background image

S

ECURITY

4-39

Password

Enter your email account password.

Connection Policy

Fragmentation 

half-open wait

10 secs

Configures the number of seconds that a packet 

state structure remains active. When the timeout 

value expires, the router drops the unassembled 

packet, freeing that structure for use by another 

packet. 

TCP SYN wait

30 secs

Defines how long the software will wait for a TCP 

session to reach an established state before 

dropping the session. 

TCP FIN wait

5 secs

Specifies how long a TCP session will be managed 

after the firewall detects a FIN-exchange. 

TCP connection 

idle timeout

3600 secs 

(1 hour)

The length of time for which a TCP session will be 

managed if there is no activity. 

UDP session idle 

timeout

30 secs

The length of time for which a UDP session will 

be managed if there is no activity.

DoS Detect Criteria

Total incomplete 

TCP/UDP 

sessions HIGH

300 

sessions

Defines the rate of new unestablished sessions that 

will cause the software to 

start

 deleting half-open 

sessions.

Total incomplete 

TCP/UDP 

sessions LOW

250 

sessions

Defines the rate of new unestablished sessions that 

will cause the software to 

stop

 deleting half-open 

sessions.

Incomplete 

TCP/UDP 

sessions (per min.) 

HIGH

250 

sessions

Maximum number of allowed incomplete 

TCP/UDP sessions per minute.

Incomplete 

TCP/UDP 

sessions (per min.) 

LOW

200 

sessions

Minimum number of allowed incomplete 

TCP/UDP sessions per minute.

Maximum 

incomplete 

TCP/UDP 

sessions number 

from same host

10 

sessions

Maximum number of incomplete TCP/UDP 

sessions from the same host. 

Parameter

Defaults Description

Summary of Contents for Barricade SMCWBR14T-G

Page 1: ......

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 Wireless Broadband Router From SMC s line of award winning connectivity solutions May 2005 R01 F W 1 00 149100019300J ...

Page 4: ...rties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of our company We reserve the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks Product and company names are trademarks or registered trademarks of their respective holders ...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...he separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must acce...

Page 8: ...l radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication To prevent radio interference to the licensed service this device is intended to be operated indoors and away from windows to provide maximum shielding Equipment or its transmit antenna that is installed outdoors is subject to licensing EC Decla...

Page 9: ... that the user or installer properly enter the current country of operation in the command line interface as described in the user guide before operating this device This device will automatically limit the allowable channels determined by the current country of operation Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other syste...

Page 10: ...999 5 EC French Par la présente SMC Networks déclare que l appareil Radio LAN device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Swedish Härmed intygar SMC Networks att denna Radio LAN device står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999 5 EG Danish Undertegnede SMC...

Page 11: ...nte SMC Networks dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Spanish Por medio de la presente SMC Networks declara que el Radio LAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE Portuguese SMC Networks declara que es...

Page 12: ...llten Sie es vom Stromnetz trennen Somit wird im Falle einer Überspannung eine Bes chädigung vermieden 12 Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen Dies könnte einen Brand bzw elektrischen Schlag auslösen 13 Öffnen sie niemals das Gerät Das Gerät darf aus Gründen der elektrischen Sicherheit nur von authorisiertem Servicepersonal geöffnet werden...

Page 13: ...de to your LAN 2 8 Connect the Power Adapter 2 9 3 Configuring The Client PC 3 1 TCP IP Configuration 3 2 Windows 2000 3 3 Obtain IP Settings From Your Barricade 3 5 Manual IP Configuration 3 7 Windows XP 3 9 Disable HTTP Proxy 3 14 Configuring Your Macintosh Computer 3 15 Disable HTTP Proxy 3 17 4 Configuring the Barricade 4 1 Navigating the Web Browser Interface 4 2 Making Configuration Changes ...

Page 14: ...P 4 23 Wireless 4 24 Channel and SSID 4 25 WDS 4 26 Security 4 27 Firewall 4 28 Schedule Rule 4 29 Edit Schedule Rule 4 30 Access Control 4 31 Access Control Add PC 4 32 MAC Filter 4 33 Parental Control 4 34 Intrusion Detection 4 35 DMZ 4 41 Wireless 4 42 Wireless Encryption 4 43 Access Control 4 44 WEP 4 45 WPA WPA2 4 47 802 1X 4 49 Advanced Settings 4 51 NAT 4 52 Address Mapping 4 53 Virtual Ser...

Page 15: ... 61 Password Settings 4 62 Remote Management 4 63 SNMP 4 64 Community 4 64 Trap 4 65 UPnP 4 66 Routing 4 67 Static Route 4 67 RIP 4 68 Routing Table 4 70 A Troubleshooting A 1 B Cables B 1 Ethernet Cable B 1 Specifications B 1 Wiring Conventions B 1 RJ 45 Port Ethernet Connection B 2 Pin Assignments B 3 C Specifications C 1 ...

Page 16: ...TABLE OF CONTENTS xii ...

Page 17: ...rea network LAN to the Internet For those who want to surf the Internet in the most secure way this router provides a convenient and powerful solution About the Barricade The Barricade provides Internet access to multiple users by sharing a single user account This new technology provides many secure and cost effective functions It is simple to configure and can be up and running in minutes ...

Page 18: ...T NAT also enables multi user Internet access via a single user account and virtual server functionality providing protected access to Internet services such as web FTP email and Telnet VPN pass through IPSec ESP Tunnel mode L2TP PPTP User definable application sensing tunnel supports applications requiring multiple connections Easy setup through a web browser on any operating system that supports...

Page 19: ... your computer Shared IP Address The Barricade provides Internet access for up to 253 users via a single shared IP address Using only one ISP account multiple users on your network can browse the web at the same time Virtual Server If you have a fixed IP address you can set the Barricade to act as a virtual host for network address translation Remote users access various services at your site usin...

Page 20: ...an and TCP SYN flooding WPA WPA2 WEP SSID and MAC filtering provide security over the wireless network Virtual Private Network VPN Pass through The Barricade supports three of the most commonly used VPN protocols PPTP L2TP and IPSec The VPN protocols supported by the Barricade are briefly described below Point to Point Tunneling Protocol Provides a secure tunnel for remote client access to a PPTP ...

Page 21: ... the Barricade refer to Configuring the Barricade on page 4 1 Package Contents After unpacking the Barricade check the contents of the box to be sure you have received the following components Barricade SMCWBR14T G Power adapter One CAT 5 Ethernet cable RJ 45 One documentation CD Quick Install Guide Immediately inform your dealer in the event of any incorrect missing or damaged parts If possible p...

Page 22: ...can be connected directly to your PC or to a local area network using the Fast Ethernet LAN port Access speed to the Internet depends on your service type Full rate ADSL provides up to 8 Mbps downstream and 1 Mbps upstream G lite or splitterless ADSL provides up to 1 5 Mbps downstream and 512 kbps upstream However you should note that the actual rate provided by specific service providers may vary...

Page 23: ...rnet link Flashing The LAN port is sending or receiving data Off No Ethernet link WLAN On WLAN link Flashing The Barricade is sending or receiving data via WLAN Off No WLAN link PPPoE DSL On PPPoE DSL connection is functioning correctly Flashing The Barricade is establishing an PPPoE DSL link Off PPPoE DSL connection is not established WAN On WAN link Off No WAN link PWR On The Barricade is receiv...

Page 24: ... port RJ 45 Connect your WAN line to this port LAN Ports Fast Ethernet ports RJ 45 Connect devices on your local area network to these ports i e a PC hub switch or IP set top box Reset Button Use this button to reset the power and restore the default factory settings To reset without losing configuration settings see Reset on page 4 60 Antenna Connector Antenna is connected here 12V 1A WAN LAN1 LA...

Page 25: ...eeded You should however comply with the following guidelines Keep the Barricade away from any heating devices Do not place the Barricade in a dusty or wet environment You should also remember to turn off the power remove the power cord from the outlet and keep your hands dry when you install the Barricade Connect the ADSL Cable Modem Line ConnecttheADSL cablemodemusingaCAT 5Ethernetcable RJ 45 to...

Page 26: ...ce provider will attach the outside ADSL line to a data voice splitter Use a straight through CAT 5 Ethernet cable RJ 45 to connect the Barricade to the cable DSL modem Figure 2 3 Installing with a Splitter Voice Data Residential Connection Point NID Plain Old Telephone System POTS or Ethernet hub or switch Barricade Splitter Modem ...

Page 27: ...hone system Use a straight through CAT 5 Ethernet cable RJ 45 to connect the Barricade to the cable DSL modem You will have to add low pass filters to your phones as shown below Figure 2 4 Installing without a Splitter Plain Old Telephone System POTS Filter or Ethernet hub or switch Voice Data Voice Data Data Voice Residential Connection Point Network Interface Device NID Barricade Modem ...

Page 28: ...ther network equipment to the hub or switch When inserting an RJ 45 connector be sure the tab on the connector clicks into position to ensure that it is properly seated Warning Do not plug a phone jack connector into an RJ 45 port This may damage the Barricade Instead use only twisted pair cables with RJ 45 connectors that conform with FCC standards Notes 1 Use 100 ohm shielded or unshielded twist...

Page 29: ...er indicator on the front panel is lit If the power indicator is not lit refer to Troubleshooting on page A 1 In case of a power input failure the Barricade will automatically restart and begin to operate once the input power is restored If the Barricade is properly configured it will take about 30 seconds to establish a connection with the ADSL service provider after powering up ...

Page 30: ...INSTALLATION 2 10 ...

Page 31: ... configure your computer to connect to the Barricade You can either configure your computer to automatically obtain IP settings DHCP or manually configure IP address settings Static IP Depending on your operating system see Windows 2000 on page 3 3 Windows XP on page 3 9 or Configuring Your Macintosh Computer on page 3 15 ...

Page 32: ...de The default network settings for the Barricade are IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Note These settings can be changed to fit your network requirements but you must first configure at least one computer to access the Barricade s web configuration interface in order to make the required changes See Configuring the Barricade on page 4 1 for instructions on configuring the Barricad...

Page 33: ...ows 2000 DHCP IP Configuration 1 On the Windows desktop click Start Settings Network and Dial Up Connections 2 Click the icon that corresponds to the connection to your Barricade 3 The connection status screen will open Click Properties ...

Page 34: ...uble click Internet Protocol TCP IP 5 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK ...

Page 35: ...e it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your Barricade you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCONFIG RELEASE and press the Enter key ...

Page 36: ...er key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your Barricade is functioning correctly 4 Type EXIT and press the Enter key to close the Command Prompt window ...

Page 37: ...DNS server addresses 4 Enter the IP address for the Barricade in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes 5 Record the configured information in the following table TCP IP Configuration Setting IP Address ____ ____ ____...

Page 38: ...er click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box is not ticked Click OK Your computer is ...

Page 39: ...tart Control Panel 2 In the Control Panel window click Network and Internet Connections 3 The Network Connections window will open Locate and double click the Local Area Connection icon for the Ethernet adapter that is connected to the Barricade 4 In the connection status screen click Properties ...

Page 40: ...ouble click Internet Protocol TCP IP 6 If Obtain an IP address automatically and Obtain DNS server address automatically are already selected your computer is already configured for DHCP If not select these options now and click OK ...

Page 41: ...e it needs to obtain new network settings By releasing old DHCP IP settings and renewing them with settings from your Barricade you can verify that you have configured your computer correctly 1 On the Windows desktop click Start Programs Accessories Command Prompt 2 In the Command Prompt window type IPCONFIG RELEASE and press the Enter key ...

Page 42: ...dress is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your Barricade is functioning correctly Type EXIT and press the Enter key to close the Command Prompt window Your computer is now configured to connect to the Barricade ...

Page 43: ... DNS server addresses 5 Enter the IP address for the Barricade in the Preferred DNS server field This automatically relays DNS requests to the DNS server s provided by your ISP Otherwise add a specific DNS server into the Alternate DNS Server field and click OK to close the dialog boxes 6 Record the configured information in the following table TCP IP Configuration Setting IP Address ____ ____ ___...

Page 44: ...rer click Tools Click Internet Options and then the Connections tab shown on the right In the Local Area Network LAN settings section click LAN Settings to display the Local Area Network LAN Settings pop up window below In the Proxy server section ensure the Use a proxy server for your LAN These settings will not apply to dial up or VPN connections check box is not ticked Click OK Your computer is...

Page 45: ...y match your operating system This is because these steps and screen shots were created using Mac OS 10 2 Mac OS 7 x and above are similar but may not be identical to Mac OS 10 2 Follow these instructions 1 Pull down the Apple Menu Click System Preferences 2 Double click the Network icon in the Systems Preferences window ...

Page 46: ...r DHCP If not select this option 4 Your new settings are shown in the TCP IP tab Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that your Barricade is functioning 5 Close the Network window Now your computer is configured to connect to the Barricade ...

Page 47: ...is is so that your browser can view the Barricade s HTML configuration pages The following steps are for Internet Explorer Internet Explorer 1 Open Internet Explorer and click the Stop button Click Explorer Preferences 2 In the Internet Explorer Preferences window under Network select Proxies 3 Uncheck all check boxes and click OK ...

Page 48: ...CONFIGURING YOUR MACINTOSH COMPUTER 3 18 ...

Page 49: ...y any Java supported browser such as Internet Explorer 5 5 or above Using the web management interface you can configure the Barricade and view statistics to monitor network activity To access the Barricade s management interface enter the IP address of the Barricade in your web browser http 192 168 2 1 The Barricade automatically switches to Port 80 for management access ...

Page 50: ...ur Internet connection and basic LAN settings Go to Setup Wizard on page 4 5 Home Network Settings Use the Home Network Settings section to configure your LAN WAN and wireless settings Go to Home Network Settings on page 4 13 Security In this section you can easily configure your wireless security settings Go to Security on page 4 27 Advanced Settings Advanced Settings supports more advanced funct...

Page 51: ... to click the Apply or Save Settings or NEXT button at the bottom of the page to enable the new setting Note To ensure proper screen refresh after a command entry be sure that Internet Explorer 5 5 is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for Check for newer versions of stored pages should be Every visit to the page ...

Page 52: ...CONFIGURING THE BARRICADE 4 4 Login Screen The Login screen automatically appears first Enter the default password smcadmin and then click LOGIN ...

Page 53: ... Setup Wizard Getting Started The Setup Wizard automatically appears next The first item in the Setup Wizard is Getting Started Simply click NEXT to proceed to the following screen and configure your Wireless Settings ...

Page 54: ... the same on the Barricade and all of its wireless clients Broadcast Wireless Network Name Enable or disable the broadcasting of the SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP Default Enable Wireless Mode This device supports the following modes 11g only 11b ...

Page 55: ...andards based Relevant to STA Increase throughput via overhead reduction 802 11e subset Advantage applies to any AP Compression Real time hardware data compression Standards based Lempel Ziv Increaseddata throughputusing compressed frames No impact on host processor Fast Frames Utilizes frame aggregation and timing modifications Increases throughput by transmitting more data per frame Dynamic Turb...

Page 56: ...Internet Settings Specify the WAN connection type required by your Internet Service Provider Specify Cable modem Fixed IP xDSL PPPoE xDSL or PPTP Select your connection type to proceed Click BACK to go back and change your settings ...

Page 57: ...ZARD 4 9 Cable Modem Settings If the ISP requires you to input a Host Name type it in the Host Name field The MAC Address field will be filled automatically Click NEXT to proceed or BACK to change your settings ...

Page 58: ...CADE 4 10 ADSL Settings Fixed IP xDSL Enter the IP address Gateway IP address DNS IP address and Subnet Mask provided to you by your ISP in the appropriate fields below Click NEXT to proceed or BACK to change your settings ...

Page 59: ...ar reason to change it Enter the maximum idle time for the Internet connection After this time has been exceeded the connection will be terminated Check the Auto reconnect check box to automatically re establish the connection as soon as you attempt to access the Internet again Click NEXT to proceed or BACK to change your settings Note Clicking NEXT will not automatically connect the Barricade to ...

Page 60: ...e Internet is maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Time Out to one minute After the Idle Time Out has expired set the action you wish the Barricade to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep the session alive Click NEXT to p...

Page 61: ...RK SETTINGS 4 13 Home Network Settings Clicking the Home icon at any time returns you to this home page The Main Menu links are used to navigate to other menus that display configuration parameters and statistics ...

Page 62: ...Options General Temporary Internet Files Settings the setting for Check for newer versions of stored pages should be Every visit to the page Menu Description Status Provides WAN connection type and status firmware and hardware version numbers system IP settings as well as DHCP NAT and firewall information Displays the number of attached clients the firmware versions the physical MAC address for ea...

Page 63: ...ATION CHANGES 4 15 Status The Status screen displays WAN LAN connection status firmware and hardware version numbers as well as information on DHCP clients connected to your network You can also view the Security Log ...

Page 64: ...work LAN Displays system IP settings as well as DHCP Server Firewall UPnP and Wireless status INFORMATION Displays the number of attached clients the firmware versions the physical MAC address for each media interface and for the Barricade as well as the hardware version and serial number DHCP Client Log Displays information on DHCP clients on your network Security Log Displays illegal attempts to...

Page 65: ...e LAN Settings parameters are listed below Parameter Description Wireless Router IP Address IP Address The IP address of the Barricade IP Subnet Mask The IP subnet mask DHCP Server DHCP Server DHCP allows individual computers to obtain the TCP IP configuration at startup from a centralized DHCP server To dynamically assign an IP address to a client PC enable the DHCP Dynamic Host Configuration Pro...

Page 66: ...IP address pool Domain Name The domain name is the name you assign to your network Lease Time The length of time the DHCP server will reserve the IP address for each computer Setting lease times for shorter intervals such as one day or one hour frees IP addresses after the specified period of time This also means that a particular computer s IP address may change over time If you have set any adva...

Page 67: ...ION CHANGES 4 19 WAN Settings Specify the WAN connection type required by your Internet Service Provider Specify Dynamic IP Address PPPoE PPTP or Static IP Address Select the connection type and click More Configuration ...

Page 68: ...can use the Clone MAC Address button to copy the MAC address of the Network Interface Card NIC installed in your PC to replace the WAN MAC address If necessary you can use the Renew button on the Status page to renew the WAN IP address Note Make sure you record the MAC address that you clone so that if you lose your settings you will be able to re connect to the Internet Click Save Settings to pro...

Page 69: ...dle Time in minutes to define a maximum period of time for which the Internet connection is maintained during inactivity If the connection is inactive for longer than the Maximum Idle Time then it will be dropped You can enable the Auto reconnect option to automatically re establish the connection as soon as you attempt to access the Internet again Click Save Settings to proceed or Cancel to chang...

Page 70: ...s maintained during inactivity The default setting is 10 minutes If your ISP charges you by the minute you should change the Idle Time Out to one minute After the Idle Time Out has expired set the action you wish the Barricade to take You can tell the device to connect manually or automatically as soon as you try to access the Internet again or to keep the session alive Click Save Settings to proc...

Page 71: ...HANGES 4 23 Static IP If your Service Provider has assigned a fixed IP address enter the assigned IP address subnet mask and the gateway address on this screen Click Save Settings to proceed or Cancel to change your settings ...

Page 72: ...SID and channel number It supports data encryption and client filtering To use the wireless feature check the Enable check box and click Save Settings After clicking Save Settings you will be brought directly to the wireless settings screen in the Security section See Wireless on page 4 24 for details on how to configure wireless security ...

Page 73: ... be the same on the Barricade and all of its wireless clients Broadcast Wireless Network Name Enable or disable the broadcasting of the SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies the wireless network discovery feature of some products such as Windows XP Default Enable Wireless Mode This device supports the following modes 11g only 1...

Page 74: ... the name of your wireless network The SSID must be the same on the Barricade and all of its wireless clients Channel This device supports the following modes 11g only 11b only 11b g mixed mode Super G Dynamic Turbo and Super G Static Turbo MAC Address The media access control address MAC address is a unique identifier attached to each wireless base station Security Displays the security mechanism...

Page 75: ...enial of Service DoS attacks when activated Its purpose is to allow a private local area network LAN to be securely connected to the Internet The second menu item is Wireless This section allows you to configure wireless security settings according to your environment and the privacy level required To configure your firewall settings click Firewall in the left hand menu ...

Page 76: ...e aimed at devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The Barricade protects against the following DoS attacks IP Spoofing Land Attack Ping of Death IP with zero length Smurf Attack UDP port loopback Snork Attack TCP null scan and TCP SYN flooding See page 4 46 ...

Page 77: ...cheduled time Define the schedule on the Schedule Rule page and apply the rule on the Access Control page You may filter Internet access for local clients based on rules Each access control rule may be activated at a scheduled time First define the schedule on the Schedule Rule page then apply the rule on the Access Control page 1 To add a new rule click Add Schedule Rule Proceed to the following ...

Page 78: ...hown on the following screen 3 Upon completion click OK to save your schedule rules and then click Save Settings to make your settings to take effect Each access control rule may be activated at a scheduled time First define the schedule on the Schedule Rule page then apply the rule on the Access Control page ...

Page 79: ... the Barricade to enter up to 32 MAC addresses that are not allowed access to the WAN port 1 Click Add PC on the Access Control screen 2 Define the appropriate settings for client PC services as shown on the following screen 3 Click OK and then click Apply to save your settings The following items are displayed on the Access Control screen Parameter Description Enable Filtering Function Enables or...

Page 80: ...ion to Always Blocking or to whatever schedule you have defined in the Schedule Rule screen Click OK to save your settings The added PC will now appear in the Access Control page For the URL keyword blocking function you will need to configure the URL address or blocked keyword on the Parental Control page first Click Parental Control to add to the list of disallowed URL s and keywords To enable s...

Page 81: ...imit the access of hosts within the local area network LAN The MAC Filtering Table allows the Barricade to enter up to 32 MAC addresses that are allowed access to the WAN port All other devices will be denied access By default this feature is disabled Click Save Settings to proceed or Cancel to change your settings ...

Page 82: ...ify the web sites www somesite com and or keywords you want to block on your network To complete this configuration you will need to create or modify an access rule in Access Control Add PC on page 4 32 To modify an existing rule click the Edit option next to the rule you want to modify To create a new rule click on the Add PC option From the Access Control Add PC section check the option for WWW ...

Page 83: ...wall inspects packets at the application layer maintains TCP and UDP session information including timeouts and number of active sessions and provides the ability to detect and prevent certain types of network attacks such as Denial of Service DoS attacks ...

Page 84: ...rk so users no longer have access to network resources The Barricade protects against DoS attacks including Ping of Death Ping flood attack SYN flood attack IP fragment attack Teardrop Attack Brute force attack Land Attack IP Spoofing attack IP with zero length TCP null scan Port Scan Attack UDP port loopback Snork Attack Note The firewall does not significantly affect system performance so we adv...

Page 85: ... SPI feature is turned on all incoming packets are blocked except those types marked with a check in the SPI section at the top of the screen RIP Defect Disabled If the router does not reply to an IPX RIP request packet it will stay in the input queue and not be released Accumulated packets could cause the input queue to fill causing severe problems for all protocols Enabling this feature prevents...

Page 86: ... are taking place only with sources that are known and trusted from previous interactions In addition to being more rigorous in their inspection of packets stateful inspection firewalls also close off ports until a connection to the specific port is requested When particular types of traffic are checked only the particular type of traffic initiated from the internal LAN will be allowed For example...

Page 87: ...o activity UDP session idle timeout 30 secs The length of time for which a UDP session will be managed if there is no activity DoS Detect Criteria Total incomplete TCP UDP sessions HIGH 300 sessions Defines the rate of new unestablished sessions that will cause the software to start deleting half open sessions Total incomplete TCP UDP sessions LOW 250 sessions Defines the rate of new unestablished...

Page 88: ...plete TCP UDP session is detected as incomplete Maximum half open fragmentation packet number from same host 30 sessions Maximum number of half open fragmentation packets from the same host Half open fragmentation detect sensitive time period 1 sec Length of time before a half open fragmentation session is detected as half open Flooding cracker block time 300 secs Length of time from detecting a f...

Page 89: ...y from behind the firewall you can open the client up to unrestricted two way Internet access Enter the IP address of a DMZ Demilitarized Zone host on this screen Adding a client to the DMZ may expose your local network to a variety of security risks so only use this option as a last resort ...

Page 90: ... roaming clients by setting the Service Set Identifier SSID and channel number It supports data encryption and client filtering To use the wireless feature check the Enable check box and click Save Settings To begin configuring your wireless security settings click Wireless Encryption ...

Page 91: ...el to change your settings Parameter Description No WEP No WPA WPA2 Disables all wireless security To make it easier to set up your wireless network we recommend enabling this setting initially By default wireless security is disabled WEP Only Once you have your wireless network in place the minimum security we recommend is to enable the legacy security standard Wired Equivalent Privacy WEP See WE...

Page 92: ...etwork you can specify that only certain wireless clients can connect to the Barricade Up to 32 MAC addresses can be added to the MAC Filtering Table When enabled all registered MAC addresses are controlled by the Access Rule By default this MAC filtering feature is disabled ...

Page 93: ... 128 bit key to use for encryption Key Entry Method Select hexadecimal Hex or ASCII for the key entry method Key Provisioning Select Static if there is only one fixed key for encryption If you want to select Dynamic you need to enable 802 1X function first Default Key ID Choose which key to use as default Passphrase Check the Passphrase check box to generate a key automatically Key 1 4 The Barrica...

Page 94: ...assphrase can consist of up to 63 alphanumeric characters Hexadecimal Keys A hexadecimal key is a mixture of numbers and letters from A F and 0 9 64 bit keys are 10 digits long and can be divided into five two digit numbers 128 bit keys are 26 digits long and can be divided into 13 two digit numbers ASCII Keys There are 95 printable ASCII characters 0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ _ abcdefgh...

Page 95: ...patch from Microsoft is available for free download for XP only Parameter Description Cipher Suite The security mechanism used in WPA for encryption Select TKIP AES WPA WPA2 or AES WPA2 Only Authentication Select 802 1X or Pre shared Key for the authentication method 802 1X for the enterprise network with a RADIUS server Pre shared key for the SOHO network environment without an authentication ser...

Page 96: ...otocol EAP authentication or pre shared key PSK technology The passphrase can consist of up to 32 alphanumeric characters WPA2 Launched in September 2004 by the Wi Fi Alliance WPA2 is the certified interoperable version of the full IEEE 802 11i specification which was ratified in June 2004 Like WPA WPA2 supports IEEE 802 1X EAP authentication or PSK technology It also includes a new advanced encry...

Page 97: ...ime in seconds that a session will sit inactive before terminating Set to 0 if you do not want the session to timeout Default 300 seconds Re Authentication Period The interval time in seconds after which the client will be asked to re authenticate For example if you set this to 30 seconds the client will have to re authenticate every 30 seconds Set to 0 for no re authentication Default 3600 second...

Page 98: ...th the wired and wireless LAN media and supports multiple authentication methods such as token cards Kerberos one time passwords certificates and public key authentication Click Save Settings to proceed or Cancel to change your settings Server Port Set the connection port that is configured on the radius server Secret Key The 802 1X secret key used to configure the Barricade NAS ID Defines the req...

Page 99: ...ription NAT Shares a single ISP account with multiple users sets up virtual servers Maintenance Allows you to backup restore reset and upgrade the Barricade s firmware System Sets the local time zone the password for administrator access the IP address of a PC that will be allowed to manage the Barricade remotely and the IP address of a Domain Name Server SNMP Community string and trap server sett...

Page 100: ...This process allows all of the computers on your home network to use one IP address Using the NAT capability of the Barricade you can access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP To use the NAT feature check the Enable check box and click Save Settings ...

Page 101: ...to one or more addresses used in the public global Internet This feature limits the number of public IP addresses required from the ISP and also maintains the privacy and security of the local network We allow one public IP address to be mapped to a pool of local addresses Click Save Settings to proceed or Cancel to change your settings ...

Page 102: ...ing on the requested service TCP UDP port number the Barricade redirects the external service request to the appropriate server located at another internal IP address For example if you set Type Public Port to TCP 80 HTTP or web and the Private IP Port to 192 168 2 2 80 then all HTTP requests from outside users will be transferred to 192 168 2 2 on port 80 Therefore by just entering the IP address...

Page 103: ...uire multiple connections use the following screen to specify the additional public ports to be opened for each application Click the List of well known special applications link for more information Specify the public port number normally associated with an application in the Trigger Port field Set the protocol type to TCP or UDP then enter the ports that the application requires The ports may be...

Page 104: ...r Applications field From the drop down list choose the application and then choose a row number to copy this data into Note Choosing a row that already contains data will overwrite the current settings For a full list of ports and the services that run on them see www iana org assignments port numbers ...

Page 105: ...resh button is provided to refresh the NAT Mapping Table with the most updated values The content of the NAT Mapping Table is described as follows Protocol protocol of the flow Local IP local LAN host s IP address for the flow Local Port local LAN host s port number for the flow Pseudo IP translated IP address for the flow Pseudo Port translated port number for the flow Peer IP remote WAN host s I...

Page 106: ...reless Router Configuration and click NEXT to save your Barricade s configuration to a file named config bin on your PC You can then check the Restore from saved Configuration file SMCWBR14T_backup bin radio button and click NEXT to restore the saved backup configuration file To restore the factory settings check Restore Wireless Router to Factory Defaults and click NEXT You will be asked to confi...

Page 107: ... com to find the latest firmware Download the firmware to your hard drive first Click Browse to locate the saved file After locating the new firmware file click BEGIN UPGRADE Follow the instructions to complete the upgrade After restarting check the Status page to make sure the device is running the new code ...

Page 108: ... configurations that you have set previously will not be changed back to the factory default settings Note You may also use the blue Reset button on the rear panel of the Barricade to perform a reset Push for one second to perform a reboot All of your settings will remain upon restarting Push for six seconds to return the Barricade to factory default settings ...

Page 109: ...zone and time server for the Barricade This information is used for log entries and client access control Check Enable Automatic Time Server Maintenance to automatically maintain the Barricade s system time by synchronizing with a public time server over the Internet Then configure two different time servers by selecting the options in the Primary Server and Secondary Server fields ...

Page 110: ...r interface press the Reset button colored blue on the rear panel holding it down for at least six seconds to restore the factory defaults The default password is smcadmin Enter a maximum Idle Time Out in minutes to define a maximum period of time an inactive login session will be maintained If the connection is inactive for longer than the maximum idle time it will be logged out and you will have...

Page 111: ...computer on this screen Check the Enabled check box and enter the IP address of the remote host and click Save Settings Note If you check Enabled and specify an IP address of 0 0 0 0 any host can manage the Barricade For remote management via WAN IP address you need to connect using port 8080 Simply enter WAN IP address followed by 8080 in the address field of your web browser for example 212 120 ...

Page 112: ...ork Management Station NMS can be used to access this information Access rights to the agent are controlled by community strings To communicate with the Barricade the NMS must first submit a valid community string for authentication Note Up to 5 community names may be entered Parameter Description Community A community name authorized for management access Access Management access is restricted to...

Page 113: ...rap management Enter a word something other than public or private to prevent unauthorized individuals from reading information on your system Version Sets the trap status to disabled or enabled with v1 or v2c The v2c protocol was proposed in late 1995 and includes enhancements to v1 that are universally accepted These include a get bulk command to reduce network management traffic when retrieving...

Page 114: ...d wireless devices UPnP architecture leverages TCP IP and the web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home office and everywhere in between Click Enable to turn on the Universal Plug and Play function of the Barricade This function allows the device to automatically and dynamically join a network Click Save Settings to pro...

Page 115: ...list Click Save Settings to save the configuration Parameter Description Index Index number of the route Network Address Enter the IP address of the remote computer for which to set a static route Subnet Mask Enter the subnet mask of the remote network for which to set a static route Gateway Enter the WAN IP address of the gateway to the remote network Configure Allows you to edit existing routes ...

Page 116: ...sub network information will be summarized to one piece of information covering all subnetworks Table of current Interface RIP parameter Interface The WAN interface to be configured Operation Mode Disable RIP disabled on this interface Enable RIP enabled on this interface Silent Listens for route broadcasts and updates its route table It does not participate in sending route broadcasts Version Set...

Page 117: ...updates to inform other network routers of the change Click Save Settings to proceed or Cancel to change your settings Authentication Required None No authentication Password A password authentication key is included in the packet If this does not match what is expected the packet will be discarded This method provides very little security as it is possible to learn the authentication key by watch...

Page 118: ... a template that identifies the address bits in the destination address used for routing to specific subnets Each bit that corresponds to a 1 is part of the subnet mask number each bit that corresponds to 0 is part of the host number Gateway The IP address of the router at the next hop to which frames are forwarded Interface The local interface through which the next hop of this route is reached M...

Page 119: ...ween the Barricade the external power supply and the wall outlet If the power indicator does not turn on when the power cord is plugged in you may have a problem with the power outlet power cord or external power supply However if the unit powers off after running for a while check for loose power connections power losses or surges at the power outlet If you still cannot isolate the problem then t...

Page 120: ...e any defective adapter or cable if necessary Network Connection Problems Cannot ping the Barricade from the attached LAN or the Barricadecannot ping any device on the attached LAN Verify that the IP addresses are properly configured For most applications you should use the Barricade s DHCP function to dynamically assign IP addresses to hosts on the attached LAN However if you manually configure I...

Page 121: ...y Check that you have a valid network connection to the Barricade and that the port you are using has not been disabled Check the network cabling between the management station and the Barricade Forgot or lost the password Press the Reset button on the rear panel holding it down for at least six seconds to restore the factory defaults Troubleshooting Chart Symptom Action ...

Page 122: ...he angle of the antenna There may be interference possibly caused by microwave ovens or wireless phones Change the location of the possible sources of interference or change the location of the Barricade Change the wireless channel on the Barricade See Channel and SSID on page 25 Check that the antenna connectors and cabling are firmly connected The Barricade cannot be detected by a wireless clien...

Page 123: ...ntions For Ethernet connections a twisted pair cable must have two pairs of wires Each wire pair is identified by two different colors For example one wire might be red and the other red with white stripes Also an RJ 45 connector must be attached to both ends of the cable Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat...

Page 124: ...entation when attaching the wires to the pins Figure B 1 RJ 45 Ethernet Connector Pin Numbers RJ 45 Port Ethernet Connection Use the straight through CAT 5 Ethernet cable provided in the package to connect the Barricade to your PC When connecting to other network devices such as an Ethernet switch use the cable type shown in the following table Attached Device Port Type Connecting Cable Type MDI X...

Page 125: ...a Straight Through Wiring If the port on the attached device has internal crossover wiring MDI X then use straight through cable RJ 45 Pin Assignments Pin Number Assignment 1 Tx 2 Tx 3 Rx 6 Rx The and signs represent the polarity of the wires that make up each wire pair Straight Through Cable Pin Assignments End 1 End 2 1 Tx 1 Tx 2 Tx 2 Tx 3 Rx 3 Rx 6 Rx 6 Rx ...

Page 126: ...CABLES B 4 Crossover Wiring If the port on the attached device has straight through wiring MDI use crossover cable Crossover Cable Pin Assignments End 1 End 2 1 Tx 3 Rx 2 Tx 6 Rx 3 Rx 1 Tx 6 Rx 2 Tx ...

Page 127: ...T 100 BASE TX ports Auto negotiates the connection speed to 10 Mbps Ethernet or 100 Mbps Fast Ethernet and the transmission mode to half duplex or full duplex WAN Interface 1 ADSL RJ 45 port Indicator Panel LAN 1 4 WLAN PPPoE DSL WAN Power Dimensions 145 x 95 x 36 mm 5 70 x 3 74 x 1 41 in Weight 0 175 kg 0 469 lbs Input Power 12V 1 A Power Consumption 9 Watts maximum ...

Page 128: ...83 TFTP RFC 1483 AAL5 Encapsulation RFC 1661 PPP RFC 1866 HTML RFC 2068 HTTP RFC 2364 PPP over ATM Radio Features Wireless RF module Frequency Band 802 11g Radio 2 4GHz 802 11b Radio 2 4GHz USA FCC 2412 2462MHz Ch1 Ch11 Canada IC 2412 2462MHz Ch1 Ch11 Europe ETSI 2412 2472MHz Ch1 Ch13 Japan STD T66 STD 33 2412 2484MHz Ch1 Ch14 Modulation Type OFDM CCK Operating Channels IEEE 802 11b compliant 11 c...

Page 129: ...15 802 11g 18Mbps 15 802 11g 24Mbps 15 802 11g 36Mbps 15 802 11g 48Mbps 15 802 11g 54Mbps 15 Sensitivity Modulation Rate Receiver 2 412 2 484 HGz Sensitivity dBm 802 11b 1Mbps 90 802 11b 2Mbps 88 802 11b 5 5Mbps 85 802 11b 11Mbps 84 Modulation Rate Receiver Sensitivity Typical dBm 802 11g 6Mbps 88 802 11g 9Mbps 87 802 11g 12Mbps 84 802 11g 18Mbps 82 802 11g 24Mbps 79 802 11g 36Mbps 75 802 11g 48Mb...

Page 130: ...s Temperature Operating 0 to 40 C 32 to 104 F Storage 40 to 70 C 40 to 158 F Humidity 5 to 95 non condensing Vibration IEC 68 2 36 IEC 68 2 6 Shock IEC 68 2 29 Drop IEC 68 2 32 IEEE Standards IEEE 802 3 802 3u 802 11g 802 1D ITU G dmt ITU G Handshake ITU T 413 issue 2 ADSL full rate ...

Page 131: ......

Page 132: ......

Reviews: