MicroNet SP881B User manual

  • Hello! I am an AI chatbot trained to assist you with the MicroNet SP881B User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Users Manual
Broadband VPN Firewall
Model No.: SP881B
World Wide Web: www.micronet.com.tw ; www.micronet.info
Contents
1.
INTRODUCTION .....................................................................................................1
1.1. PACKAGE CONTENTS ............................................................................................1
1.2. KEY FEATURES.....................................................................................................1
2. PHYSICAL DESCRIPTION....................................................................................3
3. BASIC SETUP ...........................................................................................................4
3.1. REQUIREMENTS ....................................................................................................4
3.2. HARDWARE INSTALLATION ..................................................................................4
3.3. IP CONFIGURATION ..............................................................................................4
3.4. QUICK SETUP........................................................................................................6
3.5. CONFIGURE USER PC..........................................................................................10
3.5.1. Windows User............................................................................................10
3.5.2. Macintosh User..........................................................................................11
3.5.3. Linux User .................................................................................................11
3.6. DMZ PORT .........................................................................................................12
4. WEB-BASED MANAGEMENT INTERFACE....................................................14
4.1. HOST IP SETUP ...................................................................................................14
4.2. ARP STATUS ......................................................................................................16
4.3. ROUTING.............................................................................................................16
4.4. VIRTUAL SERVER................................................................................................18
4.5. SPECIAL APPLICATION........................................................................................20
4.6. DYNAMIC DNS...................................................................................................21
4.7. MULTI DMZ.......................................................................................................22
4.8. UPNP..................................................................................................................23
4.9. NAT...................................................................................................................24
4.10. ADVANCED FEATURES........................................................................................27
4.11. SECURITY MANAGEMENT ...................................................................................30
4.11.1. URL Filter..................................................................................................30
4.11.2. Access Filter...............................................................................................31
4.11.3. Session Limit..............................................................................................32
4.11.4. System Filter Exception.............................................................................33
4.12. VPN CONFIGURATION........................................................................................34
4.12.1. IPSec Global Setting..................................................................................35
4.12.2. VPN Policy Setup......................................................................................36
4.12.3. IPSec Policy Option...................................................................................39
4.13. QOS CONFIGURATION.........................................................................................40
4.13.1. QoS Policy Option.....................................................................................41
4.14. BANDWIDTH MANAGEMENT...............................................................................42
4.14.1. Bandwidth Policy.......................................................................................43
4.15.
MANAGEMENT ASSISTANT .................................................................................44
4.15.1. Admin Password Screen ............................................................................44
4.15.2. Email Alert.................................................................................................44
4.15.3. SNMP.........................................................................................................45
4.15.4. SysLog.......................................................................................................46
4.15.5. Upgrade Firmware .....................................................................................47
4.16. NETWORK INFORMATION....................................................................................48
4.16.1. System Status.............................................................................................48
4.16.2. Restore Factory Defaults............................................................................50
4.16.3. WAN Status...............................................................................................50
4.16.4. NAT Status.................................................................................................51
5. APPENDIX...............................................................................................................53
5.1. APPENDIX A: TECHNICAL SPECIFICATION...........................................................53
5.2. APPENDIX B: SETTING UP BANDWIDTH CONTROL ..............................................54
5.3. APPENDIX C: USING REMOTE WEB-BASED SETUP..............................................56
1
1. Introduction
Micronet SP881B, Broadband VPN Firewall, delivers a complete broadband solution for both Cable and
DSL connections. It comes equipped with one WAN port and incorporates a four 10/100Mbps ports
switching hub. Supported connection methods include Fixed IP, Dynamic IP, PPPoE and PPTP.
Security is intact by the in-built firewall with support of a hardware DMZ. Other security protections
include: Special Applications, Virtual Servers, Multiple DMZ, Access Filter, URL Filter and VPN Pass-
Through. It is ideal for small-to-medium enterprise who emphasizes on Internet safety for its network
core.
1.1. Package Contents
y SP881B Broadband VPN Firewall
y Quick Installation Guide
y Manual CD
y Power Adapter
y RJ-45 Ethernet Cable
1.2. Key Features
y Shared Broadband Internet Access
All LAN users can access the Internet through the SP881B Firewall Router by a
single Broadband modem and connection.
y Supports all common Connection Methods
All popular DSL and Cable Modems and connection methods are supported,
including Fixed IP, Dynamic IP, PPPoE, and PPTP.
y PPPoE Session Management
Multiple PPPoE sessions are supported and users can choose to “map” sessions to
individual PC.
y Multiple IP Address Support
If ISP allocates user with multiple IP addresses, these are also supported and user
can “map” IP addresses to individual PC.
y Special Applications
This feature allows user to use some non-standard applications, where the port
number used for the response is different to the port number used by the sender.
y Virtual Servers
This feature allows Internet users to access Internet servers on LAN. For standard
servers such as Web, FTP or E-Mail servers, only the IP address of the server PC is
2
required. Users can also define their own server types if required.
y Multiple DMZ
A "DMZ" PC will receive incoming connection requests, which would otherwise be
blocked. For each IP address allocated by ISP, a separate "DMZ" PC can be
specified. So if your ISP has given you multiple IP addresses, you can have multiple
“DMZ” PCs. Each “DMZ” PC has unrestricted 2-way Internet access, providing the
ability to run programs that are otherwise incompatible with NAT routers like the
SP881B Firewall Router.
y Access Filter
The network Administrator can use the Access Filter to gain fine control over the
Internet access and applications available to LAN users. Five (5) user groups are
available, and each group can have different access rights.
y URL Filter
Use this feature to block access to undesirable websites. Users can even have
different settings for different groups of PC.
y Session Limit
With Session Limit feature, if the numbers of new sessions for system exceed the
maximum in the sampling time, any new session will be drop.
y System Filter Exception
With System Filter Exception, the packets will not be processed by firewall or NAT
module, but be processed directly by system protocol stack.
y VPN ( Virtual Private Network)
Support up to 20 VPN tunnels for VPN connection. It also supports IPSec and
PPTP Pass-Through.
2. Physical Description
Front View
Rear View
Component Description
DC 5V
Connect the supplied power adapter in the power
slot.
Reset Button
When pressed and released for 1 second, the
SP881B Firewall Router will reboot (restart). For
resets to default, please press the button over 3
seconds.
LAN Ports
Connect the PCs to these ports. Both 10BaseT and
100BaseT connections can be used simultaneously.
Any port will automatically operate as an "Uplink" port
if required. Just use a normal LAN cable to connect to
a normal port on another hub.
WAN
Connect the primary Broadband Modem in the WAN
port.
DMZ
Connect to local host (PC) or hub on this hardware
DMZ port.
LED Status Operation
On Power is on POWER
Off Power is off
On
Firmware not loaded or
Hardware Error
Off Normal Operation
Status
Blinking Data In/Out
Green 100BaseT Detected
Orange 10BaseT Detected
LINK/ACT
(WAN/LAN)
Off No connection
Other LED Indications
y WAN Link/Act LED continuous Flash: MAC address not assigned.
y WAN Link/Act LED solid On: SDRAM error.
y LAN1 Link/Act LED solid On: Timer/Interrupt error.
3
3. Basic Setup
3.1. Requirements
y The DSL or Cable modems, each with an Internet Access account with an ISP.
y Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors
y TCP/IP network protocol must be installed on all PCs.
3.2. Hardware Installation
1. Ensure both SP881B and Cable/DSL modem are switched off. Leave the modem
connected to their data line.
2. Connect the modem to the WAN port of the SP881B Broadband Router using a RJ-45
Ethernet Cable.
3. Connect PC to the SP881B Broadband Router via one of the LAN port using a RJ-45
Ethernet Cable.
4. Connect the provided power adapter on SP881B’s Adapter port and power on both modem
and router.
5. Check the LEDs to verify successful connection.
The power LED should be on.
WAN LED should be on if it is connected to a modem.
The Error LED will light up during startup then turns off. If the LED remains on,
there will be error in your setup. Please recheck steps above.
For each LAN port that is connected, its corresponding LED will light up to indicate
successful connection and traffic for the port.
3.3. IP Configuration
Follow the steps below to configure and set up Broadband Router. A computer with wired Ethernet
connection to the wireless router is required for first time configuration. PC/Notebook must belong in the
same IP range and subnet. Follow the steps below to configure IP settings for LAN PC.
4
Step 1. In the control panel, double click on Network Connections. Double click on the local area
connection (e.g. LAN). The following screen will appear. Highlight ‘Internet Protocol (TCP/IP)’ and click
on ‘Properties’.
Step 2. Select ‘Obtain an IP address automatically’ and ‘Obtain DNS server address automatically’, then
click <OK>.
Step 3. In DOS command, type ‘ipconfig’ to view information on LAN connection. Ensure the IP address
and subnet mask are on the same subnet as the router.
5
Default Values
IP Address 192.168.1.1
Subnet Mask 255.255.255.0
Username ‘admin’
Password Leave the password field blank
3.4. Quick Setup
SP881B is embedded with http sever and provides a series of web pages, which display the
configuration and status of the system. After configuration of IP, the management interface can be
access by entering the IP address of the router into the browser.
Step 1. Login page will appear to prompt users to enter the username and password.
Step 2. After correctly entering the login details, the following interface will appear. Please enter new
password details and press <Submit>.
6
Step 3. Select LAN & DHCP from the menu. Users will see a screen like the example below.
Component Description
LAN IP
Configuration
IP address - for the Load Balancer, as seen from the
local LAN. Use the default value unless the address
is already in use or your LAN is using a different IP
address range. In the latter case, enter an unused IP
Address from within the range used by your LAN.
Subnet Mask - The default value 255.255.255.0 is
standard for small (class "C") networks. For other
networks, use the Subnet Mask for the LAN segment
to which the Load Balancer is attached (the same
value as the PCs on that LAN segment).
Optional
Configuration
LAN Any IP – By default is disabled. If you enable
‘LAN Any IP’, that means you can setup local host IP
(static IP) other than device LAN IP segment, and yet
it still can access Internet through NAT.
Alias LAN – When both enable ‘LAN Any IP’ & ‘Alias
LAN’, the LAN segment will give you maximum 5 sets
of LAN segment.
7
8
DHCP
Configuration
DHCP Server Setup - If Enabled, the Load Balancer
will allocate IP Addresses to PCs (DHCP clients) on
your LAN when they start up. The default and
recommended value is ‘Enable’. (Windows systems,
by default, act as DHCP clients. This setting is called
‘Obtain an IP address automatically’.) If you are
already using a DHCP Server, the DHCP Server
setting must be ‘Disabled’. The existing DHCP server
must be set to provide the IP address of the Load
Balancer as the Default Gateway.
Lease Time – It is a finite period of time for a DHCP
server lease an IP address to a client.
DNS Server IP for Client – An IP address of the
default DNS server for the client requesting DHCP
service.
Offered IP Range fields set the values used by the
DHCP server when allocating IP Addresses to DHCP
clients. This range also determines the number of
DHCP clients supported.
DHCP Free List
Free Entry indicates how many DHCP entries are not
currently allocated, and still available. This table
shows the IP addresses which have been allocated
by the DHCP Server function. For each address
which has been allocated, the following information is
shown.
Name – The ‘hostname’ of the PC. In some cases,
this may not be known.
MAC Address – The physical address (network
adapter address) of the PC.
IP Address – The IP address allocated to this PC.
Type – Indicates IP address to be dynamic or static.
Status – If set to ‘Dynamic’, the IP address was
allocated by this DHCP Server. If set to ‘Sniffed’, the
IP address was detected by examining the LAN,
rather than allocated by the DHCP Server. In this
case, the Name is usually not known.
Time Left – The time expired since which IP address
is leased.
Step 4. Enter the WAN connection in the field below. Information like IP details, username and
password can be obtained from ISP. Press <Submit and Reboot> to restart the device.
Component Description
WAN Connection
Check the Connection Type with your ISP, and select
the appropriate option.
Static IP – Select this connection type if your ISP has
provided a Fixed or Static IP address. Then enter the
data into the Address Info fields.
Dynamic IP – Select this if your ISP provides an IP
address automatically when you connect. You can
ignore the Address Info fields.
PPPoE – Select this if your ISP uses this method.
(Usually, your ISP will provide some PPPoE software.
This software is no longer required, and should not
be used.) If this method is selected, you must
complete the PPPoE dialup fields.
PPTP Connection – This is for PPTP users only.
Enter the Username and Password provided by your
ISP. If using PPTP, enable the PPTP Connection
checkbox, and enter the IP address of the PPTP
server. If using the PPTP connection method, select
Static IP or Dynamic IP, as appropriate and according
to the IP address method used by your ISP.
Address Info
This is for Static IP users only. Enter the address
information provided by your ISP. If your ISP
provided multiple IP address, you can use the Multi-
DMZ screen to assign the additional IP addresses.
DNS (Optional for
dynamic IP)
If users are using a Fixed IP address, it is necessary
to enter at least one DNS. If users are using Dynamic
IP or PPPoE, DNS information is optional.
9
10
Optional Host name – This is required by some ISPs. If your
ISP provided a Host Name, enter the detail in this
field. Otherwise, leave it as the default value.
Domain name – This is required by some ISPs. If
your ISP provided a Domain Name, enter the detail in
this field. Otherwise, leave it as the default value.
MAC address – Some ISP records your MAC
address (also called "Physical address" or "Network
Adapter address"). If so, you can enter the MAC
address expected by your ISP in this field. Otherwise,
this should be left at the default value.
3.5. Configure User PC
3.5.1. Windows User
TCP/IP Setting
y By default, the SP881B Firewall Router will act as a DHCP Server, automatically providing a
suitable IP Address (and related information) to each PC when the PC boots.
y For all non-Server versions of Windows, the default TCP/IP setting is to act as a DHCP
client. In Windows, this is called Obtain an IP address automatically. Just start (or restart)
your PC and it will obtain an IP address from the SP881B Firewall Router.
Internet Access
For Windows 9x/2000
1. Select Start Menu - Settings - Control Panel - Internet Options.
2. Select the Connection tab, and click the <Setup> button.
3. Select "I want to set up my Internet connection manually, or I want to connect through a
local area network (LAN)" and click <Next>.
4. Select "I connect through a local area network (LAN)" and click <Next>.
5. Ensure all of the boxes on the following Local area network Internet Configuration screen
are unchecked.
6. Check the "No" option when prompted "Do you want to set up an Internet mail account
now?"
7. Click <Finish> to close the Internet Connection Wizard.
8. Setup is now completed.
For Windows XP
1. Select Start Menu - Control Panel - Network and Internet Connections.
2. Select Set up or change your Internet Connection.
3. Select the Connection tab, and click the <Setup> button.
4. Cancel the pop-up "Location Information" screen.
5. Click “Next” on the "New Connection Wizard" screen.
6. Select "Connect to the Internet" and click <Next>.
11
7. Select "Set up my connection manually" and click <Next>.
8. Check "Connect using a broadband connection that is always on" and click <Next>.
9. Click <Finish> to close the New Connection Wizard.
10. Setup is now completed.
Accessing AOL
To access AOL (America-On-Line) through the SP881B Firewall Router, the AOL for Windows software
must be configured to use TCP/IP network access, rather than a dial-up connection. The configuration
process is as follows:
1. Start the AOL for Windows communication software. Ensure that it is Version 2.5, 3.0 or
later. This procedure will not work with earlier versions.
2. Click the <Setup> button.
3. Select Create Location, and change the location name from "New Locality" to "SP881B
Firewall Router".
4. Click <Edit Location>. Select TCP/IP for the Network field. (Leave the Phone Number
blank.)
5. Click <Save>, then <OK>.
6. Configuration is now complete.
7. Before clicking "Sign On", always ensure that you are using the "SP881B Firewall Router"
location.
3.5.2. Macintosh User
From your Macintosh, you can access the Internet via the SP881B Firewall Router. The procedure is as
follows.
1. Open the TCP/IP Control Panel.
2. Select Ethernet from the Connect via pop-up menu.
3. Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID field can
be left blank.
4. Close the TCP/IP panel, save your settings.
Note: If users are using manually assigned IP addresses instead of DHCP, the required changes are:
y Set the Router Address field to the SP881B Firewall Router’s IP Address.
y Ensure your DNS settings are correct.
3.5.3. Linux User
To access the Internet via the SP881B Firewall Router, it is only necessary to set the SP881B Firewall
Router as the "Gateway", and ensure your Name Server settings are correct. Ensure you are logged in
as "root" before attempting any changes.
By default, most UNIX installations use a fixed IP Address. If you wish to continue using a fixed IP
Address, make the following changes to your configuration.
y Set your Default Gateway to the IP Address of the SP881B Firewall Router.
y Ensure your DNS (Name server) settings are correct.
To act as a DHCP Client (recommended), the procedure below may vary according to your version of
Linux and X -windows shell:
y Start your X Windows client.
y Select Control Panel - Network
y Select the "Interface" entry for your Network card. Normally, this will be called "eth0".
y Click the Edit button, set the "protocol" to "DHCP", and save this data.
y To apply your changes
y Use the "Deactivate" and "Activate" buttons, if available.
y Or, restart your system.
3.6. DMZ Port
SP881B Firewall VPN Link Balancer with one hardware DMZ is implemented through the hardware. The
router has a separate hardware Ethernet port for DMZ. Multiple devices with public IP addresses
assigned by the ISP can be connected. Incoming data for these devices from the Internet will be sent by
the router to the hardware Ethernet port directly.
y The DMZ port is a normal port, not an ‘uplink’ port.
y PCs connected to the DMZ port are on the same LAN segment as PCs connected to the
Hub ports. They must use the same IP address range.
y PCs connected to the DMZ port are not visible to PCs on the hub (LAN) ports. So you
cannot use Microsoft networking or other networking protocols to connect to PCs on the
DMZ.
y PCs connected to the DMZ port still share the WAN port IP address for Internet access.
12
13
Component Description
DMZ Settings DMZ Port – It use a standard LAN cable to connect a
normal port on the other hub.
Associated Interface – WAN1 port is the hardware
DMZ port associated with.
Access From LAN –The local LAN user can access
DMZ port, if this check-box is been checked.
DMZ Broadcast / Outbound – The device that
connects to DMZ port, their packets can be broadcast
to the Internet. If DMZ “Broadcast / Outbound” is
been enabled.
ARP Table – It is a mechanism for viewing ARP
related information.
4. Web-Based Management Interface
4.1. Host IP Setup
This feature is used in the following situations:
y Users have Multi-Session PPPoE, and wish to bind each session to a particular PC on the
LAN.
y Users wish to use the Access Filter feature. This requires that each PC be identified by
using the Host IP Setup screen.
y Users wish to have different URL Block settings for different PCs. This requires that each
PC be identified by using the Host IP Setup screen. (Users do not have to use the Host IP
feature to apply the same URL Block settings to all PCs.)
y Users wish to reserve a particular (LAN) IP address for a particular PC on your LAN. This
allows the PC to use DHCP (Windows calls this "Obtain an IP address automatically") while
gaining the benefits of a fixed IP address. The PC's IP address will never change, so it can
be provided to other people and applications.
14
15
Component Description
Host Network
Identity
Host name (Required) – Enter a suitable name.
Generally, users should use the ‘Hostname’
(computer name) defined on the Host itself.
MAC Address (Required) – Also called Physical
Address or Network Adapter Address. Enter the MAC
address of this host.
MAC Button – Check ARP list for entering MAC
Address.
Select Group – Select the group users wish to put
this host into.
Reserve in DHCP – Select ‘Enable’ to reserve a
particular (LAN) IP address for a particular PC on the
LAN. This allows the PC to use DHCP (Windows
calls this "obtain an IP address automatically") while
having an IP address which never changes.
Reserved IP – Enter the IP address users wish to
reserve, if the setting above is ‘Enable’. Otherwise,
ignore this field.
Block All Access – Enable this checkbox will block
all traffic for this particular local host name.
DHCP List – Check DHCP list for entering DHCP IP
Address.
Host Network
Binding
Bind WAN port/Session – Select ‘Enable’ if users
wish to associate this PC with a particular PPPoE
Session. All traffic for that PC will then use the
selected PPPoE port and session.
Binding Method – Allow users to bind traffic to WAN
port.
Select WAN Port/Select PPPoE session – If the
setting above is ‘Enable’, select the desired port and
session. Otherwise, ignore these settings.
Note: Multiple PPPoE sessions are defined on the
Advanced PPPoE screen.
Host & Group List
This table shows the current bindings.
4.2. ARP Status
This interface is for showing LAN & WAN Address Resolution Protocol (ARP) statistics and information.
Component Description
Arp Statistics
Requests (In / Out) – The numbers of system ARP
sent to requests.
Reply (In / Out) –The numbers of system ARP
replies to.
System Time – System starting time.
Global Arp Ageout Time – Arp time out. By default
is 600 seconds. If set to “0” means no expire.
Arp Table
List all LAN, WAN address resolution and its related
info.
Arp Entry Add /
Update
According to IP and MAC address, add or update a
record to a ARP table
Arp Query Check
Input LAN or WAN IP address to query ARP.
4.3. Routing
This section is only relevant if users’ LAN has other Routers or Gateways.
y If users don't have other Routers or Gateways on the LAN, ignore the Static Routing page
completely.
y If users’ LAN has other Gateways and Routers, configure the Static Routing screen as
described below. Users also need to configure the other Routers.
y If there is an entry or entries in the Routing table with an Index of zero (0), these are System
entries. Users cannot modify or delete these entries.
16
Component Description
Dynamic Routing RIP v2 – This acts as “master” switch. If enabled, the
selected WAN or LAN will run RIPv1/v2, otherwise
they don’t have RIP function.
LAN, WAN – If enabled, any WAN or LAN can
execute RIP function.
Static Routing Entry Index – If adding a new entry, ignore this field.
To edit an existing entry, select it from the list, and
click the <Select> button. The screen will then
update with the data for the selected entry. If the
Index is 0, this is a System entry that users cannot
delete or modify.
Network Address – The network address of the
remote LAN segment. For standard class "C" LAN,
the network address is the first 3 fields of the
Destination IP Address. The 4th (last) field can be left
at 0.
Netmask – The Network Mask for the remote LAN
segment. For class "C" networks, the default mask is
255.255.255.0
Gateway –The IP Address of the Gateway or Router
that the SP881B Firewall Router must use to
communicate with the destination above. (Not the
router attached to the remote segment.)
Interface –Select the correct interface, usually "LAN".
The "WAN" interface is only available if NAT
(Network Address Translation) is disabled.
Metric –The number of "hops" (routers) to pass
through to reach the remote LAN segment. The
shortest path will be used.
17
/