Technicolor Delivery Technologies Belgium TG590 Broadband Home Router User Manual Setup and User Guide

Technicolor Delivery Technologies Belgium Broadband Home Router Setup and User Guide

Contents

User Manual 1

Banister, Valerie [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.] Setup and User Guide TG590
1 Copyright Copyright © 2010-2011 Technicolor. All rights reserved. Distribution and copying of this document, use and communication of its contents is not permitted without written authorization from Technicolor. The content of this document is furnished for informational use only, may be subject to change without notice, and should not be construed as a commitment by Technicolor. Technicolor assumes no responsibility or liability for any errors or inaccuracies that may appear in this document. Technicolor, 101 W.103rd Street, Indianapolis, IN 46290 http://www.technicolor.com Trademarks • The following trademarks may be used in this document: • DECTM is a trademark of ETSI. • MoCA® is an internationally registered trademark. • Bluetooth® word mark and logos are owned by the Bluetooth SIG, Inc. • EthernetM is a trademark of Xerox Corporation. • Wi-Fi®, WMM® and the Wi-Fi logo are registered trademarks of the Wi-Fi Alliance®. Wi-Fi CERTIFIED, Wi-Fi ZONE, Wi-Fi Protected Access, Wi-Fi Multimedia, Wi-Fi Protected Setup, WPA, WPA2 and their respective logos are trademarks of the Wi-Fi Alliance®. • UPnP AV is a certification mark of the UPnP AV Implementers Corporation. • DLNA® is a registered trademark, DLNA disc logo is a service mark, and DLNA Certified is a trademark of the Digital Living • Network Alliance. Digital Living Network Alliance is a service mark of the Digital Living Network Alliance. • Microsoft®, MS-DOS®, Windows®, Windows NT® and Windows Vista® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. • Apple® and Mac OS® are registered trademarks of Apple Computer, Incorporated, registered in the United States and other countries. • UNIX® is a registered trademark of UNIX System Laboratories, Incorporated. • Adobe®, the Adobe logo, Acrobat and Acrobat Reader are trademarks or registered trademarks of Adobe Systems, Incorporated registered in the United States and/or other countries. • Other brands and product names may be trademarks or registered trademarks of their respective holders. All other logos, trade- marks and service marks are the property of their respective owners, where marked or not. Document Information Status: v0.4 DRAFT (November 2010) Reference: E-DOC-CTC-20101117-0001 Short Title: Setup & User Guide TG590-BHR for Verizon (en)
2 Product Overview Innovation at its Best The TG590 is a MoCA Gigabit Ethernet home/office router and features 4 LAN Gigabit Ethernet ports and Wi-Fi b/g/n wireless LAN interface. It also features a dual Multimedia over Coax Alliance (MoCA®) port for LAN/WAN traffic: as WAN traffic on MoCA® operates on a different frequency than LAN traffic, the single coax connection is split via a band pass filter to differentiate the two types of traffic. The TG590 uses Auto-Sensing to automatically determine the current WAN connection. This makes the TG590 the ideal solution for home and Small Office/Home Office (SOHO) users who not only want speed, but also the flexibility to handle their complex networking needs. Features at a Glance • 1 Gigabit Ethernet WAN port • 1 MoCA port (LAN/WAN) • WAN Port Auto-Sensing • 4 Gigabit Ethernet LAN ports • Wireless networking Wi-Fi b/g/n • Wi-Fi Protected Setup • UPnP A/V and DLNA (Future Release) • 2 USB 2.0 host ports • Remotely manageable Hardware Specifications Interfaces WAN 1 MoCA WAN 1 Ethernet WAN 10/100/1000 Base-T port Interfaces LAN 1 LAN coax port 4-port autosensing 10/100/1000 Base-T auto-MDI/MDI-X Ethernet LAN switch Wi-Fi IEEE 802.11b/g/n 2x2 on board 2 USB 2.0 host ports Dimensions 47 x 128 x 215 mm (1.8 x 5 x 8.5 in.) AC voltage 100-240 VAC (switched mode power supply) Temperature 0° - 40° C (32° - 104° F) Humidity 5% to 100% Documentation and software updates Technicolor continuously develops new solutions, but is also committed to improving its existing products. For more information on Technicolor’s latest technological innovations, documents and software releases, visit us at www.technicolor.com.
3 TABLE OF CONTENTS 1 Introduction 1.0 Contents / Accessories 1.1 Minimum System Requirements 1.2 Features 1.3 Getting to Know the TG590 2 TG590 Setup 2.0 Introduction 2.1 Setting Up the TG590 2.2 Network Configuration 2.3 Configuring the TG590 2.4 Features 2.5 Main Screen 3 Setting Up a Wireless Network 3.0 Introduction 3.1 Overview 3.2 Connecting a Wireless Device 3.3 Wireless Status 3.4 Basic Security Settings 3.5 Advanced Security Settings 3.6 Setting Up a Wireless Device 4 Configuring My Network Settings 4.0 Introduction 4.1 Accessing My Network Settings 4.2 Using My Network Settings
4 5 Using Network Connections 5.0 Introduction 5.1 Accessing Network Connections 5.2 Network (Home/Office) Connection 5.3 Ethernet Connection 5.4 Wireless Access Point Connection 5.5 Coax Connection 5.6 Broadband Ethernet Connection 5.7 Broadband Coax Connection 6 Configuring Security 6.0 Introduction 6.1 Overview 6.2 Firewall 6.3 Access Control 6.4 Port Forwarding 6.5 DMZ Host 6.6 Port Triggering 6.7 Remote Administration 6.8 Static NAT 6.9 Advanced Filtering 6.10 Security Log 7 Parental Controls 7.0 Introduction 7.1 Activating Parental Controls 7.2 Rule Summary
5 8 Configuring Advanced Settings 8.0 Introduction 8.1 Using Advanced Settings 8.2 Utilities 8.3 DNS Settings 8.4 Network Settings 8.5 Configuration Settings 8.6 Time Settings 8.7 Firmware Upgrade (Future Release) 8.8 Routing Settings 9 Monitoring the TG590 9.0 Introduction 9.1 Router Status 9.2 Advanced Status 10 Troubleshooting 10.0 Introduction 10.1 Troubleshooting Tips 10.2 Frequently Asked Questions
6 1 INTRODUCTION In this chapter In a few minutes, you will establish an Internet connection and create a network (home/office) for data and media sharing between multiple devices using the Universal Plug-and-Play support built-in to the TG590. In this chapter, we will take a closer look at following features: Topic Page 1.0 Contents / Accessories 1.1 System Requirements 1.2 Features 1.3 Getting to Know the TG590 Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
7 1 Getting Started 1.0 Contents / Accessories Your box should contain the following items: Item Description Quantity 1 TG590 1 2 LAN Ethernet Cable Yellow (RJ-45;3 meters) 1 3 Power Supply 1 4 Quick Installation Guide 1 5 Wall Mount Drill Template / Safety Guide 1 6 WAN Ethernet Cable White (RJ-45; 2 meters) 1 If one of these items is missing, please call the Help Desk at 800-837-4966. Safety Instruction Please read “Safety Instructions and Regulatory Notices” before you start with the installation of the TG590. 1.1 Minimum System Requirements Applicability The TG590 must be used with the following systems and software: • Computer with Ethernet or Wi-Fi capability • Internet Explorer 5.0 or higher; Netscape Navigator 7.0 or higher • Microsoft Windows 98SE, 2000, XP, Vista, and Windows 7; Mac OS 9 or greater; Unix • TCP/IP network protocol installed on each computer
8 1.2 Features Once the installation of your TG590 is completed you will be able to benefit from all the services offered. This Setup and User Guide will focus on the following features: Multiple networking standards support, including: • MoCA 1.1 for WAN and LAN • Ethernet IEEE 802.3 for WAN and LAN • Wi-Fi 802.11n for LAN Integrated wired networking with 4-port 10/100/1000 Mbps Ethernet switch and MoCA Integrated wireless networking with 802.11n access point featuring: • 802.11n enabled to support speeds up to 130 Mbps Enterprise-level security, including: • Fully modifiable firewall with Stateful Packet Inspection • Content filtering with URL-keyword based filtering, parental control, customizable filtering policies per computer, and E-mail notification Denial of service protection against IP spoofing attacks, intrusion and scanning attacks, IP fragment overlap, ping of death, and fragmentation attacks Event logging Intrusion detection MAC address filtering DMZ hosting Access control Advanced wireless protection featuring WPA, WPA2, WEP 64/128 bit encryption, 802.1x authentication, and MAC address filtering
9 Other options, including: • DHCP server option • DHCP server/PPPoE server auto-detection • DNS server • LAN IP and WAN IP address selection • MAC address cloning • Port forwarding • PPPoE support • QoS support (end to end layer 2/3) featuring Diffserv, 802.1p/q prioritization, configurable upstream/downstream traffic shaping, random early detection and pass-through of WAN-side DSCPs, PHBs, and queuing to LAN-side devices • Static routing • Time zone support • VLAN Multicast support • VPN IPSec (VPN pass-through only)
10 1.3 Getting to Know the TG590 This section introduces you to the different components of the TG590. On the top panel of your TG590, you can find a number of status LEDs, indicating the state of the device. The LEDs that are supported on the top panel are: • Power • WAN Ethernet • WAN Coax • Internet • Four (4) LAN Ethernet LED, One (1) LED per Ethernet LAN port • LAN Coax • USB • Wireless Note: The top panel where the LEDs are located also features an integral WPS button.
11 LED Color State Description Power Green Solid Powered on. Blinking Upgrade ongoing. Do not remove any cables or switch of the TG590 when the TG590 is upgrading. Orange Blinking Starting upgrade mode. Off Not powered. Ethernet WAN Green Solid Ethernet connection to the Verizon Optical Network Terminal (ONT) operational, no activity. Blinking Ethernet connection to the Verizon Optical Network Terminal (ONT) operational, activity. Off No Ethernet connection to the Verizon Optical Network Terminal (ONT). Coax WAN Green Solid/Blinking Connected to the Verizon Optical Network Terminal (ONT) using the Coax port. Off Not connected to the ONT using the Coax port. Internet Green Solid Connected to the Internet, no activity detected. Blinking Connected to the Internet, activity. Amber Solid Failed to connect to the Internet. Off The TG590 is either powered off or starting up. USB Green Solid Failed to connect to the Internet. Off The TG590 is either powered off or starting up. Wireless Green Solid Wireless is enabled on your TG590, no traffic ongoing. Blinking Wireless is enabled on your TG590, traffic ongoing. Off Wireless is disabled on your TG590.
1 Power Port: The Power port connects the TG590 Router to an electrical wall outlet via the Power cord. Power Switch: The Power switch powers the TG590 Router on and off. Reset Button: To restore the TG590 Router’s factory default settings, press and hold the Reset button for approximately five seconds. The reset process will start about ten seconds after releasing the button. When the TG590 Router resets, all the lights on the front panel turn off, and then some of the lights start flashing. The TG590 Router has completed its reset process when the Power light glows steadily green. Caution! Do not unplug the Power cord from the TG590 during the reset process. Doing so may result in the loss of the TG590’s configuration information. If this occurs, reset the TG590 Router again. LAN Ethernet Ports (4): The LAN Ethernet ports connect devices to the TG590 Router via Ethernet cables to create a local area network (LAN). The LAN Ethernet ports are 10/100 Mbps auto-sensing ports, and either a straight-through or crossover Ethernet cable can be used when connecting devices to the ports. WAN Ethernet Port: The WAN Ethernet port connects the TG590 Router to the ISP using an Ethernet cable. USB Port: The USB port provides up to 5 VDC for attached devices (to charge a cell phone, for example). In the future, with a firmware release upgrade, the USB host functionality will be available for devices such as external storage and cameras. Wireless Antenna: The TG590’s wireless antenna is used to transmit a wireless signal to other wireless devices on its wireless network. It is built-in.
2 2 TG590 SETUP In this chapter In this chapter, we will take a closer look at following features: Topic Page 2.0 Connecting the TG590 2.1 Configuring the Network 2.2 Configuring the TG590 2.3 Features 2.4 Main Screen Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
3 2.0 Connecting the TG590 Please refer to Quick Installation Guide.
4 2.1 TG590 Setup There are three major steps to consider when setting up the TG590: 1) Connecting the Cables 2) Configuring the TG590, and 3) Connecting Other Devices Note: If a different router was being used previously, disconnect it. Remove all components, including power supplies and cables; they will not work with the TG590. 2.1a Connecting the Cables 1. Unpack the TG590 and black Power cord from the box. Make sure the power button is off. 2. Plug the black power cord in the black port on the back of the TG590; and then, into a power outlet. 3. Turn the TG590 on. 4. Make sure the power light on the front of the TG590 glows steadily green. Plug the yellow Ethernet cable from the box into one of the four yellow Ethernet ports on the back of the TG590. 5. Make sure the computer is powered on, and then plug the other end of the yellow Ethernet cable into an Ethernet port on the computer. 6. Make sure at least one of the Ethernet LAN lights on the front of the TG590 glows steadily green. This may take a few moments. 7. The phone company previously installed a high-speed wall jack somewhere in the house. Locate it and note its type (Ethernet or coaxial). 8. If Ethernet, follow steps 8a and 8b. Then, continue to step 10. a) If connecting via Ethernet, get the white Ethernet cable from the box plug one end into the white port on the back of the TG590. b) Plug the other end of the white Ethernet cable into the high-speed Ethernet jack. 9. If coaxial, follow steps 9a and 9b. Then, continue to step 10. a) If connecting via coaxial cable, get a coaxial cable and connect one end to the red Coax port on the back of the TG590. b) Connect the other end of the coaxial cable to a coax jack. 10. Make sure the Ethernet WAN light (if connecting via Ethernet) or Coax WAN light (if connecting via coaxial cable) on the front of the TG590 glows steadily green. If connecting via coaxial cable, this may take a few minutes. Note: If the Ethernet WAN light or Coax WAN light does not illuminate, make sure the cable (Ethernet or coaxial) is connected properly at both ends.
5 2.1b Rear Panel The rear panel of the TG590 has seven ports (Reset, Power, LAN Ethernet [4], COAX, and WAN Ethernet), a Power switch, a Reset button, and a wireless antenna. (Listed in order from left to right) Reset Button To restore the TG590’s factory default settings, press and hold the Reset button for approximately five seconds. The reset process will start about ten seconds after releasing the button. When the TG590 resets, all the lights on the front panel turn off, and then some of the lights start flashing. The TG590 has completed its reset process when the Power light glows steadily green. Caution! Do not unplug the Power cord from the TG590 during the reset process. Doing so may result in the loss of the TG590’s configuration information. If this occurs, reset the TG590 again. Coax The Coax port connects the TG590 to the ISP or other devices using a coaxial cable. Power The Power port connects the TG590 to an electrical wall outlet via the Power cord. Power Switch The Power switch powers the TG590 on and off. LAN Ethernet Ports (4) The LAN Ethernet ports connect devices to the TG590 via Ethernet cables to create a local area network (LAN). The LAN Ethernet ports are 10/100 Mbps auto-sensing ports, and either a straight through or crossover Ethernet cable can be used when connecting devices to the ports. WAN Ethernet Port The WAN Ethernet port connects the TG590 to the ISP using an Ethernet cable.
6 2.1c Side Panel USB Port The USB port provides up to 5 VDC for attached devices (to charge a cell phone, for example). In the future, with a firmware release upgrade, the USB host functionality will be available for devices such as external storage and cameras. Wireless Antenna (Built-in) The TG590’s wireless antenna is built-in and used to transmit a wireless signal to other wireless devices on its wireless network.
7 2.2 Computer Network Configuration Each network interface on the computer should either be configured with a statically defined IP address and DNS address, or instructed to automatically obtain an IP address using the DHCP server. The TG590 is set up, by default, with an active DHCP server, and we recommend leaving this setting as is. 2.2a Configuring Dynamic IP Addressing To set up a computer to use dynamic IP addressing: Windows Vista 1. Select Network and Sharing in the Control Panel. 2. Click View Status, then click Properties. 3. Click Continue in the “User Account Control” window. 4. In the “General” tab of the “Local Area Connection Properties” window select Internet Protocol Version 4 (TCP/IPv4), then click Properties. 5. The “Internet Protocol Version 4 (TCP/IPv4) Properties” window appears. 6. Click the “Obtain an IP address automatically” radio button. 7. Click the “Obtain DNS server address automatically” radio button. 8. Click OK in the Internet Protocol Version 4(TCP/IPv4) Properties window, then click OK in the “Local Area Connection Properties” screen to save the settings. Windows XP 1. Select Network Connections in the Control Panel. 2. Right-click Ethernet Local Area Connection, then click Properties. 3. In the “General” tab, select Internet Protocol (TCP/IP), then click Properties. 4. The “Internet Protocol (TCP/IP) Properties” window appears. 5. Click the “Obtain an IP address automatically” radio button. 6. Click the “Obtain DNS server address automatically” radio button. 7. Click OK in the “Internet Protocol (TCP/IP) Properties” screen, then click OK in the “Local Area Connection Properties” screen to save the settings. Windows 98 1. Select Network in the Control Panel. 2. Select the TCP/IP settings for the network card, then click Properties. 3. Click the “Obtain an IP address automatically” radio button in the “IP Address” tab. 4. Click Disable DNS in the DNS configuration tab. 5. Click OK in the “TCP/IP Properties” screen. 6. Click OK in the “Network” screen to reboot and save the settings.
8 Windows NT 1. Click Network in the Control Panel. The “Network” window appears. 2. In the “Protocol” tab, select Internet Protocol (TCP/IP), then click Properties. 3. In the “IP Address” tab, click the “Obtain an IP address automatically” radio button. 4. In the “DNS” tab, verify no DNS server is defined in the “DNS Service Search Order” text box and no suffix is defined in the “Domain Suffix Search Order” text box. Macintosh OS X 1. Click on the Apple icon in the top left corner of the desktop. 2. From the menu that appears, select System Preferences. 3. The “System Preferences” window appears. Click Network. 4. From the “Network” window, make sure “Ethernet” in the list on the left is highlighted and displays “Connected.” 5. Click Assist me. 6. From the tab that appears, click Diagnostics. 7. Follow the instructions in the “Network Diagnostics” assistant.
9 2.3 Configuring the TG590 1. Open a web browser on the computer connected to the TG590. In the “Address” text box, type: http://192.168.1.1, then press Enter on the keyboard. 2. The “Login Setup” screen appears. Select a new password and enter it in the appropriate text boxes (the password must be entered twice, for validation purposes). Write the password down on a piece of paper and keep it in a safe place, since it will be needed to access the TG590 ’s GUI (Graphical User Interface) in the future. 3. In the bottom part of the screen, select the correct time zone from the “Time Zone” drop-down list. Then, click OK at the bottom of the screen. The TG590 is now configured.
10 2.3a Connecting Other Computers/Set Top Boxes The TG590 can connect to other computers/set tops in three ways: 1) Ethernet, 2) wireless connection, or 3) coaxial cable. Ethernet Get an Ethernet cable and plug one end into one of the open yellow Ethernet ports on the back of the TG590. Plug the other end of the Ethernet cable into an Ethernet port on the computer. Make sure the corresponding Ethernet LAN light on the front of the TG590 glows steadily green. Repeat these steps for each computer to be connected to the TG590 via Ethernet. Wireless Make sure each computer to be connected wirelessly has built-in wireless or an attached wireless adapter. Make sure the computer uses the same SSID and WPA2 key as the TG590 by launching the computer’s wireless application Enter the SSID and WPA2 key found on the sticker on the bottom of the TG590 in the computer’s wireless settings and click Save. Make sure to configure the computer to use WPA2 encryption. Make sure the changes were implemented by opening a web browser from the computer. Repeat these steps for every other computer to be connected to the TG590 wirelessly. Coaxial Make sure all set top boxes are turned off. Connect the coax to the set top Power up the set top box. Make sure the Coax LAN light on the front of the TG590 glows steadily green. This may take a few minutes. When it does, the set top box is connected to the TG590 Note: The LED may be green from another set top. If so, check the set top instead.
11 2.4 Main Screen After logging into the TG590’s GUI (see “Configuring the TG590” at the beginning of this chapter), the “Main” screen appears. The Main screen has a menu occupying the top of the screen with the following: Wireless Settings, My Network, Firewall Settings, Parental Control, Advanced, and System Monitoring. Below that, the screen is divided into three columns: “My Router”, “My Network,” and “Action Zone.”
12 2.4a Menu The Main screen’s menu contains links to all of the configuration options of the TG590: • Wireless Setup (chapter 3) • My Network (chapter 4) • Firewall Settings (chapter 6) • Parental Controls (chapter 7) • Advanced (chapter 8) • System Monitoring (chapter ?) 2.4b My Router This section displays the status of the TG590’s network and Internet connection. A green light signifies the TG590 is connected; a yellow light means the TG590 is attempting to connect; and a red light signifies the TG590 ’s connection is down. Broadband Connection The “Broadband Connection” section of the My column displays the state of the TG590 ’s broadband connection (“Connected” or “Disconnected”) for the two connection options (“Coax Status” and “Ethernet Status”), and the WAN IP address of the broadband connection. Quick Links The “Quick Links” section of the My column contains a list of frequently accessed settings, including “Change Wireless Settings,”“Change Login User Name & Password,”“Enable Gaming,” and “Logout.” 2.4c My Network The “My Network” column of the Main screen displays the connection type, name, and IP address of all devices connected to the TG590’s network. The icon associated with the device will be displayed normally (signifying an active device) or shaded (signifying the device has not been active for at least 60 seconds). The user can also configure the basic settings of each device by clicking on its icon. These settings are described in more detail in chapter 3.
13 3 WIRELESS SETTINGS In this chapter With the built-in wireless access point you no longer need a cable connection between your computer and your TG590. Wireless networking allows you to connect two or more devices without the wires, making your devices more accessible and simple to use. This chapter explains how to create a wireless network using the TG590, including accessing and configuring wireless security options. In this chapter, we will take a closer look at following features: Topic Page 3.1 Overview 3.2 Connecting a Wireless Device 3.3 Wireless Status 3.4 Basic Security Settings 3.5 Advanced Security Settings Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
14 3.1 Overview The TG590 provides the user with wireless connectivity over the 802.11b, g, and n standards (the most common wireless standards). 802.11b has a maximum data rate of 11 Mbps, while 802.11g has a maximum data rate of 54 Mbps, and 802.11n has a maximum data rate of 130 Mbps. All operate in the 2.4 GHz range. The TG590’s wireless feature is turned on, with wireless security activated, by default. The level of security is WPA2 with a unique WPA2 key already entered. This information is displayed on a sticker located on the bottom of the TG590. The TG590 integrates multiple layers of security. These include the IEEE 802.1x port-based authentication protocol, RADIUS client, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-PEAP, Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and firewall and VPN applications. 3.2 Connecting a Wireless Client To connect a wireless client to the TG590: Note: The following procedure assumes the TG590’s default wireless settings are intact. If they have been changed, use the new SSID and wireless security settings. For more details, see the “Connecting a Wireless Windows XP Client” section of this chapter. 1. In the wireless client’s configuration interface, enter the TG590’s SSID (found on a sticker on the bottom of the TG590 ’s case) in the appropriate text box or field (this varies depending on the wireless client’s manufacturer). 2. Enter the TG590’s WPA2 key (also found on the sticker on the bottom of the TG590’s case) in the wireless client’s configuration interface. 3. Save the changes and exit the wireless client’s configuration interface. The client should now detect and join the TG590’s wireless network. If not, check the wireless client’s documentation, or contact its manufacturer.
15 3.3 Wireless Status Clicking on the “Wireless Settings” icon from the Main screen’s menu generates the “Wireless Status” screen, which displays the current status of the wireless connection. 3.3a Radio Enabled Displays whether the TG590’s wireless radio is active. 3.3b SSID The SSID (Service Set Identifier) is the network name shared among all devices on a particular wireless network. The SSID must be identical for all devices on the wireless network. It is case-sensitive and cannot exceed 32 characters. Make sure the SSID is the same for all devices to be connected to the wireless network. The TG590 comes from the factory with an SSID already entered and displayed. The default SSID can also be found on a sticker on the bottom of the TG590. 3.3c Channel Displays the channel to which the wireless connection is currently set. All devices on the wireless network
16 must be on the same channel to function correctly. 3.3d Security Enabled Displays what kind of security is active on the wireless connection, and the security encryption key. 3.3e SSID Broadcast Displays whether the TG590 is broadcasting its SSID. If activated, the SSID of the TG590’s wireless network is broadcast wirelessly. 3.3f MAC Authentication Displays whether the TG590 is using MAC (Media Access Control) address authentication to allow wireless devices to join the network. 3.3g Wireless Mode Displays the types of wireless device that can join the network. Options include 802.11b, 802.11g, 802.11n or Mixed (allows both 802.11b- 802.11g- and 802.11n- equipped wireless devices to join the network). 3.3h Packets Received/Sent Displays the number of packets received and sent since the TG590’s wireless capability was activated.
17 3.4 Basic Security Settings To configure the TG590’s wireless network for basic security, select “Basic Security Settings” from the menu on the left side of any Wireless Settings screen. The “Basic Security Settings” screen appears. 1) Click the “On” radio button to activate the TG590’s wireless radio. 2) Enter the name of the wireless network in the “SSID” text box (the SSID name in the figure above is an example; enter a different name for the SSID). 3) The channel at which the TG590’s wireless radio communicates is automatically selected. Note: If it needs to be changed, please select from the “Channel” drop-down list. 4) Click the “WEP” radio button to activate WEP (Wired Equivalent Privacy) security on the wireless network to add devices unable to support WPA2 security. 5) Write down or print the screen displaying the wireless settings on the screen. Other wireless devices wishing to join the TG590 ’s wireless network must use these same settings to access the TG590 network. 6) Click Apply to save the settings.
18 4 MY NETWORK CONFIGURATION In this chapter In this chapter, we will take a closer look at following features: Topic Page 4.0 Accessing My Network Settings 4.1 Network Status 4.2 Network Connections Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
19
20 5 NETWORK CONNECTIONS In this chapter In this chapter, we will take a closer look at following features: Topic Page 5.1 Accessing Network Connections 5.2 Network (Home/Office) Connection 5.3 Ethernet Connection 5.4 Wireless Access Point Connection 5.5 Coax Connection 5.6 Broadband Ethernet Connection 5.7 Broadband Coax Connection Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
21 5.1 Accessing Network Connections Caution: The settings covered in this chapter should be configured by experienced network technicians only. To access the TG590’s network connections, in the “My Network” screen: Click Network Connections from the menu on the left side. The “Network Connections” screen appears. Click Advanced to expand the screen and display all connection entries. Note: To return to the Basic view, click on Basic. To select a connection, click on its name.
22 The remainder of this chapter describes the various network connections available on the TG590. 5.2 Network (Home/Office) Connection Select Network (Home/Office) in the Network Connections screen to generate the “Network (Home/Office) Properties” screen. This screen displays a list of the local network’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box). Note: When a network is disabled, its formerly underlying devices will not be able to get the DHCP address from the network interface to which they were connected. Using Network Connections The Network (Home/Office) connection is used to combine several network devices under one virtual network. For example, a home/office network can be created for Ethernet and other network devices. 5.2a Configuring the Home/Office Network Click Settings in the “Network (Home/Office) Properties” screen to generate the “Configure Network (Home/Office)” screen. General The top part of the Configure Network (Home/Office) screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the network. “When should this rule occur? Displays when the rule is active. To schedule rules, see the “Advanced Settings” chapter. Network Select the type of connection being configured from the drop-down list (options: Broadband Connection, Network [Home/Office], or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic” sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually. Internet Protocol This section has three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection will have no IP address. This is useful if the connection operates under a bridge.
23 Obtain an IP Address Automatically Select this option if the network connection is required by the ISP to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by entering another subnet mask address. Use the Following IP Address Select this option if the network connection uses a permanent (static) IP address, then the IP address and subnet mask address. Bridge The “Bridge” section of the Configure Network (Home/Office) screen is used to specify which networks can join the network bridge. Verizon does not support using the TG590 Router in Bridge mode. Using Bridge mode may cause problems with the TG590 Router, including the complete disabling of all video services used with the TG590 Router. Status The “Status” column displays the connection status of a particular device. STP Click in the device’s “STP” check box to enable Spanning Tree Protocol on the device. This protocol provides path redundancy while preventing undesirable loops in the network. Action The “Action” column contains an icon that, when clicked, generates the configuration screen of the particular device. DNS Server Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. Specify such an address manually, according to the information provided by the ISP. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary. IP Address Distribution The “IP Address Distribution” section of the Configure Network (Home/Office) screen is used to configure the TG590 Router’s Dynamic Host Configuration Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as “DHCP Clients.” There are three options in this section: Disabled, DHCP Server, and DHCP Relay. Disabled Select this option if statically assigning IP addresses to the network devices. DHCP Server To set up the network bridge to function as a DHCP server: 1. Select DHCP Server. 2. Enter the IP address at which the TG590 Router starts issuing addresses in the “Start IP Address” text boxes. Since the TG590 Router’s default IP address is 192.168.1.1, the Start IP Address should be 192.168.1.2. 3. Enter the end of the IP address range used to automatically issue IP addresses in the “End IP Address” text boxes. The “maximum” IP address that can be entered here is 192.168.1.254. 4. Enter the subnet mask address in the “Subnet Mask” text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. If Windows Internet Naming Service (WINS) is being used, 5. enter the WINS server address in the “WINS
24 Server” text boxes. 6. Enter the amount of time a network device will be allowed to connect to the TG590 Router with its currently issued dynamic IP address in the “Lease Time in Minutes” text box. 7. Click in the “Provide Host Name If Not Specified by Client” check box to have the TG590 Router automatically assign network devices with a host name, in case a host name is not provided by the user. DHCP Relay Select this option to have the TG590 Router function as a DHCP relay, and enter the IP address in the screen that appears. Routing The TG590 Router can be configured to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, while static routing specifies a fixed routing path to neighboring destinations. There are two options in the “Routing” section of the Configure Network (Home/Office) screen: Basic or Advanced. Basic Select this option for basic routing operation. Advanced To set up the TG590 Router’s network bridge for advanced routing: 1. Select Advanced from the “Routing” drop-down menu. 2. Enter a device metric in the “Device Metric” text box. The device metric is a value used by the TG590 Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time. 3. Click in the “Default Route” check box to define this device as a default route. 4. Click in the “Multicast - IGMP Proxy Internal” check box to activate multicasting. Routing Table Clicking New Route generates the “New Route” window, where a new route can be configured. Additional IP Addresses Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the TG590 Router via the Network (Home/Office) connection. 5.3 Ethernet Connection An Ethernet connection connects computers to the TG590 Router using Ethernet cables, either directly or via network hubs and switches. Click Ethernet in the Network Connections screen (if needed, click Advanced at the bottom of the screen to reveal the “Ethernet” link below “Network [Home/Office]”) to generate the “Ethernet Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box).
25 Note: If disabling the connection, the TG590 Router must be rebooted for the change to take effect. 5.3a Configuring the Ethernet Connection Click Settings at the bottom-right of the Ethernet Properties screen to generate the “Configure Ethernet” screen. General The top part of the Configure Ethernet screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the Ethernet switch. When should this rule occur? Displays when the rule is active. To schedule rules, see the “Advanced Settings” chapter. Network Select the type of connection being configured from the drop-down list (Network [Home/Office], Broadband Connection, or DMZ). Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic” sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually. Additional IP Addresses Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the TG590 Router via the Ethernet connection. HW Switch Ports This section displays the connection status of the TG590 Router’s four Ethernet ports. Clicking on a connection’s “Action” icon (in the column on the right) generates the “Port VLANs” screen, where ingress and egress policies can be edited.
26 5.4 Coax Connection A Coax connection connects devices (such as set-top boxes) to the TG590 Router using a coaxial cable. Click Coax in the Network Connections screen (if needed, click Advanced at the bottom of the screen to reveal the “Coax” link below “Network [Home/Office]”) to generate the “Coax Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Name” text box). Note: If disabling the connection, the TG590 Router must be rebooted for the change to take effect. 5.4a Configure Coax Click Settings at the bottom-right of the Coax Properties screen generates the “Configure Coax” screen. General The top part of the Configure Coax screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the status of the coax connection. When should this rule occur? Displays when the rule is active. To schedule rules, see the “Advanced Settings” chapter Network Displays the type of network. Connection Type Displays the type of connection. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic” sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually. Coax Link Set up the coax link options in this section of the Configure Coax screen. Options include Channel, Privacy, and Password. Channel Select the Channel from the drop-down list (select from 1-6, or “Automatic”). Privacy Toggle “Privacy” by clicking in the “Enabled” check box. If Privacy is activated, all devices connected via coaxial cable must use the same password. We recommend leaving the Privacy option deactivated. Password Enter the Coax Link password in this text box. Additional IP Addresses Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the TG590 Router via the
27 Coax Link Ethernet connection. Coax Connection Status Click Go to LAN Coax Stats to generate the “Coax Connection Status” screen, which gives an overview of all the devices connected to the TG590 Router via coaxial cable. 5.5 Broadband Ethernet Connection A Broadband Ethernet connection connects the TG590 Router to the Internet using an Ethernet cable. Click Broadband Connection (Ethernet) from the Network Connections screen to generate the “Broadband Connection (Ethernet) Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Rule Name” text box). Note: If disabling the connection, the TG590 Router must be rebooted for the change to take effect. 5.5a Configuring the Broadband Ethernet Connection Click Settings at the bottom-right of the Broadband Connection (Ethernet) Properties window to generate the “Configure Broadband Connection (Ethernet)” screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless you are familiar with networking concepts. Status Displays the status of the Ethernet connection (“Down,” “Connected,” etc.) Schedule Displays when the rule is active. To configure rules, see the “Advanced Settings” chapter. Network Select the type of connection being configured from the drop-down list (options: Network [Home/Office], Broadband Connection, or DMZ). Connection Type Displays the type of connection. Since this is an Ethernet Connection, “Ethernet” is displayed. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic, sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the
28 DHCP connection, and “Manual,” which allows the MTU to be set manually. Internet Protocol This section includes three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection has no IP address. This is useful if the connection is operating under a bridge. Obtain an IP Address Automatically Select this option if the ISP requires the connection to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by clicking in the “Override Subnet Mask” check box and entering another subnet mask address. Additionally, the DHCP lease can be renewed and/or released by clicking on the appropriate “DHCP Lease” button. The “Expires In” value displays how long until the DHCP lease expires. Use the Following IP Address Select this option if the connection uses a permanent (static) IP address. The ISP should provide this address, along with a subnet mask address, default gateway address, and, optionally, primary and secondary DNS server addresses. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. This connection can be configured to automatically obtain a DNS server address, or an address can be specified manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the “DNS Server” drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary. IP Address Distribution The “IP Address Distribution” section of the Configure Broadband Connection (Ethernet) screen is used to configure the TG590 Router’s Dynamic Host Configuration Protocol (DHCP) server parameters. DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as “DHCP Clients.” There are three options in this section: Disabled, DHCP Server, and DHCP Relay. Caution! We strongly recommend leaving this setting at “Disabled.” Disabled Select this option if statically assigning IP addresses to the network devices.
29 DHCP Server To set up the TG590 Router to function as a DHCP server: 1) Select DHCP Server. 2) Enter the IP address at which the TG590 Router starts issuing addresses in the “Start IP Address” text boxes. Since the TG590 Router’s default IP address is 192.168.1.1, the Start IP Address must be 192.168.1.2 or higher. 3) Enter the end of the IP address range used to automatically issue IP addresses in the “End IP Address” text boxes. 4) Enter the subnet mask address in the “Subnet Mask” text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. 5) If a Windows Internet Naming Service (WINS) is being used, enter the WINS server address in the “WINS Server” text boxes. 6) Enter the amount of time a network device will be allowed to connect to the TG590 Router with its currently issued dynamic IP address in the “Lease Time in Minutes” text box. Just before the time is up, the device’s user will need to make a request to extend the lease or get a new IP address. 7) Click in the “Provide Host Name If Not Specified by Client” check box to have the TG590 Router automatically assign network devices with a host name, in case a host name is not provided by the user. Additionally, to add a new product or product family, click New IP Range in the “Vendor Class ID” column below “IP Address Distribution According to DHCP Option 60 (Vendor Class Identifier).” This generates the “DHCP Server Pool Settings” screen. Set the device name, IP range, and priority level in the appropriate text boxes, then click Apply. DHCP Relay Select this option to have the TG590 Router function as a DHCP relay. To enter a new IP address for the relay, click New IP Address. The “DHCP Relay Server Address” screen appears. Enter the new IP address in the appropriate text boxes, then click Apply. Routing The TG590 Router can be configured to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, while static routing specifies a fixed routing path to neighboring destinations. There are two options in the “Routing” section of the “Configure Broadband Connection (Ethernet)” screen: Basic or Advanced.
30 Basic Select this option for basic routing operation. Advanced To set up the TG590 Router’s Broadband Ethernet connection for advanced routing: 1) Select Advanced from the Routing drop-down menu. 2) Enter a device metric in the “Device Metric” text box. The device metric is a value used by the TG590 Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time. 3) Click in the “Default Route” check box to define this device as a the default route. 4) Click in the “Multicast - IGMP Proxy Internal” check box to activate multicasting. Multicasting enables the TG590 Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the TG590 Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Routing Table Clicking New Route generates the “New Route” window, where a new route can be configured. Internet Connection Firewall Click in the “Enabled” check box to activate the TG590 Router’s firewall on the connection. Additional IP Addresses Clicking New IP Address generates the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the TG590 Router via the connection.
31 5.6 Coax Broadband Connection A Coax Broadband connection connects the TG590 Router to the Internet using a coaxial cable. Click Broadband Connection (Coax) in the Network Connections screen to generate the “Broadband Connection (Coax) Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Name” text box). Note: If disabling the connection, the TG590 Router must be rebooted for the change to take effect. 5.6a Configuring the Coax Broadband Connection Click Settings at the bottom of the Broadband Connection (Coax) Properties screen to generate the “Configure Broadband Connection (Coax)” screen. General The top part of the screen displays general communication parameters. We recommend not changing the default values in this section unless you are familiar with networking concepts. Status Displays the status of the connection (“Down,” “Connected,” etc.). When should this rule occur? Displays when the rule is active. To schedule rules, see the “Advanced Settings” chapter. Network Displays the type of network to which the link is connected. Since this is a broadband connection (connected to the Internet), “Broadband Connection” is displayed. Connection Type Displays the type of connection. Since this is a coaxial connection, “Coax” is displayed. Physical Address Displays the physical address of the network card used for the network. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic” sets the MTU at 1500. Other choices include “Automatic by DHCP,” which sets the MTU according to the DHCP connection, and “Manual,” which allows the MTU to be set manually. Coax Link Check and configure the coax link connection in this section of the screen. Channel Displays the channel frequency range of the coaxial connection. This setting is not user configurable; it is for information only. Privacy Toggle “Privacy” by clicking in the “Enabled” check box. If Privacy is activated, all devices connected via coaxial cable must use the same password. We recommend leaving the Privacy option deactivated. Auto Detection Select whether you want the TG590 to automatically detect a coaxial link here. Password Enter the Coax Link password here.
32 CM Ratio Select the CM Ratio from the drop-down menu here. WAN Coax Connection Speeds This section displays the TG590 Router’s Tx and Rx speeds (in Mbps). Internet Protocol This section includes three options: No IP Address, Obtain an IP Address Automatically, and Use the Following IP Address. No IP Address Select this option if the connection has no IP address. This is useful when the connection is operating under a bridge. Obtain an IP Address Automatically Select this option if the ISP requires the connection to obtain an IP address automatically. The server assigning the IP address also assigns a subnet mask address, which can be overridden by clicking in the “Override Subnet Mask” check box and entering another subnet mask address. Additionally, the DHCP lease can be renewed and/or released by clicking on the appropriate “DHCP Lease” button. The “Expires In” value displays how long until the DHCP lease expires. Use the Following IP Address Select if the WAN connection is configured using a permanent (static) IP address. The ISP should provide this address, along with a subnet mask address, default gateway address, and, optionally, primary and secondary DNS server addresses. DHCP Lease Renew or release the current DHCP lease by clicking on the appropriate button. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The connection can be set to automatically obtain a DNS server address, or an address can be set manually, according to information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the “DNS Server” drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses. Specify up to two different DNS server addresses, one primary, the other secondary.
33 IP Address Distribution The “IP Address Distribution” section of the Configure Broadband Connection (Coax) screen allows the user to configure the TG590 Router’s Dynamic Host Configuration Protocol (DHCP) server parameters. The DHCP automatically assigns IP addresses to network devices. If enabled, make sure to configure the network devices as “DHCP Clients.” There are three options in this section: Disabled, DHCP Server, and DHCP Relay. Caution! We strongly recommend leaving this setting at “Disabled”. Disabled Select this option if statically assigning IP addresses to the network devices. DHCP Server To set up the Broadband Connection (Coax) to function as a DHCP server: 1. Select DHCP Server. 2. Enter the IP address at which the TG590 Router starts issuing addresses in the “Start IP Address” text boxes. Since the TG590 Router’s default IP address is 192.168.1.1, the Start IP Address must be 192.168.1.2. 3. Enter the end of the IP address range used to automatically issue IP addresses in the “End IP Address” text boxes. 4. Enter the subnet mask address in the “Subnet Mask” text boxes. The subnet mask determines which portion of a destination LAN IP address is the network portion, and which portion is the host portion. 5. If a Windows Internet Naming Service (WINS) is being used, enter the WINS server address in the “WINS Server” text boxes. 6. Enter the amount of time a network device will be allowed to connect to the TG590 Router with its currently issued dynamic IP address in the “Lease Time in Minutes” text box. Just before the time is up, the device’s user will need to make a request to extend the lease or get a new IP address. 7. Click in the “Provide Host Name If Not Specified by Client” check box to have the TG590 Router automatically assign network devices with a host name, in case a host name is not provided by the user. DHCP Relay Select this option to have the TG590 Router function as a DHCP relay, and enter the IP address in the screen that appears.
34
35 Routing The TG590 can be configured to use dynamic routing. Dynamic routing automatically adjusts how packets travel on the network. There are two options in the “Routing” section of the Configure Broadband Connection (Coax) screen:
36 Basic or Advanced. WARNING! Do not use static routing unless instructed to do so by your ISP. Basic Select this option for basic routing operation. Advanced To set up the TG590 Router’s Coax broadband connection for advanced routing: 1. Select Advanced from the Routing drop-down list. 2. Enter a device metric in the “Device Metric” text box. The device metric is a value used by the TG590 Router to determine whether one route is superior to another, considering parameters such as bandwidth and delay time. 3. Click in the “Default Route” check box to define this device as the default route. 4. Click in the “Multicast - IGMP Proxy Internal” check box to activate multicasting. Multicasting enables the TG590 Router to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the TG590 Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups. Internet Connection Firewall Enable or disable the firewall for this interface. It is recommended to keep the firewall enabled for all of the TG590 Router’s connection interfaces. Additional IP Addresses Click New IP Address to generate the “Additional IP Address Settings” screen, where additional IP addresses can be created to access the TG590 Router via the connection.
37 5.7 WAN PPPoE Connection WAN Point-to-Point Protocol over Ethernet (PPPoE) relies on two widely accepted standards: Point-to-Point Protocol and Ethernet. PPPoE enables Ethernet networked computers to exchange information with computers on the Internet. PPPoE supports the protocol layers and authentication widely used in PPP and enables a point-to-point connection to be established in the normally multipoint architecture of Ethernet. A discovery process in PPPoE determines the Ethernet MAC address of the remote device in order to establish a session. Click WAN PPPoE in the Network Connections screen to generate the “WAN PPPoE Properties” screen. This screen displays a list of the connection’s properties. The only modifications that can be made from this screen are disabling the connection (by clicking Disable) or renaming the connection (by entering a new name in the “Name” text box).
38 5.7a Configuring the WAN PPPoE Connection Click Settings in the WAN PPPoE Properties screen to generate the “Configure WAN PPPoE” screen. General The top part of the Configure WAN PPPoE screen displays general communication parameters. We recommend not changing the default values in this section unless familiar with networking concepts. Status Displays the connection status of the WAN PPPoE connection. (“Down,” “Disabled,” “Connected,” etc.) When should this rule occur? Displays when the rule is active. To schedule rules, see “Advanced Settings” chapter. Network Select the type of connection being configured from the drop-down list (Broadband Connection, Network (Home/Office), or DMZ). Connection Type Displays the type of connection. Since this is PPPoE connection, “PPPoE” is displayed. MTU MTU (Maximum Transmission Unit) specifies the largest packet size permitted for Internet transmission. “Automatic, sets the MTU at 1492. Other choices include “Automatic,” which sets the MTU according to the connection to the ISP, and “Manual,” which allows the MTU to be set manually. Underlying Connection Specify the underlying connection above which the protocol initiates from the drop-down list, which displays all possible underlying devices. PPP Configuration Point-to-Point Protocol (PPP) is the most popular method for transporting packets between the user and the ISP. Service Name Specify the networking peer’s service name, if provided by the ISP, in this text box. On-Demand To use PPP on demand to initiate the point-to-point protocol session only when packets are actually sent over the Internet, click in this check box. This option should be active on a limited basis Idle Time Before Hanging Up Enter the amount of idle time, in minutes, before the PPP session automatically ends. Time Between Reconnect Attempts In this text box, specify the duration between PPP reconnect attempts, as provided by the ISP. PPP Authentication Point-to-Point Protocol (PPP) currently supports four authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP versions 1 and 2. Select the authentication protocols the TG590 Router may use when negotiating with a PPTP server in this section. Select all the protocols if no information is available about the server’s authentication methods. Note that encryption is performed only if Microsoft CHAP, Microsoft CHAP version 2, or both are selected. Warning! The PPP Authentication settings should not be changed unless instructed to do so by your ISP.
39 Login User Name Enter the user name (provided by the ISP) in this text box. Login Password Enter the password (provided by the ISP) in this text box. Support Unencrypted Password (PAP) Password Authentication Protocol (PAP) is a simple, plain-text authentication scheme. The user name and password are requested by the networking peer in plain-text. PAP, however, is not a secure authentication protocol. Man-in-the-middle attacks can easily determine the remote access client’s password. PAP offers no protection against replay attacks, remote client impersonation, or remote server impersonation. Support Challenge Handshake Authentication (CHAP) Click in this check box to activate CHAP, a challenge-response authentication protocol that uses MD5 to hash the response to a challenge. CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt. Support Microsoft CHAP Click in this check box if communicating with a peer that uses Microsoft CHAP authentication protocol. Support Microsoft CHAP Version 2 Select this check box if communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol. PPP Compression The PPP Compression Control Protocol (CCP) is responsible for configuring, enabling, and disabling data compression algorithms on both ends of the point-to-point link. It is also used to signal a failure of the compression/decompression mechanism in a reliable manner. For each compression algorithm (BSD and Deflate), select one of the following from the drop-down list: Reject Selecting this option rejects PPP connections with peers that use the compression algorithm. If Reject is activated, throughput may diminish. Allow Selecting this option allows PPP connections with peers that use the compression algorithm. Require Selecting this option insures a connection with a peer using the compression algorithm. Internet Protocol Select one of the following Internet Protocol options from the “Internet Protocol” drop-down list: Obtain an IP Address Automatically This option is selected by default. Change only if required by the ISP. The server that assigns the TG590 Router with an IP address also assigns a subnet mask. Override the dynamically assigned subnet mask by selecting the “Override Subnet Mask” and entering a different subnet mask. Use the Following IP Address Select this option to configure the TG590 to use a permanent (static) IP address. The ISP should provide this address. DNS Server The Domain Name System (DNS) is the method by which website or domain names are translated into IP addresses. The TG590 Router can be configured to automatically obtain a DNS server address, or the address
40 can be entered manually, according to the information provided by the ISP. To configure the connection to automatically obtain a DNS server address, select Obtain DNS Server Address Automatically from the “DNS Server” drop-down list. To manually configure DNS server addresses, select Use the Following DNS Server Addresses from the “DNS Server” drop-down list. Up to two different DNS server addresses can be entered (Primary and Secondary). Routing Select Advanced or Basic from the “Routing” drop-down list. If Advanced is selected, additional options appear, as listed below. Routing Mode Select one of the following three Routing modes: • Route - This option causes the TG590 Router to act as a router between two networks. • NAT - This option activates Network Address Translation (NAT), which translates IP addresses to a valid, public address on the Internet. NAT adds security, since the IP addresses of the devices on the network are not transmitted publicly. In addition, NAT allows many addresses to exist behind a single valid address. Use the NAT routing mode only if the local network consists of a single device, or collisions may occur if more than one device attempts to communicate using the same port. NAPT -This option activates NAPT (Network Address and Port Translation), which refers to network address translation involving the mapping of port numbers and allows multiple machines to share a single IP address. Use NAPT if the local network contains multiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the TG590 Router to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default Route Click in this check box to make the connection the default route. Multicast - IGMP Proxy Default Click in this check box to enable the TG590 to issue IGMP (Internet Group Management Protocol) host messages on behalf of hosts the TG590 Router discovers through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of local network devices asking to join multicast groups.
41 Routing Table Clicking New Route generates the “New Route” screen, where a new route can be configured. Internet Connection Firewall Click in the “Enabled” check box to activate the TG590 Router’s firewall on the WAN PPPoE connection.
42 6 SECURITY SETTINGS In this chapter In this chapter, we will take a closer look at following features: Topic Page 6.0 Firewall 6.1 Access Control 6.2 Port Forwarding 6.3 DMZ Host 6.4 Port Triggering 6.5 Static NAT (Future Release) 6.6 Advanced Filtering 6.7 Security Log Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
43 6.0 Firewall The firewall is the foundation of the TG590 ’s security suite, and it has been tailor-made to meet the need of the residential/office network user and is configured to give the best protection and flexibility to users using interactive applications, such as Internet gaming and video conferencing. The firewall controls the flow of data between the local network and the Internet. Both incoming and outgoing data are inspected and then either accepted (allowed) or rejected (barred) from passing through the TG590 according to a set of rules. The rules are calculated to stop unwanted intrusions from the outside, while allowing local network users access to required Internet services. The TG590 features three pre-defined firewall security levels: Maximum, Typical, and Minimum. The table below summarizes the behavior of the TG590 for each of the three security levels. Security Level Internet requests (incoming traffic) Local network requests (outgoing traffic) Maximum Security Blocked - No access to local network from Internet, except as configured in the Port Forwarding, DMZ host, and Remote Access screens. Limited - Only commonly used services, such as web browsing and email, are permitted. Typical Security Blocked - No access to local network from Internet, except as configured in the Port Forwarding, DMZ host, and Remote Access screens. Unrestricted - All services are permitted, except as configured in the Access Control screen. Minimum Security Unrestricted - Permits full access from Internet to local network; all connection attempts permitted. Unrestricted - All services are permitted, except as configured in the Access Control screen. These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP.
44 To configure the TG590’s firewall security settings: 1. From the General screen, select a security level by clicking the appropriate radio button. Using the Minimum Security setting may expose the local network to significant security risks, and thus should only be used for short periods of time. 2. Check the “Block IP Fragments” box to protect the local network from a common type of hacker attack that uses fragmented data packets to sabotage the network. Note that VPN over IPSec and some UDP-based services make legitimate use of IP fragments. IP fragments must be allowed to pass into the local network to use these services. 3. Click Apply to save changes.
45 6.1 Access Control Access control is used to block specific computers within the local network (or even the whole network) from accessing certain services on the Internet. For example, one computer can be prohibited from surfing the Internet, another computer from transferring files using FTP, and the whole network from receiving incoming email. Access control defines restrictions on the types of requests that can pass from the local network out to the Internet, and thus may block traffic flowing in both directions. In the email example given above, computers in the local network can be prevented from receiving email by blocking their outgoing requests to POP3 servers on the Internet. Access control also incorporates a list of preset services in the form of applications and common port settings. 6.1a Allow or Restrict Services To view and allow/restrict these services: 1. Select Access Control from the left side of any Security screen. The “Access Control” screen appears. Note: The “Allowed” section is only visible when the firewall is set to “Maximum.” 2. Click Add. The “Add Access Control Rule” screen appears. Note: To block a service, click Add in the “Blocked” section of the Access Control screen. To allow outgoing traffic, click Add in the “Allowed” section of the screen.
46 3. If this access control rule applies to all networked devices, select Any from the “Networked Computer/Device” list box. If this rule applies to certain devices only, select User Defined and click Add. Then, create and add a network object (for more details about adding network objects, see the “Advanced Connection” chapter of this manual). 4. Select the Internet protocol to be allowed or blocked from the “Protocol” drop-down list. 5. If the rule will be active all the time, select Always from the “When should this rule occur?” drop-down list. If the rule will only be active at certain times, select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Connection” chapter of this manual). 6. Click Apply to save the changes. The Access Control screen will display a summary of the new access control rule. Note: To block a service not included in the list, select User Defined from the Protocol drop-down menu. The “Edit Service” screen appears. Define the service, then click OK. The service will then be automatically added to the top section of the “Add Access Control Rule” screen, and will be selectable. An access control can be disabled and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available temporarily, with the expectation that the restriction will be reinstated later. To temporarily disable an access control, clear the check box next to the service name. To reinstate the restriction at a later time, select the check box next to the service name. To remove an access restriction from the Access Control table, click Remove for the service. The service will be removed from the Access Control table.
47 6.2 Port Forwarding In its default state, the TG590 blocks all external users from connecting to or communicating with the network, making it safe from hackers who may try to intrude on the network and damage it. However, the network can be exposed to the Internet in certain limited and controlled ways to enable some applications to work from the local network (game, voice, and chat applications, for example) and to enable Internet access to servers in the network. Port forwarding (sometimes referred to as local servers) supports both of these functions. To grant Internet users access to servers inside the local network, each service provided, as well as the computer providing it, must be identified. To do this: 1) Select Port Forwarding from the left side of any Security screen. The “Port Forwarding” screen appears. 2) Click Add. The “Add Port Forwarding Rule” screen appears. 3) Enter the host name (from the drop-down list) or local IP address of the computer providing the service in the “Local Host” text box. Note that only one local network computer can be assigned to provide a specific service or application. 4) Select the Internet protocol to be provided from the “Protocol” drop-down list. Depending on the protocol selected, additional options appear in the screen. 5) Select the connection with which this port forwarding rule will be active from the “WAN Connection Type” drop-down list. 6) To select a port to forward communications to (this is optional), select “Specify” from the “Forward to Port” drop-down list, then, in the text box that appears, enter the port number. If no port is identified, select “Same as Incoming Port.” If this port will be active all the time, select “Always” from the “When should this rule occur?” drop-down list. If the rule will only be active at certain times, select “Specify Schedule” and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Connection” chapter of this manual). 8. Click Apply to save the changes. How many computers can use a service or play a game simultaneously? The answer may be a bit confusing. All the computers on the network can behave as clients and use a specific service simultaneously. Being a client means the computer within the network initiates the connection; for example, a computer on the network can open an FTP connection with an FTP server on the Internet. But only one computer on the network can operate as a server and respond to requests from computers on the Internet (outside the local
48 network). 6.3 DMZ Host The DMZ (De-Militarized Zone) host feature allows one device on the network to operate outside the firewall. Designate a DMZ host: • To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available. • To expose one computer to all services without restriction or security. Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security implications and protect it if necessary. To designate a local computer as a DMZ host: 1. Select DMZ Host from the left side of the Firewall Settings screen . The “DMZ Host” screen appears.
49 2. Click in the “DMZ Host IP Address” check box, then enter the IP address of the computer to be designated as a DMZ host. Note: Only one network computer can be a DMZ host at any time. 3. Click Apply. Note: to disable the DMZ Host, Click in the “DMZ Host IP Address” check box.
50 6.4 Port Triggering Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, inbound traffic is allowed to arrive at a specific network host using ports different than those used for the outbound traffic. The outbound traffic triggers which ports inbound traffic is directed. For example, a gaming server is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In this case, port triggering must be used, since it conflicts with the following default firewall settings: • The firewall blocks inbound traffic by default. • The server replies to the TG590’s IP, and the connection is not sent back to the host, since it is not part of a session. To resolve the conflict, a port triggering entry must be defined, which allows inbound traffic on UDP port 3333, only after a network host generated traffic to UDP port 2222. This results in accepting the inbound traffic from the gaming server, and sending it back to the network host which originated the outgoing traffic to UDP port 2222. To use port triggering: 1. Select Port Triggering from the left side of any Security screen. The “Port Triggering” screen appears. 2. Select either “User Defined” or “Show All Services” from the drop-down list next to “Add.” 3. If Show All Services is selected in step 2, select a Service from the list. The service is added to the Port
51 Triggering screen as an active protocol. 4. If User Defined is selected in step 2, the “Edit Port Triggering Rule” screen appears. Enter a service name in the appropriate text box, then configure its inbound and outbound trigger ports by clicking the appropriate links..
52 6.5 Advanced Filtering Advanced filtering is designed to allow comprehensive control over the firewall’s behavior. Specific input and output rules can be defined, the order of logically similar sets of rules controlled, and distinctions made between rules that apply to Internet and rules that apply to local network devices. To access, select Advanced Filtering from any Security screen. The “Advanced Filtering” screen appears. Two sets of rules can be configured: input rules and output rules. Following is a description of the set ordering for inbound and outbound packets.
53 6.6 Security Log The security log displays a list of firewall-related events, including attempts to establish inbound and outbound connections, attempts to authenticate at an administrative interface (MegaControl Panel or Telnet terminal), firewall configuration, and system start-up. To access the security log, select Security Log from any Security screen. The “Security Log” screen appears. 6.6a Time The time (based on the TG590’s date and time settings) the event occurred. 6.6b Event There are three kinds of events listed in the system log: Firewall Info, Firewall Setup, and System Log. 6.6c Event-Type The “Details” column displays more information about the packet or the event, such as protocol, IP addresses, ports, etc. 6.6d Details Displays a textual description of the event
54 6.6e Security Log Settings To view or change the security log settings: 1. Click Settings in the Security Log screen. The “Security Log Settings” screen appears. 2. Select the type of activities that will generate a log message: Accepted Incoming Connections - activating this check box generates a log message for each successful attempt to establish an inbound connection to the local network. Accepted Outgoing Connections - activating this check box generates a log message for each successful attempt to establish an outgoing connection to the public network. 3. Select the type of blocked events to be listed in the log: All Blocked Connection Attempts - activating this check box generates log messages for all blocked events. Other Blocked Events - if “All Blocked Connection Attempts” is un-checked, select specific blocked events from this list to generate log messages. 4. Click in the “Remote Administration Attempts” check box to write a log message for each remote-administration connection attempt, whether successful or not. 5. Click in the “Connection States” check box to track connection handling by the firewall and Application Level Gateways (ALGs). 6. Click Apply to save changes.
55 6.6a Inbound/Outbound Packets - Rule Sets There are numerous rules automatically inserted by the firewall to provide improved security and block harmful attacks. These pre-populated rules displayed are required for operation on the Verizon Network. To configure advanced filtering rules, click Add next to the rule title. The “Add Advanced Filter” screen appears. To add an advanced filtering rule, define the following rule parameters: 6.9c Matching To apply a firewall rule, a match must be made between IP addresses or ranges and ports. Use the “Source Address” and “Destination Address” drop-down lists to define the coupling of source and destination traffic. Port matching will be defined when selecting protocols. For example, if the FTP protocol is selected, port 21 will be checked for matching traffic flow between the defined source and destination IPs. 6.9d Operation This is where the action the rule will take is defined. Select one of the following radio buttons: Drop - Deny access to packets that match the source and destination IP addresses and vCP reset to the origination peer. Accept - Allow access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen. The data transfer session will be handled using Stateful Packet Inspection (SPI).
56 Accept Packet - Allow access to packets that match the source and destination IP addresses and protocol ports defined in upper section of the screen. The data transfer session will not be handled using Stateful Packet Inspection (SPI), so other packets that match this rule will not be automatically allowed access. This setting is useful when creating rules that allow broadcasting. 6.9e Logging Click in this check box to add entries relating to this rule to the security log. 6.9f Scheduler (When should this rule occur?) If advanced filtering needs to be active all the time, select Always from the “When should this rule occur?” drop-down list. If the rule will only be active at certain times select User Defined and click Add. Then, add a schedule rule (for more details about schedule rules, see the “Advanced Connection” chapter of this manual)
57 7 PARENTAL CONTROL In this chapter In this chapter, we will take a closer look at following features: Topic Page 7.1 Setting the Parental Controls 7.2 Rule Summary 7.3 Parental Control Log Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
58 7.1 Setting the Parental Controls To create a basic access policy for a computer on the TG590’s network, click Parental Control from the top of the Home screen and follow these instructions: 1. The “Parental Control” screen appears. From the “Networked Computer/Device” list box, select a computer/device, and then click Add. The computer/ device appears in the “Selected Devices” list box. 2. In the “Limit Access by” section, select one of the following options: Block the following Websites - blocks all websites entered in step 4 from being accessed on the computers/devices selected in step 2. Allow the following Websites - allows access only to the websites entered in step 4 on the computers/devices selected in step 2. Blocking ALL Internet Access - blocks all Internet access on the computers/devices selected in step 2. 3. Enter the URL address of a website and, if applicable, the embedded keyword within the website. Click Add. The websites and/or keywords selected will appear in the textbox to the right. If you make a mistake, or wish to delete a previously entered website/keyword, select it, then click Remove.
59 4. If needed, you can create a schedule for when you want the rule to be active, or inactive. In the “Create Schedule” section, select the affected days. 5. Select whether the rule will be active or inactive during the schedule you created by clicking the radio button next to the appropriate option. 6. If you want more precise control over the schedule, set up an hourly schedule by entering the start and end times in the appropriate text boxes. Make sure to specify AM or PM. Note: The hourly schedule only affects the days selected in step 5. For example, if you select Saturday and Sunday, a start time of 10 a.m., and an end time of 3 p.m., the scheduled time will be Saturday/Sunday, 10 a.m. to 3 p.m. 7. In the “Create Rule Name” section, enter a rule name and description in the appropriate text boxes. 8. Click Apply to save and apply the new rule.
60 7.2 Rule Summary Clicking Rule Summary from the menu on the left side generates the “Rule Summary” screen. The Rule Summary screen displays a list of all rules created for the TG590. Additionally, the rule can be viewed by clicking the magnifying glass in the “View Rule” column, or edited by clicking on the icon in the “Edit Rule” column.
61 7.3 Parental Control Log Clicking Parental Control Log from the menu on the left side generates the “Parental Control Log” screen. The Parental Control Log screen displays a list of all events/sites visited or attempted. Additionally, the log can be filtered by the “Date/Time”. A log can also be saved, refreshed to view recent activity, or cleared.
62 8 ADVANCED SETTINGS In this chapter In this chapter, we will take a closer look at following features: Topic Page 8.1 Using Advanced Settings 8.2 Utilities 8.3 DNS Settings 8.4 Network Settings 8.5 Configuration Settings 8.6 Time Settings 8.7 Firmware Upgrade 8.8 Routing Settings Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
63 8.1 Using Advanced Settings To access the TG590’s Advanced Settings, click Advanced at the top of the Home screen. Click “Yes” in the “Warning” screen, and the “Advanced” screen appears.
64 The following settings are explained in this chapter: • Diagnostics - perform diagnostic tests on the TG590 • Restore Defaults - reset the TG590 to its default settings • Reboot Router - restart the TG590 • MAC Cloning - clone MAC addresses • ARP Table - display active devices and their IP and MAC addresses, etc. • Users - create and manage remote users • Quality of Service (QoS) - explained in Appendix A of this manual • Dynamic DNS - configure Dynamic DNS settings • DNS Server - manage the local (LAN) network for host name and IP address
65 • Network Objects - create and manage network objects (discrete LAN subsets) • Universal Plug & Play - ? • IGMP Proxy - ? • Port Forwarding Rules - configure the TG590’s ports • Date and Time - configure the TG590 ’s clock and calendar • Scheduler Rules - schedule firewall activation • Routing - manage routing policies • IP Address Distribution - manage the IP addresses of devices on the network
66 8.2 Utilities The first collection of Advanced Connection (beneath the Toolbox icon) is the Utilities. 8.2a Diagnostics The Diagnostics screen can assist in testing network connectivity. This feature pings (ICMP echo) an IP address and displays the results, such as the number of packets transmitted and received, round trip time, and success status. To diagnose network connectivity: 1. Click Diagnostics from the Advanced screen. The “Diagnostics” screen appears. 2. Enter the IP address or domain name to be tested in the “Destination” field. 3. Click Go. 4. In a few seconds, diagnostics statistics will be displayed. If no new information is displayed, click Refresh.
67 8.2b Restore Defaults If the TG590’s factory default settings need to be restored (to build a new network from the beginning, for example), use the following procedure: 1. Click Restore Defaults in the Advanced screen. The “Attention” screen appears. 2. If needed, click Save Configuration File to save the TG590’s current configuration to a file. The TG590’s current settings can then be reapplied after restoring default settings (see “Configuration File” in this chapter for more information). 3. Click Restore Defaults. The TG590 will restart, and factory default settings will be applied. Note: All of the TG590’s settings and parameters will be restored to their default values after performing the Restore Default procedure. This includes the administrator password; a user-specified password will no longer be valid.
68 8.2c Reboot the TG590 To reboot the TG590: 1. Click Reboot Router under the red tool box icon on the Advanced screen. 2. The “Reboot Router” screen appears. 2. Click OK to restart the TG590. This may take up to two minutes. Note: To access the TG590’s GUI after restarting the TG590, click the web browser’s “Refresh” button, then log in using the
69 8.2d MAC Cloning A MAC (Media Access Control) address is a unique hexadecimal code that identifies a device on a network. All networkable devices have a MAC address. When replacing another network device with the TG590, the installation process can be simplified by copying the MAC address of the existing networking device to the TG590. To do this: 1. Click MAC Cloning under the red toolbox icon on the Advanced screen. 2. The “MAC Cloning” screen appears. 3. Enter the MAC address to be cloned in the “To Physical Address” text boxes. 4. Click Clone My MAC Address to capture the MAC address of the computer currently accessing the TG590’s GUI. The TG590 will now have the new MAC address.
70 8.2e ARP (Address Resolution Protocol) Table Clicking ARP Table in the Advanced screen generates the “ARP Table” screen. This screen displays the IP and MAC addresses of each DHCP connection. 8.2f Users To manage individual users: 1. Click Users in the Advanced screen, which generates the “Users” screen.
71 2. Click New User, which generates the “User Settings” screen. 3. When adding a user, specify the following parameters: • User Name - The name a remote user will use to access the home or office network. This entry is case-sensitive. • New Password/Retype New Password - The password for the user (and enter again to confirm). • Permissions - The level of access the user is allowed. Options include: Administrator or User. • E-mail Notification - Email notification can be used to receive indications of system events for a predefined severity classification. The available types of events are “System” or “Security” events. The available severity of events are Error, Warning, and Information. To configure Email notification for a specific user: 1) Make sure an outgoing mail server has been configured in “System Settings”. If not, click “Click Here" to Configure Notification Mail Server to configure the outgoing mail server. 2) Enter the user’s Email address in the “Notification Address” text box. 3) Select the “System” and “Security” notification levels in the “System Notify Level” and “Security Notify Level” drop-down lists.
72 Note: Changing any of the user parameters will prompt the connection associated with the user to terminate. For changes to take effect, activate the connection manually after modifying user parameters.
73 8.2g Quality of Service The TG590’s QoS (Quality of Service) capabilities are covered in detail in appendix A of this manual.
74 8.2h Local Administration Clicking Local Administration in the Advanced screen generates the “Local Administration” screen. This screen allows the user to grant local Telnet access using a particular Telnet port. To use, select a Telnet port by clicking in the appropriate check box, then click Apply.
75 8.3 DNS Settings The second section of the Advanced window is the DNS (Domain Name System) settings section, which includes “Dynamic DNS” and “DNS Server.” 8.3a Dynamic DNS Dynamic DNS creates a dynamic IP address to be aliased to a static hostname, allowing a computer on the network to be more easily accessible from the Internet. Typically, when connecting to the Internet, the service provider assigns an unused IP address from a pool of IP addresses, and this address is used only for the duration of a specific connection. Dynamically assigning addresses extends the usable pool of available IP addresses, while maintaining a constant domain name. This allows the user to access a device (portable hard drive, for example) from a remote location, since the device will always have the same IP address. When using Dynamic DNS, the IP address changes based upon the service provider’s changes, the DNS database changes accordingly to reflect the change. In this way, even though the IP address of the computer changes often, its domain name remains constant and accessible.
76 Setting up Dynamic DNS To set up Dynamic DNS on the TG590, click Dynamic DNS in the Advanced screen. When the “Dynamic DNS” screen appears, click New Dynamic DNS Entry. Another Dynamic DNS screen appears.
77 Configure the following parameters: • Host Name: Enter the full Dynamic DNS domain in this text box. • Connection: Select the connection with which to couple the Dynamic DNS service. Options include Broadband Connection (Ethernet), Broadband Connection (Coax) • Provider: Select the TG590’s Dynamic DNS account provider from the drop-down list. • User Name: Enter the Dynamic DNS user name in this text box. • Password: Enter the Dynamic DNS password in this text box. • Wildcard: Select the “Wildcard” check box to allow any URL that includes the domain name (here.yourhost.vztch.com, for example) to connect. • Mail Exchanger: Enter the mail exchange server address. This will redirect all Emails arriving at the Dynamic DNS address to the mail server. • Backup MX: Select this check box to designate the mail exchange server to be a backup server.
78 • Offline: Disable the Dynamic DNS feature by clicking this check box. This feature is available only to users who have purchased some type of upgrade credit from the Dynamic DNS provider. Note: Changing the redirection URL can only be performed via the Dynamic DNS provider’s website. SL Mode If the Dynamic DNS service chosen supports SSL, select the SSL mode from the drop-down menu (options: None, Chain, Direct). To edit the host name or IP address of an entry: 1. Click the appropriate “Edit” icon in the Action column. The “DNS Entry” screen appears. 2. If the host was manually added to the DNS Table, its host name and/or IP address can be modified. Otherwise, only modify its host name. 3. Click Apply to save the changes. To remove a host from the DNS table, click the appropriate “Delete” icon in the Action column. The entry will be removed from the table. 8.3b DNS Server
79 The Domain Name System (DNS) translates domain names into IP addresses and vice versa. The TG590 ’s DNS server is an auto-learning DNS, which means that when a new computer is connected to the network, the DNS server learns its name and automatically adds it to the DNS table. Other network users can immediately communicate with this computer using either its name or its IP address. The TG590’s DNS also provides the following services: Shares a common database of domain names and IP addresses with the DHCP server. Supports multiple subnets within the local network simultaneously. Automatically appends a domain name to unqualified names. Allows new domain names to be added to the database using the TG590’s GUI. Permits a computer to have multiple host names. Permits a host name to have multiple IPs (needed if a host has multiple network cards). The DNS Server does not require configuration. However, the list of computers known by the DNS can be viewed or a new computer can be added to the list. DNS Table To view the list of computers stored in the DNS table: 1. Click DNS Server in the Advanced screen. 2. The “DNS Server” screen appears.
80 To add a new entry to the list: Click Add DNS Entry in the DNS Server screen. The “DNS Entry” screen appears. 2. Enter the computer’s host name in the “Host Name” text box. 3. Enter the computer’s IP address in the “IP Address” text boxes. 4. Click Apply to save the changes.
81 8.4 Network Settings The Network Settings section of the Advanced screen includes settings that affect the TG590’s network. 8.4a Network Objects A network object is used to define a part of the TG590’s network (a group of computers, for example) by MAC addresses, IP addresses, and/or host names. The defined part becomes a “network object,” and settings, such as configuring system rules, can be applied to all the devices defined as part of the network object at once. For example, instead of setting the same website filtering configuration to five computers one at a time, the computers can be defined as a network object, and website filtering configuration can then be applied to all the computers simultaneously. Network objects can be used to apply security rules based on host names instead of IP addresses. This may be useful, since IP addresses change from time to time. Moreover, it is possible to define network objects according to MAC addresses, making rule application more persistent against network configuration settings. To define a network object: Click Network Objects in the Advanced screen. The “Network Objects” screen appears.
82 Click Add. The “Edit Network Object” screen appears. Specify a name for the network object in the “Description” text box. Click Add. The “Edit Item” screen appears. Select the type of network object type from the “Network Object Type” list box. Options include IP address, IP Subnet, IP Range, MAC Address, Host Name, and DHCP Option. 6. Repeat to create other network objects, if needed. When finished, click Apply to save all created network objects.
83 8.4c Protocols Protocols feature a list of preset and user-defined applications and common port settings. Protocols can be used in various security features, such as Access Control and Port Forwarding. New protocols can be added to support new applications or existing ones can be edited when needed. To define a protocol: 1. Click Protocols in the Advanced screen. The “Protocols” screen appears.
84 2. Click Add at the bottom of the screen. The “Edit Service” screen appears. 3. Name the service in the “Service Name” text box and, if needed, enter a description of the service in the “Service Description” text box, then click Add Service Ports. The “Edit Service Server Ports” screen appears. Select a protocol from the “Protocol” drop-down list. To create a new protocol, select “Other.” After selecting a protocol, the screen will refresh, displaying the relevant text boxes needed to edit the particular protocol. 5. Click Apply to save the changes.
85 8.5 Configuration Settings This section includes settings that affect the TG590’s configuration.
86 8.5a Configuration File Use the TG590’s Configuration File feature to view, save, and load configuration files, which are used to backup and restore the TG590 ’s current configuration. To do this: 1. Click Configuration File in the Advanced screen. The “Configuration File” screen appears. Click Load Configuration File to load the previous configuration from a file and restart the TG590. Only configuration files saved on a particular TG590 can be applied to the TG590; configuration files cannot be transferred between TG590s. 1. Click Save Configuration File to backup the current configuration to a file. Warning: Manually editing a configuration file can cause the TG590 to malfunction or become completely inoperable.
87 8.5b System Settings Clicking System Settings in the Advanced screen generates the “System Settings” screen, where various system and management parameters can be configured.
88 System Use the “System” section of this screen to configure the following two options: Wireless Broadband’s Hostname - Specify the TG590’s host name by entering it into the text box. The host name is also the TG590’s URL address, so it can be entered here rather than 192.168.1.1. Local Domain - Specify the network’s local domain by entering it into this text box. Wireless Broadband Use this section to configure the following: Automatic Refresh of System Monitoring Web Page - Click in this check box to activate the automatic refresh of system monitoring web pages. Prompt for Password When Accessing via LAN - Click in this check box to cause the TG590 to ask for a password when trying to connect to the network. Warn User Before Network Configuration Changes - Click in this check box to activate user warnings before network configuration changes take effect. Session Lifetime - After the TG590 has been inactive for a period of time, the user must reenter a user name and password to continue accessing the GUI. To change the length of this time period, enter the amount of time (in seconds) in the “Session Lifetime” text box. Configure a number of concurrent users… - Used to limit the number of users that can access the TG590 at the same time. Select the number of users from the drop-down list.
89 Management Application Ports This section allows the following management application ports to have their default port numbers to be changed: Primary/secondary HTTP ports Primary/secondary HTTPS ports Primary/secondary Telnet ports Secure Telnet over SSL ports Management Application SSL Authentication Options This section allows the user to access the TG590’s GUI through a browser or Telnet as a secure socket layer (SSL) session. System Logging Use this section to configure the following system log options. Enable Logging - Click in this check box to activate system logging. Low Capacity Notification Enabled - Click in this check box to activate low capacity notification (works in tandem with “Allowed Capacity Before Email Notification” and “System Log Buffer Size” options). Allowed Capacity Before Email Notification - Enter the percentage of system log buffer capacity reached to trigger an email notification. System Log Buffer Size - Enter the size of the system log buffer in this text box. Remote System Notify Level - This feature is used to specify the type of information received for remote system logging. Options include None, Error, Warning, and Information.
90 Security Logging Use this section to configure the following security log options. Low Capacity Notification Enabled - Click in this check box to activate low capacity notification (works in tandem with “Allowed Capacity Before Email Notification” and “Security Log Buffer Size” options). Allowed Capacity Before Email Notification - Enter the percentage of security log buffer capacity reached to trigger an email notification. Security Log Buffer Size - Enter the size of the security log buffer in this text box. Remote Security Notify Level - This feature is used to specify the type of information received for security logging. Options include None, Error, Warning, and Information. Outgoing Mail Server Use this section to configure the outgoing mail server options. This server is used to format and send system and security log email notifications. Server - Enter the host name of the outgoing (SMTP) server in this text box. From Email Address - Email notifications require a “from” address. Enter a “from” email address in this text box. Port - Enter the port number of the email server in this text box. Server Requires Authentication - If the email server requires authentication, click in this check box, then enter a user name and password in the “User Name” and “Password” text boxes that appear.
91 Auto WAN Detection When activated, Auto WAN Detection causes the TG590 to automatically search for a WAN connection. Enable Logging - Clicking in this check box activates automatic WAN detection. PPP Timeout - Enter the amount of time (in seconds) before the TG590 stops attempting to establish a broadband PPP connection. DHCP Timeout - Enter the amount of time (in seconds) before the TG590 stops attempting to establish a broadband DHCP connection. Number of Cycles - Enter the number of times the TG590 attempts to detect a broadband PPP and DHCP connection. Auto Detection Continuous Trying - Click in this check box to cause the TG590 to indefinitely search for a broadband connection. 8.5c Port Configuration Port configuration allows the user to set up the TG590 ’s Ethernet ports as either full- or half-duplex ports, at either 10 Mbps, 100 Mbps, or 1 Gbps. Selecting the “Auto” option causes the port to negotiate the speed and duplex configuration of the port with which it is communicating.
92 8.6 Time Settings The Time settings section of the Advanced window features utilities that involve times, dates and schedules. 8.6a Date and Time To configure date and time, do the following: 1) Click Date and Time on the Advanced screen. The “Date and Time” screen appears.
93 2) Select the local time zone from the drop-down list. The TG590 can automatically detect daylight saving setting for selected time zones. If the Daylight Saving Time setting for a time zone is not automatically detected, the following two fields will be displayed: • Enabled - Select this check box to enable daylight saving time. • Mode- Relative (Recommended for U.S./Canada) or Absolute. To perform an automatic time update: 1) Click in the “Enabled” check box in the “Automatic Time Update” section. 2) Select the protocol to be used to perform the time update by selecting either the “Time of Day” or “Network Time Protocol” radio button. 3) Specify how often to perform the update in the “Update Every” text box. 4) To synchronize the settings, click on “Sync Now”. 5) Define time server addresses by clicking Add on the bottom of the “Automatic Time Update” section and entering the IP address or domain name of the time server in the “Time Server Settings” screen.
94 8.6b Scheduler Rules Scheduler rules are used for limiting the activation of firewall rules to specific time periods, either for days of the week, or for hours of each day. To define a rule: Make sure the TG590’s date and time are set correctly. To do this, see the “Date and Time” section in this chapter. Click Scheduler Rules in the Advanced screen. The “Scheduler Rules” screen appears. 3. Click Add. The “Set Rule Schedule” screen appears. 4. Enter a name for the rule in the “Rule Name” text box. 5. Indicate if the rule will be “active” or “inactive” during the designated time period by clicking the appropriate “Rule Settings” radio button. 6. Click Add Rule Schedule. The “Edit Rule Schedule” screen appears.
95 7. Select or active or inactive days of the week by clicking in the appropriate text boxes. 8. If applicable, click New Hours Range Entry to define an active/inactive hourly range. The “Edit Hour Range” screen appears. Enter a start and end time in the appropriate text boxes. Note: Make sure the TG590 ’s date and time settings are properly configured for the time zone. 9. Click Apply.
96 8.6c Clock Set Click on this link from the Date and Time screen to set the TG590 ’s time and date. The Local Date can be set by using the drop-down list; and the Local Time can be manually entered into the text boxes. Then, click on Apply. The final section of the Advanced screen is Routing settings, which includes Routing and IP Address Distribution.
97 8.8a Routing Access the routing table rules by clicking Routing in the Advanced screen. The “Routing” screen appears. Routing rules can be added, edited, or deleted from the Routing screen. To add a , click New Route. The “Route Settings” screen appears. When adding a routing rule, the following parameters must be specified: • Route Name - Select the type of network from the drop-down list. • Destination - The destination is the destination host, subnet address, network address, or default route. The destination for a default route is 0.0.0.0. • Netmask - The network mask is used in conjunction with the destination to determine when a route is used.
98 • Gateway - Enter the TG590’s IP address. • Metric - A measurement of the preference of a route. Typically, the lowest metric is the most preferred route. If multiple routes exist to a given destination network, the route with the lowest metric is used. IGMP (Internet Group Management Protocol) Multicasting The TG590 provides support for IGMP multicasting, which allows hosts connected to a network to be updated whenever an important change occurs in the network. A multicast is simply a message that is sent simultaneously to a pre-defined group of recipients. When joining a multicast group, all messages addressed to the group will be received by the user, much like when an email message is sent to a mailing list. To activate IGMP multicasting 1) Select Routing in the Advanced screen. 2) Activate the “Internet Group Management Protocol” check-box. 3) Click Apply. Domain Routing Domain routing is used in multi- local network configurations. Normally, to access a device connected to one from another on the network, its IP address must be used. Activating domain routing (by clicking in the appropriate check box) allows the user to access the computer by name (as well as IP address).
99 8.8b IP Address Distribution The TG590’s DHCP server makes it possible to easily add computers configured as DHCP clients to the network. It provides a mechanism for allocating IP addresses to these hosts and for delivering network configuration parameters to them. For example, a client (host) sends out a broadcast message on the network requesting an IP address for itself. The DHCP server then checks its list of available addresses and leases a local IP address to the host for a specific period of time and simultaneously designates this IP address as “taken.” At this point, the host is configured with an IP address for the duration of the lease. The host can choose to renew an expiring lease or let it expire. If it chooses to renew a lease, it will also receive current information about network services, as it did with the original lease, allowing it to update its network configurations to reflect any changes that occurred since it first connected to the network. If the host wishes to terminate a lease before its expiration, it can send a release message to the DHCP server, which will then make the IP address available for use by others. The TG590’s DHCP server: • Displays a list of all DHCP hosts devices connected to the TG590. • Defines the range of IP addresses that can be allocated in the network. • Defines the length of time for which dynamic IP addresses are allocated. • Provides the above configurations for each network device and can be configured and enabled/disabled separately for each network device. • Can assign a static lease to a network computer so that it receives the same IP address each time it connects to the network, even if this IP address is within the range of addresses that the DHCP server may assign to other computers. • Provides the DNS server with the host name and IP address of each computer connected to the network.
100 To view a summary of the services currently being provided by the DHCP server, click IP Address Distribution in the Advanced screen. The “IP Address Distribution” screen appears.
101 Editing DHCP Server Settings To edit the DHCP server settings for a device: 1. Click the appropriate icon in the “Action” column. The “DHCP Settings” screen for the device appears. 2. Select the “IP Address Distribution” from the drop-down list. Options include DHCP Server, DHCP Relay, or Disable. 3. Complete the following fields: • Start IP Address Range, End IP Address Range - determines the number of hosts connected to the network in this subnet.“Start” specifies the first IP address assigned in this subnet and “End” specifies the last IP address in the range. • Subnet Mask - used to determine to which subnet an IP address belongs. An example of a subnet mask value is 255.255.0.0. • WINS Server - The WINS (Windows Internet Naming Service) server determines the IP address associated with a network device.
102 • Lease Time - each device will be assigned an IP address by the DHCP server for a limited time (“Lease Time”) when it connects to the network. When the lease expires, the server will determine if the computer has disconnected from the network. If it has, the server may reassign this IP address to a newly- connected computer. This feature ensures that IP addresses not in use will become available for other computers on the network. • Provide host name if not specified by client - when activated, the TG590 assigns the client a default name if the DHCP client has no host name. 4. Click Apply to save the changes. DHCP Connections To view a list of computers currently recognized by the DHCP server, click Connection List at the bottom of the IP Address Distribution screen. The “DHCP Connections” screen appears.
103 To define a new connection with a fixed IP address: 1. Click New Static Connection in the DHCP Connections screen. The “DHCP Connection Settings” screen appears. 2. Enter a host name for this connection. 3. Enter the fixed IP address to assign to the computer. 4. Enter the MAC address of the computer’s network card. 5. Click the Apply to save changes. Note: A device’s fixed IP address is actually assigned to the specific network card’s MAC address installed on the network computer. If this network card is replaced, the device’s entry in the DHCP Connections list must be updated with the new network card’s MAC address. To remove a host from the table, click the appropriate “Delete” icon in the Action column.
104 9 TROUBLESHOOTING In this chapter In this chapter, we will take a closer look at suggested solutions for problems you may encounter while installing, configuring or using your TG590. Topic Page 9.1 Package Contents 9.2 System Requirements 9.3 ? 9.4 ? Feature availability Depending on the configuration offered by your service provider, some features may not be available on your TG590. For more information, please contact your service provider.
105 9 Troubleshooting The TG590’s System Monitoring screens display important system information, including basic settings, system log, key network device parameters and network traffic statistics. 9.1 Status Click System Monitoring at the top of the Home screen to display the “ Status” screen, which displays the TG590’s basic settings. 9.2 Advanced Status After selecting Advanced Status and clicking Yes in the Warning screen, the monitoring options appear: System Logging, Full Status/System wide Monitoring of Connections, Traffic Monitoring, and Broadband Monitoring. 9.2a System Logging Click System Logging in the Advanced Status screen to generate the “System Log” screen. The System Log displays a list of the most recent activities of the TG590. 9.2b Full Status/System wide Monitoring of Connections 1. Click Full Status/System wide Monitoring of Connections in the Advanced Status screen (and click through the Warning screen) to generate the “Full Status/System wide Monitoring of Connections” screen, which features a table summarizing the monitored connection data. 2. Click Refresh to update the table, or click Automatic Refresh On to constantly update the displayed parameters. 9.2c Traffic Monitoring The TG590 constantly monitors traffic within the local network and between the local network and the Internet. To view up-to-the-second statistical information about data received from and transmitted to the Internet, and about data received from and transmitted to computers in the local network, click Traffic Monitoring in the Advanced Status screen. This generates the “Traffic Monitoring” screen. 9.2d Bandwidth Monitoring To monitor the TG590’s bandwidth use, click Bandwidth Monitoring. The “Bandwidth Monitor” screen appears.
106
107 Check the LEDs If the TG590 does not work as expected, the status LEDs on the front panel may provide you enough information to locate the problem: LED Color State Description Ethernet LAN Green Solid Connected to the Ethernet device, no data traffic ongoing Blinking Connected to the Ethernet device, data traffic ongoing Off No device connected. Coax LAN Green Solid/ Blinking One or more devices (e.g. a Set-top-box) are connected to the local coaxial network. Off No devices connected to the local coaxial network. USB Green Solid USB device connected to the USB port. Off No USB device connected to the USB port. Wireless Solid Green Wireless is enabled on your TG590, no traffic ongoing. Blinking Wireless is enabled on your TG590, traffic ongoing. Off Wireless is disabled on your TG590. LED Color State Description Power Green Solid Powered on. Blinking Upgrade ongoing. Do not remove any cables or switch of the TG590 when the TG590 is upgrading. Orange Blinking Starting upgrade mode. Off Not powered. Ethernet WAN Green Solid Ethernet connection to the Verizon Optical Network Terminal (ONT) operational, activity. Blinking Ethernet connection to the Verizon Optical Network Terminal (ONT) operational, no activity.
108 Off No Ethernet connection to the Verizon Optical Network Terminal (ONT). Coax WAN Green Solid/ Blinking Connected to the Verizon Optical Network Terminal (ONT) using the Coax port. Off Not connected to the ONT using the Coax port. Internet Green Solid Connected to the Internet, no activity detected. Blinking Connected to the Internet, activity. Amber Solid Failed to connect to the Internet. Off The TG590 is either powered off or starting up. Poor wireless connectivity Try the following: 1) Change the wireless channel. Note: The default setting automatically selects the best wireless channel. 2) Check the signal strength, indicated by the wireless client manager. If the signal is low, try to move the TG590 for optimal performance. 3) Use WPA2-PSK as encryption. Resetting your TG590 If at some point you can no longer connect to the TG590 or you want to make a fresh install, it may be useful to perform a reset to factory defaults. Warning: A reset to factory default settings deletes all configuration changes you made. Proceed as follows: 1) Make sure the TG590 is turned on. 2) Push the Reset button on the back panel until the Power LED lights red - this will take about 5 seconds. 3) Release the Reset button. 4) The TG590 will restart. Call the Help Desk If you did not find a solution in the Troubleshooting section, please call the Help Desk at 800-837-4966.

Navigation menu