CONFIGURING THE BARRICADE Parameter Description Confirm Password Confirm password MTU Leave the Maximum Transmission Unit (MTU) at the default value unless instructed by your ISP 1483 Routing Parameter 4-26 Description IP Address Enter the IP address provided by your ISP. Subnet Mask Enter the subnet mask address provided by your ISP. Default Gateway Enter the gateway address provided by your ISP.
CONFIGURATION PARAMETERS PPPoE Parameter Description VPI/VCI Enter the Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI) supplied by your ISP. Encapsulation Select the encapsulation used by ISP from the drop-down menu. QoS Class ATM QoS classes including CBR, UBR and VBR PCR/SCR/MBS QoS Parameters - PCR, SCR and MBS are configurable. IP assigned by ISP Select yes, if your ISP assigns IP address dynamically.
CONFIGURING THE BARRICADE Parameter Description Confirm Password Confirm password MTU Leave the Maximum Transmission Unit (MTU) at the default value unless instructed by your ISP. IP Over RFC1483 bridged Parameter 4-28 Description IP Address Enter the IP address provided by your ISP. Subnet Mask Enter the subnet mask address provided by your ISP. Default Gateway Enter the gateway address provided by your ISP.
CONFIGURATION PARAMETERS Clone MAC Address Some ISPs require you to register your MAC address with them. If this is the case, and you have previously registered the MAC address of another device, the MAC address of the Barricade must be changed to the MAC address that you have registered with your ISP.
CONFIGURING THE BARRICADE DNS A Domain Name Server (DNS) is an index of IP addresses and Web addresses. If you type a Web address into your browser, such as www.smc.com, a DNS server will find that name in its index and find the matching IP address: xxx.xxx.xxx.xxx. Most ISPs provide a DNS server for speed and convenience. Since your Service Provider may connect to the Internet with dynamic IP settings, it is likely that the DNS server IP's are also provided dynamically.
CONFIGURATION PARAMETERS LAN The LAN settings menu allows you to change the default IP address of the Barricade, modify the DHCP server settings. Parameter Description LAN IP IP Address The IP address of the Barricade. IP Subnet Mask The subnet mask of the Barricade. DHCP Server This option allows you to enable or disable the DHCP server function. By default DHCP is enabled. Lease Time Allows you to select a pre-defined lease time for IP addresses assigned using DHCP.
CONFIGURING THE BARRICADE Wireless The router also operates as a wireless access point, allowing wireless computers to communicate with each other. To configure this function, all you need to do is enable the wireless function, define the radio channel, the domain identifier, and the security options. • 4-32 Enable or disable Wireless module function: select to enable or disable the wireless function.
CONFIGURATION PARAMETERS Channel and SSID You must specify a common radio channel and SSID (Service Set ID) to be used by the router and all of its wireless clients. Be sure you configure all of its clients to the same values. Parameter Description SSID This is the Service Set ID. The SSID must be the same on the router and all of its wireless clients. SSID Broadcast Select to enable/disable the brocasting of SSID. Enable this function for easy connection for the clients.
CONFIGURING THE BARRICADE Parameter Description Bandwidth Select the bandwidth: •20 MHz: Sets the operation bandwidth as 20 MHz. when 20 MHz is selected, there would be no extension channel available. •20/40 MHz: Allows automatic detection of the operation bandwidth between 20 and 40 MHz. Choosing this mode allows you to use the extension channel. Extension Channel This is the optional channel for use.
CONFIGURATION PARAMETERS Access Control Using the Access Control functionality, you can restrict access based on MAC address. Each PC has a unique identifier known as a Medium Access Control (MAC) address. With MAC filtering enabled, the computers whose MAC address you have listed in the filtering table will be able to connect (or will be denied access) to the router. • Enable MAC Filtering: select to enable or disable this function.
CONFIGURING THE BARRICADE Security To make your wireless network safe, you should turn on the security function. Allowed Client Type: 4-36 • No WEP, No WPA - this means no security mechanism will be used on your wireless network. • WEP only - this menas only WEP will be used for your wireless communication. • WPA only - this means only WPA will be used for the wireless network.
CONFIGURATION PARAMETERS WEP Parameter Description WEP Mode Select 64 bit, or 128 bit. Key Entry Method Select Hex, or ASCII. Key Provisioning Select Static, or Dynamic. If you select Static, you will need to configure the Static WEP Key Setting section. If you choose Dynamic, then 802.1X authentication should be enabled. To automatically generate encryption keys using the passphrase function, when Key Entry Method is set to Hex, enter a string into the passphrase field, then click Generate.
CONFIGURING THE BARRICADE WPA Wi-Fi Protected Access (WPA) combines temporal key integrity protocol (TKIP) and 802.1X mechanisms. It provides dynamic key encryption and 802.1X authentication service. The router supports both WPA and WPA2. Parameter Description WPA mode Select WPA, WPA2 or mixed mode. Cypher suite Select the encryption cypher for use. Authentication Choose 802.1X or Pre-shared Key to use as the authentication method. •802.1X: for the enterprise network with a RADIUS server.
CONFIGURATION PARAMETERS 802.1X If 802.1X is used in your network, then you should enable this function for the router. Parameter Description 802.1X authentication Choose to enable or disable this function. Session Idle Timeout Defines a maximum period of time for which the connection is maintained during inactivity. Re-Authentication Period Defines a maximum period of time for which the authentication server will dynamically re-assign a session key to a connected client.
CONFIGURING THE BARRICADE Parameter Description Secret Key The secret key shared between the authentication server and its clients. NAS-ID Defines the request identifier of the Network Access Server. WPS (Wi-Fi Protected Setup) The Barricade was implemented with the ease-of-use Wi-Fi Protected Setup (WPS). WPS makes a secure wireless network much easier to achieve by using a PIN number and the Push Button Control (PBC). 4-40 • Enable or disable WPS features: select to enable or disable.
CONFIGURATION PARAMETERS PIN Enter the PIN of the client device and click Start PIN. Then start WPS on the client device from it's wireless utility or WPS application within 2 minutes. Take the following steps for easy network security settings. 1. Power on your client device supporting WPS PIN code method. 2. Start WPS PIN process on client device. For instructions on how to do this refer to the client devices user manual. 3. Enter the PIN code of client device.
CONFIGURING THE BARRICADE PBC (Push Button Configuration) To achieve successful WPS connection, you can use one of the following ways: (1) push and hold the WPS button on this router for 4 seconds or (2) click the Start PBC button on this screen. Now click the WPS button on the client device which you are connecting. Make sure the client device is powered on. Note: This connection procedure must be done within 2 minutes after pressing the WPS button on the router.
CONFIGURATION PARAMETERS Manual For client devices without the WPS function, you should manually configure the client device with the settings on this screen.
CONFIGURING THE BARRICADE NAT Network Address Translation (NAT) allows multiple users to access the Internet sharing one public IP. • 4-44 Enable or disable NAT module function: select to enable or disable this function.
CONFIGURATION PARAMETERS Address Mapping Allows one or more public IP addresses to be shared by multiple internal users. This also hides the internal network for increased privacy and security. • Enter the Public IP address you wish to share into the Global IP field. • Enter a range of internal IPs that will share the global IP into the “from” field.
CONFIGURING THE BARRICADE Virtual Server If you configure the Barricade as a virtual server, remote users accessing services such as web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addresses. In other words, depending on the requested service (TCP/UDP port number), the Barricade redirects the external service request to the appropriate server (located at another internal IP address).
CONFIGURATION PARAMETERS Special Application Some applications require multiple connections, such as Internet gaming, video-conferencing, and Internet telephony. These applications may not work when Network Address Translation (NAT) is enabled. If you need to run applications that require multiple connections, use these screens to specify the additional public ports to be opened for each application. • Use the Popular applications drop down menu to quickly copy the entry to the table.
CONFIGURING THE BARRICADE NAT Mapping Table This screen displays the current NAPT (Network Address Port Translation) address mappings. Click Refresh to update the table.
CONFIGURATION PARAMETERS Routing These screens define routing related parameters, including static routes and RIP (Routing Information Protocol) parameters. Static Route Parameter Description Index Check the box of the route you wish to delete or modify. Network Address Enter the IP address of the remote computer for which to set a static route. Subnet Mask Enter the subnet mask of the remote network for which to set a static route.
CONFIGURING THE BARRICADE RIP Parameter Description General RIP Parameters RIP mode Globally enables or disables RIP. Auto summary If Auto summary is disabled, then RIP packets will include sub-network information from all sub-networks connected to the router. If enabled, this sub-network information will be summarized to one piece of information covering all sub-networks. Table of current Interface RIP parameter Interface The WAN interface to be configured.
CONFIGURATION PARAMETERS Parameter Poison Reverse Authentication Required Authentication Code Description A method for preventing loops that would cause endless retransmission of data traffic. • None: No authentication. • Password: A password authentication key is included in the packet. If this does not match what is expected, the packet will be discarded. This method provides very little security as it is possible to learn the authentication key by watching RIP packets.
CONFIGURING THE BARRICADE Routing Table Parameter Description Flags Indicates the route status: C = Direct connection on the same subnet. S = Static route. R = RIP (Routing Information Protocol) assigned route. I = ICMP (Internet Control Message Protocol) Redirect route. Network Address Destination IP address. Netmask The subnetwork associated with the destination. This is a template that identifies the address bits in the destination address used for routing to specific subnets.
CONFIGURATION PARAMETERS Firewall The Barricade Router’s firewall inspects packets at the application layer, maintains TCP and UDP session information including time-outs and the number of active sessions, and provides the ability to detect and prevent certain types of network attacks. Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. DoS attacks are aimed at devices and networks with a connection to the Internet.
CONFIGURING THE BARRICADE Access Control Access Control allows users to define the outgoing traffic permitted or not-permitted through the WAN interface. The default is to permit all outgoing traffic. 4-54 Parameter Description Enable Filtering Function Enable or Disable Access control function. Normal Filtering Table Displays descriptive list of filtering rules defined.
CONFIGURATION PARAMETERS To create a new access control rule: 1. Click Add PC on the Access Control screen. The Access Control Add PC screen will appear. 2. Define the appropriate rule settings for client PC services. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BARRICADE MAC Filter The MAC Filter allows you to define what client PC's can access the Internet. When filtering function is enabled only the MAC addresses defined in the MAC Filtering table will have access to the Internet. All other client devices will be denied access. You can enter up to 32 MAC addresses in this table. 4-56 • MAC Address Control: select enable or disable. • MAC Filtering Table: enter the MAC address in the space provided.
CONFIGURATION PARAMETERS URL Blocking The Barricade allows the user to block access to web sites by entering either a full URL address or just a keyword. This feature can be used to protect children from accessing violent or pornographic web sites. You can define up to 30 sites here.
CONFIGURING THE BARRICADE Schedule Rule You may filter Internet access for local clients based on rules. Each access control rule may be activated at a scheduled time. Define the schedule on the Schedule Rule screen, and apply the rule on the Access Control screen.
CONFIGURATION PARAMETERS Follow these steps to add a schedule rule: 1. Click Add Schedule Rule on the Schedule Rule screen. The Edit Schedule Rule screen will appear. 2. Define the appropriate settings for a schedule rule. 3. Click OK and then click SAVE SETTINGS to save your settings.
CONFIGURING THE BARRICADE Intrusion Detection • Intrusion Detection Feature Stateful Packet Inspection (SPI) and Anti-DoS firewall protection (Default: Enabled) — The Intrusion Detection Feature of the Barricade Router limits access for incoming traffic at the WAN port. When the SPI feature is turned on, all incoming packets will be blocked except for those types marked in the Stateful Packet Inspection section.
CONFIGURATION PARAMETERS 4-61
CONFIGURING THE BARRICADE • Stateful Packet Inspection This is called a “stateful” packet inspection because it examines the contents of the packet to determine the state of the communications; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions.
CONFIGURATION PARAMETERS • Connection Policy Enter the appropriate values for TCP/UDP sessions as described in the following table. Parameter Defaults Description Fragmentation half-open wait 10 sec Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet.
CONFIGURING THE BARRICADE • DoS Criteria and Port Scan Criteria Set up DoS and port scan criteria in the spaces provided (as shown below). Parameter Defaults Description Total incomplete TCP/UDP sessions HIGH 300 sessions Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions. Total incomplete TCP/UDP sessions LOW 250 sessions Defines the rate of new unestablished sessions that will cause the software to stop deleting halfopen sessions.
CONFIGURATION PARAMETERS DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only use this option as a last resort.
CONFIGURING THE BARRICADE SNMP Use the SNMP configuration screen to display and modify parameters for the Simple Network Management Protocol (SNMP). • 4-66 Select the SNMP Operation mode from the drop down menu.
CONFIGURATION PARAMETERS Community A computer attached to the network, called a Network Management Station (NMS), can be used to access this information. Access rights to the agent are controlled by community strings. To communicate with the Barricade, the NMS must first submit a valid community string for authentication. Parameter Description Community A community name authorized for management access. Access Management access is restricted to Read Only (Read) or Read/Write (Write).
CONFIGURING THE BARRICADE Trap Specify the IP address of the NMS to notify when a significant event is detected by the agent. When a trap condition occurs, the SNMP agent sends an SNMP trap message to any NMS specified as a trap receiver. Parameter Description IP Address Traps are sent to this address when errors or specific events occur on the network. Community A community string (password) specified for trap management.
CONFIGURATION PARAMETERS UPnP The Universal Plug and Play architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPnP enables seamless proximity network in addition to control and data transfer among networked devices in the office, home and everywhere within your network.
CONFIGURING THE BARRICADE ADSL ADSL (Asymmetric Digital Subscriber Line) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. This section is used to configure the ADSL operation type and shows the ADSL status. ADSL Parameters This screen is designed for the engineer to test the ADSL loop condition. Therefore, it is advised that users should not change the settings here at all. Parameter Operation Mode 4-70 Description • Automatic • T1.
CONFIGURATION PARAMETERS ADSL Status The Status screen displays information on connection line status, data rate, operation data and defect indication, and statistics. Parameter Description Status Line Status Shows the current status of the ADSL line connection. Data Rate Upstream Maximum upstream data rate. Downstream Maximum downstream data rate. Operation Data/Defect Indication Noise Margin Maximum upstream and downstream noise margin. Output Power Maximum fluctuation in the output power.
CONFIGURING THE BARRICADE Parameter Description Fast Path FEC Correction There are two latency paths that may be used: fast and interleaved. For either path, a forward error correction (FEC) scheme is employed to ensure higher data integrity. For maximum noise immunity, an interleaver may be used to supplement FEC. Interleaved Path FEC Correction An interleaver is basically a buffer used to introduce a delay, allowing for additional error correction techniques to handle noise.
CONFIGURATION PARAMETERS DDNS Dynamic Domain Name Service (DDNS) provides users on the Internet with a method to tie their domain name to a computer or server. DDNS allows your domain name to follow your IP address automatically by having your DNS records changed when your IP address changes. This DNS feature is powered by DynDNS.org or NO-IP.com or TZO.com. With a DDNS connection you can host your own web site, email server, FTP site, and more at your own location even if you have a dynamic IP address.
CONFIGURING THE BARRICADE Tools Use the Tools menu to ping, trace route, backup the current configuration, restore a previously saved configuration, update firmware, and reset the Barricade. Ping Utility This tool allows you to test your network connection. You can specify a domain name or a valid IP address of the remote host for ping test. • 4-74 Enter the address in the Destination address field, then click Execute. The result will show in the Test Result area.
CONFIGURATION PARAMETERS Trace Route Utility Traceroute is a TCP/IP utility which allows the user to determine the route packets take to reach a particular host. • Enter the information in the IP Address or Domain Name field, and click the Traceroute button.
CONFIGURING THE BARRICADE Configuration Tools Choose a function and click Next. 4-76 • Backup Router Configuration: this allows you to save the Barricade’s configuration to a file. • Restore from saved Configuration file: this function is used to restore the previously saved backup configuration file. • Restore router to Factory Defaults: this resets the Barricade back to the original default settings.
CONFIGURATION PARAMETERS Firmware Upgrade Use this screen to update the firmware or user interface to the latest versions. 1. Download the upgrade file from the SMC web site first, and save it to your hard drive. 2. Then click Browse... to look for the downloaded file. Click BEGIN UPGRADE. Check the Status screen Information section to confirm that the upgrade process was successful.
CONFIGURING THE BARRICADE Reset Click REBOOT ROUTER to reset the Barricade. The reset will be complete when the power LED stops blinking. If you perform a reset from this screen, the configurations will not be changed back to the factory default settings. Note: If you use the Reset button on the back panel, the Barricade performs a power reset. If the button is pressed for over 10 seconds, all the LEDs will illuminate and the factory default settings will be restored.
CONFIGURATION PARAMETERS Status The Status screen displays WAN/LAN connection status, firmware, and hardware version numbers, illegal attempts to access your network, as well as information on DHCP clients connected to your network. The security log may be saved to a file by clicking Save and choosing a location. Scroll down to view more information on the Status screen.
CONFIGURING THE BARRICADE 4-80
CONFIGURATION PARAMETERS The following items are included on the Status screen: Parameter Description INTERNET Displays WAN connection type and status. Release Renew GATEWAY Click on this button to disconnect from the WAN. Click on this button to establish a connection to the WAN. Displays system IP settings, as well as DHCP Server and Firewall status.
CONFIGURING THE BARRICADE Finding the MAC address of a Network Card Windows 2000/XP Click Start/Programs/Command Prompt. Type “ipconfig /all” and press “ENTER”. The MAC address is listed as the “Physical Address.” Macintosh Click System Preferences/Network. The MAC address is listed as the “Ethernet Address” on the TCP/IP tab. Linux Run the command “/sbin/ifconfig.” The MAC address is the value after the word “HWaddr.
APPENDIX A TROUBLESHOOTING This section describes common problems you may encounter and possible solutions to them. The Barricade can be easily monitored through panel indicators to identify problems. Troubleshooting Chart Symptom Action LED Indicators Power LED is Off • Check connections between the Barricade, the external power supply, and the wall outlet.
TROUBLESHOOTING Troubleshooting Chart Symptom Action LED Indicators Link LED is Off • Verify that the Barricade and attached device are powered on. • Be sure the cable is plugged into both the Barricade and the corresponding device. • Verify that the proper cable type is used and that its length does not exceed the specified limits. • Be sure that the network interface on the attached device is configured for the proper communication speed and duplex mode.
TROUBLESHOOTING Troubleshooting Chart Symptom Action Management Problems Cannot connect using the web browser Forgot or lost the password • Be sure to have configured the Barricade with a valid IP address, subnet mask, and default gateway. • Check that you have a valid network connection to the Barricade and that the port you are using has not been disabled. • Check the network cabling between the management station and the Barricade.
APPENDIX B CABLES Ethernet Cable Caution: DO NOT plug a phone jack connector into any RJ-45 port. Use only twisted-pair cables with RJ-45 connectors that conform with FCC standards. Specifications Cable Types and Specifications Cable Type Max. Length Connector 10BASE-T Cat. 3, 4, 5 100-ohm UTP 100 m (328 ft) RJ-45 100 m (328 ft) RJ-45 100BASE-TX Cat. 5 100-ohm UTP Wiring Conventions For Ethernet connections, a twisted-pair cable must have two pairs of wires.
CABLES Each wire pair must be attached to the RJ-45 connectors in a specific orientation. The following figure illustrates how the pins on an Ethernet RJ-45 connector are numbered. Be sure to hold the connectors in the same orientation when attaching the wires to the pins. Figure B-1. RJ-45 Ethernet Connector Pin Numbers RJ-45 Port Connection Use the straight-through CAT-5 Ethernet cable provided in the package to connect the Barricade to your PC.
ETHERNET CABLE Pin Assignments With 100BASE-TX/10BASE-T cable, pins 1 and 2 are used for transmitting data, and pins 3 and 6 for receiving data. RJ-45 Pin Assignments Pin Number Assignment1 1 Tx+ 2 Tx- 3 Rx+ 6 Rx- 1: The “+” and “-” signs represent the polarity of the wires that make up each wire pair. Straight-Through Wiring If the port on the attached device has internal crossover wiring (MDI-X), then use straight-through cable.
CABLES Crossover Wiring If the port on the attached device has straight-through wiring (MDI), use crossover cable.
ADSL CABLE ADSL Cable Use standard telephone cable to connect the RJ-11 telephone wall outlet to the RJ-11 ADSL port on the ADSL Router. Caution: Do not plug a phone jack connector into an RJ-45 port. Specifications Cable Types and Specifications Cable Type Connector ADSL Line Standard Telephone Cable RJ-11 Wiring Conventions For ADSL connections, a cable requires one pair of wires. Each wire is identified by different colors. For example, one wire might be red and the other, red with white stripes.
Blue/White White/Blue White/Orange Blue/White White/Blue Orange/White Black Red Green Yellow CABLES R1 T1 T2 R1 T1 R2 T2 R1 T1 R2 123456 123456 123456 6x2 Jack 6x4 Jack 6x4 Jack T = Tip Pin Signal Name 1 Not used 2 Line 2 Tip Black or White/Orange 3 Line 1 Ring Red or Blue/White 4 Line 1 Tip Green or White/Blue 5 Line 2 Ring Yellow or Orange/White 6 Not used Figure B-3.
APPENDIX C SPECIFICATIONS Physical Characteristics Ports Four 10/100Mbps RJ-45 ports One ADSL port (RJ-11) ADSL Features Supports DMT line modulation Supports Annex A Full-Rate ADSL: up to 8 Mbps downstream, up to 1 Mbps upstream (G.992.1 &T1.413, Issue 2) and ADSL2 (G.992.3) and ADSl2+ (G.992.5) Supports G.Lite ADSL: up to 1.
SPECIFICATIONS Security Features Password protected configuration access User authentication (PAP/CHAP) with PPP Firewall NAT NAPT VPN pass through (IPSec-ESP Tunnel mode,L2TP, PPTP) LAN Features IEEE 802.
SPECIFICATIONS Wireless Frequency Band 802.11b/g/n Radio: 2.4 GHz USA - FCC 2412~2462 MHz (Ch1~Ch11) Europe - ETSI 2412~2472 MHz (Ch1~Ch13) France 2457~2472 MHz (Ch10~Ch13) Modulation Technology: DSSS, OFDM Operating Channels: IEEE 802.11b compliant: 11 channels (US, Canada) 13 channels (ETSI) 4 channels (France) IEEE 802.11g compliant: 11 channels (US, Canada) 13 channels (Europe) IEEE draft 802.11n 20MHz compliant: 11 channels (US, Canada) 13 channels (Europe) IEEE draft 802.
SMC7904WBRA-N SMCWBR11-G
