Setting up your wireless router

31

5

Click the

Wireless Networks

tab, then click

Configure

. The following screen opens.

6

For a home or small business user, select

WPA-PSK

under

Network Authentication

.

Note

: Select

WPA

if you are using this computer to connect to a corporate network that

supports an authentication server such as a radius server. Consult your network

administrator for further information.

7

Select

TKIP

or

AES

under

Data Encryption

. This setting must be identical to the

router that you set up.

8

Type in your encryption key in the

Network key

box.

Important

: Enter your pre-shared key. This can be from eight to 63 characters and can be

letters, numbers, or symbols. This same key must be used on all of the clients that you set

up.

9

Click

OK

to apply settings.

Using the Access Point Mode

Note

: This advanced feature should be employed by advanced users only. The Router can be

configured to work as a wireless network access point. Using this mode will defeat the NAT

IP sharing feature and DHCP server. In Access Point (AP) mode, the Router will need to be

configured with an IP address that is in the same subnet as the rest of the network that

you will bridge to. The default IP address is 192.168.2.254 and subnet mask is

255.255.255.0. These can be customized for your needs.

32

Setting up your wireless router

To use the Access Point mode:

1

Click

Use as access point

under the

Wireless

heading on the left menu. The

Wireless

> Use as Access Point

page opens.

2

Select

Enable

. When you select this option, you will be able to change the IP settings.

3

Set your IP settings to match your network, then click

Apply Changes

.

4

Connect a cable from the Modem port on the router to your existing network.

The router is now acting as an access point. To access the router's Web-Based

Advanced User Interface again, type the IP address you specified into your browser's

navigation bar. You can set the encryption settings, MAC address filtering, SSID, and

channel normally.

Configuring the Firewall

Your router is equipped with a firewall that will protect your network from a wide array of

common hacker attacks including:

•

IP Spoofing

•

SYN flood

•

Land Attack

•

UDP flooding

•

Ping of Death (PoD)

•

Tear Drop Attack

•

Denial of Service (DoS)

•

ICMP defect

•

IP with zero length

•

RIP defect

•

Smurf Attack

•

Fragment flooding

•

TCP Null Scan

Setting up your wireless router

33

The firewall also masks common ports that are frequently used to attack networks. These

ports appear to be

Stealth

, meaning that for all intents and purposes, they do not exist to a

would-be hacker. You can turn the firewall function off if needed, however, it is

recommended that you leave the firewall enabled. Disabling the firewall protection will not

leave your network completely vulnerable to hacker attacks, but it is recommended that you

leave the firewall enabled.

Configuring Internal Forwarding Settings

The

Virtual Servers

function lets you route external (Internet) calls for services such as a Web

server (port 80), FTP server (Port 21), or other applications through your router to your

internal network. Since your internal computers are protected by a firewall, computers

outside your network (over the Internet) cannot get to them because they cannot be

seen

.

You will need to contact the application vendor to find out which port settings you need.

To enter settings into the virtual server:

1

Open the

Virtual Servers

page, then enter the IP address in the space provided for the

internal (server) machine, and the port(s) required to pass.

2

Select the port type (TCP or UDP), check the

Enable

box, then click

Apply Changes

.

Each inbound port entry has two fields with five characters maximum per field that

allows a start and end port range, e.g. [xxxxx]-[xxxxx]. For each entry, you can enter a

single port value by filling in the two fields with the same value (for example,

[7500]-[7500]) or a wide range of ports (for example [7500]-[9000]). If you need

multiple single port values or a combination of ranges and a single value, you must

use multiple entries up to the maximum of 20 entries (for example, 1. [7500]-[7500],

2. [8023]-[8023], 3. [9000]-[9000]). You can only pass one port per internal IP

address. Opening ports in your firewall can pose a security risk. You can enable and

disable settings very quickly. It is recommended that you disable the settings when

you are not using a specific application.

34

Setting up your wireless router

Setting Client IP Filters

The router can be configured to restrict access to the Internet, e-mail, or other network

services at specific days and times. Restriction can be set for a single computer, a range of

computers, or multiple computers.

To restrict Internet access to a single computer:

1

Open the

Firewall > Client IP filters

page, then enter the IP address of the computer you

wish to restrict access to in the IP fields.

2

Enter

80

in both the port fields, select

Both

, then select

Block

. You can also select

Always

to block access all of the time.

3

Select the day to start on top, the time to start on top, the day to end on the bottom,

and the time to stop on the bottom.

4

Select

Enable

, then click

Apply Changes

. The computer at the IP address you

specified will now be blocked from Internet access at the times you specified. Be sure

you have selected the correct time zone under

Utilities

>

System Settings

>

Time

Zone

.

Setting MAC Address Filtering

The MAC address filter is a powerful security feature that allows you to specify which

computers are allowed on the network. Any computer attempting to access the network that

is not specified in the filter list will be denied access. When you enable this feature, you must

enter the MAC address of each client (computer) on your network to allow network access to

each.

To set MAC Address Filtering:

1

Open the

Firewall > MAC Address filters

page, then click

Enable MAC Address

Filtering

.

2

Enter the MAC address of each computer on your network by clicking in the space

provided and entering the MAC address of the computer you want to add to the list.

Setting up your wireless router

35

3

Click

Add

, then click

Apply Changes

to save the settings. You can have a

MAC-address-filtering list of up to 32 computers.

Note

: You will not be able to delete the MAC address of the computer you are using to access

the Router's administrative functions (the computer you are using now).

Enabling the Demilitarized Zone (DMZ)

The DMZ feature lets you specify one computer on your network to be placed outside of the

firewall. This may be necessary if the firewall is causing problems with an application such as

a game or video conferencing application. Use this feature on a temporary basis. The

computer in the DMZ is NOT protected from hacker attacks. If your ISP subscription provides

you with additional public (WAN) IP addresses, additional computers can be placed outside

the firewall provided each computer uses a different public (WAN) IP.

To set up a DMZ for a computer:

•

Open the

Firewall > DMZ

page and enter the last digits of the computer’s IP address in

the

IP field

, click

Enable

, then click

Apply Changes

for the change to take effect.

WAN Ping Blocking

Computer hackers use what is known as

pinging

to find potential victims on the Internet. By

pinging a specific IP address and receiving a response from the IP address, a hacker can

determine that something of interest might be there. The router can be set up so it will not

respond to an ICMP ping from the outside. This heightens the level of security of your router.

To turn off the ping response

•

Open the

Firewall > WAN Ping Blocking

page and select Block ICMP Ping, then click

Apply Changes

. The router will not respond to an ICMP ping.