background image

 

To specify the 

DMZ host

Enter the private IP address of the computer to be used as a DMZ host, and select the corre-
sponding check box.   

 

3.4.3.2. Static NAT Mappings 

 

Fig. 35. Static NAT mappings. 

An ISP may provide more than one 

public

 IP address to its customer. A customer could use each of 

the public IP addresses for one type of server to be accessed from the Internet. This requirement can 
be satisfied by 

Static NAT Mappings

. This functionality can be enabled only when the WIASA is in 

Router with a Static-IP DSL/Cable Connection

 mode. 

For example, say an ISP provides 5 public IP addresses, 61.16.33.114 to 61.16.33.118 inclusive, to its 
customer, WIASA Technology. The network administrator of WIASA Technology decides to use 
61.16.33.114 for the wireless broadband router, 61.16.33.115 for their public Web server, and 
61.16.33.116 for their public POP3 server. And the administrator has registered with InterNIC (Inter-
net Network Information Center) some domain name-to-IP address mappings—www.wiasa.com to 
61.16.33.115 and pop3.wiasa.com to 61.16.33.116. However, the public Web server and POP3 server 
for WIASA Technology sit on the intranet and use private IP addresses, 192.168.0.2 and 192.168.0.3, 
respectively. To expose the servers in this situation, the network administrator needs two static NAT 
mappings to associate 61.16.33.115 with 192.168.0.2 and 61.16.33.116 with 192.168.0.3, respec-
tively. 

To associate a public IP address with a private IP address: 

1. 

Specify the public IP address and the private IP address for the association. 

2. 

Select the corresponding 

Enabled

 check box. 

 

33

Содержание 520638

Страница 1: ...Wireless Broadband Switch Router Standard Pro Advanced Advanced User s Guide Version 2 10 Last Updated 01 17 2003 ...

Страница 2: ...he receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is con nected Consult the dealer or an experienced radio TV technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connecting to computer or peripheral devices Any changes ...

Страница 3: ...er special attention must be paid to the dangers of electric shock and static electricity when work ing with electrical equipment All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment EU Countries Intended for Use The ETSI version of this device is intended for home and office use in Austria Belgium Denmark Finland Fra...

Страница 4: ... Client Computers 15 2 6 2 Connecting the Wireless Broadband Switch Router to a Modem 15 2 7 Setting up Client Computers 16 2 7 1 Configuring IEEE 802 11b Related Settings 16 2 7 2 Configuring TCP IP Related Settings 16 2 8 Confirming the Settings of the Wireless Broadband Switch Router and Client Computers 17 2 8 1 Checking if the IEEE 802 11b Related Settings Work 17 2 8 2 Checking if the TCP IP...

Страница 5: ...42 3 6 1 Filters and Firewall 42 3 6 2 Management 44 Appendix A 46 A 1 Default Settings 46 A 2 LED Definitions 47 Appendix B Troubleshooting 49 B 1 Wireless Settings Problems 49 B 2 TCP IP Settings Problems 50 B 3 Unknown Problems 52 iv ...

Страница 6: ...install and configure a newly acquired wireless broadband switch router Following the steps the wireless broadband switch router can be quickly set up to work In Chapter 3 detailed explanations of each Web management page are given for the user to understand how to fine tune the settings of a wireless broadband router to meet his or her specific needs In the remainder of this guide a wireless broa...

Страница 7: ...from client computers to DNS servers on the Internet And DNS responses from the DNS serv ers can be forwarded back to the client computers Static DNS mappings The administrator can specify static FQDN Fully Quali fied Domain Name to IP address mappings Therefore a host on the internal network can access a server also on the intranet by a registered FQDN DHCP server The wireless router can automati...

Страница 8: ...filtering is performed by NAT URL filtering Preventing users from accessing unwelcome Web sites The HTTP HeperText Transfer Protocol traffic to the specified Web sites identified by URLs Uni versal Resource Locators is blocked WAN ICMP requests blocking Some DoS Denial of Service attacks are based on ICMP requests with large payloads Such kind of attacks can be blocked Stateful Packet Inspection S...

Страница 9: ...m log System events can be logged and viewed using a Web browser for troubleshooting purposes 4 Port Ethernet Switch The wireless broadband switch router provides a 4 port Ethernet switch so that a stand alone Ethernet hub switch is not necessary for connecting Ethernet client computers to the router Power over Ethernet optional Supplying power to a wireless broadband router over an Ethernet cable...

Страница 10: ...or PoE Power over Ethernet The wireless broadband router automatically selects the suitable one depend ing on your decision To power the wireless broadband switch router by the supplied power adapter 1 Plug the power adapter to an AC socket 2 Plug the connector of the power adapter to the power jack of the wireless broadband switch router NOTE This product is intended to be power supplied by a Lis...

Страница 11: ...computer For maintenance configuration of a deployed WIASA either a wireless com puter or a wired computer can be employed as the managing computer NOTE If you are using the browser Opera to configure a WIASA click the menu item File click Preferences click File types and edit the MIME type text html to add a file extension sht so that Opera can work properly with the Web management pages of the W...

Страница 12: ... s recommended that there are no other computers connected to the switch hub so that you can be 100 percent sure that the WIASA will be the DHCP server of the managing computer NOTE One connector of the Ethernet cable must be plugged into the LAN CONFIG Ethernet jack of the WIASA for configuration 2 4 1 2 Switch Router Connect the Ethernet managing computer to anyone of the LAN switch ports of the...

Страница 13: ...ess from the WIASA WinIPCfg exe is a GUI program and has command buttons for releasing the current IP address and re obtaining an IP address IPConfig exe is a com mand line program and the release option releases the current IP address and the renew option triggers the Windows DHCP client subsystem to re obtain an IP address NOTE By default the first assignable IP address of the DHCP server on the...

Страница 14: ...sword link to change the value of the password see Section 3 3 2 for more information TIP Since the start page shows the current settings and status of the WIASA it can be saved or printed within the Web browser for future reference On the start page click the ConfigWizard link to use a configuration wizard to quickly change the configuration of the WIASA Fig 5 The Start page 9 ...

Страница 15: ...ignment for the Ethernet WAN interface is achieved by PPPoE select Router with a PPPoE Based DSL Cable Connection If the WIASA is to be used with a DSL or cable modem and the IP address assignment for the Ethernet WAN interface is achieved by DHCP select Router with a DHCP Based DSL Cable Connection If the WIASA is to be used with a DSL or cable modem and the IP address of the Ethernet WAN interfa...

Страница 16: ...be in Router with a PPPoE Based DSL Cable Connection mode two IP addresses are needed one for the Ethernet wireless LAN interfaces and the other for the WAN in terface The IEEE 802 11b interface and the Ethernet LAN interface share the LAN IP address The LAN IP address must be set manually to a private IP address say 192 168 0 xxx The default LAN IP address is 192 168 0 1 and the default subnet ma...

Страница 17: ...ained automatically by DHCP from the ISP If you are using Tel stra BigPond cable based Internet service select the Connect with BigPond Cable check box and specify the User name Password and the IP address of your Login server which is provided by your ISP 2 5 3 4 Router with a Static IP DSL Cable Connection Fig 10 TCP IP settings for Router with a Static IP DSL Cable Connection mode If the WIASA ...

Страница 18: ...these default settings need no change As for the WAN IP address it is obtained automatically by PPP from the ISP Consult your ISP for the correct User name Password and Telephone number settings The WIASA automatically disconnects the PPP dial up connection after there has been no traffic to the Internet for a period specified by Idle disconnect time NOTE If Idle disconnect time is set to 0 the PP...

Страница 19: ... 13 Settings changes are highlighted in red Fig 14 Settings review On the final page you can review all the settings you have made Changes are highlighted in red If they are OK click Save Restart to apply the new settings Or you can go back to previous pages to 14 ...

Страница 20: ...net port of the switch hub to which all the Ethernet client computers have been connected 2 6 1 2 Switch Router To connect the switch router with Ethernet client computers 1 Plug one connector of a normal not crossover Ethernet cable to a LAN Ethernet switch port of the WIASA and the other connector to the Ethernet jack of the Ethernet NIC of a client com puter 2 If necessary use a normal Ethernet...

Страница 21: ... Mode SSID and WEP settings NOTE A client must be in infrastructure mode so that it can associate with a wireless access point or broadband router NOTE The SSID of the wireless client computer and the SSID of the WIASA must be identical Or in case the SSID broadcasts capability of the WIASA is enabled by default the SSID of the wire less client computer could be set to any NOTE Both the wireless c...

Страница 22: ... Check if the client computer is associated to an access point and the access point is the WIASA If the check fails see Appendix B 1 Wireless Settings Problems for troubleshooting 2 8 2 Checking if the TCP IP Related Settings Work To check if a client computer can access the Internet 1 Open a Windows Command Prompt window on the client computer 2 Type ping wiasa where wiasa is a placeholder for th...

Страница 23: ...nts on the WIASA work in conjunction with the print client components on a client computer and they communicate through TCP IP The print client components expose a vir tual communication port on the client computer so that on the client computer the driver of the printer must be configured to print to this virtual port When an application on the client computer is printing the print data is sent t...

Страница 24: ...he start page contains a menu for you to carry out commands Here is a brief descrip tion of the hyperlinks on the menu Home For going back to the start page ConfigWizard For you to quickly set up the WIASA Status Status information Wireless Clients The status of the wireless clients currently associated with the WI ASA DHCP Mappings Current IP MAC address mappings System Log System events log 19 ...

Страница 25: ...ess Control and RADIUS Remote Authentication Dial In User Service settings for better wireless security Advanced Advanced settings of the WIASA Filters Firewall Packet filtering and firewall settings for user access control and protection from hacker attacks from the Internet respectivel Management Remote Web based management UPnP and SNMP settings 3 1 2 Save Save Restart and Cancel Commands Fig 1...

Страница 26: ...esh Clicking Home brings you back to the start page Clicking Refresh updates the shown status information 3 2 Seeing Status 3 2 1 Associated Wireless Clients Fig 19 Status of associated wireless clients On this page the status information of each associated client including its MAC address IP address user name if the client has been IEEE 802 1x authenticated number of bytes it has send number of 2...

Страница 27: ...c mapping indicates that the DHCP client always obtains the specified IP address from the DHCP server You can set static DHCP mappings in the Static DHCP Mappings section of the DHCP Server configuration page see Section 3 4 4 A dynamic mapping indicates that the DHCP server chooses an IP address from the IP address pool specified by the First allocateable IP address and Allocateable IP address co...

Страница 28: ...connected to its Ethernet WAN interface The client computers can therefore share this DSL cable based Internet connection by the NAT server functionality The IP address of the Ethernet WAN interface is obtained automatically by DHCP from the ISP Router with a Static IP DSL Cable Connection In this mode the WIASA assumes that a DSL or cable modem is connected to its Ethernet WAN interface The clien...

Страница 29: ...WIASA 1 Get a computer that will be used as a TFTP server and as a managing computer to trigger the upgrade process 2 For a wireless broadband router connect the computer and the LAN CONFIG Ethernet port with a crossover Ethernet cable For a wireless broadband switch router connect the computer and one of the LAN Ethernet switch port with a normal Ethernet cable 3 Configure the IP address of the c...

Страница 30: ...work NOTE Due to the unreliable nature of wireless media it s highly recommended that the TFTP server and the to be upgraded WIASA be connected by Ethernet and on the same LAN so that the upgrade process would be smooth NOTE After the firmware is upgraded be sure to delete the contents of the Web browser cache so that the Web management pages can be shown correctly NOTE A failed upgrade may corrup...

Страница 31: ...IASA s configuration settings will be saved as AaBbCcDdEeFf hex by the TFTP server where AaBbCcDdEeFf is the WIASA s MAC address For example if the WIASA s MAC address is 00 01 02 33 44 55 the configura tion backup file will be 000102334455 hex NOTE Remember to select the Accept write requests check box of TFTP Server To restore the configuration of WIASA 1 Get a computer that will be used as a TF...

Страница 32: ...operational mode re quires different addressing settings 3 4 1 1 Simple Access Point Fig 27 TCP IP settings for Simple Access Point mode If the WIASA was set to be in Simple Access Point mode one IP address is needed This IP address can be manually set or automatically assigned by a DHCP server on the LAN If you are manually setting the IP address Subnet mask and Default gateway settings set them ...

Страница 33: ...ses these default set tings need no change As for the WAN IP address it is obtained automatically by PPPoE from the ISP Consult your ISP for the correct User name Password and Service name settings Custom MAC Address of WAN Interface enables you to change the MAC address of the Ethernet WAN interface Therefore if the ISP provided DSL or cable modem works only with the ISP provided Ethernet card fo...

Страница 34: ...he default subnet mask is 255 255 255 0 In most cases these default set tings need no change As for the WAN IP address it is obtained automatically by DHCP from the ISP If you are using Tel stra BigPond cable based Internet service select the Connect with BigPond Cable check box and specify the User name Password and the IP address of your Login server which is provided by the ISP Custom MAC Addre...

Страница 35: ...168 0 xxx The default LAN IP address is 192 168 0 1 and the default subnet mask is 255 255 255 0 In most cases these default set tings need no change As for the WAN IP address it must be manually set Consult your ISP for the correct IP address Default gateway Subnet mask Primary DNS server and Secondary DNS server settings Custom MAC Address of WAN Interface enables you to change the MAC address o...

Страница 36: ... ISP for the correct User name Password and Telephone number settings The WIASA automatically disconnects the PPP dial up connection after there has been no traffic to the Internet for a period specified by Idle disconnect time NOTE If Idle disconnect time is set to 0 the PPP dial up connection will not be disconnected The AT commands settings are for modem compatibility The default AT commands fo...

Страница 37: ...s For example an inter nal Web server for the intranet say 192 168 0 2 may be associated with the domain name www wiasa com To give an internal server a domain name 1 Specify the domain name and the private IP address of the internal server 2 Select the corresponding Enabled check box for the internal server 3 4 3 NAT Server 3 4 3 1 Basic Fig 34 Basic NAT server settings When the WIASA is in Route...

Страница 38: ...WIASA Technology decides to use 61 16 33 114 for the wireless broadband router 61 16 33 115 for their public Web server and 61 16 33 116 for their public POP3 server And the administrator has registered with InterNIC Inter net Network Information Center some domain name to IP address mappings www wiasa com to 61 16 33 115 and pop3 wiasa com to 61 16 33 116 However the public Web server and POP3 se...

Страница 39: ... preset internal servers 1 Select the corresponding Enabled check boxes for the kinds of servers FTP IMAP4 SMTP POP3 TELNET and HTTP you want to expose 2 Specify the private IP addresses of the internal servers To expose other internal servers 1 Specify the Service Name Private IP Address Port Number and whether the service is TCP based or UDP based for a non preset internal server you want to exp...

Страница 40: ...sses In most cases Default gateway and Primary DNS server should be set to the IP address of the WI ASA s LAN interfaces e g the default LAN IP address is 192 168 0 1 and Subnet mask is set to 255 255 255 0 NOTE There should be only one DHCP server on the LAN otherwise DHCP would not work prop erly If there is already a DHCP server on the LAN disable the DHCP server functionality of the WIASA 3 4 ...

Страница 41: ...D and Transmit power Fig 39 IEEE 802 11b communication settings For specific needs such as configuring the WIASA as a wireless LAN to LAN bridge the AP func tionality can be disabled so that no wireless client can associate with the WIASA The number of available RF channels depends on local regulations therefore you have to choose an appropriate regulatory domain to comply with local regulations T...

Страница 42: ...s as an access point for the notebook computers and it forwards packets sent from the notebook computers to AP 1 through WDS Then AP 1 forwards the packets to the Ethernet LAN Packets destined for the note book computers follow a reverse path from the Ethernet LAN through the APs to the notebook com puters In this way AP 2 plays a role of AP repeater NOTE A WIASA can have up to 6 WDS links to othe...

Страница 43: ...ASA When the Wireless client isolation setting is set to This AP only wireless clients of this WIASA as an AP cannot see each other and wireless to wireless traffic is blocked When the setting is set to All APs in this subnet traffic among wireless users of different APs in the same IP subnet is blocked This feature is useful for WLANs deployed in public places In this way hackers have no chance t...

Страница 44: ...The Authentication algo rithm setting is provided for better compatibility with wireless clients with various WLAN network adapters There are three options available including Open System Shared Key and Auto See Section 3 5 3 for more information about IEEE 802 1x NOTE Each field of a WEP key setting is a hex decimal number from 00 to FF For example when the security mode is set to 64 bit WEP you ...

Страница 45: ...tal certificate to the backend RADIUS server by EAPOL Extensible Authentication Protocol Over LAN The RADIUS server can record accounting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes The IEEE 802 1x functionality of the WIASA is controlled by the security mode see Section 3 5 1 1 So far the WIASA supports two auth...

Страница 46: ...IUS server after failing to communicate with the primary RADIUS server An IEEE 802 1x capable WIASA and its RADIUS server s share a secret key so that they can au thenticate each other In addition to its IP address a WIASA can identify itself by an NAS Network Access Server identifier Each IEEE 802 1x capable WIASA must have a unique NAS identifier Fig 46 IEEE 802 1x RADIUS settings TIP Refer to t...

Страница 47: ...cified in the Policy setting A rule is composed of 5 parts What to do if a packet meets this rule Action Protocol type All ICMP TCP UDP Source IP address range Source IP Address AND Source Subnet Mask Destination IP address range Destination IP Address AND Destination Subnet Mask Port ranges A source destination IP address range is determined by performing an AND operation on the source destinatio...

Страница 48: ...ckets based on a set of criteria for abnormal content Therefore SPI can detect hacker attacks and can summarily reject an attack if the packet fits a suspicious profile To enable SPI select the Enable SPI Stateful Packet Inspection check box Some DoS Denial of Service attacks are based on sending invalid ICMP request packets to hosts The WIASA can be set to not accept any ICMP requests on the Ethe...

Страница 49: ...the WAN interface of a WIASA is configured to be 61 16 33 113 the URL for managing this WIASA is http 61 16 33 113 8080 3 6 2 2 UPnP Fig 51 UPnP settings UPnP Universal Plug and Play enables a Windows XP user to automatically discover peripheral de vices by HTTP When the UPnP functionality is enabled you can see the WIASA in My Network Places of Windows XP The WIASA can be given a friend name that...

Страница 50: ... of traps Cold Start Warm Start Link Up Link Down and SNMP Authentication Failure NOTE SNMP Authentication Failure is issued when using an incorrect community string to manage the WIASA via SNMP and the SNMP MIB II OID snmpEnableAuthenTraps is enabled disabled by default To specify a trap target 1 Type the IP address of the target host 2 Type the Community for the host 3 Select the corresponding c...

Страница 51: ...the label on the housing of the WIASA Security Mode Open System Selected WEP Key Key 1 WEP Key 1 00 00 00 00 00 WEP Key 2 00 00 00 00 00 WEP Key 3 00 00 00 00 00 WEP Key 4 00 00 00 00 00 MAC Address Based Access Control Disabled Access Control Table Type Inclusive Wireless Client Isolation Disabled AP Load balancing Disabled WAN Interface Type Static IP DSL Cable Changeable MAC Address IEEE 802 11...

Страница 52: ... ICMP Request Blocking Disabled State Packet Inspection SPI Disabled Management Remote Web Based Management Disabled UPnP Enabled SNMP Enabled SNMP read community public SNMP write community private Telnet Enabled A 2 LED Definitions There are several LED indicators on the housing of a WIASA They are defined as follows Wireless Broadband Router PPP PPP PPPoE Lights up when a PPP or PPPoE link has ...

Страница 53: ...interface LNK Link Lights up when the Ethernet WAN interface is initialized successfully ACT Active Lights up when the Ethernet WAN interface is transmitting or receiving data 100 10 1 4 10 100 Ethernet LAN switch ports LNK Link Lights up when an Ethernet cable is connected firmly to this Ethernet port ACT Active Lights up when this Ethernet port is transmitting or receiving data 48 ...

Страница 54: ...n B 1 Wireless Settings Problems The wireless client computer cannot associate with an access point Is the wireless client set in infrastructure mode Check the operating mode of the WLAN NIC Is the SSID of the WLAN NIC identical to that of the prospective access point or WIASA Check the SSID setting of the WLAN NIC and of the WIASA Is the WEP functionality of the prospective access point or WIASA ...

Страница 55: ... client computer receives the DNS reply it knows the IP address of the correspondent host and sends further packets to this IP address As illustrated in Fig 53 the communication path could be broken at some of the stages The OS provided network diagnostic tool ping exe can be employed to find out TCP IP related commu nication problems NOTE If two or more NICs are installed and operating on a clien...

Страница 56: ...dress of the gateway in the same IP subnet Find out the answer on the start page of the Web Based Network Manager Is the NAT server functionality of the WIASA enabled Find out the answer on the start page of the Web Based Network Manager If you cannot find any incorrect settings of the WIASA the default gateway of the WIASA may be really down or there are other communication problems on the networ...

Страница 57: ...ault Web browser on your computer Fig 54 Wireless Router AP Browser The WIASA stops working and does not respond to Web management requests The firmware of the WIASA may be stuck in an incorrect state Press the Reset button on the housing of the WIASA or unplug the power connector from the power jack and then re plug the connector to restart the WIASA Contact our technical support representatives ...

Отзывы: