ADMINISTRATION GUIDE Cisco Small Business RV315W Broadband Wireless VPN Router
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco Systems, Inc. All rights reserved.
Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
Contents Federal Communication Commission Interference Statement Radiation Exposure Statement: Chapter 1: Getting Started Product Overview 3 3 5 5 Front Panel 5 Back Panel 8 Default Settings 9 Mounting the RV315W 10 Placement Tips 10 Wall-Mounting 10 Connecting the RV315W 11 Getting Started with the Configuration 12 Before You Begin 12 Logging in to the Configuration Utility 13 Using the Help System 13 Performing Basic Configuration Tasks 14 Changing the Default Administrator Pa
Contents 3G Wireless Connection 29 LAN Interfaces 30 WLAN Connection 30 Application Information 31 Refresh Rate 31 Chapter 4: Port Management 32 Configuring WAN Connections 32 Viewing WAN Connection Information 32 Configuring WAN Connections 33 Configuring Default Route of the Physical WAN Interface 38 Configuring Dual WAN 39 Configuring WAN1/LAN0 Interface 40 Configuring LAN 41 Configuring LAN Interfaces 41 Configuring VLAN Settings 42 Configuring Wireless Settings 43 Confi
Contents Configuring UPnP 59 Configuring Port Mirroring 60 Configuring Routing 60 Configuring Basic Routing Settings 61 Configuring Routing Mode 61 Configuring Inter-VLAN Routing 61 Configuring Static Routing 61 Configuring Policy-based Routing 62 Configuring Dynamic Routing 63 Viewing the Routing Table 64 Configuring IGMP Chapter 6: VPN 65 66 Viewing IPSec VPN Status 66 Configuring IPsec VPN Policies 67 Setting Up a Site-to-Site VPN 67 Setting up a PC to Site VPN 70 Modifyin
Contents Preventing ARP Attacks Chapter 9: System Management 83 85 Rebooting the RV315W 85 Configuring User Accounts 86 Viewing User Information 86 Creating a New User 87 Changing User Password 87 Deleting a Local User 88 Restoring Factory Default Settings 88 Managing System Configuration 89 Upgrading the Firmware 90 Using Diagnostic Utilities 91 Ping 91 Traceroute 91 HTTP Get 92 DNS Query 92 Configuring System Time 92 Configuring TR-069 93 Configuring TR-069 Settings 9
1 Getting Started This chapter provides information to familiarize you with the product features, guide you through the installation process, and get started using web-based Configuration Utility. It includes the following sections: • Product Overview • Mounting the RV315W • Connecting the RV315W • Getting Started with the Configuration • Performing Basic Configuration Tasks Product Overview Thank you for choosing the Cisco RV315W Broadband Wireless VPN Router.
1 Getting Started Product Overview POWER SYS WAN0 WAN1 LAN0 • Solid green when the RV315W is powered on and is operating normally. • Off when the RV315W is powered off or the power has problems. Solid green when the RV315W is connected to the Internet through your cable or DSL modem. • • Flashes green when the RV315W is attempting to connect to the Internet, the RV315W cannot connect to the Internet, or the system is upgrading the firmware. • Solid red when the system has problems.
1 Getting Started Product Overview LAN1-8 USB 3G WLAN The numbered lights correspond to the LAN ports on the back panel of the RV315W. • Solid green when the RV315W is connected to a device through the corresponding port (LAN1 to 8), but there is no traffic over that port. • Flashes green when the RV315W is sending or receiving data over the corresponding LAN port. • • Off when the corresponding LAN port has no connection.
1 Getting Started Product Overview VPN NMS • Solid green when there are active VPN tunnels, but there is no VPN traffic. • Flashes green when the RV315W is sending or receiving data over the VPN tunnels. • Flashes green once per two seconds when the RV315W is attempting to establish a VPN tunnel, or the attempt of establishing a new VPN tunnel fails. • • Off when there is no VPN connection.
1 Getting Started Product Overview LAN1-8 Ports RESET These ports provide a LAN connection to network devices, such as PCs, print servers, or switches. The RESET button has two functions: • Reboot: Press the RESET button for at least 1, but no more than 5 seconds with a paper clip or a pencil tip to reboot the unit. • POWER (12VDC) Power Switch Restore to Factory Defaults: Press and hold the RESET button for more than 5 seconds to reboot the unit and restore to factory defaults.
1 Getting Started Mounting the RV315W Mounting the RV315W You can place your RV315W on a desktop or mount it on a wall. Placement Tips • Ambient Temperature—To prevent the RV315W from overheating, do not operate it in an area that exceeds an ambient temperature of 104°F (40°C). • Air Flow—Be sure that there is adequate air flow around the RV315W. • Mechanical Loading—Be sure that the RV315W is level and stable to avoid any hazardous conditions.
1 Getting Started Connecting the RV315W To mount the RV315W to the wall: STEP 1 Determine where you want to mount the RV315W. Verify that the surface is smooth, flat, dry, and sturdy. STEP 2 Drill two pilot holes into the surface 5.9 inches (150 mm) apart. STEP 3 Insert a screw into each hole, leaving a gap between the surface and the base of the screw head of at least 0.1 inches (3 mm).
1 Getting Started Getting Started with the Configuration STEP 5 Power on all connected devices including the cable or DSL modem and the PC and wait until the connections are active. STEP 6 Power on the RV315W. STEP 7 To connect the PC to your wireless network for the first time, you can configure the wireless connection using the default SSID name and pre-shared key that are provided on the product label. A sample configuration is illustrated here.
Getting Started Getting Started with the Configuration 1 Logging in to the Configuration Utility To log in to the utility and launch the Setup Wizard to complete the initial configuration: STEP 1 Connect a computer to an available LAN port on the back panel. After you power on the PC, your PC becomes a DHCP client of the RV315W and receives an IP address in the 192.168.1.xxx range. STEP 2 Start a web browser. In the Address bar, enter the default IP address of the RV315W: 192.168.1.1.
Getting Started Performing Basic Configuration Tasks 1 Performing Basic Configuration Tasks We recommend that you complete the tasks in this section before you configure the RV315W. Changing the Default Administrator Password The default administrator account (admin) has full privilege to set the configuration and read the system status. For security purposes, we recommend that you change the default administrator password after your first login.
Getting Started Performing Basic Configuration Tasks 1 To upgrade the firmware: STEP 1 Choose System Management > Firmware Upgrade. The Firmware Upgrade page opens. The following information is displayed: • Device Model: Displays the device model. • PID VID: Displays the product ID and version ID. • Current Firmware Version: Displays the firmware version (primary firmware) that the RV315W is currently using.
Getting Started Performing Basic Configuration Tasks 1 Backing Up Your Configuration At any point during the configuration process, you can back up your configuration. Later, if you make changes that you want to abandon, you can easily restore the saved configuration. To back up your configuration: STEP 1 Click System Management > Configuration Management. The Configuration Management page opens. STEP 2 To back up the settings currently used on your RV315W, click Backup Configuration.
2 Using the Setup Wizard This chapter describes how to use the Setup Wizard to quickly configure the initial settings of your RV315W. It includes the following sections: • Starting the Setup Wizard • Configuring WAN Connection • Configuring Default LAN Settings • Configuring Wireless Connection • Completing the Setup Wizard Starting the Setup Wizard STEP 1 Click Setup Wizard in the left-hand navigation pane. The Setup Wizard launches.
2 Using the Setup Wizard Configuring WAN Connection STEP 3 Choose WAN0 or WAN1 (only available when the WAN1/LAN0 port on the back panel is set to a secondary WAN port) from the WAN Interface drop-down menu to connect to the Internet. STEP 4 Choose a proper network addressing method from the Internet Connection Type drop-down menu and specify the corresponding settings. The following table provides the configuration instruction for each Internet connection type.
2 Using the Setup Wizard Configuring WAN Connection Internet Connection Type Configuration PPPoE PPPoE uses Point-to-Point Protocol over Ethernet (PPPoE) to connect to the Internet. Choose this option if your ISP provides you with client software, username, and password. • User Name: Enter the username that is required to log into the ISP. • Password: Enter the password that is required to log into the ISP. • Service Name: Enter the name for the PPPoE service.
2 Using the Setup Wizard Configuring WAN Connection Internet Connection Type Configuration L2TP Choose this option if you want to use Layer 2 Tunneling Protocol (L2TP) to connect to the Internet. Use the necessary information from your ISP to complete the L2TP configuration: • Auto Get IP: Enable or disable to automatically obtain an IP address. • L2TP Server IP Address: Enter the IP address of the L2TP server. • User Name: Enter the username that is required to log into the L2TP server.
2 Using the Setup Wizard Configuring Default LAN Settings STEP 6 If you want to continue, click Next to proceed to the LAN Configuration page. If you want to return to the previous page, click Back. If you want to exit the Setup Wizard, click Exit. Configuring Default LAN Settings From the LAN Configuration page you can configure the default LAN settings of the RV315W. STEP 7 Enter the following information: • VLAN: Select a VLAN from the drop-down menu.
2 Using the Setup Wizard Configuring Wireless Connection Configuring Wireless Connection From the Wireless Configuration page you can configure the wireless network of the RV315W and the security settings for the selected SSID. STEP 9 Enter the following information: • Current SSID: Select a SSID as the default wireless access point of the RV315W. • SSID Name: Displays the name of the selected SSID. You can edit the SSID name. Enter a unique name for the SSID for identification.
