Appendix A - Firewall STATEFUL PACKET INSPECTION Refers to an architecture, where the firewall keeps track of packets on each connection traversing all its interfaces and makes sure they are valid. This is in contrast to static packet filtering which only examines a packet based on the information in the packet header. DENIAL OF SERVICE ATTACK Is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.
Example 1: Filter Name : Protocol : Policy : Source IP Address : Source Subnet Mask : Source Port : Dest. IP Address : Dest. Subnet Mask : Dest. Port : Selected WAN interface : In_Filter1 TCP Allow 210.168.219.45 255.255.0.0 80 NA NA NA br0 This filter will ACCEPT all TCP packets coming from WAN interface “br0” with IP Address/Subnet Mask 210.168.219.45/16 with a source port of 80, irrespective of the destination. All other incoming packets on this interface are DROPPED.
Appendix B - Specifications Hardware Interface RJ-11 X 1 for ADSL RJ-45 X 4 for LAN (10/100 Base-T auto-sense) WPS Button X 1 Wi-Fi On/Off Button X 1 Power Switch X 1 Wi-Fi Antenna X 1 WAN Interface Downstream up to 8M for ADSL, 24 Mbps for ADSL2+; Upstream up to 1Mbps,for ANNEX M Upstream up to 2.4Mbps ANSI T1.413 issue 2, ITU-T G.992.2 Annex A (G.lite), ITU-T G.992.3 Annex A, L, M (ADSL2), TU-T G.992.5 Annex A, M (ADSL2+), ITU-T G 994.1, ITU-T G.997.
DHCP Client/Server for IP management DHCP Relay IP multicasting IGMP v1/v2 Pass through/open/redirection and port mapping The Range of private IP support 192.168.1.2 to 192.168.1.254 QoS mechanism support for mapping of PVC with different traffic classes HTTP (web based) for firmware upgrade & configuration IP filtering & raw filtering IGMP Snooping support IEEE 802.
Certifications...................................
Appendix C - SSH Client Unlike Microsoft Windows, Linux OS has a ssh client included. For Windows users, there is a public domain one called “putty” that can be downloaded from here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html To access the ssh client you must first enable SSH access for the LAN or WAN from the Management Access Control Services menu in the web user interface. To access the router using the Linux ssh client For LAN access, type: ssh -l admin 192.168.1.
Appendix D - WPS OPERATION This Section shows the basic AP WPS Operation procedure. D1 Add Enrollee with Pin Method 1) Select Enabled from the Enable WPS dropdown menu. 2) Click the Apply/Save button at the bottom of the screen.
4) Operate Station to start WPS Adding Enrollee. D2 Add Enrollee with PBC Method 1) Press the WPS button at back of the device to activate WPS PBC operation. 2) Operate Station (your dongle for example) to start WPS Adding Enrollee.
D3 Configure AP 1) Select Enabled from the Enable WPS dropdown menu. 2) Select Unconfigured from the Set WPS AP Mode dropdown menu. 3) Click the Apply/Save button at the bottom of the screen. The following page will show these additional items. Lock Device PIN When enabled, device PIN is locked and cannot be used for WPS operation.
4) Read the Device Pin (31957199 in this example) and input to External Registrar(ER – your dongle for example) when ER asks Device Pin ER could be wired (for example Windows Vista) or wireless (Intel Station). 5) Do Web Page refresh after ER complete AP Configuration to check the new parameters setting.
Appendix E - Connection Setup Creating a WAN connection is a two-stage process. 1 - Setup a Layer 2 Interface (ATM, PTM or Ethernet). 2 - Add a WAN connection to the Layer 2 Interface. The following sections describe each stage in turn. E1 ~ Layer 2 Interfaces Layer2 interface supports VLAN Mux modes, which allow for multiple connections over a single interface. PPPoE, IPoE, and Bridge are supported while PPPoA and IPoA connections are not.
E1.1 ATM Interfaces Follow these procedures to configure an ATM interface. NOTE: The AR-5389 supports up to 16 ATM interfaces. STEP 1: Go to Advanced Setup Layer2 Interface ATM Interface. This table is provided here for ease of reference. Heading Description Interface WAN interface name.
There are many settings here including: VPI/VCI, DSL Latency, DSL Link Type, Encapsulation Mode, Service Category, Connection Mode and Quality of Service. Here are the available encapsulations for each xDSL Link Type: EoA- LLC/SNAP-BRIDGING, VC/MUX PPPoA- VC/MUX, LLC/ENCAPSULATION IPoA- LLC/SNAP-ROUTING, VC MUX STEP 3: Click Apply/Save to confirm your choices. On the next screen, check that the ATM interface is added to the list.
To add a WAN connection go to E2 ~ WAN Connections. E1.2 PTM Interfaces Follow these procedures to configure a PTM interface. NOTE: The AR-5389 can support two PTM interfaces. STEP 4: Go to Advanced Setup Layer2 Interface PTM Interface. This table is provided here for ease of reference. Heading Description Interface WAN interface name. DSL Latency {Path0} portID = 0 {Path1} port ID = 1 {Path0&1} port ID = 4 PTM Priority Normal or High Priority (Preemption).
There are many settings that can be configured here including: DSL Latency, PTM Priority, Connection Mode and Quality of Service. STEP 6: Click Apply/Save to confirm your choices. On the next screen, check that the PTM interface is added to the list. For example, an PTM interface in Default Mode is shown below. To add a WAN connection go to E2 ~ WAN Connections. E1.3 Ethernet WAN Interface Some models of the AR-5389 support a single Ethernet WAN interface over the ETH WAN port.
STEP 1: Go to Advanced Setup Layer2 Interface ETH Interface. This table is provided here for ease of reference. Heading Description Interface/ (Name) ETH WAN Interface Connection Mode Default Mode – Single service over one connection Vlan Mux Mode – Multiple Vlan service over one connection MSC Mode – Multiple Service over one Connection Remove Select the checkbox and click Remove to remove the connection. STEP 2: Click Add to proceed to the next screen.
E2 ~ WAN Connections In Default Mode, the AR-5389 supports up to 16 connections. To setup a WAN connection follow these instructions. STEP 1: Go to the Advanced Setup WAN Service screen. STEP 2: Click Add to create a WAN connection. The following screen will display. STEP 3: Choose a layer 2 interface from the drop-down box and click Next. The WAN Service Configuration screen will display as shown below.
NOTE: The WAN services shown here are those supported by the layer 2 interface you selected in the previous step. If you wish to change your selection click the Back button and select a different layer 2 interface. STEP 4: For VLAN Mux Connections, you must enter Priority & VLAN ID tags. STEP 5: You will now follow the instructions specific to the WAN service type you wish to establish.
E2.1 PPP over ETHERNET (PPPoE) STEP 1: Select the PPP over Ethernet radio button and click Next. You can also enable IPv6 by ticking the checkbox at the bottom of this screen. STEP 2: On the next screen, enter the PPP settings as provided by your ISP. Click Next to continue or click Back to return to the previous step.
159
The settings shown above are described below. PPP SETTINGS The PPP Username, PPP password and the PPPoE Service Name entries are dependent on the particular requirements of the ISP. The user name can be a maximum of 256 characters and the password a maximum of 32 characters in length. For Authentication Method, choose from AUTO, PAP, CHAP, and MSCHAP. ENABLE FULLCONE NAT This option becomes available when NAT is enabled.
USE STATIC IPv4 ADDRESS Unless your service provider specially requires it, do not select this checkbox . If selected, enter the static IP address in the IPv4 Address field. Don’t forget to adjust the IP configuration to Static IP Mode as described in Section 3.2 MTU Maximum Transmission Unit. The size (in bytes) of largest protocol data unit which the layer can pass onwards. This value is 1500 for PPPoA.
Click Next to continue or click Back to return to the previous step. Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered.
Click Next to continue or click Back to return to the previous step. STEP 5: The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them. After clicking Apply/Save, the new service should appear on the main screen. To activate it you must reboot. Go to Management Reboot and click Reboot.
E2.2 IP over ETHERNET (IPoE) STEP 1: *Select the IP over Ethernet radio button and click Next. * For tagged service, enter valid 802.1P Priority and 802.1Q VLAN ID. For untagged service, set -1 to both 802.1P Priority and 802.1Q VLAN ID. STEP 2: The WAN IP settings screen provides access to the DHCP server settings. You can select the Obtain an IP address automatically radio button to enable DHCP (use the DHCP Options only if necessary).
NOTE: If IPv6 networking is enabled, an additional set of instructions, radio buttons, and text entry boxes will appear at the bottom of the screen. These configuration options are quite similar to those for IPv4 networks. Click Next to continue or click Back to return to the previous step. STEP 3: This screen provides access to NAT, Firewall and IGMP Multicast settings. Enable each by selecting the appropriate checkbox . Click Next to continue or click Back to return to the previous step.
ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox . The NAT submenu will appear in the Advanced Setup menu after reboot. On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox should not be selected, so as to free up system resources for improved performance. ENABLE FULLCONE NAT This option becomes available when NAT is enabled.
STEP 4: To choose an interface to be the default gateway. Click Next to continue or click Back to return to the previous step. STEP 5: Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered.
If IPv6 is enabled, an additional set of options will be shown. IPv6: Select the configured WAN interface for IPv6 DNS server information OR enter the static IPv6 DNS server Addresses. Note that selecting a WAN interface for IPv6 DNS server will enable DHCPv6 Client on that interface. Click Next to continue or click Back to return to the previous step.
STEP 6: The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them. After clicking Apply/Save, the new service should appear on the main screen. To activate it you must reboot. Go to Management Reboot and click Reboot.
E2.3 Bridging NOTE: This connection type is not available on the Ethernet WAN interface. STEP 1: *Select the Bridging radio button and click Next. * For tagged service, enter valid 802.1P Priority and 802.1Q VLAN ID. For untagged service, set -1 to both 802.1P Priority and 802.1Q VLAN ID. STEP 2: The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to return to the previous screen.
After clicking Apply/Save, the new service should appear on the main screen. To activate it you must reboot. Go to Management Reboot and click Reboot. NOTE: If this bridge connection is your only WAN service, the AR-5389 will be inaccessible for remote management or technical support from the WAN.
E2.4 PPP over ATM (PPPoA) STEP 1: Click Next to continue. STEP 2: On the next screen, enter the PPP settings as provided by your ISP. Click Next to continue or click Back to return to the previous step.
PPP SETTINGS The PPP username and password are dependent on the requirements of the ISP. The user name can be a maximum of 256 characters and the password a maximum of 32 characters in length. (Authentication Method: AUTO, PAP, CHAP, or MSCHAP.) ENABLE FULLCONE NAT This option becomes available when NAT is enabled. Known as one-to-one NAT, all requests from the same internal IP address and port are mapped to the same external IP address and port.
DIAL ON DEMAND The AR-5389 can be configured to disconnect if there is no activity for a period of time by selecting the Dial on demand checkbox . You must also enter an inactivity timeout period in the range of 1 to 4320 minutes. PPP IP EXTENSION The PPP IP Extension is a special feature deployed by some service providers. Unless your service provider specifically requires this setup, do not select it. PPP IP Extension does the following: Allows only one PC on the LAN.
ENABLE IGMP MULTICAST Tick the checkbox to enable Internet Group Membership Protocol (IGMP) multicast. IGMP is a protocol used by IPv4 hosts to report their multicast group memberships to any neighboring multicast routers. NO MULTICAST VLAN FILTER Tick the checkbox to have the multicast packets bypass the VLAN filter. Enable WAN interface with base MAC STEP 3: Choose an interface to be the default gateway. Click Next to continue or click Back to return to the previous step.
STEP 5: The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them. After clicking Apply/Save, the new service should appear on the main screen. To activate it you must reboot. Go to Management Reboot and click Reboot.
E2.5 IP over ATM (IPoA) STEP 1: Click Next to continue. STEP 2: Enter the WAN IP settings provided by your ISP. Click Next to continue. STEP 3: This screen provides access to NAT, Firewall and IGMP Multicast settings. Enable each by selecting the appropriate checkbox . Click Next to continue or click Back to return to the previous step.
ENABLE NAT If the LAN is configured with a private IP address, the user should select this checkbox . The NAT submenu will appear in the Advanced Setup menu after reboot. On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox should not be selected, so as to free up system resources for improved performance. ENABLE FULLCONE NAT This option becomes available when NAT is enabled.
STEP 4: Choose an interface to be the default gateway. Click Next to continue or click Back to return to the previous step. NOTE: If the DHCP server is not enabled on another WAN interface then the following notification will be shown before the next screen. STEP 5: Choose an interface to be the default gateway.
Click Next to continue or click Back to return to the previous step. STEP 6: The WAN Setup - Summary screen shows a preview of the WAN service you have configured. Check these settings and click Apply/Save if they are correct, or click Back to modify them. After clicking Apply/Save, the new service should appear on the main screen. To activate it you must reboot. Go to Management Reboot and click Reboot.
FCC INFORMATION This equipment complies with CFR 47, Part 15.19 of the FCC rules. Operation of the equipment is subject to the following conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received; including interference that may cause undesired operation.