BASIC CONFIGURATION GUIDE FOR ADSL ROUTER - AW4062 OBSERVA TELECOM. Release 1.4, 2010-07-02

BASIC CONFIGURATION GUIDE FOR ADSL ROUTER - AW4062 OBSERVA TELECOM Release 1.4, 2010-07-02

INDEX 1. INTRODUCTION... 3 2. BASIC OPERATIONS ADSL ROUTER AW4062 2.1. CHANGE PASSWORD-WEB ACCESS... 4 2.2. WAN BASIC CONFIGRUATIONS: 2.2.1. Dynamic multipc cnfiguratin... 5 2.2.2. Static multipc cnfiguratin... 8 2.2.3. Dynamic singlepc cnfiguratin... 10 2.2.4. Static singlepc cnfiguratin... 17 2.3 WIRELESS CONFIGURATION 2.3.1 Enable/Disable wireless interface... 19 2.3.2 Change SSID and radi channel... 20 2.3.3 Shw/Hide SSID... 21 2.3.4 Change wireless encryptin/key... 21 2.3.5 Wireless MAC filtering... 24 2.3.6 WPS (Wireless Prtected Security)... 25 2.4 OPEN PORTS (Prt Frwarding)... 29 2.5 FIRMWARE UPGRADE... 30 2

1. INTRODUCTION This dcument is guideline f use and cnfiguratin f the ADSL ruter - AW4062 thrugh the web interface. Fr the cnfiguratin f the ADSL service prvided by yur ISP, it is recmmended t fllw the instructins in the Installatin Guide prvided in the ruter s Kit. The present dcument is a cmplementary guide which explanatins f hw t cnfigure the wireless ruter s basic settings thrugh the web interface, but the fllwing dcument requires an advanced netwrk knwledge. It is highly recmmended the use f Wizard-ADSL Agent prvided in the CD int the ruter s kit because f its simplicity. 3

2. BASIC OPERATIONS ADSL ROUTER - AW4062 2.1. CHANGE PASSWORD-WEB ACCESS There are tw level accesses fr the ADSL ruter AW4062: Administratr level (full access) User level (restricted access: it is nt allwed t access t advanced netwrk settings) The first time yu access the ruter, yu will be required t enter default user and passwrd fr bth levels (it is recmmended t change it). Open an internet web brwser and input the ruter s default IP address: http://192.168.1.1 Yu will be asked t enter username and passwrd credentials f the ruter. Default settings are: Administratr level: User=1234; Passwrd=1234 User level: User=user; Passwrd=user Fr changing the passwrd in bth levels, g t the web menu Admin Passwrd and select the level access User Name: 1234 (Administratr level) r user (User level). Write current passwrd (Old Passwrd), new passwrd (New Passwrd), and write it again (Cnfirmed Passwrd).When yu finish, press Apply Changes: 4

2.2. WAN BASIC CONFIGURATIONS: 2.2.1. Dynamic multipc cnfiguratin MultiPC cnfiguratin will allw yu t create a netwrk f multiple PCs cnnected in yur LAN, with Internet access thrugh any f them. With dynamic addressing (PPPE), yur ruter will btain dynamically the IP address needed t access the Internet, each time it is cnnected, and as lng as the cnnectin is active. The advantage f this cnfiguratin type is the security, due t the use f NAT (Netwrk Address Translatin): private address in yur netwrk PCs wn t be seen frm the utside, as they are translated int a unique public IP valid thrugh the Internet. WAN Cnfiguratin: STEP 1.- Access the web menu WAN Channel Cnfig and cmplete all the fields as fllws: VPI/VCI: in envirnments withut Imageni, it is 8/32 Encapsulatin: LLC Channel Mde: PPPE Enable NAPT: selected (NAT rules enabled) Enable QS: selected (it will be applied the rules f Quality f Service) Admin Status: Enable PPP Settings: User Name: specify the username fr this cnnectin. Default setting is adslppp@telefnicanetpa Passwrd: default setting is adslppp Type: Cntinuus (Always n) Idle Time (min): empty WAN IP Settings: Default Rute: Enable 5

When yu finish, press Add. STEP 2.- Access the web menu WAN ATM Settings and specify the crrespnding Quality f Service parameters (QS) fr the PVC: In envirnments withut Imageni, QS parameters=ubr, PCR=6000. 6

LAN Cnfiguratin: Yu shuld cnfigure yur LAN settings with default IP 192.168.1.1, s yur ruter assigns IP pl within this range. STEP 1.- Access the web menu LAN t cnfigure yur lcal area netwrk settings: STEP 2.- Access the web menu Services DHCP Settings t setup yur ruter as DHCP Server and act as IP address Server within the IP address pl which yu specify belw: 7

2.2.2. Static multipc cnfiguratin Whit this type f cnfiguratin yur ruter will be assigned (by yur ISP) a unique and static IP address as Gateway (static) t have access t the Internet, thrugh a RFC1483 channel. Currently it is als pssible that yur ISP prvides yu static IP address (always the same) thrugh an IP DSLAM, s yu will have t cnfigure the channel in PPPE mde. The BRAS (Bradband Remte Access Server) will prvide yu, when the authenticatin prcess has finished, a static IP address t yur PC. WAN Cnfiguratin: STEP 1.- Access the web menu WAN Channel Cnfig and cmplete all the fields as fllws: VPI/VCI: in envirnments withut Imageni, it is 8/32 Encapsulatin: LLC Channel Mde: 1483 Ruted Enable NAPT: selected (NAT rules enabled) Admin Status: Enable Enable QS: selected (QS rules enabled) WAN IP Settings: Type: Fixed IP Lcal IP Address: static IP address prvided by yur ISP Remte IP Address: static IP address-gateway prvided by yur ISP Subset Mask: subset mask prvided by yur ISP Default Rute: Enable 8

STEP 2.- Access the web menu WAN ATM Settings and specify the Quality f Service parameters (QS) fr the PVC: In envirnments withut Imageni, QS parameters=ubr, PCR=6000. LAN Cnfiguratin: In this type f cnfiguratin (static MultiPC) yur ruter will act as DHCP server within default range 192.168.1.33-192.168.1.254 STEP 1.- Access the web menu LAN t cnfigure yur lcal area netwrk settings: 9

STEP 2.- Access the web menu Services DHCP Settings t setup yur ruter as DHCP Server and act as IP address Server within the IP address pl which yu specify belw: 2.2.3 Dynamic singlepc cnfiguratin With the SinglePC cnfiguratin yur PC will be directly cnnected t the Internet, as it is nt applied the NAT rules. With this type f cnfiguratin, yur PC will be the nly machine in the netwrk. It is highly recmmended t make use f any netwrk prtectin in yur PC as: firewall, antivirus sftware, etc. Due t the ruter will be setup as Bridge mde, in rder t manage the cnnectins with the Internet yu must have installed a PPPE client in yur PC. Yu can fllw belw steps, fr instance, fr Windws Vista PPPE default client (fr the rest f OS the screenshts may be different): 1.- G t netwrk cnnectin manager setup netwrk cnnectin 2.- Cnnect t Internet 3.- Create a new cnnectin: 10

4.- Select bradband PPPE: 11

5. Specify the infrmatin f username and passwrd prvided fr yur ISP fr PPPE cnnectin, and press Cnnect: 12

6.- Once yu have created the PPPE cnnectin, the next time yu want t cnnect yu nly have t select the cnnectin yu have created frm the list f Cnnect t a netwrk : 13

7.- Intrduce username and passwrd prvided by yur ISP fr PPPE cnnectin, and press Cnnect: WAN Cnfiguratin: STEP 1.- Access the web menu WAN Channel Cnfig and specify all the fields as belw: VPI/VCI: in envirnments withut Imageni, it is 8/32 Encapsulatin: LLC Channel Mde: 1483 Bridged Enable QS: selected Admin Status: Enable 14

STEP 2.- Access the web menu WAN ATM Settings and specify the Quality f Service parameters (QS) fr the PVC: In envirnments withut Imageni, QS parameters=ubr, PCR=6000. 15

LAN Cnfiguratin: STEP 1.- Access the web menu LAN t cnfigure yur lcal area netwrk settings: STEP 2.- Access the web menu Services DHCP Settings t setup yur ruter as DHCP Server and act as IP address Server within the IP address pl which yu specify belw: 16

2.2.4 Static singlepc cnfiguratin With this type f cnfiguratin, yur PC will be the nly machine in the netwrk (singlepc) thrugh the nly IP address t access the internet (static) prvided by yur ISP. It is highly recmmended t make use f any netwrk prtectin in yur PC as: firewall, antivirus sftware, etc. Currently it is als pssible that yur ISP prvides yu static IP address (always the same) thrugh an IP DSLAM, s yu will have t cnfigure the channel in PPPE mde. The BRAS (Bradband Remte Access Server) will prvide yu, when the authenticatin prcess has finished, a static IP address t yur PC. WAN Cnfiguratin: STEP 1.- Access the web menu WAN Channel Cnfig and specify all the fields as belw: VPI/VCI: in envirnments withut Imageni, it is 8/32 Encapsulatin: LLC Channel Mde: 1483 Ruted Enable NAPT: NOT selected (NAT disabled) Admin Status: Enable Enable QS: selected WAN IP Settings: Type: Fixed IP Lcal IP Address: static IP address prvided by yur ISP Remte IP Address: static IP address-gateway prvided by yur ISP Subset Mask: sunet mask prvided by yur ISP Default Rute: Enable 17

STEP 2.- Access the web menu WAN ATM Settings and specify the Quality f Service parameters (QS) fr the PVC: In envirnments withut Imageni, QS parameters=ubr, PCR=6000. LAN Cnfiguratin: STEP 1.- Access the web menu Services DHCP Settings t setup yur ruter as DHCP Server and act as Server f the range f the nly ne IP address available: In rder t knw the IP address t be cnfigured as Gateway, yu must d the fllwing lgic binary peratin frm the public IP address and subnet mask prvided by yur ISP in the welcme letter: (public IP address) AND (subnet mask)) OR 1. 1.1 Setup start IP pl address=end IP pl address int IP Pl Range as the public IP address prvided in yur welcme letter 1.2 Setup as Gateway the IP address yu have previusly calculated 18

STEP 2.- Access the web menu LAN t setup yur lcal area netwrk with the static IP address prvided by yur ISP: After yu Apply Changes in LAN with a different IP address than default (192.168.1.1), yu will lse the web management int the ruter thrugh ld IP 192.168.1.1, s yu need t renew the IP assignment in yur LAN. Yu can pen a MSDOS Windws and type: ipcnfig /release and after that ipcnfig /renew. Yu can als rebt the ruter and the PC. With these actins yu will frce the renewal f the IP address in yur PC, accrding t the new LAN settings. 2.3. WIRELESS CONFIGURATION 2.3.1. Enable/Disable wireless interface If yu want t enable/disable the wireless interface by means f the web manager, yu can access t Wireless Basic Settings: Enable: unselect the ptin Disable Wireless LAN Interface t enable the wireless interface in the ruter, and press Apply Changes. After sme secnds, the frntal WLAN LED will be ON in green clur, which indicates that the wireless interface has been enabled successfully. Disable: select the ptin Disable Wireless LAN Interface t disable the wireless interface, and press Apply Changes. After sme secnds, the frntal WLAN LED will be OFF, which indicates that the wireless interface has been disabled successfully. 19

2.3.2. Change SSID and radi channel As default, the wireless netwrk identifier (SSID) will be setup as WLAN_XXXX, where XXXX are the last 4 characters in yur ruter s MAC address. As a first step t achieve wireless security int yur netwrk, it is recmmended t change default SSID in the web sectin Wireless Basic Settings SSID Furthermre, as default the radi channel is setup as autmatic (Aut), in rder t assign the less used channel. If yu want t change the radi channel, select the channel in Channel Number bx (1-13) and press Apply Changes: 20

2.3.3. Shw/Hide SSID As default settings, the ruter will bradcast yur wireless name identifier (SSID) t everyne, s any ther user can see the ruter s netwrk. As a secnd step t achieve wireless security, it is recmmended t avid the bradcast f yur SSID int the web menu Wireless Advanced Settings Bradcast SSID, and select Disable. Next, press Apply Changes: 2.3.4. Change wireless encryptin/key As default settings, yur ruter will be setup with the fllwing wireless infrmatin regarding the encryptin type and key (yu can see details in the label n the bttm f the ruter): If yu want t disable the wireless security (pen netwrk: nt recmmended, as anyne wuld be able t access yur netwrk) r change the encryptin type and wireless key, yu can g t Wireless Security: 21

The different encryptin types supprted in the ADSL ruter-aw4062 are: N encryptin (pen) WEP WPA PSK (TKIP, AES, TKIP+AES) WPA2 PSK (TKIP, AES, TKIP+AES) WPA2 Mixed PSK (TKIP, AES, TKIP+AES) Nne: T cnfigure yur wireless netwrk withut encryptin (withut key) please uncheck all encryptin types in the wireless sectin Wireless Security. In this mde, yur wireless netwrk will be pen (n encryptin) and any ther user with wireless cnnectin may enter yur netwrk, as all the infrmatin in yur system is transmitted withut encryptin. It is recmmended the use f sme f the encryptin types described belw. WEP (Wired Equivalent Privacy): In the menu Wireless Security, select Encryptin=WEP, and press Set WEP Key: 22

Chse the length and frmat fr the wireless key: 64-bit (ASCII-5 characters, Hex-10 characters), r 128-bit (ASCII-13 characters, Hex-20 characters). Next select the key t be transmitted as default (Default Tx Key), and the crrespnding value in Encryptin Key. When yu have finished, press Apply Changes in bth menus (Wireless Key Setup and Wireless Security Setup. WPA (WiFi Prtected Access): This encryptin methd uses mre cmplex functins fr generating and managing the encrypted infrmatin, s this is mre secure and recmmended than WEP methd. G t web menu Wireless Wireless Security Setup, and select the WPA methd in sme f its variants: WPA PSK (TKIP, AES, TKIP+AES), WPA2 PSK (TKIP, AES, TKIP+AES), WPA2 Mixed PSK (TKIP, AES, TKIP+AES). IT ALLOWS CHECKING SEVERAL BOXES AT THE SAME TIME. 23

If yu have an authenticatin Server (Radius), in yur netwrk, select the ptin Enterprise (RADIUS) and setup the IP address and prt number f yur radius. On the ther hand, select Persnal (Pre-Shared Key). Next, select the frmat f the key t be transmitted (Passphrase r Hex-64 characters). The frmat Passphrase allws a set f characters in ASCII with a minimum length f 8 characters (printable frm 32-126), except < > ] " It is nt allwed t start r end with blanks, r set tw cnsecutive blanks in the middle. When yu finish, press Apply Changes. 2.3.5. Wireless MAC filtering As anther step t achieve security int yur wireless netwrk, yu may want t restrict the access t a specific set f machines t yur netwrk (trusted devices), and frbid the access t the rest. With this actin, yu will guarantee that the nly machines t access yur netwrk will be the set f devices yu trust in. In this sectin, yu will be able t cnfigure the rules t restrict the wireless traffic int yur netwrk by allwing r denying access t the MAC addresses yu specify. G t web menu Wireless Access Cntrl, and select the rule yu want t be applied: Disable (all machines are allwed t access yur netwrk) Allw Listed (nly the listed MAC addresses are allwed t access yur netwrk) Deny Listed (all machines are allwed t access, except the specific set f MAC addresses in the list): 24

Once yu have entered all the rules and MAC addresses, press Add. 2.3.6. WPS (Wireless Prtected Setup) Althugh hme Wi-Fi netwrks have becme mre and mre ppular, users still have truble with the initial set up f netwrk. This bstacle frces users t use the pen security and increases the risk f eavesdrpping. Therefre, the Wi-Fi Prtected Setup (WPS) is designed t ease set up f security-enabled Wi-Fi netwrks and subsequently netwrk management. The largest difference between WPS-enabled devices and legacy devices is that users d nt need the knwledge abut SSID, channel and security settings, but they culd still surf in a security-enabled Wi-Fi netwrk. These are the elements invlved int the WPS prcess: Registrar: netwrk entity which prvides/revkes the credentials fr the access (ruter r wireless Access Pint) Enrlee: client devices which want t be cnnected thrugh a secure wireless netwrk (wireless USB adapters, cameras, phnes ). 25

The prcess f activatin and cnnectin is quite simple: 1. User has a AP r ruter which supprts WPS methd, and ne r sme client devices want t be cnnected thrugh a secure netwrk 2. User pwers n all devices 3. User pushes WPS buttn in the AP and in client devices 4. All devices are cnnected in secure mde, withut the need f knwing r intrducing the SSID r key 5. The netwrk name and encryptin are transmitted in a secure mde 6. It can be added easily a new client device, by pushing the crrespnding WPS buttn The ADSL ruter - AW4062 supprts bth methds Push Buttn and PIN: Push Buttn methd (PCB): The Push Buttn methd can be started in tw ways: Frm the ruter s web page (SW methd): pushing Start PBC : Or by pushing the physical push buttn placed in the rear panel in the ruter and labelled with the wireless symbl (HW methd), at least during 8 secnds 26

Frm this mment n, yu must activate the WPS methd in the client (fr instance, a wireless USB adapter which supprts this ptin), by pushing als its crrespnding WPS push buttn, within a time windw f 2 minutes as maximum. If yu dn t push the WPS client push buttn within 2 minutes, the windw fr assciatin will be clsed, and yu will have t push the ruter s WPS push buttn again t start the prcess. Frntal WPS Led status in the ruter during the WPS prcess: Blinking Yellw WPS activatin in prcess (max. duratin: 2 minutes) Blinking Red WPS prcess failure (whatever the reasn is). It keeps red fr 30 secnds and then turns ff. Steady Green WPS cnnectin established successfully between Registrar (ruter) and Enrlee (client). It keeps steady green fr 10 secnds and then turns ff. Example f WPS-Push Buttn with the fllwing elements: ADSL ruter - AW4062 Observa Telecm. Wireless adapter Observa Telecm- USB Edimax 11g-7318Ug Cnnect the wireless USB adapter in yur PC and pen the wireless netwrk manager applicatin. Push the ruter s WPS push buttn and the crrespnding int the wireless USB adapter (within 2 minutes as maximum). 27

It will shw up the fllwing windw int the USB adapter manager, which means that the WPS netwrk prfile is being created: Once the prfile is created, the ADSL ruter AW4062 and the USB adapter will be assciated autmatically: Frm this mment n, yu will be able t surf in the Internet in secure mde with yur ADSL ruter - AW4062. 28

2.4. OPEN PORTS (Prt Frwarding) With the MultiPC cnfiguratin (NAT enabled: translatin f public int private addresses), yu may be interested in pening sme prt f a specific applicatin, in rder t make this applicatin run faster. G t the web menu Firewall Prt Frwarding, and cmplete the infrmatin required belw: Field Descriptin Prt Frwarding Check this item t enable the prt-frwarding feature. Prtcl TCP, UDP r bth. Enable Check this item t enable this entry Lcal IP Address IP address f yur lcal server that will be accessed by Internet. Lcal Prt The destinatin prt number that is made pen fr this applicatin n the LAN-side. Remte IP Address The surce IP address frm which the incming traffic is allwed. Leave blank fr all. Public Prt The destinatin prt number that is made pen fr this applicatin n the WAN-side Interface Select the WAN interface n which the prt-frwarding rule is t be applied. 29

2.5. FIRMWARE UPGRADE If yu want t upgrade the firmware versin in yur ruter, g t web menu Admin Upgrade Firmware, and brwse the path where the FW file is lcated by pressing Examinar: After Brwning the file, press Uplad t launch the new firmware file upgrade. After the prcess is finished, the ruter will rebt autmatically. IMPORTANT: DO NOT POWER OFF THE ROUTER DURING THIS PROCESS, OR IT MAY BE LOST SOME CRUCIAL DATA WHICH MAY CAUSE THE SYSTEM CRASH The prcess will be finished nce yu see the frntal LEDs status in green (nrmal status). NOTE: During the FW upgrade, all LEDs except Ethernet will be blinking in Green at the same time (if wireless netwrk was disabled befre starting the prcess, the WLAN LED wn t blink either) After finishing the prcess, all the LEDs will return t nrmal status If during the prcess the ruter finds a recverable failure (punctual failure: fr instance, if yu brwse a wrng frmat file, the system will rll back withut affecting the system functining), all the LEDs except the Ethernet will be SOLID GREEN during 15 secnds t shw yu it happened a failure. After that time, all the LEDs will g back t nrmal status If during the prcess the ruter finds a nn-recverable failure (system failure which cannt be rll back: fr instance, crrupt file r discnnectin frm the pwer during the prcess), the POWER LED will be SOLID RED. In this case happens, yu must cntact yur technical service fr repair. 30