Cisco Router DPC3925 User Manual
Have a look at the manual Cisco Router DPC3925 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4021192 Rev B 51 Configure Wireless Settings Wireless > WDS Settings The Wireless Distribution System (WDS) Settings page allows you to expand the coverage of your wireless network by deploying signal repeaters. Make sure the channel settings are the same for all WDS enabled devices. Select the WDS Settings tab to open the Wireless WDS Settings page. Use this page to configure the WDS settings. Wireless WDS Settings Page Description Use the descriptions and instructions in the following table to configure the wireless distribution system settings for your residential gateway. After you make your selections, click Save Settings to apply your changes or Cancel Changes to cancel. Section Field Description WDS WDS MAC Address Displays the WDS MAC Address (or BSSID) of your gateway access point Allow Wireless Signal To Be Repeated by a Repeater Check this box to allow a wireless client to connect to a repeater and route traffic between the wireless client and a repeater. A maximum of 3 repeaters are allowed. Remote Access Points MAC Address (MAC 1 through 3) Use the three fields (MAC 1, 2, and 3) to enter the MAC address of the repeaters
52 4021192 Rev B
Configure Wireless Settings
Wireless > QoS
Quality of Service (QoS) ensures better service to high-priority types of network
traffic, which may involve demanding, real-time applications, such as video
conferencing. QoS settings allow you to specify priorities for different types of
traffic. Lower priority traffic will be slowed down to allow greater throughput or
less delay for high priority traffic. Select the QoS tab to open the Wireless QoS page.
Wireless QoS Page Description
Use the descriptions and instructions in the following table to configure each QoS
setting. After you make your selections, click Save Settings to apply your changes or
Cancel Changes to cancel.
Section Field Description
Quality of Service
(QoS)
Wireless
WMM Support
If WMM (Wi-Fi Multimedia) is supported by your wireless
clients, enabling this feature means that voice and multimedia
traffic will be given higher priority than other traffic. Select
the desired option:
Enable (factory default)
Disable
4021192 Rev B 53 Configure Wireless Settings Section Field Description No ACK Allows you to enable or disable NO ACK. This feature is recommended for data services where transmission is important and packet loss is tolerable to a certain degree. If you select Disable, an acknowledge packet is returned for every packet received. This provides a more reliable transmission, but it increases traffic load, which decreases performance. Select the desired option: Enable Disable (factory default)
54 4021192 Rev B Configure Security Configure Security Security > Firewall Advanced firewall technology deters hackers and protects the home network from unauthorized access. Use this page to configure a firewall that can filter out various types of unwanted traffic on the gateway’s local network. Select the Firewall tab to open the Security Firewall page. Use the descriptions and instructions in the following table to configure the firewall for your residential gateway. After you make your selections, click Save Settings to apply your changes or Cancel Changes to cancel. Section Field Description Firewall SPI Firewall Protection SPI Firewall Protection blocks Denial of Service (DoS) attacks. A DoS attack does not attempt to steal data or damage your computers, but it overloads your Internet connection so you cannot use it. Select the desired option: Enable (factory default) Disable
4021192 Rev B 55 Configure Security Section Field Description Filters Filter Proxy Enables/disables filter proxy. If local users have access to WAN proxy servers, they may be able to circumvent the content filters and access Internet sites blocked by the device. If you select the Filter Proxy feature, it will block access to any WAN proxy servers. Block Pop-Up Windows Enables/disables popup windows. Some commonly used applications employ popup windows as part of the application. If you disable popup windows, it may interfere with some of these applications. Block Web Page Cookies Enables/disables cookie blocking. This feature filters the unsolicited delivery of cookies to devices from the Internet to devices in your private local network. Cookies are computer files that contain personal information or web surfing behavior data. Block Java and ActiveX Scripts Enables/disables java applets and ActiveX scripts. This feature helps to protect the devices in your private network from irritating or malicious Java applets that are sent, unsolicited, to devices in your private network from the Internet. These applets run automatically when they are received by a PC. Java is a programming language for websites. If you select the Filter Java Applets feature, you may not have access to Internet sites created using this programming language. This feature also helps to protect the devices in your private network from irritating or malicious ActiveX controls that are sent, unsolicited, to devices in your private network from the Internet. These ActiveX controls run automatically when they are received by a PC. Block fragmented IP packets Enables/disables filtering of fragmented IP packets. This feature helps protect your private local network from Internet based denial of service attacks. Block Port Scan Detection Enables/disables the gateway from responding to Internet based port scans. This feature is designed to protect your private local network from Internet based hackers who attempt to gain unsolicited access your network by detecting open IP ports on your gateway. Block IP Flood Detection (checked – factory default) Blocks malicious devices that are attempting to flood devices or networks with illegal broadcast packets. Also referred to as ―broadcast storm.‖ Block WAN Requests Block Anonymous Internet Requests (checked – factory default) Enable this feature to keep your network from being pinged or detected by other Internet users. The Block Anonymous Internet Requests feature also hides your network ports. Both make it more difficult for outside users to enter your network.
56 4021192 Rev B Configure Security Security > VPN Passthrough Use this page to configure Virtual Private Network (VPN) support. Enabling the settings on this page allows VPN tunnels using IPsec or PPTP protocols to pass through the gateways firewall. Select the VPN Passthrough tab to open the Security VPN Passthrough page. Use the descriptions and instructions in the following table to configure the VPN passthrough for your residential gateway. After you make your selections, click Save Settings to apply your changes or Cancel Changes to cancel. Section Field Description VPN Passthrough IPSec Passthrough Enables/disables Internet Protocol Security (IPsec). IPsec is a suite of protocols used to implement secure exchange of packets at the IP layer. If you enable IPSec Passthrough, applications that use IPsec (IP Security) can pass through the firewall. To disable IPSec Passthrough select Disable. Select the desired option: Enable (factory default) Disable PPTP Passthrough Enables/disables Point-to-Point Tunneling Protocol (PPTP). PPTP allows the Point-to-Point Protocol (PPP) to be tunneled through an IP network. If you enable PPTP passthrough, applications that use Point to Point Tunneling Protocol (PPTP) can pass through the firewall To disable PPTP Passthrough select Disable. Select the desired option: Enable (factory default) Disable
4021192 Rev B 57 Configure Security Security > VPN A Virtual Private Network (VPN) is a connection between two endpoints in different networks that allows private data to be sent securely over public networks or other private networks. This is accomplished by creating a VPN tunnel. A VPN tunnel connects the two PCs or networks and allows data to be transmitted over the Internet as if it were on a private network. The VPN tunnel uses IPsec to encrypt the data sent between the two endpoints and encapsulate the data within a normal Ethernet/IP frame allowing the data to pass between networks securely and seamlessly. A VPN provides a cost-effective and more secure alternative to using a private, dedicated, leased line for a private network. Using industry standard encryption and authentication techniques, an IPsec VPN creates a secure connection that operates as if you were directly connected to your local private network. For example, a VPN allows users to sit at home and connect to his/her employers corporate network and receive an IP address in their private network just as though they were sitting in their office connected to their corporate LAN. Select the VPN tab to open the Security VPN page. Use this page to configure the VPN for your residential gateway.
58 4021192 Rev B Configure Security Security VPN Tunnel Page Description Use the descriptions and instructions in the following table to configure the VPN tunnel for your gateway. After you make your selections, click Save Settings to apply your changes or Cancel Changes to cancel. Section Field Description VPN Tunnel Select Tunnel Entry Allows you to display a list of created VPN tunnels Create Button Click this button to create a new tunnel entry Delete Button Click this button to delete all settings for the selected tunnel Summary Button Click this button to display the settings and status of all enabled tunnels IPSec VPN Tunnel Allows you to enable or disable Internet Security Protocol for the VPN tunnel Tunnel Name Enter the name for this tunnel Local Secure Group Select the local LAN user(s) that can use this VPN tunnel. This may be a single IP address or sub-network. Note that the Local Secure Group must match the remote gateways Remote Secure Group. IP Enter the IP address of the local network Mask If the Subnet option is selected, enter the mask to determine the IP address on the local network Remote Secure Group Select the remote LAN user(s) behind the remote gateway who can use this VPN tunnel. This may be a single IP address, a sub-network, or any addresses. If Any is set, the Gateway acts as responder and accepts requests from any remote user. Note that the Remote Secure Group must match the remote gateways Local Secure Group. IP Enter the IP address of the remote network Mask If the Subnet option is selected, enter the mask to determine the IP addresses on the remote network
4021192 Rev B 59 Configure Security Section Field Description Remote Secure Gateway Select the desired option, IP Addr., Any, or FQDN. If the remote gateway has a dynamic IP address, select Any or FQDN. If Any is selected, then the Gateway will accept requests from any IP address. FQDN If FQDN is selected, enter the domain name of the remote gateway, so the Gateway can locate a current IP address using DDNS IP The IP address in this field must match the public (WAN or Internet) IP address of the remote gateway at the other end of this tunnel Key Management Key Exchange Method The gateway supports both automatic and manual key management. When automatic key management is selected, Internet Key Exchange (IKE) protocols are used to negotiate key material for Security Association (SA). If manual key management is selected, no key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purposes. Note that both sides must use the same key management method.
60 4021192 Rev B Configure Security Section Field Description Key Management (continued) Select one of the following options for the key exchange method: Auto (IKE) – Encryption: The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. Notice that both sides must use the same method. – Authentication: The Authentication method authenticates the Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice that both sides (VPN endpoints) must use the same method. MD5: A one-way hashing algorithm that produces a 128-bit digest SHA: A one-way hashing algorithm that produces a 160-bit digest – Perfect Forward Secrecy (PFS): If PFS is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication. Note that both sides must have PFS enabled. – Pre-Shared Key: IKE uses the Pre-Shared Key to authenticate the remote IKE peer. Both character and hexadecimal values are acceptable in this field, e.g., My_@123 or 0x4d795f40313233. Note that both sides must use the same Pre-Shared Key. – Key Lifetime: This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be renegotiated automatically. The Key Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is 3600 seconds. Manual – Encryption: The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. Notice that both sides must use the same method. – Encryption Key: This field specifies a key used to encrypt and decrypt IP traffic. Both character and hexadecimal values are acceptable in this field. Note that both sides must use the same Encryption Key. – Authentication: The Authentication method authenticates the Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice that both sides (VPN endpoints) must use the same method. MD5: A one-way hashing algorithm that produces a 128-bit digest SHA: A one-way hashing algorithm that produces a 160-bit digest – Authentication Key: This field specifies a key used to authenticate IP traffic. Both character and hexadecimal values are acceptable in this field. Note that both sides must use the same Authentication Key. – Inbound SPI/Outbound SPI: The Security Parameter Index (SPI) is carried in the ESP header. This enables the receiver to select the SA, under which a packet should be processed. The SPI is a 32-bit value. Both decimal and hexadecimal values are acceptable. e.g., 987654321 or 0x3ade68b1. Each tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. Note that the Inbound SPI must match the remote gateways Outbound SPI, and vice versa.