Cisco RV180 Administration Manual Download Page 80 | Manualshive

Page: 80 / 187

background image

Configuring the Wireless Network (Cisco RV180W)

Configuring Rogue Access Point Detection

Cisco RV180/RV180W Administration Guide

71

3

STEP 8

The Short Retry Limit and Long Retry Limit fields determine the number of times
the Cisco RV180W will reattempt a frame transmission that fails. The limit applies
to both long and short frames of a size less than or equal to the RTS threshold.

STEP 9

Click Save.

Configuring Rogue Access Point Detection

You can configure the Cisco RV180W to detect rogue access points, or
unauthorized access points that have been connected to your network.

Enabling Rogue AP Detection

To configure rogue AP detection:

STEP 1

Choose Wireless > Rogue AP.

STEP 2

Under Rogue AP Detection, check Enable.

STEP 3

Click Save.

Authorizing a Rogue AP

If an AP has been marked as a rogue AP, and you want to authorize it to connect to
the network, you can authorize it from the Rogue AP Detected Table. To authorize
an endpoint:

STEP 1

Choose Wireless > Rogue AP.

STEP 2

In the Rogue AP Detected Table, check the box corresponding to the AP, then click
Authorize. Authorized APs are displayed in the Wireless > Rogue AP > Authorized
APs list.

To change the interval at which APs are displayed in the table, enter the seconds in
the Poll Interval field. You can click Start or Stop to stop the collection of data that
will be displayed in the table.

«
...
78
79
80
81
82
...
»

Summary of Contents for RV180

Page 1: ...Cisco Small Business RV180 VPN Router RV180W Wireless N Multifunction Router ADMINISTRATION GUIDE ...

Page 2: ...ems Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Page 3: ...on and Administration 3 Getting to Know the Cisco RV180 4 Front Panel 4 Back Panel 4 Getting to Know the Cisco RV180W 5 Front Panel 5 Back Panel 7 Mounting the Cisco RV180 RV180W 8 Placement Tips 8 Wall Mounting 8 Connecting the Equipment 11 Setting Up the Cisco RV180 RV180W Using the Setup Wizard 14 Choosing the Device Mode Cisco RV180W 15 Using the Getting Started Page 17 Navigating through the ...

Page 4: ...4 LAN Local Network Settings 32 Configuring Virtual LAN VLAN Membership 34 Configuring Multiple VLAN Subnets 36 Configuring Static DHCP 37 Configuring Advanced DHCP Settings 38 Viewing DHCP Leased Clients 39 Configuring RSTP Cisco RV180W 39 Configuring Jumbo Frames 41 Configuring Routing 41 Choosing the Routing Mode 41 Viewing the Routing Table 42 Configuring Static Routes 44 Configuring Dynamic R...

Page 5: ...guring Wi Fi Multimedia 68 Configuring Wireless Network SSID Scheduling 69 Configuring Advanced Wireless Settings 70 Configuring Rogue Access Point Detection 71 Adding and Editing Authorized APs 72 Configuring Wi Fi Protected Setup 72 Configuring a Wireless Distribution System WDS 73 Configuring Load Balancing 74 Chapter 4 Configuring the Firewall 77 Cisco RV180 RV180W Firewall Features 77 Configu...

Page 6: ...ing a Custom Service 95 Creating Schedules 96 Adding a Schedule 96 Configuring Session Settings 97 Configuring Internet Group Management Protocol IGMP 98 Adding Allowed Networks 98 Configuring LAN Local Network Groups 99 Adding a New LAN Group 99 Enabling Session Initiation Protocol Application Level Gateway SIP ALG 99 Firewall Configuration Examples 100 Chapter 5 Configuring VPN and Security 106 ...

Page 7: ...erver Configuration 128 Configuring Captive Portal 128 Configuring Captive Portal Settings 129 Configuring Captive Portal Users 129 Configuring 802 1x Port Based Authentication 129 Chapter 6 Configuring Quality of Service QoS 131 Configuring WAN QoS Profiles 131 Configuring Profile Binding 133 Adding a Profile Binding 133 Configuring CoS Settings 134 Mapping CoS Settings to DSCP Values 135 Chapter...

Page 8: ...iguring Firewall Logs 146 Configuring Remote Logging 147 Configuring the Discovery Settings 149 Configuring Bonjour 149 Configuring UPnP 150 Configuring Time Settings 151 Backing Up and Restoring the System 151 Importing CSV Files 153 Upgrading Firmware 156 Rebooting the Cisco RV180 RV180W 156 Restoring the Factory Defaults 156 Chapter 8 Viewing the Cisco RV180 RV180W Status 159 Viewing the Dashbo...

Page 9: ...wing Open Ports 172 Appendix A Using Cisco QuickVPN for Windows 7 2000 XP or Vista 174 Overview 174 Before You Begin 174 Installing the Cisco QuickVPN Software 175 Installing from the CD ROM 175 Downloading and Installing from the Internet 175 Using the Cisco QuickVPN Software 176 Appendix B Where to Go From Here 178 ...

Page 10: ...iew page 2 Getting to Know the Cisco RV180 page 4 Getting to Know the Cisco RV180W page 5 Mounting the Cisco RV180 RV180W page 8 Connecting the Equipment page11 Setting Up the Cisco RV180 RV180W Using the Setup Wizard page14 Choosing the Device Mode Cisco RV180W page 15 Using the Getting Started Page page17 Navigating through the Pages page18 Saving Your Changes page19 Viewing the Help Files page ...

Page 11: ...t Cisco RV180W The Cisco RV180W model provides a wireless access point that supports the 802 11n standard with MIMO technology which multiplies the effective data rate This technology provides better throughput and coverage than 802 11g networks Router and VPN Client Access The Cisco RV180 RV180W incorporates a Stateful Packet Inspection SPI based router with Denial of Service DoS prevention and a...

Page 12: ...tering and allowing or denying time of day access per SSID Quality of Service Cisco RV180W The Cisco RV180W supports Wi Fi Multimedia WMM and Wi Fi Multimedia Power Save WMM PS for wireless Quality of Service QoS It supports 802 1p Differentiated Services Code Point DSCP and Type of Service ToS for wired QoS which can improve the quality of your network when using delay sensitive Voice over IP VoI...

Page 13: ...nd to the four LAN Ethernet ports of the Cisco RV180 If the LED is continuously lit green the Cisco RV180 is connected to a device through the corresponding port 1 2 3 or 4 The LED for a port flashes green when the Cisco RV180 is actively sending or receiving data over that port Back Panel RESET Button The Reset button has two functions If the Cisco RV180 is having problems connecting to the Inter...

Page 14: ... Ports 1 4 These ports provide a LAN connection to network devices such as PCs print servers or additional switches WAN Port The WAN port is connected to your Internet device such as a cable or DSL modem ON OFF Power Switch Press this button to turn the Cisco RV180 on and off When the button is pushed in power is on Power Port The power port is where you connect the AC power cable Getting to Know ...

Page 15: ...hen the device is transmitting or receiving data on the wireless module AP The AP LED lights up solid green when the Cisco RV180W is in access point mode See Choosing the Device Mode Cisco RV180W page15 BRIDGE The BRIDGE LED lights up solid green when the Cisco RV180W is in bridge mode See Choosing the Device Mode Cisco RV180W page15 LAN These four LEDs correspond to the four LAN Ethernet ports of...

Page 16: ... problems with the Cisco RV180W and have tried all other troubleshooting measures press and hold in the RESET button for 10 seconds This will restore the factory defaults and clear all of the Cisco RV180W settings LAN Ports 1 4 These ports provide a LAN connection to network devices such as PCs print servers or additional switches WAN Port The WAN port is connected to your Internet device such as ...

Page 17: ...e to avoid any hazardous conditions For desktop placement place the Cisco RV180 RV180W device horizontally on a flat surface so that it sits on its four rubber feet Wall Mounting The Cisco RV180 RV180W can be wall mounted You will need two mounting screws not supplied and drywall anchors not supplied if you are installing the screws into wallboard The dimensions for the screws are as follows WARNI...

Page 18: ...nt to mount the firewall Verify that the surface is smooth flat dry and sturdy STEP 2 Drill two pilot holes into the surface 2 7 16 inches 61 mm apart and with a minimum of 5 12 inches 130 mm of clearance STEP 3 Insert a screw into each hole leaving a gap between the surface and the base of the screw head of at least 0 1 inches 3 mm 284157 2 7 16 61 mm ...

Page 19: ...ing the Cisco RV180 RV180W Cisco RV180 RV180W Administration Guide 10 1 STEP 4 Place the firewall wall mount slots over the screws and slide the firewall down until the screws fit snugly into the wall mount slots 284158 ...

Page 20: ...ater Mozilla Firefox 3 0 and later Apple Safari 3 0 and later Google Chrome 1 0 and later Ethernet cable provided to connect the router to a PC for configuration Optional Uninterruptible Power Supply UPS to provide backup power to essential devices strongly recommended Ethernet cables for LAN interfaces if you want to connect additional devices to the router s LAN ports To connect your router to t...

Page 21: ...co RV180 180W box connect one end of the cable to one of the LAN ports of the router In this example the LAN 1 port is used Connect the other end of the cable to an Ethernet port on the PC that will be used to connect to the Cisco RV180 180W Device Manager STEP 4 Power on the cable or DSL modem and wait until the connection is active ...

Page 22: ... is supplied with the device Using a different power adapter could damage the device STEP 6 Plug the other end of the adapter into an electrical outlet You may need to use a specific plug supplied for your country STEP 7 On the Cisco RV180 RV180W push in the ON OFF power button The power light on the front panel lights up green when the power adapter is connected properly and the unit is turned on...

Page 23: ... the web site The router s default IP address is 192 168 1 1 If there is another device connected to the network that is acting as a DHCP server that device may assign a different address to the RV180 RV180W If so use that IP address to connect to the RV180 RV180W STEP 4 When the login page appears enter the user name and password The default user name is cisco The default password is cisco Passwo...

Page 24: ...h The RV180W has the default IP address of 192 168 1 245 If you are connecting the RV180W to a network that uses 802 1x for authentication you must enable 802 1x on the RV180W See Configuring 802 1x Port Based Authentication page129 WDS Bridge The Cisco RV180W acts as a wireless bridge to another wireless network To set up the RV180W as a WDS bridge perform the following tasks STEP 1 Connect the P...

Page 25: ... supports WDS To view the available RV180W access points and their MAC addresses go to Status System Summary and look at the Available Access Point Table STEP 7 Disconnect the Ethernet connection between Router A and the RV180W After the WDS connection is established you should be able to ping the RV180W from the PC that is connected to Router A The following situations may apply depending on the ...

Page 26: ... launch the Setup Wizard Configure WAN Internet Settings Click this link to open the Internet Setup page See Configuring the IPv4 WAN Internet page 24 Configure LAN Local Network Settings Click this link to open the LAN Configuration page See Configuring IPv4 LAN Local Network Settings page 32 Configure Wireless Settings RV180W only Click this link to open the Basic Settings page See Configuring B...

Page 27: ...o open the Web Access page See Configuring Web Access page138 Dashboard Click this link to open the Dashboard page See Viewing the Dashboard page 159 System Summary Click this link to open the System Summary page See Viewing the System Summary page162 Wireless Status RV180W only Click this link to open the Wireless Statistics page See Viewing the Wireless Statistics Cisco RV180W page166 VPN Status...

Page 28: ...Bridge or WDS Repeater that you have configured for the RV180W For example the RV180W in WDS Bridge mode displays fewer choices under the Security menu than the RV180W in router mode On the RV180W the upper right of the screen numbered 3 in Figure1 shows in which device mode the RV180W is running Figure1 RV180W Device Manager Saving Your Changes When you finish making changes on a configuration pa...

Page 29: ...ecurity key Configuration Next Steps Although the Setup Wizard automatically configures the RV180 RV180W we recommend that you change some default settings to provide better security and performance In addition you may need to manually configure some settings A suggested outline of steps follows Change the administrator name and password See Configuring User Accounts on page 139 Change the idle ti...

Page 30: ... network especially wireless security See Chapter 3 Configuring the Wireless Network Cisco RV180W Configure your Virtual Private Network VPN using QuickVPN The QuickVPN software is found on the documentation and software CD that shipped with your router See Appendix A Using Cisco QuickVPN for Windows 7 2000 XP or Vista ...

Page 31: ...Introduction Configuration Next Steps Cisco RV180 RV180W Administration Guide 22 1 ...

Page 32: ...Introduction Configuration Next Steps Cisco RV180 RV180W Administration Guide 23 1 ...

Page 33: ...g Dynamic DNS DDNS page 47 Configuring IPv6 page 49 NOTE Cisco recommends you use the Setup Wizard to configure basic networking on the Cisco RV180 RV180W You can then make changes and provision advanced features using the Device Manager Configuring the WAN Internet Settings If you have an IPv4 network use these sections to configure your network If you have an IPv6 network see Configuring IPv6 pa...

Page 34: ...er MAC Address information See Configuring the MAC Address page 29 STEP 5 Click Save Configuring Static IP If your ISP assigned you a permanent IP address perform the following steps to configure your WAN settings STEP 1 Choose Networking WAN Internet IPv4 WAN Internet STEP 2 From the Internet Connection Type drop down menu choose Static IP STEP 3 Enter this information IP Address Enter the IP add...

Page 35: ...PPoE profile If no profile is listed click Configure Profile to create a new profile To see the details of available profiles choose Networking WAN Internet PPPoE Profiles See Configuring PPPoE Profiles page 29 for more information STEP 4 Enter MTU information See Configuring MTU Settings page 28 STEP 5 Enter MAC Address information See Configuring the MAC Address page 29 STEP 6 Click Save Configu...

Page 36: ... to enable MPPE encryption Connection Type Choose the connection type Keep connected The Internet connection is always on Idle Time The Internet connection is on only when traffic is present If the connection is idle that is no traffic is occurring within the specified time frame the connection is closed You might want to choose this option if your ISP charges based on connection time Idle Time If...

Page 37: ...required by your ISP we recommend that you choose Default in the MTU Type field The default MTU size is 1500 bytes Secret Optional Enter your secret phrase This phrase is known to you and your ISP for use in authenticating your logon Connection Type Choose the connection type Keep connected The Internet connection is always on Idle Time The Internet connection is on only when traffic is present If...

Page 38: ... this option to use the default MAC address However if another MAC address has previously been registered with your ISP choose either Use This Computer s Address or Use This MAC Use This Computer s Address Choose this option to assign the MAC address of your computer that you are using to connect to the Device Manager Use This MAC Choose this option if you want to enter a different MAC address Ent...

Page 39: ...signed to you by the ISP Password Enter your password assigned to you by the ISP Authentication Type Choose the authentication type from the drop down menu Auto negotiate The server sends a configuration request specifying the security algorithm set on it Then the Cisco RV180 RV180W sends back authentication credentials with the security type sent earlier by the server PAP The Cisco RV180 RV180W u...

Page 40: ...IPv6 LAN Properties page 50 Connection Type Choose the connection type Keep connected The Internet connection is always on Idle Time The Internet connection is on only when traffic is present If the connection is idle that is no traffic is occurring during the specified time period the connection is closed You might want to choose this option if your ISP charges based on connection time Idle Time ...

Page 41: ...s format allows the FindIT application to use Bonjour to identify Cisco Small Business devices on the LAN NOTE Changing the router name causes the router to reboot STEP 3 Click Save Configuring the IP Address You might want to change the default IP address for example if the default address is already assigned to another piece of equipment in your network To configure the IP address of the Cisco R...

Page 42: ...180W functions as a DHCP server to the hosts on the Wireless LAN WLAN or LAN network and assigns IP and DNS server addresses With DHCP enabled the router s IP address serves as the gateway address to your LAN The PCs in the LAN are assigned IP addresses from a pool of addresses Each address is tested before it is assigned to avoid duplicate addresses on the LAN For most applications the default DH...

Page 43: ...180W to be a DHCP relay agent and enter the address of the remote DHCP server in the Remote DHCP Server field The relay agent transmits DHCP messages between multiple subnets STEP 3 Click Save Configuring the DNS Proxy You can also enable a DNS proxy When enabled the router then acts as a proxy for all DNS requests and communicates with the ISP s DNS servers When disabled all DHCP clients receive ...

Page 44: ...LAN membership The VLAN ID can range from 2 to 4093 VLAN ID 1 is reserved for the default VLAN which is used for untagged frames received on the interface and VLAN ID 4094 is reserved and cannot be used STEP 4 Enter a description for the VLAN STEP 5 To enable routing between this and other VLANS under Inter VLAN Routing check the Enable box STEP 6 To enable device management check the Device Manag...

Page 45: ...connected to the LAN port or manually assign an IP address to your PC that is in the same subnet as the VLAN Open a new browser window and re connect to the Cisco RV180 RV180W STEP 4 If you want to edit the DHCP behavior of this VLAN In the DHCP Section in the DHCP Mode field choose one of the following DHCP Server Choose this to allow the VLAN to act as the DHCP server in the network Enter the fo...

Page 46: ...the DHCP server identifies any endpoints that have been configured If an endpoint has been configured in the server the server assigns it the customized IP address If the endpoint is not configured in the server it is assigned an IP address from the generic DHCP pool STEP 1 Choose Networking LAN Local Network Static DHCP STEP 2 Click Add STEP 3 Enter the IP address of the device STEP 4 Enter the M...

Page 47: ...automatically download the configuration file specified in the table and reboot To configure automatic configuration download STEP 1 Choose Networking LAN Local Network Advanced DHCP Configuration STEP 2 Check Enable to enable downloading of configuration files STEP 3 Choose the TFTP server type Host Name Enter the host name of the TFTP server in the TFTP Server Host Name field Address Enter the I...

Page 48: ... STEP 1 Choose Networking LAN DHCP Leased Clients LAN STEP 2 The list of endpoints is displayed you cannot edit this list Configuring RSTP Cisco RV180W Rapid Spanning Tree Protocol RSTP is a network protocol that prevents loops in the network and dynamically reconfigures which physical links should forward frames When RTSP is configured multiple paths to the root networking node are created Backup...

Page 49: ...llo messages Enter a number from 1 to 10 seconds The default is 2 Max Age The max age is the time period that the router waits to receive a hello message If the max age is reached the router tries to change the spanning tree to use another path to the root node Enter a number from 6 to 40 seconds The default is 20 Forward Delay The forward delay is the interval spent by a port in learning state be...

Page 50: ...Click Save Configuring Routing Choosing the Routing Mode The Cisco RV180 RV180W provides two different routing modes Network Address Translation NAT or gateway routing is a technique that allows several endpoints on a LAN to share an Internet connection The computers on the LAN use a private IP address range while the WAN port on the router is configured with a single public IP address The Cisco R...

Page 51: ...ettings on your router in gateway NAT mode selecting router changes those settings back to the default Viewing the Routing Table To view routing information your network STEP 1 Choose Networking Routing Routing Table STEP 2 Next to the type of network you have click Display Information about your network routing is displayed including the following IPv4 Routing Table Destination Destination host n...

Page 52: ...ntry Reject route IPv6 Routing Table Destination Destination host network IP address for which this route is added Next Hop IP address of an adjacent or intermediate host or router through which traffic must flow before reaching its ultimate destination Flags For debugging purpose only possible flags include UP Route is up Host Target is a host Gateway Use gateway R Reinstate route for dynamic rou...

Page 53: ...roduce routing loops in your network Adding a Static Route To create a static route STEP 1 Select Networking Routing Static Routes STEP 2 In the Static Route Table click Add STEP 3 In the Route Name field enter the name of the route STEP 4 If a route is to be immediately active check the Active check box When a route is added in an inactive state it will be listed in the routing table but will not...

Page 54: ...te with the lowest metric is chosen STEP 11 Click Save Configuring Dynamic Routing RIP Routing Information Protocol RFC 2453 is an Interior Gateway Protocol IGP that is commonly used in internal networks It allows the Cisco RV180 RV180W to exchange its routing information automatically with other routers and allows it to dynamically adjust its routing tables and adapt to changes in the network NOT...

Page 55: ...rs present in the network The second key also acts as a failsafe when authorization with first key fails To enable authentication for RIP 2B or RIP 2M check the Enable box You must also choose the direction as explained in Step 2 STEP 5 If you enabled RIP v2 authentication enter the following first and second key parameters MD5 Key ID Input the unique MD 5 key ID used to create the Authentication ...

Page 56: ...onal Select one of the following port speeds 10 Mbps 100 Mbps or 1000 Mbps The default setting is 100 Mbps for all ports This setting is available only when the Auto Negotiation check box is unchecked You can change the port speed if a network is designed to run at a particular speed such as 10 Mbps mode In this case the endpoint also uses 10 Mbps mode either by auto negotiation or manual setting ...

Page 57: ...u selected TZO com a Specify the complete Host Name and Domain Name for the DDNS service b Enter the user e mail address for the TZO account c Enter the user key for the TZO account d In the Update Period field enter the number of hours before the Cisco RV180 RV180W updates the host information on TZO com STEP 5 If you selected 3322 org a Specify the complete Host Name and Domain Name for the DDNS...

Page 58: ...180 RV180W can be configured to be a DHCPv6 client of the ISP for this WAN or a static IPv6 address provided by the ISP can be assigned Configuring DHCPv6 When the ISP allows you to obtain the WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration STEP 1 Choose IPv6 IPv6 WAN Internet STEP 2 In the WAN Internet Address IPv6 field choose DHCPv6 STEP 3 Choose if the ...

Page 59: ...the default IPv6 gateway address or the IP address of the server at the ISP that this router will connect to for accessing the internet STEP 6 Enter the primary and secondary DNS server IP addresses on the ISP s IPv6 network DNS servers map Internet domain names for example www cisco com to IP addresses STEP 7 Click Save Configuring IPv6 LAN Properties In IPv6 mode the LAN DHCP server is enabled b...

Page 60: ...ost will rely on an external DHCPv6 server to provide required configuration settings STEP 6 Optional Enter the domain name of the DHCPv6 server STEP 7 Enter the server preference This field is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default i...

Page 61: ...ute is a pre determined pathway that a packet must travel to reach a specific host or network Some ISPs require static routes to build your routing table instead of using dynamic routing protocols Static routes do not require CPU resources to exchange routing information with a peer router You can also use static routes to reach peer routers that do not support dynamic routing protocols Static rou...

Page 62: ...ver an IPv4 network LAN Local Network The route goes through the LAN interface STEP 8 Enter the IP Address of the gateway through which the destination host or network can be reached STEP 9 In the metric field specify the priority of the route by choosing a value between 2 and 15 If multiple routes to the same destination exist the route with the lowest metric is used STEP 10 Click Save Configurin...

Page 63: ...s over an IPv4 network The Cisco RV180 RV180W is one endpoint a node for the tunnel You must also set a local endpoint as well as the ISATAP Subnet Prefix that defines the logical ISATAP subnet to configure a tunnel Adding an ISATAP Tunnel To add an ISATAP tunnel STEP 1 Choose Networking IPv6 Tunneling STEP 2 In the ISATAP Tunnel Table click Add STEP 3 Enter the tunnel name STEP 4 Choose the local...

Page 64: ...figuration and the Cisco RV180 RV180W distributes IPv6 prefixes to all nodes on the network To configure the RADVD STEP 1 Choose Networking IPv6 Router Advertisement STEP 2 Under Router Advertisement Status choose Enable STEP 3 Under Advertise Mode choose one of the following Unsolicited Multicast Select this option to send router advertisements RAs to all interfaces belonging to the multicast gro...

Page 65: ...se the same MTU value when the LAN MTU is not well known The default is 1500 bytes STEP 8 Enter the router lifetime value or the time in seconds that the advertisement messages will exist on the route The default is 3600 seconds STEP 9 Click Save Configuring Router Advertisement Prefixes To configure the RADVD available prefixes STEP 1 Choose Networking IPv6 Advertisement Prefixes STEP 2 Click Add...

Page 66: ...de 57 2 decimal value that indicates the number of contiguous higher order bits of the address that make up the network portion of the address STEP 6 Enter the prefix lifetime or the length of time during which the requesting router is allowed to use the prefix STEP 7 Click Save ...

Page 67: ...Configuring Networking Configuring IPv6 Cisco RV180 RV180W Administration Guide 58 2 ...

Page 68: ...Configuring Networking Configuring IPv6 Cisco RV180 RV180W Administration Guide 59 2 ...

Page 69: ... Distribution System WDS page 73 Configuring Load Balancing page 74 NOTE This chapter only applies to the Cisco RV180W model A Note About Wireless Security Wireless networks are convenient and easy to install so small businesses with high speed Internet access are adopting them at a rapid pace Because wireless networking operates by sending information over radio waves it can be more vulnerable to...

Page 70: ...ked for a password when you want to change their settings These devices have a default password set by the factory The default password is often admin Hackers know these defaults and may try to use them to access your wireless device and change your network settings To thwart any unauthorized changes customize the device s password so it will be hard to guess Enable MAC address filtering Cisco rou...

Page 71: ...om exterior walls and windows Turn wireless routers access points or gateways off when they are not being used at night during vacations Use strong passphrases that are at least eight characters in length Combine letters and numbers to avoid using standard words that can be found in the dictionary General Network Security Guidelines Wireless network security is useless if the underlying network is...

Page 72: ...sic Settings STEP 2 In the Radio field choose Enable to enable wireless functionality for the Cisco RV180W Choosing Disable turns off wireless functionality for the router STEP 3 In the Wireless Network Mode field choose the type of wireless network based on the devices you have that will connect to the network B G Mixed Select this mode if you have devices in the network that support 802 11b and ...

Page 73: ...tings for each wireless network To configure wireless settings STEP 1 Choose Wireless Basic Settings STEP 2 In the Wireless Basic Settings Table check the box on the left of the wireless network you want to configure STEP 3 Click Edit to configure these network properties a Enter the SSID name or the unique name for this wireless network Include up to 32 characters using any of the characters on t...

Page 74: ...ecurity STEP 1 Choose Wireless Basic Settings STEP 2 In the Wireless Basic Settings Table check the box on the left of the wireless network you want to configure STEP 3 Click Edit Security Mode to configure security STEP 4 Select the SSID to configure STEP 5 Click Enable under Wireless Isolation within SSID to separate all wireless clients within the SSID STEP 6 In the Security field select the ty...

Page 75: ... WPA2 Enterprise Mixed TKIP AES WPA2 Personal WPA2 Enterprise AES STEP 8 If you chose WEP a In the Authentication field choose Open System or Shared Key If you choose Open System a wireless client doesn t need to provide a shared key in order to access the wireless network Any client can associate to the router If you choose Shared Key a wireless client must provide the correct shared key password...

Page 76: ...0 If you chose WPA Enterprise or WPA2 Enterprise Mixed no further configuration is required STEP 11 If you chose WPA2 Enterprise you can check the Pre Authentication box optional Pre authentication allows wireless clients to quickly switch between connected wireless networks sharing the same security configuration When a wireless client disconnects from a wireless network a notification is sent to...

Page 77: ...fferent types of traffic You can configure QoS settings to provide different priority to different applications users or data flows or to guarantee a certain level of performance to a data flow To configure WMM STEP 1 Choose Wireless Basic Settings STEP 2 In the Wireless Basic Settings Table check the box on the left of the wireless network you want to configure STEP 3 Click Edit WMM STEP 4 In the...

Page 78: ... example If you want to change the output queue for packets marked with a particular DSCP select the new output queue from the drop down list STEP 7 Click Save Configuring Wireless Network SSID Scheduling You can configure each of the four available wireless networks on the Cisco RV180W to be active during certain times of the day To configure the schedule for a wireless network STEP 1 Choose Wire...

Page 79: ...throughput of the network packets The default value is 2346 which effectively disables RTS STEP 5 The Fragmentation Threshold is the maximum length of the frame in bytes beyond which packets must be fragmented into two or more frames Collisions occur more often for long frames because while sending them they occupy the channel for a longer time The default value is 2346 which effectively disables ...

Page 80: ...ur network Enabling Rogue AP Detection To configure rogue AP detection STEP 1 Choose Wireless Rogue AP STEP 2 Under Rogue AP Detection check Enable STEP 3 Click Save Authorizing a Rogue AP If an AP has been marked as a rogue AP and you want to authorize it to connect to the network you can authorize it from the Rogue AP Detected Table To authorize an endpoint STEP 1 Choose Wireless Rogue AP STEP 2...

Page 81: ...ddress The MAC or hardware address of the AP SSID The broadcast name of the SSID Security The type of security the AP uses Encryption The type of encryption the AP uses Authentication The type of authentication the AP uses Network Mode The type of network on the AP Channel The wireless channel of the AP STEP 4 Click Save Configuring Wi Fi Protected Setup You can configure Wi Fi Protected Setup WPS...

Page 82: ...nnect to the network You must log in to that device to obtain its WPS PIN Then click Configure via PIN After clicking this button on the Cisco RV180W on the WPS enabled device select the necessary option to begin WPS The device should begin communication with the Cisco RV180W Setup Using a WPS Button If the device you want to connect has a WPS button push the button on the device Then on the Cisco...

Page 83: ... STEP 1 In the WDS Peer Table click Add STEP 2 Enter the MAC hardware address of the WDS peer and click Save Configuring Load Balancing You can configure load balancing on the Cisco RV180W to balance traffic between the four available wireless networks to get optimal resource utilization throughput or response time To configure load balancing STEP 1 Choose Wireless Load Balancing STEP 2 Check Enab...

Page 84: ...Configuring the Wireless Network Cisco RV180W Configuring Load Balancing Cisco RV180 RV180W Administration Guide 75 3 ...

Page 85: ...Configuring the Wireless Network Cisco RV180W Configuring Load Balancing Cisco RV180 RV180W Administration Guide 76 3 ...

Page 86: ...8 Configuring a DMZ Host page 92 Configuring Advanced Firewall Settings page 92 Firewall Configuration Examples page100 Cisco RV180 RV180W Firewall Features You can secure your network by creating and applying access rules that the Cisco RV180 RV180W uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to what devices the rules apply You can configure ...

Page 87: ...ide is blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create a firewall rule for each service If you want to allow incoming traffic you must make the router s WAN port IP address known to the public This is called exposing your host How you make your address known depends on how the WAN...

Page 88: ...hoose allow as the default outbound policy To configure the default outbound policy STEP 1 Choose Firewall Access Rules STEP 2 Under Default Outbound Policy choose Allow or Block Allow permits traffic from your LAN to the Internet Block does not permit traffic from your LAN to the Internet STEP 3 Click Save Using the Access Rules Table In the Access Rules table you can add edit enable disable and ...

Page 89: ...ype of traffic Block by schedule otherwise allow Blocks the selected type of traffic according to a schedule Choose the schedule from the drop down list See Creating Schedules page 96 Allow by schedule otherwise block Allows the selected type of traffic according to a schedule Choose the schedule from the drop down list See Creating Schedules page 96 STEP 5 Choose the service to allow or block for...

Page 90: ...Protocol PING POP3 Post Office Protocol PPTP Point to Point Tunneling Protocol RCMD command REAL AUDIO REXEC Remote execution command RLOGIN Remote login RTELNET Remote telnet RTSP Real Time Streaming Protocol TCP or UDP SFTP Secure Shell File Transfer Protocol SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol TCP or UDP SNMP TRAPS TCP or UDP SQL NET Structured Query Langu...

Page 91: ...he Finish field STEP 7 If you are configuring an inbound firewall access rule a Destination Network Address Translation DNAT maps a public IP address your dedicated WAN address to an IP address on your private network In the Send to Local Server DNAT IP field specify an IP address of a machine on the Local Network which is hosting the server b The router supports multi NAT so your Internet Destina...

Page 92: ...ivate network Under Use This SNAT IP Address check Enable and enter the SNAT IP Address c Under Rule Status choose Enabled or Disabled You may want to configure a rule and choose Disabled if you want to enable it at a later time Configuring Attack Prevention Attacks are malicious security breaches or unintentional network issues that render the Cisco RV180 RV180W unusable Attack prevention allows ...

Page 93: ...efault LAN Local Network Security Checks Block UDP Flood If this option is enabled the router will not accept more than 500 simultaneous active UDP connections from a single computer on the LAN Enabled by default ICSA International Computer Security Association Settings Block Anonymous ICMP Messages ICSA requires the firewall to silently block without sending an ICMP notification to the sender Som...

Page 94: ...r computers through the proxy thus circumventing certain firewall rules For example if connections to a specific IP address are blocked by a firewall rule the requests can be routed through a proxy that is not blocked by the rule rendering the restriction ineffective Enabling this feature blocks proxy servers Block Java Blocks java applets from being downloaded from pages that contain them Java ap...

Page 95: ...ywords list and www yahoo com is added to the trusted domain list then www yahoo com will be allowed but mail yahoo com will not be allowed NOTE Before adding trusted domains you must enable content filtering See Enabling Content Filtering page 85 To add trusted domains STEP 1 Choose Firewall Content Filtering The Trusted Domain Table displays a list of currently configured trusted domains STEP 2 ...

Page 96: ...fic on a defined outgoing port Port triggering is more flexible than static port forwarding available when configuring firewall rules because a rule does not have to reference a specific LAN IP or IP range Ports are also not left open when not in use thereby providing a level of security that port forwarding does not offer NOTE Port triggering is not appropriate for servers on the LAN since there ...

Page 97: ...on specify the port number or range of port numbers used by the remote system to respond to the request it receives If the incoming connection uses only one port then specify the same port number in the Start Port and End Port fields STEP 8 Click Save Configuring Port Forwarding Port forwarding is used to redirect traffic from the Internet from one port on the WAN to another port on the LAN The po...

Page 98: ...iguration To configure port forwarding STEP 1 Choose Firewall Port Forwarding STEP 2 Click Add STEP 3 Choose the action Always Block Always block the selected type of traffic Always Allow Never block the selected type of traffic Block by Schedule Blocks the selected type of traffic according to a schedule Choose the schedule from the drop down list See Creating Schedules page 96 Allow by Schedule ...

Page 99: ...l 2 or 3 IRC Internet Relay Chat NEWS NFS Network File System NNTP Network News Transfer Protocol PING POP3 Post Office Protocol PPTP Point to Point Tunneling Protocol RCMD command REAL AUDIO REXEC Remote execution command RLOGIN Remote login RTELNET Remote telnet RTSP Real Time Streaming Protocol TCP or UDP SFTP Secure Shell File Transfer Protocol SMTP Simple Mail Transfer Protocol SNMP Simple Ne...

Page 100: ... Requires the IP address of the host to which this rule would be applied Address Range This is used to apply this rule to a group of computers devices within an IP address range Requires a from IP address and to IP address STEP 6 If you chose Single Address in Step 5 enter the IP address in the Start field STEP 7 If you chose Address Range in Step 5 enter the starting IP address of the range in th...

Page 101: ...ust configure a fixed static IP address for the endpoint that will be designated as the DMZ host The DMZ host should be given an IP address in the same subnet as the router s LAN IP address but it cannot be identical to the IP address given to the LAN interface of this gateway STEP 1 Choose Firewall DMZ Host STEP 2 Check the Enable box to enable DMZ on the network STEP 3 Enter the IP address for t...

Page 102: ...ervices for one to one NAT allow you to configure the service to be accepted by the private IP LAN address when traffic is sent to the corresponding public IP address Configured services on private IP addresses in the range are accepted when traffic is available on the corresponding public IP address Adding a One to One NAT Rule To add a one to one NAT rule STEP 1 Choose Firewall Advanced Settings...

Page 103: ...d MAC addresses and to allow traffic from all other addresses Allow and Block the Rest Choose this option to allow the traffic from the specified MAC addresses and to block traffic from all other machines on the LAN side of the router For example two computers are on the LAN with MAC addresses of 00 01 02 03 04 05 host1 and 00 01 02 03 04 11 host2 If the host1 MAC address is added to the MAC filte...

Page 104: ...add a new rule STEP 3 In the name field enter the name for this rule STEP 4 In the MAC Addresses field enter the MAC Addresses the physical address of the piece of hardware for this rule STEP 5 In the IP Addresses field enter the IP Addresses to assign to the piece of hardware STEP 6 Click Save Creating Custom Services When you create a firewall rule you can specify a service that is controlled by...

Page 105: ... 27 in the protocol number field STEP 7 Click Save Creating Schedules You can create firewall schedules to apply firewall or port forwarding rules on specific days or at specific times of the day Adding a Schedule To create a schedule STEP 1 Choose Firewall Advanced Settings Schedules STEP 2 Click Add STEP 3 Enter a unique name to identify the schedule This name is then available when you create a...

Page 106: ...alf open state for 10 seconds The maximum value ranges from 0 through 3 000 The default is 128 sessions STEP 4 In the TCP Session Timeout Duration field enter the time in seconds after which inactive TCP sessions are removed from the session table Most TCP sessions terminate normally when the RST or FIN flags are detected This value ranges from 0 through 4 294 967 seconds The default is 1 800 seco...

Page 107: ... any time The Allowed Networks table lists all the allowed networks configured for the device and allows several operations on the allowed networks Network Address The network address from which the multicast packets originate Mask Length Mask Length for the network address In this table you can perform the following actions Check Box Select all the allowed networks in the table Delete Deletes the...

Page 108: ... page 86 Adding a New LAN Group To create a LAN Group STEP 1 Choose Firewall Advanced Settings LAN Local Network Groups STEP 2 Click Add STEP 3 Enter the group name spaces and quotes are not supported Click Save STEP 4 If the group consists of a single IP address choose Single Address and enter the address in the Start IP Address field If the group consists of a range of IP addresses choose Addres...

Page 109: ...e Cisco RV180 RV180W STEP 3 Click Save Firewall Configuration Examples Example 1 Allow inbound HTTP traffic to the DMZ In this example you host a public web server on your local DMZ network You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day Create an inbound rule as follows Parameter Value Connection Type Inbound Action Alway...

Page 110: ...e that configures the firewall to host an additional public IP address Associate this address with a web server on the DMZ If you arrange with your ISP to have more than one public IP address for your use you can use the additional public IP addresses to map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Inter...

Page 111: ...f machines in the LAN having a known range of IP addresses and anyone coming in through the Network from the WAN i e all remote users STEP 1 Setup a schedule Choose Firewall Advanced Settings Schedules STEP 2 Click Add STEP 3 Enter the schedule name for example Weekend STEP 4 Under Time check All Day STEP 5 Under Repeat leave Everyday unchecked STEP 6 Check Saturday and Sunday STEP 7 Click Save Pa...

Page 112: ...cess rule with the following parameters Parameter Value Connection Type Outbound Action Block by Schedule Schedule Weekend Service HTTP Source IP Address Range Start starting IP address Finish ending IP address Destination IP Any Rule Status Enabled Parameter Value Connection Type Inbound Action Block by Schedule Schedule Weekend Service All Traffic Source IP Any Rule Status Enabled ...

Page 113: ...Configuring the Firewall Firewall Configuration Examples Cisco RV180 RV180W Administration Guide 104 4 ...

Page 114: ...Configuring the Firewall Firewall Configuration Examples Cisco RV180 RV180W Administration Guide 105 4 ...

Page 115: ...els depending on the needs of your business Several scenarios are described below Read these descriptions to understand the options and the steps required to set up your VPN Site to Site Access with Gateway to Gateway VPN A gateway to gateway VPN connects two or more routers using an IPsec policy to secure traffic between two sites Use this type of VPN if you need to connect the network at a branc...

Page 116: ... client You also will need to install and configure the IPsec client software on the users computers STEP 1 Use the Basic VPN Setup page to quickly configure the IKE Policy and the VPN Policy by using the standard settings Choose VPN Client as the peer type and enter the other basic settings Note that the users VPN client software will need to be configured with the same Pre Shared Key that you en...

Page 117: ...QuickVPN software from Cisco com and install it on their computers For more information see Appendix A Using Cisco QuickVPN for Windows 7 2000 XP or Vista Note To enable access via Cisco QuickVPN this router you must enable remote management to open port 443 for SSL See Using the Management Interface page 137 Remote access using PPTP In this scenario a remote user with a Microsoft computer connect...

Page 118: ... STEP 2 In the Connection Name and Remote IP Type section enter the following information New Connection Name Enter a name to identify this connection The connection name is used for management Pre Shared Key Enter an alpha numeric key to be used when setting up a connection Include 8 to 49 characters The double quote character is not allowed Ensure that the VPN client or remote gateway is configu...

