Buffalo DD-WRT-v24SP2-MULTI Router Manual PDF (Setup & Configuration Guide)

Page 11 / 171 Scroll up to view Page 6 - 10

2.3.2.2. Wireless Security

Because wireless data packets can easily be sniffed, wireless

connections require a greater level of security to ensure that data

cannot be read by unauthorized users.

Security Mode

Mode

Description

Disabled

No encryption set (not recommended!)

WPA Personal

WPA encryption with a passphrase (text

password)

WPA Enterprise (AP

only)

WPA encryption with Radius Client

authentication according to 802.1x

WPA2 Personal

WPA2 encryption with a passphrase (text

password)

WPA2 Enterprise (AP

only)

WPA2 encryption with Radius Client

authentication according to 802.1x

WPA2 Personal Mixed

WPA & WPA2 encryption in WPA/WPA2 mixed mode

with a passphrase (text password)

WPA2 Enterprise Mixed

(AP only)

WPA & WPA2 encryption in WPA/WPA2 mixed with

Radius Client authentication according to

802.1x

RADIUS

WEP

WEP 64 Bit / 128 Bit encryption (insecure;

not recommended!)

802.1x (Client only)

Client side mode to connect to AP’s working

with WPA Enterprise Modes via RADIUS

authentication

When using WEP encryption (not recommended), the user can choose

between 64 bit and 128 bit keys. Keys can be entered as passphrases

that are used to generate the Hex keys. Theoretically 128 bit keys

offer a higher level of security but because of design flaws, that’s

not the case in actual use.

Key length

Description

64 Bit (10

Hexadecimal

characters)

Standard

128 Bit (26

Hexadecimal

characters)

With WPA or WPA2 encryption, there are several encryption algorithms

to choose from. AES is more secure but TKIP is more widely supported.

There is also a TKIP + AES setting, but that does not offer more

security than TKIP.

Algorithm

Description

TKIP

TKIP encryption, supported by most clients

- 10 -

Page 12 / 171

devices

AES

AES encryption offers a better level of

security but might not be supported by a

number of client devices and requires less

CPU processing power.

TKIP + AES

Mixed mode – offers best compatibility but

doesn’t work in all environments

If RADIUS security is used, the MAC address format has to be set

accordingly.

RADIUS MAC format

options

Description

aabbcc-ddeeff

Standard

aabbccddeeff

aa:bb:cc:dd:ee:ff

aa-bb-cc-dd-ee-ff

2.3.2.3. AOSS/WPS

AOSS (AirStation One-touch Secure Setup) is Buffalo Technology’s

system to automatically connect wireless clients to an access point.

Just press the button on the AirStation, then press the button for the

wireless client (which might be in its software). AOSS will connect

the wireless devices automatically. AOSS is recommended if all of your

wireless devices support it. AOSS can only be used in AP mode.

The WPS is a standard created by the Wi-Fi Alliance. There are two

methods of configuration, PBC and PIN. PBC is similar to AOSS. PIN

uses a unique PIN code to register the wireless client to the

AirStation. If your wireless devices support it, WPS makes

configuration simple and automatic.

Enable AOSS

Enables the AOSS Service. When disabled, AOSS cannot be used.

Start AOSS Negotiation

To initiate AOSS, either click the AOSS button in the GUI or hold down

the AOSS button on the front of the router for 3 seconds.

Security Modes

You may choose which security modes are offered in the AOSS

negotiation process. The use of WEP in general is not recommended due

to security concerns.

WPS Button

Enables the WPS button. When disabled, WPS button cannot be used.

WPS PIN

Enter the PIN code printed on your client device or your client

authentication application.

- 11 -

Page 13 / 171

2.3.2.4. MAC Filter

The MAC Filter defines a list of client MAC addresses that are allowed

to connect wirelessly.

MAC addresses that aren’t on the list aren’t

allowed to connect.

2.3.3.

Services

2.3.3.1. Services

The services section allows the configuration of basic service

settings. Telnet and SSH can be configured this way. Remote access

options are configured in the

Administration

section.

Available DHCP Server

Domains

Description

WAN

Standard

LAN / WLAN

Rflow / MACupd

Interface Options

Description

LAN & WLAN

Standard

LAN

WLAN

2.3.3.2. FreeRadius

Certain applications (for example, Chillispot hotspot software)

benefit from a RADIUS server for management of user credentials and

settings.

Server Certificate

This section contains the parameters to generate the RADIUS server

certificate. The certificate needs to be generated before clients can

be configured to connect to the RADIUS server.

Certificate Status

Displays the server certificate creation status.

Settings

Choose the port that the RADIUS server uses for client communication.

The default port is 1812.

Clients

This section is used to define RADIUS clients (required for HotSpot

usage).

Users

Lists the users defined in the RADIUS servers.

Allows creation and

modification of accounts.

- 12 -

Page 14 / 171

2.3.3.3. PPPoE Server

Some applications require a PPPoE server on the router, which can be

configured here. The PPPoE server is disabled by default.

2.3.3.4. VPN

The router can also be configured as VPN server or VPN client.

PPTP

When defining the PPTP server’s IP range, avoid overlap with the range

of IP addresses handed out by DHCP if DHCP is enabled. The IP range is

defined using the following syntax:

xxx.xxx.xxx.<start-ip>-<end-ip>

for example

192.168.1.20-30

Enter client login data follows:

<username> * <password> *

for example

testuser * test *

The encryption options can be set as follows

PPTP server type

Settings

DD-WRT Router

mppe required (Standard)

Windows PPTP Server

mppe required,no40,no56,stateless

or

mppe required,no40,no56,stateful

OpenVPN

OpenVPN is a powerful and flexible VPN solution. OpenVPN security is

based on certificates that cannot created on the router itself. Please

refer to OpenVPN’s online documentation for instructions on creating

certificates and configuring OpenVPN.

2.3.3.5. USB

The router’s USB port can be used for several purposes. Here the basic

and advanced USB parameters are defined. Besides enabling USB and

defining the USB hardware standard to use you can also define if

printer and storage support for USB shall be enabled.

2.3.3.6. NAS

If USB hard drive support is enabled, you can start the integrated

ProFTPd server to share data on an attached hard disk via FTP.

- 13 -

Page 15 / 171

The User/Password data are entered as follows:

<username> * <password> *

for example

testuser * test *

Be careful enabling anonymous login.

If anonymous login is enabled,

everyone accessing your network has permission to read and write data.

2.3.3.7. Hotspot

Most hotspot software requires a server to store user settings and

login information. Please note that Sputnik is a commercial hotspot

service that requires an agreement with Sputnik for usage.

2.3.3.8. Milkfish SIP Router

This package is an implementation of the Milkfish SIP router.

2.3.3.9. My Ad Network

Allows the creation of an AnchorFree Hotspot that can be used to

create revenue via AnchorFree.

2.3.4.

Security

2.3.4.1. Firewall

Aside from enabling and disabling the firewall, you can also set

additional filters, block certain network requests for the WAN

interface, and manage logs.

2.3.4.2. VPN Pass-through

VPN settings effect how the firewall handles IPSec, PPTP, and L2TP

connections. By default, pass-through is enabled. Please note that

disabling pass-through will usually prevent you from establishing VPN

connections from computers located in your local network to VPN

servers on the internet.

2.3.5.

Access Restrictions

2.3.5.1. WAN Access

The WAN access settings allow the definition of time and service

related access rules.

2.3.6.

NAT / QoS

2.3.6.1. Port Forwarding

Port forwarding allows the assigning of WAN ports to specific internal

IP addresses and matching ports. Bidirectional external traffic can be

- 14 -

Rate

Popular Buffalo Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share