manualshive.com logo in svg

Cisco RV130, Руководство администратора, Страница: 93 / 141

Поделиться
Скачать
Cisco RV130 Скачать руководство пользователя страница 93

Configuring the Firewall

Configuring Access Rules

Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide

90

5

 

Adding Access Rules

All configured firewall rules on the device are displayed in the 

Access Rules 

Table

. This list also indicates whether the rule is enabled (active) and gives a 

summary of the From/To zone as well as the services and users the rule affects.   

To create an access rule: 

STEP 1

Choose 

Firewall

 > 

Access Rules

.

STEP  2

Click 

Add Row

.

STEP  3

In the 

Connection Type

 field, choose the source of originating traffic:

Outbound (LAN > WAN)

—Choose this option to create an outbound rule.

Inbound (WAN > LAN)

—Choose this option to create an inbound rule.

Inbound (WAN > DMZ)

—Choose this option to create an inbound rule.

STEP  4

From the 

Action

 drop-down menu, choose the action:

Always Block

—Always block the selected type of traffic.

Always Allow

—Never block the selected type of traffic.

Block by schedule

—Blocks the selected type of traffic according to a 

schedule. 

Allow by schedule

—Allows the selected type of traffic according to a 

schedule.

STEP  5

From the 

Services

 drop-down menu, choose the service to allow or block for this 

rule. Choose 

All Traffic

 to allow the rule to apply to all applications and services, 

or choose a single application to block:

Domain Name System (DNS), UDP or TCP

File Transfer Protocol (FTP)

Hyptertext Transfer Protocol (HTTP)

Secure Hypertext Transfer Protocol (HTTPS)

Trivial File Transfer Protocol (TFTP)

Internet Message Access Protocol (IMAP) 

Network News Transport Protocol (NNTP)

Содержание RV130

Страница 1: ...Cisco RV130 Multifunction VPN Router Cisco RV130W Wireless Multifunction VPN Router ADMINISTRATION GUIDE ...

Страница 2: ...ffiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Страница 3: ...wing Wireless Statistics 15 Viewing Captive Portal Status 15 Viewing Site to Site IPsec VPN Connection Status 15 Viewing the IPsec VPN Server Status 16 Viewing PPTP Server 16 Viewing Logs 16 Viewing Connected Devices 17 Viewing Port Statistics 18 Viewing the Mobile Network Status 18 Chapter 3 Configuring Networking 20 Configuring WAN Settings 21 Configuring Wired WAN Connections 21 Configuring DHC...

Страница 4: ...nfiguring RSTP 40 Port Management 41 Configuring Link Aggregation 42 Cloning the MAC Address 43 Configuring Routing 44 Configuring the Operating Mode 44 Configuring Dynamic Routing 44 Configuring Inter VLAN Routing 45 Configuring Static Routing 45 Viewing the Routing Table 46 Configuring Dynamic DNS 47 Configuring the IP Mode 48 Configuring IPv6 49 Configuring the IPV6 WAN Connection 49 Configurin...

Страница 5: ...less Settings 74 Detecting Rogue Access Points 77 Importing Authorized AP Lists 78 Configuring WDS 80 Configuring WPS 81 Configuring Captive Portal 82 Configuring Device Mode 85 Chapter 5 Configuring the Firewall 86 Firewall Features 86 Configuring Basic Firewall Settings 87 Configuring Remote Management 90 Configuring Universal Plug and Play 91 Managing Firewall Schedules 92 Adding or Editing a F...

Страница 6: ...ng IKE Policies 105 Managing VPN Policies 107 Configuring IPsec VPN Server 109 Configuring the IPsec VPN Server 109 Configuring IPsec VPN User Accounts 111 Configuring PPTP 111 Configuring the PPTP Server 112 Creating and Managing PPTP Users 112 Configuring VPN Passthrough 113 Chapter 7 Configuring Quality of Service QoS 114 Configuring Bandwidth Management 114 Configuring Bandwidth 115 Configurin...

Страница 7: ...g Port Mirroring 129 Configuring Log and E mail Settings 130 Configuring Log Settings 130 Configuring Log E Mailing 132 Configuring Bonjour 134 Configuring Date and Time Settings 134 Backing Up and Restoring the System 135 Backing Up the Configuration Settings 136 Restoring the Configuration Settings 137 Copying the Configuration Settings 137 Generating an Encryption Key 138 Upgrading Firmware or ...

Страница 8: ...d Displays the Users page where you can change the administrator password and set up a guest account See Configuring User Accounts Launch Setup Wizard Launches the Setup Wizard Follow the on screen instructions Configure WAN Settings Opens the Internet Setup page to change parameters For example the device host name See Configuring Wired WAN Connections Configure LAN Settings Opens the LAN Configu...

Страница 9: ...page to enable the basic features of the device See Configuring Basic Firewall Settings System Summary Displays the System Summary page that shows the state of the firmware IPv4 and IPv6 configuration status and the status of the wireless and the firewall on the device See Viewing the System Summary Wireless Status Displays the Wireless Statistics page that shows the state of the radio See Viewing...

Страница 10: ...r client device STEP 1 Open the wireless connection settings window or program for your device Your computer might have special software installed to manage wireless connections or you might find the wireless connections under the Control Panel in the Network Connections or Network and Internet window The location depends on your operating system STEP 2 Enter the network name SSID that you chose f...

Страница 11: ...Psec VPN and PPTP VPN server settings To modify the information displayed click the details link to go to the configuration page for the section For more information about managing the settings displayed on the Dashboard page see Configuring Log Settings Configuring Basic Site to Site IPsec VPN Configuring LAN Settings Configuring Wired WAN Connections Configuring Basic Wireless Settings From the ...

Страница 12: ... the integrity of files Locale The language installed on the router Language Version The version of the installed language pack The language pack version should be compatible with the currently installed firmware In some cases an older language pack may be used with a newer firmware image The router checks the language pack version to see if it is compatible with the current firmware version Langu...

Страница 13: ...DNS 1 IP address of the primary DNS server DNS 2 IP address of the secondary DNS server Wireless Summary Displays the public name and security settings for your wireless networks configured on the Wireless Basic Settings page For more information see Configuring Basic Wireless Settings Firewall Setting Status Displays DoS WAN request and remote management settings configured on the Firewall Basic ...

Страница 14: ...he bytes in kilobytes KB and the numerical data in rounded up values check the Show Simplified Statistic Data check box and click Save By default byte data is displayed in bytes and other numerical data is displayed in long form To reset the wireless statistics counters click Clear Count The counters are reset when the device is rebooted Viewing Captive Portal Status Choose Status Captive Portal t...

Страница 15: ...iew a list of your PPTP VPN connections the duration of the connection and the actions you can perfom on this connection For more information about configuring PPTP VPN connections see Configuring PPTP Viewing Logs Choose Status View Logs Click Refresh Logs to display latest log entries To filter logs or specify the severity of logs to display check the boxes next to the log type and click Go Note...

Страница 16: ...s use the page navigation buttons Viewing Connected Devices The Connected Devices page displays information about the active client devices connected to your router To view connected devices choose Status Connected Devices To specify the types of interfaces to display select a value from the Filter drop down menu All All devices connected to the router Wireless All devices connected through the wi...

Страница 17: ...his information Viewing the Mobile Network Status The mobile network statistics about the mobile 3G 4G network and communication device dongle configured on the device To view the mobile network status choose Status Mobile Network The following information is displayed Connection Device connected to the guest network Internet IP Address IP address assigned to the USB device Interface Name of the n...

Страница 18: ...eing received Rx and transmitted Tx on the mobile link Monthly Usage Monthly data download and bandwidth usage Manufacturer Card manufacturer name Card Model Card model number Card Firmware Card firmware version SIM Status Subscriber identification module SIM status IMS The unique identification associated with the GSM UMTS or LTE network mobile phone users Carrier Mobile network carrier Service T...

Страница 19: ...rated each time you log in To configure DHCP WAN settings STEP 1 Choose Networking WAN STEP 2 From the Internet Connection Type drop down list choose Automatic Configuration DHCP STEP 3 From the DNS Server Source drop down list choose one of the following ways to set the DNS server address If you already have DNS server addresses from your ISP choose Use these DNS Servers and enter the primary and...

Страница 20: ...ion Type drop down menu choose PPPoE STEP 3 Select a PPPoE profile or click Configure Profile to create a new profile STEP 4 On the PPPoE Profiles page enter the following information you might need to contact your ISP to obtain your PPPoE login information Internet IP Address IP address of the WAN port Subnet mask Subnet mask of the WAN port DNS Server Source The DNS server address If you already...

Страница 21: ...ISP To use the DNS servers provided by OpenDNS 208 67 222 222 208 67 220 220 to resolve your web addresses choose Use OpenDNS Connect on Demand Select this option if your ISP charges based on the amount of time that you are connected When you select this option the Internet connection is on only when traffic is present If the connection is idle that is no traffic is flowing the connection is close...

Страница 22: ...s with the security type sent by the server PAP Password Authentication Protocol PAP used by Point to Point Protocol to connect to the ISP CHAP Challenge Handshake Authentication Protocol CHAP requires that both the client and server know the plaintext of the secret to use ISP services MS CHAP or MS CHAPv2 The Microsoft version of CHAP used to access ISP services Internet IP Address IP address of ...

Страница 23: ...e number of seconds after which the device attempts to reconnect if it is disconnected Authentication Type Choose the authentication type Auto negotiation The server sends a configuration request specifying the security algorithm set on it The device then sends back authentication credentials with the security type sent earlier by the server PAP The device uses the Password Authentication Protocol...

Страница 24: ...resses in the Static DNS 1 and Static DNS 2 fields To get DNS server addresses from your ISP choose Get Dynamically from ISP To use the DNS servers provided by OpenDNS 208 67 222 222 208 67 220 220 to resolve your web addresses choose Use OpenDNS Internet IP Address The IP address of the WAN port Subnet mask The subnet mask of the WAN port Default Gateway The IP address of the default gateway L2TP...

Страница 25: ...tion the Internet connection is on only when traffic is present If the connection is idle that is no traffic is flowing the connection is closed If you click Connect on Demand enter the number of minutes after which the connection shuts off in the Max Idle Time field Keep Alive When you select this option the Internet connection is always on In the redial period field enter the number of seconds a...

Страница 26: ... DNS Servers and enter the primary and secondary addresses in the Static DNS 1 and Static DNS 2 fields To get DNS server addresses from your ISP choose Get Dynamically from ISP To use the DNS servers provided by OpenDNS 208 67 222 222 208 67 220 220 to resolve your web addresses choose Use OpenDNS MTU Maximum transmission unit MTU is the size of the largest packet that can be sent over the network...

Страница 27: ...D or change the VLAN ID Untagged VLAN ID A number between 1 and 4094 for the untagged VLAN ID The default is 1 Traffic on the VLAN that you specify in this field is not tagged with a VLAN ID when forwarded to the network VLAN 1 is the default untagged VLAN AP Management VLAN The VLAN associated with the IP address you use to access the device when it is configured as an access point If you create ...

Страница 28: ...ode is set to Auto To enable your modem to establish a connection automatically select Auto mode If you select Auto set a Connect on Demand time or select Keep Alive Connect on Demand terminates the Internet connection after it is inactive for the period of time specified in the Max Idle Time field If your Internet connection is terminated due to inactivity the modem automatically reestablishes a ...

Страница 29: ...ccess point name provided by your mobile network service provider If you do not know the name of the access point contact your service provider Dial Number Dial number provided by your mobile network service provider for the Internet connection Username Password User name and password provided by your mobile network service provider SIM Check SIM card check enable or disable SIM PIN PIN code assoc...

Страница 30: ...mail to an administrator E mail Setting When the bandwidth data limit is reached an email message can be sent to the administrator To set up the target email address see Configuring Log E Mailing When enabled by checking the box email is sent when Mobile network usage has exceeded a given percentage The device fails over to the backup pathway and recovers Server Type The most commonly available ty...

Страница 31: ...cessed through WAN Mobile Network must be set to Auto to use Ethernet WAN connection recovery STEP 4 In the Failover Check Interval field enter the frequency in seconds with which the device must attempt to detect the physical connection or presence of traffic on the mobile network link If the link is idle the device attempts to ping a destination at this interval If there is no reply to the ping ...

Страница 32: ...rver but uses the NetBIOS protocol to resolve hostnames The device includes the IP address of the WINS server in the DHCP configuration the device sends to DHCP clients If your device is connected to a modem or to another device that has a configured network on the same subnet 192 168 1 x it automatically changes the LAN subnet to a random subnet based on 10 x x x so there is no conflict with the ...

Страница 33: ...er to the hosts on the wireless LAN WLAN or wired LAN It assigns IP addresses and provides DNS server addresses With DHCP enabled the device assigns IP addresses to other network devices on the LAN from a pool of IPv4 addresses The device tests each address before it is assigned to avoid duplicate addresses on the LAN The default IP address pool is 192 168 1 100 to 192 168 1 149 To set a static IP...

Страница 34: ...IP addresses of all of your network devices DHCP Relay Relays the IP addresses assigned by another DHCP server to the network devices Starting IP Address The first address in the IP address pool Any DHCP client joining the LAN is assigned an IP address in this range Maximum Number of DHCP Users The maximum number of DHCP clients IP Address Range Read only The range of IP addresses available to the...

Страница 35: ...AN ID Numerical VLAN ID to assign to endpoints in the VLAN membership The number you enter must be between 3 to 4094 VLAN ID 1 is reserved for the default VLAN and is used for untagged frames received on the interface Description A description that identifies the VLAN Port 1 Port 2 Port 3 Port 4 You can associate VLANS on the device to the LAN ports on the device By default all LAN ports belong to...

Страница 36: ...n To edit the settings of a static DHCP client select the client and click Edit To delete a selected DHCP client click Delete Click Save to apply the changes Description Description of the client IP Address IP address you want assigned to the client device The IP address assigned should be outside the pool of the DHCP addresses Static DHCP assignment means the DHCP server assigns the same IP addre...

Страница 37: ... IP address Configuring a DMZ Host Your device supports demilitarized zones DMZ A DMZ is a subnetwork that is open to the public but behind the firewall A DMZ allows you to redirect packets going to your WAN port IP address to a particular IP address in your LAN We recommended that you place hosts that must be exposed to the WAN such as web or e mail servers in the DMZ network You can configure fi...

Страница 38: ... Choose Networking LAN RSTP STEP 2 Enter the following information System Priority Choose the system priority from the drop down menu You can choose from a system priority from 0 to 61440 in increments of 4096 Valid values are 0 4096 8192 12288 16384 20480 24576 28672 32768 40960 45056 49152 53248 57344 and 61440 The lower the system priority the more likely the device is to become the root in the...

Страница 39: ...the blocking to forwarding state Enter a number from 4 to 30 The default is 15 Force Version Select the default protocol version to use Select Normal use RSTP or Compatible compatible with old STP The default is Normal Protocol Enable Check to enable RSTP on the associated port RSTP is disabled by default Edge Check to specify that the associated port is an edge port end station Uncheck to specify...

Страница 40: ...device and the connected device choose a common speed 10Mbps Half 10 Mbps in both directions but only one direction at a time 10Mbps Full 10 Mbps in both directions simultaneously 100Mbps Half 100 Mbps in both directions but only one direction at a time 100Mbps Full 100 Mbps in both directions simultaneously Jumbo Frame Check to enable jumbo frames on the device and send frames within the LAN cont...

Страница 41: ...ess This is called MAC address cloning For example some ISPs register your computer card MAC address when the service is first installed When you place a router behind the cable modem or DSL modem the MAC address from the device WAN port is not recognized by the ISP In this case to configure your device to be recognized by the ISP you can clone the MAC address of the WAN port to be the same as you...

Страница 42: ...ormation automatically with other routers and allows it to dynamically adjust its routing tables and adapt to changes in the network Dynamic Routing RIP enables the device to automatically adjust to physical changes in the network layout and exchange routing tables with the other routers The router determines the network packets route based on the fewest number of hops between the source and the d...

Страница 43: ...etwork Some ISPs require static routes to build your routing table instead of using dynamic routing protocols Static routes do not require CPU resources to exchange routing information with a peer router You can also use static routes to reach peer routers that do not support dynamic routing protocols Static routes can be used together with dynamic routes The device supports up to 30 static routes...

Страница 44: ...ur network choose Networking Routing Table and choose one of the following Show IPv4 Routing Table The routing table is displayed with the fields configured in the Networking Routing page Show IPv6 Routing Table The routing table is displayed with the fields configured in the Networking IPv6 page Enter Route Name Enter the name of the route Destination LAN IP Enter the IP address of the destinatio...

Страница 45: ... STEP 2 The DDNS Service Table section lists the DDNS services that you can enable on the device STEP 3 Check the check box for the service you want to enable and click Edit STEP 4 Check the Enable check box for the service STEP 5 Configure this information STEP 6 Click Test Configuration to test the DDNS configuration STEP 7 Click Save Username E mail Address The username of the DDNS account or t...

Страница 46: ...ckets to be transmitted over an IPv4 network do the following a Click Show Static 6to4 DNS Entry b In the Domain and IP fields enter up to five domain to IP mappings The 6to4 tunneling feature is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network STEP 4 Click Save LAN IPv4 WAN IPv4 To use IPv4 on the LAN and WAN ports LAN IPv6 WAN IPv4 To u...

Страница 47: ...he IP mode to one of the following modes LAN IPv6 WAN IPv6 LAN IPv4 IPv6 WAN IPv4 LAN IPv4 IPv6 WAN IPv4 IPv6 See Configuring the IP Mode for instructions on how to set the IP mode Configuring SLAAC To self assign an address based on the IPv6 prefix configure the device to use use Stateless Address Auto Configuration SLAAC for IPv6 client address assignment To use SLAAC STEP 1 Choose Networking IP...

Страница 48: ...gure the device to use a static IPv6 address To configure a static IPv6 WAN address STEP 1 Choose Networking IPv6 IPv6 WAN Configuration STEP 2 From the WAN Connection Type menu select Static IPv6 STEP 3 Enter this information STEP 4 Click Save IPv6 Address IPv6 address of the WAN port IPv6 Prefix Length Length of the IPv6 prefix typically defined by the ISP The IPv6 network subnet is identified b...

Страница 49: ...formation it might be necessary to contact your ISP to obtain your PPPoE login information Username Username assigned to you by the ISP Password Password assigned to you by the ISP Connect on Demand If your ISP charges based on the amount of time that you are connected select the radio button When selected the Internet connection is active only when traffic is present If the connection is idle tha...

Страница 50: ...tocol to connect to the ISP Service Name Name that your ISP might require to log onto the PPPoE server MTU Maximum transmission unit is the size of the largest packet that can be sent over the network Unless a change is required by your ISP we recommend that you choose Auto The standard MTU value for Ethernet networks is 1500 bytes For PPPoE connections the value is 1492 bytes If your ISP requires...

Страница 51: ...e IPv6 LAN settings STEP 1 Choose Networking IPv6 IPv6 LAN Configuration STEP 2 Enter the following information to configure the IPv6 LAN address STEP 3 Click Save or continue to configure IPv6 DHCP LAN settings STEP 4 Enter the following information to configure the DHCPv6 settings IPv6 Address Enter the IPv6 address of the device The default IPv6 address for the gateway is fec0 1 or FEC0 0000 00...

Страница 52: ...int that requests DHCP addresses Domain Name Optional Domain name of the DHCPv6 server Server Preference Server preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 255 Static DNS 1 IPv6 address of the primary DNS server on the ISP IPv6 network Static DNS 2 IPv6 add...

Страница 53: ...twork To create a static route STEP 1 Choose Networking IPv6 IPv6 Static Routing STEP 2 In the list of static routes click Add Row STEP 3 Enter this information Name Route name Destination IPv6 address of the destination host or network for this route Prefix Length Number of prefix bits in the IPv6 address that define the destination subnet Gateway IPv6 address of the gateway through which the des...

Страница 54: ...The hop count is referred to as metric or cost The hop count from a router to a directly connected network is 0 The hop count between two directly connected routers is 1 When the hop count is greater than or equal to 16 the destination network or host is unreachable By default the routing update is sent every 30 seconds If the router receives no routing updates from a neighbor after 180 seconds th...

Страница 55: ...nect to the IPv6 Internet using the existing IPv4 network To configure 6 to 4 tunneling STEP 1 Select Networking IPv6 Tunneling STEP 2 In the 6 to 4 Tunneling field check Enable STEP 3 Choose the type of tunneling 6to4 6RD Rapid Deployment ISATAP Intra Site Automatic Tunnel Addressing Protocol Choose Auto or Manual STEP 4 For 6RD Tunneling choose Auto or Manual If you choose Manual enter the follo...

Страница 56: ...nnels Status STEP 2 Click Refresh to display the most up to date information This page displays information about the automatic tunnel set up through the dedicated WAN interface The table shows the name of tunnel and the IPv6 address that is created on the device Configuring Router Advertisement The Router Advertisement Daemon RADVD on the device listens for router solicitations in the IPv6 LAN an...

Страница 57: ...mum Router Advertisement Interval MaxRtrAdvInterval MinRtrAdvInterval 0 33 MaxRtrAdvInterval RA Flags Check Managed to use the administered stateful protocol for address auto configuration Check Other to use the administered stateful protocol of other non address information auto configuration Router Preference Choose low medium or high from the drop down menu The default is medium The router pref...

Страница 58: ...ket that can be sent over the network The MTU is used in RAs to ensure all nodes on the network use the same MTU value when the LAN MTU is not well known Router Life Time Router lifetime value or the time in seconds that the advertisement messages exists on the route The default is 3600 seconds IPv6 Prefix Type Choose one of the following types 6to4 Allows IPv6 packets to be transmitted over an IP...

Страница 59: ...dvertisements are sent IPv6 Prefix If you choose Global Local as the IPv6 prefix type enter the IPv6 prefix The IPv6 prefix specifies the IPv6 network address IPv6 Prefix Length If you choose Global Local as the IPv6 prefix type enter the prefix length The prefix length variable is a decimal value that indicates the number of contiguous higher order bits of the address that make up the network por...

Страница 60: ...Configuring Networking Configuring IPv6 Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 57 3 ...

Страница 61: ...Configuring Networking Configuring IPv6 Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 58 3 ...

Страница 62: ... keep your network secure Change the default wireless network name or SSID Wireless devices have a default wireless network name or SSID This is the name of your wireless network and can be up to 32 characters in length To protect your network change the default wireless network name to a unique name to distinguish your wireless network from other wireless networks that may exist around you When c...

Страница 63: ... Encryption protects data transmitted over a wireless network Wi Fi Protected Access WPA WPA2 and Wired Equivalency Privacy WEP offer different levels of security for wireless communication Currently devices that are Wi Fi certified are required to support WPA2 but are not required to support WEP A network encrypted with WPA WPA2 is more secure than a network encrypted with WEP because WPA WPA2 us...

Страница 64: ...r to prevent applications from using file sharing without your consent Wireless Networks on Your Device Your device provides four virtual wireless networks or four SSIDs Service Set Identifier ciscosb1 ciscosb2 ciscosb3 and ciscosb4 These are the default names or SSIDs of these networks but you can change these names to more meaningful names This table describes the default settings of these netwo...

Страница 65: ... WPS Hardware Button Enabled Disabled Disabled Disabled 1 When using the Setup Wizard select Best Security or Better Security to protect the device from unauthorized access SSID Name ciscosb1 ciscosb2 ciscosb3 ciscosb4 B G N Mixed If you have Wireless N Wireless B and Wireless G devices in your network This is the default setting recommended B Only Choose this option if you have only Wireless B de...

Страница 66: ...ment VLAN to limit access to Device Manager STEP 7 Optional In the U APSD WMM Power Save field check Enable to enable the Unscheduled Automatic Power Save Delivery U APSD feature also referred to as WMM Power Save which allows the radio to conserve power U APSD is a power saving scheme optimized for real time applications such as VoIP transferring full duplex data over WLAN By classifying outgoing...

Страница 67: ...k On to enable the network SSID Name Enter the name of the network SSID Broadcast Check this box to enable SSID broadcast If SSID broadcast is enabled the wireless router advertises its availability to wireless equipped devices in the range of the router Security Mode See Configuring the Security Mode MAC Filter See Configuring MAC Filtering VLAN Choose the VLAN associated with the network Wireles...

Страница 68: ...ssword to access the wireless network STEP 6 In the Encryption field choose the encryption type 10 64 bit 10 hex digits Provides a 40 bit key 26 128 bit 26 hex digits Provides a a 104 bit key which offers stronger encryption making the key more difficult to decipher We recommend 128 bit encryption STEP 7 Optional In the Passphrase field enter an alphanumeric phrase longer than eight characters for...

Страница 69: ...eously using PSK authentication The personal authentication is the PSK that is an alphanumeric passphrase shared with the wireless peer To configure the WPA Personal security mode STEP 1 In the Wireless Table Wireless Basic Settings check the box for the network you want to configure STEP 2 Click Edit Security Mode The Security Settings page appears STEP 3 In the Select SSID field choose the SSID ...

Страница 70: ...t simultaneously using RADIUS authentication To configure the WPA Enterprise security mode STEP 1 In the Wireless Table Wireless Basic Settings check the box for the network you want to configure STEP 2 Click Edit Security Mode STEP 3 In the Select SSID field choose the SSID for which to configure the security settings STEP 4 From the Security Mode menu choose one of the three WPA Enterprise optio...

Страница 71: ...reless MAC Filter page appears STEP 3 In the Edit MAC Filtering field check the Enable box to enable MAC Filtering for this SSID STEP 4 In the Connection Control field choose the type of access to the wireless network Prevent Select this option to prevent devices with the MAC addresses listed in the MAC Address Table from accessing the wireless network This option is selected by default Permit Sel...

Страница 72: ... specify the time during the day when access to the network is allowed STEP 5 Click Save Configuring Advanced Wireless Settings Advanced wireless settings should be adjusted only by an expert administrator incorrect settings can reduce wireless performance To configure advanced wireless settings STEP 1 Choose Wireless Advanced Settings The Advanced Settings page appears STEP 2 Configure these sett...

Страница 73: ...ice can transmit at all wireless rates The Basic Rate is not the actual rate of data transmission If you want to specify the device rate of data transmission configure the Transmission Rate setting Transmission Rate The rate of data transmission should be set depending on the speed of your wireless network You can select from a range of transmission speeds or you can select Auto to have the device...

Страница 74: ...and 3 500 milliseconds The default value is 100 DTIM Interval This value between 1 and 255 indicates the interval of the Delivery Traffic Indication Message DTIM A DTIM field is a countdown field informing clients of the next window for listening to broadcast and multicast messages When the device has buffered broadcast or multicast messages for associated clients it sends the next DTIM with a DTI...

Страница 75: ...ss point listed as a rogue is actually a legitimate access point you can add it to the Authorized AP Table Select a refresh rate to ensure that the Rogue AP Detection page always displays the latest information To enable Rogue AP detection STEP 1 Choose Wireless Rogue AP STEP 2 Click the Rogue AP Detection On radio button STEP 3 Click Save RTS Threshold If you encounter inconsistent data flow ente...

Страница 76: ...SID or the name that identifies the wireless network STEP 4 Choose the security mode associated with the access point STEP 5 Choose TKIP Temporal Key Integrity Protocol or CCMP Counter Cipher Mode Protocol as the encryption algorithm associated with the access point STEP 6 Choose RADIUS server or PSK Pre Shared Key to authenticate the access point STEP 7 Select the wireless network mode that the a...

Страница 77: ...uter Administration Guide 74 4 Field Values Security 0 Open 1 WEP 2 WPA Personal 3 WPA Enterprise 4 WPA2 Personal 5 WPA2 Enterprise Network Mode 0 B Only 1 G Only 2 N Only 3 BG Mixed 4 GN Mixed 5 BGN Mixed Channel 0 Auto 1 2 412 2 2 417 3 2 422 4 2 427 5 2 432 6 2 437 7 2 442 8 2 447 9 2 452 10 2 457 11 2 462 ...

Страница 78: ...se to locate the file that you want to import STEP 3 Click Save Configuring WDS A Wireless Distribution System WDS is a system that enables the wireless interconnection of access points in a network It allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them To establish a WDS link the device and other remote WDS peers must be configu...

Страница 79: ...ess Bridge s MAC Address section enter the MAC addresses of up to four access points to use as bridges in the MAC 1 MAC 2 MAC 3 and MAC 4 fields STEP 5 Click Save To configure WDS in Repeater mode STEP 1 Choose Wireless WDS STEP 2 Check the WDS check box STEP 3 Choose the repeater mode If you select Allow wireless signal to be repeated by a repeater enter the MAC addresses of up to three access po...

Страница 80: ... requires a PIN number from this router use the router PIN number indicated Device PIN Status WPA device personal identification number PIN status Device PIN Identifies the PIN of a device trying to connect PIN Lifetime The lifetime of the key If the time expires a new key is negotiated After you configure WPS the following information appears at the bottom of the WPS page Wi Fi Protected Setup St...

Страница 81: ...lient The default timeout is 60 minutes STEP 6 Select a font color for the text that you want to display on the page STEP 7 Specify the text that you want to display such as the name of your organization the label text for username and password fields and the label on the Login button STEP 8 Enter standard Copyright text associated with your company STEP 9 In the Error 1 and Error 2 fields enter t...

Страница 82: ...e box to enable the captive portal for the SSID STEP 5 Save your captive portal instances Creating Captive Portal User Accounts To create a captive portal user account STEP 1 Choose Wireless Captive Portal User Accounts STEP 2 Click Add Row STEP 3 Enter a username and password Reenter the password to verify it We recommended that the password contains no dictionary words from any language and is a...

Страница 83: ... provide wireless connections to clients and extend Wi Fi capability to an existing wired network All LAN ports are disabled when the device works as an access point Ensure that you configure the AP management VLAN information on the Networking WAN WAN Configuration page For more information see Configuring Optional Network Settings To configure the device mode STEP 1 Choose Wireless Device Mode a...

Страница 84: ...Configuring Wireless Networks Configuring Device Mode Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 81 4 ...

Страница 85: ...d To Zone LAN WAN DMZ Schedules as to when the router should apply rules Keywords in a domain name or on a URL of a web page that the router should allow or block Rules for allowing or blocking inbound and outbound Internet traffic for specified services on specified schedules MAC addresses of devices whose inbound access to your network the router should block Port triggers that signal the router...

Страница 86: ...s is assigned to the WAN port or if your WAN address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to WAN rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure WAN To block hosts on the secur...

Страница 87: ...for IPv6 SIP ALG To allow Session Initiation Protocol SIP traffic to traverse the firewall check the SIP ALG check box The device supports a maximum of 256 sessions UPnP Allow Users to Configure Allow Users to Disable Internet Access See Configuring Universal Plug and Play Block Java Check to block Java applets Java applets are small programs embedded in web pages that enable dynamic functionality...

Страница 88: ... ActiveX content Similar to Java applets ActiveX controls are installed on a Windows computer while running Internet Explorer A malicious ActiveX control can be used to compromise or infect computers Enabling this setting blocks ActiveX applets from being downloaded Click Auto to automatically block ActiveX or click Manual and enter a specific port on which to block ActiveX Block Proxy Check to bl...

Страница 89: ...recommended that you change the administrator and any guest passwords before continuing Remote Management Check Enable to enable remote management Remote Access Choose the type of web access that can be used to connect to the firewall HTTP or HTTPS secure HTTP Remote Upgrade To allow remote upgrades of the device check Enable Allowed Remote IP Address Click the Any IP Address button to allow remot...

Страница 90: ...his name is available on the Firewall Rule Configuration page in the Select Schedule list See Configuring Access Rules STEP 4 In the Scheduled Days section choose if you want to apply the schedule to All days or Specific Days If you choose Specific Days check the box next to the days that you want to include in the schedule STEP 5 In the Scheduled Time of Day section choose the time when you want ...

Страница 91: ...the new service appears in the List of Available Custom Services table To create a custom service STEP 1 Choose Firewall Service Management STEP 2 Click Add Row STEP 3 In the Service Name field enter the service name for identification and management purposes STEP 4 In the Protocol field choose the Layer 4 protocol that the service uses from the drop down menu TCP UDP TCP UDP ICMP STEP 5 In the St...

Страница 92: ...oose Firewall Access Rules STEP 2 Choose Allow or Deny Note Ensure that IPv6 support is enabled on the device to configure an IPv6 firewall See Configuring IPv6 STEP 3 Click Save Reordering Access Rules The order in which access rules are displayed in the access rules table indicates the order in which the rules are applied You may want to reorder the table to have certain rules applied before oth...

Страница 93: ... inbound rule Inbound WAN DMZ Choose this option to create an inbound rule STEP 4 From the Action drop down menu choose the action Always Block Always block the selected type of traffic Always Allow Never block the selected type of traffic Block by schedule Blocks the selected type of traffic according to a schedule Allow by schedule Allows the selected type of traffic according to a schedule STEP...

Страница 94: ... addresses Enter the starting IP address in the Start field and the ending IP address in the Finish field STEP 7 In the Log field specify whether the packets for this rule should be logged To log details for all packets that match this rule choose Always from the drop down menu For example if an outbound rule for a schedule is selected as Block Always for every packet that tries to make an outboun...

Страница 95: ... and management purposes STEP 5 From the Action drop down menu choose the type of access restriction you need Always block Always block Internet traffic This blocks Internet traffic to and from all endpoints If you want to block all traffic but allow certain endpoints to receive Internet traffic see Step 7 Always allow Always allow Internet traffic You can refine this to block specified endpoints ...

Страница 96: ... PC to which the policy applies The IP address of the PC to which the policy applies The starting and ending IP addresses of the range of addresses to block for example 192 168 1 2 192 168 1 253 STEP 8 To block traffic from specific websites a In the Website Domain Name Keyword table click Add Row b From the Type drop down menu choose how to block a website by specifying the domain name or by spec...

Страница 97: ...ddress range STEP 5 In the Range Length enter the number of public IP addresses that should be mapped to private addresses STEP 6 In the Service field choose the service for which the rule applies Services for one to one NAT allow you to configure the service to be accepted by the private IP LAN address when traffic is sent to the corresponding public IP address Configured services on private IP a...

Страница 98: ... when enabled Configuring Single Port Forwarding To add a single port forwarding rule STEP 1 Choose Firewall Single Port Forwarding A preexisting list of applications is displayed STEP 2 In the Application field enter the name of the application for which to configure port forwarding STEP 3 In the External Port field enter the port number that triggers this rule when a connection request from outg...

Страница 99: ...n the IP Address field enter the IP address of the host on the LAN side to which the specific IP traffic will be forwarded STEP 9 In the Enable field check the Enable box to enable the rule STEP 10 Click Save Configuring Port Range Triggering Port triggering allows devices on the LAN or DMZ to request one or more ports to be forwarded to them Port triggering waits for an outbound request from the ...

Страница 100: ...ype of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled To add a port triggering rule STEP 1 Choose Firewall Port Range Triggering STEP 2 In the Application field enter the name of the application for which to configure port forwarding STEP 3 In the Triggered Range fields enter the port number or range of port numbers that will trigger this rule when a connectio...

Страница 101: ...Configuring the Firewall Configuring Port Forwarding Cisco RV130 130W Wireless Multifunction VPN Router Administration Guide 98 5 ...

Страница 102: ...After configuring these basic VPN settings you can connect securely to another VPN enabled router For example you can configure your device at a branch site to connect to a router that connects site to site VPN tunnels at the corporate site so that the branch site has secure access to the corporate network To configure basic VPN settings for a site to site IPsec connection STEP 1 Choose VPN Site t...

Страница 103: ...net Mask The private network LAN subnet mask of the remote endpoint Local LAN Local Network IP Address The private network LAN address of the local network This is the IP address of the internal network on the device Local LAN Local Network Subnet Mask The private network LAN subnet mask of the local network Note The remote WAN and remote LAN IP addresses cannot exist on the same subnet For exampl...

Страница 104: ...at the remote router To add an IKE policy STEP 1 On the Advanced VPN Setup page click Add Row STEP 2 Enter a unique name for the IKE policy to identify and manage the policy easily STEP 3 In the Exchange Mode field choose one of the following modes for the policy Main Negotiates the tunnel with higher security but is slower Aggressive Establishes a faster connection but with lowered security STEP ...

Страница 105: ...ead the device deletes the IPsec and IKE Security Association If you enable this feature also enter these settings DPD Delay The interval in seconds between consecutive DPD R U THERE messages DPD R U THERE messages are sent only when the IPsec traffic is idle DPD Timeout The maximum time that the device should wait to receive a response to the DPD message before considering the peer to be dead STE...

Страница 106: ...IP Address field Subnet Allows an entire subnet to connect to the VPN Enter the network address in the IP Address field and enter the subnet mask in the Subnet Mask field Enter the subnet s network IP address in the IP Address field Enter the subnet mask such as 255 255 255 0 in the Subnet Mask field The field automatically displays the default subnet address based on the IP address Note Do not us...

Страница 107: ...ity Association in seconds After the specified number of seconds the Security Association is renegotiated The default value is 3600 seconds The minimum value is 300 seconds Encryption Algorithm Select the algorithm used to encrypt the data Integrity Algorithm Select the algorithm used to verify the integrity of the data PFS Key Group Check the Enable box to enable Perfect Forward Secrecy PFS to im...

Страница 108: ... key or password that will be exchanged between your device and the remote endpoint The password must be between 8 and 49 characters b In the Exchange Mode field choose one of the following modes for the IPsec VPN connection Main Negotiate the tunnel with higher security but is slower Aggressive Establish a faster connection but with lowered security c Choose the Encryption Algorithm to encrypt da...

Страница 109: ...iation for the VPN connection is renegotiated c Choose the Encryption Algorithm to encrypt data and choose the Authentication Algorithm for the VPN header Ensure that the authentication algorithm is configured identically on both your device and the remote endpoint d To create a more secure IPsec VPN connection check the PFS Key Group Enable check box ensuring a new Diffie Hellman key exchange in ...

Страница 110: ...er To configure the PPTP VPN server STEP 1 Choose VPN PPTP Server STEP 2 In the PPTP Server Configuration section configure the PPTP VPN settings a Check the PPTP Server Enable check box b Enter the IP address of the PPTP server c Enter the range of IP addresses for PPTP clients d To encrypt the data passing through the PPTP VPN connection check the MPPE Encryption Enable check box STEP 3 Click Sa...

Страница 111: ...ame and Password section click Browse to locate the file and click Import See Importing User Accounts for more information STEP 5 Save your user accounts Configuring VPN Passthrough VPN passthrough allows VPN traffic that originates from VPN clients to pass through the device To configure VPN passthrough STEP 1 Choose VPN VPN Passthrough STEP 2 Check the Enable check box to choose the type of traf...

Страница 112: ...Configuring VPN Configuring VPN Passthrough Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 109 6 ...

Страница 113: ...t You can use the device bandwidth management feature to manage the bandwidth of the traffic flowing from the secure network LAN to the insecure network WAN Configuring Bandwidth You can limit the bandwidth to reduce the rate at which the device transmits data You can also use a bandwidth profile to limit the outbound traffic which prevents the LAN users from consuming all of the bandwidth of the ...

Страница 114: ...for this service Direction Choose if you want to set priority for inbound or outbound traffic Category Choose if you want to set bandwidth priority for a service VLAN SSID Source IP inbound traffic or Destination IP outbound traffic Service Choose the service to prioritize VLAN SSID Choose the VLAN or SSID for which you want to set priority IP Address If you select Source IP or Destination IP in t...

Страница 115: ...able check the relevant box and click Edit When you are done making changes click Save To delete an entry from the table check the relevant box and click Delete Click Save To add a new service definition click the Service Management button You can define a new service to use for all firewall and QoS definitions See Configuring Services Management DSCP Enter the remarking value for packets on this ...

Страница 116: ... information STEP 3 Click Save To restore the default port based QoS settings click Restore Default and save your changes Trust Mode Choose one of the following options from the drop down menu Port Enables port based QoS settings You can then set the traffic priority for a particular port The traffic queue priority starts at the lowest priority of 1 and ends with the highest priority of 3 DSCP Dif...

Страница 117: ...with higher or lower traffic priority depending on the type of traffic STEP 3 Click Save To restore the default port based QoS settings click Restore Default and click Save Configuring DSCP Settings You can use the DSCP Settings page to configure DSCP to QoS queue mapping To configure DSCP to QoS queue mapping STEP 1 Choose QoS DSCP Settings STEP 2 Choose whether to only list RFC values or to list...

Страница 118: ...Configuring Quality of Service QoS Configuring DSCP Settings Cisco RV130 130W Wireless Multifunction VPN Router Administration Guide 115 7 ...

Страница 119: ...quely on your network For example RTR141 STEP 3 In the Domain Name field enter the domain in which your device is located For example abcbusiness com If you do not know the name of your organization s domain contact your network administrator STEP 4 Save your changes Setting Password Complexity You can enforce a minimum password complexity requirement for password changes To configure password com...

Страница 120: ... accounts Minimum Password Length Enter the minimum password length 0 64 characters Minimum number of character classes Enter a number representing one of the following character classes Uppercase letters Lowercase letters Numbers Special characters available on a standard keyboard By default passwords must contains characters from at least three of these classes The new password must be different...

Страница 121: ...st Settings check Edit Guest Settings Enter the following information STEP 4 Click Save Importing User Accounts You can import several users at the same time using a CSV file Ensure that the data in the CSV file is arranged as shown in the following tables New Username Enter a new username Old Password Enter the current password New Password Enter the new password We recommended that the password ...

Страница 122: ... user accounts from a CSV file STEP 1 In the Import User Name Password field click Browse STEP 2 Locate the file and click Open STEP 3 Click Import TYPE USERNAME PASSWORD ENABLE PPTP PPTP user 1 12345678 enable PPTP PPTP user 2 345123678 disable TYPE USERNAME PASSWORD VPNServer vpn user 1 12345678 VPNServer vpn user 2 33245678 TYPE USERNAME PASSWORD ACCESS_TIME guestnet guestnet user 1 12345678 14...

Страница 123: ...st Inactivity Timeout field enter the number in minutes before a session times out due to inactivity Choose Never to allow the administrator to stay logged in permanently STEP 4 Click Save Configuring Simple Network Management SNMP Simple Network Management Protocol SNMP lets you monitor and manage your router from an SNMP manager SNMP provides a remote means to monitor and control network devices...

Страница 124: ...our network administrator SysLocation Enter the physical location of the device For example Rack 2 4th Floor SysName Enter a name to identify your device easily For example RTR 141 UserName Select the account to configure admin or guest Access Privilege Displays the access privileges of the selected user account Security Level Choose the SNMPv3 security level No Authentication and No Privilege Doe...

Страница 125: ...llowing settings STEP 3 Click Save Authentication Password Enter the authentication password Privacy Algorithm Choose the type of privacy algorithm DES or AES Privacy Password Enter the privacy password IP Address Enter the IP address of the SNMP manager or trap agent Port Enter the SNMP trap port of the IP address to which the trap messages will be sent Community Enter the community string to whi...

Страница 126: ...domain name for example www cisco com To use PING STEP 1 Choose Administration Diagnostics Network Tools STEP 2 In the IP Address Domain Name field enter the device IP address or a fully qualified domain name such as www cisco com to ping STEP 3 Click Ping The ping results appear These results tell you if the device is reachable Using Traceroute The Traceroute utility displays all the routers pres...

Страница 127: ...Lookup The nslookup results appear Configuring Port Mirroring Port mirroring monitors network traffic by sending copies of all incoming and outgoing packets from one port to a monitoring port You can use port mirroring as a diagnostic or debugging tool especially when fending off an attack or viewing user traffic from LAN to WAN to see if users are accessing information or websites they are not su...

Страница 128: ...ration and security of the device or for debugging purposes Check the appropriate box to enable email alerts for the following events STEP 4 Click Add Row STEP 5 Configure the following settings WAN up down Sends an email when the WAN link is down and sends another email when the link is back up again Site to site IPsec VPN Tunnel up down Sends an email when the site to site IPsec VPN tunnel is do...

Страница 129: ...everity than the selected log type are automatically included and you cannot exclude them For example if you choose Error logs Emergency Alert and Critical are also selected The event severity levels are listed from the highest severity to the lowest severity Emergency System is not usable Alert Action is needed Critical System is in a critical condition Error System is in error condition Warning ...

Страница 130: ... E mail Logs Enable The minimum email log severity of logs that you want to capture appears To change this setting click Configure Severity STEP 4 Configure the following settings E mail Server Address Enter the address of the SMTP server This is the mail server associated with the email account that you have setup for example mail companyname com E mail Server Port Enter the SMTP server port If y...

Страница 131: ...from the drop down menu None LOGIN PLAIN and CRAM MD5 E mail Authentication Username Enter the email authentication username for example logging companyname com E mail Authentication Password Enter the email authentication password for example the password used to access the email account you have set up to which to send logs E mail Authentication Test Click Test to test email authentication Unit ...

Страница 132: ...lows devices present on the VLAN to discover Bonjour services available on the router such as HTTP HTTPS For example if a VLAN is configured with an ID of 2 devices and hosts present on VLAN 2 cannot discover Bonjour services running on the router unless Bonjour is enabled for VLAN 2 STEP 4 Click Save Configuring Date and Time Settings You can configure your time zone whether or not to adjust for ...

Страница 133: ...ime box This check box is dimmed if you click Manual in the Set Date and Time field Daylight Saving Mode If you choose By date enter the specific date when daylight saving mode starts If you choose Recurring enter the month week day of week and time when daylight saving time starts Enter the appropriate information in the From and To fields Daylight Saving Offset Choose the offset from Coordinated...

Страница 134: ...3 To download a backup file based on the selected configuration option click Download Startup configuration Select this option to download the startup configuration The Startup Configuration is the most current running configuration that the device uses If the router startup configuration has been lost use this page to copy the Backup Configuration to the Startup configuration and have all of thei...

Страница 135: ...TEP 5 Click Start to Upload The device uploads the configuration file and uses the settings it contains to update the Startup Configuration The device then restarts and uses the new configuration Copying the Configuration Settings Copy the Startup Configuration to the Backup Configuration to ensure that you have a backup copy in case you forget your username and password and get locked out of Devi...

Страница 136: ...Upgrade page CAUTION During a firmware upgrade do not try to go online turn off the device shut down the PC or interrupt the process in any way until the operation is complete This process takes about a minute including the reboot process Interrupting the upgrade process at specific points when the flash memory is being written to may corrupt it and render the router unusable Upgrading Firmware Au...

Страница 137: ...re Language Upgrade STEP 2 In the Manual Firmware Language Upgrade section click the Firmware Image radio button in the File Type field STEP 3 To upgrade to the latest firmware version choose one of the following options to upgrade from cisco com Download the firmware from the cisco com website PC Click Browse to locate and select the downloaded firmware on your computer STEP 4 Optional To reset t...

Страница 138: ...EP 4 Optional To restore the device configuration parameters to factory default values select Reset all configuration settings to factory defaults STEP 5 Click Start Upgrade Restarting the Device To restart the router STEP 1 Choose Administration Reboot STEP 2 Click Reboot Restoring the Factory Defaults CAUTION During a restore operation do not try to go online turn off the router shut down the PC...

Страница 139: ...storing the Factory Defaults Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 136 8 To restore factory defaults to the router STEP 1 Choose Administration Restore Factory Defaults STEP 2 Click Default ...

Страница 140: ...Managing Your Device Restoring the Factory Defaults Cisco RV130 RV130W Wireless Multifunction VPN Router Administration Guide 137 8 ...

Страница 141: ...upport tsd_cisco_small_ business_support_ center_contacts html Software Downloads Login Required Go to tools cisco com support downloads and enter the model number in the Software Search box Cisco Open Source Requests www cisco com go smallbiz_opensource_request Cisco Partner Central Partner Login Required www cisco com web partners sell smb Product Documentation Cisco RV130 RV130W Wireless Multif...

Отзывы:

Нет отзывов