User manual E-TECH WMRT01 MANUAL ADVANCED

[. . . ] User's Manual Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission. Trademarks All products, company, brand names are trademarks or registered trademarks of their respective companies. Specifications are subject to be changed without prior notice. FCC Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against radio interference in a commercial environment. This equipment can generate, use and radiate radio frequency energy and, if not installed and used in accordance with the instructions in this manual, may cause harmful interference to radio communications. [. . . ] This key value is consistent with the key value in the RADIUS server. WDS(Wireless Distribution System) WDS operation as defined by the IEEE802. 11 standard has been made available. Using WDS it is possible to wirelessly connect Access Points, and in doing so extend a wired infrastructure to locations where cabling is not possible or inefficient to implement. How to setup and work: AP 1: IP:192. 168. 123. 254 Mac:00-50-18-00-0f-fe SSID: Default Channel:11 DHCP Server: Enable 28 AP2: IP:192. 168. 123. 253 Mac:00-50-18-00-0f-fd SSID: Default Channel: 11 AP3: IP:192. 168. 123. 252 Mac:00-50-18-00-0f-fc SSID: Default Channel:11 Blue Line: Wireless Black Line: Wire If the Settings are ok, the client1 and client2 can get IP from DHCP server. Of AP1. Then Client1 and Client2 can get information each other. AP1 Setting: AP1 AP1 AP2 (Remote Mac: 00-50-18-00-0f-fd) AP3 (Remote Mac: 00-50-18-00-0f-fc) 29 AP2 Setting: AP2 AP1 (Remote Mac: 00-50-18-00-0f-fe) AP3 Setting AP3 AP1 (Remote Mac: 00-50-18-00-0f-fe) 30 3. 4. 4 Change Password You can change Password here. We strongly recommend you to change the system password for security reason. 31 3. 5 Forwarding Rules 3. 5. 1 Virtual Server 32 This product's NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this product are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. A virtual server is defined as a Service Port, and all requests to this port will be redirected to the computer specified by the Server IP. Virtual Server can work with Scheduling Rules, and give user more flexibility on Access control. For Detail, please refer to Scheduling Rule. For example, if you have an FTP server (port 21) at 192. 168. 123. 1, a Web server (port 80) at 192. 168. 123. 2, and a VPN server at 192. 168. 123. 6, then you need to specify the following virtual server mapping table: Service Port 21 80 1723 Server IP 192. 168. 123. 1 192. 168. 123. 2 192. 168. 123. 6 Enable V V V 33 3. 5. 2 Special AP Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT router. The Special Applications feature allows some of these applications to work with this product. If the mechanism of Special Applications fails to make an application work, try setting your computer as the DMZ host instead. Incoming Ports: when the trigger packet is detected, the inbound packets sent to the specified port numbers are allowed to pass through the firewall. This product provides some predefined settings Select your application and click Copy to to add the predefined setting to your list. Note!At any given time, only one PC can use each Special Application tunnel. 34 3. 5. 3 Miscellaneous Items IP Address of DMZ Host DMZ (DeMilitarized Zone) Host is a host without the protection of firewall. It allows a computer to be exposed to unrestricted 2-way communication for Internet games, Video conferencing, Internet telephony and other special applications. Non-standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21. This setting will be lost after rebooting. 35 3. 6 Security Settings 36 3. 6. 1 Packet Filter Packet Filter enables you to control what packets are allowed to pass the router. However, Inbound filter applies on packets that destined to Virtual Servers or DMZ host only. Deny all to pass except those match the specified rules You can specify 8 rules for each direction: inbound or outbound. For each rule, you can define the following: Source IP address Source port address Destination IP address Destination port address Protocol: TCP or UDP or both. Use Rule# · · · · · · For source or destination IP address, you can define a single IP address (4. 3. 2. 1) or a range of 37 IP addresses (4. 3. 2. 1-4. 3. 2. 254). [. . . ] Set authentication type of wireless client and RADIUS server both to EAP_TLS. The DUT will send the user's certificate to the RADIUS server, and then send the message of authentication result to PC1. Windows XP will prompt that the authentication process is success or fail and end the authentication procedure. Terminate the test steps when PC1 get dynamic IP and PING remote host successfully. 76 Figure 4: Certificate information on PC1 Figure 5: Authenticating 77 Figure 6: Authentication success 4. 2 DUT authenticate PC2 using PEAP-TLS. [. . . ]