Wireless LAN Device Series CPE2615 User Manual v20070520
Preface This guide is for the networking professional who installs and manages the CPE2615 product hereafter referred to as the “device”. To use this guide, you should have experience working with the TCP/IP configuration and be familiar with the concepts and terminology of wireless local area networks.
Ch 1.
The device provides 3 different operation modes and the wireless radio of device can act as AP/Client/WDS. The operation mode is about the communication mechanism between the wired Ethernet NIC and wireless NIC, the following is the types of operation mode. Router The wired Ethernet (WAN) port is used to connect with ADSL/Cable modem and the wireless NIC is used for your private WLAN.
The device provides 3 different operation modes and the wireless radio of device can act as AP/Client/WDS. The operation mode is about the communication mechanism between the wired Ethernet NIC and wireless NIC, the following is the types of operation mode. Router The wired Ethernet (WAN) port is used to connect with ADSL/Cable modem and the wireless NIC is used for your private WLAN.
WDS (Wireless Distribution System) This mode serves as a wireless repeater; the device forwards the packets to another AP with WDS function. When this mode is selected, all the wireless clients can’t survey and connect to the device. The device only allows the WDS connection. WDS+AP This mode combines WDS plus AP modes, it not only allows WDS connections but also the wireless clients can survey and connect to the device.
Basic Settings Disable Wireless LAN Interface: Disable the wireless interface of device Band: The device supports 2.4GHz(B), 2.4GHz(G) and 2.4GHz(B+G) mixed modes. Mode: The radio of device supports different modes as following: * AP : The radio of device acts as an Access Point to serves all wireless clients to join a wireless local network. * Client : Support Infrastructure and Ad-hoc network types to act as a wireless adapter.
Infrastructure : This type requires the presence of 802.11b/g Access Point. All communication is done via the Access Point. Ad Hoc : This type provides a peer-to-peer communication between wireless stations. All the communication is done from Client to Client without any Access Point involved. Ad Hoc networking must use the same SSID and channel for establishing the wireless connection. In client mode, the device can’t support the Router mode function including Firewall and WAN settings.
SSID : The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access point/bridges on a network or sub-network can use the same SSID. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. Do not include spaces in your SSID. Channel Number : The following table is the available frequencies (in MHz) for the 2.4-GHz radio: When set to “Auto”, the device will find the least-congested channel for use.
Advanced Settings Authentication Type The device supports two Authentication Types “Open system” and “Shared Key”. When you select “Share Key”, you need to setup “WEP” key in “Security” page (See the next section). The default setting is “Auto”. The wireless client can associate with the device by using one of the two types. Fragment Threshold The fragmentation threshold determines the size at which packets are fragmented (sent as several pieces instead of as one block).
Int. Roaming This function will let Wireless Stations roam among a network environment with multiple devices. Wireless Stations are able to switch from one device to another as they move between the coverage areas. Users can have more wireless working range. An example as the following figure. You should comply with the following instructions to roam among the wireless coverage areas. Note : For implementing the roaming function, the setting MUST comply the following two items.
Configuring Wireless Security This device provides complete wireless security function include WEP, 802.1x, WPA-TKIP, WPA2-AES and WPA2-Mixed in different mode (see the Security Support Table). The default security setting of the encryption function is disabled. Choose your preferred security setting depending on what security function you need. WEP Encryption Setting Wired Equivalent Privacy (WEP) is implemented in this device to prevent unauthorized access to your wireless network.
When you decide to use the WEP encryption to secure your WLAN, please refer to the following setting of the WEP encryption: 64-bit WEP Encryption : 64-bit WEP keys are as same as the encryption method of 40-bit WEP. You can input 10 hexadecimal digits (0~9, a~f or A~F) or 5 ACSII chars. 128-bit WEP Encryption:128-bit WEP keys are as same as the encryption method of 104-bit WEP. You can input 26 hexadecimal digits (0~9, a~f or A~F) or 10 ACSII chars.
WEP Encryption with 802.1x Setting The device supports external RADIUS Server that can secure networks against unauthorized access. If you use the WEP encryption, you can also use the RADIUS server to check the admission of the users. By this way every user must use a valid account before accessing the Wireless LAN and requires a RADIUS or other authentication server on the network. An example is shown as following. You should choose WEP 64 or 128 bit encryption to fit with your network environment first.
WPA Encryption Setting WPA feature provides a high level of assurance for end-users and administrators that their data will remain private and access to their network restricted to authorized users. You can choose the WPA encryption and select the Authentication Mode. WPA Authentication Mode This device supports two WPA modes. For personal user, you can use the Pre-shared Key to enhance your security setting. This mode requires only an access point and client station that supports WPA-PSK.
Configuring as WLAN Client Adapter This device can be configured as a wireless Ethernet adapter. In this mode, the device can connect to the other wireless stations (Ad-Hoc network type) or Access Point (Infrastructure network type) and you don’t need to install any driver. Quick start to configure Step 1. In “Basic Settings” page, change the Mode to “Client” mode. And key in the SSID of the AP you want to connect then press “Apply Changes” button to apply the change.
Step 2. Check the status of connection in “Status” web page The alternative way to configure as following: Step 1. In “Wireless Site Survey” page, select one of the SSIDs you want to connect and then press “Connect” button to establish the link.
Step 2. If the linking is established successfully. It will show the message ”Connect successfully”. Then press “OK”. Step 3. Then you can check the linking information in “Status” page. Note: If the available network requires authentication and data encryption, you need to setup the authentication and encryption before step1 and all the settings must be as same as the Access Point or Station. About the detail authentication and data encryption settings, please refer the security section.
Authentication Type In client mode, the device also supports two Authentication Types “Open system” and “Shared Key”. Although the default setting is “Auto”, not every Access Points can support “Auto” mode. If the authentication type on the Access Point is knew by user, we suggest to set the authentication type as same as the Access Point. Data Encryption In client mode, the device supports WEP and WPA Personal/Enterprise except WPA2 mixed mode data encryption.
Ch 3. Configuring WDS Wireless Distribution System (WDS) uses wireless media to communicate with the other devices, like the Ethernet does. This function allows one or more remote LANs connect with the local LAN. To do this, you must set these devices in the same channel and set MAC address of other devices you want to communicate with in the WDS AP List and then enable the WDS. When you decide to use the WDS to extend your WLAN, please refer the following instructions for configuration. 1.
Bus topology: Star topology: 21
Ring topology: 22
Mesh topology: 23
WDS Application Wireless Repeater Wireless Repeater can be used to increase the coverage area of another device (Parent AP). Between the Parent AP and the Wireless Repeater, wireless stations can move among the coverage areas of both devices. When you decide to use the WDS as a Repeater, please refer the following instructions for configuration. ※ In AP mode, enable the WDS function. ※ You must set these connected devices with the same radio channel and SSID. Choose “WDS+AP” mode.
* In AP mode, enable the WDS function. * You must set these connected devices with the same radio channel, but you may use different SSID. * Choose “WDS” mode for only wireless backbone extension purpose. * You can use any network topology, please refer the WDS topology section.
Ch 4. Advanced Configurations Configuring LAN to WAN Firewall Filtering function is used to block packets from LAN to WAN. The device supports three kinds of filter Port Filtering, IP Filtering and MAC Filtering. All the entries in current filter table are used to restrict certain types of packets from your local network to through the device. Use of such filters can be helpful in securing or restricting your local network.
IP Filtering When you enable the IP Filtering function, you can specify local IP Addresses in current filter table. Once the source IP address of outgoing packets match the IP Addresses in the table, the firewall will block this packet from LAN to WAN. MAC Filtering When you enable the MAC Filtering function, you can specify the MAC Addresses in current filter table. Once the source MAC Address of outgoing packets match the MAC Addresses in the table, the firewall will block this packet from LAN to WAN.
Configuring Port Forwarding (Virtual Server) This function allows you to automatically redirect common network services to a specific machine behind the NAT firewall. These settings are only necessary if you wish to host some sort of server like a web server or mail server on the private local network behind the device's NAT firewall. The most often used port numbers are shown in the following table.
Multiple Servers behind NAT Example: In this case, there are two PCs in the local network accessible for outside users. Configuring DMZ A Demilitarized Zone is used to provide Internet services without sacrificing unauthorized access to its local private network. Typically, the DMZ host contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers. So that all inbound packets will be redirected to the computer you set.
Enable DMZ: Enable the “Enable DMZ”, and then click “Apply Changes” button to save the changes. DMZ Host IP Address: Input the IP Address of the computer that you want to expose to Internet.
Configuring WAN Interface The device supports four kinds of IP configuration for WAN interface, including Static IP, DHCP Client, PPPoE and PPTP. You can select one of the WAN Access Types depend on your ISP required. The default WAN Access Type is “Static IP”. Static IP You can get the IP configuration data of Static-IP from your ISP. And you will need to fill the fields of IP address, subnet mask, gateway address, and one of the DNS addresses.
IP Address: Subnet Mask: The Internet Protocol (IP) address of WAN interface provided by your ISP or MIS. The address will be your network identifier besides your local network. The number used to identify the IP subnet network, indicating whether the IP address can be recognized on the LAN or if it must be reached hrough a gateway. Default Gateway: The IP address of Default Gateway provided by your ISP or MIS.
DHCP Client (Dynamic IP) All IP configuration data besides DNS will obtain from the DHCP server when DHCP-Client WAN Access Type is selected. DNS1~3: The IP addresses of DNS provided by your ISP. DNS (Domain Name Server) is used to map domain names to IP addresses. DNS maintain central lists of domain name/IP addresses and map the domain names in your Internet requests to other servers on the Internet until the specified web site is found.
PPPoE When the PPPoE (Point to Point Protocol over Ethernet) WAN Access Type is selected, you must fill the fields of User Name, Password provided by your ISP. The IP configuration will be done when the device successfully authenticates with your ISP. User Name: The account provided by your ISP Password: The password for your account.
ISP ”On-Demand” : Automatically connect to ISP when user need to access the Internet. Idle Time: The number of inactivity minutes to disconnect from ISP. This setting is only available when “Connect on Demand” connection type is selected. MTU Size: Maximum Transmission Unit, 1412 is the default setting, you may need to change the MTU for optimal performance with your specific ISP. DNS1~3: The IP addresses of DNS provided by your ISP. DNS (Domain Name Server) is used to map domain names to IP addresses.
PPTP Point to Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe only. IP Address: The Internet Protocol (IP) address of WAN interface provided by your ISP or MIS. The address will be your network identifier besides your local network. Subnet Mask: The number used to identify the IP subnet network, indicating whether the IP address can be recognized on the LAN or if it must be reached through a gateway.
Configuring DHCP Server 1. To use the DHCP server inside the device, please make sure there is no other DHCP server existed in the same network as the device. 2. Enable the DHCP Server option and assign the client range of IP addresses as following page. 3. When the DHCP server is enabled and also the device router mode is enabled then the default gateway for all the DHCP client hosts will set to the IP address of device. Traffic Control This functionality can control Traffic of Up/Downstream 1.
the specific field.
Firmware Upgrade Upgrading Firmware The Web-Browser upgrading interface is the simplest and safest way for user, it will check the firmware checksum and signature, and the wrong firmware won’t be accepted.
Saving & Restoring Configuration Data To save & restore configuration data of device, just assign the target filename with full path at your local host, then you can backup configuration data to local host or restore configuration data to the device.
HOW To List for all detail control and script ※ HOW TO USE BANDWIDTH CONTROL NOTE: This control uses QoS with HTB. Bandwidth control it's done through Traffic Control menu, via web interface or via /etc/cbu.conf file. You can limit all traffic via Interface control or you can control via IP and/or MAC basis. Further more, you can create QoS groups and share the group rate amoung the members of that group. You can as well, guarantee minimum rate for group member.
※ HOW TO USE BANDWIDTH CONTROL WITH QoS GROUP OPTION QoS groups are used to limit a group of users, and share the total rate. The idea here is simple: - Any member of the group can reach the total rate of the group ٛ - The total sum of all member's traffic together, will not exceed the total ٛ rate of the group - Any member of the group can have guaranteed bandwidht ٛ -Equal bandwidth sharing Ex: Let's back to our example above. Inn establishment, which have 3 clients.
IP: 192.168.x.x -> machine's 1 IP LAN Out rate: 200 -> 200 kbit guaranteed WAN Out rate: 200 -> 200 kbit guaranteed Group ID: 1 -> Member of QoS group ID 1 IP: 192.168.x.x -> machine's 2 IP LAN Out rate: 0 WAN Out rate: 0 The other 2 clients, will have no group: Group ID: 0 -> Does not belong to any group IP: 192.168.x.x -> Client 2 LAN Out rate: 256 WAN Out rate: 256 Group ID: 0 IP: 192.168.x.
※ HOW TO GUARANTEE BANDWIDTH FOR A VOIP SYSTEM We will use this example to show how easy is to guarantee bandwidth for a voip system for instance. The main objective here is, to set up simple scenario with no effort. The scenario is: -Internet connection of 300 kbit - Guarantee 64 kbit for Voip machine ٛ - Don't need to enter every single machine as group member ٛ You are going to install this equipment, for some company which has a voip system and some small network (let's say, 30 computers ).
But, if the boss machine wants to have 128 kbit guaranteed as well? Proceed as follow: Group ID: 1 LAN Out rate: 300 WAN Out rate: 300 Group ID: 1 IP: 192.168.x.x LAN Out rate: 64 WAN Out rate: 64 Group ID: 1 IP: 192.168.x.x LAN Out rate: 128 WAN Out rate: 128 Group ID: 1 IP: 0.0.0.
※ TRAFFIC CONTROL VIA CONFIG FILE INSTEAD OF WEB INTERFACE This version allows unlimited IP or MAC address traffic control, via /etc/cbu.conf file. Via WEB interface you can only control up to 40 entries. The file etc/cbu.conf uses the same idea as via WEB interface. After you’re done with file changes, you have to type the following commands in order, to save and activate the changes: # salvar # /bin/cbu.sh # /bin/firewall.sh NOTE: REMEMBER TO ACTIVATE TRAFFIC CONTROL VIA WEB INTERFACE.
※ NOTES ABOUT SSH ACCESS This firmware version comes with SSH2 server. As default, we have the user "root" with password "root". To change the root's password, proceed as follow: - Access the equipment through SSH terminal ( putty for example ) -type: "passwd" -Type your new password and confirm - Now, to permanet save the change, type: "salvar" - save in portuguese :) This version comes with SSH client program. You can use it to remotelly connect to another equipment.
※ HOW TO FIX MAC ADDRESS TO CERTAIN IP AND STATIC LEASE VIA DHCP (VIA SSH TERMINAL) With just one file it's possible to lease static ip based on mac addr and to tie-up this pair mac/ip. To do it, you have to edit this file /etc/ethers like that: # John 00:12:34:51:fd:ea 192.168.2.100 # Jhony 00:4f:23:fb:ce:3d 192.168.2.101 After that, save it. Now, type "salvar". To put it to work straightaway, type: "init.sh gw all" With this file, the DHCP server will give IP ADDR based on MAC ADDR.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.