Planet Networking & Communication 802.11g Wireless Broadband Router WRT-410, User Manual

Page 1: ...802 11g Wireless Broadband Router WRT 410 User s Manual ...

Page 2: ...limits for a Class B digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no gua...

Page 3: ...mmunication terminal Equipment and the mutual recognition of their conformity R TTE The R TTE Directive repeals and replaces in the directive 98 13 EEC Telecommunications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dange...

Page 4: ...UGH WEB BROWSER 5 3 1 MAIN 5 3 1 1 LAN DHCP Server 5 3 1 2 WAN 6 3 1 3 Password 8 3 1 4 Time 9 3 1 5 Dynamic DNS 10 3 2 WIRELESS 10 3 2 1 Basic 10 3 2 2 Authentication 11 3 2 3 Advanced 12 3 3 STATUS 13 3 3 1 Device Information 13 3 3 2 Log 14 3 3 3 Log Settings 15 3 3 4 Statistic 16 3 3 5 Wireless 17 3 4 ROUTING 17 3 4 1 Static 17 3 4 2 Dynamic 18 3 4 3 Routing Table 19 3 5 ACCESS 20 3 5 1 Filter...

Page 5: ... 29 3 8 WIZARD 30 CHAPTER 4 802 1X AUTHENTICATION SETUP 31 4 1 802 1X INFRASTRUCTURE 31 4 2 RADIUS SERVER SETUP 32 4 2 1 Required Services 32 4 2 2 Setup Procedure 32 4 3 AUTHENTICATOR SETUP 46 4 4 WIRELESS CLIENT SETUP 47 4 4 1 EAP MD5 Authentication 47 4 4 2 EAP TLS Authentication 50 CHAPTER 5 TROUBLESHOOTING 58 5 1 FREQUENTLY ASKED QUESTIONS 58 5 2 GLOSSARY 59 ...

Page 6: ...ts Before installation please check the following requirements with your equipment Pentium Based And Above IBM Compatible PC System CD ROM drive Windows 98 ME NT 2000 XP Operating System with TCP IP protocol 1 3 Features 2 4GHz ISM band unlicensed operation Strong network security with 802 1X authentication and 64 128 bit WEP encryption Supports WPA Wi Fi Protected Access for both 802 1x and WPA P...

Page 7: ...m 48 Mbps 72dBm 36 Mbps 76dBm 24 Mbps 79dBm 18 Mbps 82dBm 12 Mbps 86dBm 9 Mbps 89dBm 6 Mbps 90dBm typically PER 8 packet size 1024 and 25ºC 5ºC Data Encryption 64 128 bit WEP encryption Frequency band 2 4 GHz 2 484GHz Channel FCC 11 Channels US Canada ETSI 13 Channels Europe TELEC 14 Channels Japan Super G mode Up to 108Mbps 802 11g Up to 54Mbps 6 9 12 18 24 36 48 54 Data Rate 802 11b Up to 11Mbps...

Page 8: ...ocation without testing 3 Antenna adjustment The bundled antenna of WRT 410 is adjustable Firstly install the antenna pointing straight up then smoothly adjust it if the radio signal strength is poor But the signal reception is definitely weak in some certain areas such as location right down the antenna Moreover the original antenna of WRT 410 can be replaced with other external antennas to exten...

Page 9: ...lease use a RJ 45 Ethernet cable 5 Plug in power adapter and connect to power source After power on WRT 410 will start to operate Note ONLY use the power adapter supplied with the WRT 410 Otherwise the product may be damaged Note If you want to reset WRT 410 to default settings press and hold the Reset button over 5 seconds And then wait for 10 seconds for WRT 410 restart 2 2 LED Indicators WRT 41...

Page 10: ...A User Name and Password dialog box will appear Please enter your User Name and Password here Default User Name and Password are both admin Click OK 4 Then you will see the WRT 410 web configuration page 5 When the first time you enter WRT 410 Setup Wizard will pop up Please refer to our Quick Installation Guide to use the Setup Wizard to configure Setup Wizard will guide you through configuration...

