Planet Networking & Communication 802.11g Wireless Broadband Router WRT-410 User Manual

802.11g wireless broadband router wrt-410

Advertisement

Quick Links

802.11g Wireless Broadband Router
WRT-410
User's Manual

Advertisement

Table of Contents
loading

Summary of Contents for Planet Networking & Communication 802.11g Wireless Broadband Router WRT-410

  • Page 1 802.11g Wireless Broadband Router WRT-410 User’s Manual...
  • Page 2: Federal Communication Commission Interference Statement

    Copyright Copyright 2003 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.
  • Page 3 Federal Communication Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation. R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication...
  • Page 4: Table Of Contents

    CHAPTER 1 INTRODUCTION ... 1 1.1 P ... 1 ACKAGE ONTENTS 1.2 S YSTEM EQUIREMENTS 1.3 F ... 1 EATURES 1.4 S ... 2 PECIFICATION 1.5 W IRELESS ERFORMANCE CHAPTER 2 HARDWARE INSTALLATION ... 4 2.1 H ARDWARE ONNECTION 2.2 LED I ...
  • Page 5 3.5.5 Firewall Rule... 25 3.6 M ... 26 ANAGEMENT 3.6.1 SNMP ... 26 3.6.2 Remote Management... 27 3.7 T ... 28 OOLS 3.7.1 Restart ... 28 3.7.2 Settings ... 28 3.7.3 Firmware ... 29 3.7.4 Ping Test... 29 3.8 W ...
  • Page 6: Chapter 1 Introduction

    If any of the above items are missing, contact your supplier as soon as possible. 1.2 System Requirements Before installation, please check the following requirements with your equipment. Pentium Based (And Above) IBM-Compatible PC System CD-ROM drive Windows 98/ME/NT/2000/XP Operating System with TCP/IP protocol 1.3 Features 2.4GHz ISM band, unlicensed operation...
  • Page 7: Specification

    1.4 Specification Standards IEEE 802.11b, IEEE 802.11g Signal Type DSSS (Direct Sequence Spread Spectrum) Modulation BPSK / QPSK / CCK / OFDM WAN: 10/100Base-TX (RJ-45) * 1 Port LAN: 10/100Base-TX (RJ-45) * 4 Antenna One Detachable Dipole Antenna Antenna Gain 2dBi Output Power 17dBm...
  • Page 8: Wireless Performance

    1.5 Wireless Performance The following information will help you utilizing the wireless performance, and operating coverage of WRT-410. 1. Site selection To avoid interferences, please locate WRT-410 and wireless clients away from transformers, microwave ovens, heavy-duty motors, refrigerators, fluorescent lights, and other industrial equipments.
  • Page 9: Chapter 2 Hardware Installation

    Before you proceed with the installation, it is necessary that you have enough information about the WRT-410. 2.1 Hardware Connection 1. Locate an optimum location for the WRT-410. The best place for your WRT-410 is usually at the center of your wireless network, with line of sight to all of your mobile stations. 2.
  • Page 10: Chapter 3 Configure Through Web Browser

    Chapter 3 Configure through Web Browser Web configuration provides a user-friendly graphical user interface (web pages) to manage your WRT-410. A WRT-410 with an assigned IP address will allows you to monitor and configure via web browser (e.g., MS Internet Explorer or Netscape). 1.
  • Page 11: Wan

    This page enables you to set LAN and DHCP properties, such as the host name, IP address, subnet mask, and domain name. LAN and DHCP profiles are listed in the DHCP table at the bottom of the screen. Host Name: Type the host name in the text box. The host name is required by some ISPs. The default host name is "AP-Router."...
  • Page 12 MAC Address: If required by your ISP, type the MAC address for the WRT-410 WAN interface in this field. You can also copy the MAC address of your PC’s network card to the WRT-410 WAN interface by clicking “Clone MAC address”. When using PPPoE, enter the following information in the fields (some information are provided by your ISP): WAN IP: Select whether you want the ISP to provide the IP address automatically, or whether you want...
  • Page 13: Password

