SMC Networks Router SMCWBR14-G2 User Manual
Have a look at the manual SMC Networks Router SMCWBR14-G2 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 10 SMC Networks manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
SECURITY 4-45 WEP WEP is the basic mechanism to transmit your data securely over a wireless network. Matching encryption keys must be set up on your Barricade and and each of your wireless client devices. Parameter Description WEP Mode Select 64-bit or 128-bit key to use for encryption. Key Entry Method Select hexadecimal (Hex) or ASCII for the key entry method. Key Provisioning Select Static if there is only one fixed key for encryption. If you want to select Dynamic, you need to enable 802.1X function first. Default Key ID Choose which key to use as default. Passphrase Check the Passphrase check box to generate a key automatically. Key 1~4 The Barricade supports up to 4 keys. You select the default key.
CONFIGURING THE BAR RICADE
4-46
You may automatically generate encryption keys or manually enter the
keys. To generate the key automatically with passphrase, check the
Passphrase box, and enter a string of characters. Select the default key
from the drop-down menu. Click APPLY.
Note:The passphrase can consist of up to 63 alphanumeric characters.
Hexadecimal Keys
A hexadecimal key is a mixture of numbers and letters from A-F and 0-9.
64-bit keys are 10 digits long and can be divided into five two-digit
numbers. 128-bit keys are 26 digits long and can be divided into 13
two-digit numbers.
ASCII Keys
There are 95 printable ASCII characters:
!#$%&()*+,-./0123456789:;?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
`abcdefghijklmnopqrstuvwxyz{|}~
Having selected and recorded your key, click Save Settings to proceed, or
Cancel to go back.
SECURITY 4-47 WPA/WPA2 WPA/WPA2 is a security enhancement that strongly increases the level of data protection and access control for existing wireless LAN. Matching authentication and encryption methods must be set up on your Barricade and wireless client devices to use WPA/WPA2. To use WPA, your wireless network cards must be equipped with software that supports WPA. A security patch from Microsoft is available for free download (for XP only). Parameter Description Cipher Suite The security mechanism used in WPA for encryption. Select TKIP+AES (WPA/WPA2) or AES WPA2 Only. Authentication Select 802.1X or Pre-shared Key for the authentication method. - 802.1X: for the enterprise network with a RADIUS server. - Pre-shared key: for the SOHO network environment without an authentication server. Pre-shared key type Select the key type to be used in the Pre-shared Key. Pre-shared Key Type the key here. Group Key Re_Keying The period of renewing the broadcast/multicast key.
CONFIGURING THE BAR RICADE 4-48 WPA WPA addresses all known vulnerabilities in WEP, the original, less secure 40 or 104-bit encryption scheme in the IEEE 802.11 standard. WPA also provides user authentication, since WEP lacks any means of authentication. Designed to secure present and future versions of IEEE 802.11 devices, WPA is a subset of the IEEE 802.11i specification. WPA replaces WEP with a strong new encryption technology called Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC). It also provides a scheme of mutual authentication using either IEEE 802.1X/Extensible Authentication Protocol (EAP) authentication or pre-shared key (PSK) technology. The passphrase can consist of up to 32 alphanumeric characters. WPA2 Launched in September 2004 by the Wi-Fi Alliance, WPA2 is the certified interoperable version of the full IEEE 802.11i specification which was ratified in June 2004. Like WPA, WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES). WPA and WPA2 Mode Types Click Save Settings to proceed, or Cancel to change your settings. WPA WPA2 Enterprise ModeAuthentication: IEEE 802.1X/EAP Encryption: TKIP/MICAuthentication: IEEE 802.1X/EAP Encryption: AES-CCMP SOHO Mode Authentication: PSK Encryption: TKIP/MICAuthentication: PSK Encryption: AES-CCMP
SECURITY 4-49 802.1X If 802.1X is used in your network, then you should enable this function for the Barricade. This screen allows you to set the 802.1X parameters. 802.1X is a method of authenticating a client wireless connection. Enter the parameters below to connect the Barricade to the Authentication Server. Parameter Description 802.1X Authentication Enable or disable the authentication function. Session Idle Timeout This is the time (in seconds) that a session will sit inactive before terminating. Set to 0 if you do not want the session to timeout. (Default: 300 seconds) Re-Authentication PeriodThe interval time (in seconds) after which the client will be asked to re-authenticate. For example, if you set this to 30 seconds, the client will have to re-authenticate every 30 seconds. Set to 0 for no re-authentication. (Default: 3600 seconds) Quiet Period This is the interval time (in seconds) for which the Barricade will wait between failed authentications. (Default: 60 seconds) Server Type Sets the authentication server type. Server IP Set the IP address of your RADIUS server.
CONFIGURING THE BAR RICADE 4-50 The use of IEEE 802.1X offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1X ties EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. Click Save Settings to proceed, or Cancel to change your settings. Server Port Set the connection port that is configured on the radius server. Secret Key The 802.1X secret key used to configure the Barricade. NAS-ID Defines the request identifier of the Network Access Server. Parameter Description
ADVANCED SETTINGS 4-51 Advanced Settings To configure the advanced settings such as NAT, Maintenance, System settings and UPnP, click Advanced Settings. Note:Changing some of the device settings in the Advanced Settings mode may cause the Barricade to become unresponsive. The Barricade’s advanced management interface contains 6 main menu items as described in the following table. Menu Description NAT Shares a single ISP account with multiple users, sets up virtual servers. Maintenance Allows you to backup, restore, reset, and upgrade the Barricade’s firmware. System Sets the local time zone, the password for administrator access, the IP address of a PC that will be allowed to manage the Barricade remotely, and the IP address of a Syslog Server. UPnP Universal Plug and Play (UPnP) allows for simple and robust connectivity between external devices and your PC. DNS Sets the IP address of a Domain Name Server. DDNS Dynamic DNS provides users on the Internet with a method to tie their domain name to a computer or server. Routing Sets routing parameters and displays the current routing table.
CONFIGURING THE BAR RICADE 4-52 NAT The first menu item in the Advanced Settings section is Network Address Translation (NAT). This process allows all of the computers on your home network to use one IP address. Using the NAT capability of the Barricade, you can access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP. To use the NAT feature, check the Enable radio button and click Save Settings.
ADVANCED SETTINGS 4-53 Address Mapping Network Address Translation (NAT) allows IP addresses used in a private local network to be mapped to one or more addresses used in the public, global Internet. This feature limits the number of public IP addresses required from the ISP and also maintains the privacy and security of the local network. We allow one public IP address to be mapped to a pool of local addresses. Click Save Settings to proceed, or Cancel to change your settings.
CONFIGURING THE BAR RICADE 4-54 Virtual Server Using this feature, you can put PCs with public IPs and PCs with private IPs in the same LAN area. If you configure the Barricade as a virtual server, remote users accessing services such as web or FTP at your local site via public IP addresses can be automatically redirected to local servers configured with private IP addresses. In other words, depending on the requested service (TCP/UDP port number), the Barricade redirects the external service request to the appropriate server (located at another internal IP address). For example, if you set Type/Public Port to TCP/80 (HTTP or web) and the Private IP/Port to 192.168.2.2/80, then all HTTP requests from outside users will be transferred to 192.168.2.2 on port 80. Therefore, by just entering the IP address provided by the ISP, Internet users can access the service they need at the local address to which you redirect them. The more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23, and POP3: 110. Click All known port number for more information about public service ports.