1. Manuals
  2. Brands
  3. Comet Labs Manuals
  4. Network Router
  5. RF10
  6. User manual

Comet Labs RF10 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Model : RF10
User Manual
V5.0
User Manual v5.0
1 / 161

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RF10 and is the answer not in the manual?

Questions and answers

Related Manuals for Comet Labs RF10

Summary of Contents for Comet Labs RF10

  • Page 1 Model : RF10 User Manual V5.0 User Manual v5.0 1 / 161...
  • Page 2 RF10 User’s Manual (Updated December 14, 2005) Copyright Information © 2005 Cometlabs Electric Corporation, Ltd. The contents of this publication may not be reproduced in whole or in part, transcribed, stored, translated, or transmitted in any form or any means, without the prior written consent of Cometlabs Electric Corporation.
  • Page 3 DO NOT use the same power source for the RF10 as other equipment. DO NOT use your RF10 and any accessories outdoors. If you wall mount your RF10, make sure that no electrical, water or gas pipes will be damaged during installation.

  • Page 4: Table Of Contents

    CHAPTER 1: INTRODUCTION................10 1.1 O .......................10 VERVIEW 1.2 P ...................10 RODUCT IGHLIGHTS 1.2.1 V ............10 IRTUAL RIVATE ETWORK UPPORT 1.2.2 A ...............10 DVANCED IREWALL ECURITY 1.2.3 I ..........11 NTELLIGENT ANDWIDTH ANAGEMENT 1.3 P ..................12 ACKAGE ONTENTS 1.3.1 F ....................12 RONT ANEL 1.3.2 R...
  • Page 5 3.4.3 W 2000 ..................35 INDOWS 3.4.3.1 Configuring..................35 3.4.3.2 Verifying Settings ................39 3.4.4 W 98 / M ..................40 INDOWS 3.4.4.1 Installing Components ..............40 3.4.4.2 Configuring..................45 3.4.4.3 Verifying Settings ................49 3.5 F .................51 ACTORY EFAULT ETTINGS 3.5.1 U ..............51 AME AND ASSWORD 3.5.2 LAN WAN P ............52...
  • Page 6 4.4.2 WAN ......................75 4.4.2.1 ISP Settings..................75 4.4.2.1.1 DHCP ..................77 4.4.2.1.2 Static IP ..................78 4.4.2.1.3 PPPoE..................79 4.4.2.1.4 PPTP Settings................80 4.4.2.1.5 Big Pond Settings..............81 4.4.2.2 Bandwidth Settings ................82 4.4.4 S ......................83 YSTEM 4.4.4.1 Time Zone ..................83 4.4.4.2 Remote Access..................84 4.4.4.3 Firmware Upgrade ................85 4.4.4.4 Backup / Restore................86 Restart Router..................87 4.4.4.6 Password ....................88...
  • Page 7 ................121 EVER 5.1.3 LAN ............122 NTERNET 5.1.4 F ................122 ORGOT ASSWORD 5.2 LAN I ....................123 NTERFACE 5.2.1 C ’ RF10 LAN.............123 CCESS FROM THE 5.2.2 C ’ LAN............123 ON THE 5.2.3 C ’ ........123 CCESS ONFIGURATION NTERFACE 5.2.3.1 Pop-up Windows................125 5.2.3.2 Javascripts..................126...
  • Page 8 D.2 R ....................139 OUTER ASICS D.2.1 W ? ................139 HAT IS A OUTER D.2.2 W ?................139 HY USE A OUTER D.2.3 R (RIP) ..........139 OUTING NFORMATION ROTOCOL D.3 F ..................140 IREWALL ASICS D.3.1 W ? ................140 HAT IS A IREWALL D.3.1.1 Stateful Packet Inspection..............140 D.3.1.2 Denial of Service (DoS) Attack .............140 D.3.2 W...
  • Page 9 APPENDIX H: ROUTER SETUP EXAMPLES ..........155 H.1 VPN C ..................155 ONFIGURATION H.1.1 LAN LAN..................155 H.1.2 H LAN ..................157 OST TO H.2 VPN C ..................159 ONCENTRATOR User Manual v5.0 9 / 161...

  • Page 10: Chapter 1: Introduction

    Quality of Service (QoS) and Load Balancing features grant advanced users total control over their network and Internet connection. This manual illustrates the many features and functions of the RF10, and even takes you through the various ways you can apply this versatile device to your home or office.

  • Page 11: Intelligent Bandwidth Management

    1.2.3 Intelligent Bandwidth Management The RF10 utilizes Quality of Service (QoS) to give you full control over the priority of both incoming and outgoing data, ensuring that critical data such as customer information moves through your network, even while under a heavy load.

  • Page 12: Package Contents

    1.3 Package Contents RF10 iBusiness Security Gateway SMB Bracket x 2 (for rack-mounting) Screw x 4 (for rack-mounting) Getting Started CD-ROM Quick Start Guide AC-DC Power Adapter (12VDC, 1A) 1.3.1 Front Panel Function Power A solid light indicates a steady connection to a power source.

  • Page 13: Rear Panel

    1.3.2 Rear Panel Port Function To reset the device and restore factory default settings, RESET after the device is fully booted, press and hold RESET until the Status LED begins to blink. WAN1 10/100M Ethernet port (with auto crossover WAN1 support);...

  • Page 14: Rack Mounting

    1.3.3 Rack Mounting To rack mount the RF10, carefully secure the device to your rack on both sides using the included brackets and screws. See the diagram below for a more detailed explanation. 1.3.4 Cabling Most Ethernet networks currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with an RJ45 type connector.

  • Page 15: Overview

    2.1 Overview Your RF10 Router is a versatile device that can be configured to not only protect your network from malicious attackers, but also ensure optimal usage of available bandwidth with Quality of Service (QoS) and both Inbound and Outbound Load Balancing.

  • Page 16: Qos Technology

    2.2.1 QoS Technology QoS generally involves the prioritization of network traffic. QoS is comprised of three major components: Classifier, Meter, and Scheduler. Each of these components has a distinct role in ensuring that incoming and outgoing data is managed according to user specifications.

  • Page 17: Qos Policies For Different Applications

    2.2.2 QoS Policies for Different Applications By setting different QoS policies according to the applications you are running, you can use the RF10 to optimize the bandwidth that is being used on your network. VoIP Normal PCs Restricted PC As illustrated in the diagram above, applications such as Voiceover IP (VoIP) require low network latencies to function properly.

  • Page 18: Guaranteed / Maximum Bandwidth

    2.2.3 Guaranteed / Maximum Bandwidth Setting a Guaranteed Bandwidth ensures that a particular service receives a minimum percentage of bandwidth. For example, you can configure the RF10 to reserve 10% of the available bandwidth for a particular computer on the network to transfer files.

  • Page 19: Policy Based Traffic Shaping

    2.2.4 Policy Based Traffic Shaping Policy Based Traffic Shaping allows you to apply specific traffic policies across a range of IP addresses or ports. This is particularly useful for assigning different policies for different PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable Internet and network service to your organization.

  • Page 20: Priority Bandwidth Utilization

    2.2.5 Priority Bandwidth Utilization Assigning priority to a certain service allows the RF10 to give either a higher or lower priority to traffic from this particular service. Assigning a higher priority to an application ensures that it is processed ahead of applications with a lower priority and vice versa.

  • Page 21: Diffserv (Dscp Marking)

    2.2.7 DiffServ (DSCP Marking) DiffServ (a.k.a. DSCP Marking) allows you to classify traffic based on IP DSCP values. These markings can be used to identify traffic within the network, and other interfaces can match traffic based on the DSCP markings. DSCP markings are used to decide how packets should be treated, and is a useful tool to give precedence to varying types of data.

  • Page 22: Virtual Private Networking

    As such, it is perfect for connecting branch offices to headquarters across the Internet in a secure fashion. The following section discusses Virtual Private Networking with the RF10. 2.3.1 General VPN Setup There are typically three different VPN scenarios.

  • Page 23: Concentrator

    VPN provide a flexible, cost-efficient, and reliable way for companies of all sizes to stay connected. One of the most important steps in setting up a VPN is proper planning. The following sections demonstrate the various ways of using the RF10 to setup your VPN.

  • Page 24: Overview

    Linux, Mac OS, and Windows 98/Me/NT/2000/XP operating systems. The following chapter takes you through the very first steps to configuring your network for the RF10. Take a look and see how easy it is to get your network up and running.

  • Page 25: Connecting Your Router

    Connecting the RF10 is an easy three-step process: 1. Connect the RF10 to your LAN by connecting Ethernet cables from your networked PCs to the LAN ports on the router. Connect the RF10 to your broadband Internet connection via router’s WAN port.

  • Page 26: Configuring Computers For Tcp/Ip Networking

    1. Have a properly installed and functioning Ethernet Network Interface Card (NIC). 2. Be connected to the RF10, either directly or through an external repeater hub via an Ethernet cable. 3. Have TCP/IP installed and configured with an IP address.

  • Page 27: Overview

    If you are using Windows 3.1, you must purchase a third-party TCP/IP application package. Any TCP/IP capable workstation can be used to communicate with or through the RF10. To configure other types of workstations, please consult the manufacturer’s documentation. User Manual v5.0...

  • Page 28: Windows Xp

    3.4.2 Windows XP 3.4.2.1 Configuring 1. Select Start > Settings > Network Connections. 2. In the Network Connections window, right-click Local Area Connection and select Properties. User Manual v5.0 28 / 161...
  • Page 29 3. Select Internet Protocol (TCP/IP) and click Properties. 4a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons. User Manual v5.0 29 / 161...
  • Page 30 4b. To manually assign your PC a fixed IP address, select the Use the following IP address radio button and enter your desired IP address, subnet mask, and default gateway in the blanks provided. Remember that your PC must reside in the same subnet mask as the router.

  • Page 31: Verifying Settings

    3.4.2.2 Verifying Settings To verify your settings using a command prompt: 1. Click Start > Programs > Accessories > Command Prompt. 2. In the Command Prompt window, type ipconfig and then press ENTER. User Manual v5.0 31 / 161...
  • Page 32 If you are using the RF10’s default settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 To verify your settings using the Windows XP GUI: 1. Click Start > Settings > Network Connections.
  • Page 33 2. Right click one of the network connections listed and select Status from the pop-up menu. 3. Click the Support tab. User Manual v5.0 33 / 161...
  • Page 34 If you are using the RF10’s default settings, your PC should: - Have an IP address between 192.168.1.1 and 192.168.1.253 - Have a subnet mask of 255.255.255.0 User Manual v5.0 34 / 161...

  • Page 35: Windows 2000

    3.4.3 Windows 2000 3.4.3.1 Configuring 1. Select Start > Settings > Control Panel. 2. In the Control Panel window, double-click Network and Dial-up Connections. User Manual v5.0 35 / 161...
  • Page 36 3. In Network and Dial-up Connections, double-click Local Area Connection. 4. In the Local Area Connection window, click Properties. User Manual v5.0 36 / 161...
  • Page 37 5. Select Internet Protocol (TCP/IP) and click Properties. 6a. To have your PC obtain an IP address automatically, select the Obtain an IP address automatically and Obtain DNS server address automatically radio buttons. User Manual v5.0 37 / 161...
  • Page 38 6b. To manually assign your PC a fixed IP address, select the Use the following IP address radio button and enter your desired IP address, subnet mask, and default gateway in the blanks provided. Remember that your PC must reside in the same subnet mask as the router.

  • Page 39: Verifying Settings

    1. Click Start > Programs > Accessories > Command Prompt. 2. In the Command Prompt window, type ipconfig and then press ENTER. If you are using the RF10’s default settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0...

  • Page 40: Windows 98 / Me

    3.4.4 Windows 98 / Me 3.4.4.1 Installing Components To prepare Windows 98/Me PCs for TCP/IP networking, you may need to manually install TCP/IP on each PC. To do this, follow the steps below. Be sure to have your Windows CD handy, as you may need to insert it during the installation process. 1.
  • Page 41 You must have the following installed: - An Ethernet adapter - TCP/IP protocol - Client for Microsoft Networks User Manual v5.0 41 / 161...
  • Page 42 If you need to install a new Ethernet adapter, follow these steps: a. Click Add. b. Select Adapter, then Add. c. Select the manufacturer and model of your Ethernet adapter, then click OK. User Manual v5.0 42 / 161...
  • Page 43 If you need TCP/IP: a. Click Add. b. Select Protocol, then click Add. c. Select Microsoft. TCP/IP, then OK. User Manual v5.0 43 / 161...
  • Page 44 If you need Client for Microsoft Networks: a. Click Add. b. Select Client, then click Add. c. Select Microsoft. Client for Microsoft Networks, and then click OK. 3. Restart your PC to apply your changes. User Manual v5.0 44 / 161...

  • Page 45: Configuring

    3.4.4.2 Configuring 1. Select Start > Settings > Control Panel. 2. In the Control Panel, double-click Network and choose the Configuration tab. User Manual v5.0 45 / 161...
  • Page 46 3. Select TCP / IP > ASUSTek or the name of any Network Interface Card (NIC) in your PC and click Properties. User Manual v5.0 46 / 161...
  • Page 47 4. Select the IP Address tab and click the Obtain an IP address automatically radio button. 5. Select the DNS Configuration tab and select the Disable DNS radio button. User Manual v5.0 47 / 161...
  • Page 48 6. Click OK to apply the configuration. User Manual v5.0 48 / 161...

  • Page 49: Verifying Settings

    3.4.4.3 Verifying Settings To check the TCP/IP configuration, use the winipcfg.exe utility: 1. Select Start > Run. 2. Type winipcfg, and then click OK. 3. From the drop-down box, select your Ethernet adapter. User Manual v5.0 49 / 161...
  • Page 50 The window is updated to show your settings. Using the default RF10 settings, your PC should have: - An IP address between 192.168.1.1 and 192.168.1.253 - A subnet mask of 255.255.255.0 - A default gateway of 192.168.1.254 User Manual v5.0...

  • Page 51: Factory Default Settings

    The default user name and password are "admin" and "admin" respectively. If you ever forget your user name and/or password, you can restore your RF10 to its factory settings by holding the Reset button on the back of your router until the Status LED begins to blink.

  • Page 52: Lan And Wan Port Addresses

    3.5.2 LAN and WAN Port Addresses The default values for LAN and WAN ports are shown below: LAN Port WAN Port IP address 192.168.1.254 The DHCP Client is enabled to automatically get the WAN port Subnet Mask 255.255.255.0 configuration from the ISP. DHCP server Enabled function...

  • Page 53: Information From Your Isp

    If your account uses PPP over Ethernet (PPPoE), you will need to enter your login name and password when configuring your RF10. After the network and firewall are configured, the RF10 will login automatically, and you will no longer need to run the login program from your PC.

  • Page 54: Configuration Information

    ISP, you need to copy the configuration information from your PC’s Network TCP/IP Properties window before reconfiguring your computer for use with the RF10. The following sections describe how you can obtain this information. 3.6.2.1 Windows This section uses illustrations from Windows XP.
  • Page 55 2. Double-click the Network icon. 3. In the Network Connections window, right-click Local Area Connection and select Properties. User Manual v5.0 55 / 161...
  • Page 56 4. Select Internet Protocol (TCP/IP) and click Properties. 5. If an IP address, subnet mask and a Default gateway are shown, write down the information. If no address is present, your account’s IP address is dynamically assigned. Click the Obtain an IP address automatically radio button. User Manual v5.0 56 / 161...
  • Page 57 6. If any DNS server addresses are shown, write them down. Click the Obtain DNS server address automatically radio button. 7. Click OK to save your changes. User Manual v5.0 57 / 161...

  • Page 58: Web Configuration Interface

    Web Configuration Interface. If the Web Configuration Interface appears, congratulations! You are now ready to configure your RF10. If you are having trouble accessing the interface, please refer to Chapter 5: Troubleshooting for possible resolutions. User Manual v5.0...

  • Page 59: Chapter 4: Router Configuration

    4.1 Overview The Web Configuration Interface makes it easy for you to manage your network via any PC connected to it. On the Web Configuration homepage, you will see the navigation pane located on the left hand side. From it, you will be able to select various options used to configure your router.

  • Page 60: Status

    Configuration Interface. 4.2 Status The Status menu displays the various options that have been selected and a number of statistics about your RF10. In this menu, you will find the following sections: - ARP Table - Routing Table - DHCP Table...

  • Page 61: Arp Table

    4.2.1 ARP Table The Address Resolution Protocol (ARP) Table shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is a quick way to determine the MAC address of your PC’s network interface to use with the router’s Firewall – MAC Address Filter function.

  • Page 62: Routing Table

    4.2.2 Routing Table The Routing Table displays the current path for transmitted packets. Both static and dynamic routes are displayed. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use.

  • Page 63: Ipsec Status

    4.2.4 IPSec Status The IPSec Status window displays the status of the IPSec Tunnels that are currently configured on your RF10. " ) # * & " % ) # * " % ) # * " " " * & "...

  • Page 64: Traffic Statistics

    WAN2: Transmitted (Tx) and Received (Rx) bytes and packets for WAN2. Display: Allows you to change the units of measurement for the traffic graph. 4.2.7 System Log This window displays the RF10’s System Log entries. Major events are logged on this window. User Manual v5.0...

  • Page 65: Ipsec Log

    Refresh: Refresh the System Log. Clear Log: Clear the System Log. Send Log: Send the System Log to your email account. You can set the email address in Configuration > System > Email Alert. See the Email Alert section for more details.

  • Page 66: Quick Start

    4.3 Quick Start The Quick Start menu allows you to quickly configure your network for Internet access using the most basic settings. Connection Method: Select your router’s connection to the Internet. Selections include Obtain an IP Address Automatically, Static IP Settings, PPPoE Settings, PPTP Settings, and Big Pond Settings.

  • Page 67: Static Ip

    4.3.2 Static IP IP assigned by your ISP: Enter the assigned IP address from your IP. IP Subnet Mask: Enter your IP subnet mask. ISP Gateway Address: Enter your ISP gateway address. Primary DNS: Enter your primary DNS. Secondary DNS: Enter your secondary DNS. Click Apply to save your changes.

  • Page 68: Pppoe

    4.3.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP, select Always Connect.

  • Page 69: Pptp

    4.3.4 PPTP Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. PPTP Client IP: Enter the PPTP Client IP provided by your ISP. PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP. PPTP Client IP Gateway: Enter the PPTP Client IP Gateway provided by your ISP.

  • Page 70: Big Pond

    4.3.5 Big Pond Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Login Server: Enter the IP of the Login server provided by your ISP. Click Apply to save your changes. To reset to defaults, click Reset. For detailed instructions on configuring WAN settings, please refer to the WAN section of this chapter.

  • Page 71: Configuration

    4.4 Configuration The Configuration menu allows you to set many of the operating parameters of the RF10. In this menu, you will find the following sections: - LAN - WAN - System - Firewall - IPSec - QoS - Virtual Server - Advanced These items are described below in the following sections.

  • Page 72: Lan

    4.4.1 LAN There are two items within this section: Ethernet and DHCP Server. 4.4.1.1 Ethernet IP Address: Enter the internal LAN IP address for the RF10 (192.168.1.254 by default). Subnet Mask: Enter the subnet mask (255.255.255.0 by default). RIP: RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIP.

  • Page 73: Dhcp Server

    4.4.1.2 DHCP Server In this menu, you can disable or enable the Dynamic Host Configuration Protocol (DHCP) server. The DHCP protocol allows your RF10 to dynamically assign IP addresses to PCs on your network if they are configured to automatically obtain IP addresses.
  • Page 74 Fixed Host allows specific computer/network clients to have a reserved IP address. IP Address: Enter the IP address that you want to reserve for the above MAC address. MAC Address: Enter the MAC address of the PC or server you wish to be assigned a reserved IP.

  • Page 75: Wan

    4.4.2 WAN WAN refers to your Wide Area Network connection. In most cases, this means your router’s connection to the Internet through your ISP. The RF10 features Dual WAN capability. The WAN menu contains two items: ISP Settings and Bandwidth Settings.
  • Page 76 To edit any of these connections, click Edit. You will be taken to the following menu. Connection Method: Select how your router will connect to the Internet. Selections include Obtain an IP Address Automatically, Static IP Settings, PPPoE Settings, PPTP Settings, and Big Pond Settings. For each WAN port, the factory default is DHCP.

  • Page 77: Dhcp

    4.4.2.1.1 DHCP Host Name: Some ISPs authenticate logins using this field. MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MAC address in the blanks below. DNS: If your ISP requires you to manually setup DNS settings, check the checkbox and enter your primary and secondary DNS.

  • Page 78: Static Ip

    4.4.2.1.2 Static IP IP assigned by your ISP: Enter the static IP assigned by your ISP. IP Subnet Mask: Enter the IP subnet mask provided by your ISP. ISP Gateway Address: Enter the ISP gateway address provided by your ISP. MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MAC address in the blanks below.

  • Page 79: Pppoe

    4.4.2.1.3 PPPoE Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. Connection: Select whether the connection should Always Connect or Trigger on Demand. If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP, select Always Connect.

  • Page 80: Pptp Settings

    4.4.2.1.4 PPTP Settings Username: Enter your user name. Password: Enter your password. Retype Password: Retype your password. PPTP Client IP: Enter the PPTP Client IP provided by your ISP. PPTP Client IP Netmask: Enter the PPTP Client IP Netmask provided by your ISP. PPTP Client IP Gateway: Enter the PPTP Client IP Gateway provided by your ISP.

  • Page 81: Big Pond Settings

    MAC Address: If your ISP requires you to input a WAN Ethernet MAC, check the checkbox and enter your MAC address in the blanks below. DNS: If your ISP requires you to manually setup DNS settings, check the checkbox and enter your primary and secondary DNS. RIP: To activate RIP, select Send, Receive, or Both from the drop down menu.

  • Page 82: Bandwidth Settings

    4.4.2.2 Bandwidth Settings Under Bandwidth Settings, you can easily configure both inbound and outbound bandwidth for each WAN port. WAN: Enter your ISP inbound and outbound bandwidth for WAN NOTE: These values entered here are referenced by both QoS and Load Balancing functions.

  • Page 83: System

    4.4.4 System The System menu allows you to adjust a variety of basic router settings, upgrade firmware, set up remote access, and more. In this menu are the following sections: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart, Password, System Log and Email Alert. 4.4.4.1 Time Zone User Manual v5.0 83 / 161...

  • Page 84: Remote Access

    The RF10 does not use an onboard real time clock; instead, it uses the Network Time Protocol (NTP) to acquire the current time from an NTP server outside your network. Simply choose your local time zone, enter NTP Server IP Address, and click Apply.

  • Page 85: Firmware Upgrade

    To upgrade your firmware, simply visit Cometlabs’s website (http://www.Cometlabs.com) and download the latest firmware image file for the RF10. Next, click Browse and select the newly downloaded firmware file. Click Upgrade to complete the update.

  • Page 86: Backup / Restore

    4.4.4.4 Backup / Restore This feature allows you to save and backup your router’s current settings, or restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.

  • Page 87: Restart Router

    Default Settings and click Restart to reboot the RF10 with factory default settings. You may also reset your router to factory default settings by holding the Reset button on the router until the Status LED begins to blink. Once the RF10 completes the boot sequence, the Status LED will stop blinking.

  • Page 88: Password

    4.4.4.6 Password In order to prevent unauthorized access to your router’s configuration interface, it requires the administrator to login with a password. You can change your password by entering your new password in both fields. Click Apply to save your changes. Click Reset to reset to the default administration password (admin).

  • Page 89: System Log Server

    4.4.4.7 System Log Server This function allows the RF10 to send system logs to an external Syslog Server. Syslog is an industry-standard protocol used to capture information about network activity. To enable this function, select the Enable radio button and enter your Syslog server IP address in the Log Server IP Address field.

  • Page 90: Email Alert

    4.4.4.8 Email Alert The Email Alert function allows a log of security-related events (such as System Log and IPSec Log) to be sent to a specified email address. Email Alert: You may enable or disable this function by selecting the appropriate radio button.

  • Page 91: Firewall

    4.4.5 Firewall The RF10 includes a full Stateful Packet Inspection (SPI) firewall for controlling Internet access from your LAN, and preventing attacks from hackers. Your router also acts as a "natural" Internet firewall when using Network Address Translation (NAT), as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

  • Page 92: Packet Filter

    4.4.5.1 Packet Filter The Packet Filter function is used to limit user access to certain sites on the Internet or LAN. The Filter Table displays all current filter rules. If there is an entry in the Filter Table, you can click Edit to modify the setting of this entry, or click Delete to remove this entry.

  • Page 93: Url Filter

    4.4.5.2 URL Filter The URL Filter is a powerful tool that can be used to limit access to certain URLs on the Internet. You can block web sites based on keywords or even block out an entire domain. Certain web features can also be blocked to grant added security to your network.
  • Page 94 Enter a keyword to be filtered and click Apply. Your new keyword will be added to the filtered keyword listing. Domains Filtering: Click the top checkbox to enable this feature. You can also choose to disable all web traffic except for trusted sites by clicking the bottom checkbox. To edit the list of filtered domains, click Details.

  • Page 95: Lan Mac Filter

    Enter a name for the IP Address and then enter the IP address itself. Click Apply to save your changes. The IP address will be entered into the Exception List, and excluded from the URL filtering rules in effect. 4.4.5.3 LAN MAC Filter 2 &...

  • Page 96: Block Wan Request

    4.4.5.4 Block WAN Request Blocking WAN requests is one way to prevent DDOS attacks by preventing ping requests from the Internet. Use this menu to enable or disable function. 4.4.5.5 Intrusion Detection 2 & ' !" / % " & User Manual v5.0 96 / 161...

  • Page 97: Vpn

    4.4.6 VPN 4.4.6.1 IPSec IPSec is a set of protocols that enable Virtual Private Networks (VPN). VPN is a way to establish secured communication tunnels to an organization’s network via the Internet. 4.4.6.1.1 IPSec Wizard " & " " * ) # * ) "...
  • Page 98 ) # * . ) # * " * ) + " ) # * 9 # ' 9 # ' " & " 3 / " 4 User Manual v5.0 98 / 161...
  • Page 99 " ) # * 9 # ' ! " " & ) # & ! : $ ' - $ ' * . : ; ' - / " & " 3 Next: Go to the next page. * 2 + "...
  • Page 100 (4)LAN to Mobile Host: RF would like to establish an IPSec VPN tunnel withremote client software using Dynamic Internet IP by using aggressive mode. " & ) # & ! : $ ' - $ ' * . : ; ' - / 7 "...

  • Page 101: Ipsec Policy

    4.4.6.1.2 IPSec Policy IPSec is a set of protocols that enable Virtual Private Networks (VPN). VPN is a way to establish secured communication tunnels to an organization’s network via the Internet. Click Create to create a new IPSec VPN connection account. User Manual v5.0 101 / 161...
  • Page 102 Configuring a New VPN Connection " & !! " * " " * ) # * ) " * %& ' " * %& ' + " %& ' %& ' + %& ' ) # * & < = & = ) 2 ! &...
  • Page 103 " ; * 3 # 5 " ! %%% 9 # ' 1 < 5 : $ ' %%% 9 # ' 1 < 5 : $ ' : $ ' * 3 # 5 " + " 1 > : ;...
  • Page 104 " " ! * + " * & * & ! " 0 ! 0 " ; - ) 8 / . " ; - ) 8 / . 8 # " * " ! & , - & / * # - / / * # &...
  • Page 105 " " & ) 8 / + A A " " & " & ) # * & ) # * " ! 1 " ) # * " $ " $ - # " 9 # ' ) # * "...

  • Page 106: Pptp

    4.4.6.2 PPTP # # # - 9 # ' . 9 # ' " ! !" * # # # * # # # * ' # " !" * ! 8 # !% " ! & : 1 ) ; 1 "...
  • Page 107 Click Create to create a new PPTP VPN connection account. " & !! " * " # " # " # # " * " # " # " & # # # User Manual v5.0 107 / 161...

  • Page 108: Qos

    4.4.7 QoS The RF10 can optimize your bandwidth by assigning priority to both inbound and outbound data with QoS. This menu allows you to configure QoS for both inbound and outbound traffic. The first menu screen gives you an overview of which WAN ports currently have QoS active, and the bandwidth settings for each.
  • Page 109 To get started using QoS, you will need to establish QoS rules. These rules tell the RF10 how to handle both incoming and outgoing traffic. The following example shows you how to configure WAN Outbound QoS. Configuring the other traffic types follows the same process.
  • Page 110 Interface: The current traffic type. Application: User defined application name for the current rule. Packet Type: The type of packet this rule applies to. Choose from Any, TCP, UDP, or ICMP. Guaranteed: The guaranteed amount of bandwidth for this rule as a percentage. Maximum: The maximum amount of bandwidth for this rule as a percentage.

  • Page 111: Virtual Server

    PCs. Please see the WAN Configuration section of this manual for more information on NAT. The RF10 can also be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network.
  • Page 112 Enable DMZ function: ‡ Enable: Activates your router’s DMZ function. ‡ Disable: Default setting. Disables the DMZ function. DMZ IP Address: Give a static IP address to the DMZ Host when the Enable radio button is selected. Be aware this IP will be exposed to the WAN/Internet. Select the Apply button to apply your changes.

  • Page 113: Port Forwarding Table

    4.4.8.2 Port Forwarding Table Because NAT can act as a "natural" Internet firewall, your router protects your network from being accessed by outside users, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network.

  • Page 114: Port Range Mapping

    4.4.8.2.1 Port Range Mapping This function allows any incoming data addressed to a range of service port numbers (from the Internet/WAN Port) to be re-directed to a particular LAN private/internal IP address. This option gives you the ability to handle applications that use more than one port such as games and audio/video conferencing.

  • Page 115: Port Redirection

    4.4.8.2.2 Port Redirection This function allows any incoming data addressed to a specific service port number (from the Internet/WAN Port) to be redirected to an internal IP address. Forwarding Mode: Click the Port Redirection radio button to change to Port Redirection mode.

  • Page 116: Advanced

    Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the RF10. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff.

  • Page 117: Dynamic Dns

    Destination: This is the destination subnet IP address. Netmask: This is the subnet mask of the destination IP addresses based on above destination subnet IP. Gateway: This is the gateway IP address to which packets are to be forwarded. Interface: Select the interface through which packets are to be forwarded. Cost: This is the same meaning as Hop.
  • Page 118 You will first need to register and establish an account with the Dynamic DNS provider using their website, Example: DYNDNS http://www.dyndns.org/ (RF10 supports several Dynamic DNS providers , such as www.dyndns.org www.orgdns.org , www.dhs.org, www.dyns.cx, www.3domain.hk, www.dyndns.org , www.3322.org ) Dynamic DNS: Disable: Check to disable the Dynamic DNS function.

  • Page 119: Device Management

    4.4.9.3 Device Management The Device Management Advanced Configuration settings allow you to control your router’s security options and device monitoring features. Device Name Name: Enter a name for this device. Web Server Settings HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use.

  • Page 120: Save Configuration To Flash

    4.5 Save Configuration To Flash After changing the router’s configuration settings, you must save all of the configuration parameters to flash memory to avoid them being lost after turning off or resetting your router. Click Apply to write your new configuration to flash memory. 4.6 Logout To exit the router’s web interface, click Logout.

  • Page 121: Chapter 5: Troubleshooting

    5.1.2 LEDs Never Turn Off When your RF10 is turned on, the LEDs turn on for about 10 seconds and then turn off. If all the LEDs stay on, there may be a hardware problem. If all LEDs are still on one minute after powering up: - Cycle the power to see if the router recovers.

  • Page 122: Lan Or Internet Port Not On

    Please note that both the User Name and Password are case-sensitive. If this fails, you can restore your RF10 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink. Then enter the default User Name and Password to access your router.

  • Page 123: Lan Interface

    - Check the 10/100 LAN LEDs on the RF10’s front panel. One of these LEDs should be on. If they are both off, check the cables between the RF10 and the hub or PC. - Check the corresponding LAN LEDs on your PC’s Ethernet device are on.
  • Page 124 - Check to see if your browser had Java, JavaScript, or ActiveX enabled. If you are using Internet Explorer, click Refresh to ensure that the Java applet is loaded. - Try closing the browser and re-launching it. - Make sure you are using the correct User Name and Password. User Names and Passwords are case-sensitive, so make sure that CAPS LOCK is not on when entering this information.

  • Page 125: Pop-Up Windows

    To use the Web Configuration Interface, you need to disable pop-up blocking. You can either disable pop-up blocking, which is enabled by default in Windows XP Service Pack 2, or create an exception for your RF10’s IP address. Disabling All Pop-ups In Internet Explorer, select Tools >...

  • Page 126: Javascripts

    5.2.3.2 Javascripts If the Web Configuration Interface is not displaying properly in your browser, check to make sure that JavaScripts are allowed. 1. In Internet Explorer, click Tools > Internet Options. 2. Under the Security tab, click Custom Level. 3. Under Scripting, check to see if Active scripting is set to Enable. 4.

  • Page 127: Java Permissions

    5.2.3.3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly: 1. In Internet Explorer, click Tools > Internet Options. 2. Under the Security tab, click Custom Level. 3. Under Microsoft VM*, make sure that a safety level for Java permissions is selected.

  • Page 128: Wan Interface

    Password. Note that user names and passwords are case-sensitive. - If your ISP requires MAC address authentication, clone the MAC address from your PC on the LAN as the RF10’s WAN MAC address. - If your ISP requires host name authentication, configure your PC’s name as the RF10’s system name.

  • Page 129: Isp Connection

    Unless you have been assigned a static IP address by your ISP, your RF10 will need to request an IP address from the ISP in order to access the Internet. If your RF10 is unable to access the Internet, first determine if your router is able to obtain a WAN IP address from the ISP.
  • Page 130 If an IP address cannot be obtained: 1. Turn off the power to your cable or DSL modem. 2. Turn off the power to your RF10. 3. Wait five minutes and power on your cable or DSL modem. 4. When the modem has finished synchronizing with the ISP (generally shown by LEDs on the modem), turn on the power to your router.

  • Page 131: Problems With Date And Time

    5.5 Problems with Date and Time If the date and time is not being displayed correctly, be sure to set it for your RF10 via the Web Configuration Interface. Both date and time can be found under Configuration > System > Time Zone.

  • Page 132: Appendix A: Product Specifications

    Virtual Private Network - IPSec VPN, supports up to 10 IPSec tunnels - VPN performance is up to 10 Mbps - Manual key, Internet Key Exchange (IKE) authentication and Key Management - Authentication (MD5 / SHA-1) - DES/3DES encryption - AES 128/192/256 encryption - IP Authentication Header (AH) - IP Encapsulating Security Payload (ESP) - Dynamic VPN (FQDN) support...
  • Page 133 Network Protocols and Features - Web Diagnostics - System Logs - PPPoE, PPTP, Big Pond and DHCP client connections to the ISP - NAT, static routing and RIP-2 - Dynamic Domain Name System (DDNS) - Virtual Server and DMZ - DHCP Server - NTP Physical Interface Ethernet WAN 2 ports (10/100 Base-T), support Auto- Crossover (MDI/MDIX)

  • Page 134: Appendix B: Customer Support

    Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Worldwide http://www.Cometlabs.com/ User Manual v5.0 134 / 161...

  • Page 135: Appendix C: Fcc Interference Statement

    This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: - This device may not cause harmful interference. - This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.

  • Page 136: Appendix D: Network, Routing, And Firewall Basics

    D.1 Network Basics D.1.1 IP Addresses With the number of TCP/IP networks interconnected across the globe, ensuring that transmitted data reaches the correct destination requires each computer on the Internet has a unique identifier. This identifier is known as the IP address. The Internet Protocol (IP) uses a 32-bit address structure, and the address is usually written in dot notation.

  • Page 137: Subnet Addressing

    192.168.234.245/24, which means that the net mask is 24 ones followed by 8 zeros. (11111111 11111111 11111111 00000000). D.1.1.2 Subnet Addressing Subnet addressing enables the split of one IP network address into multiple physical networks. These smaller networks are called subnetworks, and these subnetworks can make efficient use of each address when compared to needing a different network number at each end of a routed link.

  • Page 138: Network Address Translation (Nat)

    In addition, other information such as gateway and DNS address can also be assigned with a DHCP server. When connecting to the ISP, the RF10 also functions as a DHCP client. The RF10 can automatically obtain an IP address, subnet mask, gateway address, and DNS server addresses if the ISP assigns this information via DHCP.

  • Page 139: Router Basics

    Routers can vary in performance and scale, the types of physical WAN connection they support, and the number of routing protocols supported. The RF10 offers a convenient and powerful way for small-to-medium businesses to connect their networks.

  • Page 140: Firewall Basics

    User-level applications such as Web browsers and FTP can make complex network traffic patterns, which the RF10 analyzes by looking at groups of connection states. All state information is stored in a central cache. Traffic passing through the firewall is analyzed against these states, and then is either allowed to pass through or rejected.

  • Page 141: Why Use A Firewall

    Internet. Still, there are ways for more dedicated hackers to either obtain information about your network or disrupt your network’s Internet access. Your RF10 provides an extra level of protection from such attacks with its built-in firewall.

  • Page 142: Appendix E: Virtual Private Networking

    E.1 What is a VPN? A Virtual Private Network (VPN) is a shared network where private data is segmented from other traffic so that only the intended recipient has access. It allows organizations to securely transmit data over a public medium like the Internet. VPNs utilize tunnels, which allow data to be safely delivered to the intended recipient.

  • Page 143: What Is Ipsec

    E.2 What is IPSec? Internet Protocol Security (IPSec) is a set of protocols and algorithms that provide data authentication, integrity, and confidentiality as data is transferred across IP networks. IPSec provides data security at the IP packet level, and protects against possible security risks by protecting data.

  • Page 144: Encapsulating Security Payload (Esp)

    A typical AH packet looks like this: Next Payload Reserved Header Length Sequence Number Authentication Data E.2.1.2 Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) provides privacy for data through encryption. An encryption algorithm combines the data with a key to encrypt it. It then repackages the data using a special format, and transmits it to the destination.

  • Page 145: Security Associations (Sa)

    A typical ESP packet looks like this: Sequence Number Data Next Lengt Heade Authentication Data E.2.1.3 Security Associations (SA) Security Associations are a one-way relationships between sender and receiver that specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizations to control according to the security policy in effect, which resources may communicate securely.

  • Page 146: Ipsec Modes

    E.2.2 IPSec Modes To exchange data between different types of VPNs, IPSec provides two major modes: - Tunnel Mode This mode is used for host-to-host security. Protection extends to the payload of IP data, and the IP addresses of the hosts must be public IP addresses. Transport Mode - This mode is used to provide data security between two networks.

  • Page 147: Tunnel Mode Ah

    E.2.3 Tunnel Mode AH AH is typically applied to a data packet in the following manner: < Data ) # * & Org IP Data New IP & E.2.4 Tunnel Mode ESP Here is an example of a packet with ESP applied: <...

  • Page 148: Internet Key Exchange (Ike)

    E.2.5 Internet Key Exchange (IKE) Before either AH or ESP can be used, it is necessary for the two communication devices to exchange a secret key that the security protocols themselves will use. To do this, IPSec uses Internet Key Exchange (IKE) as a primary support protocol. IKE facilitates and automates the SA setup, and exchanges keys between parties transferring data.
  • Page 149 The following is an illustration on how data is handled with IKE: Aggressive Mode Main Mode ) * & 8 5# * & & ) # * Quick Mode Quick Mode * & Without PFS With PFS & , / * # User Manual v5.0 149 / 161...

  • Page 150: Appendix F: Ipsec Logs And Events

    F.1 IPSec Log Event Categories There are three major categories of IPSec Log Events for your RF10. These include: 1. IKE Negotiate Packet Messages 2. Rejected IKE Messages 3. IKE Negotiated Status Messages The table in the following section lists the different events of each category, and provides a detailed explanation of each.
  • Page 151 response message of ISAKMP authentication. Received Aggressive mode Received the first message of aggressive mode. initial ISAKMP Message Send Aggressive mode first Sending the first response message of aggressive mode. Done to response message of ISAKMP exchange proposal and key values. Received Aggressive mode first Received the first response message of aggressive mode.

  • Page 152: Appendix G: Bandwidth Management With Qos

    Internet. When too many are accessing the Internet at the same time, service can slow to a crawl, causing service interruptions and general frustration. Quality of Service (QoS) is one of the ways the RF10 can optimize the use of bandwidth, ensuring a smooth and responsive Internet connection for all users.

  • Page 153: How Does Qos Work

    groups of users at home or in the office. QoS keeps your Internet connection smooth and responsive. G.3 How Does QoS Work? QoS employs three different methods for optimizing bandwidth: -Prioritization: Assigns different priority levels for different applications, prioritizing traffic. High, Normal and Low priority settings. -Outbound and Inbound IP Throttling: Controls network traffic and allows you to limit the speed of each application.

  • Page 154: Office Users

    Internet connection. QoS is designed for managing traffic flow and bandwidth to solve this problem. You can first classify different applications (online games, FTP, Skype, email) as shown in the table below. Then, you can manage and prioritize the flow of bandwidth at different levels (e.g. 30% for games, 20% for downloads, 10% for email, 20% for FTP, and 35% for others).

  • Page 155: Appendix H: Router Setup Examples

    H.1 VPN Configuration This section outlines some concrete examples on how you can configure the RF10 for your VPN. H.1.1 LAN to LAN Branch Office Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 192.168.0.0...
  • Page 156 IP Address 192.168.1.0 192.168.0.0 Netmask 255.255.255.0 255.255.255.0 Proposal IKE Pre-shared Key 12345678 12345678 Security Algorithm Main Mode; Main ESP: 3DES 3DES User Manual v5.0 156 / 161...

  • Page 157: Host To Lan

    H.1.2 Host to LAN Single client Head Office Local IP Address IP Address Data 69.121.1.30 69.121.1.3 Network Any Local Address Any Local Address IP Address 0.0.0.0 192.168.1.0 Netmask 0.0.0.0 255.255.255.0 Remote Secure Gateway Address(or 69.121.1.3 69.121.1.30 Hostname) IP Address IP Address Data 69.121.1.3 69.121.1.30...
  • Page 158 Security Algorithm Main Mode; Main ESP: 3DES 3DES User Manual v5.0 158 / 161...

  • Page 159: Vpn Concentrator

    H.2 VPN Concentrator Step 1: !" % ! K 4 & User Manual v5.0 159 / 161...
  • Page 160 Step 2: !" % ! K 4 Step 3: !" % ! K 4 & User Manual v5.0 160 / 161...
  • Page 161 Step 4: !" % ! K 4 Step 5: Click Save Config to save all changes to flash memory. User Manual v5.0 161 / 161...

Table of Contents