Cox Business Internet Gateway Guest WiFi Administratior Guide

8/18/2019 Cox Business Internet Gateway Guest WiFi Administratior Guide

1/100

Cox Business Internet Gatewayand Guest WiFi

Administrator Guide

April, 2014


2/100

Introduction

This guide provides instructions for configuring your Wireless Gateway. The software’sGraphical User Interface (GUI) gives you access to settings that were configured at thefactory or by Cox Business for the most common installation configurations. After youaccess the GUI, you can customize these settings to meet your needs.

Important: If you are not familiar with the network configuration proceduresdescribed in this guide, contact your information technology professional beforeyou change any of the settings.

© 2014 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of CoxCommunications.


3/100

Table of Contents

i

Table of Contents

Cisco 3829AD Gateway Overview .................................................................................. 1

Cox Business Internet Gateway and Guest WiFi Services ........................................... 1

Internet Gateway Service ........................................................................................................ 1

Guest WiFi Service .................................................................................................................. 1

Log in to the Gateway ..................................................................................................... 3

Change Your Username .......................................................................................................... 4

Set Up Basics .................................................................................................................. 5

Quick Setup Tab ...................................................................................................................... 5

Changing Your Password .................................................................................................. 5

Configure Wi-Fi Network ......................................................................................................... 6

Configure LAN Setup .............................................................................................................. 8

Configure Gateway IP ........................................................................................................ 8

Configure Network Address Server Settings ..................................................................... 9

Configure Time Settings ...................................................................................................11

Configure DDNS Settings ..................................................................................................... 12

Enable and Configure DDNS ...........................................................................................12

Disable DDNS ..................................................................................................................13

Configure Wireless Settings .......................................................................................... 15

Configure WPS ....................................................................................................................... 15

Configure Radio Settings ..................................................................................................... 17

Configure Wireless Security Settings ................................................................................. 20

Configure Guest Network Settings ...................................................................................... 22

Configure MAC Filter Settings ............................................................................................. 26

Configure Advanced Settings .............................................................................................. 28

Configure WDS Settings ....................................................................................................... 31

Configure QoS Settings ........................................................................................................ 33

Configure Security .......................................................................................................... 35

Configure Firewall Settings .................................................................................................. 35

Configure VPN Pass-through Settings ................................................................................ 38

Configure VPN Settings ........................................................................................................ 39

Control Access to the Internet ....................................................................................... 43

Configure IP Address Filtering Settings ............................................................................. 43

Configure MAC Address Filtering Settings ........................................................................ 44


4/100

Table of Contents

ii

Configure Applications ................................................................................................... 47

Configure Port Filtering Settings ......................................................................................... 47

Configure Port Range Forwarding Settings ....................................................................... 49

Configure Port Range Triggering Settings ......................................................................... 51

Configure DMZ Settings ........................................................................................................ 53

Administration Settings .................................................................................................. 55

Configure Management Settings ......................................................................................... 55

Configure Reporting Settings .............................................................................................. 58

Configure Back Up and Restore Settings ........................................................................... 59

Cox Business MyAccount Backup and Restore ...............................................................60

MyAccount Configuration File Upload and Download .....................................................62

Restart the Device ................................................................................................................. 63

Monitor Device Status .................................................................................................... 65

Gateway Status ...................................................................................................................... 65

Local Network Status ............................................................................................................ 67

Wireless Network Status ....................................................................................................... 68

Storage & Sharing ........................................................................................................... 71

USB Settings .......................................................................................................................... 71

Network Attached Storage (NAS)......................................................................................... 73

Media Server .......................................................................................................................... 75

Advanced Gateway Configurations ............................................................................... 77

Virtual Local Area Network ................................................................................................... 77

User Provisioning Details for VLAN Feature ....................................................................78

Bridge Mode ........................................................................................................................... 79

Mixed Mode ............................................................................................................................ 80

Troubleshooting and Frequently Asked Questions ...................................................... 81

The wireless gateway does not register an Ethernet connection .................................... 81

The wireless gateway does not register an Ethernet connection after connecting to a hub ................................................................................................................................................. 81

The wireless gateway does not register a cable connection ............................................ 81

Frequently Asked Questions .......................................................................................... 82

I don't understand the front panel status indicators ......................................................... 82

How do I configure the TCP/IP? ........................................................................................... 84

Configure TCP/IP on Windows 7 Systems ......................................................................85

Configure TCP/IP on Windows XP Systems ....................................................................86

Configure TCP/IP on Macintosh Systems ........................................................................86


5/100

Table of Contents

iii

How do I renew the IP address on my PC? ......................................................................... 87

Renew the IP Address on Windows 7 Systems ...............................................................87

Renew the IP Address on Windows XP Systems ............................................................87

Renew the IP Address on Macintosh Systems ................................................................87

How do I arrange for installation? ....................................................................................... 88

How does the wireless gateway connect to my computer? ............................................. 88

Tips for Improved Performance ..................................................................................... 89

Cox Business Remote Support ...................................................................................... 91

For More Information ............................................................................................................ 92


6/100


7/100

Overview

Cox Business Internet Gateway Admin Guide 1

Cisco 3829AD Gateway Overview

The Cox Business Internet Gateway and Guest WiFi service is based on the Cisco WirelessGateway Model DPC3829AD. It is a high-performance gateway that combines a cable modem,router, and wireless access point(s) in a single device that provides a cost-effective networkingsolution for small to medium businesses.

The gateway incorporates (8) bonded downstream channels along with four (4) bondedupstream channels. These bonded channels can deliver downstream data rates in excess of400 Mbps and upstream data rates in excess of 120 Mbps. It provides up to eight (8) timesfaster download speeds than conventional single-channel DOCSIS® 2.0 cable modems.

The gateway supports up to 50 simultaneous users for the 2.4 GHz and another 50simultaneous users for the 5.0 GHz radio for a total of 100 simultaneous users if bothradios are fully utilized. WiFi distance recommendations - 10,000 square feet for the 2.4GHz radio and 7,500 square feet for the 5.0 GHz radio.

Note: All environments are different and impacted by several real world factors such assteel walls, microwaves, and other RF interference

The gateway also offers:

Dual band simultaneous 2.4Ghz and 5.0Ghz radios with 3x3 MIMO high power antennasthat deliver 802.11ac with beamforming technology (up to 50 users per radio)

4 Gigabit Ethernet ports

Stateful Packet Inspection firewall technology

Static IP addressing (IPV4 and IPV6)

VPN point-to-point and pass-through

The integrated router features a Dynamic Host Configuration Protocol (DHCP) server, Network Address Translation (NAT), Network Address Port Translation (NAPT), and a Stateful PacketInspection (SPI) firewall. These features allow you to share a single high-speed public Internetconnection and files between devices in the network by attaching multiple wired/wirelessdevices to the wireless business gateway.


8/100


9/100

CBIG and Guest WiFi Services


Cox Business Internet Gateway and Guest WiFi Services

The Cisco 3829AD Gateway delivers two distinct services; Internet Gateway and Guest WiFi.

Customers who purchase both services have two physical gateways deployed in their businesslocation.

Internet Gateway Servic e

Internet Gateway service is delivered via a Cisco 3829AD Gateway to provide both wired andwireless networks. The customer administrator has full access to the gateway to configure up to16 wireless networks and other available feature sets as described in this administrators guide.

All networks share bandwidth and priority of IP traffic to and from the various networks and areequal. Customers may choose from any Cox Business Internet Access speed tiers available intheir market.

Guest WiFi Service

A second gateway, second HFC drop, and a guest WiFi option provide dedicated bandwidth tocustomers so that their business’s internet access is not impacted by WiFi users.

This type of configuration ensures that Guest WiFi traffic, such as Netflix or gaming in thewaiting room/lobby, does not impact the core business internet needs. The Guest WiFi gatewaymay also be useful when the geographic location of the Internet gateway and intended GuestWiFi area are far enough apart that a single WiFi access point can’t cover both locations.

The customer has three speed tier options to accommodate anticipated peak simultaneoususers on the dedicated the Guest WiFi network. The options include:

Basic Guest WiFi (5Mbps x 1)

Plus Guest WiFi (15 x 3)

Premium Guest WiFi (28 x 4)

Customers must purchase CBI (Cox Business Internet) to add the Guest WiFi service. GuestWiFi is delivered via a second cable modem/gateway. The Guest WiFi gateway can have one(1) SSID per radio enabled. Many of the other Internet gateway features are removed from theadmin interface because this device is dedicated to Guest WiFi users only, and advancedfeatures are rarely needed.

The Guest WiFi is unmanaged by Cox. This means the device WiFi Capabilities are not activelymonitored for uptime or security events by Cox. Cox does not provide support or configurationfor WiFi end points (PC, MAC, Android, iOS, etc.) The customer admin determines if the WiFinetwork is password-protected or open.

Cox is not responsible for customer impacting network or security issues.


10/100


11/100

Login Instructions


Log in to the Gateway{ XE "Logging in to the Gateway" \t "See " }

This section provides instructions for logging in to the Wireless Business Gateway so that youcan customize the gateway to suit your needs rather than using the default (factory) settings.

Note: It is strongly recommended that you use an Ethernet connection versus Wi-Fiwhen you first connect to the gateway. If you use Wi-Fi during initial configuration andyou alter the Service Set Identifier (SSID), you will be dropped from the network whenthe change is submitted. You will then have to reconnect using the new SSID.

The same recommendation applies to changing the wireless passphrase. It is best tomake these changes over an Ethernet hard-wired connection..

The gateway uses a default IP address of 192.168.0.1. If you have connected to the gatewaycorrectly and configured your computer properly, use the following procedures to log in to thegateway as an administrator.

Figure 1. Login screen

1. Open your web browser and enter the following IP address: 192.168.0.1.

2. Press the Enter key.Result: The Status DOCSIS WAN login page displays.

3. Enter your User Name and Password and click the Log In button.

4. By default the username and password fields are both empty. After initial login theadmin may create a new username and password. It is highly recommended thatcustomers update the username and password and not leave blank.


12/100

Login Instructions

4 Cox Business Internet Gateway Admin Guide

Change Your Username

The Cisco application allows you to change your name when needed.

Figure 2. Change Username screen

Section Field Description

Change Password User Name: Displays the user name for the operator currentlylogged in to the gateway.

Change Password to: Allows you to change your password.

Re-Enter New password: Allows you to re-enter the newpassword. You must enter the same password as the oneentered in the Change Password to: field.

Use the following steps to change your username.

1. Log in to the application and click the Log In button.

2. Click the Administration menu option in the toolbar and click the Management tab.

3. Scroll to the Gateway Access / Local Access section and change your user nameand your password and then click the Save Settings button at the bottom of thescreen.


13/100

Set Up Basics


Set Up Basics{ XE "Set Up Basic Functionality" \t "See " }

This section instructs you on how to configure basic functionality for your gateway settings.

Quick Setup Tab

Use the Quick Setup page to change your password and to configure the WLAN.

Important: The settings on this page are unique to your gateway. You may elect tomodify the setting values or keep the default values. These default settings are all thatyou need to operate a secure wireless network. We recommend that you keep yourgateway in a physically secure location away from malicious users who might attempt tofactory reset your gateway.

Changing Your Password

Important: We recommend that you create a new password regularly to protect against

Internet attacks that specifically search for devices operating with well-known or factorydefault user names and/or passwords.

Figure 3. Change Password screen


Change Password Change Password to: Allows you to change your password.

Re-Enter New password: Allows you to re-enter the newpassword. You must enter the same password as the oneentered in the Change Password to field.

Use the following steps when you want to change your password only.

1. Log in to the system and click the Setup menu in the toolbar.

2. Click the Quick Setup tab.

3. Enter your new password in the both the Change Password to: field and the Re-

enter New Password field.

4. Click the Save Settings button at the bottom of the screen.


14/100

Set Up Basics


Config ure Wi-Fi Network

The next two sections on the Quick Setup tab include how to configure the primary network forthe Wi-Fi Radio 1 and Wi-Fi Radio 2.

Figure 4. Wi-Fi Network Configuration

The following table describes what each field means.


Wi-Fi Radio 1 Network and

Wi-Fi Radio 2 Network

802.11 Band: Allows you to choose which Wi-Fiband you are configuring.

Wireless Interface: Allows you to Enable orDisable the wireless network.

Network Name (SSID): Allows you to enter aname for your wireless network or to use thedefault value. The value you enter will be viewable

on PCs and other wireless client devices.

Note: The factory default Service Set Identifier(SSID) is either the last six (6) characters of theCM MAC Address or the SSID as identified onthe product label.


15/100

Set Up Basics



Wi-Fi Radio 1 Network and

Wi-Fi Radio 2 Network (continued)

Security Mode: Allows you to select a wirelesssecurity mode to help protect your network. If you

select Disable, your wireless network is not secureand any wireless device within range may

connect to it.

Note: The factory default Wireless Security Modeis WPA or WPA2-Personal.

Encryption: Allows you to select a level ofencryption based on the wireless security modeyou choose.

Passphrase: The passphrase key for the gateway.The key can be from 8 to 63 characters. Thefactory default passphrase is equal to the 9-digitserial number of your gateway, which can be found

on the rating label attached to your wirelessgateway. The Show Key box toggles thepassphrase between hidden characters and cleartext.

Use the following steps to configure the Wi-Fi Radio 1 (2.4GHz) and 2 (5.0GHz) Networks.

1. Log in to the system and click the Setup menu in the toolbar.

2. Click the Quick Setup tab.

3. Scroll to the Wi-Fi Radio 1 Network section and use the information in the FieldDescription column in the table above to help you populate the fields.

4. Repeat step 3 for the Wi-Fi Radio 2 Network section.

a. Note that the SSID network names can be configured the same for eachradio. Most devices (phones, tablets and computer) will auto select the bestavailable network based upon the hardware capabilities of the device. If theadmin wants uses to be aware of the network capabilities the SSIDs couldbe labeled to include 2.4 or 5.0 as an example.

5. Click the Save Settings button.


16/100

Set Up Basics


Conf igure LAN Setup { XE " Conf igure LAN Setup Sett ings" \t " See" }

The LAN Setup page allows you to configure the settings for the Local Area Network (LAN).These settings include the range of IP addresses that define the LAN itself, as well as how theaddresses are assigned (automatically by DHCP or manually) as new devices are added to thenetwork.

Configure Gateway IP

Important: Unless you are knowledgeable about administering IP addresses, werecommend that you do not change these settings. If you change these valuesincorrectly, you can lose Internet access.

