1. Manuals
  2. Brands
  3. Linksys Manuals
  4. Network Router
  5. WRVS4400N - Small Business Wireless-N Gigabit Security...
  6. Manual

Linksys WRVS4400N Manual

Wireless-n gigabit security router with vpn
Hide thumbs Also See for WRVS4400N:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Product Data, User Manual
Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco

Advertisement

Table of Contents
loading

Related Manuals for Linksys WRVS4400N

Summary of Contents for Linksys WRVS4400N

  • Page 1 Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco...
  • Page 2 Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2006 Cisco Systems, Inc. All rights reserved. Other brands and product names are trademarks or registered trademarks of their respective holders. WARNING: This product contains chemicals, including lead, known to the State of California to cause cancer, and birth defects or other reproductive harm.

  • Page 3: Table Of Contents

    Table of Contents Chapter 1 : Introduction 1 Welcome What’s in this Guide? 2 Chapter 2 : Networking and Security Basics 4 An Introduction to LANs The Use of IP Addresses 5 The Intrusion Prevention System (IPS) 7 Chapter 3 : Planning Your Virtual Private Network (VPN) 9 Why do I need a VPN?
  • Page 4 What is a VPN? 10 Chapter 4 : Getting to Know the Router 12 The Front Panel The Back Panels 14 Antennas and Positions 15 Chapter 5 : Connecting the Router 16 Overview Connection Instructions 17 Placement Options 18 Chapter 6 : Setting Up and Configuring the Router 20 Overview...
  • Page 5 Basic Setup 20 How to Access the Web-based Utility 21 How to Navigate the Utility 21 Setup Tab 25 Wireless Tab 38 Firewall Tab 47 VPN Tab 58 QoS Tab 65 Administration Tab 67 IPS Tab 72 L2 Switch Tab 76 Status Tab 80 Appendix A: Troubleshooting 85 Frequently Asked Questions...
  • Page 6 Appendix B: Using the Linksys QuickVPN Software for Windows 2000 or XP 99 Overview Before You Begin 99 Installing the Linksys QuickVPN Software 100 Using the Linksys QuickVPN Software 101 Appendix C: Configuring a Gateway-to-Gateway IPSec Tunnel 103 Overview Before You Begin 103...
  • Page 7 Your Ethernet Adapter 108 Windows 98 or Me Instructions Windows 2000 or XP Instructions 108 For the Router’s Web-based Utility 109 Appendix E: Trend Micro ProtectLink Gateway Service 110 Appendix F: Glossary 110 Appendix G: Specifications 116 Appendix H: Warranty Information 119 Appendix I: Regulatory Information 120 Appendix J: Contact Information 126...
  • Page 8 List of Figures Figure 2-1: Example network 5 Figure 2-2: IPS Scenarios 7 Figure 3-1: VPN Router to VPN Router 11 Figure 3-2: Computer to VPN Router 11 Figure 4-1: Front Panel 12 Figure 4-2: Back Panel 14 Figure 4-3: Stackable Position and its Antenna Setup 15 Figure 4-4: Standalone Position and its Antenna Setup 15 Figure 5-1: Example of a Typical Network 16 Figure 5-2: Connect a PC 17...
  • Page 9 Figure 6-13: Setup - MAC Address Clone 34 Figure 6-14: Setup - Advanced Routing 35 Figure 6-15: Setup - Advanced Routing (Routing Table) 36 Figure 6-16: Setup - Time 37 Figure 6-17: Wireless - Basic Wireless Settings 38 Figure 6-18: Wireless - Wireless Security (Disabled) 40 Figure 6-19: Wireless - Wireless Security (WPA-Personal) 40 Figure 6-20: Wireless - Wireless Security (WPA2-Personal) 41 Figure 6-21: Wireless - Wireless Security (WPA2-Personal Mixed) 41...
  • Page 10 Figure 6-46: VPN - VPN Passthrough 64 Figure 6-47: QoS - Application Based 65 Figure 6-48: Port-based 66 Figure 6-49: Administration - Management 67 Figure 6-50: Administration - Log 68 Figure 6-51: View Log pop-up window 68 Figure 6-52: Administration - Diagnostics 69 Figure 6-53: Ping Test Screen 69 Figure 6-54: Trace Route Test Screen 70 Figure 6-55: Administration - Config Management 70...
  • Page 11 Figure B-6: Activating Policy 101 Figure B-7: Verifying Network 101 Figure B-8: QuickVPN Software - Status 102 Figure B-9: QuickVPN Tray Icon - Connection 102 Figure B-10: QuickVPN Tray Icon - No Connection 102 Figure B-11: QuickVPN Software - Change Password 102 Figure C-1: Diagram of Gateway-to-Gateway VPN Tunnel 103 Figure C-2: Login Screen 104 Figure C-3: VPN - IPsec VPN Configuration 104...

  • Page 12: Chapter 1: Introduction

    300 Mbps. Besides having a higher data rate, 802.11n technology also promises longer coverage by using multiple antennas to transmit and receive data streams in different directions. Users are encouraged to upgrade their firmware through www.linksys.com when 802.11n specification is finalized by IEEE to ensure compatibility with all the wireless-N devices.
  • Page 13 VPN. • Appendix B: Using the Linksys QuickVPN Software for Windows 2000 or XP This appendix instructs you on how to use the Linksys QuickVPN software if you are using a Windows 2000 or XP PC. • Appendix C: Configuring a Gateway-to-Gateway IPSec Tunnel This appendix describes how to configure an IPSec VPN Tunnel between two VPN Routers.

  • Page 14: Chapter 2: Networking And Security Basics

    Router or switch to the Internet. Note that the second level Router only forwards data packets through a wired network so you don’t have to use the Wireless-N Gigabit Security Router. You can use any wired router in the Linksys family, e.g. RVS4000, which has 4 LAN ports and 1 WAN port.

  • Page 15: The Use Of Ip Addresses

    The Use of IP Addresses IP stands for Internet Protocol. Every device in an IP-based network, including PCs, print servers, and routers, requires an IP address to identify its location, or address, on the network. This applies to both the Internet and LAN connections.
  • Page 16 assigned it will always have that same IP address until you change it. Static IP addresses are commonly used with dedicated network devices such as server PCs or print servers. Since a user’s PC is moving around in a network and is being powered on or off, it does not require a dedicated IP address that could be a precious resource in your network.
  • Page 17 IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access List (IP ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest amount of securities. IPS works by providing real-time detection and prevention as an in-line module in a router.

  • Page 18: Chapter 3: Planning Your Virtual Private Network (Vpn)

    Chapter 3: Planning Your Virtual Private Network (VPN) Why do I need a VPN? Computer networking provides a flexibility not available when using an archaic, paper-based system. With this flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help to protect data inside of a local network.

  • Page 19: What Is A Vpn

    (refer to “Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or XP”). If you choose not to run the VPN client software, any computer with the built-in IPsec Security Manager...
  • Page 20 ISP. Her notebook computer has the Linksys VPN client software, which is configured with her office's IP address. She accesses the Linksys VPN client software and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central office's network, as if she were physically connected.

  • Page 22: Chapter 4 : Getting To Know The Router

    Chapter 4: Getting to Know the Router The Front Panel The Router’s LEDs are located on the front panel of the Router. LEDs POWER Green. The POWER LED lights up when the Router is powered on. The LED flashes when the Router runs a diagnostic test. Green/Red.
  • Page 23 sending or receiving data. INTERNET Green. The INTERNET LED lights up the appropriate LED depending upon the speed of the device that is attached to the Internet port. If the Router is connected to a cable or DSL modem, typically the 10 LED will be the only LED lit up (i.e. 10Mbps).

  • Page 25: Chapter 5: Connecting The Router

    Chapter 5: Connecting the Router Overview To set up your network, you will do the following: • Connect the Router to one of your PCs according to the instructions in this chapter. • By default, Windows 98, 2000, Millennium, and XP computers are set to obtain an IP address automatically, so unless you have changed the default setting, then you will not need to configure your PCs.
  • Page 26 Proceed to “Chapter 6: Setting Up and Configuring the Router.” There are three ways to place the Wireless-N Router. The first way is to place it horizontally on a surface, so it sits on its four rubber feet. The second way is to stand the Wireless Router vertically on a surface.
  • Page 27 You will need two suitable screws (See Figure 5-7) to mount the Router. Make sure the screw size can fit into the criss-cross wall-mount slots. On the Wireless Router’s back panel are two criss-cross wall-mount slots. Determine where you want to mount the Wireless Router, and install two screws that are 2-9/16 in (64.5mm) apart.
  • Page 28 Configuring the Wireless-N Router,” for directions on how to set up the Wireless-N Router."...

  • Page 29: Overview

    Chapter 6: Setting Up and Configuring the Router Overview The Wireless Router has been designed to be functional right out of the box with the default settings. However, if you'd like to change these settings, the Wireless Router can be configured through your web browser with the Web-based Utility.

  • Page 30: How To Navigate The Utility

    How to Navigate the Utility The Web-based Utility consists of the following nine main tabs: Setup, Wireless, Firewall, VPN, QoS, Administration, IPS, L2 Switch and Status. Additional screens (sub tabs) will be available from most of the main tabs. The following briefly describes the main & sub tabs of the Utility. Setup You will use the Setup tabs to define the Router’s basic functionality.

  • Page 31: Firewall Tab

    •Basic Settings. Choose the wireless network mode (e.g. B/G/N-Mixed), SSID, and radio channel on this screen. •Security Settings. Use this screen to configure the built-in access point’s security settings. •Connection Control. Use this screen to control the wireless connections from client devices to the Router. •Advanced Settings.

  • Page 32: Administration Tab

    The Router support two types of Quality of Service (QoS) traffic. •Bandwidth Management. This allows you to perform Bandwidth Management, by either Rate Control or Priority. •QoS Setup. This allows users to configure QoS Trust Mode for each LAN port. •DSCP Settings.
  • Page 33 may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL, cable modem) carrier. Summary System Information Firmware version Displays the Router’s current software version. CPU Displays the Router’s CPU type. System up time Displays the length of time that has elapsed since the Router was last reset.
  • Page 34 Firewall Setting Status DoS (Denial of Service) Indicates whether the DoS Protection feature is enabled to block DoS attacks. Block WAN Request Indicates whether the Block WAN Request feature is enabled. Remote Management Indicates whether the Remote Management feature is enabled. IPSec VPN Setting Status IPSec VPN Summary Click the IPSec VPN Summary hyperlink to display the VPN >...
  • Page 35 The WAN Setup screen provides Internet Connection Type and DDNS configurations on the WAN port of the Wireless Router. Before starting, you need to find out the Internet Connection Type and settings used by your ISP. If the Router is used as an Intranet Router, you can mostly use the default settings.
  • Page 36 Internet IP Address. This is the Router’s IP address on the WAN port that can be reached from the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask. This is the Router’s Subnet Mask on the WAN port. Your ISP will provide you this information and your IP Address.
  • Page 37 your connection as soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field. Use this option to minimize your DSL connection time if it is charged based on time.
  • Page 38 PPTP Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only. IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask.
  • Page 39 Heart Beat Signal Heart Beat Signal is a service used in Australia. Check with your ISP for the necessary setup information. User Name and Password. Enter the User Name and Password provided by your ISP. Heart Beat Server. Enter the IP address of the Heart Beat server. Connect on Demand: Max Idle Time.
  • Page 40 L2TP Layer 2 Tunneling Protocol (L2TP) is a service that tunnels Point-to-Point Protocol (PPP) across the Internet. It is used mostly in European countries. Check with your ISP for the necessary setup information. IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here.
  • Page 41 Option Settings (Required by some ISPs) This section is common for all the Internet Connection Types. Some of these settings may be required by your ISP. Verify with your ISP before making any changes. Host Name: Some ISPs, usually cable ISPs, require a host name as identification. You may need to check with your ISP to see if your broadband Internet service is configured with a host name.
  • Page 42 DDNS The Router offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Router. Before you can use this feature, you need to sign up for DDNS service at DynDNS.org or TZO.com.
  • Page 43 After entering the necessary information, the Router will advise the DDNS Service of your current WAN (Internet) IP address whenever this address changes. If using TZO, you should NOT use the TZO software to perform this “IP address update”. Connect button: When DDNS is enabled, the Connect button is displayed. Use this button to manually update your IP address information on the DDNS server.
  • Page 44 The LAN Setup section allows you to change the Router’s local network settings for the four Ethernet ports. IPv4 The Router’s Local IPv4 Address and Subnet Mask are shown here. In most cases, you can keep the defaults. Local IP Address. Enter the IPv4 address on the LAN side. The default value is 192.168.1.1.
  • Page 45 Server IP Address. Starting IP Address. Enter a value for the DHCP server to start with when issuing IP addresses. This value will automatically follow your local IP address settings. Normally, you assign the first IP address for the Router (e.g. 192.168.1.1) so that you can assign an IP address to other devices starting from the 2nd IP address (e.g.
  • Page 46 Click the Save Settings button to save the network settings or click the Cancel Changes button to undo your changes.
  • Page 47 The DMZ screen allows one local PC to be exposed to the Internet for use of a special-purpose service, such as Internet gaming and video-conferencing. DMZ hosting forwards traffic to all the ports for the specified PC simultaneously, unlike Port Range Forwarding that can only forward a maximum of 10 ranges of ports.
  • Page 48 MAC Address Clone Some ISPs require that you register a MAC address. This feature clones your PC network adapter's MAC address onto the Router, and prevents you from having to call your ISP to change the registered MAC address to the Router's MAC address. The Router's MAC address is a 6-byte hexadecimal number assigned to a unique piece of hardware for identification.
  • Page 49 Advanced Routing Operating Mode Select the Operating mode in which the Router will function. Gateway. This is the normal mode of operation. This allows all devices on your LAN to share the same WAN (Internet) IP address. In the Internet Gateway mode, the NAT (Network Address Translation) mechanism is enabled.
  • Page 50 Static Routing Sometimes you will prefer to use static routes to build your routing table instead of using dynamic routing protocols. Static routes do not require CPU resources to exchange routing information with a peer router. You can also use static routes to reach peer routers that do not support dynamic routing protocols.
  • Page 51 Time You can either define your Router’s time manually or automatically through Time Server. The default is Set the local time using Network Time Protocol (NTP) Automatically. Manually Set the local time Manually If you wish to enter the time and date manually, select this option, then enter the day, month, year, hour, minutes, and seconds in the Time fields using 24-hour format.
  • Page 52 IP Mode IPv4 Only. Select this option to use IPv4 on the Internet and local network. Dual-Stack IP. Select this option to use IPv4 on the Internet and IPv4 and IPv6 on the local network. Then select how the IPv6 hosts will connect to the Internet: •...

  • Page 54: Wireless Tab

    Wireless Tab Basic Settings Change the basic wireless network settings on this screen. Basic Settings Configure the basic Wireless Network attributes for this Wireless Router. Wireless Network Mode. Select one of the following modes. The default is B/G/N-Mixed. B-Only: All the wireless client devices can be connected to the Wireless Router at Wireless-B data rates with a maximum speed of 11Mbps.
  • Page 55 It is case-sensitive, must not exceed 32 alphanumeric characters, and may be any keyboard character. Make sure this setting is the same for all devices in your wireless network. The default SSID name is linksys-n. SSID Broadcast. This option allows the SSID to be broadcast on your network. You may want to enable this function while configuring your network, but make sure that you disable it when you are finished.
  • Page 56 Wireless Security Change the Wireless Router’s wireless security settings on this screen. Wireless Security Security Mode. Select the wireless security mode you want to use, WPA-Personal, WPA2-Personal, WPA2-Personal Mixed, WPA-Enterprise, WPA2-Enterprise, WPA2-Enterprise Mixed, or WEP. (WPA stands for Wi-Fi Protected Access, which is a security standard stronger than WEP encryption and forward compatible with IEEE 802.11e.
  • Page 57 Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. Shared Secret. Enter a WPA Shared Key of 8-63 characters. Key Renewal. Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds. WPA2-Personal Encryption.
  • Page 58 WPA-Enterprise This option features WPA used in coordination with a RADIUS server for client authentication. (This should only be used when a RADIUS server is connected to the Wireless Router.) Encryption. WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES.
  • Page 59 Shared Key. Enter the Shared Secret key used by the Wireless Router and RADIUS server. Key Renewal. Enter a Key Renewal Timeout period, which instructs the Wireless Router how often it should change the encryption keys. The default is 3600 seconds. WPA2-Enterprise Mixed This security mode supports the transition from WPA-Enterprise to WPA2-Enterprise.
  • Page 60 Authentication Type. Choose the 802.11 authentication type as either Open System or Shared Key. The default is Open System. WEP Encryption. Select a level of WEP encryption, 40/64 bits (10 hex digits) or 104/128 bits (26 hex digits). Passphrase. If you want to generate WEP keys using a Passphrase, then enter the Passphrase in the field provided and click the Generate key.
  • Page 61 Connection Control This screen allows you to configure the Connection Control List to either permit or block specific wireless client devices connecting to (associating with) the Wireless Router. Wireless Connection Control Select SSID. Select the desired SSID. Enabled/Disabled. Enable or disable wireless connection control. The default is Disabled.
  • Page 62 Connection Control List MAC 01-20. Enter the MAC addresses of the wireless client devices you want to control. Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen.
  • Page 63 This screen allows you to configure the advanced settings for the Wireless Router. The Wireless-N Router adopts several new parameters to adjust the channel bandwidth and guard intervals to improve the data rate dynamically. Linksys recommends to let your Wireless Router automatically adjust the parameters for maximum data throughput.
  • Page 64 Router coordinates transmission and reception to ensure efficient communication. This value should remain at its default setting of 2346. If you encounter inconsistent data flow, only minor modifications are recommended. Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes.
  • Page 65 VLAN & QoS This screen allows you to configure the Qos and VLAN settings for the Access Point. The QoS (Quality of Service) feature allows you specify priorities for different traffic. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic.
  • Page 66 On this screen you can configure the WDS settings for the (Wireless Distribution System) device. WDS MAC Address. It displays the read-only MAC address for the WDS. Allow wireless signal to be repeated by a repeater. Select Auto or Manual as required. Remote Access Point’s MAC Address.
  • Page 67 Firewall The Firewall Tab allows you to configure software security features like SPI (Stateful Packet Inspection) Firewall, IP based Access List, restriction LAN users on Internet (WAN port) access, and NAPT (Network Address Port Translation) Settings (only works when NAT is enabled) to limited services to specific ports. Note that for WAN traffic, NAPT settings are applied first, then it will pass the SPI Firewall settings, followed by IP based Access List (which requires more CPU power).
  • Page 68 • Java: Java is a programming language for websites. If you deny Java, you run the risk of not having access to Internet sites created using this programming language. • Cookies: A cookie is data stored on your PC and used by Internet sites when you interact with them, so you may not want to deny cookies.
  • Page 69 IP Based ACL This screen shows a summary of configured IP based Access List. The Access List is used to restrict traffic going through the Router either from WAN or LAN port. There are two ways to restrict data traffic. You can block specific types of traffic according to your ACL definitions.
  • Page 70 Time: Displays the time period this rule will be enabled (used together with Date). It can be set to Any Time. Day: Displays the days in a week this rule will be enabled (used together with Time). It can be set to Every Day. Edit button: Use this button to go to Edit IP ACL Rule screen and modify this rule.
  • Page 71 Edit IP ACL Rule This Web page can be entered only through IP Based ACL Tab. You can enter this page by clicking Add New Rule button on that page. New Rule Action: Select either Allow or Deny. Default is Allow. Service: Select ALL or pre-defined (or user-defined) services from the drop-down menu.
  • Page 72 Change these settings as described here and click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Help information is displayed on the right-hand side of the screen, and click More for additional details. Internet Access Policy Access to the Internet can be managed by policies.
  • Page 73 On the List of PCs screen, you can define PCs by MAC Address or IP Address. You can also enter a range of IP Addresses if you want this policy to affect a group of PCs. To create an Internet Access policy: Select the desired policy number from the Internet Access Policy drop-down menu.
  • Page 74 If you wish to block access to Web sites, use the Website Blocking by URL Address or Website Blocking by Keyword feature. • Website Blocking by URL Address. Enter the URL or Domain Name of the web sites you wish to block.
  • Page 75 Single Port Forwarding This is one of the NAPT (Network Address Port Translation) feature. Use the Single Port Forwarding screen when you want to open specific services (that use single port). This allows users on the Internet to access this server by using the WAN port address and the matched external port number.
  • Page 76 Port Range Forwarding This is one of the NAPT (Network Address Port Translation) features. The Port Range Forwarding screen allows you to set up public services on your network, such as web servers, ftp servers, e-mail servers, or other specialized Internet applications that use one or multiple port numbers (e.g.
  • Page 77 Port Range Triggering This is one of the NAPT (Network Address Port Translation) feature. Port Range Triggering is used for special applications that can request a port to be opened on demand. For this feature, the Wireless Router will watch outgoing packets for specific port numbers.
  • Page 78 VPN Tab Summary Tunnels Used Displays the number of tunnels used. Tunnel(s) Available Displays the number of available tunnels. Detail button Click Detail to display more tunnel information. Tunnel Status No. Displays the number of the tunnel. Name Displays the name of the tunnel, as defined by the Tunnel Name field on the VPN >...
  • Page 79 VPN Clients Status No. Displays the user number from 1 to 5. Username. Displays the username of the VPN Client. Status Displays the connection status of the VPN Client. Start Time Displays the start time of the most recent VPN session for the specified VPN Client.

This manual is also suitable for:

Linksys wrvs4400nLinksys wrvs4400nv2

Table of Contents