Chassis replacement and upgrade instructions (30 pages)
Summary of Contents for Cisco CVR100W
Page 1
ADMINISTRATION GUIDE Cisco Small Business CVR100W Wireless-N VPN Router...
Page 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
Returning to the Connection Status Page Changing Your Preferred Language Viewing the Help Files Verifying the Hardware Installation Connecting to Your Wireless Network Chapter 2: Viewing CVR100W Status Viewing the Dashboard Viewing System Summary Viewing Connected Devices Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 7
Configuring System Time Configuring Bonjour Using Diagnostic Tools Network Tools Configuring Port Mirroring Configuring Logging Configuring Logging Settings Configuring Remote Syslog Server Backing Up and Restoring System Configuration Backing Up Your Current Configuration Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 8
Connecting to CSC Wireless Network Customizing Your QR Code Appendix A: Using Cisco QuickVPN Before You Begin Installing the Cisco QuickVPN Software Using the Cisco QuickVPN Software Appendix B: Where to Go From Here Cisco CVR100W Wireless-N VPN Router Administration Guide...
• Connecting to Your Wireless Network Product Overview Thank you for choosing the Cisco CVR100W Wireless-N VPN Router. The CVR100W provides simple, affordable, secure business-class connectivity to the Internet for small office/home office (SOHO) and remote professionals. The CVR100W is an advanced Internet-sharing network solution for your small business needs.
LAN Ethernet Interface The CVR100W provides four full-duplex 10/100 Fast Ethernet LAN interfaces that can connect up to four devices. You can connect a Cisco Small Business switch to one of the available ports to expand your network as needed.
The CVR100W supports Wi-Fi Multimedia (WMM) and Wi-Fi Multimedia Power Save (WMM-PS) for quality of service (QoS). The CVR100W also supports 802. 1 p, Differentiated Services Code Point (DSCP), and class of service (CoS) for wired QoS, which can improve the quality of your network when using delay-sensitive Voice over IP (VoIP) applications and bandwidth-intensive video streaming applications.
Introduction Getting to Know the CVR100W Getting to Know the CVR100W Before using the CVR100W, familiarize yourself with its buttons, lights, and interfaces found in this section. Front Panel There are three buttons and eight lights on the front panel.
Page 13
The numbered lights correspond to the LAN ports on the back panel of the CVR100W. • Solid blue when the CVR100W is connected to a device through the corresponding LAN port (1, 2, 3, or 4). • Flashes blue when the CVR100W is sending or receiving data over that LAN port.
RESET button for more than five seconds. This reboots the unit and restores the factory defaults. The settings that you have previously made to the CVR100W are lost. 12VDC The 12VDC port is where you connect the supplied power adapter (12V/0.5 A).
• Mechanical Loading—Be sure that the CVR100W is level and stable to avoid any hazardous conditions. Place the CVR100W horizontally on a flat surface so that it sits on its four rubber feet. Cisco CVR100W Wireless-N VPN Router Administration Guide...
STEP 4 panel. Connect the other end to an Ethernet port on the PC that you will use to run web-based Configuration Utility. Skip this step if you want to connect the PC to the CVR100W through a NOTE wireless connection.
Start a computer that you connected to the CVR100W. The computer becomes a STEP 1 DHCP client of the CVR100W and receives an IP address in the 192. 1 68. 1 .xxx range. Launch a web browser and enter 192.168.1.1 in the address bar. This is the STEP 2 default IP address of the CVR100W.
Introduction Changing the Default Administrative Password The CVR100W automatically changes its IP address to 10. 1 0. 1 0. 1 when its NOTE default IP address conflicts with another device in your network. When the login page appears, choose the language that you prefer to use in the STEP 3 utility, and then enter the username and password.
Page 19
Click Save and Exit to save your changes. STEP 2 The Connection Status page opens. You are required to log into the utility with the new password before you do any other tasks. Cisco CVR100W Wireless-N VPN Router Administration Guide...
You can perform the following actions: • To refresh the data on the screen, click Refresh. • To log out the utility, click Log out. • To launch the Setup Wizard, click Setup Wizard. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page for more information. • To learn more information about your CVR100W, click Product Resources. Using the Getting Started Page The Getting Started page displays the most common configuration tasks. Use the links on this page to jump to the relevant configuration pages.
See Viewing VPN Status. Other Resources CVR100W Resources Click this link to open the CVR100W Resources page. Support Click this link to visit the Cisco support community. Returning to the Connection Status Page To return to the Connection Status page, click the Home Page link near the top right corner of the page.
NOTE configuration for the first time, use the default SSID name and pre-shared key are provided on the product label at the bottom of the CVR100W. The following steps are provided as an example; you may need to configure your device differently.
• Viewing CSC Information • Viewing NETSTAT Information Viewing the Dashboard The Dashboard page displays information about the CVR100W and its current settings. To view the Dashboard: Choose Status > Dashboard. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
Page 25
Viewing CVR100W Status Viewing the Dashboard To display an interactive view of the back panel of the CVR100W, click Show STEP 3 Panel View. The view of the back panel shows you which ports are used (colored in green) and allows you to click the port to obtain information about the connection.
Page 26
MAC Address MAC address of the CVR100W. IPv4 Address Local IPv4 address of the CVR100W. IPv6 Address Local IPv6 address of the CVR100W (if IPv6 is enabled). DHCP Server Shows if the DHCP server is enabled or disabled. DHCPv6 Server Shows if the DHCPv6 server is enabled or disabled (if IPv6 is enabled).
Shows if the predefined SSID is enabled or disabled. QuickVPN Users Number of QuickVPN users. Viewing System Summary The System Summary page displays a summary of the CVR100W’s settings. To view a summary of system settings: Choose Status > System Summary. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
Page 28
System Up Time Duration for which the system has been running. Current Time Time of day. PID VID Product ID and version ID of the CVR100W. IPv4 Configuration LAN IP LAN address of the CVR100W. WAN IP WAN address of the CVR100W.
CVR100W. The Connected Devices page displays information from devices that have NOTE responded to the CVR100W’s Address Resolution Protocol (ARP) request. If a device does not respond to the request, it is removed from the list. To view connected devices: Choose Status >...
To view information for the DHCP clients: Choose Status > DHCP Leased Clients. STEP 1 For every VLAN defined on the CVR100W, this page displays a list of the clients associated with the VLAN. Host Name Name of the device connected to the CVR100W.
From the Refresh Rate drop-down menu, choose a refresh rate. This causes the STEP 2 page to re-read the statistics from the CVR100W and refresh the page. (Optional) By default, byte data is displayed in bytes and other numerical data is STEP 3 displayed in long form.
Viewing Wireless Statistics The Wireless Statistics page shows a cumulative total of relevant wireless statistics for the radio on the CVR100W. To view wireless statistics: Choose Status > Wireless Statistics. STEP 1 From the Refresh Rate drop-down menu, choose a refresh rate.
A warning message will be appeared at this time. The CVR100W limits the time (two hours) that each guest can be connected to the SSID4. The guest connection will be terminated over the time limit. You can also manually terminate the guest connection at any time.
Time of the VPN user ending a connection. Duration (Seconds) Duration between the VPN user establishing and ending a connection. Protocol Protocol that the user uses, such as QuickVPN. To manually terminate a VPN session, click Disconnect. STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Viewing CVR100W Status Viewing Logs Viewing Logs The View Logs page allows you to view the CVR100W logs. To view the logs: Choose Status > View Logs. STEP 1 Click Refresh Logs to display the latest log entries. STEP 2...
From the Refresh Rate drop-down menu, choose a refresh rate. This action STEP 2 causes the page to reread the status and statistics from the CVR100W and refresh the page. (Optional) By default, byte data is displayed in bytes and other numerical data is STEP 3 displayed in long form.
VPN connection. Viewing CSC Information The CSC Information page displays the status for all wireless clients that are associated with the Cisco Simple Connect (CSC) wireless network of the CVR100W. To view information for all CSC wireless clients: Choose Status >...
The count of bytes not acknowledged by the remote host. Local Address Address and port number of the local end of the socket. Foreign Address Address and port number of the remote end of the socket. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 39
--listening (-l) or --all (-a) option. • CLOSING: Both sockets are shut down but we still do not have all our data sent. • UNKNOWN: The state of the socket is unknown. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Configuring Static IP • Configuring Optional Settings Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address. • Cloning the MAC Address...
If the connection is idle—that is, no traffic is flowing—the connection is closed. If you click Connect on Demand, enter the number of minutes after which the connection shuts off in the Max Idle Time field. Cisco CVR100W Wireless-N VPN Router Administration Guide...
When you select this option, the Internet connection is always on. If you click Keep Alive, enter the number of seconds that the CVR100W attempts to reconnect after it is disconnected in the Redial period field. Authentication Type Choose the authentication type: •...
The standard MTU value for Ethernet networks is usually 1500 bytes. For PPPoE connections, the value is 1492 bytes. Unless a change is required by your ISP, Cisco recommends that you choose Auto. The default MTU size is 1500 bytes.
STEP 3 Cloning the MAC Address Sometimes, you may need to set the MAC address of the CVR100W’s WAN port to be the same MAC address as your PC’s or some other MAC address. This is called MAC address cloning.
The default subnet is 255.255.255.0. Click Save. STEP 3 After the CVR100W’s LAN IP address is changed, your PC is no longer connected to the CVR100W. To reconnect your PC to the CVR100W, do one of the following: STEP 4 •...
With DHCP enabled, the CVR100W’s IP address serves as the gateway address to your LAN. The CVR100W assigns IP addresses to PCs on the LAN from a pool of addresses. The CVR100W tests each address before it is assigned to avoid duplicate addresses on the LAN.
VLANs can group endpoints without regard to the physical location of the equipment or users. To create a VLAN: Choose Networking > LAN > VLAN Configuration. STEP 1 Click Add Row. STEP 2 Enter the following information: STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 48
Description Enter a description to identify the VLAN. Port 1 You can associate VLANs on the CVR100W to the LAN ports on the device. By default, all 4 ports belong to Port 2 VLAN1. You can edit these ports to associate them Port 3 with other VLANs.
Configuring Network Configuring LAN Settings Configuring Static DHCP You can configure the CVR100W to assign a specific IP address to a device with a specific MAC address. To configure static DHCP: Choose Networking > LAN > Static DHCP. STEP 1 From the VLAN drop-down menu, choose a VLAN number.
DMZ host. You should assign the DMZ host an IP address in the same subnet as the CVR100W’s LAN IP address, but it cannot be identical to the IP address given to the LAN interface of this gateway.
Keep this default setting if the CVR100W is hosting your network’s connection to the Internet. Router Click this radio button to set the CVR100W to act as a router. Select this option if the CVR100W is on a network with other routers.
In the Static Routing area, choose a route entry from the Route Entries drop- STEP 2 down menu. To delete the route entry, click Delete This Entry. Configure the following settings for the selected route entry: STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
To view the IPv4 routing information on your network, click Show IPv4 Routing STEP 2 Table in the Routing Table area. To view the IPv6 routing information on your network, click Show IPv6 Routing STEP 3 Table in the Routing Table area. Cisco CVR100W Wireless-N VPN Router Administration Guide...
If you do not have a DDNS account, click the URL of the service to visit the STEP 3 selected DDNS service's website so that you can create an account. Configure the following information: STEP 4 Username Enter the username of the DDNS account. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Enter the password of the DDNS account. Host Name (3322.org) Enter the host name of the DDNS server. Internet IP Address (3322.org) Internet IP address of the CVR100W. Status (3322.org) Displays the status if the DDNS update has completed successfully or if the account update information sent to the DDNS server failed.
ISP for this WAN or to use a static IPv6 address provided by the ISP. Setting the IP Mode To configure IPv6 WAN settings on your CVR100W, you must first set the IP mode to LAN:IPv6, WAN:IPv6 or LAN:IPv4+IPv6, WAN:IPv4+IPv6.
If your ISP assigns you a fixed address to access the Internet, configure the CVR100W to use a static IPv6 address. To configure the CVR100W to use a static IPv6 address: Choose Networking > IPv6 Configuration > IPv6 WAN Configuration.
The DHCPv6 server assigns IPv6 addresses from configured address pools that use the IPv6 prefix length assigned to the LAN. Setting the IP Mode To configure IPv6 LAN settings on your CVR100W, you must first set the IP mode to one of the following modes: •...
STEP 2 configure the DHCPv6 settings: DHCP Status Check to enable the DHCPv6 server. If enabled, the CVR100W assigns an IP address within the specified range plus additional specified information to any LAN endpoint that requests DHCP- served addresses. Domain Name Enter the domain name of the DHCPv6 server.
Configuring IPv6 Address Pools You can define the IPv6 delegation prefix for a range of IPv6 addresses to be served by the CVR100W’s DHCPv6 server. Using a delegation prefix, you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix.
LAN, WAN, or 6to4. Metric Enter the priority of the route by choosing a value between 2 and 15. If multiple routes to the same desti- nation exist, the route with the lowest metric is used. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Check to make the route active. When you add a route in an inactive state, it gets listed in the routing table, but is not used by the CVR100W. You can always activate the route later. This feature is useful if the network that the route con- nects to is not available when you added the route.
Click Refresh to refresh the data on this page. STEP 2 Configuring Router Advertisement The Router Advertisement Daemon (RADVD) on the CVR100W listens for router solicitations in the IPv6 LAN and responds with router advertisements as required. This is stateless IPv6 auto configuration, and the CVR100W distributes IPv6 prefixes to all nodes on the network.
Page 64
(setting the router preference value) and hosts (interpreting the router preference value). These values are ignored by hosts that do not implement router preference. This feature is useful if there are other RADVD-enabled devices on the LAN. Cisco CVR100W Wireless-N VPN Router Administration Guide...
If you choose 6to4 as the IPv6 prefix type, enter the Site-Level Aggregation Identifier (SLA ID). The SLA ID in the 6to4 address prefix is set to the interface ID of the interface on which the advertise- ments are sent. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 66
Prefix Lifetime Enter the prefix lifetime, or the length of time over which the requesting router is allowed to use the pre- fix. Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Change the default wireless network name or SSID. Wireless devices have a default wireless network name or SSID. This is the name of your wireless network, and can be up to 32 characters in length. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 68
• Enable MAC address filtering. Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device.
Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions: •...
Choose this option if you have only Wireless-B devices in your network. G-Only Choose this option if you have only Wireless-G devices in your network. N-Only Choose this option if you have only Wireless-N devices in your network. Cisco CVR100W Wireless-N VPN Router Administration Guide...
CVR100W. To configure the settings for a wireless network: Check the box for the network that you want to configure, and click the Edit button. STEP 1 Configure these settings: STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 72
Check to enable wireless isolation within the SSID. WMM (Wi-Fi Check to enable WMM. Multimedia) WPS Hardware Check to map the CVR100W’s WPS button on the front Button panel to this network. Click Save. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
To configure the security settings for a SSID: In the Wireless Table (Wireless > Basic Settings), check the SSID that you want STEP 1 to configure. Click Edit Security Mode. The Security Settings page opens. STEP 2 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 74
5 ASCII characters (or 10 hexadecimal characters) for 64-bit WEP and 13 ASCII characters (or 26 hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are 0 to 9 and A to F. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 75
Enter the IP address of the RADIUS server. RADIUS Port Enter the port used to access the RADIUS server. Shared Key Enter an alphanumeric phrase (8 to 63 ASCII characters or 64 hexadecimal digits). Cisco CVR100W Wireless-N VPN Router Administration Guide...
If you want to add a device in the client list to the MAC Address Table, check the STEP 6 box in the Save to MAC Address Filter List column and click Add to MAC to add the selected device to the MAC Address Table. Click Save. STEP 7 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Click Back to go back to the Basic Settings page. STEP 6 Configuring Guest Net The SSID4 (default name: cisco-guest) is used for guest access. The guests can access the Internet through this SSID and the internal network security would not be affected.
By default, Cisco Simple Connect (CSC) is disabled on the CVR100W. You can set one of the SSIDs (SSID1, SSID2, or SSID3) of the CVR100W as the CSC wireless access point. The wireless clients that are associated with the CSC wireless access point can only access the Internet through the CVR100W.
Page 79
Configuring Basic Wireless Settings highest level of security that is supported by the devices into your wireless network. To enable Cisco Simple Connect and configure the settings of the CSC wireless access point: Choose Wireless > Basic Settings. The Basic Settings page opens.
Page 80
SSID Name Displays the current name of the CSC wireless access point. By default, it is named as Cisco-Simple-Connect after Cisco Simple Connect is enabled for the first time. Security Mode Displays the current security mode used on the CSC wireless access point.
WMM No Check Enable to enable this feature. Enabling WMM No Acknowledgement Acknowledgement can result in more efficient throughput, but higher error rates in a noisy Radio Frequency (RF) environment. Default setting is disabled. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 82
The Basic Rate setting is not the rate of transmission but a series of rates at which the Services Ready Platform can transmit. The CVR100W advertises its basic rate to the other wireless devices in your network, so they know which rates will be used.
Page 83
Send) Protection Mode when your Wireless-N and Wireless-G devices are experiencing severe problems and are not able to transmit to the CVR100W in an environment with heavy 802. 1 1b traffic. This function boosts the CVR100W’s ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance.
To establish a WDS link, the CVR100W and other remote WDS peers must be configured in the same wireless network mode, wireless channel, wireless band selection, and encryption types (None and WEP).
Connect. Click Save. STEP 6 Configuring WPS You can configure WPS on the CVR100W to allow WPS-enabled devices to more easily connect to the wireless network. To enable WPS on your CVR100W: Choose Wireless > WPS.
Page 86
WPS light flashes (1 Hz) for 30 seconds. Occurred WPS Session WPS light flashes (0. 1 Hz) in one second and turns off Overlap next second for 120 seconds. WPS Enabled or WPS light is off. Disabled Cisco CVR100W Wireless-N VPN Router Administration Guide...
CVR100W Firewall Features Access Rules You can secure your network by creating and applying rules that the CVR100W uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following: •...
Page 88
WAN ports are configured; for the CVR100W, you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can be used.
Some applications require that, when external devices connect to them, they receive data on a specific port or range of ports in order to function properly. The CVR100W must send all incoming data for that application only on the required port or range of ports.
Page 90
Configure set by users who have UPnP support enabled on their computers or other UPnP enabled devices. If disabled, the CVR100W does not allow application to add the forwarding rule. Allow Users to (UPnP) Check to allow users to disable Internet Disable Internet access.
To create a schedule: Choose Firewall > Schedule Management. STEP 1 Click Add Row. STEP 2 In the Schedule Name field, enter a unique name to identify the schedule. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
In the Service Name field, enter the service name for identification and STEP 3 management purposes. In the Protocol field, choose the Layer 4 protocol that the service uses from the STEP 4 drop-down menu: • • • TCP & UDP • ICMP Cisco CVR100W Wireless-N VPN Router Administration Guide...
Choose Allow or Deny. STEP 2 Click Save. STEP 3 Configuring Access Rules All configured access rules on the CVR100W are displayed in the Access Rules Table. To create an access rule: Choose Firewall > Access Control > Access Rules. STEP 1 Click Add Row.
Page 94
Internet Message Access Protocol (IMAP) • Network News Transport Protocol (NNTP) • Post Office Protocol (POP3) • Simple Network Management Protocol (SNMP) • Simple Mail Transfer Protocol (SMTP) • Telnet • Telnet Secondary Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 95
STEP 10 The priorities are defined by QoS Level: (1 (lowest), 2, 3, 4 (highest)). In the Rule Status field, check to enable the new access rule. STEP 11 Click Save. STEP 12 Cisco CVR100W Wireless-N VPN Router Administration Guide...
STEP 13 Configuring Internet Access Rules The CVR100W supports several options for blocking Internet access. You can block all Internet traffic, block Internet traffic to certain PCs or endpoints, or block access to Internet sites by specifying keywords to block. If these keywords are found in the site's name (for example, web site URL or newsgroup name), the site is blocked.
In the Service Name field, enter the name of the service to configure port STEP 2 forwarding for. In the External Port field, enter the port number that triggers this rule when a STEP 3 connection request from outgoing traffic is made. Cisco CVR100W Wireless-N VPN Router Administration Guide...
From the Protocol drop-down menu, choose a protocol (TCP, UDP, or TCP & STEP 5 UDP). In the IP Address field, enter the IP address. STEP 6 In the Enable field, check the box to enable the rule. STEP 7 Click Save. STEP 8 Cisco CVR100W Wireless-N VPN Router Administration Guide...
If the incoming connection uses only one port, then specify the same port number in both fields. In the Enable field, check the box to enable the rule. STEP 5 Click Save. STEP 6 Cisco CVR100W Wireless-N VPN Router Administration Guide...
1. Add the users in the VPN > VPN Clients page. See Configuring VPN Clients. 2. Instruct users to obtain the free Cisco QuickVPN software from Cisco.com, and install it on their computers. For more information, see Using Cisco QuickVPN.
The CVR100W supports site-to-site VPN for a single gateway-to-gateway VPN tunnel. For example, you can configure the CVR100W at a branch site to connect to the router at the corporate site, so that the branch site can securely access the corporate network.
STEP 2 Click Import to load the file. STEP 3 A warning message appears saying “This operation will replace the existing VPN STEP 4 user settings. Are you sure to continue?” Click Yes. Cisco CVR100W Wireless-N VPN Router Administration Guide...
You could have a router like the Cisco RV220W that supports ten site-to-site VPN tunnels and have a CVR100W at each remote site to provide secure connectivity.
Endpoint Information Remote Endpoint Choose the way that the remote endpoint, or the router to which the CVR100W will connect, is identified by IP address or FQDN (Fully-qualified Domain Name). Remote WAN Enter the public IP address or domain name of the (Internet) IP Address remote endpoint.
Page 105
Configuring Basic VPN Setup Redundancy Endpoint Choose the way that the remote redundancy endpoint, or the router to which the CVR100W will connect, is identified by IP address or FQDN. Redundancy WAN Enter the public IP address or domain name of the (Internet) IP Address remote redundancy endpoint.
CVR100W initiates and receives VPN connections with other endpoints. Configuring Global Advanced VPN Settings You can globally enable or disable NAT Traversal and NetBIOS on the CVR100W. To configure NAT Traversal and NetBIOS on your CVR100W: Choose VPN > Advanced VPN Setup.
Aggressive Mode: This mode establishes a faster connection, but with lowered security. Respondent Mode Check Enable to set the CVR100W to work as a VPN respondent. The CVR100W can only receive the VPN request from remote VPN peer. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 108
MD5, SHA-1, or SHA2-256. Ensure that the authentication algorithm is configured identically on both sides of the VPN tunnel (for example, the CVR100W and the router to which it is connecting). Pre-Shared Key Enter the key in the space provided. Note that the double-quote character (“) is not supported in the key.
DPD Timeout If you enable DPD, enter the maximum time that the CVR100W should wait to receive a response to the DPD message before considering the peer to be dead. Click Save. Then click Back to return to the Advanced VPN Setup page.
Page 110
Redundancy Check Enable to enable the redundancy gateway Endpoint feature so that the CVR100W can connect to a backup VPN endpoint when the primary VPN connection fails. If you enable this feature, specify the IP address or FQDN of the remote redundancy endpoint or the router to which the CVR100W will connect when the primary VPN connection fails.
Page 111
For a Manual policy type, enter the settings in the Manual Policy Parameters area. SPI-Incoming Enter a hexadecimal value between 3 and 8 characters; for example, 0x1234. SPI-Outgoing Enter a hexadecimal value between 3 and 8 characters. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 112
After the specified number of seconds passes, the Security Association is renegotiated. The default value is 3600 seconds. The minimum value is 300 seconds. Encryption Algorithm Select the algorithm used to encrypt the data. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Click IPSec Connection Status to see the status of all site-to-site VPN policies on STEP 5 the CVR100W. Managing Certificates The CVR100W uses digital certificates for IPsec VPN authentication and SSL validation (for HTTPS). You can generate and sign your own certificates using functionality available on the CVR100W. Generating a New Certificate You can generate a new certificate to replace the existing certificate on the CVR100W.
The certificate for administrator contains the private key and should be stored in a safe place as a backup. If the CVR100W’s configuration is restored to the factory default settings, this certificate can be imported and restored on the CVR100W.
CVR100W. To configure VPN passthrough: Choose VPN > VPN Passthrough. STEP 1 Choose the type of traffic to allow to pass through the CVR100W: STEP 2 IPsec Passthrough Check Enable to allow IP security tunnels to pass through the CVR100W.
(LAN) to the insecure network (WAN). Configuring Bandwidth You can limit the bandwidth to reduce the rate at which the CVR100W transmits data. You can also use a bandwidth profile to limit the outbound traffic, thus preventing the LAN users from consuming all of the bandwidth of the Internet link.
Save. To add a new service definition, click Configure Services. You can define a new STEP 8 service to use for all firewall and QoS definitions. See Configuring Service Management for more information. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Configuring Quality of Service (QoS) Configuring QoS Port-Based Settings Configuring QoS Port-Based Settings You can configure QoS settings for each LAN port on the CVR100W. The CVR100W supports 4 priority queues that allow for traffic prioritization per physical switch port.
For each DSCP value in the DSCP Settings table, choose a priority level from the STEP 3 Queue drop-down menu. This maps the DSCP value to the selected QoS queue. Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 120
Configuring Quality of Service (QoS) Configuring DSCP Settings To restore the default DSCP settings, click Restore Default. STEP 5 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Administering Your CVR100W This chapter describes the administration features of the CVR100W, including user management, network management, system diagnostics and logs, date and time, and other settings. It includes the following sections: • Configuring Password Complexity • Configuring Administrator Account Settings •...
Administering Your CVR100W Configuring Password Complexity Configuring Password Complexity The CVR100W can enforce the minimum password complexity requirements for password changes. To configure the password complexity settings: Choose Administration > Password Complexity. STEP 1 In the Password Complexity Settings field, check Enable.
You can access web-based Configuration Utility from the LAN side by using the CVR100W’s LAN IP address and HTTPS (HTTP over SSL) or HTTP, or from the WAN side by using the CVR100W’s WAN IP address and HTTPS or HTTP.
To control the flow on a port, check the Flow Control box on that port. STEP 3 Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Configuring Do-Not-Disturb Mode Configuring Do-Not-Disturb Mode The Do-Not-Disturb Mode feature turns on or turns off all lights of the CVR100W. You can enable this feature by pressing the Do-Not-Disturb Mode button on the front panel or from web-based Configuration Utility.
Manually Set System Time fields. Click Save. STEP 7 Configuring Bonjour Bonjour is a service advertisement and discovery protocol. On the CVR100W, it only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: Choose Administration > Bonjour.
Network Tools Using Ping/Traceroute You can use the Ping tool to test connectivity between the CVR100W and another device in the network or to test connectivity to the Internet by pinging a fully qualified domain name (for example, www.cisco.com).
Choose Administration > Diagnostics > Port Mirroring. STEP 1 In the Mirror Source area, check the ports to mirror. STEP 2 In the Mirror Port area, choose a mirror port. STEP 3 Click Save. STEP 4 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Administering Your CVR100W Configuring Logging Configuring Logging The Logging page allows you to configure the logging settings on the CVR100W. Configuring Logging Settings To configure the logging settings: Choose Administration > Logging. STEP 1 In the Log Mode field, check Enable to enable the logging feature.
Administration > Backup / Restore Settings page. During a restore operation, do not try to go online, turn off the CVR100W, shut down CAUTION the PC, or use the CVR100W until the operation is complete. This should take about a minute.
Select the file and click Browse. STEP 3 Click Restore Configuration. STEP 4 The CVR100W uploads the configuration file and uses its settings to update the system configuration. Then the CVR100W restarts and uses the new configuration. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Administering Your CVR100W Upgrading Firmware Upgrading Firmware You can upgrade the CVR100W to a newer firmware from the Administration > Firmware Upgrade page. During a firmware upgrade, do not try to go online, turn off the device, shut down CAUTION the PC, or interrupt the process in any way until the operation is complete.
Administering Your CVR100W Rebooting the CVR100W Go to the Status > System Summary page to make sure that the CVR100W is STEP 5 using the new firmware version. Rebooting the CVR100W To reboot the CVR100W, you can press and release the RESET button on the back panel for less than 5 seconds, or perform the Reboot operation from web-based Configuration Utility.
STEP 1 Click Restore Factory Defaults. STEP 2 This reboots the unit and restores the CVR100W to the factory default settings. The settings that you have previously made to the CVR100W are lost. Running the Setup Wizard You can use the Setup Wizard to quickly configure the initial settings of your CVR100W.
Page 136
Gateway IP: Enter the IP address of the default gateway. Primary DNS: Enter the IP address of the primary DNS server. Secondary DNS: (Optional) Enter the IP address of the secondary DNS server. Click Next to continue. STEP 3 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 137
Exit, the changes that you made will be lost. The Change Password window appears if you exit the Setup Wizard without saving NOTE any settings. See Changing the Default Administrative Password for more information. Cisco CVR100W Wireless-N VPN Router Administration Guide...
By default, Cisco Simple Connect is disabled on the CVR100W. You can set one of the SSIDs (SSID1, SSID2, or SSID3) as the CSC wireless access point. The wireless clients that are associated with the CSC wireless access point can only access the Internet through the CVR100W.
Page 139
CVR100W’s local network resources. • The CVR100W provides you with a unique token key and displays the time that you can access the Internet after you run the CSC client application on a smart phone or panel computer that supports the Android or iOS operating system to interact with the CSC card.
Using Cisco Simple Connect Configuring Cisco Simple Connect Configuring Cisco Simple Connect To enable Cisco Simple Connect and configure the settings of the CSC wireless access point: Choose Wireless > Basic Settings. STEP 1 In the Wireless Table, check the SSID that you want to configure and click Edit.
Page 141
SSID Name Displays the current name of the CSC wireless access point. By default, it is named as Cisco-Simple-Connect after Cisco Simple Connect is enabled on this SSID for the first time. Security Mode Displays the current wireless security mode used on the CSC wireless access point.
Internet. The CVR100W provides you with a unique token key and displays the time that you can access the Internet. If the CVR100W limits the time to access the Internet, the wireless connection will be terminated until the next legal login when your online time exceeds the limitation.
CSC-enabled devices. This section describes how to customize the SSID name and security key of the CSC wireless network, and then print a new QR code from the CVR100W Resources page. After you customize the SSID name and/or security key other than the default CAUTION settings that are provided on the CSC card, the CSC card will be invalid.
Page 144
Using Cisco Simple Connect Customizing Your QR Code The wireless clients can now use the CSC client application on their CSC-enabled devices to interact with the new QR code and connect to the CSC wireless network. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Using Cisco QuickVPN This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from Cisco.com. QuickVPN works with computers running Windows 7, Windows XP, Windows Vista, or Windows 2000. Computers using other operating systems will have to use third-party VPN software.
STEP 2 software. Save the zip file to your PC, and extract the zip file. STEP 3 Double-click the .exe file, and follow the on-screen instructions to install the Cisco STEP 4 QuickVPN software. Using the Cisco QuickVPN Software To launch the Cisco QuickVPN software and establish the VPN connection with a remote VPN server: Double-click the Cisco QuickVPN icon on your desktop or in the system tray.
Page 147
STEP 7 The connection progress displays: Connecting, Provisioning, Activating Policy, and Verifying Network. After your QuickVPN connection is established, the QuickVPN tray icon turns STEP 8 green, and the QuickVPN Status window appears. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 148
Enter your password in the Old Password field. Enter your new password in the STEP 10 New Password field. Then enter the new password again in the Confirm New Password field. Click OK to save your new password. STEP 11 Cisco CVR100W Wireless-N VPN Router Administration Guide...
Page 149
Using Cisco QuickVPN Using the Cisco QuickVPN Software You can change your password only if the Allow User to Change Password NOTE box has been checked for that username. See Configuring VPN Clients complete details. Cisco CVR100W Wireless-N VPN Router Administration Guide...
Where to Go From Here Cisco provides a wide range of resources to help you obtain the full benefits of the Cisco CVR100W Wireless-N VPN Router. Support Cisco Small Business Support www.cisco.com/go/smallbizsupport Community Cisco Small Business Support www.cisco.com/go/smallbizhelp and Resources Phone Support Contacts www.cisco.com/go/sbsc...