Parental Control Profile Information ............................................................. 2-12

Table 2-13 Wizard Step 4 : Parental Control User Group..........................................................................2-13

Table 2-14 Wizard Step 4 : Parental Control Time Allowance..................................................................2-14

Table 2-15 Wizard Step 4 : Parental Control Application Blocking..........................................................2-15

Table 2-16 Wizard Step 4 : Parental Control Summary.............................................................................2-16

Table 2-17 Screens Summary.................................................................................................................... 2-22

Table 3-1 Connection Wizard : Wireless LAN Setup.................................................................................. 3-2

Table 3-2 Connection Wizard: Wireless LAN Setup: Basic Security..........................................................3-3

Table 3-3 Connection Wizard: Wireless LAN Setup: Extend Security........................................................ 3-4

Table 3-4 Connection Wizard : Ethernet Encapsulation..............................................................................3-5

Table 3-5 Connection Wizard : PPPoE Encapsulation................................................................................3-6

Table 3-6 Connection Wizard : PPTP Encapsulation...................................................................................3-7

Table 3-7 Private IP Address Ranges........................................................................................................... 3-8

Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses.............................3-10

Table 3-9 Connection Wizard : WAN Setup.............................................................................................. 3-10

Table 4-1 SYSTEM : General Setup ........................................................................................................... 4-1

Table 4-2 SYSTEM : DDNS.......................................................................................................................4-3

Table 4-3 SYSTEM : Password................................................................................................................... 4-4

Table 4-4 SYSTEM : Time Setting..............................................................................................................4-5

Table 5-1 LAN : IP...................................................................................................................................... 5-4

Table 5-2 LAN : Static DHCP..................................................................................................................... 5-7

Table 5-3 LAN : IP Alias.............................................................................................................................5-7

Table 6-1 WLAN : Wireless........................................................................................................................6-5

Table 6-2 WLAN : Roaming.......................................................................................................................6-7

Table 7-1 WLAN : Wireless : No Security.................................................................................................. 7-2

Table 7-2 Wireless Security Relational Matrix............................................................................................7-3

Table 7-3 WLAN : Wireless : Static WEP Encryption ................................................................................ 7-5

Table 7-4 WLAN : Wireless : WPA-PSK ....................................................................................................7-8

Table 7-5 WLAN : Wireless : WPA........................................................................................................... 7-11

List of Tables xix

HomeSafe User’s Guide

Table 7-6 WLAN : Wireless : 802.1x and Dynamic WEP.........................................................................7-13

Table 7-7 WLAN : Wireless : 802.1x and Static WEP.............................................................................. 7-14

Table 7-8 WLAN : Wireless: 802.1x.........................................................................................................7-16

Table 7-9 WLAN : MAC Address Filter ...................................................................................................7-18

Table 7-10 WLAN : Local User Database................................................................................................. 7-19

Table 7-11 WLAN : RADIUS ................................................................................................................... 7-22

Table 8-1 WAN : Route ............................................................................................................................... 8-2

Table 8-2 WAN ISP : Ethernet Encapsulation.............................................................................................8-2

Table 8-3 WAN ISP : PPPoE Encapsulation................................................................................................8-4

Table 8-4 WAN ISP : PPTP Encapsulation..................................................................................................8-5

Table 8-5 WAN : IP .....................................................................................................................................8-6

Table 8-6 WAN : Traffic Redirect..............................................................................................................8-10

Table 9-1 NAT Definitions .......................................................................................................................... 9-1

Table 9-2 NAT Mapping Types ...................................................................................................................9-4

Table 9-3 Services and Port Numbers ......................................................................................................... 9-5

Table 9-4 SUA/NAT Setup..........................................................................................................................9-7

Table 9-5 Address Mapping.........................................................................................................................9-8

Table 9-6 Address Mapping Edit.................................................................................................................9-9

Table 9-7 Trigger Port............................................................................................................................... 9-11

Table 10-1 Static Route .............................................................................................................................10-2

Table 10-2 Static Route: Edit..................................................................................................................... 10-2

Table 11-1 Configuring UPnP...................................................................................................................11-2

Table 12-1 Parental Control....................................................................................................................... 12-4

Table 12-2 Default Blocked Web categories..............................................................................................12-7

Table 12-3 Parental Control : Filter........................................................................................................... 12-8

Table 12-4 Services ................................................................................................................................. 12-14

Table 12-5 Parental Control : Edit........................................................................................................... 12-16

Table 12-6 Parental Control : Bypass List............................................................................................... 12-18

Table 13-1 Firewall: Settings..................................................................................................................... 13-2

Table 13-2 Firewall: Service...................................................................................................................... 13-5

Table 14-1 Remote Management : WWW ................................................................................................ 14-2

Table 14-2 Remote Management : Telnet..................................................................................................14-4

Table 14-3 Remote Management : FTP..................................................................................................... 14-5

Table 14-4 SNMP T raps............................................................................................................................ 14-7

Table 14-5 Remote Management : SNMP................................................................................................. 14-8

Table 14-6 Remote Management : DNS.................................................................................................... 14-9

Table 14-7 Remote Management : Security ............................................................................................ 14-10

Table 15-1 View Logs................................................................................................................................15-1

Table 15-2 Log Settings............................................................................................................................. 15-3

Table 16-1 Maintenance : Status................................................................................................................16-1

Table 16-2 Maintenance : System Statistics..............................................................................................16-2

Table 16-3 Maintenance : DHCP Table.....................................................................................................16-3

Table 16-4 Maintenance : Any IP..............................................................................................................16-4

Table 16-5 Maintenance : Association List................................................................................................16-4

xx List of Tables

HomeSafe User’s Guide

Table 16-6 Maintenance : Firmware Upload............................................................................................. 16-5

Table 16-7 Maintenance : Restore Configuration...................................................................................... 16-7

Table 17-1 Main Menu Commands........................................................................................................... 17-2

Table 17-2 Main Menu Summary.............................................................................................................. 17-3

Table 18-1 Menu 1 General Setup............................................................................................................. 18-1

Table 18-2 Menu 1.1 Configure Dynamic DNS........................................................................................ 18-3

Table 19-1 Menu 2 WAN Setup................................................................................................................. 19-1

Table 20-1 Menu 3.2: DHCP Ethernet Setup Fields.................................................................................. 20-2

Table 20-2 Menu 3.2: LAN TCP/IP Setup Fields......................................................................................20-3

Table 20-3 Menu 3.2.1: IP Alias Setup...................................................................................................... 20-5

Table 20-4 Menu 3.5 Wireless LAN Setup................................................................................................ 20-5

Table 20-5 Menu 3.5.1 WLAN MAC Address Filter ................................................................................ 20-8

Table 20-6 Menu 3.5.2 Roaming Configuration........................................................................................ 20-9

Table 21-1 Menu 4: Internet Access Setup (Ethernet)..............................................................................21-1

Table 21-2 New Fields in Menu 4 (PPTP) Screen..................................................................................... 21-3

Table 21-3 New Fields in Menu 4 (PPPoE) screen ................................................................................... 21-3

Table 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ................................................. 22-2

Table 22-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific).............................................................22-4

Table 22-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation......................................................22-5

Table 22-4 Remote Node Network Layer Options....................................................................................22-5

Table 22-5 Menu 11.6: Traffic Redirect Setup ..........................................................................................22-8

Table 23-1 Menu12.1 Edit IP Static Route................................................................................................ 23-1

Table 24-1 Menu 14.1- Edit Dial-in User..................................................................................................24-1

Table 25-1 Applying NAT in Menus 4 & 11.3...........................................................................................25-2

Table 25-2 SUA Address Mapping Rules.................................................................................................. 25-3

Table 25-3 Menu 15.1.1 First Set .............................................................................................................. 25-5

Table 25-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set............................................. 25-5

Table 25-5 Menu 15.3 Trigger Port Setup ............................................................................................... 25-13

Table 27-1 Abbreviations Used in the Filter Rules Summary Menu......................................................... 27-3

Table 27-2 Rule Abbreviations Used.........................................................................................................27-4

Table 27-3 TCP/IP Filter Rule...................................................................................................................27-5

Table 27-4 Generic Filter Rule Menu Fields.............................................................................................27-8

Table 28-1 Menu 22 SNMP Configuration................................................................................................28-2

Table 28-2 SNMP T raps............................................................................................................................ 28-3

Table 28-3 Ports and Permanent Virtual Circuits ...................................................................................... 28-3

Table 29-1 Menu 23.2 System Security : RADIUS Server ....................................................................... 29-2

Table 29-2 Menu 23.4 System Security : IEEE802.1x.............................................................................. 29-3

Table 30-1 System Maintenance: Status Menu Fields...............................................................................30-2

Table 30-2 Menu 24.2.1 System Maintenance : Information....................................................................30-3

Table 30-3 Menu 24.3.2 System Maintenance : Syslog and Accounting...................................................30-4

Table 30-4 System Maintenance Menu Diagnostic...................................................................................30-7

Table 31-1 Filename Conventions.............................................................................................................31-1

Table 31-2 General Commands for GUI-based FTP Clients ..................................................................... 31-3

Table 31-3 General Commands for GUI-based T F TP Clients...................................................................31-4

List of Tables xxi

HomeSafe User’s Guide

Table 32-1 Budget Management................................................................................................................32-3

Table 32-2 Call History Fields................................................................................................................... 32-3

Table 32-3 Time and Date Setting Fields .................................................................................................. 32-4

Table 33-1 Menu 24.11 – Remote Management Control........................................................................... 33-1

Table 34-1 Menu 26.1 Schedule Set Setup................................................................................................34-2

xxii List of Tables

HomeSafe User’s Guide

Preface

About This User's Manual

Congratulations on your purchase of the HS-100 Parental Control Gateway or HS-100W Parental
Control Gateway. This manual is designed to guide you through the configuration of your
HomeSafe for its various applications.

) Some parts of this manual relate to the Wireless Parental

Control Gateway.

) Use the web configurator, System Management Terminal

(SMT) or command interpreter interface to configure your
HomeSafe. Not all features can be configured through all
interfaces.

The web configurator parts of this guide contain background information on features configurable
by the web configurator and the SMT. The SMT parts of this guide contain background
information solely on features not configurable by the web configurator.

This manual may refer to the HS-100, HS-100W, Parental Control Gateway or Wireless Parental
Control Gateway as the HomeSafe.

Related Documentation

¾ Support Disk

Refer to the included CD for support documents.

¾ Quick Start Guide

The Quick Start Guide is designed to help you get up and running right away. It contains
a detailed easy-to-follow connection diagram, default settings, handy checklists and
information on setting up your network and configuring for Internet access.

¾ Web Configurator Online Help

Embedded web help for descriptions of indivi d ual scree ns and sup pl ementary information.

¾ Packing List Card

The Packing List Card lists all items that should have come in the package.

¾ Certifications

Refer to the product page at www.zyxel.com for information on product certifications.

¾ ZyXEL Glossary and Web Site
Please refer to www.zyxel.com

support documentation.

for an online glossary of networking terms and additional

User’s Guide Feedback

Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team,
ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu,
300, Taiwan. Thank you.

Preface xxiii

HomeSafe User’s Guide

Syntax Conventions

• The version number on the title page is the latest firmware version that is documented in this

User’s Guide. Earlier versions may also be included.

• “Enter” means for you to type one or more characters and press the carriage return. “Select”

or “Choose” means for you to use one of the predefined choices.

• The SMT menu titles and labels are in Bold Times New Roman font. Command and arrow
keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key;
[ESC] means the Escape key and [SPACE BAR] means the Space Bar.

• The choices of a menu item are in Bold Arial font.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon,

Control Panels and then Modem” means first click the Apple icon, then point your mouse
pointer to Control Panels and then click Modem.

• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance” and “i.e.” for “that is”
or “in other words” throughout this manual.

Graphics Icons Key

HS-100W

Server

Telephone

DSLAM

Computer

Modem

Switch

Wireless Access Point

Notebook computer

Firewall

Router

Wireless Signal

xxiv Preface

HomeSafe User’s Guide

Preface xxv

Getting Started

PPaarrtt II::

Getting Started

This part helps you get to know your HomeSafe, introduces the web configurator and cove rs how

to configure the Connection and Parental Control Wizard Setup screens.

I

HomeSafe User’s Guide

Chapter 1

Getting to Know Your HomeSafe

This chapter introduces the main features and applications of the HomeSafe.

1.1 HomeSafe Parental Control Gateway Overview

HomeSafe is a parental control security gateway that can give a parent control over a child’s
Internet access privileges. It is the ideal secure gateway for all data passing between the Internet
and LAN’s.

By integrating web content filtering, NAT, firewall, ZyXEL’s HomeSafe protects your Intranet
and efficiently manages data traffic on your network.

The embedded web configurator is easy to operate.

1.2 HomeSafe Features

The following sections describe HomeSafe features.

1.2.1 Physical Features

10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the HomeSafe to detect the speed of incoming transmissions
and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or
100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Auto-crossover 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

4-Port Switch

A combination of switch and router makes your HomeSafe a cost-effective and viable network
solution. You can add up to four computers to the HomeSafe without the cost of a hub. Add more
than four computers to your LAN by using a hub.

Time and Date

The HomeSafe allows you to get the current time and date from an external server when you turn
on your HomeSafe. You can also set the time manually.

Reset Button

The HomeSafe reset button is built into the rear panel. Use this button to restore the factory
default password to 1234; IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP
server enabled with a pool of 32 IP addresses starting at 192.168.1.33.

1.2.2 Non-Physical Features

Parental Control

The HomeSafe can control access privileges to website and services through Parental Control.
Parental Control can be defined as the ability for a parent (LAN administrator) to control a child’s
(LAN user) Internet access privileges. The administrator can create a login name and password
for each user on the network. Up to ten user accounts can be configured. Each user must log into
the system before they can gain access to the Internet. Each account will have specific access
restrictions.

Getting to Know Your HomeSafe 1-1

HomeSafe User’s Guide

Content Filtering

The HomeSafe can block access to Internet services according to how you configure parental
control application blocking. You can define time periods and days during which content filtering
is enabled and include or exclude categories on the LAN.

Firewall

The HomeSafe is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked
unless it is initiated from the LAN. The HomeSafe firewall supports TCP/UDP inspection, DoS
detection and prevention, real time alerts, reports and logs.

IEEE 802.1x Network Security (HS-100W only)

The HomeSafe supports the IEEE 802.1x standard to enhance user authentication. Use the built­in user profile database to authenticate up to 32 users using MD5 encryption. Use an EAP­compatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to
authenticate users using EAP (Extensible Authentication Protocol). EAP is an authentication
protocol that supports multiple types of authentication.

Brute-Force Password Guessing Protection

The HomeSafe has a special protection mechanism to discourage brute-force password guessing
attacks on the HomeSafe’s management interfaces. You can specify a wait-time that must expire
before entering a fourth password after three incorrect passwords have been entered. Please see
the appendices for details about this feature.

802.11b Wireless LAN Standard (HS-100W only)

The HomeSafe, complies with the IEEE 802.11b wireless standard.
The IEEE 802.11b data rate and corresponding modulation techniques are as follows. The

modulation technique defines how bits are encoded onto radio waves.

Table 1-1 IEEE 802.11b

DATA RATE (MBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)
2

5.5 / 11 CCK (Complementary Code Keying)

DQPSK (Differential Quadrature Phase Shift Keying

)

) The HomeSafe may be prone to RF (Radio Frequency)

interference from other 2.4 GHz devices such as microwave
ovens, wireless phones, Bluetooth enabled devices, and other
wireless LANs.

802.11g Wireless LAN Standard (HS-100W only)

The HomeSafe, complies with the IEEE 802.11g wireless standard and is also fully compatible
with the IEEE 802.11b standard. This means an IEEE 802.11b wireless card can interface directly
with an IEEE 802.11g device (and vice versa) at 11 Mbps or lower depending on range. IEEE

802.11g has several intermediate rate steps between the maximum and minimum data rates. The

IEEE 802.11g data rate and modulation are as follows:

1-2 Getting to Know Your HomeSafe

HomeSafe User’s Guide

Table 1-2 IEEE 802.11g

DATA RATE (MBPS) MODULATION

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the HomeSafe and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices on
the network.

Call Scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high-speed
data networks via a familiar "dial-up networking" user interface.

PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.

PPTP supports on-demand, multi-protocol and virtual private networking over public networks,
such as the Internet. The HomeSafe supports one PPTP server connection at any given time.

Dynamic DNS Support

With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a
dynamic IP address, allowing the host to be more easily accessible from various locations on the
Internet. You must register for this service with a Dynamic DNS service provider.

IP Multicast

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group
Management Protocol) is the protocol used to support multicast groups. The latest version is
version 2 (see RFC 2236); the HomeSafe supports both versions 1 and 2.

IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet
interface. The HomeSafe supports three logical LAN interfaces via its single physical Ethernet
LAN interface with the HomeSafe itself as the gateway for each LAN network.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management
information between network devices. SNMP is a member of the TCP/IP protocol suite. Your
HomeSafe supports SNMP agent functionality, which allows a manager station to manage and
monitor the HomeSafe through the network. The HomeSafe supports SNMP version one
(SNMPv1).

Getting to Know Your HomeSafe 1-3

HomeSafe User’s Guide

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used
within one network (for example a private IP address used in a local network) to a different IP
address known within another network (for example a public IP address used on the Internet).

Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the HomeSafe
cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN
connection fails.

Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You may
enter a single port number or a range of port numbers to be forwarded, and the local IP address of
the desired server.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain
the TCP/IP configuration at start-up from a centralized DHCP server. The HomeSafe has built-in
DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default
gateway and DNS servers to all systems that support the DHCP client. The HomeSafe can also
act as a surrogate DHCP server where it relays IP address assignments from the actual DHCP
server to the clients.

Any IP

The Any IP feature allows a computer to access the Internet without changing the network
settings (such as IP address and subnet mask) of the computer, when the IP addresses of the
computer and the HomeSafe are not in the same subnet.

Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily
access the HomeSafe’s management settings and configure the firewall. Most functions of the
HomeSafe are also software configurable via the SMT (System Management Terminal) interface.
The SMT is a menu-driven interface that you can access over a telnet connection.

RoadRunner Support

In addition to standard cable modem services, the HomeSafe supports Time Warner’s
RoadRunner Service.

Logging and Tracing

¾ Built-in message logging and packet tracing.

¾ Unix syslog facility support.
¾ Firewall logs.
¾ Content filtering logs.

Upgrade HomeSafe Firmware via LAN

The firmware of the HomeSafe can be upgraded via the LAN (refer to Maintenance- F/W Upload
Screen).

Embedded FTP and TFTP Servers

The HomeSafe’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as
configuration file backups and restoration.

1-4 Getting to Know Your HomeSafe

HomeSafe User’s Guide

Wireless Association List (HS-100W only)

With the wireless association list, you can see the list of the wireless stations that are currently
using the HomeSafe to access your wired network.

1.3 Applications for the HomeSafe

Here are some examples of HomeSafe applications.

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the HomeSafe for broadband
Internet access via an Ethernet or a wireless port on the modem. The HomeSafe guarantees not
only high speed Internet access, but secure internal network protection and traffic management as
well.

Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.2 HomeSafe Parental Control Gateway

You can control LAN user Internet access by having an administrator configure parental control
on the HomeSafe.

The parent (administrator) must create login names and passwords for each person (user) on the
network. Each person must log into the system before they can gain access to the Internet. Each
person’s account will hold the details of their access rights and privileges. The HomeSafe
enforces these access restrictions. In the following diagram, A refers to the HomeSafe and B
refers to a modem.

A

B

Internet

Figure 1-2 HomeSafe Parental Control Gateway Application

Getting to Know Your HomeSafe 1-5

HomeSafe User’s Guide

1.3.3 Wireless LAN Application

Add a wireless LAN to your existing network without expensive network cables. Wireless
stations can move freely anywhere in the coverage area and use resources on the wired network.

Figure 1-3 Wireless LAN Application Example

1-6 Getting to Know Your HomeSafe

HomeSafe User’s Guide

Chapter 2

Introducing the Web Configurator

This chapter describes how to access the HomeSafe web configurator and provides an

overview of the initial configuration screens.

2.1 Web Configurator Overview

The embedded web configurator allows you to manage the HomeSafe from anywhere through a
browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0
and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is recommended
that you set your screen resolution to 1024 by 768 pixels. The screens you see in the web
configurator may vary somewhat from the ones shown in this document due to differences
between individual HomeSafe models or firmware versions.

2.2 Accessing the HomeSafe Web Configurator

1. Make sure your HomeSafe hardware is properly connected and prepare your

computer/computer network to connect to the HomeSafe (refer to the Quick Start Guide).

2. Launch your web browser.

3. Enter "192.168.1.1" as the URL.

4. The HomeSafe Welcome screen appears. Read the on screen information and click

Continue to proceed to Step 1 of the wizard setup.

• Click Exit to close your web browser.

• Click Skip Setup Wizard to proceed to the MAIN MENU screen without using the

configuration wizard. See the section Accessing the HomeSafe Web Configurator for
instructions on configuring your device without using the wizard.

Introducing the Web Configurator 2-1

Figure 2-1 Welcome Menu

HomeSafe User’s Guide

) The Welcome screen only appears when you first enter the

HomeSafe web browser. After you fully configure the wizard
you automatically proceed to the Password screen for all
future logins, see Figure 2-25. You may go to the Welcome
screen after initial configuration, only by resetting your
HomeSafe to factory defaults.

2.3 Step 1 : System Administrator Password Setup

You can configure your system password in the following screen.

Figure 2-2 Wizard Step 1 : Administrator Password

The following table describes the fields in this screen.

Table 2-1 Wizard Step 1 : Administrator Password

LABEL DESCRIPTION

Password

Confirm
Password

Back
Continue

Type a password. After initial configuration, this password is used each time you log into the
web configurator, see Figure 2-25.

Retype the password to confirm.

Click Back to display the previous screen.
Click Continue to proceed to the next screen.

2.4 Step 2 : WLAN Setup

Set up your wireless LAN using the second wizard screen.

2-2 Introducing the Web Configurator

Figure 2-3 Wizard Step 2 : Wireless LAN Setup

HomeSafe User’s Guide

The following table describes the fields in this screen.

Table 2-2 Wizard Step 2 : Wireless LAN Setup

LABEL DESCRIPTION

ESSID

Choose
Channel ID

Security

Back
Next

Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
If you change this field on the HomeSafe, make sure all wireless stations use the same

ESSID in order to access the network.
To set the HomeSafe to use a channel, select a channel from the drop-down list box.

The level of Security can be selected as none, basic or extended. Choose No security to
have no wireless LAN security configured and proceed to the ISP Parameters for Internet
Access screen.

Choose Basic security if you want to configure WEP Encryption parameters.
Choose Extend security to configure a Pre-Shared Key.
The following screen varies depending on which security level you select.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

2.4.1 Step 2 : WLAN Setup Basic Security

If you choose Basic, you can setup WEP Encryption parameters.

) The wireless stations and HomeSafe must use the same

ESSID, channel ID and WEP encryption key for wireless
communication.

Introducing the Web Configurator 2-3

HomeSafe User’s Guide

Figure 2-4 Wizard Step 2 : Wireless LAN Setup Basic Security

The following table describes the labels in this screen.

Table 2-3 Wizard Step 2 : Wireless LAN Setup Basic Security

LABEL DESCRIPTION

WEP
Encryption

Key 1 to Key 4

Back
Next

Select 64-bit WEP or 128-bit WEP data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal ch aracters as the WEP keys.

The preceding “0x” is entered automatically.
The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must

use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters

("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters
("0-9", "A-F").

You must configure all four keys, but only one key can be activated at any one time. The
default key is key 1.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

2.4.2 Step 2 : WLAN Setup Extended Security

If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared
Key.

2-4 Introducing the Web Configurator

) The wireless stations and HomeSafe must use the same

ESSID, channel ID and Pre-Shared Key for wireless
communication.

Figure 2-5 Wizard Step 2 : Wireless LAN Setup Extend Security

The following table describes the labels in this screen.

HomeSafe User’s Guide

Table 2-4 Wizard Step 2 : Wireless LAN Setup Extend Security

LABEL DESCRIPTION

Pre-Shared
Key

Back
Next

Type from 8 to 63 case-sensitive ASCII characters.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

Refer to the chapter on wireless LAN for more information.

2.5 Step 3 : Internet Configuration Setup

By implementing PPPoE directly on the HomeSafe (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the HomeSafe does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

Figure 2-6 Wizard Step 3 : Internet Access Setup

The following table describes the labels in this screen.

Introducing the Web Configurator 2-5

HomeSafe User’s Guide

Table 2-5 Wizard Step 3 : Internet Access Setup

LABEL DESCRIPTION

Are you using
a DSL service
provider that
requires a
PPPoE login
name and
password?

Back
Next

Select Yes from the drop-down list box if you are using a DSL service provider that requires
PPPoE login information.

Select No from the drop-down list box if your service provider does not require you to enter
PPPoE information. You can select whether to configure a static WAN IP address or have it
assigned dynamically.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

2.5.1 Step 3 : Internet Configuration Setup ISP Parameters

If you click Yes in the previous screen, you must type your PPPoE login name and password.

Figure 2-7 Wizard Step 3 : ISP Parameters

The following table describes the labels in this screen.

Table 2-6 Wizard Step 3 : ISP Parameters

LABEL DESCRIPTION

User Name Type the user name given to you by your ISP.
Password Type the password associated with the us er name above.
Back

Next

Click Back to display the previous screen.
Click Next to proceed to the Figure 2-10 screen.

2.5.2 Step 3 : Internet Access Setup

If you click No in the Internet Access Setup screen you must select DHCP or Static WAN IP
address assignment.

2-6 Introducing the Web Configurator

Figure 2-8 Wizard Step 3 : Internet Access Setup

The following table describes the labels in this screen.

Table 2-7 Wizard Step 3 : Internet Access Setup

LABEL DESCRIPTION

HomeSafe User’s Guide

DHCP

Static
Back

Next

Select DHCP to have your Internet connection configured for dynamic WAN IP address
assignment.

Select Static to manually setup your WAN IP address.
Click Back to display the previous screen.

Click Next to proceed to Figure 2-10 if you select DHCP in this screen or proce ed to the
following screen if you select Static.

2.5.3 Step 3 : Internet Access Static IP Address Setup

If you select Static in the previous screen you must configure your WAN IP address and DNS
server address(es).

Figure 2-9 Wizard Step 3 : Internet Access Static IP Address Setup

The following table describes the labels in this screen.

Introducing the Web Configurator 2-7

HomeSafe User’s Guide

Table 2-8 Wizard Step 3 : Internet Access Static IP Address Setup

LABEL DESCRIPTION

Internet Access Setup

My WAN IP Address Enter your WAN IP address in this field.

My WAN IP Subnet

Mask

Gateway IP Address Enter the gateway IP address (if your ISP gave you one) in this field.

DNS Server Address Assignment (if applicable)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The HomeSafe uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server

Second DNS Server

Third DNS Server

Back
Next

Type your network's IP subnet Mask.

Select From ISP if your ISP dynamically assigns DNS server information (and
the HomeSafe's WAN IP address). The field to the right displays the (read­only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the
DNS server's IP address in the field to the right.

Select None if you do not want to configure DNS servers. If you do not
configure a system DNS server, you must use IP addresses when configuring
VPN, DDNS and the time server.

Click Back to return to the previous screen.
Click Next to continue.

2.5.4 Step 3 : Internet Configuration Setup Complete

Click Continue to complete the wizard Internet setup and proceed to the parental control wizard.

Figure 2-10 Wizard Step 3 : Internet Setup Complete

2.6 Step 4 : Parental Control Wizard

The main parental control screen allows you to restrict or not restrict access to the Internet.

2-8 Introducing the Web Configurator

HomeSafe User’s Guide

Figure 2-11 Wizard Step 4 : Parental Control Wizard

The following table describes the labels in this screen.

Table 2-9 Wizard Step 4 : Parental Control Wizard

LABEL DESCRIPTION

Enable the Parental
Control System

Do not enable the
Parental Control System

Exit
Continue

Select the check box to allow the parent (LAN administrator) to have access
control over a child’s (LAN user) Internet access.

Select the check box to have no parental control configured.

Click Exit to stop configuring the wizard and close the web browser.
Click Continue to proceed to the next screen.

2.6.1 Step 4 : Parental Control Time Setup

Use this screen to configure the HomeSafe’s time based on your local time zone.

Introducing the Web Configurator 2-9

HomeSafe User’s Guide

Figure 2-12 Wizard Step 4 : Parental Control Time Setup

The following table describes the labels in this screen.

Table 2-10 Wizard Step 4 : Parental Control Time Setup

LABEL DESCRIPTION

Time Zone Choose the Time Zone of your location. This will set the time difference between

your time zone and Greenwich Mean Time (GMT).

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from

late spring to early fall when many countries set their clocks ahead of normal local
time by one hour to give more daytime light in the evening.

Next

Click Next to proceed to the next screen.

2.6.2 Step 4 : Parental Control Create or Edit a Profile

With Parental Control you can configure up to ten user profiles. View these profiles in this
screen.

2-10 Introducing the Web Configurator

HomeSafe User’s Guide

Figure 2-13 Wizard Step 4 : Create or Edit a Profile

The following table describes the labels in this screen.

Table 2-11 Wizard Step 4 : Create or Edit a Profile

LABEL DESCRIPTION

Click a radio button to select a users profile.
Username This field displays the username (up to 30 characters) for this user profile.
Group This field displays the category of the profile user.

¾ Kids
¾ Young Teen
¾ Mature Teen
¾ Adult

These groups are used in conjunction with content filtering to decide which web

pages the user cannot access.
Back
Next

Click Back to display the previous screen.

Click Next to proceed to the next screen.

2.6.3 Step 4 : Parental Control Profile Information

The parent (administrator) must create log in names and passwords for each person (user) on the
network. Each user must log into the system before they can gain Internet access.

Introducing the Web Configurator 2-11

HomeSafe User’s Guide

Figure 2-14 Wizard Step 4 : Parental Control Profile Information

The following table describes the labels in this screen.

Table 2-12 Wizard Step 4 : Parental Control Profile Information

LABEL DESCRIPTION

User Name Type the profile user name.
Password Type the password associated with the us er name above.
Back

Next

Click Back to display the previous screen.
Click Next to proceed to the next screen.

2.6.4 Step 4 : Parental Control User Group

Choose a user group from the category shown in this screen. The configuration screens that
follow are based on the user group that you select in this screen.

Figure 2-15 Wizard Step 4 : Parental Control User Group

The following table describes the labels in this screen.

2-12 Introducing the Web Configurator

HomeSafe User’s Guide

Table 2-13 Wizard Step 4 : Parental Control User Group

Category

Select a radio button to configure a user for one of the following categories:

¾ Kids
¾ Young Teen
¾ Mature Teen
¾ Adult

) The administrator can decide each group’s

access rights.

For example, if you do not want a child to access a chat room or instant messenger, you
can select the category as Kids or Young Teen and block those services, see Figure 2-17.
For information on default user categories, see the Parental Control chapter.

Back
Next

2.6.5 Step 4 : Parental Control Time Allowance

This screen allows you to set the amount of time during each day a user can access the Internet.
By default a new user account does not have permission to access the Internet.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

Figure 2-16 Wizard Step 4 : Parental Control Time Allowance

Introducing the Web Configurator 2-13

HomeSafe User’s Guide

The following table describes the labels in this screen.

Table 2-14 Wizard Step 4 : Parental Control Time Allowance

LABEL DESCRIPTION

Unrestricted Select the check box for the day(s) that you do not want any time restrictions for user

Internet access.

) If services have been blocked and the amount

of time has been selected as unrestricted, a user
will still be unable to access those services.

Time
Allowance
(hr:min)

Type the number of hours (0 to 23) and minutes (0 to 59) to allow Internet access of
unblocked sites.

) If you want to allow twenty-four hour access,

you should select the unrestricted check box.

Start Time Select from the drop-down list box a time during the day when a user can begin accessing

unblocked sites.

End Time Select from the drop-down list box a time during the day when a user can no longer access

unblocked sites. The time allowance must be less than or equal to the period from the start
time to the end time.

) User access will be denied after the End Time

for that day even if the time allowance has not run
out.

Back
Next

2.6.6 Step 4 : Parental Control Application Blocking

You can block services in the Application Blocking Screen for the user group.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

2-14 Introducing the Web Configurator

HomeSafe User’s Guide

Figure 2-17 Wizard Step 4 : Parental Control Application Blocking

The following table describes the labels in this screen.

Table 2-15 Wizard Step 4 : Parental Control Application Blocking

LABEL DESCRIPTION

Available
services

Weekdays This box shows all the services that you want to block on weekdays for the user group. Click

Weekend This box shows all the services that you want to block on weekends for the user group.

Back
Next

Select a service from the list and click the >> button to have the service blocked on a
weekday (Monday to Friday), on a day in the weekend (Saturday or Sunday) or both.

These services will be blocked according to the settings you configure in th e Daily Time
and Allowance screen.

the << button to remove a service from the box.

Click the << button to remove a service from the box.
Click Back to display the previous screen.
Click Next to proceed to the next screen.

2.6.7 Step 4 : Parental Control Account Summary

The Account Summary screen displays a summary of information about a user account. From
this screen you may proceed to add a new user account or edit an existing user account.

Introducing the Web Configurator 2-15

HomeSafe User’s Guide

Figure 2-18 Wizard Step 4 : Parental Control Summary

The following table describes the labels in this screen.

Table 2-16 Wizard Step 4 : Parental Control Summary

LABEL DESCRIPTION

Back
Add/Edit Another

User
Finish

Click Back to display the previous screen.
Click this button to proceed to the Create/Edit a Profile screen, see Figure 2-13.

You can edit an existing account or add a new profile.
Click Finish to proceed to the next screen.

When you click Finish, the final Parental Control wizard screen appears.

2.6.8 Step 4 : Parental Control Register for Content Filter

The Content Filtering Service Status read only field displays Not Registered if you have not
successfully registered the HomeSafe or your registration has expired.

This field only displays whether or not you have successfully registered, not whether or not
content filtering is active. See Checking Content Filtering Activation for details on how to check
for this. Click Register Now to go to a web site where you can register for category-based
content filtering (using an external database). You can use a trial application or register your
iCard’s PIN. Refer to the web site’s on-line help for details.

2-16 Introducing the Web Configurator

HomeSafe User’s Guide

) The web site displays a registration successful web page. It

may take up to another ten minutes for content filtering to be
activated. See Checking Content Filtering Activation for how to
know if the content filtering has been activated.

Content Filtering with an External Server

Your HomeSafe uses a content filter lookup process as described below.

Figure 2-19 Content Filtering Lookup Procedure

1.

A computer sends an HTTP request to a web server.

2. The HomeSafe looks up the web site in its cache. If an attempt to access the web site was

made in the past, a record of that web site’s category will be in the HomeSafe’s cache.
The HomeSafe either blocks or forwards the request based on how you configure the
category based content filtering.

The HomeSafe drops a URL record from the content filter cache after the content filter
cache timeout period (default 72 hours). All of the URL records are also cleared from the
local cache when the HomeSafe reboots. You can use ip urlfilter webControl cache
timeout on the command line to change the timeout period.

If the HomeSafe doesn’t have a record of the web site, it will query the external content
filtering server and simultaneously send the request to the web server.

The external content filtering database may change a web site’s category or rate a
previously uncategorized web site.

3. The external content filtering server sends the category information back to the

HomeSafe, which then either forwards or blocks the web content. The web site address is
then also stored in the HomeSafe’s content filtering cache.

Checking Content Filtering Activation

Since there will be no activation notice, when content filtering is active, you should see an access
blocked message when your HomeSafe has been setup with parental control and you try to access
a restricted website or service.

Introducing the Web Configurator 2-17

HomeSafe User’s Guide

Figure 2-20 Wizard Step 4 : Content Filter Registration

If you click Register Later you will proceed to Figure 2-24.

2.7 Step 5 : Content Filter Service Activation

Once you have completed the registration process you can click Activate to begin the content
filtering service now or click Activate Later to activate the service at a later date.

Figure 2-21 Content Filter Activation in Progress

The following screen appears after you click Activate in Figure 2-21.

Figure 2-22 Content Filter Activation in Progress

If this is successful, you have completed the content filtering service activation.
Your device must be registered for content filtering service to activate successfully. If the

activation fails, see the following screen and read the instructions.

2-18 Introducing the Web Configurator

HomeSafe User’s Guide

Figure 2-23 Content Filter Activation Failure

2.7.1 Content Filter Setup Complete

Well done! You have finished configuration of Content Filter Service Activation. You may now
click Close to finish using the setup wizard and close your browser.

Figure 2-24 Content Filter Setup Complete

) To use the HomeSafe content filtering you must enable and

configure Pre-defined Web Content Categories in the
ADVANCED Parental Control group edit configuration screen.

2.8 Accessing the Internet via the HomeSafe Gateway

If you are satisfied with the initial setup, you can access the Internet by following the steps below.
You must first log into the HomeSafe to allow your computer on the network to gain Internet

access.

1. When you open your browser, you are directed to the HomeSafe’s User Login page.

2. By entering your login name and password the device checks the access profile and begins

enforcing the access control restriction as defined by the administrator.

3. The access privileges remain in force until you log out.

4. After a successful login, the system displays a window that will display the budget time

remaining, a logout button, and a link to open a new browser window to begin Internet
surfing.

5. When done using the Internet, or to log-in another user, click the logout button or type

logout in your web browsers address bar.

Introducing the Web Configurator 2-19

HomeSafe User’s Guide

If you want to configure more of your HomeSafe features, proceed with the rest of this User’s
Guide.

2.9 Accessing the HomeSafe Web Configurator

) You have to open a new browser and enter the device IP

address to log in again.

1. Launch your web browser.

2. Type "192.168.1.1" as the URL.

3. Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

Figure 2-25 Password Screen

4.

You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click
Ignore. Refer to Figure 2-14 if you have already configured your user password.

Figure 2-26 Change Password Screen

2-20 Introducing the Web Configurator

HomeSafe User’s Guide

5. You should now see the MAIN MENU screen (see Figure 2-27).

) The management session automatically times out when the

time period set in the Administrator Inactivity Timer field expires
(default five minutes). Simply log back into the HomeSafe if
this happens to you.

2.10 Resetting the HomeSafe

If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the HomeSafe to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be reset
to “1234”.

2.10.1 Procedure To Use The Reset Button

Make sure the PWR LED is on (not blinking) before you begin this procedure.

1. Make sure the PWR LED is on (not blinking).

2. Press the RESET button for ten seconds or until the PWR LED begins to blink and then release it.

When the PWR LED begins to blink, the defaults have been restored and the HomeSafe restarts.

2.11 HomeSafe Main Menu

Click LOGOUT at
any time to exit the
web configurator.

Figure 2-27 The MAIN MENU Screen of the Web Configurator

Click MAINTENANCE to view information about your HomeSafe or upgrade
configuration/firmware files. Maintenance includes Status (Statistics), DHCP Table,
F/W (firmware) Upload, Configuration (Backup, Restore, Defaults) and Restart.

Click CONNECTION for initial configuration
including general setup, Wireless LAN Setup, ISP
parameters for Internet Access and WAN IP/DNS
Server/MAC address assignment.

Click PARENTAL CONTROL for configuration of
the HomeSafe parental control gateway.

Use submenus to configure HomeSafe features.

2.11.1 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure HomeSafe
features.

The following table describes the sub-menus.

Introducing the Web Configurator 2-21

HomeSafe User’s Guide

Table 2-17 Screens Summary

LINK TAB FUNCTION

WIZARD SETUP

CONNECTION

PARENTAL
CONTROL

ADVANCED

SYSTEM General This screen contains administrative and system-related information.

WIRELESS

SUA/NAT

STATIC ROUTE IP Static Route Use this screen to configure IP static routes.

Use these screens for initial configuration including general setup,

Wireless LAN setup, ISP parameters for Internet Access and WAN
IP/DNS Server/MAC address assignment.

Use these screens to create user profiles, configure a user category

for blocking services, register for content filtering and configure time
allowances.

DDNS Use this screen to set up dynamic DNS.
Password Use this screen to change your password.
Time Zone Use this screen to change your HomeSafe’s time and date.
IP Use this screen to configure LAN DHCP, TCP/IP settings and to

LAN

enable Any IP.

Static DHCP Use this screen to assign IP addresses on the LAN to specific

individual computers based on their MAC Addresses.
IP Alias Use this screen to partition your LAN interface into subnets.
Wireless Use this screen to configure wireless LAN.
MAC Filter Use the MAC filter screen to configure the HomeSafe to block

access to devices or block the devices from accessing the

HomeSafe.
Roaming This screen allows you to configure your HomeSafe roaming

capabilities.

802.1x/WPA This screen allo ws you to con figure 802.1x enhanced security

method for both the authentication of wireless stations and

encryption key management.
Local User

Database
RADIUS This screen allows you to configure an external RADIUS server for

Route This screen allows you to configure route priority.

WAN

WAN ISP Use this screen to change your HomeSafe’s WAN ISP settings.
WAN IP Use this screen to change your HomeSafe’s WAN IP address

WAN MAC Use this screen to change your HomeSafe’s WAN MAC settings.
Traffic Redirect Use this screen to configure your traffic redirect properties and

SUA Server Use this screen to configure servers behind the HomeSafe.
Address

Mapping
Trigger Port Use this screen to change your HomeSafe’s trigger port settings.

This screen allows you to configure a database internal to the

HomeSafe.

an unlimited number of users.

settings.

parameters.

Use this screen to configure network address translation mapping

rules.

2-22 Introducing the Web Configurator

HomeSafe User’s Guide

Table 2-17 Screens Summary

LINK TAB FUNCTION

PARENTAL

CONTROL

FIREWALL

REMOTE MGMT

UPnP UPnP Use this screen to enable UPnP on the HomeSafe.

MAINTENANCE Status This screen contains administrative and system-related information.

LOGOUT Click this label to exit the web configurator.

General Use this screen to enable/disable parental control, configure idle

timeout and group categories, register for content filtering service

and edit user profiles.

Bypass List Use this scree n to allow devices in your network access the Internet

without using parental control.
Settings Use this screen to activate/deactivate the firewall and log packets

related to firewall rules.
Filter This screen allows you to block sites containing certain keywords in

the URL and set the days and times for the HomeSafe to perform

content filtering.
Services Use this screen to enable service blocking.

TELNET Use this screen to configure through which interface(s) and from

which IP address(es) users can use Telnet to manage the

HomeSafe.
FTP Use this screen to configure through which interface(s) and from

which IP address(es) users can use FTP to access the HomeSafe.
WWW Use this screen to configure through which interface(s) and from

which IP address(es) users can use HTTP to manage the

HomeSafe.
SNMP Use this screen to configure your HomeSaf e’s settings for Simple

Network Management Protocol management.
DNS Use this screen to configure through which interface(s) and from

which IP address(es) users can send DNS queries to the HomeSafe.
Security Use this screen to change your anti-probing settings.

View Log Use this screen to view the logs for the categories that you selected. LOGS
Log Settings Use this screen to change your HomeSafe’s log settings.

DHCP Table This screen displays DHCP (Dynamic Host Configuration Protocol)

related information and is READ-ONLY.
Any IP Use this screen to allow a computer to access the Internet without

changing the network settings of the computer, when the IP
addresses of the computer and the HomeSafe are not in the same

subnet.
F/W Upload Use this screen to upload firmware to your HomeSafe.
Configuration Use this screen to backup and restore the configuration or reset the

factory defaults to your HomeSafe.

Restart This screen allows you to reboot the HomeSafe without turning the

power off.

Introducing the Web Configurator 2-23

HomeSafe User’s Guide

Chapter 3

Connection Wizard

This chapter provides information on the Connection Wizard screens in the main menu

web configurator.

3.1 Connection Wizard Overview

The web configurator’s setup wizard helps you configure your device to access the Internet. The
second screen has three variations depending on what encapsulation type you use. Refer to your
ISP for details on what to enter in each field. Leave a field blank if you don’t have that
information.

3.2 Connection Wizard : General Setup and System Name

General Setup contains administrative and system-related information. System Name is for
identification purposes. However, because some ISPs check this name you should enter your
computer's "Computer Name".

• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification

tab, note the entry for the Computer Name field and enter it as the System Name.

• In Windows 2000, click Start, Settings and Control Panel and then double-click System.

Click the Network Identification tab and then the Properties button. Note the entry for the
Computer name field and enter it as the System Name.

• In Windows XP, click Start, My Computer, View system information and then click the

Computer Name tab. Note the entry in the Full computer name field and enter it as the
HomeSafe System Name.

3.2.1 Domain Name

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this
blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host
name (System Name) on each individual computer, the domain name can be assigned from the
HomeSafe via DHCP.

Click Next to configure the HomeSafe for Internet access.

Connection Wizard 3-1

HomeSafe User’s Guide

Figure 3-1 Connection Wizard : General Setup

3.3 Connection Wizard: Screen 2

Set up your wireless LAN using the second wizard screen.

Figure 3-2 Connection Wizard : Wireless LAN Setup

The following table describes the fields in this screen.

Table 3-1 Connection Wizard : Wireless LAN Setup

LABEL DESCRIPTION

ESSID

Choose
Channel ID

3-2 Connection Wizard

Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
If you change this field on the HomeSafe, make sure all wireless stations use the same

ESSID in order to access the network.
To manually set the HomeSafe to use a channel, select a channel from the drop-down list

box.

Table 3-1 Connection Wizard : Wireless LAN Setup

LABEL DESCRIPTION

The level of Security can be selected as none, basic or extended. Choose No security to
have no wireless LAN security configured and proceed to the ISP Parameters for Internet
Access screen.

Choose Basic security if you want to configure WEP Encryption parameters.
Choose Extend security to configure a Pre-Shared Key.
The third screen varies depending on which security level you select.

HomeSafe User’s Guide

Back
Next

Click Back to display the previous screen.
Click Next to proceed to the next screen.

) The wireless stations and HomeSafe must use the same

ESSID, channel ID and WEP encryption key (if WEP is enabled)
for wireless communication.

3.4 Connection Wizard : Screen 3

If you choose Basic, you can setup WEP Encryption parameters.

Figure 3-3 Connection Wizard: Wireless LAN Setup: Basic Security

The following table describes the labels in this screen.

Table 3-2 Connection Wizard: Wireless LAN Setup: Basic Security

WEP
Encryption

Connection Wizard 3-3

Select 64-bit WEP or 128-bit WEP to allow data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal ch aracters as the WEP keys.

The preceding “0x” is entered automatically.

HomeSafe User’s Guide

Key 1 to Key 4

Back
Next

The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must
use the same WEP key for data transmission.

If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters
("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters
("0-9", "A-F").

You must configure all four keys, but only one key can be activated at any one time. The
default key is key 1.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared
Key.

Figure 3-4 Connection Wizard: Wireless LAN Setup: Extend Security

The following table describes the labels in this screen.

Table 3-3 Connection Wizard: Wireless LAN Setup: Extend Security

Pre-Shared
Key

Back
Next

Type from 8 to 63 case-sensitive ASCII characters.

Click Back to display the previous screen.
Click Next to proceed to the next screen.

Refer to the chapter on wireless LAN for more information.

3.5 Connection Wizard : Screen 4

The HomeSafe offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or
PPTP.

3.5.1 Ethernet

Choose Ethernet when the WAN port is used as a regular Ethernet.

3-4 Connection Wizard

Figure 3-5 Connection Wizard : Ethernet Encapsulation

The following table describes the fields in this screen.

HomeSafe User’s Guide

Table 3-4 Connection Wizard : Ethernet Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access
Encapsulation

Service Type

User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Login Server IP

Address
Login Server

Relogin Every
(min)

Back
Next

You must choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPP over Ethernet or PPTP for a dial-up connection.

Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR-
Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner
Toshiba authentication method) or Telia Login.

The following fields are not applicable (N/A) for the Standard service type.

Type the authentication server IP address here if your ISP gave you one.

This field only applies when you select Telia Login in the Service Type field. Type
the domain name of the Telia login server, for example “login1.telia.com”.

This field only applies when you select Telia Login in the Service Type field. The
Telia server logs the HomeSafe out if the HomeSafe does not log in periodically.
Type the number of minutes from 1 to 59 (30 default) for the HomeSafe to wait
between logins.

Click Back to return to the previous screen.
Click Next to continue.

3.5.2 PPPoE Encapsulation

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer
interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to
high-speed data networks.

Connection Wizard 3-5

HomeSafe User’s Guide

For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for instance, Radius). For the user, PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate, and
therefore requires no new learning or procedures for Windows users.

One of the benefits of PPPoE is the ability to let end users access one of multiple network
services, a function known as dynamic service selection. This enables the service provider to
easily create and offer new IP services for specific users.

Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it
requires no specific configuration of the broadband modem at the subscriber’s site.

By implementing PPPoE directly on the HomeSafe (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the HomeSafe does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

Refer to the appendix for more information on PPPoE.

Figure 3-6 Connection Wizard : PPPoE Encapsulation

The following table describes the fields in this screen.

Table 3-5 Connection Wizard : PPPoE Encapsulation

LABEL DESCRIPTION

ISP Parameter for Internet Access
Encapsulation

Service Name Type the name of your service provider.
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Nailed-Up

Connection

3-6 Connection Wizard

Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up
connection.

Select Nailed-Up Connection if you do not want the connection to time out.

HomeSafe User’s Guide

Table 3-5 Connection Wizard : PPPoE Encapsulation

LABEL DESCRIPTION

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from

the PPPoE server. The default time is 100 seconds.
Next
Back

Click Next to continue.

Click Back to return to the previous screen.

3.5.3 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP­based networks.

PPTP supports on-demand, multi-protocol, and virtual private networking over public networks,
such as the Internet.

Refer to the appendix for more information on PPTP.

) The HomeSafe supports one PPTP server connection at any

given time.

Figure 3-7 Connection Wizard : PPTP Encapsulation

The following table describes the fields in this screen.

Table 3-6 Connection Wizard : PPTP Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access
Encapsulation

Connection Wizard 3-7

Select PPTP from the drop-down list box.

HomeSafe User’s Guide

Table 3-6 Connection Wizard : PPTP Encapsulation

LABEL DESCRIPTION

User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
Nailed-Up

Connection
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

PPTP Configuration
My IP Address Type the (static) IP address assigned to you by your ISP.
My IP Subnet

Mask
Server IP

Address
Connection

ID/Name

Back
Next

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPTP server. The default is 100 seconds.

Type the subnet mask assigned to you by your ISP (if given).

Type the IP address of the PPTP server.

Enter the connection ID or connection name in this field. It must follow the "c:id" and
"n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your ISP.

Click Back to return to the previous screen.
Click Next to continue.

3.6 Connection Wizard : Screen 5

The fifth wizard screen allows you to configure WAN IP address assignment, DNS server address
assignment and the WAN MAC address.

3.6.1 WAN IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from
the Internet, for instance, only between your two branch offices, you can assign any IP addresses
to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has
reserved the following three blocks of IP addresses specifically for private networks.

Table 3-7 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private
network. If you belong to a small organization and your Internet access is through an ISP, the ISP
can provide you with the Internet addresses for your local networks. On the other hand, if you are
part of a much larger organization, you should consult your network administrator for the
appropriate IP addresses.

3-8 Connection Wizard

HomeSafe User’s Guide

) Regardless of your particular situation, do not create an

arbitrary IP address; always follow the guidelines above. For

more information on address assignment, please refer to RFC

1597, Address Allocation for Private Internets and RFC 1466,

Guidelines for Management of IP Address Space.

3.6.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN
share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your
network administrator assigns you a block of registered IP addresses, follow their instructions in
selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise.
Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses,
from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three
numbers specify the network number while the last number identifies an individual computer on
that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for
instance, 192.168.1.1, for your HomeSafe, but make sure that no other device on your network is
using that IP address.

The subnet mask specifies the network number portion of an IP address. Your HomeSafe will
compute the subnet mask automatically based on the IP address that you entered. You don't need
to change the subnet mask computed by the HomeSafe unless you are instructed to do otherwise.

3.6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and
vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is
extremely important because without it, you must know the IP address of a computer before you
can access it.

The HomeSafe can get the DNS server addresses in the following ways.

1. The ISP tells you the DNS server addresses, usually in the form of an information sheet,

when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server
fields in DHCP Setup.

2. If the ISP did not give you DNS server information, leave the DNS Server fields in DHCP

Setup set to 0.0.0.0 for the ISP to dynamically assign the DNS server IP addresses.

3.6.4 WAN MAC Address

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is
assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.

You can configure the WAN port's MAC address by either using the factory default or cloning
the MAC address from a computer on your LAN. Once it is successfully configured, the address
will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change
the setting or upload a different "rom" file.

Connection Wizard 3-9

HomeSafe User’s Guide

Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses

Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.
Subnet mask 255.255.255.0
Gateway (or default route) 192.168.1.1(HomeSafe LAN IP)

The fifth wizard screen varies according to the type of encapsulation that you select in the third
wizard screen.

Figure 3-8 Connection Wizard : WAN Setup

The following table describes the fields in this screen.

Table 3-9 Connection Wizard : WAN Setup

LABEL DESCRIPTION

WAN IP Address Assignment

Get automatically from

Use fixed IP address Select this option If the ISP assigned a fixed IP address.

My WAN IP Address

Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field.

Remote IP Subnet

Mask

DNS Server Address Assignment (if applicable)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The HomeSafe uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

Select this option If your ISP did not assign you a fixed IP address. This is the

ISP

default selection.

Enter your WAN IP address in this field if you selected Use Fixed IP Address.

Type your network's IP Subnet Mask.

3-10 Connection Wizard

HomeSafe User’s Guide

Table 3-9 Connection Wizard : WAN Setup

LABEL DESCRIPTION

First DNS Server

Second DNS Server

Third DNS Server

WAN MAC Address The MAC address field allows you to configure the WAN port's MAC Address

Factory Default Select this option to use the factory assigned default MAC Address.

Spoof this Computer's

MAC address - IP

Address

Back
Next

Select From ISP if your ISP dynamically assigns DNS server information (and
the HomeSafe's WAN IP address). The field to the right displays the (read­only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the
DNS server's IP address in the field to the right.

Select None if you do not want to configure DNS servers. If you do not
configure a system DNS server, you must use IP addresses when configuring
VPN, DDNS and the time server.

by either using the factory default or cloning the MAC address from a
computer on your LAN.

Select this option and enter the IP address of the computer on the LAN whose
MAC you are cloning. Once it is successfully configured, the address will be
copied to the rom file (ZyNOS configuration file). It will not change unless you
change the setting or upload a different rom file.

Click Back to return to the previous screen.
Click Next to continue.

3.7 Basic Setup Complete

Click Back to return to the previous screen or click Finish to complete and save the wizard setup.

Figure 3-9 Connection Wizard Finish

Connection Wizard 3-11

HomeSafe User’s Guide

Figure 3-10 Connection Wizard Problems

Well done! You have successfully set up your HomeSafe to operate on your network and access
the Internet.

3-12 Connection Wizard

HomeSafe User’s Guide

Connection Wizard 3-13

System, LAN, and Wireless LAN

PPaarrtt IIII::

System, LAN, WLAN and WAN

This part covers configuration of the system, LAN, WLAN and WAN screens.

II

HomeSafe User’s Guide

System Screens

This chapter provides information on the System screens.

4.1 System Overview

See the Wizard Setup chapter for more information on the next few screens.

4.2 Configuring General Setup

Click SYSTEM to open the General screen.

Chapter 4

Figure 4-1 SYSTEM : General Setup

The following table describes the labels in this screen.

Table 4-1 SYSTEM : General Setup

LABEL DESCRIPTION

System Name Choose a descriptive name for identification purposes. It is recommended you enter

your computer’s “Computer name” in this field (see the Wizard Setup chapter for how
to find your computer’s name). This name can be up to 30 alphanumeric characters
long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.

Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may

assign a domain name via DHCP.
The domain name entered by you is given priority over the ISP assigned d omain

name.

Administrator
Inactivity Timer

System DNS Servers (if applicable)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The HomeSafe uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

Type how many minutes a management session (either via the web configurator or
SMT) can be left idle before the session times out. The default is 5 minutes. After it
times out you have to log in with your password again. Very long idle timeouts may
have security risks. A value of "0" means a management session never times out, no
matter how long it has been left idle (not recommended).

System Screens 4-1

HomeSafe User’s Guide

Table 4-1 SYSTEM : General Setup

LABEL DESCRIPTION

First DNS
Server

Second DNS
Server

Third DNS
Server

Apply
Reset

Select From ISP if your ISP dynamically assigns DNS server information (and the
HomeSafe's WAN IP address). The field below displays the (read-only) DNS server
IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS
server's IP address in the field below. If you chose User-Defined, but leave the IP
address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you
set a second choice to User-Defined, and enter the same IP address, the second
User-Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a
system DNS server, you must use IP addresses when configuring VPN, DDNS and
the time server.

Click Apply to save your changes back to the HomeSafe.
Click Reset to begin configuring this screen afresh.

4.3 Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic
DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also
access your FTP server or Web site on your own computer using a domain name (for instance
myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using
an IP address that changes each time you reconnect. Your friends or relatives will always be able
to call you even if they don't know your IP address.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is
for people with a dynamic IP from their ISP or DHCP server that would still like to have a
domain name. The Dynamic DNS service provider will give you a password or key.

4.3.1 DynDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the
same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for
example, www.yourhost.dyndns.org and still reach your hostname.

) If you have a private WAN IP address, then you cannot use

Dynamic DNS.

4.4 Configuring Dynamic DNS

To change your HomeSafe’s DDNS, click SYSTEM, then the DDNS tab. The screen appears as
shown.

4-2 System Screens

Figure 4-2 SYSTEM : DDNS

HomeSafe User’s Guide

The following table describes the labels in this screen.

Table 4-2 SYSTEM : DDNS

LABEL DESCRIPTION

Enable DDNS Select this check box to use dynamic DNS.
Service Provider Select the name of your Dynamic DNS service provider.
DDNS Type Select the t ype of service that you are re gistered for from your Dynamic DNS

service provider.

Host Names 1~3 Enter the host names in the three fields provided. You can specify up to two

host names in each field separated by a comma (",").
User Name Enter your user name.
Password Enter the password assigned to you.
Enable Wildcard

Option
Enable off line option

(Only applies to
custom DNS)

IP Address Update Policy:

Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP

DDNS server auto

detect IP Address

User specified IP

Address

IP Addr

Select the check box to enable DynDNS Wildcard.

This option is available when CustomDNS is selected in the DDNS Type field.

Check with your Dynamic DNS service provider to have traffic redirected to a

URL (that you can specify) while you are off line.

address of the HomeSafe.

Select this option to update the IP address of the host name(s) automatically by

the DDNS server. It is recommended that you select this option.

Select this option to update the IP address of the host name(s) to the IP address

specified below. Use this option if you have a static IP address.

Enter the IP address if you select the User Specify option.

System Screens 4-3

HomeSafe User’s Guide

Table 4-2 SYSTEM : DDNS

LABEL DESCRIPTION

Apply
Reset

Click Apply to save your changes back to the HomeSafe.

Click Reset to begin configuring this screen afresh.

4.5 Configuring Password

To change your HomeSafe’s password (recommended), click SYSTEM, then the Password tab.
The screen appears as shown. This screen allows you to change the HomeSafe’s password.

Figure 4-3 SYSTEM : Password

The following table describes the labels in this screen.

Table 4-3 SYSTEM : Password

LABEL DESCRIPTION

Old Password Type the default password or the existing pass word you use to access the system

in this field.
New Password Type the new password in this field.
Retype to Confirm Type the new password again in this field.
Apply
Reset

Click Apply to save your changes back to the HomeSafe.

Click Reset to begin configuring this screen afresh.

4.6 Configuring Time Setting

To change your HomeSafe’s time and date, click SYSTEM, then the Time Setting tab. The
screen appears as shown. Use this screen to configure the HomeSafe’s time based on your local
time zone.

4-4 System Screens

Figure 4-4 SYSTEM : Time Setting

HomeSafe User’s Guide

The following table describes the labels in this screen.

Table 4-4 SYSTEM : Time Setting

LABEL DESCRIPTION

Time Protocol Select the time service protocol that your time server sends when you turn on the

HomeSafe. Not all time servers support all protocols, so you may have to check
with your ISP/network administrator or use trial and error to find a protocol that
works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server.
Time (RFC 868) format displays a 4-byte integer giving the total number of

seconds since 1970/1/1 at 0:0:0.
The default, NTP (RFC 1305), is similar to Time (RFC 868).
Select None to enter the time and date manually.

Time Server IP
Address

Current Time This field displays the time of your HomeSafe.

New Time This field displays the last updated time from the time server.

Current Date This field displays the date of your HomeSafe.

New Date This field displays the last updated date from the time server.

Time Zone Choose the Time Zone of your location. This will set the time difference between

Enter the IP address of your time server. Check with your ISP/network
administrator if you are unsure of this information.

Each time you reload this page, the HomeSafe synchronizes the time with the time
server.

When you select None in the Time Protocol field, enter the new time in this field
and then click Apply.

Each time you reload this page, the HomeSafe synchronizes the date with the time
server.

When you select None in the Time Protocol field, enter the new date in this field
and then click Apply.

your time zone and Greenwich Mean Time (GMT).

System Screens 4-5

HomeSafe User’s Guide

Table 4-4 SYSTEM : Time Setting

LABEL DESCRIPTION

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from

late spring to early fall when many countries set their clocks ahead of normal local
time by one hour to give more daytime light in the evening.

Start Date Enter the month and day that your daylight-savings time starts on if you selected

Daylight Savings.

End Date Enter the month and day that your daylight-savings time ends on if you selected

Daylight Savings.
Apply
Reset

Click Apply to save your changes back to the HomeSafe.

Click Reset to begin configuring this screen afresh.

4-6 System Screens

HomeSafe User’s Guide

Chapter 5

LAN Screens

This chapter describes how to configure LAN settings.

5.1 LAN Overview

Local Area Network (LAN) is a shared communication system to which many computers are
attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses,
and partition your physical network into logical networks.

5.2 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the HomeSafe
as a DHCP server or disable it. When configured as a server, the HomeSafe provides the TCP/IP
configuration for the clients. If DHCP service is disabled, you must have another DHCP server on
your LAN, or else the computer must be manually configured.

5.2.1 IP Pool Setup

The HomeSafe is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to

192.168.1.64. This configuration leaves 31 IP addresses (excluding the HomeSafe itself) in the
lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that
you may have.

5.2.2 System DNS Servers

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter.

5.3 LAN TCP/IP

The HomeSafe has built-in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.

5.3.1 Factory LAN Defaults

The LAN parameters of the HomeSafe are preset in the factory with the following values:

¾ IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
¾ DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

These parameters should work for the majority of installations. If your ISP gives you explicit
DNS server address(es), read the embedded web configurator help regarding what fields need to
be configured.

5.3.2 IP Address and Subnet Mask

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this
information.

5.3.3 RIP Setup

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange
routing information with other routers. RIP Direction controls the sending and receiving of RIP

LAN Screens 5-1

HomeSafe User’s Guide

packets. When set to Both or Out Only, the HomeSafe will broadcast its routing table
periodically. When set to Both or In Only, it will incorporate the RIP information that it receives;
when set to None, it will not send any RIP packets and will ignore any RIP packets received.

RIP Version controls the format and the broadcasting method of the RIP packets that the
HomeSafe sends (it recognizes both formats when receiving). RIP-1 is universally supported; but
RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have
an unusual network topology.

Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP-2B
uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on
non-router machines since they generally do not listen to the RIP multicast address and so will
not receive the RIP packets. However, if one router uses multicasting, then all routers on your
network must use multicasting, also.

By default, RIP Direction is set to Both and RIP Version to RIP-1.

5.3.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1
recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a
group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish
membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is
an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would
like to read more detailed information about interoperability between IGMP version 2 and version
1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups
and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not assigned to
any group and is used by IP multicast computers. The address 224.0.0.1 is used for query
messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts
must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned
to the multicast routers group.

The HomeSafe supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At
start up, the HomeSafe queries all directly connected networks to gather group membership. After
that, the HomeSafe periodically updates this information. IP multicasting can be enabled/disabled
on the HomeSafe LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select
None to disable IP multicasting on these interfaces.

5.4 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the
HomeSafe to be in the same subnet to allow the computer to access the Internet (through the
HomeSafe). In cases where your computer is required to use a static IP address in another
network, you may need to manually configure the network settings of the computer every time
you want to access the Internet via the HomeSafe.

With the Any IP feature and NAT enabled, the HomeSafe allows a computer to access the
Internet without changing the network settings (such as IP address and subnet mask) of the
computer, when the IP addresses of the computer and the HomeSafe are not in the same subnet.
Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect
the computer to the HomeSafe and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address
in the corporate environment. In a residential house where a HomeSafe is installed, you can still

5-2 LAN Screens

HomeSafe User’s Guide

use the computer to access the Internet without changing the network settings, even when the IP
addresses of the computer and the HomeSafe are not in the same subnet.

Figure 5-1 Any IP Example Application

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP
address that is in the same subnet as the HomeSafe’s IP address.

) You must enable NAT/SUA to use the Any IP feature on the

HomeSafe.

5.4.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC address,
on the local area network. IP routing table is defined on IP Ethernet devices (the HomeSafe) to
decide which hop to use,

The following lists out the steps taken, when a computer tries to access the Internet for the first
time through the HomeSafe.

1. When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the HomeSafe) by looking at the MAC
address in its ARP table.

2. When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

3. The HomeSafe receives the ARP request and replies to the computer with its own MAC

address.

4. The computer updates the MAC address for the default gateway to the ARP table. Once the

ARP table is updated, the computer is able to access the Internet through the HomeSafe.

5. When the HomeSafe receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the HomeSafe and the
Internet as if it is in the same subnet as the HomeSafe.

to help forward data along to its specified destination.

LAN Screens 5-3

HomeSafe User’s Guide

5.5 Configuring IP

Click LAN to open the IP screen.

Figure 5-2 LAN : IP

The following table describes the fields in this screen.

Table 5-1 LAN : IP

LABEL DESCRIPTION

DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows

individual clients (computers) to obtain TCP/IP configuration at startup from a
server. Leave the DHCP Server check box selected unless your ISP instructs you
to do otherwise. Clear it to disable the HomeSafe acting as a DHCP server. When
configured as a server, the HomeSafe provides TCP/IP configuration for the clients.
If not, DHCP service is disabled and you must have another DHCP server on your
LAN, or else the computers must be manually configured. When set as a server, fill
in the following four fields.

IP Pool Starting

Address

Pool Size This field specifies the size, or count of the IP address pool.

DNS Servers Assigned by DHCP Server
The HomeSafe passes a DNS (Domain Name System) server IP address (in the order you specify here)

to the DHCP clients. The HomeSafe only passes this information to the LAN DHCP clients when you
select the DHCP Server check box. When you clear the DHCP Server check box, DHCP service is
disabled and you must have another DHCP sever on your LAN, or else the computers must have their
DNS server addresses manually configured.

This field specifies the first of the contiguous addresses in the IP address pool.

5-4 LAN Screens

HomeSafe User’s Guide

Table 5-1 LAN : IP

LABEL DESCRIPTION

First DNS Server
Second DNS
Server
Third DNS Server

LAN TCP/IP

IP Address Type the IP address of your HomeSafe in dotted decimal notation 192.168.1.1

IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version

Multicast

Any IP Setup

Select From ISP if your ISP dynamically assigns DNS server information (and the
HomeSafe's WAN IP address). The field to the right displays the (read-only) DNS
server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS
server's IP address in the field to the right. If you chose User-Defined, but leave
the IP address set to 0.0.0.0, User-Defined changes to None after you click
Apply. If you set a second choice to User-Defined, and enter the same IP
address, the second User-Defined changes to None after you click Apply.

Select DNS Relay to have the HomeSafe act as a DNS proxy. The HomeSafe's
LAN IP address displays in the field to the right (read-only). The HomeSafe tells the
DHCP clients on the LAN that the HomeSafe itself is the DNS server. When a
computer on the LAN sends a DNS query to the HomeSafe, the HomeSafe
forwards the query to the HomeSafe's system DNS server (configured in the
SYSTEM General screen) and relays the response back to the computer. You can
only select DNS Relay for one of the three servers; if you select DNS Relay for a
second or third DNS server, that choice changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a
DNS server, you must know the IP address of a computer in order to access it.

(factory default).

HomeSafe will automatically calculate the subnet mask based on the IP address
that you assign. Unless you are implementing subnetting, use the subnet mask
computed by the HomeSafe 255.255.255.0.

exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the HomeSafe will broadcast
its routing table periodically. When set to Both or In Only, it will incorporate the
RIP information that it receives; when set to None, it will not send any RIP packets
and will ignore any RIP packets received. Both is the default.

The RIP Version field controls the format and the broadcasting method of the RIP
packets that the HomeSafe sends (it recognizes both formats when receiving). RIP-
1 is universally supported but RIP-2 carries more information. RIP-1 is probably
adequate for most networks, unless you have an unusual network topology. Both
RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being
that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting
can reduce the load on non-router machines since they generally do not listen to
the RIP multicast address and so will not receive the RIP packets. However, if one
router uses multicasting, then all routers on your network must use multicasting,
also. By default, RIP direction is set to Both and the Version set to RIP-1.

Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is
a network-layer protocol used to establish membership in a Multicast group - it is
not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to
read more detailed information about interoperability between IGMP version 2 and
version 1, please see sections 4 and 5 of RFC 2236.

LAN Screens 5-5

HomeSafe User’s Guide

Table 5-1 LAN : IP

LABEL DESCRIPTION

Active Select this option to activate the Any-IP feature. This allows a computer to access

the Internet without changing the network settings (such as IP address and subnet
mask) of the computer, even when the IP addresses of the computer and the
HomeSafe are not in the same subnet.

When you disable the Any-IP feature, only computers with dynamic IP addresses
or static IP addresses in the same subnet as the HomeSafe’s LAN IP address can
connect to the HomeSafe or access the Internet through the HomeSafe.

Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or
UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some
dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may
sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a
computer on the WAN.

Allow from LAN to

WAN

Apply
Reset

Select this check box to forward NetBIOS packets from the LAN to the WAN and
from the WAN to the LAN. If your firewall is enabled with the default policy set to
block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall
rule that forwards NetBIOS traffic.

Clear this check box to block all NetBIOS packets going from the LAN to the WAN
and from the WAN to the LAN.

Click Apply to save your changes back to the HomeSafe.
Click Reset to begin configuring this screen afresh.

5.6 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based
on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is
assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.

To change your HomeSafe’s Static DHCP settings, click LAN, then the Static DHCP tab. The
screen appears as shown.

The following table describes the labels in this screen.

5-6 LAN Screens

Figure 5-3 LAN : Static DHCP

HomeSafe User’s Guide

Table 5-2 LAN : Static DHCP

LABEL DESCRIPTION

#

MAC Address Type the MAC address (with colons) of a computer on your LAN.
IP Address This field specifies the size, or count of the IP address pool.
Apply
Reset

This is the index number of the Static IP table entry (row).

Click Apply to save your changes back to the HomeSafe.
Click Reset to begin configuring this screen afresh.

5.7 Configuring IP Alias

IP Alias allows you to partition a physical network into different logical networks over the same
Ethernet interface. The HomeSafe supports three logical LAN interfaces via its single physical
Ethernet interface with the HomeSafe itself as the gateway for each LAN network.

To change your HomeSafe’s IP Alias settings, click LAN, then the IP Alias tab. The screen
appears as shown.

The following table describes the labels in this screen.

LABEL DESCRIPTION

IP Alias 1,2 Select the check box to configure another LAN network for the HomeSafe.
IP Address Enter the IP address of your HomeSafe in dotted decimal notation.
IP Subnet Mask Your HomeSafe will automatically calculate the subnet mask based on the IP

address that you assign. Unless you are implementing subnetting, use the subnet
mask computed by the HomeSafe.

LAN Screens 5-7

Figure 5-4 LAN : IP Alias

Table 5-3 LAN : IP Alias

HomeSafe User’s Guide

Table 5-3 LAN : IP Alias

LABEL DESCRIPTION

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the HomeSafe will broadcast
its routing table periodically. When set to Both or In Only, it will incorporate the
RIP information that it receives; when set to None, it will not send any RIP packets
and will ignore any RIP packets received.

RIP Version

Apply
Reset

The RIP Version field controls the format and the broadcasting method of the RIP
packets that the HomeSafe sends (it recognizes both formats when receiving). RIP-
1 is universally supported but RIP-2 carries more information. RIP-1 is probably
adequate for most networks, unless you have an unusual network topology. Both
RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being
that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting
can reduce the load on non-router machines since they generally do not listen to
the RIP multicast address and so will not receive the RIP packets. However, if one
router uses multicasting, then all routers on your network must use multicasting,
also. By default, RIP direction is set to Both and the Version set to RIP-1.

Click Apply to save your changes back to the HomeSafe.
Click Reset to begin configuring this screen afresh.

5-8 LAN Screens

HomeSafe User’s Guide

Chapter 6

Wireless Configuration and Roaming

This chapter discusses how to configure the Wireless and Roaming screens on the

HomeSafe.

6.1 Wireless LAN Overview

This section introduces the wireless LAN(WLAN) and some basic scenarios.

6.1.1 IBSS

An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN
configuration. An IBSS is defined as two or more computers with wireless adapters within range
of each other that from an independent (wireless) network without the need of an access point
(AP).

Figure 6-1 IBSS (Ad-hoc) Wireless LAN

6.1.2 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between
a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled,
wireless station A and B can access the wired network and communicate with each other. When
Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot
communicate with each other.

Wireless Configuration and Roaming 6-1

HomeSafe User’s Guide

Figure 6-2 Basic Service set

6.1.3 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification)
uniquely identifies each ESS. All access points and their associated wireless stations within the
same ESS must have the same ESSID in order to communicate.

6-2 Wireless Configuration and Roaming

Figure 6-3 Extended Service Set

HomeSafe User’s Guide

6.2 Wireless LAN Basics

Refer also to the Wizard Setup chapter for more background information on Wireless LAN
features, such as channels.

6.2.1 RTS/CTS

A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so
they cannot “hear” each other, that is they do not know if the channel is currently being used.
Therefore, they are considered hidden from each other.

Stations A and B do
not hear each other.
They can hear the
HomeSafe.

Figure 6-4 RTS/CTS

When station A sends data to the HomeSafe, it might not know that station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets of
data arrive at the AP at the same time, resulting in a loss of messages for both stations.

RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.

When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for
permission to send it. The AP then responds with a CTS (Clear to Send) message to all other
stations within its range to notify them to defer their transmission. It also reserves and confirms
with the requesting station the time frame for the requested transmission.

Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS
(Request To Send)/CTS (Clear to Send) handshake.

You should only configure RTS/CTS if the possibility of hidden nodes exists on your network
and the “cost” of resending large frames is more than the extra network overhead involved in the
RTS (Request To Send)/CTS (Clear to Send) handshake.

If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be
fragmented before they reach RTS/CTS size.

Wireless Configuration and Roaming 6-3

HomeSafe User’s Guide

) Enabling the RTS Threshold causes redundant network

overhead that could negatively affect the throughput
performance instead of providing a remedy.

6.2.2 Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes)
that can be sent in the wireless network before the HomeSafe will fragment the packet into
smaller data frames.

A large Fragmentation Threshold is recommended for networks not prone to interference while
you should set a smaller threshold for busy networks or networks that are prone to interference.

If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you
set, then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data
frames will be fragmented before they reach RTS/CTS size.

6.3 Configuring Wireless

) If you are configuring the HomeSafe from a computer

connected to the wireless LAN and you change the
HomeSafe’s ESSID or WEP settings, you will lose your wireless
connection when you press Apply to confirm. You must then
change the wireless settings of your computer to match the
HomeSafe’s new settings.

Click the WIRELESS link under ADVANCED to open the Wireless screen.

Figure 6-5 WLAN : Wireless

The following table describes the general wireless LAN labels in this screen.

6-4 Wireless Configuration and Roaming

HomeSafe User’s Guide

Table 6-1 WLAN : Wireless

LABEL DESCRIPTION

Enable
Wireless LAN

ESSID (Extended Service Set IDentit y) The ESSID identifies the Service Set with which a

Click the check box to activate wireless LAN.

wireless station is associated. Wireless stations associating to the access point (AP)
must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII
characters) for the wireless LAN.

) If you are configuring the HomeSafe from a

computer connected to the wireless LAN and
you change the HomeSafe’s ESSID or WEP
settings, you will lose your wireless
connection when you press Apply to confirm.
You must then change the wireless settings of
your computer to match the HomeSafe’s new
settings.

Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station

cannot obtain the ESSID through passive scanning using a site survey tool.

Choose
Channel ID

RTS/CTS
Threshold

Fragmentation
Threshold

Apply
Reset

Set the operating frequency/channel depending on your particular region.
Select a channel from the drop-down list box.
Refer to the Wizard Setup chapter for more information on channels.

Enter a value between 0 and 2432. The default is 2432.

Enter a value between 256 and 2432. The default is 2432. It is the maximum data
fragment size that can be sent.

Click Apply to save your changes back to the HomeSafe.
Click Reset to reload the previous configuration for this screen.

See the Wireless Security chapter for information on the other labels in this screen.

6.4 Configuring Roaming

A wireless station is a device with an IEEE 802.11 compliant wireless adapter. An access point
(AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless
coverage area. A wireless station can associate with a particular access point only if it is within
the access point’s coverage area.

In a network environment with multiple access points, wireless stations are able to switch from
one access point to another as they move between the coverage areas. This is roaming. As the
wireless station moves from place to place, it is responsible for choosing the most appropriate
access point depending on the signal strength, network utilization or other factors.

The roaming feature on the access points allows the access points to relay information about the
wireless stations to each other. When a wireless station moves from a coverage area to another, it
scans and uses the channel of a new access point, which then informs the access points on the
LAN about the change. The new information is then propagated to the other access points on the
LAN. An example is shown in Figure 6-6.

If the roaming feature is not enabled on the access points, information is not communicated
between the access points when a wireless station moves between coverage areas. The wireless

Wireless Configuration and Roaming 6-5

HomeSafe User’s Guide

station may not be able to communicate with other wireless stations on the network and vice
versa.

Figure 6-6 Roaming Example

The steps below describe the roaming process.

1. As wireless station Y moves from the coverage area of access point P1 to that of access point

P2, it scans and uses the signal of access point P2.

2. Access point P2 acknowledges the presence of wireless station Y and relays this information

to access point P1 through the wired LAN.

3. Access point P1 updates the new position of wireless station.

4. Wireless station Y sends a request to access point P2 for re-authentication.

6.4.1 Requirements for Roaming

The following requirements must be met in order for wireless stations to roam between the
coverage areas.

1. All the access points must be on the same subnet and configured with the same ESSID.

2. If IEEE 802.1x user authentication is enabled and to be done locally on the access point,

the new access point must have the user profile for the wireless station.

3. The adjacent access points should use different radio channels when their coverage areas

overlap.

4. All access points must use the same port number to relay roaming information.

5. The access points must be connected to the Ethernet and be able to get IP addresses from

a DHCP server if using dynamic IP address assignment.

To enable roaming on your HomeSafe, click the WIRELESS link under ADVANCED and then
the Roaming tab. The screen appears as shown.

6-6 Wireless Configuration and Roaming

HomeSafe User’s Guide

Figure 6-7 WLAN : Roaming

The following table describes the labels in this screen.

Table 6-2 WLAN : Roaming

LABEL DESCRIPTION

Active

Select Yes from the drop-down list box to enable roaming on the HomeSafe if you have
two or more HomeSafes on the same subnet.

) All APs on the same subnet and the

wireless stations must have the same ESSID to
allow roaming.

Port Enter the port number to communicate roaming information between APs. The port

number must be the same on all APs. The default is 3517. Make sure this port is not

used by other services.
Apply
Reset

Click Apply to save your changes back to the HomeSafe.

Click Reset to reload the previous configuration for this screen.

Wireless Configuration and Roaming 6-7

HomeSafe User’s Guide

Chapter 7

Wireless Security

This Chapter describes how to use the MAC Filter, 802.1x, Local User Database and

RADIUS to configure wireless security on your HomeSafe.

7.1 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.

The figure below shows the possible wireless security levels on your HomeSafe. EAP (Extensible
Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange. It
requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either
on the WAN or your LAN to provide authentication service for wireless stations.

Figure 7-1 HomeSafe Wireless Security Levels

If you do not enable any wireless security on your HomeSafe, your network is accessible to any
wireless networking device that is within range.

Select No Security to allow wireless stations to communicate with the access points without any
data encryption.

Wireless Security 7-1

HomeSafe User’s Guide

Figure 7-2 WLAN : Wireless : No Security

The following table describes the labels in this screen.

Table 7-1 WLAN : Wireless : No Security

LABEL DESCRIPTION

Security Choose from one of the security features listed in the drop-down box.

¾ No Security
¾ Static WEP
¾ WPA-PSK
¾ WPA
¾ 802.1x + Dynamic WEP
¾ 802.1x + Static WEP
¾ 802.1x + No WEP

Preamble

802.11 Mode

Max. Frame
Burst

Apply

Select a preamble type from the drop-down list menu. Choices are Long, Short and
Dynamic. The default setting is Long.

See the section on preamble for more information.
Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate

with the HomeSafe.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate

with the HomeSafe.
Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to

associate with the HomeSafe. The transmission rate of your HomeSafe might be
reduced.

Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks
(networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the
performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum
Frame Burst sets the maximum time, in microseconds, that the HomeSafe transmits
IEEE 802.11g wireless traffic only.

Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800
recommended). Enter 0 to disable this feature. The default is 650.

Click Apply to save your changes back to the HomeSafe.

7-2 Wireless Security

HomeSafe User’s Guide

Table 7-1 WLAN : Wireless : No Security

LABEL DESCRIPTION

Reset

Click Reset to reload the previous configuration for this screen.

7.2 Security Parameters Summary

Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. You enter manual keys by first selecting
64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in
ASCII or hexadecimal format) in the key text boxes. MAC address filters are not dependent on
how you configure these security features.

Table 7-2 Wireless Security Relational Matrix

AUTHENTICATION

METHOD/ KEY

MANAGEMENT PROTOCOL

Open None No Disable
Open WEP

Shared WEP

WPA WEP No Enable
WPA TKIP No Enable
WPA-PSK WEP Yes Enable
WPA-PSK TKIP Yes Enable

ENCRYPTION

METHOD

ENTER

MANUAL KEY

No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable

IEEE 802.1X

7.3 WEP Overview

WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods for
both data encryption and wireless station authentication.

7.3.1 Data Encryption

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the
wireless stations must use the same WEP key to encrypt and decrypt data. Your HomeSafe allows
you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be enabled at any
one time.

7.3.2 Authentication

Three different methods can be used to authenticate wireless stations to the network: Open
System, Shared Key, and Auto. The following figure illustrates the steps involved.

Wireless Security 7-3

HomeSafe User’s Guide

Figure 7-3 WEP Authentication Steps

Open system authentication involves an unencrypted two-message procedure. A wireless station
sends an open system authentication request to the AP, which will then automatically accept and
connect the wireless station to the network. In effect, open system is not authentication at all as
any station can gain access to the network.

Shared key authentication involves a four-message procedure. A wireless station sends a shared
key authentication request to the AP, which will then reply with a challenge text message. The
wireless station must then use the AP’s default WEP key to encrypt the challenge text and return
it to the AP, which attempts to decrypt the message using the AP’s default WEP key. If the
decrypted message matches the challenge text, the wireless station is authenticated.

When your HomeSafe's authentication method is set to open system, it will only accept open
system authentication requests. The same is true for shared key authentication. However, when it
is set to auto authentication, the HomeSafe will accept either type of authentication request and
the HomeSafe will fall back to use open authentication if the shared key does not match.

7.3.3 Preamble Type

A preamble is used to synchronize the transmission timing in your wireless network. There are
two preamble modes: Long and Short.

Short preamble takes less time to process and minimizes overhead, so it should be used in a good
wireless network environment when all wireless clients support it.

Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless
clients support as all IEEE 802.11b compliant wireless adapters must support long preamble.
However, not all wireless adapters support short preamble. Use long preamble if you are unsure
what preamble mode the wireless adapters support, to ensure interpretability between the
HomeSafe and the wireless stations and to provide more reliable communication in ‘noisy’
networks.

7-4 Wireless Security

HomeSafe User’s Guide

Select Dynamic to have the HomeSafe automatically use short preamble when all wireless clients
support it, otherwise the HomeSafe uses long preamble.

) The HomeSafe and the wireless stations MUST use the

same preamble mode in order to communicate.

7.4 Configuring WEP Encryption

In order to configure and enable WEP encryption; click the WIRELESS link under
ADVANCED to display the Wireless screen. Select Static WEP from the Security list.

Figure 7-4 WLAN : Wireless : Static WEP Encryption

The following table describes the wireless LAN security labels in this screen.

Table 7-3 WLAN : Wireless : Static WEP Encryption

LABEL DESCRIPTION

WEP
Encryption

Authentication
Method

ASCII Select this option in order to enter ASCII characters as the WEP keys.
Hex Select this option in order to enter hexadecimal characters as the WEP keys.

Wireless Security 7-5

Select 64-bit WEP or 128-bit WEP to enable data encryption.

This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP

Encryption field.

Select Auto, Open System or Shared Key from the drop-down list box.

The preceding "0x", that identifies a hexadecimal key, is entered automatically.

HomeSafe User’s Guide

Table 7-3 WLAN : Wireless : Static WEP Encryption

LABEL DESCRIPTION

Key 1 to Key
4

Preamble

802.11 Mode

Max. Frame
Burst

Apply
Reset

The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations

must use the same WEP key for data transmission.

If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").

If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").

You must configure all four keys, but only one key can be activated at any one time.

The default key is key 1.

Select a preamble type from the drop-down list menu. Choices are Long, Short and

Dynamic. The default setting is Dynamic.

See the section on preamble for more information.

Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate

with the HomeSafe.

Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate

with the HomeSafe.

Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to

associate with the HomeSafe. The transmission rate of your HomeSafe might be

reduced.

Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks

(networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the

performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks.

Maximum Frame Burst sets the maximum time, in microseconds, that the HomeSafe

transmits IEEE 802.11g wireless traffic only.

Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800

recommended). Enter 0 to disable this feature. The default is 650.

Click Apply to save your changes back to the HomeSafe.

Click Reset to reload the previous configuration for this screen.

7.5 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key
differences between WPA and WEP are user authentication and improved data encryption.

7.5.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless
clients using an external RADIUS database. You can’t use the HomeSafe’s Local User Database
for WPA authentication purposes since the Local User Database uses EAP MD5, which cannot be
used to generate keys. See later in this chapter and the appendices for more information on IEEE

802.1x, RADIUS and EAP.
Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre-

Shared Key) that only requires a single (identical) password entered into each access point,
wireless gateway and wireless client. As long as the passwords match, a client will be granted
access to a WLAN.

7.5.2 Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.

7-6 Wireless Security

HomeSafe User’s Guide

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a Message
Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing
rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is never
used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically generate
unique data encryption keys to encrypt every data packet that is wirelessly communicated
between the AP and the wireless clients. This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function in
which the receiver and the transmitter each compute and then compare the MIC. If they do not
match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-use,
consistent, single, alphanumeric password.

7.5.3 WPA-PSK Application Example

A WPA-PSK application looks as follows.

1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must

consist of between 8 and 63 ASCII characters (including spaces and symbols).

2. The AP checks each client’s password and (only) allows it to join the network if it matches its

password.

3. The AP derives and distributes keys to the wireless clients.

4. The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between

them.

Figure 7-5 WPA - PSK Authentication

Wireless Security 7-7