SMC Networks Barricade SMC7904BRA2, User Manual

Page 1: ......

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 Router with built in ADSL2 2 Modem From SMC s line of award winning connectivity solutions August 2006 R 01 F W 0 11 ...

Page 4: ...nse is granted by implication or otherwise under any patent or patent rights of our company We reserve the right to change specifications at any time without notice Copyright 2006 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and Barricade is a trademark of SMC Networks Inc Other product and company names are trademarks or registered trad...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...hat the interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and ...

Page 8: ... II Calle Fructuós Gelabert 6 8 2o 4a 08970 Sant Joan Despí Barcelona Spain Marking by the above symbol indicates compliance with the Essential Requirements of the R TTE Directive of the European Union 1999 5 EC This equipment meets the following conformance standards EN 55022 EN 55024 EN 61000 3 2 EN 61000 3 3 EN 60950 1 ...

Page 9: ...eren Zeitraum nicht benutzt sollten Sie es vom Stromnetz trennen Somit wird im Falle einer Überspannung eine Beschädigung vermieden 12 Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen Dies könnte einen Brand bzw elektrischen Schlag auslösen 13 Öffnen sie niemals das Gerät Das Gerät darf aus Gründen der elektrischen Sicherheit nur von authorisiertem Se...

Page 10: ...COMPLIANCES vi ...

Page 11: ...6 ISP Settings 2 7 Connect the System 2 7 Connect the ADSL Line 2 7 Attach to Your Network Using Ethernet Cabling 2 8 Connect the Power Adapter 2 8 Connection Illustration 2 9 Configuring Client PC 3 1 TCP IP Configuration 3 1 Windows 2000 3 2 Disable HTTP Proxy 3 3 Obtain IP Settings from Your Barricade 3 3 Windows XP 3 5 Disable HTTP Proxy 3 5 Obtain IP Settings from Your Barricade 3 6 Configuri...

Page 12: ... 4 4 Parameter Setting 4 5 Parameter Setting Country or ISP Not Listed 4 6 Confirm 4 14 Configuration parameters 4 16 System 4 18 WAN 4 21 LAN 4 30 NAT 4 33 Routing 4 38 Firewall 4 42 SNMP 4 55 UPnp 4 58 QOS 4 59 ADSL 4 62 DDNS 4 65 Tools 4 66 Status 4 71 Finding the MAC address of a Network Card 4 74 Windows NT4 2000 XP 4 74 Macintosh 4 74 Linux 4 74 ...

Page 13: ... vii Troubleshooting A 1 Cables B 1 Ethernet Cable B 1 Specifications B 1 Wiring Conventions B 1 RJ 45 Port Connection B 2 Pin Assignments B 3 ADSL Cable B 5 Specifications B 5 Wiring Conventions B 5 Specifications C 1 ...

Page 14: ...TABLE OF CONTENTS viii ...

Page 15: ...de The Barricade provides Internet access to multiple users by sharing a single user account It is simple to configure and can be up and running in minutes Features and Benefits Intergrated ADSL modem for connecting to ADSL line Local network connection via four 10 100 Mbps Ethernet ports DHCP for dynamic IP configuration and DNS Proxy Relay for domain name mapping Firewall with Stateful Packet In...

Page 16: ...atures are provided by the Barricade Wired LAN The Barricade provides connectivity to 10 100 Mbps devices making it easy to create a network in small offices or homes Internet Access This device supports Internet access through an ADSL connection Since many DSL providers use PPPoE or PPPoA to establish communications with end users the Barricade includes built in clients for these protocols elimin...

Page 17: ... application from functioning correctly Security The Barricade supports security features that deny Internet access to specified users or filter all requests for specific services that the administrator does not want to serve The Barricade s firewall also blocks common hacker attacks including IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP...

Page 18: ...visions for call origination and flow control required by ISPs L2TP merges the best features of PPTP and L2F Like PPTP L2TP requires that the ISP s routers support the protocol IP Security Provides IP network layer encryption IPSec can support large encryption networks such as the Internet by using digital certificates for device authentication ...

Page 19: ...deTM on page 4 1 Package Contents After unpacking check the contents of the box to be sure you have received the following components ADSL2 BarricadeTM SMC7904BRA2 or SMC7904BRB2 Power adapter One CAT 5 Ethernet cable RJ 45 One Telephone patch cables RJ 11 Documentation CD One Warranty Card One Splitter for NE the Netherlands UK and FR France versions only Immediately inform your dealer in the eve...

Page 20: ... PC or to a local area network using any of the four Fast Ethernet LAN ports Access speed to the Internet depends on your service type Full rate ADSL provides up to 8 Mbps downstream and 1 Mbps upstream G lite or splitterless ADSL provides up to 1 5 Mbps downstream and 512 kbps upstream ADSL2 Provides up to 24 Mbps downstream and 1 Mbps upstream However you should note that the actual rate provide...

Page 21: ...Fast Ethernet ports RJ 45 Connect devices on your local area network to these ports i e a PC hub or switch Reset Button Use this button to reset the Barricade and restore the default factory settings To reset without losing configuration settings see Reset on page 4 70 Power Inlet Connect the included power adapter to this inlet Warning Using the wrong type of power adapter may damage the Barricad...

Page 22: ... Ethernet ports RJ 45 Connect devices on your local area network to these ports i e a PC hub or switch Reset Button Use this button to reset the Barricade and restore the default factory settings To reset without losing configuration settings see Reset on page 4 70 Power Inlet Connect the included power adapter to this inlet Warning Using the wrong type of power adapter may damage the Barricade 12...

Page 23: ...ormal operation Off Power off or failure LAN 4 LEDs On Ethernet connection is established Flashing The indicated LAN port is sending or receiving data Off There is no LAN connection on the port ADSL Sync On ADSL connection is functioning correctly Flashing The Barricade is establishing an ADSL link Off ADSL connection is not established ADSL Data Blinking ADSL port is sending receiving data Off No...

Page 24: ...is receiving power Normal operation Off Power off or failure LAN 4 LEDs On Ethernet connection is established Flashing The indicated LAN port is sending or receiving data Off There is no LAN connection on the port ADSL Sync On ADSL connection is functioning correctly Flashing The Barricade is establishing an ADSL link Off ADSL connection is not established ADSL Data Blinking ADSL port is sending r...

Page 25: ...ded You should however comply with the following guidelines Keep the Barricade away from any heating devices Do not place the Barricade in a dusty or wet environment You should also remember to turn off the power remove the power cord from the outlet and keep your hands dry when you install the Barricade Connect the ADSL Line Connect the supplied ADSL cable from the port labelled ADSL on the Split...

Page 26: ... clicks into position to ensure that it is properly seated Warning Do not plug a phone jack connector into an RJ 45 port This may damage the Barricade Note Use 100 ohm shielded or unshielded twisted pair cable with RJ 45 connectors for all Ethernet ports Category 5 cable is recommended Make sure each twisted pair cable length does not exceed 100 meters 328 feet Connect the Power Adapter Plug the p...

Page 27: ...CONNECT THE SYSTEM 2 9 Connection Illustration The connection diagram shows how to connect the Barricade ...

Page 28: ...INSTALLATION 2 10 ...

Page 29: ...he Internet through the Barricade you must configure the network settings of the computers on your LAN to use the same IP subnet as the Barricade The default IP settings for the Barricade are IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Note These settings can be changed to fit your network requirements but you must first configure at least one computer to access the Barricade s web configurat...

Page 30: ...icon that corresponds to the connection to your Barricade 3 The connection status screen will open Click Properties 4 Double click Internet Protocol TCP IP 5 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select this option ...

Page 31: ...ngs from Your Barricade Now that you have configured your computer to connect to your Barricade it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your Barricade you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCON...

Page 32: ...Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your ADSL Router is functioning 4 Close the Command Prompt window Your computer is now configured to connect to the Barricade ...

Page 33: ...ress automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select the options Disable HTTP Proxy You need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your browser can view the Barricade s HTML configuration pages Follow these steps to disable the HTTP proxy Open your web browser g...

Page 34: ...ured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCONFIG RELEASE and press the ENTER key 3 Type IPCONFIG RENEW and press the ENTER key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your ADSL router is functi...

Page 35: ...xactly match your operating system This is because these steps and screenshots were created using Mac OS 10 2 Mac OS 7 x and above are similar but may not be identical to Mac OS 10 2 Follow these instructions 1 Pull down the Apple Menu Click System Preferences 2 Double click the Network icon in the Systems Preferences window ...

Page 36: ...92 168 2 1 These values confirm that your Barricade is functioning 5 Close the Network window Now your computer is configured to connect to the Barricade Disable HTTP Proxy You need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your browser can view the Barricade s HTML configuration pages The following steps are for Internet Explorer Internet Explorer 1 Ope...

Page 37: ...CONFIGURING YOUR MACINTOSH COMPUTER 3 9 3 Uncheck all check boxes and click OK ...

Page 38: ...CONFIGURING CLIENT PC 3 10 ...

Page 39: ...icade using your web browser To access the Barricade s management interface enter the default IP address of the Barricade in your web browser http 192 168 2 1 Enter the default password smcadmin and click LOGIN Note Password is case sensitive This is the login screen for SMC7904BRA2 This is the login screen for SMC7904BRB2 ...

Page 40: ...een You can view the device status summary here The Barricade s management interface consists of a Setup Wizard and 13 menu items Use the Setup Wizard to quickly set up the Barricade Go to SETUP WIZARD on page 4 4 for details For configuration details of the 13 menu items please refer to Configuration parameters on page 4 16 ...

Page 41: ...ick the APPLY or SAVE SETTINGS or NEXT button at the bottom of the screen to enable the new setting Note To ensure proper screen refresh after a command entry be sure that Internet Explorer 5 5 is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for Check for newer versions of stored pages should be Every visit to the page ...

Page 42: ...ect your local time zone from the drop down menu This information is used for log entries and client filtering If you want to automatically synchronize the ADSL router with a public time server check the box to Enable Automatic Time Server Maintenance Select the desired servers from the drop down menu Click NEXT to continue ...

Page 43: ... uses Protocol RFC1483 Routed you will need to enter the IP address Subnet Mask and Default Gateway supplied by your ISP If your Country or Internet Service Provider is not listed in this screen you will need to manually enter settings Go to Parameter Setting Country or ISP Not Listed on page 4 6 in the manual Note If your ISP has not provided you with a DNS address and the protocol is PPPoA PPPoE...

Page 44: ...settings For manual configuration you will need to know the Protocol DNS Server Encapsulation and VPI VCI settings used by your ISP If you have a static IP address you will also need to know the IP address Subnet Mask and Gateway address Please contact your ISP for these details if you do not already have them After selecting Other then select the Protocol that your ISP uses from the drop down men...

Page 45: ... the settings Parameter Description VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu Username Enter user name provided by your ISP Password Enter password provided by your ISP Confirm Password Confirm password ...

Page 46: ...s about the settings Parameter Description VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down list Username Enter user name provided by your ISP Password Enter password provided by your ISP Confirm Password Confirm password ...

Page 47: ...DNS Server Enter the DNS Server IP address provided by your ISP If your ISP has not provided you with a DNS address leave this field blank The Barricade will automatically obtain the DNS address from your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu ...

Page 48: ... Enter your ISP supplied static IP address here Subnet Mask Enter the subnet mask address provided by your ISP Default Gateway Enter the gateway address provided by your ISP DNS Server Enter the DNS Server IP address provided by your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the ...

Page 49: ...e IP address provided by your ISP Subnet Mask Enter the subnet mask address provided by your ISP Default Gateway Enter the gateway address provided by your ISP DNS Server Enter the DNS Server IP address provided by your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu...

Page 50: ...ameter Description Management IP Address Management IP address of the Barricade Default 192 168 2 1 When configured in Bridging mode you will be able to manage the Barricade using this IP address VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu ...

Page 51: ... 4 14 in the manual for details about the settings Parameter Description DNS Server Enter the DNS Server IP address provided by your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu ...

Page 52: ...tocol is correct check with your ISP VPI VCI Virtual Path Identifier VPI and Virtual Circuit Identifier VCI If you are unsure the VPI VCI values are correct check with your ISP AAL5 Encapsulation Shows the packet encapsulation type If you are unsure the selected Encapsulation is correct check with your ISP Go to page 4 21 for a detailed description Network Layer Parameters WAN IP Address WAN IP ad...

