1. Manuals
  2. Brands
  3. MicroNet Manuals
  4. Gateway
  5. SP891
  6. User manual

MicroNet SP891 User Manual

Multi-wan security
Hide thumbs
Table of Contents

Advertisement

Quick Links

User's Manual
Multi-WAN Security Gateway
Model No.: SP891
http://www.micronet.info

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SP891 and is the answer not in the manual?

Questions and answers

Related Manuals for MicroNet SP891

Summary of Contents for MicroNet SP891

  • Page 1 User’s Manual Multi-WAN Security Gateway Model No.: SP891 http://www.micronet.info...

  • Page 2: Table Of Contents

    Table of Content ------------------------------------------------------------------------------------------------------------------------- INTRODUCTION ......................... 4 Package Contents ................4 Features .................... 5 System Requirement................. 5 Physical Description................6 INSTALLATION ........................8 Hardware Installation................. 8 Access Router ................... 8 BASIC CONFIGURATION ....................15 Primary Setup.................. 15 LAN & DHCP................... 17 ADVANCED PORT SETUP....................
  • Page 3 Email Alert ..................51 SNMP ....................52 Syslog....................53 Upgrade Firmware ................54 SYSTEM INFORMATION....................56 System Status ................. 56 WAN Status ..................58 SPECIFICATIONS ......................61 APPENDIX C TROUBLESHOOTING ..................62...

  • Page 4: Introduction

    1. Introduction Micronet SP891 Multi-WAN Security Gateway is equipped with two WAN ports for different kinds of Internet access (xDSL/Cable/Fixed IP) to satisfy high Internet bandwidth demands in enterprise environments. Network administrators may bind different kinds of Internet access to designated WAN interfaces to enable load balancing for optimization of network loading.

  • Page 5: Features

    1.2 Features Micronet SP891 provides the following features: Provide 2 WAN ports for Load Balance and outbound fail-over function to ensure Internet service always available Provide 4 ports of 10/100M Ethernet for connecting to a home or office network Support Priority QoS by source and destination IP, MAC address and QoS-ToS service...

  • Page 6: Physical Description

    1.4 Physical Description 1.4.1 Front Panel SP891 Front Panel POWER LED This LED comes on when the router is properly connected to power. Port LEDs Every RJ-45 port on the front panel relevant two LEDs (10/100M; LINK/ACT) for indicating the connection speed and activity status.
  • Page 7 WAN2 LINK/ACT & 10M/100M LEDs solid On Timer/Interrupt error LAN1 LINK/ACT & 10M/100M LEDs solid On LAN/WAN error 1.4.2 Rear Panel SP891 Rear Panel DC 5V Connect the supplied power adapter here. WAN 2 Connect the 2 Broadband Modem here, if available.

  • Page 8: Installation

    3. Connect the network cable from your DSL/Cable modem to the WAN port of the SP891. 4. Connect the power adapter to the power jack on the rear of SP891, and then plug the power adapter into the power outlet.
  • Page 9 Windows 95/98/Me a. Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. b. Double-click Network icon. The Network window will appear. c. Check your list of Network Components. If TCP/IP is not installed, click the Add button to install it now.
  • Page 10 Windows XP Click the Start button and select Settings, then click Network Connections. The Network Connections window will appear. Double-click Local Area Connection icon. The Local Area Connection window will appear. Check your list of Network Components. You should see Internet Protocol [TCP/IP] on your list.
  • Page 11 Windows 2000 Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. Double-click Network and Dial-up Connections icon. In the Network and Dial-up Connection window, double-click Local Area Connection icon. The Local Area Connection window will appear. In the Local Area Connection window, click the Properties button.
  • Page 12 Windows NT a. Click the Start button and select Settings, then click Control Panel. The Control Panel window will appear. b. Double-click Network icon. The Network window will appear. Select the Protocol tab from the Network window. c. Check if the TCP/IP Protocol is on your list of Network Protocols. If TCP/IP is not installed, click the Add button to install it now.
  • Page 13 2. Restart your computer if necessary. 3. Open the Internet Explorer and type http://192.168.1.1 (broadband router’s IP address) into the browser address window to access the SP891. 4. You will see the Login information request page popping up as shown below. Key in the...
  • Page 14 user name field as “admin” and leave the password field blank. Note: By default the password is empty. For security reasons it is recommended that you change the password as soon as possible. 5. The home page will show up after login in process as the figure below. 6.

