3Com Router WL-602 User Manual
Have a look at the manual 3Com Router WL-602 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 19 3Com manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Firewall89 To edit or delete specific existing filtering rules, click on Edit or Delete for the appropriate filtering rule. Figure 70 PC Privileges Add PC Screen 1Enter a description in the Client PC Description field, and the IP address or IP address range into the Client PC IP Address fields. 2To bypass the URL Filter, check the corresponding Bypass checkbox. If you check this option, then the Web sites and keywords defined in this screen will not be filtered out. 3Select the services to be blocked. A list of popular services is listed on this screen, to block a particular service, check the appropriate Blocking checkbox. If the service to be restricted is not listed here, you can enter a custom range of ports at the bottom of the screen, under User Defined Blocked Ports. 4If you want the restriction to apply only at certain times, select the schedule rule to apply from the Schedule Rule drop-down menu. Note that schedule rules are defined on the Schedule Rules screen (see page 90). 5Click Apply to add the settings.
90CHAPTER 5: CONFIGURING THE ROUTER Schedule RuleThe Router can be configured to restrict access to the Internet, email or other network services at specific days and times. Define the time in this screen, and define the rules in the PC Privileges screen (see page 88). Figure 71 Schedule Rule Screen 1Click Add Rule to add a schedule rule (refer to Figure 72). Figure 72 Add Schedule Rule Screen 2Enter a name and comment for the schedule rule in the Name and Comment fields. 3Specify the schedule rules for the required days and times - note that all times should be in 24 hour format. 4Click Apply.
Firewall91 URL FilterTo configure the URL filter feature, use the table on the URL Filter screen to specify the Web sites (www.somesite.com) and/or keywords you want to filter on your network. For example, entering a keyword of xxx would block access to any URL that contains the string xxx. Figure 73 URL Filter Screen 1Check the Enable URL Filtering Function checkbox. The rule table will appear. 2Enter the URL address or keywords in the URL/Keyword field. 3Select Denied or Allowed from the Mode drop-down menu. To complete this configuration, you will need to create or modify the filtering rule in the PC Privileges screen (see page 88). From the PC Privileges Add PC screen (Figure 70), if you check the option: Bypass URL Filter, then the Web sites and keywords defined in this screen will not be filtered out.
92CHAPTER 5: CONFIGURING THE ROUTER AdvancedThe Advanced section allows you to set additional parameter details for the Router. You can configure: ■Security ■VLAN ■Static Routes ■RIP ■DDNS ■SNMP ■Syslog ■Proxy Arp ■QoS Settings SecurityUse the Security screen to set the advanced security settings for the Router. Figure 74 Security Screen
Advanced93 ■NAT — (Network Address Translation), NAT is the method by which the Router shares the single IP address assigned by your ISP with the computers on your network. This function should only be disabled by advanced users, and if your ISP assigns you multiple IP addresses or you need NAT disabled for an advanced system configuration. If you have a single IP address and you turn NAT off, the computers on your network will not be able to access the Internet. Other problems may also occur. ■IPSec NAT-T Pass-through — NAT-T (NAT Traversal) is an Internet Draft proposed to IETF in order to help the problems associated with passing IPSec traffic through NAT Routers. For NAT-T to work, both ends of the connection need to support this function. Ensure that you select NAT-T only if it is needed as it will reduce LAN-WAN throughput. This Router supports NAT-T draft 2 implementation. ■Universal Plug and Play — This is a technology that offers seamless operation of voice messaging, video messaging, games, and other applications that are Universal Plug and Play compliant. Some applications require the Routers firewall to be configured in a specific way to operate properly. This usually requires opening TCP and UDP ports and in some instances setting trigger ports. An application that is Universal Plug and Play compliant has the ability to communicate with the Router, basically telling the Router which way it needs the firewall configured. The Router ships with the Universal Plug and Play feature disabled. If you are using any applications that are Universal Plug and Play compliant, and want to take advantage of the Universal Plug and Play features, you can enable this feature. Simply check the Enable Universal Plug and Play checkbox. Click Apply to save the change. ■WAN Ping Blocking — Computer hackers use what is known as Pinging to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there. The Router can be set up so it will not respond to an Internet Control Message Protocol (ICMP) Ping from the outside. This heightens the level of security of your Router. To turn off the ping response, check Block ICMP Ping and click Apply; the Router will not respond to an ICMP ping from the Internet.
94CHAPTER 5: CONFIGURING THE ROUTER ■MSS Clamping — You might not be able to browse some Web sites or to send email messages that contain attachments from an Internet Connection Sharing client computer if your outbound connection is through a Windows XP-based Internet Connection Sharing host computer that uses Point-to-Point Protocol over Ethernet (PPPoE). This issue may occur if the Windows XP-based Internet Connection Sharing host computer uses a smaller Maximum Transmission Unit (MTU) size on the WAN interface (the PPPoE connection to the Internet) than it uses on the private interface (the Ethernet connection to the Internet Connection Sharing client). If a packet is larger than the MTU size on the WAN interface, the client sends an Internet Control Message Protocol (ICMP) error to the external server to request that the server negotiate the TCP Maximum Segment Size (MSS). However, this message may be blocked by some firewalls. When this occurs, the packet is dropped. To allow the message to go through the firewall, enable MSS Clamping. MSS clamping will make Internet Connection Sharing set the MSS value low enough to match the external interface. ■Remote Administration — This feature allows you to make changes to your Router’s settings from anywhere on the Internet. Four options are available: ■If you do not want to use this feature, select Disable Remote Administration. ■Select Enable administration from a single Internet Host, and enter the IP address, to allow only one computer to use the remote administration. This is more secure, as only the specified IP address will be able to manage the Router. ■Select Enable administration from a whole Subnet Internet Host, and enter the IP address and subnet mask, to allow PCs from that specific subnet group to use the remote administration. ■Select Enable administration from any Internet Host, this allows any computer to access the Router remotely. Before you enable this function, ensure that you have changed the factory default Administration Password.
Advanced95 VLANA VLAN is a flexible group of devices that can be located anywhere in a network, but they communicate as if they are on the same physical segment. With VLANs, you can segment your network without being restricted by physical connections - a drawback of traditional network design. As an example, with VLANs you can segment your network according to: ■Departmental groups - For example, you can have one VLAN for the Marketing department, another for the Finance department, and another for the Development department. ■Hierarchical groups - For example, you can have one VLAN for directors, another for managers, and another for general staff. ■Usage groups - For example, you can have one VLAN for users of e-mail, and another for users of multimedia. The main benefit of VLANs is that they provide a network segmentation system that is far more flexible than any traditional network. Using VLANs also provides you with three other benefits: ■It eases the change and movement of devices on IP networks: With traditional IP networks, network administrators spend much of their time dealing with moves and changes. If users move to a different IP subnet, the IP addresses of each endstation must be updated manually. With a VLAN setup, if an endstation in VLAN 1 is moved to a port in another part of the network, you only need to specify that the new port forwards VLAN 1 traffic. ■It provides extra security: Devices within each VLAN can only communicate directly with devices in the same VLAN. If a device in VLAN 1 needs to communicate with devices in VLAN 2, the traffic needs to pass through a routing device or Layer 3 switch. ■It helps to control broadcast traffic: With traditional networks, congestion can be caused by broadcast traffic that is directed to all network devices whether they require it or not. VLANs increase the efficiency of your network because each VLAN can be set up to contain only those devices that need to communicate with each other. The VLAN screen allows you to setup VLAN groups. Note that Wireless LAN is permanently assigned to Default VLAN.
96CHAPTER 5: CONFIGURING THE ROUTER Figure 75 VLAN Screen Click Add VLAN to create a new entry (see Figure 76). Figure 76 VLAN Profile Screen ■Enter a description for your VLAN in the Description field. ■Enter the IP Address and subnet mask in the corresponding fields. ■Select to set the NAT Domain as public or private. ■IGMP Snooping: enabling it will turn on the feature that allows an Ethernet switch to “listen in” on the IGMP conversation between hosts and routers. ■IGMP Querier: enabling this function will send out periodic IGMP queries. Click Apply.
Advanced97 Static RoutesYou can configure static routes in this screen. You can setup a static route that will get all traffic with destination to business network to go through VPN tunnel and the rest outside of the VPN tunnel. Figure 77 Static Routes Screen To add a static route entry to the table, click Add (see Figure 78). To change an existing entry, click Edit. To delete an entry, click Delete. Figure 78 Add Static Route Screen Enter the following information: ■Network Address — the network address of the static route. ■Subnet Mask — the subnet mask of the route. A network address of 0.0.0.0 and a subnet mask of 0.0.0.0 indicates the default route.
98CHAPTER 5: CONFIGURING THE ROUTER ■Gateway — the Router used to route data to the network specified by the network address. ■Interface — select the interface. Note that you should only confiqure either the Gateway information or select the Interface. After you have finished making changes to the table, click Apply. Here is an example of setting up a static route. ■IP address of your PC: 10.1.4.52 ■Subnet mask: 255.255.252.0 ■Default Gateway: 10.1.4.254 ■Network Address: 10.1.4.0 Figure 79 Add Static Route Example Screen