User`s Manual
Contents
1. 60 5 3 VPN IPSec Setup see 61 5 4 Example1 Tunnel between Two VPN Routers eeesssss 65 5 5 Example2 Tunnel between VPN Router and VPN Client with Fix IP 65 5 6 Example3 Tunnel between VPN Router and VPN Client Luitiayo gern ed 66 Chapter 6 Configuring IPSec on Windows 2000 XP sssssssseeeenenennneeeennnns 67 6 1 EMVIFOMMON m 6 2 Steps in Windows 2000 XP 6 3 Steps in ADSL Integrated Gateway Chapter 7 Secutily cte er e ein edem cn te ind on ditas aree Chapter 8 Trouble ShOoting cire teret Hte eet Cate vetu ee daa 88 EI rc Client Side Computers Appendix A Frequently Asked Questions sees 90 Wireless Questions esee nnne tne nnne 91 Appendix B Setting up TGP IP Protocol 2 ertt erret rere ete 95 Installing the TCP IP Protocol for Windows 3 95 Fixed IP Addresses Configuration 2 norte tre p e ete rd a 98 Appendix C MacintoshuSeltup etr niter i eric rtr rni ie pea rea a Facere 100 Appendix D Technical Specifications 2 rrt ee rete rer rnt tener ten Specifications for Wireless Model only NB5580W General Specifications for both NB5580 amp NB5580W Appendix E Cable Connections nemen ens RJ 45 Network DOLLS ot XXE EHE POE T2. Note Your router s configuration should be kept secret and in a secure location to prevent unwanted access to password or network topology information Currently you should only use Internet Explorer version 5 0 or above to back up your router To Back up your router 1 Click the Backup button When the File download window opens select Save this file to disk Click OK File Download Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 53 42x 2 Choose the location where you would like to store the file and enter the file name leave the cfg extension Click Save To Restore your Router s configuration 1 Log into the router and click the Backup and Restore menu item from the left hand menu 2 Click the Browse button to open a Choose file window search and select your previously backed up file Click Open Choose file www netcomm com au Rev 1 YML686 Page 54 NP5580 W User Guide Met C 3 When you return to the Backup amp Restore screen you should see the file path in the white field Click the Restore button to start the configuration upload rows 4 Once the upload is complete the router should reboot and implement the new configuration The IP address and subnet of the could now be different perform a IPconfig Release and renew to check if the browser menu stops responding Note You may not be able to restore a configuration that was backed up from a different version
3. Edit Authentication Method Properties Authentication Method The authentication method specifies how trust is established between the computers Active Directory default Kerberos V5 protocol C Use a certificate from this certification authority CA Browse Use this string preshared key Test This new Preshared key will be displayed in Authentication method preference order Click the OK button to continue New Rule Properties IP Fiter List Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trust is established between computers These authentication methods are offered and accepted when negotiating security with another computer reshared Key 14 From the Tunnel Setting tab click The tunnel endpoint is specified by this IP Address box and then type the Windows 2000 XP IP Address 140 111 1 2 www netcomm com au Rev 1 YML686 Page 78 NP5580 W User Guide Meta C Edit Rule Properties IP Fiter List l Filter Action Authentication Methods Tunnel Setting Connection Type IP traffic destination as specified by the associated IP filter a The tunnel endpoint is the tunneling computer closest to the list It takes two rules to describe an IPSec tunnel C This rule does not specify an IPSec tunnel The tunnel endpoint is specified by this IP address 140 111 1 1 15 From the Connection Type tab select All network co
4. Each micro filter is connected in line with your telephone or fax machine so that all signals pass through it Telephones and or facsimiles in other rooms that are using the same extension will also require Microfilters The following diagram gives an example of connecting your ADSL Modem Router using a Microfilter NA FDA BEL e mwwv CERES ie r I I q I l i Old Style 1 1 Adaptor with I I I Telephone Line l I Wall Socket Cord I Wall Socket I I l I I T I i I I i l I Microfilter l NB5580 l required if additional I ADSL Integrated I devices are connected l l Gateway I to an extension l 1 I i I l a I I I I i I I I i I 1 Telephone l l Computer 1 Computer 2 i I me m eee e e e M m m m e m m m m Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 107 MIL Appendix G EM1180 ADSL POTS Splitter Installation Guide Features High quality low pass filter with optimum performance Surge and overload current protection Wall mounting facility Multiple input and output termination Additional wall outlet not required Location for Installation The ADSL splitter filter should be installed into the premises telephone wiring on the customer side of any telephony connections i e Before the first outlet or branching point Important Safety Instructions Read and understand all instructions Do not install this product near water for example in a wet base
5. carry Click Apply after making any changes The following table lists the port numbers of some popular applications Application Outgoing Control Battle net 6112 DialPad 7175 ICQ 4000 ICU II 2019 IRC 6667 MSN Gaming Zone 47624 PC to Phone 12053 Quick Time4 554 wowcall 8000 www netcomm com au Page 36 Incoming Data 6112 51200 51201 51210 4000 2000 2038 2050 2051 2069 2085 3010 3030 531 6666 6667 2300 2400 28800 29000 12120 12122 24150 24220 6970 6999 4000 4020 Rev 1 YML686 NP5580 W User Guide Met C 4 8 Dynamic Routing The Dynamic Routing feature allows your NetComm NB5580 W to exchange routing information with other routers in the network Enabling this feature is likely to enhance performance of your NetComm NB5580 W when used in a multi routed network Disana Table Cancel TX From the drop down list select one of the routing information types RIP 1 RIP 1 Compatible or RIP 2 to enable the TX transmit function RIP 1 is the protocol used by older routers and newer routers should use RIP 2 RIP 1 Compatible serves to broadcast RIP 1 and multicast RIP 2 A RX From the drop down list select one of the routing information types RIP 1 or RIP 2 to enable the RX receive function Click Apply after making any changes 4 9 Static Routing The Static Routing feature allows computers that are connected to the NetComm NB558
6. n 192 168 2 100 VPN Router 2 192 168 2 1 211 21 189 53 211 21 189 49 Tunnel 1 Enable Subnet 192 168 2 0 255 255 255 0 Subnet 192 168 1 0 255 255 255 0 210 241 239 77 DES MD5 ISAKMP Off MyTest 5 5 Example2 Tunnel between VPN Router and VPN Client with Fix IP ma LAN WAN gm 192 168 1 100 VPN Router 1 LAN IP 192 168 1 1 WAN IP 210 241 239 77 Default Gateway 210 241 239 73 Tunnel 1 This Tunnel Enable Local Secure Group Subnet 192 168 1 0 255 255 255 0 Remote Secure Group IP 140 111 1 2 Remote Security Gateway 140 111 1 2 Encryption DES Authentication MD5 IPSec ISAKMP PFS off IKE Pre share KEY MyTest Rev 1 YML686 NB5580 W User Guide 192 168 2 100 IP 140 111 1 2 140 111 1 1 Tunnel 1 Enable IP 140 111 1 2 Subnet 192 168 1 0 255 255 255 0 140 111 1 1 DES MD5 ISAKMP off MyTest www netcomm com au Page 65 hudan 5 6 Example3 Tunnel between VPN Router and VPN Client with dynamic IP L1 LAN 7 s WAN g 192 168 1 100 210 21 189 53 VPN Router 1 Win2000 Professional Safenet Cisco VPN Client LAN IP 192 168 1 1 WAN IP 210 241 239 77 IP 210 21 189 53 Default Gateway 210 241 239 73 210 21 189 49 Tunnel 1 Tunnel 1 This Tunnel Enable Enable Local Secure Group Subnet 192 168 1 0 255 255 255 0 IP 211 21 189 53 Remote Secure Group IP Any Subnet 192 168 1 0 255 255 255 0 Remote Security Gateway Any 210 241 239 77 Encryption DE
7. Cancel Double click TCP IP from the list on the right or highlight TCP IP then click OK to install TCP IP 5 After a few seconds you will be brought back to the Network window The TCP IP Protocol should now be on the list of installed network components refer to point 2 6 Click the Properties button Bindings Advanced WeBlOs DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below Specify an IP address V Detect connection to network media The TCP IP Properties window consists of several tabs Choose the IP Address tab 7 Select Obtain an IP address automatically Click OK Restart your computer to complete the TCP IP installation Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 97 AME Fixed IP Addresses Configuration Fixed IP addresses may be assigned to network devices for many reasons such as the server computers or printers which are consistently accessed by multiple users To set up computers with fixed IP Addresses go to the IP Address tab of the TCP IP Properties window as shown above 1 Select Specify an IP address and enter 192 168 1 in the IP Address location where is a number between 2 a
8. E g use the number you discovered in the hint above such as 203 147 197 75 Set your number of test packets to send either 1 2 3 or 4 Leave packet size as default 60 bytes Leave time between packets as default 1 second 1000 milliseconds Leave time out as default 5 seconds 5000 milliseconds Click Start Check that packets received equals at least 1 to confirm a good ping response Total packet loss can be determined by comparing packets sent to packets received P Trace Route Operates in a way to most Trace Route programs and is used to Trace all the routing points from the Source the Router to the Destination The IP address entered Note Not all routers in an IP path will allow self identification hence you may see some hops along the way left as blanks Also it is possible that the final destination may not respond to the Trace Route Query even though it exists and can exchange data via TCP IP Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 57 Mill G Chapter 5 Configuring IPSec VPN Tunnels 5 1 VPN IPSec Introduction The VPN Router creates secure communications between sites without the expense of leased site to site lines A VPN tunnel is a combination of authentication encryption tunneling and access control technologies used to transport traffic over the Internet or any insecure network IPSec Internet Protocol Security is an industry standard protocol suite that pro
9. Mill Default Settings amp Facts for the NB5580 amp NB5580W The following lists the default settings of your NetComm NB5580 W Note It is highly recommended that you enable security settings such as WEP and change default administration passwords and SNMP strings before connecting your NB5580 to your network or the Internet Router LAN IP 192 168 1 1 Username none Password admin WAN port MDI Auto MDI No cross over cable required Resetting While using or installing your NetComm NB5580 W you may need to utilise the reset feature There are two types of reset Soft A soft reset will restart the unit and reconnect to the internet using the settings stored previously none of your settings are deleted To perform a soft reset briefly press the reset button on the back of the unit Hard A hard reset will return your unit to its factory default setting meaning that you will loose all configurations and logs set stored previously To perform a hard reset press and hold in the reset button on the back of the unit for 10 seconds Note Both types of reset require the NB5580 W to be powered up before the reset button is pressed Power Ensure that you only use the Power Adaptor supplied 12VDC 1 0Amps Center pole positive with your NetComm NB5580 W www netcomm com au Rev 1 YML686 Page 6 NP5580 W User Guide Met C One page setup for most ADSL services 1 Connect your computer to one of the four LAN
10. Use the wall mounting plate as template to mark the two positions for holes where you wish to mount the box on the wall 2 Drill the marked holes with a 6 0mm 0 24inch diameter drill bit to a minimum depth of 35mm 1 38inch 3 Insert the wall plugs into the drilled holes 4 Position the wall mounting plate over the holes and insert the screws 5 Position the filter over the wall mounting plate and push firmly into position until it is secured Connector Function Style Tip Ring J5 Line RJ12 IDC Pin3 Pin4 J4 ADSL Modem RJ45 IDC Pin4 Pind J6 Local Phone RJ123 IDC Pin3 Pin4 www netcomm com au Page 110 Rev 1 YML686 NP5580 W User Guide Appendix H Glossary 10Base T 100Base T The adaptation of the Ethernet standard for Local Area Networks LANs 10Base T uses a twisted pair cable with maximum lengths of 100 meters and transmits data at 10Mbps maximum 100Base T is similar but uses two different twisted pair configurations and transmits at 100Mbps maximum Ad hoc Network Also known as the peer to peer network an ad hoc network allows all computers participating in a wireless network to communicate each other without an AccessPoint Adapter A device that makes the connection to a network segment such as Ethernet and modem cards ADSL Asymmetric Digital Subscriber Line ADSL as its name indicates is an asymmetrical data transmission technology with higher traffic rate downstream and lower traff
11. have been blocked check the Filter field beside the MAC address in Edit MAC Filter table the background color will be yellow Wireless Station MAC Filter This function allows you to restrict wireless users to access Internet Click Edit MAC Filter Setting button to open the edit table Wireless MAC Entry There are 32 sets divided into four groups in this function You can choose each group by selecting from the pop down list Enter the MAC addresses of the computers you wish to block in the columns and click the Filter field beside the MAC address and then that user will be blocked to link to WLAN and Internet If the Filter field isn t checked that MAC address won t be blocked The MAC address entered here should be 12 continue alphanumeric digits without in between Click Apply to save these changes Beacon Interval It s the signal sent periodically by wireless access point to provide synchronization among the stations in wireless LAN RTS Threshold RTS packet is use to account for potential hidden stations This feature allows you to set the size of RTS packet Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 39 Metta C a Fragmentation Threshold If the length of data frame needing transmission exceeds the fragmentation threshold you set in the column the data frame will be fragmented If there is significant interference or high utilization in your wireless network the smaller fragmentation
12. 168 1 1 to check for IP connectivity between your computer and the Router Note If you are not able to get to the web configuration screen for the NetComm NB5580 W make sure that you disable the proxy setting within your Internet browser and set your browser to access the Internet via the LAN What can I do if I have forgotten the password for NetComm NB5580 W You have to reset the Router back to its factory default setting by pushing the Reset button for over 3 seconds Note You will lose all previous settings I cannot access my ISP s home page why Some ISPs such as Telstra BigPond require their host name be specifically configured into your computer before you can surf their local web pages If you are unable to access your ISP s home page enter your ISP s Domain Name into the One Page Setup Section 3 3 to enable all computers in your LAN to access it If you only want to allow computers to access these home pages open the TCP IP Properties window Appendix B on these computers click open the DNS Configuration tab and enter your ISP s Domain Name in the Domain Name Search Suffix location Client Side Computers I can t browse the Internet via the NetComm NB5580 W Ensure your computer can ping or access the Router See the previous section entitled Why can t I configure the NetComm NB5580 W for more information Check the status page of the Router to ensure connection to your ISP has been established I get
13. Fiter List Tu New Rule Properties Authentication Methods Tunnel Setting Connection Type IP Fitter List Fitter Action The selected IP filter list specifies which network traffic will be affected by this rule O AI ICNP Traffic Matches all ICMP packets betw O Al IP Traffic Matches all IP packets from this Broadband VPN Router gt XP XP gt Broadband VPN Router www netcomm com au Rev 1 YML686 Page 76 NP5580 W User Guide Metta 11 From the Filter Action tab click the filter action Require Security New Rule Properties ale Authentication Methods Tunnel Setting Connection Type IP Fiter List Riter Action for secure network traffic and how it will secure the traffic zc O Pemit Pemit unsecured IP packets to Request Security Optional Accepts unsecured communicat O Require Security Accepts unsecured communicat 12 From the Authentication Methods tab click the Edit button New Rule Properties IP Fiter List Filter Action Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trust is established offered and accepted when negotiating security with another Move up Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 77 Metta C 13 Change the authentication method to Use this string preshared key enter the string Test and then click the OK button
14. Properties Authentication Methods Tunnel Setting Connection Type IP Filter List N Filter Action The selected IP filter list specifies which network traffic will be affected by this rule IP Filter Lists Name Description O Al ICNP Traffic Matches all ICMP packets betw O Al IP Traffic Matches all IP packets from this Broadband VPN Router gt XP FIX gt Broadband VPNFowter I 2 From the Filter Action tab click the filter action Require Security and click the Edit button New Rule Properties PR Authentication Methods Tunnel Setting Connection Type IP Fiter List Fiter Action w The selected filter action specifies whether this rule negotiates for secure network traffic and how it will secure the traffic Descriti Permit unsecured IP packets to Accepts unsecured communicat Accepts unsecured communicat LO Require Security Add Edt p Remove Use Add Wizard a __ 3 Check that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPsec check box www netcomm com au Rev 1 YML686 Page 72 NP5580 W User Guide Met C 4 Select the Session key Perfect Forward Secrecy PFS and remember to check the PFS option on the ADSL Integrated Gateway and then click the OK button Require Security Properties T Accept unsecured communication but always respond using IPSec Allow unsecu
15. Security Gateway mH E E Encryption amp Authentication Access Control i E Universal Plug n Play Logging E Physical Security Physical security should be considered because if a malicious person has physical access to the unit they can damage it steal it reset it to factory defaults or just sabotage it to allow them remote access later on Note Your Admin password can be deleted with physical access www netcomm com au Rev 1 YML686 Page 82 NP5580 W User Guide Melua C Wireless Security NB5580W only The NB5580W has a Wireless Access Point built in and enabled by default If you do not wish to use this feature at this time you should disable it Connecting your NB5580W to your Network in default mode will allow any wireless client in range to freely access your LAN devices as well as your Internet service If you intend on using Wireless access you should consider enabling WEP enabling MAC Filtering and disabling the SSID broadcast feature to enhance your network security Administration Password Your Admin Password gives you complete control over the NB5580 W it should NEVER be left as default because it can allow access from a Web browser on both your LAN and possibly the Internet You should change your Administration Password to something complex and involving many UPPER and lower case Characters Some examples of suitable passwords in growing complexity are fallendyou mixing words and
16. a time out error when I enter a URL or IP address Check if other computers on the LAN are experiencing the same problem If not ensure the computer s IP settings are correct IP Address Subnet Mask Gateway IP Address and DNS Check the NetComm NB5580 W s settings are correct Section 3 3 Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 89 VW LY Appendix A Frequently Asked Questions What is the maximum number of IP Addresses the NetComm NB5580 W can support The NetComm NB5580 W can support up to 253 IP Addresses usually in the range of 192 168 1 2 192 168 1 254 Where should the NetComm NB5580 W be installed on the network In a typical environment the NetComm NB5580 W should be installed between the ADSL Cable modem and your LAN Connect the NetComm NB5580 W to the Ethernet port of your ADSL Cable modem and connect your computers to the RJ45 jack on the LAN side Does the NetComm NB5580 W support IPX or AppleTalk No The NetComm NB5580 W was designed to provide a multiple user LAN with shared Internet access and supports only the TCP IP Protocol If your Novell or Apple system is configured with TCP IP the NetComm NB5580 W can support them Does the NetComm NB5580 W support 100Mb Ethernet Yes the NetComm NB5580 W supports both 10Mb amp 100Mb Ethernet on the LAN side but only 10Mb on the WAN side What is NAT and what is it used for The Network Address Translation NAT Proto
17. block using an IDC tool See wiring configuration below for details Connect cable from ADSL Modem outlet to the connector marked ADSL Connect cable from in house telephone wiring to the connector marked telephone Connect the incoming subscriber line to the connector marked LINE Secure cables with cable ties Put connector cover back in place and relocate onto the wall Configuration 1 Network l Boundary Point NBP l TO 1 First socket Alternative Data A Socken Lead in Cable fff Building TE Central Filter I Entry Point BEP Additional Line or Data Socket Connection Customer Additional telephone socket connection IN TO 2 Socket for telephone R TO n Additional Voice Sockets etc Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 109 Met C Configuration 2 TE Central Filter Lead in Cable Ff Network Boundary Point NBP TO 1 Additional Line or Data Socket Connection Customer Wall Mounting Instructions PC TO 1 Additional telephone socket connection r TO 2 Socket for voice am SER TO n Additional Voice Sockets etc The ADSL splitter filter can be mounted on a wall by simply suing the wall mounting plate enclosed and suing the double sticky tape or the two screws provided This filter may be mounted either horizontally or vertically Follow these steps for screw mount 1
18. employ NAT to share Internet access for all of your computers as well as protect them from outside intruders 2 Your ISP uses Classical IP connection type use LLC encapsulation and routing protocol and provides you with one or more IP addresses when you apply for the service You can find more information in the RFC 2684 standard Specify WAN IP Address Enter the IP address provided by your ISP Subnet Mask Enter the subnet mask values provided by your ISP Default Gateway IP Address Your ISP will provide you with the Default Gateway IP Address Domain Name Server DNS Your ISP will provide you with at least one DNS IP Address Multiple DNS IP settings are common The first available DNS entry is used in most cases Gateway using LLC Encaps Dynamic IP This connection type is the default setting of the NetComm NB5580 W Choose this setting if 1 You want to employ NAT to share Internet access for all of your computers as well as protect them for outside intruders 2 Your ISP uses LLC Encapsulation and DHCP to assign IP addresses when you connect LLC encapsulation allows multiplexing of multiple protocols over a single ATM virtual connection VC You can find more information in the RFC 2684 standard Gateway using LLC Encaps Static IP Choose this setting according if 1 You want to employ NAT to share Internet access for all of your computers as well as protect them for outside intruders 2 You
19. enabled applications to configure your router www netcomm com au Rev 1 YML686 Page 86 NP5580 W User Guide Met C Logging To maintain a secure network it is important to adapt to changes in your network environment The best way to do this is to view the logging in your router particularly look for items in red text as these indicate data that has been blocked by the firewall or by your Access Control filters For easy regular monitoring use the email or Syslog features to send you log to another computer Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 87 Mill Chapter 8 Trouble Shooting This chapter provides solutions to problems you may encounter during installation and operation of your NetComm NB5580 W Hardware The Power LED is off Check the power cable is properly connected to the NetComm NB5580 W the power adapter and the socket The LAN Link LED is off Check the computer hub or switch is properly connected to the NetComm NB5580 W Check the computer s Ethernet card is properly installed Check the UTP cable connecting the computer to the Router is connected The DIAG LED stays lit The DIAG LED should light up when the device is first powered up to indicate it is checking for proper operation After a few seconds the LED should go off If it stays on the device is experiencing a problem Please contact your dealer Why can t I configure the NetComm NB5580 W First che
20. explanation please refer to the more detailed sections of this document This guide presumes that your NetComm NB5580 W is set to factory defaults See Resetting if required The NB5580 is available in either standard or wireless versions If you have purchased the NB5580W refer to 4 10 Wireless or Chapter 7 Security for information on setting up the wireless component of your Router Product naming conventions This manual covers both the NB5580 and NB5580W ADSL integrated Gateways Where feature and functions are common to both models the product will be refered to as the NB5580 W Features and functions dedicated to the NB5580W Wireless model are shown separately www netcomm com au Rev 1 YML686 Page 4 NP5580 W User Guide AP LEMEG Package Contents After carefully unpacking the shipping carton check the contents listed below E NB5580 ADSL Integrated Gateway OR E NB5580W ADSL Integrated Gateway with Wireless with Removable Omni directional 2dBi Antenna Package Contents Note and this User Guide Cat 5 RJ45 Straight through Ethernet Cable RJ11 ADSL Line Cord and RJ11 to 605 ADSL Line adaptor p Z wi Plug Pack 12VDC 1 0A 4 W o amp 9 en Microfilter Rubber Feet gt Check the contents of your package and if any parts are missing or damaged please contact your Dealer Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 5
21. in use by entering 0 in the DMZ Host field The Multi DMZ allows you to map the public IP addresses to your LAN PCs should you get more than one public IP address from your ISP This function is useful to set up your servers such as an FTP server web server and so on with public IP addresses but still keep them within your LAN group With the public IP addresses Internet users will access your servers more easily and those servers can still communicate with other PCs in you LAN by using Network Neighborhood DMZ Host 1 Before setting up a LAN PC to act as a DMZ Host you should configure it using a fixed IP Address 2 In the One Page Setup screen ensure the Private IP Address is set to the Broadband Security Router s default setting of 192 168 1 1 In the Public IP Address area select Specify an IP Address and then enter the IP Address and other necessary information provided by your ISP 3 Click the DMZ Host option in the Advanced Menu and enter the fixed IP Address of the Exposed Host PC in the DMZ Host IP Address location Remember entering 0 will disable this application www netcomm com au Rev 1 YML686 Page 44 NP5580 W User Guide AME C Multi DMZ 1 Enter the valid public IP address in WAN IP column Next enter the private IP address of the PC that you wish to map to in LAN IP field Up to five public IP addresses can be entered 2 Click the Apply button after making any changes or c
22. of different functions Each node and Access Point for example must always acknowledge receipt of each message Each node must maintain contact with the wireless network even when not actually transmitting data Achieving these functions simultaneously requires a dynamic RF networking technology that links Access Points and nodes In such a system the user s end node undertakes a search for the best possible access to the system First it evaluates such factors as signal strength and quality as well as the message load currently being carried by each Access Point and the distance of each Access Point to the wired backbone Based on that information the node next selects the right Access Point and registers its address Communications between end node and host computer can then be transmitted up and down the backbone As the user moves on the end node s RF transmitter regularly checks the system to determine whether it is in touch with the original Access Point or whether it should seek anew one When a node no longer receives acknowledgment from its original Access Point it undertakes a new search Upon finding a new Access Point it then re registers and the communication process continues What is ESSID An Infrastructure configuration can support roaming for mobile workers More than one Access point can be configured as an with the same SSID Users within range of atleast one Access point could roam freely between Access points while mai
23. of firmware It is strongly advised that you try to match the firmware version in your router to the version from which the backup file was made 4 19 Upgrade Firmware This setting page allows you to upgrade the latest version firmware to keep your router up to date Before you upgrade the firmware you have to get the latest firmware and save it on the PC you use to configure the router rw horde E Select a file to upgrade Enter path of the latest firmware you saved on the PC You can choose Browsing to view the folders and select the firmware B Upgrade After you enter or select the path click Upgrade to proceed firmware upgrade process Please note that don t power off the router during the firmware upgrading Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 55 Metta 4 20 Note Hint Diagnostics Ping amp Tracert The Ping Trace Route Diagnostics can be independently selected by clicking on either Ping or Tracert on the left hand menu These features are handy tools for diagnosing network faults and ISP service faults Ping Operates in a similar way to most Ping utilities It will send a ping via the ICMP protocol and receive a response from the target if it is configured to respond You can choose if the ping originates from the LAN Private side of the router or from the WAN Public side of the router Just because a computer does not respond to a ping doesn t mean it is
24. ports on the NetComm NB5580 W and ensure you have a link Connect your ADSL enabled line to the ADSL port of the NetComm NB5580 W using the RJ11 cable supplied 2 Setthe Network Card of your computer to use DHCP or assign it an IP address in the range of 192 168 1 2 254 3 Open a web browser ensuring that it is set to access the Internet via the LAN not by a dial up networking account Browse to the NetComm NB5580 W s default IP 192 168 1 1 The main menu of the router should open displaying the One Page Setup Note You may be prompted for a log in there is no User Name and the default Password is admin Change your WAN Connection Type to PPPoE ADSL 5 Set your User Name and Password as provided by your ISP If you wish to make services available to external Internet users even when you are not using Internet services from inside your network you can choose Keep Alive Alternatively for extra security you can choose Connect on Demand 7 Click Apply Your NetComm NB5580 W will attempt to use your settings to connect to your ISP You can check the results on the Status Monitor page 8 If you have a DHCP server already active on your network it is recommended that you disable either the NetComm NB5580 W s built in DHCP server or the existing DHCP server Please note that Microsoft Internet Connection Sharing is a DHCP server Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 7 y In
25. set up to ten public ports such as a HTTP web SMTP email FTP etc that can be accessed by external users of the Internet Each service is forwarded to a dedicated network computer server configured with a fixed LAN IP Address Although the internal service addresses are not directly accessible to the external user the NetComm NB5580 W is able to redirect requests to the appropriate internal IP Address server To use this application it is recommended you use a fixed Public IP Address from your ISP and that your internal servers do not use a DHCP client Note Please refer to section 4 17 Universal Plug n Play for alternatives to Port Forwarding 192 168 1 0 o Ho 192 168 1 0 0 192 168 1 7 0 Bon 192 168 1 0 0 o Bon 192 168 1 0 o 0 Bot w 192 168 1 0 0 o Bot m 192 168 1 0 Boh w 192 168 1 0 0 192 168 1 0 0 192 168 1 7 192 468 1 0 Note Your NetComm NB5580 W supports only one forward to one IP Address for each port service Set up a network computer to act as a server and configure each with a fixed LAN IP Address in the same subnet as the LAN subnet of the router E Inthe One Page Setup screen ensure the Private IP Address is set to the NetComm NB5580 W s default setting of 192 168 1 1 If a fixed Public IP Address is to be used select Specify an IP address and enter the IP Address and other necessary information provided by your ISP E Incoming Ports Enter the desired serv
26. the Access Point but not on your wireless adapter or vice versa Verify that the same WEP Keys and levels 64 or 128 are being used on all nodes on your wireless network Also we suggest you check for Wireless MAC filtering What is the maximum number of users the Access Point facilitates No more than 64 but this depends on the volume of data and may be less if many users create a large amount of network traffic How many channels frequencies are available Using 802 11b or 802 11g there are thirteen available channels in the Australian domain Some channels may not be selectable depending on your product and regional regulations www netcomm com au Rev 1 YML686 Page 94 NP5580 W User Guide Met C Appendix B Setting up TCP IP Protocol Installing the TCP IP Protocol for Windows If you are not sure whether the TCP IP Protocol has been installed follow these steps to check and if necessary install TCP IP onto your computer 1 Click the Start button Choose Settings then Control Panel ontrol Pas 5 x Ele Edit View Favorites Tools Help Ea 2 s m sw Accessibility AddNew Add Remove Adobe Gamma AudioHQ Options Hardware Programs g Automatic Date Time Dial Up Disc Detector Display Updates Networking A A amp Find Fast Folder Options Fonts Gaming Internet Options Options sina S ass 2 d Keyboard Mail Modems Mouse aa g ODBC Data Passwords Power Options Printer
27. to be connected Qs a SS Telephone Line 77 y Cable into ADSL Port and then jy Ethernet Cable Power Adaptor j into any LAN into POWER Port and then portand then into Computer s or LAN into a Powerpoint into an ADSL Enabled Line Note If your telephone line has an ADSL splitter installed you must connect the NB5580W to the line wall socket designated for ADSL use If your Telephone line does not have an ADSL splitter you must connect Microfilters in line with each telephone device you intend to use on the Telephone line See the Section on ADSL Filters Splitters in the Appendix of this manual Connect your computers with Network Interfaces to any of the four Ethernet LAN sockets on the back of the NB5580W If you wish to connect more than four computers you should connect one of the LAN sockets to your Network Hub or Switch Check that the Ethernet sockets used have their respective LAN link lights on Note Auto MDI is available on all four ports A special cross over cable or uplink port to join the router to another hub or switch is not required as the NB5580W ports are self adjusting You should now be able to access and configure the NB5580W via a web browser See the Configuration section of this manual for more information Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 15 a 0 MUL 2 3 Front Panel LEDs for the NB5580 The following figure shows the fro
28. to join the existing wireless network However if not the Pass phrase method is recommended If you are not sure which way to use check with your network administrator Default TX Key Select one of the four keys to be the encryption key you are going to use in the wireless network To be sure that all the points in a same wireless network have to have the same encryption key Click Apply after making any changes WAN Connection Type The ADSL Connection type sets the way your NB5580 W works with the ADSL Service supplied by your ISP The Most common choice for this setting is either Gateway using PPPoE or Gateway using PPPoA these will work for most ISP s ADSL services and will safely share your Internet access with your LAN Gateway using PPPoE Gateway using PPPoA Gateway using Classical IP Gateway using LLC Encaps Dynamic IP Gateway using LLC Encaps Static IP E Router using Classical IP Modem using LLC Encaps Gateway Router and Modem are different working modes that the NetComm NB5580 W can use It is highly recommended that you use the Gateway mode which is NAT enabled It not only allows LAN users to share a single IP Address but also protects your LAN network from outside intruders If the NetComm NB5580 W is set to the Router mode or the Modem mode all the computers in the LAN will have to be assigned fixed public IP Addresses The Router mode allows users to specify which routing path data packe
29. value can increase the reliability transmission However it is more efficient to set the large fragment size DTIM Interval DTIM is the acronym of delivery traffic indication message It determines how often the MAC Layer forward multicast traffic Basic rate Leave Mixed as default setting to compatible with different wireless standard or select other rates you wish to use to connect with specific wireless standard devices Transmission Rates Leave Default setting or select other speed you wish to use Preamble Type Leave Dynamic as default setting or select other type to compatible with special setting your client devices use Authentication Type Select either Open System or Share Key as authentication type If you are not sure select both Click Apply after making any changes www netcomm com au Rev 1 YML686 Page 40 NP5580 W User Guide VW LUA 4 11 Administration Settings NB5580 W This feature allows the administrator to manage the NetComm NB5580 W by setting certain parameters For security reasons it is strongly recommended that you set a Password and SNMP communities so that only authorized persons are able to manage your NetComm NB5580 W If the Password is left blank all users on your LAN WLAN can access the router simply by entering the unit s IP Address into their web browser s location window Product Name Firmware Version Administrator Password Password Change Password Confi
30. 0 W directly or through a hub switch on the immediate LAN to communicate with other computers in the respective LAN segment which are connected to the NetComm NB5580 W through another router destination LAN Up to 20 route entries may be entered into the NetComm NB5580 W The diagram below gives an example of the physical connections required to use Static Routing Broadband Wirele Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 37 Met C In the above diagram PC2 in LAN 2 is connected to the NetComm NB5580 W via another router while PC1 in LAN 1 is connected to the NetComm NB5580 W directly Without configuring the Static Routing function the two computers would not be able to communicate with each other Delete this entry E LAN Select Route entry Select the route entry number from 1 to 20 that you wish to configure Destination LAN IP and Subnet Mask Enter the IP Address and Subnet Mask of the destination LAN that the immediate LAN is to communicate with Taking the above diagram as an example enter 792 168 2 0 in the Destination LAN IP field and 255 255 255 0 in the Subnet Mask field Default Gateway Enter the IP Address of the router that forwards data packets to the destination LAN For the above example enter 792 168 1 2 in the Default Gateway field Hop Count Enter the number of hops required between the LANs to be connected The Hop Count represents the cost of the
31. 0 W to Existing Network If the NetComm NB5580 W is to be added to an existing Macintosh computer network the computers will have to be configured to connect to the Internet via the NetComm NB5580 W 1 From the Apple menu select Control Panel and click on TCP IP 2 From the File menu select Configurations and select your existing network configuration Click Duplicate 3 Rename your existing configuration Click OK and Make Active In the Setup area Select Manually in the Configure location from the drop down list Inthe IP Address location enter the IP Address that you want to assign to the computer for example 192 168 1 2 Enter 255 255 255 0 in the Subnet Mask location Enter 192 168 1 1 the NetComm NB5580 W s default IP Address in the Router Address location Enter the ISP s IP Address in the Name Server location if your ISP has provided the information Close the window 5 Click Confirm TCP IP is now configured for manual IP Addressing 6 Configure your NetComm NB5580 W refer to the above section Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 101 VAA Appendix D Technical Specifications Specifications for Wireless Model only NB5580W Standards Antenna Operating Channels Modulation Access Mode Roaming Security IEEE 802 11 11g and 802 11b standard compliant IEEE 802 3
32. 0 W you will need to include the different port when you type its IP address E g http 192 168 1 1 8080 Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 83 Meta Note Block WAN Ping Response Most Devices running TCP IP protocols will respond to a Ping this makes diagnosis of Networking problems easier to fault find However responding to a Ping request to your Public WAN IP address makes you an easier target for hackers The NB5580 W is set to disregard a ping from the internet by default if you need to enable this feature for diagnosis of a problem please remember to Enable the Block again when testing is complete DMZ Host The DeMilitarized Zone Host setting is used to specify the IP address of a computer Host that will deal with any data received from the internet that is not a response to an internal computer s request via NAT This data would normally be dropped by the NB5580 W but if you wish to allow external access to a particular internal computer this option is used to expose the Host to raw connections from the internet The DMZ host feature is most commonly used to allow Internet users access to a Web server or Game server To secure your network you should ensure that the DMZ host feature is disabled If you need to use the DMZ host feature you should ensure the computer with the IP address specified is secured with a secondary software or hardware firewall Port Forwarding This f
33. 10BaseT IEEE 802 3u 100BaseTX Single removable external antenna with reverse TNC connector llb Mode 11 Channels USA Canada 13 Channels Europe amp Australia 14 channels Japan lig Mode 11 Channels USA Canada 13 Channels Europe Japan Australia CCK for 11b mode 1 2 5 5 11Mbps OFDM for 11g mode 6 9 12 24 36 48 54Mbps Infrastructure mode IEEE 802 11 Compliant 64 bit amp 128 bit WEP Encryption General Specifications for both NB5580 amp NB5580W Standards Ports Protocol Maximum Users Cabling Type Frequency Range Data Transmission Rate IPSetting VPN Endpoints IPSec IEEE 802 3 10BaseT IEEE 802 3u 100BaseTX WAN One RJ 11 port LAN Four 10 100 RJ 45 ports All ports with auto cross over detection TCP IP UDP NAT DHCP PPPoE Heartbeat CHAP PAP Up to 253 users UTPCategory 5 or better 2 4 2 4835GHz Industrial Scientific Medical Band 54Mbps 48 36 24 12 11 9 6 5 5 2 1 Mbps Auto Fall Back WAN DHCPclient Static IP LAN DHCPauto assignment Static IP Maximum tunnels up to 5 Local secure group IP Subnet or IPrange Remote secure group IP Subnet IPrange Host or Any Remote security Gateway IP FQDN Any Encryption DES 3DES or none Authentication MD5 SHA or none Authentication method Preshared key Key Management Auto IKE PFS or none or Manual Encry Auth In SPI Out SPI VPN Pass through NATtraversal Firewall amp Security www
34. 580 W User Guide Page 19 AME 3 3 Initial Configuration Setup The OnePage Setup screen is the first screen you will see when you access the router s configuration If the router has already been successfully installed and set up this screen s values will already be properly configured The One page setup screen is used to configure the most common settings to get your NB5580 W connected to the internet and sharing that connection with your LAN WLAN Below is quick list of only the settings which are critical and where you should find the information to correctly configure theses settings Advanced Function z E t 8 3 5 3 Note When making changes to the settings click on the Apply button before moving to another page The router will reboot and refresh the screen in 5 seconds Continue the session by selecting more menu items www netcomm com au Rev 1 YML686 Page 20 NP5580 W User Guide AME Quick Settings to get you started Private IP address Device IP address This is the IP address that will be used to configure the NB5580 W and it is also the IP address that your Computers will use as there Gateway IP address to access the Internet through the NB5580 W Your Network Administrator can advise if this IP address should be changed i e if the default 192 168 1 1 is already used Subnet Mask This is the subnet mask that accompanies the Device IP address Your Network Administrator can a
35. 65 FTP Server TCP 21 Half Life UDP 6003 7002 27010 27015 27025 MSN Messenger TCP 6891 6900 File send TCP 1863 UDP 1863 UDP 5190 UDP 6901 Voice TCP 6901 Voice PC Anywhere host TCP 5631 UDP 5632 Quake 2 UDP 27910 Quake III UDP 27660 first player CAProgram Files Quake III Arena quake3 exe set net_port 27660 27661 second player Telnet Server TCP 23 Web Server TCP 80 Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 35 Met C 4 7 Special Application Port Triggering Some applications use multiple TCP UDP ports to transmit data Due to the use of NAT in the router these applications may not work Port Triggering allows these applications to work properly Note Only one computer can use each Port Triggering setting at any time Application Name Enter the name of the application you wish to configure in the Application Name column to identify this setting This is just a label and does not govern the function of the settings Outgoing Port Range Enter the port number or range of numbers this application uses when it sends packets outbound The Outgoing Control port numbers act as the trigger When the NetComm NB5580 W detects the outgoing packets with these port numbers it will allow the inbound packets with the Incoming Port Numbers that you set in the next column to pass through the NetComm NB5580 W Incoming Control Enter the port number or range of numbers the inbound packets
36. Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 45 Iu Note 4 15 Note SMTP Mail Server The domain name of IP Address of your ISP s outgoing e mail server You may find this information when you apply for e mail service from your ISP A E mail Alert to Enter the e mail address you wish to send to Return Address Enter the e mail address you wish to send to if the alert e mail cannot be sent to the address above Log Schedule Select from the drop down list that when you wish the alert e mail will be send When Log is Full The alert e mail will be sent when log space is full They are about 30 entries Hourly The alert e mail will be sent by each hour Daily The alert e mail will be sent by each day at midnight Weekly The alert e mail will be sent by each week When this item is select A Day of Sending Alert When Weekly is selected as Log Schedule you can select which day in a week to send the alert e mail Click the Apply button after making any changes or click the Cancel button to exit the screen without saving any changes You must enable the log and click apply before you can use the View Logs button VPN Passthrough Virtual Private Networking VPN is a system which allows remote networks to privately exchange data over an existing public network usually the WAN Internet The NetComm NB5580 W supports up to fifty PPTP or IPSec VPN Passthrough sessions depending throughput av
37. ID wiring using a straight through twisted pair cable to any of the ethernet ports on the NP5580 switch to allow for connection to any port of an ethernet adapter ethernet switch or hub RJ 45 Connector Pin Assignment Normal Assignment pha Input Receive Data Input Receive Data 8 Output Transmit Data Output Transmit Data Not used Figure 1 Twisted pair cables Figures 1 and 2 illustrate the use of straight through and crossover twisted pair cables along with the connector RJ 45 plug attached to cable Figure 2 www netcomm com au Rev 1 YML686 Page 104 NP5580 W User Guide Met C Straight and crossover cable configuration Uplink or Straight through Normal or MDI port twisted pair cable MDI X port 3 L 3 Rx Tx 6 I 6 Figure 3 Normal or Crossover Normal or MDI X port twisted pair cable MDI X port 1 1 Rx Rx 2 2 p 3 Tx Tx 6 6 Figure 4 RJ11 connector and cable An RJ 11 connector is the small modular plug used for most analog telephones It has six pin slots in the head but usually only two or four of them are used RJ 11 Connector Pin Assignment Normal Assignment Signal Ground CTS 123456 RXD TXD 5 Volts In Signal Ground Figure 5 Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 105 Met C 605 to RJ 11 adapter The 605 to RJ 11adaptor is provided to comply with the older 610 Telstra wall socket The 605 to
38. MA um sipauuoo nipjsny O8SSAN 8 MOSSSSN IPIND ISN emaze pa18J891u ISAY Melua C Contents QUICK Statt SOCOM oa etr cenar ctd retento aime dert nae eite nte ten e tax 4 Product namirigCOrVerntlobls c crier rcm ede d Fed er an Fe n E OR DONE RP Rus 4 Package Contents irri certe eerte eie e EEXE PEE HEPEE EHE EUR YE HEEL FETU CE EE ele eras 5 Default Settings amp Facts for the NB5580 amp NB5580W 576 ROSINO eR ERE ER 26 uo E wG One page setup for most ADSL services e eerie e ttn 7 Jarirero Deo n are e 8 About lee 9 Chapter 1 Getting to know your NetComm NB5580 W ssssseeeeeeeeenn 10 1 1 About NetComm NB5580 W eintreten enr Er EP NR RAS EXE EE Head 10 1 2 Features of the NetComm NB5580 W eese rennen 11 1 3 Do lneed a Micro filter sor rere PH n HERES 12 Chapter 2 Hardware Installation amp Setup tiec ertet 13 2 1 Connecting your NB5580 to your EAN rire rete 13 2 2 Connecting your NB5580W to your LAN sseseeennm enn 14 2 3 Front Panel LEDS for the NB5580 eene te tee tete tie be 16 2 4 Front Panel LEDS for the NB5580W iiiter tace erret ret ees 17 Chapter 3 Intemet ACCESS annann oot en ei dde nines inna 18 3 1 Prepare your network information 3 2 Web based User Interface i19 3 3 Initial Configurat
39. PCs within the range www netcomm com au Rev 1 YML686 Page 10 NP5580 W User Guide AME 1 2 Features of the NetComm NB5580 W Standard Features of the NB5580 amp NB5580W E E ENHNEHEHEHEH T Integrated ADSL Modem supports Auto G DMT G LITE ANSI T1 413 Supports PPPoE PPPoA Static amp Dynamic IP Classical IP amp Bridge using LLC Encapsulation Active Firewall featuring Stateful Packet Inspection SPI and prevention of DoS attack Network Address Translation NAT max 1000 simultaneous connections 5 Integrated VPN Tunnel End points Multi session VPN Pass through or NATTraversal PPTP amp IPSec Universal Plug and Play allows Internet Apps to auto configure ports Ping Diagnostics LAN amp WAN Trace Route Diagnostics Back up amp Restore Configuration Intruder detection Traffic amp Event Logging viewable Online Logging Alarms can be sent to Syslog or Email server Access Control filter by IP MAC URL keyword Access Control filter Proxy Java ActiveX Cookie Access Control Time of Day filter with exception IP address Dynamic DNS for hosting server on Dynamic Public IP address DHCP Server for LAN DNS Relay Forwarding Port Range Forwarding Virtual Server Port Triggering Special Applications like P2P programs Demilitarised Zone Host DMZ amp Multi DMZ for hosting Web Mail servers Web Based configuration and Administration Remote Internet Administration ch
40. RJ 11 adapter may be used O to convert the supplied RJ 11 cable if the older connection is required USB cable A typical USB cord has an A connection upstream to plug into the computer and a B connection downstream to plug into the device By using different connectors on the upstream and downstream ends cable connection is simplified The B connection will fit a into the B socket of any USB device Similarly any A connector can be plugged into any A socket such as on a computer If it is a new device the operating system auto detects it and asks for the driver disk If the device has already been installed the computer activates it and starts talking to it USB devices can be connected and disconnected at any time www netcomm com au Rev 1 YML686 Page 106 NP5580 W User Guide Metta C Appendix F EM1100 ADSL Microfilter Micro filters are used to prevent common telephone equipment such as phones answering machines and fax machines from interfering with your ADSL service If your ADSL enabled phone line is being used with any other equipment other than your ADSL Modem then you will need to use one Micro filter for each phone device Splitters may be installed when your ADSL line is installed or when your current phone line is upgraded to ADSL If your telephone line is already split you will not need to use a Microfilter check with your ADSL service provider if you are unsure
41. S DES Authentication MD5 MD5 IPSec ISAKMP ISAKMP PFS Off Off IKE Pre share KEY MyTest MyTest www netcomm com au Rev 1 YML686 Page 66 NP5580 W User Guide VW LY Chapter 6 Configuring IPSec on Windows 2000 XP This chapter illustrates the steps of Microsoft Windows 2000 XP computer to establish a secure IPsec tunnel with the NB5580 W You can find detailed information on configuring the Microsoft Windows 2000 server at the Microsoft website Microsoft KB Q252735 How to Configure IPSec Tunneling in Windows 2000 http support microsoft com support kb articles Q252 7 35 asp Microsoft KB Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp 6 1 Environment Windows XP or Windows 2000Server IP Address 140 111 1 2 Note ISP provided IP Address this is only an example Subnet Mask 255 255 255 0 ADSL Integrated Gateway WAN IP Address 140 111 1 1 Note ISP provided IP Address this is only an example Subnet Mask 255 255 255 0 LAN IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 67 AME C 6 2 Steps in Windows 2000 XP 6 2 1 Create IPSec Policy 1 Click Start button select Run and type secpol msc in the open field 2 Right click IP Security Policies on Local Computer and then click Create IP Security Policy 3 Click Next and then type a name for your policy for exa
42. SP s system may need time to restore Check with your ISP to ascertain how much time is required before the router starts to re build the PPPoE session and enter this into the Redial Period field Gateway using PPPOA Choose this setting if 1 H a You want to employ NAT to share Internet access for all of your computers as well as protect them from outside intruders Your ISP uses PPPoA as its connection mode You can find more information in the RFC 2684 standard User Name Enter the user name your ISP provide to you Password Enter the password your ISP provide to you Connect on demand Is a utility to trigger the PPPoA session to connect if in a disconnected state when Internet access is being attempted Select this function and enter the number of minutes you wish to wait after network idle time in the Max Idle Time location Keep Alive This function keeps your PPPoA connection always on even it sites idle However in some situation PPPoA session cannot be built immediately after disconnection because the system on ISP site may need a little time to restore You may need to check your ISP to get the information that how much time it need to wait before the router start to re build the PPPoE session and fill it in the Redial Period www netcomm com au Rev 1 YML686 Page 24 NP5580 W User Guide AME Gateway using Classical IP Choose this setting to meet the following conditions 1 You want to
43. Use Add Wizard check box and then click Add button Wi IP Filter List An IP filter list is composed of multiple filters In this way multiple subnets IP z addresses and protocols can be combined into one IP filter Name XP gt Broadband VPN Router a 4 Inthe Source address area click My IP Address 5 In the Destination address field select A specific IP Subnet and fill in the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 www netcomm com au Rev 1 YML686 NB5580 W User Guide Page 69 AP LEE C 6 If you want to type a description for your filter click the Description tab Filter Properties Addressing Protocol Description Source address My IP Address Destination address A specific IP Subnet IPaddess 192 168 1 Subnetmask 255 255 255 IV Mirored Also match packets with the exact opposite source and destination addresses 7 Click OK button Then click OK for WinXP or Close for Win2000 button on the IP Filter List window Filter List 2 Broadband VPN Router2 WinXP 8 Onthe IP Filter List tab click the Add button 9 Type an appropriate name Broadband VPN Router XP for the filter list click to clear the Use Add Wizard check box and then click Add Wi IP Filter List An IP fitter list is composed of multiple filters In this way multiple subnets IP addresses and protocols can be combined into one IP filte
44. Yellow Rev 1 YML686 NB5580 W User Guide On when a successful 100Mbps connection is made through the corresponding port Blinking when data is flowing through this port On when a successful 10Mbps connection is made through the corresponding port On when a successful 10Mbps connection is made through the corresponding port Blinking when data is flowing through this port www netcomm com au Page 17 VW LY G0 Chapter 3 Internet Access This chapter describes the procedures necessary to configure the basic functions and to start up your NetComm NB5580 W On successful completion of these procedures you will be able to access the Internet via your NetComm NB5580 W Prepare your network information In order to allow a quick reference point when setting up your NetComm NB5580 W it is suggested you complete the table below with the necessary information which should be supplied by your ISP 4 tick indicates common minimal requirements Host Name Domain Name 4 Public IP address allocation g DHCP Obtain IP Address automatically or C Static IP IP Address if static Subnet Mask if static Default Gateway if static DNS Server Primary DNS Server Secondary optional DNS Server Third optional Y WAN type CO PPPoE g LLC Encapsulation Static IP C PPPoA g LLC Encapsulation Dynamic IP C Classical IP J Modem Bridge using LLC Enc
45. You should assess this risk before enabling UPnP Main Menu ltt up EE s Enable Disable Advanced Winks an i P Warning You cannot set duplicate ports that are already enabled in the Port Forwarding page Je DHCP Settings Application Protocol int port IP Address PP Ext Port TCP Je Pon Forwarding ETP 21 gt s c n 192382 C I Telnet 23 go NE 192 168 2 L LEE n ji gt D Ei i e DMZ Host finger 79 9 S 192 168 2 I E POP3 110 c 1 192 168 2 L een NNTP 119 LEE E S 192 168 2 L e Backup amp Restore SNMP 161 v ha 192 168 2 E e Diagnostic Ping Tracert msmsgs esson c c pez ases o F LogOut Imsmsgs 28291 0C se 192 168 2151 Iv s s o NO 192 168 2 Jil z Use UPnP settings for any preprogrammed ports and where internal port is different from external port i e Port Translation Use Port forwarding for ports that are not common and do not need translation Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 49 AME C Adding UPnP to Windows XP Currently the only version of Windows to feature UPnP is Windows XP and it is not installed by default As UPnP becomes more common you should be able to control more and more devices via the UPnP software in Windows To add UPnP capability to your Windows XP computer follow the steps below Note For more information please consult Microsoft s website Hint Look for the red circles denoting where to click 1 Open Control Pa
46. access the tunnel This Tunnel Enable Disable Iunnel tame Tull E P NU Inaral Secure Group Mask 255 255 255 Subse c 1p 1 g JE Remote Secure Group T Mosk P5 ps T s Remote Security IF icd p F F Gatewny m Envrypliun DES 3DES Disably Authentinatian MNS SHA M ni ahin When using the Subnet setting the default value of 0 should remain in the last octet of the IP and Mask fields Rev 1 YML686 NB5580 W User Guide www netcomm com au Page 61 Metta C A IP Address If you select IP Address only the computer with the specific IP Address that you enter will be able to access the tunnel In the example shown below only the computer with IP Address 192 168 1 101 can access the tunnel from this end Only the computer with IP Address 192 168 2 51 can access the tunnel from the remote end IP Range If you select IP Range it will be a sort of combination of Subnet and IP Address You can specify a range of IP Addresses on the Subnet which will have access to the tunnel In the example shown below all computers on this end of the tunnel with IP Addresses between 192 168 1 2 and 192 168 1 200 can access the tunnel from the local end Only computers assigned an IP Address between 192 168 2 2 and 192 168 2 100 can access the tunnel from the remote end Host If you select Host the value should be set the same as the Remote Security Gateway setting Any When this optio
47. accurate at the time of the preparation of this document but are subject to change without notice Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 115 Met C Legal amp Regulatory Information Copyright Information This manual is copyright Apart from any fair dealing for the purposes of private study research criticism or review as permitted under the Copyright Act no part may be reproduced stored in a retrieval system or transmitted in any form by any means be it electronic mechanical recording or otherwise without the prior written permission of NetComm Limited NetComm Limited accepts no liability or responsibility for consequences arising from the use of this product NetComm Limited reserves the right to change the specifications and operating details of this product without notice NetComm is a registered trademark of NetComm Limited All other trademarks are acknowledged the property of their respective owners Customer Information ACA Australian Communications Authority requires you to be aware of the following information and warnings 1 This unit shall be connected to the Telecommunication Network through a line cord which neets the requirements of the ACA TS008 Standard 2 This equipment has been tested and found to comply with the Standards for C Tick and or A Tick as set by the ACA These standards are designed to provide reasonable protection against harmful interference in a residential in
48. adapter that allows the network to identify it at the hardware level For all practical purposes this number is usually permanent Unlike IP addresses which can change every time a computer logs on to the network the MAC address of a device stays the same making it a valuable identifier for the network Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 93 VAA How do I avoid interference Using multiple Access Points on the same channel and in close proximity to one another will generate interference When employing multiple Access Points be sure to operate each one on a different channel frequency But use the same SSID to allow seamless roaming How do I resolve issues with signal loss There is no way to know the exact range of your wireless network without testing Every obstacle placed between an Access Point and wireless PC will create signal loss Leaded glass metal concrete floors water and walls will inhibit the signal and reduce range Start with your Access Point and your wireless PC in the same room and move it away in small increments to determine the maximum range in your environment You may also try using different channels as this may eliminate interference affecting only one channel Additional high gain antennas can help you focus the power of your transmission to improve range in the desired area I have excellent signal strength but I cannot see my network WEP is probably enabled on
49. after making any changes or click the Cancel button to exit the screen without saving any changes Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 29 AUL 4 3 URL Filter This feature allows you to restrict LAN users access to specific web sites To block a site you can enter either a complete URL Internet address or keywords included in the URL fo fe A Control Web Access Check Enable or Disable to make this function active or inactive Control Type Check Allow to allow users on the network to access only specific websites listed In contrast to restrict users on the network to access the websites listed check Deny in this item Web site or Key Words Enter either a complete URL Internet address or keywords included in the URL Exception IP Address Enter the IP Address of LAN PC that will not be restricted by the URL Filter Click the Apply button after making any changes or click the Cancel button to exit the screen without saving any changes www netcomm com au Rev 1 YML686 Page 30 NP5580 W User Guide Metta C 4 4 Time Control This feature allows you to limit connection availability according to a nominated time schedule Disable 7 Control Type Select the control type from the drop down list and make this function active Select Block Outbound to restrict the connection to the Internet from your LAN Select Block Inbound to restrict any external conn
50. ailable and tunnel load VPN Passthrough can be enabled or disabled in the administration page Depending on your VPN service you may need to disable Active Firewall to allow VPN Pass through www netcomm com au Rev 1 YML686 Page 46 NP5580 W User Guide hudan 4 16 Dynamic DNS DDNS DDNS is an acronym for Dynamic Domain Name Service Whenever you set up the web servers mail servers or sometimes ftp servers you need Domain Name to help Internet users reach your servers easily Internet actually runs on IP Addresses which are numerical order for example 66 37 215 53 These IP Address identify the location of each device connected to Internet However the human brain does not easily remember this numbering system so a system that allocate domain name such as www dyndns org provides an easier method If you type 66 37 215 53 or www dyndns org in the web browser s address bar the browser will show the same web page This is because both methods relate to the same web server The Domain Name Servers used to manage the Internet will translate www dyndns org into the IP Address 66 37 215 53 in order to allow your browser to find the web server and display the correct web page in your browser If your WAN Connection Type as shown in One Page Setup section is Obtain IP Address Automatically PPPoE or PPTP with dynamic IP address assigned by ISP it will cause an error when you set up the public computer server
51. andard a high speed version of Ethernet with 100Mbps transmission rate Wireless LAN only applicable for the wireless model NB5580W Wireless Local Area Network systems WLANs transmit and receive data through the air by using radio frequency RF This offers advantages such as mobility ease of installation and scalability over traditional wired systems Mobility WLANs combine data connectivity with user mobility This provides users with access to the network anywhere in their organization For example users can roam from a conference room to their office without being disconnected from the LAN This would be impossible with a wired network Ease of Installation Eliminating the need to deploy network cable in walls and ceiling installing WLANs is easy for both novice and expert users alike Scalability WLAN topologies are easy to change in various ways from peer to peer networks for a small group of users to full infrastructure networks for hundreds of users roaming over a broad area Wireless LANs can be set as Ad hoc network and Infrastructure network Unlike the Ad hoc network where users on the LAN send data directly to each other the Infrastructure network includes an access point and users on the Infrastructure network send data to that dedicated access point NetComm NB5580W uses Infrastructure network where each wireless LAN PC within the range of the access point can communicate with other wireless LAN
52. ange without notice Images shown may vary slightly from the enclosed product Product Code NB5580W Wireless amp NB5580
53. angeable HTTP Port Number SNMP support 4 communities Enable Disable Dynamic Routing RIP 1 amp 2 independently control Tx Rx Static Routing editable DEST MASK GW HOP IF Flash Firmware Upgradeable 4 Port Ethernet Switch on LAN side WAN MAC spoofing change WAN MAC WAN MTU value setting 3 YEAR WARRANTY Extra Features of the NB5580W Wireless version Integrated 54Mbps Wireless Access Point 802 11g b compatible Wireless Encryption WEP 64bit amp 128bit upgradeable to WPA SSID Wireless Beacon Enable Disable Wireless Access Control up to 64 allowed MACs Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 11 Met 1 3 Dol need a Micro filter Micro filters are used to prevent common telephone equipment such as phones answering machines and fax machines from interfering with your ADSL service If your ADSL enabled phone line is being used with any other equipment other than your ADSL Modem then you will need to use one Micro filter for each phone device Splitters may be installed when your ADSL line is installed or when your current phone line is upgraded to ADSL If your telephone line is already split you will not need to use a Microfilter check with your ADSL service provider if you are unsure Each micro filter is connected in line with your telephone or fax machine so that all signals pass through it Telephones and or facsimiles in other rooms that are using the sam
54. apsulation 4 ISP Account Username if PPPoE A v Isp Account Password if PPPoE A www netcomm com au Page 18 Rev 1 YML686 NP5580 W User Guide AME C Web based User Interface The NetComm NB5580 W uses a Web based User Interface for configuration when you have made your changes to a particular page of the configuration you must click APPLY at the bottom of that page to save your changes before you go to configuration another page To Start configuring your NB5580 W Type http 192 168 1 1 into your Web browser Internet Explorer or Netscape address field then press enter The Username and Password Required prompt box will appear Leave the User Name empty and type admin default password for the Password Click OK The setup screen will load 3 about blank Microsoft Internet Explorer laj x File Edt view Favorites Tools Help Back gt Q 3 A Asearch Favorites Bristory Gye S address 192 168 1 1 z 89 Links ee Enter network Password M ixl Please type your user name and password Site 192 168 1 1 Realm Firewall Router User Name Password Save this password in your password lst coe a Note This password should be changed via the Administration page immediately The password can be reset by restoring the factory defaults with the Reset button Rev 1 YML686 www netcomm com au NB5
55. ation from the drop down list No other data needs to be entered Close the window 4 Click Save from the file menu then Quit TCP IP 5 Restart the computer Manual Configuration of Fixed IP Addresses 1 From the Apple menu select Control Panel and click on TCP IP 2 In the TCP IP A New Name For Your Configuration window select Ethernet in the Connect via location from the drop down list 3 In the Setup area Select Manually in the Configure location from the drop down list Inthe IP Address location enter the IP Address that you want to assign to the computer for example 192 168 1 2 Enter 255 255 255 0 in the Subnet Mask location Enter 192 168 1 1 the NetComm NB5580 W s default IP Address in the Router Address location www netcomm com au Rev 1 YML686 Page 100 NP5580 W User Guide Melua C Enter the ISP s IP Address in the Name Server location if your ISP has provided this information This is the DNS address provided by your ISP Close the window 4 Click Save from the file menu then Quit TCP IP 5 Restart the computer NetComm NB5580 W Configuration To configure your NetComm NB5580 W launch your Web Browser and follow the instructions given in Chapter 3 Internet Access section 3 3 To configure advanced settings refer to Chapter 4 Advanced Configuration Adding NetComm NB558
56. ce Pam a Regional Office www netcomm com au Rev 1 YML686 Page 60 NP5580 W User Guide 5 3 VPN IPSec Setup This Tunnel Tunnel Name Local Secure Group Remote Security Gateway Encryption Authentication Remote Secure Group WLU Tunnell z Select Tunnel entry Delete This Tunnel Summary Summary C Enable Disable eee sume sj w o b d jb Mask 255 255 255 0 wi fo bo fo fo Mask 255 fess ss fo mio fo fo fo Subnet IP Addr z DES C 3DES Disable MD5 SHA Disable Key Management Auto IKE gt T PFS Perfect Forward Secrecy Pre shared Key 0x 1 Select the tunnel you wish to create in the Select Tunnel Entry drop down box It is possible to create up to 70 simultaneous tunnels Then select Enable to enable the tunnel Once the tunnel is enabled enter the name of the tunnel in the Tunnel Name field This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel 2 Under Local Secure Group and Remote Secure Group you may choose one of five options Subnet If you select Subnet which is the default this will allow all computers on the local subnet to access the tunnel In the example shown below all Local Secure Group computers with IP Addresses 192 168 1 xxx will be able to access the tunnel All Remote Secure Group computers with IP Addresses 192 168 2 xxx will be able to
57. ck Update to make your first update www netcomm com au Rev 1 YML686 Page 48 NP5580 W User Guide VW LY 4 17 Universal Plug and Play Universal Plug and Play is a system designed to make computers computer equipment and home appliances work together seamlessly Currently the biggest advantage of having UPnP integrated into your router is that this will assist your router in allowing complex Internet applications such as MSN MessengerO work over Network Address Translation NAT without the need to setup Port forwards or DMZ The biggest advantage of this is that the port mapping is dynamic so you do not need to specify the IP address of the computer running MSN Messenger and it should be possible to run the application on two separate machines on the same LAN that share a UPnP gateway To enable UPnP simply follow these steps 1 Open the UPnP window from the left hand menu 2 Select Enable at the top of the window and then click Apply at the bottom The preprogrammed ports on the UPnP page offer the option to perform Port forwarding with Translation this means that it will Translate an external public port to a different internal port and IP address Note You can only forward an external port once therefore UPnP port settings and Portforwarding settings must not overlap or conflict The use of UPnP does reduce the security of your network by automatically allowing applications and potentially trojans to open ports in your router
58. ck whether the NetComm NB5580 W is properly installed including the LAN and WAN connections and all devices power Check the NB5580 W and the computer are on the same network segment If you are not sure initiate the DHCP function Section 4 2 and set your computer to obtain an IP address automatically Appendix B Check the computer is using an IP address in the range of 192 168 1 2 192 168 1 254 and is therefore compatible with the NB5580 W s default IP address of 192 168 1 1 Check also the Subnet Mask is set to 255 255 255 0 E For Windows 95 98 users run Winipcfg exe or Winipcfg from Run on the Start menu If there are no IP addresses click Release AII and then click Renew All to get an IP address For Windows NT 4 0 2000 XP users Open a command prompt and run IpConfig Ensure that your computer and the NetComm NB5580 W are on the same network segment If you are not sure initiate the DHCP function and let the computer get an IP address automatically from the router Ensure that your computer is using an IP Address within the range 192 168 1 2 to 192 168 1 253 and thus compatible with the NetComm NB5580 W s default IP address of 192 168 1 1 www netcomm com au Rev 1 YML686 Page 88 NP5580 W User Guide AME Finally use Ping command in MS DOS mode to verify the network connection Ping 127 0 0 1 to check the TCP IP stack of your computer Ping the Router s IP address Default 192
59. col translates multiple IP Addresses on a private LAN into a single public IP Address that is accessible to the Internet NAT not only provides the basis for multiple IP Address sharing but also provides security since the multiple IP Addresses of LAN computers are never transmitted directly to the Internet How can NetComm NB5580 W share single user account to multiple users The NetComm NB5580 W combines the following technologies to enable this function NAT Network address translation NAT is a technology which can create a private network domain behind a public IP It is usually used as a firewall It can also be used when there are not enough IP Addresses DHCP Dynamic host configuration protocol DHCP is a protocol to assign IP Addresses to internal computers automatically It can save a lot of IP Address configuration This protocol is supported by Windows 95 NT Mac OS and many other popular OS DNS Domain name service DNS is a protocol which translates Domain Names to IP addresses that an Internet host can handle Addressing system using Domain names like www yahoo com is easier to use than its IP address 204 71 177 70 www netcomm com au Rev 1 YML686 Page 90 NP5580 W User Guide Met C What operating systems does NetComm NB5580 W series support The NetComm NB5580 W uses standard TCP IP protocol It can be operated as long as you have TCP IP protocol installed on your operating system For example Windows 9x W
60. com au Rev 1 YML686 Page 28 NP5580 W User Guide Met C 4 2 DHCP Configuration A DHCP Dynamic Host Configuration Protocol Server can automatically assign IP Addresses and other information to each computer in your network Unless you already have a DHCP Service on your LAN it is highly recommended that you set your router to act as a DHCP server DHCP Clients Table Note The DHCP Server can support a maximum pool of 253 IP Addresses Dynamic IP Address Select Enable to set your Router to act as a DHCP server If you already have a DHCP server on your network set the router s DHCP option to Disable Starting IP Address Enter a numerical value from 2 to 254 for the DHCP server to start at when assigning IP Addresses Number of Users Enter the maximum number of computers that you want the DHCP server to assign IP Addresses to with the absolute maximum being 253 Client Lease Time Enter the number of time that DHCP clients The PCs on LAN side can use the IP Addresses assigned by Router s DHCP server Before the time is up DHCP clients have to request to renew the DHCP information DNS The IP Address of the Domain Name Server which is currently used Multiple DNS IP settings are common The first DNS entry will be used in most cases DHCP Clients Table Click the DHCP Clients Table button to show current DHCP client information Such as what IP addresses are already being used etc Click the Apply button
61. ct the number of policy rules you want to configure There are up to 10 rules you can set Note that these rules are sequenced Rule 1 has higher priority than Rule 2 and so forth Control Type Select Enable to limit users computers access to specific applications you set on this rule Select Disable to restrict the users computers access to specific applications you set on this rule Name this Setting For each rule you can enter up to 15 characters to identify it Direction Choose the initial network data traffic direction you wish to block Select LAN if you want to block LAN side users PCs set in the following MAC and Source IP fields to access certain applications on the Internet Select WAN if you want to block WAN side users PCs set in the following MAC and Source IP fields to access certain PCs on your LAN side www netcomm com au Rev 1 YML686 Page 32 NP5580 W User Guide AME MAC This item allows network administrators to use the MAC addresses of PCs to restrict users computers from accessing the specific application you set in this rule A MAC address is short for Media Access Control Address and is a hardware address that uniquely identifies each node on network Enter the MAC addresses of the computers you wish to allow block in each field IPAddress This item allows network administrators to use IP Address of PCs to restrict users computers from accessing the certain applications you set in t
62. dered a means of public access WEP The acronym for Wired Equivalent Privacy It is an encryption mechanism used to protect your wireless data communications WEP uses a combination of 64 bit 128 bit keys to encrypt data that is transmitted between all points in a wireless network to ensure data security It is described in the IEEE 802 11 standard www netcomm com au Rev 1 YML686 Page 114 NP5580 W User Guide Met C Appendix I Registering your NetComm Product To ensure that the conditions of your warranty are complied with please go to the NetComm web site for quick and easy registration of your product at www netcomm com au Alternatively you can complete the following copy of the Warranty Registration Form and mail it to NetComm Limited PO Box 1200 Lane Cove NSW 2066 Contact Information If you have any technical difficulties with your product please do not hesitate to contact NetComm s Customer Support Department Email support netcomm com au Fax 02 9424 2010 Web www netcomm com au Trademarks and Notices NetComm is a trademark of NetComm Limited Windows is a registered trademark of Microsoft Corporation Other brand and product names are trademarks or registered trademarks of their respective holders Information is subject to change without notice All rights reserved Please note that the images used in this document may vary slightly from those of the actual product Specifications are
63. dresses can use the Internet and or use other NetWork services You can use this Access control to help increase the security of your Network by only allowing known or trusted devices employees to access the internet and other services If you place highly restricted servers behind a secondary router on another subnet you can restrict which NICs or IP addresses or both are allowed access to the second subnet URL Filters and Web Filters are another way to help keep your network security tight if you prevent internal computers from running Java script Active X script etc you can help prevent the downloading and subsequent execution of potentially malicious code from being forced onto your computer via web browsing however most modern web pages use some for of this code and this may be come restrictive If you are using Access control measures on your router you should also block the use of Proxies as these may allow an internal user LAN user to circumvent your Access Control Universal Plug and Play UPnP allows Internet Application running on local LAN computers to Automatically configure your router with Port Forwarding configurations that will allow specific port data to be transmitted directly to the LAN computer hosting the application Because UPnP effectively allows a computer to configure openings in your firewall it self it is disabled by default in your router Only enable UPnP if you wish to reduce your security by allowing your UPnP
64. dvise if this IP address should be changed but the default of 255 255 255 0 is recommended Wireless Enable Disable NB5580W only For security you should Disable the Wireless function before connecting the NB5580W to your network you can enable the wireless function when you are happy with your wireless security settings SSID NB5580W only You should change your SSID to be something unique but non descript it can be any name upto 32 characters This SSID must be choosen for the configuration of any Wireless Clients you wish to connect to the NB5580W VC Settings VPI VCI Most typical ADSL services in Australia use VPI 8 and VCI 35 Check with your ISP to confirm what values you need to set for your specific ADSL service ADSL Connection Type Most Typical ADSL services in Australia use Gateway using PPPoE or Gateway Using PPPoA Check with your ISP to confirm which connection type best suits your ADSL service Note When you have specified the above settings don t forget to click the Apply button at the bottom of the page Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 21 Melua Note Other Less Commonly Used Seitings Host Name This entry is required by certain ISPs A Domain Name This entry is required by certain ISPs Time Zone Select the time zone your location belong to from the pop down list This will be used to date stamp you log files Wireless only applicabl
65. e New gateway field then click Add Button Click OK Restart your computer to complete the TCP IP installation TCP IP Properties 792 168 1 1 Remove Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 99 Met Appendix C Macintosh Setup This section provides information on using Macintosh computers in your network The instructions given here are for system software version 8 0 or above which comes with the TCP IP Protocol preloaded and supports DHCP Addressing Hardware Connections Connect your Macintosh computer to your NetComm NB5580 W If you have a newer computer there will be a 10Base T Ethernet port on the back Older computers will need to have an Ethernet card installed Refer to your computer s User Manual for instructions on Ethernet card installation Computer Network Configuration It is assumed that your computer s system software already has TCP IP installed You may manually configure your computer with a fixed IP Address for example 192 168 1 2 or have an IP Address dynamically assigned to it by the NetComm NB5580 W s DHCP server Dynamic IP Addressing using DHCP Server 1 From the Apple menu select Control Panel and click on TCP IP 2 In the TCP IP A New Name For Your Configuration window select Ethernet in the Connect via location from the drop down list 3 In the Setup area Select Using DHCP Server in the Configure loc
66. e other fields reflect the information that you entered on the VPN screen to make the connection If Disconnected appears under Status some problem exists that prevents the creation of the tunnel Double check all the values you entered on the VPN screen to make sure they are correct Check the status page of both the local router and the remote device and ensure the public IP addresses are the same as entered for the remote security gateway If for any reason you experience a temporary disconnection the connection will be re established as long as the settings on both ends of the tunnel stay the same To get more details concerning your tunnel connection click the View Log button The VPN Log screen displays successful connections transmissions and receptions and the types of encryptions used Once you no longer have need of the tunnel simply click the Disconnect button on the bottom of the VPN page www netcomm com au Rev 1 YML686 Page 64 NP5580 W User Guide Met 5 4 Example1 Tunnel between Two VPN Routers Li LAN a WAN g 192 168 1 100 VPN Router 1 LAN IP 92 168 1 1 WAN IP 210 241 239 77 Default Gateway 210 241 239 73 Tunnel 1 This Tunnel Enable Local Secure Group Subnet 192 168 1 0 255 255 255 0 Remote Secure Group Subnet 192 168 2 0 255 255 255 0 Remote Security Gateway 211 21 189 53 Encryption DES Authentication MD5 IPSec ISAKMP PFS off IKE Pre share KEY MyTest WAN LAN m
67. e allowed to create this key Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 63 Met C O38 7654321 The Inbound SPI and Outbound SPI fields are different however The Inbound SPI value set here must match the Outbound SPI value at the other end of the tunnel The Outbound SPI here must match the Inbound SPI value at the other end of the tunnel In the example see above the Inbound SPI and Outbound SPI values shown would be opposite on the other end of the tunnel Only numeric characters can be used in these fields Once you are satisfied with all your settings click the Apply button If you make any mistakes clicking the Cancel button will exit the screen without saving any changes provided that you have not already clicked the Apply button After the VPN device is set up at the other end of the tunnel you may click the Connect button to use the tunnel This assumes that both ends of the tunnel have a physical connection to each other e g over the Internet physical wiring etc After clicking the Connect button click the Summary button If the connection is made the screen shown below will appear Si summo y Microsoft Internet Explorer VPN Settings Summary Na TunnelName Stahus lacob 1 c 192 159 2 0 192 100 1 0 1 BranchTunneld Connected 42 292 275 0 222 292 229 0 140 111 1 1 DES MDS ISAKMP zl Under Status the word Connected should appear if the connection is successful Th
68. e extension will also require Microfilters The following diagram gives an example of connecting your ADSL Modem Router using a Microfilter Cord Wall Socket Old Style Adaptor with Telephone Line Microfilter required if additional devices are connected l l l l l l l l NB5580 l ADSL Integrated l l l l l l l l l to an extension Gateway Telephone Computer 1 Computer 2 A suitable Microfilter can be purchased from NetComm or your Service Provider if required If installing a POTS Splitter refer to Appendix F EM1180 ADSL POTS Splitter Installation Guide for more information www netcomm com au Rev 1 YML686 Page 12 NP5580 W User Guide AME C Chapter 2 Hardware Installation amp Setup This chapter provides information about your NetComm NB5580 W s physical features and gives step by step installation instructions 2 1 Connecting your NB5580 to your LAN Note It is recommended that you connect your NB5580 to only one computer to configure it BEFORE connecting it to the rest of your network This will allow you to enable disable the DHCP server and change other settings that may conflict with exisiting Network devices HABEO e Telephone Line ty Ethernet Cable Power Adaptor t Cable into ADSL HTN into any LAN into POWER Port and then Port and then portand then nu if N d int
69. e for the NB5580W Check Disable Mixed or G only to make the wireless LAN function active or select to support 11b 11g mixed mode or 11g only E SSID As the acronym for Service Set Identifier SSID is the unique name shared among all clients and Wireless Broadband Router in a same wireless network The SSID must be identical for all points and must not exceed 32 characters Because the NB5580W is the central point in your Infrastructure mode Wireless Network it is where you decide what will be the network name SSID that your Wireless Client adapters must look for or lock onto When your Wireless Client devices are in Infrastructure mode and come into range of your NB5580W they will look for a matching SSID and change their channel to match the NB5580W if WEP encryption is turned on they will also use their WEP keys to transfer data to and from the NB5580W For security it is advised that your SSID be unique but non descript of your Company or location i e Do not use your Company name or Address as your SSID Your SSID should be changed from defaults to provide additional security and to prevent conflicts with neighboring WLANs SSID Broadcast Beacon The NB5580W s built in Access point broadcasts it s presence to Wireless Client Adapters automatically this feature can be disabled to assist in hiding your WLAN from the casual browser however disabling your SSID broadcast does not make your WLAN more secure NetComm recommend lea
70. eature is similar to the DMZ host feature except it allows individual ports on the public Internet IP address to be forwarded to a private IP address This is most commonly used to allow Internet users to access a Web service on port 80 etc To secure your NB5580 W you should not have port forwards that are not being used Any port forwards that have been configured should only specify the IP address of secure computers Dynamic Routing RIP RIP is disabled by default you should only enable RIP if you want your NB5580 W to accept routing information from other LAN routers or if you want it to share it s routing information with other router s As always the less information a Hacker can find out about your system the less chance the hacker has of finding an exploit for your system Ensure RIP is disabled if you do not need to use it www netcomm com au Rev 1 YML686 Page 84 NP5580 W User Guide hudai Special Application Port Triggering The Special Application settings of your router allows specific ports to be opened by triggering This means that if you specify ports on the Special Applications menu these ports will be monitored and allowed to pass more easily through the Firewall NAT engine should a special Internet application require more direct access While Programs like Peer to Peer P2P file sharing programs On line games etc can use these triggered ports you must be aware that these programs could subseq
71. ections from Internet to your LAN servers that were set as Port Forwards virtual servers or as DMZ host Select Block Both to restrict both incoming and outgoing connections Select Disable to turn off this function E Define Schedule Set a period of time with beginning and ending from the drop down list Click the Apply button after making any changes or click the Cancel button to exit the screen without saving any changes Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 31 Met 4 5 Access Control The Access Control feature allows administrators to block certain users from accessing the Internet or specific applications Network administrators can restrict access of up to five groups of specified network users computers You can identify users computers either by IP Address or by MAC Address To effectively block by IP Address the computers you wish to block must only be able to operate on a fixed IP address and you must know the IP Address of each computer Disable v o ii a lt E g o s Alternatively you can identify the computers you wish to block by MAC Address This is more effective because a MAC Address is physically locked to a computer and not easily changed however blocking by MAC address is more laboursome as each filter must be individually set and filtering by MAC address ranges can not be done because MAC addresses are rarely consecutive Choose Setting Sele
72. el Mode Gateway IP1 IPSec Payload The tunnel mode IPSec implementation encapsulates the entire IP packet The entire packet becomes the payload of the packet that is processed with IPSec A new IP header is created that contains the two IPSec gateway addresses The gateways perform the encapsulation decapsulation on behalf of the hosts Tunnel mode ESP prevents an attacker from analyzing the data and deciphering it as well as knowing who the packet is from and where it is going Key Management Gateway Oo eee ee ere re LANA i IP2 IPSec IP1 Payload IPSec uses the Internet Key Exchange IKE protocol to facilitate and automate the SA setup and the exchange of keys between parties transferring data IPSec requires that keys be re created or refreshed frequently so that the parties can communicate securely with each other IKE manages the process of refreshing keys however a user can control the key strength and the refresh frequency Refreshing keys on a regular basis ensures data confidentiality between sender and receiver Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 59 Metta C 5 2 VPN Application Types VPNs address the following applications Provide telecommuting workers with access to central office resources Interconnect branch offices to enable corporate intranets E Connect business partners over the Internet with significant cost savings Remote Offi
73. er EOR RE REGERE ERES TREE ERE ER Twisted pair cables reiten tnter tir eer nee perii re Ede en SNTE Straight and crossover cable configuration sessssseeneenn RJT1 eonnector and CAC is ares eet rrt Dro t et eren efecto ei eet 605 to RJ 11 adapter n te eren ena t ret XE ener pee USB CADIE terein nia Appendix F EM1100 ADSL Microflller 5 orn Pe tree rece ina Appendix G EM1180 ADSL POTS Splitter Installation Guide sess 108 FOALUNCS qm 108 Location ror nstallatiOniz i coi e cort Ep a on Po ER D e pO REX ER ED ORAE DR ERE ERE 108 Wiring Instr ctiOtiS crx ceo tort reti ex EO ror Feo ko recess se po reU ote iE nO RETE R 109 Wall Mounting Instr ctoris earn tnn tor ri eet tun rtt reni eant tento nnns 110 Appendix He GloSSary i t eri trt dede nied coi bee iene 111 Appendix I Registering your NetComm Product eese nene 115 Contact Information ec et cct E nen rere e E Eee tel ides 115 Product Warranty Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 3 YW LY wg Quick Start Section The following Quick Start pages are intended to be used by an advanced user to quickly configure the NetComm NB5580 W It assumes that you are familiar with Networking and that you already have an ADSL enabled phone line If you need further
74. essible only by that organization s members employees or others with authorization Infrastructure Network Unlike an ad hoc network where users on a wireless LAN send data to each other directly users on an infrastructure network send data through a dedicated access point Additionally the access point enables users on a wireless LAN to access an existing wired network to take advantage of sharing the wired network s resources such as files printers and Internet access IP Address An identifier for a computer or device on a TCP IP network Networks using the TCP IP Protocol route messages based on the IP Address of the destination The format of an IP address is a 32 bit numeric address written as four numbers separated by periods Each number can be from zero to 255 IPSec Internet Protocol Security is a security standard for network transmission which is often used for VPN connections It provides authentication and packet encryption over the Internet ISP Short for Internet Service Provider a company that provides access to the Internet for a fee Rev 1 YML686 NP5580 W User Guide Local Area Network LAN A computer network that spans a relatively small area Most LANs are confined to a single building or group of buildings However one LAN can be connected to other LANs over any distance A system of LANs connected in this way is called a wide area network WAN MAC Address Short fo
75. g SYN Slug IP Smurfing Temporarily disable this option if you have a particularly sensitive Internet application that does not function through the router EE E EE E Web Filter This feature provides the ability to filter potential risks contained in web pages accessed by LAN users Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 27 Metta C Web proxy is a server your device will connect to when you access any web site Setting a web proxy can save accessing time but may create a security issue by bypassing any URL filters or IP blocking you have configured For example if you configure the NB5580 W to block the access of 216 115 102 76 that is the IP address of www yahoo com it will fail to block successfully if your browser is using a proxy because the router only sees the connection to the proxy and then the proxy connects to yahoo If you block the use of proxies then all connections must be made directly through the router Java amp Active X are programming languages for web pages However some Trojan programs are also written in these programming languages If you deny either of these you may not be able to access some parts of web sites A cookie is data stored on your computer which a web server can retrieve to identify your machine It is a piece of text with an ID number Cookies can be blocked by the router if the Deny option is selected Click Apply after making any changes www netcomm
76. his rule Enter the range of IP addresses if you want them to be included in a controlled group with the same access limitation Note If you set both MAC and Source IP in one rule the PCs which have the MAC addresses matching in MAC field and their IP addresses matching in the Source IP field will be allowed blocked for certain applications Protocol Select the protocol type as TCP or UDP from the drop down list If you are not sure which one to choose select Both Port Number Enter the range of port numbers that are used by the applications you wish to be blocked For example port 80 usually is used as destination port number when you access a web page Note that if you don t enter any value in the MAC and Source IP column but enter the port number for example 80 in Destination Port it means all the users PCs will be allowed denied access to certain applications related to this port for example web browsing Summary Click this button to display a summary page showing all the current rules you have set Click the Apply button after making any changes or click the Cancel button to exit the screen without saving any changes Note To allow or deny access by URL refer to the section on URL Filter Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 33 Met 4 6 Port Forwarding UPnP Settings The Port Forwarding Setting application allows you to
77. ible100Mbps to each and every ethernet connected computer With a web based UI User Interface this NetComm NB5580 W is easy to setup and maintain via web browsers such as Netscape Communicator and Internet Explorer www netcomm com au Rev 1 YML686 Page 8 NP5580 W User Guide AME About this Guide This guide contains information about installing and configuring your NetComm NB5580 W It is designed to guide users through the correct setup procedures for both hardware installation and basic configuration Later it shows how to complete advanced configuration to get the best operating performance from the NetComm NB5580 W Chapter 1 Get to know your NetComm NB5580 W This chapter describes the package contents and provides a list of features of the NetComm NB5580 W Chapter 2 Hardware Installation amp Setup This chapter describes the steps for hardware installation of the NetComm NB5580 W Please note that there are separate instructions for both the NB5580 and the NB5580W Chapter 3 Internet Access This chapter describes the steps for basic configuration and start up of the NetComm NB5580 W Chapter 4 Advanced Applications This chapter describes how to configure advanced functions in order to get the most from your NetComm NB5580 W Chapter 5 Configuring IPSec VPN This chapter describes IPSec VPNs and explains how to configure your Router Chapter 6 Configuring IPSec on Windows 2000 XP This chapter describe
78. ic rate upstream ADSL technology satisfies the bandwidth requirements of applications which demand asymmetric traffic such as web surfing file downloads and telecommuting Bandwidth The amount of data that can be transmitted in a fixed amount of time Browser A software application used to locate and display Web pages Examples include Netscape Navigator and Microsoft Internet Explorer Rev 1 YML686 NB5580 W User Guide Meta C BSS BSS is the acronym of Basic Service Set that consists of a wireless access point and a group of wireless client computers Communications Protocols Communication between devices requires they agree on the format in which the data is to be transmitted sent and received The communications protocols are a set of rules that define the data format Cookie Cookie is data stored on your computer which a web server can retrieve to identify your machine It is a piece of text with an ID number DHCP DHCP short for Dynamic Host Configuration Protocol is a protocol for assigning dynamic IP Addresses to devices on a network Dynamic Addressing means that a device can have a different IP Address each time it connects to the network Domain Name A name that identifies one or more IP Addresses For example the domain name microsoft com represents about a dozen IP Addresses Domain names are used in URLs to identify particular Web pages For example in the URL http
79. ice port numbers in the Ports fields You can specify the protocol type as TCP or UDP from the drop down list If you are not sure which one to select choose Both A selection of commonly used port numbers is provided on the right of this screen Redirect IP Address Enter the appropriate IP Addresses of the service computers in the Redirect IP Address locations www netcomm com au Rev 1 YML686 Page 34 NP5580 W User Guide Metta C Example If the service port number 80 80 representing an HTTP web address is entered in Ports and 192 168 1 100 is entered in Redirect IP Address then all HTTP requests from external Internet users will be directed to port 80 of the computer server with the 192 168 1 100 fixed IP Address Note You can only forward an external port once therefore UPnP port settings and Portforwarding settings must not overlap or conflict a Use UPnP seitings for any preprogrammed ports and where internal port is different from external port i e Port Translation a Use Port forwarding for ports that are not common and do not need translation The following table lists the protocols and port ranges that are used by some common applications Note Port 8080 on the Public IP address is typically used for Remote Management and must be change in the Admin Page if you wish to use this port for another service Application Protocol Port Range E Donkey TCP 4661 4662 4663 UDP 46
80. ide Met C 7 From the Tunnel Setting tab click The tunnel endpoint is specified by this IP Address box and then type the WAN IP Address 140 111 1 1 Note Use your ISP provided IP Address this is only an example of ADSL Integrated Gateway Edit Rule Properties IP Fiter List Authentication Methods Tunnel Setting Connection Type The tunnel endpoint is the tunneling computer closest to the IP traffic destination as specified by the associated IP filter list It takes two rules to describe an IPSec tunnel C This rule does not specify an IPSec tunnel The tunnel endpoint is specified by this IP address 140 111 1 1 8 From the Connection Type tab select All network connections and then click the OK or Close button to finish this rule Edit Rule Properties Filter Action IP Filter List Connection Type Authentication Methods Tunnel Setting ag This rule only applies to network traffic over connections of the selected type Al network connections Local area network LAN C Remote access Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 75 Metta C Tunnel 2 VPN Router WinXP 9 Inthe to VPNRouter Properties deselect the Use Add Wizard check box and then click the Add button to create the second IP Filter to_VPN Router Properties Rules General ais Security rules for communicating with other computers IP Security rules IP
81. indows NT Windows 2000 Windows XP etc Can I use multiple E mail accounts if I use NetComm NB5580 W Yes you can Some people think having one Internet account means that they can have only one E mail account However E mail is set by mailbox accounts and different to the account you use to connect to your ISP If you want more E mail accounts you can contact your ISP or you can browse the Internet to apply for free E mail account Can Internet users access LAN computers The NetComm NB5580 W uses NAT to route all in out band packets All external users can only see the IP of the NetComm NB5580 W but cannot access LAN computers The LAN computers are well protected with the NetComm NB5580 W s natural firewall NAT You can allow Internet users access to specific computers by using the Port Forwarding DMZ Host and Special Application options When should I use DMZ host Enable DMZ host when you want to have unrestricted communication between your computer and the Internet for example playing Internet game i e Ages of Empire or having multimedia conference i e NetMeeting Does the NetComm NB5580 W support PPTP of VPN packets pass through Yes The NetComm NB5580 W supports PPTP pass through Does the NetComm NB5580 W series support IPsec Yes The NetComm NB5580 W supports IPsec pass through Wireless Questions Can I run an application from a remote computer over the wireless network This will depend on whether or not
82. int to Point Tunnelling Protocol PPTP encapsulates the packet for transmission over the Internet It creates a private tunnel through the large public network to have similar security of private network without actually leasing a private line PPTP is normally used for VPN connections Protocol An agreed format for transmitting sending and receiving data between two devices Roaming The ability for a wireless device to move from one access point s range to another without losing the connection Router An Internet device that routes requests for information to other routers until the information s location is found and the data can be transmitted back to the origin of the request www netcomm com au Page 113 er VAA TCP IP Short for Transmission Control Protocol and Internet Protocol the suite of communications protocols that enable hosts on the Internet to connect and exchange streams of data VPN The acronym for Virtual Private Network Via access control and encryption VPNs bring security to the data transmission through the Internet as it is transmitted through a private network It not only takes advantage of economies of scale but also provides a high level of security while the packet is sent over a large public network Wide Area Network WAN A system of LANs being connected by telephone lines and radio waves Although some WANs may be privately owned they are usually consi
83. ion Setlp errem ete ette eee 20 Chapter 4 Advanced Applications 3 te etico c t e E Ca e e dae de 27 4 1 giri e 27 4 2 DHCP Gonfig ratioti iier Ine nete reir nere 29 4 3 EIS EPIIT TUNE MOL UI MIEL DC LEE 30 4 4 Time Controlo a iad ra e a a aad eN 31 4 5 Access Control pte ertet enr aia neci dne t 32 4 6 Port Forwarding UPnP Settings 94 4 7 Special Application Port Triggering 96 4 8 Dynamic Routing aol 4 9 Static ROUINO e ecco oerte tates enis cen ea tM ARA das peeve A Let eA 37 4 10 Wireless only applicable for the NB5580W ssssseeeeen 39 4 11 Administration Settings NB5580Q AW esee neret eek tp doe 41 4 12 Status MOhitOr ntc eene t aede iie bae et ces 43 4 13 DMZHost 1 44 4 14 Log 1 45 4 15 VPN Passthrough 1 46 4 16 Dynamic DNS DDNS 4 17 Universal Plug and Play wn AQ 4 18 Back Up and Restore neret tereti tnter erii 53 4 19 Upgrade Firmwares cce eia teri pec dd tee eode et t ele 55 4 20 Diagnostics PIng amp Tracer ora eterne erae Ert tr Feri rcr ree dea 56 www netcomm com au Rev 1 YML686 Page 2 NP5580 W User Guide Meitu C Chapter 5 Configuring IPSec VPN Tunnels ssssssssssssesseeeeeetneee rennen nns 58 5 1 VPN APSecIBIFOGOUCHOFR 5 rete riri ree tee ER EE E Ee RS 58 5 2 VPN Application Types
84. ire an IP address from the ISP s DHCP Server Note The DHCP Release and DHCP Renew button only show up when you select Get IP Address Automatically in the OnePage Setup E LAN Local This section displays the current Private IP Address and Subnet Mask of the router as seen by users of your internal network E DHCP Clients Table If the router is setup to act as a DHCP server the LAN side IP Address distribution table will appear when this button is selected T DHCP Active IP Table Microsoft Internet Explorer Retesh DHCP Active IP Table Retest DHCP Server IP Address 192 168 2 1 Client Hostname 1P Address MAC Address DELLW5SLaptop 1921682101 00 10 60 59 C6 24 n Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 43 Metta C 4 13 DMZ Host The DMZ Host application allows unrestricted 2 way communication between a single LAN PC and other Internet users or servers This application is useful for supporting special purpose services such as video conferencing and gaming that require proprietary client software and or 2 way user communication To use this application you must first obtain a fixed Public IP Address from your ISP Note that in order to provide unrestricted access the Firewall provided by the Broadband Security Router to protect this port is disabled thus creating a potentially serious security risk It is recommended that this application is disabled when it is not
85. is responsible for the security of their computer and network at all times Security features may be disabled within the factory default settings NetComm recommends that you enable these features to enhance your security The warranty is automatically voided if 1 You or someone else use the product or attempts to use it other than as specified by NetComm 2 The fault or defect in your product is the result of a voltage surge subjected to the product either by the way of power supply or communication line whether caused by thunderstorm activity or any other cause s 3 The fault is the result of accidental damage or damage in transit including but Rev 1 YML686 NB5580 W User Guide Meta C not limited to liquid spillage 4 Your product has been used for any purposes other than that for which it is Sold or in any way other than in strict accordance with the user manual supplied 5 Your product has been repaired or modified or attempted to be repaired or modified other than by a qualified person at a service centre authorised by NetComm and 6 The serial number has been defaced or altered in any way or if the serial number plate has been removed Limitations of Warranty The Trade Practices Act 1974 and corresponding State and Territory Fair Trading Acts or legalisation of another Government the relevant acts in certain circumstances imply mandatory conditions and warranties which cannot be exc
86. isk 2383 2 MB Networking Services To add or remove a component click the check box A shaded box means that only part of the component will be installed To see what s included in a component click Details Subcomponents of Networking Services Iz a Internet Gateway Device Discovery and Control Client 0 0 MB I nie Listener 0 0 MB l Universal Plug and Play Description sete your computer to discover and control Universal Plug and Play levices Total disk space required 54 7 MB Space available on disk 2381 5 MB Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 51 Metal C 5 Wait for Windows to copy files and make changes Windows Components Wizard Configuring Components Setup is making the configuration changes you requested m Please wait while Setup configures the components This may take 4 several minutes depending on the components selected Status Completing configuration of Indexing Service EEEE 6 Click Finish to close the Wizard Windows Components Wizard Completing the Windows Components Wizard You have successfully completed the Windows Components Wizard To close this wizard click Finish www netcomm com au Rev 1 YML686 Page 52 NP5580 W User Guide 42 4 18 Back Up and Restore The NB5580 W has the ability to store the current configuration to a file This information can then be restored to the router at a later date
87. it s correct and complete Serial No Model Product Type y Make sure Pccara external you fill this Internal Other section in intend to use this product at Home School College University L Business Government Office Dealer s Name Dealer s Address sese FAXNO How did you find out about our products Product Warranty The warranty is granted on the following conditions 1 This warranty extends to the original purchaser you and is not transferable 2 This warranty shall not apply to software programs batteries power supplies cables or other accessories supplied in or with the product 3 The customer complies with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of NetComm including producing such evidence of purchase as NetComm may require 4 The cost of transporting product to and from NetComm s nominated premises is your responsibility and 5 NetComm does not have any liability or responsibility under this warranty where any cost loss injury or damage of any kind whether direct indirect consequential incidental or otherwise arises out of events beyond NetComm s reasonable control This includes but is not limited to acts of God war riot embargoes acts of civil or military authorities fire floods electricity outages lightning power surges or shortages of materials or labour 6 The customer
88. lick the Cancel button to exit the screen without saving any changes Warning The Computers with the IP addresses specified will be directly exposed and are NOT protected by the Firewall you should take extra care to secure these computers against internet attack 4 14 Log The Log application allows the administrator to trace Internet access You can send the record to specific LAN computers for remote monitoring but can also watch the incoming WAN to LAN and outgoing LAN to WAN traffic in the Log Settings page When Logis Full Conca Access Log Set to Enable if you want to activate this function E Send Log To Enter the IP address of the computer that you want to send the Log information to This computer must run a suitable syslog application a copy of such an application can be downloaded from the NetComm website E Incoming Access log Click this button to go to the incoming WAN to LAN traffic log table This Table records information on the last fifty incoming packets including source IP address destination IP address and port number Outgoing Access log Click this button to go to the outgoing LAN to WAN traffic log table This Table records information on the last fifty outgoing packets including source IP addresses destination IP addresses and port numbers Denial of Service Thresholds The threshold is used to determine the attempt of establishing connection is DoS attack or not
89. ll also issue you with a password Enter the detail in the Password field Host Name DynDNS org will provide you with a Host Name Enter this name in the Host Name field Your IP Address This will display the IP Address currently assigned by your ISP Status This display the current status of the DDNS function E Click the Apply button after making any changes or click the Cancel button to exit the screen without saving any changes This function is a handy compliment to the following features of the router E VPN you can direct another VPN device to reference your Router by specifying the Fully Qualified Domain Name FQDN that is specified in the DDNS setup Port forwarding if you wish to host a web server on your LAN the public can access it via a domain name URL E g http router mine nu default htm rather than typing in the real public IP address in the URL E g http 203 147 250 73 default htm DMZ Similarly to above if you are using the DMZ host function to allow external access to a game server web server etc you can provide a domain name E g UT2003 mine nu for your friends to enter into the game To setup DDNS follow these steps 1 Goto www dyndns org and register an account and a Dynamic domain name 2 Loginto your router and select DDNS from the menu 3 Enter your DDNS Username Password and Domain name as chosen during your registration Click Apply 4 You will need to cli
90. luded This warranty is in addition to and not in replacement for such conditions and warranties To the extent permitted by the Relevant Acts in relation to your product and any other materials provided with the product the Goods the liability of NetComm under the Relevant Acts is limited at the option of NetComm to Replacement of the Goods or Repair of the Goods or Payment of the cost of replacing the Goods or Payment of the cost of having the Goods repaired All NetComm ACN 002 490 486 products have a standard 12 months warranty from date of purchase However some products have an extended warranty option refer to packaging To be eligible for the extended warranty you must supply the requested warranty information to NetComm within 30 days of the original purchase by registering on line via the NetComm web site at www netcomm com au NetComm reserves the right to request proof of purchase upon any warranty claim www netcomm com au Page 119 AUSTRALIA CONNECTS WITH nmn p dE d 1 year warranty out of the box Extra 2 years FREE with online WL registration at www netcomm com au Conditional upon registration online P ud NetComm Limited ABN 85 002 490 486 PO Box 1200 Lane Cove NSW 2066 Australia PHONE 02 9424 2070 FAX 02 9424 2010 EMAIL sales netcomm com au Trademarks and registered trademarks are the property of NetComm Limited or their respective owners Specifications are subject to ch
91. ment or near a swimming pool To reduce the risk of electric shock do not disassemble this product If service or repair work is required contact a qualified serviceman Opening or removing covers may expose you to dangerous voltages or other risks Incorrect re assembly can cause electric shock when the appliance is subsequently used Refer servicing to qualified service personnel under the following conditions WP If liquid has been spilled into the product E If the product does not operate correctly i e If the telephone or ADSL service is disrupted by the installation of the filter E Ifthe product has been dropped or the housing has been damaged E Ifthe product exhibits a distinct change in performance www netcomm com au Rev 1 YML686 Page 108 NP5580 W User Guide Met C Wiring Instructions Before you decide where to wall mount the filter check that all the cables can reach to their appropriate connections The ADSL splitter filter may be either hard wired or simply plugged in If either the line modem or the phone connection is to be hard wired then 1 2 3 W o9 LOO t Lift the Wall Mount plate located on the back of the box with a flat screwdriver Remove the two screws Prepare the necessary cables by first stripping the outer cable for 25mm Do not remove any insulation from the conductors to be terminated in the IDC Insert the conductors 2 per connector to the relevant location on the IDC
92. mple to VPNRouter R Local Security Settings Alti Fie Action view Hep e XR DEIA GA Account Poles Qi Local Poles E Pubk Key Poles Lj Software Restrcton Poboes amp B P Security Poles on Local Computer Descrpton Communicate normally uns s For all IP traffic always neq Ei server Request Secu For all traffic ahvays rea Peto WPN Router 4 Deselect the Activate the default response rule check box and then click Next button 5 Click the Finish button making sure the Edit check box is checked 6 2 2 Build 2 Filter Lists WinXP gt VPN Router and VPN Router2WinXP Filter List 11 WinXP VPN Router 1 Intheto VPNRouter Properties deselect the Use Add Wizard check box and then click Add button to create a new rule to VPN Router Properties Rules General sn Security rules for communicating with other computers www netcomm com au Rev 1 YML686 Page 68 NP5580 W User Guide ABE 2 From the IP Filter List tab click the Add button New Rule Properties DR Authentication Methods Tunnel Setting Connection Type IP Fiter List Fiter Action The selected IP filter list specifies which network traffic will be affected by this rule Matches all ICMP packets betw ORTA Matches all IP packets from this O Al IP Traffic 3 Type an appropriate name XP Broadband VPN Router for the filter list deselect the
93. n is selected this Gateway accepts requests from any IP address such as remote users mobile users or telecommutors using dynamic IP 3 Under Remote Security Gateway enter the Public IP Address of the VPN device at the other end of the tunnel The remote VPN device can be another VPN Router a VPN Server or a host with VPN software In the example shown above the IP Address of the Remote Security Gateway is 140 111 1 2 This IP Address may either be static or dynamic depending on the settings of the remote VPN device When connecting between two routers the remote security gateway will be the public WAN IP address of the remote router as given on the status page or by the remote ISP www netcomm com au Rev 1 YML686 Page 62 NP5580 W User Guide Met C 4 Using Encryption also helps make your connection more secure There are two different types of encryption DES or 3DES You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable In our example shown below DES which is the default has been selected T el om 5 Authentication acts as another level of security There are two types of authentication MD5 and SHA As with encryption either of these may be selected provided that the VPN device at the other end of the tunnel is using the same type of authentication Or both ends of
94. nd 254 used by the NetComm NB5580 to identify each computer and the default Subnet Mask 255 255 255 0 Rio ux Bindings Advanced NetplosS DNS Configuration Gateway WINS Configuration 1P Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below C Obtain an IP address automatically Specify an IP address IPAddes 192 168 1 2 SubnetMask 255 255 255 O IV Detect connection to network media oe ce Note No two computers on the same LAN can have the same IP address but they should have the same Subnet Mask 2 Select Enable DNS in the DNS Configuration tab and enter the DNS IP Address obtained from your ISP in the Server Search Order location Click OK TCP IP Properties 2 Bindings Advanced NeBlOS DNS Configuration Gateway WINS Configuration IP Address C Disable DNS Enable DNS Host Domain DNS Server Search Order LL as Domain Suffix Search Order LO o dd Remove F www netcomm com au Rev 1 YML686 Page 98 NP5580 W User Guide Z2wEG 3 Click Gateway tab and enter the NetComm NB5580 W s default gateway value 192 168 1 1 in th
95. nel and select Add or Remove Programs 2 Choose the Add Remove Windows Components icon on the left hand side M HP Openview OmniBack 11 4 1 Internet Explorer Q613469 NB isscript Office XP Professional with FrontPage NetComm NB1300 USB Network Adapter 9 NetComm NP6800 Wireless LAN Access Point Utilty BD Outlook Express Update 0330994 jB Realtek AC97 Audio WatchGuard Firebox System 6 2 amp Winbond HwDoctor 8 Windows XP Hotfix SP2 See Q329048 for more information BD Windows x Hotfix P2 See Q329115 for more information 3B Windows XP Hotfix SP2 See Q329390 for more information i Windows x Hotfix SP2 See Q329834 for more information 4 windows x Hotfix SP2 Q322011 Pru www netcomm com au Rev 1 YML686 Page 50 NP5580 W User Guide Met 3 When the Windows Components wizard open scroll down to find and select Networking services Then click Details Windows Components Wizard Windows Components You can add or remove components of Windows XP To add or remove a component click the checkbox A shaded box means that only par Se HCE NM SE DEC To see what s included in a component click et Sf Message Queuing 00MB A BSR MSN Eu am m c cc mc mcm ee 1 NB e RE 23 Other Network File and Print Services 0 0 MB A Nutlank F nress nome Y Description Contains a variety of specialized network related services apd pretocals Total disk space required 54 7 MB Space available on d
96. netcomm com au Page 102 IPSec enable disable PPTPenable disable Concurrent sessions up to 50 dependent on data Prevent Dos attack Ping of Death LAND IP spoofing SYN flood IPSmurfing Stateful packet inspection check inbound against outbound NATdeny external Intruder ACLFilter IP MAC URLkeyword Block all Proxy Active X Java script cookies time of day week Rev 1 YML686 NP5580 W User Guide Metta C Power External 12VDC 1 0 Amps Operating Temp 0 45 C Certifications A Tick N367 System Requirements Operating system independent ideal for Windows Macintosh Linux amp TCP IPsystems Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 103 hudoni Appendix E Cable Connections This cable information is provided for your reference only Please ensure you only connect the appropriate cable into the correct socket on either this product or your computer If you are unsure about which cable to use or which socket to connect it to please refer to the hardware installation section in this manual If you are still not sure about cable connections please contact a professional computer technician or NetComm for further advice RJ 45 Network ports All of the ethernet ports on the NP5580 W are 10 100 Mbps capable auto sensing Ethernet ports Each port supports only unshielded twisted pair UTP cable using an 8 pin RJ 45 plug The Auto uplink feature senses the connection of uplink MDI
97. nnections and then click the OK for WinXP or Close for Win2000 button to finish x IP Fiter List Filter Action Authentication Methods Tunnel Setting Connection Type Edit Rule Properties This rule only applies to network traffic over connections of the selected type Al network connections Local area network LAN C Remote access 16 From the Rules tab click the OK button to back to the secpol screen Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 79 Q VL 6 2 4 Assign New IPsec Policy 1 In the IP Security Policies on Local Computer MMC snap in right click policy named to VPNRouter and then click Assign A green arrow appears in the folder icon amp Local Security Settings File Action View Help e AxER or 34 yp Security Settings Name Description Policy Assigned G Account Policies Client Respond Only Communicate normally uns No E gil Local Policies amp Secure Server Requir For all IP traffic always req No H a Public Key Policies amp Server Request Secu For all IP traffic always reg No _ Software Restriction Policies e to_VPN Router No 4 IP Security Policies on Local Computer 6 3 Steps in ADSL Integrated Gateway 6 3 1 OnePage Setup Screen 1 Open your web browser and enter 192 168 1 1 in the Address field and press the Enter key Main Menu OnePage Setup Advanced 2 When the User Name and Password field a
98. not functional or on the same IP address Computers and routers can be configured to NOT respond to pings and yet they can still transfer TCP IP data Most Windows default installations will respond to a Ping p 1 For testing WAN internet connectivity it is handy to perform a DOS ping to a website from a computer that has confirmed internet access via another router or modem to obtain a IP number for your router test see the screen shot below p time in milli ax imur 3ims A www netcomm com au Rev 1 YML686 Page 56 NP5580 W User Guide Metta C Ping example 1 Testing Router connectivity to a local computer T 2 OS oe VER UD Leave the source IP to be the LAN IP address of the router Enter the last number set of the IP address of your local target computer eg 192 168 1 100 Set your number of test packets to send either 1 2 3 or 4 Leave packet size as default 60 bytes Leave time between packets as default 1 second 1000 milliseconds Leave time out as default 5 seconds 5000 milliseconds Click Start Check that packets Received equal at least 1 for confirmation of a successful ping Packet loss can be determined by comparing packets sent to packets received Ping example 2 Testing Internet connectivity your router s connection to the Internet 1 2 Oss Qv Uv n Change the source IP to be the WAN IP address of the router Enter the whole IP address of your target computer
99. nt view of the NetComm NB5580 The LEDs on the front panel indicate the status of the unit Power Green Diag Red On when power is on Lights up during system check when the power is initially connected If the Router is working properly the light should switch off after the diagnostic has been completed For WAN port amp LAN ports x4 Link Act amp 10 100 Green Yellow www netcomm com au Page 16 On when a successful 100Mbps connection is made through the corresponding port Blinking when data is flowing through this port On when a successful 10Mbps connection is made through the corresponding port Blinking when data is flowing through this port Rev 1 YML686 NP5580 W User Guide Metta C 2 4 Front Panel LEDs for the NB5580W The following figure shows the front view of the NetComm NB5580W The LEDs on the front panel indicate the status of the unit Power Green Diag Red For WLAN Enable Activity Green On when power is on Lights up during system check when the power is initially connected If the Router is working properly the light should switch off after the diagnostic has been completed The Links LED illuminates when the wireless option is enabled When the wireless option is disabled through the web based utility the LED is off Blinking when there is wireless connection activity For WAN port amp LAN ports x4 Link Act amp 10 100 Green Yellow
100. ntaining a continuous connection to the wireless network What is ISM band The FCC and their counterparts outside of the U S have set aside bandwidth for unlicensed use in the ISM Industrial Scientific and Medical band Spectrum in the vicinity of 2 4 GHz in particular is being made available worldwide This presents a truly revolutionary opportunity to place convenient high speed wireless capabilities in the hands of users around the globe www netcomm com au Rev 1 YML686 Page 92 NP5580 W User Guide hudoni What is Spread Spectrum Spread Spectrum technology is a wideband radio frequency technique developed by the military for use in reliable secure mission critical communications systems It is designed to trade off bandwidth efficiency for reliability integrity and security In other words more bandwidth is consumed than in the case of narrowband transmission but the trade off produces a signal that is in effect louder and thus easier to detect provided that the receiver knows the parameters of the spread spectrum signal being broadcast If a receiver is not tuned to the right frequency a spread spectrum signal looks like background noise There are two main alternatives Direct Sequence Spread Spectrum DSSS and Frequency Hopping Spread Spectrum FHSS What is DSSS What is FHSS And what are their differences Frequency Hopping Spread Spectrum FHSS uses a narrowband carrier that changes frequency in a patte
101. numbers replacing letters with numbers Buz911BOxzero as above but using upper and lower case as well SecN tCOmmwillyou The 0 is a zero the use of instead of e To change your Admin password choose the Device Admin option on the menu Enter your new password twice once in each field and then click the submit button Note For security your password s characters will be replaced with dots so no one can see you type it on the screen SNMP Simple Network Management Protocol is used to manage devices on networks from a central location SNMP is disabled by default and you should not enable it unless you wish to use it The authentication for SNMP is based on Community Strings these are like passwords and should be treated as such when it comes to security If you want to use SNMP on your NB5580 W you should change all your community strings both public and private to more secret names with more complexity Remote Configuration via HTTP The HTTP server built into the NB5580 W is used to allow you to view and edit configuration pages via a web browser from anywhere on the Internet You can set the NB5580 W to allow this information to be viewed or changed via the WAN Internet The default is to NOT allow Remote configuration Administration via the Internet this can be changed in the Device admin page You can also change the port that the service runs on default is port 8080 but this means when you access your NB558
102. o an ADSL zz into Computer s zd Enabled Line or LAN into a Powerpoint If using the NB5580 as a desktop unit fix the Rubber Feet provided Plug the Power pack into a power point and into the power socket of the NB5580 Connect your ADSL line Telephone line into the ADSL socket of the NB5580 Note If your telephone line has an ADSL splitter installed you must connect the NB5580 to the line wall socket designated for ADSL use If your Telephone line does not have an ADSL splitter you must connect Microfilters in line with each telephone device you intend to use on the Telephone line See the Section on ADSL Filters Splitters in the Appendix of this manual Connect your computers with Network Interfaces to any of the four Ethernet LAN sockets on the back of the NB5580 If you wish to connect more than four computers you should connect one of the LAN sockets to your Network Hub or Switch Check that the Ethernet sockets used have their respective LAN link lights on Note Auto MDI is available on all four ports A special cross over cable or uplink port to join the router to another hub or switch is not required as the NB5580 ports are self adjusting You should now be able to access and configure the NB5580 W via a web browser See the Configuration section of this manual for more information Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 13 Meta 2 2 Note Note Note Connecting your NB5580W t
103. o your LAN It is recommended that you connect your NB5580W to only one computer to configure it BEFORE connecting it to the rest of your network This will allow you to enable disable the DHCP server and change other settings that may conflict with exisiting Network devices It is also recommended that you disable the Wireless function NB5580W only Connecting the Antenna Pull back the Antenna nut cover to reveal the screw retaining nut Place the screw retaining nut over the antenna connection on the rear of the NB5580W and turn it clockwise Power l Reset o Antenna connection onrear of NB5580W Antenna screw Antennanut retaining nut cover Do not over tighten the attaching nut but do make sure that you have screwed it all the way to its end Once completed slide the black screw nut cover completly over the retaining nut before trying to bend the antenna to 90 degrees Return the cover and bend the antenna to a 90 angle Please note that you may have to rotate the complete antenna assembly to do this and have the antenna pointing vertically If using the NB5580W as a desktop unit fix the Rubber Feet provided www netcomm com au Rev 1 YML686 Page 14 NP5580 W User Guide Meta C Plug the Power pack into a power point and into the power socket of the NB5580W Connect your ADSL line Telephone line into the ADSL socket of the NB5580W Removable Wireless Antenna included in package for NB5580W
104. or type VPN tunnels However if the VPN router Client at the remote end is on a fixed IP address it is strongly recommended that you specify the IP address here as this will prevent hackers on other IP addresses being able to create a VPN tunnel to your Router even if the know your Preshared Key and other private settings Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 85 y Encryption amp Authentication Setting encryption DES or 3DES is highly desirable as this will help prevent a hacker from reading the contents of any intercepted packets DES is a Standardised encryption method that is very strong 3DES passes each payload through the encryption alogorithim three times to enhance its security 3DES is the most secure setting Authentication MD5 or SHA should be used to increase security of your VPN tunnels choose the authentication method which best suits the VPN router Client at the other end This will help ensure that VPN tunnels joining your Router will authenticate via a known Preshared key before a tunnel is allowed Preshared Keys should be made out of complex strings of characters as per the Admin password and keys should be different for each tunnel entered so that access rights intended for one VPN client can not be used by a different client on a different tunnel Access Control The NB5580 W has Access Control functions that allow you to restrict which Network Interface Cards NICs or IP ad
105. ow you to configure the NetComm NB5580 W from WAN side To access the setting page from external side enter http lt WAN IP Address gt 8080 into the web browser address column and press the Enter key Rev YML686 NB5580 W User Guide www netcomm com au Page 41 Melua C E E MTU Check Enable if you want to limit the incoming and outgoing packet size for the router Enter the maximum packet size you wish to set in the Size column This can assist with the transmission of emails with attachments etc Block WAN ping response This option is enabled by default for security This means the router will not respond to pings sent to it by other computers on the internet You can alter this to help with diagnostics IPSec Pass Through This option needs to be enabled if a computer on the LAN wishes to use a IPSec VPN client to tunnel through the router and out to the Internet PPPoE Pass Through This option needs to be enabled if a computer on the LAN wishes to use a PPPoE client to tunnel through the router and out to the Internet PPTP Pass Through This option needs to be enabled if a computer on the LAN wishes to use a PPTP client to tunnel through the router and out to the Internet Reset Device Select Yes if you want to clear connections reboot and re initialize the unit without affecting any of your configuration settings Factory Defaults Select Yes if you wan
106. ppears skip the user name and enter the default password admin and press the Enter key 3 Click the OnePage Setup tab to set the configuration as shown below Rev 1 YML686 www netcomm com au NP5580 W User Guide Page 80 Met C 6 3 2 VPN Screen The following Figure is a sample configuration for the Router s VPN tab VPN Settings Once all these have been entered click the Connect button to establish a VPN connection The Status should indicate that the Router is Connected Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 81 w VAA Chapter 7 Security This chapter provides guidance to ensure that security is maintained during installation and operation of your NetComm NB5580 W Your NB5580 W comes with default settings that reach a balance between immediate operability and security However we recommend that you review the following features to ensure that your NB5580 W is as secure as your network and interoperability settings will allow Below is a list of the areas that need your attention to secure your NB5580 W from unauthorised access these areas or features are E Physical Security Wireless Security NB5580W only Administration Password fig E Es SNMP Community Strings Remote Configuration via HTTP Block WAN Ping Response DMZ Host Port Forwarding m E Dynamic Routing RIP Configuration Special Application VPN Settings Remote
107. r fous Broadband VPN Router gt XP Description Filters Yes 10 In the Source address area click A specific IP Subnet and fill in the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 11 In the Destination address area click My IP Address www netcomm com au Rev 1 YML686 Page 70 NP5580 W User Guide Met 12 If you want to type a description for your filter click the Description tab Filter Properties Addressing Protocol Description r Source address A specific IP Subnet z IP Address 192 168 1 Subnetmask 255 255 255 r Destination address My IP Address bd IV Mirrored Also match packets with the exact opposite source and destination addresses 13 Click OK and then click OK New Rule Properties Authentication Methods Tunnel Setting IP Filter List The selected IP fiter list specifies which network traffic will be affected by this rule IP Filter Lists Name Description O AI ICMP Traffic Matches all ICMP packets betw O AIL IP Traffic Matches all IP packets from this Broadband VPN Router gt XP XP Broadband VPN Router Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 71 AME C 6 2 3 Configure Individual Rule of 2 Tunnels Tunnel 1 WinXP Broadband VPN Router 1 From the IP Filter List tab click the filter list XP Broadband VPN Router New Rule
108. r ISP uses LLC Encapsulation and provides you with one or more IP addresses when you apply for the service You can find more information in the RFC 2684 standard Specify WAN IP Address Enter one IP address provided by your ISP Subnet Mask Enter the subnet mask values provided by your ISP Default Gateway IP Address Your ISP will provide you with the Default Gateway IP Address Domain Name Server DNS Your ISP will provide you with at least one DNS IP Address Multiple DNS IP settings are common The first available DNS entry is used in most cases Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 25 Meta Note Router using Classical IP Choose this setting if 1 You want this device acting as a router without NAT function 2 Your ISP uses Classical IP connection type use LLC encapsulation and routing protocol and provides you one or more IP addresses when you apply for the service You can find more information in the RFC 2684 standard E Specify WAN IP Address Enter the IP address provided by your ISP Subnet Mask Enter the subnet mask values provided by your ISP Default Gateway IP Address Your ISP will provide you with the Default Gateway IP Address A Domain Name Server DNS Your ISP will provide you with at least one DNS IP Address Multiple DNS IP settings are common The first available DNS entry is used in most cases You have to set public IP address for each of your LAN compu
109. r Media Access Control Address a hardware address that uniquely identifies each node of a network NAT Short for Network Address Translation a routing protocol that allows global IP Addresses to be translated into multiple private IP Addresses for use on internal LAN networks The explosion in the use of the Internet has created a critical problem for the Internet Assigned Numbers Authority IANA which is in charge of assigning IP Addresses to Internet users ISPs etc NAT is a technology that has been introduced to help maximize the utilization of assigned IANA and global IP Addresses Network Protocol Network protocols encapsulate and forward data packets from one interface to another PAP CHAP Short for Password Authentication Protocol and Challenge Handshake Authentication Protocol Most ISPs use either one for user identification If your ISP doesn t support these two protocols contact them for an authentication script Hev 1 YML686 NB5580 W User Guide AEG PPP Short for Point to Point Protocol a communications protocol for transmitting information over standard telephone lines between devices from different manufacturers PPPoE Short for PPP over Ethernet relying on two widely accepted standards Ethernet and the Point to Point Protocol PPPoE is a communications protocol for transmitting information over the Ethernet between devices from different manufacturers PPTP The acronym of Po
110. red communication with non IPSec aware computer IV Session key perfect forward secrecy PFS 5 From the Authentication Methods tab click the Edit button New Rule Properties IP Fiter List l Fitter Action Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trust is established between These authentication methods are offered and accepted when negotiating security with another computer Kerberos Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 73 AME C Edit Authentication Method Properties Authentication Method The authentication method specifies how trust is established between the computers Active Directory default Kerberos V5 protocol C Use a certificate from this certification authority CA Browse Use this string preshared key Test 6 Change the authentication method to Use this string preshared key enter the string Test and then click the OK button New Rule Properties IP Filter List Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trust is established between computers These authentication methods are offered and accepted when negotiating security with another computer This new Preshared key will be displayed in Authentication method preference order Click the OK button to continue www netcomm com au Rev 1 YML686 Page 74 NP5580 W User Gu
111. rm SNMP Function Enable Disable SNMP Community 1 SNMP Community 2 SNMP Community 3 SNMP Community 4 WAN Mac Change External Admin MTU Block WAN ping response IPSec Pass Through PPTP Pass Through PPPOE Pass Through Reset Device Factory Defaults Broadband High performance Router 1 03 2 Apr 18 2003 sssssesssssssono sesssssssssssosn public Read Only private Read Wnte v Read Only v Read Only v oo foo foo foo foo foo xigesppoOTSeUTEREAI O Enable Disable Enable ODisable Size 143 Enable Disable Enable Disable Enable Disable Enable Disable OYes No O Yes No Apply Undo Firmware Version This field shows the installed version of the firmware Administrator Password Enter the password you want to use into the Password Change field and re enter it into the Password Confirm field for confirmation Be sure that the password is less than 64 characters long and without any spaces SNMP Function The NetComm router is equipped with SNMP funcitonality to allow it to be monitored and managed with a central SNMP management suite SNMP is disabled by default if enabled the community strings should be changed for security WAN MAC Change The WAN MAC address can be changed from the original values if necessary Some ISPs require users to change the WAN MAC address to a registered one when users change their access equipment External Admin Check Enable to all
112. rn that is known to both transmitter and receiver Properly synchronized the net effect is to maintain a single logical channel To an unintended receiver FHSS appears to be shortduration impulse noise Direct Sequence Spread Spectrum DSSS generates a redundant bit pattern for each bit to be transmitted This bit pattern is called a chip or chipping code The longer the chip the greater the probability that the original data can be recovered Even if one or more bits in the chip are damaged during transmission statistical techniques embedded in the radio can recover the original data without the need for retransmission To an unintended receiver DSSS appears as low power wideband noise and is rejected ignored by most narrowband receivers Would the information be intercepted while transmitting on air WLAN features two fold protection in security On the hardware side as with Direct Sequence Spread Spectrum technology it has the inherent security feature of scrambling On the software side the WLAN series offers the encryption function WEP to enhance security and access control Users can set it up depending upon their needs What is WEP WEP is Wired Equivalent Privacy a data privacy mechanism based on a shared key algorithm as described in the IEEE 802 11 standard What is a MACAddress The Media Access Control MAC address is a unique number assigned by the manufacturer to any Ethernet networking device such as a network
113. routing transmission The default value is 1 Interface Choose LAN if the Destination LAN is on your Router s LAN side and choose WAN if the Destination LAN is on the Router s WAN side Referring back to the above diagram with proper setting PC1 would be able to access LAN 1 LAN 2 and the Internet while PC2 can only access LAN 2 and LAN 1 Click Apply after making any changes www netcomm com au Rev 1 YML686 Page 38 NP5580 W User Guide Meta C 4 10 Wireless only applicable for the NB5580W This setting page allows you to configure advanced wireless functions of your NB5580W To set those items needs more technology background Unless you really understand those technical terms it would be better to leave them as default setting Edit MAC Filter Setting Mixed default 7 Default v Dynamic default Both default Apply Wireless Station Status The Active MAC Table shows the MAC addresses of wireless clients which have the same ESSID and WEP key with Broadband Wireless Router When the MAC Filter function is disabled the background color is gray Click the Active MAC Table button will display all MAC addresses of wireless nodes on your WLAN If the MAC Filter function is enabled and the MAC addresses showing in this table have been entered into the Edit MAC Filter table the background color of those MAC addresses will be green Otherwise it should be red If the MAC addresses
114. s Regional Sources 32bit Settings x Double click the Network icon Your Network window should appear Select the Configuration tab Note For Windows 2000 amp Windows XP the settings can be reached by clicking the Local Area Connection icon on the right bottom side of your desktop screen 234 869 In the Local Area Connection Status window click Properties button then your Network window will appear Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 95 2 Check whether the TCP IP Protocol has already been installed and bound to your Network Interface Card If yes go to step 6 IPX SPX compatible Protocol gt Dial Up Adapter IPX SPX compatible Protocol gt NETGEAR FA311 Fast E TCP IP gt Dial Up Adapt Ifno click the Add button 3 Double click Protocol on the Select Network Component Type or highlight Protocol then click Add Select Network Component Type www netcomm com au Rev 1 YML686 Page 96 NP5580 W User Guide Met C 4 Highlight Microsoft under the list of manufacturers Select Network Protocol E x Click the Network Protocol that you want to install then click OK If you have an installation disk for this device click Have Disk Manufacturers Network Protocols ATM Call Manager ATM LAN Emulation Client IPX SPX compatible Protocol NetBEUI f PPP over ATM protocol Have Disk
115. s how to configure IPSec on Windows 2000 XP Chapter 7 Security This chapter is provides guidelines to secure your network Chapter 8 Trouble Shooting This chapter describes potential problems you may run into and the suggested remedies Hev 1 YML686 www netcomm com au NB5580 W User Guide Page 9 VAL Chapter 1 Getting to know your NetComm NB5580 W 1 1 This chapter describes the package contents and provides a list of features of the NetComm NB5580 W About NetComm NB5580 W The NetComm NB5580 W combines an ADSL Modem with a Router including an Active Firewall and VPN security There are two versions of this product NB5580 ADSL modem Router Firewall VPN NB5580W ADSL modem Router Firewall VPN Wireless Access Point All computers whether connected wirelessly or via Ethernet can seamlessly share one ADSL internet account as well as share data Files Printers and other network services between themselves locally or to a remote office user via a VPN tunnel Ethernet Fast Ethernet Ethernet is the most widely used network access method especially in LANs It is defined by the IEEE as 802 3 standard Normally Ethernet is a shared media LAN AII stations on the segment share the total bandwidth which could be 10Mbps Ethernet 100Mbps Fast Ethernet or 1000Mbps Gigabit Ethernet With switched Ethernet each sender and receiver has the full bandwidth Fast Ethernet is defined as IEEE 802 3u st
116. s in your LAN side PCs Internet users may not be able to reach your servers because your WAN side IP address may change each time you initiate the connection to your ISP The DDNS function will help to map your IP address to your domain name when your ISP assigns a new dynamic IP Address Note that this DDNS function acts as the client appliance of DDNS service and is only able to be use in conjunction with the service provided by DynDNS org Before you begin using this function you will need to apply to DynDNS org to be able to use the service Please visit www dyndns org for further information E fe Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 47 Melua Dynamic Domain Name Service is a feature that allows you to map a domain name to a public IP address automatically The advantage of this function is that even if your ISP assigns your router a different IP address every day people and computers can reference your internal network if VPN Port forward or DMZ settings are made via your domain name without the need to know your Public IP address The router is designed to use the Web site www dyndns org which offers up to 5 free Dynamic domain names per user A DDNS Service Check the Enable option if you wish to activate this function Username After you have applied for the DDNS service from DynDNS org you will be issued with a Username Enter this username in the Username field Password DynDNS org wi
117. stallation This equipment generates uses and can radiate radio noise and if not installed and used in accordance with the instructions detailed within this manual may cause interference to radio communications However there is no guarantee that interference will not occur with the installation of this product in your home or office If this equipment does cause some degree of interference to radio or television reception which can be determined by turning the equipment off and on we encourage the user to try to correct the interference by one or more of the following measures e Change the dirtection or relocate the receiving antenna e Increase the separation between this equipment and the receiver Connect the equipment to an alternate power outlet on a different power circuit from that to which the receiver TV is connected e Consult an experienced radio TV technician for help 3 The power supply that is provided with this unit is only intented for use with this product Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm Failure to do so may cause damage to this product fire or result in personal injury www netcomm com au Rev 1 YML686 Page 116 NP5580 W User Guide Cut along the line Warranty Registration Form Date of Purchase Name Company Address The following information is vital for your warranty Please make sure
118. t to return all the router s current settings to their factory default settings Note Do not restore to the factory defaults unless it is absolutely necessary Click Apply to make any changes www netcomm com au Rev 1 YML686 Page 42 NP5580 W User Guide Meta C 4 12 Status Monitor This screen shows the router s current status All of the information provided is read only Login This column shows the login information of your WAN connection You can manually initiate a connection or a disconnection by clicking the buttons However if you initiate a disconnection here the Connect on Demand will not function until the connection button is clicked Note that the Login won t show any information if you select Obtain IP automatically or Static IP in the OnePage Setup page WAN Internet This section shows the IP settings status of the router as seen by external users of the Internet If you select Get IP Address Automatically PPPoE or PPTP in OnePage Setup the IP Address Subnet Mask Default Gateway and Domain Name Server DNS will show the information received from the DHCP server or ISP currently being used If you select Static IP in the One Page Setup Public IP Address the information will be the same as your input DHCP Release Click this button to release the IP address obtained from the ISP s DHCP server DHCP Renew Click this button to re acqu
119. ters if you select this connection type Modem using LLC Encaps Choose this setting if 1 You want this device acting as an ADSL modem i e when being plugged into another broadband router or a computer running your ISP s software 2 Your ISP uses LLC encapsulation Your ISP may use DHCP to provide an IP address or provide you one or more IP addresses as well as advising you to use PPPoA or PPPoE connection modes When you have properly configured the Setup page click Apply Your Router will then attempt to connect to the Internet If you experience problems please refer to the trouble shooting section before contacting NetComm Technical Support www netcomm com au Rev 1 YML686 Page 26 NP5580 W User Guide Metta Chapter 4 Advanced Applications This chapter provides information on how to set up and use the advanced features of your NetComm NB5580 W 4 1 Firewall The Firewall setting page allows you to configure advanced Firewall functions to provide superior security for your network environment You must click Apply to make any changes active Firewall Settings Firewall Option Enable this function to prevent DoS Denial of Service attacks and to use SPI Stateful Packet Inspection SPI function will check the contents of incoming data packets for malicious attacks When the firewall is enabled it will block against the following attacks DoS DDoS Ping of Death LAND IP Spoofin
120. the application is designed to be used over a network Most applications that are designed to work over TCP IP ethernet newworks should run transparently over your wireless network Consult the application s user guide to determine if it supports operation over a network Can I play multiplayer games with other users of the wireless network Yes as long as the game supports multiple players over a LAN local area network Refer to the game s user guide for more information Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 91 AME What are Ad hoc and Infrastructure modes An Ad hoc wireless LAN is a group of computers each with a WLAN adapter connected as an independent wireless LAN An Ad hoc wireless LAN is applicable when no AP is available or you wish to run a private network not joined to the corporate wireless network Because the NB5580W can only operate in Access Point mode when you wish to connect to it your Wireless client adapters connected to your computers MUST be set to Infrastructure mode What is Roaming Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than that covered by a single Access Point Before using the roaming function the workstation must make sure that it is the same channel number as the Access Point of the dedicated coverage area To achieve true seamless connectivity the wireless LAN must incorporate a number
121. the tunnel may choose to Disable authentication In the screen below MDS the default has been selected 6 In order for any encryption to occur the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted This is done by sharing a key to the encryption code Under Key Management you may choose Auto IKE and enter a series of numbers or letters in the Pre shared Key field In the example shown below the word Test is used Based on this word which MUST be entered at both ends of the tunnel a code is generated to scramble encrypt the data being transmitted over the tunnel where it is unscrambled decrypted You may use any combination of up to 23 numbers or letters in this field No special characters or spaces are allowed In the Key Lifetime field you may optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used or leave it blank for the key to last indefinitely Similarly you may choose Manual Keying which allows you to generate the code yourself Enter your code into the Encryption KEY field Then enter an Authentication KEY into that field These fields must both match the information that is being entered in the fields at the other end of the tunnel The example shown below displays some sample entries for both the Encryption and Authentication Key fields Again up to 23 alphanumeric characters ar
122. troduction Congratulations on your purchase of the NetComm NB5580 W Available in either standard NB5580 or wireless NB5580W models the NetComm NB5580 W is designed to provide advanced networking security and network resource sharing with a 4 port 10 100 Mbps switch And best of all with a powerful firewall engine this device is able to prevent DoS attack and uses SPI to provide superior protection for your private network from Internet hackers 11g 54Mbps WIRELESS CONNECTIONS cH Notebook Game Console Camera NetComm NB5580W 13 ADSL Integrated Gateway WEB or Mail Server 11b 11Mbps WIRELESS CONNECTIONS c A ETHERNET CONNECTIONS The above diagram shows the NB5580W Wireless Model The wireless model NB5580W also provides an integrated 802 11g wireless AP thereby expanding your network to include your Wireless LAN WLAN The built in NAT provides a natural Internet firewall protecting your network from unauthorised access by outside users The router will share your internet connection with up to 253 users Configured as a DHCP server the NetComm NB5580 W assigns an IP Address to every computer connected on the LAN automatically Also a DHCP client helps the WAN port to acquire an IP address dynamically from your ISP Unlike other typical routers which only share 10Mbps over all of their connections the NetComm NB5580 W is equipped with a 4 port 10M 100Mbps auto sensing switch dedicating a poss
123. ts should take If using the Modem mode most functions of the NB5580 W are not used and you will need to use a second router or computer to authenticate your ISP account LLC Encaps Classical IP PPPoE and PPPoA are connection modes that use different protocols to create the initial session between your NetComm NB5580 W and ISP s equipment Your ISP may indicate the connection mode you should set If you don t know which one to choose connect your ISP to get this information Rev 1 YML686 www netcomm com au NB5580 W User Guide Page 23 Melua Gateway using PPPOE Choose this setting if 1 IE m You want to employ NAT to share Internet access for all of your computers as well as protect them from outside intruders Your ISP uses PPPoE as connection mode You can find more information in the RFC 2516 standard User Name Enter the user name your ISP provide to you Password Enter the password your ISP provide to you Connect on demand Is a utility to trigger the PPPoE session to connect if in a disconnected state when Internet access is being attempted Select this function and enter the number of minutes you wish to wait after network idle time in the Max Idle Time location This function is for PPPoE only Keep Alive This function keeps your PPPoE connection always on even during a period of no WAN activity In some situations the PPPoE session cannot be restored immediately after disconnection because the I
124. uently allow access to your LAN or atleast the computer they are running on If you do not need Special Applications triggered ports leave these fields blank VPN Your router has VPN tunnel endpoints built in these can allow full Network access to your entire LAN Subnet a IP address range or just a single IP address Computer Local Secure Group To ensure the highest level of network security is maintained it is best to set your Local Secure Group to be the minimal number of IP addresses required for the purpose of the VPN tunnel E g If the VPN tunnel is only used for using Remote Desktop Connection to a Windows XP computer on an IP address of 192 168 1 200 then limit the Local Security settings to the following Subnet IP range IP Address IP Address IP 192 168 1 200 MASK Not Applicable because an IP was specified Note Don t forget any changes you make in the Local Secure Group will need to be reflected in the settings for Remote Secure Group in the Router Client at the other end Remote Security Gateway To further increase your security you should limit the possibilities of the Remote Security Gateway setting This setting will need to be set to ANY if the remote router or VPN client is going to be allocated a new Public IP address each time it connects to the Internet ANY is the least desirable setting for security but it may be necessary for practical reasons e g Road Warri
125. vides confidentiality data integrity and authentication at the IP Layer to offer secure communications across a public network like the Internet IPSec Components IPSec contains the following protocols E Encapsulating Security Payload ESP Provides confidentiality authentication and integrity WB Authentication Header AH Provides authentication and integrity E Internet Key Exchange IKE Provides key management and Security Association SA Security Association SA An SA provides data protection for unidirectional traffic as defined in the IPSec protocols An IPSec tunnel typically consists of two unidirectional SAs which together provide a protected full duplex data channel IPSec can be used in tunnel mode or transport mode Typically the tunnel mode is used for gateway to gateway IPSec tunnel protection while transport mode is used for host host IPSec tunnel protection A gateway is a device that monitors and manages incoming and outgoing network traffic and routes the traffic accordingly A host is a device that sends and receives network traffic Transport Mode The transport mode IPSec implementation encapsulates only the packet s payload The IP header is not changed After the packet is processed with IPSec the new IP packet contains the old IP header with the source and destination IP addresses unchanged and the processed packet payload www netcomm com au Rev 1 YML686 Page 58 NP5580 W User Guide Met C Tunn
126. ving this feature enabled for ease of use Channel Different countries have different numbers of available channels Your NB5580W is factory set to the Australian European domain Wireless Client adapters that have a matching SSID will automatically match the Channel that you set in your NB5580W To decide which channel to use in your NB5580 it is recommended that you choose a channel that is not the same or numerically close to any existing or neighboring WLAN channel WEP As the acronym for Wired Equivalent Privacy WEP is an encryption mechanism used to protect your wireless data communications WEP uses a combination of 64 bit 128 bit keys to encrypt data that is transmitted between all points in a wireless network to insure data security To code decode the data transmission all points must use the identical key To make the WEP encryption active or inactive select Mandatory or Disable www netcomm com au Rev 1 YML686 Page 22 NP5580 W User Guide Metta C E WEP Key Setting As the WEP is active click the button of WEP Key Setting to go to the setting page Select 64Bit or 128Bit encryption algorithm from the drop down list There are two ways to generate WEP key 1 Passphrase Enter a alphanumeric text string in this column then click Generate button and four 64 bit or 128 bit encryption key will be created automatically 2 Youcan enter the WEP key manually You may need to enter the WEP key manually in case
127. www pcwebopedia com index html the domain name is pcwebopedia com DoS DoS is the acronym for Denial of Service This is the result when a computer or network is overwhelmed to the point that it can no longer function normally www netcomm com au Page 111 Metta DNS Short for Domain Name Server translates domain names into IP Addresses To help us recognize and remember domain names they are alphabetic in form however the Internet actually runs on numbered IP Addresses DNS servers translate domain names into their respective IP Addresses DSSS Also known as Direct Sequence Spread Spectrum it is a radio transmission method that continuously changes frequencies Ethernet One of the most common Local Area Network LAN standards Ethernet uses a bus topology which supports a data transfer rate of 10 or 100 Mbps ESS ESS is the acronym of Extend Service Set that consists of several BSS Firewall A security system used to enforce an access control policy between an organisation s networks and the Internet TEEE Short for Institute of Electrical and Electronics Engineers an organization best known for developing standards for the computer and electronics industry Internet A global network connecting millions of computers for the exchange of data news and opinions www netcomm com au Page 112 Intranet A network based on TCP IP Protocol belonging to an organization and acc
Download Pdf Manuals
Related Search