Page 119: ...owing information Remote LAN Local Network IP Address for a Gateway only Enter the subnet IP address of the remote LAN A subnet IP address is one that gives the network number of the IP range For example a network address of 192 168 1 10 with a Subnet Mask of 255 255 255 0 would have a network number or subnet IP address of 192 168 1 0 Remote LAN Local Network Subnet Mask for a Gateway only Enter ...

Page 120: ...N policies To open this page In the navigation tree choose VPN IPsec Advanced VPN Setup The tables list the existing policies IKE Policies The Internet Key Exchange IKE protocol dynamically exchanges keys between two IPsec hosts You can create IKE policies to define the security parameters such as authentication of the peer encryption algorithms etc to be used in this process Be sure to use compat...

Page 121: ...elect all policies check the box in the heading row and then click Delete When the confirmation message appears click OK to continue with the deletion or otherwise click Cancel To enable a policy check the box and then click Enable To select all policies check the box in the heading row and then click Enable To enable a policy check the box and then click Disable To select all policies check the b...

Page 122: ... This mode establishes a faster connection but with lowered security Note If either the Local or Remote identifier type is not an IP address then negotiation is only possible in Aggressive Mode If FQDN User FQDN or DER ASN1 DN is selected the router disables Main mode and sets the default to Aggressive mode STEP 2 In the Local section enter the Identifier Type to specify the Internet Security Asso...

Page 123: ...uthentication Algorithm Specify the authentication algorithm for the VPN header MD5 SHA 1 SHA2 256 SHA2 384 SHA2 512 Ensure that the authentication algorithm is configured identically on both sides Authentication Method Choose one of the following options Pre Shared Key Choose this option for a simple password based key that is shared with the IKE peer Then enter the key in the space provided Note...

Page 124: ...en the IPsec traffic is idle Reconnect after Failure Count Enter the maximum number of DPD failures allowed before tearing down the connection STEP 5 Optionally in the Extended Authentication section enable Extended Authentication XAUTH When connecting many VPN clients to a VPN gateway router XAUTH allows authentication of users with methods in addition to the authentication method mentioned in th...

Page 125: ...he corresponding Auto Policy for that IKE Policy STEP 1 At the top of this page enter these settings Policy Name Enter a unique name to identify the policy Policy Type Choose one of the following options Auto Policy Some parameters for the VPN tunnel are generated automatically This requires using the IKE Internet Key Exchange protocol to perform negotiations between the two VPN Endpoints Manual P...

Page 126: ... the network address in the Start IP Address field and enter the Subnet Mask in the Subnet Mask field Enter the subnet s network IP address in the Start Address field Enter the subnet mask such as 255 255 255 0 in the Subnet Mask field The field automatically displays a default subnet address based on the IP address IMPORTANT Make sure that you avoid using overlapping subnets for remote or local t...

Page 127: ...s for example 0x1234 Encryption Algorithm Select the algorithm used to encrypt the data Key In Enter the encryption key of the inbound policy The length of the key depends on the algorithm chosen DES 8 characters 3DES 24 characters AES 128 16 characters AES 192 24 characters AES 256 32 characters AES CCM 16 characters AES GCM 20 characters Key Out Enter the encryption key of the outbound policy Th...

Page 128: ...und traffic and one SA applies to outbound traffic Due to differences in the upstream and downstream traffic flows the SA may expire asymmetrically For example if the downstream traffic is very high the lifebyte for a download stream may expire frequently The lifebyte of the upload stream may not expire as frequently It is recommended that the values be reasonably set to reduce the difference in e...

Page 129: ... DES Key In 11112222 Key Out 33334444 SPI Outgoing 0x2222 Integrity Algorithm MD5 Key In 1122334444332211 Key Out 5566778888776655 Router 2 WAN1 10 0 0 2 LAN 192 168 2 1 Subnet 255 255 255 0 Policy Name manualVPN Policy Type Manual Policy Local Gateway WAN1 Remote Endpoint 10 0 0 1 Local IP Subnet 192 168 2 0 255 255 255 0 Remote IP Subnet 192 168 1 0 255 255 255 0 SPI Incoming 0x2222 Encryption A...

Page 130: ...nts for PPTP XAUTH and Cisco QuickVPN NOTE You can also created comma separated value CSV files containing user information and import them to easily add multiple users See Importing CSV Files page 153 Field Description Policy Name IKE or VPN policy associated with this SA Endpoint IP address of the remote VPN gateway or client Packets Number of IP packets transmitted over this SA Kbytes Kilobytes...

Page 131: ...tings in the PPTP Server Configuration section PPTP Server Check the Enable box to enable this feature or uncheck the box to disable it Starting IP Address Enter the starting IP address of the range of IP addresses for the PPTP VPN tunnel Ending IP Address Enter the ending IP address of the range of IP addresses for the PPTP VPN tunnel The range can include up to 10 addresses Note The starting IP ...

Page 132: ...ick Edit To select all entries check the box in the heading row Then edit the information as described above To delete a client check the box and then click Delete To select all entries check the box in the heading row STEP 4 Click Save to save your settings or click Cancel to reload the page with the current settings Configuring VPN Passthrough VPN passthrough allows VPN traffic that originates f...

Page 133: ... this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for most corporate network VPN solutions A self certificate is a certificate issued by a CA identifying your device or self signed if you don t want the identity protection of a CA To request a self certificate to be signed by a CA...

Page 134: ...e from a trusted authority to upload the file must be located on the computer connected to the Cisco RV180 RV180W Perform the following steps STEP 1 Choose Security SSL Certificate STEP 2 In the Trusted Certificates CA Certificate Table click Upload STEP 3 Click Browse and locate the file on your computer STEP 4 Click Upload The new certificate appears in the table Generating New Certificate Reque...

Page 135: ...the IP address of the router STEP 8 Optional Enter the domain name of the router STEP 9 Optional Enter the e mail address of the company contact that is used when generating the self certificate request STEP 10 Click Save A new certificate request is created and appears in the Self Certificate Requests Table STEP 11 Click Export for Admin to save the certificate file This file is submitted to the ...

Page 136: ...rity SSL Certificate STEP 2 In the Active Self Certificates Table click Upload STEP 3 Click Browse and locate the file on your computer STEP 4 Click Upload The new certificate appears in the table Exporting the Router s Current Certificate To export the router s current certificate STEP 1 Choose Security SSL Certificate STEP 2 Under Export Certificate click Export for Client to export the certific...

Page 137: ... IP Address field enter the IP address of the authenticating RADIUS Server STEP 3 In the Authentication Port field enter the port number on which the RADIUS server sends traffic STEP 4 In the Secret field enter the shared key that allows the Cisco RV180 RV180W to authenticate with the RADIUS server This key must match the key configured on the RADIUS server The single quote double quote and space ...

Page 138: ...ve portal user Check the box and click Delete to delete a captive portal user Configuring 802 1x Port Based Authentication A port based network access control uses the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point to point connection characteristics It also prevents access ...

Page 139: ...5 STEP 4 Enter the username and password sent by the Cisco RV180 RV180W to the authenticator for authentication The username and password are the credentials sent to the authenticating server the device running 802 1X in an authenticator role for example a Cisco Catalyst switch STEP 5 Press Save ...

Page 140: ... configure WAN QoS profiles to control the rate at which the RV180 RV180W transmits data For example limiting the outbound traffic helps you prevent the LAN users from consuming all of the bandwidth of the Internet link Configuring Global Settings To configure the WAN QoS global settings STEP 1 Choose QoS WAN QoS Profiles STEP 2 Under Global Settings a To enable WAN QoS check Enable b Set the WAN ...

Page 141: ...QoS mode is set to Priority enter this information Each one of these values specifies the percentage of the total bandwidth 100 Mbps allocated to these priority levels If the WAN QoS mode is set to Rate Limit enter this information STEP 3 Click Save Adding WAN QoS Profiles To add a WAN QoS profile STEP 1 Choose QoS WAN QoS Profiles STEP 2 In the WAN QoS Profile Table click Add High Priority Enter ...

Page 142: ...inding is matched in the match configuration field Adding a Profile Binding To create a profile binding STEP 1 Choose QoS Profile Binding STEP 2 In the Available Profiles field choose a WAN QoS profile To create a profile click Configure Profile See Configuring WAN QoS Profiles page131 for more information STEP 3 From the Service drop down menu choose the service to which the profile applies Name ...

Page 143: ...to the traffic forwarding queue STEP 1 Choose QoS CoS Settings Cos Settings STEP 2 In the CoS to Queue field check Enable STEP 3 For each CoS priority level in the CoS to Traffic Forwarding Queue Mapping Table choose a priority value from the Traffic Forwarding Queue drop down menu Starting IP Address Enter the starting IP address of the range Ending IP Address Enter the ending IP address of the r...

Page 144: ...Mapping CoS Settings to DSCP Values NOTE Before you can map CoS settings to DSCP values you must first enable the CoS to Queue option See Configuring CoS Settings page134 for more information To map CoS settings to DSCP values STEP 1 Choose QoS CoS Settings CoS to DSCP STEP 2 In the CoS to DSCP field check Enable STEP 3 For each CoS priority level enter the corresponding DSCP value 0 63 The defaul...

Page 145: ... page 137 Configuring Password Rules page 137 Using the Management Interface page 137 Configuring Network Management page140 Configuring the WAN Traffic Meter page 143 Using Network Diagnostic Tools page144 Capturing and Tracing Packets page145 Configuring Logging page 146 Configuring the Discovery Settings page149 Configuring Time Settings page 151 Backing Up and Restoring the System page151 Impo...

Page 146: ...les The Cisco RV180 RV180W can enforce rules for passwords selected by administrators and users To configure password rules STEP 1 Choose Administration Password Rules STEP 2 Check the Enable box STEP 3 In the Individual Rule Settings field in the Minimal Password Length field enter the minimum password length NOTE Passwords cannot be the same as the username which is cisco by default STEP 4 Click...

Page 147: ...e choose the type of entity that will be allowed to remotely manage the router All IP Addresses All IP addresses will be allowed to connect to the web management interface IP Address Range Only IP addresses in the configured range will be allowed to connect to the web management interface Single IP Address Only the configured IP address will be allowed to connect to the web management interface ST...

Page 148: ...nts STEP 2 In the Password Aging section check Enable to enable password aging Password aging requires the user to enter a new password after the password has expired STEP 3 Enter the password aging time This is the number of days before the password expires STEP 4 Click Save Configuring Usernames and Passwords STEP 1 Choose Administration Management Interface User Accounts STEP 2 Click either Edi...

Page 149: ...efore an administrator login session times out due to inactivity STEP 3 In the Guest Inactivity Timeout field enter the number in minutes before a guest login session times out due to inactivity STEP 4 Click Save Configuring Network Management The Cisco RV180 RV180W supports Simple Network Management SNMP to allow you to monitor and manage your router from an SNMP manager SNMP provides a remote me...

Page 150: ...Priv or AuthPriv choose the type of authentication algorithm MD5 or SHA and enter the authentication password STEP 4 If you chose AuthPriv choose the type of privacy algorithm DES or AES and enter the privacy password STEP 5 Click Save Adding SNMP Traps The Traps List Table lists IP addresses of SNMP agents to which the router will send trap messages notifications and allows several operations on ...

Page 151: ...nity string to which the agent belongs Most agents are configured to listen for traps in the Public community STEP 5 Choose the access type The SNMP manager or trap agent can either be allowed to read and modify all SNMP accessible settings rwcommunity or be given read only access rocommunity STEP 6 Click Save Configuring Additional SNMP Information To configure additional SNMP information STEP 1 ...

Page 152: ...tions Display traffic coming to the Cisco RV180 RV180W from the Internet and traffic going from the Cisco RV180 RV180W to the Internet STEP 4 If you want to limit traffic to or from the router you can specify a size limit When that size limit is reached traffic is prevented from entering or exiting the router Enter a number in megabytes in the Monthly Limit field STEP 5 To increase the monthly lim...

Page 153: ...hen the traffic limit has been reached and traffic is being blocked STEP 4 Click Save To view traffic statistics choose Administration WAN Traffic Meter Under WAN Internet Traffic Statistics information is displayed about WAN traffic to and from the Cisco RV180 RV180W Using Network Diagnostic Tools Using PING PING can be used to test connectivity between this router and another device on the netwo...

Page 154: ...o perform a DNS lookup STEP 1 Choose Diagnostics Network Tools STEP 2 Enter the WAN Internet Name in the text box and click Lookup If the host or domain entry exists you will see a response with the IP address A message stating Unknown Host indicates that the specified Internet Name does not exist Capturing and Tracing Packets You can capture all packets that pass through a selected interface LAN ...

Page 155: ...ght want to log all types of events that have a severity level of Emergency so you would check System Kernel and Wireless under Emergency STEP 6 Click Save Configuring Firewall Logs To configure firewall logs STEP 1 Choose Administration Logging Firewall Logs STEP 2 Under the type of routing logs check the box to choose one or both of the following for each type Accepted Packets Check this box to ...

Page 156: ...ng system events can be recorded All Unicast Traffic Check this box to log all unicast packets directed to the router All Broadcast Multicast Traffic Check this box to log all broadcast or multicast packets directed to the router STEP 4 Under other events logs select the type of event to be logged The following events can be recorded Source MAC Filter Check this box to log packets matched due to s...

Page 157: ... where the logs and alerts are to be sent Authentication with SMTP server If the SMTP server requires authentication before accepting connections select either Login Plain or CRAM MD5 and enter the Username and Password to be used for authentication To disable authentication select None Respond to Identd from SMTP Server Check this box to configure the router to respond to an IDENT request from th...

Page 158: ...pports two types of discovery protocols Bonjour and Universal Plug and Play UPnP Configuring Bonjour Bonjour is a service advertisement and discovery protocol To configure Bonjour STEP 1 Choose Administration Discovery Settings Discovery Bonjour STEP 2 Check the Enable box to enable Bonjour on the router Unchecking this will disable Bonjour STEP 3 In the Bonjour Interface Control Table you can see...

Page 159: ...fault VLAN ID 1 That means that the Cisco RV180 RV180W advertises itself to plug and play devices connected to it on VLAN 1 and plug and play devices joining the network can connect to the Cisco RV180 RV180W If you have other VLANs created on your network you can enable UPnP on those VLANs too See Configuring Virtual LAN VLAN Membership page 34 for more information The UPnP Portmap Table shows IP ...

Page 160: ...f time in minutes that the clock will be offset during daylight saving time STEP 4 Select whether to use a Network Time Protocol NTP server or set the time and date manually STEP 5 If you chose NTP choose to use either a default NTP server or a custom NTP server STEP 6 If you chose to use a default NTP server choose the server you want to use from the list If you chose to use a custom NTP server e...

Page 161: ...ve the file on the PC To save a copy of your router s mirror configuration click Backup Mirror Configuration The browser downloads the configuration file and prompts you to save the file on the PC The mirror image is the last working configuration The startup configuration is the configuration that the device used to boot up The startup and mirror configurations can differ For example if you made ...

Page 162: ...users a PPTP user and a QuickVPN user to import The Format of the csv file is as follows SSLVPNDomain Code DomainName PortalLayoutName AuthenticationType AuthenticationServer AuthenticationRadiusSecret NTDomainWorkGroup LDAPBaseDN ActiveDirectoryDomain Possible Values SSLVPNDomain Code 5 Domain Name String PortalLayoutName String AutheticationType String AuthenticationServer IP Address Authenticat...

Page 163: ...vel integer authAlgo MD5 SHA authPassword String privAlgo DES AES privPassword String PPTPUSER Code userName password Possible Values PPTPUSER Code 2 userName String password String IPSECUSER Code UserName Password UserType AllowChangePassword Possible Values IPSECUSER Code 1 Username String Password String UserType boolean 0 Standard Ipsec 1 Cisco Quick VPN AllowChangePassword boolean SSLVPNUSER ...

Page 164: ...an LoginFromIP boolean LoginFromBrowser boolean Password String Sample CSV file format 5 domain1 SSLVPN radius_pap 14 0 0 1 test 4 group2 domain1 30 3 cisco RWUSER 1 SHA authPassword AES privPassword 2 p2 pp2 1 rrrr sss 0 1 0 user102 sss dddd SSLVPN 4 10 0 1 0 0 fail Importing a File Use the Administration CSV File Import page to import a CSV file that you created for domains groups and users STEP...

Page 165: ... Upload STEP 2 Optional Check the box to reset all configuration and settings to the default values Do not check this box if you want to keep any settings you have changed on the router STEP 3 Click Start Firmware Upgrade After the new firmware image is validated the new image is written to flash and the router is automatically rebooted with the new firmware Choose Status System Summary to make su...

Page 166: ...lts Cisco RV180 RV180W Administration Guide 157 7 To restore factory defaults to the router choose Administration Restore Factory Defaults Click Default CAUTION Do not perform this procedure unless you want to erase all configuration you have performed on the router ...

Page 167: ...Administering Your Cisco RV180 RV180W Restoring the Factory Defaults Cisco RV180 RV180W Administration Guide 158 7 ...

Page 168: ...co RV180W page 166 IPsec Connection Status page 167 Viewing VPN Client Connection Status page 168 Viewing Logs page 169 Viewing Available LAN Hosts page 169 Viewing Port Triggering Status page 170 Viewing Port Statistics page 171 Viewing Open Ports page 172 Viewing the Dashboard The Dashboard page provides you with a view of important router information To view the Dashboard STEP 1 Choose Status D...

Page 169: ...ce Information Resource Utilization Host Name The name of the device To change the name click Edit See Configuring IPv4 LAN Local Network Settings page 32 Firmware Version The current software version the device is running By default the router boots from this version Serial Number The serial number of the device Users Displays the number of users configured on the device and the number of active ...

Page 170: ...ng For more information see Configuring Logging page 146 LAN Local Network Interface To view the LAN settings click details For more information see Viewing Port Statistics page 171 MAC Address The MAC address of the LAN interface on the router IPv4 Address The IPv4 IP address of the LAN interface on the router To change the IP address see Configuring the IPv4 WAN Internet page 24 DHCP Server The ...

Page 171: ...mary page displays a summary of the router s settings To view a summary of system settings STEP 1 Choose Status System Summary STEP 2 Click Refresh to obtain the latest information IP Address The IP address of the router s WAN interface To change the IP address see Configuring the WAN Internet Settings page 24 State The state of the Internet connection Site to Site Tunnels Displays the connected I...

Page 172: ...D Product ID and vendor ID of the device Serial Number The serial number of the device MAC Address The MAC address of the device IPv4 Address The IP address and subnet mask of the device IPv6 Address The IP address and subnet mask of the device shown only if IPv6 is enabled DHCP Server The status of the router s DHCP server enabled or disabled If it is enabled DHCP client machines connected to the...

Page 173: ...ver Lease Duration The duration for which the lease remains active IP Address The WAN Address of the device Subnet Mask The subnet mask of the WAN port Gateway The gateway IP address of the WAN port Primary DNS Server The IP address of the primary DNS server Secondary DNS Server The IP address of the secondary DNS server NAT IPv4 Only Mode Indicates if the router is in NAT mode enabled or routing ...

Page 174: ... gateway IP address of the WAN port DNS Server DNS server IP address of the WAN port Release Renew Visible if automatic configuration DHCP is connected as the Internet connection type Click Release to release the current IP address that was assigned to your WAN port Click Renew to obtain a new IP address for your WAN port Connect Disconnect Visible if an Internet connection type other than automat...

Page 175: ... In the Poll Interval field enter the number of seconds the router waits before updating the information on this page STEP 4 Click Start to restart automatic refresh at the specified poll interval The Wireless Statistics page displays this information SSID The SSID name of the access point MAC Address The MAC address of the SSID Security The security setting for the SSID Encryption The encryption ...

Page 176: ...t automatic refresh at the specified poll interval You can change the status of a connection to either establish or disconnect the configured SAs Security Associations Errors The number of received sent packet errors reported to the radio over all configured APs Dropped The number of received sent packets dropped by the radio over all configured APs Multicast The number of multicast packets sent o...

Page 177: ...ction Status page displays this information State The current status of the SA for IKE policies The status can be IPsec SA Established or IPsec SA Not Established Action Click Connect to establish an inactive SA connection Click Drop to terminate an active SA connection Username The username of the VPN user associated with the QuickVPN or PPTP tunnel Remote IP Displays the IP address of the remote...

Page 178: ...enu To delete all entries in the log window click Clear Logs To email all log messages from the router click Send Logs Viewing Available LAN Hosts The Available LAN Local Network Hosts page displays information about the devices connected to the Cisco RV180 RV180W To view a list of all available LAN hosts STEP 1 Choose Status Available Local Network Hosts End Time The time of the VPN user ending a...

Page 179: ...w the status of port triggering STEP 1 Choose Status Port Triggering Status STEP 2 Click Refresh to display the latest port triggering information All Displays a list of all devices connected to the router Wireless Displays a list of all devices connected through the wireless interface Wired Displays a list of all devices connected through the Ethernet ports on the router Name The name of the conn...

Page 180: ...interval in seconds The default value is 10 STEP 3 To start the display of port statistics click Start This page displays the latest port statistics based on the value you enter in the Poll Interval field For example if you enter a poll interval value of 5 the router refreshes the information on this page every 5 seconds This table displays the data transfer statistics for the Dedicated WAN LAN an...

Page 181: ...eceived sent packets per second Bytes The number of received sent bytes of information per second Frames The number of received sent frames per second Proto The protocol TCP UDP and raw used by the port Recv Q The number of bytes not copied by the program connected to this port Send Q The number of bytes not acknowledged by the program connected to this port Local Address The address and port numb...

Page 182: ...Viewing the Cisco RV180 RV180W Status Viewing Open Ports Cisco RV180 RV180W Administration Guide 173 8 ...

Page 183: ... operating systems will have to use third party VPN software This appendix includes the following sections Before You Begin page 174 Installing the Cisco QuickVPN Software page 175 Using the Cisco QuickVPN Software page 176 Before You Begin The QuickVPN program only works with a router that is properly configured to accept a QuickVPN connection You must first create Quick VPN user accounts See Con...

Page 184: ... agreement The InstallShield Wizard copies the appropriate files to the computer STEP 3 Click Browse and choose where to copy the files to for example C Cisco Small Business QuickVPN Client STEP 4 Click Next STEP 5 Click Finish to complete the installation Downloading and Installing from the Internet STEP 1 Open a web browser and enter the following URL http tools cisco com support downloads STEP ...

Page 185: ...remote VPN router or keep the default setting Auto To save this profile click Save If there are multiple sites to which you will need to create a tunnel you can create multiple profiles but note that only one tunnel can be active at a time To delete this profile click Delete For information click Help STEP 3 To begin your QuickVPN connection click Connect The connection s progress is displayed Con...

Page 186: ...Virtual Private Connection window Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Password field Click OK to save your new password Click Cancel to cancel your change For information click Help NOTE You can change your password only if the Allow User to Change Password box has been checked for that...

Page 187: ...s www cisco com en US support tsd_cisco_small_business _support_center_contacts html Cisco Small Business Firmware Downloads www cisco com go software Select a link to download firmware for Cisco Small Business Products No login is required Cisco Small Business Open Source Requests www cisco com go smallbiz_opensource_request Product Documentation Cisco RV180 RV180W www cisco com go smallbizrouter...

Reviews:

No comments

Related manuals for RV180

Brand: D-Link Pages: 24

Wireless VPN Router DI-824VUP

Brand: D-Link Pages: 157

Brand: InfiNet Wireless Pages: 100

OfficeConnect 3CRWDR100B-72

Brand: 3Com Pages: 118

Brand: NetComm Pages: 55

3CRWX385075A - Wireless LAN Managed Access Point...

Brand: 3Com Pages: 4

Brand: Harman Pages: 36

Brand: Maipu Pages: 34

Brand: Zonet Pages: 9

ZoneFlex series

Brand: Ruckus Wireless Pages: 68

Brand: Topcom Pages: 196

Brand: Obihai Pages: 4

Brand: WAGO Pages: 66

Brand: Advantech Pages: 50

WISE-3200 Series

Brand: Advantech Pages: 56

Brand: VXI Pages: 2

Brand: Air Live Pages: 9

Brand: Tornado Pages: 7

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands