Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3

Network, Routing, Firewall, and Basics

B-11

202-10090-01, April 2005

Stateful Packet Inspection

Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to

ensure secure firewall filtering to protect your network from attacks and intrusions. Since

user-level applications such as FTP and web browsers can create complex patterns of network

traffic, it is necessary for the firewall to analyze groups of network connection states. Using

Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then

analyzed for state-related information associated with all network connections. A central cache

within the firewall keeps track of the state information associated with all network connections.

All traffic passing through the firewall is analyzed against the state of these connections in order to

determine whether or not it will be allowed to pass through or rejected.

Denial of Service Attack

A hacker may be able to prevent your network from operating or communicating by launching a

Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely

flooding your site with more requests than it can handle. A more sophisticated attack may attempt

to exploit some weakness in the operating system used by your router or gateway. Some operating

systems can be disrupted by simply sending a packet with incorrect length information.

Ethernet Cabling

Most Ethernet networks now use unshielded twisted pair (UTP) cabling. UTP cable has eight

wires arranged in four twisted pairs, and terminated with an RJ45 connector. Normal straight-

through UTP Ethernet cable follows the EIA568B standard as described in

Table B-1

.

Table B-1.

UTP Ethernet cable wiring, straight-through

Pin

Wire color

Signal

1

Orange/White

Transmit (Tx) +

2

Orange

Transmit (Tx) -

3

Green/White

Receive (Rx) +

4

Blue

5

Blue/White

6

Green

Receive (Rx) -

7

Brown/White

8

Brown

Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3

B-12

Network, Routing, Firewall, and Basics

202-10090-01, April 2005

Category 5 Cable Quality

Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a

maximum of 328 feet (ft.) or 100 meters (m) in length, divided as follows:

20 ft. (6 m) between the hub and the patch panel (if used)

295 ft. (90 m) from the wiring closet to the wall outlet

10 ft. (3 m) from the wall outlet to the desktop device

The patch panel and other connecting hardware must meet the requirements for 100 Mbps

operation (Category 5). Only 0.5 inch (1.5 cm) of untwist in the wire pair is allowed at any

termination point.

A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low

quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be rated as Category 5, or

Cat 5, by the Electronic Industry Association (EIA). This rating will be printed on the cable jacket.

A Category 5 cable will meet specified requirements regarding loss and crosstalk. In addition,

there are restrictions on maximum cable length for both 10 and 100 Mbits/second networks.

Inside Twisted Pair Cables

For two devices to communicate, the transmitter of each device must be connected to the receiver

of the other device. The crossover function is usually implemented internally as part of the

circuitry in the device. Computers and workstation adapter cards are usually media-dependent

interface ports, called MDI or uplink ports. Most repeaters and switch ports are configured as

media-dependent interfaces with built-in crossover ports, called MDI-X or normal ports.

Auto

Uplink technology automatically senses which connection, MDI or MDI-X, is needed and makes

the right connection.

Figure B-1

illustrates straight-through twisted pair cable.

Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3

Network, Routing, Firewall, and Basics

B-13

202-10090-01, April 2005

Figure B-1:

Straight-Through Twisted-Pair Cable

Figure B-2

illustrates crossover twisted pair cable.

Figure B-2:

Crossover Twisted-Pair Cable

Figure B-3:

Category 5 UTP Cable with Male RJ-45 Plug at Each End

Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3

B-14

Network, Routing, Firewall, and Basics

202-10090-01, April 2005

Note

: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone

cable results in excessive collisions, causing the attached port to be partitioned or disconnected

from the network.

Uplink Switches, Crossover Cables, and MDI/MDIX Switching

In the wiring table above, the concept of transmit and receive are from the perspective of the PC,

which is wired as Media Dependant Interface (MDI). In this wiring, the PC transmits on pins 1 and

2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2. This wiring is

referred to as Media Dependant Interface - Crossover (MDI-X).

When connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be

exchanged with the receive pair. This exchange is done by one of two mechanisms. Most hubs

provide an Uplink switch which will exchange the pairs on one port, allowing that port to be

connected to another hub using a normal Ethernet cable. The second method is to use a crossover

cable, which is a special cable in which the transmit and receive pairs are exchanged at one of the

two cable connectors. Crossover cables are often unmarked as such, and must be identified by

comparing the two connectors. Since the cable connectors are clear plastic, it is easy to place them

side by side and view the order of the wire colors on each. On a straight-through cable, the color

order will be the same on both connectors. On a crossover cable, the orange and blue pairs will be

exchanged from one connector to the other.

The WGT624 v3 wireless router incorporates Auto Uplink

TM

technology (also called MDI/MDIX).

Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the

port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g.

connecting to a router, switch, or hub). That port will then configure itself to the correct

configuration. This feature also eliminates the need to worry about crossover cables, as Auto

Uplink

TM

will accommodate either type of cable to make the right connection.

Preparing Your Network

C-1

202-10090-01, April 2005

Appendix C

Preparing Your Network

This appendix describes how to prepare your network to connect to the Internet through the

WGT624 v3 108 Mbps Wireless Firewall Router and how to verify the readiness of broadband

Internet service from an Internet service provider (ISP).

Preparing Your Computers for TCP/IP Networking

Computers access the Internet using a protocol called TCP/IP (Transmission Control Protocol/

Internet Protocol). Each computer on your network must have TCP/IP installed and selected as its

networking protocol. If a Network Interface Card (NIC) is already installed in your PC, then TCP/

IP is probably already installed as well.

Most operating systems include the software components you need for networking with TCP/IP:

•

Windows

®

95 or later includes the software components for establishing a TCP/IP network.

•

Windows 3.1 does not include a TCP/IP component. You need to purchase a third-party TCP/

IP application package such as NetManage Chameleon.

•

Macintosh Operating System 7 or later includes the software components for establishing a

TCP/IP network.

•

All versions of UNIX or Linux include TCP/IP components. Follow the instructions provided

with your operating system or networking software to install TCP/IP on your computer.

Note:

If an ISP technician configured your computer during the installation of a

broadband modem, or if you configured it using instructions provided by your ISP, you

may need to copy the current configuration information for use in the configuration of

your firewall. Write down this information before reconfiguring your computers. Refer

to

“Obtaining ISP Configuration Information for Windows Computers

” on

page C-19

or

“Obtaining ISP Configuration Information for Macintosh Computers

” on

page C-20

for

further information.