Auto(IKE) Key Exchange Method Pre-Shared Key / Certificate (X.509) Input Pre-shared key / Choose Certificate Perfect Forward Secrecy Enable or Disable Advanced IKE Settings Select Show Advanced Settings to reveal the advanced settings options shown below. Advanced IKE Settings Mode Select Hide Advanced Settings to hide the advanced settings options shown above. Choose settings for each phase, the available options are separated with a “/” character.
Manual Key Exchange Method Encryption Algorithm DES / 3DES / AES (aes-cbc) Encryption Key DES: 16 digit Hex, 3DES: 48 digit Hex Authentication Algorithm MD5 / SHA1 Authentication Key MD5: 32 digit Hex, SHA1: 40 digit Hex SPI (default is 101) Enter a Hex value from 100-FFFFFFFF 100
5.17 Certificate A certificate is a public key, attached with its owner’s information (company name, server name, personal real name, contact e-mail, postal address, etc) and digital signatures. There will be one or more digital signatures attached to the certificate, indicating that these entities have verified that this certificate is valid. 5.17.1 Local CREATE CERTIFICATE REQUEST Click Create Certificate Request to generate a certificate-signing request.
The following table is provided for your reference. Field Description Certificate Name A user-defined name for the certificate. Common Name Usually, the fully qualified domain name for the machine. Organization Name The exact legal name of your organization. Do not abbreviate. State/Province Name The state or province where your organization is located. It cannot be abbreviated. Country/Region Name The two-letter ISO abbreviation for your country.
IMPORT CERTIFICATE Click Import Certificate to paste the certificate content and the private key provided by your vendor/ISP/ITSP into the corresponding boxes shown below. Enter a certificate name and click Apply to import the local certificate.
5.17.2 Trusted CA CA is an abbreviation for Certificate Authority, which is a part of the X.509 system. It is itself a certificate, attached with the owner information of this certificate authority; but its purpose is not encryption/decryption. Its purpose is to sign and issue certificates, in order to prove that these certificates are valid. Click Import Certificate to paste the certificate content of your trusted CA.
Enter a certificate name and click Apply to import the CA certificate.
5.18 Multicast Input new IGMP or MLD protocol configuration fields if you want modify default values shown. Then click Apply/Save.
Chapter 6 Wireless The Wireless menu provides access to the wireless options discussed below. 6.1 Security The following screen appears when Wireless Security is selected. The options shown here allow you to configure security features of the wireless LAN interface. Click Save/Apply to implement new configuration settings. WIRELESS SECURITY Wireless security settings can be configured according to Wi-Fi Protected Setup (WPS) or Manual Setup.
Select SSID Select the wireless network name from the drop-down box. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN. If the SSID does not match, that client will not be granted access. Network Authentication This option specifies whether a network key is used for authentication to the wireless network. If network authentication is set to Open, then no authentication is provided. Despite this, the identity of the client is still verified.
WEP Encryption This option specifies whether data sent over the network is encrypted. The same network key is used for data encryption and network authentication. Four network keys can be defined although only one can be used at any one time. Use the Current Network Key list box to select the appropriate network key. Security options include authentication and encryption services based on the wired equivalent privacy (WEP) algorithm. WEP is a set of security services used to protect 802.
To configure security settings with WPS, follow the procedures below. You must choose either the Push-Button or PIN configuration method for Steps 6 and 7. I. Setup Step 1: Enable WPS by selecting Enabled from the drop down list box shown. Step 2: Set the WPS AP Mode. Configured is used when the AR-5389 will assign security settings to clients. Unconfigured is used when an external client assigns security settings to the AR-5389.
Step 4: For the Pre-Shared Key (PSK) modes, enter a WPA Pre-Shared Key. You will see the following dialog box if the Key is too short or too long. Step 5: Click the Save/Apply button at the bottom of the screen. IIIa. PUSH-BUTTON CONFIGURATION The WPS push-button configuration provides a semi-automated configuration method. The WPS button on the rear panel of the router can be used for this purpose or the Web User Interface (WUI) can be used exclusively.
Step 7: Go to your WPS wireless client and activate the push-button function. A typical WPS client screenshot is shown below as an example. Now go to Step 8 (part IV. Check Connection) to check the WPS connection. IIIb. WPS – PIN CONFIGURATION Using this method, security settings are configured with a personal identification number (PIN). The PIN can be found on the device itself or within the software. The PIN may be generated randomly in the latter case.
Step 7: Activate the PIN function on the wireless client. For Configured mode, the client must be configured as an Enrollee. For Unconfigured mode, the client must be configured as the Registrar. This is different from the External Registrar function provided in Windows Vista. The figure below provides an example of a WPS client PIN function in-progress. Now go to Step 8 (part IV. Check Connection) to check the WPS connection. IV.
6.2 MAC Filter This option allows access to the router to be restricted based upon MAC addresses. To add a MAC Address filter, click the Add button shown below. To delete a filter, select it from the MAC Address table below and click the Remove button. Option Select SSID Description Select the wireless network name from the drop-down box. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN.
6.3 Wireless Bridge This screen allows for the configuration of wireless bridge features of the WIFI interface. See the table beneath for detailed explanations of the various options. Click Save/Apply to implement new configuration settings. Feature Description AP Mode Selecting Wireless Bridge (aka Wireless Distribution System) disables Access Point (AP) functionality, while selecting Access Point enables AP functionality.
6.4 Advanced The Advanced screen allows you to configure advanced features of the wireless LAN interface. You can select a particular channel on which to operate, force the transmission rate to a particular speed, set the fragmentation threshold, set the RTS threshold, set the wakeup interval for clients in power-save mode, set the beacon interval for the access point, set XPress mode and set whether short or long preambles are used. Click Save/Apply to set new advanced wireless options.
Field Description Band Set to 2.4 GHz for compatibility with IEEE 802.11x standards. The new amendment allows IEEE 802.11n units to fall back to slower speeds so that legacy IEEE 802.11x devices can coexist in the same network. IEEE 802.11g creates data-rate parity at 2.4 GHz with the IEEE 802.11a standard, which has a 54 Mbps rate at 5 GHz. (IEEE 802.11a has other differences compared to IEEE 802.11b or g, such as offering more channels.
Field Description Fragmentation Threshold A threshold, specified in bytes, that determines whether packets will be fragmented and at what size. On an 802.11 WLAN, packets that exceed the fragmentation threshold are fragmented, i.e., split into, smaller units suitable for the circuit size. Packets smaller than the specified fragmentation threshold value are not fragmented. Enter a value between 256 and 2346. If you experience a high packet error rate, try to slightly increase your Fragmentation Threshold.
6.5 Site Survey The following graph displays wireless APs found in your neighborhood by channel.
6.6 Station Info This page shows authenticated wireless stations and their status. Click the Refresh button to update the list of stations in the WLAN. Consult the table below for descriptions of each column heading. Heading Description MAC Lists the MAC address of all the stations. Associated Lists all the stations that are associated with the Access Point, along with the amount of time since packets were transferred to and from each station.
6.7 WiFi Button This page allows you to enable or disable the WiFi Button.
Chapter 7 Diagnostics 7.1 Diagnostics – Individual Tests The first Diagnostics screen is a dashboard that shows overall connection status. If a test displays a fail status, click the button to retest and confirm the error. If a test continues to fail, click Help and follow the troubleshooting procedures.
7.2 Fault Management Please note this function is not available on the AR-5389. Item Description Maintenance Domain (MD) Level Management space on the network, the larger the domain, the higher the level value Destination MAC Address Destination MAC address for sending the loopback message 802.1Q VLAN ID: [0-4095] 802.1Q VLAN used in VDSL PTM mode Set MD Level Save the Maintenance domain level. Send Loopback Send loopback message to destination MAC address.
7.3 Uptime Status This page shows System, DSL, ETH and Layer 3 uptime. If the DSL line, ETH or Layer 3 connection is down, the uptime will stop incrementing. If the service is restored, the counter will reset and start from 0. A Bridge interface will follow the DSL or ETH timer. The "ClearAll" button will restart the counters from 0 or show "Not Connected" if the interface is down.
Chapter 8 Management Click on the link to jump to a specific section: 8.1 Settings This includes 8.1.1 Backup Settings, 8.1.2 Update Settings, and 8.1.3 Restore Default screens. 8.1.1 Backup Settings To save the current configuration to a file on your PC, click Backup Settings. You will be prompted for backup file location. This file can later be used to recover settings on the Update Settings screen, as described below. 8.1.
8.1.3 Restore Default Click Restore Default Settings to restore factory default settings. After Restore Default Settings is clicked, the following screen appears. Close the browser and wait for 2 minutes before reopening it. It may also be necessary, to reconfigure your PC IP configuration to match any new settings. NOTE: This entry has the same effect as the Reset button. The AR-5389 board hardware and the boot loader support the reset to default.
8.2 System Log This function allows a system log to be kept and viewed upon request. Follow the steps below to configure, enable, and view the system log. STEP 1: Click Configure System Log, as shown below (circled in Red). STEP 2: Select desired options and click Apply/Save. Consult the table below for detailed descriptions of each system log option. Option Description Log Indicates whether the system is currently recording events. The user can enable or disable event logging.
Option Description Log Level Allows you to configure the event level and filter out unwanted events below this level. The events ranging from the highest critical level “Emergency” down to this configured level will be recorded to the log buffer on the AR-5389 SDRAM. When the log buffer is full, the newer event will wrap up to the top of the log buffer and overwrite the old event. By default, the log level is “Debugging”, which is the lowest critical level.
8.3 SNMP Agent Simple Network Management Protocol (SNMP) allows a management application to retrieve statistics and status from the SNMP agent in this device. Select the Enable radio button, configure options, and click Save/Apply to activate SNMP.
8.4 TR-069 Client WAN Management Protocol (TR-069) allows an Auto-Configuration Server (ACS) to perform auto-configuration, provision, collection, and diagnostics to this device. Select desired values and click Apply/Save to configure TR-069 client options. The table below is provided for ease of reference. Option Description Enable TR-069 Tick the checkbox to enable. OUI-serial The serial number used to identify the CPE when making a connection to the ACS using the CPE WAN Management Protocol.
Option Description ACS URL URL for the CPE to connect to the ACS using the CPE WAN Management Protocol. This parameter MUST be in the form of a valid HTTP or HTTPS URL. An HTTPS URL indicates that the ACS supports SSL. The “host” portion of this URL is used by the CPE for validating the certificate from the ACS when using certificate-based authentication. ACS User Name Username used to authenticate the CPE when making a connection to the ACS using the CPE WAN Management Protocol.
8.5 Internet Time This option automatically synchronizes the router time with Internet timeservers. To enable time synchronization, tick the corresponding checkbox , choose your preferred time server(s), select the correct time zone offset, and click Save/Apply. NOTE: In addition, this menu item is not displayed when in Bridge mode since the router would not be able to connect to the NTP timeserver.
8.6 Access Control 8.6.1 Accounts/Passwords This screen is used to configure the user account access passwords for the device. Access to the AR-5389 is controlled through the following user accounts: root - unrestricted access to change and view the configuration. support - typically utilized by Carrier/ISP technicians for maintenance and diagnostics. user - can view configuration settings & statistics and update firmware.
NOTE: Passwords can be up to 16 characters in length.
8.6.2 Service Access The Services option limits or opens the access services over the LAN or WAN. These access services available are: FTP, HTTP, ICMP, SNMP, TELNET and TFTP. Enable a service by selecting its dropdown listbox. Click SAVE/APPLY to activate.
8.6.3 IP Address The IP Address Access Control mode, if enabled, permits access to local management services from IP addresses contained in the Access Control List. If the Access Control mode is disabled, the system will not validate IP addresses for incoming packets. The services are the system applications listed in the Service Control List beside ICMP. Click the Add button to display the following.
Configure the address and subnet of the management station permitted to access the local management services, and click Save/Apply. IP Address – IP address of the management station. Subnet Mask – Subnet address for the management station. Interface – Access permission for the specified address, allowing the address to access the local management service from none/lan/wan/lan&wan interfaces.
8.7 Update Software This option allows for firmware upgrades from a locally stored file. Configuration: Select for the three options available. STEP 1: Obtain an updated software image file from your ISP. STEP 2: Enter the path and filename of the firmware image file in the Software File Name field or click the Browse button to locate the image file. STEP 3: Click the Update Software button once to upload and install the file. NOTE: The update process will take about 2 minutes to complete.
8.8 Reboot To save the current configuration and reboot the router, click Save/Reboot. NOTE: You may need to close the browser window and wait for 2 minutes before reopening it. It may also be necessary, to reset your PC IP configuration.