  • Page 15: Basic Configuration

    3. Basic Configuration SP891 provides a web-based interface, allowing users to configure and manage the router remotely from web browser. 3.1 Primary Setup Select Primary Setup from the menu, to see a screen like the example below. • Configure WAN 1 and/or WAN 2 as required.
  • Page 16 connected to this port. Backup – Use this if you have a broadband modem on each port, and wish to normally use only one. Select Enable for the primary port, and Backup for the secondary port. The Backup port will only be used if the primary port fails. •...

  • Page 17: Lan & Dhcp

    you can enter the MAC address expected by your ISP in this field. Otherwise, this should be left at the default value. Setup of the Router is now completed. PCs on your LAN must now be configured. See the following section for details. 3.2 LAN &...
  • Page 18 • Subnet Mask - The default value 255.255.255.0 is standard for small (class "C") networks. For other networks, use the Subnet Mask for the LAN segment to which the Router is attached (the same value as the PCs on that LAN segment).
  • Page 19 examining the LAN, rather than allocated by the DHCP Server. In this case, the Name is usually not known. • Time Left – The time expired since which IP address is leased.

  • Page 20: Advanced Port Setup

    4. Advanced Port Setup Overview Port Options contains some options, which can be set on either or both WAN ports. For most situations, the default values are satisfactory. Load Balance screen is only functional if you are using both WAN ports. It allows you to determine the proportion of WAN traffic sent through each port.
  • Page 21 1. If the input box is filled (NAME or IP address): the host is used. 2. If the input box is left blank: gateway of WAN interface will be used. Then if one ICMP echo reply packet from Alive Indicator or gateway is received, the connection is considered OK.

  • Page 22: Load Balance

    (eg. WAN2) interface with its original IP (if checked) or with an alternative WAN IP (if unchecked). That is, NAT is performed. • ARP Table – ARP Table is used by the device to determine the bridge hosts location (eg. inside/outside WAN and which WAN).

  • Page 23: Advanced Pppoe

    1. Bytes Tx + Rx: The link with the least number of bytes transmitted through the WAN port. 2. Packets Tx + Rx: The link with the least number of packets transmitted through the WAN port. 3. Sessions Established: The link with the least number of sessions built on the WAN port.

  • Page 24: Advanced Pptp

    Settings – Advanced PPPoE Select WAN Select WAN Port & PPPoE Session – Select the desired WAN port Port & and PPPoE session from the pull-down menu and click the Select Session button. The screen will then show the data for the selected Port/Session.
  • Page 25 Figure: Advanced PPTP Settings – Advanced PPTP WAN Port Used if you choose PPTP on Static/Dynamic IP as your connection setup from primary setup. You may use PPTP manual dialup in this page or use Port Options for auto dialup on demand or always connected •...
  • Page 26 disconnect, then you have to connect/disconnect manually. • Disconnect After Idle –To decide the timeout for disconnecting when there is no traffic on the connection. Enter -1 to keep the connection always alive. Enter 0 to enable 'dial on demand by trigger'.

  • Page 27: Advanced Configuration

    5. Advanced Configuration Overview The following advanced features are provided. Host IP Setup Routing Virtual Servers Special Applications Dynamic DNS Multi DMZ UPnP NAT Setup Advanced Features This chapter contains details of the configuration and usage of these features. 5.1 Host IP Setup This feature is used in the following situations: •...
  • Page 28 Figure: Host IP Setup Settings – Host IP Setup Host Network This section identifies each Host (PC) Identity • Host name – Enter a suitable name. Generally, you should use the "Hostname" (computer name) defined on the Host itself. • MAC Address –...

  • Page 29: Routing

    disconnected, your packets cannot go out through WAN2 port, if WAN2 port is still alive. If you are selecting “Loose Binding” then when WAN1 port is disconnected, your packets will automatically go to WAN2, if WAN2 is alive. • Select WAN Port/Select PPPoE session – If the setting above is Enable, select the desired Port and Session.
  • Page 30 Settings – Routing Dynamic • RIP v2 – RIP is a dynamic routing protocol which is used to Routing direct traffic over the network. Disable it if you don't need to use it. • LAN, WAN1and WAN2 – If enabled, any WAN or LAN can execute RIP function.