Page 11: ...sses to all LAN devices connected to the WRT 410 End IP Type an IP address to serve as the end of the IP range that DHCP will use to assign IP addresses to all LAN devices connected to the WRT 410 Domain Name Type the local domain name of the network in the text box This item is optional Lease Time Select the proper expired duration of the IP leased by DHCP server 3 1 2 WAN Please refer to your In...

Page 12: ...When Specify IP is selected type the PPPoE IP address in the field Your ISP will provide you with this information DNS 1 2 3 Type up to three DNS numbers in the fields Your ISP will provide you with this DNS information User Name Type your PPPoE user name Password Type your PPPoE password Connect on Demand Enables or disables the connect on demand function which enables WRT 410 to initiate a conne...

Page 13: ... this information PPTP Account Type your PPTP account PPTP Password Type your PPTP password PPTP Retype password Confirm your PPTP password again Maximum Idle Time Specify the time that will elapse before the WRT 410 times out of a connection Auto reconnect If this function is enabled WRT 410 will try to rebuild Internet connection once the link is down 3 1 3 Password You can change the Administra...

Page 14: ... NTP server and enable or disable daylight saving Local Time Displays the local time and date Time Zone Select your time zone from the pull down list Default NTP Server Type the NTP server IP address in the field to enable the WRT 410 to automatically synchronize the time with Internet NTP server Set the Time Select the date and time from the pull down lists and click Set Time to set the WRT 410 s...

Page 15: ...der Currently WRT 410 supports DynDNS only thus you have to key in www dyndns org in this field Host Name Enter the host name you registered to DDNS provider User Name Enter the user name you registered to DDNS provider Password Enter the password of your registered account 3 2 Wireless 3 2 1 Basic This page enables you to enable and disable the wireless LAN function enter a SSID and set the chann...

Page 16: ...n here Mode Select the key code you want to use for WEP Key HEX or ASCII When Hex is selected you may enter alphanumeric characters in the range of A F a f and 0 9 in the WEP Key entry field Alternatively you may enter digit hexadecimal values in the range of a z A Z and 0 9 WEP Key Select the level of encryption you want from the drop down list WRT 410 supports 64 and 128 bit encryption Key 1 Key...

Page 17: ...the IP address communicate port number and shared secret key of your secondary RADIUS server Note As soon as 802 1X authentication is enabled all the wireless client stations that are connected to the Router currently will be disconnected The wireless clients must be configured manually to authenticate themselves with the RADIUS server to be reconnected If WPA PSK is selected the screen appears as...

Page 18: ...ication Message interval in the field You can specify a value between 1 and 255 The default value is 1 TX Rates MBps Select one of the wireless communications transfer rates based upon the speed of wireless adapters connected to the WLAN 11g only mode Enable 11g only mode will improve the performance of a 802 11g WLAN but non 802 11g clients cannot connect to WRT 410 Antenna Transmit Power You can...

Page 19: ...10 wireless interface MAC address connection status SSID status which channel is being used and whether WEP is enabled or not WAN This field displays the WRT 410 WAN interface MAC address DHCP client status IP address subnet mask default gateway and DNS Click DHCP Release to release IP addresses get from ISP for the WAN port Click DHCP Renew to get a new IP addresses from ISP for the WAN port 3 3 ...

Page 20: ... Delete the contents of the log and begin a new log Refresh Renew log statistics Time Displays the time and date that the log entry was created Message Displays summary information about the log entry Source Displays the source of the communication Destination Displays the destination of the communication Note Displays the IP address of the communication 3 3 3 Log Settings This screen allows you t...

Page 21: ...what items will be included in the log System Activity Displays information related to WRT 410 operation Debug Information Displays information related to errors and system malfunction Attacks Displays information about any malicious activity on the network Dropped Packets Displays information about packets that have not been transferred successfully Notice Displays important notices by the system...

Page 22: ...e total packet transmission since recording began 3 3 5 Wireless This screen will show you which wireless devices that are connected to this WRT 410 via wireless interface Connected Time Displays how long the wireless device has been connected to the LAN via the WRT 410 MAC Address Displays the devices wireless LAN interface MAC address 3 4 Routing 3 4 1 Static You can set parameters by which the ...

Page 23: ...mation Interface Select the interface WAN or LAN that you will use to connect to the Internet Metric Select which metric you want to apply to this configuration Add Click to add a configuration to the static IP address table at the bottom of this page Update Select one of the entries in the static IP address table at the bottom of the page and after changing parameters click Update to confirm the ...

Page 24: ...WRT 410 The routing table is a database created by the WRT 410 that displays the network interconnection topology Network Address Displays the network IP address of the connected node Network Mask Displays the network subnet mask of the connected node Gateway Address Displays the gateway address of the connected node Interface Displays whether the node is connected via a WAN or LAN Metric Displays...

Page 25: ... items in the table at the bottom click anywhere in the item The line is selected and the fields automatically load the item s parameters which you can edit Name Type the name of the user to be denied access MAC Address Type the MAC address of the user s network interface Add Click to add the user to the list at the bottom of the page Update Click to update information for the user if you have cha...

Page 26: ...ck to enable or disable the IP address filter Range Start Type the minimum address for the IP range IP addresses falling between this value and the Range End are not allowed to access the Internet Range End Type the minimum address for the IP range IP addresses falling between this value and the Range Start are not allowed to access the Internet Add Click to add the IP range to the table at the bo...

Page 27: ...domain name in the text field and click Add button to add it to the list Blocked Domains Enter the domain name in the text field and click Add button to add it to the list Select Protocol Filter the screen appears as below It enables you to allow or deny access based upon a communications protocol list you create The protocol filter profiles are listed in the table at the bottom of the page ...

Page 28: ... If you are creating a profile for ICMP type a minimum and maximum port range in the two fields Add Click to add the protocol filter to the list at the bottom of the page Update Click to update information for the protocol filter if you have changed any of the fields Delete Select a filter profile from the table at the bottom of the list and click Delete to remove the profile New Click New to eras...

Page 29: ...tion via the WRT 410 WAN connection Click Disabled on a profile to prevent users from accessing the application on the WAN Name Type a descriptive name for the application Trigger Defines the outgoing communication that determines whether the user has legitimate access to the application Protocol Select the protocol TCP UDP or ICMP that can be used to access the application Port Range Type the por...

Page 30: ...nlimited Internet access Apply Click to save the settings Note Any clients added to the DMZ exposes the clients to security risks such as viruses and unauthorized access 3 5 5 Firewall Rule This screen enables you to set up the firewall The WRT 410 provides basic firewall functions by filtering all the packets that enter the WRT 410 using a set of rules The rules are in an order sequence list the ...

Page 31: ...at the rule is applied to IP Range End Type the end IP address that the rule is applied to Protocol Select the protocol TCP UDP or ICMP of the destination Port Range Select the port range Add Click to add the rule profile to the table at the bottom of the screen Update Click to update information for the rule if you have selected a list item and changed Delete Select a list item and click Delete t...

Page 32: ...name for exchanging SNMP community messages The name can be used to limit SNMP messages passing through the network The default name is public Trap Receiver Type the name of the destination PC that will receive trap messages 3 6 2 Remote Management This screen enables you to set up remote management Using remote management the WRT 410 can be configured through the WAN via a Web browser A user name...

Page 33: ... ping from remote locations UPNP Enable Click to enable or disable UPNP Gaming mode Click to enable or disable Game mode PPTP Click to enable or disable PPTP passthrough IPSec Click to enable or disable IPSec passthrough 3 7 Tools 3 7 1 Restart Click Restart to restart the system in the event the system is not performing correctly 3 7 2 Settings This screen allows you to save settings as a profile...

Page 34: ...hanges you have made will be lost 3 7 3 Firmware You can upgrade your WRT 410 with new firmware in this screen Please follow these instructions 1 Download the latest firmware from PLANET s website and save it to your disk 2 Click Browse and find out the location of the downloaded file 3 Select the file and click Upgrade to update WRT 410 to the latest firmware 3 7 4 Ping Test You can ping an IP ad...

Page 35: ... if you want DHCP to automatically assign IP addresses Type a beginning IP address and an end IP address for the DHCP server to use in assigning IP addresses Click Next Select how the router will set up the Internet connection If you have enabled DHCP server choose Obtain IP automatically DHCP client to have the router assign IP addresses automatically Click to enable or disable wireless LAN If yo...

Page 36: ...order to have access to both Internet and Intranet With 802 1X authentication each of these wireless clients would have to be authenticated by RADIUS server If the client is authorized WRT 410 would be notified to open up a communication port to be used for the client There are 2 Extensive Authentication Protocol EAP methods supported 1 MD5 and 2 TLS MD5 authentication is simply a validation of ex...

Page 37: ...led please install Service Pack 2 also and other latest security patch Furthermore the following service components are needed n Active Directory Please consult with your network administrator or an engineer who is familiar with Windows 2000 server to install Active Directory otherwise your system or network might be unstable n IAS Internet Authentication Service n Web Server IIS n Certificate Ser...

Page 38: ...d click Next to continue 7 Go to Start Program Administrative Tools Certificate Authority 8 Right click on the Policy Setting select new 9 Select Certificate to Issue 10 Select Authenticated Session and Smartcard Logon by holding down to the Ctrl key and click OK to continue ...

Page 39: ...34 11 Go to Start Program Administrative Tools Active Directory Users and Computers 12 Right click on domain and select Properties to continue 13 Select Group Policy tab and click Properties to continue ...

Page 40: ... 35 14 Go to Computer Configuration Security Settings Public Key Policies 15 Right click Automatic Certificate Request Setting and select New 16 Click Automatic Certificate Request ...

Page 41: ...tomatic Certificate Request Setup 19 Go to Start Run and type command and click Enter to open Command Prompt 20 Type secedit refreshpolicy machine_policy to refresh policy Adding Internet Authentication Service 21 Go to Start Control Panel Add or Remove Programs 22 Select Add Remove Windows Components from the panel on the left 23 Select Internet Authentication Service and click OK to install ...

Page 42: ... 25 Right click Client and select New Client 26 Enter the IP address of WRT 410 in the Client address text field a memorable name for WRT 410 in the Client Vendor text field the access password used by WRT 410 in the Shared secret text field Re type the password in the Confirmed shared secret text field 27 Click Finish ...

Page 43: ... 38 28 In the Internet Authentication Service right click Remote Access Policies 29 Select New Remote Access Policy 30 Select Day And Time Restriction and click Add to continue ...

Page 44: ...less you want to specify the active duration for 802 1X authentication click OK to accept for having 802 1x authentication enabled at all times 32 Select Grant remote access permission and click Next to continue ...

Page 45: ...t Profile For TLS Authentication Setup Steps 34 35 34 Select Authentication Tab 35 Enable Extensible Authentication Protocol and select Smart Card or other Certificate for TLS authentication Click OK Then go to step 38 ...

Page 46: ...or MD5 Authentication Setup Steps 36 37 36 Select Authentication Tab 37 Enable Extensible Authentication Protocol Select MD5 Challenge and enable Encrypted Authentication CHAP for MD5 authentication Click OK ...

Page 47: ...ion from top panel Then click Register Service in Active Directory 39 Go to Start Program Administrative Tools Active Directory Users and Computers 40 Right click on the domain and select Properties 41 Select Group Policy tab and click Edit to edit the Group Policy ...

Page 48: ... 43 42 Go to Computer Configuration Windows Settings Security Settings Account Policies Password Policies Double click on Store password using reversible encryption for all users in the domain ...

Page 49: ...inue 44 Go to Start Program Administrative Tools Active Directory Users and Computers 45 Go to Users Right click on the user that you are granting access and select Properties 46 Go to Account tab and enable Store password using reversible encryption 47 Click Apply to continue ...

Page 50: ... 45 48 Go to the Dial in tab and check Allow access option for Remote Access Permission and No Call back for Callback Options Then click OK ...

Page 51: ...n 3 Enable 802 1X Authentication by selecting Enable 4 If EAP MD5 is used you can leave the settings in Encryption Key Length and Lifetime as default If you are using EAP TLS authentication set the Encryption Key Length ranging from 64 to 256 Bits and the Lifetime from 5 Minutes to 1 Day As soon as the lifetime expires the Encryption Key will be renewed by RADIUS server 5 Enter the IP address Port...

Page 52: ...ow how to configure 802 1X Authentication with WL 3555 in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again 4 4 1 EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2...

Page 53: ... 48 5 Click Properties of one available wireless network which you want to associate with 6 Select Data encryption WEP enabled option but leave other options unselected ...

Page 54: ...must be the same as the first set of WEP key which you set to WRT 410 8 Click OK 9 Select Authentication tab 10 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 11 Select MD 5 Challenge from the drop down list box for EAP type ...

Page 55: ...ick on the notice to continue 14 Enter the user name password and the logon domain that your account belongs 15 Click OK to complete the validation process 4 4 2 EAP TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a ...

Page 56: ...h 192 168 1 10 is the IP address of our server This will directly access to Certificate Service of a Windows 2000 server A dialog box will prompt you to enter user name and password 2 Enter a valid user name and password then click OK to continue 3 Select Request a certificate and click Next to continue 4 Select User Certificate request and click Next to continue ...

Page 57: ... 52 5 Click Submit to continue 6 The Certificate Service is now processing the certificate request ...

Page 58: ...ll this certificate to download and store the certificate to your local computer 8 Click Yes to store the certificate to your local computer 9 Certificate is now installed Wireless Adapter Setup 1 Go to Start Control Panel double click on Network Connections ...

Page 59: ...ireless Network Connection which using WL 3555 3 Click Properties to open up the Properties setting window 4 Click on the Wireless Network tab 5 Click Properties of one available wireless network which you want to associate with ...

Page 60: ... 55 6 Select The key is provided for me automatically option 7 Click OK ...

Page 61: ...list box for EAP type 11 Click OK 12 When wireless client has associated with WRT 410 Windows XP will prompt you to select a certificate for wireless network connection If you only have one certificate in local computer system will automatically use it for authenticate If you have multiple certificates in local computer click on the network connection icon in the system tray to continue ...

Page 62: ...t the certificate that was issued by the server in our demonstration WirelessCA and click OK to continue 14 Make sure this certificate is issued by correct server and click OK to complete the authentication process ...

Page 63: ...ted to be compatible with the upcoming 802 11i security standard Can I run an application from a remote computer over the wireless network This will depend on whether or not the application is designed to be used over a network Consult the application s user guide to determine if it supports operation over a network Can I play games with other members of the wireless network Yes as long as the gam...

Page 64: ...e moving freely throughout an area greater than that covered by a single Wireless Network Access Point Before using the roaming function the workstation must make sure that it is the same channel number with the Wireless Network Access Point of dedicated coverage area 5 2 Glossary ACCESS POINT Access points are way stations in a wireless LAN that are connected to an Ethernet hub or server Users ca...

Page 65: ...in their content without electrical power for example BIOS ROM The router firmware stores settings made in the interface FRAGMENTATION Refers to the breaking up of data packets during transmission FTP FTP File Transfer Protocol is used to transfer files over a TCP IP network and is typically used for transferring large files or uploading the HTML pages for a Web site to the Web server GATEWAY Gate...

Page 66: ... hardware adapters giving the adapter a unique identification METRIC A number that indicates how long a packet takes to get to its destination MTU MTU Maximum Transmission Transfer Unit is the largest packet size that can be sent over a network Messages larger than the MTU are divided into smaller packets NAT NAT Network Address Translation also known as IP masquerading enables an organization to ...

Page 67: ... To Send is a signal sent from the transmitting station to the receiving station requesting permission to transmit data SERVER Servers are typically powerful and fast machines that store programs and data The programs and data are shared by client machines workstations on the network SMTP SMTP Simple Mail Transfer Protocol is the standard Internet e mail protocol SMTP is a TCP IP protocol defining...

Page 68: ...dio where packets can be dumped as there is no time for retransmitting the data VIRTUAL SERVERS Virtual servers are client servers such as Web servers that share resources with other virtual servers i e it is not a dedicated server WEP WEP Wired Equivalent Privacy is the de facto security protocol for wireless LANs providing the equivalent security available in hardwired networks WIRELESS LAN Wire...

Page 69: ... 64 WLAN WAN WAN Wide Area Network is a communications network that covers a wide geographic area such as a country contrasted with a LAN which covers a small area such as a company building ...