about this guide 1 welcome 2 hardware description

��

�

About this Guide��

��

1 Welcome��

��

��

2 Hardware Description��

��

��

��

�� !

��"��#$�� !

%��&�� '

��

3 Networking Options

��

��

��

��

��

��

4 The Management Tool!��"��#��$�� %��

&�'��"�� "��"��#��$�� %��

��#��!�� %��

�� (��#��!�� %�)

$��#��!�� %�*

5 Basic Settings+'��'�� )��

��! ��,$��-��.�� )��

��'��"��,��.�� )�%

�� )�/

0��&��1�� )��

6 Advanced Settings+'��'�� *��

��!�� *��

��2�� *��

��2�� *�*

��2�� *�3

�

��

�&��4� ��*��5

7 System Tools+'��'�� /��

��#�� /��

6(�� /�%

7��2�� /�)

��8�!�� /�*

$��!��/�3

�&#��!�� /��5

��/��

8 Virtual Private Networks�� 3��

� ((�� 9�& ��3��

��+'��'�� 3��

��$��+'��'�� 3��

0�$��+'��'�� 3�%

��8��$�� 0�$� ��3�)

9 Troubleshooting��$�� 8�"��$�( ��:��

$ ��+��4��'��;� ��8�8��:��

2��4(�� :��

2��&��(�� :��

9��( �� :�%

�

��

2�� <�� :�)

2��#��"� ��< �� :�)

� ��#!��! �� :�)

0��"��!��'��$�8� �� :�/

��'�� (�� ( �� :�3

&��+(�� :�3

�� :�:

#�� :�:

�� :��5

�!&�!��'��2�� :��

��2�� :��

��'��2�� :��

��#��"��'��'�� :��

A Specifications$��"��(�� !��

��'��(�� !��

��(��!��

�"��(�� !��

&��1��(�� !��

7� ��(�� !�%

7�� !�*

B Glossary

�

About this Guide

PurposeThis document provides operational information and description for the hardware, management, and configuration of the ORiNOCO BG-2000. A companion document, the Quick Installation Guide, provides a high level step-by-step procedure for the setup and installation of the BG-2000 and the Gateway Management Tool. There are no prerequisite skills or knowledge needed to utilize this document.

Notation Conventions■ Screen names and software buttons are displayed in bold italics.

For example: Setup area, and Help button

■ Information that you input exactly as shown is displayed in bold.

For example: Type 192.168.253.1■ Titles of information products are displayed in italics.

For example: The Quick Installation Guide

■ Networking terms are capitalized and a definition of their meaning can be found in the Glossary.

For example: Wireless Client Adapter

1
Welcome
IntroductionThe BG-2000 is the ideal solution for building various types of wireless networks in your home or small office environment. The BG-2000 is a transparent bridge device that can be used to connect wireless and wired desktop PCs and/or laptops together, while sharing a single internet connection via an external Cable Modem, xDSL Modem, or ISDN Router.

The BG-2000 has been designed for interoperability, meaning that your device will communicate with other vendor’s wireless products carrying the Wi-Fi logo.

The BG-2000 has built-in firewall protection against unauthorized access from the outside world. In addition, effective security protection prevents eavesdropping and hacker access to your local network.

The BG-2000 supports:

■ 10/100Base-T Ethernet Interface connection to a wired private network.

■ 10/100Base-T Ethernet Interface connection to a wired public network.

■ Local and remote management through a web-browser (HTTP), Command Line Interface (Telnet), and/or SNMP MIB browser.

1-1

Welcome

Features■ Easy installation and operation

■ User friendly web-based Management Tool

■ Wi-Fi certified ensuring wireless interoperability

■ Shared Internet access without cables

■ Printer and file sharing

■ Firewall protection

■ Advanced security protection

■ Quick and flexible networking options

■ Seamless connectivity between home, work, and school

■ Technical support 24 hours a day, 7 days a week

Quick Installation GuideThe Quick Installation Guide will guide you through a basic installation and configuration of your BG-2000. Please refer to the Quick Installation Guide as a first step in setting up your device. After you have followed the steps outlined in the Quick Installation Guide, you may return to this User Manual for more information.

1-2

2
Hardware Description
Panel DescriptionThis section will familiarize you with physical characteristics of your BG-2000 including:

a. Front Panel Description

b. Back Panel Description

c. Bottom Panel Description

Figure 2-1 BG-2000

2-1


Front Panel Description

The front panel of the BG-2000 contains four indicator lights that describe the networking state of your device. They are:

Figure 2-2 Front Panel

Power Wireless LAN WAN

2-2


The following table briefly summaries the meaning of the various light states. For additional information regarding these descriptions, consult the Troubleshooting section of this guide.

Table 2-1 Front Panel Description Table

Icon Light Activity Description

Power On (green) Powered on.

Wireless On (steady or flickers

green)

If this light is on, the BG-2000 is ready for wireless connectivity to other wireless stations. If not, wireless activity is not possible between the BG-2000 and other wireless stations. Initially, the light is off when not connected and flickers green when downstream traffic is detected.

LAN On (steady or flickers

green)

If this light is on, the BG-2000 is ready for connection to a local area network. If not, connection to a local area network is not possible. Initially, the light is off when not connected and flickers green when downstream traffic is detected.

WAN On (steady or flickers

green)

If this light is on, connection to a service provider has been established. Initially, the light is off when not connected and flickers green when downstream traffic is detected.

2-3


Back Panel Description

All physical connections are made on the back panel of the BG-2000. The back panel contains (from top to bottom):

a. Reload push button

b. Power supply plug

c. 10/100BASE-T Ethernet LAN port

d. 10/100BASE-T Ethernet WAN (Internet) port

Figure 2-3 Back Panel

2-4


Table 2-2 Back Panel Description Table

Reload Button FunctionsThe small push button has three functions:

■ Revert to Last Known Good Configuration

■ Reload to Factory Defaults

■ Reload Gateway Software

a. Reload Button For easy identification, the small push button is labeled “RELOAD” just above the power supply socket. The small push button has three functions:■ Revert to Last Known Good Configuration■ Reload to Factory Defaults■ Reload Gateway SoftwareThese three functions are detailed in this chapter.

b. Power Socket For easy identification, the power socket is labeled “9V 1.1 A”.

c. LAN Ethernet port For easy identification, the LAN Ethernet port is labeled “LAN” and colored yellow.

d. WAN (Internet) Ethernet port

For easy identification, the WAN Ethernet port is labeled “WAN” and colored blue.

2-5


Table 2-3 Revert to Last Known Good Configuration

Table 2-4 Reload to Factory Defaults

Light Activity Description Impact Action

Power Steady Amber

A revert to last known good configuration can be used to recover from undesirable configurations.

This will revert your active configurationto the last configuration you saved as a ’known good configuration’. If you did not save a ’known good configuration’ it will revert to the factory default configuration. A revert to last known good configuration will only change the active configuration.

To perform a revert to last known good configuration, depress the reload button until you see the light activity outlined in this table (between 6 and 10 seconds).

Wireless n/a

LAN n/a

WAN n/a


Power Flicker Amber

A reload to factory defaults can be used when you have forgotten your password or other unique identifiers to access your BG-2000. A reload to factory defaults returns your BG-2000 to its factory default or “out of box” configuration.

In this state the:■ Configuration username has been

restored to the factory default value (admin).

■ Configuration password has been restored to the factory default value (empty field).

■ Data Security (also known as Encryption) has been turned off.

■ Network Name has been restored to its default value (printed on the identification label located on the bottom panel of the unit).

■ LAN IP Address has been restored to the default value (192.168.253.1).

To perform a reload to factory defaults, depress the button until you see the light activity outlined in this table (approximately between 11 and 20 seconds).

Wireless

n/a

LAN n/a

WAN n/a

2-6


Table 2-5 Reload BG-2000 Software

Performing a Reload of the Gateway Software

In order to download BG-2000 software, you must have a wired Ethernet connection to your BG-2000. You can either connect your computer directly to the Ethernet port using a crossover cable, or connect both your computer and the BG-2000 to an existing Ethernet hub on your LAN. You will need a computer with the BG-2000 software file already on it, or the CD-ROM that shipped with your BG-2000.

1. Perform the action described in Table 2-5.

2. Make sure your computer is in the same subnet (192.168.253.1) as your BG-2000. To verify this:


Power Flicker Amber A reload of gateway software can be used when your BG-2000 software is missing or has been corrupted.

In this state the:■ The BG-2000 is able

to upload new application software using 192.168.253.1.

■ Last configuration profile will become active.

To perform a reload of the BG-2000 software, first disconnect the power from the BG-2000. Then depress the reload button and re-connect the power. Hold down the button until you see the light activity outlined in this table (for more than 21 seconds).

Wireless Flicker Amber

LAN Flicker Amber

WAN Flicker Amber

2-7


a. Open a DOS command window. (For Windows NT/2K/XP users: click Start - Run and type cmd in the “Open” field, and then click OK. For all other Window users, type command in the “Open” field, and then click OK.

b. At the prompt, type: ipconfigc. Hit Enter.

d. Verify that your Default Gateway equals 192.168.253.1 to continue with the next step. If this is not the case, your computer is not in the same subnet as your BG-2000.

3. At the DOS command prompt, type:

tftp -i 192.168.253.1 put <filename of downloaded software> FIRMWARE

4. Wait until the file is loaded and the command prompt returns with “Transfer successful”.

5. Perform a Revert to Last Known Good Configuration of your BG-2000 for these changes to take effect.

6. Verify that the software version/configuration you have just loaded is the expected result. The software version can be viewed on the Statistics page of the Management Tool. If using the BG-2000 CD-ROM to reload your software, you should now upgrade to the latest software available from your vendor.

2-8


Bottom Panel Description

The bottom panel of the BG-2000 contains:

■ Identification Label

■ Hardware Reset Button

Identification LabelThe BG-2000 has a identification label located on the bottom panel of the unit. This label may need to be referenced when setting up and configuring your device or to provide details to ORiNOCO Technical Support.

The identification label contains:

■ Gateway Module Name.

For example, “ORiNOCO BG-2000”.

■ Network Name.

For example, “aaaaaa”, where “aaaaaa” is your gateway Network Name.

■ Part number and revision (Pn).

For example, “ddddd/r”, where “ddddd” is your gateway part number and “r” is its revision.

■ Serial Number (Sn).

For example, “yyAAxxxxxxxx”, where “yyAAxxxxxxxx” is your Serial Number.

2-9


��

All information is case sensitive. It is recommended that you write this information down before mounting your unit.

My identification values are:

Gateway Module Name =

Network Name =

Part number and revision (Pn) =

Serial Number (Sn) =

Hardware Reset ButtonFor easy identification, this button is labeled “RESET” on the bottom panel of the unit and can be accessed with the tip of a paper clip. A hardware reset can be used to recover from a situation where the BG-2000 has become unresponsive. This type of reset has the same effect as disconnecting/re-connecting the power to the unit. To perform a hardware reset, depress the button and release.

2-10


General GuidelinesWhen using your BG-2000, please follow the safety guidelines and operation guidelines below:

Safety Guidelines:

■ Do not cover or block the airflow to the product.

■ Keep the product away from excessive heat and humidity.

■ Keep the product free from vibration and dust.

■ Always disconnect the power adapter before cleaning.

Operation Guidelines:

■ To maximize the wireless coverage, place the unit as centrally as possible (depending on the wireless computer’s vicinity).

■ Always clean the product with a soft tissue. To avoid damage, do not use aggressive liquids like alcohol or acetone and do not rinse with fluids.

■ We recommend that you leave the unit powered on in order to extend the life of your unit.

2-11


2-12

3
Networking Options
Common Wireless ConfigurationsThe Setup Wizard will guide you to configure your BG-2000 in a very simple fashion to one of four predetermined configuration profiles:

1. DHCP Client Gateway (default mode)

2. PPPoE Gateway

3. Static IP Gateway

4. Static IP Bridge

DHCP Client Gateway

Use this configuration profile if your IP Address is automatically assigned by your service provider. In this case, you do not need to fill in the IP Address value to set up your Internet connection. However, you may need to obtain the DNS (Domain Name Server) addresses and DHCP Client ID from your service provider.

Table 3-1 Network Access Settings via gateway with DHCP clientDefault Settings

NAT onDHCP Server on

3-1

Networking Options

PPPoE Gateway

Use this configuration profile if your service provider requires authentication (username and password) for PPPoE. You will need to obtain a account name (Username) and account password from your service provider.

Table 3-2 Network Access Settings via ADSL (PPPoE)

Static IP Gateway

Use this configuration profile if your IP Address is predefined (also known as Static IP) by your service provider.

Table 3-3 Network Access Settings via Static IP Gateway

DHCP Client onPPPoE off

Default SettingsNAT onDHCP Server onDHCP Client offPPPoE on

Default SettingsNAT onDHCP Server onDHCP Client off

Default Settings

3-2

Networking Options

Static IP Bridge

Use this configuration profile if your service provider has provided you with an IP Address. In this mode, you will be able to connect the BG-2000 within an existing LAN. The NAT will be disabled and the BG-2000 will act as a wireless pass-thru allowing the sharing of machines, files and printers throughout your network.

Table 3-4 Network Access Settings via Static IP Bridge

PPPoE off

Default SettingsNAT offDHCP Server offDHCP Client offPPPoE off

Default Settings

3-3

Networking Options

3-4

4
The Management Tool
Accessing the Management ToolThe Gateway Management Tool is a web-based user interface, which means it allows you to configure and monitor your BG-2000 through your web browser. The first time you attempt to access your BG-2000, or after you perform a Reload to Factory Defaults, the Setup Wizard will start automatically and guide you through a basic configuration.

If you have difficulties accessing the Management Tool:

■ Make sure to disable any proxy settings on your web browser (see the troubleshooting section - “Turning Off Proxy Server on Your Web browser”) before trying to access the Management Tool.

■ Make sure that your computer is equipped to receive an IP address automatically (see the troubleshooting section -”Verify Computer Settings”).

You may modify your configuration settings at anytime after initial setup using the Setup Wizard. Alternatively, you may use the other pages to manually change specific features. Remember to save and restart your BG-2000 for these changes to take effect.

4-1

The Management Tool

Navigating through the Management ToolThe Management Tool consists of three main areas: Home, Setup, and Tools. You may use the Management Tool to:

■ View your settings and network statistics in the Home area.

■ Configure your device via the Setup Wizard in the Setup area.

■ Modify Basic and Advanced settings in the Setup area.

■ Switch active profiles and upgrade software in the Tools area.

■ Get additional information with the Help button.

Home - Main Area

The Home area is the first screen that will appear after you have configured the BG-2000 via the Setup Wizard. This area is the main entrance to the Management Tool and can be accessed at anytime by clicking the Home button at the top of the screen. This screen allows you to monitor and obtain information on the current configuration profile. Statistical information is divided into the following categories:

■ Wireless Interface: indicates the number of Wireless Client Adapters (such as a PC Card or USB Client) connected to your device.

■ Wireless Network Name: unique name that identifies your device from other wireless stations.

■ WAN Interface: indicates your connection (connected or disconnected) to your service provider.

4-2

The Management Tool

■ WAN Connection Type: indicates the connection type you are currently using to connect to your service provider.

■ LAN Interface: indicates your connection (connected or disconnected) to your Local Area Network.

■ Primary DNS: Primary Domain Name System address.

■ Secondary DNS: Secondary Domain Name System address.

■ Active Profile: indicates the name of your last saved configuration.

■ Uptime: indicates the amount of time elapsed since the last time the device was powered up or reset.

■ Recent Events Log: shows the five most recent events that your device has performed.

■ View Event Log: contains a list of performed configuration modifications and/or error messages.

4-3

The Management Tool

Figure 4-1 Home - Main Area

4-4

The Management Tool

Setup - Main Area

The Setup area allows you to modify basic and advanced features that are listed in the left navigational bar of the Setup screen. This is also the starting point for configuring your device using the Setup Wizard.

The Setup Wizard will guide you through a series of simple questions to determine which type of configuration is right for you. You may also use this page to modify basic and advanced configuration parameters after setting up your device. You can return to this screen at anytime by clicking the Setup button at the top of the screen.

Figure 4-2 Setup - Main Area

4-5

The Management Tool

Tools - Main Area

The Tools area allows you to perform common functions involved in the management of your BG-2000 which are itemized in the left navigational bar of the Tools screen. You can return to this screen at anytime by clicking the Tools button.

Figure 4-3 Tools - Main Area

4-6

5
Basic Settings
OverviewIf you don’t want to run the Setup Wizard, you can modify your settings using the Basic Settings screens. Select Setup from the top menu, scroll down the left navigation bar to Basic Settings.There are four categories of Basic Settings to choose from to suit your networking needs:

■ Internet Address (TCP/IP) Settings■ PPP over Ethernet (PPPoE) Settings■ Wireless Settings■ Local Network Settings

Internet Address (TCP/IP) Settings

Your WAN IP address can be either static, meaning it never changes, or dynamic, meaning each time you login you are assigned a new address for that session. Check with your ISP or network administrator to find out if your computer uses static or dynamic IP addressing. These entries are for the WAN side of your device.

■ Manual IP Addressing: select this option if your ISP provides static internet values and you would like to modify the following items:

5-1

Basic Settings

■ (WAN) IP Address: Internet Protocol Address is a unique numeric value assigned to your computer to identify it from other computers on the Internet. It is similar to that of a telephone number assigned to your telephone.

■ Subnet Mask: works with the IP Address to indicate the logical location (Subnet) of a networked computer, similar to an area code that identifies the geographical region of a telephone. If the IP Address was assigned to you by your ISP, this field must be populated with a Subnet Mask value.

■ Gateway Address: device that you must address to communicate with networked devices outside the current Subnet.

■ Primary/Secondary DNS Address: Domain Name System Address is the database which computers on the Internet use to look up each other’s addresses.

■ Automatic IP Addressing (Using DHCP): if your ISP dynamically assigns an IP address, then you may be required to fill in your ISP’s DHCP Client ID, and/or WAN MAC Address.

5-2

Basic Settings

Figure 5-1 Internet Address (TCP/IP) Settings - Basic Settings

5-3

Basic Settings

PPP over Ethernet (PPPoE) Settings

PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet to a remote site typically through a DSL modem. PPPoE combines PPP (Point-to-Point Protocol) with the Ethernet protocol, where the PPP protocol information is encapsulated within the Ethernet frames.

PPPoE can be used to let multiple wireless users share a common Digital Subscriber Line by connecting an ADSL modem to a gateway.

If you have a broadband connection to the Internet and are required to login with a username and password to gain access to the Internet, your ISP is most likely using PPPoE. If you have access to the Internet when you turn on your computer, you are probably not using PPPoE. The best way to tell, is to call you ISP and ask them, or refer to the user documentation provided from your ISP.

The BG-2000 supports two PPPoE connection modes:

■ Always On

■ On Demand

Use this page to choose your PPPoE connection mode:

■ In Always On mode (default mode), the PPPoE connection with the ISP is established when the BG-2000 is powered on. If the ISP is inaccessible when the BG-2000 is powered on, periodic retries will be attempted until the PPPoE connection is successfully established. Once the connection is established, the PPPoE connection remains "up" until the BG-2000 is powered off.

5-4

Basic Settings

■ In On Demand mode, the PPPoE connection with the ISP is established only when there is activity going out the WAN port. For example, when you surf the WWW or otherwise access the Internet. The PPPoE connection will remain established as long as there is activity to the Internet. If the PPPoE connection remains idle (no activity to the Internet) for the specified "Idle Time out”, the PPPoE connection will automatically be closed. When activity to the Internet resumes, the PPPoE connection will automatically be re-established.

— Idle Time out - This parameter specifies the amount of time of inactivity on the PPPoE connection before the PPPoE connection is automatically closed. This applies only to On Demand mode. Valid range is 1 to 999 minutes.

5-5

Basic Settings

Figure 5-2 PPPoE - Basic Settings

5-6

Basic Settings

Wireless Settings

You can use this screen to:

■ Modify your Network Name. The Network Name is a unique name given to identify your wireless network and to connect a PC Card/USB Client to your network. Every PC Card/USB Client in your network must be configured with the same Network Name. The default Network Name is printed on the identification label on the bottom panel of the unit.

■ Turn on a hidden (closed) wireless network if you don’t want to share your connection with any other computers, making it more difficult for unauthorized people to identify and break into your network. Only those computers configured with your specific Network Name will be able to access the BG-2000. If this box is not checked, the BG-2000 will broadcast its Network Name (SSID) for all Wireless Client Adapters to see.

■ Turn on Data Security (WEP) by using Encryption Keys, thereby preventing any unauthorized access to your private network.

■ Select the desired card Channel (by default channel 1 is used). Ensure nearby devices do not use the same frequency. This gives you the ability to select a sub-channel of the 2.4 GHz channel set. You can use this option to configure your BG-2000 if the default channel suffers from interference by an in-band device like a microwave oven.

■ Set the rate at which Multicast messages may be sent. By default, this value is set to Auto Fallback which allows the BG-2000 to determine the best rate. This value is related to the distance between wireless

5-7

Basic Settings

devices. For specific information about the range of Wireless Network Interfaces in different environments, refer to the specifications section of this User Guide.

■ Set Wireless Transmit Rate - Auto Fallback, Fixed 1 Mbps, Fixed 2 Mbps, Fixed 5.5 Mbps, or Fixed 11 Mbps, depending on the site survey for your system. The specifications section of this User Guide provides guidelines for for evaluating this value.

Encryption Keys■ Enter 5 characters for ASCII 64-bit Encryption■ Enter 10 characters for Hex 64-bit Encryption■ (Enter 12 characters for Hex 64-bit Encryption including “0x” in front of

the Hex key)

■ Enter 13 characters for ASCII 128-bit Encryption■ Enter 26 characters for Hex 128-bit Encryption

■ (Enter 28 characters for Hex 128-bit Encryption including “0x” in front of the Hex key)

The option to enter up to four different keys enables you to define a roll-over scheme. You can select another key every few weeks until you reach the fourth key.

Be sure to write down these values before restarting. Encryption Keys are stored in hidden characters and will not be displayed again in a readable format.

To minimize the risk of intruders being able to retrieve the Encryption values:

5-8

Basic Settings

■ Lock away any paper registration sheets that you use to remember the defined Encryption values.

■ Change the Encryption values at regular intervals.

When your network includes computers equipped with PC Cards from different manufacturers, you may encounter difficulty entering the Encryption Keys because one system might require you to enter Hexadecimal Values (0-9, a-f, A-F) where the other system prompts you to specify Alphanumeric Values (0-9, a-z, A-Z).

If you require help with entering the Encryption Keys, refer to the Glossary table ‘Translating Hex & ASCII values’.

Multicast RateFor Multicast traffic, you are advised to use a Multicast Rate value of 2 Mb/s, which is the default value and is supported by all Wireless Client Adapters. Only use higher Multicast Rate values when:

■ The physical placement of the BG-2000 was based on the objective of creating a high performance wireless infrastructure with maximum data throughput, regardless of the total number of devices required to build such a network.

■ Wireless (mobile) devices in all locations have been verified with a communications quality that is rated “Excellent” or “Good”.

Selecting higher values than 2 Mbit/s in network environments that do not satisfy these requirements may result in Multicast messages getting lost. Subject to the type of network operating system in use, loss of Multicast

5-9

Basic Settings

messages may have serious impact on the connectivity and/or network performance of your wireless clients.

Wireless Transmit RateIn case a transmitting wireless computer does not receive the acknowledgment that a transmitted message was received, the station will try to transmit the message again. If the retransmission fails, your wireless computer will switch to a lower Wireless Transmit Rate using the Auto Fallback mechanism.

When working close to each other, two wireless devices will communicate at the highest transmit rate as supported by both of the interfaces. However, communications at the highest transmit rate may not travel as far as transmissions at lower transmit rates.

When moving away from each other, wireless network interfaces will decrease their transmit rate automatically, but only if required to maintain the wireless connection. When moving closer to each other again, the Auto Fallback mechanism will automatically increase its transmit rate again to the highest possible rate that will provide reliable communications.

For specific information about the range of BG-2000 Wireless Network Interfaces in different environments, refer to the radio specification section of this Guide.

5-10

Basic Settings

Figure 5-3 Wireless Settings - Basic Settings

5-11

Basic Settings

Local Network Settings

Use this screen to enable DHCP (Dynamic Host Configuration Protocol) to automatically assign an IP address for every computer on your LAN.

■ DHCP with NAT:

You may choose to share a single IP address using DHCP and NAT (Network Address Translation), which assigns “dummy” IP addresses to all machines on your private network. This allows your private network to hide behind a single public address. Any request made from the private network has their “dummy” IP address replaced with the public IP Address of the BG-2100. Only this IP address is visible from the public network.

— LAN IP Address: 192.168.253.1

— Subnet Mask: 255.255.255.0

This IP address is an example of one that can be used to configure your BG-2000. Your ISP may require you to use a different IP address and subnet mask.

■ DHCP only:

Share a range of IP addresses using only DHCP. Select the range of IP addresses you wish to use (Starting IP address and Ending address) and type in the duration that these values are valid.

■ Lease Time - indicates the time for your PC Card to retain the assigned IP addresses. DHCP automatically renews IP addresses without client notification.

5-12

Basic Settings

Figure 5-4 Local Network Settings - Basic Settings

5-13

Basic Settings

5-14

6
Advanced Settings
OverviewAdvanced settings are intended for our more advanced users. We recommend that you do not change or modify these settings unless you are confident you understand the consequences of these changes.

There are five categories of Advanced Settings:

■ Wireless Access Control: Set restrictive communication limitations.

■ Port Forwarding: Redirect network services to specific stations.

■ Port Filtering: Secure against untrustworthy sources of communication.

■ Protocol Filtering: Offers additional security from potentially harmful information.

■ DNS Proxy: Set your device as a DNS Server.

6-1

Advanced Settings

Wireless Access Control

Wireless Access Control is an advanced security feature for your BG-2000 that restricts wireless access to only those stations that are listed in the table. Authorized stations are listed by their unique MAC address.

When Wireless Access Control is enabled, the BG-2000 will ignore all requests to forward data to/from wireless devices that are not identified in this list. The access control list can be enabled and disabled.

To add stations for Wireless Access Control:

■ Check the box labeled Enable Wireless Access Control.■ Click the New button.

■ Enter in the MAC Address of your Wireless Client Adapter (PC Card and/or USB Client).

■ Enter a description in the “Comment” field, (e.g. my office laptop or home desktop).

■ Click the Save button.

To Remove a line:

■ Select the item to be removed, then click the Delete button.


Don’t forget to Restart your BG-2000 for these changes to take effect.

6-2

Advanced Settings

Figure 6-1 Wireless Access Control - Advanced Settings

Port Forwarding

Port Forwarding is a combination of remapping and translating communication traffic between your BG-2000 and PC Card throughout your private network. It is a mechanism by which you set up rules to define the port to be routed and its destination. Possible destinations include routing a port to a local web server, FTP server, or mail server on your local network.

6-3

Advanced Settings

For example, if you would like to use Windows NetMeeting with your BG-2000, you could configure the device so that connections to port 1720/TCP get redirected to port 1063 on 192.168.253.2 (an internal machine).

You must also configure the device so that connections to port 1503/TCP get redirected to port 1503 on 192.168.253.2 (the same internal machine). This combination of port forwarding will enable you to use Windows NetMeeting with your BG-2000.

TCP (Transport Control Protocol) is used for HTTP and Telnet sessions and for DNS zone transfers, and UDP (User Datagram Protocol) is used as a transport method for TFTP, SNMP, DHCP, and DNS name resolution.

To add stations for Port Forwarding:

■ Check the box labeled Enable Port Forwarding.

■ Click the New button.

■ Fill in the appropriate information.


To remove a line:

6-4

Advanced Settings




Figure 6-2 Port Forwarding - Advanced Settings

6-5

Advanced Settings

Port Filtering

Port Filtering is an advanced security feature that can be used in a variety of ways to block connections to your BG-2000 from the Internet. This feature can also be used to block connections to specific ports by interface. You might wish to block connections that you consider to be hostile or untrustworthy. Alternatively, you may wish to block connections from all interfaces (WAN, LAN, and Wi-Fi) external to your network.

Enabling this function will allow you to control the type of Internet services accessible from your network, such as Email, HTTP, NNTP, Telnet, and FTP. You may want to enable this feature if you would like to set boundaries for your children at times when you are unable to monitor their activity. This also serves as an added security feature that protects your computer from unauthorized external accesses.

To add stations for Port Filtering:

■ Check the box labeled Enable Port Filtering.




To Remove a line:




6-6

Advanced Settings

Figure 6-3 Port Filtering - Advanced Settings

6-7

Advanced Settings

Protocol Filtering

Protocol Filtering is an advanced security feature that selectively filters specific packets based upon their Ethernet protocol type. Protocol filtering is useful in preventing protocols used in one segment of a network from being routed to other subnets that do not use those protocols.

For example, you may not want data packets from a subnet using AppleTalk to be routed to a segment of the network with Unix workstations. By restricting AppleTalk from being routed to the Unix subnet, the Unix subnet is filtered from unwanted traffic, increasing the amount of bandwidth available on your network.

To add stations for Protocol Filtering:

■ Check the box labeled Enable Protocol Filtering.




To Remove a line:




6-8

Advanced Settings

Figure 6-4 Protocol Filtering - Advanced Settings

6-9

Advanced Settings

DNS Proxy

DNS Proxy is an advanced feature for your BG-2000 that allows the automatic update of DNS addresses in your private network. This prevents you from having to manually release and renew the DNS address of every computer connected in your network (also known as DNS Relay).

This feature is enabled by default and should not be disabled unless absolutely necessary.

Figure 6-5 DNS Proxy - Advanced Settings

6-10

7
System Tools
OverviewThe Tools area allows you to perform common functions involved in the management of your BG-2000.

■ The Profile Management screen permits you to create, change, and delete connection profile(s).

■ The Upgrade Gateway Software screen allows you to update the firmware running on your BG-2000 to the latest version available.

■ The Reset to Factory Defaults screen will reset all of the configuration settings back to the default values set by the factory.

■ The Web Access screen allows you to select which interfaces you would like to use to manage your BG-2000 using the web.

■ The Terminal Access screen allows you to select which interfaces you would like to use to manage your BG-2000 using telnet.

■ The SNMP Access screen allows you to authorize SNMP management to a restricted group of SNMP management stations.

■ The Statistics screen displays sets of statistical tables that show general information about your BG-2000.

7-1

System Tools

Profile Management

Use this screen to import and export custom profiles, modify and activate profiles you have already created, and save them into your profile list for later use. The factory default profile filename is config.BGC

Only valid plain text configuration profiles that have the extension .BGC can be imported successfully. Any attempt to import another type of file may result in unpredictable results.

To activate an existing profile:

1. Select the profile you wish to activate.

2. Click the Activate button.

3. Restart your BG-2000.

To select a profile you have saved on your computer:

1. Click the Import button.

2. Browse to the file you wish to import.

3. Click Open.

4. Click the Import button.

To save a profile to your computer for file transfer:

1. Select the file you wish to save to your computer.

2. Click the Export button.

3. Click the Export button again.

4. Enable the Save this file to disk box and click the OK button.

5. Save the file to your computer.

6. Click the Done button.

7-2

System Tools

Figure 7-1 Profile Management - Tool Page

7-3

System Tools

Upgrade Gateway Software

Use this screen to upgrade your BG-2000 software. After successfully downloading the new software file from the product website and saving it to a directory (of your choosing), select the Browse button to locate the new file (visible in the "Choose file:” window).

Click on the Upgrade button and the new software will be automatically uploaded and installed in the BG-2000.

Figure 7-2 Upgrade Gateway Software - Tools Page

7-4

System Tools

Reset to Factory Defaults

You will return your BG-2000 to its original factory ‘out of box’ configurations. This places your BG-2000 into a known working state in the event that your unit appears unusable.

Figure 7-3 Reset to Factory Defaults - Tools Page

7-5

System Tools

Web Access

Use this screen to change your username and password. A username and password are necessary to access your device and modify configuration profiles. The username and password is the same for both the web interface and the terminal access (CLI). Your BG-2000 must be restarted for this to take effect in both the web interface and CLI administrations.

The default username for your BG-2000 is admin. There is no default password, therefore you may leave this field empty. However, if you do not choose a password for your BG-2000, it will not be protected against access by other users.

This screen also allows you to select which interfaces you would like to use to manage your BG-2000 using the web. Check each interface box you would like to allow web access from.

7-6

System Tools

Figure 7-4 Web Access - Tools Page

7-7

System Tools

Terminal Access

In addition to the web-browser interface, your BG-2000 can be accessed by a Command Line Interface, and any SNMP MIB browser. A Command Line Interface provides an interface to configure and manage your BG-2000 by scripting. It provides a solution to use a telnet setting in order to supply commands and receive textual replies. The CLI is accessible via the Wi-Fi, LAN, and WAN, interfaces of your device. Currently, the CLI can access all information but may require a reboot for any configuration changes to take affect. If you used the CLI instead of the Management Tool to configure your unit, please consult the related CLI help files for additional information.

7-8

System Tools

Figure 7-5 Terminal Access - Tools Page

7-9

System Tools

SNMP Access

The SNMP Access screen is an advanced security option that enables you to authorize SNMP management to a restricted group of SNMP management stations. Simple network management protocol (SNMP) is an Internet standard that defines how communication occurs between SNMP capable devices and provides a standard interface to configure and manage networking products.

■ Read-Only Community String enables you to create a network management level, where a local user can view, but not modify the SNMP parameters.

■ Read-Write Community String enables you to create a network management level, where only a Network Supervisor knowing the right Read/Write string will be able to view or modify the SNMP parameters.

7-10

System Tools

Figure 7-6 SNMP Access - Tools Page

7-11

System Tools

Statistics

The Statistics page shows various statistics and general diagnostic information useful for debugging your device. You will find the MAC Addresses and the following version information on the top of this page:

■ Application Code version

■ Bootloader version

■ Wi-Fi Firmware version

You may use the statistics to monitor system activities which are useful in troubleshooting your device. The following tables describe network values for several networking categories.

Table 7-1 ICMP

Name Description

Messages Indicates the number of ICMP messages addressed to the ICMP entity that were actually received/sent by the ICMP entity. This number includes the messages that were counted as errors.

Errors Indicates the number of ICMP messages addressed to the ICMP entity as received/sent by the ICMP entity device, but had ICMP-specific errors, such as bad ICMP checksum, bad length, and so on.

Destination Unreachable

Indicates the number of “ICMP Destination Unreachable” messages received/sent.

Time Exceeded Indicates the number of “ICMP Time Exceeded” messages received/sent.

Parameter Problem Indicates the number of “ICMP Parameter Problem” messages received/sent.

7-12

System Tools

The IP table displays MIB related information.

Table 7-2 IP

Source Quench Indicates the number of “ICMP Source Quench” messages received/sent.

Redirect Indicates the number of “ICMP Redirect” messages received/sent.

Echo Request Indicates the number of “ICMP Echo (request)” messages received/sent.

Echo Reply Indicates the number of “ICMP Echo Reply” messages received/sent.

Timestamp Request Indicates the number of “ICMP Timestamp (request)” messages received/sent.

Timestamp Reply Indicates the number of “ICMP Timestamp Reply” messages received/sent.

Address Mask Request Indicates the number of “ICMP Address Mask” messages received/sent.

Address Mask Reply Indicates the number of “ICMP Address Mask Reply” messages received/sent.

Name Description

Forwarding Indicates whether this device is acting as an IP gateway. IP gateways forward datagrams that are received, but not addressed to the entity. If the device is acting as an IP host it would not forward datagrams, except for datagrams that are source-routed via the host.

Name Description

7-13

System Tools

Default TTL Displays the Default ’Time-to-Live’ (TTL) value that the device will insert into the IP header of a datagram originated at this entity. The unit will only do so when this value has not been supplied by the transport layer protocol.

In Datagrams Received

Displays the number of input datagrams that were received successfully.

In IP Header Error Displays the number of input datagrams discarded as result of errors in the IP header of the datagrams. Other reasons for discarding the datagram could be: bad checksum, version number mismatch, a ’Time-to-Live’ value that had expired, or other format errors, or errors in processing the IP options.

Invalid Destinations Identifies the number of input datagrams that was discarded as result of an invalid IP Address value to be received at this entity. This count includes invalid addresses such as ’0.0.0.0’ and addresses of unsupported classes (e.g. Class E). If the unit functions as an IP Gateway, it will not forward datagrams. For such devices, this counter will also include datagrams discarded because the destination address was not a local address.

Unknown Protocols Indicates the number of locally addressed datagrams that were received successfully but discarded as result of an unknown or unsupported protocol.

Input Discards Indicates the number of input IP datagrams that were discarded although no problems occurred that prevented processing. One reason for discarding these datagrams may be a lack of buffer space. This counter does not include datagrams discarded while awaiting reassembly.

Input Deliveries Indicates the total number of input datagrams successfully delivered to IP user-protocols (including ICMP).

Output Requests Indicates the total number of IP datagrams which local IP user-protocols supplied to IP in requests for transmission. This counter includes the ICMP user-protocol, but does not include datagrams counted in the “Datagrams Forwarded” field.

Name Description

7-14

System Tools

Output No Routes Indicates the number of locally addressed datagrams that were received successfully but discarded as result of an unknown or unsupported protocol.

IP Reassembly Timeout

The maximum number of seconds that received fragments will be held at this entity to await reassembly.

IP Reassembly Required

Indicates the number of IP fragments received that need to be reassembled at this entity.

Reassembly OK Indicates the number of IP fragments received that were successfully reassembled at this entity.

Failed Reassemblies Indicates the number of failures detected by the IP reassembly algorithm, or example as result of time-outs or errors. The number of “Failed Reassemblies” does not necessarily represent the number of discarded IP fragments, as some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them when they are received.

Datagrams Fragmented OK

Indicates the number of IP datagrams that have been successfully fragmented at this entity.

Datagrams Fragmented Failure

Indicates the number of IP datagrams that have been discarded because they could not be fragmented at this entity, for example because the datagram had the 'Don't fragment' flag set.

Fragments Created Indicates the number of IP datagrams that have been generated as a result of fragmentation at this entity.

Routing Discards Indicates the number of IP datagrams that have been discarded. A possible reason for discarding valid entries could be to free-up buffer space.

Name Description

7-15

System Tools

Table 7-3 IPARP

The SNMP table displays a set of SNMP variables that are gathered on the SNMP agent that resides in the target machine.

Table 7-4 SNMP - Messages Received/Sent

Name Description

Interface The interface used by the BG-2000. When displaying a Router, this value can read another value, depending on the number of interfaces actually connected to the device.

Physical Address The MAC Address of the BG-2000. All interfaces are identified by the MAC Address that is printed on the label on the unit’sprocessor module.

IP Address The associated IP address of this device. If your network does not use IP addressing, this value will probably be the same for all BG-2000 devices on the network (that is, the factory setdefault IP address).

Media Type The types of IP address mapping are Other, None of the following /Invalid, Non-Validated, Dynamic mapping, or Staticmapping.

Name Description

Total Messages Received:Indicates the number of SNMP messages which were delivered to the SNMP protocol entity from the transport service.Sent:Indicates the number of SNMP messages which were passed from the SNMP protocol entity to the transport service.

7-16

System Tools

Unsupported Version Indicates the number of SNMP messages which were delivered to the SNMP protocol entity, and were for an unsupported SNMP version.

Unknown Community Indicates the number of SNMP messages delivered to the SNMP protocol entity which used a SNMP Community name not known to the BG-2000.

Invalid Operations Indicates the number of SNMP messages delivered to the SNMP protocol entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.

ASN.1/BER Parse Errors Indicates the number of SNMP ASN.1 or BER errors encountered by the SNMP protocol entity when decoding SNMP message.

Error Status - tooBig Received:Indicates the number of SNMP PDU’s delivered to the SNMP protocol entity and for which the value of the error status is ’tooBig’.Sent:Indicates the number of SNMP PDU’s which were generated by the SNMP protocol entity and for which the value of the error status is ’tooBig’.

Error Status - noSuchName

Received:Indicates the number of SNMP PDU’s delivered to the SNMP protocol entity and for which the value of the error-status is ’noSuchName’.Sent:Indicates the number of SNMP PDU’s which were generated by the SNMP protocol entity and for which the value of the error-status is ’noSuchName’.

Name Description

7-17

System Tools

Error Status - badValue Received:Indicates the number of SNMP PDU’s delivered to the SNMP protocol entity and for which the value of the error-status is ’badValue’.Sent:Indicates the number of SNMP PDU’s which were generated by the SNMP protocol entity and for which the value of the error-status is ’badValue’.

Error Status - ReadOnly Received:Indicates the number of valid SNMP PDU’s delivered to the SNMP protocol entity and for which the value of the error-status is ’readOnly’. Please note that this is a protocol error to generate a SNMP PDU which contains the value 'readOnly’.Sent:Indicates the number of valid SNMP PDU's which were generated by the SNMP protocol entity and for which the value of the error-status is 'readOnly'. Please note that this is a protocol error to generate a SNMP PDU which contains the value 'readOnly'.

Error Status - genErr Received:Indicates the number of SNMP PDU's delivered to the SNMP protocol entity and for which the value of the error-status is 'genErr'.Sent:Indicates the number of SNMP PDU's generated by the SNMP protocol entity and for which the value of the error-status is 'genErr'.

Total Requested Variables

Indicates the number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP 'Get-Requests' and 'Get-Next PDU'.

Name Description

7-18

System Tools

Total Variables Set Indicates the number of MIB objects which have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP ’Set-Requests’.

Get Requests Received:Indicates the number of SNMP 'Get-Request’ PDU's which have been accepted and processed by the SNMP protocol entity.Sent:Indicates the number of SNMP 'Get-Request’ PDU's which have been generated by the SNMP protocol entity.

Set Requests Received:Indicates the number of SNMP 'Set-Request’ PDU's which have been accepted and processed by the SNMP protocol entity.Sent:Indicates the number of SNMP 'Set-Request’ PDU's which have been generated by the SNMP protocol entity.

Get Responses Received:Indicates the number of SNMP 'Get-Response PDU's which have been accepted and processed by the SNMP protocol entity.Sent:Indicates the number of SNMP 'Get-Response PDU's which have been generated by the SNMP protocol entity.

Traps Received:Indicates the number of SNMP 'Trap’ PDU's which have been accepted and processed by the SNMP protocol entity.Sent:Indicates the number of SNMP 'Trap’ PDU's which have been generated by the SNMP protocol entity.

Authentication Failure Traps

Indicates whether the SNMP agent process is permitted to generate authentication-failure traps.

Name Description

7-19

System Tools

Table 7-5 TCP Statistics

Name Description

RTO Algorithm Indicates the Algorithm used to determine the timeout value related to the retransmission of unacknowledged octets.

Minimum RTO Indicates the minimum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More defined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is “RSRE”, an object of this type has the semantics of the LBOUND quantity described in RFC 793.

Maximum RTO Indicates the maximum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More defined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is “RSRE”, an object of this type has the semantics of the UBOUND quantity described in RFC 793.

Maximum Connection Indicates the limit on the total number of TCP connections the entity can support. In entities where the maximum number of connections is dynamic, this object should contain the value '1'.

Active Opens Indicates the number of times TCP connections have made a direct transition to SYN-SENT state from the CLOSED state.

Passive Opens Indicates the number of times TCP connections have made a direct transition to the SYN-RCVD state from the LISTEN state.

Attempt Fails Indicates the number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state.

7-20

System Tools

Established Resets Indicates the number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.

Current State Indicates the number of TCP connections for which the current state is either ESTABLISHED or CLOSE-WAIT.

In Segments Indicates the total number of segments received including the segments received in error. This count also includes segments received on currently established connections.

Out Segments Indicates the total number of segments sent, including segments sent on currently established connections.This count excludes those segments that contain retransmission octets only.

Retransmitted Segments

Indicates the total number of segments retransmitted - that is, the number of TCP segments transmitted containing one or more previously transmitted octets.

In Errors Indicates the total number of segments received in error (e.g. bad TCP checksum).

Out RSTS Indicates the number of TCP segments sent that contain the RST flag.

Name Description

7-21

System Tools

Table 7-6 TCP Connection Table

Table 7-7 UDP Statistics

Name Description

Connection State Indicates the state of this TCP connection. The only value which may be set by a management station is deleteTCB(12). Accordingly, it is appropriate for an agent to return a “badValue” response if a management station attempts to set this object to any other value. If a management station sets this object to “deleteTCB(12)”, then this has the effect of deleting the TCB (as defined in RFC 793) of the corresponding connection on the managed node, resulting in immediate termination of the connection. As an implementation-specific option, a RST segment may be sent from the managed node to the other TCP endpoint (note however that RST segments are not sent reliably).

Local Address Indicates the local IP address for this TCP connection. In the case of a connection in the listen state that is willing to accept connections for any IP interface associated with the node, the value 0.0.0.0 is used.

Local Port Indicates the local port number for this TCP connection.

Remote Address Indicates the remote port number for this TCP connection.

Remote Port Indicates the remote port number for this TCP connection.

Name Description

Datagrams Sent Indicates the total number of received UDP datagrams for which there was no application at the destination port.

Datagrams Received Indicates the total number of received UDP datagrams for which there was no application at the destination port.

Errors Sent Indicates the total number of UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port.

Errors Received Indicates the total number of UDP datagrams sent from this entity.

7-22

System Tools

Figure 7-7 Statistics - Tools Page

7-23

System Tools

7-24

8
Virtual Private Networks
IntroductionA Virtual Private Network (VPN) is the extension of a private network over a shared or public network, such as the Internet. By using a VPN, you can send data between two computers in a manner that emulates a point-to-point (PPP) private link. Emulation of the point-to-point link is done by encapsulating data with a header that provides routing information, which allows the data to traverse the public network until it reaches its destination. Emulation of the private link is accomplished by data encryption. The link in which private data is encapsulated and encrypted is called a VPN connection.

VPNs are used to connect remote access users to corporate resources over the public Internet, while maintaining the privacy of a private LAN. To use a VPN, the client(s) in your private LAN will need to have VPN software installed and a VPN endpoint, such as your corporate office. The BG-2000 supports passing the VPN connection and does not require any additional configuration.

Supported VPNs

The BG-2000 supports VPN connections using common VPN protocols including:

8-1


■ IP Security (IPSec - RFC 2401, RFC 2402, RFC 2406).

■ Point-to-Point Tunneling Protocol (PPTP - RFC 2637).

■ Layer 2 Tunneling Protocol (L2TP - RFC 2661).

IPSec OverviewIP Security (IPSec) protects IP traffic with two protocols, Authentication Header (AH), and Encapsulating Security Payload (ESP). AH integrity ensures data integrity by authenticating a packet’s IP header and payload. If a system intruder alters an IP packet and replays it, the intended recipient is made aware by AH that the packet underwent modification during transmission.

ESP confidentiality guarantees data confidentiality by encrypting IP packets so that intruders can’t decode them. ESP confidentiality is mandatory in IPSec. The difference between AH integrity and ESP integrity is that ESP integrity does not authenticate IP headers. ESP integrity is an option in IPSec implementation and can be used with ESP confidentiality for high security. However, if you use Network Address Translation (NAT) to translate your private IP addresses into Internet addresses, you can only use ESP integrity because AH integrity manipulates IP headers, while ESP integrity does not.

IPSec operates in transport and tunnel mode. In transport mode, AH or ESP resides in the original IP packet between the IP header and upper-layer extension header information. IPSec uses transport mode to provide end-to-end security between two end systems. For example, between a Windows 2000 workstation and a Windows 2000 server. In tunnel mode, IPSec places an original IP packet in a new IP packet and inserts AH or

8-2


ESP between the IP header of the original packet and the new packet. The new IP header points to the tunnel endpoint, and the original IP header specifies the packet’s destination. You can use tunnel mode to set up an IPSec tunnel between two end systems, an end system and a security gateway, or two security gateways. A security gateway can be a tunnel server, router, firewall, or VPN device.

IPSec uses authentication and encryption algorithms in AH and ESP to implement data integrity and confidentiality. Several authentication algorithms are in use, such as Hash Message Authentication Code (HMAC) Message Digest version 5 (MD5), and HMAC Secure Hash Algorithm (SHA). In addition, several encryption algorithms exist: Data Encryption Standard (DES), DES-Cipher Block Chaining (CBC), and Triple DES (3DES). As a minimum requirement for IPSec compliance, IPSec vendors must implement HMAC MD5 and HMAC SHA for AH and ESP integrity, and DES for ESP confidentiality. In addition to the foregoing three security algorithms, Microsoft supports 3DES for ESP confidentiality in Windows 2000 IPSec.

PPTP OverviewPPTP is a Layer 2 protocol that encapsulates PPP frames in IP datagrams for transmission over a public network, such as the Internet. PPTP uses a TCP connection for tunnel maintenance and Generic Routing Encapsulation (GRE) encapsulated PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted and/or compressed.

8-3


L2TP OverviewL2TP is a tunneling protocol that encapsulates PPP frames to be sent over a public network. L2TP uses UDP and L2TP messages for tunnel maintenance. L2TP also uses UDP to send L2TP-encapsulated PPP frames as the tunneled data. The payloads of encapsulated frames can be encrypted and/or compressed. Because L2TP uses UDP for encapsulating PPP frames, it utilizes more command and control messages than PPTP. However, because of the additional messages, L2TP tunnels perform better over high latency networks.

The L2TP client and L2TP server must first establish a UDP connection. Once connected, L2TP creates the tunnel in which L2TP datagrams will traverse the public network.

Differences between PPTP and L2TP■ PPTP requires that the public network be an IP network. L2TP can be

used over IP (using UDP), Frame Relay Permanent Virtual Circuits (PVCs), X.25 virtual circuits (VCs), or ATM VCs.

■ PPTP can only support a single tunnel between endpoints. L2TP allows for the use of multiple tunnels between endpoints.

■ When header compression is enabled, L2TP operates with 4 bytes of overhead, as compared to 6 bytes of overhead with PPTP.

■ L2TP provides for tunnel authentication while PPTP does not.

■ PPTP uses a TCP connection while L2TP uses a UDP connection.

8-4

9
Troubleshooting
Common Troubleshooting TipsIf you encounter difficulty using and/or installing your BG-2000, please check the following:

1. Verify that the Power light is On.

2. Check that all your cables are securely plugged into the unit and to your external modem/hubs/switches.

3. Verify that you are using the correct type of cable. The yellow cable (cross-over) for the LAN port, and blue cable (straight-through) for the WAN port.

4. Verify that you have a existing Internet connection.

5. Check if the external DSL/Cable device is operational and working correctly.

6. Verify the correct web address has been entered: 192.168.253.1

7. Turn Off Proxy Server On Your Web browser before trying to access the Management Tool (part of this chapter).

8. Verify that the Network Name (otherwise known as SSID) of your wireless computers match the BG-2000. The Network Name is located on the bottom panel of your BG-2000 and is case sensitive, so be sure and type it exactly as printed.

9-1

Troubleshooting

9. Verify that the Encryption Key(s) of your wireless computers match the BG-2000 Encryption Key(s).

10. Verify Computer Settings (part of this chapter).

If you have performed these preliminary troubleshooting steps, the next step in troubleshooting your BG-2000 is to look at the Light Activity Table to identify the problem.

Turning Off Proxy Server on Your Web browser

��

��

For Internet Explorer usersa. Open Internet Explorer.

b. When open, click the Stop icon (or press the ESC key) and ignore any error messages that appear (click OK).

c. In the Tools menu, select Internet Options.

d. On the Connections tab, click the LAN Settings button.

e. Remove the check mark for Use a proxy server if it is checked.

f. Click OK.

9-2

Troubleshooting

For Netscape usersa. Open Netscape.

b. When open, click the Stop icon (or press the ESC key) and ignore any error messages that appear (click OK).

c. In the Edit menu, select Preferences.

d. In the Category drop-down menu, select Advanced - Proxies.

e. Select Direct connection to the Internet if it isn’t already checked.

f. Click OK.

9-3

Troubleshooting

Verify Computer Settings

To communicate with other computers over the network, or access the settings of your BG-2000, your PC Card/USB Client needs the correct TCP/IP and DHCP settings.

If the software utility of your PC Card displays a good wireless connection, but you are unable to communicate over the wireless link, verify the TCP/IP and DHCP settings of your computer to ensure your computer obtains an IP address automatically:

9-4

Troubleshooting

For most Windows users:1. Start - Settings - Control Panel - Network.

2. Select TCP/IP.

3. Select IP Address.

4. Select Obtain an IP address automatically.

5. Click OK.

6. Restart your computer.

For most Macintosh users:1. Apple Menu - System Preferences - Network.

2. Select your network card from the Show pop-up menu.

3. Select the TCP/IP tab, if necessary.

4. Choose Using DHCP from the Configure pop-up menu.

5. Click Apply Now.

Custom MAC Address Procedure

If you are having difficulty obtaining a DHCP assigned IP Address from your ISP (WAN light flickers Amber in excess of 5 minutes), it may be necessary to reset the DSL/Cable modem. Prior to resetting the modem, the BG-2000 should be powered up and all cables should be connected.

Some ISPs monitor the unique MAC Addresses of the device(s) connected to their network. For reasons unknown, they do not provide or release new DHCP IP Addresses based on the MAC Addresses they detect. To resolve

9-5

Troubleshooting

this, the BG-2000 has the ability to use an alternate MAC Address. Replacing the BG-2000 MAC address with the MAC Address of the computers’s NIC (Ethernet Card) resolves the problem.

To do this:

1. Open a DOS Command window on your computer.

2. Type ipconfig/all at the prompt.

3. Record the Physical Address (MAC Address).

4. Log into the Management Tool and navigate to Setup - Internet Address.

5. Click the check box Automatic IP Addressing (using DHCP).6. Place the Physical (MAC) Address you recorded in the WAN MAC

Address field.

7. Save and then Restart the BG-2000.

8. Reset the DSL/Cable modem.

9-6

Troubleshooting

Light Activity Table

Figure 9-1 Broadband Gateway Lights

Power Wireless LAN WAN Description

Off Off Off Off Device does not power up

Steady Green Flicker Green Flicker Green Flicker Green Normal Operation

Steady Green Off n/a n/a Wireless Communication Error

Flicker Green n/a n/a n/a Minor Configuration Error

Flicker Amber n/a n/a n/a Configuration Error

Steady Green n/a n/a Flicker Amber WAN Activity Failure

Steady Red n/a n/a n/a General Software Failure

Flicker Red n/a n/a n/a General Device Failure

Steady Red Steady Red Steady Red Steady Red Software Mismatch or Defective Device

9-7

Troubleshooting

Device does not power up

Normal Operation

Description Device has not been powered up correctly. Possible reasons for this state include:■ defective power supply.■ defective board.

Impact No communication - No Light Activity

Action Verify the connection of the power adapter to ensure:■ The power adapter is connected to your BG-2000.■ The power adapter is connected to the wall outlet.■ If this doesn’t solve your problem, contact ORiNOCO

Technical Support at 1-866-674-6626 (prompt 2). Have your serial number handy. The serial number should be on the identification label located on the bottom panel of the unit, labeled “Sn”, and conform to the following format: yyAAxxxxxxxx. Technical Support will be unable to respond to your inquiry without this information.

Description Hardware and software OK. Interface has initialize successfully. Flickers upon communication traffic.

Impact None.

Action None.

9-8

Troubleshooting

Wireless Communication Error

Minor Configuration Error

Description The device is working properly, but a communication error prevents you from connecting to the network. The most probable cause is a configuration mismatch of either the Network Name (SSID), and/or Encryption Key between your PC Card station and the BG-2000.

Impact Wireless connection OK, but restricted communication.

Action ■ Verify that the Network Name (also known as SSID) of your PC Card matches the Network Name of your BG-2000 (located on the bottom panel of the unit).

■ Verify that the Encryption Key of your PC Card matches the Encryption Key of your BG-2000.

■ If this doesn’t solve your problem, contact ORiNOCO Technical Support at 1-866-674-6626 (prompt 2). Have your serial number handy. The serial number should be on the identification label located on the bottom panel of the unit, labeled “Sn”, and conform to the following format: yyAAxxxxxxxx. Technical Support will be unable to respond to your inquiry without this information.

Description Minor configuration/operation error.

Impact Communication operational but restricted.

Action ■ Read the Event Log of the Management Tool and take appropriate action.

■ Perform a Hardware Reset. Press the button labeled “RESET” on the bottom panel of the unit.

9-9

Troubleshooting

Configuration Error

Description Configuration/operation error.

Impact Communication operational, but restricted.

Action If you have access to the Management Tool: ■ Read the Event Log of the Management Tool and take

appropriate action.■ Restart your BG-2000.If you do not have access to the Management Tool:■ Perform a Hardware Reset. Press the button labeled

“RESET” on the bottom panel of the unit.■ If this doesn’t solve your problem, perform a Revert to Last

Known Good Configuration.

9-10

Troubleshooting

WAN Activity Failure

Description ■ Solid Green LED indicates network traffic. ■ Flicker Amber indicates recoverable error. Most probable

cause is difficulty obtaining a DHCP assigned IP address from your ISP (flickers in excess of 5 minutes).

Impact WAN communication restricted.


■ Follow the Custom MAC Address Procedure in this section.


9-11

Troubleshooting

General Software Failure

General Device Failure

Description Corrupt Software

Impact No communication

Action ■ Perform a Reload of the Gateway Software.■ If this doesn’t solve your problem, contact ORiNOCO


Description A hardware and/or software defect prevents your BG-2000 from operating normally.

Impact No communication


■ Perform a Reload to Factory Defaults.■ If that does not solve your problem, Reload Gateway

Software.■ If this doesn’t solve your problem, contact ORiNOCO


9-12

Troubleshooting

Software Mismatch or Defective Device

Description Software Mismatch: the product key does not match your BG-2000.Defective device: a hardware defect prevents your BG-2000 from operating normally.

Impact No communication. Make sure you are using the correct software application for your BG-2000. Software that is not applicable for your BG-2000 will not be able to run.

Action ■ Perform a Reload to Factory Defaults, and then upgrade the appropriate software.


9-13

Troubleshooting

9-14

A
Specifications
Technical Specifications

Compatibility IEEE 802.11b Standard for high speed Wireless LANs.Wireless Fidelity (Wi-Fi) certified by the Wireless Ethernet Compatibility Alliance (WECA)

Bit Error Rate better than 10-5

Range up to 550 metersSee details on Radio Specifications (page A-4)

Frequency band / Channels 2.4 GHz (2400 - 2500 MHz)

Encryption 64-bit and 128-bit

A-1

Specifications

Environmental Specifications

Electrical Specifications

Physical Specifications

Temperature and Humidity (no condensing)Operation 0 to +40 oC

(32 to +104 oF)max. 95%

Storage -10 to +50 oC(14 to +122 oF)

max. 95%

Barometric Pressure 740 to 1050 hPa —

Input Voltage BG-2000 7 to 15V DC

Input Voltage Power Adapter 100 to 240V AC +/- 10%

Power Adapter Types Subject to local standards. Available types:US/CAN/JP, UK, AU, EU, KO

Power Adapter Frequency 47 to 63 Hz

Broadband Gateway Power Adapter

Dimensions (H x W x L) 208 x 52 x 155 mm(8.2 x 2.1 x 6.1 inches)

78 x 48 x 75 mm(3.1 x 1.2 x 3.0 inches)

Weight 320 g (11.3 ounces)

—

A-2

Specifications

Network Specifications

Interfaces

Networking Protocols Supported: NAT, PPP, PPPoE, TCP/IP.

Wireless Wi-Fi compliant wireless LAN port

(based on ORiNOCO 11 Mb/s radio technology)

Wired a. 10/100BASE-T Ethernet LAN port

(female RJ-45 connector - yellow)

b. 10/100BASE-T Ethernet WAN port

(female RJ-45 connector - blue)

A-3

Specifications

Radio Specifications

Table A-1 Radio Specifications Table

Radio Frequency Band

2.4 GHz (2400-2500 MHz)

Selectable sub-channels

1234567891011

2412 (default)24172422 24272432243724422447245224572462

BER Better than 10-5

Output Power 15 dBm (Nominal)

Modulation Direct Sequence Spread Spectrum(11-chip Barker Sequence)

CCK CCK DQPSK DBPSK

Transmit Rate 11 Mb/s 5.5 Mb/s 2 Mb/s 1 Mb/s

A-4

Specifications

��

The range values listed in Radio Characteristics provide a rule of thumb and may vary according to the actual radio conditions at the location where the product is installed. The range of your wireless devices can be affected when:

■ Antennas have been placed near metal surfaces and solid high-density materials.

■ Obstacles or objects in the signal path of the radio signal absorb or reflect the radio signal. In areas with floor to ceiling walls, the range may decrease to 15% of the maximum range.

Wireless Range

Open Environment

160 m (525 ft.)

270 m (885 ft.)

400 m (1300 ft.)

550 m (1750 ft.)

Semi-open Environment

50 m (165 ft.)

70 m (230 ft.)

90 m (300 ft.)

115 m (375 ft.)

Closed Environment

25 m (80 ft.)

35 m (115 ft.)

40 m (130 ft.)

50 m (165 ft.)

Receiver Sensitivity(for BER= 10-5)

-83 dBm -87 dBm -91 dBm -94 dBm

Delay Spread (at FER of <1%)

65 ns 225 ns 400 ns 500 ns

A-5

Specifications

Regulatory Information

Wireless communication is often subject to local radio regulations. Although wireless networking products have been designed for operation in the license-free 2.4 GHz band, local radio regulations may impose a number of limitations to the use of wireless communication equipment.

��

Refer to the flyer Information to the User for more regulatory information that may apply in your country.

A-6

B
Glossary
Access Control

Authorized stations are identified by the MAC Address of the PC Card in the Access Control Table that is loaded into the BG-2000 as part of the configuration.

With this security feature enabled, the BG-2000 ignores all requests to forward data to/from the wireless devices that are not identified in the Access Control Table. You can create or edit the Access Control Table files with the BG-2000 Management Tool.

ADSL

Asymmetric Digital Subscriber Line

Technology for broadband computer communication via standard telephone lines. Unlike regular dialup phone service, ADSL provides an “Always On” connection. ADSL is asymmetric because it uses most of the channel to transmit downstream to the user and only a small part to receive information from the user. ADSL simultaneously accommodates analog (voice) information on the same line. In other words, you are able to talk and surf the internet at the same time.

B-1

Glossary

Alphanumeric Value

An alphanumeric value is a value that can include both:

■ Numeric values in the range of ’0-9’ and

■ Alphabetical characters in the range of ’a-z’.

For example: BG2on2ndfloor.

Usually alphanumeric values are applied to specify a name or password, where the use of both alphabetical and numerical characters expands the flexibility to enter a name or value of your choice.

When used for passwords, alphanumerical characters expand the number of possible code combinations for each single character.

For example:

■ Numerical values would allow you to select from 10 different values per character only, in the range of ’0-9’.

■ Alphabetical values would allow you to select from 26 different values per character only, in the range of ’a-z’. or maximum 52 when the characters would be case sensitive: ’a-z’, and ’A-Z’.

■ Alphanumerical characters enable you to select from 36 different values per character, in the range of ’0-9’ and ’a-z’. When the field value would be case sensitive, the number of values per character would be 62:

Per character, you could select from a value in the range of ’0-9’, ’a-z’, and ’A-Z’.

See also: Translating Hex & ASCII values

B-2

Glossary

Blink

LED lights up at specific intervals or duty cycles. Usually, they are on 50% of the time, and off 50% of the time.

Closed Environment

Typical radio environment where work space is separated by floor-to-ceiling brick walls: antennas can not “see” each other.

Default Gateway

Device that you must address to communicate with networked devices outside the current Subnet.

DHCP

Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is an Internet protocol and can be used to automatically assign IP addresses, to deliver TCP/IP stack configuration parameters (such as the subnet mask and default gateway), and to provide other various configuration information.

Valid values When previously defined for your ISP account, you will have to enter the default value.

B-3

Glossary

DNS

Domain Name System

Distributed database used by computers on the Internet to look up each other’s addresses.

When any site needs to add or remove computers, it simply updates the correspondent portion of the database and, after a short period, everyone on the Web can see the change.

DNS Address

Domain Name System Address

Primary DNS Address:

When previously defined for your ISP account, you always have to enter the Domain Name System value.

Secondary DNS Address:

When available, you can enter a second DNS address.

Embedded Software

Operating software for the hardware that determines basic functionality and features. This software is already loaded into the hardware at the factory, therefore, does not require user installation.

B-4

Glossary

When new features or functions become available for your hardware, these will be released as updates on the website at:

http://www.orinocowireless.com

Encryption Key

Alphanumeric Value or Hexadecimal Value used to validate the access to the network.

Given that each wireless device on the network must be configured with the same security settings, Encryption Keys provide a basic mechanism to prevent any unauthorized access to the network.

See also: Translating Hex & ASCII values.

Default value No default value

■ Valid values for 64-bit Encryption

■ 5-digit case-sensitive Alphanumeric Value in the range of “0-9”, “a-z”, and “A-Z”.Example: SECU1

■ 10-digit or 12-digit Hexadecimal Value in the range of “0-9”, “a-f”, and “A-F”.Example: ABCD1234FE or 0xABCD1234FE

Valid values for 128-bit Encryption.

■ 13-digit case-sensitive Alphanumeric Value in the range of “0-9”, “a-z”, and “A-Z”.Example: SECURITY12345

■ 26-digit or 28-digit Hexadecimal Value in the range of “0-9”, “a-f”, and “A-F”.Example: ABCDEF1234567890FEDCBA4321 or 0xABCDEF1234567890FEDCBA4321

B-5

Glossary

Firewall

Security system designed to prevent unauthorized access to a private or local network.

Anytime you connect a private network to the Internet, you run the risk of exposing confidential data and systems to malicious attacks from the outside world. A firewall acts as a security filter that protects your personal computers and corporate networks from intentional hostile intrusion. A firewall examines the traffic routed between your private and public network to determine if it meets certain criteria. If the traffic is legitimate, it is allowed to pass along, otherwise it is stopped.

The BG-2000 supports IP and packet filtering firewall functions.

Flicker

LED lights up quickly at unspecified intervals or duty cycles. Usually, the flash rate is very rapid.

Hexadecimal Value

Numeric value that can include both numeric and a limited number of alphabetical characters:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F

Where 0 identifies the lowest value, and F the highest value of the hexadecimal range.

B-6

Glossary

In most occurrences where hexadecimal values apply, you will be able to distinguish the hexadecimal values from standard numerical values.

For example:

■ 3F2C will identify a four-digit hexadecimal value

■ 1234 will most probably identify a four-digit numerical value.

Usually hexadecimal values are identified by a leading 0x, or trailing ’h’, to allow you to distinguish a hexadecimal value from a numerical value. For example:

■ 1234 ’h or 0x1234 will identify a four-digit hexadecimal value, where.

■ 1234 will identify a four-digit numerical value.

In case of doubt, consult the user documentation or online help of your product to find out which type of value applies in a specific situation.

See also: Translating Hex & ASCII values

ICMPExtension to the Internet Control Message Protocol (IP).

It supports packets that contain error, control, and informational messages. The PING command, for example, uses ICMP to test the Internet connection.

IEEE

Institute of Electrical & Electronics Engineers, Inc.

B-7

Glossary

The IEEE is an organization that develops standards for electrical and electronic equipment. IEEE Standards documents are developed within the Technical Committees of the IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Board.

For more information, contact IEEE Customer Service at:

IEEE 802.11

IEEE 802.xx Standards define the access technologies for local and metropolitan area networks. IEEE Standards are developed and defined by the IEEE.

The IEEE 802.11 Standard is an interoperability standard for wireless LAN devices, that identifies three major distribution systems for wireless data communication:

■ Direct Sequence Spread Spectrum (DSSS) Radio Technology

■ Frequency Hopping Spread Spectrum (FHSS) Radio Technology

■ Infrared Technology

E-mail/Internet: [email protected]://standards.ieee.org

Phone: 1.800.678.IEEE (within the US and Canada)1.732.981.0060 (outside of the US and Canada)

Fax: 1.732.981.9667

Mail: IEEE Customer Service445 Hoes Lane, PO Box 1331Piscataway, NJ 08855-1331 USA

B-8

Glossary

IEEE 802.11 compliant networking products that are based on the same type of distribution system are interoperable with one another, regardless of the device’s manufacturer.

IP Address

Internet Protocol Address

A numeric value to identify network devices that communicate via the TCP/IP protocol.

In networks that use TCP/IP each device must have a unique IP Address, similar to telephones having a unique telephone number.

This unique number of the format xxx.xxx.xxx.xxx can be assigned via one of the following methods:

■ Automatically via DHCP by your LAN or ISP

■ Manually by the LAN Administrator.

IPSec

IP Security, developed for per packet integrity and encryption.

ISP

Internet Service Provider

B-9

Glossary

Company or organization that provides you access to the Internet via one of the following means:

■ Dial up modem via local loop

■ ISDN dedicated facility

■ xDSL via local loop

■ Cable Modem via TV data cable coax

As a computer user you cannot connect directly to the internet. The ISP acts as an intermediary between your computer and the internet.

LAN

Local Area Network

A group of computers connected to one another via a wired or wireless network.

A LAN is typically located in one building.

LED

Light Emitting Diode

LEDs (indicator lights) are found on the front panel of the BG-2000 and are used to display status and activity.

B-10

Glossary

L2TP

Layer 2 Tunneling Protocol

Extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPN).

L2TP requires that the ISP’s routers support the protocol.

MAC Address

Medium Access Control Address

12-digit hexadecimal identification number for networking products.

Every networking device is identified by a unique factory-set number that cannot be changed, also referred to as the ’Universal MAC Address’.

■ The MAC Address of a ORiNOCO Wireless Adapter is printed on a label on the underside of the hardware.

■ BG-2000 type devices may have more than one MAC Address:

■ One MAC Address for the wired Ethernet interface of the device, printed on a label on the BG-2000.

■ A MAC Address for the Wireless Network Interface of the BG-2000. The wireless MAC Address corresponds with the value printed on a label on the bottom of the card inside the BG-2000.

B-11

Glossary

MIB

Management Information Base

A database of objects that can be monitored by network management systems. Both SNMP and remote monitoring tools (RMON) use standardized MIB formats to monitor any device defined by a MIB.

NAT

Network Address Translation

Translation of an IP address used within one network to a different IP address known within another network.

A NAT-enabled device translates a set of local IP addresses to one or more IP addresses on the Internet. NAT translates the IP address of incoming packets back to local IP addresses.

Automatically enables IPSec.

Network Name

This is a unique name that is printed on the bottom panel of the unit and can be changed to identify your private network. The default name is the ASCII representation of the last 6 nibbles of the MAC address of the ORiNOCO PC Card inside the BG-2000.

B-12

Glossary

Open Environment

Typical radio environment where antennas can “see” each other, meaning that there are no physical obstructions between them. Often referred to as Line-Of-Sight topology.

Open Configuration

Standard IEEE 802.11 mode where the BG-2000 bridges data for:

■ Every wireless station with the correct Network Name.

■ Every wireless station with the Network Name set to ANY.

Packet Filtering

Packet Filtering is a type of Firewall. Packet Filtering Firewalls work at the network level of the IP layer of TCP/IP. In a packet filtering firewall, each packet is analyzed to a strict set of criteria before it is allowed to pass. Depending on the packet and the criteria, the firewall will either drop the packet, forward it, or send a message back to the original source. Traffic is filtered based upon these specified rules that may include: examining the source and destination IP addresses of packets, port numbers, and protocol used.

B-13

Glossary

PC Card

A PC Card is a Wireless Adapter that you can use to connect computers (laptops) to a wireless network. To use this adapter, the computer must be equipped with a PC Card Type II slot.

PPP

Point-to-Point Protocol

PPP is a protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to an Internet server. Essentially, it packages your computer’s TCP/IP packets and forwards them to the (Internet) server, where they can actually be put on the Internet. PPP can handle synchronous as well as asynchronous communication. PPP also supports error detection and data compression.

PPPoE

Point-to-Point Protocol over Ethernet

PPPoE is a specification for connecting multiple computer users on an Ethernet to a remote site through a modem. PPPoE combines PPP with the Ethernet protocol, where the PPP protocol information is encapsulated within the Ethernet frames.

In a Broadband Gateway network, PPPoE can be used to let multiple wireless users share a common Digital Subscriber Line, by connecting an ADSL modem to the gateway.

B-14

Glossary

Semi-open Environment

Typical radio environment where work space is divided by shoulder-height, hollow wall elements; antennas are at desktop level.

Serial Number

Every BG-2000 has a unique identification number with the following format:

YYUTxxxxxxxx, where

■ YY identify the year of manufacturing

■ xxxxxxxx identifies the unique item number

This number is printed on the identification label located on the bottom panel of your BG-2000.

SOHO

Small Office / Home Office

Relatively small network that comprises of up to 10 wireless and/or wired computers.

Occasionally, a SOHO network uses a shared connection to an Internet Service Provider to provide internet access to individual workstations.

B-15

Glossary

SNMP

Simple Network Management Protocol

A network protocol that can be used to manage networks locally, or world-wide via the internet.

Subnet

A subnet is a logical sub-division of a Local Area Network (LAN) that has been divided by means of routers or gateways. A subnet may include multiple LAN segments.

Each subnet is identified by the Subnet Mask.

In a wireless network that allows mobile wireless stations to roam between different cells, all BG-2000 devices and wireless stations must be connected to the same LAN subnet.

Subnet Mask

32-bit address mask used in the TCP/IP protocol.

A Subnet Mask indicates the logical location (Subnet) of a network device, similar to how an area code identifies the geographical region of a telephone.

All devices in the same Subnet share the same Subnet Mask. This value is typically assigned together with the IP Address.

B-16

Glossary

In a wireless network, all BG-2000 devices and wireless stations must be connected to the same LAN subnet.

TCP/IP

Transmission Control Protocol / Internet Protocol

A reliable connection-oriented protocol for communication between computers transmitting data over networks including the Internet.

See also:

■ IP Address

■ Subnet

■ Subnet Mask

■ Default Gateway

■ DHCP

Translating Hex & ASCII values

You can use the table below to translate HEX & ASCII values to a valid equivalent for the other system.

��

Encryption Key strings are case-sensitive.

Example: If your Encryption Key reads: “Key2Z” the hexadecimal equivalent would be: “4B657932A”

B-17

Glossary

Alphanumeric Hex Alphanumeric Hex

A 41 a 61

B 42 b 62

C 43 c 63

D 44 d 64

E 45 e 65

F 46 f 66

G 47 g 67

H 48 h 68

I 49 i 69

J 4A j 6A

K 4B k 6B

L 4C l 6C

M 4D m 6D

N 4E n 6E

O 4F o 6F

P 50 p 70

Q 51 q 71

R 52 r 72

S 53 s 73

T 54 t 74

U 55 u 75

V 56 v 76

W 57 w 77

X 58 x 78

B-18

Glossary

Y 59 y 79

Z A z 7A

Spacebar 20 0 30

! 21 1 31

“ 22 2 32

# 23 3 33

$ 24 4 34

% 25 5 35

& 26 6 36

' 27 7 37

( 28 8 38

) 29 9 39

* 2A : 3A

+ 2B ; 3B

, 2C < 3C

- 2D = 3D

. 2E > 3E

/ 2F ? 3F

[ 5B @ 40

\ 5C

] 5D

^ 5E

_ 5F

` 60

{ 7B

| 7C

B-19

Glossary

UDP

User Datagram Protocol.

A connectionless protocol that runs on top of IP networks and uses IP for datagram delivery. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over IP networks.

USB

Universal Serial Bus

A USB device is a Wireless Adapter that you can use to connect computers (desktops) to a wireless network.

To use this adapter the computer must be equipped with a USB port.

UTP Cable

Unshielded Twisted Pair Cable

Standard cable for wired Ethernet networks, equipped with RJ-45 connectors. This cable is also referred to as 10Base-T or 100Base-T cable.

} 7D

~ 7E

Del. 7F

B-20

Glossary

This cable is typically used to connect a computer or Broadband Gateway to:

■ A LAN hub or Switch in a corporate or SOHO network with wired infrastructure.

■ An external device such as a Cable Modem, xDSL modem or ISDN Router to allow computers in a SOHO network to access the internet via an ISP.

UTP Cross-over Cable

Unshielded Twisted Pair Cross-over Cable

Special cable for wired Ethernet networks, equipped with RJ-45 connectors. This cable is also referred to as 10Base-T or 100Base-T cable.

This cable is typically used to connect a BG-2000 directly to a computer.

VPN

Virtual Private Network

A Virtual Private Network (VPN) allows a secure connection to be established between a computer and a remote network. To the computer user, it appears as if he or she is directly connected to the remote network. Any person eavesdropping on the traffic going between the computer and the remote network will be unable to understand the traffic since it is encrypted. There are many networking protocols that allow the creation of a

B-21

Glossary

VPN: IPSec, PPTP and L2TP are common examples. Currently we support IPSec, PPTP, and L2TP.

VPN over NAT

In a home environment where a single Internet connection is shared among multiple computers by using NAT, a VPN client on one of the computers cannot typically connect to the VPN, since NAT and VPN, by default, conflict with each other.

An additional feature, called VPN over NAT (also known as VPN Pass-through), has been added to the Broadband Gateway. It allows certain types of VPN clients to connect to remote VPN servers.

WAN

Wide Area Network.

Global scale network like the Internet, or other group of networks that are connected to one another.

For SOHO type networks, the WAN is typically the connection to the ISP.

WECA

Wireless Ethernet Compatibility Alliance

Group of leading equipment and software providers, aiming at inter operability among a wide variety of wireless systems.

B-22

Glossary

http://www.wirelessethernet.org

WEP

Wired Equivalent Privacy

IEEE 802.11 compliant encryption scheme based on the RC4 algorithm that is used to secure wireless data.

WEP encryption is a method of encrypting data that is transmitted over your wireless network to insure data security. In a wired network, data security is maintained through the physical wire. WEP encryption provides the same level of security for your wireless data as if it were being transmitted over standard network cabling. In order to duplicate wired network security levels, wireless data is encrypted at its point of transmission. The receiving device decodes the data. This allows you to have the same amount of security over your wireless network as they would over a wired network.

Wi-Fi

Wireless Fidelity

Interoperability standard of wireless network systems as defined by the Wireless Ethernet Compatibility Alliance (WECA) organization.

The Wi-Fi logo on your wireless products ensures IEEE 802.11 High Rate quality and certified interoperability with an expanding range of Wi-Fi certified product and solutions.

B-23

Glossary

Wireless Client Adapter

ORiNOCO Wireless Client Adapters are similar to Ethernet adapters for wired LANs. Like wired adapters, wireless adapters require installation of a dedicated driver, but unlike wired adapters, they do not need a cable to connect them to the network. Only wireless network interfaces allow you to relocate workstations without the need to change network cabling or connections to patch panels or hubs.

ORiNOCO offers the following types of adapters:

■ PC Card

■ PCI Adapter

■ USB Client

Refer to your Wireless Client Adapter documentation for more information.

Wireless Station

A wireless station is a computing device equipped with a Wireless Client Adapter that can connect to a (wired) network infrastructure via a BG-2000.

64-bit Encryption

Wireless Adapter that supports 64-bit WEP data encryption.

■ This type of interface (also referred to as Silver Label) allows you to enter:5-digit keys in Alphanumeric Value or

■ 10-digit keys in Hexadecimal Value. (12-digit keys in Hex including “0x”)

B-24

Glossary

128-Bit Encryption

Wireless Adapter that supports both 64-bit and 128-Bit Data Security (WEP) based on the RC4 algorithm.

■ This type of interface (also referred to as Gold Label) allows you to enter:5 or 13-digit keys in Alphanumeric Value or

■ 10 or 26-digit keys in Hexadecimal Value. (12 or 28-digit keys in Hex including “0x”)

B-25

Glossary

B-26

about this guide 1 welcome 2 hardware description

Documents