Setting up your wireless router

31

Setting WEP encryption

Note to Mac users:

The

Passphrase

option will not operate with Apple® AirPort®. To

configure encryption for your Mac computer, set the encryption using the manual method

described in the next section.

To set WEP encryption:

1

From the

Security Mode

drop-down menu, select

128-bit WEP

or

64-bit WEP

from

the.

2

After selecting your WEP encryption mode, enter you WEP key manually by typing the

hex WEP key, or type a passphrase in the

PassPhrase

field, then click

Generate

to

create a WEP key from the passphrase.

3

Click

Apply Changes

to finish. You must now set all of your clients to match these

settings.

Encryption in your router is now set. Each of your computers on your wireless network

will now need to be configured with the same passphrase. Refer to the documentation

of your wireless network adapter for information on making this change.

Using a Hexadecimal Key

A hexadecimal key is a mixture of numbers and letters from A-F and 0-9. 64-bit keys are 10

digits long and can be divided into five two-digit numbers. 128-bit keys are 26 digits long

and can be divided into 13 two-digit numbers.

For instance:

AF 0F 4B C3 D4

= 64-bit key

C3 03 0F AF 0F 4B B2 C3 D4 4B C3 D4 E7

= 128-bit key

In the table below, make up your key by writing in two characters between A-F and 0-9. You

will use this key to program the encryption settings on your router and your wireless

computers.

Note to Mac users:

Original Apple AirPort products support 64-bit encryption only. Apple

AirPort 2 products can support 64-bit or 128-bit encryption. Check your product to see

which version you are using. If you cannot configure your network with 128-bit

encryption, try 64-bit encryption.

32

Setting up your wireless router

Using the Access Point mode

Note

: This advanced feature should be employed by advanced users only. Your router can be

configured to work as a wireless network access point. Using this mode will defeat the

NAT IP sharing feature and DHCP server. In Access Point (AP) mode, your router will need

to be configured with an IP address that is in the same subnet as the rest of the network

that you will bridge to. The default IP address is 192.168.2.254 and subnet mask is

255.255.255.0. These can be customized for your needs.

To use the Access Point mode:

1

Click

Use as access point

under the

Wireless

heading on the left menu. The

Wireless

> Use as Access Point

page opens.

2

Select

Enable

. When you select this option, you will be able to change the IP settings.

3

Set your IP settings to match your network, then click

Apply Changes

.

4

Connect a cable from the Modem port on your router to your existing network.

Your router is now acting as an access point. To access your router’s Web-Based

Advanced User Interface again, type the IP address you specified into your browser's

navigation bar. You can set the encryption settings, MAC address filtering, SSID, and

channel normally.

Setting up your wireless router

33

Setting MAC Address Control

The MAC address filter is a powerful security feature that lets you specify which computers

are allowed on the wireless network.

Note:

This list applies only to wireless computers.

This list can be configured so any computer attempting to access the wireless network that is

not specified in the filter list will be denied access. When you enable this feature, you must

enter the MAC address of each client (computer) to which you want to allow network access.

The

Block

feature lets you turn on and off access to the network easily for any computer

without having to add and remove the computer's MAC address from the list.

Setting up an Allow Access list

To set up an Allow Access list:

1

Click the

Allow

radio button to begin setting up a list of computers allowed to connect

to the wireless network.

2

In the

MAC Address

field that is blank, type the MAC address of the wireless computer

you want to be able to access the wireless network, then click

<<Add

.

3

Repeat Step 2 until all of the computers you want to add have been entered.

4

Click

Apply Changes

to finish.

Setting up a Deny Access list

The Deny Access list lets you specify computers that you DO NOT want to access the network.

Any computer in the list will not be allowed access to the wireless network. All others will.

To set up a Deny Access list:

1

Click the

Deny

radio button to begin setting up a list of computers to be denied access

to the wireless network.

2

In the

MAC Address

field that is blank, type the MAC address of the wireless computer

you want to deny access to the wireless network, then click

<<Add

.

3

Repeat Step 2 until all of the computers you want to deny access to have been entered.

4

Click

Apply Changes

to finish.

34

Setting up your wireless router

Configuring the firewall

Your router is equipped with a firewall that will protect your network from a wide array of

common hacker attacks including:

•

IP Spoofing

•

Land Attack Ping of Death (PoD)

•

Denial of Service (DoS)

•

IP with zero length

•

Smurf Attack

•

TCP Null Scan

•

SYN flood

•

UDP flooding

•

Tear Drop Attack

•

ICMP defect

•

RIP defect

•

Fragment flooding

The firewall also masks common ports that are frequently used to attack networks. These

ports appear to be

stealth

, meaning that for all intents and purposes, they do not exist to a

would-be hacker. You can turn the firewall function off if needed, however, it is

recommended that you leave the firewall enabled. Disabling the firewall protection will not

leave your network completely vulnerable to hacker attacks, but it is recommended that you

leave the firewall enabled.

Setting up your wireless router

35

Configuring Internal Forwarding settings

The

Virtual Servers

function lets you route external (Internet) calls for services such as a Web

server (port 80), FTP server (Port 21), or other applications through your router to your

internal network. Since your internal computers are protected by a firewall, computers

outside your network (over the Internet) cannot get to them because they cannot be

seen

. A

list of common applications has been provided in case you need to configure the Virtual

Server function for a specific application. If your application is not listed, you will need to

contact the application vendor to find out which port settings you need.

To enter settings into the virtual server:

1

Open the

Virtual Servers

page, then enter the IP address in the space provided for the

internal (server) machine, and the port(s) required to pass.

2

Select the port type (TCP or UDP), check the

Enable

box, then click

Apply Changes

.

Each inbound port entry has two fields with five characters maximum per field that

allows a start and end port range, for example

[xxxxx]-[xxxxx]

. For each entry, you

can enter a single port value by filling in the two fields with the same value (for

example,

[7500]-[7500]

) or a wide range of ports (for example

[7500]-[9000]

). If

you need multiple single port values or a combination of ranges and a single value,

you must use multiple entries up to the maximum of 20 entries (for example,

1.

[7500]-[7500]

, 2. [

8023]-[8023]

, 3.

[9000]-[9000]

). You can only pass one port

per internal IP address. Opening ports in your firewall can pose a security risk. You can

enable and disable settings quickly. It is recommended that you disable the settings

when you are not using a specific application.