Posts
SETTING DMZ IN THE Linksys ROUTER
Launch your Internet Explorer 5 or later version or Netscape Navigator 4 or later version.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, I regret to tell you but, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default 1] Press and hold the reset button for 30 sec., after that 2] Unplug the power keep holding down the reset button for another 30 sec. 3] Then, plug back the power keep holding down the reset button for 30sec., after that 4] Release the reset button.
Note: Setting the pc in DMZ in the router varies depending on the model number and firmware version of your Linksys Router.
Cisco Interface (If your Setup page has a Cisco Logo)
- Click on the Applications and Gaming Tab > DMZ > Enable DMZ and enter the last octet of the LAN IP address of the computer behind the router that has the special application you wish to run.
Regular Linksys Router Interface (If your Setup page has a no Cisco Logo)
- Click on the Advance Tab > DMZ Host Tab > Enter the last octet of the LAN IP address of the computer behind the router that has the special application you wish to run.
Regular Linksys Router Interface (WRT54G) (If your Setup page has a no Cisco Logo)
- Click on the System Tab > Enable DMZ > Enter the last octet of the LAN IP address of the computer behind the router that has the special application you wish to run.
Showing posts with label networking. Show all posts
Showing posts with label networking. Show all posts
Friday, July 25, 2008
Thursday, July 24, 2008
Virtual Private Networking ( VPN )
What is VPN?
an insight for Linksys and Cisco
VPN stands for Virtual Private Network. A VPN connects the components of one LAN to another LAN. VPN accomplishes this by allowing the user to tunnel through the Internet or another public network using encryption and other security mechanisms to ensure that only authorized users can access the network and that the data can not be intercepted.
VPN is also the extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet.
A number of different protocols exist that each satisfy the key characteristics of a VPN. The most commonly recognized protocols are SOCKS, SSL, PPTP, IPSEC (often written as IPSec), and L2TP. For general VPN use the most important are IPSec, PPTP, and L2TP.
Internet Protocol Security (IPsec)
IPSec is the deFacto standard for Virtual Private Networks and is a TCP/IP-based protocol.
IPSec is way to authenticate and optionally encrypt IP packets. IPSec transport mode allows for authenticated and encrypted sessions between two nodes and can carry any kind of IP traffic (except multicast).
Most vendors have gone along with the inevitable and have moved towards emphasizing IPSec.
---Introducing IPSec
IPSec is the long-term direction for secure networking. It provides a key line of defense against private network and Internet attacks, balancing security with ease of use.
IPSec has two goals:
1. To protect the contents of IP packets.
2. To provide a defense against network attacks through packet filtering and the enforcement of trusted communication.
Both goals are met through the use of cryptography-based protection services, security protocols, and dynamic key management. This foundation provides both the strength and flexibility to protect communications between private network computers, domains, sites, remote sites, extranets, and dial-up clients. It can even be used to block receipt or transmission of specific traffic types. IPSec is based on an end-to-end security model, establishing trust and security from a source IP to a destination IP address. The IP address itself does not necessarily have to be considered an identity, rather the system behind the IP address has an identity that is validated through an authentication process. The only computers that must know about the traffic being secured are the sending and receiving computers. Each computer handles security at its respective end, with the assumption that the medium over which the communication takes place is not secure. Any computers that only route data from source to destination are not required to support IPSec, unless firewall-type packet filtering or network address translation is being done between the two computers. This model allows IPSec to be successfully deployed for the following enterprise scenarios:
Local area network (LAN): client/server and peer-to-peer
Wide area network (WAN): router-to-router and gateway-to-gateway
Remote access: dial-up clients and Internet access from private networks
Typically both sides require IPSec configuration (called an IPSec policy), to set options and security settings that will allow two systems to agree on how to secure traffic between them.
Common use of the protocols:
PPTP - road warrior or remote workers, remote connection to your home, telecommuting
IPSec - office to office communication, branch office to head office communication
Point-to-Point Tunneling Protocol (PPTP)
You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP).
PPTP enables the secure transfer of data from a remote computer to a private server by creating a VPN across TCP/IP-based data networks. PPTP supports on-demand, multiprotocol, virtual private networking over public networks, such as the Internet.
Developed as an extension of the Point-to-Point Protocol (PPP), PPTP adds a new level of enhanced security and multiprotocol communications over the Internet. Specifically, by using the new Extensible Authentication Protocol (EAP), data transfer through a PPTP-enabled VPN is as secure as within a single LAN at a corporate site.
PPTP tunnels, or encapsulates, IP or IPX protocols inside of PPP datagrams. This means that you can remotely run programs that are dependent upon particular network protocols. The tunnel server performs all security checks and validations, and enables data encryption, which makes it much safer to send information over non-secure networks. You can also use PPTP in private LAN-to-LAN networking.
PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server. If you are directly attached to an IP LAN and can reach a server, then you can establish a PPTP tunnel across the LAN. However, if you are creating a tunnel over the Internet, and your normal Internet access is a dial-up connection to an ISP, you must dial up your Internet connection before you can establish the tunnel.
PPTP (Point to Point Tunneling Protocol) is compatible with most network protocols and is characterized by being generally easy to set up. Clients for PPTP tend to be in many operating systems with an abundance of 3rd-party clients available.
PPTP uses GRE, generic routing encapsulation. PPTP wraps IP packets in GRE packets before sending them down the tunnel.
PPTP is Point to Point Tunneling Protocol, an invention by a consortium including Microsoft. PPTP is a popular protocol because it is well-supported and documented, provides a good level of security, and generally is included with Microsoft operating systems so there is no need to purchase a third-party client software.
PPTP has been considered to be not very insecure but since version 2 many of the security issues have been addressed. PPTP is "good enough" for most purposes as long as a sensible password is chosen - one not easily guessed. IPSec is generally considered to be more secure and is the protocol of choice for particularly sensitive information. Many "road warriors" or remote workers are quite happy with PPTP because it is a lighter weight protocol that is very simple to set up and use.
Layer Two Tunneling Protocol (L2TP)
You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Layer Two Tunneling Protocol (L2TP). L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). The Windows XP implementation of L2TP is designed to run natively over IP networks. This implementation of L2TP does not support native tunneling over X.25, Frame Relay, or ATM networks.
Based on the Layer Two Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP) specifications, you can use L2TP to set up tunnels across intervening networks. Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which then encapsulate IP or IPX protocols, allowing users to remotely run programs that are dependent on specific network protocols.
With L2TP, the computer running Windows 2000 Server that you are logging on to performs all security checks and validations. It also enables data encryption, which makes it much safer to send information over non-secure networks. By using the new Internet Protocol security (IPSec) authentication and encryption protocol, data transfer through a L2TP-enabled VPN is as secure as within a single LAN at a corporate site.
Secure Sockets Layer (SSL)
SSL is a proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.
SSL, working only with TCP/IP protocols, is the primary protocol for secure connections from web browsers to to web servers, usually for secure credit card connections or for sensitive data. SSL requires a valid site certificate issued from an authorized certificate authority.
Protocols
SOCKS
SOCKS is a VPN protocol that operates at a higher network layer than the others which typically operate at layer two or three. Functioning at a higher level allows network administrators to limit VPN traffic to certain applications but it is generally considered to be a market failure due to the requirement to be specially compiled into systems and applications. Suitable for Unix/Linux use but out of popular favour for common desktop systems.
VPN PORTS:
50 - IPsec
47 - PPTP GRE packets
1723 – ISAKMP
500 – VPN CLIENT
1701 –L2TP/IPsec
4500 – L2TP/IPsec
Hash
A fixed-size result that is obtained by applying a one-way mathematical function (sometimes called a hash algorithm) to an arbitrary amount of data. If there is a change in the input data, the hash changes. The hash can be used in many operations, including authentication and digital signing. A hash is also called a message digest.
Hash Algorithm
An algorithm used to produce a hash value of some piece of data, such as a message or session key. A good hash algorithm has a quality where changes in the input data can change every bit in the resulting hash value; for this reason, hashes are useful in detecting any modification in a large data object, such as a message. Furthermore, a good hash algorithm makes it computationally infeasible to construct two independent inputs that have the same hash. Typical hash algorithms include MD2, MD4, MD5, and SHA-1. Hash algorithm is also called a hash function.