  • Page 31: Virtual Servers

    For the Router Gateway's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the Router requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.168.2.0 Network Mask 255.255.255.0 Gateway IP Address 192.168.1.100 Interface Metric Entry 2 (Segment 2)
  • Page 32 Figure: Virtual Servers Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols. Connecting to the Virtual Servers Once configured, anyone on the Internet can connect to your Virtual Servers. They must use the Router's Internet IP Address (the IP Address allocated by your ISP).
  • Page 33 Figure: Virtual Server Settings – Virtual Server Virtual Server • Enable – To activate or deactivate the current entry. Configuration • Server Name – A unique name for identifying the virtual server. • Protocol – Select the protocol (either TCP or UDP) used by the server software.

  • Page 34: Special Applications

    5.4 Special Applications If you use Internet applications which have non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the firewall in the Router. In this case, you can define the application as a "Special Application" in order to make it work.

  • Page 35: Dynamic Dns

    • Once the Special Applications screen is configured correctly, you can use the application on your PC normally. Remember that only one (1) PC can use each Special application at any time. • Also, when 1 PC is finished using a particular Special Application, there may need to be a "Time-out"...
  • Page 36 Figure: Dynamic DNS Settings – Dynamic DNS Dynamic Use this to Enable/Disable the Dynamic DNS feature, and select the DNS Service required service provider. • Disable – Dynamic DNS is not used. • TZO – Select this to use the TZO service (www.tzo.com). You must configure the TZO section of this screen.

  • Page 37: Multi Dmz

    Update" button will update your record on the Dynamic DNS Server immediately 5.6 Multi DMZ This feature allows each WAN port IP address to be associated with one (1) computer on your LAN. All outgoing traffic from that PC will be associated with that WAN port IP address. Any traffic sent to that IP address will be forwarded to the specified PC, allowing unrestricted 2-way communication between the "DMZ PC"...

  • Page 38: Upnp

    Group1~Group4, respectively • Direction –To specify in which direction the Access Group will be applied: Outgoing, Incoming, Both. Multi DMZ List The List shows details of all DMZ that are currently defined. 5.7 UPnP With UPNP (Universal Plug & Play) function, it can easily setup and configure an entire network, enable discovery and control of the network devices and services.
  • Page 39 Figure: NAT Settings – NAT • NAT Routing –Enables or disables NAT routing by checking Configuration or un-checking the checkbox. If you disable NAT routing, this device will act as a Bridge or Static Router. Most features, including Load Balance, will be unavailable. If some packets have port numbers which cannot be translated for special applications, you must input value in port range for Disable Port Translation.

  • Page 40: Advanced Features

    • NAT Port Option Non-Port-Translation –To keep the source port number unchanged for TCP/UDP sessions on the specified Port Range. Some special applications do not allow the source port number to be translated. • Port Range – The Source Port Number Range for TCP and UDP protocol.
  • Page 41 Figure: Advanced Features Settings – Advanced Features External Filters Block Selected ICMP Types –This acts as "master" switch. If Configuration checked, the selected packet types are blocked. Otherwise, they are accepted. DNS Loopback When you have some servers on LAN and their domain names have already registered on public DNS.
  • Page 42 provides a means of determining the identity of a user on a particular TCP connection. By default the device is stealth for this port. Enable to make this port closed, not stealth. SMTP Binding –To determine if the SMTP packets are bound on the WAN port.

  • Page 43: Security Management

    6. Security Management Overview URL Filter - It can block specific website by configure IP address, URL or Key words Access filter - You can block all Internet access or select block well-known port or block user define ports by groups. Session Limit - It can eliminate users access Internet, and send email alert to the administrator.

  • Page 44: Access Filter

    Access Group • Select Group – A group that current rule is applied for • URL Filter Type –The Filter type (Block/Allow) that current group is set to use. Block Internet Access: All the web page accesses will be blocked if the target is found in the packets. Allow Interne Access: All the web page accesses will be permitted if the target is found in the packets.

  • Page 45: Session Limit

    Figure: Access Filter Settings – Access Filter Access Group The Group that the current rule is applied for. To apply restrictions to everyone, select the Default group. All users (Hosts) are in the default group unless moved to another group on the Host IP screen Filter Setting •...

  • Page 46: Sysfilter Exception

    Figure: Session Limit Settings – Session Limit Outgoing New • Session Limit – Check this to enable limiting sessions. Session • Sampling Time – The period to count the new sessions. Only those new sessions which occurred in the most recently Sampling Time are counted for limit checking.
  • Page 47 rejected. If you want the device to accept the specific packets, you should build the corresponding exception rules here. Figure: SysFilter Exception Settings – SysFilter Exception • System Filter Enable –To activate or deactivate this rule. Exception Rules • Interface – The port that the packets enter the device on. •...

  • Page 48: Qos Configuration

    7. QoS Configuration Overview The Router provides QoS, which supports the high quality of network service. Because it will classify outgoing packets based on some policies defined by users, make some real-time applications to get better response or performance. 7.1 QoS Setup The following web page management are guiding you how to setup QoS and make QoS work.

  • Page 49: Qos Policy

    7.2 QoS Policy Setting the QoS policy can assign received packets a higher/lower priority (based on your configuration) to pass through this device. You can define some policies which classify received packets based on source/destination IP, MAC, port and protocol type. This feature is useful when the WAN link is very busy or congested or when using special applications that need real time services such as Internet phone, video conference...etc.

  • Page 50: Management Assistant

    8. Management Assistant Overview The following advanced features are provided. Administration Setup Email Alert SNMP Syslog Upgrade Firmware 8.1 Administration Setup This chapter contains details of the configuration and use of each of these features. The password screen allows you to assign a password to the Router, and enable /disable the remote access mechanism.

  • Page 51: Email Alert

    Enter "Admin" for the User Name. Enter the password for the Router, as set on the Admin Password screen above. 8.2 Email Alert This feature will send a warning Email, inform system administrator that one of the WAN ports was disconnected. Email Alert –...

  • Page 52: Snmp

    Email Alert The purpose of email alert is in the event a WAN port is Configuration disconnected or mal-functions, it will send an email message to inform the recipient. • Email (SMTP) Server Address – The e-mail server address. (ex: mail.yourdomain.com) •...

  • Page 53: Syslog

    Settings – SNMP System This is the system information which will identify this device. Information Community A relationship between a SNMP agent and a set of SNMP managers that defines authentication, access control and proxy characteristics. Trap Targets Up to three IP addresses can be entered. Trap information will be sent to these addresses.

  • Page 54: Upgrade Firmware

    Settings – Syslog Configuration Syslog Delivery • Sending Out – If checked, the device will send syslog messages to other machines (log servers). • Keep Sent Message – If checked, the sent messages will be kept on the device, otherwise they will be deleted •...
  • Page 55 Figure: Firmware Upgrade Screen You can backup your system configuration by press “save” button of Save System Configuration. It will save the system configuration for you. (Notice: You have to refresh the browser after you saved the system configuration file) You also can do firmware upgrade by input the correct password and the file name of your firmware.

  • Page 56: System Information

    9. System information 9.1 System Status Use the System Status link on the main menu to view this screen. Figure 9-1: System Status Data – System Status Interface • Connection Status – Current status – either "Connected" or Information "Not connected". •...
  • Page 57 Address above. • Domain Name IP Address – The address of the current DNS (Domain Name Server. • MAC Address – The MAC (physical) address of the Router, as seen from the Internet. • IP Address – The LAN IP Address of the Router. Information •...

  • Page 58: Wan Status

    the following screen is displayed. Figure: Restore Factory Defaults If the "Restore Default Value" button on this screen is clicked: ALL of your settings will be erased. The default IP address, password and ALL other settings will be restored to the factory default values.
  • Page 59 Connected. • Default Loading Share - The default traffic loading between the WAN ports. • Current Loading Share – The current traffic loading between the WAN ports. • Current Loading – The number of sessions, Bytes and Packets currently being processed on each port. •...
  • Page 60 Figure: NAT Status Data – NAT Status Active • Interface – LAN and WAN interface of the Routerr. Interface IP • IP Address – The WAN (Internet) & LAN IP Address of Info the Router. • Subnet Mask – The Network Mask (Subnet Mask) for the IP Address above NAT Timeouts This displays the current timeout values for TCP and UDP...

  • Page 61: Specifications

    10. Specifications IEEE802.3, IEEE802.3u Standard 2 10/100M RJ-45 WAN ports Interface 4 10/100M RJ-45 LAN ports 10BASE-T: Category 3, 4, 5 UTP/STP Cable Connections 100BASE-TX: Category 5 UTP/STP Auto Uplink (Auto MDI / MDI-X) Uplink Security: NAT, UPAP, CHAP Network: TCP/IP, HTTP, DHCP, PPP, UPAP, PPPoE, Protocol Multi-session PPPoE, ICMP, APR proxy Routing: Static route for WAN &...

  • Page 62: Appendix C Troubleshooting

    Appendix C Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Router and some possible solutions to them. If you follow the suggested steps and the Router still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the Router to configure it.
  • Page 63 (DSL/Cable modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the Router. Solution 2: The Router processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly.

Table of Contents