Bridge5-24 User Manual - [PDF Document] (2024)

1

Bridge5-24 5GHz 802.11an Outdoor Bridge

User Guide

2

INTRODUCTION...............................................................................................................3

HARDWARE DESCRIPTION.....................................................................................3

HARDWARE INSTALLATION.....................................................................................4

INITIAL CONFIGURATION.................................................................................................5

CONNECTING TO THE LOGIN PAGE.........................................................................5

STATUS PAGE................................................................................................................5

EASY SETUP...................................................................................................................6

OPERATION MODE AP ROUTER.........................................................................6

SETTINGS PPPoE(ADSL).........................................................................7

SETTINGS STATIC (FIXED IP).....................................................................8

SETTINGS CABLE/DYNAMIC IP (DHCP).................................................... 9

SETTINGS PPTP / L2TP..........................................................................10

SETTINGS IPSEC......................................................................................12

OPERATION MODE AP BRIDGE........................................................................14

OPERATION MODE CLIENT ROUTER................................................................14

OPERATION MODE CLIENT BRIDGE..................................................................16

ADVANCED SETUP.......................................................................................................19

MANAGEMENT..............................................................................................20

ADVANCED SETTINGS..................................................................................22

OPERATION MODE.......................................................................................24

FIREWALL CONFIGURATION.................................................................................24

MAC/IP/PORT FILTERING...........................................................................24

VIRTUAL SERVER SETTINGS........................................................................26

DMZ.............................................................................................................27

FIREWALL.....................................................................................................27

QoS..............................................................................................................28

CONTENT FILTERING....................................................................................29

NETWORKSETTINGS............................................................................................30

WAN............................................................................................................30

LAN..............................................................................................................34

VLAN...........................................................................................................35

DHCP STATIC LEASE LIST........................................................................35

ADVANCED ROUTING...................................................................................36

WIRELESS SETTINGS...........................................................................................37

BASIC............................................................................................................37

SECURITY.....................................................................................................38

ADVANCED...................................................................................................43

ACCESS CONTROL.......................................................................................45

3

INTRODUCTION

The Bridge5-24 is a IEEE 802.11an ISM band 5GHz wireless outdoorBridge, which

support data rates up to 150Mbps. It is rain and splash proofwhen install in upright

position. Bridge5-24 also integrated 23dBi high-gain 5GHz patchantenna and

passive PoE for simplify use and installation.

HARDWARE DESCRIPTION

Below are Bridge5-24 hardware descriptions

High-Gain 23dBi 5GHz Panel Antenna

PoE LAN Port ( Passive 24V PoE )

4

HARDWARE INSTALLATION

Pole Mount Installation

5

INITIAL CONFIGURATION

The outdoor 5GHz Bridge offers a user-friendly web-basedmanagement interface

for the configuration of all the units features. Any PC directlyattached to the unit

can access the management interface using a web browser, such asInternet

Explorer (version 6.0 or above).

CONNECTING TO THE LOGIN PAGE

It is recommended to make initial configuration changes byconnecting a PC directly

to the OUTDOOR BRIDGEs LAN port. The OUTDOOR BRIDGE has adefault IP

address of 192.168.2.1 and a subnet mask of 255.255.255.0. Youmust set your PC

IP address to be on the same subnet as the OUTDOOR BRIDGE (thatis, the PC and

OUTDOOR BRIDGE addresses must both start 192.168.2.x). To accessthe

OUTDOOR BRIDGEs management GUI interface, follow thesesteps:

1. Use your web browser to connect to the management interfaceusing the default

IP address of 192.168.2.1.

2. Log into the interface by entering the default username adminand password

admin, then click OK.

STATUS PAGE

After logging in to the web interface, the Status page displays.The Home page

top-menu-bar shows the Status, Easy Setup, Advanced andLanguage.

6

EASY SETUP

The Easy Setup is designed to help you to configure the basicsettings required to

get the OUTDOOR BRIDGE up and running. There are only a fewbasic steps you

need to set up the OUTDOOR BRIDGE to get the connection.

Click on Easy Setup to bring up the wizard

OPERATION MODE AP ROUTER

In AP Router mode, your OUTDOOR BRIDGE unit is turned to awireless router and

wireless interface will become the LAN side; if your PC isconnected to the PoE port,

the management IP will change to the LAN IP (192.168.2.1). Theremote

management will be automatically turned on to allow you managingthe device from

the PoE LAN port.

7

SETTINGS PPPoE(ADSL)

1) Select PPPoE to be assigned automatically from an Internetservice provider (ISP)

through a DSL modem using Point-to-Point Protocol over Ethernet(PPPoE).

2)

User Name Sets the PPPoE user name for the WAN port.

Password Sets a PPPoE password for the WAN port.

Verify Password Prompts you to re-enter your chosenpassword.

Operation Mode Enables and configures the keep alive time andconfigures the

on-demand idle time.

3)

Security Setup

8

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

SETTINGS STATIC (FIXED IP)

1) Select Static (Fixed IP), if your Internet service provider(ISP) to be permanent

address on the Internet. A Static IP address is a number (in theform of a dotted

quad)

2)

IP Address Sets the static IP address.

Subnet Mask Sets the static IP subnet mask. (Default:255.255.255.0)

Default Gateway The IP address of a router that is used when therequested

destination IP address is not on the local subnet.

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain NameServer.

9

3)

Security Setup

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

SETTINGS CABLE/DYNAMIC IP (DHCP)

1) Select Cable/Dynamic IP (DHCP), if your Internet serviceprovider (ISP) use a

DHCP service to assign your Router an IP address when connectingto the

Internet.

2)

The host name that you selected from the DHCP serviceprovider.

3)

10

Security Setup

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

SETTINGS PPTP / L2TP

1) Select PPTP, if you are using PPTP service to gain connectionto the Internet.

2)

Server IP Sets the PPTP server IP Address. (Default:pptp_server)

User Name Sets the PPTP user name for the WAN port.

Password Sets a PPTP password for the WAN port.

Address Mode Sets a PPTP network mode. (Default: Dynamic IP)

Operation Mode Enables and configures the keep alive time.

Primary DNS Server The IP address of the Primary Domain NameServer. A

11

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain

Name Server.

3)

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

SETTINGS L2TP

1) Select L2TP, if you are using PPTP service to gain connectionto the Internet.

2)

12

Server IP Sets the L2TP server IP Address. (Default:l2tp_server)

User Name Sets the L2TP user name for the WAN port.

Password Sets a L2TP password for the WAN port.

Address Mode Sets a L2TP network mode. (Default: Dynamic IP)

Operation Mode Enables and configures the keep alive time.

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain NameServer.

3)

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

SETTINGS IPSEC

1) Select IPSec, if you are using IPSec service to gainconnection to the Internet.

2)

13

Verify the desire settings and use scroll down for moreoptions.

IPSec Connection Type Use drop down menu to select from RoadWarrior

Tunnel, Host to Host Tunnel, Subnet to Subnet Tunnel, Host toHost Transport,

Pass trough, Drop, or Reject. Default setting is Road WarriorTunnel

IPSec Authentication Use drop down menu to select from SHA-1, orMD5.

SA Connection Life Time Specify how often each SA should berekeyed,

measured in hour.

Local IP address / Subnet / Gateway Local end point IP address,Subnet, and

Gateway IP address.

IPSec Operation Mode Use drop down menu to select from Add,Route Start,

Manual, or Ignore.

IKE Key Retry Specify maximum retry limits for negotiate key toInternet Key

Exchange.

Peer IP address / Subnet / Gateway Remote end point IP address,Subnet, and

Gateway IP address.

3)

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, WEP-AUTO, WPA-PSK, WPA2-PSK,WPA-Auto-PSK,

14

WPA, WPA2, WPA-Auto, 802.1X; Default: Disabled)

OPERATION MODE AP BRIDGE

1) In this mode bridge your OUTDOOR BRIDGE to another AccessPoint.

2)

Network Name (SSID) SSID (Service Set Identification) must beassigned to all

wireless devices in your network. Considering your wirelessnetwork security.

Security Mode Select the security method and then configure therequired

parameters. (Options: Disabled, Open, Shared, WEP-AUTO, WPA-PSK,WPA2-PSK,

WPA-PSK_WPA2-PSK, WPA, WPA2, WPA1_WPA2, 802.1X; Default:Disabled

OPERATION MODE CLIENT ROUTER

In the Client Router mode is also known as WISP. The OUTDOORBRIDGE wireless

side is connected to the remote AP (Base-Station) as in ClientInfrastructure mode.

Between the wireless and LAN is the IP sharing router function.This is used to

share Client Router connection. The WAN is on the wirelessside.

2) Press Site Survey button and look for available wirelessnetwork then click on the

SSID that you attempt to connect to it; 5G is the SSID that weare going to

15

connect in this example. Press Next button when finished.

3) Now, it shows the Profile Name, SSID, BSSID, and encryptiontype received from

your target network and press Next button to continue.

16

4) Finally, you need to tell the system about IP addressreceived from WAN, DHCP

Hostname, and DNS Server then press Next button to finish thewizard.

OPERATION MODE CLIENT BRIDGE

In the Client Bridge mode your OUTDOOR BRIDGE will behave justthe same as

Wireless adapter. With Client Bridges, the WLAN and the LAN areon the same

subnet. Consequently, NAT is no longer used and services thatare running on the

original network.

17

2) Press Site Survey button and look for available wirelessnetwork then click on the

SSID that you attempt to connect to it; 5G is the SSID that weare going to

connect in this example. Press Next button when finished.

18

3) Now, it shows the Profile Name, SSID, BSSID, and encryptiontype received from

your target network and press Next button to finish thewizard.

19

ADVANCED SETUP

In the Advanced Manual Bar, it includes all the settings such asfirmware upgrade,

LAN, WAN and wireless settings that change the RF behaviors. Itis important to

read through this section before attempting to make changes.

20

MANAGEMENT

The Management section is provided for configuration ofadministrative needs such

as language type, user name / Password, firmware upgrade, exportand import

settings, load factory defaults and reboots system.

Password The new password must not exceed 32 characters inlength and

must not include any spaces. Enter the new password a secondtime to confirm it.

Software Version - This displays the current firmwareversion.

To upgrade the Router's firmware, follow these instructionsbelow:

1. Download a more recent firmware upgrade file from ourwebsite.

2. Type the path and file name of the update file into the Filefield. Or click the Browse

button to locate the update file.

3. Click the Upgrade button.

Note:

1. New firmware versions are posted at our website and can bedownloaded for free.

There is no need to upgrade the firmware unless the new firmwarehas a new feature

you want to use. However, when experiencing problems caused bythe Router rather

than the configuration, you can try to upgrade the firmware.

2. When you upgrade the Router's firmware, you may lose itscurrent configurations, so

before upgrading the firmware please write down some of yourcustomized settings to

avoid losing important settings.

3. Do not turn off the Router or press the Reset button whilethe firmware is being

upgraded, otherwise, the Router may be damaged.

21

4. The Router will reboot after the upgrading has beenfinished.

Export Settings Click the Export Button to download currentrouter

configuration to your PC.

Import Settings Click the Import Button to browse for theconfiguration file

that is currently saved on your PC. Click Import to overwriteall current

configurations with the one in the configuration file.

Load Factory Defaults If you have problems with OUTDOOR BRIDGE,which

might be a result from changing some settings, but you areunsure what settings

exactly, you can restore the factory defaults by click the LoadDefault Button.

Reboot System If you want to reboot the OUTDOOR BRIDGE, clickthe Reboot

Now Button.

22

ADVANCED SETTINGS

The Advanced Settings section is provided for configuration ofTime Zone, DDNS,

UPnP, SNMP, and Telnet/SSH.

Time Zone Settings The Time Zone Settings allows you toconfigure, update

and maintain the correct time on the OUTDOOR BRIDGEs internalsystem clock.

SNTP Server Enter the address of an SNTP server to receive timeupdates.

SNTP synchronization (minutes) Specify the interval between SNTPserver

updates.

DDNS Settings DDNS lets you assign a fixed host and domain nameto dynamic

Internet IP address. It is useful when you are hosting your ownwebsite, FTP server,

or other server behind the OUTDOOR BRIDGE. Before using thisfeature, you need

to sign up for DDNS service at www.dyndns.org , a DDNS serviceprovider.

User Name Sets the DDNS user name for the connection.

Password Sets a DDNS password for the connection.

HostName The host name that you selected from the DDNS serviceprovider.

23

UPNP Settings UPnP permits network devices to discover othernetwork device(s)

preference and establish functional network services for datasharing,

communication, and entrainment.

SNMP Settings Managing devices on IP networks.

Telnet Settings Enable your OUTDOOR BRIDGE unit to be accessedvia

telnet utility.

SSH Settings Secure Shell. Enable your OUTDOOR BRIDGE unit tobe

accessed via secure shell (SSH) based network device.

Telnet/SSH Password Settings Assign a password for telnet orsecure shell

(SSH) access to your CPE unit.

24

OPERATION MODE

The Operation Mode content four modes: AP Bridge, AP Router,Client Router and

Client Bridge.

AP Bridge The wired Ethernet and wireless are bridged together.Once the

mode is selected, all WAN related functions will bedisabled.

AP Router The WAN port is used to connect with ADSL/Cable modemand the

wireless is used for your private WLAN. The NAT is existedbetween the 2 RJ45 ports

and all wireless clients share the same public IP addressthrough the WAN port to

ISP. The default IP configuration for WAN port is DHCPclient

Client Router The OUTDOOR BRIDGE will behave just the same asthe client

mode for wireless function. However, router functions are addedbetween the

wireless WAN side and the Ethernet LAN side. Therefore, theClient Router

subscriber can share the Client Router connection without theextra router.

Client Bridge The OUTDOOR BRIDGE will behave just the same asWireless

adapter. With Client Bridges, the WLAN and the LAN are on thesame subnet.

Consequently, NAT is no longer used and services that arerunning on the original

network.

FIREWALL CONFIGURATION

MAC/IP/PORT FILTERING

MAC/IP/Port filtering restricts connection parameters to limitthe risk of intrusion

and defends against a wide array of common hacker attacks.MAC/IP/Port filtering

allows the unit to permit, deny or proxy traffic through its MACaddresses, IP

addresses and ports. The OUTDOOR BRIDGE allows you define asequential list of

permit or deny filtering rules. This device tests ingresspackets against the filter

rules one by one. A packet will be accepted as soon as itmatches a permit rule, or

25

dropped as soon as it matches a deny rule. If no rules match,the packet is either

accepted or dropped depending on the default policy setting.

MAC/IP/Port Filtering Enables or disables MAC/IP/PortFiltering.

Default Policy When MAC/IP/Port Filtering is enabled, thedefault policy will be

enabled. If you set the default policy to Dropped, all incomingpackets that dont

match the rules will be dropped. If the policy is set to"Accepted," all incoming

packets that don't match the rules are accepted.

MAC Address Specifies the MAC address to block or allow trafficfrom.

DIP Specifies the destination IP address to block or allowtraffic from.

SIP Specifies the source IP address to block or allow trafficfrom.

Protocol Specifies the destination port type, TCP, UDP orICMP.

Destination Port Range Specifies the range of destination portto block traffic

from the specified LAN IP address from reaching.

Source Port Range Specifies the range of source port to blocktraffic from the

specified LAN IP address from reaching.

Action Specifies if traffic should be accepted or dropped.(Default: Accept)

Comment Enter a useful comment to help identify the filteringrules.

Current Filtering rules The Current Filter Table displays theconfigured IP

addresses and ports that are permitted or denied access to andfrom.

No. The table entry number.

MAC Address Displays a MAC address to filter.

Destination IP Address (DIP) Displays the destination IPaddress.

Source IP Address (SIP) Displays the source IP address.

Protocol Displays the protocol type.

Destination Port Range (DPR) Displays the destination portrange.

Source Port Range (SPR) Displays the source port range.

Action Displays if the specified traffic is accepted ordropped.

Comment Displays a useful comment to identify the filterrules.

26

VIRTUAL SERVER SETTINGS

Virtual Server (sometimes referred to as Port Forwarding) is theact of forwarding

traffic from one network node to another based on receivedprotocol port number.

This technique can allow an external user to reach a port on aprivate IP address

(inside a LAN) from the outside through a NAT enabledrouter.

Virtual Server Selects between enabling or disabling portforwarding the

virtual server. (Default: Disable)

IP Address Specifies the IP address of a server on the localnetwork to allow

external access.

Private Port The protocol port number on the local server.

Public Port The protocol port number on the routers WANinterface.

Protocol Specifies the protocol to forward, either TCP, UDP, orTCP&UDP.

Comment Enter a useful comment to help identify the portforwarding service

on the network.

Current Virtual Servers in System The Current Port ForwardingTable displays

the entries that are allowed to forward packets through theOUTDOOR BRIDGEs

firewall.

IP Address The IP address of a server on the local network toallow

external access.

Port Mapping displays the port mapping for the server.

Protocol Displays the protocol used for forwarding thisport.

Comment Displays a useful comment to identify the nature of theport to

27

be forwarded.

DMZ

DMZ is to specified host PC on the local network to access theInternet without any

firewall protection. Some Internet applications, such asinteractive games or video

conferencing, may not function properly behind the firewall. Byspecifying a

Demilitarized Zone (DMZ) host, the PC's TCP ports are completelyexposed to the

Internet, allowing open two-way communication. The host PCshould be assigned a

static IP address (which is mapped to its MAC address) and thismust be configured

as the DMZ IP address.

DMZ Settings Sets the DMZ status. (Default: Disable)

DMZ IP Address Specifies an IP address on the local networkallowed

unblocked access to the WAN.

FIREWALL

Firewall functions which will help to protect your network andcomputer. You can

utilized firmware functions to protect your network from hackersand malicious

intruders.

28

Remote Management (via WAN) allow or deny to manage the routerfrom

anywhere on the Internet.

Remote Management Port The port that you will use to addressthe

management from the Internet. For example, if you specify port2020, then to

access the OUTDOOR BRIDGE from Internet, you would use a URL ofthe form:

http://xxx.xxx.xxx.xxx:2020/

Ping from WAN Filter When Allow, the OUTDOOR BRIDGE does notrespond to

ping packets received on the WAN port.

SPI Firewall SIP firewall help to keep track of the state ofnetwork connections

(such as TCP streams, UDP communication) traveling across it. Itis programmed to

distinguish legitimate packets for different types ofconnections. Only packets

matching a known active connection will be allowed by thefirewall; others will be

rejected.

Network Address Translation NAT is the process of modifying IPaddress

information in IP packet headers while in transit across atraffic routing device.

QoS

Manage your network with independent bandwidth for everycomputer that

connects to this CPE.

29

QoS Setup Enable or Disable the QoS service on your CPE.

Upload Bandwidth / Download Bandwidth Value you configure shouldbe real

bandwidth your ISP provides to you.

Target Defined priority for the application in the QoS, and theapplication not

in the rule list would automatically have lower priority.

CONTENT FILTERING

The OUTDOOR BRIDGE provides a variety of options for blockingInternet access

based on content, URL and host name.

Web URL Filter Settings By filtering inbound Uniform ResourceLocators (URLs)

the risk of compromising the network can be reduced. URLs arecommonly used to

point to websites. By specifying a URL or a keyword contained ina URL traffic from

that site may be blocked.

30

Current URL Filters Displays current URL filter.

Add a URL Filter Adds a URL filter to the settings.

Delete a URL Filter Deletes a URL filter entry from thelist.

Web Host Filter Settings Allows Internet content access to berestricted based

on web address keywords and web domains. A domain name is thename of a

particular web site. For example, for the address www.HOST.com,the domain name

is HOST.com. Enter the Keyword then click Add.

Current Host Filters Displays current Host filter.

Add a Host Filter Enters the keyword for a host filtering.

Delete a Host Filter Deletes a Host filter entry from thelist.

NETWORK SETTINGS

WAN

In this section, there are several connection types to choosefrom; Static IP, DHCP,

PPPoE, PPTP, L2TP and IPSec. If you are unsure of yourconnection method, please

contact your Internet Service Provider.

CABLE/DYNAMIC IP (DHCP)

Hostname Specifies the host name of the DHCP client.

31

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain

Name Server.

PPPoE (ADSL)

User Name Sets the PPPoE user name for the WAN port.

Password Sets a PPPoE password for the WAN port.

Verify Password Prompts you to re-enter your chosenpassword.

Operation Mode Enables and configures the keep alive time andconfigures the

on-demand idle time.

STATIC IP (FIXED IP)

IP Address Sets the static IP address.

Subnet Mask Sets the static IP subnet mask. (Default:255.255.255.0)

Default Gateway The IP address of a router that is used when therequested

destination IP address is not on the local subnet.

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

32

Secondary DNS Server The IP address of the Secondary Domain NameServer.

PPTP

Server IP Sets the PPTP server IP Address. (Default:pptp_server)

User Name Sets the PPTP user name for the WAN port.

Password Sets a PPTP password for the WAN port.

Address Mode Sets a PPTP network mode. (Default: Dynamic IP)

Operation Mode Enables and configures the keep alive time.

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain

Name Server.

IPSec

33

Verify the desire settings and use scroll down for moreoptions.

IPSec Connection Type Use drop down menu to select from RoadWarrior

Tunnel, Host to Host Tunnel, Subnet to Subnet Tunnel, Host toHost Transport, Pass

trough, Drop, or Reject. Default setting is Road WarriorTunnel

IPSec Authentication Use drop down menu to select from SHA-1, orMD5.

SA Connection Life Time Specify how often each SA should berekeyed,

measured in hour.

Local IP address / Subnet / Gateway Local end point IP address,Subnet, and

Gateway IP address.

IPSec Operation Mode Use drop down menu to select from Add,Route Start,

Manual, or Ignore.

IKE Key Retry Specify maximum retry limits for negotiate key toInternet Key

Exchange.

Peer IP address / Subnet / Gateway Remote end point IP address,Subnet, and

Gateway IP address.

L2TP

34

Server IP Sets the L2TP server IP Address. (Default:l2tp_server)

User Name Sets the L2TP user name for the WAN port.

Password Sets a L2TP password for the WAN port.

Address Mode Sets a L2TP network mode. (Default: Dynamic IP)

Operation Mode Enables and configures the keep alive time.

Primary DNS Server The IP address of the Primary Domain NameServer. A

DNS maps numerical IP addresses to domain names and can be usedto identify

network hosts by familiar names instead of the IP addresses. Tospecify a DNS

server, type the IP addresses in the text field provided.Otherwise, leave the text

field blank.

Secondary DNS Server The IP address of the Secondary Domain NameServer.

LAN

In this section, the LAN settings are configured based on the IPAddress and Subnet

Mask. The IP address is also used to access this Web-basedmanagement interface.

It is recommended to use the default settings if you do not havean existing

network.

IP Address The IP address of OUTDOOR BRIDGE on the local areanetwork.

35

( Default: 192.168.2.1 )

Subnet Mask The subnet mask of OUTDOOR BRIDGE on the localarea

network

DHCP Server The DHCP Server is to assign private IP address tothe

OUTDOOR BRIDGE in your local area network(LAN). The default LANIP address is

192.168.2.1, changing IP address will also change the DHCPservers IP subnet.

VLAN

If you want to configure the Guest and Internal networks onVLAN, the switch you

are using must support VLAN. As a prerequisite step, configure aport on the switch

for handling VLAN tagged packets as described in the IEEE802.1Qstandard, and

enable this field.

VLAN ID This will cause the device to send packets with VLANtags. The switch

connecting with the device must support VLAN IEEE802.1Q frames.The wireless

stations connecting to the SSID of a specified VLANID cancommunicate with the PC

connecting to the port with the same VLANID on the Switch.

DHCP STATIC LEASE LIST

Choose menu Advanced DHCP Static Leases List, you can view andadd a

reserved address for clients via the next screen. When youspecify a reserved IP

address for a PC on the LAN, that PC will always receive thesame IP address each

time when it accesses the DHCP server. Reserved IP addressesshould be assigned to

the servers that require permanent IP settings.

36

ADVANCED ROUTING

In this section, allow to configure routing feature in theOUTDOOR BRIDGE.

Destination The IP address of packets that can be routed.

Type Defines the type of destination. ( Host: Signal IP address/ Net: Portion

of Network )

Netmask Displays the subnetwork associated with thedestination.

Gateway Defines the packets destination next hop

Interface Select interface to which a static routing subnet isto be applied

Comment Help identify the routing

RIP Enable or disable the RIP(Routing Information Protocol) forthe WAN or

LAN interface.

37

WIRELESS SETTINGS

BASIC

Wireless On/Off Enables or Disable the radio. (Default: TurnOn)

Wireless Mode There are 4 wireless mode, those are Access Point,WDS

Access Point, WDS Repeater and WDS Client

Note.

If WEP authentication is selected for WDS communication, youwill then only have

one set of encryption for the entire channel.

Network Name (SSID) The name of the wireless network serviceprovided by

the OUTDOOR BRIDGE. Clients that want to connect to the networkmust set their

SSID to the same as that of OUTDOOR BRIDGE.

Multiple SSID One additional VAP interface supported on thedevice.

Frequency (Channel) The radio channel that the OUTDOOR BRIDGEuses to

communicate with wireless clients.

Network Mode Defines the radio operating mode.

38

SECURITY

WIRED EQUIVALENT PRIVACY (WEP)

WEP provides a basic level of security, preventing unauthorizedaccess to the

network, and encrypting data transmitted between wirelessclients and an access

point. WEP uses static shared keys (fixed-length hexadecimal oralphanumeric

strings) that are manually distributed to all clients that wantto use the network.

When you select to use WEP, be sure to define at least onestatic WEP key for user

authentication or data encryption. Also, be sure that the WEPshared keys are the

same for each client in the wireless network.

WEP-AUTO Allows wireless clients to connect to the networkusing

Open-WEP (uses WEP for encryption only) or Shared-WEP (uses WEPfor

authentication and encryption).

Encrypt Type Selects WEP for data encryption (OPEN modeonly).

Security Key Index Selects the WEP key number to use forauthentication or

data encryption. If wireless clients have all four WEP keysconfigured to the same

values, you can change the encryption key to any of the settingswithout having to

39

update the client keys.

WEP Keys Sets WEP key values. The user must first select ASCIIor

hexadecimal keys. Each WEP key has an index number. Enter keyvalues that match

the key type and length settings. Enter 5 alphanumericcharacters or 10

hexadecimal digits for 64-bit keys, or enter 13 alphanumericcharacters or 26

hexadecimal digits for 128-bit keys. (Default: Hex, no presetvalue)

Note.

If WEP authentication is selected for WDS communication, youwill then only have

one set of encryption for the entire channel.

WPA & WPA2

Wi-Fi Protected Access (WPA) was introduced as an interimsolution for the

vulnerability of WEP pending the adoption of a more robustwireless security

standard. WPA2 includes the complete wireless security standard,but also offers

backward compatibility with WPA.

WPA Clients using WPA for authentication.

WPA2 Clients using WPA2 for authentication.

WPA-Auto Clients using WPA or WPA2 for authentication.

WPA Algorithms Selects the data encryption type to use. (Defaultis

determined by the Security Mode selected.)

TKIP Uses Temporal Key Integrity Protocol (TKIP) keys forencryption. WPA

specifies TKIP as the data encryption method to replace WEP.TKIP avoids the

problems of WEP static keys by dynamically changing dataencryption keys.

AES Uses Advanced Encryption Standard (AES) keys for encryption.WPA2 uses

AES Counter-Mode encryption with Cipher Block Chaining MessageAuthentication

Code (CBC-MAC) for message integrity. The AESCounter-Mode/CBCMAC Protocol

(AESCCMP) provides extremely robust data confidentiality using a128- bit key. Use

of AES-CCMP encryption is specified as a standard requirementfor WPA2. Before

implementing WPA2 in the network, be sure client devices areupgraded to

40

WPA2-compliant hardware.

Auto Uses either TKIP or AES keys for encryption. WPA and

WPA2 mixed modes allow both WPA and WPA2 clients to associate toa common

SSID. In mixed mode, the unicast encryption type (TKIP or AES)is negotiated for

each client.

Key Renewal Interval Sets the time period for automaticallychanging data

encryption keys and redistributing them to all connectedclients.

RADIUS Server Configures RADIUS server settings.

IP Address Specifies the IP address of the RADIUS server.

Port The User Datagram Protocol (UDP) port number used bythe

RADIUS server for authentication messages. (Range:1024-65535;

Default: 1812)

Shared Secret A shared text string used to encrypt messagesbetween the

access point and the RADIUS server. Be sure that the same textstring is specified

on the RADIUS server. Do not use blank spaces in the string.(Maximum length: 20

characters)

WPA-PSK & WPA2-PSK

Wi-Fi Protected Access (WPA) was introduced as an interimsolution for the

vulnerability of WEP pending the adoption of a more robustwireless security

standard. WPA2 includes the complete wireless security standard,but also offers

backward compatibility with WPA. For small home or officenetworks, WPA and

WPA2 provide a simple personal operating mode that uses just apre-shared key

for network access. The WPA Pre-Shared Key (WPA-PSK) mode uses acommon

password phrase for user authentication that is manually enteredon the access

point and all wireless clients. Data encryption keys areautomatically generated by

the access point and distributed to all clients connected to thenetwork.

WPA-PSK Clients using WPA with a Pre-shared Key are acceptedfor

authentication.

WPA2-PSK Clients using WPA2 with a Pre-shared Key are acceptedfor

authentication.

WPA- Auto-PSK Clients using WPA or WPA2 with a Preshared

41

Key are accepted for authentication. The default data encryptiontype is TKIP/AES.

WPA Algorithms Selects the data encryption type to use. (Defaultis

determined by the Security Mode selected.)

TKIP Uses Temporal Key Integrity Protocol (TKIP) keys forencryption. WPA

specifies TKIP as the data encryption method to replace WEP.TKIP avoids the

problems of WEP static keys by dynamically changing dataencryption keys.

AES Uses Advanced Encryption Standard (AES) keys for encryption.WPA2 uses

AES Counter-Mode encryption with Cipher Block Chaining MessageAuthentication

Code (CBC-MAC) for message integrity. The AESCounter-Mode/CBCMAC Protocol

(AESCCMP) provides extremely robust data confidentiality using a128- bit key. Use

of AES-CCMP encryption is specified as a standard requirementfor WPA2. Before

implementing WPA2 in the network, be sure client devices areupgraded to

WPA2-compliant hardware.

Auto Uses either TKIP or AES keys for encryption. WPA and

WPA2 mixed modes allow both WPA and WPA2 clients to associate toa common

SSID. In mixed mode, the unicast encryption type (TKIP or AES)is negotiated for

each client.

Pass Phrase The WPA Preshared Key can be input as an ASCIIstring (an

easy-to-remember form of letters and numbers that can includespaces) or

Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64Hexadecimal

digits)

Key Renewal Interval Sets the time period for automaticallychanging data

encryption keys and redistributing them to all connectedclients.

IEEE 802.1X AND RADIUS

IEEE 802.1X is a standard framework for network access controlthat uses a central

RADIUS server for user authentication. This control featureprevents unauthorized

access to the network by requiring an 802.1X client applicationto submit user

credentials for authentication. The 802.1X standard uses theExtensible

Authentication Protocol (EAP) to pass user credentials (eitherdigital certificates,

user names and passwords, or other) from the client to theRADIUS server. Client

authentication is then verified on the RADIUS server before theclient can access the

network. Remote Authentication Dial-in User Service (RADIUS) isan authentication

protocol that uses software running on a central server tocontrol access to

RADIUS-aware devices on the network. An authentication servercontains a

database of user credentials for each user that requires networkaccess.

The WPA and WPA2 enterprise security modes use 802.1X as themethod of user

authentication. IEEE 802.1X can also be enabled on its own as asecurity mode for

42

user authentication. When 802.1X is used, a RADIUS server mustbe configured and

be available on the connected wired network.

RADIUS Server Configures RADIUS server settings.

IP Address Specifies the IP address of the RADIUS server.

Port The User Datagram Protocol (UDP) port number used bythe

RADIUS server for authentication messages. (Range: 1024-65535;Default: 1812)

Shared Secret A shared text string used to encrypt messagesbetween the

access point and the RADIUS server. Be sure that the same textstring is specified

on the RADIUS server. Do not use blank spaces in the string.(Maximum length: 20

characters)

WI-FI PROTECTED SETUP (WPS)

Wi-Fi Protected Setup (WPS) is designed to ease installation andactivation of

security features in wireless networks. WPS has two basic modesof operation,

Push-button Configuration (PBC) and Personal IdentificationNumber (PIN). The

WPS PIN setup is optional to the PBC setup and provides moresecurity. The WPS

button on the Wireless Router can be pressed at any time toallow a single device to

easily join the network. The WPS Settings page includesconfiguration options for

setting WPS device PIN codes and activating the virtual WPSbutton.

WPS SSID The service set identifier for the unit.

AP PIN Displays the PIN Code for the Wireless Router.

WPS Name WPS name for connecting to the device.

Security Mode Selects between methods of broadcasting the WPSbeacon to

43

network clients wanting to join the network:

WPA Algorithms Selects the data encryption type to use. (Defaultis determined

by the Security Mode selected.)

TKIP Uses Temporal Key Integrity Protocol (TKIP) keys forencryption. WPA

specifies TKIP as the data encryption method to replace WEP.TKIP avoids the

problems of WEP static keys by dynamically changing dataencryption keys.

AES Uses Advanced Encryption Standard (AES) keys for encryption.WPA2

uses AES Counter-Mode encryption with Cipher Block ChainingMessage

Authentication Code (CBC-MAC) for message integrity. The AES

Counter-Mode/CBCMAC Protocol (AESCCMP) provides extremely robustdata

confidentiality using a 128- bit key. Use of AES-CCMP encryptionis specified as a

standard requirement for WPA2. Before implementing WPA2 in thenetwork, be sure

client devices are upgraded to WPA2-compliant hardware.

Auto Uses either TKIP or AES keys for encryption. WPA and

WPA2 mixed modes allow both WPA and WPA2 clients to associate toa common

SSID. In mixed mode, the unicast encryption type (TKIP or AES)is negotiated for

each client.

Key Renewal Interval Sets the time period for automaticallychanging data

encryption keys and redistributing them to all connectedclients.

Pass Phrase The WPA Preshared Key can be input as an ASCIIstring (an

easy-to-remember form of letters and numbers that can includespaces) or

Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64Hexadecimal

digits)

ADVANCED

44

Packet Aggregate A performance enhancement that combinesdata

packets together when the feature is supported by compatibleclients. (Default:

Enabled)

WMM Sets the WMM operational mode on the access point. Whenenabled,

the QoS capabilities are advertised to WMM-enabled clients inthe network. WMM

must be supported on any device trying to associated with theaccess point. Devices

that do not support this feature will not be allowed toassociate with the access point.

(Default: Enabled)

Beacon Interval The rate at which beacon signals are transmittedfrom the

access point. The beacon signals allow wireless clients tomaintain contact with the

access point. They may also carry powermanagementinformation.

Data Beacon Rate (DTIM) The rate at which stations in sleep modemust

wake up to receive broadcast/multicast transmissions. Known alsoas the Delivery

Traffic Indication Map (DTIM) interval, it indicates how oftenthe MAC layer forwards

broadcast/multicast traffic, which is necessary to wake upstations that are using

Power Save mode. The default value of one beacon indicates thatthe access point

will save all broadcast/multicast frames for the Basic ServiceSet (BSS) and forward

them after every beacon. Using smaller DTIM intervals deliversbroadcast/multicast

frames in a more timely manner, causing stations in Power Savemode to wake up

more often and drain power faster. Using higher DTIM valuesreduces the power

used by stations in Power Save mode, but delays the transmissionof

broadcast/multicast frames.

RTS Threshold Sets the packet size threshold at which a Requestto Send

(RTS) signal must be sent to a receiving station prior to thesending station starting

communications. The access point sends RTS frames to a receivingstation to

45

negotiate the sending of a data frame. After receiving an RTSframe, the station

sends a CTS (clear to send) frame to notify the sending stationthat it can start

sending data. If the RTS threshold is set to 0, the access pointalways sends RTS

signals. If set to 2347, the access point never sends RTSsignals. If set to any other

value, and the packet size equals or exceeds the RTS threshold,the RTS/CTS

(Request to Send / Clear to Send) mechanism will be enabled. Theaccess points

contending for the medium may not be aware of each other.

Fragmentation Threshold Configures the minimum packet size thatcan be

fragmented when passing through the access point. Fragmentationof the PDUs

(Package Data Unit) can increase the reliability oftransmissions because it

increases the probability of a successful transmission due tosmaller frame size. If

there is significant interference present, or collisions due tohigh network utilization,

try setting the fragment size to send smaller fragments. Thiswill speed up the

retransmission of smaller frames. However, it is more efficientto set the fragment

size larger if very little or no interference is present becauseit requires overhead to

send multiple frames.

ACCESS CONTROL

Click on the drop down list to choose the access control mode.You may select Allow

Listed or Deny Listed. Allow Listed to allow those allowed MACaddress or select

Deny Listed to ban those MAC address from accessing to thisCPE.