    When using PPTP, enter the following information in the fields (some information are provided by your ISP): IP Address: Type the IP address which your ISP provides. Subnet Mask: Type the Subnet Mask which your ISP provides. Gateway: Type the IP address of Gateway which your ISP provides. Server IP: Type the IP address of server which offers Internet service.
  • Page 14: Time

    Administrator: Type the password the Administrator will use to login to the system. The password must be typed again for confirmation. User: Users can type a password to be used for logging in to the system. The password must be typed again for confirmation.
  • Page 15: Dynamic Dns

    3.1.5 Dynamic DNS You can configure WRT-410 to use DDNS service if you already have a registered DDNS account. DDNS: You can enable or disable DDNS function here. Server Address: Please type in the url of your DDNS service provider. Currently, WRT-410 supports DynDNS only, thus you have to key in “www.dyndns.org”...
  • Page 16: Authentication

    Enable/Disable: Enable or disable wireless LAN via the WRT-410. SSID: Type an SSID in the field. The SSID of any wireless device must match the SSID typed here in order for the wireless device to access the LAN and WAN via the WRT-410. Channel: Select a work channel for wireless communications.
  • Page 17: Advanced

    Lifetime: Select proper time interval from the drop-down list. Once the lifetime expires, the Encryption key will be renewed by RADIUS server automatically. Encryption Key: Select the Encryption key length to be 64-bits or 128-bits. RADIUS Server 1: Enter the IP address, communicate port number, and shared secret key of your primary RADIUS server.
  • Page 18: Status

    Beacon Interval: Type the beacon interval in the field. You can specify a value from 20 to 1000. The default beacon interval is 100. RTS Threshold: Type the RTS (Request-To-Send) threshold in the field. This value stabilizes data flow. If data flow is irregular, choose values between 1 and 2346 until data flow is normalized. Fragmentation Threshold: Type the fragmentation threshold in the field.
  • Page 19: Log

    Firmware Version: Displays the latest build of the WRT-410 firmware interface. After upgrading the firmware in Tools -> Firmware, check this to ensure that your firmware was successfully upgraded. LAN: This field displays the WRT-410 LAN interface MAC address, IP address, subnet mask, and DHCP server status.
  • Page 20: Log Settings

    First Page: View the first page of the log message list. Last Page: View the last page of the log message list. Previous Page: View the page just before the current page. Next Page: View the page just after the current page. Clear Log: Delete the contents of the log and begin a new log.
  • Page 21: Statistic

    SMTP Server: Type the SMTP server address for the email that the log will be sent to in the next field. Send to: Type an email address for the log to be sent to. Click “Email Log Now” to send the current log immediately.
  • Page 22: Wireless

    Click “Reset” to erase all statistics and begin logging statistics again. Utilization: Separates packet transmission statistics into send and receive categories. Peak indicates the maximum packet transmission recorded since logging began, while Average indicates the average of the total packet transmission since recording began. 3.3.5 Wireless This screen will show you which wireless devices that are connected to this WRT-410 via wireless interface.
  • Page 23: Dynamic

    Network Address: Type the static IP address your network uses to access the Internet. Your ISP or network administrator provides you with this information. Network Mask: Type the network (subnet) mask for your network. If you do not type a value here, the network mask defaults to 255.255.255.255.
  • Page 24: Routing Table

    NAT: Select the option to enable or disable NAT. Transmit: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2. Receive: Select the option to set the desired transmit parameters. Disabled, RIP 1 or RIP 2. 3.4.3 Routing Table This screen will show you the routing table of WRT-410.
  • Page 25: Access

    3.5 Access 3.5.1 Filters This screen enables you to allow and deny user access based upon the filters you set. If MAC Filters is selected, the screen appears as below. MAC Filter: Enables you to allow or deny Internet access for users within the LAN based upon the MAC address of their network interface.
  • Page 26 The following screen appears once you select IP Filters. It enables you to define a minimum and maximum IP address range filter; all IP addresses falling in the range are not allowed Internet access. The IP filter profiles are listed in the table at the bottom of the page. Note: When selecting items in the table at the bottom, click anywhere in the item.
  • Page 27 Select Domain Blocking, and the following screen appear. Domain Blocking: There are three options in this field. Select the proper setting according to your demand. Permitted Domains: Enter the domain name in the text field, and click “Add” button to add it to the list. Blocked Domains: Enter the domain name in the text field, and click “Add”...
  • Page 28: Virtual Server

    Note: When selecting items in the table at the bottom, click anywhere in the item. The line is selected, and the fields automatically load the item's parameters, which you can edit. Protocol Filter: Enables you to allow or deny Internet access to users based upon the communications protocol of the origin.
  • Page 29: Special Ap

    Public Port: Type the port number on the WAN that will be used to provide access to the virtual server. LAN Server: Type the LAN IP address that will be assigned to the virtual server. Add: Click to add the virtual server to the table at the bottom of the screen. Update: Click to update information for the virtual server if you have selected a list item and have made changes.
  • Page 30: Dmz

    3.5.4 DMZ This screen enables you to create a DMZ for those computers that cannot access Internet applications properly through the WRT-410 and associated security settings. Enable: Click to enable or disable the DMZ. DMZ Host IP: Type a host IP address for the DMZ. The computer with this IP address acts as a DMZ host with unlimited Internet access.
  • Page 31: Management

    Enable: Click to enable or disable the firewall rule profile. Name: Type a descriptive name for the firewall rule profile. Action: Select whether to allow or deny packets that conform to the rule. Source: Defines the source of the incoming packet that the rule is applied to. Interface: Select which interface (WAN or LAN) the rule is applied to.
  • Page 32: Remote Management

    Enabled/Disabled: Click to enable or disable SNMP. By default is disabled. System Name: Displays the name given to the WRT-410. System Location: Displays the location of the WRT-410 (normally, the DNS name). System Contact: Displays the contact information for the person responsible for the WRT-410. Community: SNMP system name for exchanging SNMP community messages.
  • Page 33: Tools

    Enable: Click to enable or disable HTTP access for remote management. Remote IP Range: Type the range of IP addresses that can be used for remote access. Allows to Ping WAN Port: This function allows remote users to ping WRT-410 WAN port IP address. Enable: Click to enable or disable WAN port pinged function.
  • Page 34: Firmware

    Save Settings: Click to save the current configuration as a profile that you can load when necessary. Load Settings: Click “Browse” and go to the location of a stored profile. Click Load to load the profile's settings. Restore Factory Default Settings: Click to restore the default settings. All configuration changes you have made will be lost.
  • Page 35: Wizard

    3.8 Wizard The setup wizard enables you to configure the WRT-410 quickly and conveniently. Click “Wizard” button, the window below will appear. Please click “Next>” and follow the steps to configure WRT-410. You are prompted to select a password. Type a password in the text box, and then type it again for verification.
  • Page 36: Chapter 4 802.1X Authentication Setup

    Chapter 4 802.1X Authentication Setup 4.1 802.1X Infrastructure An 802.1X Infrastructure is composed of three major components: Authenticator, Authentication server, and Supplicant. Authentication server: An entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.
  • Page 37: Radius Server Setup

    6. The client validates the digital certificate, and replies its own digital certificate to the RADIUS server. 7. The RADIUS server validates client’s digital certificate. 8. The client and RADIUS server derive encryption keys. 9. The RADIUS server sends WRT-410 a RADIUS ACCEPT message, including the client’s WEP key. 10.
  • Page 38 6. Enter the information that you want for your Certificate Service, and click “Next” to continue. 7. Go to Start > Program > Administrative Tools > Certificate Authority. 8. Right-click on the “Policy Setting”, select “new”. 9. Select “Certificate to Issue”. 10.
  • Page 39 11. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 12. Right-click on domain, and select ”Properties” to continue. 13. Select “Group Policy” tab and click “Properties” to continue. - 34 -...
  • Page 40 14. Go to “Computer Configuration” > “Security Settings” > “Public Key Policies” 15. Right-click “Automatic Certificate Request Setting”, and select “New” 16. Click “Automatic Certificate Request ...” - 35 -...
  • Page 41 Certificate 17. The Automatic Certificate Request Setup Wizard will guide you through the Automatic Request setup, simply click “Next” through to the last step. 18. Click “Finish” to complete the Automatic Certificate Request Setup 19. Go to Start > Run, and type “command” and click “Enter” to open Command Prompt. 20.
  • Page 42 Setting Internet Authentication Service 24. Go to Start > Program > Administrative Tools > Internet Authentication Service. 25. Right-click “Client”, and select “New Client”. 26. Enter the IP address of WRT-410 in the Client address text field, a memorable name for WRT-410 in the Client-Vendor text field, the access password used by WRT-410 in the Shared secret text field.
  • Page 43 28. In the Internet Authentication Service, right-click “Remote Access Policies” 29. Select “New Remote Access Policy”. 30. Select “Day-And-Time-Restriction”, and click “Add” to continue. - 38 -...
  • Page 44 31. Unless you want to specify the active duration for 802.1X authentication, click “OK” to accept for having 802.1x authentication enabled at all times. 32. Select “Grant remote access permission”, and click “Next” to continue. - 39 -...
  • Page 45 33. Click “Edit Profile”. For TLS Authentication Setup (Steps 34 ~ 35) 34. Select “Authentication” Tab. 35. Enable “Extensible Authentication Protocol”, and select “Smart Card or other Certificate” for TLS authentication. Click “OK”. Then go to step 38. - 40 -...
  • Page 46 For MD5 Authentication Setup (Steps 36 ~ 37) 36. Select “Authentication” Tab. 37. Enable “Extensible Authentication Protocol”. Select “MD5-Challenge” and enable “Encrypted Authentication (CHAP)” for MD5 authentication. Click “OK”. - 41 -...
  • Page 47 38. Select “Internet Authentication Service (Local)”, click on “Action” from top panel. Then click “Register Service in Active Directory”. 39. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 40. Right click on the domain, and select “Properties”. 41.
  • Page 48 42. Go to “Computer Configuration” > “Windows Settings” > “Security Settings” > “Account Policies” > “Password Policies”. Double click on “Store password using reversible encryption for all users in the domain”. - 43 -...
  • Page 49 43. Click “Define this policy setting”, select “Enabled”, and click “OK” to continue. 44. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 45. Go to Users. Right-click on the user that you are granting access, and select “Properties”. 46.
  • Page 50 48. Go to the “Dial-in” tab, and check “Allow access” option for Remote Access Permission and “No Call-back” for Callback Options. Then click “OK”. - 45 -...
  • Page 51: Authenticator Setup

    4.3 Authenticator Setup 1. For EAP-MD5 Authentication, WEP key must be set previously. Go to Wireless>Authentication. Enable WEP key, and enter a desired key string. You can skip this step if using EAP-TLS Authentication. 2. Click on 802.1X for detailed configuration. 3.
  • Page 52: Wireless Client Setup

    6. Enter the IP address, Port number, and Shared Secret Key used by the Secondary Radius Server. 7. Click “Apply”. The 802.1x settings will take effect right after WRT-410 reboots itself. 4.4 Wireless Client Setup Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an 802.1X client utility is needed.
  • Page 53 5. Click “Properties” of one available wireless network, which you want to associate with. 6. Select “Data encryption (WEP enabled)” option, but leave other options unselected. - 48 -...
  • Page 54 7. Enter the network key in “Network key” text box. The string must be the same as the first set of WEP key which you set to WRT-410. 8. Click “OK”. 9. Select “Authentication” tab. 10. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. 11.
  • Page 55: Eap-Tls Authentication

    12. Click “OK”. 13. When wireless client has associated with WRT-410, a user authentication notice appears in system tray. Click on the notice to continue. 14. Enter the user name, password and the logon domain that your account belongs. 15. Click “OK” to complete the validation process. 4.4.2 EAP-TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a...
  • Page 56 CA server. Furthermore, you must have a valid account/password to access the server. 1. Active web browser, enter “http://192.168.1.10/certsrv” in the Address field which 192.168.1.10 is the IP address of our server. This will directly access to Certificate Service of a Windows 2000 server. A dialog box will prompt you to enter user name and password.
  • Page 57 5. Click “Submit >” to continue. 6. The Certificate Service is now processing the certificate request. - 52 -...
  • Page 58 7. The certificate is issued by the server, click “Install this certificate” to download and store the certificate to your local computer. 8. Click “Yes” to store the certificate to your local computer. 9. Certificate is now installed. Wireless Adapter Setup 1.
  • Page 59 2. Right-click on the Wireless Network Connection which using WL-3555. 3. Click “Properties” to open up the Properties setting window. 4. Click on the “Wireless Network” tab. 5. Click “Properties” of one available wireless network, which you want to associate with. - 54 -...
  • Page 60 6. Select “The key is provided for me automatically” option. 7. Click “OK”. - 55 -...
  • Page 61 8. Click “Authentication” tab 9. Select “Enable network access control using IEEE 802.1X” option to enable 802.1x authentication. 10. Select “Smart Card or other Certificate” from the drop-down list box for EAP type. 11. Click “OK”. 12. When wireless client has associated with WRT-410, Windows XP will prompt you to select a certificate for wireless network connection.
  • Page 62 13. Select the certificate that was issued by the server (in our demonstration: WirelessCA), and click “OK” to continue. 14. Make sure this certificate is issued by correct server, and click “OK” to complete the authentication process. - 57 -...
  • Page 63: Chapter 5 Troubleshooting

    This chapter provides solutions to problems usually encountered during the installation and operation of the Wireless Broadband Router. Read the description below to solve your problems. 5.1 Frequently Asked Questions What is WPA (Wi-Fi Protected Access)? WPA resolves the issue of weak WEP headers, which are called initialization vectors (IV), and provides a way of insuring the integrity of the messages passed through MIC (called Michael or message integrity check) using TKIP (the Temporal Key Integrity Protocol) to enhance data encryption.
  • Page 64: Glossary

    This new products use the ACX100 chip from Texas Instruments. In addition to meeting the existing standard, the chip also supports a new modulation scheme developed by TI, called Packet Binary Convolution Code (PBCC). It's this scheme that gives the products the extra kick: Even at lower speeds, PBCC provides better performance at greater distances, and it can also work at 22 Mbps.
  • Page 65 DNS stands for Domain Name System. DNS converts machine names to the IP addresses that all machines on the net have. It translates from name to address and from address to name. DOMAIN NAME The domain name typically refers to an Internet site address. DTIM DTIM (Delivery Traffic Indication Message) provides client stations with information on the next opportunity to monitor for broadcast or multicast messages.
  • Page 66 IP (Internet Protocol) is the protocol in the TCP/IP communications protocol suite that contains a network address and allows messages to be routed to a different network or subnet. However, IP does not ensure delivery of a complete message—TCP provides the function of ensuring delivery. IP ADDRESS The IP (Internet Protocol) address refers to the address of a computer attached to a TCP/IP network.
  • Page 67 PING Ping (Packet INternet Groper) is a utility used to find out if a particular IP address is present online, and is usually used by networks for debugging. PORT Ports are the communications pathways in and out of computers and network devices (routers and switches).
  • Page 68 with an incoming IP address to determine whether to accept or reject the packet. SYSLOG SERVER A SysLog server monitors incoming Syslog messages and decodes the messages for logging purposes. (Transmission Control Protocol) is the transport protocol in TCP/IP that ensures messages over the network are transmitted accurately and completely.
  • Page 69 WLAN. WAN (Wide Area Network) is a communications network that covers a wide geographic area such as a country (contrasted with a LAN, which covers a small area such as a company building). - 64 -...

Table of Contents