Figure 5. Configure LAN Gateway IP screen


Network Setup (LAN) Gateway IP Local IP Address. The base IP address of the private LAN. Thefactory default LAN IP Address is 192.168.0.1

Subnet Mask. The subnet mask for your LAN.

Follow these instructions to apply settings to the Configure LAN Setup / Gateway IP:

1. The Setup LAN page appears whenever you log on to the gateway. However, if thepage does not display, click the LAN Setup tab and scroll to the Network Setup(LAN) Gateway IP section.

2. Use the information in the Field Description column in the table above to help youpopulate the fields.

3. After you make your selections, click the Save Settings button to apply yourchanges or click the Cancel Changes button to withdraw.


17/100

Set Up Basics


Configure Network Address Server Settings

Figure 6. Network Address Server Settings


Network Address Server Settings (DHCP) DHCP Server . Allows you to enable or disable theDHCP server in the business gateway. The DHCPserver is used to automatically allocate IPaddresses to devices as they are attached to your

network.Connected Devices Summary. Displays the MAC Address and IP Address of the devices that areconnected to the gateway.

Pre-assigned DHCP IP Addresses. Click Pre-assigned DHCP IP Addresses to assign aspecific IP address to a PC or other device whenthey request an IP address using DHCP.

Only addresses within the range of the gateway'sDHCP address pool can be reserved with thisfeature.


18/100

Set Up Basics



Network Address Server Settings(DHCP) (continued)

Notes:

The Add Static IP button adds the Static IP address to the list

of factory assigned IP addresses.The Remove Static IP button removes the Static IP addressfrom the list of assigned IP addresses

Starting IP Address. Displays the starting address used by thebuilt-in DHCP server to distribute Private LAN IP addresses.

Because the device default IP address is 192.168.0.1, thestarting IP address must be 192.168.0.2 or greater, but smallerthan 192.168.0.253.

Maximum Number of DHCP Users: Enter the maximumnumber of users to which the DHCP server can assign IPaddresses for use in the LAN. This number cannot be greaterthan 254 minus the starting IP address described above.

Client Lease Time: The amount of time an IP address is valid.IP address leases are renewed automatically by your PC andother devices that use DHCP to obtain IP addresses.

If a lease is allowed to expire, the IP address will be returned tothe pool of available IP addresses that can be assigned by theDHCP server as new devices are added to your network. Thedefault is 60 minutes when the gateway is online.

LAN Static DNS (Domain Name Server) 1-3: DNS is used by aPC or other client devices to locate the public IP addressassociated with a URL or the name-based address of a website.

You can manually specify which DNS servers are to be used bydevices in your network by entering the servers’ IP addresses.Otherwise, the gateway will forward the DNS server information

from the Cox Business Internet service automatically. Thedefault is to leave these fields blank.

Use the following steps to configure the Network Address Server (DHCP)

1. Log in to the system and click the Setup menu in the toolbar and the LAN Setup tab.




19/100

Set Up Basics


Configure Time Settings

The last section of the Quick Setup tab allows you to set up the correct time zone for the serverin your location.

Figure 7. Time Settings screen


Time Settings Time Zone: Select the time zone for your location. If yourlocation follows daylight saving time, select Automatically

adjust clock for daylight saving time.

Provide input/verify descriptions for the following settings:

Daylight Saving time minutes

Time Server : Enter the name of a server to be used as theDaylight Saving Time (DST) server and click Add Server to addthe server.

Remove Server: To eliminate a server from the list of availableDST servers, select the server and click Remove Server .

NTP. Select Enable or Disable to indicate whether or not aNetwork Time Protocol (NTP) server will be used.

Use the following steps to configure Time Settings.

1. Log in to the system and click the Setup menu in the toolbar and the LAN Setup tab.


3. When you are done, click the Save Settings button to apply your changes or clickthe Cancel Changes button to withdraw.


20/100

Set Up Basics


Config ure DDNS Sett ings { XE "Config ure DDNS Sett ing s" \t " See" }

Dynamic Domain Name Service (DDNS) provides the gateway—for which the IP address canchange—with a host name or URL that can be deciphered by network applications throughstandard DNS queries. DDNS is useful when you host your own website, FTP server, or otherserver behind the device.

Note: You must sign up for DDNS service before you can use this feature.

This section describes how to perform the following from the DDNS Setup page:

Disable DDNS

Enable and configure DDNS

Figure 8. Configure DDNS screen

Enable and Configure DDNS{ XE "Enable and Configure DDNS" \t "See " }

To use the DDNS feature, you must first set up an account and establish a URL withwww.DynDNS.org. The DNS feature will not work without a valid account.

Follow the instructions on the website to set up an account. After you have set up a validaccount for DDNS, use the steps below to configure the gateway for DDNS service.

1. From the Setup page, click the DDNS tab.

2. Click the drop-down arrow and select Enable.

3. Enter your User Name, Password, and the name of the Host in the correspondingfields.

4. Click the Save Settings button to save your changes.Result: The gateway advises the DDNS service of your current WAN (Internet) IPaddress whenever this address changes. (Note: The Status area of the windowdisplays the status of the DDNS service connection.)

http://www.dyndns.org/http://www.dyndns.org/http://www.dyndns.org/http://www.dyndns.org/http://www.dyndns.org/http://www.dyndns.org/http://www.dyndns.org/


21/100

Set Up Basics


Disable DDNS{ XE "Disable DDNS" \t "See " }

Follow these instructions to disable DDNS (the factory default setting):

1. From the Setup page, click the DDNS tab.

Result: The DDNS opens and displays available settings.2. Click the DDNS Service drop-down list and select Disable.



22/100


23/100

Configure Wireless Settings


Configure Wireless Settings{ XE "Configure Wireless Settings" \t"See " }

Setting up the gateway for wireless communication allows you to connect to the Internet fromany location within range of the wireless application protocol (WAP) without having to use wiredconnections.

This section provides procedures for configuring the WAP to meet your needs. These optionsare available as tabs on the Wireless.

Config ure WPS { XE "Config ure WPS Sett ings" \t " See" }

Use this page to configure Wi-Fi Protected Setup (WPS) to attach WPS-enabled devices to yournetwork. When you select WPS as your wireless configuration, settings are pre-configured.

Figure 9. Wireless WPS screen


24/100




Wi-Fi Protected Setup Enable / Disable. Select the radio button to activate ordeactivate wirless protection for your gateway.

Click the Wi-Fi Protected Setup icon on the client side at thesame time you press the Wi -Fi Protected Setup button on thedevice to automatically establish protection.

Wi-Fi Protected Setup PIN. This is the most secure option toregister a wireless client with the gateway. The Wi-Fi ProtectedSetup PIN number is found in the client Wi-Fi Protected Setuputility. After entering the client's Wi-Fi Protected Setup PINnumber, you can connect to the gateway by clicking theRegister button.

WPS Setup Using the Gateway PIN. Note the gateway's Wi-FiProtected Setup PIN number that is displayed on the Wi-FiProtected Setup page. Click the Register button (using any Wi-Fi Protected Setup client utility) and enter the gateway's Wi-Fi

Protected Setup PIN number in the client device to complete theregistration.

To create a new gateway PIN number for use in pairing with aWPS client, click New PIN Code and a number will be randomlygenerated.

Wi-Fi Radio 1 Network Displays the name of the network and the security level chosenfor the Radio 1 network.

Wi-Fi Radio 2 Network Displays the name of the network and the security level chosenfor the Radio 2 network.

Use the following steps to enable or disable the Wi-Fi Protected Setup.

1. From the Wireless menu in the toolbar, click the WPS tab.

2. Scroll to the Wi-Fi Protected Setup section and select the Enable radio button ifyou want to use WPS to set up devices that support WPS. Otherwise, select theDisable radio button.



Note: When using WPS mode, wired equivalent privacy (WEP) is not supported. If youmust use WEP encryption, select the Disabled button. Cox strongly advises againstusing WEP because it is a compromised WiFi security method and can easily be

hacked.


25/100



Config ure Radio Sett ings{ XE "Radio Sett ings" \t " See" }

This section describes how to configure the interface on the Wi-Fi Networks for both Radio 1and Radio 2.

Figure 10. Radio Settings screen


Wi-Fi Radio 1 Network Wireless Interface. Select Enable or Disable to enable ordisable the wireless network.

802.11 Band. Displays the radio band frequency currently inoperation

Network Mode. Choose one of these options:

B/G only

N Only

B/G/N Mixed

Scan 2.4GHz Aps. Click this button to look for a 2.4GHzbandwidth access point.


26/100




Channel Width. Choose one of these options:

20 MHz Only

Auto (20 or 40 MHz)

Channel. Select one of the channels from the drop-down list tocorrespond with your network settings. All devices in yourwireless network must broadcast on the same channel in orderto communicate. You can select Auto (factory default) forautomatic channel selection. Note: “ Auto” is the preferred settingand provides the best user experience.

Extended Channel. Select one of the extended channels fromthe drop-down list to correspond with your network settings. Alldevices in your wireless network must broadcast on the samechannel in order to communicate. You can select Auto (factorydefault) for automatic channel selection. Note: “Auto” is thepreferred setting and provides the best user experience.

The following network information status is displayed:

Network Name (SSID). The name or service set identifier(SSID) of your wireless access point

MAC Address (BSSID). The MAC Address of your gateway'slocal wireless access point

SSID Broadcast. The status of the gateway's SSID Broadcastfeature.

Wi-Fi Radio 2 Network Wireless Interface. Select Enable or Disable to enable or

disable the wireless network.

802.11 Band. Displays the radio band frequency currently inoperation

Network Mode. Choose one of these data transmission options:

A only

N Only

A/N Mixed

Channel Width. Choose one of these options:

20 MHz Only

Auto (20 or 40 MHz)

80 MHz for 802.11 AC (Note: To enable AC, the networkmode must be set to A/N)

Channel. Select one of the channels from the drop-down list tocorrespond with your network settings. All devices in yourwireless network must broadcast on the same channel in orderto communicate. You can select Auto (factory default) forautomatic channel selection. Note: “Auto” is the preferred setting


27/100




and provides the best user experience.

Extended Channel. Select one of the extended channels fromthe drop-down list to correspond with your network settings. Alldevices in your wireless network must broadcast on the samechannel in order to communicate. You can select Auto (factorydefault) for automatic channel selection. Note: “Auto” is thepreferred setting and provides the best user experience.

The following network information status is displayed:

Network Name (SSID). The name or service set identifier(SSID) of your wireless access point

MAC Address (BSSID). The MAC Address of your gateway'slocal wireless access point

SSID Broadcast. The status of the gateway's SSID Broadcastfeature.

Use the following steps to configure the wireless interface for the Wi-Fi Radio 1 and Radio 2Networks.

1. From the Wireless menu in the toolbar, click the Radio Settings tab.




28/100



Config ure Wireless Security Sett ings { XE "Wireless Security Sett ings " \t

" See" }

The Wireless Security page allows you to configure protection settings for Wi-Fi Radio 1 and

Wi-Fi Radio 2.Figure 11. Wireless Security screen

Section Field DescriptionWi-Fi Radio 1 Security Security Mode. Allows you to select a wireless security mode

to help protect your network. If you select Disable, then yourwireless network is not secure and any wireless device withinrange may connect to it. Note: The factory default mode is WPAor WPA2-Personal. Note: WEP is a well known compromisedsecurity and should not be used.

Encryption. It allows you to select a level of encryption basedon the wireless security mode you choose.

Passphrase. The passphrase key for the gateway. The key canbe from 8 to 63 characters. The factory default passphrase isequal to the 9-digit serial number of your gateway. The serial

number can be found on the rating label attached to yourwireless gateway. Selecting Show Key toggles the passphrasebetween hidden characters and clear text.

Key Renewal. Enter a time period that instructs the deviceabout how often it should change encryption keys. The default is3600 seconds.


29/100



Wi-Fi Radio 2 Security Security Mode. Allows you to select a wireless security modeto help protect your network. If you select Disable, then yourwireless network is not secure and any wireless device withinrange may connect to it. Note: The factory default mode is WPA

or WPA2-Personal. Note: WEP is a well known compromisedsecurity and should not be used.

Encryption. Allows you to select a level of encryption based onthe wireless security mode you choose.

Passphrase. The passphrase key for the gateway. The key canbe from 8 to 63 characters. The factory default passphrase isequal to the 9-digit serial number of your gateway. The serialnumber can be found on the rating label attached to yourwireless gateway. Selecting Show Key toggles the passphrasebetween hidden characters and clear text.

Key Renewal. Enter a time period that instructs the deviceabout how often it should change encryption keys. The default is3600 seconds.

Follow these instructions to configure Wireless Security settings:

1. From the Wireless menu in the toolbar, click the Wireless Security tab.




30/100



Conf igure Guest Network Set t ings

The Guest Networks tab is only available in the Cox Business “Internet Gateway” subscriptionand gateway configuration. This feature is different from the Cox Business Guest Wi-Fi serviceoffering because it allows you to define guest Wi-Fi SSIDs for each radio, even though theInternet service bandwidth tier is shared between all enabled guest Wi-Fi SSIDs. The GuestNetwork tab allows you to configure up to seven (7) additional SSIDs per radio. Remember thatthese SSIDs share the same Internet bandwidth.

When you subscribe to the Cox Business Guest Wi-Fi service, bandwidth and a second physicalgateway is dedicated for guest Wi-Fi users and there is no contingency to the primary gateway’sbandwidth. The second gateway dedicated to “Guest WiFi” network will not have access to theGuest Network tab in the GUI.

The “Guest Network” section allows you to set up the Wi-Fi Radio Guest Network for both Radio1 and Radio 2, which includes naming the network and designating whether you want to enableit as a SSID Broadcast. In the Guest Network Settings section, you provide technicalspecifications for the DHCP server. When creating additional SSIDs in the “Guest Network” tab,all networks on the gateway share the Internet access bandwidth. There is no priority given toany SSID.

Figure 12. Guest Network screen


31/100




Wi-Fi Radio Guest Network Wireless Interface. Allows you to select the wireless interface

that you want to configure. The options are Radio 1 and Radio2.

Network Name (SSID) The name that you want to assign to theService Set Identifier (SSID).

MAC Address (BSSID). Similar to the SSID, the Basic ServiceSet Identifier (BSSID) is the 'name' of the wireless network thatshows up under network connections.

SSID Broadcast. An SSID is the name of a wireless local areanetwork (WLAN). All wireless devices on a WLAN must use thesame SSID in order to communicate with each other.

The SSID on wireless clients can be set manually, by enteringthe SSID into the client network settings or automatically, by

leaving the SSID unspecified or blank. A network administratoroften uses a public SSID that is set on the access point andbroadcast to all wireless devices in range. Some wirelessaccess points disable the automatic SSID broadcast feature toimprove network security.

By disabling the broadcasting of the SSID, or even the beaconsignal itself, you can hide the presence of your wireless networkor at least obscure the SSID itself which is critical for a device toconnect to your network.

Enable. Check this box to allow the SSID broadcast.


32/100




Guest Network Settings Network Name (SSID). The name of the network that you wantto configure

Security Mode. Select the level of security that you want toapply to the network that you selected from the Network Name(SSID) drop-down list.

Wired Equivalent Privacy (WEP) is a security protocol forwireless networks that encrypts transmitted data. Without anysecurity your data can be intercepted without difficulty. Note:WEP is a well known compromised security and should not beused.

WEP has three settings: Off (no security), 64-bit (weak security),128-bit (a bit better security). WEP is not difficult to crack, andusing it reduces performance slightly.

If you run a network with only the default security, where WEP isturned off, others can immediately log on to your network and

use your Internet connection.Wi-Fi Protected Access (WPA) replaces WEP with a protocolthat is — given current technology — impossible to crack.

DHCP Server . Dynamic Host Configuration Protocol (DHCP) isa networking protocol that is used by servers on an IP networkto allocate IP addresses to computers. The purpose of DHCP isto automate the IP address configuration of a computer withouta network administrator.

IP Address. An IP address is assigned to a computer for a setinterval, after which, the computer must renew the IP address oracquire a new one. In this field, enter the IP address of theDHCP server.

Subnet Mask. A mask is used to determine what subnet an IPaddress belongs to. An IP address has two components, thenetwork address and the host address. For example, the firsttwo numbers (150.215) in the IP address 150.215.017.009represent the network address, and the second two numbers(017.009) identify a particular host on this network.

Subnetting enables the network administrator to further dividethe host part of the address into two or more subnets.

Lease Pool Start. The first IP address in the scope ofaddresses that you will use for the DHCP server. After a DHCPscope is established changes in the number of nodes thatrequire DHCP leases may change over time.

Lease Pool End. The last IP address in the pool of addresses

that you use for the DHCP server. a certain address pool anddetermine that the address pool range needs to be increased,you can simply delete the scope and recreate it. Deletion of thescope will.

Lease Time. The amount of time that the scope of leased IPaddresses are valid until they expire. The value can be hours,days, weeks, months, etc.

http://en.wikipedia.org/wiki/Networking_protocolhttp://en.wikipedia.org/wiki/Network_serverhttp://en.wikipedia.org/wiki/IP_networkhttp://en.wikipedia.org/wiki/IP_addresseshttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Network_administratorhttp://www.webopedia.com/TERM/M/mask.htmlhttp://www.webopedia.com/TERM/S/subnet.htmlhttp://www.webopedia.com/TERM/I/IP_address.htmlhttp://www.webopedia.com/TERM/I/IP_address.htmlhttp://www.webopedia.com/TERM/H/host.htmlhttp://www.webopedia.com/TERM/H/host.htmlhttp://www.webopedia.com/TERM/I/IP_address.htmlhttp://www.webopedia.com/TERM/I/IP_address.htmlhttp://www.webopedia.com/TERM/S/subnet.htmlhttp://www.webopedia.com/TERM/M/mask.htmlhttp://en.wikipedia.org/wiki/Network_administratorhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/IP_addresseshttp://en.wikipedia.org/wiki/IP_networkhttp://en.wikipedia.org/wiki/Network_serverhttp://en.wikipedia.org/wiki/Networking_protocol


33/100



Follow these instructions to configure Guest Network settings:

1. From the Wireless menu in the toolbar, click the Guest Network tab.

2. Use the information in the Field Description column in the table above to help you

populate the fields.3. After you make your selections, click the Save Settings button to apply your

changes or click the Cancel Changes button to withdraw.


34/100



Config ure MAC Fil ter Sett ings { XE "Config ure MAC Fil ter ing" \t " See" }

Use the MAC Filter feature to allow or block access to your wireless LAN based on the MAC Address of the wireless client devices. The MAC Filter feature, also known as an access list,can be used to help protect your wireless network from access by unauthorized users.

Figure 13. MAC Filter screen


MAC Filter Allows you to Enable or Disable MAC Filtering for the gateway.

Access Restriction Access Restriction. Allows you to permit or block computersfrom accessing the wireless network. The choice that you make

here affects the addresses listed on this page. Choose one ofthe following options:

Block computers listed below from accessing the wirelessnetwork . Select this option to deny Internet access to the

MAC addresses of the devices you list in the table. All other

MAC addresses will be allowed Internet access.

Permit computers listed below access to the wireless


35/100



Access Restriction (continued) network . Select this option to allow Internet access only tothe MAC addresses of the devices you list in the table. Any

MAC addresses not listed in the table will be denied Internet

access

MAC Address Filter

List

MAC Address Filter List. The MAC Address Filter List displaysusers whose wireless access you want to control. ClickWireless Client List to display a list of network users by MACaddress. From the To Sort by drop-down menu, you cancategorize the table by IP Address, MAC Address, Status,Interface, or Client Name. To view the most up-to-dateinformation, click Refresh.

Follow these instructions to configure MAC address filtering for your wireless network:

1. From the Wireless menu in the toolbar, click the MAC Filter tab.




36/100



Conf igure Advanced Settings{ XE "Conf igure Advanced Sett ings" \ t "See" }

Important: An expert administrator should be the only person to adjust these settings.

Incorrect settings can reduce wireless performance.

Figure 14. Advanced Settings screen


Wi-Fi Radio 1 Settings and

Wi-Fi Radio 2 Settings

The rate of data transmission should be set depending on thespeed of your Wireless-N networking.

Select from a range of transmission speeds, or select Auto tohave the device automatically use the fastest possible data rateand enable the Auto-Fallback feature. Auto-Fallback negotiatesthe best possible connection speed between the device and awireless client. The default setting is Auto.


37/100




Wi-Fi Radio 1 Settings and

Wi-Fi Radio 2 Settings (continued)

Choose one of the following options for transmission rate:

Auto (factory default)

Use Legacy Rate0: 6.5 or 13.5 Mbps

1: 13 or 27 Mbps

2: 19.5 or 40.5 Mbps

3: 26 or 54 Mbps

4: 39 or 81 Mbps

5: 52 or 108 Mbps

6: 58.5 or 121.5 Mbps

7: 65 or 135 Mbps

8: 13 or 27 Mbps

8: 13 or 27 Mbps

9: 26 or 54 Mbps

10: 39 or 81 Mbps

11: 52 or 108 Mbps

12: 78 or 162 Mbps

13: 104 or 216 Mbps

14:117 or 243 Mbps

15: 130 or 270 Mbps

CTS Protection Mode CTS (Clear-To-Send) Protection Mode boosts the device'sability to catch all wireless transmissions, but can severelydecrease performance. Select Auto if you want the device to

use this feature as needed, when the Wireless- N/G productsare not able to transmit to the device in an environment withheavy 802.11b traffic. Select Disable if you want to permanentlydisable this feature.

Beacon Interval. The Beacon Interval value indicates the frequency interval ofthe beacon. A beacon is a packet broadcast by the device tosynchronize the wireless network.

(Default: 100 msec, Range: 20-1000)

DTIM Interval. The Delivery Traffic Indication Message (DTIM) indicates theinterval between Broadcasts/Multi-cast transmissions. DTIMfield is a countdown field informing clients of the next window forlistening to broadcast and multicast messages. When the device

has buffered broadcast or multicast messages for associatedclients, it sends the next DTIM with a DTIM Interval value. Itsclients hear the beacons and awaken to receive the broadcastand multicast messages.

(Default: 1, Range: 1-255)


38/100




Fragmentation Threshold Fragmentation Threshold. Specifies the maximum size for apacket before data is fragmented into multiple packets. If youexperience a high packet error rate, you may slightly increase

the Fragmentation Threshold. Setting the FragmentationThreshold too low may result in poor network performance. Onlyminor reduction of the default value is recommended.

In most cases, it should remain at its default value of 2346.

RTS Threshold RTS Threshold. Determines at what packet size beyond whichthe ready to send/clear to send (RTS/CTS) mechanism isinvoked.

If you encounter inconsistent data flow, only minor reduction ofthe default value, 2346, is recommended. If a network packet issmaller than the preset RTS Threshold size, the RTS/CTSmechanism will not be enabled.

The device sends Ready to Send (RTS) frames to a particular

receiving station and negotiates the sending of a data frame. After receiving a RTS, the wireless station responds with aClear to Send (CTS) frame to acknowledge the right to begintransmission. The RTS Threshold value should remain at itsdefault value of 2347.

Follow the steps below to set up the following advanced wireless functions:

1. From the Wireless menu in the toolbar, click the Advanced Settings tab.


3. After you make your selections, click the Save Settings button to apply your



39/100



Config ure WDS Sett ings{ XE " Configu re WDS Sett ing s" \t " See" }

The Wireless Distribution System (WDS) Settings page allows you to expand the coverageof your wireless network by deploying signal repeaters.

Figure 15. WDS Settings screen


Wi-Fi Radio 1 WDS Settings WDS MAC Address. Displays the WDS MAC Address (orBSSID) of your gateway access point.

Allow Wireless Signal To Be Repeated by a Repeater . Selectthis option to allow a wireless client to connect to a repeater androute traffic between the wireless client and a repeater. Amaximum of three (3) repeaters is allowed.

Remote Access Point's MAC Address (MAC 1 through 3) .Use the three fields (MAC 1, 2, and 3) to enter the MAC addressof the repeaters.

Wi-Fi Radio 1 WDS Settings WDS MAC Address. Displays the WDS MAC Address (orBSSID) of your gateway access point.

Allow Wireless Signal To Be Repeated by a Repeater . Selectthis option to allow a wireless client to connect to a repeater androute traffic between the wireless client and a repeater. Amaximum of three (3) repeaters is allowed.

Remote Access Point's MAC Address (MAC 1 through 3) .Use the three fields (MAC 1, 2, and 3) to enter the MAC addressof the repeaters.


40/100



Follow these instructions to configure WDS Settings.

Important: Make sure the channel settings are the same for all WDS enabled devices.

1. From the Wireless menu in the toolbar, click the WDS Settings tab.




41/100



Config ure QoS Sett ings{ XE "Con figure QoS Sett ings" \t " See" }

Quality of Service (QoS) ensures better service to high-priority types of network traffic, whichmay involve demanding, real-time applications, such as video conferencing. QoS settings allowyou to specify priorities for different types of traffic. Lower priority traffic will be slowed down toallow greater throughput or less delay for high priority traffic.

Figure 16. QoS screen


Wi-Fi Radio 1 QoS and Wi-Fi Radion 2QoS

WMM Support. If WMM (Wi-Fi Multimedia) is supported by

your wireless clients, enabling this feature means that voice

and multimedia traffic will be given higher priority than other

traffic.

Select the desired option:

Enable (factory default)

Disable

No ACK. Abbreviation for Acknowledgement (data networks). Itis a signal to acknowledge the receipt of data. No Ack allowsyou to enable or disable No ACK. No ACK is disabled by default.This feature is recommended for data services where speed oftransmission is important and packet loss is tolerable to a certain

degree.If you select Disable, an acknowledge packet is returned forevery packet received. This provides a more reliabletransmission, but it increases traffic load, which decreasesperformance.


Enable


42/100



Disable (factory default)

Follow these instructions to configure QoS priorities for different types of traffic:

1. From the Wireless menu in the toolbar, click the QoS tab.




43/100

Configure Security


Configure Security{ XE "Configure Security" \t "See " }

This section provides procedures on how to establish security for your gateway; such as how to

set the level of protection for the firewall, how to enable or disable a virtual private network(VPN) pass-through, and how to configure the VPN tunnel.

Config ure Firewall Sett ings { XE " Config ure Firewall Sett ing s" \t " See" }

Use the settings on this page to configure a firewall and filter types of unwanted traffic on thegateway local network. Advanced firewall technology deters hackers and protects your networkfrom unauthorized access.

Figure 17. Firewall Settings screen


44/100

Configure Security



Firewall SPI Firewall Protection. Stateful firewall (which is any firewall

that performs stateful packet inspection (SPI) or statefulinspection) is a firewall that tracks the state of networkconnections; e.g., TCP streams, UDP communication that travelacross it. The firewall is programmed to distinguish legitimatepackets for different types of connections. Only packets thatmatch a known active connection are allowed by the firewall;others are rejected.


Off (factory default). No ports are restricted and SPI is “off.”

Low. No ports are restricted and SPI is “on.”

Medium. The following ports are allowed and SPI is “on”:

5190, 546, 547, 53, 989, 990, 80, 8080, 443, 143, 993, 4500,123, 110, 995, 1812, 25, 22, 465, 1725, 1200, 992, 3074,

3724, 5050

High. The following ports are allowed and SPI is “on.” 53,80, 443, 993, 4500, 123, 995, 22, 25, 465

Cox Business VoiceManager Toolbar or Receptionist Consoleapplication users must set the gateway firewall to “Low” toachieve full functionality.

IPv6 Firewall Protection.

Off

On (factory default)

Filters Block fragmented IP packets. Enables/disables filtering offragmented IP packets. This feature helps protect your privatelocal network from Internet based denial of service attacks.Block Port Scan Detection. Enables/disables the gatewayfrom responding to Internet based port scans. This feature isdesigned to protect your private local network from Internetbased hackers who attempt to gain unsolicited access yournetwork by detecting open IP ports.

Block IP Flood Detection. Blocks malicious devices thatattempt to flood devices or networks with illegal broadcastpackets. Also referred to as “broadcast storm.”

Note: This is the factory default option.

Block WAN Requests Block Anonymous Internet Requests. Enable this feature tokeep your network from being “pinged” or detected by otherInternet users. It also hides your network ports. Both make itmore difficult for outside users to enter your network.

Note: This is the factory default option.


45/100

Configure Security


Follow these instructions to configure Firewall settings:

1. From the Security menu in the toolbar, click the Firewall tab.

2. Use the information in the Field Description column in the table above to help you

populate the fields.3. After you make your selections, click the Save Settings button to apply your



46/100

Configure Security


Config ure VPN Pass-throu gh Sett ings { XE " Config ure VPN Pass-throu gh

Sett ings " \t "See" }

Use this page to configure Virtual Private Network (VPN) support. Enabling the settings on this

page allows VPN tunnels using IPsec or PPTP protocols to pass through the gateway’s firewall.Figure 18. VPN Pass-through screen


VPN Passthrough IPSec Pass-through. Enables/disables Internet ProtocolSecurity (IPsec). IPsec is a suite of protocols used to implementsecure exchange of packets at the IP layer. If you enable IPSecPass-through, applications that use IPsec (IP Security) can passthrough the firewall.

Select Disable to deactivate IPSec Pass-through.



Disable

PPTP Pass-through. Enables/disables Point-to-Point TunnelingProtocol (PPTP). PPTP allows the Point-to-Point Protocol (PPP)to be tunneled through an IP network. If you enable PPTP pass-through, applications that use Point to Point Tunneling Protocol(PPTP) can pass through the firewall.

Select Disable to deactivate PPTP Pass-through.



Disable

Follow these instructions to configure VPN Pass-through settings:

1. From the Security menu in the toolbar, click the VPN Passthrough tab.




47/100

Configure Security


Config ure VPN Sett ings { XE "Config ure VPN Sett ings " \t "See" }

A Virtual Private Network (VPN) is a connection between two endpoints in different networksthat allows private data to be sent securely over public networks or other private networks. Thisis accomplished by creating a “VPN tunnel.” The Cisco gateway can deploy at two customerlocations so that a VPN tunnel may be configured and connected between the two locations.This allows clients on either side to access resources in the other site as though they are part ofthe same LAN.

The configuration of this feature and the tunnel is customer-specific and is the responsibility ofthe customer administrator.

Figure 19. VPN screen


48/100

Configure Security



VPN Tunnel Select Tunnel Entry. Allows you to display a list of created

VPN tunnels.Create. Click to generate a new tunnel entry.

Delete. Click to remove all settings for the selected tunnelSummary. Click to display the settings and status of all enabledtunnels.

IPSec VPN Tunnel. Allows you to enable or disable InternetSecurity Protocol for the VPN tunnel.

Tunnel Name. Enter the name for this tunnel.

Local Secure Group Select the local LAN user(s) that can use this VPN tunnel. Thismay be a single IP address or sub-network. The Local SecureGroup must match the remote gateway’s Remote SecureGroup.

IP. Enter the IP address of the local network.

Mask. If the Subnet option is selected, enter the mask todetermine the IP address on the local network.

Remote Secure Group Select the remote LAN user(s) behind the remote gateway whocan use this VPN tunnel. This may be a single IP address, asub-network, or any addresses.

If “ Any” is set, the gateway acts as responder and acceptsrequests from any remote user. The Remote Secure Groupmust match the remote gateway’s Local Secure Group.

IP. Enter the IP address of the remote network Mask. If theSubnet option is selected, enter the mask to determine the IPaddresses on the remote network.

Remote Secure Gateway Select the desired option, IP Addr., Any, or FQDN. If thegateway has a dynamic IP address, select Any or FQDN. If Anyis selected, the gateway will accept requests from any IPaddress.

FQDN. If FQDN is selected, enter the domain name of theremote gateway so the gateway can locate a current IP addressusing DDNS.

IP. The IP address in this field must match the public (WAN orInternet) IP address of the remote gateway at the other end ofthis tunnel.


49/100

Configure Security



Key Management Key Exchange Method. The gateway supports both automaticand manual key management. Note that both sides must usethe same key management method.

Select one of the following options for the key exchangemethod:

Auto (IKE). Uses Internet Key Exchange (IKE) protocols tonegotiate key material for Security Association (SA).

Configure Auto key management using the following settings:

Encryption: The Encryption method determines the length ofthe key used to encrypt/decrypt ESP packets. Notice that bothsides must use the same method.

Authentication: The Authentication method authenticates theEncapsulating Security Payload (ESP) packets. Select MD5 orSHA. Notice that both sides (VPN endpoints) must use thesame method.

MD5: A one-way hashing algorithm that produces a 128-bitdigest.

SHA: A one-way hashing algorithm that produces a 160-bitdigest.

– Perfect Forward Secrecy (PFS): If PFS is enabled, IKEPhase 2 negotiation will generate new key material for IP trafficencryption and authentication. Note that both sides must havePFS enabled.

– Pre-Shared Key: IKE uses the Pre-Shared Key toauthenticate the remote IKE peer. Both character andhexadecimal values are acceptable in this field. (For example,"My_@123" or "0x4d795f40313233" are acceptable.) Note that

both sides must use the same Pre- Shared Key. – Key Lifetime: This field specifies the lifetime of the IKEgenerated key. If the time expires, a new key will berenegotiated automatically. The Key Lifetime may range from300 to 100,000,000 seconds.

The default lifetime is 3600 seconds.

Status This field shows the connection status for the selected tunnel.The state is either Connected or Not Connected.


50/100

Configure Security



Buttons Connect. Click to establish a connection for the current VPNtunnel. If you have made any changes, click Save Settings tofirst apply your changes.

Disconnect. Click to break a connection for the current VPNtunnel.

View Log. Click to view the VPN log, which shows details ofeach established tunnel.

Advanced Settings. If the Key Exchange Method is Auto (IKE),this button provides access to additional settings relating to IKE.Click this button if the gateway is unable to establish a VPNtunnel to the remote gateway, and make sure the AdvancedSettings match those on the remote gateway.

Phase 1 - Operation Mode. Select the method appropriate forthe remote VPN endpoint.

Main: Main mode is slower but more secure.

Aggressive: Aggressive mode is faster but less secure.

Local Identity. Select the desired option to match the RemoteIdentity setting at the other end of this tunnel.

Local IP Address: Your WAN ( Internet) IP address.

Name: Your domain name.

Remote Identity. Select the desired option to match the LocalIdentity setting at the other end of this tunnel.

Local IP Address: WAN ( Internet) IP address of the remoteVPN endpoint.

Name: Domain name of the remote VPN endpoint.

Encryption. This is the encryption algorithm used for the IKE

SA. It must match the setting used at the other end of thetunnel.

Follow these instructions to configure VPN settings.

1. From the Security menu in the toolbar, click the VPN tab.




51/100

Control Access to the Internet


Control Access to the Internet{ XE "Control Access to the Internet" \t"See " }

This section provides procedures for configuring the options available on the AccessRestriction page.

Config ure IP Address Fil ter ing Sett ings { XE " Configu re IP Address Fil ter ing

Sett ings " \t "See" }

Use the settings on this page to configure IP address filters. These filters prevent a range of IPaddresses from accessing the Internet.

Important: If you are not familiar with the advanced settings described in this section,contact your IT department before you attempt to change any of the default advanced IPfiltering settings.

Figure 20. IP Address Filtering screen

Follow these instructions to configure IP Address Filtering settings.

1. From the Access Restrictions menu in the toolbar, click the IP Address Filteringtab.

2. In the Start Address and End Address fields, enter the range of IP addresses thatyou want to prevent from having access to your network. (Note: Check the Enable box to allow access of the range of addresses you defined.)



52/100



Conf igure MAC Add ress Fi ltering Set t ings { XE "Conf igure MAC Address

Fil ter ing Sett ings" \t " See" }

Use the settings on this page to configure MAC address filters. These filters permit you to allow

or block a range of MAC addresses from accessing the Internet based on MAC address.Important: If you are not familiar with the advanced settings described in this section,contact your IT department before you attempt to change any of the gateway defaultadvanced MAC address filtering settings.

Figure 21. MAC Address Filtering screen

Field Name Description

Access Restriction Block devices listed below from accessing the Internet. Select to deny Internet access to the MAC addresses listed inthe MAC Address Filter List fields. All other MAC addresses willbe allowed Internet access.

Permit devices listed below to access the Internet. Select toallow Internet access only to the MAC addresses of the devices

you list in the MAC Address Filter fields. Any MAC addressesnot listed in the table will be denied Internet access.

MAC Address Filter List In the available fields, enter the MAC addresses of the deviceswhose Internet access you want to control.


53/100



Follow these instructions to configure MAC Address Filtering settings:

1. From the Access Restrictions menu in the toolbar, click the MAC AddressFiltering tab.

2. Select the Enable or Disable radio button to turn on a filter for MAC IP addresses.3. Select the Block devices… or Permit devices… radio button to prevent or allow

the MAC IP address(es) that you define. (Note: You can enter a maximum of 20addresses.)


.


54/100


55/100

Configure Applications

Cox Business Internet Gateway 47

Configure Applications { XE "Configure Applications" \t "See " }

This section provides procedures for configuring the options on the Applications page.

Important: Most well-known Internet applications are supported by Application LayerGateways (ALGs). ALGs automatically adjust the gateway firewall to allow data to passwithout making any custom settings. We recommend that you test your applicationbefore making changes in this section.

Config ure Port Fi lter ing Sett ings{ XE "Con figure Port Fi l ter ing Sett ings " \t

" See" }

Use the settings in this window to configure transmission control protocol (TCP) and userdatagram protocol (UDP) port filters. These filters prevent a range of TCP/UDP ports fromaccessing the Internet. You can also prevent PCs from sending outgoing TCP/UDP traffic to theWAN on specific IP port numbers. This filter is not IP address- or MAC address- specific. The

system blocks the specified port ranges for all PCs.

Figure 22. Port Filtering screen


56/100




Port Filtering Start Port. Enter the starting port number in the range (externalports) used by the server or Internet application. Check with thesoftware documentation of the Internet application for more

information if necessary.

End Port. Enter the final port number in the range (externalports) used by the server or Internet application.

Protocol. Select one of the following protocols:

TCP

UDP

Both

Enable. Allows you to activate port filtering.

Follow these instructions to configure the port filtering for application features:

1. From the Application Layer Gateway menu in the toolbar, click the Port Filteringtab.




57/100



Config ure Port Range Forwardin g Sett ings{ XE "Config ure Port Range

Forwarding Sett ings" \t " See" }

Port Range Forwarding Settings allow you to configure ports that are to be used for public

services on your network, such as security cameras, web servers, FTP servers, email servers orother specialized Internet applications.

Important:

The gateway normally implements a feature called Port Translation. PortTranslation monitors those ports that are used by your PCs or other devices onyour LAN. This monitoring provides an added level of security beyond what thefirewall provides. However, there are some applications that require the gatewayto use specific ports to connect over the Internet.

Port Range Forwarding continually exposes the selected ports to the publicInternet. This means that the firewall is not active on these ports. The device withthe forwarding IP address can be exposed to hacker attacks while the port range

is being forwarded.

Figure 23. Port Range Forwarding screen


58/100




Port Range Forwarding External Start. Select the first port number from the

recommended 49152 - 65535 range. Keep in mind that portsbeing used are program-specific so check which ones theprogram requires to be forwarded.

External End Select the last port number from therecommended 49152 - 65535 range. Keep in mind that portsbeing used are program-specific so check which ones theprogram requires to be forwarded.

Internal IP Address. Enter the computer ’s IP address to whichthis is to apply.

Internal Start Port. Enter the beginning of the range of portnumbers (internal ports) used by the server or Internetapplication.

Internal End Port. Enter the end of the range of port numbers(internal ports) used by the server or Internet application.

Protocol. Select one of the following network protocols:

TCP

UDP

Both

Enable. Check this box to activate port forwarding for thespecified ports and IP addresses.

Follow these instructions to configure the port range forwarding for application features:

1. From the Application Layer Gateway menu in the toolbar, click the Port RangeForwarding tab.




59/100



Config ure Port Range Triggering Sett ings{ XE "Con figure Port Range

Triggering Sett ings" \t " See" }

Port Range Triggering is a way to automatically forward ports to a LAN PC that needs them at a

specific time. A software application performs an event that triggers the router. The event musthave an outbound access of a particular port range.

Figure 24. Port Range Triggering screen


Port Range Triggering

Triggered Range

Start Port. Enter a beginning port number from therecommended 49152 - 65535 range. Remember that portsbeing used are program-specific so check which ones theprogram requires to be forwarded.

End Port. Enter an ending port number from the recommended49152 - 65535 range. Remember that ports being used areprogram-specific so check which ones the program requires tobe forwarded.


60/100



Forwarded Range Start Port. For the Start port, select a value from therecommended 49152 - 65535 range. Remember that ports beingused are program-specific so check which ones the programrequires to be forwarded.

End Port. For the End port, select a value from therecommended 49152 - 65535 range. Remember that ports beingused are program-specific so check which ones the programrequires to be forwarded.

Protocol. Select one of the following protocols:

TCP

UDP

Both

Enable. Click the Enable checkbox to enable port rangetriggering for the relevant application.

Follow these instructions to configure the port triggering for application features:

1. From the Application Layer Gateway menu in the toolbar, click the Port RangeTriggering tab.




61/100



Config ure DMZ Sett ings { XE " Config ure DMZ Sett ings " \t "See" }

Use this page to configure a Demilitarized Zone (DMZ) host, commonly referred to as an“exposed host.” It is typically used by a company that wants to host its own Internet server. DMZallows one IP address to be placed on the Internet side of the gateway firewall while othersremain protected behind the firewall.

The DMZ allows a device to be directly accessible to Internet traffic, such as a web (HTTP)server, an FTP server, an SMTP (e-mail) server, and a domain name system (DNS) server.

Figure 25. DMZ screen


DMZ DMZ Hosting. Select the Enable radio to activate DMZ hosting.

Select Disable (factory default) to deactivate DMZ hosting.

DMZ Host IP Address. Enter the IP address of the computeryou want to expose to the Internet.

Follow these instructions to configure the DMZ for Application features:

1. From the Application Layer Gateway menu in the toolbar, click the DMZ tab.




62/100


63/100

Configure Administration Settings


Administration Settings{ XE "Configure Administration Settings" \t"See " }

This section provides procedures on how to configure gateway settings, set up report emailalerts, back up and restore configuration files, and how to reboot the device.

Config ure Management Sett ings{ XE "Con figur e Management Sett ings " \t

" See" }

Use the settings on the Administration Management page to allow the administrator tomanage specific functions for access and security.

Figure 26. Administration Management screen


64/100

Configure Administration Settings


Field Description

Internet Connection Type Working Mode. Select one of the following options:

Router Mode. Select this mode to have the gateway configuredas a bridged device. This will disable all router/NAT features inthe device and require all connected

Documents

Cox Business Internet Gateway Guest WiFi Administratior Guide