Page 53: ...Troubleshooting on page A 1 if you cannot make a connection to the Internet DNS Server The IP address of the DNS server If the DNS address field was left blank in previous steps the address will be displayed as 0 0 0 0 ISP Parameters Username The ISP assigned user name Password The password hidden Parameter Description ...

Page 54: ...Sets the TCP IP configuration for the Barricade LAN interface and DHCP clients NAT Configures Address Mapping virtual server and special applications Routing Sets the routing parameters and displays the current routing table Firewall Configures a variety of security and specialized functions including Access Control URL blocking Internet access control scheduling intruder detection and DMZ SNMP Co...

Page 55: ...te system firmware or reset the system Status Provides WAN connection type and status firmware and hardware version numbers system IP settings as well as DHCP NAT and firewall information Displays the number of attached clients the firmware versions the physical MAC address for each media interface and the hardware version and serial number Shows the security and DHCP client log Menu Description ...

Page 56: ...ries and system events you need to set the time zone Select your time zone from the drop down menu If daylight savings is used in your area check the box to enable the function and select the start end dates If you want to automatically synchronize the ADSL router with a public time server check the box to Enable Automatic Time Server Maintenance Select the desired servers from the drop down menu ...

Page 57: ...nterface press the blue reset button on the rear panel holding it down for at least 10 seconds to restore the factory defaults The default password is smcadmin Enter a maximum Idle Time Out in minutes to define a maximum period of time for which the login session is maintained during inactivity If the connection is inactive for longer than the maximum idle time it will perform system logout and yo...

Page 58: ... the IP address of a remote computer on this screen Check the Enabled check box and enter the IP address of the Host Address and click Save Settings Note If you check Enable and specify an IP address of 0 0 0 0 any remote host can manage the Barricade For remote management via WAN IP address you need to connect using port 8080 Simply enter WAN IP address followed by 8080 for example 211 20 16 1 80...

Page 59: ...CONFIGURATION PARAMETERS 4 21 WAN Specify the WAN connection parameters provided by your Internet Service Provider ISP The following three items are configurable ATM PVC Clone MAC DNS ...

Page 60: ...to configure the connection parameters VPI VCI Displays the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI configured for the corresponding VC Encapsulation Displays the Encapsulation configured for the corresponding VC Encapsulation specifies how to handle multiple protocols at the ATM transport layer VC MUX Point to Point Protocol over ATM Virtual Circuit Multiplexer null encapsu...

Page 61: ...N Select VLAN group from the drop down menu New VLAN groups can be created from the LAN menu VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu QoS Class ATM QoS classes including CBR UBR and VBR PCR SCR MBS QoS Parameters PCR Peak Cell Rate SCR Sustainable Cell Rate and MB...

Page 62: ...ur ISP IP Address Enter the IP address provided by your ISP For dynamic IP leave this field blank Subnet Mask Enter the subnet mask address provided by your ISP For dynamic IP leave this field blank Connect Type Sets connection mode to Always connected Auto Triggered by traffic or Manual connection For flat rate services use Always connected Idle Time Minute Enter the maximum idle time for the Int...

Page 63: ...ask address provided by your ISP Default Gateway Enter the gateway address provided by your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down list QoS Class ATM QoS classes including CBR UBR and VBR PCR SCR MBS QoS Parameters PCR SCR and MBS are configurable DHCP Client Che...

Page 64: ... address dynamically IP Address If you have selected No in the previous field type in the IP address provided by your ISP Subnet Mask Enter the subnet mask address provided by your ISP Connect Type Sets connection mode to Always connected Auto Triggered by traffic or Manual connection For flat rate services use Always connected Idle Time Minute Enter the maximum idle time for the Internet connecti...

Page 65: ...bnet mask address provided by your ISP Default Gateway Enter the gateway address provided by your ISP VPI VCI Enter the Virtual Path Identifier VPI and Virtual Circuit Identifier VCI supplied by your ISP Encapsulation Select the encapsulation used by ISP from the drop down menu QoS Class ATM QoS classes including CBR UBR and VBR PCR SCR MBS QoS Parameters PCR SCR and MBS are configurable DHCP Clie...

Page 66: ...me ISPs require you to register your MAC address with them If this is the case and you have previously registered the MAC address of another device the MAC address of the Barricade must be changed to the MAC address that you have registered with your ISP ...

Page 67: ...ill find that name in its index and find the matching IP address xxx xxx xxx xxx Most ISPs provide a DNS server for speed and convenience Since your Service Provider may connect to the Internet with dynamic IP settings it is likely that the DNS server IP s are also provided dynamically However if there is a DNS server that you would rather use you need to specify the IP address here ...

Page 68: ...The IP address of the Barricade IP Subnet Mask The subnet mask of the Barricade DHCP Server This option allows you to enable or disable the DHCP server function By default DHCP is enabled VLAN Binding LAN1 to LAN4 This option allows you to change VLAN membership of LAN ports 1 4 By default all LAN ports are assigned to the default VLAN DHCP Server DHCP Server ID Allows you to define a name for the...

Page 69: ...a pre defined lease time for IP addresses assigned using DHCP For home networks this may be set to Forever which means there is no time limit on the IP address lease IP Address Pool Start IP Address Specify the start IP address of the DHCP pool Do not include the gateway address of the Barricade in the client address pool If you change the pool range make sure the first three octets match the gate...

Page 70: ...ol IGMP snooping is a method by which Layer 2 devices can listen in on IGMP conversations between hosts and routers When a switch hears a group join message from a host it notes which switch interface it heard the message on and adds that interface to the group Similarly when a Layer 2 switch hears a group leave message or a response timer expires the switch will remove that host s switch interfac...

Page 71: ...CONFIGURATION PARAMETERS 4 33 NAT Network Address Translation NAT allows multiple users to access the Internet sharing one public IP ...

Page 72: ... IP addresses to be shared by multiple internal users This also hides the internal network for increased privacy and security Enter the Public IP address you wish to share into the Global IP field Enter a range of internal IPs that will share the global IP into the from field ...

Page 73: ...quest to the appropriate server located at another internal IP address For example if you set Type Public Port to TCP 80 HTTP or web and the Private IP Port to 192 168 2 2 80 then all HTTP requests from outside users will be transferred to 192 168 2 2 on port 80 Therefore by just entering the IP address provided by the ISP Internet users can access the service they need at the local address to whi...

Page 74: ...such as Internet gaming video conferencing and Internet telephony These applications may not work when Network Address Translation NAT is enabled If you need to run applications that require multiple connections use these screens to specify the additional public ports to be opened for each application ...

Page 75: ...CONFIGURATION PARAMETERS 4 37 NAT Mapping Table This screen displays the current NAPT Network Address Port Translation address mappings Click Refresh to update the table ...

Page 76: ...e box of an already entered route and click Modify Clicking Delete will remove an entry from the list Parameter Description Index Check the box of the route you wish to delete or modify Network Address Enter the IP address of the remote computer for which to set a static route Subnet Mask Enter the subnet mask of the remote network for which to set a static route Gateway Enter the WAN IP address o...

Page 77: ...his sub network information will be summarized to one piece of information covering all sub networks Table of current Interface RIP parameter Interface The WAN interface to be configured Operation Mode Disable RIP disabled on this interface Enable RIP enabled on this interface Silent Listens for route broadcasts and updates its route table It does not participate in sending route broadcasts Versio...

Page 78: ...loops that would cause endless retransmission of data traffic Authentication Required None No authentication Password A password authentication key is included in the packet If this does not match what is expected the packet will be discarded This method provides very little security as it is possible to learn the authentication key by watching RIP packets MD5 An algorithm that is used to verify d...

Page 79: ...fies the address bits in the destination address used for routing to specific subnets Each bit that corresponds to a 1 is part of the subnet mask number each bit that corresponds to 0 is part of the host number Gateway The IP address of the router at the next hop to which frames are forwarded Interface The local interface through which the next hop of this route is reached Metric When a router rec...

Page 80: ...attacks are aimed at devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The Barricade protects against the following DoS attacks IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding For ...

Page 81: ...ted or not permitted through the WAN interface The default is to permit all outgoing traffic The following items are on the Access Control screen Parameter Description Enable Filtering Function Enable or Disable Access control function Normal Filtering Table Displays descriptive list of filtering rules defined ...

Page 82: ...reate a new access control rule 1 Click Add PC on the Access Control screen The Access Control Add PC screen will appear 2 Define the appropriate settings for client PC services 3 Click OK and then click SAVE SETTINGS to save your settings ...

Page 83: ...rnet When enabled only the MAC addresses defined in the MAC Filtering table will have access to the Internet All other client devices will be denied access You can enter up to 32 MAC addresses in this table MAC Address Control select enable or disable MAC Filtering Table enter the MAC address in the space provided ...

Page 84: ...g The Barricade allows the user to block access to web sites by entering either a full URL address or just a keyword This feature can be used to protect children from accessing violent or pornographic web sites You can define up to 30 sites here ...

Page 85: ...hedule Rule You may filter Internet access for local clients based on rules Each access control rule may be activated at a scheduled time Define the schedule on the Schedule Rule screen and apply the rule on the Access Control screen ...

Page 86: ...ese steps to add a schedule rule 1 Click Add Schedule Rule on the Schedule Rule screen The Edit Schedule Rule screen will appear 2 Define the appropriate settings for a schedule rule 3 Click OK and then click SAVE SETTINGS to save your settings ...

Page 87: ...blocked except for those types marked in the Stateful Packet Inspection section RIP Defect Default Enabled If an RIP request packet is not acknowledged to by the router it will stay in the input queue and not be released Accumulated packets could cause the input queue to fill causing severe problems for all protocols Enabling this feature prevents the packets from accumulating Discard Ping to WAN ...

Page 88: ...CONFIGURING THE BARRICADETM 4 50 ...

Page 89: ...types of traffic are checked only the particular type of traffic initiated from the internal LAN will be allowed For example if the user only checks FTP Service in the Stateful Packet Inspection section all incoming traffic will be blocked except for FTP connections initiated from the local LAN Stateful Packet Inspection allows you to select different application types that are using dynamic port ...

Page 90: ...TCP SYN wait 30 sec Defines how long the software will wait for a TCP session to synchronize before dropping the session TCP FIN wait 5 sec Specifies how long a TCP session will be maintained after the firewall detects a FIN packet TCP connection idle timeout 3600 seconds 1 hour The length of time for which a TCP session will be managed if there is no activity UDP session idle timeout 30 sec The l...

Page 91: ... per min HIGH 250 sessions Maximum number of allowed incomplete TCP UDP sessions per minute Incomplete TCP UDP sessions per min LOW 200 sessions Minimum number of allowed incomplete TCP UDP sessions per minute Maximumincomplete TCP UDP sessions number from same host 10 Maximum number of incomplete TCP UDP sessions from the same host Incomplete TCP UDP sessions detect sensitive time period 300 msec...

Page 92: ...n properly from behind the firewall you can open the client up to unrestricted two way Internet access Enter the IP address of a DMZ Demilitarized Zone host on this screen Adding a client to the DMZ may expose your local network to a variety of security risks so only use this option as a last resort ...

Page 93: ...ONFIGURATION PARAMETERS 4 55 SNMP Use the SNMP configuration screen to display and modify parameters for the Simple Network Management Protocol SNMP Select the SNMP Operation mode from the drop down menu ...

Page 94: ...ent are controlled by community strings To communicate with the Barricade the NMS must first submit a valid community string for authentication Note Up to five community names may be entered Parameter Description Community A community name authorized for management access Access Management access is restricted to Read Only Read or Read Write Write Valid Enables disables the entry ...

Page 95: ...A community string password specified for trap management Enter a word something other than public or private to prevent unauthorized individuals from accessing information on your system Version Sets the trap status to disabled or enabled with V1 or V2c The v2c protocol was proposed in late 1995 and includes enhancements to v1 that are universally accepted These include a get bulk command to redu...

Page 96: ...less devices UPnP enables seamless proximity network in addition to control and data transfer among networked devices in the office home and everywhere within your network UPnP allows the device to automatically join a network obtain an IP address convey its capabilities and learn about the presence and capabilities of other devices Check the Enable radio button to activate this function ...

Page 97: ...ed in RFC 2598 Parameter Description Enable or disable QoS module function Check to enable or disable this function BE Best Effort network forwards as many packets as possible in as reasonable a time as possible This is the default per hop behavior PHB for packet transmission AF1x AF2x AF3x AF4x Set the percentage for four different types of Assured Forwarding EF Expedited Forwarding is intended t...

Page 98: ...CONFIGURING THE BARRICADETM 4 60 Traffic Mapping Use this screen to classify traffic into Diffserv forwarding groups and outgoing VCs Click Add traffic class to set the parameter details ...

Page 99: ...CONFIGURATION PARAMETERS 4 61 Traffic Statistics This screen shows the WAN outbound traffic statistics of all the Diffserv forwarding groups in the last 12 hours ...

Page 100: ...upstream This section is used to configure the ADSL operation type and shows the ADSL status ADSL Parameters This screen is designed for the engineer to test the ADSL loop condition Therefore it is advised that users should not change the settings here at all Parameter Description Operation Mode Automatic T1 413 Issue 2 G 992 1 G DMT G 992 2 G Lite G 992 3 ADSl2 G 992 5 ADSL2 ...

Page 101: ...tion screen Parameter Description Status Line Status Shows the current status of the ADSL line connection Data Rate Upstream Maximum upstream data rate Downstream Maximum downstream data rate Operation Data Defect Indication Noise Margin Maximum upstream and downstream noise margin Output Power Maximum fluctuation in the output power Attenuation Maximum reduction in the strength of the upstream an...

Page 102: ... slows the data flow and may not be optimal for real time signals such as video transmission Fast Path CRC Error The number of Fast Path Cyclic Redundancy Check errors Interleaved Path CRC Error The number of Interleaved Path Cyclic Redundancy Check errors Loss of Signal Defect Momentary signal discontinuities Loss of Frame Defect Failures due to loss of frames Loss of Power Defect Failures due to...

Page 103: ... or server DDNS allows your domain name to follow your IP address automatically by having your DNS records changed when your IP address changes This DNS feature is powered by DynDNS org or NO IP com or TZO com With a DDNS connection you can host your own web site email server FTP site and more at your own location even if you have a dynamic IP address ...

Page 104: ...e route backup the current configuration restore a previously saved configuration update firmware and reset the Barricade Ping Utility This tool allows you to test your network connection You can specify a domain name or a valid IP address of the remote host for ping test ...

Page 105: ...7 Trace Route Utility Traceroute is a TCP IP utility which allows the user to determine the route packets take to reach a particular host Enter the information in the IP Address or Domain Name field and click the Traceroute button ...

Page 106: ...ter Configuration this allows you to save the Barricade s configuration to a file Restore from saved Configuration file this function is used to restore the previously saved backup configuration file Restore router to Factory Defaults this resets the Barricade back to the original default settings ...

Page 107: ...user interface to the latest versions 1 Download the upgrade file from the SMC web site first and save it to your hard drive 2 Then click Browse to look for the downloaded file Click BEGIN UPGRADE Check the Status screen Information section to confirm that the upgrade process was successful ...

Page 108: ...blinking If you perform a reset from this screen the configurations will not be changed back to the factory default settings Note If you use the Reset button on the back panel the Barricade performs a power reset If the button is pressed for over 10 seconds all the LEDs will illuminate and the factory default settings will be restored ...

Page 109: ...atus firmware and hardware version numbers illegal attempts to access your network as well as information on DHCP clients connected to your network The security log may be saved to a file by clicking Save and choosing a location Scroll down to view more information on the Status screen ...

Page 110: ...CONFIGURING THE BARRICADETM 4 72 ...

Page 111: ... clients the firmware versions the physical MAC address for each media interface and for the Barricade as well as the hardware version and serial number ATM PVC Displays ATM connection type and status Disabled The ATM connection is disabled Connect Click on this button to establish a connection to the ATM connection Security Log Displays attempts to access your network Save Click on this button to...

Page 112: ...t Programs Command Prompt Type ipconfig all and press ENTER The MAC address is listed as the Physical Address MACINTOSH Click System Preferences Network The MAC address is listed as the Ethernet Address on the TCP IP tab LINUX Run the command sbin ifconfig The MAC address is the value after the word HWaddr ...

Page 113: ...ween the Barricade the external power supply and the wall outlet If the power indicator does not turn on when the power cord is plugged in you may have a problem with the power outlet power cord or external power supply However if the unit powers off after running for a while check for loose power connections power losses or surges at the power outlet If you still cannot isolate the problem then t...

Page 114: ...ns for possible defects Replace any defective adapter or cable if necessary Network Connection Problems Cannot ping the Barricade from the attached LAN Verify that the IP addresses are properly configured For most applications you should use the Barricade s DHCP function to dynamically assign IP addresses to hosts on the attached LAN However if you manually configure IP addresses on the LAN verify...

Page 115: ...ay Check that you have a valid network connection to the Barricade and that the port you are using has not been disabled Check the network cabling between the management station and the Barricade Forgot or lost the password Press the Reset button on the rear panel holding it down for at least 10 seconds to restore the factory defaults Troubleshooting Chart Symptom Action ...

Page 116: ...TROUBLESHOOTING A 4 ...

Page 117: ...Ethernet connections a twisted pair cable must have two pairs of wires Each wire pair is identified by two different colors For example one wire might be red and the other red with white stripes Also an RJ 45 connector must be attached to both ends of the cable Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat 5 100 ohm ...

Page 118: ...me orientation when attaching the wires to the pins Figure B 1 RJ 45 Ethernet Connector Pin Numbers RJ 45 Port Connection Use the straight through CAT 5 Ethernet cable provided in the package to connect the Barricade to your PC When connecting to other network devices such as an Ethernet switch use the cable type shown in the following table AttachedDevicePortType Connecting Cable Type MDI X Strai...

Page 119: ...t Through Wiring If the port on the attached device has internal crossover wiring MDI X then use straight through cable RJ 45 Pin Assignments Pin Number Assignment1 1 Tx 2 Tx 3 Rx 6 Rx 1 The and signs represent the polarity of the wires that make up each wire pair Straight Through Cable Pin Assignments End 1 End 2 1 Tx 1 Tx 2 Tx 2 Tx 3 Rx 3 Rx 6 Rx 6 Rx ...

Page 120: ...CABLES B 4 Crossover Wiring If the port on the attached device has straight through wiring MDI use crossover cable Crossover Cable Pin Assignments End 1 End 2 1 Tx 3 Rx 2 Tx 6 Rx 3 Rx 1 Tx 6 Rx 2 Tx ...

Page 121: ...olors For example one wire might be red and the other red with white stripes Also an RJ 11 connector must be attached to both ends of the cable Each wire pair must be attached to the RJ 11 connectors in a specific orientation The following figure illustrates how the pins on the RJ 11 connector are numbered Be sure to hold the connectors in the same orientation when attaching the wires to the pins ...

Page 122: ... 3 Line 1 Ring Red or Blue White 4 Line 1 Tip Green or White Blue 5 Line 2 Ring Yellow or Orange White 6 Not used 1 2 3 4 5 6 Blue White White Blue R1 T1 1 2 3 4 5 6 Red Green R1 T1R2 T2 Black Yellow 1 2 3 4 5 6 Blue White White Blue R1 T1R2 T2 White Orange Orange White 6x2 Jack 6x4 Jack 6x4 Jack T Tip R Ring ...

Page 123: ...92 3 and ADSl2 G 992 5 Supports G Lite ADSL up to 1 5 Mbps downstream up to 512 Kbps upstream Dying GASP support ATM Features RFC1483 Encapsulation IP Bridging and encapsulated routing PPP over ATM LLC VC multiplexing RFC2364 Classical IP RFC1577 Traffic shaping UBR CBR OAM F4 F5 support PPP over Ethernet Client Management Features Firmware upgrade via web based management web based management con...

Page 124: ...RIP Temperature IEC 68 2 14 0 to 40 degrees C Standard Operating 40 to 70 degree C Non operation Humidity 10 to 90 Non condensing Vibration IEC 68 2 36 IEC 68 2 6 Shock IEC 68 2 29 Drop IEC 68 2 32 Dimensions 143mm L x 94mm D x 32mm H Weight 500 g Input Power 12 V 1 A IEEE Standards IEEE 802 3 802 3u 802 11g 802 1D ITU G dmt ITU G Handshake ITU T 413 issue 2 ADSL full rate Standards Conformance El...

Page 125: ......

Page 126: ......