all | frequencies |
|
exhibits | applications |
---|---|---|---|---|
manual |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 |
|
Users Manual | Users Manual | 4.10 MiB | May 11 2009 | |||
1 | Cover Letter(s) | May 11 2009 | ||||||
1 | External Photos | May 11 2009 | ||||||
1 | ID Label/Location Info | May 11 2009 | ||||||
1 | Internal Photos | May 11 2009 | ||||||
1 | RF Exposure Info | May 11 2009 | ||||||
1 | Test Report | May 11 2009 | ||||||
1 | Test Setup Photos | May 11 2009 |
1 | Users Manual | Users Manual | 4.10 MiB | May 11 2009 |
Wireless Broadband Router MI424WG rev. F, rev. F2 User Manual Contents FiOS Router User Manual 1 Introduction Introduction 1.0 1.1 Package Contents 1.2 System Requirements 1.3 Features 1.4 Getting to Know the FiOS Router 2 Connecting the FiOS Router 2.0 Introduction 2.1 Setting Up the FiOS Router 2.2 Computer Network Configuration 2.3 Configuring the FiOS Router 2.4 Features 2.5 Main Screen 3 Setting Up a Wireless Network 3.0 Introduction 3.1 Overview 3.2 Connecting a Wireless Client 3.3 Wireless Status 3.4 Basic Security Settings 3.5 Advanced Security Settings 3.6 Setting Up a Wireless Client 4 Configuring My Network Settings 4.0 Introduction 4.1 Accessing My Network Settings 4.2 Using My Network Settings Contents FiOS Router User Manual (cont) 5 Using Network Connections 5.0 Introduction 5.1 Accessing Network Connections 5.2 Network (Home/Office) Connection 5.3 Ethernet Connection 5.4 Wireless Access Point Connection 5.5 Coax Connection 5.6 Broadband Ethernet Connection 5.7 Broadband Coax Connection 5.8 WAN PPPoE Connection 5.9 WAN PPPoE 2 Connection 6 Configuring Security Security 6.0 Introduction 6.1 Overview 6.2 Firewall 6.3 Access Control 6.4 Port Forwarding 6.5 DMZ Host 6.6 Port Triggering 6.7 Remote Administration 6.8 Static NAT 6.9 Advanced Filtering 6.10 Security Log 7 Parental Controls 7.0 Introduction 7.1 Activating Parental Controls 7.2 Rule Summary Contents FiOS Router User Manual (cont) 8 Configuring Advanced Settings 8.0 Introduction 8.1 Using Advanced Settings 8.2 Utilities 8.3 DNS Settings 8.4 Network Settings 8.5 Configuration Settings 8.6 Time Settings 8.7 Firmware Upgrade 8.8 Routing Settings 9 Monitoring the FiOS Router 9.0 Introduction 9.1 Router Status 9.2 Advanced Status 10 Troubleshooting 10.0 Introduction 10.1 Troubleshooting Tips 10.2 Frequently Asked Questions A Configuring Quality of Service A.0 Introduction A.1 Traffic Priority A.2 Traffic Shaping Contents FiOS Router User Manual (cont) B Specifications B.0 Introduction B.1 General B.2 LED Indicators B.3 Environmental C Notices C.0 Introduction C.1 Regulatory Compliance Notices C.2 Modifications C.3 NEBS Requirements C.4 GPL 1 Introduction 1.0 1.1 Package Contents 1.2 System Requirements 1.3 Features 1.4 Getting to Know the FiOS Router Introduction 2009 Verizon. All Rights Reserved. 6 The Verizon FiOS Router lets you transmit and distribute digital entertainment and information to multiple devices via coaxial cables. The FiOS Router also supports Ethernet and Wi-Fi networking, making it the most versatile and flexible router available today. 7 2009 Verizon. All Rights Reserved. 1 Introduction 1.1 Package Content 1.1 Package Content The following is a list of the items included with the FiOS Router:
Black Power adapter Yellow cable (Ethernet, 6 ft.) White cable (Ethernet, 10 ft.) Quick Start Guide Installation Guide User Manual CD Wireless Networking Guide Wall-mount template Vertical stand 1.2 Minimum System Requirements The FiOS Router must be used with the following systems and software:
Computer with Ethernet capability Microsoft Windows 98SE, Me, 2000, XP, or Vista; Mac OS 9 or greater; Linux/
BSD, Unix Internet Explorer 5.0 or higher; Netscape Navigator 7.0 or higher TCP/IP network protocol installed on each computer 2009 Verizon. All Rights Reserved. 8 FiOS Router User Manual 1.3 Features The FiOS Router features:
Multiple networking standards support, including:
- Ethernet and MoCA interfaces
- 802.11g, 802.11b, Ethernet, and MoCA interfaces WAN LAN Integrated wired networking with MoCA 4-port 10/100 Mbps Ethernet switch and Integrated wireless networking with 802.11g access point featuring:
.11g enabled to support speeds up to 54 Mbps wirelessly
.11b compatibility, communicating with 802.11b wireless products at 802 802 speeds up to 11 Mbps Enterprise-level security, including
IP spoofing attacks, intrusion and Fully customizable firewall with Stateful Packet Inspection Content filtering with URL-keyword based filtering, parental control, customizable filtering policies per computer, and E-mail notification Denial of service protection against scanning attacks, IP fragment overlap, ping of death, and fragmentation attacks Event logging Intrusion detection MAC NAT hosting DMZ Access control Advanced wireless protection featuring encryption, 802.1x authentication, and MAC address filtering ICSA WPA, WPA2, WEP 64/128 bit address filtering certification Other options, including:
DHCP server option 9 2009 Verizon. All Rights Reserved. 1 Introduction 1.3 Features server/PPPoE server auto-detection server and WAN IP address selection DHCP DNS LAN IP MAC Port forwarding PPP oE support address cloning oS support (end to end layer 2/3) featuring Diffserv, 802.1p/q NAT prioritization, configurable upstream/downstream traffic shaping, random early detection and pass-through of WAN-side DSCPs, PHBs, and queuing to LAN-side devices Remote management and secured remote management using Reverse Static Static routing Time zone support VLAN VPN IPS ec (VPN pass-through only) multicast support HTTPS NAT Q 2009 Verizon. All Rights Reserved. 10 FiOS Router User Manual 1.4 Getting to Know the FiOS Router This section contains a quick description of the FiOS Routers lights (LEDs), ports, etc. The FiOS Router has several indicator lights on its front panel, and a series of ports and switches on its rear panel. 1.4a Front Panel The front panel of the FiOS Router has a series of indicator lights: Power, WAN Ethernet, WAN Coax, Internet, LAN Ethernet (4), LAN Coax, USB, and Wireless. It also features a WPS button. Front view Verizon FiOS Router (rev. F) 11 2009 Verizon. All Rights Reserved. 1 Introduction 1.4 Getting to Know the FiOS Router Front view Verizon FiOS Router (rev. F2) Power Light The Power light displays the FiOS Routers current status. If the Power light glows steadily green, the FiOS Router is receiving power and fully operational. When the Power light flashes rapidly, the FiOS Router is initializing. If the Power light is not illuminated or glows red when the Power cord is plugged in and the Power switch is turned on, the FiOS Router has suffered a critical error and technical support should be contacted. WAN Ethernet Light The WAN Ethernet light illuminates when the FiOS Router is connected to the Internet via Ethernet. If flashing, data traffic is passing across the port. WAN Coax Light The WAN Coax light glows steadily or flashes when the FiOS Router is connected to the Internet via coaxial cable. Internet Light 2009 Verizon. All Rights Reserved. 12 FiOS Router User Manual When the Internet light glows steadily green, the FiOS Router is connected to the ISP (Internet Service Provider). If it glows amber, there is a physical connection to the ONT (Optical Network Terminator), but authentication has not taken place (i.e., no IP address is present). LAN Ethernet Lights (1, 2, 3, 4) The LAN Ethernet lights illuminate when the FiOS Router is connected to a local network via one or more of its Ethernet ports. If flashing, data traffic is passing across the port(s). LAN Coax Light The LAN Coax light glows steadily or flashes when the FiOS Router is connected to a local network via its Coax port. USB Light The USB light illuminates when the FiOS Router is connected to a device via a USB cable. Wireless Light The Wireless light illuminates when the FiOS Routers wireless access point is turned on. If flashing, data traffic is passing across the wireless connection. 13 2009 Verizon. All Rights Reserved. 1 Introduction 1.4 Getting to Know the FiOS Router Wi-Fi Protected Setup WiFi Protected Setup (WPS) is an easier way to set up a wireless network. Instead of entering passwords or multiple keys on each wireless client (laptop, printer, external hard drive, etc.), the FiOS Router can create a wireless network that only requires the pressing of buttons (one on the FiOS Router, and one on the client
[either built-in, or on a compatible wireless card]) to allow wireless clients to join the FiOS Routers wireless network. Although the WPS button is included on the FiOS Router, WPS functionality will not be enabled until a future firmware release. The button is included so that WPS can be activated at a later date without having to physically change the FiOS Router. The GUI does not include the WPS option. 1.4b Rear Panel The rear panel of the FiOS Router has eight ports (Coax, Power, LAN Ethernet [4], WAN Ethernet, and USB), a Power switch, a Reset button, and a wireless antenna. LAN 10 100 100 10 100 10 100 10 100 USB WAN 10 Coax 1 2 3 4 On/Off Reset Coaxial Cable
(from Coax Port to Set Top Box) Power Adapter
(from Power Port to Wall Outlet) Ethernet Cable
(from LAN Ethernet Port to Computer/Device) Ethernet Cable
(from WAN Port to ISP Connection) USB Cable
(from USB Port to Device) Rear view Verizon FiOS Router (rev. F) 2009 Verizon. All Rights Reserved. 14 FiOS Router User Manual LAN 10 100 100 10 100 10 100 10 100 USB WAN 10 Coax 1 2 3 4 On/Off Reset Coaxial Cable
(from Coax Port to Set Top Box) Power Adapter
(from Power Port to Wall Outlet) Ethernet Cable
(from LAN Ethernet Port to Computer/Device) Ethernet Cable
(from WAN Port to ISP Connection) USB Cable
(from USB Port to Device) Rear view Verizon FiOS Router (rev. F2) Coax Port The Coax port connects the FiOS Router to the ISP or other devices using a coaxial cable. Power Port The Power port connects the FiOS Router to an electrical wall outlet via the Power cord. Power Switch The Power switch powers the FiOS Router on and off. 15 2009 Verizon. All Rights Reserved. 1 Introduction 1.4 Getting to Know the FiOS Router Reset Button To restore the FiOS Routers factory default settings, press and hold the Reset button for approximately ten seconds. The reset process will start about ten seconds after releasing the button. When the FiOS Router resets, all the lights on the front panel turn off, and then some of the lights start flashing. The FiOS Router has completed its reset process when the Power light glows steadily green. Caution! Do not unplug the Power cord from the FiOS Router during the reset process. Doing so may result in the loss of the FiOS Routers configuration information. If this occurs, reset the FiOS Router again. LAN Ethernet Ports (4) The LAN Ethernet ports connect devices to the FiOS Router via Ethernet cables to create a local area network (LAN). The LAN Ethernet ports are 10/100 Mbps auto-sensing ports, and either a straight-through or crossover Ethernet cable can be used when connecting devices to the ports. WAN Ethernet Port The WAN Ethernet port connects the FiOS Router to the ISP using an Ethernet cable. USB Port The USB port provides up to 5 VDC for attached devices (to charge a cell phone, for example). In the future, with a firmware release upgrade, the USB host functionality will be available for devices such as external storage and cameras. Wireless Antenna(s) The FiOS Routers wireless antenna(s) is used to transmit a wireless signal to other wireless devices on its wireless network. 2009 Verizon. All Rights Reserved. 16 2 Introduction 2.0 2.1 Setting up the FiOS Router 2.2 Computer Network Configuration 2.3 Configuring the FiOS Router 2.4 Main Screen Connecting the FiOS Router 17 2009 Verizon. All Rights Reserved. Connecting the FiOS Router and accessing its Graphical User Interface (GUI) are both simple procedures, varying slightly depending on the computers operating system. However, no configuration is necessary to access the GUI when taking advantage of Universal Plug-and-Play support. 2009 Verizon. All Rights Reserved. 18 FiOS Router User Manual 2.1 Setting Up the FiOS Router There are three parts to setting up the FiOS Router: Connecting the Cables, Configuring the Router, and Connecting Other Computers/Set Top Boxes. 2.1a Connecting the Cables Note: If a different router was being used previously, disconnect it. Remove all router components, including power supplies and cables, as they will not work with the FiOS Router. 1. 2. Get the FiOS Router and black Power cord from the box. Plug the black Power cord in the black port on the back of the FiOS Router and then into a power outlet. 3. Turn the FiOS Router on. 4. 5. 6. 7. 8. Make sure the Power light on the front of the FiOS Router glows steadily green. Plug the yellow Ethernet cable from the box into one of the four yellow Ethernet ports on the back of the FiOS Router. Make sure the computer is powered on, then plug the other end of the yellow Ethernet cable into an Ethernet port on the computer. Make sure at least one of the Ethernet LAN lights on the front of the FiOS Router glows steadily green. This may take a few moments. The phone company previously installed a high-speed wall jack somewhere in the house. Locate it and note its type (Ethernet or coaxial). If Ethernet, follow steps 8a and 8b. If coaxial, follow steps 9a and 9b. Then, continue to step 10. a. If connecting via Ethernet, get the white Ethernet cable from the box and plug one end in the white port on the back of the FiOS Router. b. Plug the other end of the white Ethernet cable into the high-speed Ethernet jack. 19 2009 Verizon. All Rights Reserved. 2 Connecting the FiOS Router 2.2 Computer Network Configuration 9. If connecting via coaxial cable, get a coaxial cable and connect one end a. to the red Coax port on the back of the FiOS Router. b. Connect the other end of the coaxial cable to a coax jack. 10. Make sure the Ethernet WAN light (if connecting via Ethernet) or Coax WAN light (if connecting via coaxial cable) on the front of the FiOS Router glows steadily green. If connecting via coaxial cable, this may take a few minutes. Note: If the Ethernet WAN light or Coax WAN light does not illuminate, make sure the cable (Ethernet or coaxial) is connected properly at both ends. 2.2 Computer Network Configuration Each network interface on the computer should either be configured with a statically defined IP address and DNS address, or instructed to automatically obtain an IP address using the Network DHCP server. The FiOS Router is set up, by default, with an active DHCP server, and we recommend leaving this setting as is. 2.2a Configuring Dynamic IP Addressing To set up a computer to use dynamic IP addressing:
Windows Vista 1. Select Network and Sharing in the Control Panel. 2. Click View Status, then click Properties. 3. Click Continue in the User Account Control window. 4. 5. 6. 7. 8. In the General tab of the Local Area Connection Properties window select Internet Protocol Version 4 (TCP/IPv4), then click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties window appears. Click the Obtain an IP address automatically radio button. Click the Obtain DNS server address automatically radio button. OK in the Internet Protocol Version 4(TCP/IPv4) Properties window, Click then click OK in the Local Area Connection Properties screen to save the settings. 2009 Verizon. All Rights Reserved. 20 FiOS Router User Manual Windows XP 1. Select Network Connections in the Control Panel. 2. Right-click Ethernet Local Area Connection, then click Properties. 3. In the General tab, select Internet Protocol (TCP/IP), then click Properties. 4. 5. 6. 7. The Internet Protocol (TCP/IP) Properties window appears. Click the Obtain an IP address automatically radio button. Click the Obtain DNS server address automatically radio button. OK in the Internet Protocol (TCP/IP) Properties screen, then click OK in Click the Local Area Connection Properties screen to save the settings. Windows 2000 1. Select Network and Dialing Connections in the Control Panel. 2. Right-click on the Ethernet connections icon, then click Properties. 3. Select Internet Protocol (TCP/IP) component, then click Properties. 4. 5. 6. The Internet Protocol (TCP/IP) Properties window appears. Click the Obtain an IP address automatically radio button. Click the Obtain DNS server address automatically radio button. Windows 98/Me 1. Select Network in the Control Panel. 2. Select the TCP/IP settings for the network card, then click Properties. 3. Click the Obtain an IP address automatically radio button in the IP Address tab. 4. Click Disable DNS in the DNS configuration tab. 5. Click OK in the TCP/IP Properties screen. 6. Click OK in the Network screen to reboot and save the settings. 21 2009 Verizon. All Rights Reserved. 2 Connecting the FiOS Router 2.2 Computer Network Configuration Windows NT 1. Click Network in the Control Panel. The Network window appears. 2. 3. 4. In the Protocol tab, select Properties. Internet Protocol (TCP/IP), then click In the IP Address tab, click the Obtain an IP address automatically radio button. In the DNS tab, verify no DNS server is defined in the DNS Service Search Order text box and no suffix is defined in the Domain Suffix Search Order text box. Macintosh OS X 1. Click on the Apple icon in the top left corner of the desktop. 2. From the menu that appears, select System Preferences. 3. The System Preferences window appears. Click Network. 4. From the Network window, make sure Ethernet in the list on the left is highlighted and displays Connected. 5. Click Assist me. 6. From the tab that appears, click Diagnostics. 7. Follow the instructions in the Network Diagnostics assistant. Linux 1. 2. 3. 4. 5. Login into the system as a super-user by entering su at the prompt. Type ifconfig to display the network devices and allocated IPs. Type pump -i <dev>, where <dev> is the network device name. Type ifconfig again to view the newly allocated IP address. Make sure no firewall is active on device <dev>. 2009 Verizon. All Rights Reserved. 22 FiOS Router User Manual 2.3 Configuring the FiOS Router 1. Open a web browser on the computer connected to the FiOS Router. In the Address text box, type:
http://192.168.1.1 then press Enter on the keyboard. 2. The Login Setup screen appears. Select a new user name and password and enter them in the appropriate text boxes (the password must be entered twice, for validation purposes). Write the new user name and password down on a piece of paper and keep it in a safe place, since they will be needed to access the FiOS Routers GUI (Graphical User Interface) in the future. 3. In the bottom part of the screen, select the correct time zone from the Time Zone drop-down list, then click OK at the bottom of the screen. The FiOS Router is now configured. 23 2009 Verizon. All Rights Reserved. 2 Connecting the FiOS Router 2.3 Configuring the FiOS Router 2.3a Connecting Other Computers/Set Top Boxes The FiOS Router can connect to other computers or set top boxes in three ways:
via Ethernet, via wireless connection, or via coaxial cable. Ethernet 1. 2. 3. 4. Get an Ethernet cable and plug one end into one of the open yellow Ethernet ports on the back of the FiOS Router. Plug the other end of the Ethernet cable into an Ethernet port on the computer. Make sure the corresponding Ethernet LAN light on the front of the FiOS Router glows steadily green. Repeat these steps for each computer to be connected to the FiOS Router via Ethernet. Wireless 1. 2. 3. 4. 5. Make sure each computer to be connected wirelessly has built-in wireless or an attached wireless adapter. Make sure the computer uses the same ESSID and WEP key as the FiOS Router by launching the computers wireless application Enter the ESSID and WEP key found on the sticker on the bottom of the FiOS Router in the computers wireless settings and click Save. Make sure to configure the computer to use 64/40-bit WEP encryption. Make sure the changes were implemented by surfing the Internet from the computer. Repeat these steps for every other computer to be connected to the FiOS Router wirelessly. 2009 Verizon. All Rights Reserved. 24 FiOS Router User Manual Coaxial 1. 2. 3. Make sure all set top boxes are turned off. Disconnect any adapter currently connected to the coaxial jack in the room where the FiOS Router is. Connect one end of the coaxial cable to the coaxial wall jack, and the other end to the red Coax port on the back of the FiOS Router. 4. Power up the set top box. 5. Make sure the Coax LAN light on the front of the FiOS Router glows steadily green. This may take a few minutes. When it does, the set top box is connected to the FiOS Router. 2.4 Main Screen After logging into the FiOS Routers GUI (see Configuring the FiOS Router at the beginning of this chapter), the Main screen appears. 25 2009 Verizon. All Rights Reserved. 2 Connecting the FiOS Router 2.4 Main Screen The Main screen has a menu occupying the top of the screen. Below that, the screen is divided into three columns: My Router, My Network, and Action Zone. 2.4a Menu The Main screens menu contains links to all of the configuration options of the FiOS Router: Wireless Setup (explained in chapter 4 of this manual), My Network (chapter 5), Firewall Settings (chapter 6), Parental Controls (chapter 7), Advanced (chapter 8), and System Monitoring (chapter 9). 2.4b My Router This section displays the status of the FiOS Routers network and Internet connection. A green light signifies the FiOS Router is connected; a yellow light means the FiOS Router is attempting to connect; and a red light signifies the FiOS Routers connection is down. Broadband Connection The Broadband Connection section of the My Router column displays the state of the FiOS Routers broadband connection (Connected or Disconnected) for the two connection options (Coax Status and Ethernet Status), and the WAN IP address of the broadband connection. Quick Links The Quick Links section of the My Router column contains a list of frequently accessed settings, including Change Wireless Settings, Change Login User Name & Password, Enable Gaming, and Logout. 2.4c My Network The My Network column of the Main screen displays the connection type, name, and IP address of all devices connected to the FiOS Routers network. The icon associated with the device will be displayed normally (signifying an active device) or shaded (signifying the device has not been active for at least 60 seconds). The user can also configure the basic settings of each device by clicking on its icon. These settings are described in more detail in chapter 3. 2009 Verizon. All Rights Reserved. 26 FiOS Router User Manual 2.4d Action Zone This column contains links to various Verizon Web sites, and other informational links. Clicking on the icon above Go to Internet Now connects the user to the home page configured on the users web browser. 27 2009 Verizon. All Rights Reserved. 3 Introduction 3.0 3.1 Overview 3.2 Connecting a Wireless Client 3.3 Wireless Status 3.4 Basic Security Settings 3.5 Advanced Security Settings 3.6 Setting Up a Wireless Client Setting Up a Wireless Network 2009 Verizon. All Rights Reserved. 28 Wireless networking enables you to free yourself from wires and plugs, making your devices more accessible and easier to use. This chapter explains how to create a wireless network using the FiOS Router, including accessing and configuring wireless security options. 29 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.1 Overview 3.1 Overview The FiOS Router provides the user with wireless connectivity over the 802.11b and g standards (the most common wireless standards). 802.11b has a maximum data rate of 11 Mbps, while 802.11g has a maximum data rate of 54 Mbps. Both operate in the 2.4 GHz range. The FiOS Routers wireless feature is turned on, with wireless security activated, by default. The level of security is 64/40-bit WEP, with a unique WEP key already entered. This information is displayed on a sticker located on the bottom of the FiOS Router. The FiOS Router integrates multiple layers of security. These include the IEEE 802.1x port-based authentication protocol, RADIUS client, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-PEAP, Wired Equivalent Privacy (WEP), Wi-Fi Protected Access
(WPA) and firewall and VPN applications. 3.2 Connecting a Wireless Client To connect a wireless client to the FiOS Router:
Note: The following procedure assumes the FiOS Routers default wireless settings are intact. If they have been changed, use the new ESSID and wireless security settings. For more details, see the Connecting a Wireless Windows XP Client section of this chapter. 1. 2. 3. In the wireless clients configuration interface, enter the FiOS Routers ESSID (found on a sticker on the bottom of the FiOS Routers case) in the appropriate text box or field (this varies depending on the wireless clients manufacturer). Enter the FiOS Routers WEP key (also found on the sticker on the bottom of the FiOS Routers case) in the wireless clients configuration interface. Save the changes and exit the wireless clients configuration interface. The client should now detect and join the FiOS Routers wireless network. If not, check the wireless clients documentation, or contact its manufacturer. 2009 Verizon. All Rights Reserved. 30 FiOS Router User Manual 3.3 Wireless Status Clicking on the Wireless Settings icon from the Main screens menu generates the Wireless Status screen, which displays the current status of the wireless connection. 3.3a Radio Enabled Displays whether the FiOS Routers wireless radio is active. 3.3b SSID The SSID (Service Set Identifier) is the network name shared among all devices on a particular wireless network. The SSID must be identical for all devices on the wireless network. It is case-sensitive and cannot exceed 32 characters. Make sure the SSID is the same for all devices to be connected to the wireless network. The FiOS Router comes from the factory with an SSID already entered and displayed here. The default SSID can also be found on a sticker on the bottom of the FiOS Router. 3.3c Channel Displays the channel to which the wireless connection is currently set. All devices on the wireless network must be on the same channel to function correctly. 31 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.3 Wireless Status 3.3d Security Enabled Displays what kind of security is active on the wireless connection, and the security encryption key. 3.3e SSID Broadcast Displays whether the FiOS Router is broadcasting its SSID. If activated, the SSID of the FiOS Routers wireless network is broadcast wirelessly. 3.3f MAC Authentication Displays whether the FiOS Router is using MAC (Media Access Control) address authentication to allow wireless devices to join the network. 3.3g Wireless Mode Displays the types of wireless device that can join the network. Options include 802.11b, 802.11g, or Mixed (allows both 802.11b- and 802.11g-equipped wireless devices to join the network). 3.3h Packets Received/Sent Displays the number of packets received and sent since the FiOS Routers wireless capability was activated. 2009 Verizon. All Rights Reserved. 32 FiOS Router User Manual 3.4 Basic Security Settings To configure the FiOS Routers wireless network for basic security, select Basic Security Settings from the menu on the left side of any Wireless Settings screen. The Basic Security Settings screen appears. 1. 2. 3. 4. 5. 6. Click the On radio button to activate the FiOS Routers wireless radio. Enter the name of the wireless network in the SSID text box (the SSID name in the figure above is an example; enter a different name for the SSID). Select the channel at which the FiOS Routers wireless radio communicates by selecting it from the Channel drop-down list. To preserve the channel selection in the event of a FiOS Router power cycle, click in the box next to Keep my channel selection during power cycle. Click the WEP radio button to activate WEP (Wired Equivalent Privacy) security on the wireless network. Select a WEP security level from the select a WEP Key drop-down list
(options include 64/40 bit or 128/104 bit). 33 2009 Verizon. All Rights Reserved. 3 7. 8. Setting Up a Wireless Network 3.4 Basic Security Settings Enter the key code in the Key Code text box. Each character must be a letter from A-F or a number from 0-9. If 64/40 bit was selected in step 5, enter 10 characters. If 128/104 was selected, enter 26 characters. Write down the wireless settings displayed on the screen. Other wireless devices must use these same settings when configuring the devices wireless networking scheme to join the FiOS Routers wireless network. 9. Click Apply to save the settings. 2009 Verizon. All Rights Reserved. 34 FiOS Router User Manual 3.5 Advanced Security Settings To configure the FiOS Routers advanced wireless network security settings, select Advanced Security Settings from the menu on the left side of any Wireless Settings screen. The Advanced Security Settings screen appears. 3.5a Level 1 (Wireless Security) This section is used to configure different types of wireless security. Select the type of wireless security to be applied to the wireless network by clicking the appropriate radio button, then configure the security settings in the subsequent screens. 35 2009 Verizon. All Rights Reserved. Setting Up a Wireless Network 3.5 Advanced Security Settings 3 WEP If WEP was selected in the Advanced Security Settings screen, the WEP Key screen appears. 1. 2. 3. 4. 5. Select the appropriate network authentication level from the drop-down list. Options include Open System Authentication, Shared Key Authentication, or Both. Activate WEP key 1 by clicking the radio button next to 1 on the left side. Select the length of key 1 by selecting 64/40 bit or 128/104 bit from the appropriate drop-down list in the Key Length column. Select the type of key from the appropriate drop-down list in the Entry Method column. If Hex is selected, the key must be made up of hexadecimal digits. If ASCII is selected, the key can be made up of any characters. Enter the key in the appropriate text box in the Encryption Key column. If 64/40 bit was chosen in step 2, enter 10 characters. If 128/104 bit was chosen, enter 24 characters. Depending on what option was selected in step 3, enter hexadecimal or ASCII characters. 6. Click Apply to save changes. 2009 Verizon. All Rights Reserved. 36 FiOS Router User Manual 802.1x WEP If 802.1x WEP (Wired Equivalent Privacy) was selected, the WEP+802.1x Radius Settings screen appears. To generate the full screen, click in the Enabled check box to activate. 802.1x WEP is a robust security protocol that uses port control with dynamically changing encryption keys automatically updated over the network. 802.1x WEP uses a RADIUS (Remote Authentication Dial-in Service) server for authentication purposes. This server must be physically connected to the FiOS Router. Also, the user must enable the RADIUS client embedded in the FiOS Router (to do this, see chapter 9, Advanced Settings). 1. 2. 3. 4. Click in the Enabled check box to enable WEP+802.1x security. Enter the RADIUS server IP address in the Server IP text boxes. Enter the RADIUS servers port number in the Server Port text box. Enter the RADIUS servers shared secret in the Shared Secret text box. 5. Click Apply to save changes. 37 2009 Verizon. All Rights Reserved. Setting Up a Wireless Network 3.5 Advanced Security Settings 3 WPA If WPA (Wi-Fi Protected Access) was selected, the WPA Key screen appears. 1. 2. 3. 4. Verify the authentication method selected is Pre-Shared Key. Enter a phrase of at least eight characters in the Pre-Shared Key text box. Verify that ASCII is selected in the associated drop-down list. Select the proper encryption algorithm (TKIP or AES). Click in the Group Key Update Interval check box to activate the group key update interval, and set the interval time in the text box to the right. 5. Click Apply at the bottom of the screen to save changes. WPA2 If WPA2 was selected, the WPA2 screen appears. 1. 2. Verify the authentication method selected is Pre-Shared Key. Enter a phrase of at least eight characters in the Pre-Shared Key text box. Verify that ASCII is selected in the associated drop-down list. 3. Select the proper encryption algorithm (TKIP or AES). 2009 Verizon. All Rights Reserved. 38 FiOS Router User Manual 4. Click in the Group Key Update Interval check box to activate the group key update interval, and set the interval time in the text box to the right. 5. Click Apply at the bottom of the screen to save changes. 3.5b Level 2 (SSID Broadcast) This section is used to configure the FiOS Routers SSID broadcast capabilities. Selecting SSID Broadcast generates the SSID Broadcast screen. Click the Enable radio button to enable SSID broadcasting. If enabled, the SSID of the FiOS Routers wireless network will be broadcast wirelessly. To disable SSID broadcasting, click the Disable radio button. 3.5c Level 3 (Limiting Access) This option is used to limit access to the FiOS Routers wireless network. 39 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.5 Advanced Security Settings Wireless MAC Authentication Wireless MAC authentication allows the user to allow or deny access to the FiOS Routers wireless network by a particular devices MAC address. Selecting Wireless MAC Authentication from the Advanced Security Settings screen generates the Wireless MAC Authentication screen. To set up wireless MAC authentication:
1. 2. Click in the Enable Access List check box. Select either Accept all devices listed below or Deny all devices listed below by clicking the appropriate radio button. Selecting Accept causes all devices listed by MAC address to access the FiOS Routers wireless network. Selecting Deny causes all listed devices to be denied access. 3. Enter the MAC address of a device in the Client MAC address text box. 4. Click Add. 5. Repeat steps 3 and 4 to add more devices to the list. 6. When finished listing devices, click Apply. To remove a MAC address, select it from the List list box, then click Remove. 2009 Verizon. All Rights Reserved. 40 FiOS Router User Manual 802.11b/g Mode This option allows the user to select the wireless communication standard compatible with the devices to be connected on the wireless network from the drop-down list. Options include 802.11b, 802.11g, or Mixed (allows both 802.11b and 802.11g-equipped wireless devices to join the network). 3.5d Other Advanced Wireless Options Clicking Other Advanced Wireless Options at the bottom of the Advanced Security Settings screen generates (after clicking through the Warning screen) another Advanced Wireless Options screen. When should this rule occur?
Displays the time during which the rule is active. To configure schedule rules, see chapter 8, Advanced Settings. 41 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.5 Advanced Security Settings Network Select the type of connection being configured from this drop-down list
(options: Network [Home/Office], Broadband Connection, or DMZ). MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the user to set the MTU. Transmission Rate Select the wireless transmission rate from the drop-down list, or select Auto to have the FiOS Router automatically select the best transmission rate. This setting adjusts the bit rate of the FiOS Routers wireless transmissions. CTS Protection Mode Activating CTS (Clear to Send) Protection Mode allows mixed 802.11b/g networks to operate at maximum efficiency. Select Auto from the drop-down list to activate. Select None to deactivate . CTS Protection Type Select from the two options: cts-only (for mixed 802.11b/g networks) or rts-cts.
(for 802.11a/b/g networks). Frame Burst - Max Number Frame Burst allows packet bursting, which increases overall network speed. Enter the maximum number of frame bursts in this text box. Frame Burst - Burst Time Enter the burst time of the frame bursts in this text box. 2009 Verizon. All Rights Reserved. 42 FiOS Router User Manual DTIM Interval Enter the DTIM (Delivery Traffic Indication Message) interval value (in milliseconds) in this text box. A DTIM is a countdown mechanism for the FiOS Router, informing wireless network clients of the next window for listening to broadcast and multicast messages. Fragmentation Threshold Setting the correct fragmentation threshold can increase the reliability of frame transmissions on the wireless network. Enter the fragmentation threshold in this text box. RTS Threshold Enter the RTS (Request to Send) threshold in this text box. This setting controls what size data packet the low level RF protocol issues to an RTS packet. 43 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.6 Setting Up a Wireless Client 3.6 Setting Up a Wireless Client If the computer has wireless capabilities and is running Windows XP or Vista, it will automatically recognize the existing wireless network and try to create a wireless connection. View this connection under Windows Network Connections. 3.6a Joining an Open Wireless Network (Window XP) Note: The following description and images are in accordance with Microsoft Windows XP, Version 2002, running Service Pack 2. If running another operating system, see the documentation that came with the wireless adapter being used. 1. Network Connections in the Control Panel. The Network Click Connections window appears. 2009 Verizon. All Rights Reserved. 44 FiOS Router User Manual 2. Double-click the wireless connection icon. The Wireless Network Connection screen appears, displaying all available wireless networks in the vicinity. If the FiOS Router is connected and active, the FiOS Routers wireless connection is displayed. Note that the connections status is Not connected in the figure below. 3. Connect at the bottom of Click the connection once to mark it, then click the screen. After clicking throught the Warning screen, and establishing the connection, its status will change to Connected. An icon appears in the notification area, announcing the successful initiation of the wireless connection. 45 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.6 Setting Up a Wireless Client 4. Test the connection by disabling all other connections in the Network Connections window and browsing the Internet. The FiOS Routers wireless network can now be accessed from the configured computer. However, any other user with a wireless-equipped device can also access the wireless network. To prevent this, secure the wireless network, as explained in the Wireless Security section of this chapter. 3.6b Joining a Secured Wireless Network (Windows XP) This section assumes the FiOS Routers wireless network is set up with 64-bit WEP security. 1. Network Connections in the Control Panel. The Network Click Connections window appears. 2009 Verizon. All Rights Reserved. 46 FiOS Router User Manual 2. Double-click the wireless connection icon. The Wireless Network Connection screen appears, displaying the available wireless connections. Select the FiOS Routers network. 3. Click the connection once to mark it, then click the screen. The following login window appears, asking for a Network Key, which is the pre-shared key used when configuring the FiOS Routers WEP security (see the WEP section in this chapter). Connect at the bottom of 47 2009 Verizon. All Rights Reserved. 3 4. Setting Up a Wireless Network 3.6 Setting Up a Wireless Client Enter the network (WEP) key in both text boxes and click connection is established, its status will change to Connected, as shown below. Connect. After the An icon appears in the notification area, announcing the successful initiation of the wireless connection. 5. Test the connection by disabling all other connections in the Network Connections window and surfing the Internet. Manual Wireless Network Connection If the login window shown in step 3 does not appear and the connection attempt fails, configure the connection manually using the following procedure:
1. Click the connection once to mark it and then click Settings in the Related Tasks box on the left part of the window. Change Advanced 2009 Verizon. All Rights Reserved. 48 FiOS Router User Manual 2. The Wireless Network Connection Properties window appears. Select Wireless Networks. 3. Click the connection to highlight it, then click Properties Window appears. Properties. The connections 49 2009 Verizon. All Rights Reserved. 3 Setting Up a Wireless Network 3.6 Setting Up a Wireless Client 4. 5. 6. From the Network Authentication drop-down list, select Open. From the Data Encryption drop-down list, select WEP. Enter the pre-shared key in both the Network key and the Confirm network key text boxes. 7. Click OK, then OK again. 8. When attempting to connect to the wireless network, the login window appears, pre-populated with the pre-shared key. Press Connect to connect. Since the network is now secured, only users who know the pre-shared key will be able to connect. 3.6c Setting Up a Wireless Windows Client (Vista) If the computer has wireless capabilities and is running Windows Vista, it will automatically recognize the existing wireless network and try to create a wireless connection. View this connection under Windows Network Connections. 1. 2. Click the wireless icon the system tray (in the lower right corner of the desktop) and, from the menu that appears, select Connect to a Network. A Connect to a Network window appears. Select the FiOS Routers wireless network. 2009 Verizon. All Rights Reserved. 50 FiOS Router User Manual 3. Another Connect to a Network window appears. Enter the WEP key of the network in the appropriate text box. 4. Connect. A third Connect to a Network window appears, stating that Click the connection was successful 51 2009 Verizon. All Rights Reserved. Introduction 4.0 4.1 Accessing the My Network 4.2 Using the My Network Settings Settings 4 Configuring My Network Settings 2009 Verizon. All Rights Reserved. 52 Once the FiOS Router is physically connected and the FiOS Routers Main screen is displayed in a web browser, a list of devices connected to the FiOS Routers network appears in the My Network column of the screen. From here, some basic network settings can be configured. 53 2009 Verizon. All Rights Reserved. 4 Configuring My Network Settings 4.1 Accessing My Network Settings 4.1 Accessing My Network Settings To access My Network, click the My Network icon in the Main screen. The My Network screen appears:
On the far right side of the screen, in the Connected Devices section, is list of the devices currently connected to the FiOS Routers network, listed by connection type and number. The rest of the screen contains the My Network section, which displays each device connected to the FiOS Routers network, and a series of basic configuration settings for each device. 2009 Verizon. All Rights Reserved. 54 FiOS Router User Manual 4.2 Using My Network Settings Various settings can be accessed for a particular device, as follows. 4.2a Access Device For devices that can be accessed (such as Internet cameras and networked hard drives), locate it in the My Network column, then click Access Devices to use the device over the network. 4.2b Access Shared Files To access the shared files on a particular device, locate the device in the My Network column, then click Access Shared Files. A list of shared files appears on the screen. 4.2c Website Blocking Clicking Website Blocking generates the Parental Control screen. For more information about using parental controls, see chapter 7, Using Parental Controls. 4.2d Block Internet Services Internet services blocking is used to prevent a device on the network from accessing particular services available on the Internet, such as receiving email or downloading files from FTP sites. To set up Internet services blocking on a networked device:
1. Locate the device in the My Network column, then click Services. The Access Control screen appears. Block Internet 55 2009 Verizon. All Rights Reserved. 4 2. 3. 4. 5. Configuring My Network Settings 4.2 Using My Network Settings Add in the Networked computer/Device column. The Add Access Click Control Rule screen appears. If this access control rule applies to all networked devices, select Any from the Networked Computer/Device list box. If this rule applies to certain devices only, select User Defined and click Add. Then, in the Edit Network Object screen, add a network object (for more details about adding network objects, see the Advanced Settings chapter of this manual). Select the Internet protocol to be blocked from the Protocol drop-down list. Always from the When should If this rule will be active continuously, select this rule occur? drop-down list. If the rule will only be active at certain times, select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the Advanced Settings chapter of this manual). Note: Make sure the FiOS Routers date and time settings for your time zone are set correctly for schedule rules to function properly. 6. Apply to save the changes. The Access Control screen will display a Click summary of the access control rule. Note: To block a service that is not included in the list, select User Defined from the Protocol drop-down menu. The Edit Service screen appears. Define the service, then click Apply. The service will then be automatically added to the 2009 Verizon. All Rights Reserved. 56 FiOS Router User Manual top section of the Add Access Control Rule screen, and will be selectable. The user may disable an access control and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available only temporarily, with the expectation that the restriction will be reinstated later. To temporarily disable an access control, clear the check box next to the network computer/device. To reinstate the restriction at a later time, select the check box next to the network computer/device. To remove an access restriction from the Access Control table, click for the service. The service will be removed from the Access Control table. Remove Note: When Web Filtering is enabled, HTTP services cannot be blocked by access control. 4.2e Port Forwarding Activating Port Forwarding allows the network to be exposed to the Internet in certain limited and controlled ways, enabling some applications to work from the local network (game, voice, and chat applications, for example), as well as allowing Internet access to servers in the local network. To set this up on a networked device, locate the device in the My Network column, then click Port Forwarding. The Port Forwarding screen appears. 57 2009 Verizon. All Rights Reserved. 4 Configuring My Network Settings 4.2 Using My Network Settings To set up basic port forwarding:
1. 2. 3. Click the arrow next to IP Address forward to or select from menu to display a menu and either enter the IP address of the item to port forward from, or choose an item from the drop-down menu. Click the arrow next to Application to forward and select a pre-
configured application from the drop-down menu. Add. The new port forwarding rule appears in the Applied rules table Click at the bottom of the screen. To set up advanced port forwarding (custom ports):
1. 2. Click the arrow next to Application to forward and select from the drop-down menu. Custom Ports Enter the host name (from the drop-down list) or local IP address of the computer providing the service in the Specify IP text box. Note that only one local network computer can be assigned to provide a specific service or application. 3. Click Advanced. 4. Select the Internet protocol to be provided from the Protocol drop-down list. Depending on the protocol selected, additional options appear in the screen. 5. Select the connection with which this port forwarding rule will be active 2009 Verizon. All Rights Reserved. 58 FiOS Router User Manual from the WAN Connection Type drop-down list. 6. 7. 8. To select a port to forward communications to (this is optional), select Specify from the Forward to Port drop-down list, then, in the text box that appears, enter the port number. If no port is identified, select Same as Incoming Port. If this port will be active all the time, select Always from the Schedule drop-down list. If the rule will only be active at certain times, select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the Advanced Settings chapter of this manual). If source and destination ports need to be specified, select Specify from the drop-down menu list (by clicking on the appropriate arrow), then entering the port numbers. 9. Apply to save the changes. The new port forwarding rule appears in Click the Applied rules table at the bottom of the screen. Note: Some applications, such as FTP, TFTP, PPTP, and H323, require the support of special specific Application Level Gateway (ALG) modules to work inside the local network. Data packets associated with the aforementioned applications contain information that allows them to be routed correctly. An ALG is needed to handle these packets and ensure they reach their intended destinations. The FiOS Router is equipped with a robust list of ALG modules, enabling maximum functionality in the local network. The ALG is automatically assigned based on the destination port. 4.2f View Device Details To view information about a networked device, or to test a devices connection, locate the device in the My Network column, then click View Device Details. The Device Information screen appears. 59 2009 Verizon. All Rights Reserved. 4 Configuring My Network Settings 4.2 Using My Network Settings 1. Click Test Connectivity. The Diagnostics screen appears. 2. The FiOS Router automatically runs a ping test, and the results are displayed in the Diagnostics screen. 4.2g Rename This Device To rename a networked device, locate the device in the My Network column, then click Rename This Device. The Rename Device screen appears. Enter the new name of the device in the New Name text box and, if needed, select a new icon for the device from the New Icon drop-down list. 2009 Verizon. All Rights Reserved. 60 5 Introduction 5.0 5.1 Accessing Network Connections 5.2 Network (Home/Office) Connection 5.3 Ethernet Connection 5.4 Wireless Access Point Connection 5.5 Coax Connection 5.6 Broadband Ethernet Connection 5.7 Broadband Coax Connection 5.8 WAN PPPoE Connection 5.9 WAN PPPoE 2 Connection Using Network Connections 61 2009 Verizon. All Rights Reserved. The FiOS Router supports various local area network (LAN) and wide area network
(WAN, or Internet) connections via Ethernet or coaxial cables. The Network Connections screens are used to configure the various aspects of the FiOS Routers network and Internet connections, and create new connections. 2009 Verizon. All Rights Reserved. 62 FiOS Router User Manual 5.1 Accessing Network Connections Caution! The settings covered in this chapter should be configured by experienced network technicians only. To access the FiOS Routers network connections, in the My Network screen, click Network Connections from the menu on the left side. The Network Connections screen appears. Click Advanced to expand the screen and display all connection entries. To select a connection, click on its name. The rest of this chapter describes the different network connections available on the FiOS Router, as well as the connection types that can be created. 63 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.2 Network (Home/Office) Connection 5.2 Network (Home/Office) Connection Select Network (Home/Office) in the Network Connections screen to generate the Network (Home/Office) Properties screen. This screen displays a list of the local networks properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Rule Name text box). Note: When a network is disabled, its formerly underlying devices will not be able to get the DHCP address from the network interface to which they were connected. The Network (Home/Office) connection is used to combine several network devices under one virtual network. For example, a home/office network can be created for Ethernet and other network devices. 2009 Verizon. All Rights Reserved. 64 FiOS Router User Manual 5.2a Configuring the Home/Office Network Click Settings in the Network (Home/Office) Properties screen to generate a second Network (Home/Office) Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the network. When should this rule occur? Displays when the rule is active. To schedule rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (options: Broadband Connection, Network [Home/Office], or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. 65 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.2 Network (Home/Office) Connection Internet Protocol This section has three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection will have no IP address. This is useful if the connection operates under a bridge. Obtain an IP Address Automatically Select this option if the network connection is required by the ISP to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by entering another subnet mask address. Use the Following IP Address Select this option if the network connection uses a permanent (static) IP address, then the IP address and subnet mask address. Bridge The Bridge section of the Configure Network (Home/Office) screen is used to specify which networks can join the network bridge. Verizon does not support using the FiOS Router in Bridge mode. Using Bridge mode may cause problems with the FiOS Router, including the complete disabling of all video services used with the FiOS Router. Status The Status column displays the connection status of a particular device. STP Click in the devices STP check box to enable Spanning Tree Protocol on the device. This protocol provides path redundancy while preventing undesirable loops in the network. Action The Action column contains an icon that, when clicked, generates the configuration screen of the particular device. 2009 Verizon. All Rights Reserved. 66 FiOS Router User Manual DNS Server Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. Specify such an address manually, according to the information provided by the ISP. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary. IP Address Distribution The IP Address Distribution section of the Configure Network (Home/Office) screen is used to configure the FiOS Routers Dynamic Host Configuration Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as DHCP Clients. There are three options in this section: Disabled, DHCP Server, and DHCP Relay. Disabled Select this option if statically assigning IP addresses to the network devices. DHCP Server To set up the network bridge to function as a DHCP server:
1. Select DHCP Server. 2. 3. 4. Enter the IP address at which the FiOS Router starts issuing addresses in the Start IP Address text boxes. Since the FiOS Routers default IP address is 192.168.1.1, the Start IP Address should be 192.168.1.2. Enter the end of the IP address range used to automatically issue IP addresses in the End IP Address text boxes. The maximum IP address that can be entered here is 192.168.1.254. Enter the subnet mask address in the Subnet Mask text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. 67 2009 Verizon. All Rights Reserved. 5 5. 6. 7. Using Network Connections 5.2 Network (Home/Office) Connection If Windows Internet Naming Service (WINS) is being used, enter the WINS server address in the WINS Server text boxes. Enter the amount of time a network device will be allowed to connect to the FiOS Router with its currently issued dynamic IP address in the Lease Time in Minutes text box. Click in the Provide Host Name If Not Specified by Client check box to have the FiOS Router automatically assign network devices with a host name, in case a host name is not provided by the user. DHCP Relay Select this option to have the FiOS Router function as a DHCP relay, and enter the IP address in the screen that appears. Routing The FiOS Router can be configured to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, while static routing specifies a fixed routing path to neighboring destinations. To configure routing:
1. 2. 3. Enter a device metric in the Device Metric text box. The device metric is a value used by the FiOS Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time. Click in the Default Route check box to define this device as a default route. Click in the Multicast - IGMP Proxy Internal check box to activate multicasting. Multicasting enables the FiOS Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the FiOS Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. 2009 Verizon. All Rights Reserved. 68 FiOS Router User Manual Routing Table Clicking New Route generates the New Route window, where a new route can be configured. Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the Network (Home/Office) connection. 5.3 Ethernet Connection An Ethernet connection connects computers to the FiOS Router using Ethernet cables, either directly or via network hubs and switches. Click Ethernet in the Network Connections screen (if needed, click Advanced at the bottom of the screen to reveal the Ethernet link below Network [Home/Office]) to generate the Ethernet Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Rule Name text box). Note: If disabling the connection, the FiOS Router must be rebooted for the change to take effect. 69 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.3 Ethernet Connection 5.3a Configuring the Ethernet Connection Click Settings at the bottom-right of the Ethernet Properties screen to generate another Ethernet Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the Ethernet switch. When should this rule occur? Displays when the rule is active. To schedule rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (Network [Home/Office], Broadband Connection, or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. 2009 Verizon. All Rights Reserved. 70 FiOS Router User Manual MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the Ethernet connection. HW Switch Ports This section displays the connection status of the FiOS Routers four Ethernet ports. Clicking on a connections Action icon (in the column on the right) generates the Port Settings screen, where ingress and egress policies can be edited. 71 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.4 Wireless Access Point Connection 5.4 Wireless Access Point Connection A Wireless Access Point connection connects devices wirelessly. Click Wireless Access Point in the Network Connections screen (if needed, click Advanced at the bottom of the screen to reveal the Wireless Access Point link below Network [Home/Office]) to generate the Wireless Access Point Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection
(by clicking Disable) or renaming the connection (by entering a new name in the Name text box). Note: If disabling the connection, the FiOS Router must be rebooted for the change to take effect. 5.4a Configure Wireless Access Point Click Settings at the bottom-right of the Wireless Access Point Properties screen generates a second Wireless Access Point Properties screen. 2009 Verizon. All Rights Reserved. 72 FiOS Router User Manual General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the status of the wireless access point connection. When should this rule occur? Displays when the rule is active. To schedule rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (options: Network [Home/Office], Broadband Connection, or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the Wireless Access Point connection. 73 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.5 Coax Connection 5.5 Coax Connection A Coax connection connects devices (such as set-top boxes) to the FiOS Router using a coaxial cable. Click Coax in the Network Connections screen (if needed, click Advanced at the bottom of the screen to reveal the Coax link below Network [Home/Office]) to generate the Coax Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Name text box). Note: If disabling the connection, the FiOS Router must be rebooted for the change to take effect. 5.5a Configure Coax Click Settings at the bottom-right of the Coax Properties screen generates a second Coax Properties screen. 2009 Verizon. All Rights Reserved. 74 FiOS Router User Manual General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the status of the coax connection. When should this rule occur? Displays when the rule is active. To schedule rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (options: Network [Home/Office], Broadband Connection, or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. Coax Link Set up the coax link options in this section of the Configure Coax screen. Options include Channel, Privacy, and Password. Channel Select the Channel from the drop-down list (select from 1-6, or Automatic). Privacy Toggle Privacy by clicking in the Enabled check box. If Privacy is activated, all devices connected via coaxial cable must use the same password. We recommend leaving the Privacy option deactivated. Password Enter the Coax Link password in this text box. CM Ratio Select the CM Ratio from the drop-down menu here. 75 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.5 Coax Connection Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the Coax Link Ethernet connection. Coax Connection Status Click Go to LAN Coax Stats to generate the Coax Connection Status screen, which gives an overview of all the devices connected to the FiOS Router via coaxial cable. 2009 Verizon. All Rights Reserved. 76 FiOS Router User Manual 5.6 Broadband Ethernet Connection A Broadband Ethernet connection connects the FiOS Router to the Internet using an Ethernet cable. Click Broadband Connection (Ethernet) from the Network Connections screen to generate the Broadband Connection (Ethernet) Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Rule Name text box). Note: If disabling the connection, the FiOS Router must be rebooted for the change to take effect. 77 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.6 Broadband Ethernet Connection 5.6a Configuring the Broadband Ethernet Connection Click Settings at the bottom-right of the first Broadband Connection (Ethernet) Properties window to generate another Broadband Connection (Ethernet) Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless you are familiar with networking concepts. Status Displays the status of the Ethernet connection (Down, Connected, etc.) Schedule Displays when the rule is active. To configure rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (options: Network [Home/Office], Broadband Connection, or DMZ). 2009 Verizon. All Rights Reserved. 78 FiOS Router User Manual Connection Type Displays the type of connection. Since this is an Ethernet Connection, Ethernet is displayed. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. Internet Protocol This section includes three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection has no IP address. This is useful if the connection is operating under a bridge. Obtain an IP Address Automatically Select this option if the ISP requires the connection to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by clicking in the Override Subnet Mask check box and entering another subnet mask address. Additionally, the DHCP lease can be renewed and/or released by clicking on the appropriate DHCP Lease button. The Expires In value displays how long until the DHCP lease expires. Use the Following IP Address Select this option if the connection uses a permanent (static) IP address. The ISP should provide this address, along with a subnet mask address, default gateway address, and, optionally, primary and secondary DNS server addresses. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. This connection can be configured to automatically obtain a DNS server address, or an address can be specified manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the DNS Server drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary. 79 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.6 Broadband Ethernet Connection IP Address Distribution The IP Address Distribution section of the Configure Broadband Connection
(Ethernet) screen is used to configure the FiOS Routers Dynamic Host Configuration Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as DHCP Clients. There are three options in this section: Disabled, DHCP Server, and DHCP Relay. Caution! We strongly recommend leaving this setting at Disabled. Disabled Select this option if statically assigning IP addresses to the network devices. DHCP Server To set up the FiOS Router to function as a DHCP server:
1. Select DHCP Server. 2. 3. 4. 5. 6. 7. Enter the IP address at which the FiOS Router starts issuing addresses in the Start IP Address text boxes. Since the FiOS Routers default IP address is 192.168.1.1, the Start IP Address must be 192.168.1.2 or higher. Enter the end of the IP address range used to automatically issue IP addresses in the End IP Address text boxes. The maximum IP address that can be entered here is 192.168.1.254. Enter the subnet mask address in the Subnet Mask text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. If a Windows Internet Naming Service (WINS) is being used, enter the WINS server address in the WINS Server text boxes. Enter the amount of time a network device will be allowed to connect to the FiOS Router with its currently issued dynamic IP address in the Lease Time in Minutes text box. Just before the time is up, the devices user will need to make a request to extend the lease or get a new IP address. Click in the Provide Host Name If Not Specified by Client check box to have the FiOS Router automatically assign network devices with a host name, in case a host name is not provided by the user. 2009 Verizon. All Rights Reserved. 80 FiOS Router User Manual DHCP Relay Select this option to have the FiOS Router function as a DHCP relay. To enter a new IP address for the relay, click New IP Address. The DHCP Relay Server Address screen appears. Enter the new IP address in the appropriate text boxes, then click Apply. Routing Routing Mode Select one of the following two Routing modes:
- Select this option to cause the FiOS Router to act as a router between Route two networks. NAPT
- Select this option to activate NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the FiOS Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default Route Click in this check box to define the connection as a the default route. Multicast - IGMP Proxy Default Click in this check box to enable the FiOS Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the FiOS Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Routing Table Clicking New Route generates the New Route window, where a new route can be configured. 81 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.7 Broadband Coax Connection Internet Connection Firewall Click in the Enabled check box to activate the FiOS Routers firewall on the connection. Additional IP Addresses Clicking New IP Address generates the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the connection. 5.7 Broadband Coax Connection A Broadband Coax connection connects the FiOS Router to the Internet using a coaxial cable. Click Broadband Connection (Coax) in the Network Connections screen to generate the Broadband Connection (Coax) Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Name text box). Note: If disabling the connection, the FiOS Router must be rebooted for the change to take effect. 2009 Verizon. All Rights Reserved. 82 FiOS Router User Manual 5.7a Configuring the Broadband Coax Connection Click Settings at the bottom of the Broadband Connection (Coax) Properties screen to generate another Broadband Connection (Coax ) Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless you are familiar with networking concepts. Status Displays the status of the connection (Down, Connected, etc.). When should this rule occur? Displays when the rule is active. To schedule rules, see the Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (options: Network [Home/Office], Broadband Connection, or DMZ). 83 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.7 Broadband Coax Connection Connection Type Displays the type of connection. Since this is a coaxial connection, Coax is displayed. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic sets the MTU at 1500. Other choices include Automatic by DHCP, which sets the MTU according to the DHCP connection, and Manual, which allows the MTU to be set manually. Coax Link Check and configure the coax link connection in this section of the screen. Auto Detection Select whether you want the FiOS Router to automatically detect a coaxial link here. Privacy Toggle Privacy by clicking in the Enabled check box. If Privacy is activated, all devices connected via coaxial cable must use the same password. We recommend leaving the Privacy option deactivated. Password Enter the Coax Link password here. CM Ratio Select the CM Ratio from the drop-down menu here. WAN Coax Connection Speeds This section displays the FiOS Routers Tx and Rx speeds (in Mbps). Internet Protocol This section includes three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection has no IP address. This is useful when the connection is operating under a bridge. 2009 Verizon. All Rights Reserved. 84 FiOS Router User Manual Obtain an IP Address Automatically Select this option if the ISP requires the connection to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by clicking in the Override Subnet Mask check box and entering another subnet mask address. Additionally, the DHCP lease can be renewed and/or released by clicking on the appropriate DHCP Lease button. The Expires In value displays how long until the DHCP lease expires. Use the Following IP Address Select if the WAN connection is configured using a permanent (static) IP address. The ISP should provide this address, along with a subnet mask address, default gateway address, and, optionally, primary and secondary DNS server addresses. DHCP Lease Renew or release the current DHCP lease by clicking on the appropriate button. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The connection can be set to automatically obtain a DNS server address, or an address can be set manually, according to information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the DNS Server drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary. IP Address Distribution The IP Address Distribution section of the Configure Broadband Connection
(Coax) screen allows the user to configure the FiOS Routers Dynamic Host Configuration Protocol (DHCP) server parameters. The DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as DHCP Clients. There are three options in this section:
Disabled, DHCP Server, and DHCP Relay. Caution! We strongly recommend leaving this setting at Disabled. 85 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.7 Broadband Coax Connection Disabled Select this option if statically assigning IP addresses to the network devices. DHCP Server To set up the Broadband Coax connection to function as a DHCP server:
1. Select DHCP Server. 2. 3. 4. 5. 6. 7. Enter the IP address at which the FiOS Router starts issuing addresses in the Start IP Address text boxes. Since the FiOS Routers default IP address is 192.168.1.1, the Start IP Address must be 192.168.1.2. Enter the end of the IP address range used to automatically issue IP addresses in the End IP Address text boxes. The maximum IP address that can be entered here is 192.168.1.254. Enter the subnet mask address in the Subnet Mask text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. If a Windows Internet Naming Service (WINS) is being used, enter the WINS server address in the WINS Server text boxes. Enter the amount of time a network device will be allowed to connect to the FiOS Router with its currently issued dynamic IP address in the Lease Time in Minutes text box. Just before the time is up, the devices user will need to make a request to extend the lease or get a new IP address. Click in the Provide Host Name If Not Specified by Client check box to have the FiOS Router automatically assign network devices with a host name, in case a host name is not provided by the user. DHCP Relay Select this option to have the FiOS Router function as a DHCP relay, and enter the IP address in the screen that appears. 2009 Verizon. All Rights Reserved. 86 FiOS Router User Manual Routing Routing Mode Select one of the following two Routing modes:
- Select this option to cause the FiOS Router to act as a router between Route two networks. NAPT
- Select this option to activate NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the FiOS Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default Route Click in this check box to define the connection as a the default route. Multicast - IGMP Proxy Default Click in this check box to enable the FiOS Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the FiOS Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Internet Connection Firewall Enable or disable the firewall for this interface. It is recommended to keep the firewall enabled for all of the FiOS Routers connection interfaces. Additional IP Addresses Click New IP Address to generate the Additional IP Address Settings screen, where additional IP addresses can be created to access the FiOS Router via the connection. 87 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.8 WAN PPPoE Connection 5.8 WAN PPPoE Connection WAN Point-to-Point Protocol over Ethernet (PPPoE) relies on two widely accepted standards: Point-to-Point Protocol and Ethernet. PPPoE enables Ethernet networked computers to exchange information with computers on the Internet. PPPoE supports the protocol layers and authentication widely used in PPP and enables a point-to-point connection to be established in the normally multipoint architecture of Ethernet. A discovery process in PPPoE determines the Ethernet MAC address of the remote device in order to establish a session. Click WAN PPPoE in the Network Connections screen to generate the WAN PPPoE Properties screen. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Name text box). 2009 Verizon. All Rights Reserved. 88 FiOS Router User Manual 5.8a Configuring the WAN PPPoE Connection Click Settings in the WAN PPPoE Properties screen to generate another WAN PPPoE Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the WAN PPPoE connection. (Down, Disabled, Connected, etc.) When should this rule occur? Displays when the rule is active. To schedule rules, see Advanced Settings chapter. 89 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.8 WAN PPPoE Connection Network Select the type of connection being configured from the drop-down list (Broadband Connection, Network (Home/Office), or DMZ). Connection Type Displays the type of connection. Since this is PPPoE connection, PPPoE is displayed. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic, sets the MTU at 1492. Other choices include Automatic, which sets the MTU according to the connection to the ISP, and Manual, which allows the MTU to be set manually. Underlying Connection Specify the underlying connection above which the protocol initiates from the drop-down list, which displays all possible underlying devices. PPP Configuration Point-to-Point Protocol (PPP) is the most popular method for transporting packets between the user and the ISP. Service Name Specify the networking peers service name, if provided by the ISP, in this text box. On-Demand To use PPP on demand to initiate the point-to-point protocol session only when packets are actually sent over the Internet, click in this check box. This option should be active on a limited basis Idle Time Before Hanging Up Enter the amount of idle time, in minutes, before the PPP session automatically ends . Time Between Reconnect Attempts In this text box, specify the duration between PPP reconnect attempts, as provided by the ISP. PPP Authentication Point-to-Point Protocol (PPP) currently supports four authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP versions 1 and 2. Select the authentication protocols the FiOS Router may use when negotiating with a PPTP server in this section. Select all the protocols if no information is available about the servers authentication methods. Note that encryption is performed only if Microsoft CHAP, Microsoft CHAP version 2, or both are selected. 2009 Verizon. All Rights Reserved. 90 FiOS Router User Manual Warning: The PPP Authentication settings should not be changed unless instructed to do so by your ISP. Login User Name Enter the user name (provided by the ISP) in this text box. Login Password Enter the password (provided by the ISP) in this text box. Support Unencrypted Password (PAP) Password Authentication Protocol
(PAP) is a simple, plain-text authentication scheme. The user name and password are requested by the networking peer in plain-text. PAP, however, is not a secure authentication protocol. Man-in-the-middle attacks can easily determine the remote access clients password. PAP offers no protection against replay attacks, remote client impersonation, or remote server impersonation. Support Challenge Handshake Authentication (CHAP) Click in this check box to activate CHAP, a challenge-response authentication protocol that uses MD5 to hash the response to a challenge. CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt. Support Microsoft CHAP Click in this check box if communicating with a peer that uses Microsoft CHAP authentication protocol. Support Microsoft CHAP Version 2 Select this check box if communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol. PPP Compression The PPP Compression Control Protocol (CCP) is responsible for configuring, enabling, and disabling data compression algorithms on both ends of the point-to-point link. It is also used to signal a failure of the compression/
decompression mechanism in a reliable manner. For each compression algorithm (BSD and Deflate), select one of the following from the drop-down list:
Reject Selecting this option rejects PPP connections with peers that use the compression algorithm. If Reject is activated, throughput may diminish. Allow Selecting this option allows PPP connections with peers that use the compression algorithm. Require Selecting this option insures a connection with a peer using the compression algorithm. 91 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.8 WAN PPPoE Connection Internet Protocol Select one of the following Internet Protocol options from the Internet Protocol drop-down list:
Obtain an IP Address Automatically This option is selected by default. Change only if required by the ISP. The server that assigns the FiOS Router with an IP address also assigns a subnet mask. Override the dynamically assigned subnet mask by selecting the Override Subnet Mask and entering a different subnet mask. Use the Following IP Address Select this option to configure the FiOS Router to use a permanent (static) IP address. The ISP should provide this address. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The FiOS Router can be configured to automatically obtain a DNS server address, or the address can be entered manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the DNS Server drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses from the DNS Server drop-down list. Up to two different DNS server addresses can be entered (Primary and Secondary). Routing Routing Mode Select one of the following two Routing modes:
- Select this option to cause the FiOS Router to act as a router between Route two networks. NAPT
- Select this option to activate NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the FiOS Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. 2009 Verizon. All Rights Reserved. 92 FiOS Router User Manual Default Route Click in this check box to define the connection as a the default route. Multicast - IGMP Proxy Default Click in this check box to enable the FiOS Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the FiOS Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Routing Table Clicking New Route generates the New Route screen, where a new route can be configured. Internet Connection Firewall Click in the Enabled check box to activate the FiOS Routers firewall on the WAN PPPoE connection. 5.9 WAN PPPoE 2 Connection Click WAN PPPoE 2 in the Network Connections screen to generate the WAN PPPoE 2 Properties screen. WAN PPPoE 2 is used for the FiOS Routers PPPoE connections over coaxial cable. This screen displays a list of the connections properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the Name text box). 93 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.9 WAN PPPoE 2 Connection 5.9a Configuring the WAN PPPoE 2 Connection Click Settings in the WAN PPPoE 2 Properties screen to generate another WAN PPPoE Properties screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the WAN PPPoE connection. (Down, Disabled, Connected, etc.) When should this rule occur? Displays when the rule is active. To schedule rules, see Advanced Settings chapter. Network Select the type of connection being configured from the drop-down list (Broadband Connection, Network (Home/Office), or DMZ). 2009 Verizon. All Rights Reserved. 94 FiOS Router User Manual Connection Type Displays the type of connection. Since this is PPPoE connection, PPPoE is displayed. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. Automatic, sets the MTU at 1492. Other choices include Automatic, which sets the MTU according to the connection to the ISP, and Manual, which allows the MTU to be set manually. Underlying Connection Specify the underlying connection above which the protocol initiates from the drop-down list, which displays all possible underlying devices. PPP Configuration Point-to-Point Protocol (PPP) is the most popular method for transporting packets between the user and the ISP. Service Name Specify the networking peers service name, if provided by the ISP, in this text box. On-Demand To use PPP on demand to initiate the point-to-point protocol session only when packets are actually sent over the Internet, click in this check box. This option should be active on a limited basis Idle Time Before Hanging Up Enter the amount of idle time, in minutes, before the PPP session automatically ends . Time Between Reconnect Attempts In this text box, specify the duration between PPP reconnect attempts, as provided by the ISP. PPP Authentication Point-to-Point Protocol (PPP) currently supports four authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP versions 1 and 2. Select the authentication protocols the FiOS Router may use when negotiating with a PPTP server in this section. Select all the protocols if no information is available about the servers authentication methods. Note that encryption is performed only if Microsoft CHAP, Microsoft CHAP version 2, or both are selected. Warning: The PPP Authentication settings should not be changed unless instructed to do so by your ISP. 95 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.9 WAN PPPoE 2 Connection Login User Name Enter the user name (provided by the ISP) in this text box. Login Password Enter the password (provided by the ISP) in this text box. Support Unencrypted Password (PAP) Password Authentication Protocol
(PAP) is a simple, plain-text authentication scheme. The user name and password are requested by the networking peer in plain-text. PAP, however, is not a secure authentication protocol. Man-in-the-middle attacks can easily determine the remote access clients password. PAP offers no protection against replay attacks, remote client impersonation, or remote server impersonation. Support Challenge Handshake Authentication (CHAP) Click in this check box to activate CHAP, a challenge-response authentication protocol that uses MD5 to hash the response to a challenge. CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt. Support Microsoft CHAP Click in this check box if communicating with a peer that uses Microsoft CHAP authentication protocol. Support Microsoft CHAP Version 2 Select this check box if communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol. PPP Compression The PPP Compression Control Protocol (CCP) is responsible for configuring, enabling, and disabling data compression algorithms on both ends of the point-to-point link. It is also used to signal a failure of the compression/
decompression mechanism in a reliable manner. For each compression algorithm (BSD and Deflate), select one of the following from the drop-down list:
Reject Selecting this option rejects PPP connections with peers that use the compression algorithm. If Reject is activated, throughput may diminish. Allow Selecting this option allows PPP connections with peers that use the compression algorithm. Require Selecting this option insures a connection with a peer using the compression algorithm. 2009 Verizon. All Rights Reserved. 96 FiOS Router User Manual Internet Protocol Select one of the following Internet Protocol options from the Internet Protocol drop-down list:
Obtain an IP Address Automatically This option is selected by default. Change only if required by the ISP. The server that assigns the FiOS Router with an IP address also assigns a subnet mask. Override the dynamically assigned subnet mask by selecting the Override Subnet Mask and entering a different subnet mask. Use the Following IP Address Select this option to configure the FiOS Router to use a permanent (static) IP address. The ISP should provide this address. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The FiOS Router can be configured to automatically obtain a DNS server address, or the address can be entered manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the DNS Server drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses from the DNS Server drop-down list. Up to two different DNS server addresses can be entered (Primary and Secondary). Routing Routing Mode Select one of the following two Routing modes:
- Select this option to cause the FiOS Router to act as a router between Route two networks. NAPT
- Select this option to activate NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the FiOS Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. 97 2009 Verizon. All Rights Reserved. 5 Using Network Connections 5.9 WAN PPPoE 2 Connection Default Route Click in this check box to define the connection as a the default route. Multicast - IGMP Proxy Default Click in this check box to enable the FiOS Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the FiOS Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Routing Table Clicking New Route generates the New Route screen, where a new route can be configured. Internet Connection Firewall Click in the Enabled check box to activate the FiOS Routers firewall on the WAN PPPoE connection. 2009 Verizon. All Rights Reserved. 98 6 Introduction 6.0 6.1 Overview 6.2 Firewall 6.3 Access Control 6.4 Port Forwarding 6.5 DMZ Host 6.6 Port Triggering 6.7 Remote Administration 6.8 Static NAT 6.9 Advanced Filtering 6.10 Security Log Configuring Security Settings 99 2009 Verizon. All Rights Reserved. The FiOS Routers security suite includes comprehensive and robust security services: Stateful Packet Inspection, firewall, user authentication protocols, and password protection mechanisms. These features allow users to connect their computers to the Internet and without worrying about security threats. 2009 Verizon. All Rights Reserved. 100 FiOS Router User Manual 6.1 Overview This chapter covers the following security features:
Firewall
- select the security level for the firewall. Access Control - restrict access from the local network to the Internet. Forwarding - enable access from the Internet to specified services Port provided by computers on the local network. Host - configure a network host to receive all traffic arriving at the FiOS DMZ Router which does not belong to a known session. Triggering - define port triggering entries to dynamically open the Port firewall for some protocols or ports. Administration - enable remote configuration of the FiOS Router Remote from any Internet-accessible computer. NAT - allow multiple static NAT IP addresses to be designated to Static devices on the network. Advanced Filtering - control the firewalls settings and rules. Security Log - view and configure the security log. 101 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.2 Firewall 6.2 Firewall The FiOS Routers firewall is the cornerstone of the FiOS Routers security suite. It has been exclusively tailored to the needs of the residential/office user and is pre-configured to provide optimum security. The firewall provides both the security and flexibility home and office users seek. It provides a managed, professional level of network security while enabling the safe use of interactive applications, such as Internet gaming and video-conferencing. Additional features, including surfing restrictions and access control, can also be configured locally through the FiOS Routers GUI, or remotely by a service provider. The firewall also supports advanced filtering, designed to allow comprehensive control over the firewalls behavior. Specific input and output rules can be defined, the order of logically similar sets of rules can be controlled, and distinctions between rules that apply to Internet and local network devices can be made. The firewall regulates the flow of data between the local network and the Internet. Both incoming and outgoing data are inspected and then either accepted (allowed to pass through the FiOS Router) or rejected (barred from passing through the FiOS Router) according to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions from the outside, while allowing local network users access to required Internet services. The firewall rules specify what types of services available on the Internet can be accessed from the local network and what types of services available in the local network can be accessed from the Internet. Each request for a service the firewall receives, whether originating in the Internet or from a computer in the local network, is checked against the firewall rules to determine whether the request should be allowed to pass through the firewall. If the request is permitted to pass, all subsequent data associated with this request (a session) 2009 Verizon. All Rights Reserved. 102 FiOS Router User Manual will also be allowed to pass, regardless of its direction. For example, when accessing a website on the Internet, a request is sent out to the Internet for this site. When the request reaches the FiOS Router, the firewall identifies the request type and origin (HTTP and a specific computer in the local network, in this case). Unless the FiOS Router is configured to block requests of this type from this computer, the firewall allows this request to pass out onto the Internet. When the website is returned from the web server, the firewall will associate it with this session and allow it to pass, regardless of whether HTTP access from the Internet to the local network is blocked or permitted. Note that it is the origin of the request, not subsequent responses to this request, which determines whether a session can be established or not. 6.2a General Screen The General screen is used to configure the FiOS Routers basic firewall settings. 103 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.2 Firewall The FiOS Router features three pre-defined firewall security levels: Maximum, Typical, and Minimum. The table below summarizes the behavior of the FiOS Router for each of the three security levels. Security Level Maximum Security Internet requests
(incoming traffic) Blocked - No access to local network from Internet, except as configured in the Port Forwarding, DMZ host, and Remote Access screens. Local network requests
(outgoing traffic) Limited - Only commonly used services, such as web browsing and email, are permitted. 2009 Verizon. All Rights Reserved. 104 FiOS Router User Manual Typical Security Minimum Security Blocked - No access to local network from Internet, except as configured in the Port Forwarding, DMZ host, and Remote Access screens. Unrestricted - Permits full access from Internet to local network; all connection attempts permitted. Unrestricted - All services are permitted, except as configured in the Access Control screen. Unrestricted - All services are permitted, except as configured in the Access Control screen. These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. Note: Some applications (such as some Internet messengers and Peer-To-Peer client applications) tend to use these ports if they cannot connect with their own default ports. When applying this behavior, these applications will not be blocked outbound, even at the Maximum Security level. To configure the FiOS Routers firewall security settings:
1. 2. From the General screen, select a security level by clicking the appropriate radio button. Using the Minimum Security setting may expose the local network to significant security risks, and thus should only be used for short periods of time. Check the Block IP Fragments box to protect the local network from a common type of hacker attack that uses fragmented data packets to sabotage the network. Note that VPN over IPSec and some UDP-based services make legitimate use of IP fragments. IP fragments must be allowed to pass into the local network to use these services. 105 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.3 Access Control 3. Click Apply to save changes. 6.3 Access Control Access control is used to block specific computers within the local network (or even the whole network) from accessing certain services on the Internet. For example, one computer can be prohibited from surfing the Internet, another computer from transferring files using FTP, and the whole network from receiving incoming email. Access control defines restrictions on the types of requests that can pass from the local network out to the Internet, and thus may block traffic flowing in both directions. In the email example given above, computers in the local network can be prevented from receiving email by blocking their outgoing requests to POP3 servers on the Internet. Access control also incorporates a list of preset services in the form of applications and common port settings. 6.3a Allow or Restrict Services To view and allow/restrict these services:
1. Access Control from the left side of any Security screen. The Access Select Control screen appears. Note: The Allowed section is only visible when the firewall is set to Maximum. 2009 Verizon. All Rights Reserved. 106 FiOS Router User Manual 2. Click Add. The Add Access Control Rule screen appears. Note: To block a service, click Add in the Blocked section of the Access Control screen. To allow outgoing traffic, click Add in the Allowed section of the screen. 3. If this access control rule applies to all networked devices, select the Networked Computer/Device list box. If this rule applies to certain devices only, select User Defined and click Add. Then, create and add a network object (for more details about adding network objects, see the Advanced Settings chapter of this manual). Any from 4. Select the Internet protocol to be allowed or blocked from the Protocol 107 2009 Verizon. All Rights Reserved. 6 5. Configuring Security Settings 6.4 Port Forwarding drop-down list. If the rule will be active all the time, select this rule occur? drop-down list. If the rule will only be active at certain times, select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the Advanced Settings chapter of this manual). Always from the When should 6. Apply to save the changes. The Access Control screen will display a Click summary of the new access control rule. Note: To block a service not included in the list, select User Defined from the Protocol drop-down menu. The Edit Service screen appears. Define the service, then click OK. The service will then be automatically added to the top section of the Add Access Control Rule screen, and will be selectable. An access control can be disabled and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available temporarily, with the expectation that the restriction will be reinstated later. To temporarily disable an access control, clear the check box next to the service name. To reinstate the restriction at a later time, select the check box next to the service name. To remove an access restriction from the Access Control table, click for the service. The service will be removed from the Access Control table. Remove 6.4 Port Forwarding Activating Port Forwarding allows the network to be exposed to the Internet in certain limited and controlled ways, enabling some applications to work from the local network (game, voice, and chat applications, for example), as well as allowing Internet access to servers in the local network. To set this up on a networked device, locate the device in the My Network column, then click Port Forwarding. The Port Forwarding screen appears. 2009 Verizon. All Rights Reserved. 108 FiOS Router User Manual To set up basic port forwarding:
1. 2. 3. Click the arrow next to IP Address forward to or select from menu to display a menu and either enter the IP address of the item to port forward from, or choose an item from the drop-down menu. Click the arrow next to Application to forward and select a pre-
configured application from the drop-down menu. Apply. The new port forwarding rule appears in the Applied rules Click table at the bottom of the screen. To set up advanced port forwarding (custom ports):
1. 2. Click the arrow next to Application to forward and select from the drop-down menu. Custom Ports Enter the host name (from the drop-down list) or local IP address of the computer providing the service in the Specify IP text box. Note that only one local network computer can be assigned to provide a specific service or application. 3. Click Advanced. 4. 5. 6. Select the Internet protocol to be provided from the Protocol drop-down list. Depending on the protocol selected, additional options appear in the screen. Select the connection with which this port forwarding rule will be active from the WAN Connection Type drop-down list. To select a port to forward communications to (this is optional), select Specify from the Forward to Port drop-down list, then, in the text box 109 2009 Verizon. All Rights Reserved. 6 7. 8. Configuring Security Settings 6.5 DMZ Host that appears, enter the port number. If no port is identified, select Same as Incoming Port. If this port will be active all the time, select Always from the Schedule drop-down list. If the rule will only be active at certain times, select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the Advanced Settings chapter of this manual). If source and destination ports need to be specified, select Specify from the drop-down menu list (by clicking on the appropriate arrow), then entering the port numbers. 9. Apply to save the changes. The new port forwarding rule appears in Click the Applied rules table at the bottom of the screen. How many computers can use a service or play a game simultaneously? The answer may be a bit confusing. All the computers on the network can behave as clients and use a specific service simultaneously. Being a client means the computer within the network initiates the connection; for example, a computer on the network can open an FTP connection with an FTP server on the Internet. But only one computer on the network can operate as a server and respond to requests from computers on the Internet (outside the local network). 6.5 DMZ Host The DMZ (De-Militarized Zone) host feature allows one device on the network to operate outside the firewall. Designate a DMZ host:
To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available. To expose one computer to all services without restriction or security. Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security 2009 Verizon. All Rights Reserved. 110 FiOS Router User Manual implications and protect it if necessary. To designate a local computer as a DMZ host:
1. DMZ Host from the left side of any Security screen. The DMZ Host Select screen appears. 2. Click in the DMZ Host IP Address check box, then enter the IP address of the computer to be designated as a DMZ host. Note that only one network computer can be a DMZ host at any time. 3. Click Apply. Click in the DMZ Host IP Address check box again to disable the DMZ host. 6.6 Port Triggering Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, inbound traffic is allowed to arrive at a specific network host using ports different than those used for the outbound traffic. The outbound traffic triggers which ports inbound traffic is directed. For example, a gaming server is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In this case, port triggering must be used, since it conflicts with the following default firewall settings:
The firewall blocks inbound traffic by default. The server replies to the FiOS Routers IP, and the connection is not sent back 111 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.7 Remote Administration to the host, since it is not part of a session. To resolve the conflict, a port triggering entry must be defined, which allows inbound traffic on UDP port 3333, only after a network host generated traffic to UDP port 2222. This results in accepting the inbound traffic from the gaming server, and sending it back to the network host which originated the outgoing traffic to UDP port 2222. To use port triggering:
1. Port Triggering from the left side of any Security screen. The Port Select Triggering screen appears. 2. 3. 4. Select either User Defined or Show All Services from the drop-down list next to Add. If Show All Services is selected in step 2, select a Service from the list. The service is added to the Port Triggering screen as an active protocol. If User Defined is selected in step 2, the Edit Port Triggering Rule screen appears. Enter a service name in the appropriate text box, then configure its inbound and outbound trigger ports by clicking the appropriate links.. 6.7 Remote Administration The FiOS Router can be accessed and controlled not only from within the local network, but also from the Internet using remote adminstration. 2009 Verizon. All Rights Reserved. 112 FiOS Router User Manual To access, select Remote Administration from the left side of any Security screen. The Remote Administration screen appears. 6.7a Telnet Telnet is used to create a command-line session and gain access to all system settings and parameters using a text-based terminal. Select the Telnet port to be used by clicking in the appropriate check box, then click Apply. 6.7b Web Management 113 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.8 Static NAT Web Management is used to obtain access to the FiOS Routers GUI and gain access to all settings and parameters,using a web browser. Both secure (HTTPS) and non-secure (HTTP) access is available. Select the port to be used by clicking in the appropriate text box, then click Apply. Note: Telnet and Web Management remote administration access may be used to modify or disable firewall settings. Local IP addresses and other settings can also be changed, making it difficult or impossible to access the FiOS Router from the local network. Therefore, remote adminstration access to Telnet or Web Management services should be activated only when absolutely necessary. 6.7c Diagnostic Tools Diagnostic Tools are used for troubleshooting and remote system management by a user or the ISP. Note: Encrypted remote administration is performed using a secure SSL connection, and requires an SSL certificate. When accessing the FiOS Router for the first time using encrypted remote administration, a warning appears regarding certificate authentication because the FiOS Routers SSL certificate is self-generated. When encountering this message under these circumstances, ignore it and continue. Even though this message appears, the self-generated certificate is safe, and provides a secure SSL connection. 6.8 Static NAT Static NAT allows devices behind a firewall and configured with private IP addresses appear to have public IP addresses on the Internet. This allows an internal host, such as a web server, to have an unregistered (private) IP address and still be accessible over the Internet. To do this:
1. Select Static NAT from any Security screen. The Static NAT screen appears. 2009 Verizon. All Rights Reserved. 114 FiOS Router User Manual 2. Click Add. The Add NAT/NAPT Rule screen appears. 3. 4. 5. 6. Select a source address from the Specify Address drop-down list in the Local Host row, or enter a IP address in the text box to the right. Enter the public IP address in the Public IP Address text boxes. Select the WAN connection type from the WAN Connection Type drop-
down list. If using port forwarding, activate the Enable Port Forwarding check box, then select a protocol from the Protocol drop-down menu. Repeat these steps to add more static IP addresses from the network. 6.9 Advanced Filtering Advanced filtering is designed to allow comprehensive control over the firewalls behavior. Specific input and output rules can be defined, the order of logically 115 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.9 Advanced Filtering similar sets of rules controlled, and distinctions made between rules that apply to Internet and rules that apply to local network devices. To access, select Advanced Filtering from any Security screen. The Advanced Filtering screen appears. Two sets of rules can be configured: input rules and output rules. Following is a description of the set ordering for inbound and outbound packets. 6.9a Inbound/Outbound Packets - Rule Sets There are numerous rules automatically inserted by the firewall to provide improved security and block harmful attacks. These pre-populated rules displayed are required for operation on the Verizon network. To configure advanced filtering rules, click Add next to the rule title. The Add Advanced Filter screen appears. 2009 Verizon. All Rights Reserved. 116 FiOS Router User Manual To add an advanced filtering rule, define the following rule parameters:
6.9c Matching To apply a firewall rule, a match must be made between IP addresses or ranges and ports. Use the Source Address and Destination Address drop-down lists to define the coupling of source and destination traffic. Port matching will be defined when selecting protocols. For example, if the FTP protocol is selected, port 21 will be checked for matching traffic flow between the defined source and destination IPs. 6.9d Operation This is where the action the rule will take is defined. Select one of the following radio buttons:
- Deny access to packets that match the source and destination IP Drop addresses and vCP reset to the origination peer.
- Allow access to packets that match the source and destination IP Accept addresses and protocol ports defined in upper section of the screen. The data transfer session will be handled using Stateful Packet Inspection (SPI).
- Allow access to packets that match the source and Accept Packet destination IP addresses and protocol ports defined in upper section of the screen. The data transfer session will not be handled using Stateful Packet Inspection (SPI), so other packets that match this rule will not be automatically allowed access. This setting is useful when creating rules that allow broadcasting. 117 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.10 Security Log 6.9e Logging Click in this check box to add entries relating to this rule to the security log. 6.9f Scheduler (When should this rule occur?) If advanced filtering needs to be active all the time, select Always from the When should this rule occur? drop-down list. If the rule will only be active at certain times select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the Advanced Settings chapter of this manual) 6.10 Security Log The security log displays a list of firewall-related events, including attempts to establish inbound and outbound connections, attempts to authenticate at an administrative interface (the Routers GUI or Telnet terminal), firewall configuration, and system start-up. To access the security log, select Security Log from any Security screen. The Security Log screen appears. 6.10a Time The time (based on the FiOS Routers date and time settings) the event occurred. 6.10b Event 2009 Verizon. All Rights Reserved. 118 FiOS Router User Manual There are three kinds of events listed in the system log: Firewall Info, Firewall Setup, and System Log. 6.10c Event-Type The Details column displays more information about the packet or the event, such as protocol, IP addresses, ports, etc. The following are the available event types that can be recorded in the security log:
802.1Q
- a 802.1Q (VLAN) packet has been accepted. control - a packet has been accepted/blocked because of an access Access control rule. Advanced Filter Rule advanced filter rule.
- a packet has been accepted/blocked because of an ARP
- an ARP packet has been accepted. AUTH:113 request accepted (for maximum security level).
- an outbound packet for AUTH protocol has been Broadcast/Multicast protection source IP has been blocked.
- a packet with a broadcast/multicast Connection closed -
debug message regarding connection. Connection opened
- debug message regarding connection. policy - a packet has been accepted/blocked according to the Default default policy. Defragmentation failed blocked until all fragments have arrived and defragmentation can be performed.
- the fragment has been stored in memory and relay agent - a DHCP relay packet has been received (depends on the DHCP distribution) request - the FiOS Router sent a DHCP request (depends on the DHCP distribution) 119 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.10 Security Log response - the FiOS Router received a DHCP response (depends on DHCP the distribution) network packet - a packet from a demilitarized zone network has been DMZ blocked. Echo/Chargen/Quote/Snork protection Echo/Chargen/Quote/Snork protection.
- a packet has been blocked due to Error: No memory lack of memory.
- a new connection has not been established because of Firewall internal type is recorded, an accompanying explanation will be added.
- from the firewall internal mechanism, in case this event-
Firewall rules were changed
- the firewall rule set has been modified. Firewall status changed the vice versa, as specified in the event type description.
- the firewall changed status from up to down or First packet in connection is not a SYN packet due to a TCP connection that started without a SYN packet.
- a packet has been blocked Fragmented packet
- a fragment has been rejected. Fragmented packet, bad align defragmentation, the packet was badly aligned.
- a packet has been blocked because, after Fragmented packet, header too big after defragmentation, the header was too big.
- a packet has been blocked because, Fragmented packet, header too small because, after defragmentation, the header was too small.
- a packet has been blocked Fragmented packet, no memory because there is no memory for fragments.
- a fragmented packet has been blocked Fragmented packet, overlapped defragmentation, there were overlapping fragments.
- a packet has been blocked because, after Fragmented packet, packet exceeds after defragmentation, the packet exceeded.
- a packet has been blocked because, Fragmented packet, packet too big after defragmentation, the packet was too big.
- a packet has been blocked because, 2009 Verizon. All Rights Reserved. 120 FiOS Router User Manual FTP port request to 3rd party is forbidden (Possible bounce attack) a packet has been blocked.
ICMP Flood Protection ICMP flood.
- a packet has been blocked, stopping an ICMP protection
- a broadcast ICMP message has been blocked. ICMP redirect protection
- an ICMP redirected message has been blocked. ICMP replay has been blocked.
- an ICMP (Internet Control Message Protocol) replay message IGMP packet - an IGMP packet has been accepted. Illegal packet options illegal or forbidden.
- the options field in the packets header is either IP Version 6
- an IPv6 packet has been accepted. IPV6 over IPV4
- an IPv6 over IPv4 packet has been accepted. Malformed packet: Failed parsing is malformed.
- a packet has been blocked because it Maximum security enabled service it belongs to a permitted service in the maximum security level.
- a packet has been accepted because Multicast IGMP connection - a multicast packet has been accepted. Error: connection pool is full. No connection created -a connection has NAT not been created because the connection pool is full. NAT Error: Conflict Mapping already exists the NAT mapping already exists, so NAT failed.
- a conflict occurred because NAT Error: No free NAT IP
- no free NAT IP, so NAT has failed. NAT out failed - NAT failed for this packet. Outbound Auth1X
- an outbound Auth1X packet has been accepted. Packet invalid in connection blocked.
- an invalid connection packet has been 121 2009 Verizon. All Rights Reserved. 6 Configuring Security Settings 6.10 Security Log Parental control - a packet has been blocked because of parental control. Passive attack on ftp-server: Client attempted to open Server ports packet has been blocked.
- a PPP Discover
- a PPP discover packet has been accepted. PPP Session
- a PPP session packet has been accepted. connection - a packet inquiring whether the FiOS Router is ready to PPTP receive a PPTP connection has been accepted. administration - a packet designated for the FiOS Router Remote management has been accepted/blocked. Router initiated traffic
- all traffic the FiOS Router initiates is recorded.
- a packet has been accepted because of a certain service, as Service specified in the event type. Spoofing protection the local network has been blocked.
- a packet from the Internet with a source IP belonging STP packet accepted/rejected.
- an STP (Spanning Tree Protocol) packet has been SynCookies Protection
- a SynCookies packet has been blocked. Trusted device - a packet from a trusted device has been accepted. UDP Flood Protection
- a packet has been blocked, stopping a UDP flood. authentication - a message arrived during login time, including both User successful and failed authentication. Wildcard connection hooked
- debug message regarding connection. Wildcard connection opened
- debug message regarding connection. WinNuke protection
- a WinNuke attack has been blocked. 6.10d Details 2009 Verizon. All Rights Reserved. 122 FiOS Router User Manual Displays a textual description of the event. 6.10e Security Log Settings To view or change the security log settings:
1. Settings in the Security Log screen. The Security Log Settings Click screen appears. 2. Select the type of activities that will generate a log message:
Accepted Incoming Connections message for each successful attempt to establish an inbound connection to the local network.
- activating this check box generates a log Accepted Outgoing Connections log message for each successful attempt to establish an outgoing connection to the public network.
- activating this check box generates a 3. Select the type of blocked events to be listed in the log:
All Blocked Connection Attempts messages for all blocked events.
- activating this check box generates log Other Blocked Events select specific blocked events from this list to generate log messages.
- if All Blocked Connection Attempts is un-checked, 4. Click in the Remote Administration Attempts check box to write a log 123 2009 Verizon. All Rights Reserved. Introduction 7.0 7.1 Activating Parental Controls 7.2 Rule Summary 7 Using Parental Controls 2009 Verizon. All Rights Reserved. 124 The abundance of harmful information on the Internet poses a serious challenge for employers and parents alike - How can I regulate what my employee or child does on the Internet? The FiOS Routers Parental Controls allow users to control and monitor Internet access on all locally networked devices. 125 2009 Verizon. All Rights Reserved. 7 Using Parental Controls 7.1 Activating Parental Controls 7.1 Activating Parental Controls To create a basic access policy for a computer on the FiOS Routers network, click Parental Control from the top of the Home screen and follow these instructions:
1. The Parental Control screen appears. From the Networked Computer/
Device list box, select a computer/device, then click Add. The computer/
device appears in the Selected Devices list box. 2. In the Limit Access by section, select one of the following options:
Block the following Websites and Embedded Keywords within a Website
- blocks all websites or keywords entered in step 4 from being accessed on the computers/devices selected in step 2. A llow the following Websites and Embedded Keywords within a Website
- allows access only to the websites or keywords entered in step 4 on the computers/devices selected in step 2. Blocking ALL Internet Access devices selected in step 2.
- blocks all Internet access on the computers/
2009 Verizon. All Rights Reserved. 126 FiOS Router User Manual 3. Enter the URL address of a website and, if applicable, the embedded keyword within the website. Click Add. The websites and/or keywords selected will appear in the textbox to the right. If you make a mistake, or wish to delete a previously entered website/keyword, select it, then click Remove. 4. If needed, you can create a schedule for when you want the rule to be active, or inactive. In the Create Schedule section, select the affected days. 5. Select whether the rule will be active or inactive during the schedule you created by clicking the radio button next to the appropriate option. 127 2009 Verizon. All Rights Reserved. 7 6. Using Parental Controls 7.2 Rule Summary If you want more precise control over the schedule, set up an hourly schedule by entering the start and end times in the appropriate text boxes. Make sure to specify AM or PM. Note: The hourly schedule only affects the days selected in step 5. For example, if you select Saturday and Sunday, a start time of 10 a.m., and an end time of 3 p.m., the scheduled time will be Saturday/Sunday, 10 a.m. to 3 p.m. 7. In the Create Rule Name section, enter a rule name and description in the appropriate text boxes. 8. Click Apply to save and apply the new rule. 7.2 Rule Summary Clicking Rule Summary from the menu on the left side generates the Rule Summary screen. The Rule Summary screen displays a list of all rules created for the FiOS Router. Additionally, the rule can be viewed by clicking the magnifying glass in the View Rule column, or edited by clicking on the icon in the Edit Rule column. 2009 Verizon. All Rights Reserved. 128 8 Introduction 8.0 8.1 Using Advanced Settings 8.2 Utilities 8.3 DNS Settings 8.4 Network Settings 8.5 Configuration Settings 8.6 Time Settings 8.7 Firmware Upgrade 8.8 Routing Settings Configuring Advanced Settings 129 2009 Verizon. All Rights Reserved. Advanced Settings cover a wide range of configurations available for the FiOS Routers firmware and network.Changes to any of the Advanced Settings could adversely affect the operation of the FiOS Router and the local network, and should be made with caution. 2009 Verizon. All Rights Reserved. 130 FiOS Router User Manual 8.1 Using Advanced Settings To access the FiOS Routers Advanced Settings, click Advanced at the top of the Home screen. Click Yes in the Warning screen, and the Advanced screen appears. The following settings are explained in this chapter:
Diagnostics
- perform diagnostic tests on the FiOS Router Restore Defaults - reset the FiOS Router to its default settings Reboot Router - restart the FiOS Router MAC Cloning - clone MAC addresses ARP Table - display active devices and their IP and MAC addresses, etc. Users
- create and manage remote users Quality of Service (QoS)
- explained in Appendix A of this manual Local Administration
- allows the user to grant local Telnet access Remote Administration
- explained in chapter 4 of this manual Dynamic DNS
- configure Dynamic DNS settings DNS Server
- manage the local (LAN) network for host name and IP address 131 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.1 Using Advanced Settings Network Objects subsets)
- create and manage network objects (discrete LAN Universal Plug and Play
- configure Universal Plug and Play settings SIP ALG
- manage SIP ALG settings MGCP ALG
- manage MGCP ALG settings IGMP Proxy
- manage IGMP Proxy settings Port Forwarding Rules protocols or customize an application
- manage and create open ports for various Internet Configuration File
- manage configuration files System Settings
- modify the FiOS Routers system settings Port Configuration
- configure the FiOS Routers ports Date and Time
- configure the FiOS Routers clock and calendar Scheduler Rules
- schedule firewall activation Firmware Upgrade firmware
- download and install new versions of the FiOS Routers Routing
- manage routing policies IP Address Distribution network
- manage the IP addresses of devices on the 2009 Verizon. All Rights Reserved. 132 FiOS Router User Manual 8.2 Utilities The first collection of Advanced Settings (beneath the Toolbox icon) are the Utilities settings. 8.2a Diagnostics The Diagnostics screen can assist in testing network connectivity. This feature pings (ICMP echo) an IP address and displays the results, such as the number of packets transmitted and received, round trip time, and success status. To diagnose network connectivity:
1. Diagnostics from the Advanced screen. The Diagnostics Click screen appears. 2. Enter the IP address or domain name to be tested in the Destination field. 3. Click Go. 4. In a few seconds, diagnostics statistics will be displayed. If no new information is displayed, click Refresh. 133 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.2 Utilities 8.2b Restore Defaults If the FiOS Routers factory default settings need to be restored (to build a new network from the beginning, for example), use the following procedure:
1. 2. 3. Restore Defaults in the Advanced screen. The Attention screen Click appears. Save Configuration File to save the FiOS Routers current If needed, click configuration to a file. The FiOS Routers current settings can then be reapplied after restoring default settings (see Configuraton File in this chapter for more information). Restore Defaults. The FiOS Router will restart, and factory default Click settings will be applied Note: All of the FiOS Routers settings and parameters will be restored to their default values after performing the Restore Default procedure. This includes the administrator password; a user-specified password will no longer be valid. 8.2c Reboot the FiOS Router To reboot the FiOS Router:
1. Click Restart in the Advanced screen. The Reboot Router screen appears. 2. Click OK to restart the FiOS Router. This may take up to one minute. To reenter the FiOS Routers GUI after restarting the FiOS Router, click the web browsers Refresh button. 2009 Verizon. All Rights Reserved. 134 FiOS Router User Manual 8.2d MAC Cloning A MAC (Media Access Control) address is a hexadecimal code that identifies a device on a network. All networkable devices have a unique MAC address. When replacing another network device with the FiOS Router, the installation process can be simplified by copying the MAC address of the existing computer to the FiOS Router. To do this:
1. 2. 3. MAC Cloning in the Advanced screen. The MAC Cloning Click screen appears. Enter the MAC address to be cloned in the To Physical Address text boxes. Clone My MAC Address to capture the MAC address of the computer Click currently accessing the FiOS Routers GUI. The FiOS Router will now have the new MAC address. 8.2e ARP (Address Resolution Protocol) Table Clicking ARP Table in the Advanced screen generates the ARP Table screen. This screen displays the IP and MAC addresses of each DHCP connection. 135 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.2 Utilities 8.2f Users To manage individual users:
1. Click Users in the Advanced screen, which generates the Users screen. 2. Click New User, which generates the User Settings screen. 3. When adding a user, specify the following parameters:
Full Name
- The users full name. User Name network. This entry is case-sensitive.
- The name a remote user will use to access the home or office New Password/Retype New Password again to confirm).
- The password for the user (enter Permissions Administrator or Limited.
- The level of access the user is allowed. Options include 2009 Verizon. All Rights Reserved. 136 FiOS Router User Manual E-mail Notification
- Email notification can be used to receive indications of system events for a predefined severity classification. The available types of events are System or Security events. The available severity of events are Error, Warning, and Information. To configure email notification for a specific user:
1. 2. 3. Make sure an outgoing mail server has been configured in System Settings. If not, click Click Here to Configure Notification Mail Server to configure the outgoing mail server. Enter the users email address in the Notification Address text box. Select the System and Security notification levels in the System Notify Level and Security Notify Level drop-down lists. Note: Changing any of the user parameters will prompt the connection associated with the user to terminate. For changes to take effect, activate the connection manually after modifying user parameters. 8.2g Quality of Service The FiOS Routers QoS (Quality of Service) capabilities are covered in detail in appendix A of this manual. 137 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.2 Utilities 8.2h Local Administration Clicking Local Administration in the Advanced screen generates the Local Administration screen. This screen allows the user to grant local Telnet access using a particular Telnet port. To use, select a Telnet port by clicking in the appropriate check box, then click Apply. 8.2i Remote Administration The FiOS Routers Remote Administration capabilities are covered in detail in the chapter 6 of this manual. 2009 Verizon. All Rights Reserved. 138 FiOS Router User Manual 8.3 DNS Settings The second section of the Advanced window is the DNS (Domain Name System) settings section, which includes Dynamic DNS and DNS Server. 8.3a Dynamic DNS Dynamic DNS creates a dynamic IP address that is aliased to a static hostname, allowing a computer on the network to be more easily accessible from the Internet. Typically, when connecting to the Internet, the service provider assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of a specific connection. Dynamically assigning addresses extends the usable pool of available IP addresses, while maintaining a constant domain name. This allows the user to access a device (a camera, for example) from a remote location, since the device will always have the same IP address. When using Dynamic DNS, each time the IP address provided by the ISP changes, the DNS database changes accordingly to reflect the change. In this way, even though the IP address of the computer changes often, its domain name remains constant and accessible. Setting up Dynamic DNS To set up Dynamic DNS on the FiOS Router, click Dynamic DNS in the Advanced screen. When the Dynamic DNS screen appears, click New Dynamic DNS Entry. 139 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.3 DNS Settings Another Dynamic DNS screen appears. Configure the following parameters:
Host Name Enter the full Dynamic DNS domain in this text box. Connection Select the connection with which to couple the Dynamic DNS service. Options include Broadband Connection (Ethernet), Broadband Connection (Coax), and WAN PPPoE. Provider Select the FiOS Routers Dynamic DNS account provider from the drop-down list. User Name Enter the Dynamic DNS user name in this text box. Password Enter the Dynamic DNS password in this text box. 2009 Verizon. All Rights Reserved. 140 FiOS Router User Manual Dynamic DNS System Select one of the options from the drop-down list. Wildcard Select the Wildcard check box to allow any URL that includes the domain name (here.yourhost.dyndns.org, for example) to connect. Mail Exchanger Enter the mail exchange server address. This will redirect all emails arriving at the Dynamic DNS address to the mail server. Backup MX Select this check box to designate the mail exchange server to be a backup server. Offline Disable the Dynamic DNS feature by clicking this check box. This feature is available only to users who have purchased some type of upgrade credit from the Dynamic DNS provider. Note that changing the redirection URL can only be performed via the Dynamic DNS providers website. SSL Mode If the Dynamic DNS service chosen supports SSL, select the SSL mode from the drop-down menu (options: None, Chain, Direct). To edit the host name or IP address of an entry:
1. Click the appropriate Edit icon in the Action column. The DNS Entry screen appears. 141 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.3 DNS Settings 2. If the host was manually added to the DNS Table, its host name and/or IP address can be modified. Otherwise, only modify its host name. 3. Click Apply to save the changes. To remove a host from the DNS table, click the appropriate Delete icon in the Action column. The entry will be removed from the table. 8.3b DNS Server The Domain Name System (DNS) translates domain names into IP addresses, and vice versa. The FiOS Routers DNS server is an auto-learning DNS, which means that when a new computer is connected to the network, the DNS server learns its name and automatically adds it to the DNS table. Other network users can immediately communicate with this computer using either its name or its IP address. The FiOS Routers DNS also provides the following services:
shares a common database of domain names and IP addresses with the DHCP server;
supports multiple subnets within the local network simultaneously;
automatically appends a domain name to unqualified names;
allows new domain names to be added to the database using the FiOS Routers GUI;
permits a computer to have multiple host names;
and permits a host name to have multiple IPs (needed if a host has multiple network cards). The DNS server does not require configuration. However, the list of computers known by the DNS can be viewed or a new computer can be added to the list. 2009 Verizon. All Rights Reserved. 142 FiOS Router User Manual DNS Table To view the list of computers stored in the DNS table, click DNS Server in the Advanced screen. The DNS Server screen appears. To add a new entry to the list:
1. 2. 3. Add DNS Entry in the DNS Server screen. The DNS Entry screen Click appears. Enter the computers host name in the Host Name text box. Enter the computers IP address in the IP Address text boxes. 4. Click Apply to save the changes. 143 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.4 Network Settings 8.4 Network Settings The Network Settings section of the Advanced screen includes settings that affect the FiOS Routers network. 8.4a Network Objects Network objects is used to define a part of the FiOS Routers network (a group of computers, for example) by MAC addresses, IP addresses, and/or host names. The defined part becomes a network object, and settings, such as configuring system rules, can be applied to all devices defined as part of the network object at once. For example, instead of setting the same website filtering configuration to five computers one at a time, the computers can be defined as a network object, and website filtering configuration can then be applied to all the computers simultaneously. Network objects can be used to apply security rules based on host names instead of IP addresses. This may be useful, since IP addresses change from time to time. Moreover, it is possible to define network objects according to MAC addresses, making rule application more persistent against network configuration settings. To define a network object:
1. Network Objects in the Advanced screen. The Network Objects Click screen appears. 2009 Verizon. All Rights Reserved. 144 FiOS Router User Manual 2. Click Add. The Edit Network Object screen appears. 3. Specify a name for the network object in the Description text box. 4. Click Add. The Edit Item screen appears. 5. Select the type of network object type from the Network Object Type list box. Options include IP address, IP Subnet, IP Range, MAC Address, Host Name, and DHCP Option. 6. Repeat to create other network objects, if needed. When finished, click Apply to save all created network objects. 145 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.4 Network Settings 8.4b Universal Plug and Play (UPnP) To access the UPnP settings, perform the following:
1. Universal Plug and Play in the Advanced screen. The Universal Plug Click and Play settings screen appears. 2. 3. Click in the Allow Other Network Users to Control Wireless Broadband FiOS Routers Network Features check box to enable UPnP and allow UPnP services to be defined on any of the network hosts. Click in the Enable Automatic Cleanup of Old Unused UPnP Services check box to enable automatic cleanup of invalid rules. When enabled, this feature checks validity of all the UPnP services and rules every five minutes. Any old and unused UPnP defined service is removed, unless a user defined rule depends on it. Since there is a maximum limitation on the number of UPnP defined services (256), enable the cleanup feature if the limit is in danger of being exceeded. 4. Select whether all WAN connections, or only the main WAN connection, will have UPnP active, from the WAN Connection Publication drop-down list. UPnP services are not deleted when disconnecting a computer without proper shutdown of the UPnP application (e.g., messenger). Thus, services may often not be deleted,. This will eventually lead to exhaustion of rules and services, and no new services can be defined. In this scenario, the cleanup feature will find the invalid services and remove them, preventing services exhaustion. 2009 Verizon. All Rights Reserved. 146 FiOS Router User Manual 8.4c SIP ALG This screen allows the user to enable/disable SIP ALG. It is disabled by default. Do not enable this option unless instructed to do so by the ISP. 8.4d MGCP ALG This screen allows the user to enable/disable MGCP ALG. It is disabled by default. Do not enable this option unless instructed to do so by the ISP. 8.4e IGMP Proxy This screen allows the user to configure various IGMP proxy settings. 147 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.4 Network Settings IGMP Proxy (Enable/Disable) Activate or deactivate IGMP Proxy by clicking on the down arrow and selecting Enabled or Disabled. IGMP Version Select the IGMP Proxy version by clicking on the down arrow and selecting IGMPv1, IGMPv2, or IGMPv3. Fast Leave Activate or deactivate Fast Leave by clicking on the down arrow and selecting Enabled or Disabled. Robustness Select the level of robustness by entering a number greater than or equal to 1. IGMP Proxy (Enable/Disable) Activate or deactivate IGMP Proxy by clicking on the down arrow and selecting Enable or Disabled. Query Interval Set the query interval here. The entered time period (in seconds) must be greater than or equal to 1. Query Response Interval Set the query response interval here. The entered time period (in seconds) must be greater than or equal to 1. Unsolicited Report Interval Set the unsolicited report interval here. The entered time period (in seconds) must be between 1 and 25. 2009 Verizon. All Rights Reserved. 148 FiOS Router User Manual Persistent Join Interval Set the persistent join interval here. The entered time period (in seconds) must be between 1 and 25. 8.5e Port Forwarding Rules Port forwarding rules include a list of preset and user-defined applications and common port settings. These rules can be used in various security features, such as Access Control and Port Forwarding. New rules can be added to support new applications or existing ones can be edited when needed. Additionally, clicking Advanced on the bottom of the Port Forwarding Rules screen reveals a list of preconfigured protocols that can be activated with a single click. To define a port forwarding rule:
1. Port Forwarding Rules in the Advanced screen. The Port Forwarding Click Rules screen appears. 149 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.4 Network Settings 2. Click Add at the bottom of the screen. The Edit Service screen appears. 3. Name the service in the Service Name text box and, if needed, enter a description of the service in the Service Description text box, then click Add Service Ports. The Edit Service Server Ports screen appears. 4. Select a protocol from the Protocol drop-down list. To create a new protocol, select Other. After selecting a protocol, the screen will refresh, displaying the relevant text boxes needed to edit the particular protocol. 5. Click Apply to save the changes. 2009 Verizon. All Rights Reserved. 150 FiOS Router User Manual 8.5 Configuration Settings This section includes settings that affect the FiOS Routers configuration. 8.5a Configuration File Use the FiOS Routers Configuration File feature to view, save, and load configuration files, which are used to backup and restore the FiOS Routers current configuration. To do this:
1. Configuration File in the Advanced screen. The Configuration File Click screen appears. 2. Load Configuration File to load the previous configuration from a file Click and restart the FiOS Router. Only configuration files saved on a particular FiOS Router can be applied to the FiOS Router; configuration files cannot be transferred between FiOS Routers. 3. Click Save Configuration File to backup the current configuration to a file. WARNING! Manually editing a configuration file can cause the FiOS Router to malfunction or become completely inoperable. 151 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.5 Configuration Settings 8.5b System Settings Clicking System Settings in the Advanced screen generates the System Settings screen, where various system and management parameters can be configured. 2009 Verizon. All Rights Reserved. 152 FiOS Router User Manual System Use the System section of this screen to configure the following two options:
Wireless Broadband Routers Hostname - Specify the FiOS Routers host name by entering it into the this text box. The host name is also the FiOS Routers URL address, so it can be entered here, rather than entering 192.168.1.1. Local Domain - Specify the networks local domain by entering it into this text box. Wireless Broadband Router Use this section to configure the following:
Automatic Refresh of System Monitoring Web Page - Click in this check box to activate the automatic refresh of system monitoring web pages. Prompt for Password When Accessing via LAN - Click in this check box to cause the FiOS Router to ask for a password when trying to connect to the network. Warn User Before Network Configuration Changes - Click in this check box to activate user warnings before network configuration changes take effect. Session Lifetime - After the FiOS Router has been inactive for a period of time, the user must reenter a user name and password to continue accessing the GUI. To change the length of this time period, enter the amount of time (in seconds) in the Session Lifetime text box. Configure a number of concurrent users - Used to limit the number of users that can access the FiOS Router at the same time. Select the number of users from the drop-down list. 153 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.5 Configuration Settings Management Application Ports This section allows the following management application ports to have their default port numbers to be changed:
primary/secondary HTTP ports primary/secondary HTTPS ports primary/secondary Telnet ports secure Telnet over SSL ports Management Application SSL Authentication Options This section allows the user to access the FiOS Routers GUI through a browser or Telnet as a secure socket layer (SSL) session. System Logging Use this section to configure the following system log options. Enable Logging - Click in this check box to activate system logging. Low Capacity Notification Enabled - Click in this check box to activate low capacity notification (works in tandem with Allowed Capacity Before Email Notification and System Log Buffer Size options). Allowed Capacity Before Email Notification - Enter the percentage of system log buffer capacity reached to trigger an email notification. System Log Buffer Size - Enter the size of the system log buffer in this text box. Remote System Notify Level - This feature is used to specify the type of information received for remote system logging. Options include None, Error, Warning, and Information. 2009 Verizon. All Rights Reserved. 154 FiOS Router User Manual Security Logging Use this section to configure the following security log options. Low Capacity Notification Enabled - Click in this check box to activate low capacity notification (works in tandem with Allowed Capacity Before Email Notification and Security Log Buffer Size options). Allowed Capacity Before Email Notification - Enter the percentage of security log buffer capacity reached to trigger an email notification. Security Log Buffer Size - Enter the size of the security log buffer in this text box. Remote Security Notify Level - This feature is used to specify the type of information received for security logging. Options include None, Error, Warning, and Information. Outgoing Mail Server Use this section to configure the outgoing mail server options. This server is used to format and send system and security log email notifications. Server - Enter the host name of the outgoing (SMTP) server in this text box. From Email Address - Email notifications require a from address. Enter a from email address in this text box. Port - Enter the port number of the email server in this text box. Server Requires Authentication - If the email server requires authentication, click in this check box, then enter a user name and password in the User Name and Password text boxes that appear. Auto WAN Detection When activated, Auto WAN Detection causes the FiOS Router to automatically search for a WAN connection. Enable Logging - Clicking in this check box activates automatic WAN detection. PPP Timeout - Enter the amount of time (in seconds) before the FiOS Router stops attempting to establish a broadband PPP connection. 155 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.5 Configuration Settings DHCP Timeout - Enter the amount of time (in seconds) before the FiOS Router stops attempting to establish a broadband DHCP connection. Number of Cycles - Enter the number of times the FiOS Router attempts to detect a broadband PPP and DHCP connection. Auto Detection Continuous Trying - Click in this check box to cause the FiOS Router to indefinitely search for a broadband connection. 8.5c Ehternet Port Configuration Ethernet port configuration allows the user to set up the FiOS Routers Ethernet ports as either full- or half-duplex ports, at either 10 Mbps or 100 Mbps. Selecting the Auto option causes the port to emulate the speed and duplex configuration of the port with which it is communcating. 2009 Verizon. All Rights Reserved. 156 FiOS Router User Manual 8.6 Time Settings The Time settings section of the Advanced window features utilities that involve times, dates and schedules. 8.6a Date and Time To configure date, time, and daylight saving settings, perform the following:
1. Date and Time in the Advanced screen. The Date and Time Click screen appears. 2. Select the local time zone from the drop-down list. The FiOS Router can automatically detect daylight saving setting for selected time zones. If the daylight saving settings for a time zone are not automatically detected, the following four fields will be displayed:
Enabled
- Select this check box to enable daylight saving time. Start
- Date and time when daylight saving starts. End
- Date and time when daylight saving ends. Offset
- The amount of time daylight saving time changes. 157 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.6 Time Settings To perform an automatic time update:
1. 2. 3. 4. Click in the Enabled check box in the Automatic Time Update section. Select the protocol to be used to perform the time update by selecting either the Time of Day or Network Time Protocol radio button. Specify how often to perform the update in the Update Every text box. Define time server addresses by clicking Automatic Time Update section and entering the IP address or domain name of the time server in the Time Server Settings screen. Add on the bottom of the 8.6c Clock Set Click on this button at the bottom of the Date and Time screen (which generates the figure, below) to set the FiOS Routers time and date. 8.6b Scheduler Rules Scheduler rules are used for limiting the activation of firewall rules to specific time periods, either for days of the week, or for hours of each day. To define a rule:
1. Make sure the FiOS Routers date and time are set correctly. To do this, see the Date and Time section in this chapter. 2009 Verizon. All Rights Reserved. 158 FiOS Router User Manual 2. Scheduler Rules in the Advanced screen. The Scheduler Rules Click screen appears. 3. Click Add. The Set Rule Schedule screen appears. 4. 5. Enter a name for the rule in the Rule Name text box. Specify if the rule will be active or inactive during the designated time period by clicking the appropriate Rule Settings radio button. 159 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.6 Time Settings 6. Click Add Rule Schedule. The Edit Rule Schedule screen appears. 7. 8. Select or active or inactive days of the week by clicking in the appropriate text boxes. If applicable, click hourly range. The Edit Hour Range screen appears. Enter a start and end time in the appropriate text boxes. New Hours Range Entry to define an active/inactive 9. Click Apply. Note: Make sure the FiOS Routers date and time settings are properly configured for the time zone. 2009 Verizon. All Rights Reserved. 160 FiOS Router User Manual 8.7 Firmware Upgrade The FiOS Router offers a built-in mechanism for upgrading its firmware without losing custom configurations and settings. There are two methods for upgrading the firmware:
Upgrading from the Internet Routers firmware by remotely downloading an updated software image file.
- use this method to upgrade the FiOS Upgrading from a local computer downloaded to the computers disk drive to upgrade.
- use a software image file pre-
8.7a Upgrading From the Internet The FiOS Routers firmware can be automatically updated via the Internet. From the drop-down list next to the globe icon near the top of the Firmware Upgrade screen, a list of options appears, as described below. Automatically Check and Upgrade If Automatically Check for New Version and Upgrade Wireless Broadband Router is selected, enter the period of time the FiOS Router checks for a new upgrade, and the URL at which to get the upgrade, in the appropriate text boxes. The FiOS Router will then check at each time interval for upgrades and, if one is available, upgrade the FiOS Routers firmware. Automatically Check and Send E-mail If Automatically Check for New Version and Notify via Email is selected, enter the period of time the FiOS Router checks for a new upgrade, and the URL at which to get the upgrade, in the appropriate text boxes. The FiOS Router will then check at each time interval for firmware upgrades and, if one is available, send an email to the address listed in the System Settings. Automatic Check Disabled If Automatically Check Disabled is selected, the FiOS Router will not automatically check for firmware upgrades. 161 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.7 Firmware Upgrade Manual Checking and Upgrading To manually upgrade the FiOS Routers firmware:
1. Click Check Now in the Firmware Upgrade screen. 2. 3. If a new version is available, click begin. When downloading is completed, a confirmation screen appears, asking whether to upgrade to the new version. Force Upgrade. A download process will Apply. The upgrade process will begin and should take no longer than Click one minute to complete. At the conclusion of the upgrade process the FiOS Router automatically reboots. The new firmware runs, maintaining any custom configurations and settings. 8.7b Upgrading From a Local Computer To upgrade from a local computer:
1. Firmware Upgrade from the Advanced screen. The Firmware Click Upgrade screen appears. 2009 Verizon. All Rights Reserved. 162 FiOS Router User Manual 2. In the Upgrade From a Computer in the Network section, click Now. The Upgrade From a Computer in the Network screen appears. Upgrade 3. 4. Enter the path of the software image file, or press the Browse button to browse for the file, and click Apply. Make sure to only use files with an rmt extension when performing the firmware upgrade procedure. When loading is completed, a confirmation screen appears, asking whether to upgrade to the new version. Click Apply. The upgrade process begins and should take no longer than one minute to complete. 5. When the upgrade process ends, the FiOS Router automatically reboots. The new firmware will run, maintaining any custom configurations and settings. 163 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.8 Routing Settings 8.8 Routing Settings The final section of the Advanced screen is Routing settings, which includes Routing and IP Address Distribution. 8.8a Routing Access the routing table rules by clicking Routing in the Advanced screen. The Routing screen appears. Routing rules can be added, edited, or deleted from the Routing screen. To add a router, click New Route. The Route Settings screen appears. When adding a routing rule, the following parameters must be specified:
Rule Name - Select the type of network from the drop-down list. Destination
- The destination is the destination host, subnet address, network address, or default route. The destination for a default route is 0.0.0.0. Netmask
- The network mask is used in conjunction with the destination to 2009 Verizon. All Rights Reserved. 164 FiOS Router User Manual determine when a route is used. Gateway
- Enter the FiOS Routers IP address.
- A measurement of the preference of a route. Typically, the lowest Metric metric is the most preferred route. If multiple routes exist to a given destination network, the route with the lowest metric is used. IGMP (Internet Group Management Protocol) Multicasting The FiOS Router provides support for IGMP multicasting, which allows hosts connected to a network to be updated whenever an important change occurs in the network. A multicast is simply a message that is sent simultaneously to a pre-defined group of recipients. When joining a multicast group, all messages addressed to the group will be received by the user, much like when an email message is sent to a mailing list. To activate IGMP multicasting 1. Select Routing in the Advanced screen. 2. Activate the Internet Group Management Protocol check-box. 3. Click Apply. Domain Routing Domain routing is used in multi-router local network configurations. Normally, to access a device connected to one router from another router on the network, its IP address must be used. Activating domain routing (by clicking in the appropriate check box) allows the user to access to the computer by name (as well as IP address). 8.8b IP Address Distribution The FiOS Routers DHCP server makes it possible to easily add computers configured as DHCP clients to the network. It provides a mechanism for allocating IP addresses to these hosts and for delivering network configuration parameters to them. For example, a client (host) sends out a broadcast message on the network requesting an IP address for itself. The DHCP server then checks its list of available addresses and leases a local IP address to the host for a specific period 165 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.8 Routing Settings of time and simultaneously designates this IP address as taken. At this point, the host is configured with an IP address for the duration of the lease. The host can choose to renew an expiring lease or let it expire. If it chooses to renew a lease, it will also receive current information about network services, as it did with the original lease, allowing it to update its network configurations to reflect any changes that occurred since it first connected to the network. If the host wishes to terminate a lease before its expiration, it can send a release message to the DHCP server, which will then make the IP address available for use by others. The FiOS Routers DHCP server:
displays a list of all DHCP hosts devices connected to the FiOS Router;
defines the range of IP addresses that can be allocated in the network;
defines the length of time for which dynamic IP addresses are allocated;
provides the above configurations for each network device and can be configured and enabled/disabled separately for each network device;
can assign a static lease to a network computer to receive the same IP address each time it connects to the network, even if this IP address is within the range of addresses that the DHCP server may assign to other computers;
provides the DNS server with the host name and IP address of each computer connected to the network. To view a summary of the services currently being provided by the DHCP server, click IP Address Distribution in the Advanced screen. The IP Address Distribution screen appears. 2009 Verizon. All Rights Reserved. 166 FiOS Router User Manual Editing DHCP Server Settings To edit the DHCP server settings for a device:
1. Click the appropriate icon in the Action column. The DHCP Settings screen for the device appears. 2. Select the IP Address Distribution from the drop-down list. Options include DHCP Server, DHCP Relay, or Disable. 3. Complete the following fields:
Start IP Address Range, End IP Address Range
- determines the number of hosts connected to the network in this subnet. Start specifies the first IP address assigned in this subnet and End specifies the last IP address in the range. Subnet Mask example of a subnet mask value is 255.255.0.0.
- used to determine to which subnet an IP address belongs. An WINS Server
- The WINS (Windows Internet Naming Service) server 167 2009 Verizon. All Rights Reserved. 8 Configuring Advanced Settings 8.8 Routing Settings determines the IP address associated with a network device. Lease Time
- each device will be assigned an IP address by the DHCP server for a limited time (Lease Time) when it connects to the network. When the lease expires, the server will determine if the computer has disconnected from the network. If it has, the server may reassign this IP address to a newly-
connected computer. This feature ensures that IP addresses not in use will become available for other computers on the network. Provide host name if not specified by client Router assigns the client a default name if the DHCP client has no host name.
- when activated, the FiOS 4. Click Apply to save the changes. DHCP Connections To view a list of computers currently recognized by the DHCP server, click Connection List at the bottom of the IP Address Distribution screen. The DHCP Connections screen appears. To define a new connection with a fixed IP address:
1. New Static Connection in the DHCP Connections screen. The DHCP Click Connection Settings screen appears. 2009 Verizon. All Rights Reserved. 168 FiOS Router User Manual 2. 3. 4. Enter a host name for this connection. Enter the fixed IP address to assign to the computer. Enter the MAC address of the computers network card. 5. Click the Apply to save changes. Note: A devices fixed IP address is actually assigned to the specific network cards MAC address installed on the network computer. If this network card is replaced, the devices entry in the DHCP Connections list must be updated with the new network cards MAC address. To remove a host from the table, click the appropriate Delete icon in the Action column. 169 2009 Verizon. All Rights Reserved. 9.0 Introduction 9.1 Router Status 9.2 Advanced Status 9 Monitoring the FiOS Router 2009 Verizon. All Rights Reserved. 170 The FiOS Routers System Monitoring screens display important system information, including basic router settings, system log, key network device parameters and network traffic statistics. 171 2009 Verizon. All Rights Reserved. 9 Monitoring the FiOS Router 9.1 Router Status 9.1 Router Status Click System Monitoring at the top of the Home screen to display the Router Status screen, which displays the FiOS Routers basic settings. 9.2 Advanced Status After selecting Advanced Status and clicking Yes in the Warning screen, the monitoring options appear: System Logging, Full Status/System wide Monitoring of Connections, Traffic Monitoring, Broadband Monitoring, and IGMP Proxy. 2009 Verizon. All Rights Reserved. 172 FiOS Router User Manual 9.2a System Logging Click System Logging in the Advanced Status screen to generate the System Log screen. The System Log displays a list of the most recent activities of the FiOS Router. 173 2009 Verizon. All Rights Reserved. 9 Monitoring the FiOS Router 9.2 Advanced Status 9.2b Full Status/System wide Monitoring of Connections 1. Full Status/System wide Monitoring of Connections in the Click Advanced Status screen (and click through the Warning screen) to generate the Full Status/System wide Monitoring of Connections screen, which features a table summarizing the monitored connection data. 2. Refresh to update the table, or click Automatic Refresh On to Click constantly update the displayed parameters. 2009 Verizon. All Rights Reserved. 174 FiOS Router User Manual 9.2c Traffic Monitoring The FiOS Router constantly monitors traffic within the local network and between the local network and the Internet. To view up-to-the-second statistical information about data received from and transmitted to the Internet, and about data received from and transmitted to computers in the local network, click Traffic Monitoring in the Advanced Status screen. This generates the Traffic Monitoring screen. 9.2d Bandwidth Monitoring To monitor the FiOS Routers bandwidth use, click Bandwidth Monitoring. The Bandwidth Monitor screen appears. 175 2009 Verizon. All Rights Reserved. 9 Monitoring the FiOS Router 9.2 Advanced Status 9.2e IGMP Proxy To monitor the FiOS Routers IGMP Proxy, click IGMP Proxy. The IGMP Proxy screen appears. 2009 Verizon. All Rights Reserved. 176 10 10.0 Introduction 10.1 Troubleshooting Tips 10.2 Frequently Asked Questions Troubleshooting 177 2009 Verizon. All Rights Reserved. This chapter lists a series of problems that may be encountered while using the FiOS Router, and offers techniques that may overcome these problems. Note that the techniques may not solve the problem (or problems). Also included are frequently asked questions. 2009 Verizon. All Rights Reserved. 178 FiOS Router User Manual 10.1 Troubleshooting Tips Accessing the FiOS Router if Locked Out If the FiOS Routers connection is lost while making configuration changes, a setting that locks access to the FiOS Routers GUI may have inadvertantly been activated. There are three common ways to lock access to the FiOS Router:
Scheduler If a schedule has been created that applies to the computer over the connection being used, the FiOS Router will not be accessible during the times set in the schedule. To regain access, either wait until the connection is scheduled to be active again, or restore the default settings to the FiOS Router. LAN Firewall If the firewall setting for the local network is set to maximum, no computers from the network will be able to connect to the FiOS Router. To gain access, restore the default settings to the FiOS Router. Access Control If the access control setting for the computer is set to block the computer, access to the FiOS Router will be denied. To gain access, restore the default settings to the FiOS Router. Restoring the FiOS Routers Default Settings There are two ways to restore the FiOS Routers default settings. The first is to use the tip of a ballpoint pen and press and hold the Reset button on the back of the FiOS Router for at least ten seconds. The second is to access the FiOS Routers GUI and navigate to the Advanced Settings screen. Click Restore Defaults and read the instructions on-screen. Note that after performing either of these two procedures, all previously saved settings on the FiOS Router will be lost. 179 2009 Verizon. All Rights Reserved. Troubleshooting 10 LAN Connection Failure Ensure the FiOS Router is properly installed, the LAN connections are correct, and the power is on. Confirm the computer and FiOS Router are on the same network segment. If unsure, let the computer get the IP address automatically by initiating the DHCP function, then verify the computer is using an IP address within the default range (192.168.1.2 through 192.168.1.254). If the computer is not using an IP address within the range, it will not connect to the FiOS Router. Ensure the Subnet Mask address is set to 255.255.255.0. Time out error occurs when entering a URL or IP Address Verify all the computers are working properly. Ensure the IP settings are correct. Ensure the FiOS Router is on and connected properly. Verify the FiOS Routers settings are the same as the computer. 10.2 Frequently Asked Questions Ive run out of Ethernet ports on my FiOS Router. How do I add more computers?
Plugging in an Ethernet hub or switch expands the number of ports on the FiOS Router. Run a standard Ethernet cable from the Uplink port of the new hub or switch to a yellow Ethernet port on the FiOS Router. How do I change the password on the FiOS Routers Graphic User Interface?
From the FiOS Routers GUI Home screen, click Advanced, then Users. From the Users screen, click Administrator, which generates the User Settings screen. In the General section of the screen, change the password. 2009 Verizon. All Rights Reserved. 180 FiOS Router User Manual Is the wireless option on by default on the FiOS Router?
Yes. The FiOS Routers wireless option is activated out of the box. Is the wireless security on by default when the wireless option is acti-
vated?
Yes, with a unique 64-bit WEP (Wired Equivalent Privacy) key. Which connection speeds does the FiOS Router support?
The Ethernet Internet connection supports 100 Mbps. The LAN Ethernet connections support 10/100 Mbps. The 802.11g wireless connection supports up to 54 Mbps (depending on signal quality, etc.). The MoCA connection supports 270 Mbps. Are the FiOS Routers Ethernet ports auto-sensing?
Yes. Either a straight-through or crossover Ethernet cable can be used. Can I use an 802.11b wireless card to connect to the FiOS Router?
Yes, the FiOS Router can interface with 802.11b cards or 802.11g cards. The 802.11g standard is backward compatible with the 802.11b standard. The FiOS Router can be setup to handle just g wireless cards, just b wireless cards, or both. Can my wireless signal pass through floors, walls, and glass?
The physical environment surrounding the FiOS Router can have a varying effect on signal strength and quality. The more dense the object (a concrete wall compared to a plaster wall, for example), the greater the interference. Concrete or metal-reinforced structures will experience a higher degree of signal loss than those made of wood, plaster, or glass. 181 2009 Verizon. All Rights Reserved. Troubleshooting 10 How do I find out what IP address my computer is using?
Windows 95, 98, 98SE, and Me - Select Start, Run, and type winipcfg. Press Enter. When the Winipcfg window appears, ensure your network device is selected. Windows NT, 2000, and XP - Select Start, Run and type cmd. Press Enter. When the command screen appears, type ipconfig and press Enter. Windows Vista - Click the Windows button and select Control Panel. In the Control Panel, click Network and Sharing Center. In the Network and Sharing Center window, click View Status. In the Local Area Connection Status window, click Details. My computer cannot connect to the Internet via MoCA. What should I do?
First, check the connection, and make sure all cables are connected correctly. Then make sure the NIM is still connected, and check the Ethernet connection to the NIM from the computer. A computer cannot be connected directly via a MoCA cable; it must go through a NIM to connect. The NIM converts the MoCA signal to an Ethernet signal the computer can understand. I used DHCP to configure my network. Do I need to restart my computer to refresh my IP address?
No. Follow these steps to refresh the IP address:
Windows 95, 98, 98SE, and Me - Select Start, Run, type winipcfg, and press Enter. Ensure the Ethernet adapter is selected in the device box. Press the Release_all button, then press the Renew_all button. Windows NT 4.0 and 2000 - Select Start, Run, type cmd, and press Enter. At the DOS prompt, type ipconfig /release and press Enter, then type ipconfig /
renew and press Enter. Windows XP and Vista - Unplug the Ethernet cable or wireless card and plug it back in. 2009 Verizon. All Rights Reserved. 182 FiOS Router User Manual I cannot access the FiOS Routers Graphical User Interface? What should I do?
If you cannot access the FiOS Routers Graphical User Interface, make sure the computer connected to the FiOS Router is set up to dynamically receive an IP address. I have an FTP or Web server on my network. How can I make it available to users on the Internet?
For a Web server, enable port forwarding for port 8088 to the IP address of the server and set up the Web server to receive on that port, as well. (Configuring the server to use a static IP address is recommended.) For an FTP server, enable port forwarding for port 21 to the IP address of the server. (Configuring the server to use a static IP address is recommended.) How many computers can be connected through the FiOS Router?
The FiOS Router is capable of 254 connections, but we recommend having no more than 45 connections. As you increase the number of connections, you decrease the available speed for each computer. What is the default user name for the FiOS Router?
The default user name for the FiOS Router is admin (all lower case, no quotation marks). When logging into the FiOS Router the first time (or after restoring the FiOS Routers default settings), the user is asked to create a new user name and password. Enter the new user name and password, write them down on a piece of paper, and keep it in a safe place. The new user name and password will be needed to access the User Interface in the future. 183 2009 Verizon. All Rights Reserved. A.0 Introduction A.1 Traffic Priority A.2 Traffic Shaping A Configuring Quality of Service 2009 Verizon. All Rights Reserved. 184 Quality of Service refers to the capability of a network device to provide better service to selected network traffic. This is achieved by shaping the traffic and processing higher priority traffic before lower priority traffic. The FiOS Router provides several different methods of configuring Quality of Service. 185 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.1 Traffic Priority STOP! Do not change any Quality of Service settings unless instructed to do so by the ISP. A.1 Traffic Priority Traffic Priority manages and avoids traffic congestion by defining inbound and outbound priority rules for each device on the FiOS Router. These rules determine the priority that packets, traveling through the device, will receive. QoS parameters (DSCP marking and packet priority) are set per packet, on an application basis. QoS can be configured using flexible rules, according to the following parameters:
Source/destination IP address, MAC address, or host name Device Source/destination ports Limit the rule for specific days and hours The FiOS Router supports two priority marking methods for packet prioritization:
DSCP 802.1p Priority 2009 Verizon. All Rights Reserved. 186 FiOS Router User Manual The matching of packets by rules is connection-based, known as Stateful Packet Inspection (SPI), using the FiOS Routers firewall mechanism. Once a packet matches a rule, all subsequent packets with the same attributes receive the same QoS parameters, both inbound and outbound. Connection-based QoS also allows inheriting QoS parameters by some of the applications that open subsequent connections. For instance, QoS rules can be defined on SIP, and the rules will apply to both control and data ports (even if the data ports are unknown). Applications that support such inheritance have an ALG in the firewall. They are:
SIP MSN Messenger/Windows Messenger TFTP FTP MGCP H.323 Port triggering applications PPTP IPSec 187 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.1 Traffic Priority A.1a Setting Priority Rules To set priority rules:
1. Quality of Service in the Advanced screen. The Traffic Priority screen Click appears. This screen is divided into two identical sections, one for QoS input rules and the other for QoS output rules, which are for prioritizing the inbound and outbound traffic, respectively. Each section lists all the devices on which rules can be set. Rules can be set on all devices at once by clicking Add in the All Devices row. 2009 Verizon. All Rights Reserved. 188 FiOS Router User Manual 2. After choosing the traffic direction and the device on which to set the rule, click Add in the appropriate row. The Add Traffic Priority Rule screen appears. Set the following parameters:
Source Address The source address of the packets sent to or received from the network object. To add an address:
1. 2. User Defined from the drop-down list. The screen refreshes and an Select Add link appears. Add, then add a new network object (see the Advanced Settings Click chapter to learn how to add a network object). Clicking Add is the same as clicking New Entry in the Network Objects screen. Destination Address The destination address of the packets sent to or received from the network object. This address can be configured in the same manner as the source address. 189 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.1 Traffic Priority Protocol Choose a specific traffic protocol from the drop-down list, or add a new one. To add a new traffic protocol:
1. 2. User Defined from the drop-down list. The screen refreshes and an Select Add link appears. Add, and add a new protocol (see the Advanced Settings chapter to Click learn how to add a protocol). Note that clicking Add is equivalent to clicking New Entry in the Protocols screen. Set Priority Activate this check box to add a priority to the rule. The screen will refresh, allowing a selection between one of eight priority levels, zero being the lowest and seven the highest (each priority level is mapped to low/medium/high priority). This sets the priority of a packet on the connection matching the rule, while routing the packet. Set DSCP Activate this check box to mark a DSCP value on packets matching a connection that matches this rule. The screen will refresh, allowing the user to enter the Hex value of the DSCP. Log Packets Matched by This Rule Check this check box to log the first packet from a connection matched by this rule. Schedule By default, the rule will always be active. However, scheduler rules can be configured to define time segments during which the rule may be active. 2009 Verizon. All Rights Reserved. 190 FiOS Router User Manual A.2 Traffic Shaping Traffic Shaping is the solution for managing and avoiding congestion where the network meets limited broadband bandwidth. Typical networks use a 100 Mbps Ethernet LAN with a 100 Mbps WAN interface router, which is where most bottlenecks occur. A traffic shaper is essentially a regulated queue that accepts uneven and/or bursty flows of packets and transmits them in a steady, predictable stream so that the network is not overwhelmed with traffic. While traffic priority allows basic prioritization of packets, traffic shaping provides more sophisticated definitions, such as:
Bandwidth limit for each device Bandwidth limit for classes of rules Prioritization policy TCP serialization on a device Additionally, QoS traffic shaping rules can be defined for a default device. These rules will be used on a device that has no definitions of its own. This enables the definition of QoS rules on the default WAN, for example, and their maintenance even if the PPP or bridge device over the WAN is removed. A.2a Device Traffic Shaping This section describes the different Traffic Shaping screens and terms, and presents the features configuration logic. 1. Quality of Service in the Advanced screen, then click Traffic Shaping. Click The following screen appears. 191 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.2 Traffic Shaping 2. Click Add. The Add Device Traffic Shaping screen appears. 3. Select the device for which the traffic will be shaped. The drop-down list includes all the FiOS Routers devices, as well as the option to select all devices in each category (e.g., All LAN Devices, All WAN Devices). In this example, select the default WAN device option. 4. Click Apply. The Edit Device Traffic Shaping screen appears. Configure the following parameters:
Tx Bandwidth Tx bandwidth limits the FiOS Routers bandwidth transmission rate. The purpose is to limit the bandwidth of the WAN device to that of the weakest outbound link.. This forces the FiOS Router to be the network bottleneck, where sophisticated QoS prioritization can be performed. 2009 Verizon. All Rights Reserved. 192 FiOS Router User Manual TCP Serialization Enable TCP Serialization from its drop-down list, either for active voice calls only or for all traffic. The screen will refresh, adding a Maximum Delay text box. This function allows the maximum allowed transmission time frame (in milliseconds) of a single packet to be defined. Any packet requiring a longer time to be transmitted will be fragmented to smaller sections. This avoids transmission of large, bursty packets that can cause delay or jitter for real-time traffic, such as VoIP. Queue Policy The class policy determines the traffic policy of routing packets inside the class. Depending on the type of device, options include Strict Policy and Class Based. Rx Bandwidth In the same manner, this Rx bandwidth limits the FiOS Routers bandwidth reception rate. A.2b Shaping Classes The bandwidth of a device can be divided to reserve constant portions of bandwidth to predefined traffic types. Such a portion is known as a shaping class. When not used by its predefined traffic type or owner (for example VoIP), the class will be available to all other traffic. However, when needed, the entire class is reserved solely for its owner. Also, the maximum bandwidth that a class uses can be limited, even if the entire bandwidth is available. When a shaping class is defined for a specific traffic type, two shaping classes are created. The second class is the Default Class, which is responsible for all the packets that do not match the defined shaping class, or any other classes that might be defined on the device. This can be viewed in the Class Statistics 193 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.2 Traffic Shaping screen. To define a shaping class:
1. Add in the Tx Traffic Shaping section of the Edit Device Traffic Shaping Click screen. The Add Shaping Class screen appears. 2. Name the new class and click Apply. 3. Click the class name in the Edit Device Traffic Shaping screen to edit the shaping class. The Edit Shaping Class screen appears. Configure the following parameters:
Class Priority Select the priority of this class from the drop-down menu (0 being highest priority, while 7 is lowest.) Bandwidth Reserved: Enter the amount of bandwidth (in Kbits/second) to be reserved for this class only. Maximum: Select the amount of bandwidth available to this class. Options include Unlimited or Specify. If Specify is enabled, enter the bandwidth amount (in Kbits/second, or as a percentage of the total bandwidth) in the 2009 Verizon. All Rights Reserved. 194 FiOS Router User Manual appropriate text box. Policy Select a QoS policy from the drop-down menu. Options include Priority, FIFO
(First In, First Out), Fairness (balanced set), RED (Random Early Detection), and WRR (Weighted Round Robin). When should this rule occur?
By default, the rule will always be active. However, scheduler rules can be configured to define time periods during which the rule is active. To learn how to configure scheduler rules, see the Advanced Settings chapter. A.2c Ingress Data The FiOS Router can control outgoing data fairly easily. It can queue packets, delay them, give precedence to other packets, or drop them. This helps in resolving upload (Tx) traffic bottlenecks, and in most cases is sufficient. However, in the case of download (Rx) traffic bottlenecks, the ability to control the flow is much more limited. The FiOS Router cannot queue packets, since in most cases the local network (LAN) is much faster then the Internet (WAN), and when the FiOS Router receives a packet from the Internet, it passes it immediately to the local network. QoS for ingress data has the following limitations, which do not exist for outgoing data:
QoS can only be applied to TCP streams (UDP streams cannot be delayed) No borrowing mechanism When reserving Rx bandwidth, it is strictly taken from the bandwidth of all other classes Furthermore, the FiOS Router cannot control the behavior of the ISP, which may not have proper QoS handling. Unfortunately, this is a common situation. Lets look at a scenario of downloading a large file and surfing the Internet at the same time. Downloading the file is distinguished by small requests, followed by very large responses. This may result in blocking HTML traffic at the ISP. 195 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.2 Traffic Shaping A solution for such a situation is limiting the bandwidth of low-priority TCP connections (such as the file download). A.2d Differentiated Services Code Point Settings In order to understand what DSCP is, one must first be familiarized with the Differentiated Services model. Differentiated Services (Diffserv) is a Class of Service (CoS) model that enhances best-effort Internet services by differentiating traffic by users, service requirements, and other criteria. Packets are specifically marked, allowing network nodes to provide different levels of service, as appropriate for voice calls, video playback, or other delay-sensitive applications, via priority queuing or bandwidth allocation, or by choosing dedicated routes for specific traffic flows. Diffserv defines a field in IP packet headers referred to as the Differentiated Services Codepoint (DSCP). Hosts or routers passing traffic to a Diffserv-enabled network will typically mark each transmitted packet with an appropriate DSCP. The DSCP markings are used by Diffserv network routers to appropriately classify packets and to apply particular queue handling or scheduling behavior. The FiOS Router provides a table of predefined DSCP values, which are mapped to 802.1p priority marking method. Any of the existing DSCP setting can be edited or deleted, and new entries can be added. 1. Quality of Service at the top of the Home screen, then click DSCP Click Settings. The DSCP Settings screen appears. 2009 Verizon. All Rights Reserved. 196 FiOS Router User Manual 2. To edit an existing entry, click the appropriate icon in the Action column. To add a new entry, click Add. In either case, the Edit DSCP Settings screen appears. 3. Configure the following parameters:
DSCP Value (hex) - Enter the DSCP value as a hexadecimal value. 802.1p Priority - Select a 802.1p priority level from the drop-down list, zero being the lowest and seven the highest (each priority level is mapped to low/medium/high priority). The default DSCP value for packets with an 197 2009 Verizon. All Rights Reserved. A Configuring Quality of Service A.2 Traffic Shaping unassigned value is zero. 4. Click Apply to save the settings. A.2e 802.1p Settings The IEEE 802.1p priority marking method is a standard for prioritizing network traffic at the data link/Mac sub-layer. 802.1p traffic is simply classified and sent to the destination, with no bandwidth reservations established. The 802.1p header includes a 3-bit prioritization field, which allows packets to be grouped into eight levels of priority. By default, the highest priority is seven, which might be assigned to network-critical traffic. Values five and six may be applied to delay-sensitive applications such as interactive video and voice. Data classes four through one range from controlled-load applications down to loss eligible traffic. Zero is the value for unassigned traffic and used as a best effort default, invoked automatically when no other value has been set. A packet can match more than one rule. This means that:
The first class rule has precedence over all other class rules (scanning is stopped once the first rule is reached). The first traffic-priority (classless) rule has precedence over all other traffic priority rules. There is no prevention of a traffic-priority rule conflicting with a class rule. In this case, the priority and DSCP setting of the class rule (if given) will take precedence. 1. Quality of Service in the Advanced screen, then click 802.1p Settings. Click The 802.1p Settings screen appears. 2009 Verizon. All Rights Reserved. 198 FiOS Router User Manual 2. The eight 802.1p values are pre-populated with the three priority levels:
Low, Medium, and High. These levels can be changed for each of the eight values in their respective drop-down lists. 3. Click Apply to save the settings. A.2f Class Statistics The FiOS Router provides accurate, real-time information on the traffic moving through the defined device classes. For example, the amount of packets sent, dropped, or delayed are just a few of the parameters monitored per each shaping class. To view class statistics, click Quality of Service at the top of the Home screen, then click Class Statistics. The following screen appears. Note that class statistics will only be available after defining at least one class (otherwise the screen will not present any information). 199 2009 Verizon. All Rights Reserved. B Introduction B.0 B.1 General B.2 LED Indicators B.3 Environmental Specifications 2009 Verizon. All Rights Reserved. 200 This appendix lists the FiOS Routers specifications, including standards, cabling type, and environmental. Note that the specifications listed in this appendix are subject to change without notice. 201 2009 Verizon. All Rights Reserved. B Specifications B.1 General B.1 General Model Number MI424WR rev. F and rev. F2 (FiOS Router) Standards IEEE 802.3x IEEE 802.3u IEEE 802.11b, g (Wireless) IP IP version 4 MoCA Two channels (WAN, LAN) WAN MoCA frequency: 975 MHz - 1025 MHz (single channel) LAN MoCA frequency: 1125 MHz - 1425 MHz (6 channel) Firewall ICSA certified Speed LAN Ethernet: 10/100 Mbps auto-sensing Wireless: 802.11g 54 Mbps optimal Cabling Type Ethernet 10BaseT: UTP/STP Category 3 or 5 Ethernet100BaseTX: UTP/STP Category 5 2009 Verizon. All Rights Reserved. 202 FiOS Router User Manual B.2 LED Indicators Power, WAN Ethernet, WAN Coax, Internet, LAN Ethernet (4), LAN Coax, USB, Wireless, WPS B.3 Environmental Dimensions Size: 1.875 x 10 x 7.4 Weight: 2.175 lbs. Power External, 10V DC, 1.6A (Adapter Technology Co., Ltd.; model #: STD 10016U) Certifications FCC Part 15, UL-60959-1 Operating Temperature 0 C to 40 C (32 F to 104 F) Storage Temperature
-20 C to 70 C (-4 F to 158 F) Operating Humidity 8% to 93% (non-condensing) Storage Humidity 5% to 100% (non-condensing) 203 2009 Verizon. All Rights Reserved. C.0 Introduction C.1 Regulatory Compliance Notices C.2 Modifications C.3 NEBS Requirements C.4 GPL C Notices 2009 Verizon. All Rights Reserved. 204 This appendix lists various compliance and modification notices, as well as the NEBS requirements and GPL. 205 2009 Verizon. All Rights Reserved. C Specifications C.1 Regulatory Compliance Notices C.1 Regulatory Compliance Notices Class B Equipment This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by implementing one or more of the following measures:
Reorient or relocate the receiving antenna;
Increase the separation between the equipment and receiver;
Connect the equipment to an outlet on a circuit different from the one to which the receiver is connected;
Consult the dealer or an experienced radio or television technician for help. C.2 Modifications The FCC requires the user to be notified that any changes or modifications made to this device that are not expressly approved by Actiontec Electronics, Inc., may void the users authority to operate the equipment. Declaration of conformity for products marked with the FCC logo United States only. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1. 2. This device may not cause harmful interference;
This device must accept any interference received, including interference that may cause unwanted operation. 2009 Verizon. All Rights Reserved. 206 FiOS Router User Manual Note: To comply with FCC RF exposure compliance requirements, the antenna used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. For questions regarding your product or the FCC declaration, contact:
Actiontec Electronics, Inc. 760 North Mary Ave. Sunnyvale, CA 94085 United States Tel: (408) 752-7700 Fax: (408) 541-9005 C.3 NEBS Requirements Warning: The red WAN Coax Port is intended for connection to Verizon FiOS only. It must not be connected to any exterior or interior Coax wires that are not designated for Verizon FiOS. Laptop Computer w/ Wireless Adapter Set Top Box w/ Television VoIP Device w/ Telephone ONT Fiber Optic Broadband Home Router Ethernet or Coaxial Connection Desktop Computer Set Top Box w/ Television Typical Broadband Home Router Installation Caution: The Broadband Home Router must be installed inside the home. The Router is not designed for exterior installation. 207 2009 Verizon. All Rights Reserved. C Specifications C.4 GPL (General Public License) C.4 GPL (General Public License) This product includes software code developed by third parties, including software code subject to the enclosed GNU General Public License (GPL) or GNU Lesser General Public License (LGPL). The GPL Code and LGPL Code used in this product are distributed WITHOUT ANY WARRANTY and are subject to the copyrights of the authors, and to the terms of the applicable licenses included in the download. For details, see the GPL Code and LGPL Code for this product and the terms of the GPL and the LGPL. 2009 Verizon. All Rights Reserved. 208
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2009-11-05 | 2412 ~ 2462 | DTS - Digital Transmission System | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 | Effective |
2009-11-05
|
||||
1 | Applicant's complete, legal business name |
Actiontec Electronics Inc
|
||||
1 | FCC Registration Number (FRN) |
0005810783
|
||||
1 | Physical Address |
3301 Olcott St
|
||||
1 |
Santa Clara, California 95054
|
|||||
1 |
United States
|
|||||
app s | TCB Information | |||||
1 | TCB Application Email Address |
b******@baclcorp.com
|
||||
1 | TCB Scope |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
||||
app s | FCC ID | |||||
1 | Grantee Code |
LNQ
|
||||
1 | Equipment Product Code |
MI424WRF2
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 | Name |
A****** Y********
|
||||
1 | Title |
Program Manager
|
||||
1 | Telephone Number |
40854********
|
||||
1 | Fax Number |
40873********
|
||||
1 |
a******@actiontec.com
|
|||||
app s | Technical Contact | |||||
n/a | ||||||
app s | Non Technical Contact | |||||
n/a | ||||||
app s | Confidentiality (long or short term) | |||||
1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 | Equipment Class | DTS - Digital Transmission System | ||||
1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Wireless 11b/g/n 2x2 Broadband Home Router | ||||
1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 | Modular Equipment Type | Does not apply | ||||
1 | Purpose / Application is for | Original Equipment | ||||
1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 | Grant Comments | Power listed is the maximum combined peak conducted output power. Device operates in 2x2 Spatial MIMO configurations and legacy modes as described in this filing. The antenna used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. End-users and installers must be provided with antenna installation and transmitter operating conditions for satisfying RF exposure compliance. | ||||
1 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 | Firm Name |
Bay Area Compliance Laboratory
|
||||
1 | Name |
J******** C******
|
||||
1 | Telephone Number |
408-7********
|
||||
1 | Fax Number |
408-7********
|
||||
1 |
b******@baclcorp.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15C | 2412 | 2462 | 0.1222 | ||||||||||||||||||||||||||||||||||||
1 | 2 | 15C | 2412 | 2462 | 0.1153 | ||||||||||||||||||||||||||||||||||||
1 | 3 | 15C | MO | 2412 | 2462 | 0.2084 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC