MicroNet SP880B User Manual

Broadband vpn router

Advertisement

Quick Links

User's Manual
Broadband VPN Router
Model No.: SP880B
http://www.micronet.info

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SP880B and is the answer not in the manual?

Questions and answers

Summary of Contents for MicroNet SP880B

  • Page 1 User’s Manual Broadband VPN Router Model No.: SP880B http://www.micronet.info...
  • Page 2: Table Of Contents

    Table of Content ------------------------------------------------------------------------------------------------------------------------- INTRODUCTION ......................... 4 Package Contents ................4 Features .................... 5 System Requirement................. 5 Physical Description................6 INSTALLATION ........................8 Hardware Installation................. 8 Access Router ................... 8 BASIC CONFIGURATION ....................15 Primary Setup.................. 15 LAN & DHCP................... 16 ADVANCED PORT SETUP....................
  • Page 3 MANAGEMENT ASSISTANT.................... 53 Administration Setup ............... 53 Email Alert ..................54 SNMP ....................55 Syslog....................56 Upgrade Firmware ................57 SYSTEM INFORMATION....................59 10.1 System Status ................. 59 10.2 WAN Status ..................61 SPECIFICATIONS ......................64 APPENDIX C TROUBLESHOOTING ..................65...
  • Page 4: Introduction

    1. Introduction Micronet SP880B Broadband VPN Router is an ideal broadband router for establishing VPN connection. It supports up to 20 IPSec VPN tunnels which helps users to setup widely private network application for small and medium office. SP880B's highly configurable built-in network firewall provides you with the power to choose the specific services allowed through your network, while keeping all malicious Internet attackers out.
  • Page 5: Features

    1.2 Features Micronet SP880B provides the following features: Support IPSec VPN for remote resource sharing by secure tunneling technology Provide 4 ports of 10/100M Ethernet for connecting to a home or office network Support Priority QoS by source and destination IP, MAC address and QoS-ToS service...
  • Page 6: Physical Description

    1.4 Physical Description 1.4.1 Front Panel SP880B Front Panel POWER LED This LED comes on when the router is properly connected to power. Port LEDs Every RJ-45 port on the front panel has two relevant LEDs (10/100M; LINK/ACT) for indicating the connection speed and activity status.
  • Page 7 DC 5V Connect the supplied power adapter here. Reset After pressing and releasing the reset button, the router will reboot (restart) within 1 second and resets to default if button is pressed for over 3 seconds. (Please refer to default setting below) LAN Ports Connect the PCs to these ports.
  • Page 8: Installation

    3. Connect the network cable from your DSL/Cable modem to the WAN port of the SP880B. 4. Connect the power adapter to the power jack on the rear of SP880B, and then plug the power adapter into the power outlet.
  • Page 9 Windows 95/98/Me a. Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. b. Double-click the Network icon. The Network window will appear. c. Check your list of Network Components. If TCP/IP is not installed, click the Add button to install it now.
  • Page 10 Windows XP Click the Start button and select Settings, then click Network Connections. The Network Connections window will appear. Double-click Local Area Connection icon. The Local Area Connection window will appear. Check your list of Network Components. You should see Internet Protocol [TCP/IP] on your list.
  • Page 11 Windows 2000 Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. Double-click Network and Dial-up Connections icon. In the Network and Dial-up Connection window, double-click Local Area Connection icon. The Local Area Connection window will appear. In the Local Area Connection window, click the Properties button.
  • Page 12 Windows NT a. Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. b. Double-click Network icon. The Network window will appear. Select the Protocol tab from the Network window. c. Check if the TCP/IP Protocol is on your list of Network Protocols. If TCP/IP is not installed, click the Add button to install it now.
  • Page 13 2. Restart your computer if necessary. 3. Open the Internet Explorer and type http://192.168.1.1 (broadband router’s IP address) into the browser address window to access the SP880B. 4. Login information request page will pop up as shown below. Key in the user name field...
  • Page 14 as “admin” and leave the password field blank. Note: By default there is no password. For security reasons it is recommended that you change the password as soon as possible. 5. The home page will show up after login in process as shown below. 6.
  • Page 15: Basic Configuration

    3. Basic Configuration SP880B provides a web-based interface, allowing users to configure and manage the router remotely from web browser. 3.1 Primary Setup Select Primary Setup from the menu, to see a screen like the example below. • Configure WAN as required.
  • Page 16: Lan & Dhcp

    (Usually, your ISP will provide some PPPoE software. This software is no longer required, and should not be used.) If this method is selected, you must complete the PPPoE dialup fields. • PPTP Connection – This is for PPTP users only. 1.
  • Page 17 configuration is required. The DHCP Server function in the Router must be disabled. Your DHCP Server must be configured to provide the Router's LAN IP address as the "Default Gateway". Your DHCP Server must provide correct DNS addresses to the PCs. Figure: LAN &...
  • Page 18 Any IP”, it means no matter what static IP address the client (your PC) has. It does not need to change the IP address, even though it has a different IP segment than LAN segment. It still can access Internet through NAT. DHCP Lease Time –...
  • Page 19: Advanced Port Setup

    4. Advanced Port Setup Overview Port Options contains some options for the WAN port. For most situations, the default values are satisfactory. Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WAN ports. It can also be used to manually connect or disconnect a PPPoE session.
  • Page 20: Advanced Pppoe

    Alive Indicator or gateway is received, the connection is considered OK. If there is no response received after 4 tries, the connection is considered as failed. HTTP: The device gets TCP connection with the Alive Indicator first. Then the device sends HTTP HEAD packet to the Alive Indicator.
  • Page 21 Figure: Advanced PPPoE Settings – Advanced PPPoE Select WAN Select WAN Port & PPPoE Session – Select the desired WAN Port & port and PPPoE session from the pull-down menu and click the Session Select button. The screen will then show the data for the selected Port/Session.
  • Page 22: Advanced Pptp

    trigger'. Echo Time –To determine how often an Echo request is sent to the PPPoE server. Normally, leave this setting at its default value. Echo Retry –To determine the maximum number times that the Echo request is allowed to be sent to the PPPoE server until a response is received.
  • Page 23 WAN IP • User Name – The PPTP user name (login name) assigned by Account your ISP. • Password – The PPTP password associated with the User Name above. This is assigned by your ISP, and used to login to the PPTP Server.
  • Page 24: Advanced Configuration

    5. Advanced Configuration Overview The following advanced features are provided. Host IP Setup Routing Virtual Server Special Applications Dynamic DNS Multi DMZ UPnP Setup NAT Setup Advanced Feature This chapter contains details on the configuration and the usage of these features. 5.1 Host IP Setup This feature is used in the following situations: •...
  • Page 25 Figure: Host IP Setup Settings – Host IP Setup Host Network This section identifies each Host (PC) Identity • Host name – Enter a suitable name. Generally, you should use the "Hostname" (computer name) defined on the Host itself. • MAC Address –...
  • Page 26: Routing

    Host & Group This table shows the current bindings. List 5.2 Routing This section is only relevant if your LAN has other Routers or Gateways. If you don't have other Routers or Gateways on your LAN, you can ignore the Static Routing page completely.
  • Page 27 segment. • Netmask –The subnet mask used to select the bits from an IP Address that corresponds to the subnet. • Gateway –The router that the packets destined for the subnet with Network Address will be forwarded to. • Interface – The device's port that the packets destined for the subnet with Network Address will be passed through.
  • Page 28: Virtual Servers

    Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.1.100 Interface Metric For Router A's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.1.1 Metric For Router B's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.2.80...
  • Page 29 Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols. Connecting to the Virtual Servers Once configured, anyone on the Internet can connect to your Virtual Servers. They must use the Router's Internet IP Address (the IP Address allocated by your ISP). e.g.: http://205.20.45.34 ftp://205.20.45.34...
  • Page 30: Special Applications

    Virtual Server • Enable – To activate or deactivate the current entry. Configuration • Server Name – A unique name for identifying the virtual server. • Protocol – Select the protocol (either TCP or UDP) used by the server software. •...
  • Page 31: Dynamic Dns

    Settings – Special Applications Special Application • Enable – Use this to Enable or Disable this Special Configuration Application as required. • Name – Enter a descriptive name to identify this Special Application. • Outgoing Protocol – Select the protocol used by this application, when sending data to the remote server or •...
  • Page 32 TZO at http://www.tzo.com 3322 is available in China at http://www.3322.org To use the Dynamic DNS feature Register for the service from your preferred service provider. Follow the service provider's procedure to get a Domain Name (Host name) allocated to you. Configure the Dynamic DNS screen, as shown below.
  • Page 33: Multi Dmz

    “DynDNS” • User Defined DDNS Server – This is the user defined DDNS server. If the DDNS other than TZO, dyndns.org and 3322. Additional These options are available to the standard client. Settings • Enable Wildcard – If selected, traffic sent to sub-domains (of your Domain name) will also be forwarded to you.
  • Page 34: Upnp

    • Public IP – The public IP (or PPPoE session) that the current DMZ entry is bound on. • Private IP (LAN) – The IP address of the server in the DMZ • Access Group – To specify which Access Group will be applied.
  • Page 35: Nat Setup

    5.8 NAT Setup NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP address to be used by many LAN users. Figure: NAT Settings – NAT • NAT Routing –Enables or disables NAT routing by checking Configuration or un-checking the checkbox.
  • Page 36: Advanced Features

    packets prior to TCP receiving an acknowledgement. The default is 0 (no limit). • TCP MSS Limit –The largest amount of data that can be transmitted in one TCP packet. The default is 0 (no change). • NAT Port Option Non-Port-Translation –To keep the source port number unchanged for TCP/UDP sessions on the specified Port Range.
  • Page 37 Figure: Advanced Features Settings – Advanced Features External Filters Block Selected ICMP Types –This acts as "master" switch. If Configuration checked, the selected packet types will be blocked. Otherwise, they will be accepted. DNS Loopback When you have some servers on LAN and their domain names have already registered on public DNS.
  • Page 38 provides a means of determining the identity of a user on a particular TCP connection. By default the device is stealth for this port. Enable will close the port, not stealth. SMTP Binding –To determine if the SMTP packets are bound on the WAN port.
  • Page 39: Security Management

    6. Security Management Overview URL Filter - It can block specific website by configuring IP address, URL or Key words Access filter - You can block all Internet access or select block well-known port or block user defined ports by groups. Session Limit - It can limit users access to Internet, and send email alert to the administrator if the device detect new sessions that exceeds the maximum sampling time.
  • Page 40: Access Filter

    Access Group • Select Group – A group that current rule is applied for • URL Filter Type –The Filter type (Block/Allow) that current group is set to use. Block Internet Access: All the web page accesses will be blocked if the target is found in the packets. Allow Interne Access: All the web page accesses will be permitted if the target is found in the packets.
  • Page 41: Session Limit

    Figure: Access Filter Settings – Access Filter Access Group The Group that the current rule is applied to. To apply the restrictions to everyone, select the Default group. All users (Hosts) are in the default group unless moved to another group on the Host IP screen Filter Setting •...
  • Page 42: Sysfilter Exception

    Figure: Session Limit Settings – Session Limit Outgoing New • Session Limit – Check this to enable limiting sessions. Session • Sampling Time – The period to count the new sessions. Only those new sessions which occurred in the most recently Sampling Time are counted for limit checking.
  • Page 43 rejected. If you want the device to accept the specific packets, you should build the corresponding exception rules here. Figure: SysFilter Exception Settings – SysFilter Exception • System Filter Enable –To activate or deactivate this rule. Exception Rules • Interface – The port that the packets enter the device on. •...
  • Page 44: Vpn Configuration

    VPN products are not interoperable. Although the SP880B VPN Router can interoperate with many other VPN products, it is not possible for SP880B VPN Router to provide specific technical support for every other product.
  • Page 45 Figure: IKE Global Setup Settings – IKE Global Setup. IP Global • Enable Setting – If you checked the box, this will start VPN Setting global setting. • ISAkmp Port – Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes.
  • Page 46: Ipsec Policy Setup

    NAT Traversal Port – If there is other router on the network and didn’t support VPN pass through, when you connect the SP880B to the router and want to make a VPN connection, this function will allow the VPN packets to pass through the router and make a VPN connection without any problem.
  • Page 47 Figure: IPSec Policy Setup Settings – IPSec Policy Setup Policy Entry • Tunnel Name – Given a name for this tunnel. • State – Enable/Disable VPN policy state. Traffic Binding • Interface – Select WAN1 for binding VPN tunnel. Local Identity •...
  • Page 48 address) as your remote side security gateway. Security Level • Encryption Method – It specifies the encryption mechanism to use. Data encryption makes the data unreadable if intercepted. There are three encryption method available; DES/3DES and AES. The default is null. •...
  • Page 49 limit. Tunnel List • List all VPN tunnel that you have configured, so you can modify, update, and delete each VPN record.
  • Page 50: Qos Configuration

    8. QoS Configuration Overview The Router supports QoS, providing high quality of network service. It will classify outgoing packets based on policies defined by users and provide better response or performance to various real-time applications. 8.1 QoS Setup The following web page management will guide you on how to setup QoS and make QoS work.
  • Page 51: Qos Policy

    8.2 QoS Policy By setting the QoS policy, you can assign a higher/lower priority (based on your configuration) to received packets to pass through this device. You can define some policies which classify received packets based on source/destination IP, MAC, port and protocol type.
  • Page 52 responding queue. Otherwise it is assigned the lowest priority to pass through...
  • Page 53: Management Assistant

    9. Management Assistant Overview The following advanced features are offered. Administration Setup Email Alert SNMP Syslog Upgrade Firmware 9.1 Administration Setup This chapter contains details on the configuration and use of each of these features. The password screen allows you to assign a password to the Router and enable /disable the remote access mechanism.
  • Page 54: Email Alert

    Enter "Admin" for the User Name. Enter the password for the Router, as set on the Admin Password screen above. 9.2 Email Alert This feature will send a warning Email to inform system administrator that one of the WAN ports is disconnected. Email Alert –...
  • Page 55: Snmp

    Email Alert The purpose of email alert is in the event a WAN port is Configuration disconnected or mal-functions, it will send an email message to inform the recipient. • Email (SMTP) Server Address – The e-mail server address. (ex: mail.yourdomain.com) •...
  • Page 56: Syslog

    Settings – SNMP System This is the system information which will identify this device. Information Community A relationship between a SNMP agent and a set of SNMP managers that defines authentication, access control and proxy characteristics. Trap Targets Up to three IP addresses can be entered. Trap information will be sent to these addresses.
  • Page 57: Upgrade Firmware

    Settings – Syslog Configuration Syslog Delivery • Sending Out – If checked, the device will send syslog messages to other machines (log servers). • Keep Sent Message – If checked, the sent messages will be kept on the device, otherwise they will be deleted •...
  • Page 58 Figure: Firmware Upgrade Screen You can backup your system configuration by press “save” button of Save System Configuration. It will save the system configuration for you. (Notice: You have to refresh the browser after you saved the system configuration file) You also can do firmware upgrade by input the correct password and the file name of your firmware.
  • Page 59: System Information

    10. System information 10.1 System Status Use the System Status link on the main menu to view this screen. Figure 9-1: System Status Data – System Status Interface • Connection Status – Current status – either "Connected" or Information "Not connected". •...
  • Page 60 (Domain Name Server. • MAC Address – The MAC (physical) address of the Router, as seen from the Internet. • IP Address – The LAN IP Address of the Router. Information • Subnet Mask – The Network Mask (Subnet Mask) for the IP Address above.
  • Page 61: Wan Status

    Figure: Restore Factory Defaults If the "Restore Default Value" button on this screen is clicked: ALL of your settings will be erased. The default IP address, password and ALL other settings will be restored to the factory default values. The DCHP server function will be enabled. These changes mean that the current connection is invalid, and you will have to re-connect to the Router using its default IP address (192.168.1.1).
  • Page 62 the WAN ports. • Current Loading – The number of sessions, Bytes and Packets currently being processed on each port. • Current Bandwidth – The current Download and Upload speeds on each WAN port. • "Check NAT Detail" will display the NAT Status screen, described below.
  • Page 63 Data – NAT Status Active • Interface – LAN and WAN interface of the Routerr. Interface IP • IP Address – The WAN (Internet) & LAN IP Address of Info the Router. • Subnet Mask – The Network Mask (Subnet Mask) for the IP Address above NAT Timeouts This displays the current timeout values for TCP and UDP...
  • Page 64: Specifications

    11. Specifications IEEE802.3, IEEE802.3u Standard 1 10/100M RJ-45 WAN port Interface 4 10/100M RJ-45 LAN ports 10BASE-T: Category 3, 4, 5 UTP/STP Cable Connections 100BASE-TX: Category 5 UTP/STP Auto Uplink (Auto MDI / MDI-X) Uplink Security: NAT, UPAP, CHAP Network: TCP/IP, HTTP, DHCP, PPP, UPAP, PPPoE, Protocol Multi-session PPPoE, ICMP, APR proxy Routing: Static route for WAN &...
  • Page 65: Appendix C Troubleshooting

    Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Router and some possible solutions to them. If you follow the suggested steps and the Router still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the Router to configure it.
  • Page 66 (DSL/Cable modem etc) to see if it is working correctly. Problem 2: Some applications do not run properly when using the Router. Solution 2: The Router processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly.

This manual is also suitable for:

Sp883b

Table of Contents