background image

C

ONFIGURING

 

THE

 BARRICADE

4-30

Firewall

The BARRICADE’s firewall inspects packets at the application layer, 
maintains TCP and UDP session information including time-outs and the 
number of active sessions, and provides the ability to detect and prevent 
certain types of network attacks.

Network attacks that deny access to a network device are called Denial-of-
Service (DoS) attacks. DoS attacks are aimed at devices and networks with 
a connection to the Internet. Their goal is not to steal information, but to 
disable a device or network so users no longer have access to network 
resources.

The BARRICADE protects against the following DoS attacks: IP 
Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, 
UDP port loopback, Snork Attack, TCP null scan, and TCP SYN flooding. 
(See “Intrusion Detection” on page 4-37 for details.)

The firewall does not significantly affect system performance, so we advise 
leaving it enabled to protect your network.

Enable

 the firewall feature, and click 

Save Settings 

to proceed.

Summary of Contents for barricade SMCWBR14-G2

Page 1: ......

Page 2: ......

Page 3: ......

Page 4: ......

Page 5: ...between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interfe...

Page 6: ...ial radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication To prevent radio interference to the licensed service this device is intended to be operated indoors and away from windows to provide maximum shielding Equipment or its transmit antenna that is installed outdoors is subject to licensing EC Dec...

Page 7: ...ccording to the channel limitations indoor outdoor restrictions and license requirements for each European Community country as described in this document This device may be operated indoors or outdoors in all countries of the European Community using the 2 4 GHz band Channels 1 13 Declaration of Conformity in Languages of the European Community English Hereby SMC Networks declares that this Radio...

Page 8: ...chtlinie 1999 5 EG befindet BMWi Hiermit erklärt SMC Networks die Übereinstimmung des Gerätes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999 5 EG Wien Greek Italian Con la presente SMC Networks dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999...

Page 9: ...ss 2 or level 3 external power adapter approved suitable for use in North American equipment installation having an output voltage rating of 9 V DC and output current rating of 1 0 A or equivalent The external AC adapter must be complied with the requirements of LPS Limited Power Sources Operating Voltage Cord Set Specifications 120 Volts UL Listed CSA Certified Cord Set Minimum 18 AWG Type SVT or...

Page 10: ...lten Sie es vom Strom netz trennen Somit wird im Falle einer Überspannung eine Beschädigung vermieden 12 Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen Dies könnte einen Brand bzw elektrischen Schlag auslösen 13 Öffnen sie niemals das Gerät Das Gerät darf aus Gründen der elektrischen Sicherheit nur von authorisiertem Servicepersonal geöffnet werden ...

Page 11: ...your LAN 2 7 Connect the Power Adapter 2 7 Application Example 2 8 3 Configuring The Client PC 3 1 TCP IP Configuration 3 2 Windows 2000 3 3 Obtain IP Settings From Your BARRICADE 3 5 Manual IP Configuration 3 7 Windows XP 3 9 Disable HTTP Proxy 3 14 Configuring Your Macintosh Computer 3 15 Disable HTTP Proxy 3 17 4 Configuring the BARRICADE 4 1 Navigating the Web Browser Interface 4 2 Making Conf...

Page 12: ...wall 4 30 Wireless 4 44 Advanced Settings 4 53 NAT 4 54 Maintenance 4 60 System 4 63 UPnP 4 68 DNS Domain Name Server 4 69 DDNS Dynamic DNS 4 70 Routing 4 71 A Troubleshooting A 1 B Cables B 1 Ethernet Cable B 1 Specifications B 1 Wiring Conventions B 1 RJ 45 Port Ethernet Connection B 2 Pin Assignments B 3 C Specifications C 1 ...

Page 13: ...cting your local area network LAN to the Internet For those who want to surf the Internet in the most secure way this router provides a convenient and powerful solution About the BARRICADE The BARRICADE provides Internet access to multiple users by sharing a single user account This new technology provides many secure and cost effective functions It is simple to configure and can be up and running...

Page 14: ...T NAT also enables multi user Internet access via a single user account and virtual server functionality providing protected access to Internet services such as web FTP email and Telnet VPN pass through IPSec ESP Tunnel mode L2TP PPTP User definable application sensing tunnel supports applications requiring multiple connections Easy setup through a web browser on any operating system that supports...

Page 15: ... your computer Shared IP Address The BARRICADE provides Internet access for up to 253 users via a single shared IP address Using only one ISP account multiple users on your network can browse the web at the same time Virtual Server If you have a fixed IP address you can set the BARRICADE to act as a virtual host for network address translation Remote users access various services at your site usin...

Page 16: ...an and TCP SYN flooding WPA WPA2 WEP SSID and MAC filtering provide security over the wireless network Virtual Private Network VPN Pass through The BARRICADE supports three of the most commonly used VPN protocols PPTP L2TP and IPSec The VPN protocols supported by the BARRICADE are briefly described below Point to Point Tunneling Protocol Provides a secure tunnel for remote client access to a PPTP ...

Page 17: ...fer to Configuring the BARRICADE on page 4 1 Package Contents After unpacking the BARRICADE check the contents of the box to be sure you have received the following components BARRICADE 54Mbps g Wireless Broadband Router SMCWBR14 G2 Power adapter One CAT 5 Ethernet cable RJ 45 One documentation CD Quick Install Guide Immediately inform your dealer in the event of any incorrect missing or damaged p...

Page 18: ... to a local area network using the Fast Ethernet LAN port Access speed to the Internet depends on your service type Full rate ADSL provides up to 8 Mbps downstream and 1 Mbps upstream G lite or splitterless ADSL provides up to 1 5 Mbps downstream and 512 kbps upstream However you should note that the actual rate provided by specific service providers may vary dramatically from these upper limits D...

Page 19: ...On The BARRICADE is receiving power Normal operation Off Power off or failure WLAN On WLAN link Flashing The BARRICADE is sending or receiving data via WLAN Off No WLAN link PPPoE DSL On PPPoE DSL connection is functioning correctly Flashing The BARRICADE is sending or receiving data via PPPoE DSL link Off PPPoE DSL connection is not established WAN On WAN link Off No WAN link ...

Page 20: ...Ethernet link Item Description WAN Port Connect your WAN line to this port RJ 45 LAN Ports Fast Ethernet ports RJ 45 Connect devices on your local area network to these ports i e a PC hub switch or IP set top box Power Inlet Connect the included power adapter to this inlet Warning Using the wrong type of power adapter may cause damage Antenna Antenna is connected here LED Status Description ...

Page 21: ...only Connect the System Desktop Installation The BARRICADE can be positioned on any convenient flat surface in your office or home No special wiring or cooling requirements are needed You should however comply with the following guidelines Keep the BARRICADE away from any heating devices Do not place the BARRICADE in a dusty or wet environment You should also remember to turn off the power remove ...

Page 22: ... for the BARRICADE Note It should be accessible for installing cabling and maintaining the device 2 Measure the distance of the two wall mount holes 3 Drill two holes into the wall 4 Insert a screw into each hole Note Leave 5 mm exposed of the screw head 5 Attach the BARRICADE to the wall with two wall mount slots and then slide the device down until the screws fit firmly into the slots of the dev...

Page 23: ...d use only twisted pair cables with RJ 45 connectors that conform with FCC standards Notes 1 Use 100 ohm shielded or unshielded twisted pair cable with RJ 45 connectors for all Ethernet ports Use Category 3 4 or 5 for connections that operate at 10 Mbps and Category 5 for connections that operate at 100 Mbps 2 Make sure each twisted pair cable length does not exceed 100 meters 328 feet Connect the...

Page 24: ...INSTALLATION 2 8 Application Example The following diagram shows a typical network application ...

Page 25: ... configure your computer to connect to the BARRICADE You can either configure your computer to automatically obtain IP settings DHCP or manually configure IP address settings Static IP Depending on your operating system see Windows 2000 on page 3 3 Windows XP on page 3 9 or Configuring Your Macintosh Computer on page 3 15 ...

Page 26: ...DE The default network settings for the BARRICADE are IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Note These settings can be changed to fit your network requirements but you must first configure at least one computer to access the BARRICADE s web configuration interface in order to make the required changes See Configuring the BARRICADE on page 4 1 for instructions on configuring the BARRICAD...

Page 27: ...ows 2000 DHCP IP Configuration 1 On the Windows desktop click Start Settings Network and Dial Up Connections 2 Click the icon that corresponds to the connection to your BARRICADE 3 The connection status screen will open Click Properties ...

Page 28: ...uble click Internet Protocol TCP IP 5 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK ...

Page 29: ...E it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your BARRICADE you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCONFIG RELEASE and press the Enter key ...

Page 30: ...er key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning correctly 4 Type EXIT and press the Enter key to close the Command Prompt window ...

Page 31: ...DNS server addresses 4 Enter the IP address for the BARRICADE in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes 5 Record the configured information in the following table TCP IP Configuration Setting IP Address ____ ____ ____...

Page 32: ... the proxy in Internet Explorer click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below 2 In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box is not ti...

Page 33: ...tart Control Panel 2 In the Control Panel window click Network and Internet Connections 3 The Network Connections window will open Locate and double click the Local Area Connection icon for the Ethernet adapter that is connected to the BARRICADE 4 In the connection status screen click Properties ...

Page 34: ...ouble click Internet Protocol TCP IP 6 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK ...

Page 35: ...E it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your BARRICADE you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCONFIG RELEASE and press the Enter key ...

Page 36: ...ress is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning correctly 4 Type EXIT and press the Enter key to close the Command Prompt window Your computer is now configured to connect to the BARRICADE ...

Page 37: ... DNS server addresses 5 Enter the IP address for the BARRICADE in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes 6 Record the configured information in the following table TCP IP Configuration Setting IP Address ____ ____ ___...

Page 38: ...e the proxy in Internet Explorer click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below 2 In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box is not t...

Page 39: ...y match your operating system This is because these steps and screen shots were created using Mac OS 10 2 Mac OS 7 x and above are similar but may not be identical to Mac OS 10 2 Follow these instructions 1 Pull down the Apple Menu Click System Preferences 2 Double click the Network icon in the Systems Preferences window ...

Page 40: ...r DHCP If not select this option 4 Your new settings are shown in the TCP IP tab Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your BARRICADE is functioning 5 Close the Network window Now your computer is configured to connect to the BARRICADE ...

Page 41: ...is is so that your browser can view the BARRICADE s HTML configuration pages The following steps are for Internet Explorer Internet Explorer 1 Open Internet Explorer and click the Stop button Click Explorer Preferences 2 In the Internet Explorer Preferences window under Network select Proxies 3 Uncheck all check boxes and click OK ...

Page 42: ...CONFIGURING YOUR MACINTOSH COMPUTER 3 18 ...

Page 43: ...y any Java supported browser such as Internet Explorer 5 5 or above Using the web management interface you can configure the BARRICADE and view statistics to monitor network activity To access the BARRICADE s management interface enter the IP address of the BARRICADE in your web browser http 192 168 2 1 The BARRICADE automatically switches to Port 80 for management access ...

Page 44: ...of your Internet connection and basic LAN settings Go to Setup Wizard on page 4 5 Home Network Settings Use the Home Network Settings section to configure your LAN WAN and wireless settings Go to Home Network Settings on page 4 14 Security In this section you can easily configure your wireless security settings Go to Security on page 4 29 Advanced Settings Advanced Settings supports more advanced ...

Page 45: ... to click the Apply or Save Settings or NEXT button at the bottom of the page to enable the new setting Note To ensure proper screen refresh after a command entry be sure that Internet Explorer 5 5 is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for Check for newer versions of stored pages should be Every visit to the page ...

Page 46: ...CONFIGURING THE BARRICADE 4 4 Login Screen The Login screen automatically appears first Enter the default password smcadmin and then click LOGIN Note Your password is case sensitive ...

Page 47: ...d The Setup Wizard automatically appears by clicking on the Setup Wizard button of the left hand menu The first item in the Setup Wizard is Getting Started Simply click NEXT to proceed to the following screen and configure your Wireless Settings ...

Page 48: ...ion Wireless Network Name SSID The Service Set ID SSID is the name of your wireless network The SSID must be the same on the BARRICADE and all of its wireless clients Default SMC Broadcast Wireless Network Name Enable or disable the broadcasting of the SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature...

Page 49: ...unicate with each other This channel must be the same on the BARRICADE and all of its wireless clients The BARRICADE will automatically assign itself a radio channel or you may select one manually Default channel 6 Extend Range Increases the range of the BARRICADE Default Disable Parameter Description ...

Page 50: ...rnet Settings Specify the WAN connection type required by your Internet Service Provider Specify Cable modem Fixed IP xDSL PPPoE xDSL PPTP or BigPond Select your connection type to proceed Click BACK to go back and change your settings ...

Page 51: ...ZARD 4 9 Cable Modem Settings If the ISP requires you to input a Host Name type it in the Host Name field The MAC Address field will be filled automatically Click NEXT to proceed or BACK to change your settings ...

Page 52: ...HE BARRICADE 4 10 ADSL Settings Fixed IP xDSL Enter the IP address Subnet Mask and Gateway IP address provided to you by your ISP in the appropriate fields below Click NEXT to proceed or BACK to change your settings ...

Page 53: ...Internet connection After this time has been exceeded the connection will be terminated Check Keep session to keep the session alive Check the Auto connect check box to automatically re establish the connection as soon as you attempt to access the Internet again Check the Manual connect check box to manually re establish the connection Click NEXT to proceed or BACK to change your settings Note Cli...

Page 54: ...e Internet is maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Time Out to one minute After the Idle Time Out has expired set the action you wish the BARRICADE to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep the session alive Click NEXT to p...

Page 55: ...ngs BigPond If you use the BigPond Internet Service which is available in Australia enter the the User Name Password and Authentication Service Name for BigPond authentication Click NEXT to proceed or BACK to change your settings ...

Page 56: ...rovides WAN connection type and status firmware and hardware version numbers system IP settings as well as DHCP NAT and firewall information Displays the number of attached clients the firmware versions the physical MAC address for each media interface and the hardware version and serial number Shows the security and DHCP client log LAN Settings Sets the TCP IP configuration for the BARRICADE LAN ...

Page 57: ...K SETTINGS 4 15 Status The Status screen displays WAN LAN connection status firmware and hardware version numbers as well as information on DHCP clients connected to your network You can also view the Security Log ...

Page 58: ...plays system IP settings as well as DHCP Server Firewall UPnP and Wireless status INFORMATION Displays the number of attached clients the firmware versions the physical MAC address for each media interface and for the BARRICADE as well as the hardware version and serial number DHCP Client Log Displays information on DHCP clients on your network Security Log Displays illegal attempts to access your...

Page 59: ...N Settings parameters are listed below Parameter Description Wireless Router IP Address IP Address The IP address of the BARRICADE IP Subnet Mask The IP subnet mask DHCP Server DHCP Server DHCP allows individual computers to obtain the TCP IP configuration at startup from a centralized DHCP server To dynamically assign an IP address to a client PC enable the DHCP Dynamic Host Configuration Protoco...

Page 60: ...IP address pool Domain Name The domain name is the name you assign to your network Lease Time The length of time the DHCP server will reserve the IP address for each computer Setting lease times for shorter intervals such as one day or one hour frees IP addresses after the specified period of time This also means that a particular computer s IP address may change over time If you have set any adva...

Page 61: ...NGS 4 19 WAN Settings Specify the WAN connection type required by your Internet Service Provider Specify Dynamic IP Address PPPoE PPTP Static IP Address or BigPond Select the connection type and click More Configuration ...

Page 62: ...can use the Clone MAC Address button to copy the MAC address of the Network Interface Card NIC installed in your PC to replace the WAN MAC address If necessary you can use the Renew button on the Status page to renew the WAN IP address Note Make sure you record the MAC address that you clone so that if you lose your settings you will be able to re connect to the Internet Click Save Settings to pro...

Page 63: ... Time in minutes to define a maximum period of time for which the Internet connection is maintained during inactivity If the connection is inactive for longer than the Maximum Idle Time then it will be dropped You can enable the Auto reconnect option to automatically re establish the connection as soon as you attempt to access the Internet again Click Save Settings to proceed or Cancel to change y...

Page 64: ...me for which the connection to the Internet is maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Time Out to one minute After the Idle Time Out has expired set the action you wish the BARRICADE to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep ...

Page 65: ...GS 4 23 Static IP If your Service Provider has assigned a fixed IP address enter the assigned IP address subnet mask and the gateway address on this screen Click Save Settings to proceed or Cancel to change your settings ...

Page 66: ...a service provider in Australia that uses a heartbeat system to maintain the Internet connection Configure the built in client with your user name password and service name to get on line Click Save Settings to proceed or Cancel to change your settings ...

Page 67: ...Service Set Identifier SSID and channel number It supports data encryption and client filtering To use the wireless feature check the Enable check box and click Save Settings After clicking Save Settings you will be asked to log in again See Security on page 4 29 for details on how to configure wireless security ...

Page 68: ...tion Wireless Network Name SSID The Service Set ID SSID is the name of your wireless network The SSID must be the same on the BARRICADE and all of its wireless clients Default SMC Broadcast Wireless Network Name Enable or disable the broadcasting of the SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery featur...

Page 69: ...ts to communicate with each other This channel must be the same on the BARRICADE and all of its wireless clients The BARRICADE will automatically assign itself a radio channel or you may select one manually Default 6 Extend Range Extends the range of the BARRICADE Default Disable Parameter Description ...

Page 70: ...The Service Set ID SSID is the name of your wireless network The SSID must be the same on the BARRICADE and all of its wireless clients Channel This device supports the following modes 11g only 11b only and 11b g mixed mode MAC Address The media access control address MAC address is a unique identifier attached to each wireless base station Security Displays the security mechanism in use Enable WD...

Page 71: ...enial of Service DoS attacks when activated Its purpose is to allow a private local area network LAN to be securely connected to the Internet The second menu item is Wireless This section allows you to configure wireless security settings according to your environment and the privacy level required To configure your firewall settings click Firewall in the left hand menu ...

Page 72: ...devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The BARRICADE protects against the following DoS attacks IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding See Intrusion Detection o...

Page 73: ... local clients based on rules You may filter Internet access for local clients based on rules Each access control rule may be activated at a scheduled time First define the schedule on the Schedule Rule page then apply the rule on the Access Control page To add a new rule click Add Schedule Rule Proceed to the following page ...

Page 74: ...32 Edit Schedule Rule 1 Define the appropriate settings for a schedule rule as shown on the following screen 2 Upon completion click OK to save your schedule rules and then click Save Settings to make your settings to take effect ...

Page 75: ... the BARRICADE to enter up to 32 MAC addresses that are not allowed access to the WAN port 1 Click Add PC on the Access Control screen 2 Define the appropriate settings for client PC services as shown on the following screen 3 Click OK and then click Apply to save your settings The following items are displayed on the Access Control screen Parameter Description Enable Filtering Function Enables or...

Page 76: ...u can set this function to Always Blocking or to whatever schedule you have defined in the Schedule Rule screen Click OK to save your settings The added PC will now appear in the Access Control page For the URL keyword blocking function you will need to configure the URL address or blocked keyword on the Parental Control page first Click Parental Control to add to the list of disallowed URL s and ...

Page 77: ...imit the access of hosts within the local area network LAN The MAC Filtering Table allows the BARRICADE to enter up to 32 MAC addresses that are allowed access to the WAN port All other devices will be denied access By default this feature is disabled Click Save Settings to proceed or Cancel to change your settings ...

Page 78: ...ify the web sites www somesite com and or keywords you want to block on your network To complete this configuration you will need to create or modify an access rule in Access Control Add PC on page 4 34 To modify an existing rule click the Edit option next to the rule you want to modify To create a new rule click on the Add PC option From the Access Control Add PC section check the option for WWW ...

Page 79: ...wall inspects packets at the application layer maintains TCP and UDP session information including timeouts and number of active sessions and provides the ability to detect and prevent certain types of network attacks such as Denial of Service DoS attacks ...

Page 80: ...rk so users no longer have access to network resources The BARRICADE protects against DoS attacks including Ping of Death Ping flood attack SYN flood attack IP fragment attack Teardrop Attack Brute force attack Land Attack IP Spoofing attack IP with zero length TCP null scan Port Scan Attack UDP port loopback Snork Attack Note The firewall does not significantly affect system performance so we adv...

Page 81: ... SPI feature is turned on all incoming packets are blocked except those types marked with a check in the SPI section at the top of the screen RIP Defect Disabled If the router does not reply to an IPX RIP request packet it will stay in the input queue and not be released Accumulated packets could cause the input queue to fill causing severe problems for all protocols Enabling this feature prevents...

Page 82: ... and are taking place only with sources that are known and trusted from previous interactions In addition to being more rigorous in their inspection of packets stateful inspection firewalls also close off ports until a connection to the specific port is requested When particular types of traffic are checked only the particular type of traffic initiated from the internal LAN will be allowed For exa...

Page 83: ...o activity UDP session idle timeout 30 secs The length of time for which a UDP session will be managed if there is no activity DoS Detect Criteria Total incomplete TCP UDP sessions HIGH 300 sessions Defines the rate of new unestablished sessions that will cause the software to start deleting half open sessions Total incomplete TCP UDP sessions LOW 250 sessions Defines the rate of new unestablished...

Page 84: ...plete TCP UDP session is detected as incomplete Maximum half open fragmentation packet number from same host 30 sessions Maximum number of half open fragmentation packets from the same host Half open fragmentation detect sensitive time period 1 sec Length of time before a half open fragmentation session is detected as half open Flooding cracker block time 300 secs Length of time from detecting a f...

Page 85: ...y from behind the firewall you can open the client up to unrestricted two way Internet access Enter the IP address of a DMZ Demilitarized Zone host on this screen Adding a client to the DMZ may expose your local network to a variety of security risks so only use this option as a last resort ...

Page 86: ... roaming clients by setting the Service Set Identifier SSID and channel number It supports data encryption and client filtering To use the wireless feature check the Enable check box and click Save Settings To begin configuring your wireless security settings click Wireless Encryption ...

Page 87: ...el to change your settings Parameter Description No WEP No WPA WPA2 Disables all wireless security To make it easier to set up your wireless network we recommend enabling this setting initially By default wireless security is disabled WEP Only Once you have your wireless network in place the minimum security we recommend is to enable the legacy security standard Wired Equivalent Privacy WEP See WE...

Page 88: ...etwork you can specify that only certain wireless clients can connect to the BARRICADE Up to 32 MAC addresses can be added to the MAC Filtering Table When enabled all registered MAC addresses are controlled by the Access Rule By default this MAC filtering feature is disabled ...

Page 89: ... 128 bit key to use for encryption Key Entry Method Select hexadecimal Hex or ASCII for the key entry method Key Provisioning Select Static if there is only one fixed key for encryption If you want to select Dynamic you need to enable 802 1X function first Default Key ID Choose which key to use as default Passphrase Check the Passphrase check box to generate a key automatically Key 1 4 The BARRICA...

Page 90: ...n consist of up to 63 alphanumeric characters Hexadecimal Keys A hexadecimal key is a mixture of numbers and letters from A F and 0 9 64 bit keys are 10 digits long and can be divided into five two digit numbers 128 bit keys are 26 digits long and can be divided into 13 two digit numbers ASCII Keys There are 95 printable ASCII characters 0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ _ abcdefghijklmnopqrst...

Page 91: ...patch from Microsoft is available for free download for XP only Parameter Description Cipher Suite The security mechanism used in WPA for encryption Select TKIP AES WPA WPA2 or AES WPA2 Only Authentication Select 802 1X or Pre shared Key for the authentication method 802 1X for the enterprise network with a RADIUS server Pre shared key for the SOHO network environment without an authentication ser...

Page 92: ...otocol EAP authentication or pre shared key PSK technology The passphrase can consist of up to 32 alphanumeric characters WPA2 Launched in September 2004 by the Wi Fi Alliance WPA2 is the certified interoperable version of the full IEEE 802 11i specification which was ratified in June 2004 Like WPA WPA2 supports IEEE 802 1X EAP authentication or PSK technology It also includes a new advanced encry...

Page 93: ...ime in seconds that a session will sit inactive before terminating Set to 0 if you do not want the session to timeout Default 300 seconds Re Authentication Period The interval time in seconds after which the client will be asked to re authenticate For example if you set this to 30 seconds the client will have to re authenticate every 30 seconds Set to 0 for no re authentication Default 3600 second...

Page 94: ...the wired and wireless LAN media and supports multiple authentication methods such as token cards Kerberos one time passwords certificates and public key authentication Click Save Settings to proceed or Cancel to change your settings Server Port Set the connection port that is configured on the radius server Secret Key The 802 1X secret key used to configure the BARRICADE NAS ID Defines the reques...

Page 95: ...users sets up virtual servers Maintenance Allows you to backup restore reset and upgrade the BARRICADE s firmware System Sets the local time zone the password for administrator access the IP address of a PC that will be allowed to manage the BARRICADE remotely and the IP address of a Syslog Server UPnP Universal Plug and Play UPnP allows for simple and robust connectivity between external devices ...

Page 96: ...is process allows all of the computers on your home network to use one IP address Using the NAT capability of the BARRICADE you can access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP To use the NAT feature check the Enable radio button and click Save Settings ...

Page 97: ...to one or more addresses used in the public global Internet This feature limits the number of public IP addresses required from the ISP and also maintains the privacy and security of the local network We allow one public IP address to be mapped to a pool of local addresses Click Save Settings to proceed or Cancel to change your settings ...

Page 98: ...ort number the BARRICADE redirects the external service request to the appropriate server located at another internal IP address For example if you set Type Public Port to TCP 80 HTTP or web and the Private IP Port to 192 168 2 2 80 then all HTTP requests from outside users will be transferred to 192 168 2 2 on port 80 Therefore by just entering the IP address provided by the ISP Internet users ca...

Page 99: ...uire multiple connections use the following screen to specify the additional public ports to be opened for each application Click the List of well known special applications link for more information Specify the public port number normally associated with an application in the Trigger Port field Set the protocol type to TCP or UDP then enter the ports that the application requires The ports may be...

Page 100: ...r Applications field From the drop down list choose the application and then choose a row number to copy this data into Note Choosing a row that already contains data will overwrite the current settings For a full list of ports and the services that run on them see www iana org assignments port numbers ...

Page 101: ...resh button is provided to refresh the NAT Mapping Table with the most updated values The content of the NAT Mapping Table is described as follows Protocol protocol of the flow Local IP local LAN host s IP address for the flow Local Port local LAN host s port number for the flow Pseudo IP translated IP address for the flow Pseudo Port translated port number for the flow Peer IP remote WAN host s I...

Page 102: ...eless Router Configuration and click NEXT to save your BARRICADE s configuration to a file named config bin on your PC You can then check the Restore from saved Configuration file SMCWBR14 G2_backup bin radio button and click NEXT to restore the saved backup configuration file To restore the factory settings check Restore Wireless Router to Factory Defaults and click NEXT You will be asked to conf...

Page 103: ...smc com to find the latest firmware Download the firmware to your hard drive first Click Browse to locate the saved file After locating the new firmware file click BEGIN UPGRADE Follow the instructions to complete the upgrade After restarting check the Status page to make sure the device is running the new code ...

Page 104: ... The configurations that you have set previously will not be changed back to the factory default settings Note You may also use the reset button on the bottom of the BARRICADE to perform a reset Push for one second to perform a reboot All of your settings will remain upon restarting Push for six seconds to return the BARRICADE to factory default settings ...

Page 105: ...r for the BARRICADE This information is used for log entries and client access control Set Time Zone Select your time zone from the drop down list Enable Daylight Savings Check Enable Daylight Savings and set the start and end dates if your area requires daylight savings Set Date and Time Manually For manually setting the date and time configure the date and time by selecting the options from the ...

Page 106: ...Automatic Time Server Maintenance to automatically maintain the BARRICADE s system time by synchronizing with a public time server over the Internet Configure Time Server NTP Configure two different time servers by selecting the options in the Primary Server and Secondary Server fields ...

Page 107: ...er interface press the Reset button on the bottom panel holding it down for at least six seconds to restore the factory defaults The default password is smcadmin Enter a maximum Idle Time Out in minutes to define a maximum period of time an inactive login session will be maintained If the connection is inactive for longer than the maximum idle time it will be logged out and you will have to log in...

Page 108: ...a remote computer on this screen Check the Enabled check box and enter the IP address of the remote host and click Save Settings Note If you check Enabled and specify an IP address of 0 0 0 0 any host can manage the BARRICADE For remote management via WAN IP address you need to connect using port 8080 Simply enter WAN IP address followed by 8080 in the address field of your web browser for example...

Page 109: ... downloads the BARRICADE log file to the server with the IP address specified on this screen Syslog servers offer the possibility to capture the live logs of the router on a PC There are many shareware syslogs servers available on the web Default Disabled ...

Page 110: ...d wireless devices UPnP architecture leverages TCP IP and the web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home office and everywhere in between Click Enable to turn on the Universal Plug and Play function of the BARRICADE This function allows the device to automatically and dynamically join a network Click Save Settings to pro...

Page 111: ...erver Domain Name Servers are used to map a domain name e g www somesite com to the equivalent numerical IP address e g 64 147 25 20 Your ISP should provide the IP address of one or more Domain Name Servers Enter those addresses on this page ...

Page 112: ... address changes Default Disabled The DDNS service dynamically updates DNS information to a static hostname provided by the DDNS service provider as clients IP addresses change Note Please visit the web sites of the DDNS providers for details For using DDNS click on the enable radio button select the DDNS Service type and then enter the Domain Name Account E mail address and Password Key DDNS Serv...

Page 113: ... the list Click Save Settings to save the configuration Parameter Description Index Index number of the route Network Address Enter the IP address of the remote computer for which to set a static route Subnet Mask Enter the subnet mask of the remote network for which to set a static route Gateway Enter the WAN IP address of the gateway to the remote network Configure Allows you to edit existing ro...

Page 114: ...nclude sub network information from all subnetworks connected to the router If enabled this sub network information will be summarized to one piece of information covering all subnetworks Table of current Interface RIP parameter Interface The WAN interface to be configured Operation Mode Disable RIP disabled on this interface Enable RIP enabled on this interface Silent Listens for route broadcasts...

Page 115: ... Cancel to change your settings Version Sets the RIP Routing Information Protocol version to use on this interface Poison Reverse A method for preventing loops that would cause endless retransmission of data traffic Authentication Required None No authentication Password A password authentication key is included in the packet If this does not match what is expected the packet will be discarded Thi...

Page 116: ... a template that identifies the address bits in the destination address used for routing to specific subnets Each bit that corresponds to a 1 is part of the subnet mask number each bit that corresponds to 0 is part of the host number Gateway The IP address of the router at the next hop to which frames are forwarded Interface The local interface through which the next hop of this route is reached M...

Page 117: ...ween the BARRICADE the external power supply and the wall outlet If the power indicator does not turn on when the power cord is plugged in you may have a problem with the power outlet power cord or external power supply However if the unit powers off after running for a while check for loose power connections power losses or surges at the power outlet If you still cannot isolate the problem then t...

Page 118: ...e any defective adapter or cable if necessary Network Connection Problems Cannot ping the BARRICADE from the attached LAN or the BARRICADE cannot ping any device on the attached LAN Verify that the IP addresses are properly configured For most applications you should use the BARRICADE s DHCP function to dynamically assign IP addresses to hosts on the attached LAN However if you manually configure ...

Page 119: ... Check that you have a valid network connection to the BARRICADE and that the port you are using has not been disabled Check the network cabling between the management station and the BARRICADE Forgot or lost the password Press the Reset button on the bottom panel holding it down for at least six seconds to restore the factory defaults Troubleshooting Chart Symptom Action ...

Page 120: ...e angle of the antenna There may be interference possibly caused by microwave ovens or wireless phones Change the location of the possible sources of interference or change the location of the BARRICADE Change the wireless channel on the BARRICADE See Channel and SSID on page 4 26 Check that the antenna connectors and cabling are firmly connected The BARRICADE cannot be detected by a wireless clie...

Page 121: ...ntions For Ethernet connections a twisted pair cable must have two pairs of wires Each wire pair is identified by two different colors For example one wire might be red and the other red with white stripes Also an RJ 45 connector must be attached to both ends of the cable Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat...

Page 122: ...entation when attaching the wires to the pins Figure B 1 RJ 45 Ethernet Connector Pin Numbers RJ 45 Port Ethernet Connection Use the straight through CAT 5 Ethernet cable provided in the package to connect the BARRICADE to your PC When connecting to other network devices such as an Ethernet switch use the cable type shown in the following table Attached Device Port Type Connecting Cable Type MDI X...

Page 123: ...a Straight Through Wiring If the port on the attached device has internal crossover wiring MDI X then use straight through cable RJ 45 Pin Assignments Pin Number Assignment 1 Tx 2 Tx 3 Rx 6 Rx The and signs represent the polarity of the wires that make up each wire pair Straight Through Cable Pin Assignments End 1 End 2 1 Tx 1 Tx 2 Tx 2 Tx 3 Rx 3 Rx 6 Rx 6 Rx ...

Page 124: ...CABLES B 4 Crossover Wiring If the port on the attached device has straight through wiring MDI use crossover cable Crossover Cable Pin Assignments End 1 End 2 1 Tx 3 Rx 2 Tx 6 Rx 3 Rx 1 Tx 6 Rx 2 Tx ...

Page 125: ...00 BASE TX ports Auto negotiates the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet and the transmission mode to half duplex or full duplex WAN Interface 1 ADSL RJ 45 port Indicator Panel LAN 1 4 WLAN PPPoE DSL WAN Power Dimensions 124 18 x 115 93 x 33 51 mm 4 89 x 4 56 x 1 32 in Weight 0 175 kg 0 469 lbs Input Power 9 V 1 A DVE EU DV 91AUP US DV 91A Leader EU 48090100 C5 US 480910...

Page 126: ...83 TFTP RFC 1483 AAL5 Encapsulation RFC 1661 PPP RFC 1866 HTML RFC 2068 HTTP RFC 2364 PPP over ATM Radio Features Wireless RF module Frequency Band 802 11g Radio 2 4GHz 802 11b Radio 2 4GHz USA FCC 2412 2462MHz Ch1 Ch11 Canada IC 2412 2462MHz Ch1 Ch11 Europe ETSI 2412 2472MHz Ch1 Ch13 Japan STD T66 STD 33 2412 2484MHz Ch1 Ch14 Modulation Type OFDM CCK Operating Channels IEEE 802 11b Compliant 11 c...

Page 127: ...er dBm 802 11g 6Mbps 16 802 11g 9Mbps 16 802 11g 12Mbps 16 802 11g 18Mbps 16 802 11g 24Mbps 16 802 11g 36Mbps 16 802 11g 48Mbps 14 802 11g 54Mbps 12 Standards Compliance Environmental CE Mark Temperature Operating 0 to 40 C 32 to 104 F Storage 40 to 70 C 40 to 158 F Humidity 5 to 95 non condensing Vibration IEC 68 2 36 IEC 68 2 6 Shock IEC 68 2 29 Drop IEC 68 2 32 ...

Page 128: ...SPECIFICATIONS C 4 ...

Page 129: ......

Page 130: ......

Reviews: