Minitar MNWAPGR, User Manual

Page 1: ...MNWAPGR Wireless 802 11g Access Point Router User Manual ...

Page 2: ...uipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures are necessary to correct the interfer...

Page 3: ...asic Setting 15 4 4 1 Primary Setup WAN Type Virtual Computers 15 4 5 Forwarding Rules 25 4 5 1 Virtual Server 26 4 5 2 Special AP 27 4 5 3 Miscellaneous Items 28 4 6 Security Settings 29 4 6 1 Packet Filter 29 4 6 2 Domain Filter 34 4 6 3 URL Blocking 35 4 6 4 MAC Address Control 37 4 6 5 Miscellaneous Items 39 4 7 Advanced Settings 40 4 7 1 System Time 41 4 7 2 System Log 42 4 7 3 Dynamic DNS 43...

Page 4: ... All unwanted packets from outside intruders are blocked to protect your Intranet z DHCP server supported All of the networked computers can retrieve TCP IP settings automatically from this product z Web based configuring Configurable through any networked computer s web browser using Netscape or Internet Explorer z Virtual Server supported Enable you to expose WWW FTP and other services on your L...

Page 5: ... allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination z Domain Filtering Let you prevent users using this device from accessing specific URLs z URL Blocking URL Blocking can block hundreds of websites connection by simply a keyword z VPN Pass through The router also suppo...

Page 6: ... com and dhs org z SNMP Support The router supports basic SNMP functions to allow external monitoring z Static Routing Table The router supports the manual addition of Static Routes z Scheduled Rule Support Customers can control some functions like virtual server and packet filters based off a specific timing configuration Other functions z uPnP Universal Plug and Play Support The router supports ...

Page 7: ...Blinking Flashed once per second to indicate system is alive On The WAN port is linked WAN WAN port activity Green Blinking The WAN port is sending or receiving data Wireless Wireless activity Green Blinking Sending or receiving data via wireless On An active station is connected to the corresponding LAN port Link Act 1 4 Link status Green Blinking The corresponding LAN port is sending or receivin...

Page 8: ...WAN The port where you will connect your cable or DSL modem or Ethernet router Port 1 4 The ports where you will connect networked computers and other devices Reset The button to reset the units settings to factory defaults MNWAPGR User Manual Copyright 2005 Minitar Corporation 8 ...

Page 9: ...reless LAN connection locate this product at a proper position to gain the best transmit performance Figure 2 3 Setup of LAN and WAN connections for this product 3 Setup WAN connection Prepare an Ethernet cable for connecting this product to your cable xDSL modem or Ethernet backbone Figure 2 3 illustrates the WAN connection 4 Power on By connecting the power cord to the power inlet and turning th...

Page 10: ...ol you can use the ping command to check if your computer has successfully connected to this product The following example shows the ping procedure for the Windows platform First open up a Command prompt cmd in 2000 XP msdos in 95 98x Second execute the ping command ping 192 168 123 254 If the following messages appear Pinging 192 168 123 254 with 32 bytes of data Reply from 192 168 123 254 bytes ...

Page 11: ...ased configuration scheme that is the ability to configure the device using your Web browser such as Netscape Communicator or Internet Explorer This approach can be adopted on any MS Windows Macintosh or UNIX based platforms MNWAPGR User Manual Copyright 2005 Minitar Corporation 11 ...

Page 12: ...will see the web user interface of this product There are two modes of the web user interface one for general users and one for system administrator To log in as an administrator enter the system password the factory setting is admin in the System Password field and click on the Log in button If the password is correct the web mode will be changed into administrator configuration mode As listed in...

Page 13: ...WAN port is assigned a dynamic IP there may appear a Renew or Release button on the Sidenote column You can click these buttons to renew or release the IP manually B Statistics of WAN enables you to monitor inbound and outbound packets on the WAN connection MNWAPGR User Manual Copyright 2005 Minitar Corporation 13 ...

Page 14: ...ard will guide you through a basic configuration procedure step by step Press Next Setup Wizard Select WAN Type For detail settings please refer to 4 4 1 primary setup MNWAPGR User Manual Copyright 2005 Minitar Corporation 14 ...

Page 15: ...4 4 Basic Setting 4 4 1 Primary Setup WAN Type Virtual Computers Press Change MNWAPGR User Manual Copyright 2005 Minitar Corporation 15 ...

Page 16: ...ress Obtain an IP address from ISP automatically C Dynamic IP Address with Road Runner Session Management e g Telstra BigPond D PPP over Ethernet Some ISPs require the use of PPPoE to connect to their services E PPTP Some ISPs require the use of PPTP to connect to their services 4 4 1 1 Static IP Address WAN IP Address Subnet Mask Gateway Primary and Secondary DNS enter the proper setting provided...

Page 17: ...s automatically when the lease time expires even the system is in idle state 4 4 1 4 PPP over Ethernet 1 PPPoE Account and Password the account and password your ISP assigned to you For security this field appears blank If you don t want to change the password leave it empty 2 PPPoE Service Name optional Input the service name if your ISP requires it Otherwise leave it blank 3 Maximum Idle Time th...

Page 18: ...u don t want to change the password keep it empty 3 Connection ID optional Input the connection ID if your ISP requires it 4 Maximum Idle Time the time of no activity to disconnect your PPTP session Set it to zero or enable Auto reconnect to disable this feature If Auto reconnect is enabled this product will connect to ISP automatically after system is restarted or the connection is dropped MNWAPG...

Page 19: ...o one mapping of multiple global IP address and local IP address Global IP Enter the global IP address assigned by your ISP Local IP Enter the local IP address of your LAN PC corresponding to the global IP address Enable Check this item to enable the Virtual Computer feature MNWAPGR User Manual Copyright 2005 Minitar Corporation 19 ...

Page 20: ...ude the following items 1 DHCP Server Choose Disable or Enable 2 Lease Time this feature allows you to configure the IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting and ending address of the IP...

Page 21: ...n to another The standardized IEEE 802 11 WEP 128 or 64 bit is used here 4 WEP Key 1 2 3 4 When you enable the 128 or 64 bit WEP key security please select one WEP key to be used and input 26 or 10 hexadecimal 0 1 2 8 9 A B F digits 5 Pass phrase Generator Since hexadecimal characters are not easily remembered this device offers a conversion utility to convert a simple word or phrase into hex 6 80...

Page 22: ...MNWAPGR User Manual Copyright 2005 Minitar Corporation 22 ...

Page 23: ...n is enabled the Wireless user must authenticate to this router first to use the Network service RADIUS Server IP address or the 802 1X server s domain name RADIUS Shared Key Key value shared by the RADIUS server and this router This key value must be consistent with the key value in the RADIUS server MNWAPGR User Manual Copyright 2005 Minitar Corporation 23 ...

Page 24: ...4 4 4 Change Password You can change Password here We strongly recommend you to change the system password for security reasons MNWAPGR User Manual Copyright 2005 Minitar Corporation 24 ...

Page 25: ...4 5 Forwarding Rules MNWAPGR User Manual Copyright 2005 Minitar Corporation 25 ...

Page 26: ...directed to the computer specified by the Server IP The Virtual Server can work with the Scheduling Rules and give the user more flexibility on Access control For Detail please refer to Scheduling Rule For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 then you need to specify the following virtual server mapping t...

Page 27: ... to make an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall This product provides some predefined settings Select your application and click Copy to to add the predefined ...

Page 28: ...erencing Internet telephony and other special applications NOTE This feature should be used only when needed A software firewall application should be installed on the DMZ host as otherwise it will be unprotected Non standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21 This setting will be lost after rebooting MNWAPGR User Manual Copyrig...

Page 29: ...ching the specified rules You can specify 8 rules for each direction inbound or outbound For each rule you can define the following Source IP address Source port address Destination IP address Destination port address Protocol TCP or UDP or both Use Rule For source or destination IP address you can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 1 4 3 2 254 An empty entry impli...

Page 30: ...d Filter To enable the Inbound Packet Filter click the check box next to Enable in the Inbound Packet Filter field Suppose you have a SMTP Server 25 POP Server 110 Web Server 80 FTP Server 21 and News Server 119 defined in Virtual Server or DMZ Host Example 1 1 2 3 100 1 2 3 149 They are allowed to send mail port 25 receive mail port 110 and browse the Internet port 80 1 2 3 10 1 2 3 20 They can d...

Page 31: ...an do everything except read net news port 119 and transfer files via FTP port 21 Others are all allowed After the Inbound Packet Filter setting is configured click the save button MNWAPGR User Manual Copyright 2005 Minitar Corporation 31 ...

Page 32: ...ample 1 192 168 123 100 192 168 123 149 They are allowed to send mail port 25 receive mail port 110 and browse Internet port 80 port 53 DNS is necessary to resolve the domain name 192 168 123 10 192 168 123 20 They can do everything block nothing Others are all blocked MNWAPGR User Manual Copyright 2005 Minitar Corporation 32 ...

Page 33: ... They can do everything except read net news port 119 and transfer files via FTP port 21 Others are allowed After the Outbound Packet Filter setting is configured click the save button MNWAPGR User Manual Copyright 2005 Minitar Corporation 33 ...

Page 34: ...ific URLs Privilege IP Addresses Range Setting to allow a group of hosts the privilege to access the network without restriction Domain Suffix A suffix of URL to be restricted For example com xxx com Action When someone is accessing a URL that matches the domain suffix what kind of action you want Check drop to block the access Check log to log the access Enable Check to enable each rule MNWAPGR U...

Page 35: ... 3 URL include www google com will be blocked but the action will not be recorded in the log file 4 IP address X X X 1 X X X 20 can access the network without restriction 4 6 3 URL Blocking URL Blocking will block LAN computers to connect to pre defined Websites The major difference between Domain filter and URL Blocking is the Domain filter requires MNWAPGR User Manual Copyright 2005 Minitar Corp...

Page 36: ...ocked For example you can use the pre defined word sex to block all websites if their URLs contain the pre defined word sex Enable Checked to enable each rule In this example 1 Any URL that includes msn will be blocked and the action will be recorded in the log file 2 Any URL that includes sina will be blocked but the action will be recorded in the log file 3 Any URL that includes cnnsi will not b...

Page 37: ... this device If a client is denied connection to this device it means the client can t access the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control table please see below Association control Check Association control to enable the controlling of which wireless client can associate to the wireless LAN If a client is denied association to th...

Page 38: ...t to connect to this device A When Association control is checked check A will allow the corresponding client to associate to the wireless LAN In this page we provide the following Combo box and button to help you to input the MAC address You can select a specific client in the DHCP clients combo box and then click on the Copy to button to copy the MAC address of the client you select to the ID se...

Page 39: ...ct to this product to perform administration tasks You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted to port 88 You can change the web server port to any other port as well Administrator Time out The time of no activity to logout automatically Set it to zero to...

Page 40: ...4 7 Advanced Settings MNWAPGR User Manual Copyright 2005 Minitar Corporation 40 ...

Page 41: ...ver Select a NTP time server to consult UTC time Time Zone Select a time zone where this device resides Set Date and Time manually Select if you want to set the Date and Time manually Function of Buttons Sync Now Synchronize the system time with the network time server MNWAPGR User Manual Copyright 2005 Minitar Corporation 41 ...

Page 42: ... E mail Alert Enable Check if you want to enable the Email alerts send syslog via email SMTP Server IP and Port Input the SMTP server IP and port which are concatenated with If you do not specify a port number the default value is 25 For example mail your_url com or 192 168 1 100 26 Send E mail alert to The recipients who will receive these logs You can assign more than 1 recipient using or to sep...

Page 43: ...e Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS click the check box next to Enable in the DDNS field Next you can enter the appropriate information about your Dynamic DNS Server You have to define Provider Host Name Username E mail Password Key You will get this information when you register an account on a Dyna...

Page 44: ...nable SNMP You must check either Local or Remote or both to enable the SNMP function If Local is checked this device will respond to requests from the LAN If Remote is checked this device will respond to requests from the WAN Get Community Setting the community of GetRequest your device will respond to Set Community Setting the community of SetRequest your device will accept MNWAPGR User Manual Co...

Page 45: ...ing path and allow different subnets to communicate with each other The Routing Table settings are settings used to setup the functions of static routing Static Routing For static routing you can specify up to 8 routing rules You can enter the destination IP address subnet mask gateway and hop for each routing rule and then enable or disable the rule by checking or unchecking the Enable checkbox M...

Page 46: ...lient3 wanted to send an IP data packet to 192 168 0 2 it would use the above table to determine that it had to go via 192 168 123 103 a gateway And if it sends Packets to 192 168 1 11 they will go via 192 168 123 216 Each rule can be enabled or disabled individually After the routing table settings are configured click the save button MNWAPGR User Manual Copyright 2005 Minitar Corporation 46 ...

Page 47: ... on or off at that time Select the enable item Press Add New Rule You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configures ftp time as everyday 14 10 to 16 20 MNWAPGR User Manual Copyright 2005 Minitar Corporation 47 ...

Page 48: ... Edit To edit the schedule rule Delete To delete the schedule rule and the rule of the rules behind the deleted one will decrease one automatically A Schedule Rule can be applied to a Virtual server and Packet Filter for example MNWAPGR User Manual Copyright 2005 Minitar Corporation 48 ...

Page 49: ...Example1 Virtual Server Apply Rule 1 ftp time everyday 14 10 to 16 20 Example2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20 MNWAPGR User Manual Copyright 2005 Minitar Corporation 49 ...

Page 50: ...4 8 Toolbox MNWAPGR User Manual Copyright 2005 Minitar Corporation 50 ...

Page 51: ...4 8 1 System Log You can View the system log by clicking the View Log button MNWAPGR User Manual Copyright 2005 Minitar Corporation 51 ...

Page 52: ...4 8 2 Firmware Upgrade You can upgrade the firmware by clicking the Firmware Upgrade button MNWAPGR User Manual Copyright 2005 Minitar Corporation 52 ...

Page 53: ...e these settings please click Firmware Upgrade button and use the bin file you saved 4 8 4 Reset to default You can also reset this product to factory default settings by clicking the Reset to default button 4 8 5 Reboot You can also reboot this product by clicking the Reboot button MNWAPGR User Manual Copyright 2005 Minitar Corporation 53 ...

Page 54: ...device remotely In order to enjoy this feature the target device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router send the wake up frame to the target device immediately MNWAPGR User Manual Copyright 2005 Minitar Corporation 54 ...

Page 55: ...Router correctly A 1 Install TCP IP Protocol into Your PC 1 Click Start button and choose Settings then click Control Panel 2 Double click the Network icon and select the Configuration tab in the Network window 3 Click the Add button to add a network component into your PC 4 Double click the Protocol to add the TCP IP protocol 5 Select the Microsoft item in the manufactures list And choose TCP IP ...

Page 56: ...2 Double click the Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab of the Network window 3 Click the Properties button to set the TCP IP protocol for this NAT Router 4 Now you have two configuration methods MNWAPGR User Manual Copyright 2005 Minitar Corporation 56 ...

Page 57: ...a Select Obtain an IP address automatically in the IP Address tab b Don t input any value in the Gateway tab MNWAPGR User Manual Copyright 2005 Minitar Corporation 57 ...

Page 58: ...lect Specify an IP address in the IP Address tab The default IP address of this product is 192 168 123 254 So please use 192 168 123 xxx xxx is between 1 and 253 for IP Address field and 255 255 255 0 for Subnet Mask field MNWAPGR User Manual Copyright 2005 Minitar Corporation 58 ...

Page 59: ... is 192 168 123 254 in the New gateway field and click Add button c In the DNS Configuration tab add the DNS values which are provided by your ISP into the DNS Server Search Order field and click the Add button MNWAPGR User Manual Copyright 2005 Minitar Corporation 59 ...

Page 60: ...sion 3 0 5 0 Driver date 03 05 2003 PC2 Microsoft Windows XP Professional with Service Pack 1a Z Com XI 725 wireless LAN USB adapter Driver version 1 7 29 0 Driver date 10 20 2001 Authentication Server Windows 2000 RADIUS server with Service Pack 3 and HotFix Q313664 Note Windows 2000 RADIUS server only supports the PEAP protocol after a upgrade to service pack 3 and HotFix Q313664 You can get mor...

Page 61: ...er certificate on RADIUS server according to the test condition 3 1 2 Setup DUT 1 Enable the 802 1X check the Enable checkbox 2 Enter the RADIUS server IP 3 Enter the shared key The key shared by the RADIUS server and DUT 4 We will change 802 1X encryption key length to fit the variable test condition 3 1 3 Setup Network adapter on PC 1 Choose the IEEE802 1X as the authentication method Fig 2 Note...

Page 62: ...Figure 2 Enable IEEE 802 1X access control MNWAPGR User Manual Copyright 2005 Minitar Corporation 62 ...

Page 63: ...lient and RADIUS server both to EAP_TLS 4 Disable the wireless connection and enable again 5 The DUT will send the user s certificate to the RADIUS server and then send the message of authentication result to PC1 Fig 5 6 Windows XP will prompt that the authentication process is success or fail and end the authentication procedure Fig 6 7 Terminate the test steps when PC1 get dynamic IP and PING re...

Page 64: ...l prompt that the authentication process is success or fail and end the authentication procedure 6 Terminate the test steps when PC2 get dynamic IP and PING remote host successfully Support Type The router supports the types of 802 1x Authentication PEAP CHAPv2 and PEAP TLS Note 1 PC1 is on Windows XP platform without Service Pack 1 2 PC2 is on Windows XP platform with Service Pack 1a 3 PEAP is su...

Page 65: ...A PSK and WPA Wireless Router LAN IP 192 168 123 254 WAN IP 192 168 122 216 Radius Server 192 168 122 1 UserA XP Wireless Card Ti 11g Tool Odyssey Client Manager Refer to www funk com Download http www funk com News Events ody_c_wpa_preview_pn asp Or Another Configuration ...

Page 66: ...e Windows XP with WPA PSK support 1 Go to the Web manager of Wireless Router to do the configuration like below 2 Download and install the Odyssey Client Manager software Go to the Odyssey Client Manager software first choose Network Before doing that you should verify if the software can show the wireless card Open Adapters MNWAPGR User Manual Copyright 2005 Minitar Corporation 66 ...

Page 67: ...3 Add and edit some settings 4 Back to Connection Then Select Connect to network You will see MNWAPGR User Manual Copyright 2005 Minitar Corporation 67 ...

Page 68: ...laylang en FamilyID 5039ef4a 6 1e0 4c44 94f0 c25c9de0ace9 Or just install XP Service Pack 2 2 Then reboot 3 Setting on the router and client Router Client Go to Network Connection and select the wireless adapter Choose View available Wireless Networks like below AdvancedÆ choose 123kk your ESSID MNWAPGR User Manual Copyright 2005 Minitar Corporation 68 ...

Page 69: ...1x The above is our environment Method 1 where you don t have Windows XP with WPA support 1 The UserA or UserB have to get a certificate from Radius first http 192 168 122 1 certsrv 2 Then Install this certificate and finish MNWAPGR User Manual Copyright 2005 Minitar Corporation 69 ...

Page 70: ...d install the Odyssey Client Manager software Go to the Odyssey Client Manager choose Profiles and Setup Profile name as 1 Set the username and password as required Remember that you get the certificate from Radius in Step1 MNWAPGR User Manual Copyright 2005 Minitar Corporation 70 ...

Page 71: ...5 Then choose the certificate like above MNWAPGR User Manual Copyright 2005 Minitar Corporation 71 ...

Page 72: ...6 Then go to Authentication and first Remove EAP TLS and Add EAP TLS again MNWAPGR User Manual Copyright 2005 Minitar Corporation 72 ...

Page 73: ...7 Go Network and Select 1 and ok MNWAPGR User Manual Copyright 2005 Minitar Corporation 73 ...

Page 74: ...reless client has to authenticate with Radius Server like below 9 Result Method 2 using Windows XP with WPA support 1 The UserA or UserB have to get a certificate from Radius first http 192 168 122 1 certsrv MNWAPGR User Manual Copyright 2005 Minitar Corporation 74 ...

Page 75: ...2 Then Install this certificate and finish 3 Setting on the router and client Router MNWAPGR User Manual Copyright 2005 Minitar Corporation 75 ...

Page 76: ... View available Wireless Networks like below AdvancedÆ choose 123kk Select WirelessCA and Enable in Trusted root certificate authority Then if the wireless client wants to associate it has to request to authenticate MNWAPGR User Manual Copyright 2005 Minitar Corporation 76 ...

Page 77: ...press the RESET button in And then power on the router and push the RESET button down until the M1 and or M2 LED or Status LED start flashing then remove the finger If LED flashes about 8 times the RESTORE process is completed However if LED flashes 2 times repeat 2 Restore directly when the router power on First push the RESET button about 5 seconds M1 will start flashing about 5 times remove the...