2 Using the Setup Wizard Configuring Wireless Connection Security Mode Configuration WEP WEP encryption is an older encryption method that is not considered to be secure and can easily be broken. Choose this option only if you need to allow access to devices that do not support WPA or WPA2. If you choose this option, enter the following information: • Authentication Type: Choose either Open System or Shared key. The default is Open System. • Key Length: Choose either 64 bits or 128 bits.
2 Using the Setup Wizard Configuring Wireless Connection Security Mode Configuration WPA-Personal Wi-Fi Protected Access (WPA) provides better security than WEP because it uses dynamic key encryption. This standard was implemented as an intermediate measure to replace WEP, pending final completion of the 802.11i standard for WPA2. WPA-Personal supports Temporal Key Integrity Protocol (TKIP) or Advanced Encryption System (AES) encryption mechanisms for data encryption (default is TKIP).
2 Using the Setup Wizard Configuring Wireless Connection Security Mode Configuration WPA2Personal WPA2 provides the best security for wireless transmissions. This method implements the security standards specified in the final version of 802.11i. WPA2-Personal always uses AES encryption mechanism for data encryption. If you choose this option, enter the following information: • WPA Pre-Shared: The Pre-shared Key (PSK) is the shared secret key for WPA.
2 Using the Setup Wizard Configuring Wireless Connection Security Mode Configuration WPAEnterprise WPA-Enterprise uses WPA with RADIUS authentication. This mode supports TKIP and AES encryption mechanisms (default is TKIP) and requires the use of a RADIUS server to authenticate users. If you choose this option, enter the following information: • WPA Key Renewal Timeout: Enter a value to set the interval at which the key is refreshed for clients associated to this SSID.
2 Using the Setup Wizard Completing the Setup Wizard Security Mode Configuration WPA2Enterprise WPA2-Enterprise uses WPA2 with RADIUS authentication. This mode always uses AES encryption mechanism for data encryption and requires the use of a RADIUS server to authenticate users. If you choose this option, enter the following information: • WPA Key Renewal Timeout: Enter a value to set the interval at which the key is refreshed for clients associated to this SSID.
3 Viewing System Status This chapter describes how to view real-time statistics and other information about the RV315W. It includes the following sections: • Device Information • WAN Connection • 3G Wireless Connection • LAN Interfaces • Application Information • Refresh Rate Click System Summary. The System Summary page opens. Device Information The Device Information area displays the following information: • Product Name: Product name of the unit. • Model: Product model of the unit.
3 Viewing System Status WAN Connection WAN Connection The WAN Connection area displays the following information: • WANx Connection Status: Shows if the WAN interface or the WAN subinterface is active or inactive for routing. • WAN Connection Name: WAN connection name through a WAN interface or a WAN subinterface. • IP address: IP address of the WAN interface or the WAN subinterface.
3 Viewing System Status LAN Interfaces • • - Series Number: Series number of the 3G USB dongle. - Hardware Version: Hardware version of the 3G USB dongle. - Software Version: Software version that the 3G USB dongle is currently using. - PRL Version: PRL version of the 3G USB dongle. UIM Card Information: - UIM Card Status: Current status of the UIM card. - IMSI: IMSI number of the UIM card. - Voltage: Current voltage of the UIM card.
3 Viewing System Status Application Information • Status: Shows if the SSID is enabled or disabled. • Number of Connected PCs: Number of the client stations that are connected to the SSID. The wireless module of the RV315W is enabled by default. The RV315W provides four virtual wireless networks, or four SSIDs (Service Set Identifiers). To see complete details for all wireless clients that are connected to the RV315W: STEP 1 Click View Connected Devices.
4 Port Management This chapter describes how to configure your Internet connection, LAN, wireless network, and 3G wireless network. It includes the following sections: • Configuring WAN Connections • Configuring LAN • Configuring Wireless Settings • Configuring 3G Wireless Connection Configuring WAN Connections By default, the RV315W is configured to receive a public IP address from your ISP automatically through DHCP.
4 Port Management Configuring WAN Connections Parameter Description Internet Connection Type Network addressing mode used to connect to the Internet. See Configuring WAN Connection for more information. IP Address IP address of the WAN interface. DNS IP address of the DNS server for the WAN interface. Status Shows if the WAN interface is active or inactive for routing.
4 Port Management Configuring WAN Connections The following table provides the configuration instruction for each Internet connection type. Confirm that you have proper network information from your ISP or a peer router to configure the RV315W to access the Internet. Internet Connection Type Configuration DHCP Connection type often used with cable modems. Choose this option if your ISP dynamically assigns an IP address on connection.
4 Port Management Configuring WAN Connections PPPoE PPPoE uses Point-to-Point Protocol over Ethernet (PPPoE) to connect to the Internet. Choose this option if your ISP provides you with client software, username, and password. Use the necessary PPPoE information from your ISP to complete the PPPoE configuration. • User Name: Enter the username that is required to log into the ISP. • Password: Enter the password that is required to log into the ISP.
4 Port Management Configuring WAN Connections Internet Connection Type Configuration Static IP Choose this option if the ISP provides you with a static (permanent) IP address and does not assign it dynamically. Use the corresponding information from your ISP to complete the following fields: • IP Address: Enter the IP address of the WAN port that can be accessible from the Internet. • Subnet Mask: Enter the IP address of the subnet mask. • Default Gateway: Enter the IP address of default gateway.
4 Port Management Configuring WAN Connections Internet Connection Type Configuration L2TP Choose this option if you want to use Layer 2 Tunneling Protocol (L2TP) to connect to the Internet. Use the necessary information from your ISP to complete the L2TP configuration: • L2TP Server IP Address: Enter the IP address of the L2TP server. • User Name: Enter the username that is required to log into the L2TP server. • Password: Enter the password that is required to log into the L2TP server.
4 Port Management Configuring WAN Connections STEP 8 In the Service Binding field, select one of the following service types for the WAN connection: • Management: Only use for management purpose. • Internet: Only use for Internet access purpose. • Management_Internet: Use for both management and Internet access purposes. • VoIP: Only use for VoIP traffic. • IPTV: Only use for IPTV traffic. • Other: Use for other purposes.
4 Port Management Configuring WAN Connections Configuring Dual WAN If you have two ISP links, one for WAN0 and another for WAN1, you can configure the WAN redundancy to determine how the two ISP links are used. NOTE Dual WAN is only available when the WAN0/LAN1 port on the back panel is set to a secondary WAN port (WAN1). To configure dual WAN: STEP 1 Click Port Settings > WAN > Dual WAN. The Dual WAN page opens.
4 Port Management Configuring WAN Connections • Interface: Name of the WAN interface. • IP Address: IP address of the WAN interface. • Subnet Mask: Subnet mask of the WAN interface. • Gateway: Default gateway IP address of the WAN interface. STEP 6 In the Load Balancing area, check Enable to enable Load Balancing to distribute the bandwidth to two WAN ports by the weighted percentages.
4 Port Management Configuring LAN Configuring LAN A virtual LAN (VLAN) is a group of endpoints in a network that are associated by function or other shared characteristics. Unlike LANs, which are usually geographically based, VLANs can group endpoints without regard to the physical location of the equipment or users. The VLANs allow you to segregate the network into LANs that are isolated from one another.
4 Port Management Configuring LAN • Lease Time: Enter the maximum connection time that a dynamic IP address is “leased” to a network user. When the time elapses, the user is automatically renewed the dynamic IP address. The default value is 1 day. • Default Gateway: Enter the IP address for default gateway. • DNS Agent: Check Enable to enable the DNS agent feature, or check Disable to disable this feature. • DNS1: Enter the IP address of the primary DNS server.
4 Port Management Configuring Wireless Settings click Delete, enter the VLAN ID in the VLAN ID field, and then click OK. The reserved VLAN1 and VLAN2 cannot be deleted. Configuring Wireless Settings The wireless module of the RV315W is enabled by default. To connect to the default wireless network of the RV315W for the first time, use the default wireless network name (SSID) and pre-shared key that are provided on the product label at the bottom of the RV315W.
4 Port Management Configuring Wireless Settings • Wireless Channel: Choose the wireless channel from the drop-down menu or choose Auto to let the system determine the optimal channel to use based on the environmental noise levels for the available channels. - Select any channel from 1 to 13 channels when the wireless bandwidth is set to 20 MHz. - Select any channel from 3 to 11 channels when the wireless bandwidth is set to 40 MHz (the default is 11 channel).
4 Port Management Configuring Wireless Settings • SSID Broadcast: Check to enable SSID broadcast and broadcast the SSID in its beacon frames. All wireless devices within range are able to see the SSID when they scan for available networks. Uncheck to prevent autodetection of the SSID. In this case, users must know the SSID to set up a wireless connection to this SSID.
4 Port Management Configuring Wireless Settings Security Mode Configuration WEP Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and SSIDs on the network are configured with a static 64-bit or 128-bit Shared Key for data encryption. The higher the bit for data encryption, the more secure for your network. WEP encryption is an older encryption method that is not considered to be secure and can easily be broken.
4 Port Management Configuring Wireless Settings Security Mode Configuration WPA-Personal Wi-Fi Protected Access (WPA) provides better security than WEP because it uses dynamic key encryption. This standard was implemented as an intermediate measure to replace WEP, pending final completion of the 802.11i standard for WPA2. WPA-Personal supports Temporal Key Integrity Protocol (TKIP) or Advanced Encryption System (AES) encryption mechanisms for data encryption (default is TKIP).
4 Port Management Configuring Wireless Settings Security Mode Configuration WPA2Personal WPA2 provides the best security for wireless transmissions. This method implements the security standards specified in the final version of 802.11i. WPA2-Personal always uses AES encryption mechanism for data encryption. If you choose this option, enter the following information: • WPA Pre-Shared: The Pre-shared Key (PSK ) is the shared secret key for WPA.
4 Port Management Configuring Wireless Settings Security Mode Configuration WPAEnterprise WPA-Enterprise uses WPA with RADIUS authentication. This mode supports TKIP and AES encryption mechanisms (default is TKIP) and requires the use of a RADIUS server to authenticate users. If you choose this option, enter the following information: • Key Renewal Timeout: Enter a value to set the interval at which the key is refreshed for clients associated to this SSID.
4 Port Management Configuring Wireless Settings Security Mode Configuration WPA2Enterprise WPA2-Enterprise uses WPA2 with RADIUS authentication. This mode always uses AES encryption mechanism for data encryption and requires the use of a RADIUS server to authenticate users. If you choose this option, enter the following information: • Key Renewal Timeout: Enter a value to set the interval at which the key is refreshed for clients associated to this SSID.
4 Port Management Configuring 3G Wireless Connection Configuring 3G Wireless Connection The RV315W supports the 3G wireless connection capability. To connect to a 3G wireless network, insert an applicable 3G USB dongle into the 3G interface on the back panel of the RV315W, and then configure the settings of the 3G wireless network through web-based Configuration Utility. See the latest datasheet to get the list of 3G USB dongle models supported by the RV315W.
4 Port Management Configuring 3G Wireless Connection - Keep Alive: Choose this option to keep the connection always on, regardless of the level of activity. This option is recommended if you pay a flat fee for your Internet service. You can specify the interval to automatically re-dial in the 3G wireless network after the connection is down. The default value is 30 seconds. • Manual Dial: If you select Manual, click Connect to manually dial in the 3G wireless network.
5 Networking This chapter describes how to configure other network settings of the RV315W. It includes the following sections: • Configuring DDNS • Configuring ALG • Configuring Port Forwarding • Configuring Port Triggering • Configuring DMZ • Configuring UPnP • Configuring Port Mirroring • Configuring Routing • Configuring IGMP Configuring DDNS Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names.
5 Networking Configuring ALG • Service Provider: Specify the provider for your DDNS service. You can choose either DynDNS.org or TZO. • Domain Name: Enter the complete domain name of the DDNS service. • Username: Enter the username of the account that you registered in the DDNS provider. • Password: Enter the password of the account that you registered in the DDNS provider. STEP 4 Click OK to save your settings.
5 Networking Configuring Port Forwarding Configuring Port Forwarding Port forwarding forwards a TCP/IP packet traversing a Network Address Translator (NAT) gateway to a predetermined network port on a host within a NATmasqueraded, typically private network based on the port number on which it was received at the gateway from the originating host. Configuring Single Port Forwarding To add a single port forwarding rule: STEP 1 Click Networking > Port Forwarding > Single Port Forwarding.
5 Networking Configuring Port Forwarding and click the Delete icon. To delete multiple single port forwarding rules at a time, select the corresponding rules and click the Delete button. Configuring Port Range Forwarding To configure a port range forwarding rule: STEP 1 Click Networking > Port Forwarding > Port Range Forwarding. The Port Range Forwarding page opens. STEP 2 Enter the following information: • Interface: Select a WAN interface or the 3G interface for this port range forwarding rule.
5 Networking Configuring Port Triggering Configuring Port Triggering Port triggering allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/ DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic. Port triggering is a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming ports.
5 Networking Configuring DMZ icon. To delete multiple port triggering rules at a time, select the corresponding rules and click the Delete button. Configuring DMZ This section describes how to configure the software DMZ and hardware DMZ features. Configuring Software DMZ To configure software DMZ: STEP 1 Click Networking > DMZ > Software DMZ. The Software DMZ page opens.
5 Networking Configuring UPnP Configuring Hardware DMZ The hardware DMZ feature sets the LAN8 port on the back panel to a DMZ port. This feature is only available when you use Static IP or DHCP to connect to the Internet. To configure the hardware DMZ: STEP 1 Click Networking > DMZ > Hardware DMZ. The Hardware DMZ page opens. STEP 2 Check Enable to enable the hardware DMZ feature and set the LAN8 part on the back panel to a DMZ port. STEP 3 Click Create to create a DMZ rule.
5 Networking Configuring Port Mirroring STEP 3 Click OK to save your settings. Configuring Port Mirroring Port Mirroring allows traffic on one port to be visible on other ports. This feature is useful for debugging or traffic monitoring. To configure Port Mirroring: STEP 1 Click Networking > Port Mirroring. The Port Mirroring page opens. STEP 2 Click Enable to enable Port Mirroring, or click Disable to disable Port Mirroring.
5 Networking Configuring Routing Configuring Basic Routing Settings Depending on the requirements of your ISP, you can configure the RV315W to operate in NAT mode or Routing mode. By default, NAT mode is enabled. Configuring Routing Mode To configure the routing mode: STEP 1 Click Networking > Routing > Basic Routing. The Basic Routing page opens. STEP 2 In the Routing Mode area, configure the routing mode between WAN and LAN.
5 Networking Configuring Routing • Destination Address: Choose an existing address object for the host or for the network that the route leads to. • Subnet Mask: Enter the subnet mask of the destination network. • Next Hop: Enter the IP address of the gateway through which the destination host or network can be reached. STEP 4 Click OK to save your settings.
5 Networking Configuring Routing - Or select Range to manually set a port range. • Protocol: Select Any, or select either TCP or UDP. • DSCP: Enter the value of DSCP. • Next Hop: Select one of the following options as the next hop: - IPSec Tunnel: Select an IPsec VPN tunnel as the next hop. - Interface: Select a WAN interface as the next hop. - Disable this rule if the interface is down: Check to disable this rule when the selected WAN interface is down.
5 Networking Configuring Routing • RIP Time: Enter the values for the RIP refresh time, RIP timeout, and Flush time. • RIP Settings: Select an interface or a RIP network for routing. STEP 3 In the RIP Members area, if RIPv2 is enabled, you can check RIP Enabled to enable the RIP settings on the port. To specify the RIP settings for each available interface, click the Edit icon. STEP 4 Enter the following information: • RIP: Displays whether RIP is enabled or disabled on this interface.
5 Networking Configuring IGMP • Interface: The physical port through which this route is accessible. Configuring IGMP Internet Group Management Protocol (IGMP) is a communication protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP can be used for online streaming video and gaming, and can allow more efficient use of resources when supporting these types of applications.
6 VPN The RV315W supports the IPsec VPN feature to set up a single gateway-togateway VPN tunnel or a client-to-gateway VPN tunnel. In this configuration, the RV315W creates a secure VPN connection to another VPN-enabled router or a remote PC that installs third-party VPN client software. For example, you can configure the RV315W at a branch site to connect to the VPN router at the corporate site so that the branch site can securely access the corporate network.
6 VPN Configuring IPsec VPN Policies • - site-to-site VPN: Allows you to set up a secure VPN tunnel between the RV315W and a remote VPN router. - pc-to-site VPN: Allows you to set up a secure VPN tunnel between the RV315W and a remote PC that installs a third-party client software. Remote Gateway Address/Hostname: Displays the hostname or IP address of the remote network. - For a site-to-site VPN, the hostname or IP address of the remote gateway is displayed.
6 VPN Configuring IPsec VPN Policies To create a site-to-site (gateway-to-gateway) VPN policy: STEP 1 Click VPN > IPsec VPN. The IPsec VPN page opens. STEP 2 Click Create to create an IPsec VPN policy. STEP 3 Enter the following information: • Enable: Check to enable the IPsec VPN policy, or uncheck to disable the policy. • Policy Number: Select the identification for the IPsec VPN policy. • IPsec Connection Name: Enter a unique name for the IPsec VPN policy.
6 VPN Configuring IPsec VPN Policies - Route: Select the IP address and subnet mask protected by the IPsec VPN. - Flow Characteristic: Enter the source IP address/wildcard and destination IP address/wildcard. STEP 4 Click Advanced Settings to configure the advanced settings of the IPsec VPN policy. • • 1st Phase: Enter the following information: - Exchange Mode: Select either Main Mode or Active Mode. The main mode has a higher priority than the active mode.
6 VPN Configuring IPsec VPN Policies - SA Lifetime: Specify the values for the time-based lifetime and the flowbased lifetime. - DPD: Click Enable to enable Dead Peer Detection (DPD), or click Disable to disable it. DPD is a method of detecting a dead Internet Key Exchange (IKE) peer. This method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer.
6 VPN Configuring IPsec VPN Policies • Local Gateway Address: Displays the IP address of the local network. In general, the local gateway address is the public IP address obtained by the selected WAN interface. • Authentication Method: The IPsec VPN uses a simple, password-based key to authenticate. Enter the desired value that the peer device must provide to establish a connection in the Pre-shared Key field. The preshared key must be entered exactly the same here and on the remote peer.
6 VPN Configuring IPsec VPN Policies - PFS: Click Enable to enable Perfect Forward Secrecy (PFS) to improve security, or click Disable to disable it. If you enable PFS, a Diffie-Hellman exchange is performed for every phase-2 negotiation. PFS is desired on the keying channel of the VPN connection. - SA Lifetime: Specify the values for the time-based lifetime and the flowbased lifetime. - DPD: Click Enable to enable Dead Peer Detection (DPD), or click Disable to disable it.
7 Quality of Service (QoS) This chapter describes how to configure the quality of service (QoS) feature. It includes the following sections: • Configuring Bandwidth Management • Configuring Flow Control Policies • Configuring Session Limits Configuring Bandwidth Management Use the Bandwidth Control page to specify the maximum bandwidth for upstream traffic allowed on each WAN interface, including the 3G WAN interface. To set the upstream bandwidth: STEP 1 Click QoS > Bandwidth Control.
7 Quality of Service (QoS) Configuring Flow Control Policies • Maximum Rate: Enter the amount of maximum bandwidth in Kbps for upstream traffic allowed on the interface queue. STEP 7 Click OK to save your settings. Configuring Flow Control Policies Use the Flow Control Policies page to configure the flow control policies. Up to 25 flow control policies can be configured on the RV315W. To create a flow control policy: STEP 1 Click QoS > Flow Control Policies. The Flow Control Policies page opens.
7 Quality of Service (QoS) Configuring Session Limits - IP Address: Controls flow based on the specified IP addresses of the hosts. If you select this option, enter the starting and ending IP addresses in the Start Address and End Address fields and select a LAN interface from the LAN Interface drop-down menu. • Application Queue: Applies this flow control policy to an interface queue. Select a queue from the drop-down menu.
Quality of Service (QoS) Configuring Session Limits 7 STEP 4 Click OK to save your settings.
8 Security This chapter describes how to configure the firewall, content filtering, and access control features. It includes the following sections: • Configuring Firewall • Configuring DDoS • Configuring Content Filtering • Configuring Access Control • Configuring MAC Address Filtering • Preventing ARP Attacks Configuring Firewall To configure basic firewall settings: STEP 1 Click Security > Firewall. The Firewall page opens.
8 Security Configuring Firewall Proxy Check to block proxy servers. A proxy server (or proxy) allows computers to route the connections to other computers through the proxy, thus circumventing certain firewall rules. For example, if the connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Java Check to block Java applets.
8 Security Configuring DDoS Configuring DDoS Use the DDoS page to specify how to protect your network against common types of DoS attacks. To configure DoS prevention: STEP 1 Click Security > DDoS. The DDoS page opens. STEP 2 The RV315W supports three types of DoS preventions: SYN Flood, UDP Flood, and ICMP Flood. Check Enable to enable DoS Prevention, or check Disable to disable this feature. STEP 3 Specify the threshold for each enabled DoS attacks to trigger the prevention.
8 Security Configuring Access Control • File Type: Enter the type of files that you want to permit or block. STEP 4 Click Add to add this rule in the list of Filtering Rules. STEP 5 You can edit the settings of a content filtering rule, delete an existing filtering rule, or export the specified content filtering rules to your local PC. • Select All: Click to select all content filtering rules in the list. • Cancel All: Click to cancel all selected content filtering rules.
8 Security Configuring Access Control • Destination IP Address: Enter the IP address of the host that you want to control. • Protocol: Select a protocol from the drop-down menu for the access control object. STEP 4 Click OK to save your settings and return to the Access Control page. STEP 5 To edit the settings of an access control object, select the corresponding object and click the Edit icon. To delete an access control object, select the corresponding object and click the Delete icon.
8 Security Configuring MAC Address Filtering STEP 4 Click OK to save your settings and return to the Access Control page. STEP 5 To edit the settings of an access control policy, select the corresponding policy and click the Edit icon. To delete an access control policy, select the corresponding policy and click the Delete icon. Configuring MAC Address Filtering MAC address filtering permits and blocks network access from specific devices through the use of MAC address list.
8 Security Preventing ARP Attacks STEP 6 To edit the settings of a MAC address filtering rule, select the corresponding rule and click the Edit icon. To delete a MAC address filtering rule, select the corresponding rule and click the Delete icon. Preventing ARP Attacks Use the ARP Attack Protection page to specify how to protect your network against common types of ARP attacks. To prevent ARP attacks: STEP 1 Click Security > ARP Attack Protection. The ARP Attack Protection page opens.
8 Security Preventing ARP Attacks IP&MAC Binding allows you to bind an IP address to a MAC address and vice versa. It only allows traffic when the host IP address matches a specified MAC address. By requiring the gateway to validate the source traffic's IP address with the unique MAC address of device, this ensures that traffic from the specified IP address is not spoofed. STEP 5 Enter the following information: • IP Address: Enter the IP address that you want to bind with a MAC address.
9 System Management This chapter describes the administration features of the RV315W, including user management, remote management, system diagnostics and logs, date and time, and other settings.
9 System Management Configuring User Accounts STEP 3 Click OK to reboot the unit. Rebooting the unit will close all current sessions and the system will be down for several seconds. Configuring User Accounts Use the User Management page to manage the user accounts. Viewing User Information The RV315W predefines an administrative account (admin) and a normal user (cisco). The administrative account has full privilege to set the configuration and read the system status.
9 System Management Configuring User Accounts Creating a New User To create a normal user, you must log in to web-based Configuration Utility using the system administrator account. Up to 5 user accounts can be configured on the RV315W, including the default system administrator (admin) and normal user (cisco). To create a new user account: STEP 1 Click System Management > User Management. The User Management page opens.
System Management Restoring Factory Default Settings 9 STEP 4 Click OK to save your settings. Deleting a Local User The system administrator can remove a new added local user from the local user database. To delete a local user: STEP 1 Click System Management > User Management. The User Management page opens. STEP 2 In the Local User List area, check the corresponding user and click Delete. STEP 3 Click OK to delete it from the local user database.
9 System Management Managing System Configuration To restore the RV315W to the factory default settings through the utility: STEP 1 Click System Management > Reset To Factory Defaults. The Reset To Factory Defaults page opens. STEP 2 Click Reset to Factory Defaults. STEP 3 This operation reboots the unit and restores the RV315W to the factory default settings. The settings that you have previously made to the RV315W are lost. Click OK.
9 System Management Upgrading the Firmware The RV315W first sends a message to the upper-level NMS. The upper-level NMS automatically gets the configuration file of the RV315W after the NMS receives the requesting message. Upgrading the Firmware ! CAUTION During a firmware upgrade, do NOT turn off the device, shut down the PC, remove the cable, or interrupt the process in any way until the operation is complete. This process should take several minutes including the reboot process.
9 System Management Using Diagnostic Utilities STEP 4 Click Upgrade. After the new firmware image is validated, the new image is written to flash and the RV315W is automatically rebooted with the new firmware. Using Diagnostic Utilities Use the following diagnostic utilities to access configuration of the RV315W and to monitor the overall network health. Ping Use the Ping page to test the connectivity between the RV315W and a connected device on the network.
9 System Management Configuring System Time HTTP Get Use the HTTP Get page to query the URL information of a website. STEP 1 Click System Management > Diagnostic Utilities > HTTP Get. The HTTP Get page opens. STEP 2 Enter the IP address or URL of the website. STEP 3 Click Start. DNS Query Use the DNS Query page to retrieve the IP address of any server on the Internet. STEP 1 Click System Management > Diagnostic Utilities > DNS Query. The DNS Query page opens.
9 System Management Configuring TR-069 STEP 3 In the Set System Time area, select the Dynamically radio button to automatically synchronize the date and time with the specified NTP servers: • NTP Server 1: Enter the IP address or domain name of the primary NTP server. • NTP Server 2: Enter the IP address or domain name of the secondary NTP server. STEP 4 Click OK to save your settings. Configuring TR-069 TR-069 is a DSL Forum specification for CPE WAN Management Protocol (CWMP).
9 System Management Configuring TR-069 - Username: Enter the username of the remote management server in order to send the connection requests to CPE. - Password: Enter the password of the remote management server in order to send the connection requests to CPE. - Send Inform Packets: (Optional) Click Enable to enable the Send Inform Packets feature, or click Disable to disable this feature.
9 System Management Configuring SNMP • Password: Enter the password for LOID authentication. • Ask for binding: Click Request Authentication to send the request of LOID authentication management. - Status: Indicates no authentication results. - Result: Indicates no uploading results. - Limit: Displays the maximum amount of retries and the current number of retries. STEP 3 Click OK to save your settings.
9 System Management Configuring SNMP • Security Username: Enter the name of the administrator account with the ability to access and manage the SNMP MIB objects. This is only available for SNMPv3. • Authentication Password: Enter the password of the administrator account for authentication (the minimum length of password is 8 characters). This is only available for SNMPv3. • Authentication Method: Select either None or CBC-DES as the authentication method.
9 System Management Configuring Remote Management Configuring Remote Management You can access web-based Configuration Utility from the LAN side by using the RV315W’s LAN IP address and HTTP, or from the WAN side by using the RV315W’s WAN IP address and HTTPS (HTTP over SSL) or HTTP. Configuring Remote Access Protocols and Ports The RV315W allows remote management securely by using HTTPS or HTTP, for example, https://xxx.xxx.xxx.xxx:443.
9 System Management Configuring Remote Management Configuring Trusted Remote Hosts Only the trusted hosts can be allowed to access the RV315W by using HTTPS or HTTP from the WAN side. To specify the trusted hosts: STEP 1 Click System Management > Remote Management > Trusted Remote Hosts. The Trusted Remote Hosts page opens. STEP 2 Click the Any IP Address radio button to allow all hosts from the WAN side to access the RV315W remotely.
A Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco RV315W Broadband Wireless VPN Router. Cisco Small Business Support Community www.cisco.com/go/smallbizsupport Cisco Small Business Support and Resources www.cisco.com/go/smallbizhelp Phone Support Contacts www.cisco.com/go/sbsc Cisco Small Business Firmware www.cisco.com/go/smallbizfirmware Downloads Select a link to download firmware for Cisco Small Business Products.