background image

Security Configuration 

61 

"Members" Button 

Click this button to add or remove members from the current 
Group. 

• 

If the current group is "Default", then members can not be 
added or deleted. This group contains PCs not allocated to any 
other group. 

• 

To remove PCs from the Default Group, assign them to another 
Group.  

• 

To assign PCs to the Default Group, delete them from the 
Group they are currently in. 

See the following section for details of the 

Group Members

 screen. 

Internet Access  

Restrictions

 

Select the desired options for the current group: 

• 

None - Nothing is blocked. Use this to create the least restric-
tive group.  

• 

Block all Internet access - All traffic via the WAN port is 
blocked. Use this to create the most restrictive group.  

• 

Block selected Services - You can select which Services are to 
block. Use this to gain fine control over the Internet access for 
a group. 

Block by Schedule 

If Internet access is being blocked, you can choose to apply the 
blocking only during scheduled times. (If access is not blocked, no 
Scheduling is possible, and this setting has no effect.) 

Services 

This lists all defined Services. Select the Services you wish to 
block. To select multiple services, hold the CTRL key while select-
ing. (On the Macintosh, hold the SHIFT key rather than CTRL.) 

Buttons 

Members

 

Click this button to add or remove members from the current 
Group. 

If the current group is "Default", then members can not be added or 
deleted. This group contains PCs not allocated to any other group. 

See the following section for details of the 

Group Members

 screen. 

Save 

Save the data on screen. 

Cancel 

Reverse any changes made since the last "Save". 

View Log 

Click this to open a sub-window where you can view the "Access 
Control" log. This log shows attempted Internet accesses which 
have been blocked by the Access Control feature. 

Clear Log 

Click this to clear and restart the "Access Control" log, making new 
entries easier to read. 

 

Summary of Contents for XRT-811

Page 1: ...Internet Broadband Router XRT 811 User s Manual...

Page 2: ...Manual is accurate PLANET dis claims liability for any inaccuracies or omissions that may have occurred Information in this User s Manual is subject to change without notice and does not represent a...

Page 3: ...Linux Clients 35 Other Unix Systems 36 CHAPTER 5 OPERATION AND STATUS 37 Operation 37 Status Screen 37 Connection Status PPPoE 39 Connection Status PPTP 42 Connection Status Telstra Big Pond 43 Connec...

Page 4: ...PC Database 74 Printer Port 78 Remote Administration 79 Routing 80 Upgrade Firmware 84 UPNP 85 APPENDIX A TROUBLESHOOTING 86 Overview 86 General Problems 86 Internet Access 86 Printing 87 Glossary 90...

Page 5: ...LAN or WLAN can access the Internet through XRT 811 using only a single external IP Address The local invalid IP Ad dresses are hidden from external sources This process is called NAT Network Address...

Page 6: ...g hub making it easy to create or extend your LAN DHCP Server Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request XRT 811 can act as a DHCP...

Page 7: ...coming data packets are monitored and all incom ing server requests are filtered thus protecting your network from malicious attacks from external sources Protection against DoS attacks DoS Denial of...

Page 8: ...he printer PRINT ERR On Printer error detected Off No printer error detected WAN LNK ACT Connection to the modem attached to the WAN Internet port is established 100 Corresponding WAN port is using 10...

Page 9: ...lt values To Clear All Data and restore the factory default values 1 Power Off 2 Hold the Reset Button down while you Power On 3 Keep holding the Reset Button for a few seconds until the RED LED has f...

Page 10: ...rnet Access an Internet Access account with an ISP and either of a DSL or Cable modem for WAN port usage For shared access to the attached printer the following clients are supported Windows 95 98 ME...

Page 11: ...no cable was supplied use a standard cable 4 Connect Printer Cable Use a standard parallel printer cable to connect your printer to the Printer port on XRT 811 5 Power Up Power on the Cable or DSL mo...

Page 12: ...required func tions To Do this Refer to Configure PCs on your LAN Chapter 4 PC Configuration Check Broadband Router operation and Status Chapter 5 Operation and Status Use any of the following Intern...

Page 13: ...ur Windows system supports UPnP an icon for XRT 811 will appear in the system tray notifying you that a new network device has been found and offering to create a new desktop shortcut to the newly dis...

Page 14: ...er the connection is not working or your PC s IP address is not compatible with XRT 811 s IP Address See next item If your PC is using a fixed IP Address its IP Address must be within the range 192 16...

Page 15: ...the MAC address from your PC to XRT 811 Common Connection Types Cable Modems Type Details ISP Data required Dynamic IP Address Your IP Address is allocated automatically when you connect to you ISP U...

Page 16: ...red Dynamic IP Address Your IP Address is allocated automatically when you connect to you ISP None Static Fixed IP Address Your ISP allocates a permanent IP Address to you IP Address allocated to you...

Page 17: ...Data Input Use the menu bar on the top of the screen and the Back button on your Browser for navigation Changing to another screen without clicking Save does NOT save any changes you may have made You...

Page 18: ...he same value as the PCs on that LAN segment DHCP Server If Enabled XRT 811 will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recom mended value is Enabled...

Page 19: ...HCP Server on your LAN Using XRT 811 s DHCP Server This is the default setting The DHCP Server settings are on the LAN screen On this screen you can Enable or Disable XRT 811 s DHCP Server function Se...

Page 20: ...d Screen Once you have assigned a password to XRT 811 on the Password screen above you will be prompted for the password when you connect as shown below If no password has been set this dialog will no...

Page 21: ...col be installed and configured on each PC TCP IP Settings Overview If using the default Broadband Router settings and the default Windows TCP IP settings no changes need to be made By default XRT 811...

Page 22: ...ke the following Figure 10 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Wi...

Page 23: ...administrator can advise you of the IP Address they assigned to XRT 811 Figure 11 Gateway Tab Win 95 98 On the DNS Configuration tab ensure Enable DNS is selected If the DNS Server Search Order list i...

Page 24: ...king TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below Figure 13 Windows NT4 0 TCP IP 2 Click the Properties button to see...

Page 25: ...ct as a DHCP Server Restart your PC to ensure it obtains an IP Address from XRT 811 Specify an IP Address If your PC is already configured check with your network administrator before making the follo...

Page 26: ...Windows NT4 0 Add Gateway 2 The DNS should be set to the address provided by your ISP as follows Click the DNS tab On the DNS screen shown below click the Add button under DNS Service Search Order and...

Page 27: ...PC Configuration 23 Figure 16 Windows NT4 0 DNS...

Page 28: ...al up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Figure 17 Network Configuration Win 2000 3 Select the TCP IP protocol for...

Page 29: ...PC to ensure it obtains an IP Address from XRT 811 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the follo...

Page 30: ...Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following Figure 19 Network Configuration Windows XP 3 Select the TCP IP protocol for your ne...

Page 31: ...nsure it obtains an IP Address from XRT 811 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following cha...

Page 32: ...nd Internet Connections 2 Select Set up or change your Internet Connection 3 Select the Connection tab and click the Setup button 4 Cancel the pop up Location Information screen 5 Click Next on the Ne...

Page 33: ...Print jobs will be spooled queued on the Windows Server and can be managed using the standard Windows Server tools Print Port Driver Setup The following procedure is for all versions of Windows 95 98...

Page 34: ...et Router Add Port Management Print jobs can be managed like any Windows printer Open the Printers folder Start Settings Printers and double click any printer to see the current print jobs If the prin...

Page 35: ...to work with multi port models The Port Name is shown in the Printer s Properties Banner Check this option to print a banner page before each print job If using a PostScript Printer check the PostScri...

Page 36: ...rinter will be managed by select My Computer and click Next 3 Select Add Port then select LPR Port and click New Port 4 In the Dialog requesting Name of Address of server providing lpd enter the IP ad...

Page 37: ...ect Other Network File and Print Services then click the Details button Figure 23 Adding LPD LPR Port Win 2000 3 Enable Print Services for Unix and click OK 4 Click Next and complete the Wizard Adding...

Page 38: ...D LPR Printing After configuring the Windows Server client PCs on the LAN can install the new printer The following procedure is for Windows 95 98 ME Windows NT4 0 and Windows 2000 workstation 1 Open...

Page 39: ...figuration Set your Default Gateway to the IP Address of XRT 811 Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your ver...

Page 40: ...r Port screen L1 4 Save this data and exit the Printer Configuration Configuration is now completed and the printer is now available for use Other Unix Systems To access the Internet via XRT 811 Ensur...

Page 41: ...eives an incoming connection Refer to Chapter 6 Advanced Features for further details Applications which use non standard connections or port numbers may be blocked by XRT 811 s built in firewall You...

Page 42: ...or the IP Address above DHCP Server This shows the status of the DHCP Server function either En abled or Disabled For additional information about the PCs on your LAN and the IP addresses allocated to...

Page 43: ...ample will be displayed when the Connection Details button is clicked Figure 26 PPPoE Status Screen Data PPPoE Connection Physical Address The hardware address of this device as seen by remote devices...

Page 44: ...ect button Reset physical connection Preparing line for connection attempt Connecting to remote server Attempting to connect to the ISP s server Remote Server located ISP s Server has responded to con...

Page 45: ...rror Invalid or unknown packet type The data received from the ISP s Server could not be proc essed This could be caused by data corruption from a bad link or the Server using a protocol which is not...

Page 46: ...N IP Address The IP Address of this device as seen by Internet users This address is allocated by your ISP Internet Service Provider PPTP Status This indicates whether or not the connection is current...

Page 47: ...us Telstra Big Pond An example screen is shown below Figure 28 Telstra Big Pond Status Screen Data Big Pond Connection Physical Address The hardware address of this device as seen by remote devices Th...

Page 48: ...s relating to the existing connection The Clear Log button will restart the Log while the Refresh button will update the messages shown on screen Buttons Connect If not connected establish a connectio...

Page 49: ...as a DHCP client If Enabled the Remaining lease time field indicates when the IP Address allocated by the DHCP Server will expire The lease is automatically renewed on expiry use the Renew button if...

Page 50: ...k The Network Mask associated with the IP Address above Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above DNS IP Address The IP Address of the Domain...

Page 51: ...king the Renew button will attempt to re establish the connection and obtain an IP Address from the ISP s DHCP Server If an IP Address has been allocated to XRT 811 by the ISP s DHCP Server this butto...

Page 52: ...re covered in this Chapter Advanced Internet Communication Applications Special Applications DMZ URL filter Dynamic DNS Virtual Servers Options Advanced Internet Screen Figure 31 Advanced Menu This sc...

Page 53: ...menu For each application listed above you can choose a destina tion PC There is no need to Save after each change you can set the destination PC for each application then click Save Special Applicat...

Page 54: ...used by the applica tion server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields Using a Special Application Configure the Special App...

Page 55: ...the URL Filter screen An example screen is shown below Figure 33 URL Filter Screen Data URL Filter Screen Filter Strings Current Entries This lists any existing entries If you have not entered any va...

Page 56: ...uest your desired Domain name 3 Enter your data from www dyndns org in XRT 811 s DDNS screen 4 XRT 811 will then automatically ensure that your current IP Address is recorded at http www dyndns org 5...

Page 57: ...g The name should consist only of letters and the hyphen dash Using any other characters may cause problems DDNS Status This message is returned by the DDNS Server at www dyndns org Normally this mess...

Page 58: ...ernet users to connect to your servers as illustrated below Figure 35 Virtual Servers IP Address seen by Internet Users Note that in this illustration both Internet users are connecting to the same IP...

Page 59: ...s will be forwarded to the selected PC If Disabled any incoming connection attempts will be blocked PC Server Select the PC for this Server The PC must be running the appropri ate Server software Prot...

Page 60: ...h to use is not listed on the Virtual Servers screen you can define and manage your own Servers Create a new Server 1 Click Clear Form 2 Enter the required data as described above 3 Click Add 4 The ne...

Page 61: ...s of the DNS Domain Name Servers here These DNS will be used only if the primary DNS is unavailable MTU MTU size MTU Maximum Transmission Unit value should only be changed if advised to do so by Techn...

Page 62: ...Logs Security Options Scheduling Services Admin Login The Admin Login screen allows you to assign a user name and password to XRT 811 Figure 38 Admin Login Screen 3 The default login name is admin Ch...

Page 63: ...Security Configuration 59 Figure 39 Password Dialog Enter the User Name and Password you set on the Admin Login screen above...

Page 64: ...up 7 Set the desired restrictions on the other groups Group 1 Group 2 Group 3 and Group 4 as needed 8 Assign PC to the groups as required Restrictions are imposed by blocking Services or types of conn...

Page 65: ...a group Block by Schedule If Internet access is being blocked you can choose to apply the blocking only during scheduled times If access is not blocked no Scheduling is possible and this setting has n...

Page 66: ...ed administrators only Firewall Rules Screen Click the Firewall Rules option on the Security menu to see a screen like the following example This example contains two 2 rules for outgoing traffic Sinc...

Page 67: ...section for more details Edit To Edit or modify an existing rule select it and click the Edit button Move There are 2 ways to change the order of rules Use the up and down indicators on the right to m...

Page 68: ...option Source IP These settings determine which traffic based on their source IP address is covered by this rule Select the desired option Any All traffic from the source port is covered by this rule...

Page 69: ...IP address and Finish IP address fields You can ignore the Subnet Mask field Subnet address If this option is selected enter the required mask in the Subnet Mask field Services Select the desired Serv...

Page 70: ...log Server Figure 43 Logs Screen Data Logs Screen Enable Logs DoS Attacks If enabled this log will show details of DoS Denial of Service attacks which have been blocked by the built in Firewall Intern...

Page 71: ...og is full The time is not fixed The log will be sent when the log is full which will depend on the volume of traf fic Every day Every Monday The log is sent on the interval specified If Every day is...

Page 72: ...u can not use it the service is unavailable This device uses Stateful Inspection technology This system can detect situations where individual TCP IP packets are valid but collectively they become a D...

Page 73: ...lowed If not checked IPSec connections are blocked Allow PPTP PPTP Point to Point Tunneling Protocol is widely used by VPN Virtual Private Networking programs If checked PPTP connections are allowed I...

Page 74: ...he time for a particular day is blank no action will be performed Define Schedule Screen This screen is accessed by the Scheduling link on the Security menu Figure 45 Define Schedule Screen Data Defin...

Page 75: ...Pre defined Services can not be deleted Add New Service Name Enter a descriptive name to identify this service Type Select the protocol TCP UDP ICMP used to the remote system or service Start Port For...

Page 76: ...T 811 User s Manual 72 Add Add a new entry to the Service list using the data shown in the Add New Service area on screen Cancel Clear the Add New Service area ready for entering data for a new Servic...

Page 77: ...PCs shown when you select the DMZ PC Virtual Server or Internet Application This database is maintained automati cally but you can add and delete entries for PCs which use a Fixed Static IP Address Pr...

Page 78: ...Clients are automatically added to the database and updated as required By default non Server versions of Windows act as DHCP Clients this setting is called Obtain an IP Address automatically XRT 811...

Page 79: ...connected or not powered On you will not be able to add it Buttons Add This will add the new PC to the list The PC will be sent a ping to determine its hardware address If the PC is not available not...

Page 80: ...ontrol than the standard PC Database screen Figure 48 PC Database Admin Data PC Database Admin Screen Known PCs This lists all current entries Data displayed is name IP Address type The type indicates...

Page 81: ...o have XRT 811 contact the PC and find its MAC address This is only possible if the PC is connected to the LAN and powered On MAC is Enter the MAC address on the PC The MAC address is also called the...

Page 82: ...There are 3 Logical Printers Ports named L1 L2 and L3 These names can not be changed and must be used when select ing the logical printer from your Unix system Pre string HEX Enter in HEX the series...

Page 83: ...re will prevent the use of a Web Virtual Server on your LAN See Advanced Internet Virtual Servers Current IP Address You must use this IP Address to connect see below This IP Address is allocated by y...

Page 84: ...he following Windows 2000 settings are correct Open Routing and Remote Access In the console tree select Routing and Remote Access server name IP Routing RIP In the Details pane right click the interf...

Page 85: ...e selected entry Properties Destination Network The network address of the remote LAN segment For standard class C LANs the network address is the first 3 fields of the Destination IP Address The 4th...

Page 86: ...the local LAN must be configured to use XRT 811 as the Default Route or Default Gateway Local Router The local router is the Router installed on the same LAN segment as XRT 811 This router requires th...

Page 87: ...Gateway IP Address 192 168 0 100 Broadband Router s local Router Metric 2 Entry 2 Segment 2 Destination IP Address 192 168 2 0 Network Mask 255 255 255 0 Standard Class C Gateway IP Address 192 168 0...

Page 88: ...igure 53 Upgrade Firmware Screen To perform the Firmware Upgrade 9 Click the Browse button and navigate to the location of the upgrade file 10 Select the upgrade file It s name will appear in the Upgr...

Page 89: ...then UPnP users can change the configuration If Disabled UPnP users can only view the configuration But currently this restriction only applies to users running Windows XP who access the Properties vi...

Page 90: ...o the Network Mask should be set to 255 255 255 0 to match XRT 811 In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol Internet Acces...

Page 91: ...an existing printer port installation 1 Open Start Settings Control Panel Add Remove Programs 2 Look for an entry with a name like Shared Port Shared Printer Port Print Server Driver or Print Server...

Page 92: ...Wizard until finished 5 When finished go to Control Panel Printers The printer icon will be grayed out indicating the printer is not ready 6 Right click the Printer and select Properties Then select t...

Page 93: ...elow 9 Click the Browse Device button select the desired Multi function Broadband Router and click OK 10 Click OK to return to the Printers folders and right click on the Printer Ensure that the Work...

Page 94: ...0 100 million bits per second Mbps IP Address and Network Subnet Mask IP stands for Internet Protocol An IP address consists of a series of four numbers separated by periods that identifies a single u...

Page 95: ...s from your ISP Port Network Clients LAN PC uses port numbers to distinguish one network applica tion protocol over another Below is a list of common applications and protocol port numbers Application...

Page 96: ...ta transmission over the Internet Both TCP and UDP are transport layer protocol TCP performs proper error detection and error recovery and thus is reliable UDP on the other hand is not reliable They b...

Page 97: ...tions may cause harmful interference to radio communica tions However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interfere...

Page 98: ...5 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference...

Reviews: