Technical Specifications (cont'd)
Broadband Wireless Router without MoCA
Standards
Compliance
QoS
Firewall
TR-069 Compliant
Ability to release and renew its WAN DHCP
address based on a remote (network based)
management request
CMS Certification
TR-111
Support interoperability with TR-111: Applying
TR-069 to Remote Management of Home Devices
TR-064 (future upgradeable)
TR-098
Support Ethernet 802.1P/Q Prioritization
DiffServ
Support RFC 2474 “Differentiated Services Field”
Support RFC 2475 “Architecture for Differentiated
Services”
Support RFC 2598 “An Expedited Forwarding PHB”
Support three strict priority queues for Upstream
and Downstream traffic
Support up to eight upstream traffic classes on
WAN interface
Support traffic prioritization, and policing on all
network interfaces
Support common firewall functions, such as access
control, port forwarding, DMZ, port triggering,
remote administration, website blocking, and filtering
Configurable to allow specifying or selecting the
following: Source and/or destination IP address,
source and/or destination IP range, host names,
protocol, source and/or destination ports, MAC
addresses, egress and ingress interfaces, for each
firewall function if applicable
Support static NAT in addition to common NAT
functions
Honor layer 3 QoS markings including TOS, DSCP,
IP precedence bits
The mapping between layer 3 and layer 2 QoS
marking is configurable
Support traffic shaping or rate shaping on each
egress and ingress interface
Support priority queuing, weighted fair queuing,
custom queuing, and FIFO
Support DHCP vendor class identifier extension
Support Traffic classification based on DHCP
Option 60
Stateful Packet Inspection (SPI) Firewall
Pre-defined Security Policies
Even Logging
Denial of Service (DoS) protection:
General: Ping Flood, ICMP Echo Storm, UDS
Snork Attack, ICMP Smurf, UDS Fraggle, TCP
Window Checks, Invalid TCP Options, TCP Flags,
TCP 3WHS, TCP LAND, TCP 3SYN/UDP/ICMP
Floor, PROTOS Attacks, Short IP Packets
Firewall
(cont’d)
Wireless
LAN Module
IP Spoofing Attacks: FTP Bounce, Broadcast
/Multicast Source IP Attack
Intrusion and Scanning Attacks: IP Source Router,
ICMP Echo Reply without Request, ICMP Ping
Sweep, TCP Stealth Scan (FIN XMAS, NULL), UDP
Port, FTP Passive Attack, Loopback/Echo Chargen
IP Fragmen Overlap: Teardrop, Teardrop2,
Newtear, Opeear, Bonk, Boink Syndrop, Nestea
Ping of Death: SSPing, Jolt, Jolt2, Flushot Attack,
Oshare Attack
Fragmentation Attacks: Overlap, Changed Data,
Changed Length, Microfragments, Empty Fragments,
TCP Header Fragments
DMZ (Demilitarized Zone) Hosting
Access Control
Remote Access Control (HTTP, SNMP, Telnet,
Diagnostics)
Block Internet Services from LAN hosts
Intrusion Detection
Firewall Breach E-mail Notification
MAC Address Filtering
Control IP-TOS Manipulation with Firewall Rules
TCP MTU Clamping
Support for ACL & ALG
IEEE 802.11g
IEEE 802.11b backward compatible
IEEE 802.11i
Capable to monitor wireless connections to various
client devices for parameters such as signal
strength and throughput.
Configurable multiple RF transmission power levels
Multiple Encryption Options Supported: 64 & 128
bit WEP encryption, WPA, 802.1x, and RADIUS
authentication
64 bit WEP is enabled by default
Antenna system has an omni-directional
transmit/receive pattern
Maximum Transmit Power (EIRP) equal to or
greater than 100 mW when operating in the
802.11g mode
SSID Broadcast Enable/Disable
Multiple SSIDs supported
Automatic Channel Selection during Boot-up
Channels 1-11 approved for use in the USA
Creative Solutions for the Digital Life
™