Message Digest-5 (MD5)
A hashing scheme is a method for transforming data (for example, a password) in such a way that the result is unique and cannot be changed back to its original form. The CHAP authentication protocol uses challenge-response with one-way MD5 (128-bit hashing scheme) hashing on the response. In this way, you can prove to the server that you know your password without actually sending the password over the network.
Secure Hash Algorithm (SHA-1)
A message digest hash algorithm that generates a 160-bit hash value. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.
Data Encryption Standard (DES)
Data Encryption Standard (DES) to provide confidentiality (data encryption). IPSec enables the ability to frequently regenerate keys during a communication. This prevents the entire data set from being compromised if one DES key is broken.
DES is a block cipher that uses a 56-bit key. A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64-bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.
Cipher block chaining (CBC) is also used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks. Used when the high security and overhead of 3DES are not necessary.
3 Data Encryption Standard (3DES)
Used when high security is required. 3DES processes each block three times, using a unique 56-bit key each time:
Encryption on the block with key 1
Decryption on the block with key 2
Encryption on the block with key 3
This process is reversed if the computer is decrypting a packet.
an insight for Linksys and Cisco
VPN stands for Virtual Private Network. A VPN connects the components of one LAN to another LAN. VPN accomplishes this by allowing the user to tunnel through the Internet or another public network using encryption and other security mechanisms to ensure that only authorized users can access the network and that the data can not be intercepted.
VPN is also the extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet.
A number of different protocols exist that each satisfy the key characteristics of a VPN. The most commonly recognized protocols are SOCKS, SSL, PPTP, IPSEC (often written as IPSec), and L2TP. For general VPN use the most important are IPSec, PPTP, and L2TP.
Internet Protocol Security (IPsec)
IPSec is the deFacto standard for Virtual Private Networks and is a TCP/IP-based protocol.
IPSec is way to authenticate and optionally encrypt IP packets. IPSec transport mode allows for authenticated and encrypted sessions between two nodes and can carry any kind of IP traffic (except multicast).
Most vendors have gone along with the inevitable and have moved towards emphasizing IPSec.
---Introducing IPSec
IPSec is the long-term direction for secure networking. It provides a key line of defense against private network and Internet attacks, balancing security with ease of use.
IPSec has two goals:
1. To protect the contents of IP packets.
2. To provide a defense against network attacks through packet filtering and the enforcement of trusted communication.
Both goals are met through the use of cryptography-based protection services, security protocols, and dynamic key management. This foundation provides both the strength and flexibility to protect communications between private network computers, domains, sites, remote sites, extranets, and dial-up clients. It can even be used to block receipt or transmission of specific traffic types. IPSec is based on an end-to-end security model, establishing trust and security from a source IP to a destination IP address. The IP address itself does not necessarily have to be considered an identity, rather the system behind the IP address has an identity that is validated through an authentication process. The only computers that must know about the traffic being secured are the sending and receiving computers. Each computer handles security at its respective end, with the assumption that the medium over which the communication takes place is not secure. Any computers that only route data from source to destination are not required to support IPSec, unless firewall-type packet filtering or network address translation is being done between the two computers. This model allows IPSec to be successfully deployed for the following enterprise scenarios:
Local area network (LAN): client/server and peer-to-peer
Wide area network (WAN): router-to-router and gateway-to-gateway
Remote access: dial-up clients and Internet access from private networks
Typically both sides require IPSec configuration (called an IPSec policy), to set options and security settings that will allow two systems to agree on how to secure traffic between them.
Common use of the protocols:
PPTP - road warrior or remote workers, remote connection to your home, telecommuting
IPSec - office to office communication, branch office to head office communication
Point-to-Point Tunneling Protocol (PPTP)
You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP).
PPTP enables the secure transfer of data from a remote computer to a private server by creating a VPN across TCP/IP-based data networks. PPTP supports on-demand, multiprotocol, virtual private networking over public networks, such as the Internet.
Developed as an extension of the Point-to-Point Protocol (PPP), PPTP adds a new level of enhanced security and multiprotocol communications over the Internet. Specifically, by using the new Extensible Authentication Protocol (EAP), data transfer through a PPTP-enabled VPN is as secure as within a single LAN at a corporate site.
PPTP tunnels, or encapsulates, IP or IPX protocols inside of PPP datagrams. This means that you can remotely run programs that are dependent upon particular network protocols. The tunnel server performs all security checks and validations, and enables data encryption, which makes it much safer to send information over non-secure networks. You can also use PPTP in private LAN-to-LAN networking.
PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server. If you are directly attached to an IP LAN and can reach a server, then you can establish a PPTP tunnel across the LAN. However, if you are creating a tunnel over the Internet, and your normal Internet access is a dial-up connection to an ISP, you must dial up your Internet connection before you can establish the tunnel.
PPTP (Point to Point Tunneling Protocol) is compatible with most network protocols and is characterized by being generally easy to set up. Clients for PPTP tend to be in many operating systems with an abundance of 3rd-party clients available.
PPTP uses GRE, generic routing encapsulation. PPTP wraps IP packets in GRE packets before sending them down the tunnel.
PPTP is Point to Point Tunneling Protocol, an invention by a consortium including Microsoft. PPTP is a popular protocol because it is well-supported and documented, provides a good level of security, and generally is included with Microsoft operating systems so there is no need to purchase a third-party client software.
PPTP has been considered to be not very insecure but since version 2 many of the security issues have been addressed. PPTP is "good enough" for most purposes as long as a sensible password is chosen - one not easily guessed. IPSec is generally considered to be more secure and is the protocol of choice for particularly sensitive information. Many "road warriors" or remote workers are quite happy with PPTP because it is a lighter weight protocol that is very simple to set up and use.
Layer Two Tunneling Protocol (L2TP)
You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Layer Two Tunneling Protocol (L2TP). L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). The Windows XP implementation of L2TP is designed to run natively over IP networks. This implementation of L2TP does not support native tunneling over X.25, Frame Relay, or ATM networks.
Based on the Layer Two Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP) specifications, you can use L2TP to set up tunnels across intervening networks. Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which then encapsulate IP or IPX protocols, allowing users to remotely run programs that are dependent on specific network protocols.
With L2TP, the computer running Windows 2000 Server that you are logging on to performs all security checks and validations. It also enables data encryption, which makes it much safer to send information over non-secure networks. By using the new Internet Protocol security (IPSec) authentication and encryption protocol, data transfer through a L2TP-enabled VPN is as secure as within a single LAN at a corporate site.
Secure Sockets Layer (SSL)
SSL is a proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.
SSL, working only with TCP/IP protocols, is the primary protocol for secure connections from web browsers to to web servers, usually for secure credit card connections or for sensitive data. SSL requires a valid site certificate issued from an authorized certificate authority.
Protocols
SOCKS
SOCKS is a VPN protocol that operates at a higher network layer than the others which typically operate at layer two or three. Functioning at a higher level allows network administrators to limit VPN traffic to certain applications but it is generally considered to be a market failure due to the requirement to be specially compiled into systems and applications. Suitable for Unix/Linux use but out of popular favour for common desktop systems.
VPN PORTS:
50 - IPsec
47 - PPTP GRE packets
1723 – ISAKMP
500 – VPN CLIENT
1701 –L2TP/IPsec
4500 – L2TP/IPsec
Hash
A fixed-size result that is obtained by applying a one-way mathematical function (sometimes called a hash algorithm) to an arbitrary amount of data. If there is a change in the input data, the hash changes. The hash can be used in many operations, including authentication and digital signing. A hash is also called a message digest.
Hash Algorithm
An algorithm used to produce a hash value of some piece of data, such as a message or session key. A good hash algorithm has a quality where changes in the input data can change every bit in the resulting hash value; for this reason, hashes are useful in detecting any modification in a large data object, such as a message. Furthermore, a good hash algorithm makes it computationally infeasible to construct two independent inputs that have the same hash. Typical hash algorithms include MD2, MD4, MD5, and SHA-1. Hash algorithm is also called a hash function.
Message Digest-5 (MD5)
A hashing scheme is a method for transforming data (for example, a password) in such a way that the result is unique and cannot be changed back to its original form. The CHAP authentication protocol uses challenge-response with one-way MD5 (128-bit hashing scheme) hashing on the response. In this way, you can prove to the server that you know your password without actually sending the password over the network.
Secure Hash Algorithm (SHA-1)
A message digest hash algorithm that generates a 160-bit hash value. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.
Data Encryption Standard (DES)
Data Encryption Standard (DES) to provide confidentiality (data encryption). IPSec enables the ability to frequently regenerate keys during a communication. This prevents the entire data set from being compromised if one DES key is broken.
DES is a block cipher that uses a 56-bit key. A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64-bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.
Cipher block chaining (CBC) is also used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks. Used when the high security and overhead of 3DES are not necessary.
3 Data Encryption Standard (3DES)
Used when high security is required. 3DES processes each block three times, using a unique 56-bit key each time:
Encryption on the block with key 1
Decryption on the block with key 2
Encryption on the block with key 3
This process is reversed if the computer is decrypting a packet.
Wednesday, July 23, 2008
Setting up your Linksys router to have wireless security
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, I regret to tell you but, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Note: Configuring WEP in the router varies depending on the model number and firmware version of your Linksys Router.
Cisco Interface (If your Setup page has a Cisco Logo)
Go to Wireless Tab > Wireless Security > Click the drop down arrow then select WEP:
Regular Linksys Router Interface (If your Setup page has a no Cisco Logo)
Under Setup > Click WEP Key Settings or Edit WEP Key Settings
Using passphrase 64bit
Encryption LEVEL 64bit > type a passphrase > click Generate > copy key1 on a piece of paper (10hex character). Then hit Apply or Save Settings.
For manual key entry of 64bit encryption:
Encryption LEVEL: 64bit > Under Key 1 type a 10 digit character from A-F and 0-9.
(e.g.: A0B3F58C9E, 0123456789, ABCDEFABCD). Then hit Apply or Save Settings.
Using passphrase 128bit
Encryption LEVEL128bit > type a passphrase > click Generate > copy key1 on a piece of paper (26hex character). Then hit Apply or Save Settings.
For manual key entry of 128bit encryption:
Encryption LEVEL: 128bit > Under Key 1 type a 26 digit character from A-F and 0-9.
(e.g.:0123456789ABCDEF9874561230, 012345678901234567890123456, ABCDEFABCDABCDEFABCDABCDEF).
Then hit Apply or Save Settings.
If you want better security for Vista computers, you may want to select WPA personal (WPA-PSK) under security > set the Algorithm to TKIP and type your personal security code (any code you want, any characters)
Then hit Apply or Save Settings.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, I regret to tell you but, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Note: Configuring WEP in the router varies depending on the model number and firmware version of your Linksys Router.
Cisco Interface (If your Setup page has a Cisco Logo)
Go to Wireless Tab > Wireless Security > Click the drop down arrow then select WEP:
Regular Linksys Router Interface (If your Setup page has a no Cisco Logo)
Under Setup > Click WEP Key Settings or Edit WEP Key Settings
Using passphrase 64bit
Encryption LEVEL 64bit > type a passphrase > click Generate > copy key1 on a piece of paper (10hex character). Then hit Apply or Save Settings.
For manual key entry of 64bit encryption:
Encryption LEVEL: 64bit > Under Key 1 type a 10 digit character from A-F and 0-9.
(e.g.: A0B3F58C9E, 0123456789, ABCDEFABCD). Then hit Apply or Save Settings.
Using passphrase 128bit
Encryption LEVEL128bit > type a passphrase > click Generate > copy key1 on a piece of paper (26hex character). Then hit Apply or Save Settings.
For manual key entry of 128bit encryption:
Encryption LEVEL: 128bit > Under Key 1 type a 26 digit character from A-F and 0-9.
(e.g.:0123456789ABCDEF9874561230, 012345678901234567890123456, ABCDEFABCDABCDEFABCDABCDEF).
Then hit Apply or Save Settings.
If you want better security for Vista computers, you may want to select WPA personal (WPA-PSK) under security > set the Algorithm to TKIP and type your personal security code (any code you want, any characters)
Then hit Apply or Save Settings.
Wireless Connection Problems
If your wireless connection is somehow intermittent here are some setting in your Linksys router that you can play around.
CHANGING THE CHANNEL AND SSID IN THE WIRELESS ROUTER
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Cisco Interface (if the setup page has a Cisco Logo)
Go to Wireless Tab
SSID: (e.g. Vic or your name or last name)
Channel: Any from 1-11
Then hit Save Settings
Regular Linksys Interface (if the setup page has no Cisco Logo)
Under Setup:
SSID: (e.g. Vic or your name or last name)
Channel: Any from 1-11
Then hit Apply
Note: Changing the advance wireless settings in the router varies depending on the model number and firmware version of your Linksys Router.
Cisco Interface:
Click on the Wireless TAB > Advance Wireless > (Settings info) > Save Settings > Continue
Regular Linksys Router Interface:
Click on the Advance TAB > Advance Wireless > (Settings info) > Apply > Continue or wait for it to come back.
Regular Linksys Router Interface (WRT54G):
Click on the Advance TAB > Advance Wireless > (Settings info) > Apply > Continue or wait for it to come back.
Settings info:
RTS Threshold: 2304
Fragmentation Threshold: 2304
DTIM Interval (If the value is 3 set it to 1) and (If the value is 1 set it to 3)
CHANGING THE CHANNEL AND SSID IN THE WIRELESS ROUTER
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Cisco Interface (if the setup page has a Cisco Logo)
Go to Wireless Tab
SSID: (e.g. Vic or your name or last name)
Channel: Any from 1-11
Then hit Save Settings
Regular Linksys Interface (if the setup page has no Cisco Logo)
Under Setup:
SSID: (e.g. Vic or your name or last name)
Channel: Any from 1-11
Then hit Apply
Note: Changing the advance wireless settings in the router varies depending on the model number and firmware version of your Linksys Router.
Cisco Interface:
Click on the Wireless TAB > Advance Wireless > (Settings info) > Save Settings > Continue
Regular Linksys Router Interface:
Click on the Advance TAB > Advance Wireless > (Settings info) > Apply > Continue or wait for it to come back.
Regular Linksys Router Interface (WRT54G):
Click on the Advance TAB > Advance Wireless > (Settings info) > Apply > Continue or wait for it to come back.
Settings info:
RTS Threshold: 2304
Fragmentation Threshold: 2304
DTIM Interval (If the value is 3 set it to 1) and (If the value is 1 set it to 3)
Setting up your Linksys router on a DSL connection
SETTING THE ROUTER TO PPPOE
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Under the SETUP Page set the following:
WAN/Internet Connection/Configuration Type, click on the drop down arrow beside Obtain IP address automatically or Automatic Configuration-DHCP, then select PPPoE.
It will prompt a Username and Password field. Enter the Username and Password you and you’re ISP configured or the username that you use to sign-on if you are directly connected to the modem.
Example:
Username: 123abc / abc123@verizon.net / 123abc@sbcglobal.net
Password: 123abc
Then Select: “Keep alive, redial period 30 sec.” Then hit Apply or Save Settings.
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Under the SETUP Page set the following:
WAN/Internet Connection/Configuration Type, click on the drop down arrow beside Obtain IP address automatically or Automatic Configuration-DHCP, then select PPPoE.
It will prompt a Username and Password field. Enter the Username and Password you and you’re ISP configured or the username that you use to sign-on if you are directly connected to the modem.
Example:
Username: 123abc / abc123@verizon.net / 123abc@sbcglobal.net
Password: 123abc
Then Select: “Keep alive, redial period 30 sec.” Then hit Apply or Save Settings.
Setting up your Linksys router on Cable ISP connection
Setting up your Linksys router on Cable ISP connection (this applies to most common modems with or without VoIP and other routing features)
MAC ADDRESS CLONING: Media Access Controller Address Cloning
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, I regret to tell you but, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Note: Setting up the MAC Address Clone varies depending on the model number and firmware version of your Linksys Router.
Regular Linksys Router Interface (If your Setup page has a no Cisco Logo)
- Under the SETUP page leave all on default settings. Then click on the Advance Tab and then click on the MAC Address Clone Tab. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
Regular Linksys Router Interface (WRT54G) (If your Setup page has a no Cisco Logo)
- Under the SETUP page leave all on default settings. Then click on the System Tab > Enable MAC Address Clone. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
OR
- Under the SETUP page > Enable MAC Address Clone. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
Cisco Interface (If your Setup page has a Cisco Logo)
- Under the SETUP page leave all on default settings. Click MAC Address Clone, select Enable. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Save Settings.
MAC ADDRESS CLONING: Media Access Controller Address Cloning
Launch your Internet Explorer, Netscape or your Mozilla.
On the Address, Search or URL, type: http://192.168.1.1, then hit Enter/Return. A login screen will appear. Type admin for the password and leave the username blank or empty then hit “OK”.
Note: If it doesn’t take admin as the password you might have changed it when you have ran the RUN ME FIRST CD that came with the router so try other passwords.
If you cannot remember the password, I regret to tell you but, you have to reset the router and, reconfigure it again. Next time, remember the password to avoid unnecessary reset and reconfiguration.
To reset the router to factory default
1] Press and hold the reset button for 30 sec., after that
2] Unplug the power keep holding down the reset button for another 30 sec.
3] Then, plug back the power keep holding down the reset button for 30sec., after that
4] Release the reset button.
Note: Setting up the MAC Address Clone varies depending on the model number and firmware version of your Linksys Router.
Regular Linksys Router Interface (If your Setup page has a no Cisco Logo)
- Under the SETUP page leave all on default settings. Then click on the Advance Tab and then click on the MAC Address Clone Tab. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
Regular Linksys Router Interface (WRT54G) (If your Setup page has a no Cisco Logo)
- Under the SETUP page leave all on default settings. Then click on the System Tab > Enable MAC Address Clone. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
OR
- Under the SETUP page > Enable MAC Address Clone. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Apply.
Cisco Interface (If your Setup page has a Cisco Logo)
- Under the SETUP page leave all on default settings. Click MAC Address Clone, select Enable. Enter the Physical Address or the Adapter Address you have written down on the paper. Then hit Save Settings.
Easy Networking and Subnetting
Networks and Subnetting
When TCP/IP is configured on a computer or other network device, each connection point on the device that will communicate TCP/IP is called an interface. This includes each ethernet port, token ring port, AUI port, wireless network adapter, or serial line connection that is used for TCP/IP networking.
When an IP address and netmask pair are assigned to an interface they make known to the TCP/IP device what other IP addresses are reachable as locally connected to that interface. For example, a computer connected to an ethernet LAN, with an address of 205.217.146.198 and netmask of 255.255.255.0, defines that all IP addresses from 205.217.146.1 through 205.217.146.254 would be local addresses on that ethernet segment, if they exist.
To determine if two addresses are on the same local segment, a router uses the netmask and performs a logical AND operation on each of the two addresses. If the resulting network address is the same, the two addresses are on the same network segment. If the resulting network address is different, then the two addresses are on different segments.
For example, a computer has only one interface and it is connected to an ethernet LAN. The interface has the IP address 192.168.10.30 and a netmask of 255.255.255.252. By combining the netmask and the address together, a network address of 192.168.10.28 is derived.
Interface 192.168.10.30 11000000 10101000 00001010 00011110
Netmask 255.255.255.252 11111111 11111111 11111111 11111100
------------------------------------------------------------------------------
Network Address 192.168.10.28 11000000 10101000 00001010 00011100
To determine if the destination address 192.168.10.37 is on the same network, the netmask is combined with the address, yielding a network address of 192.168.10.36.
Destination 192.168.10.37 11000000 10101000 00001010 00100101
Netmask 255.255.255.252 11111111 11111111 11111111 11111100
-----------------------------------------------------------------------------
Network Address 192.168.10.36 11000000 10101000 00001010 00100100
The two network addresses are not the same, so the two addresses are not on the same network. To reach the destination address from that interface, a datagram would need to be passed to a gateway system on the local network for delivery.
Classical IP networks have default netmasks:
- Class A - 255.0.0.0
- Class B - 255.255.0.0
- Class C - 255.255.255.0
Subnetting is the process of taking a classical IP network (Class A, B, or C) and using a mask to break it into smaller pieces. This is usually performed by a network administrator to provide services to various organizations and divisions within a network. It might be done because of physical requirements, political necessities, or because of hardware differences. Offices could be in different geographic areas, departments might need or want their networks separated, or an organization might have ethernet, token ring, or fast ethernet networks that need to be connected.
Subnetting might also be performed by an ISP to make efficient use of IP addresses or other reasons.
There are specific rules for using subnetting to break up classical IP networks. The primary rule is that when the netmask is represented in binary, all ones must be contiguous to the left, and all zeroes must be contiguous to the right. This results in a limited number of valid netmasks.
Another important subnetting rule is that the highest and lowest numbered subnets are not valid and should not be used. The default netmask for a classical IP network divides the address into a network portion and a host portion. For example, the Class C default netmask 255.255.255.0 assigns the first 24 bits (3 bytes) as the network address, and the last 8 bits (1 byte) as the host portion. Subnetting adds additional One bits to the netmask, in the host portion, which are sometimes referred to as the subnet bits or subnet address. A classical IP network that is subnetted has additional One bits, the most significant bits of what would normally be the host portion, which are used to extend the network into a subnet:
Example Class C Subnet Masks
Mask Network Subnet Host
255.255.255.192 11111111 11111111 11111111 11000000
255.255.255.248 11111111 11111111 11111111 11111000
Example Class B Subnet Masks
Mask Network Subnet Host
255.255.192.0 11111111 11111111 11000000 00000000
255.255.248.0 11111111 11111111 11111000 00000000
255.255.255.128 11111111 11111111 11111111 10000000
Example Class A Subnet Masks
Mask Network Subnet Host
255.192.0.0 11111111 11000000 00000000 00000000
255.255.248.0 11111111 11111111 11111000 00000000
255.255.255.128 11111111 11111111 11111111 10000000
Just as the highest and lowest numbered host address within a network (the network address and announce address) are reserved, the highest and lowest subnet numbers in a network are reserved. Many types of equipment and software will allow a network administrator to assign and use these addresses, but some equipment will reject them as invalid. Some software, especially diagnostic programs, will have problems talking to systems if these reserved networks are used. Many systems interpret the subnet address with all ones as a subnet announce address and the subnet address with all zeroes as a subnet group address.
When using subnet masks to break up a Class C network, there are only five valid netmasks:
Netmask Number Usable Usable Hosts
of Bits Networks per Network
255.255.255.192 26 2 62
255.255.255.224 27 6 30
255.255.255.240 28 14 14
255.255.255.248 29 30 6
255.255.255.252 30 62 2
This table usually brings up several questions:
Why can't you use a netmask of 255.255.255.128 (25 bits)?
The 255.255.255.128 subnet mask would break a Class C network into two subnets, the first with a subnet address of all zeroes and the second with a subnet address of all ones. These two subnet addresses are reserved and should not be used.
If the 255.255.255.192 (26 bit) netmask breaks a Class C network of 254 addresses into two pieces, why do you get only two 62 address networks (124 addresses)? What happened to the rest of the addresses?
When you use a net mask of 192, you have 4 possible subnets:
0 00000000
64 01000000
128 10000000
192 11000000
The first and last subnets are reserved because the first, 0, has a subnet address that is all zeroes, and the last, 192, has a subnet address that is all ones. This leaves only subnets 64 and 128. These have only 62 usable addresses each because the first and last addresses in each network are the reserved network address and announce address.
Why can't you use a netmask of 255.255.255.254 or 255.255.255.255?
A subnet mask of 255.255.255.254 breaks a Class C network into subnets that have only two addresses each. These addresses would be the network address and announce address, which would be unusable as host addresses. The netmask 255.255.255.255 would define a network of only one device. About the only time this mask could be useful is defining a loopback, an IP device that can only talk to itself.
I have seen other netmasks used, or have used them successfully myself - Why would they be invalid?
It is possible to configure networks using other netmasks. If the addresses involved come from Class A or Class B ranges, then the restrictions on the valid masks are different: for Class B networks the subnet mask 255.255.255.128 is valid, 255.255.128.0 is not. Also, newer equipment or software often does not enforce subnet masking restrictions. However, many common pieces of equipment and software do enforce these restrictions, especially diagnostic programs and more expensive routers. Even if you are able to subnet your Class C network using a 255.255.255.128 netmask, or using addresses in the first or last subnet, there is a distinct possibility that that the next piece of equipment of software added to your network could "break" the network.
Subscribe to:
Posts (Atom)