Page 51 / 98 Scroll up to view Page 46 - 50
Configuration and Management
1/1551-CRH 102 168 Uen Rev A
2008-12-16
45
Integrity Protocol) while WPA2 encryption follows AES (Advanced
Encryption Standard). AES offers a higher level of security and is approved
for sensitive corporate and government data transmission.
WPA/WPA2
Mixed
enables connection of both WPA and WPA2 clients.
WPA and WPA2 authentication and encryption require a passphrase. A
passphrase is a sequence of words or other text and is similar to a
password in usage, but is generally longer for added security.
Each client on your wireless network has to be configured with exactly the
same passphrase as the one entered in the Ericsson W3x in order to allow
encrypted data transmission.
A WPA or WPA2 passphrase is case sensitive (distinguish between
uppercase and lowercase letters) and consists of between 8 and 63
characters. It is recommended that the passphrase contains at least 20
characters.
Enter a passphrase in the “Passphrase / Key” field and click
Apply
to save
the settings.
Note:
Avoid using special characters (such as :, “ and ¤) when entering a
passphrase.
3.6.9
Connected Devices
The “CONNECTED DEVICES” list on the
Wireless LAN
page includes the
MAC (Media Access Control) addresses of all wireless clients currently
connected to the Ericsson W3x.
3.6.10
Whitelist
A common method of restricting WLAN access is to specify the MAC
address(es) in a “whitelist” for those computers to be granted access to the
WLAN. This kind of whitelist is also known as “MAC Association” or “MAC
Access list”.
Up to 20 MAC addresses for wireless clients can be added to the whitelist.
Once the whitelist has been enabled, only clients with an associated MAC
address are allowed to connect to the WLAN.
Note:
This feature does not require any configuration of clients, but it is
recommended that some kind of encryption (WEP, WPA/WPA2) is
used in combination with the whitelist.
Page 52 / 98
Configuration and Management
46
1/1551-CRH 102 168 Uen Rev A
2008-12-16
3.6.10.1
Add Client(s) to the Whitelist
To add a client to the whitelist, you can either copy/paste a MAC address
from the “CONNECTED DEVICES” list or type the client’s MAC address in
the field below “WHITELIST” and click
Add
.
The MAC address has the form of xx:xx:xx:xx:xx:xx, where x is a
hexadecimal number (0-9 and/or letters a-f), for example
00:80:37:8c:10:46.
Check “Enable whitelist” to activate the feature and click
Apply
to save the
settings.
To delete a MAC address from the whitelist, click the
Delete
button next to
the MAC address to delete.
3.6.10.2
Find a Wireless Client MAC Address
The MAC address for a WLAN adapter is normally found on the product
label. For internal wireless PCI cards running on Windows platform, the
command
ipconfig /all
(run from a Command Prompt window) can be
used to display the MAC address (displayed as “Physical Address” against
the network adapter). For example:
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Connected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG
Physical Address. . . . . . . . . : 00-19-D2-39-14-54
DHCP Enabled . . . . . . . . . . .: Yes
Autoconfiguration Enabled . . . . : Yes
Page 53 / 98
Configuration and Management
1/1551-CRH 102 168 Uen Rev A
2008-12-16
47
3.7
NAT
The Ericsson W3x includes a NAT (Network Address Translation) service.
With this service several computers on a LAN/WLAN can share the same
Internet connection using a single public IP address.
Devices on the LAN/WLAN use dedicated private IP addresses, which
cannot be used on the Internet. When a computer on the LAN/WLAN want
to send a data package to the Internet, its IP address is automatically
translated by NAT to an external (public) IP address allowed on the
Internet. When a reply receives to this external IP address, it is translated
back to the origin private IP address to be able to found its way back to the
sending computer on the LAN/WLAN.
In this way, details about the local devices remain private and it is not
possible to access a local computer on the LAN/WLAN directly from the
Internet.
The
NAT
page includes the following settings:
Figure 37 - NAT page
Page 54 / 98
Configuration and Management
48
1/1551-CRH 102 168 Uen Rev A
2008-12-16
3.7.1
UPnP IGD
The Ericsson W3x supports the Universal Plug and Play (UPnP) Internet
Gateway Device (IGD) standard. UPnP IGD is used to provide automatic
port forwarding allowing communication between certain Internet
applications and the local network. When UPnP IGD is enabled, programs
like MSN Messenger
®
and most network enabled games are allowed to
pass the NAT service.
UPnP IGD is enabled by default, but if you want to disable the feature, clear
the “Enable UPnP IGD”
check box and click
Apply
to save the settings.
3.7.2
Application Level Gateways
From a security perspective, certain Internet applications, for example FTP
applications that open additional ports upon transfer, are especially
problematic to handle. An Application Level Gateway (ALG) provides a
translation and transportation service for such a specific application.
Incoming data packets are checked against existing NAT and packet
filtering rules, IP addresses are evaluated and a detailed packet analysis is
performed. If necessary, the contents of a packet are modified and if a
secondary port is required, the ALG will open one. The Ericsson W3x
includes ALG support for the following applications:
Table 17 - ALG Supported Applications
Application
Protocol
Port
number
File Transfer Protocol (FTP)
TCP
21
Trivial File Transfer Protocol (TFTP)
UDP
69
Point-to-Point Tunneling Protocol (PPTP)
TCP/UDP
1723
Session Initiation Protocol (SIP)
TCP/UDP
5060
Real Time Streaming Protocol (RTSP)
TCP/UDP
554
The ALG for each application does not require additional configuration. The
supported ALGs can be enabled and disabled individually.
To disable an ALG, clear the corresponding check box and click
Apply
to
save the settings.
Page 55 / 98
Configuration and Management
1/1551-CRH 102 168 Uen Rev A
2008-12-16
49
3.7.3
Port Forwarding
Port forwarding is used to allow an external user to access a service
residing on a server connected to the LAN (to cross the NAT border). It
enables access to servers on the LAN from the Internet (e.g. Web server)
and also enables applications to work from the LAN (e.g. games, voice and
chat) to the Internet.
Note:
Port forwarding requires
that the Ericsson W3x has a public IP
address for Port Forwarding requests from the Internet to be
handled correctly.
This IP address is displayed on the
Overview
page as the
“Internet: IP address”. A private IP address usually begins with
10
,
172
, or
192
. In this case, no incoming access from the Internet is
allowed. For more information on public and private IP addresses,
contact your service provider.
When a computer on the Internet sends data to the public IP address of the
Ericsson W3x, it needs to know what to do with the data. A port forwarding
rule tells the Ericsson W3x which computer on the local area network to
send the data to.
The “PORT FORWARDING” section on the
NAT
page includes the
following information about port forwarding rules:
Table 18 - Port Forwarding description
Text
Description
NAT Port
The NAT port number that the data traffic is allowed
to be transported on.
Server IP
The IP address of the destination server on the LAN.
Server Port
The port number on the destination server which
identifies the type of service that is directed, for
example web service on port 8080.
Protocol
The protocol to be used for the service; TCP or
UDP.
Delete
Click on the button to delete the port forwarding rule.
Edit
Click on the button to edit the port forwarding rule.
3.7.3.1
Add a Port Forwarding Rule
To add a new port forwarding rule, click the
Add Instance
button. The
Add
Port forwarding Instance
page is displayed:

Rate

4.5 / 5 based on 2 votes.

Popular Ericsson Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top