1. Home
    2. /
  2. Manuals
    3. /
  3. Microsoft
    4. /
  4. MN-700
    5. /
  5. 5
Page 21 / 31 Scroll up to view Page 16 - 20
MN-700 Base Station Configuration Guide
21
The following procedure describes how to change the base station to access point mode after you have already set
up your network. If you are adding the base station to an existing network, and you want to set it to access point
mode, see Chapter 3, “Custom Setup” of the printed
User’s Guide
for detailed instructions.
To change the base station to access point mode
1.
Open the Base Station Management Tool, and click
Security
.
2.
From the
Security
menu, click
Base Station Mode
.
3.
On the
Base Station Mode
page, click the
Access Point
radio button.
4.
If you have not already established a name for your base station, type a name in the
Base station name
text
box. Do not use the default name of MN-700.
5.
Click
Apply
. When you switch the base station from router mode to access point mode, the base station resets.
While the reset is in progress, the Power light on the base station turns orange. When the light is solid green, the
reset is complete.
Firewall
The Broadband Networking Wireless Base Station provides a firewall to protect your network against malicious
transmissions. Just as the name implies, a firewall acts as a barrier or buffer zone between your local network and
the Internet. It checks data packets that are being transmitted to your network and discards any suspicious data.
The firewall is enabled by default, but you can choose to disable the firewall rule that blocks ping and other Internet
Control Message Protocol (ICMP) commands.
Block Ping Commands
The base station firewall is configured to discard network ping commands. A ping command is like a short
conversation between a device on the WAN and your base station. When a device on the WAN sends a ping
command, the base station responds.
When ping commands are blocked, the base station does not respond to a ping initiated from the WAN. This
security mechanism hides your network from hackers who might be pinging random IP addresses to see where they
get a response. A response verifies your network location, and a hacker can then use this information to send
malicious communications to your network.
In general, it is a good idea to discard ping commands sent from the WAN. You should only disable this firewall rule
under the following circumstances:
O
When your ISP needs to ping your network to ensure that the connection is still valid.
O
When you or another person needs to check your Internet connection from an external network. For example,
you might want to do this to make sure that you can access your Web server.
O
When you are playing games on the Internet, and other players need to verify your network location and
connection speed.
To disable block ICMP commands rule
1.
Open the Base Station Management Tool, and then click
Security
.
2.
On the
Security
menu, click
Firewall
.
3.
Clear the
Block ICMP Commands
check box.
4.
To disable the rule, click
Apply
.
Port Forwarding
You can configure the data ports on your base station to run programs that have special network requirements or to
host a server on your network. This configuration process is called port forwarding.
Port forwarding involves the configuration of data ports, which are logical programmatic elements. Do not confuse
data ports with the physical ports on your base station.
To run a program that sends and receives data on different ports, you must configure application-triggered port
forwarding. To host a server, you must configure persistent port forwarding.
For more information about ports and their role in data transmission, read the following section, “About Ports.”
Page 22 / 31
MN-700 Base Station Configuration Guide
22
About Ports
Data ports play an important role in data transmission.
Many different types of data are transmitted across a network, and certain types of data must pass out of certain
ports. The data type is identified by the protocol, or rules, that it follows. Typically, the data protocol determines the
ports to which the data is passed. For example, when you download files by using the File Transfer Protocol (FTP),
the request goes to outbound port 21, and the response returns to inbound port 20.
As a security feature, the Microsoft base station only opens inbound ports when data is transmitted from one of the
computers or other devices on your local network to the corresponding outbound port.
By keeping the inbound ports closed, the base station protects your networked computers from unsolicited traffic
from the Internet. A computer on the wide area network cannot initiate communication with your computers.
In certain situations, however, you may need to change the port configuration of the base station.
To run a program that uses a different port for inbound traffic than for outbound traffic, you may need to configure
application-triggered port forwarding.
To host a server on your network that receives unsolicited data requests from the Internet, you must configure
persistent port forwarding.
Application-Triggered Port Forwarding
Some applications, such as Internet games and videoconferencing, require multiple ports for data transmission.
For example, when you download files by using the File Transfer Protocol (FTP), the data requests go out through
port 21, and responses return through port 20.
These multiple port transmissions might cause problems when NAT is enabled on your base station, because the
NAT service anticipates that data sent to one port will return to the same port.
To run a program that uses a different port for inbound traffic than for outbound traffic, you may need to configure
application-triggered port forwarding.
The following illustration shows the Application-Triggered Port Forwarding page of the Base Station
Management Tool.
Page 23 / 31
MN-700 Base Station Configuration Guide
23
The Broadband Networking Wireless Base Station has been configured to accommodate some common
application protocols that require multiple ports, including FTP, Simple Mail Transfer Protocol (SMTP), and Post
Office Protocol 3 (POP3).
To configure application-triggered port forwarding for other applications that require multiple ports, you must
specify the following information:
O
The outbound port from which data following a particular protocol will be sent.
O
The inbound port or ports to which related data will return.
O
The protocol, or “trigger type” used when data is sent from the outbound port.
O
The protocol, or “public type,” used when data is returned to the inbound port.
Essentially, you are telling the base station how to direct traffic across the networks. The inbound ports that you
specify will open only when data is sent to the corresponding outbound port. These ports will close again after a
certain amount of time has elapsed with no data sent to the inbound port.
You can set ranges of ports, multiple ports, and combinations of single and multiple ports for the inbound ports.
To identify the protocol that an application uses and the ports to which the data should be sent, consult the
documentation for that application.
To establish application-triggered port forwarding
1.
Open the Base Station Management Tool, and then click
Security
.
2.
On the
Security
menu, click
Port Forwarding
, and then click
Set up application-triggered port forwarding
.
3.
In the
Description
box, type a description of the application that you want to enable.
4.
In the
Outbound port
box, type the number of the outbound port. The outbound port should be a number from 0
through 65535. To determine which port the application uses, consult the documentation for the application.
5.
In the
Trigger type
drop-down list box, click the protocol that the outbound data uses. This protocol should be
specified in the documentation for the application.
6.
In the
Inbound port(s)
box, type the inbound port. The inbound port can be a single port or a comma-separated list of
ports or port ranges. For example, you could type
4-25
, or
243
, or
10, 24-50, 74
. You are limited to 256 characters.
7.
In the
Public type
drop-down list box, click the protocol that the inbound data uses. The protocol should be
specified in the documentation for the application.
8.
To add this application to your list of applications, click
Add
. You can now enable, disable, edit, or delete the
application triggered port forwarding you have set up.
If an application does not function correctly after you enable multiple ports, check the documentation for the
application to verify that you are specifying the correct ports. If you have set the correct ports and the application
still does not function properly, you might need to establish a virtual DMZ on one of the client computers on your
network to run the application. For more information, see “Virtual DMZ (demilitarized zone)”
Persistent Port Forwarding
When you host a server on your network—for example, a Web or FTP server—you must configure the base station to
perform persistent port forwarding.
Persistent port forwarding is similar to application-triggered port forwarding in that you are opening inbound ports to
allow particular types of data or data requests to be sent from the Internet to one of the networked computers. The
difference is that you are opening these inbound ports permanently, rather than configuring them to open only
when there is data sent to an outbound port. In addition, you are directing all data sent to that port to a particular
computer on your local network.
For example, if you set up a Web server on one of the computers on your network, you must direct unsolicited
requests sent to Transmission Control Protocol (TCP) Port 80, which handles Hypertext Transfer Protocol (HTTP) or
Web data, to that computer. An unsolicited request is any data communication that is not initiated by a computer
on your local network.
Although not required, it is recommended that you assign a static (fixed) IP address to the computer that will host the
server on your network. For more information about assigning a static IP address, see Broadband Network Utility Help.
Page 24 / 31
MN-700 Base Station Configuration Guide
24
To establish persistent port forwarding, you need the following information:
O
The IP address of the computer that you want to use as a server on your local network. If you have not assigned
a static IP address to this computer, you can determine its IP address by checking the DHCP client list on the
Home
page of the Base Station Management Tool.
O
The inbound and private port numbers and protocol that correspond to the type of data that your server handles.
To configure persistent port forwarding
1.
Open the Base Station Management Tool, and then click
Security
.
2.
On the
Security
menu, click
Port Forwarding
, and then click
Set up persistent port forwarding
.
3.
In the
Description
box, type a description of the server field. (This step is optional.)
4.
In the
Inbound port
box, type the inbound port to which data packets sent from the Internet to the server will be
passed. The inbound port can be a single port or a range of ports. The port range cannot exceed 100 ports.
5.
In the
Type
box, select the protocol (UDP or TCP) for the port.
6.
In the
Private IP address
box, type the private IP address of the client computer that is hosting the server.
7.
In the
Private port
boxes, type the private port or port range. The private port range must include the same
number of ports as the inbound port range.
8.
To add this server to your list of servers, click
Add
. You can now enable, disable, edit, or delete the persistent
port forwarding that you have set up for this server.
Virtual DMZ (demilitarized zone)
In certain situations, you might want to set up a virtual DMZ (demilitarized zone) on one of the clients on your
network. When you establish a DMZ, you essentially open all inbound ports and direct the base station to forward
certain inbound data packets (those that are not in response to a transmission initiated by a LAN client and not
handled through application-triggered or persistent port forwarding) to a particular computer on your LAN. This
computer becomes the DMZ host.
A DMZ host is useful for experimenting with new games on the Internet or for setting up a server on your network
before you know which ports to open for that server.
However, you should use a DMZ only in very specific situations. The computer that hosts the DMZ is fully exposed to
the Internet, and is thus susceptible to malicious attacks and unauthorized access.
Unlike a real DMZ, the virtual DMZ is a client on your network and therefore has access to the other computers
on your LAN. If a hacker were to upload a virus to the virtual DMZ, the virus could spread to all the computers on
your network.
You should assign a static IP address to the computer that you will use as your virtual DMZ. For information about
how to assign a static IP address to a computer on your network, see Broadband Network Utility Help.
To establish a virtual DMZ
1.
Open the Base Station Management Tool, and then click
Security
.
2.
On the
Security
menu, click
Virtual DMZ (Demilitarized Zone)
.
3.
Select the
Enable Virtual DMZ
check box.
4.
In the text box, type the IP address assigned to the computer that will host the virtual DMZ.
5.
To save your changes, click
Apply
.
Page 25 / 31
MN-700 Base Station Configuration Guide
25
MAC Filtering
You can increase the security on your network by using MAC filtering. MAC filtering enables you to control wireless
access to network resources, including your Internet connection and shared files and printers. You can configure
the base station to permit or deny a wireless client access to network resources based on the MAC address of the
adapter that the client uses. MAC filtering can only prevent computers from making a wireless connection to your
network; it does not affect computers with an Ethernet connection to your network.
Note
A MAC address is a unique alphanumeric identifier for a hardware device, such as a base station or adapter. You
can find the MAC address for your Microsoft base station and any Microsoft network adapters you are using printed on
the label of each device.
You have two options for implementing MAC filtering. You can:
O
Allow unspecified MAC addresses.
This is a good option when you know the MAC addresses of the computers
or other devices that you do not want to access your network. Any device whose MAC address you do not specify
will be able to connect to your network with the appropriate wireless settings.
O
Deny unspecified MAC addresses.
This is a good option if you want to enforce the highest security level on your
network, because it helps to prevent unknown wireless clients from being able to join your network. Only the
clients to which you specifically grant permission can connect to the base station and use your network
resources.
The following illustration shows that MAC Filtering page of the Base Station Management Tool.

Rate

4 / 5 based on 1 vote.

Popular Microsoft Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top