Copyright Copyright 2003 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.
Federal Communication Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation. R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication...
If any of the above items are missing, contact your supplier as soon as possible. 1.2 System Requirements Before installation, please check the following requirements with your equipment. Pentium Based (And Above) IBM-Compatible PC System CD-ROM drive Windows 98/ME/NT/2000/XP Operating System with TCP/IP protocol 1.3 Features 2.4GHz ISM band, unlicensed operation...
1.5 Wireless Performance The following information will help you utilizing the wireless performance, and operating coverage of WRT-410. 1. Site selection To avoid interferences, please locate WRT-410 and wireless clients away from transformers, microwave ovens, heavy-duty motors, refrigerators, fluorescent lights, and other industrial equipments.
Before you proceed with the installation, it is necessary that you have enough information about the WRT-410. 2.1 Hardware Connection 1. Locate an optimum location for the WRT-410. The best place for your WRT-410 is usually at the center of your wireless network, with line of sight to all of your mobile stations. 2.
Chapter 3 Configure through Web Browser Web configuration provides a user-friendly graphical user interface (web pages) to manage your WRT-410. A WRT-410 with an assigned IP address will allows you to monitor and configure via web browser (e.g., MS Internet Explorer or Netscape). 1.
This page enables you to set LAN and DHCP properties, such as the host name, IP address, subnet mask, and domain name. LAN and DHCP profiles are listed in the DHCP table at the bottom of the screen. Host Name: Type the host name in the text box. The host name is required by some ISPs. The default host name is "AP-Router."...
MAC Address: If required by your ISP, type the MAC address for the WRT-410 WAN interface in this field. You can also copy the MAC address of your PC’s network card to the WRT-410 WAN interface by clicking “Clone MAC address”. When using PPPoE, enter the following information in the fields (some information are provided by your ISP): WAN IP: Select whether you want the ISP to provide the IP address automatically, or whether you want...
When using PPTP, enter the following information in the fields (some information are provided by your ISP): IP Address: Type the IP address which your ISP provides. Subnet Mask: Type the Subnet Mask which your ISP provides. Gateway: Type the IP address of Gateway which your ISP provides. Server IP: Type the IP address of server which offers Internet service.
Administrator: Type the password the Administrator will use to login to the system. The password must be typed again for confirmation. User: Users can type a password to be used for logging in to the system. The password must be typed again for confirmation.
3.1.5 Dynamic DNS You can configure WRT-410 to use DDNS service if you already have a registered DDNS account. DDNS: You can enable or disable DDNS function here. Server Address: Please type in the url of your DDNS service provider. Currently, WRT-410 supports DynDNS only, thus you have to key in “www.dyndns.org”...
Enable/Disable: Enable or disable wireless LAN via the WRT-410. SSID: Type an SSID in the field. The SSID of any wireless device must match the SSID typed here in order for the wireless device to access the LAN and WAN via the WRT-410. Channel: Select a work channel for wireless communications.
Lifetime: Select proper time interval from the drop-down list. Once the lifetime expires, the Encryption key will be renewed by RADIUS server automatically. Encryption Key: Select the Encryption key length to be 64-bits or 128-bits. RADIUS Server 1: Enter the IP address, communicate port number, and shared secret key of your primary RADIUS server.
Beacon Interval: Type the beacon interval in the field. You can specify a value from 20 to 1000. The default beacon interval is 100. RTS Threshold: Type the RTS (Request-To-Send) threshold in the field. This value stabilizes data flow. If data flow is irregular, choose values between 1 and 2346 until data flow is normalized. Fragmentation Threshold: Type the fragmentation threshold in the field.
Firmware Version: Displays the latest build of the WRT-410 firmware interface. After upgrading the firmware in Tools -> Firmware, check this to ensure that your firmware was successfully upgraded. LAN: This field displays the WRT-410 LAN interface MAC address, IP address, subnet mask, and DHCP server status.
First Page: View the first page of the log message list. Last Page: View the last page of the log message list. Previous Page: View the page just before the current page. Next Page: View the page just after the current page. Clear Log: Delete the contents of the log and begin a new log.
SMTP Server: Type the SMTP server address for the email that the log will be sent to in the next field. Send to: Type an email address for the log to be sent to. Click “Email Log Now” to send the current log immediately.
Click “Reset” to erase all statistics and begin logging statistics again. Utilization: Separates packet transmission statistics into send and receive categories. Peak indicates the maximum packet transmission recorded since logging began, while Average indicates the average of the total packet transmission since recording began. 3.3.5 Wireless This screen will show you which wireless devices that are connected to this WRT-410 via wireless interface.
Network Address: Type the static IP address your network uses to access the Internet. Your ISP or network administrator provides you with this information. Network Mask: Type the network (subnet) mask for your network. If you do not type a value here, the network mask defaults to 255.255.255.255.
NAT: Select the option to enable or disable NAT. Transmit: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2. Receive: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2. 3.4.3 Routing Table This screen will show you the routing table of WRT-410.
3.5 Access 3.5.1 Filters This screen enables you to allow and deny user access based upon the filters you set. If MAC Filters is selected, the screen appears as below. MAC Filter: Enables you to allow or deny Internet access for users within the LAN based upon the MAC address of their network interface.
The following screen appears once you select IP Filters. It enables you to define a minimum and maximum IP address range filter; all IP addresses falling in the range are not allowed Internet access. The IP filter profiles are listed in the table at the bottom of the page. Note: When selecting items in the table at the bottom, click anywhere in the item.
Select Domain Blocking, and the following screen appear. Domain Blocking: There are three options in this field. Select the proper setting according to your demand. Permitted Domains: Enter the domain name in the text field, and click “Add” button to add it to the list. Blocked Domains: Enter the domain name in the text field, and click “Add”...
Note: When selecting items in the table at the bottom, click anywhere in the item. The line is selected, and the fields automatically load the item's parameters, which you can edit. Protocol Filter: Enables you to allow or deny Internet access to users based upon the communications protocol of the origin.
Public Port: Type the port number on the WAN that will be used to provide access to the virtual server. LAN Server: Type the LAN IP address that will be assigned to the virtual server. Add: Click to add the virtual server to the table at the bottom of the screen. Update: Click to update information for the virtual server if you have selected a list item and have made changes.
3.5.4 DMZ This screen enables you to create a DMZ for those computers that cannot access Internet applications properly through the WRT-410 and associated security settings. Enable: Click to enable or disable the DMZ. DMZ Host IP: Type a host IP address for the DMZ. The computer with this IP address acts as a DMZ host with unlimited Internet access.
Enable: Click to enable or disable the firewall rule profile. Name: Type a descriptive name for the firewall rule profile. Action: Select whether to allow or deny packets that conform to the rule. Source: Defines the source of the incoming packet that the rule is applied to. Interface: Select which interface (WAN or LAN) the rule is applied to.
Enabled/Disabled: Click to enable or disable SNMP. By default is disabled. System Name: Displays the name given to the WRT-410. System Location: Displays the location of the WRT-410 (normally, the DNS name). System Contact: Displays the contact information for the person responsible for the WRT-410. Community: SNMP system name for exchanging SNMP community messages.
Enable: Click to enable or disable HTTP access for remote management. Remote IP Range: Type the range of IP addresses that can be used for remote access. Allows to Ping WAN Port: This function allows remote users to ping WRT-410 WAN port IP address. Enable: Click to enable or disable WAN port pinged function.
Save Settings: Click to save the current configuration as a profile that you can load when necessary. Load Settings: Click “Browse” and go to the location of a stored profile. Click Load to load the profile's settings. Restore Factory Default Settings: Click to restore the default settings. All configuration changes you have made will be lost.
3.8 Wizard The setup wizard enables you to configure the WRT-410 quickly and conveniently. Click “Wizard” button, the window below will appear. Please click “Next>” and follow the steps to configure WRT-410. You are prompted to select a password. Type a password in the text box, and then type it again for verification.
Chapter 4 802.1X Authentication Setup 4.1 802.1X Infrastructure An 802.1X Infrastructure is composed of three major components: Authenticator, Authentication server, and Supplicant. Authentication server: An entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.
6. The client validates the digital certificate, and replies its own digital certificate to the RADIUS server. 7. The RADIUS server validates client’s digital certificate. 8. The client and RADIUS server derive encryption keys. 9. The RADIUS server sends WRT-410 a RADIUS ACCEPT message, including the client’s WEP key. 10.
6. Enter the information that you want for your Certificate Service, and click “Next” to continue. 7. Go to Start > Program > Administrative Tools > Certificate Authority. 8. Right-click on the “Policy Setting”, select “new”. 9. Select “Certificate to Issue”. 10.
11. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 12. Right-click on domain, and select ”Properties” to continue. 13. Select “Group Policy” tab and click “Properties” to continue. - 34 -...
Certificate 17. The Automatic Certificate Request Setup Wizard will guide you through the Automatic Request setup, simply click “Next” through to the last step. 18. Click “Finish” to complete the Automatic Certificate Request Setup 19. Go to Start > Run, and type “command” and click “Enter” to open Command Prompt. 20.
Setting Internet Authentication Service 24. Go to Start > Program > Administrative Tools > Internet Authentication Service. 25. Right-click “Client”, and select “New Client”. 26. Enter the IP address of WRT-410 in the Client address text field, a memorable name for WRT-410 in the Client-Vendor text field, the access password used by WRT-410 in the Shared secret text field.
31. Unless you want to specify the active duration for 802.1X authentication, click “OK” to accept for having 802.1x authentication enabled at all times. 32. Select “Grant remote access permission”, and click “Next” to continue. - 39 -...
38. Select “Internet Authentication Service (Local)”, click on “Action” from top panel. Then click “Register Service in Active Directory”. 39. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 40. Right click on the domain, and select “Properties”. 41.
42. Go to “Computer Configuration” > “Windows Settings” > “Security Settings” > “Account Policies” > “Password Policies”. Double click on “Store password using reversible encryption for all users in the domain”. - 43 -...
43. Click “Define this policy setting”, select “Enabled”, and click “OK” to continue. 44. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 45. Go to Users. Right-click on the user that you are granting access, and select “Properties”. 46.
4.3 Authenticator Setup 1. For EAP-MD5 Authentication, WEP key must be set previously. Go to Wireless>Authentication. Enable WEP key, and enter a desired key string. You can skip this step if using EAP-TLS Authentication. 2. Click on 802.1X for detailed configuration. 3.
6. Enter the IP address, Port number, and Shared Secret Key used by the Secondary Radius Server. 7. Click “Apply”. The 802.1x settings will take effect right after WRT-410 reboots itself. 4.4 Wireless Client Setup Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an 802.1X client utility is needed.
7. Enter the network key in “Network key” text box. The string must be the same as the first set of WEP key which you set to WRT-410. 8. Click “OK”. 9. Select “Authentication” tab. 10. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. 11.
12. Click “OK”. 13. When wireless client has associated with WRT-410, a user authentication notice appears in system tray. Click on the notice to continue. 14. Enter the user name, password and the logon domain that your account belongs. 15. Click “OK” to complete the validation process. 4.4.2 EAP-TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a...
CA server. Furthermore, you must have a valid account/password to access the server. 1. Active web browser, enter “http://192.168.1.10/certsrv” in the Address field which 192.168.1.10 is the IP address of our server. This will directly access to Certificate Service of a Windows 2000 server. A dialog box will prompt you to enter user name and password.
7. The certificate is issued by the server, click “Install this certificate” to download and store the certificate to your local computer. 8. Click “Yes” to store the certificate to your local computer. 9. Certificate is now installed. Wireless Adapter Setup 1.
2. Right-click on the Wireless Network Connection which using WL-3555. 3. Click “Properties” to open up the Properties setting window. 4. Click on the “Wireless Network” tab. 5. Click “Properties” of one available wireless network, which you want to associate with. - 54 -...
8. Click “Authentication” tab 9. Select “Enable network access control using IEEE 802.1X” option to enable 802.1x authentication. 10. Select “Smart Card or other Certificate” from the drop-down list box for EAP type. 11. Click “OK”. 12. When wireless client has associated with WRT-410, Windows XP will prompt you to select a certificate for wireless network connection.
13. Select the certificate that was issued by the server (in our demonstration: WirelessCA), and click “OK” to continue. 14. Make sure this certificate is issued by correct server, and click “OK” to complete the authentication process. - 57 -...
This chapter provides solutions to problems usually encountered during the installation and operation of the Wireless Broadband Router. Read the description below to solve your problems. 5.1 Frequently Asked Questions What is WPA (Wi-Fi Protected Access)? WPA resolves the issue of weak WEP headers, which are called initialization vectors (IV), and provides a way of insuring the integrity of the messages passed through MIC (called Michael or message integrity check) using TKIP (the Temporal Key Integrity Protocol) to enhance data encryption.
This new products use the ACX100 chip from Texas Instruments. In addition to meeting the existing standard, the chip also supports a new modulation scheme developed by TI, called Packet Binary Convolution Code (PBCC). It's this scheme that gives the products the extra kick: Even at lower speeds, PBCC provides better performance at greater distances, and it can also work at 22 Mbps.
DNS stands for Domain Name System. DNS converts machine names to the IP addresses that all machines on the net have. It translates from name to address and from address to name. DOMAIN NAME The domain name typically refers to an Internet site address. DTIM DTIM (Delivery Traffic Indication Message) provides client stations with information on the next opportunity to monitor for broadcast or multicast messages.
IP (Internet Protocol) is the protocol in the TCP/IP communications protocol suite that contains a network address and allows messages to be routed to a different network or subnet. However, IP does not ensure delivery of a complete message—TCP provides the function of ensuring delivery. IP ADDRESS The IP (Internet Protocol) address refers to the address of a computer attached to a TCP/IP network.
PING Ping (Packet INternet Groper) is a utility used to find out if a particular IP address is present online, and is usually used by networks for debugging. PORT Ports are the communications pathways in and out of computers and network devices (routers and switches).
with an incoming IP address to determine whether to accept or reject the packet. SYSLOG SERVER A SysLog server monitors incoming Syslog messages and decodes the messages for logging purposes. (Transmission Control Protocol) is the transport protocol in TCP/IP that ensures messages over the network are transmitted accurately and completely.