Cisco CVR100W Administration Manual
Cisco CVR100W Administration Manual

Cisco CVR100W Administration Manual

Wireless-n vpn router
Hide thumbs Also See for CVR100W:
Table of Contents

Advertisement

Quick Links

ADMINISTRATION
GUIDE
Cisco Small Business
CVR100W Wireless-N VPN Router

Advertisement

Table of Contents
loading

Summary of Contents for Cisco CVR100W

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business CVR100W Wireless-N VPN Router...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
  • Page 3: Table Of Contents

    Returning to the Connection Status Page Changing Your Preferred Language Viewing the Help Files Verifying the Hardware Installation Connecting to Your Wireless Network Chapter 2: Viewing CVR100W Status Viewing the Dashboard Viewing System Summary Viewing Connected Devices Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 4 IPv4 Configuring DHCP Configuring VLAN Configuring Static DHCP Configuring a DMZ Host Configuring Routing Configuring Operating Mode Configuring Dynamic Routing Configuring Static Routing Configuring Inter-VLAN Routing Viewing the Routing Table Configuring Dynamic DNS Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 5 Configuring Wireless Radio Settings Configuring Wireless Network Settings Configuring Wireless Security Configuring MAC Address Filtering Configuring Time of Day Access Configuring Guest Net Configuring Cisco Simple Connect Configuring Advanced Wireless Settings Configuring WDS Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 6 Creating and Managing QuickVPN Users Importing VPN Client Settings Configuring Basic VPN Setup Viewing Default VPN Settings Configuring Basic VPN Settings Configuring Advanced VPN Setup Configuring Global Advanced VPN Settings Managing IKE Policies Configuring VPN Policies Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 7 Configuring System Time Configuring Bonjour Using Diagnostic Tools Network Tools Configuring Port Mirroring Configuring Logging Configuring Logging Settings Configuring Remote Syslog Server Backing Up and Restoring System Configuration Backing Up Your Current Configuration Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 8 Connecting to CSC Wireless Network Customizing Your QR Code Appendix A: Using Cisco QuickVPN Before You Begin Installing the Cisco QuickVPN Software Using the Cisco QuickVPN Software Appendix B: Where to Go From Here Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 9: Chapter 1: Introduction

    • Connecting to Your Wireless Network Product Overview Thank you for choosing the Cisco CVR100W Wireless-N VPN Router. The CVR100W provides simple, affordable, secure business-class connectivity to the Internet for small office/home office (SOHO) and remote professionals. The CVR100W is an advanced Internet-sharing network solution for your small business needs.
  • Page 10: Lan Ethernet Interface

    LAN Ethernet Interface The CVR100W provides four full-duplex 10/100 Fast Ethernet LAN interfaces that can connect up to four devices. You can connect a Cisco Small Business switch to one of the available ports to expand your network as needed.
  • Page 11: Wireless Distribution System

    The CVR100W supports Wi-Fi Multimedia (WMM) and Wi-Fi Multimedia Power Save (WMM-PS) for quality of service (QoS). The CVR100W also supports 802. 1 p, Differentiated Services Code Point (DSCP), and class of service (CoS) for wired QoS, which can improve the quality of your network when using delay-sensitive Voice over IP (VoIP) applications and bandwidth-intensive video streaming applications.
  • Page 12: Getting To Know The Cvr100W

    Introduction Getting to Know the CVR100W Getting to Know the CVR100W Before using the CVR100W, familiarize yourself with its buttons, lights, and interfaces found in this section. Front Panel There are three buttons and eight lights on the front panel.
  • Page 13 The numbered lights correspond to the LAN ports on the back panel of the CVR100W. • Solid blue when the CVR100W is connected to a device through the corresponding LAN port (1, 2, 3, or 4). • Flashes blue when the CVR100W is sending or receiving data over that LAN port.
  • Page 14: Back Panel

    RESET button for more than five seconds. This reboots the unit and restores the factory defaults. The settings that you have previously made to the CVR100W are lost. 12VDC The 12VDC port is where you connect the supplied power adapter (12V/0.5 A).
  • Page 15: Default Settings

    • Mechanical Loading—Be sure that the CVR100W is level and stable to avoid any hazardous conditions. Place the CVR100W horizontally on a flat surface so that it sits on its four rubber feet. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 16: Wall Mounting

    STEP 4 panel. Connect the other end to an Ethernet port on the PC that you will use to run web-based Configuration Utility. Skip this step if you want to connect the PC to the CVR100W through a NOTE wireless connection.
  • Page 17: Getting Started With The Configuration

    Start a computer that you connected to the CVR100W. The computer becomes a STEP 1 DHCP client of the CVR100W and receives an IP address in the 192. 1 68. 1 .xxx range. Launch a web browser and enter 192.168.1.1 in the address bar. This is the STEP 2 default IP address of the CVR100W.
  • Page 18: Changing The Default Administrative Password

    Introduction Changing the Default Administrative Password The CVR100W automatically changes its IP address to 10. 1 0. 1 0. 1 when its NOTE default IP address conflicts with another device in your network. When the login page appears, choose the language that you prefer to use in the STEP 3 utility, and then enter the username and password.
  • Page 19 Click Save and Exit to save your changes. STEP 2 The Connection Status page opens. You are required to log into the utility with the new password before you do any other tasks. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 20: Using The Connection Status Page

    You can perform the following actions: • To refresh the data on the screen, click Refresh. • To log out the utility, click Log out. • To launch the Setup Wizard, click Setup Wizard. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 21: Using The Getting Started Page

    Page for more information. • To learn more information about your CVR100W, click Product Resources. Using the Getting Started Page The Getting Started page displays the most common configuration tasks. Use the links on this page to jump to the relevant configuration pages.
  • Page 22: Returning To The Connection Status Page

    See Viewing VPN Status. Other Resources CVR100W Resources Click this link to open the CVR100W Resources page. Support Click this link to visit the Cisco support community. Returning to the Connection Status Page To return to the Connection Status page, click the Home Page link near the top right corner of the page.
  • Page 23: Connecting To Your Wireless Network

    NOTE configuration for the first time, use the default SSID name and pre-shared key are provided on the product label at the bottom of the CVR100W. The following steps are provided as an example; you may need to configure your device differently.
  • Page 24: Chapter 2: Viewing Cvr100W Status

    • Viewing CSC Information • Viewing NETSTAT Information Viewing the Dashboard The Dashboard page displays information about the CVR100W and its current settings. To view the Dashboard: Choose Status > Dashboard. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
  • Page 25 Viewing CVR100W Status Viewing the Dashboard To display an interactive view of the back panel of the CVR100W, click Show STEP 3 Panel View. The view of the back panel shows you which ports are used (colored in green) and allows you to click the port to obtain information about the connection.
  • Page 26 MAC Address MAC address of the CVR100W. IPv4 Address Local IPv4 address of the CVR100W. IPv6 Address Local IPv6 address of the CVR100W (if IPv6 is enabled). DHCP Server Shows if the DHCP server is enabled or disabled. DHCPv6 Server Shows if the DHCPv6 server is enabled or disabled (if IPv6 is enabled).
  • Page 27: Viewing System Summary

    Shows if the predefined SSID is enabled or disabled. QuickVPN Users Number of QuickVPN users. Viewing System Summary The System Summary page displays a summary of the CVR100W’s settings. To view a summary of system settings: Choose Status > System Summary. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
  • Page 28 System Up Time Duration for which the system has been running. Current Time Time of day. PID VID Product ID and version ID of the CVR100W. IPv4 Configuration LAN IP LAN address of the CVR100W. WAN IP WAN address of the CVR100W.
  • Page 29: Viewing Connected Devices

    CVR100W. The Connected Devices page displays information from devices that have NOTE responded to the CVR100W’s Address Resolution Protocol (ARP) request. If a device does not respond to the request, it is removed from the list. To view connected devices: Choose Status >...
  • Page 30: Viewing Dhcp Leased Clients

    To view information for the DHCP clients: Choose Status > DHCP Leased Clients. STEP 1 For every VLAN defined on the CVR100W, this page displays a list of the clients associated with the VLAN. Host Name Name of the device connected to the CVR100W.
  • Page 31: Viewing Port Statistics

    From the Refresh Rate drop-down menu, choose a refresh rate. This causes the STEP 2 page to re-read the statistics from the CVR100W and refresh the page. (Optional) By default, byte data is displayed in bytes and other numerical data is STEP 3 displayed in long form.
  • Page 32: Viewing Wireless Statistics

    Viewing Wireless Statistics The Wireless Statistics page shows a cumulative total of relevant wireless statistics for the radio on the CVR100W. To view wireless statistics: Choose Status > Wireless Statistics. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
  • Page 33: Viewing Guest Network Status

    A warning message will be appeared at this time. The CVR100W limits the time (two hours) that each guest can be connected to the SSID4. The guest connection will be terminated over the time limit. You can also manually terminate the guest connection at any time.
  • Page 34: Viewing Vpn Status

    Time of the VPN user ending a connection. Duration (Seconds) Duration between the VPN user establishing and ending a connection. Protocol Protocol that the user uses, such as QuickVPN. To manually terminate a VPN session, click Disconnect. STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 35: Viewing Logs

    Viewing CVR100W Status Viewing Logs Viewing Logs The View Logs page allows you to view the CVR100W logs. To view the logs: Choose Status > View Logs. STEP 1 Click Refresh Logs to display the latest log entries. STEP 2...
  • Page 36: Viewing Ipsec Connection Status

    From the Refresh Rate drop-down menu, choose a refresh rate. This action STEP 2 causes the page to reread the status and statistics from the CVR100W and refresh the page. (Optional) By default, byte data is displayed in bytes and other numerical data is STEP 3 displayed in long form.
  • Page 37: Viewing Csc Information

    VPN connection. Viewing CSC Information The CSC Information page displays the status for all wireless clients that are associated with the Cisco Simple Connect (CSC) wireless network of the CVR100W. To view information for all CSC wireless clients: Choose Status >...
  • Page 38: Viewing Netstat Information

    The count of bytes not acknowledged by the remote host. Local Address Address and port number of the local end of the socket. Foreign Address Address and port number of the remote end of the socket. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 39 --listening (-l) or --all (-a) option. • CLOSING: Both sockets are shut down but we still do not have all our data sent. • UNKNOWN: The state of the socket is unknown. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 40: Chapter 3: Configuring Network

    Configuring Static IP • Configuring Optional Settings Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address. • Cloning the MAC Address...
  • Page 41: Configuring Automatic Configuration (Dhcp)

    If the connection is idle—that is, no traffic is flowing—the connection is closed. If you click Connect on Demand, enter the number of minutes after which the connection shuts off in the Max Idle Time field. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 42: Configuring Static Ip

    When you select this option, the Internet connection is always on. If you click Keep Alive, enter the number of seconds that the CVR100W attempts to reconnect after it is disconnected in the Redial period field. Authentication Type Choose the authentication type: •...
  • Page 43: Configuring Optional Settings

    The standard MTU value for Ethernet networks is usually 1500 bytes. For PPPoE connections, the value is 1492 bytes. Unless a change is required by your ISP, Cisco recommends that you choose Auto. The default MTU size is 1500 bytes.
  • Page 44: Cloning The Mac Address

    STEP 3 Cloning the MAC Address Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address. This is called MAC address cloning.
  • Page 45: Configuring Lan Settings

    The default subnet is 255.255.255.0. Click Save. STEP 3 After the CVR100W’s LAN IP address is changed, your PC is no longer connected to the CVR100W. To reconnect your PC to the CVR100W, do one of the following: STEP 4 •...
  • Page 46: Configuring Dhcp

    With DHCP enabled, the CVR100W’s IP address serves as the gateway address to your LAN. The CVR100W assigns IP addresses to PCs on the LAN from a pool of addresses. The CVR100W tests each address before it is assigned to avoid duplicate addresses on the LAN.
  • Page 47: Configuring Vlan

    VLANs can group endpoints without regard to the physical location of the equipment or users. To create a VLAN: Choose Networking > LAN > VLAN Configuration. STEP 1 Click Add Row. STEP 2 Enter the following information: STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 48 Description Enter a description to identify the VLAN. Port 1 You can associate VLANs on the CVR100W to the LAN ports on the device. By default, all 4 ports belong to Port 2 VLAN1. You can edit these ports to associate them Port 3 with other VLANs.
  • Page 49: Configuring Static Dhcp

    Configuring Network Configuring LAN Settings Configuring Static DHCP You can configure the CVR100W to assign a specific IP address to a device with a specific MAC address. To configure static DHCP: Choose Networking > LAN > Static DHCP. STEP 1 From the VLAN drop-down menu, choose a VLAN number.
  • Page 50: Configuring A Dmz Host

    DMZ host. You should assign the DMZ host an IP address in the same subnet as the CVR100W’s LAN IP address, but it cannot be identical to the IP address given to the LAN interface of this gateway.
  • Page 51: Configuring Dynamic Routing

    Keep this default setting if the CVR100W is hosting your network’s connection to the Internet. Router Click this radio button to set the CVR100W to act as a router. Select this option if the CVR100W is on a network with other routers.
  • Page 52: Configuring Static Routing

    In the Static Routing area, choose a route entry from the Route Entries drop- STEP 2 down menu. To delete the route entry, click Delete This Entry. Configure the following settings for the selected route entry: STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 53: Configuring Inter-Vlan Routing

    To view the IPv4 routing information on your network, click Show IPv4 Routing STEP 2 Table in the Routing Table area. To view the IPv6 routing information on your network, click Show IPv6 Routing STEP 3 Table in the Routing Table area. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 54: Configuring Dynamic Dns

    If you do not have a DDNS account, click the URL of the service to visit the STEP 3 selected DDNS service's website so that you can create an account. Configure the following information: STEP 4 Username Enter the username of the DDNS account. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 55: Configuring Ip Mode

    Enter the password of the DDNS account. Host Name (3322.org) Enter the host name of the DDNS server. Internet IP Address (3322.org) Internet IP address of the CVR100W. Status (3322.org) Displays the status if the DDNS update has completed successfully or if the account update information sent to the DDNS server failed.
  • Page 56: Configuring Ipv6

    ISP for this WAN or to use a static IPv6 address provided by the ISP. Setting the IP Mode To configure IPv6 WAN settings on your CVR100W, you must first set the IP mode to LAN:IPv6, WAN:IPv6 or LAN:IPv4+IPv6, WAN:IPv4+IPv6.
  • Page 57: Configuring Dhcpv6

    If your ISP assigns you a fixed address to access the Internet, configure the CVR100W to use a static IPv6 address. To configure the CVR100W to use a static IPv6 address: Choose Networking > IPv6 Configuration > IPv6 WAN Configuration.
  • Page 58: Configuring Ipv6 Lan Settings

    The DHCPv6 server assigns IPv6 addresses from configured address pools that use the IPv6 prefix length assigned to the LAN. Setting the IP Mode To configure IPv6 LAN settings on your CVR100W, you must first set the IP mode to one of the following modes: •...
  • Page 59: Configuring Dhcpv6 Settings

    STEP 2 configure the DHCPv6 settings: DHCP Status Check to enable the DHCPv6 server. If enabled, the CVR100W assigns an IP address within the specified range plus additional specified information to any LAN endpoint that requests DHCP- served addresses. Domain Name Enter the domain name of the DHCPv6 server.
  • Page 60: Configuring Ipv6 Address Pools

    Configuring IPv6 Address Pools You can define the IPv6 delegation prefix for a range of IPv6 addresses to be served by the CVR100W’s DHCPv6 server. Using a delegation prefix, you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix.
  • Page 61: Configuring Ipv6 Static Routing

    LAN, WAN, or 6to4. Metric Enter the priority of the route by choosing a value between 2 and 15. If multiple routes to the same desti- nation exist, the route with the lowest metric is used. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 62: Configuring Routing (Ripng)

    Check to make the route active. When you add a route in an inactive state, it gets listed in the routing table, but is not used by the CVR100W. You can always activate the route later. This feature is useful if the network that the route con- nects to is not available when you added the route.
  • Page 63: Configuring Ipv6-To-Ipv4 Tunneling

    Click Refresh to refresh the data on this page. STEP 2 Configuring Router Advertisement The Router Advertisement Daemon (RADVD) on the CVR100W listens for router solicitations in the IPv6 LAN and responds with router advertisements as required. This is stateless IPv6 auto configuration, and the CVR100W distributes IPv6 prefixes to all nodes on the network.
  • Page 64 (setting the router preference value) and hosts (interpreting the router preference value). These values are ignored by hosts that do not implement router preference. This feature is useful if there are other RADVD-enabled devices on the LAN. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 65: Configuring Advertisement Prefixes

    If you choose 6to4 as the IPv6 prefix type, enter the Site-Level Aggregation Identifier (SLA ID). The SLA ID in the 6to4 address prefix is set to the interface ID of the interface on which the advertise- ments are sent. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 66 Prefix Lifetime Enter the prefix lifetime, or the length of time over which the requesting router is allowed to use the pre- fix. Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 67: Chapter 4: Configuring Wireless Network

    Change the default wireless network name or SSID. Wireless devices have a default wireless network name or SSID. This is the name of your wireless network, and can be up to 32 characters in length. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 68 • Enable MAC address filtering. Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device.
  • Page 69: General Network Security Guidelines

    Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions: •...
  • Page 70: Configuring Basic Wireless Settings

    Choose this option if you have only Wireless-B devices in your network. G-Only Choose this option if you have only Wireless-G devices in your network. N-Only Choose this option if you have only Wireless-N devices in your network. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 71: Configuring Wireless Network Settings

    CVR100W. To configure the settings for a wireless network: Check the box for the network that you want to configure, and click the Edit button. STEP 1 Configure these settings: STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 72 Check to enable wireless isolation within the SSID. WMM (Wi-Fi Check to enable WMM. Multimedia) WPS Hardware Check to map the CVR100W’s WPS button on the front Button panel to this network. Click Save. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 73: Configuring Wireless Security

    To configure the security settings for a SSID: In the Wireless Table (Wireless > Basic Settings), check the SSID that you want STEP 1 to configure. Click Edit Security Mode. The Security Settings page opens. STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 74 5 ASCII characters (or 10 hexadecimal characters) for 64-bit WEP and 13 ASCII characters (or 26 hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are 0 to 9 and A to F. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 75 Enter the IP address of the RADIUS server. RADIUS Port Enter the port used to access the RADIUS server. Shared Key Enter an alphanumeric phrase (8 to 63 ASCII characters or 64 hexadecimal digits). Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 76: Configuring Mac Address Filtering

    If you want to add a device in the client list to the MAC Address Table, check the STEP 6 box in the Save to MAC Address Filter List column and click Add to MAC to add the selected device to the MAC Address Table. Click Save. STEP 7 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 77: Configuring Time Of Day Access

    Click Back to go back to the Basic Settings page. STEP 6 Configuring Guest Net The SSID4 (default name: cisco-guest) is used for guest access. The guests can access the Internet through this SSID and the internal network security would not be affected.
  • Page 78: Configuring Cisco Simple Connect

    By default, Cisco Simple Connect (CSC) is disabled on the CVR100W. You can set one of the SSIDs (SSID1, SSID2, or SSID3) of the CVR100W as the CSC wireless access point. The wireless clients that are associated with the CSC wireless access point can only access the Internet through the CVR100W.
  • Page 79 Configuring Basic Wireless Settings highest level of security that is supported by the devices into your wireless network. To enable Cisco Simple Connect and configure the settings of the CSC wireless access point: Choose Wireless > Basic Settings. The Basic Settings page opens.
  • Page 80 SSID Name Displays the current name of the CSC wireless access point. By default, it is named as Cisco-Simple-Connect after Cisco Simple Connect is enabled for the first time. Security Mode Displays the current security mode used on the CSC wireless access point.
  • Page 81: Configuring Advanced Wireless Settings

    WMM No Check Enable to enable this feature. Enabling WMM No Acknowledgement Acknowledgement can result in more efficient throughput, but higher error rates in a noisy Radio Frequency (RF) environment. Default setting is disabled. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 82 The Basic Rate setting is not the rate of transmission but a series of rates at which the Services Ready Platform can transmit. The CVR100W advertises its basic rate to the other wireless devices in your network, so they know which rates will be used.
  • Page 83 Send) Protection Mode when your Wireless-N and Wireless-G devices are experiencing severe problems and are not able to transmit to the CVR100W in an environment with heavy 802. 1 1b traffic. This function boosts the CVR100W’s ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance.
  • Page 84: Configuring Wds

    To establish a WDS link, the CVR100W and other remote WDS peers must be configured in the same wireless network mode, wireless channel, wireless band selection, and encryption types (None and WEP).
  • Page 85: Configuring Wps

    Connect. Click Save. STEP 6 Configuring WPS You can configure WPS on the CVR100W to allow WPS-enabled devices to more easily connect to the wireless network. To enable WPS on your CVR100W: Choose Wireless > WPS.
  • Page 86 WPS light flashes (1 Hz) for 30 seconds. Occurred WPS Session WPS light flashes (0. 1 Hz) in one second and turns off Overlap next second for 120 seconds. WPS Enabled or WPS light is off. Disabled Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 87: Chapter 5: Configuring Firewall

    CVR100W Firewall Features Access Rules You can secure your network by creating and applying rules that the CVR100W uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following: •...
  • Page 88 WAN ports are configured; for the CVR100W, you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can be used.
  • Page 89: Port Forwarding

    Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The CVR100W must send all incoming data for that application only on the required port or range of ports.
  • Page 90 Configure set by users who have UPnP support enabled on their computers or other UPnP enabled devices. If disabled, the CVR100W does not allow application to add the forwarding rule. Allow Users to (UPnP) Check to allow users to disable Internet Disable Internet access.
  • Page 91: Managing Firewall Schedules

    To create a schedule: Choose Firewall > Schedule Management. STEP 1 Click Add Row. STEP 2 In the Schedule Name field, enter a unique name to identify the schedule. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 92: Configuring Service Management

    In the Service Name field, enter the service name for identification and STEP 3 management purposes. In the Protocol field, choose the Layer 4 protocol that the service uses from the STEP 4 drop-down menu: • • • TCP & UDP • ICMP Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 93: Configuring Access Control

    Choose Allow or Deny. STEP 2 Click Save. STEP 3 Configuring Access Rules All configured access rules on the CVR100W are displayed in the Access Rules Table. To create an access rule: Choose Firewall > Access Control > Access Rules. STEP 1 Click Add Row.
  • Page 94 Internet Message Access Protocol (IMAP) • Network News Transport Protocol (NNTP) • Post Office Protocol (POP3) • Simple Network Management Protocol (SNMP) • Simple Mail Transfer Protocol (SMTP) • Telnet • Telnet Secondary Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 95 STEP 10 The priorities are defined by QoS Level: (1 (lowest), 2, 3, 4 (highest)). In the Rule Status field, check to enable the new access rule. STEP 11 Click Save. STEP 12 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 96: Configuring Internet Access Rules

    STEP 13 Configuring Internet Access Rules The CVR100W supports several options for blocking Internet access. You can block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block access to Internet sites by specifying keywords to block. If these keywords are found in the site's name (for example, web site URL or newsgroup name), the site is blocked.
  • Page 97: Configuring Single Port Forwarding

    In the Service Name field, enter the name of the service to configure port STEP 2 forwarding for. In the External Port field, enter the port number that triggers this rule when a STEP 3 connection request from outgoing traffic is made. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 98: Configuring Port Range Forwarding

    From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP & STEP 5 UDP). In the IP Address field, enter the IP address. STEP 6 In the Enable field, check the box to enable the rule. STEP 7 Click Save. STEP 8 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 99: Configuring Port Range Triggering

    If the incoming connection uses only one port, then specify the same port number in both fields. In the Enable field, check the box to enable the rule. STEP 5 Click Save. STEP 6 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 100: Chapter 6: Configuring Vpn

    1. Add the users in the VPN > VPN Clients page. See Configuring VPN Clients. 2. Instruct users to obtain the free Cisco QuickVPN software from Cisco.com, and install it on their computers. For more information, see Using Cisco QuickVPN.
  • Page 101: Site-To-Site Vpn

    The CVR100W supports site-to-site VPN for a single gateway-to-gateway VPN tunnel. For example, you can configure the CVR100W at a branch site to connect to the router at the corporate site, so that the branch site can securely access the corporate network.
  • Page 102: Importing Vpn Client Settings

    STEP 2 Click Import to load the file. STEP 3 A warning message appears saying “This operation will replace the existing VPN STEP 4 user settings. Are you sure to continue?” Click Yes. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 103: Configuring Basic Vpn Setup

    You could have a router like the Cisco RV220W that supports ten site-to-site VPN tunnels and have a CVR100W at each remote site to provide secure connectivity.
  • Page 104: Configuring Basic Vpn Settings

    Endpoint Information Remote Endpoint Choose the way that the remote endpoint, or the router to which the CVR100W will connect, is identified by IP address or FQDN (Fully-qualified Domain Name). Remote WAN Enter the public IP address or domain name of the (Internet) IP Address remote endpoint.
  • Page 105 Configuring Basic VPN Setup Redundancy Endpoint Choose the way that the remote redundancy endpoint, or the router to which the CVR100W will connect, is identified by IP address or FQDN. Redundancy WAN Enter the public IP address or domain name of the (Internet) IP Address remote redundancy endpoint.
  • Page 106: Configuring Advanced Vpn Setup

    CVR100W initiates and receives VPN connections with other endpoints. Configuring Global Advanced VPN Settings You can globally enable or disable NAT Traversal and NetBIOS on the CVR100W. To configure NAT Traversal and NetBIOS on your CVR100W: Choose VPN > Advanced VPN Setup.
  • Page 107: Managing Ike Policies

    Aggressive Mode: This mode establishes a faster connection, but with lowered security. Respondent Mode Check Enable to set the CVR100W to work as a VPN respondent. The CVR100W can only receive the VPN request from remote VPN peer. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 108 MD5, SHA-1, or SHA2-256. Ensure that the authentication algorithm is configured identically on both sides of the VPN tunnel (for example, the CVR100W and the router to which it is connecting). Pre-Shared Key Enter the key in the space provided. Note that the double-quote character (“) is not supported in the key.
  • Page 109: Configuring Vpn Policies

    DPD Timeout If you enable DPD, enter the maximum time that the CVR100W should wait to receive a response to the DPD message before considering the peer to be dead. Click Save. Then click Back to return to the Advanced VPN Setup page.
  • Page 110 Redundancy Check Enable to enable the redundancy gateway Endpoint feature so that the CVR100W can connect to a backup VPN endpoint when the primary VPN connection fails. If you enable this feature, specify the IP address or FQDN of the remote redundancy endpoint or the router to which the CVR100W will connect when the primary VPN connection fails.
  • Page 111 For a Manual policy type, enter the settings in the Manual Policy Parameters area. SPI-Incoming Enter a hexadecimal value between 3 and 8 characters; for example, 0x1234. SPI-Outgoing Enter a hexadecimal value between 3 and 8 characters. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 112 After the specified number of seconds passes, the Security Association is renegotiated. The default value is 3600 seconds. The minimum value is 300 seconds. Encryption Algorithm Select the algorithm used to encrypt the data. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 113: Managing Certificates

    Click IPSec Connection Status to see the status of all site-to-site VPN policies on STEP 5 the CVR100W. Managing Certificates The CVR100W uses digital certificates for IPsec VPN authentication and SSL validation (for HTTPS). You can generate and sign your own certificates using functionality available on the CVR100W. Generating a New Certificate You can generate a new certificate to replace the existing certificate on the CVR100W.
  • Page 114: Importing Certificates

    The certificate for administrator contains the private key and should be stored in a safe place as a backup. If the CVR100W’s configuration is restored to the factory default settings, this certificate can be imported and restored on the CVR100W.
  • Page 115: Configuring Vpn Passthrough

    CVR100W. To configure VPN passthrough: Choose VPN > VPN Passthrough. STEP 1 Choose the type of traffic to allow to pass through the CVR100W: STEP 2 IPsec Passthrough Check Enable to allow IP security tunnels to pass through the CVR100W.
  • Page 116: Chapter 7: Configuring Quality Of Service (Qos)

    (LAN) to the insecure network (WAN). Configuring Bandwidth You can limit the bandwidth to reduce the rate at which the CVR100W transmits data. You can also use a bandwidth profile to limit the outbound traffic, thus preventing the LAN users from consuming all of the bandwidth of the Internet link.
  • Page 117: Configuring Bandwidth Priority

    Save. To add a new service definition, click Configure Services. You can define a new STEP 8 service to use for all firewall and QoS definitions. See Configuring Service Management for more information. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 118: Configuring Qos Port-Based Settings

    Configuring Quality of Service (QoS) Configuring QoS Port-Based Settings Configuring QoS Port-Based Settings You can configure QoS settings for each LAN port on the CVR100W. The CVR100W supports 4 priority queues that allow for traffic prioritization per physical switch port.
  • Page 119: Configuring Cos Settings

    For each DSCP value in the DSCP Settings table, choose a priority level from the STEP 3 Queue drop-down menu. This maps the DSCP value to the selected QoS queue. Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 120 Configuring Quality of Service (QoS) Configuring DSCP Settings To restore the default DSCP settings, click Restore Default. STEP 5 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 121: Chapter 8: Administering Your Cvr100W

    Administering Your CVR100W This chapter describes the administration features of the CVR100W, including user management, network management, system diagnostics and logs, date and time, and other settings. It includes the following sections: • Configuring Password Complexity • Configuring Administrator Account Settings •...
  • Page 122: Configuring Password Complexity

    Administering Your CVR100W Configuring Password Complexity Configuring Password Complexity The CVR100W can enforce the minimum password complexity requirements for password changes. To configure the password complexity settings: Choose Administration > Password Complexity. STEP 1 In the Password Complexity Settings field, check Enable.
  • Page 123: Configuring Administrator Account Settings

    Check Blank Password to set the password blank (not recommended). STEP 4 Check Disable Password Strength Enforcement to disable password strength STEP 5 enforcement (nor recommended). Disabling password strength enforcement will increase your network security risk. Click Save. STEP 6 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 124: Configuring Remote Management

    You can access web-based Configuration Utility from the LAN side by using the CVR100W’s LAN IP address and HTTPS (HTTP over SSL) or HTTP, or from the WAN side by using the CVR100W’s WAN IP address and HTTPS or HTTP.
  • Page 125: Configuring Port Management

    To control the flow on a port, check the Flow Control box on that port. STEP 3 Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 126: Configuring Do-Not-Disturb Mode

    Configuring Do-Not-Disturb Mode Configuring Do-Not-Disturb Mode The Do-Not-Disturb Mode feature turns on or turns off all lights of the CVR100W. You can enable this feature by pressing the Do-Not-Disturb Mode button on the front panel or from web-based Configuration Utility.
  • Page 127: Configuring Bonjour

    Manually Set System Time fields. Click Save. STEP 7 Configuring Bonjour Bonjour is a service advertisement and discovery protocol. On the CVR100W, it only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: Choose Administration > Bonjour.
  • Page 128: Using Diagnostic Tools

    Network Tools Using Ping/Traceroute You can use the Ping tool to test connectivity between the CVR100W and another device in the network or to test connectivity to the Internet by pinging a fully qualified domain name (for example, www.cisco.com).
  • Page 129: Configuring Port Mirroring

    Choose Administration > Diagnostics > Port Mirroring. STEP 1 In the Mirror Source area, check the ports to mirror. STEP 2 In the Mirror Port area, choose a mirror port. STEP 3 Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 130: Configuring Logging

    Administering Your CVR100W Configuring Logging Configuring Logging The Logging page allows you to configure the logging settings on the CVR100W. Configuring Logging Settings To configure the logging settings: Choose Administration > Logging. STEP 1 In the Log Mode field, check Enable to enable the logging feature.
  • Page 131: Configuring Remote Syslog Server

    Administration > Backup / Restore Settings page. During a restore operation, do not try to go online, turn off the CVR100W, shut down CAUTION the PC, or use the CVR100W until the operation is complete. This should take about a minute.
  • Page 132: Backing Up Your Current Configuration

    Select the file and click Browse. STEP 3 Click Restore Configuration. STEP 4 The CVR100W uploads the configuration file and uses its settings to update the system configuration. Then the CVR100W restarts and uses the new configuration. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 133: Upgrading Firmware

    Administering Your CVR100W Upgrading Firmware Upgrading Firmware You can upgrade the CVR100W to a newer firmware from the Administration > Firmware Upgrade page. During a firmware upgrade, do not try to go online, turn off the device, shut down CAUTION the PC, or interrupt the process in any way until the operation is complete.
  • Page 134: Rebooting The Cvr100W

    Administering Your CVR100W Rebooting the CVR100W Go to the Status > System Summary page to make sure that the CVR100W is STEP 5 using the new firmware version. Rebooting the CVR100W To reboot the CVR100W, you can press and release the RESET button on the back panel for less than 5 seconds, or perform the Reboot operation from web-based Configuration Utility.
  • Page 135: Running The Setup Wizard

    STEP 1 Click Restore Factory Defaults. STEP 2 This reboots the unit and restores the CVR100W to the factory default settings. The settings that you have previously made to the CVR100W are lost. Running the Setup Wizard You can use the Setup Wizard to quickly configure the initial settings of your CVR100W.
  • Page 136 Gateway IP: Enter the IP address of the default gateway. Primary DNS: Enter the IP address of the primary DNS server. Secondary DNS: (Optional) Enter the IP address of the secondary DNS server. Click Next to continue. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 137 Exit, the changes that you made will be lost. The Change Password window appears if you exit the Setup Wizard without saving NOTE any settings. See Changing the Default Administrative Password for more information. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 138: Chapter 9: Using Cisco Simple Connect

    By default, Cisco Simple Connect is disabled on the CVR100W. You can set one of the SSIDs (SSID1, SSID2, or SSID3) as the CSC wireless access point. The wireless clients that are associated with the CSC wireless access point can only access the Internet through the CVR100W.
  • Page 139 CVR100W’s local network resources. • The CVR100W provides you with a unique token key and displays the time that you can access the Internet after you run the CSC client application on a smart phone or panel computer that supports the Android or iOS operating system to interact with the CSC card.
  • Page 140: Configuring Cisco Simple Connect

    Using Cisco Simple Connect Configuring Cisco Simple Connect Configuring Cisco Simple Connect To enable Cisco Simple Connect and configure the settings of the CSC wireless access point: Choose Wireless > Basic Settings. STEP 1 In the Wireless Table, check the SSID that you want to configure and click Edit.
  • Page 141 SSID Name Displays the current name of the CSC wireless access point. By default, it is named as Cisco-Simple-Connect after Cisco Simple Connect is enabled on this SSID for the first time. Security Mode Displays the current wireless security mode used on the CSC wireless access point.
  • Page 142: Connecting To Csc Wireless Network

    Internet. The CVR100W provides you with a unique token key and displays the time that you can access the Internet. If the CVR100W limits the time to access the Internet, the wireless connection will be terminated until the next legal login when your online time exceeds the limitation.
  • Page 143: Customizing Your Qr Code

    CSC-enabled devices. This section describes how to customize the SSID name and security key of the CSC wireless network, and then print a new QR code from the CVR100W Resources page. After you customize the SSID name and/or security key other than the default CAUTION settings that are provided on the CSC card, the CSC card will be invalid.
  • Page 144 Using Cisco Simple Connect Customizing Your QR Code The wireless clients can now use the CSC client application on their CSC-enabled devices to interact with the new QR code and connect to the CSC wireless network. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 145: Appendix A: Using Cisco Quickvpn

    Using Cisco QuickVPN This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from Cisco.com. QuickVPN works with computers running Windows 7, Windows XP, Windows Vista, or Windows 2000. Computers using other operating systems will have to use third-party VPN software.
  • Page 146: Installing The Cisco Quickvpn Software

    STEP 2 software. Save the zip file to your PC, and extract the zip file. STEP 3 Double-click the .exe file, and follow the on-screen instructions to install the Cisco STEP 4 QuickVPN software. Using the Cisco QuickVPN Software To launch the Cisco QuickVPN software and establish the VPN connection with a remote VPN server: Double-click the Cisco QuickVPN icon on your desktop or in the system tray.
  • Page 147 STEP 7 The connection progress displays: Connecting, Provisioning, Activating Policy, and Verifying Network. After your QuickVPN connection is established, the QuickVPN tray icon turns STEP 8 green, and the QuickVPN Status window appears. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 148 Enter your password in the Old Password field. Enter your new password in the STEP 10 New Password field. Then enter the new password again in the Confirm New Password field. Click OK to save your new password. STEP 11 Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 149 Using Cisco QuickVPN Using the Cisco QuickVPN Software You can change your password only if the Allow User to Change Password NOTE box has been checked for that username. See Configuring VPN Clients complete details. Cisco CVR100W Wireless-N VPN Router Administration Guide...
  • Page 150: Appendix B: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you obtain the full benefits of the Cisco CVR100W Wireless-N VPN Router. Support Cisco Small Business Support www.cisco.com/go/smallbizsupport Community Cisco Small Business Support www.cisco.com/go/smallbizhelp and Resources Phone Support Contacts www.cisco.com/go/sbsc...

Table of Contents