Internet Access Features • Shared Internet Access. through the WBR-3407, using only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT (Network Address Translation). •...
DDNS, when used with the Virtual Servers feature, allows PCs with VPN (Virtual Private Networking) software The WBR-3407 complies with the IEEE802.11g (DSSS) All speeds up to the 802.11g maximum of 54Mbps are supported. Support for the WPA-PSK is included. This verison of WPA does Support for the WPA-PSK is included.
• DHCP Server Support. address to PCs and other devices upon request. The WBR-3407 can act as a DHCP Server for devices on your local LAN and WLAN. Configuration & Management • Easy Setup. Use your WEB browser from anywhere on the LAN or WLAN for configuration.
WBR-3407 User Guide Physical Details Front-mounted LEDs Power LED On - Power on. (Green) Off - No power. Status LED Off - Normal operation. (Yellow) Blinking - This LED blinks during start up, and during a Firmware Upgrade. For each port, there are 2 LEDs, to indicate the connection speed (10BaseT or 100BaseT) of each port.
Use standard LAN cables (RJ45 connectors) to connect your PCs to LAN connections these ports. Note: Any LAN port on the WBR-3407 will automatically function as an "Uplink" port when required. Just connect any port to a normal port on the other hub, using a standard LAN cable. Reset Button This button will reset the WBR-3407 to the factory default settings.
IEEE 802.11b specifications. Procedure 1. Choose an Installation Site Select a suitable place on the network to install the WBR-3407. For best Wireless reception and performance, the WBR-3407 should be positioned in a central location with minimum obstructions between the WBR-3407 and the PCs.
2. Connect LAN Cables Use standard LAN cables to connect PCs to the Switching Hub ports on the WBR-3407. Both 10BaseT and 100BaseT connections can be used simultaneously. If required, connect any port to a normal port on another Hub, using a standard LAN cable.
PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration. Other configuration may also be required, depending on which features and functions of the WBR-3407 you wish to use. Use the table below to locate detailed instructions for the required functions. To Do this: Configure PCs on your LAN.
Using your Web Browser To establish a connection from your PC to the WBR-3407: 1. After installing the WBR-3407 in your LAN, start your PC. If your PC is already running, restart it. 2. Start your WEB browser.
PC's wireless settings. WAN Setup Wizard The first time you connect to the WBR-3407, the WAN (Internet) Setup Wizard will run automatically. (The Setup Wizard will also run if the WBR-3407's default settings are restored.)
Common Connection Types Type Details Dynamic Your IP Address is allocated IP Address automatically, when you connect to you ISP. Static (Fixed) Your ISP allocates a permanent IP Address IP Address to you. Usually, the connection is "Always on". PPPoE, PPPoA You connect to the ISP only when required.
Log Out - When finished, you should click this button to logout. • Restart - Use this if you wish to restart the WBR-3407. Note that restarting the Router will break any existing connections to or through the Router. Navigation & Data Input •...
Mode Screen Use the Mode link on the main menu to reach the Mode screen. An example screen is shown below. Data - Mode Screen Device Mode Device Name This field displays the current name of this device. Device Mode Select the desired device mode for the router: •...
TCP/IP IP Address IP address for the WBR-3407, as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN.
Server, rather than the WBR-3407's, the following procedure is required. 1. Disable the DHCP Server feature in the WBR-3407. This setting is on the LAN screen. 2. Configure the DHCP Server to provide the WBR-3407's IP Address as the Default Gateway.
Note that the WBR-3407 will automatically accept both 802.11b and 802.11g connections, and no configuration is required for this feature. To change the WBR-3407's default settings for the WBR3407 feature, use the Wireless link on the main menu to reach the Wireless screen. An example screen is shown below.
Page 20
- Only 802.11g Wireless stations can use the WBR-3407. • b only - Only 802.11b connections are available. 802.11g Wireless Stations will only be able to use the WBR-3407 if they are fully backward-compatible with the 802.11b standard. •...
WBR-3407 User Guide Wireless Security The Wireless Security sub-screen is accessed by the "Configure" button on the Wireless screen. It provides 4 options for Wireless Security: • Disabled - No security is used. • WEP - Data is encrypted using the WEP standard.
Page 22
You must enter a Key Value for the Default Key. Key Value Enter the key value or values you wish to use. The Default Key is required, the other keys are optional. Other stations must have the same key. If desired, you can generate a key from a phrase, instead of entering Passphrase the key value directly.
Page 23
• You need a Radius Server. • The Radius Server must have "Client" login for the WBR-3407, using its IP address and the the "Shared Key" set on this screen. • Each client (user) must obtain a Certificate to authenticate against the Radius Server. See Chapter 4 - PC Configuration for details.
You will be prompted for the password when you connect, as shown below. • The "User Name" is always admin • Enter the password for the WBR-3407, as set on the Password screen above. Figure 12: Password Screen Figure 13: Password Dialog Setup...
3407. The first step is to check the PC's TCP/IP settings. The WBR-3407 uses the TCP/IP network protocol for all functions, so it is essential that the TCP/IP protocol be installed and configured on each PC. TCP/IP Settings - Overview If using the default WBR-3407 settings, and the default Windows TCP/IP settings, no changes need to be made.
Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the WBR-3407 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the WBR-3407.
Page 27
WBR-3407 User Guide • On the Gateway tab, enter the WBR-3407's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the WBR-3407. •...
PC Configuration Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure 18: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below.
Page 29
If your PC is already configured, check with your network administrator before making the following changes. 1. The Default Gateway must be set to the IP address of the WBR-3407. To set this: • Click the Advanced button on the screen above.
Page 30
Figure 20 - Windows NT4.0 - Add Gateway 2. The DNS should be set to the address provided by your ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add button (under DNS Service Search Order), and enter the DNS provided by your ISP.
Page 31
WBR-3407 User Guide Figure 21: Windows NT4.0 - DNS...
PC Configuration Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 22: Network Configuration (Win 2000) 3.
Page 33
Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the WBR-3407 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the WBR-3407.
PC Configuration Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 24: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your network card. 4.
Page 35
Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the WBR-3407 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the WBR-3407.
9. Click Finish to close the New Connection Wizard. Setup is now completed. Accessing AOL To access AOL (America On Line) through the WBR-3407, the AOL for Windows software must be configured to use TCP/IP network access, rather than a dial-up connection. The configuration process is as follows: •...
• Ensure your DNS settings are correct. Linux Clients To access the Internet via the WBR-3407, it is only necessary to set the WBR-3407 as the "Gateway". Ensure you are logged in as "root" before attempting any changes. Fixed IP Address By default, most Unix installations use a fixed IP Address.
Wireless Station Configuration This section applies to all Wireless stations wishing to use the WBR-3407's Access Point, regardless of the operating system which is used on the client. To use the WBR3407 in the WBR-3407, each Wireless Station must have compatible settings,...
WBR-3407 User Guide Using WPA-802.1x - Overview 802.1x mode provides greater security and centralized management, but it is more complex to configure. Wireless Station Configuration For each of the following items, each Wireless Station must have the same settings as the WBR3407.
802.1x Server Setup (Windows 2000 Server) This section describes using Microsoft Internet Authentication Server as the Radius Server, since it is the most common Radius Server available that supports the EAP-TLS authentication method. The following services on the Windows 2000 Domain Controller (PDC) are also required: •...
Page 41
WBR-3407 User Guide 4. Click Next. 5. Select the Enterprise root CA, and click Next. 6. Enter the information for the Certificate Authority, and click Next. Figure 26: Components Screen Figure 27: Certification Screen...
PC Configuration Figure 28: CA Screen 7. Click Next if you don't want to change the CA's configuration data. 8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click Ok, then Finish. DHCP server configuration 1.
Page 43
WBR-3407 User Guide 6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank. Click Next. 7. Change the Lease Duration time if preferred. Click Next. 8. Select Yes, I want to configure these options now, and click Next.
Page 44
PC Configuration Certificate Authority Setup 1. Select Start - Programs - Administrative Tools - Certification Authority. 2. Right-click Policy Settings, and select New - Certificate to Issue. Figure 32: Certificate Authority Screen 3. Select Authenticated Session and Smartcard Logon (select more than one by holding down the Ctrl key).
Page 45
WBR-3407 User Guide 6. Select the Group Policy tab, choose Default Domain Policy then click Edit. 7. Select Computer Configuration - Windows Settings - Security Settings - Public Key Policies, right-click Automatic Certificate Request Settings - New - Automatic Certificate Request.
Page 46
8. When the Certificate Request Wizard appears, click Next. 9. Select Computer, then click Next. 10. Ensure that your certificate authority is checked, then click Next. 11. Review the policy change information and click Finish. 12. Click Start - Run, type cmd and press enter. Enter secedit /refreshpolicy machine_policy This command may take a few minutes to take effect.
Page 47
WBR-3407 User Guide Internet Authentication Service (Radius) Setup 1. Select Start - Programs - Administrative Tools - Internet Authentication Service 2. Right-click on Clients, and select New Client. 3. Enter a name for the access point, click Next. 4. Enter the address of the WBR3407, and set the shared secret, as entered on the WBR3407.
Page 48
11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication Protocol, and select Smart Card or other Certificate. Deselect other authentication meth- ods listed. Click OK. 12. Select No if you don't want to view the help for EAP. Click Finish. Figure 40: Authentication Screen PC Configuration...
Page 49
WBR-3407 User Guide Remote Access Login for Users 1. Select Start - Programs - Administrative Tools- Active Directory Users and Computers. 2. Double click on the user who you want to enable. 3. Select the Dial-in tab, and enable Allow access. Click OK.
802.1x Client Setup on Windows XP Windows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality. If you don't have either of these systems, you must use the 802.1x client software provided with your wireless adapter.
Page 51
WBR-3407 User Guide Figure 43: Wireless CA Screen 5. Select User certificate request and select User Certificate, the click Next. Figure 44: Request Type Screen 6. Click Submit.
Page 52
PC Configuration Figure 45: Identifying Information Screen 7. A message will be displayed, then the certificate will be returned to you. Click Install this certificate. Figure 46:Certificate Issued Screen 8. . You will receive a confirmation message. Click Yes.
WBR-3407 User Guide 9. Certificate setup is now complete. 802.1x Authentication Setup 1. Open the properties for the wireless connection, by selecting Start - Control Panel - Network Connections. 2. Right Click on the Wireless Network Connection, and select Properties.
Page 54
• Your network administrator can advise you of the correct settings for each network. 802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no need to enter key values. Enabling Encryption To enable encryption for a wireless network, follow this procedure: 1.
Page 55
WBR-3407 User Guide Figure 50: Properties Screen Setup for Windows XP and 802.1x client is now complete.
Chapter 5 Operation and Status This Chapter details the operation of the WBR-3407 and the status screens. Operation Once both the WBR-3407 and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required.
Page 57
This shows the status of the DHCP Server function. The value will be "Enabled" or "Disabled". This shows the MAC Address for the WBR-3407, as seen on the LAN interface. If using an ESS (Extended Service Set, with multiple access points) this ID is called an ESSID (Extended Service Set Identifier).
Negotiation IP Address Network Mask The current name of the WBR-3407. This is also the "hostname" provided to ISPs who request this information. The version of the current firmware installed. Click this button to open a sub-window and view a detailed description of the current connection.
IP address allocation (the DCHP lease) expires. Lease Expires Buttons Release If an IP Address has been allocated to the WBR-3407 (by the ISP's DHCP Server, clicking the "Release" button will break the connection and release the IP Address. Renew If the ISP's DHCP Server has NOT allocated an IP Address for the WBR-3407, clicking the "Renew"...
Server. Close this window. Close Connection Details - Fixed IP Address If your access method is "Direct" (no login), with a fixed IP address, a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 54: Connection Details - Fixed/Dynamic IP Address Data - Fixed IP address Screen Internet...
Chapter 6 Advanced Features This Chapter explains when and how to use the WBR-3407's "Advanced" Features. Overview The following advanced features are provided: • Internet: • • URL filter • Dynamic DNS • Firewall Rules • Firewall Services • Schedule •...
URL Filter If you want to limit access to certain sites on the Internet, you can use this feature. The URL filter will check each Web site access. If the address, or part of the address, is included in the block site list, access will be denied.
Domain name. 3. Enter your data from www.dyndns.org in the WBR-3407's DDNS screen. 4. The WBR-3407 will then automatically ensure that your current IP Address is recorded at http://www.dyndns.org 5. From the Internet, users will be able to connect to your Virtual Servers (or DMZ PC)
Dynamic DNS Screen Select Advanced on the main menu, then Dynamic DNS, to see a screen like the following: Data - Dynamic DNS Screen DDNS Service Use this to enable or disable the DDNS feature as required. Use a Dynamic DNS Service DDNS Data Select the desired DDNS Service provider.
WBR-3407 User Guide Firewall Rules The Firewall Rules screen allows you to define "Firewall Rules" which can allow or prevent certain traffic. By default: • All Outgoing traffic is permitted. • All Incoming traffic is denied. "Traffic" means incoming connection attempts, not packets.
Page 66
The WAN IP address or addresses covered by this rule. WAN Users Indicates whether or not connections covered by this rule should be logged. Buttons Use the Add button to create a new rule. The other buttons - Edit, Move, or Delete - require that a rule be selected first.
Page 67
WBR-3407 User Guide Incoming Rules This screen is displayed when the "Add" or "Edit" button for Incoming Rules is clicked. Data – Incoming Rules Screen Inbound Services Select the desired Service. This determines which packets are covered by Service this rule. If necessary, you can define a new Service on the "Services"...
Page 68
This determines whether packets covered by this rule are logged. Select the desired action. • Always - always log traffic considered by this rule, whether it matches or not. (This is useful when debugging your rules.) • Never - never log traffic considered by this rule, whether it matches or not.
Page 69
WBR-3407 User Guide • To define the Schedule used in these selections, use the "Schedule" screen. Select the desired option to determine which PCs are covered by this LAN Users rule: • Any - All PCs are covered by this rule.
Firewall Services This screen is used to modify the list of Services which are available when creating Firewall Rules. Data – Add Services Services Services List This lists all defined Services. Use this to open a sub-screen where you can add a new service. To modify a service, select it, and then click this button.
Page 71
WBR-3407 User Guide Add/Edit Service This screen is displayed when the Add or Edit button on the Services screen is clicked. Data – Add/Edit Service Services Name If editing, this shows the current name of the Service. If adding a new service, this will be blank, and you should enter a suitable name.
Advertisement Time to Live Figure 63: Options Screen If checked, the WBR-3407 will repond to Ping (ICMP) packets received from the Internet. If not checked, Ping (ICMP) packets from the Internet will be ignored. Disabling this option provides a slight increase in security.
"Use this NTP Server" and enter the Server's IP address in the fields provided.. If this setting is not enabled, the default NTP Servers are used. Current Time This displays the current time on the WBR-3407. Figure 64: Schedule Screen...
Virtual Servers This feature, sometimes called Port Forwarding, allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address. •...
WBR-3407 User Guide Data - Virtual Servers Screen Servers This lists a number of common Server types. If the desired Server Servers type is not listed, you can create a Firewall Rule to achieve the same effect as the Virtual Server function.
"Virtual Server". This database is maintained automatically, but you can add and delete entries for PCs which use a Fixed (Static) IP Address. Backup or restore the configuration file for the WBR-3407. This file Config File contains all the configuration data.
By default, non-Server versions of Windows act as "DHCP Clients"; this setting is called "Obtain an IP Address automatically". • The WBR-3407 uses the "Hardware Address" to identify each PC, not the name or IP address. The "Hardware Address" can only change if you change the PC's network card or adapter.
Page 78
Data - PC Database Screen This lists all current entries. Data displayed is name (IP Address) type. Known PCs The "type" indicates whether the PC is connected to the LAN. If adding a new PC to the list, enter its name here. It is best if this Name matches the PC's "hostname".
Page 79
Figure 68: PC Database (Admin) Automatic - The PC is set to be a DHCP client (Windows: "Obtain an IP address automatically"). The WBR-3407 will allocate an IP address to this PC when requested to do so. The IP address could change, but normally won't.
Page 80
Select the appropriate option MAC Address • Automatic discovery - Select this to have the WBR-3407 contact the PC and find its MAC address. This is only possible if the PC is connected to the LAN and powered On. •...
You can restore a previously-downloaded configuration file to the WBR-3407, by uploading it to the WBR-3407. This screen also allows you to set the WBR-3407 back to its factory default configuration. Any existing settings will be deleted. An example Config File screen is shown below.
Since only a limited amount of log data can be stored in the WBR-3407, log data can also be E-mailed to your PC. Use the E-mail screen to configure this feature.
Page 83
WBR-3407 User Guide Logs Include (Checkboxes) Syslog Disable Broadcast on LAN Syslog Use these checkboxes to determine which events are included in the log. Checking all options will increase the size of the log, so it is good practice to disable any events which are not really required.
E-mail This screen allows you to E-mail Logs and Alerts. A sample screen is shown below. Data – E-mail Screen E-Mail Notification Turn E-mail Check this box to enable this feature. If enabled, the E-mail address information (below) must be provided. Notification on Enter the E-mail address the Log is to be sent to.
Page 85
WBR-3407 User Guide E-mail Alerts Send E-mail alerts You can choose to have alerts E-mailed to you, by checking the desired checkboxes. The WBR-3407 can send an immediate alert immediately when it detects a significant security incident such as •...
Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network problems. An example Network Diagnostics screen is shown below. Data - Network Diagnostics Screen Ping Ping this Enter the IP address you wish to ping. The IP address can be on your LAN, or on the Internet.
WBR-3407 User Guide Remote Admin If enabled, this feature allows you to manage the WBR-3407 via the Internet. Figure 73: Remote Administration Screen Data - Remote Administration Screen Remote Administration Check to allow administration/management via the Internet. (To Enable Remote connect, see below).
Page 88
To connect from a remote PC via the Internet 1. Ensure your Internet connection is established, and start your Web Browser. 2. In the "Address" bar, enter "HTTP://" followed by the Internet IP Address of the WBR- 3407. If the port number is not 80, the port number is also required. (After the IP Address, enter ":"...
"Routing" page even if your LAN has other Routers. • If your LAN has a standard Router (e.g. Cisco) on your LAN, and the WBR-3407 is to act as a Gateway for all LAN segments, enable RIP (Routing Information Protocol) and ignore the Static Routing table.
Configuring Other Routers on your LAN It is essential that all IP packets for devices not on the local LAN be passed to the WBR-3407, so that they can be forwarded to the external LAN, WAN, or Internet. To achieve this, the local LAN must be configured to use the WBR-3407 as the Default Route or Default Gateway.
Page 91
Metric Other Routers on the Local LAN Other routers on the local LAN must use the WBR-3407's Local Router as the Default Route. The entries will be the same as the WBR-3407's local router, with the exception of the Gateway IP Address.
Page 92
For Router A's Default Route Destination IP Address Network Mask Gateway IP Address For Router B's Default Route Destination IP Address Network Mask Gateway IP Address 192.168.0.100 0.0.0.0 0.0.0.0 192.168.0.1 (WBR-3407's IP Address) 0.0.0.0 0.0.0.0 192.168.1.80 (WBR-3407's local router) Advanced Administration...
WBR-3407 User Guide Upgrade Firmware The firmware (software) in the WBR-3407 can be upgraded using your Web Browser. You must first download the upgrade file, then select Upgrade Firmware on the Administration menu. You will see a screen like the following.
The WBR-3407 is properly installed, LAN connections are OK, and it is powered ON. • Ensure that your PC and the WBR-3407 are on the same network segment. (If you don't have a router, this must be the case.) •...
Remember that the SSID is case-sensitive. So, for example "Workgroup" does NOT match "workgroup". • Both your PC and the WBR-3407 must have the same setting for WEP. The default setting for the WBR-3407 is disabled, so your wireless station should also have WEP disabled.
Appendix B About Wireless LANs This Appendix provides some background information about using Wireless LANs (WLANs). Modes Wireless LANs can work in either of two (2) modes: • Ad-hoc • Infrastructure Ad-hoc Mode Ad-hoc mode does not require an Access Point or a wired (Ethernet) LAN. Wireless Stations (e.g.
WBR-3407 User Guide Channels The Wireless Channel sets the radio frequency used for communication. • Access Points use a fixed Channel. You can select the Channel used. This allows you to choose a Channel which provides the least interference and best performance. In the USA and Canada, 11 channel are available.
Appendix C Specifications Multi-Function WBR-3407 Model ADSL Interface Dimensions Operating Temperature Storage Temperature Network Protocol: Network Interface: LEDs Power Adapter Wireless Interface Standards IEEE802.11b, IEEE802.11g WLAN, Frequency 2.4 to 2.4835GHz (Industrial Scientific Medical Band ) Channels Maximum 14 Channels, depending on regulatory authorities...
WBR-3407 User Guide Regulatory Approvals FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.