background image

- 32 - 

SECURITY

 

(IN

 

ROUTER

 

AND

 

WISP

 

MODE)

 

The

 

Intellinet

 

CPE

 

Access

 

Point

 

is

 

equipped

 

with

 

a

 

Firewall

 

that

 

protects

 

local

 

network

 

users

 

from

 

hacker

 

attacks

 

from

 

the

 

Internet

 

whenever

 

router

 

or

 

WISP

 

mode

 

is

 

used.

 

IN

 

these

 

modes

 

there

 

are

 

two

 

layers

 

of

 

security.

 

First,

 

NAT

 

itself.

 

A

 

NAT

 

router

 

by

 

design

 

provides

 

protection

 

for

 

local

 

network

 

users

 

in

 

that

 

it

 

will

 

not

 

forward

 

a

 

request

 

made

 

from

 

the

 

Internet

 

to

 

a

 

specific

 

service

 

port,

 

unless

 

that

 

request

 

is

 

a

 

response

 

to

 

an

 

inquiry

 

made

 

from

 

a

 

local

 

client.

 

Second,

 

the

 

Intellinet

 

CPE

 

Access

 

Point

 

provides

 

additional

 

features

 

such

 

as

 

IP,

 

Port

 

or

 

MAC

 

address

 

filtering,

 

which

 

allow

 

a

 

more

 

direct

 

control

 

of

 

who

 

can

 

access

 

the

 

device

 

and

 

services,

 

and

 

who

 

cannot.

 

 

 

Default

 

Rules

:

 

Specify

 

the

 

default

 

behavior.

 

Everything

 

that

 

isn’t

 

covered

 

by

 

any

 

of

 

the

 

security

 

rules

 

is

 

either

 

being

 

dropped

 

or

 

accepted

 

(default)

 

 

depending

 

on

 

how

 

you

 

set

 

this

 

value

 

up.

 

Accept

 

is

 

the

 

correct

 

choice

 

in

 

the

 

vast

 

majority

 

of

 

the

 

cases.

 

 

IP/Port

 

Filtering

:

 

You

 

can

 

create

 

specific

 

rules

 

for

 

IP

 

addresses

 

and

 

ports.

  

 

MAC

 

Filtering

:

 

You

 

can

 

create

 

specific

 

rules

 

for

 

individual

 

MAC

 

addreses.

  

 

URL

 

Filtering

:

 

Block

 

or

 

allow

 

access

 

to

 

web

 

pages.

 

 

DoS

 

Protection:

 

Provides

 

additional

 

security

 

against

 

DoS

 

(Dial

 

of

 

Service)

 

attacks.

  

 

There

 

are

 

several

 

parameters

 

that

 

can

 

be

 

activated

 

or

 

deactivated.

 

Note

 

that

 

the

 

default

 

values

 

are

 

such,

 

that

 

remote

 

access

 

to

 

local

 

services

 

is

 

prohibited

 

 

that

 

includes

 

Ping,

 

WEB,

 

Telnet,

 

SNMP,

 

FTP

 

and

 

Samba

 

access

.

 

Unless

 

you

 

have

 

good

 

reasons,

 

it’s

 

best

 

to

 

leave

 

these

 

options

 

set

 

to

 

Disable

.

 

 
 

 

 

Summary of Contents for 525794

Page 1: ...High Power Wireless 150N Outdoor CPE Access Point User Manual Model 525794 INT 525794 UM 0715 01 ...

Page 2: ...WMM 19 Advanced 20 Network 23 Network Settings in Router Mode 23 Network Settings in WISP Mode 26 Network Settings in Access Point AP Mode 27 Network Settings in Repeater Mode 28 QoS in Router and WISP Mode 29 Security in Router and WISP Mode 32 IP Port Filter 33 URL Filtering 33 MAC Filtering 33 DoS Protection 34 System 35 Password Settings 35 Time Settings 35 Backup Restore 35 Factory Defaults 3...

Page 3: ...he latest wireless encryption mechanisms PACKAGE CONTENTS Ensure that the following items are included High Power Wireless 150N Outdoor CPE Access Point Quick installation guide Installation CD with user manual this document Passive PoE power adapter Pole mount clamp PRODUCT FEATURES Wireless outdoor CPE provides Internet connectivity to your 2 4 GHz Wireless ISP WISP Also suitable for long range ...

Page 4: ...pter 12 V DC 1 0 A HARDWARE DEVICE STATUS LEDS LED Indicator State Description PWR On The Intellinet CPE Access Point is turned on Off The Intellinet CPE Access Point is turned off WLAN On The wireless radio is active Off The wireless radio is inactive Flashing The wireless radio is active and data is being transmitted and received WAN On Link on WAN port is active Off Link on WAN port is inactive...

Page 5: ...ar access point or repeater 5 Optional WAN connector This needs to be used if you run the Intellinet CPE Access Point in router gateway mode In that scenario the WAN port must be connected to a port that provides Internet access i e the LAN port on the cable modem PASSIVE POE INJECTOR The Intellinet CPE Access Point comes with a Passive PoE Injector that enables to merge the power supply and data ...

Page 6: ...njector will light up 2 Connect a standard RJ45 Ethernet cable to the LAN port on the Passive PoE Injector That cable connects the PoE injector and thus the access point to the rest of your network 3 Connect a standard RJ45 Ethernet cable 8P8C from the PoE port of the Passive PoE Injector to the LAN port of the Intellinet CPE Access Point This connection provides power and data connectivity to the...

Page 7: ...nnecting to the web interface of the access point one of the following issues may be occurring Your computer s IP address is not compatible to the IP address of the Intellinet CPE Access Point It must be in range of 192 168 2 2 to 192 168 2 254 Refer to Appendix A for information on how to set up the IP address of the network adapter The Intellinet CPE Access Point isn t properly connected to eith...

Page 8: ...rd you need to define which wireless signal you want to connect to That signal should be the wireless signal of your wireless ISP Click on Scan to display of a list of all available wireless networks select the network of your WISP and then type in the password required for the WISP in the WPA Key field You also need to select the WAN Type that is compatible to the settings of your WISP The second...

Page 9: ...u will need to fill out the IP address related fields Screen number four lets you set up wireless service for your local clients If you disable it then Internet service will only be available to clients that are connected to the LAN port of the access point either directly or indirectly via a switch If you enable the wireless function then you need to define the usual wireless parameters such as t...

Page 10: ... the WISP signal indicated by the status Connecting Click Refresh after about 30 seconds and the status will have changed to Connected This screen provides detailed information about the connection to the WISP signal and it allows to Disconnect and Reconnect the WISP signal using the corresponding buttons ...

Page 11: ...connection such as a DSL or cable modem Select the correct WAN type for your ISP e g PPPOE for xDSL connections or DHCP for cable Internet service If you select PPPOE you must provide the username and password as well as advanced parameters such as MTU LCP echo interval and failure Your DSL service provide has this information If your Internet service uses static IP you ll need to enter the IP add...

Page 12: ...PE wirelessly connects to the WISP and also provides local wireless access in your network Click on Scan to search for available wireless signals in the area Select the wireless network wlan_ISP in the example above and the channel security mode and WLAN Encrypt will be filled out automatically Type in the password for the wireless network in the field WPA Key Note that this is only required if th...

Page 13: ...ty For example if another wireless network in range is set to channel 2 then it d be best to set your Intellinet CPE Access Point to channel 6 or higher Next provide the SSID and set up the Security Mode for the wireless network WPA2PSK is recommended as it provides the most robust security for your wireless network If you use a Radius server in your network to authenticate the wireless clients yo...

Page 14: ...tion the Intellinet CPE Access Point performs a restart The setup is virtually identical to the WISP mode Click Scan to show wireless networks in range then select the wireless network that you with to repeat extend its range and provide the required security for the network Similar to the Access Point mode you can also define the Local IP Settings Select DHCP and the Intellinet access point will ...

Page 15: ...er If the device is set up as a repeater you can see information on the current connection status on this page This can be helpful if you need to trouble shoot a potential problem related to the repeater connection Access Point This option is available regardless of the operational mode and shows related information to the current wireless function such as the SSID channel security or connected cl...

Page 16: ...eless networks SSIDs Each wireless network can have its own settings M SSID Select lets you define which of the three additional SSIDs you want to configure Once selected you can proceed setting up the parameters the same way as you did for the main SSID above under Basic ACL ACL standards for access control list With this feature you can control who has access to the wireless network and how many...

Page 17: ... non enterprise equipment such as your Intellinet CPE Access Point isn t really a good option WDS also suffers from the problem that only static WPA keys can be used eliminating one of the key strength of WPA2 encrypted wireless networks If security is of great importance to you WDS isn t the ideal mode to use for your wireless network WDS setups are also restricted in that only the same equipment...

Page 18: ...e universal repeater mode see section Operation Modes except the WDS repeater offers some advantages and disadvantages over the standard repeater mode The advantage is that the WDS repeater creates a transparent wireless repeated network where the connecting devices MAC addresses can successfully pass through the network and access to other network clients As such the WDS repeater connection is in...

Page 19: ...s WME also known as Wi Fi Multimedia WMM is a Wi Fi Alliance interoperability certification based on the IEEE 802 11e standard It provides basic Quality of service QoS features for wireless IEEE 802 11 networks WMM prioritizes traffic according to four access categories AC for short 1 Voice 2 Video 3 Best effort 4 Background It is suitable for well defined applications that require QoS such as Voi...

Page 20: ...nt broadcasts the beacon frames Possible values range from 20 to 1000 ms The shorter the beacon interval the more often are the beacon frames sent out The more often the beacon frames are sent out the quicker the association and roaming process will be but it also leads to more network overhead which then leads to a drop in throughput performance Increase the beacon interval to reduce the network ...

Page 21: ...ields interframe spacing and acknowledgment of transmitted frames At the highest data rates this overhead can consume more bandwidth than the payload data frame To address this issue the 802 11n standard defines two types of frame aggregation MAC Service Data Unit MSDU aggregation and MAC Protocol Data Unit MPDU aggregation Both types group several data frames into one large frame Because manageme...

Page 22: ...vent wireless clients that are connected to the same SSID from communicating with each other Station Idle to Disconnect second Disconnects idel WLAN clients from the network after the specified idle time has elapsed Station Low Signal to Disconnect dBm If you enable this by entering a dBM value you can force a wireless client to drop the network if the signal strength is below the specified thresh...

Page 23: ...ed but that depends on your Internet service provider An MTU size of 1500 is considered standard but smaller MTU values as low as 1400 can sometimes be required Again when in doubt check with your Internet service provider DHCP The most common and easiest to set up method It sometimes requires the MAC address to match the records of the Internet service provider in which case you can use the MAC A...

Page 24: ...tic allocation type in the MAC address of the client for which you want to create a static DHCP lease and also type in the IP address and lease time you wish to use Click Add to create the static IP Mac binding rule If you want to make certain local network clients called servers in this circumstance accessible from the Internet you need to create so called port forwarding rules Without those rule...

Page 25: ...e a static fixed IP address It will be a problem when a user wants to provide services to other users on the Internet because their IP addresses will vary every time they connect and they will not be able to know the IP address they re using at any certain time This router supports the DDNS service of a plethora of service providers Refer to the on screen help for additional information This funct...

Page 26: ...ed out automatically Type in the password for the wireless network in the field WPA Key Note that this is only required if the WISP signal uses WPA encryption Should the WISP signal use WEP encryption the interface presents you with slightly different fields that need to be filled out namely the WEP key type key identifier and the actual WEP key fields Lock BSSID makes sure that the Intellinet CPE...

Page 27: ... change this value and click Apply the access point will reboot and after that you will need to have a station that is in that VLAN in order to access the Web admin interface If you accidentally changed the Management VLAN ID and have lost access to the web admin interface you will need to perform a hardware reset to restore the factory default settings Switch Port The Intellinet CPE Access Point ...

Page 28: ...es will be automatically filled out based upon which SSID you select Similar to the Access Point mode you can also define the Local IP Settings Select DHCP and the Intellinet access point will receive its IP settings from a DHCP server in your network most likely that will be your router Select Static if you want to control the IP address and related settings yourself If you want to maintain contr...

Page 29: ... QoS and its related terms such as DSCP etc This is where things get trickier Upstream describes all data traffic that you send from your local network to the Internet for instance traffic from your PC to your Twitch or YouTube live broadcast Downstream is the opposite If you watch a video on YouTube data is sent from the Internet to your local network and that is considered download or downstream...

Page 30: ...e used to limit the maximum bandwidth available to the device but we don t want to do that in this case We also set the DSCP to AF11 to boost the traffic priority Default DSCP DSCP stands for differentiated services code point It is a field in an IP packet that enables different levels of service to be assigned to network traffic The DSCP value can tell your ISP how to handle your traffic but most...

Page 31: ...ories 1 Voice 2 Video 3 Best effort this is the majority of traffic from applications other than video and voice 4 Background jobs such as printing file downloads and other non latency sensitive applications Simply by activating WMM for the SSIDs of the Intellinet CPE Access Point you can already achieve a noticeable improvement of the quality of service ...

Page 32: ...ccess the device and services and who cannot Default Rules Specify the default behavior Everything that isn t covered by any of the security rules is either being dropped or accepted default depending on how you set this value up Accept is the correct choice in the vast majority of the cases IP Port Filtering You can create specific rules for IP addresses and ports MAC Filtering You can create spe...

Page 33: ...to allow Accept or disallow Drop any packet that matches this rule URL FILTERING With this function you can limit access to individual Web pages Status Enable or disable this filter Default Rules Default behavior for any packet not matching any of the defined rules default accept URL Address Type in the URL of the site you wish to block or grant access to Action Define whether access to this URL s...

Page 34: ...f efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet The Intellinet CPE Access Point allows you to enable additional barriers against these kinds of attacks As this function requires a more detailed inspection of the data packets it can have a negative impact on the overall performance of the wireless network For maximum security you may enable...

Page 35: ...f the Access Point is connected to the Internet you can use the mode NTP The default NTP server is pool ntp org and it typically works just fine You can however change the NTP server address to something else If you select static you must provide the time manually If you do be aware that the time will slowly but surely become out of sync with the actual time BACKUP RESTORE The Backup Restore optio...

Page 36: ...s wireless Access Point like any other computer has a finite amount of system resources Over time free resources will become less and less and eventually the system stability can be compromised A reboot frees up these system resources and allows continued use of the device Scheduled Reboot When the system reaches a specified running time the system will reboot automatically The device will do this...

Page 37: ...eady in use then you can change the WEB Port to something else In our example the port is changed to the value 1024 and the new URL to access the web administrator configuration interface is http 192 168 2 1024 Remote WEB Access Enable or disable remote WEB server access If you need to configure the device from outside your LAN this option should be enabled In addition you will need to add the WEB...

Page 38: ... as the Intellinet CPE Access Point and the system that stores them for example the remote syslog server If you want to utilize a remote server then you need to activate the Remote Log option and provide the Log Server IP The default syslog Log Server Port is 514 You can make changes to the port as needed PING TEST The Intellinet CPE Access Point has the ability to ping other network devices This ...

Page 39: ... the instructions that came with your computer for information on how to change the IP address on the network adapter in your computer for any operating system that is not explained in this user manual WINDOWS 8 1 If you are using a PC move the mouse cursor to the bottom or top right corner of the screen and select the cog icon for Settings If you are using a tablet swipe left from the right side ...

Page 40: ... adapter settings 6 Right click your network adapter and select Properties 7 Select Internet Protocol Version 4 from the list and click Properties 8 Enter the information as shown below then click OK to save the settings ...

Page 41: ... Center 2 Click on Change adapter settings 3 Right click your network adapter and select Properties 4 Select Internet Protocol Version 4 from the list and click Properties 5 Enter the information as shown below then click OK to save the settings ...

Page 42: ...ions icon in the control panel 2 Right click the connection e g Local Area Connection and select Properties 3 Select Internet Protocol TCP IP from the list and click Properties 4 Enter the information as shown below then click OK to save the settings ...

Page 43: ...Network icon 3 Select either Built in Ethernet or AirPort depending on how you connect to the wireless range extender then click Configure 4 Set the value for Configure IPv4 to Manually and enter 192 168 2 50 in the IP Address field Click Apply Now not shown in screen shot to save the settings ...

Page 44: ...e if available The WAN LED does not light up Check the network connection between the access point s WAN port and the Ethernet port of the modem you re connecting to The network cable must be inserted properly and the Ethernet device must be turned on Try using a different network cable if available The WLAN LED is not lit The WLAN LED should always be light whether a wireless connection has been ...

Page 45: ...1 Immediate AF23 010 110 22 001 Immediate AF31 011 010 26 011 Flash AF32 011 100 28 011 Flash AF33 011 110 30 011 Flash AF41 100 010 34 100 Flash Override AF42 100 100 36 100 Flash Override AF43 100 110 38 100 Flash Override None Best Effort 000 000 0 0000 Routine CS1 001 000 8 1 CS2 010 000 16 2 CS3 011 000 24 3 CS4 100 000 32 4 CS5 101 000 40 5 CS6 110 000 48 6 CS7 111 000 56 7 EF High Priority ...

Page 46: ... 1 Todos los productos a que se refiere esta garantía ampara su cambio físico sin ningún cargo para el consumidor 2 El comercializador no tiene talleres de servicio debido a que los productos que se garantizan no cuentan con reparaciones ni refacciones ya que su garantía es de cambio físico 3 La garantía cubre exclusivamente aquellas partes equipos o sub ensambles que hayan sido instaladas de fábr...

Page 47: ... 47 intellinetnetwork com IC Intracom All rights reserved Intellinet is a trademark of IC Intracom registered in the U S and other countries ...

Reviews: