Page 11 / 171 Scroll up to view Page 6 - 10
2.3.2.2. Wireless Security
Because wireless data packets can easily be sniffed, wireless
connections require a greater level of security to ensure that data
cannot be read by unauthorized users.
Security Mode
Mode
Description
Disabled
No encryption set (not recommended!)
WPA Personal
WPA encryption with a passphrase (text
password)
WPA Enterprise (AP
only)
WPA encryption with Radius Client
authentication according to 802.1x
WPA2 Personal
WPA2 encryption with a passphrase (text
password)
WPA2 Enterprise (AP
only)
WPA2 encryption with Radius Client
authentication according to 802.1x
WPA2 Personal Mixed
WPA & WPA2 encryption in WPA/WPA2 mixed mode
with a passphrase (text password)
WPA2 Enterprise Mixed
(AP only)
WPA & WPA2 encryption in WPA/WPA2 mixed with
Radius Client authentication according to
802.1x
RADIUS
WEP
WEP 64 Bit / 128 Bit encryption (insecure;
not recommended!)
802.1x (Client only)
Client side mode to connect to AP’s working
with WPA Enterprise Modes via RADIUS
authentication
When using WEP encryption (not recommended), the user can choose
between 64 bit and 128 bit keys. Keys can be entered as passphrases
that are used to generate the Hex keys. Theoretically 128 bit keys
offer a higher level of security but because of design flaws, that’s
not the case in actual use.
Key length
Description
64 Bit (10
Hexadecimal
characters)
Standard
128 Bit (26
Hexadecimal
characters)
With WPA or WPA2 encryption, there are several encryption algorithms
to choose from. AES is more secure but TKIP is more widely supported.
There is also a TKIP + AES setting, but that does not offer more
security than TKIP.
Algorithm
Description
TKIP
TKIP encryption, supported by most clients
- 10 -
Page 12 / 171
devices
AES
AES encryption offers a better level of
security but might not be supported by a
number of client devices and requires less
CPU processing power.
TKIP + AES
Mixed mode – offers best compatibility but
doesn’t work in all environments
If RADIUS security is used, the MAC address format has to be set
accordingly.
RADIUS MAC format
options
Description
aabbcc-ddeeff
Standard
aabbccddeeff
aa:bb:cc:dd:ee:ff
aa-bb-cc-dd-ee-ff
2.3.2.3. AOSS/WPS
AOSS (AirStation One-touch Secure Setup) is Buffalo Technology’s
system to automatically connect wireless clients to an access point.
Just press the button on the AirStation, then press the button for the
wireless client (which might be in its software). AOSS will connect
the wireless devices automatically. AOSS is recommended if all of your
wireless devices support it. AOSS can only be used in AP mode.
The WPS is a standard created by the Wi-Fi Alliance. There are two
methods of configuration, PBC and PIN. PBC is similar to AOSS. PIN
uses a unique PIN code to register the wireless client to the
AirStation. If your wireless devices support it, WPS makes
configuration simple and automatic.
Enable AOSS
Enables the AOSS Service. When disabled, AOSS cannot be used.
Start AOSS Negotiation
To initiate AOSS, either click the AOSS button in the GUI or hold down
the AOSS button on the front of the router for 3 seconds.
Security Modes
You may choose which security modes are offered in the AOSS
negotiation process. The use of WEP in general is not recommended due
to security concerns.
WPS Button
Enables the WPS button. When disabled, WPS button cannot be used.
WPS PIN
Enter the PIN code printed on your client device or your client
authentication application.
- 11 -
Page 13 / 171
2.3.2.4. MAC Filter
The MAC Filter defines a list of client MAC addresses that are allowed
to connect wirelessly.
MAC addresses that aren’t on the list aren’t
allowed to connect.
2.3.3.
Services
2.3.3.1. Services
The services section allows the configuration of basic service
settings. Telnet and SSH can be configured this way. Remote access
options are configured in the
Administration
section.
Available DHCP Server
Domains
Description
WAN
Standard
LAN / WLAN
Rflow / MACupd
Interface Options
Description
LAN & WLAN
Standard
LAN
WLAN
2.3.3.2. FreeRadius
Certain applications (for example, Chillispot hotspot software)
benefit from a RADIUS server for management of user credentials and
settings.
Server Certificate
This section contains the parameters to generate the RADIUS server
certificate. The certificate needs to be generated before clients can
be configured to connect to the RADIUS server.
Certificate Status
Displays the server certificate creation status.
Settings
Choose the port that the RADIUS server uses for client communication.
The default port is 1812.
Clients
This section is used to define RADIUS clients (required for HotSpot
usage).
Users
Lists the users defined in the RADIUS servers.
Allows creation and
modification of accounts.
- 12 -
Page 14 / 171
2.3.3.3. PPPoE Server
Some applications require a PPPoE server on the router, which can be
configured here. The PPPoE server is disabled by default.
2.3.3.4. VPN
The router can also be configured as VPN server or VPN client.
PPTP
When defining the PPTP server’s IP range, avoid overlap with the range
of IP addresses handed out by DHCP if DHCP is enabled. The IP range is
defined using the following syntax:
xxx.xxx.xxx.<start-ip>-<end-ip>
for example
192.168.1.20-30
Enter client login data follows:
<username> * <password> *
for example
testuser * test *
The encryption options can be set as follows
PPTP server type
Settings
DD-WRT Router
mppe required (Standard)
Windows PPTP Server
mppe required,no40,no56,stateless
or
mppe required,no40,no56,stateful
OpenVPN
OpenVPN is a powerful and flexible VPN solution. OpenVPN security is
based on certificates that cannot created on the router itself. Please
refer to OpenVPN’s online documentation for instructions on creating
certificates and configuring OpenVPN.
2.3.3.5. USB
The router’s USB port can be used for several purposes. Here the basic
and advanced USB parameters are defined. Besides enabling USB and
defining the USB hardware standard to use you can also define if
printer and storage support for USB shall be enabled.
2.3.3.6. NAS
If USB hard drive support is enabled, you can start the integrated
ProFTPd server to share data on an attached hard disk via FTP.
- 13 -
Page 15 / 171
The User/Password data are entered as follows:
<username> * <password> *
for example
testuser * test *
Be careful enabling anonymous login.
If anonymous login is enabled,
everyone accessing your network has permission to read and write data.
2.3.3.7. Hotspot
Most hotspot software requires a server to store user settings and
login information. Please note that Sputnik is a commercial hotspot
service that requires an agreement with Sputnik for usage.
2.3.3.8. Milkfish SIP Router
This package is an implementation of the Milkfish SIP router.
2.3.3.9. My Ad Network
Allows the creation of an AnchorFree Hotspot that can be used to
create revenue via AnchorFree.
2.3.4.
Security
2.3.4.1. Firewall
Aside from enabling and disabling the firewall, you can also set
additional filters, block certain network requests for the WAN
interface, and manage logs.
2.3.4.2. VPN Pass-through
VPN settings effect how the firewall handles IPSec, PPTP, and L2TP
connections. By default, pass-through is enabled. Please note that
disabling pass-through will usually prevent you from establishing VPN
connections from computers located in your local network to VPN
servers on the internet.
2.3.5.
Access Restrictions
2.3.5.1. WAN Access
The WAN access settings allow the definition of time and service
related access rules.
2.3.6.
NAT / QoS
2.3.6.1. Port Forwarding
Port forwarding allows the assigning of WAN ports to specific internal
IP addresses and matching ports. Bidirectional external traffic can be
- 14 -

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top