[. . . ] Wireless Broadband Router
Model #: MI424WR Firmware Version: 4. 0. 16. 1. 44. 28
User Manual
Ver 2. 0
Solutions for the Digital LifeTM
Table of Contents
1 Introduction
Package Contents Minimum System Requirements Features Getting to Know the Router
1
1 2 2 4
2 Connecting the Router
Setting Up the Router Computer Network Configuration Home Page
9
9 14 16
3 Configuring My Network Settings
Accessing My Network Using My Network
19
19 20
4 Creating a Wireless Network
Overview Wireless Network Connection Configuring a Wireless Windows XP Client Connecting a Wireless Windows XP Client
27
27 28 35 37
5 Using Network Connections
Network (Home/Office) Ethernet Connection Coax Connection Broadband Ethernet Connection Coax Broadband Connection WAN PPPoE/WAN PPPoE 2
41
42 48 51 54 60 65
6 Configuring the Router's Security
General Access Control Port Forwarding DMZ (Demilitarized Zone) Host Port Triggering Remote Administration Website Blocking Static NAT Advanced Filtering Security Log
71
73 75 78 80 81 82 84 86 87 90
7 Using Parental Controls
Activating Parental Controls Creating a Filtering Policy Advanced Options Statistics
99
99 100 104 105
i
Actiontec Wireless Broadband Router User Manual
8 Using Advanced Settings
About Configuration File Restart Restoring Default Settings Diagnostics MAC Cloning System Settings Universal Plug and Play (UPnP) Firmware Upgrade Scheduler Rules Date and Time RADIUS (Client) Users ARP (Address Resolution Protocol) Table Routing Network Objects Firmware Restore Dynamic DNS IP Address Distribution DNS Server Remote Administration Protocols
107
109 109 110 110 111 112 113 118 119 122 124 125 125 127 127 129 131 131 133 137 139 140
9 Monitoring the Router
Monitoring Connections Traffic Monitoring System Log Router Status
143
143 144 145 145
10 Troubleshooting A Quality Of Service
Traffic Priority Traffic Shaping
147 151
151 155
B Specifications
General Wireless Operating Range LED Indicators Environmental
165
165 166 166 166
Notices
Regulatory Compliance Notices Modifications
167
167 167
ii
Introduction
1
Thank you for purchasing the Actiontec Wireless Broadband Router. The Wireless Broadband Router supports Multimedia over Coax Alliance (MoCA), a new networking standard that allows digital entertainment and information to be transmitted and distributed to multiple devices over coaxial cables. The Router also supports Ethernet and Wi-Fi networking, making it the most versatile router available. If you want to take your home or office networking to the next level, the Actiontec Wireless Broadband Router is sure to be one of the keys to your success.
Package Contents
s s s s s s s s
Actiontec Wireless Broadband Router Black Power cord Yellow cable (Ethernet, 6 ft. ) White cable (Ethernet, 10 ft. ) Quick Start Guide Installation Guide Wireless Networking Guide User Manual CD
1
Actiontec Wireless Broadband Router User Manual
s s s
Wall-mount template Vertical stand Warranty
Minimum System Requirements
s s
Computer with Ethernet capability Microsoft Windows 98SE, Me, 2000, or XP; Mac OS 9 or greater; Linux/ BSD, Unix Internet Explorer 5. 0 or higher; Netscape Navigator 7. 0 or higher
TCP/IP network protocol installed on each computer
s s
Features
s
Supports multiple networking standards, including:
WAN - Ethernet and MoCA interfaces LAN - 802. 11g, 802. 11b, Ethernet, and MoCA
s
Integrated wired networking with 4-port 10/100 Mbps Ethernet switch and MoCA Integrated wireless networking with 802. 11g access point featuring: 802. 11g enabled to support speeds up to 54 Mbps wirelessly 802. 11b backward compatible, communicating with 802. 11b wireless products at speeds up to 11 Mbps
s
s
Enterprise-level security, including : Fully customizable firewall with Stateful Packet Inspection Content filtering with URL-keyword based filtering, parental control, customizable filtering policies per computer, and E-mail notification Denial of service protection against IP spoofing attacks, intrusion and scanning attacks, IP fragment overlap, ping of death, and fragmentation attacks Event logging
2
Chapter 1 Introduction
Intrusion detection
MAC address filtering NAT DMZ hosting
Access control Advanced wireless protection featuring WPA, WEP 64/128 bit encryption, 802. 1x authentication, and MAC address filtering
ICSA certified
s
Other Features
DHCP server option DHCP server/PPPoE server auto-detection DNS server LAN IP and WAN IP address selection MAC address cloning
Port forwarding
PPPoE support
QoS support (end to end layer 2/3) featuring Diffserv, 802. 1p/q prioritization, configurable upstream/downstream traffic shaping, random early detection and pass-through of WAN-side DSCPs, PHBs, and queuing to LAN-side devices Remote management and secured remote management using HTTPS Reverse NAT Static NAT Static routing Time zone support
VLAN multicast support VPN IPSec (VPN passthrough only)
3
Actiontec Wireless Broadband Router User Manual
Getting to Know the Router
This section contains a quick description of the Router's lights (LEDs), ports, etc. [. . . ] An ALG is needed to handle these packets and ensure that they reach their intended destinations. The Router is equipped with a robust list of ALG modules in order to enable maximum functionality in the local network. All the computers on the network can behave as clients and use a specific service simultaneously. Being a client means the computer within the network initiates the connection; for example, a computer on the network can open an FTP connection with an FTP server on the Internet. But only one computer on the network can operate as a server and respond to requests from computers on the Internet (outside the local network).
79
Actiontec Wireless Broadband Router User Manual
DMZ (Demilitarized Zone) Host
The DMZ host feature allows one device on the network to operate outside the firewall. Designate a DMZ host: · To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available. · To expose one computer to all services without restriction or security. the firewall M Warning: AtoDMZ host is not protected byhost may alsoand may be vulnerable attack. When designating a DMZ host, consider the security implications and protect it if necessary. Click in the "DMZ Host IP Address" check box, then enter the IP address of the computer to be designated as a DMZ host. Click in the "DMZ Host IP Address" check box again to disable the DMZ host.
80
Chapter 6 Configuring the Router's Security
Port Triggering
Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, inbound traffic is allowed to arrive at a specific network host using ports different than those used for the outbound traffic. The outbound traffic triggers which ports inbound traffic is directed. For example, a gaming server is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In this case, port triggering must be used, since it conflicts with the following default firewall settings: · The firewall blocks inbound traffic by default. · The server replies to the Router's IP, and the connection is not sent back to the host, since it is not part of a session. To resolve the conflict, a port triggering entry must be defined, which allows inbound traffic on UDP port 3333, only after a network host generated traffic to UDP port 2222. This results in accepting the inbound traffic from the gaming server, and sending it back to the network host which originated the outgoing traffic to UDP port 2222. Select either "Specify Protocol" or "Show All Services" from the drop-down list next to "Add. "
81
Actiontec Wireless Broadband Router User Manual
3. Specify the port triggering entries by clicking New Trigger Ports and New Opened Ports and entering the protocol and protocol number in the succeeding screens. For example, to set up port triggering for the scenario laid out on the previous page, the service ports would be set to UDP and 2222, while the opened ports would be set to UDP and 3333.
Remote Administration
The Router can be accessed and controlled not only from within the local network, but also from the Internet using remote adminstration. [. . . ] Values five and six may be applied to delay-sensitive applications such as interactive video and voice. Data classes four through one range from controlled-load applications down to "loss eligible" traffic. Zero is the value for unassigned traffic and used as a best effort default, invoked automatically when no other value has been set. This means that: · The first class rule has precedence over all other class rules (scanning is stopped once the first rule is reached). [. . . ]