manualshive.com logo in svg

D-Link DSR-1000, User Manual

The D-Link DSR-1000 is a versatile networking device offering seamless connectivity and advanced features. With its user-friendly interface, managing your network has never been easier. Explore the full potential of this powerful device by accessing our free user manual for download at manualshive.com for comprehensive instructions and troubleshooting guidance.

Share
Download
background image

D-Link DSR-Series User Manual

183

Section 8 - Security

3.  Complete the fields from the table below and click 

Save

.

Field

Description

From Zone

IPv4: 

Select the source of originating traffic: Secure (LAN), Secure (VLAN), INSECURE ( WAN1/WAN2/WAN3 

(Mobile Internet)) or DMZ. 

IPv6:

Select the source of originating traffic: Secure (LAN), INSECURE (Dedicated WAN/Optional WAN). 

Available VLANs

Select VLAN name from the list of available VLANs if To Zone is selected as SECURE (VLAN). 

To Zone

IPv4:

Select the destination of the traffic that is controlled by this firewall rule: INSECURE (Dedicated WAN/

Configurable WAN/WAN3 (Mobile Internet)), Secure (VLAN) or DMZ. 

IPv6:

Select the destination of the traffic that is controlled by this firewall rule: INSECURE (Dedicated WAN/

Optional WAN). 

Service

Select a service from the drop-down menu. ANY means all traffic is affected by this rule. 

Action

Select an action from the drop-down menu:

•  Always Block: It 

blocks the selected service at all times.

•  Always Allow:

 It allows data matching the selected service to pass through at all times.

•  Block by schedule

: It works in conjunction with a predefined schedule. The selected service will 

be blocked during the schedule interval and will be allowed to pass through at other times.

•  Allow by schedule

: It works in conjunction with a predefined schedule. The selected service 

will be allowed to pass through during the schedule interval and will be blocked at other times.

Select Schedule

Choose a predefined schedule from the drop-down list.

Source Hosts

Select the hosts that originate the traffic for this firewall rule. If you select Single Address or Address 

Range, you will need to enter the IP address or IP range.

Destination Hosts

Select the host that will receive the traffic for this firewall rule. If you select Single Address or Address 

Range, you will need to enter the IP address or IP range.

Log

Specify whether or not the packets for this rule should be logged. To log details for all packets that 

match this rule, select Always. Select Never to disable logging.

QoS Priority (IPv4 only)

Assign a priority to IP packets of this service. The priorities are defined by “Type of Service (TOS) in 

the Internet Protocol Suite” standards, RFC 1349. The gateway marks the Type Of Service (TOS) field 

as defined below: 

•  Normal-Service

: No special priority is given to the traffic. The IP packets for     services with this 

priority are marked with a TOS value of 0.

•  Minimize-Cost

: Choose this option when data must be transferred over a link that has a lower 

“cost”. The IP packets for services with this priority are marked with a TOS value of 2.

•  Maximize-Reliability

: Choose this option when data needs to travel to the destination over a 

reliable link and with little or no retransmission. The IP packets for services with this priority are 

marked with a TOS value of 4.

•  Maximize-Throughput

: Choose this option when the volume of data transferred during an in-

terval is important even if the latency over the link is high. The IP packets for services with this 

priority are marked with a TOS value of 8.

•  Minimize-Delay

: Choose this option when the time required (latency) for the packet to reach 

the destination must be low. The IP packets for services with this priority are marked with a TOS 

value of 16.

2.  Right-click an entry and select either 

Edit

 or 

Delete

. To add a new group, click 

Add New IPv4/IPv6 

Firewall Rule

.

Summary of Contents for DSR-1000

Page 1: ...Wireless AC Services Router User Manual DSR 150 150N 250 250N 500 1000 500AC 1000AC Version 3 13 November 20 2018 ...

Page 2: ...d OpenVPN etc 3 04 March 31 2017 Updated the following sections Radio Settings System Check IP Mode Pro files PPPoE IPv6 WAN1 Settings DHCP Leased Clients Added the following new features Service Route Management Radius Ac counting SIM Card Authentication URL Filtering ACL OmniSSL Configuration OpenVPN Certificate PPTP L2TP Auto connect 3 11 May 08 2017 DSR product with firmware v3 11 Please refer...

Page 3: ...der DMZ and Load Balancing sections Updated Syslog sectionunderRemoteLogging Trademarks Copyright Notice D Link and the D Link logo are trademarks or registered trademarks of D Link Corporation or its subsidiaries in the United States or other countries All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies 2018 D Link Corporation ...

Page 4: ... section in your troubleshooting guide or contact your trained service provider Do not push any objects into the openings of your system Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power so...

Page 5: ...or tripped over Be sure that nothing rests on any cables Do not modify power cables or plugs Consult a licensed electrician or your power company for site modifications Always follow your local national wiring rules Whenconnectingordisconnectingpowertohot pluggablepowersupplies ifofferedwithyoursystem observe the following guidelines Install the power supply before connecting the power cable to th...

Page 6: ...scharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the anti static packing material until you are ready to install the component in your system Just before unwrapping the anti static packaging be sure to discharge static electricity from your body 2 When transporting a sensitive component first place it in an anti static container or...

Page 7: ...rk Standby 7 1232 watts Switched Off 0 0743 watts DSR 500 Network Standby 6 9334 watts Switched Off 0 079 watts DSR 1000AC Network Standby 7 9626 watts Switched Off 0 0672 watts DSR 500AC Network Standby 6 6813watts Switched Off 0 0652 watts DSR 250N Network Standby 6 2458 watts Switched Off 0 1266 watts DSR 250 Network Standby 7 8588 watts Switched Off 0 1290 watts DSR 150N Network Standby 7 8575...

Page 8: ...twork 3 Basic Configuration 4 1 Log in to the Web UI 5 2 Change LAN IP Address 6 3 Configure DHCP Server 7 4 Set Time and Date 8 5 Internet Connection Setup 9 6 Wireless Network Setup 12 7 Create Users 13 8 Security VPN Wizard 14 9 Dynamic DNS Wizard 16 LAN Configuration 17 LAN Settings 18 DHCP Server 19 DHCP Relay 20 LAN DHCP Reserved IPs 21 IP MAC Binding 22 IGMP Setup 24 UPnP 25 VLAN 26 VLAN Se...

Page 9: ... Robin 47 Spillover 48 SIM Card Authentication 49 Routing Mode 50 NAT or Classical 50 Transparent 51 Bridge 52 IP Aliasing 53 DMZ Settings 54 DMZ DHCP Reserved IPs 55 Dynamic DNS Settings 56 Traffic Management 58 Bandwidth Profiles 58 Traffic Shaping 60 Bridge Bandwidth Profiles 62 Bridge Traffic Selectors 64 Session Limiting 66 Jumbo Frames 68 Routing 69 Static Routes 69 RIP 71 OSPF 72 Protocol B...

Page 10: ...ireless Settings 93 Access Points 93 Profiles 96 Radio Settings 98 802 11AC Configuration 100 WMM Settings 101 WDS 102 Advanced Settings 103 WPS 105 VPN 107 IPSec VPN 108 Policies 108 Tunnel Mode 112 Split DNS Names 113 DHCP Range 114 Certificates 115 Trusted Certificates 115 Active Self Certificates 116 Self Certificate Requests 117 Easy VPN Setup 118 One To One Mapping 119 PPTP VPN 121 PPTP Serv...

Page 11: ...ficate 145 OpenVPN Server Policy 146 Local Networks 147 Remote Networks 148 OmniSSL Client Configuration 149 OmniSSL Portal Layouts 150 GRE 152 Security 154 Groups 154 Login Policies 155 Browser Policies 156 IP Policies 157 Users 158 User Management 158 Import User Database 159 Create a User Database CSV File 160 External Authentication Servers 161 RADIUS Server 161 POP3 Server 162 POP3 Trusted Se...

Page 12: ...187 Blocked Clients 188 Custom Services 189 ALGs 191 SMTP ALGs 192 Approved Mail IDs 193 Blocked Mail IDs 194 Mail Filtering 195 VPN Passthrough 196 Dynamic Port Forwarding 197 Application Rules 197 Attack Checks 199 Intel AMT 201 IPS 202 App Control Policy 203 Application Control 203 Policies 203 Network Profiles 206 Auto Upgrade 207 Maintenance 208 System Settings 208 Date and Time 209 Session S...

Page 13: ...ts 227 System Check 228 Power Saving 229 DDP Client 230 Firmware Upgrade 231 Check Update 231 Using System PC 232 Using USB 233 Configuration Files 234 Backup 234 Restore 235 Backup Settings 236 Soft Reboot 237 Reset to Factory Default Settings 238 Log Settings 239 Defining What to Log 239 Routing Logs 241 IPv6 Logs 242 System Logs 243 Remote Logging 244 Email 244 Syslog 246 SMS Logging 247 Status...

Page 14: ...leshooting 268 Internet Connection 268 Date and time 270 Pinging to Test LAN Connectivity 271 Testing the LAN path from your PC to your router 271 Testing the LAN path from your PC to a remote device 272 Restoring factory default configuration settings 273 Appendix A Glossary 274 Appendix B Factory Default Settings 276 Appendix C Standard Services for Port Forwarding Firewall Configuration 277 App...

Page 15: ...ve a single WAN interface and thus it does not support Auto Failover and Load Balancing scenarios Superior Wireless Performance Designed to deliver superior wireless performance the DSR 150N and DSR 250N include 802 11 a b g n support allowing for operation on the 2 4 GHz radio band Multiple In Multiple Out MIMO technology allows the DSR 150N and DSR 250N to provide high data rates with minimal de...

Page 16: ...nTechnology As a concerned member of the global community D Link is devoted to providing eco friendly products D Link Green Wi Fi and D Link Green Ethernet save power and prevent waste The D Link Green WLAN scheduler reduces wireless power automatically during off peak hours Likewise the D Link Green Ethernet program adjusts power usage based on the detected cable lengthandlinkstatus Inaddition co...

Page 17: ...wet floors leaks ungrounded or frayed power cables or missing safety grounds Before you Begin This section provides information and steps on how to connect your DSR router to your network Connect to your Network This section provides basic information about physically connecting the DSR 250 to a network 1 Connect an Ethernet cable from the port labeled WAN to the external router or modem The port ...

Page 18: ...structions described in this section which includes 1 Log in to the Web UI on page 5 2 Change LAN IP Address on page 6 3 Configure DHCP Server on page 7 4 Set Time and Date on page 8 5 Internet Connection Setup on page 9 6 Wireless Network Setup on page 12 7 Create Users on page 13 8 Security VPN Wizard on page 14 9 Dynamic DNS Wizard on page 16 ...

Page 19: ...ser enter the IP address for the LAN interface default http 192 168 10 1 and then press Enter 4 Enter your username default admin and your password default admin then click Login 1 Log in to the Web UI The LAN connection may be through the wired Ethernet ports available on the router or once the initial setup is complete the DSR may also be managed through its wireless interface Access the router ...

Page 20: ...nge the IP address and click Save the Web UI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained an IP address fromnewlyassignedpool orhasastaticIPaddressintherouter sLANsubnet beforeaccessingtherouterviachanged IP address 3 Under IP Address Setup enter a new IP address for the router 4 Enter a new su...

Page 21: ...on Starting IP Address Enter the starting IP address in the DHCP address pool Any new DHCP client joining the LAN is assigned an IP address within the starting and ending IP address range Starting and ending IP addresses should be in the same IP address subnet as the wireless controller s LAN IP address Ending IP Address Enter the ending IP address in the DHCP address pool Default Gateway By defau...

Page 22: ... the map and then next to City select your time zone from the drop down menu Toggle Daylight Saving to ON if it applies to you and then click Next 5 Toggle NTP server to ON to use a time server or toggle to OFF to manually enter the time and date 6 IfyouselectedON selecteitherDefaultorCustomfromthedrop downmenu IfyouselectedCustom enter a primary and secondary NTP server address 7 Enter the time t...

Page 23: ...ranged for internet service with your Internet Service Provider ISP Please contact your ISP or network administrator for the configuration information that will be required to setup the router Supported Internet connection types include Dynamic Static PPPoE PPTP L2TP Japanese PPPoE and Russian PPPoE PPTP L2TP To configure your router to connect to the Internet follow the steps below 3 Click Run in...

Page 24: ...PC s MAC Address Select to use the MAC address of the computer you are currently connecting with Use this MAC Address Select to manually enter a MAC address and enter the address in the box Host Name Enter a host name if required by your ISP DNS Server Source Select from the following two options Get Dynamically from ISP Select to use the DNS servers assigned by your ISP Use these DNS Servers Sele...

Page 25: ...urrently connecting with Use this MAC Address Select this option to manually enter a MAC address and enter the address in the box IP Address Enter the IP address assigned by your ISP Gateway IP Address Enter the gateway IP address assigned by your ISP IP Subnet Mask Enter the subnet mask assigned by your ISP Primary DNS Server Enter the primary DNS server IP address assigned by your ISP Secondary ...

Page 26: ...key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or WPA2 type security Supported clients that have been given this PSK can associate with this AP The default auto assigned PSK is passphrase 5 Select a ProfileName from the drop down menu and enter the NetworkName SSID which is the name of your wireless network 6 Next to Network ...

Page 27: ...o Users on page 158 for more information You may want to create Groups before users so you may assign them to groups as you create them To create groups refer to Groups on page 154 To create new users follow the steps below 5 Enter a unique user name 6 Select the group type from the drop down menu For more information on groups refer to Groups on page 154 7 Enter a password for the user 8 Enter th...

Page 28: ...t side of the page 3 Click Run in the Security Wizard box The Security Wizard allows you to enable VPN passthrough and create a VPN Follow the steps below 4 The wizard screen will appear 5 Select the default outbound policy from the drop down menu 6 Toggle which type s of VPN you want allowed to pass through the router to ON and click Next ...

Page 29: ...0 Next to IP Protocol Version select either IPv4 or IPv6 Note The IP Protocol Version drop down list depends up on the IP Mode selected on the Network IPv6 IP Mode page 11 Next to IKE Version select the version of IKE 12 Next to Pre Shared Key enter the pre shared key used 13 Next to Local Gateway select which WAN port used for the local gateway 14 Next to Remote Gateway Type and Local Gateway Typ...

Page 30: ...tings on page 56 for more information Follow the steps below 5 Next to Dynamic DNS select WAN1 WAN2 orWAN3 Note WAN3 is available only in DSR 1000AC model 6 Select the Dynamic DNS Server Type from the drop down menu 7 Depending on your service enter your DDNS User Name Password and Host Name 8 Toggle Wildcards to ON if required by your DDNS service 9 Enter the Force Update Interval 10 Click Save 1...

Page 31: ...efault DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another DHCP server on the network This is particularly useful for wireless clients Instead of using a DNS server you can use a...

Page 32: ...0 DHCP Mode Select one of the following modes None Turns off DHCP DHCP Server default The router will act as the DHCP server on your network DHCP Relay DHCP clients on your network will receive IP address leases from a DHCP server on a different subnet LAN Settings Path Network LAN LAN Settings To configure the LAN settings on the router 1 Click Network LAN LAN Settings 2 Complete the fields in th...

Page 33: ...ur DHCP clients This IP is usually the router s LAN IP address default is 192 168 10 1 Domain Name Enter a domain name Lease Time Enter the time in hours for which IP addresses are leased to clients Configure DNS WINS Toggle to On to manually enter DNS and or WINS server IP address es If set to Off your router s LAN IP address will be assigned the DNS server to your clients and the router will get...

Page 34: ... Select DHCP Relay from the drop down menu Domain Name Enter the domain name of your network Gateway Enter the relay gateway IP address Save Click Save at the bottom to save and activate your settings 2 Complete the fields in the table below and click Save 1 Select DHCP Relay from the drop down menu ...

Page 35: ... pool Field Description Host Name Enter a host name for this device Do not use spaces IP Address Enter the IP address you want to assign to this device Note that this IP address must be in the same range as the starting ending IP address under DHCP Settings MAC Address Enter the MAC address of this device xx xx xx xx xx xx format This is not case sensitive Associate with IP MAC Binding Toggle ON t...

Page 36: ...IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be dropped and can be logged for diagnosis Field Description Host Name It displays the user defined name for this rule MAC Address It displays the MAC address of this rule IP Address It displays the IP address for this ...

Page 37: ...nt to assign to this rule Note that this IP address must be in the same range as the starting ending IP address under DHCP Settings Log Dropped Packets Specify the logging option for this rule If enabled such packets will be logged before dropping The router displays the total count of dropped packets which violated either IP to MAC Binding or MAC to IP Binding Save Click Save to save your setting...

Page 38: ... hosts that need this stream This is helpful when there is a lot of multicast traffic on the network where all LAN hosts do not need to receive this multicast traffic To enable IGMP Proxy 1 Click Network LAN IGMP Setup 2 Toggle IGMP Proxy to On 3 Click Save 1 The IGMP proxy is switched on 2 Click IGMP Snooping tab 3 Toggle IGMP Snooping to On and click Save 4 Right click to edit any of the VLAN ID...

Page 39: ...ure the UPnP settings 1 Click Network LAN UPnP 2 Toggle Activate UPnP to On 3 Select a VLAN from the LAN Segment drop down menu 4 EnteravalueforAdvertisementPeriod ThisisthefrequencythattherouterbroadcastsUPnPinformation over the network A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network 5 Enteravaluefor AdvertisementTimetoLive Thisisthenumb...

Page 40: ... LAN with the use of VLANs LAN devices can be configured to communicate in a sub network defined by VLAN identifiers LAN ports can be assigned unique VLAN IDs so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is enabled by default in the router In the VLAN ...

Page 41: ...ff DHCP for your VLAN DHCP Server default The router will act as the DHCP server for your VLAN DHCP Relay DHCP clients on your VLAN will receive IP address leases from a DHCP server on a different subnet LAN Proxy Enable DNS Proxy Toggle ON to enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers VLAN IPv6 Enable VLAN IPv6 Toggle to ON to enable IPv6 o...

Page 42: ...sive DNS Servers Select one of the following options for DNS servers for the DHCPv6 clients Use DNS Proxy Enable or disable DNS Proxy on this VLAN Use DNS from ISP This option allows the ISP to define the DNS servers primary secondary for the VLAN DHCP client Use Below If this is selected the below configured Primary and Secondary DNS servers are used for DHCPv6 clients Primary DNS Server Enter th...

Page 43: ...aptive Portal to ON 4 Select Captive Portal Type as either Internal CP Web or DUA External CP Web 5 If DUA External CPWeb is selected as theCaptivePortalType you will be redirected to the DUA External Captive Portal web pages If Internal CP Web is selected you will be redirected to the device Internal Captive Portal pages 6 Next to Authentication Server select an authentication server from the dro...

Page 44: ...The configuration page is accessed by selecting one of the four physical ports or a configured access point and clicking Edit To edit right click on the port and select Edit The edit page offers the following configuration options Mode The mode of thisVLAN can be General Access default orTrunk Refer to the next page for more information on the different modes Select PVID for the port when General ...

Page 45: ... the untagged data into Port 3 will be assigned PVID 3 All tagged data sent out of the port with the same PVID will beuntagged ThisismodeistypicallyusedwithIPPhones that have dual Ethernet ports Data coming from phone to the switch port on the router will be tagged Data passing through the phone from a connected device will be untagged Note The DSR 150 150N do not support General mode due to hardw...

Page 46: ...AN1 network Host Name Enter a host name if required by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Server If you selected Use These DNS Servers enter the secondary DNS server IP address MAC Address Source Select U...

Page 47: ...ected Use These DNS Servers enter the secondary DNS server IP address MAC Address Source Select Use Default MAC to use the MAC address from the WAN1 port to associate with your modem ISP Clone your PC s MAC to use the MAC address of the computer you are currently using to associate with your modem ISP or Use this MAC to manually enter a MAC address MAC Address If you selected Use this MAC enter th...

Page 48: ... mask supplied by your ISP Gateway IP Address If you selected Static IP enter the gateway IP address supplied by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Server If you selected Use These DNS Servers enter the s...

Page 49: ...d Static IP enter the subnet mask supplied by your ISP IP Gateway If you selected Static IP enter the gateway IP address supplied by your ISP Static DNS IP Enter the static DNS IP address DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Seco...

Page 50: ...ddress supplied by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Server If you selected Use These DNS Servers enter the secondary DNS server IP address MAC Address Source Select Use Default MAC to use the MAC addres...

Page 51: ...ask If you selected Static IP enter the subnet mask supplied by your ISP Gateway IP Address If you selected Static IP enter the gateway IP address supplied by your ISP Primary PPPoE DNS Servers Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Se...

Page 52: ...ected Static IP enter the gateway IP address supplied by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Server If you selected Use These DNS Servers enter the secondary DNS server IP address MAC Address Source Select...

Page 53: ...he gateway IP address supplied by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary DNS Server If you selected Use These DNS Servers enter the secondary DNS server IP address MAC Address Source Select Use Default MAC to use...

Page 54: ...P IP Subnet Mask If you selected Static IP enter the subnet mask supplied by your ISP Gateway IP Address If you selected Static IP enter the gateway IP address supplied by your ISP DNS Server Source Select either Get Dynamically from ISP or UseThese DNS Servers to manually enter DNS servers Primary DNS Server If you selected Use These DNS Servers enter the primary DNS server IP address Secondary D...

Page 55: ... type from the drop down list Please refer to the previous pages for more information If you want to set WAN2 port to DMZ select DMZ and click Save This will allow you to configure the DMZ port on the DMZ Settings pge If the port is not configured forWAN and DMZ it can be used as a LAN port Note In DSR 500 1000AC the Configurable Port field does not include LAN port option ...

Page 56: ... access specific services ports to the DMZ from both the LAN or WAN In the event of an attack to any of the DMZ nodes the LAN is not necessarily vulnerable as well DMZ configuration is identical to the LAN configuration There are no restrictions on the IP address or subnet assigned to the DMZ port other than the fact that it cannot be identical to the IP address given to the LAN interface of this ...

Page 57: ...ve the router stay connected to the Internet Maximum Idle Time Enter the idle time in minutes before the router disconnects from the Internet On Demand only User Name Enter your 3G account user name Password Enter your 3G account password Dial in Number Enter the phone number to access your Internet Authentication Proto col Select one of following protocols from the drop down menu None PAP or CHAP...

Page 58: ...on one of the ports To use Auto Failover or Load Balancing WAN link failure detection must be configured This involves accessing DNS servers on the internet or ping to an internet address user defined If required you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if a WAN port is down If you do not want to use Auto Fai...

Page 59: ...o Rollover UsingWAN IP from the drop down menu Use Primary WAN Port Select which WAN port is the primary Use Secondary WAN Port Select which port to use if the primary port fails WAN Health Check DNS lookup using WAN DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary WAN connectivity DNSlookupusingDNSServers DNS Lookup of the custom DNS Servers can be specified...

Page 60: ...new connections InboundconnectionsonthesecondaryWANarepermittedwiththismode asthespilloverlogicgoverns outbound connections moving from the primary to secondary WAN You can configure spillover mode by using following options Load Tolerance It is the percentage of bandwidth after which the router switches to secondary WAN Max Bandwidth This sets the maximum bandwidth tolerable by the primary WAN fo...

Page 61: ...p of the custom DNS Servers can be specified to check the connectivity of the primary link Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link Retry Interval is The number tells the router how often it should run the above configured failure detection method Failover After This sets the number of retries after which failover is initi...

Page 62: ...ese IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link Retry Interval is Enter the time in seconds to initiate the WAN health check Default is every 30 seconds Failover After Enter the number of failures before the router will enable the failover process Load Tolerance Enter the percentage of bandwidth after which the router switches to the se...

Page 63: ...ard in the slot and unlock the SIM by entering its PIN Field Description SIM Card Status Displays the SIM card status whether it is locked unlocked or blocked Enter SIM PIN This field will be shown if the SIM card is locked Enter the PIN to unlock the SIM card The PIN value should be between 4 to 8 digits If SIM card is locked all the network services will be blocked To use Mobile Internet and SMS...

Page 64: ...heLANcanbedirectlyaccessedfromtheInternetwiththeirpublicIPaddresses assuming appropriate firewall settings are configured If your ISP has assigned an IP address for each of the computers devices that you use select Classical NAT is a technique which allows several computers and devices on your local network to share an Internet connection The computers on the LAN use a private IP address range whi...

Page 65: ...t Transparent mode which allows bridging of traffic from LAN to WAN and vice versa except for router terminated traffic and other management traffic All DSR features such as 3G modem support are supported in transparent mode assuming the LAN andWAN are configured to be in the same broadcast domain Note NAT routing has a feature called NAT Hair pinning that allows internal network users on the LAN ...

Page 66: ... secondary WAN DMZ port 2 interfaces are bridged together at Layer 2 creating an aggregate network The other LAN ports and the primary WAN WAN1 are not part of this bridge and the router asks as a NAT device for these other ports With Bridge mode for the LAN port 1 and WAN2 DMZ interfaces L2 and L3 broadcast traffic as well as ARP RARP packets are passed through When WAN2 receives tagged traffic t...

Page 67: ...dit or delete any existing aliases right click the alias and select either Edit or Delete Field Description Interface Select either WAN1 or WAN2 IP Address Enter an alias IP address for the WAN interface you selected Subnet Mask Enter a subnet mask for the WAN interface you selected Save Click to save and activate your settings To create a new alias 1 Click Network Internet IP Aliasing 2 Click Add...

Page 68: ...ion Enable DNS Proxy Toggle to On to manually enter DNS and or WINS server IP address es If set to Off your router s LAN IP address will be assigned the DNS server to your clients and the router will get the DNS information from your ISP Primary DNS Server If DNS Proxy is set to ON enter the primary DNS server IP address Secondary DNS Server If DNS Proxy is set to ON enter the secondary DNS server...

Page 69: ...address is configured otherwise an IP address is assigned to the client automatically from the DMZ DHCP pool To create DHCP reservations 1 Click Network Internet DMZ DHCP Reserved IPs 2 Click Add New DMZ DHCP Reserved IP 3 Enter the following information and click Save Field Description DMZ DHCP Reserved IP Enable Toggle to ON to enable this reservation IP Address Enter the IP address you want to ...

Page 70: ...ll be provided by the account provider To configure DDNS 1 Go to Network Internet DynamicDNS page and click DynamicDNSWAN1Settingsor Dynamic DNSWAN2 Settings or Dynamic DNSWAN3 Settings tab Note The Dynamic DNS WAN3 Settings tab is available only in DSR 1000AC model 2 Click the tab on top to select which WAN port you want to configure DDNS to 3 Next to Dynamic DNS Service Type select your DDNS ser...

Page 71: ...e Host Name This option can be enabled here if not done on the DynDNS Web site Use external NAT rout er s IP address Enabling this option would use external NAT router s IP address instead of device s WAN IP address Force Update Interval Specify the Periodic Update Interval to automate router to update the host information on selected DDNS Service URL Specify the custom URL for the Dynamic Update ...

Page 72: ... Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and adding a profile which defines the control parameters The profile can then be associated with a traffic selector so that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulatio...

Page 73: ...e drop down menu WAN Interface Select which WAN interface you want to associate this profile with LAN Interface Select which of the available VLAN interfaces will be associated with this profile Profile Type Select either Priority or Rate from the drop down menu Priority If you selected Priority select Low Medium or High Minimum Bandwidth Rate If you selected Rate enter the minimum bandwidth rate ...

Page 74: ... Select a service from the drop down menu Traffic Selector Match Type Select any one of the following match types IP Select this option to associate this traffic selector to an IP Address of a LAN device Once selected enter the IP address of the LAN device MAC Address Select this option to associate this traffic selector a specific MAC address on the LAN Once selected enter a valid MAC Address Por...

Page 75: ...AC Address If you select MAC enter the MAC address of the source associated with this profile Port Name If you select Port Name select the port number from the drop down menu VLAN If you select VLAN as the Traffic Selector Match Type select the VLAN from the drop down menu Save Click to save and activate your settings ...

Page 76: ...idthforcost savingsorbandwidth priority allocation purposes To create a Bridge Bandwidth Profile 1 Click Network Internet Traffic Management Bridge Bandwidth Profiles Bridge Bandwidth Profiles 2 In order to proceed with configuration of the Bridge Bandwidth Profile enable the Bridge Bandwidth Profile and click Save 3 The Bridge Bandwidth Profiles List displays the following fields Field Descriptio...

Page 77: ...ldbeapplicableforinboundoroutbound bridge traffic Profile Type Select the profile type either as priority or rate Priority This field is available only when the Profile Type is Priority The options present in the drop down list are Low Medium and High Minimum Bandwidth Rate Enter the minimum bandwidth rate The range is from 1 kbps to Maximum Bandwidth kbps Maximum Bandwidth Rate Enter the maximum ...

Page 78: ...re their outbound traffic to be regulated To create a Bridge Traffic Selectors 1 Click Network Internet Traffic Management BridgeTraffic Selectors Bridge Traffic Selectors 2 The Bridge Traffic Selectors List displays the following fields Field Description Service It indicates the service associated with this bridge traffic selector Traffic Selector Match Type It displays the type of bridge traffic...

Page 79: ...pe from the drop down list The options are IP and MAC IP Address Select IP to associate this bridge traffic selector to an IP Address of a LAN device Once selected enter the IP address of the LAN device and the Subnet Mask for the IP address Subnet Mask Enter the subnet mask of the LAN device This field is available only when IP is selected as the Traffic Selector Match Type MAC Address Select thi...

Page 80: ...terface through the device The user can type a warning message that will be displayed to users when session limit is reached Session Limiting configuration consists of profile name source type IP address and maximum sessions To edit delete or create a new session limiting profile 1 Click Network Internet Traffic Management Session Limiting 2 Enter the Warning Message and click Save to save the cha...

Page 81: ...obecontrolledintheSessionLimitprofilewhentheselected profile type is Range Interface Select the Interface from the drop down list to select the complete network to be controlled in the Session Limit profile when the selected profile type is Interface Maximum Sessions ConfiguretheMaximumsessionsfromtheRange1 999thatareallowedonSourceTypetolimitsessions Once the limit is reached it will not allow an...

Page 82: ...e Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate Path Network Internet Jumbo Frames To enable jumbo frames 1 Click Network Internet Jumbo Frames 2 Toggle Activate Jumbo Frames to On 3 Click Save ...

Page 83: ...his router and other devices to account for changes in the path once configured the static route will be active and effective until the network changes TheListofStaticRoutesdisplaysallroutesthathavebeenaddedmanuallybyanadministratorandallowsseveral operations on the static routes To create a new static route 1 Click Network Routing Static Routes Static Routes 2 Click Add New Static Route 3 Complet...

Page 84: ...ulticast Destination IP Address Enter the IP address of the static route s destination IP Subnet Mask Enter the subnet mask of the static route Interface The physical network interface WAN1 WAN2 WAN3 DMZ or LAN through which this route is accessible Gateway IP Address IP address of the gateway through which the destination host or network can be reached Metric Determines the priority of the route ...

Page 85: ...n from other routers In Only The router accepts RIP information from other routers but does not broadcast its routing table None The router neither broadcasts its route table nor does it accept any RIP packets from other routers This effectively disables RIP Version The RIP version is dependent on the RIP support of other routing devices in the LAN Disabled This is the setting when RIP is disabled...

Page 86: ...opology map of the network OSPF version 2 is a routing protocol which described in RFC2328 OSPF Version 2 OSPF is IGP Interior Gateway Protocols OSPF is widely used in large networks such as ISP backbone and enterprise networks Note The DSR 150 150N 250 250N routers do not support OSPFv2 To configure OSPF 1 Click Network Routing OSPF 2 Right click the port you want to edit LAN WAN1 WAN2 WAN3 L2TPo...

Page 87: ...ly the same between two neighbors If any of these intervals are different these routers will not become neighbors on a particular segment Cost Enter the cost of sending a packet on an OSPFv2 interface Authentication Type Select one of the following authentication types None The interface does not authenticate OSPF packets Simple OSPF packets are authenticated using simple text key MD5 The interfac...

Page 88: ...N link Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured To add edit or delete a protocol binding entry 1 Click Network Routing Protocol Binding 2 Right clickacurrententryandselectEditorDelete Toaddanewentry clickAddNewProtocolBinding 3 Complete the fields in the table below and click Save Field Description Service Select a service from t...

Page 89: ...ter In order to support IPv6 on your local network LAN you must set the router to be in IPv4 IPv6 mode This mode will allow IPv4 nodes to communicate with IPv6 devices through this router To enable IPv6 on the router 1 Click Network IPv6 IP Mode 2 Select either IPv4 or IPv4 IPv6 It will work for all the VLANs configured on the VLAN Settings page Network VLAN VLAN Settings 3 Click Save ...

Page 90: ...onfiguration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCPv6 server for a leased address For stateless DHCP there need not be a DHCPv6 server available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration A third option to specify the IP ...

Page 91: ...P Field Description Connection Type Select Static IPv6 Address Enter the IP address supplied by your ISP IPv6 Prefix Length Enter the IPv6 prefix length supplied by your ISP Default IPv6 Gateway Enter the IPv6 gateway address supplied by your ISP Primary DNS Server Enter the primary DNS server IP address Secondary DNS Server Enter the secondary DNS server IP address Save Click Save to save and act...

Page 92: ...d IPv6 User Name Enter your PPPoE user name Password Enter your PPPoE password Authentication Type Select the authentication type from the drop down menu Auto negotiate PAP CHAP MS CHAP MS CHAPv2 DHCPv6 Options Select the mode of DHCPv6 client that will start in this mode Disable dhcpv6 Stateless dhcpv6 Stateful dhcpv6 Stateless dhcpv6 with prefix delegation Stateful dhcpv6 with prefix delegation ...

Page 93: ...this router and other devices to account for changes in the path once configured the static route will be active and effective until the network changes TheListofStaticRoutesdisplaysallroutesthathavebeenaddedmanuallybyanadministratorandallowsseveral operations on the static routes To create a new static route 1 Click Network IPv6 Static Routing Static Routing 2 Click Add New IPv6 Static Route 3 Co...

Page 94: ...Pv6 Prefix Length Enter the prefix length of the static route Interface The physical network interface WAN1 WAN2 sit0 Tunnel WAN1 sit0 Tunnel WAN2 or LAN through which this route is accessible IPv6 Gateway IPv6 address of the gateway through which the destination host or network can be reached Metric Determines the priority of the route If multiple routes to the same destination exist the route wi...

Page 95: ...f the network Open Shortest Path First version 3 OSPFv3 supports IPv6 To enable an OSPFv3 process on a router you need to enable the OSPFv3 process globally assign the OSPFv3 process a router ID and enable the OSPFv3 process on related interfaces Note The DSR 150 150N 250 250N routers do not support OSPFv3 To configure OSPF 1 Click Network IPv6 OSPFv3 2 Right click the port you want to edit LAN WA...

Page 96: ...ber of seconds for Hello Interval timer value Enter the number in seconds that the Hello packet will be sent This value must be the same for all routers attached to a common network The default value is 10 seconds Dead Interval The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF router down This value must be the same for all routers at...

Page 97: ...Pv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network Select the check box to Enable AutomaticTunneling and allow traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network To enable 6 to 4 tunneling 1 Click Network IPv6 6 to 4Tunneling 2 Toggle Activate Auto Tunneling to ON 3 Click Save 6 to 4 Tunneling ...

Page 98: ...or delete a ISATAP entry 1 Click Network IPv6 ISATAPTunnels 2 Right click a current entry and select Edit or Delete To add a new entry click Add New ISATAPTunnel 3 Complete the fields in the table below and click Save Field Description ISATAP Subnet Prefix This is the 64 bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet This can be obtained from your ISP or internet...

Page 99: ...onativeconnectiontoanIPv6network Teredo Tunnel To configure Teredo Tunnel follow the steps given below 1 Click Network IPv6 TeredoTunnel 2 The fields present on this page are given in the following table Field Description Activate Teredo Tunneling Enable or disable Teredo Tunneling Primary Server Enter the primary teredo server Secondary Server Enter the secondary teredo server Save Click Save to ...

Page 100: ... 128 bit IPv6 address based on your network requirements The other field that defines the LAN settings for the router is the prefix length The IPv6 network subnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is s...

Page 101: ...nter a domain name optional Server Preference Server Preference is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 255 DNS Servers The DNS server details can be manually entered here primary secondary options An alternative is to allow the ...

Page 102: ...tion specific for the assigned prefix To add edit or delete a IPv6 address pool entry 1 Click Network IPv6 IPv6 LAN Settings IPv6 Address Pools tab 2 Right click a current entry and select Edit or Delete To add a new entry click Add New Address Pool 3 Complete the fields in the table below and click Save Field Description Start IPv6 Address Enter the starting IPv6 LAN address End IPv6 Address Ente...

Page 103: ...s Prefixes for Prefix Delegation tab 2 Right click a current entry and select Edit or Delete To add a new entry click Add New Prefix Length 3 Complete the fields in the table below and click Save Field Description Prefix Address Enter the IPv6 address for Prefix Delegation Prefix Length Enter the prefix length VLAN Interface Select the interface LAN VLAN for this IPv6 Prefix Delegation Save Click ...

Page 104: ... non address informationautoconfiguration Router Preference This parameter low medium high determines the preference associated with the RADVD process of the router This is useful if there are other RADVD enabled devices on the LAN as it helps avoid conflicts for IPv6 clients MTU The router advertisement will set this maximum transmission unit MTU value for all nodes in the LAN that are auto confi...

Page 105: ...fix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type Selecting Global Local ISATAP will allow the nodes to support all other IPv6 routing options SLA ID The SLA ID Site Level Aggregation Identifier is available when 6to4 Prefixes are selected This should be the interface ID of the router s LAN interface used for router advertisements IPv6 Prefix When using Global Local ...

Page 106: ...D Link DSR Series User Manual 92 Section 5 Connect to the Internet IPv6 Tunnels Status Path Network IPv6 IPv6 Tunnels Status This page displays the current status of IPv6 Tunnels ...

Page 107: ...s as an independent AP unique SSID to supported clients in the environment but is actually running on the same physical radio integrated with this router Note Profiles may be thought of as a grouping of AP parameters that can then be applied to not just one but multiple APinstances SSIDs thusavoidingduplicationifthesameparametersaretobeusedonmultipleAPinstancesorSSIDs The Wireless Network Setup Wi...

Page 108: ...e next page and then create an access point Active Time Toggle to ON to turn on this access point Schedule Control Toggle to ON if you want to specify a time to have this access point turned on Start Stop Time Enter a start and stop time WLAN Partition Toggle to ON to prevent associated wireless clients from communicating with each other Save Click Save at the bottom to save and activate your sett...

Page 109: ...to activate your settings MAC Filter List MAC Address This list shows all the MAC addresses of computers and devices which are authorized unauthorized based on the default ACL Policy to connect to this access point 6 To add a new MAC address click Add New MAC Filter Field Description MAC Address Enter the MAC Media Access Control address of the client that you would like to add to the list of MAC ...

Page 110: ...e SSID that will be the identifier used by the clients to communicate to the AP using this profile By choosing to broadcast the SSID compatible wireless clients within range of the AP can detect this profile s availability The AP offers all advanced 802 11 security modes including WEP WPA2 and WPA WPA2 To add edit or delete a profile 1 Click Wireless General Profiles Path Wireless General Profiles...

Page 111: ...y 1 4 If you selected WEP enter a passphrase or up to four hexadecimal keys a f 0 9 A F WPA Password If you selected WPA2 or WPA WPA2 enter a WPA password Protect Management Frame It provides security for the otherwise unprotected and unencrypted 802 11 management frames This field is visible only when WPA2 security and CCMP fields are enabled Force PMF This field is visible when Protect Managemen...

Page 112: ...40MHz can improve bandwidth at the expense of supporting earlier 802 11n clients The available transmission channels are governed by regulatory constraints based on the region setting of the router To configure the radio settings 1 Click Wireless General Radio Settings 2 Complete the fields in the table below and click Save Field Description Operating Frequency Select 2 4GHz or 5GHz Mode Select th...

Page 113: ...level for all APs that use this radio Transmit Power Displays the current transmit power Transmission Rate Select a transmission rate from the drop down menu This will lock the transmission rate of your wireless connection It is strongly recommended to use Best Automatic Save Click Save at the bottom to save and activate your settings ...

Page 114: ...e in MHz between the successive channels Control Side Band Control Sideband defines the sideband which is used for secondary or extension channel when AP is operating in 40 MHz channel width This setting is only applicable to 802 11n traffic and used in conjunction with the 40 MHz channel spacing Select the control sideband from the drop down menu Current Channel Channel being used in the availabl...

Page 115: ...ttings 1 Click Wireless Advanced WMM 2 Complete the fields in the table below and click Save Field Description Profile Name Select the profile to associate this configuration to from the drop down menu Enable WMM Toggle to ON to enable WMM Default Class of Service Select an available access category voice video best effort or background to assign as default IP DSCP TOS Under Class of Service selec...

Page 116: ... links use TKIP AES encryption depending on the encryption configured for the default AP In case the default AP uses mixed encryption TKIP AES The WDS link will use the AES encryption scheme Note For a WDS link to function properly the Radio settings on the WDS peers have to be the same To configure the radio settings 1 Click Wireless Advanced WDS 2 Complete the fields in the table below and click...

Page 117: ...nly a minor modification should be made Fragmentation Thresh old Thefragmentationthreshold whichis specified inbytes determines whether packets willbefragmented Packets exceeding the 2346 byte setting will be fragmented before transmission 2346 is the default setting Preamble Mode Select either Long or Short The PreambleType defines the length of the CRC Cyclic Redundancy Check block for communica...

Page 118: ...U Select this to enable the Aggregate MAC Protocol Data Unit AMPDU for joining Multiple MPDU sub frames with a single leading PHY header Power Save Enable Toggle to ON to enable the Unscheduled Automatic Power Save Delivery also referred to asWMM Power Save feature that allows the radio to conserve power Multi to Unicast Select this to enable and translate externally received content provider mult...

Page 119: ...ification Number PIN The wireless device that supports WPS may have an alphanumeric PIN if it does add the PIN in this field The router will connect within 60 seconds of clicking the Configure via PIN button immediately below the PIN field There is no LED indication that a client has connected Push Button Configuration PBC For wireless devices that support PBC press and hold the WPS button for two...

Page 120: ...tation PIN and click Configure Via PIN You will need to enter the PIN on your wireless client and start the WPS process within one minute 7 If you want to use push button method click ConfigureVia PBC This will initiate theWPS session You will need to press the WPS button or initiate through an interface on your client within one minute 8 Allow up to two minutes to connect Check the Session Status...

Page 121: ...ay VPN tunnel A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gatewa...

Page 122: ...odified or encrypted Tunnel This mode is used for network to network IPsec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPsec DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN As well in this mode you c...

Page 123: ... primarily used for interoperability with gateways or end systems that do not support L2TP IPsec or PPTP connections Transport mode is the default mode for IPsec and it is used for end to end communications for example for communications between a client and a server Select Local Gateway In the event that twoWAN ports are configured to connect to your ISP select the gateway that will be used as th...

Page 124: ...unnel The IP addresses of the machine or machines on the two VPN endpoints are configured here along with the policy parameters required to secure the tunnel Local IP Remote IP Select the type of identifier that you want to provide for the endpoint Any Specifies that the policy is for traffic from the given end point local or remote Note that selecting Any for both local and remote end points is n...

Page 125: ...PI security parameter index values require conversion at each endpoint DSR routers supports VPN roll over feature This means that policies configured on the primary WAN will rollover to the secondary WAN in case of a link failure This feature can be used only if your WAN is configured in Auto Rollover mode Note Once you have created an IPSec policy you may right click the policy and select Export ...

Page 126: ...the client across theVPN tunnel to the router Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the client access to specific private networks thereby allowing access control over specific LAN services 1 Click VPN IPSecVPN Tunnel Mode 2 Complete the fields in the table below and click Save Field Description Tunnel Mode Select eith...

Page 127: ...created entries to edit or delete 3 Enter a domain name and click Save In a split DNS infrastructure you create two zones for the same domain one to be used by the internal network the other used by the external network Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution ...

Page 128: ... Save Field Description Starting IP Address Enter the starting IP address to issue your clients connecting using DHCP over IPSec Ending IP Address Enter the ending IP address Subnet Mask Enter the subnet mask Save Click Save to save and activate your settings This page displays the IP range to be assigned to clients connecting using DHCP over IPsec By default the range is in 192 168 12 0 subnet ...

Page 129: ... strong assurance of the server s identity and is a requirement for most corporate network VPN solutions The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the router The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or organization Issu...

Page 130: ...c VPN peers Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as IPsec or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certificate Expiry Time The date after whi...

Page 131: ...he fields in the table below and click Save Field Description Name Enter a name identifier for the certificate Subject This field will populate the CN Common Name entry of the generated certificate Subject names are usually defined in the following format CN device name OU department O organization L city ST state C country For example CN router1 OU my_company O mydept L SFO C US Hash Algorithm Se...

Page 132: ...ported IPSec VPN policy 1 Click VPN IPSec VPN Easy VPN Setup 2 Click Browse and navigate to the policy file you want to upload Select it and click Open 3 Click Upload 4 Once uploaded go to VPN IPSec VPN Policies and the uploaded VPN will be listed Right click it to edit or delete ...

Page 133: ... fields present on this page are given in the table below Field Description Source IP Range Start It displays the starting IP address in the private LAN IP subnet Mapped IP Range Start It displays Mapped IP address through which traffic should be forwarded received from to the LAN host IP or range of IP addresses Range Length It displays Range value between 1 to 254 which maps One To One private a...

Page 134: ...LAN IP subnet This IP is used to map the traffic from remote host to a local LAN host subnet of LAN hosts This IP should be same as Local Start IP Address in IPSec policy of local Device and Remote Start IP Address in IPSec policy of remote device Range Length Enter a value between 1 to 254 This value indicates the number of private LAN IP addresses in LAN subnet which would be One To One map with...

Page 135: ...ternal authentication server should one be configured Field Description Enable PPTP Server Select either IPv4 or IPv6 PPTP Routing Mode Select either NAT or Classical Starting Ending IP Address Enter the IP address range to assign your PPTP clients IPv6 Prefix If you selected IPv6 enter the IPv6 prefix IPv6 Prefix Length If you selected IPv6 enter the IPv6 prefix length Authentication Select the a...

Page 136: ...k subnet mask Username Enter your PPTP user name Password Enter your PPTP password MPPE Encryption Toggle to ON to enable Microsoft Point to Point Encryption MPPE Idle Time Out Enter the amount of time in seconds that you will disconnect from the PPTP server when idle Auto Connect Enable or disable the Auto Connect feature Time Enter the reconnect time If the client is disconnected from the server...

Page 137: ...onnect The fields displayed in the table are given below Field Description User Name It displays the User name of the user s currently connected Note that symbol indicates that the user has connected without authentication Remote IP It displays the IP address that has been assigned to this particular user by the PPTP server PPTP IP It displays the local IP of the server ...

Page 138: ...nfigured to employ an external authentication server should one be configured Field Description Enable L2TP Server Select either IPv4 or IPv6 L2TP Routing Mode Select either NAT or Classical Starting Ending IP Address Enter the IP address range to assign your L2TP clients IPv6 Prefix If you selected IPv6 enter the IPv6 prefix IPv6 Prefix Length If you selected IPv6 enter the IPv6 prefix length Aut...

Page 139: ...ect Toggle to On to enable Auto Connect Time Enter the reconnect time If the client is disconnected from the server it will try to connect to the server after the specified time Save Click Save to save and activate your settings L2TPVPN Client can be configured on this router Using this client we can access remote network which is local to L2TP server Once client is enabled the user can access Sta...

Page 140: ... DSR 500 Series DSR 250 Series DSR 150 Series PPTP Tunnels 25 15 10 5 L2TP Tunnels 25 15 10 5 Combined Limit 50 30 20 10 The fields displayed in the table are given below Field Description User Name It displays the User name of the user s currently connected Note that symbol indicates that the user has connected without authentication Remote IP It displays the IP address that has been assigned to ...

Page 141: ...a specific Network Resource details follow in the subsequent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the network resources from a list of defined resources or defining the IP addresses For applying the policy to addresses the port range port number can be...

Page 142: ...nter the IP address Mask Length If you selected IP Network enter the mask length 0 32 ICMP Toggle to ON to include ICMP traffic Begin End Enter a port range or leave blank to include allTCP and UDP ports These fields are not available when selecting Network Resource Defined Resources If you selected Network Resource select the resource for the Defined Resource drop down menu If you have not create...

Page 143: ...ote that the default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the Portal URL link is clicked on the SSLVPN menu of the router web UI To create a new portal layout 1 Click VPN SSLVPN Portal Layouts 2 Click Add New SSLVPN Portal Layout Note You may right click a layout from the list and edit or delete a layout 3 Complete the fields ...

Page 144: ...ge on Login Page Toggle to ON to display the banner title and message or OFF to hide the banner title and message HTTP Meta Tags for Cache Con trol Recommended Toggle to ON or OFF This security feature prevents expired web pages and data from being stored in the client s web browser cache It is recommended to toggle to ON Active X Web Cache Cleaner Toggle to ON or Off An ActiveX cache control web ...

Page 145: ...eating a unique name to identify the resource and assigning it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this resource as required 3 Complete the fields fr...

Page 146: ...Service Select VPNTunnel Port Forwarding or All ICMP Toggle to ON to include ICMP traffic Object Type Select Single IP Address or IP Network Object Address Enter the IP address Mask Length If you selected IP Network enter the mask length 0 32 Begin End Enter a port range for the object Save Click to save your settings ...

Page 147: ...umber or the domain name FQDN 5 Click Save Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the router is detected and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made acce...

Page 148: ... devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN The router allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router Split tunnel mode only sends traffic to the private LAN based on pre specified client r...

Page 149: ...d to forward private traffic through the VPN Firewall to the remote SSL VPN client When split tunnel mode is enabled the user is required to configure routes for VPN tunnel clients Destination network The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here Subnet mask The subnet information of the destination network i...

Page 150: ...r and upload the same to connect Server OpenVPN Settings To configure the router as an OpenVPN Server 1 Click VPN OpenVPN OpenVPN Settings 2 Toggle OpenVPN to ON and complete the fields in the table below The router provides OmniSSL feature a customized OpenVPN which is an alternate to the SSL VPN connectivity while supporting most of the SSL VPN features OmniSSL provides an executable configurati...

Page 151: ...unicate with each other in split tunnel case By default it is disabled User Based Auth This option is introduced to provide the additional authentication method using username password Disabled by default Certificate Verification This method does not require the client certificate client will authenticate using the username password only Enabled by default Certs Profile Select the profile which ha...

Page 152: ...ure an additional OmniSSL server for client which will be used when primary server is down This is optional and applicable only in client mode Port Enter the port number on which openvpn server or Access Server runs Tunnel Protocol Select either TCP or UDP Encryption Algorithm Select the encryption algorithm from the drop down menu Hash Algorithm Select the hash algorithm from the drop down menu T...

Page 153: ...led by default Username Enter a username This field is available only when User Based Auth is enabled Password Enter a password This field is available only when User Based Auth is enabled Certificate Verification This method enables tunnel authentication to be with certificates Enabled by default Certs Profile Select the profile which has list certificates uploaded for the configured mode server ...

Page 154: ...racters VPN Cluster Select the type of VPN cluster Applicable only in OpenVPN Access Server Client mode with Private Tunnel support enabled Auto Connect Enabling this field allows user to enter time interval at which device should try connecting to the server Note You can also Connect or Disconnect to the server on the following page Status Network Information Active VPNs OpenVPN Connections by ri...

Page 155: ...Subject Name It displays Client certificate Subject Name which includes content like C ST L O OU CN and E CN is the Server certificate common name If server certificate does not exist the value will be N A Type It shows the type of the profile It has combination of the certificates loading Generated Uploaded Default and appended with mode Server Client Server Client E g Uploaded Server Default Ser...

Page 156: ...ate CA Key Click Browse and Upload to locate and upload the pem formatted CA key Server Certificate Click Browse and Upload to locate and upload the pem formatted Server Certificate Server Key Click Browse and Upload to locate and upload the pem formatted Server Key Client Certificate Click Browse and Upload to locate and upload the pem formatted Client Certificate Client Key Click Browse and Uplo...

Page 157: ...e OU The division of your organization handling the certificate to differentiate between divisions within an organization CA Certificate CN The common name is the fully qualified domain name used for DNS lookups of your server such as www mydomain com Browsers use this information to identify your web site If you change your host name you must request another Digital ID Client browsers connecting ...

Page 158: ...er to upload TLS Keys which are in pem format To upload certificates and keys 1 Click VPN OpenVPN OpenVPN Certificates TLS Key 2 Click AddTLS Key 3 Enter the name of the tls key for identification purpose in OpenVPN Setting page 4 Browse and upload the pem formatted TLS Authentication key 5 Click Save to save your settings ...

Page 159: ... page allows you to upload the required certificates To upload certificates and keys 1 Click VPN OpenVPN OpenVPN Certificates CRL Certificate 2 Click Add CRL Certificate 3 Enter the name of the CRL certificate for identification purpose in OpenVPN Setting page 4 Browse and upload the pem formatted CRL Certificate to revoke the client certificate 5 Click Save to save your settings ...

Page 160: ...s opens the OpenVPN Server Policy Configuration page Field Description Policy Type Select this option to add a policy applicable to all the users or particular of the device Apply Policy To Select accessible IP address or IP network Policy Name Enter a unique name used to identify the policy ICMP Toggle it to On state to support ICMP traffic IP Address Network Configure accessible IP address or IP...

Page 161: ... Networks If you selected SplitTunnel from OpenVPN Server you can create a local network by following the steps below 1 Click VPN OpenVPN Local Networks 2 Click Add New OpenVPN Local Network 3 Enter a local IP network 4 Enter the subnet mask 5 Click Save ...

Page 162: ...works To create remote networks 1 Click VPN OpenVPN Remote Networks 2 Click Add New OpenVPN Remote Network 3 Enter a common name of the remote network 4 Enter a network address of the remote resource 5 Enter the subnet mask of the remote resource 6 Click Save ...

Page 163: ...e OmniSSL Client Configuration page This page allows user to generate client configuration Note Please regenerate client configuration when CA certificate is uploaded Field Description Select All It selects all the Client Configurations present in the list View It displays the Client name and details of the Client Configuration file Delete It deletes the selected Client except default client Confi...

Page 164: ...n authentication to the remote OmniSSL users 1 Click VPN OpenVPN OmniSSL Portal Layouts 3 Click Add OmniSSL Portal Layout This opens the OmniSSL Portal Layout Configuration page 2 The fields displayed on this page are given below Field Description Layout Name It displays a case sensitive unique identifier for the portal layout Status It displays the status of the portal layout ...

Page 165: ...le for the portal Banner Title Enter a banner title which would be displayed before logging into the portal Banner Message Enter the Banner Message This message text would be displayed along with the banner title Display Banner Message on Login Page Enable this field to display the banner title and banner message Portal Authentication Type Select an authentication type from the drop down list to a...

Page 166: ...tatic route for the remote local networks using the GRE tunnel WhencreatingtheGREtunnel theIPAddressshouldbeauniqueaddressthatidentifiesthatGREtunnelendpoint It will be referenced in the other router s static route as the Gateway IP address The Remote End Address in the GRE tunnel configuration page is the WAN IP address of the other endpoint router Once the tunnel is established a static route on...

Page 167: ...P address Subnet Mask Enter the subnet mask Interface Select the interface to create this tunnel with from the drop down menu Remote End Address Enter the WAN IP address of the endpoint router Enable DDP Broadcast Toggle to ON to enable DDP broadcasting IP Address Enter the destination IP address of the static route from the remote LAN subnet Subnet Mask Enter the subnet mask Gateway IP Address En...

Page 168: ...t Enter the number of minutes of inactivity that must occur before the users in this user group are logged out of their web management session automatically Entering an Idle Timeout value of 0 zero means never log out Save Click Save at the bottom to save and activate your settings Groups Path Security Authentication Internal User Database Groups The group page allows creating editing and deleting...

Page 169: ...olicies Configuration page 3 Complete the fields from the table below and click Save Field Description Group Name Select the group you want to configure Disable Login Toggle ON to deny login access to the web management interface for all users in this user group Toggle OFF will allow users to log in Deny Login from Op tion Interface Toggle ON to deny login access to the web management interface fr...

Page 170: ...ase Groups tab Browser Policies 2 Click Add Browser Policies 3 Complete the fields from the table below and click Save Field Description Group Name Select the group you want to configure from the drop down menu Client Browser Select a web browser from the drop down menu Save Click Save at the bottom to save and activate your settings 4 Your policy will now be in the browser policies list By defaul...

Page 171: ...atabase Groups tab IP Policies 2 Click Add IP Policies 3 Complete the fields from the table below and click Save Field Description Group Name Select the group you want to configure from the drop down menu Source Address Type Select either Network to specify a IP network or IP Address to specify a specific IP address Network Address IP Address Enter the network address or IP address Mask Length If ...

Page 172: ... 3 Complete the fields from the table below and click Save Field Description User Name Enter the user name for this user This name is a unique identifier First Name Enter the user s first name Last Name Enter the user s last name Select Group Select the group you want to assign this user to from the drop down menu Password Enter a case sensitive login password that the user must specify at the log...

Page 173: ...me file can be uploaded to multiple DSR devices as needed Once uploaded the specific users in the local user database can be modified via the GUI as needed To import a user database 1 Click Security Authentication Internal User Database Get User DB tab 2 Click Browse and locate the file you want to upload Select it and click Open 3 Click Upload 4 Once completed go to Security Authentication Intern...

Page 174: ...Name FirstName LastName GroupName Password MultiLogin The above sample has fields that can assume the following values Username text field Name of the user and identifier in the DSR s database and so it must be unique in the local user database FirstName text field This is a user detail and need not be unique LastName text field This is a user detail and need not be unique GroupName text field The...

Page 175: ...IUS Server s Authentication Server Enter the IP address of your RADIUS server Authentication Port Enter the RADIUS authentication server port Secret Enter the secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Timeout Set the amount of time in seconds that the router should wait for a response from the RADIUS server Retries This det...

Page 176: ...r Field Description Server Checking Click it to test the connection s to your POP3 Server s Authentication Server Enter the IP address of your POP3 server Authentication Port Enter the POP3 authentication server port SSL Enable Toggle to ON to enable SSL support for POP3 If this option is enabled it is mandatory to select a certificate authority for it CA File Certificate Authority to verify POP3 ...

Page 177: ...he POP3 negotiation to verify the configured authentication server identity Each of the three configured servers can have a unique CA used for authentication To configure 1 Click Security Authentication External Auth Server POP3Trusted CA tab POP3 Trusted Server 2 Click Add CA File 3 Click Browse and select a CA file Click Open and then click Upload ...

Page 178: ...ur LDAP server 1 Click Security Authentication External Auth Server LDAP Server tab LDAP Server Field Description Server Checking Click it to test the connection s to your LDAP Server s Authentication Server 1 3 Enter the IP address of your primary LDAP server LDAP Attribute 1 4 These are attributes related to LDAP users configured in LDAP server These may include attributes like SAM account name ...

Page 179: ...ructure while the NT Domain server is limited to thousands The configured Authentication Servers and Active Directory domain s are used to validate the user with the directory of users on the external Windows based server This authentication option is common for SSL VPN client users and is also useful for IPsec PPTP L2TP client authentication To configure the router to connect to your AD server 1 ...

Page 180: ...ctory domain name s Timeout Set the amount of time in seconds that the router should wait for a response from the AD server Retries This determines the number of tries the controller will make to the AD server before giving up Administrator Account Enter the admin account information that will be used when authentication is required for PPTP L2TP connection Password Enter the admin password Save C...

Page 181: ...r information from the table below and click Save You can configure up to three servers Field Description Server Check Click it to test the connection s to your AD Server s Authentication Server 1 3 Enter the IP address of your NT server s Workgroup 1 3 Enter the NT workgroup name s Timeout Set the amount of time in seconds that the router should wait for a response from the AD server Retries This...

Page 182: ...uter to connect to your RADIUS server 1 Click Security Authentication Radius Accounting tab Radius Accounting Field Description Captive Portal Select the check box to enable the radius accounting for captive portal feature Radius Accounting Interim Interval The interim interval at which Radius Accounting Interim Update packets should be sent by the device The value should be in the range 300 3600 ...

Page 183: ...dress of the primary secondary and tertiary RADIUS server Accounting Port Enter the radius accounting server port for primary secondary and tertiary Radius Server Secret Enter the secret key that allows the device to log into the configured RADIUS server It must match the secret on RADIUS server Save Click Save at the bottom to save and activate your settings Cancel Click Cancel to revert to the p...

Page 184: ...earance of that page with specific text and images The wireless router supports multiple login and SLA pages Associate login page or SLAs on SSIDs or VLANs separately To add delete or edit login profiles 1 Click Security Authentication Login Profiles tab Login Profiles 3 Complete the fields from the table on the next page and click Save 2 Right click an entry and select either Edit or Delete To ad...

Page 185: ...ckground color The maximum size of the image is 100 kb Color Show background color on the page Use the radio buttons to select an image Header Background Image If you set Background to Image upload the image file by clicking Add Browse Select an image click Open and then click the Upload button The maximum size of the image is 100kb Header Background Upload Choose the file you want to upload Heade...

Page 186: ... disables changes to the footer content on the login page Footer Content If Change Footer Content is checked enter the text that appears in the footer Footer Font Color If Change Footer Content is checked select the color of the text that appears in the footer Save Click Save to activate your settings ...

Page 187: ...o add a new service route Services Route Management 3 This opens Service Route Management Configuration page Field Description Service Name Select the name of the Service that is being added Service Interface Select the name of the Service Interface In case of radius server it can be Primary Secondary orTertiary Route Interface Select the interface on which we are interested in sending the traffic...

Page 188: ...tion DUA External CPWeb DUA External CP Web 2 The fields present on this page are given below Field Description Enable Enable Disable DUA External CP Web Server DUA External CP URL Enter DUA External Server URL DUA CP Logout IP Enter CP logout IP to be configured Shared Secret Enter shared secret to be configured with respect to DUA server Server Status This will show the current status of DUA Ext...

Page 189: ...ic Filtering You may block access to certain Internet services To block or allow a service 1 Click Security Web Content Filter Static Filtering tab Static Filtering Web Content Filtering 2 Toggle Content Filtering to ON 3 Toggle the service to ON to block Toggle to OFF to allow 4 Click Save ...

Page 190: ...of the following URL s are permitted access from the LAN www dlink com support dlink com etc Importing exporting from a text or CSV file is also supported To add import export URLs to the approved list 1 Click Security Web Content Filter Static Filtering Approved URL tab Approved URL 2 To import a list from a text CSV file click Upload URLs List from File If you want to export the current list cli...

Page 191: ...e allowed by a trusted domain in the Approved URL List then access to that site will be allowed Import export from a text or CSV file is also supported To add import export URLs to the approved list 1 Click Security Web Content Filter Static Filtering Blocked URL tab Blocked URL 2 To import a list from a text CSV file click Upload URLs List from File If you want to export the current list click Ex...

Page 192: ... ON to enable dynamic filtering 3 Toggle any of the listed categories to ON to block Toggle to OFF to allow 4 All the fields present on this page are given in the table below 4 Click Save Field Description Non Managed Action This is an action to be taken for the Non Managed Site You may Allow or Block By default it is Allow Allow Override It allows the sites categorized under Blocked categories Ov...

Page 193: ...ical party Sports Sites about sports teams fan clubs and generally about all kinds of sports www E mail Sites Websites that allow users to send and or receive email through a web accessible email account Violence Undesirable Sites that promote violence militancy hatred racism or contain gory information Malicious Sites that are infected and sites that are used as a channel to distribute malwares S...

Page 194: ...feature and to configure the profiles for black listing or white listing the LAN clients or users from the configured static or dynamic filtering rules To add URLs to the URL Filtering Access Control list 1 Click Security Web Content Filter URL Filtering ACL URL Filtering ACL 2 Toggle Enable URL Filtering ACL to ON to enable URL filtering ACL 3 Selectanaction ChooseeitherBlackListorWhiteListoption...

Page 195: ...nterface IP Address Configure the IP Address of the client to be controlled in the ACL profile Start Address Configure the Start IP Address of the clients to be controlled in the ACL profile when the selected profile type is Range End Address Configure the End IP Address of the clients to be controlled in the ACL profile when the selected profile type is Range Interface Select the Interface from t...

Page 196: ...ddress is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to WAN rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure WAN On other hand the default outbound rule is to deny access from DMZ to ins...

Page 197: ...u select Single Address or Address Range you will need to enter the IP address or IP range Destination Hosts Select the host that will receive the traffic for this firewall rule If you select Single Address or Address Range you will need to enter the IP address or IP range Log Specify whether or not the packets for this rule should be logged To log details for all packets that match this rule sele...

Page 198: ...ngs These settings are required when the traffic is coming from the INSECURE WAN to the DMZ SECURE VLAN or SECURE LAN Destination Network Address Translation maps a public IP ad dress your WAN1 address WAN2 address or another address to an IP address on your private network Internal IP Address Specify an IP address of a machine on the Local Network which is hosting the server Enable Port Forwardin...

Page 199: ...les those with the most specific services or addresses to the top of the list To create a new bridge firewall rule 1 Click Security Firewall Firewall Rules Bridge Firewall Rules tab 2 The fields displayed on the Bridge Firewall Rules are given below Field Description Status It displays the status of the rule It can be Enabled active or Disabled configured but not in use Direction It displays the d...

Page 200: ...e this option for a rule that applies to traffic destined for one host Enter the IP address of the host in From box Address Range Choose this option for a rule that applies to traffic destined for a group of com puters devices within an IP address range To specify the range enter the first address in the From box and enter the final address in the To box Source MAC Select one of the following Any ...

Page 201: ...nformation To add delete or edit a schedule 1 Click Security Firewall Schedules 2 Right click an entry and select either Edit or Delete To add a new schedule click Add New Schedule Field Description Name Enter a name for your schedule Scheduled Days Select All Days or Specific Days Monday Sunday If you selected Specific Days toggle each day you want to ON ScheduledTime of Day Select All Day or Spe...

Page 202: ...st of clients MAC addresses that are blocked by the administrator 1 Click Security Firewall Blocked Clients 2 To add a new blocked client click Add New Blocked Clients Field Description MAC Address Enter the MAC address to be blocked Description Enter the reason or description for blocking Save Click Save to activate your settings ...

Page 203: ...onfiguration menu To add delete or edit a custom service 1 Click Security Firewall Custom Services 2 Right click an entry and select either Edit or Delete To add a new schedule click Add New Custom Service Field Description Name Enter a name for your custom service Type Enter the layer 3 protocol that the service uses TCP UDP BOTH ICMP or ICMPv6 PortType Select Port Range or Multiple Ports Source ...

Page 204: ...le Ports Destination Ports This field supports a list of source port numbers separated by comma for Port Type selected as Multiple Ports ICMP or ICMPv6Type This field is enabled when the layer 3 protocol in theType field is selected as ICMP or ICMPv6 The ICMP type is a numeric value that can range between 0 and 40 while for ICMPv6 the type ranges from 1 to 255 For a list of ICMP types visit the fo...

Page 205: ...eralTCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the...

Page 206: ... on a DMZ so that mail sent by remote SMTP servers will traverse the router to reach the local server Local users will then use email client software to retrieve their email from the local SMTP server SMTP is also used when clients are sending email and SMTP ALG can be used to monitor SMTP traffic originating from both clients and servers 1 Click Security Firewall ALGs SMTP ALGs tab 2 Toggle Statu...

Page 207: ...Approved Mail IDs This page lists all the available mail ids that are supposed to be allowed in the system 1 Click Security Firewall ALGs Approved Mail IDs tab 2 Right click an entry and select either Edit or Delete To add a new mail ID click Add New Approved Mail ID 3 Enter a mail ID and click Save ...

Page 208: ...LGs Blocked Mail IDs This page provides a list of mail ids that are to supposed to be blocked in the system 1 Click Security Firewall ALGs Blocked Mail IDs tab 2 Right click an entry and select either Edit or Delete To add a new mail ID click AddNewBlockedMail ID 3 Enter a mail ID and click Save ...

Page 209: ...g The table lists all the subjects and mail ids which are to be blocked or allowed 1 Click Security Firewall ALGs Mail Filtering tab 2 Right click an entry and select either Edit or Delete To add a new mail ID click Add New Mail Filter 3 Enter a subject and a mail ID 4 Select either Allow or Block 5 Click Save ...

Page 210: ...encryptedVPNtrafficforIPsec PPTP andL2TPVPNtunnel connections between the LAN and internet A specific firewall rule or service is not appropriate to introduce this passthrough support instead the options in the VPN Passthrough page must be toggled to ON 1 Click Security Firewall VPN Passthrough 2 Toggle the VPN protocol you want to allow to ON and click Save ...

Page 211: ...cific LAN IP or IP range As well ports are not left open when not in use thereby providing a level of security that port forwarding does not offer Note Port triggering is not appropriate for servers on the LAN since there i s a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receiv...

Page 212: ...ing Application Rules Status tab to see a list of rules and their status This page lists the application rules containing status open ports and expiry time for a particular rule Field Description LAN DMZ IP Address It displays the internal network IP address that triggered the application rule to be active and resulted in response ports being opened Open Ports It displays the incoming response por...

Page 213: ... This makes it less susceptible to discovery and attacks BlockTCP Flood If this option is toggled to ON the router will drop all invalid TCP packets and be protected from a SYN flood attack Filter Check If this option is enabled then router will drop invalid TCP packets FIN RST and ACK going with SNAT while the connection is closed Some of the other packets like TCP OUT OF WINDOW are also consider...

Page 214: ... Flood Detect Rate The rate at which the SYN Flood can be detected Echo Storm The number of ping packets per second at which the router detects an Echo storm attack from the WAN and prevents further ping traffic from that external address ICMP Flood The number of ICMP packets per second at which the router detects an ICMP flood attack from the WAN and prevents further ICMP traffic from that extern...

Page 215: ...T service WAN Host Select ANY to allow all hosts access or select Specify WAN IPs and enter IP addresses of hosts separate with a comma you want to grant access to Do not use spaces WAN Host Addresses Enter a comma separated list ofWAN IP addresses that must be allowed access to the Local Server in case Specify WAN IPs is selected as the WAN Host Only commas are allowed and there should be no spac...

Page 216: ...sion attempts from the WAN have been detected and prevented Note The DSR 150 150N routers do not support Intrusion Prevention System 1 Click Security Firewall IPS 2 Complete the fields from the table below and click Save Field Description Enable Intrusion Detection Toggle to ON to enable intrusion detection Enable Intrusion Prevention Toggle to ON to enable intrusion prevention LAN and WAN Toggle ...

Page 217: ... get visibility of all the functions related to the feature App Control Policy Application Control Policies Path Security App Control Policy Application Control Policies User can select particular app or can select a group to manage applications associated with that group This provides an administrator with more options to set up policies to control access to the applications for selected network ...

Page 218: ...l Policy List Policy Name It displays the name of the policy Action It displays the action which is to be taken on the policy rule PolicyType It displays the policy type whether it is Global or Feature APP Group Status It displays the status of the app or group 2 To add a new group click Add New Group Field Description Group Name Enter a unique name assigned to the Group Supported Apps The list sh...

Page 219: ...Select the network profile created on the Network Profile page Captive Portal Users Enable or disable Captive Portal option Enabling this option allows all Captive Portal clients to follow this policy User DB Enable or disable User DB field to select network users for controlling the selected application NetworkType Select either Groups or Users Available Groups Users Select users or groups in PPT...

Page 220: ...dd a new network profile Field Description Profile Name Enter a unique name to identify the Network Profile VLAN Enable or disable the VLAN option VLAN ID Select one or more VLAN IDs after enabling the VLAN option IP NetworkType Select a type of the IP Network from the dropdown list The options are None Single Network and Range IP Address Enter the IP address Subnet Mask Enter the subnet mask of t...

Page 221: ... Upgrade related fields 1 Click Security App Control Policy Application Control Auto Upgrade Field Description Package Version It Displays the current running Package Version Details The last update date will be displayed if the package is upgraded Auto Upgrade Enable or disable Auto Upgrade option Time Interval Enter the time interval to check for updated packages on the server Save Click Save to...

Page 222: ...ge the name of the router here 1 Click Maintenance Administration System Setting Maintenance 2 Complete the fields from the table given below and click Save Field Description Current System Name Displays the current name for the router New Name for System Enter a new name for the router Save Click to save and activate your settings ...

Page 223: ...nce Administration Date andTime 2 Complete the fields from the table below and click Save Field Description Current DeviceTime Displays the current date and time on the router Time Zone Select your time zone from the drop down menu Daylight Saving Toggle to ON to enable daylight saving time NTP Servers Toggle to ON to use NTP servers on the Internet NTP ServerType Select either Default or Custom t...

Page 224: ...t value for admin and guest logins 1 Click Maintenance Administration Session Settings 2 Complete the fields from the table below and click Save Field Description Administrator Enter the timeout value in minutes for the Administrator account Guest Enter the timeout value in minutes for the Guest account Save Click to save and activate your settings ...

Page 225: ...ture free for 90 days This option can be used for once only Licenses List License Model It displays the license model as it relates to the feature being added Activation Code It displays the activation code corresponding to this license Expires It displays the date of expiration Licenses can either have a fixed duration or are perpetual for the life of this router Activation Setup License Activati...

Page 226: ...hare Port Setup Enable USB Printer Toggle to ON to allow the USB printer connected to the router to be shared across the network Enable Sharing Select this option to allow the USB storage device connected to the router to be shared across the network Shared Port Enabled Interfaces List Interface Name Displays the name of the printer interface Enable Printer Displays if the printer is enabled or no...

Page 227: ... dedicated WAN mode load balancing mode or if the 3G USB device is not connected to router then the controls on this page will not be available To view any incoming messages 1 Click Maintenance Administration SMS Service Inbox tab 2 The following details are displayed Field Description S No Displays the serial number of the message Sender Displays the sender of the message Time Stamp Displays the ...

Page 228: ... message using the SMS service 1 Click Maintenance Administration SMS Service Create SMS tab 2 Complete the fields from the table below and click Send Message Field Description Receiver Enter the phone number of the intended receiver Text Message Enter the message you want to send Send Message Click to send your message Cancel Click to reset the fields ...

Page 229: ...e available for use after device reboot There are 2 types of installations supported by this feature 1 Manual Installation Upon selecting manual installation the user has to download the package which will then display the available languages that the router GUI now supports Note Only drivers provided by D Link can be used for manual installation A validation process will be performed during insta...

Page 230: ...ted to the Internet Here you can select the driver to update or install Manual Install User can upload the provided driver package for installation If you have downloaded a package click Browse and select that package Click Open and then click Install Install Click Install to install the newly selected driver package Install History It displays a list of installed and un installed packages 2 Compl...

Page 231: ...ge You can download language packs refer to Package Manager on page 215 and install them on the router Once you have downloaded a pack follow the steps below to install 1 Click Maintenance Administration Set Language 2 Select a loaded language pack from the drop down menu and click Save Set Language ...

Page 232: ...r VLAN what users can configure the router using the web GUI 1 Click Maintenance Administration Web GUI Management 2 Toggle Enable to ON and click Save 3 Click Add New Configuration 4 Enter a name for this configuration 5 Select either Single IP Address and enter the IP address of the computer device or VLAN Network and enter the VLAN ID that you want to allow access to the web GUI 6 Click Save ...

Page 233: ...HTTPS Port No Enter the port for HTTPS access The default port is 443 SSH Toggle ON to enable SSH Secure Shell protocol which can be used to access the CLI over the network from a remote host SNMP Toggle to ON to enable SNMP for remote management AccessType Select either All IP Addresses IP Address Range enter an IP range or Only Selected PC enter an IP address From IP Address Enter the starting I...

Page 234: ...l List on the router identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this router are provided to the SNMP community managers and also the SNMP version v1 v2c v3 for the trap 1 Click Maintenance Management SNMP tab SNMP User List 2 Right click a user and select Edit if you want to change the securit...

Page 235: ...d SNMPTrap 3 Complete the fields from the table below and click Save Field Description IP Address Enter the IP Address of the SNMP trap agent Port Enter the SNMP trap port to which the trap messages will be sent Community Enter the community string to which the agent belongs Most agents are configured to listen for traps in the Public community AuthenticationType Select the SNMP version used by th...

Page 236: ...d select either Edit or Delete To add a new trap click Add Access Control 3 Complete the fields from the table below and click Save Field Description IP Address Enter the IP Address of the SNMP agent Subnet Mask Enter the network mask used to determine the list of allowed SNMP managers Community Enter the community string to which the agent belongs Most agents are configured to listen for traps in...

Page 237: ...em Info tab SNMP System Info 2 Complete the fields from the table below and click Save Field Description SysContact Enter the name of the contact person for this router Examples admin John Doe SysLocation Enter the physical location of the router Example Rack 2 4th Floor SysName Enter a name given for easy identification of the router Save Click Save to activate your settings ...

Page 238: ...u can use this function to test connectivity between the router and another device on the network or the Internet 1 Click Maintenance Management Diagnostics NetworkTools tab Diagnostics Ping an IP Address Domain Name 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Ping The results will appear in the Command Output displa...

Page 239: ...he network path to a public host Up to 30 hops between this router and the destination will be displayed 1 Click Maintenance Management Diagnostics NetworkTools tab Using Traceroute 2 Under Command Output for Ping and Traceroute in the IP Address Domain Name field enter an IP address or domain name 3 Click Traceroute The results will appear in the Command Output display ...

Page 240: ...eb FTP Mail or any other server on the Internet 1 Click Maintenance Management Diagnostics NetworkTools tab Performing DNS Lookup 2 Under DNS Lookup in the Domain Name field enter an Internet name 3 ClickLookup TheresultswillappearintheCommandOutputdisplay Ifthehostordomainentryexists a response will appear with the IP address If the message Host Unknown appears the Internet name does not exist ...

Page 241: ...er capture session If the capture file size exceeds 1MB it is deleted automatically and a new capture file is created 1 Click Maintenance Management Diagnostics Capture Packets tab Capture Packets 2 Select an interface from the drop down menu 3 Click Start Trace The trace can be downloaded by clicking the Download button which will immediately begin the download to the browser s default download l...

Page 242: ...ic and dynamic routes for both IPv4 and IPv6 1 Click Maintenance Management Diagnostics System Check tab System Check 2 Click DisplayIPv4Table or DisplayIPv6Table The result will appear in the Command Output display If the route is set as private on the Static Route Configuration page Network Routing Static Route the Display IPv4 Table indicates Private routes table as shown below ...

Page 243: ...cription By Link Status With Power Saving by Link Status option toggled to ON the total power consumption by the LAN switch is dependent function of on the number of connected ports The overall current draw when a single port is connected is less than when all the ports are connected By Cable Length Detection With Length Detection State option toggled to ON the overall current supplied to a LAN po...

Page 244: ...e configured include IP and SNMP settings Time zone time date settings Device Password System name setting Upgrade firmware Backup and Restore configuration Device Reboot Factory Reset Device journey and Removing the device from the inventory list in the DNA App 1 Click Maintenance Management DDP Client DDP Client Field Description DDP Client When enabled DNA can configure the settings in DSR Save...

Page 245: ...ing the firmware upgrade do NOT try to go online turn off the DSR shut down your PC or interrupt the process in anyway until the operation is complete This should take only a minute or so including the reboot process Interrupting the upgrade process at specific points when the flash is being written to may corrupt the flash memory and render the router unusable without a low level process of resto...

Page 246: ...and click Maintenance Firmware Config Firmware Upgrade Using System PC tab Using System PC 3 Click Browse and locate the firmware file you downloaded Select it and click Open 4 Click Upgrade Note The upgrade process takes a few minutes Do not interrupt the upgrade or turn off the router otherwise you can damage the firmware Wait for the upgrade to complete before browsing any sites from your brows...

Page 247: ...ve 2 Plug the USB thumb drive into a USB port on the router 3 Log in to the router and click Maintenance Firmware Config Firmware Upgrade Using USB tab 4 Select the firmware file from the list and click Upgrade Note The upgrade process takes a few minutes Do not interrupt the upgrade or turn off the router otherwise you can damage the firmware Wait for the upgrade to complete before browsing any s...

Page 248: ...then use the file to restore the settings on the same router if something goes wrong or on a different router must be the same model that will replace the existing router Backup 2 To Download Debug Logs click Download You will be prompted to save a file with the extension tgz Select a safe location on your computer and save the file The settings will be saved in this file in theTar archive form 3 ...

Page 249: ...backup file 1 Click Maintenance Firmware Config Backup Restore 2 To Restore Config file from System PC click Browse and select the file Click Open and then click Restore 3 To Restore Config file from USB Port select the file in the list under the corresponding USB port and click Restore Restore ...

Page 250: ... this location 1 Click Maintenance Firmware Config Backup Restore Backup Settings tab Backup Settings 2 Toggle Backup Configuration to USB Automatically to ON to automatically save your configuration settings to a file on your USB storage device 3 Toggle Encrypt Configuration File to ON to encrypt the configuration file This will ensure confidential information like system username passwords are n...

Page 251: ...37 Section 9 Maintenance Soft Reboot Performing a soft reboot simply performs a power cycle 1 Click Maintenance Firmware Config Soft Reboot 2 Click Soft Reboot to reboot the router The Login page is displayed after the device reboots ...

Page 252: ...s that get restored include critical things you need to get online such as login password SSID IP addresses and wireless security keys 1 Click Maintenance Firmware Config Soft Reboot 2 Click Default The router will restart automatically after resetting to the factory default settings Note After restoring to the factory default settings the router s default LAN IP address is 192 168 10 1 the defaul...

Page 253: ...g messages that correspond to this facility would correspond to traffic through the firewall or network stack System Application and management level features available on this router for managing the unit Wireless This covers all AP related configuration and behavior logging related to wireless Network This covers log messages that correspond to network protocols VPN This covers log messages that...

Page 254: ... logging can be customized based on whether the logs are sent to the Event Log viewer in the web management interface the Event Log viewer is in the Status System Information All Logs Current Logs or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server 3 In Configuration Options for the facility t...

Page 255: ...h each network segment LAN WAN DMZ can be tracked based on whether the packet was accepted or dropped by the firewall Accepted Packets are those that were successfully transferred through the corresponding network segment i e LAN to WAN This option is particularly useful when the Default Outbound Policy is Block Always so you can monitor traffic that is passed through the firewall DroppedPacketsar...

Page 256: ...k Maintenance Log Settings Routing Logs IPv6 2 Complete the fields from the table below and click Save Field Description LAN to WAN Accepted Packets Toggle to ON to log accepted packets Dropped Packets Toggle to ON to log dropped packets WAN Accepted Packets Toggle to ON to log accepted packets Dropped Packets Toggle to ON to log dropped packets Save Click Save to activate your settings ...

Page 257: ... broadcast or multicast packets are sent to all possible destinations simultaneously One other useful log control is to log packets that are dropped due to configured bandwidth profiles over a particular interface This data will indicate to the admin whether the bandwidth profile has to be modified to account for the desired Internet traffic of LAN users 1 Click Maintenance Log Settings System Log...

Page 258: ...ide mail that is accepted by one of the configured send to addresses Up to three e mail addresses can be configured as log recipients In order to establish a connection with the configured SMTP port and server define the server s authentication requirements The router supports Login Plain no encryption or CRAM MD5 encrypted for the username and password data to be sent to the SMTP server Authentic...

Page 259: ...ction making them vulnerable CRAM MD5 A challenge response authentication mechanism defined in RFC 2195 based on the HMAC MD5 MAC algorithm CRAM MD5 offers a higher level of authentication than Login Plain User Name If Authentication with SMTP is set to Login Plain or CRAM MD5 enter the user name to be used for authentication Password If Authentication with SMTP is set to Login Plain or CRAM MD5 e...

Page 260: ...also lets you send configuration logs to three email recipients 1 Click Maintenance Log Settings Remote Logging and click Syslog tab 2 Complete the fields from the table on the next page and click Save Field Description Syslog Server 1 Toggle to ON to setup a Syslog server FQDN IP Address Enter the IP address or Internet Name of the Syslog server Facility Select which facility you want to log Refe...

Page 261: ...ield Description Mobile Number Enter a valid mobile number to receive SMS message WAN Up Down Toggle to On to receive SMS based on WAN UP Down event VPN Connect Disconnect Toggle to On to receive SMS whenever VPN tunnel connects or disconnects CPU Memory usage reaches Max limit Toggle to On to receive SMS whenever CPU and Memory utilization reaches to 50 and 80 respectively Save Click Save to save...

Page 262: ... traffic overview by bandwidth and packet information for WAN traffic Bandwidth Usage It displays bandwidth usage by network segment such as WAN or LAN The data is broken into by applications service such as HTTP HTTPS DNS SNMP and others VPNs It displays a chart of VPN traffic by bandwidth and number of tunnels CPU Utilization This section displays the router s processor statistics Traffic Inform...

Page 263: ...and Statistics Manage Dashboard To manage the dashboard 1 Click on the Manage Dashboard button 2 The following window will pop out and allow you to enable or disable the overview panels shown on the dashboard Toggle the panel to ON or OFF and click Save ...

Page 264: ...Series User Manual 250 Section 10 Status and Statistics System Path Status System Information Device System The System Info page displays the current system name firmware version hardware version and serial number ...

Page 265: ...SR Series User Manual 251 Section 10 Status and Statistics LAN Info Path Status System Information Device LAN The LAN Information page summarizes the LAN settings including MAC address IP address and link state ...

Page 266: ...D Link DSR Series User Manual 252 Section 10 Status and Statistics WAN1 Path Status System Information Device WAN1 The WAN1 Information page summarizes the WAN1 port settings ...

Page 267: ...D Link DSR Series User Manual 253 Section 10 Status and Statistics WAN2 Path Status System Information Device WAN2 The WAN2 Information page summarizes the WAN2 port settings ...

Page 268: ...nk DSR Series User Manual 254 Section 10 Status and Statistics WAN3 Path Status System Information Device WAN3 The WAN3 Information page summarizes the WAN3 settings Note WAN3 port exists only in DSR 1000AC ...

Page 269: ...k DSR Series User Manual 255 Section 10 Status and Statistics Wireless Path Status System Information Device Wireless The complete wireless network connection details are displayed on the Device Status page ...

Page 270: ...es to a file Field Description Facility Level It filters the logs based on the facility level selected Category It filters the logs based on the selected category Severity Level It filters the logs based on the selected severity level List of Current Logs The List of Current Logs window allows you to view configured log messages from the router as they appear Each log appears with a time stamp as ...

Page 271: ...57 Section 10 Status and Statistics USB Status Path Status System Information USB Status The USB Status page summarizes the USB devices connected to the router You may connect USB printer and USB storage device directly to the router ...

Page 272: ...rmation DHCP Leased Clients Path Status Network Information DHCP Leased Clients Three separated tabs display a list of clients whom get IP leased from the router LAN leased clients IPv6 leased clients and DMZ leased clients LAN Leased Clients IPv6 Leased Clients DMZ Leased Clients ...

Page 273: ...es User Manual 259 Section 10 Status and Statistics Path Status Network Information Captive Portal Sessions This page monitors the runtime authentication sessions that are active on your router Captive Portal Sessions ...

Page 274: ...tion 10 Status and Statistics Path Status Network Information Active Sessions This table lists the active Internet sessions through the router s firewall The session s protocol state local and remote IP addresses are shown Active Sessions ...

Page 275: ...he router s VPN associations connections Here the active VPN associations connections are listed along with the traffic details and tunnel state The traffic is a cumulative measure of transmitted received packets since the tunnel was established Active VPNs IPSec SAs PPTP VPN Connections L2TP VPN Connections SSL VPN Connections OpenVPN Connections GRE Tunnel Status ...

Page 276: ...DSR Series User Manual 262 Section 10 Status and Statistics Path Status Network Information Interfaces Statistics This page displays packet information on the LAN VLAN and WLAN interfaces Interface Statistics ...

Page 277: ... on this page Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to the corresponding AP The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Wireless Clients ...

Page 278: ...stics page displays the incrementing traffic statistics for each enabled access point This page will give a snapshot of how much traffic is being transmitted over each wireless link If you suspect that a radio orVAP may be down the details on this page would confirm if traffic is being sent and received through theVAP Wireless Statistics ...

Page 279: ...for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with the port up time If you suspect issues with any of the wired ports this table will help diagnose uptime or transmit level issues with the port The statistics table has auto refresh control which allows display of the most current port level...

Page 280: ...us and Statistics Path Status Network Information LAN Clients The LAN clients to the router are identified by an ARP scan through the LAN switch The NetBIOS name if available IP address and MAC address of discovered LAN hosts are displayed LAN Clients ...

Page 281: ...h Status Network Information Session Limiting Status This page monitors the runtime authentication or current sessions that are active on particular session limiting Profile with total sessions configured in the Profile with Profile Name and Source Session Limiting Status ...

Page 282: ...Protocol ARP packets to locate the router s LAN interface address 6 Launch your browser and ensure that Java JavaScript or ActiveX is enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded Close the browser and launch it again 7 Ensure that you are using the correct login information The factory default login name is admin and the password is admin Ensure...

Page 283: ...k your ISP if it checks for your PC s hostname 4 Ifyes selectNetwork Internet WAN1SettingsorWAN2settings SelectDHCPastheConnection Type and enter the Host Name of your ISP account 5 Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet and therefore checks for your PC s MAC address 6 Ifyes informyourISPthatyouhaveboughtanewnetworkdevice andaskthemtousethefirewall s MAC...

Page 284: ...ustconfiguredtherouter waitatleastfiveminutes selectMaintenance Administration Date and Time and recheck the date and time 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommended action 1 SelectMaintenance Administration DateandTimeandviewthecurrentdateandtimesettings 2 Enable or disable Da...

Page 285: ...ng you will see this message sequence Pinging IP address with 32 bytes of data Reply from IP address bytes 32 time NN ms TTL xxx If the path is not working you will see this message sequence Pinging IP address with 32 bytes of data Request timed out 5 If the path is not working Test the physical connections between PC and router If the LAN port LED is off go to the LED displays section on your Ins...

Page 286: ...ible in your PC s Network Control Panel Verify that the network subnet address of your PC is different from the network address of the remote device Verify that the cable or DSL modem is connected and functioning Ask your ISP if it assigned a hostname to your PC If yes select Network Internet WAN1 Settings or WAN2 settings select DHCP as the Connection Type and enter the Host Name Ask your ISP if ...

Page 287: ...the rear panel of the router press and hold the Reset button about 10 seconds until the test LED lights and then blinks Release the button and wait for the router to reboot 2 Iftherouterdoesnotrestartautomatically manuallyrestartittomakethedefaultsettingseffective 3 After a restore to factory defaults whether initiated from the configuration interface or the Reset button the following settings app...

Page 288: ...anging encryption keys in ISAKMP as part of building a VPN tunnel IPsec IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPsec operates in either transport mode encrypts payload but not packet headers or tunnel mode encrypts both payload and packet headers ISAKMP Internet Key Exchange Security Protocol Protocol for establishing sec...

Page 289: ...over the Internet with guaranteed reliability and in order delivery UDP User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery VPN Virtual private network Network that enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another Uses tunneling to encrypt all in...

Page 290: ...utosense Local Area Network LAN IP Address 192 168 10 1 IPv4 Subnet Mask 255 255 255 0 RIP Direction None RIP Version Disabled RIP Authentication Disabled DHCP Server Enabled DHCP Starting IP Address 192 168 10 2 DHCP Ending IP Address 192 168 10 100 Time Zone GMT Daylight Saving Time Disabled SNMP Disabled Remote Management Disabled Firewall Inbound Communication from Internet Disabled except Por...

Page 291: ...P_SERVER CU SEEME UDP CU SEEME TCP DNS UDP DNS TCP FINGER FTP HTTP HTTPS ICMP TYPE 3 ICMP TYPE 4 ICMP TYPE 5 ICMP TYPE 6 ICMP TYPE 7 ICMP TYPE 8 ICMP TYPE 9 ICMP TYPE 10 ICMP TYPE 11 ICMP TYPE 13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL AUDIO REXEC RLOGIN RTELNET RTSP TCP RTSP UDP SFTP SMTP SNMP TCP SNMP UDP SNMP TRAPS TCP SNMP TRAPS UDP SQL NET SSH TCP SSH UDP STRMWORKS TACACS T...

Page 292: ...xecuting DB update handler ERROR s DBUpdate event Table s opCode d rowId d DEBUG sqlite3QueryResGet failed Query s ERROR doDNS failed DEBUG Illegal invocation of ddnsView s ERROR doDNS failed DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result FAILED DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result SUCCESS DEBUG ddns SQL error s ERROR Write Old Entry s s s to s DEBUG Illegal opera...

Page 293: ... Query s ERROR Setting LED d d For s DEBUG sqlite3QueryResGet failed Query s ERROR l2tpEnable command string s DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap handling reboot scenario DEBUG failed to call ddns enable ERROR nimfAdvOptSetWrap INDICATOR d DEBUG ddns SQL error s ERROR nimfAdvOptSetWrap UpdateFlag d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap returning with status s DEBUG sqlite3...

Page 294: ...The user has deselected the configurable port DEBUG Could not de configure ISATAP Tunnel ERROR failed query s DEBUG nimfStatusUpdate updating NimfStatus failed ERROR failed query s DEBUG nimfStatusUpdate updating NimfStatus failed ERROR failed query s DEBUG nimfLinkStatusGet determinig link s status failed ERROR s DBUpdate event Table s opCode d rowId d DEBUG nimfLinkStatusGet opening status file ...

Page 295: ...TU size ERROR pListerAddr s DEBUG nimfOldFieldValueGet failed to get old ERROR pKeyBits s DEBUG nimfOldFieldValueGet user has changed MTU size ERROR pRootEnable s DEBUG nimfAdvOptSetWrap failed to get old Port Speed ERROR pRsaEnable s DEBUG nimfAdvOptSetWrap user has changed Port Speed ERROR pDsaEnable s DEBUG nimfAdvOptSetWrap failed to get old Mac Address ERROR pPassEnable s DEBUG nimfAdvOptSetW...

Page 296: ...n configuration DEBUG Failed to execute ethtool for ERROR removing s from bridge s s DEBUG Failed to execute switchConfig for port disable ERROR adding s to bridge d s DEBUG Failed to execute ifconfig for port disable ERROR restarting bridge DEBUG sqlite3QueryResGet failed ERROR switchConfig Ignoring event on port number d DEBUG sqlite3_mprintf failed ERROR restarting bridge DEBUG sqlite3QueryResG...

Page 297: ...EBUG Access port can be present only in single vlan ERROR Could not de configure 6to4 Tunnel Interface DEBUG Failed to execute vlanConfig binary for vlanId d ERROR failed to restart 6to4 tunnel interfaces DEBUG unknown vlan state ERROR BridgeConfig too few arguments to command s DEBUG Failed to execute vlanConfig binary for port number d ERROR BridgeConfig unsupported command d DEBUG Failed to cle...

Page 298: ...t failed DEBUG Failed to clear vlan for oldPVID d ERROR s no result found DEBUG Failed to execute vlanConfig binary for port number d ERROR s buffer overflow DEBUG Failed to clear vlan for d ERROR s value of s in s table is s DEBUG Failed to set vlan entry for vlan d ERROR s returning with status s DEBUG Failed to set vlan entries while enabling ERROR dnsResolverConfigure addressFamily d DEBUG Fai...

Page 299: ...BUG Can t kill xl2tpd ERROR pppoeMgmtTblHandler IdleTimeOutFlag d DEBUG xl2tpd restart failed ERROR pppoeMgmtTblHandler IdleTimeOutValue d DEBUG failed to get field value ERROR pppoeMgmtTblHandler UserName s DEBUG failed to get field value ERROR pppoeMgmtTblHandler Password s DEBUG sqlite3QueryResGet failed Query s ERROR pppoeMgmtTblHandler DNS specified s DEBUG sqlite3QueryResGet failed Query s E...

Page 300: ... DEBUG failed to get field value ERROR PID File for dhcpc found DEBUG failed to get field value ERROR pid d DEBUG unboundMgmt unable to open the ERROR pptpMgmtDBUpdateHandler query string s DEBUG writing options pptpd failed ERROR pptpMgmtDBUpdateHandler returning with status s DEBUG pptpdStop failed ERROR dhcpcReleaseLease dhcpc release command s DEBUG writing pptpd conf failed ERROR dhcpcMgmtTbl...

Page 301: ...tpEnable inet_aton failed ERROR l2tpMgmtTblHandler StaticIp s DEBUG pptpEnable inet_aton failed ERROR l2tpMgmtTblHandler NetMask s DEBUG pptpEnable spawning failed ERROR l2tpMgmtTblHandler SplitTunnel s DEBUG pptpDisable unable to kill ppp daemon ERROR needToStartHealthMonitor returning with status s DEBUG pptpMgmtTblHandler unable to get current MTU Option ERROR l2tpEnable command string s DEBUG ...

Page 302: ...blHandler dhcpc release failed ERROR l2tpDisable command string s ERROR dhcpcMgmtTblHandler dhcpc disable failed ERROR l2tpDisable unable to stop l2tp session ERROR dhcpcMgmtDBUpdateHandler failed query s ERROR l2tpMgmtTblHandler unable to get current MTU option ERROR dhcpcMgmtDBUpdateHandler error in executing ERROR l2tpMgmtTblHandler unable to get the Mtu ERROR DHCPv6 Client start failed ERROR l...

Page 303: ...eceived EAP Packet with code d DEBUG No phase 2 data or phase 2 data buffer NULL ERROR ERROR Response ID d DEBUG Allocating memory for PEAP Phase 2 payload ERROR ERROR Response Method d DEBUG TLS encrypting response ERROR ERROR Created EAP PEAP context OK DEBUG Setting message in fragment buffer ERROR ERROR Deleted EAP PEAP context OK DEBUG Allocating TLS read buffer is NULL ERROR ERROR Upper EAP ...

Page 304: ...Got PEAPv0 failure DEBUG eapWscProcessWscResp Invalid state d ERROR pCtx NULL DEBUG eapWscProcessWscResp Message processing failed 0x X ERROR Authenticator response check Error DEBUG eapWscProcessWscData Invalid notification recd d ERROR Authenticator response check Failed DEBUG unable to initialize MD5 ERROR MS CHAP2 Response AVP size u DEBUG MDString adpDigestInit for md5 failed ERROR Created EA...

Page 305: ... first fragment n DEBUG Invalid Value Size ERROR Got fragment n DEBUG Invalid MS Length Got d expected d ERROR Got last fragment DEBUG Error constructing response ERROR Got unfragmented message DEBUG Got type d expecting d ERROR Got frag ack DEBUG Cannot handle message opCode d ERROR Rcvd AVP Code u flags 0x x len u vendorId u DEBUG EAPAUTH_MALLOC failed ERROR MOD EAP method state from upper d dec...

Page 306: ...ing password hash Error DEBUG Writing message to BIO ERROR ERROR Generating challenge response Error DEBUG TLS handshake ERROR ERROR Conn cipher name s ver s s DEBUG Unexpected tlsGlueContinue return value ERROR Send req ptr 0x x Send resp ptr 0x x DEBUG NULL request or response PDU or NULL context ERROR Request ptr 0x x DEBUG Protocol version mismatch ERROR ERROR Response ptr 0x x DEBUG Creating ...

Page 307: ...CHAP not enabled in system configuration ERROR cmdBuf s DEBUG MSCHAP not enabled in system configuration ERROR X509_DEBUG Invalid Certificate for the generated DEBUG MSCHAPV2 not enabled in system configuration ERROR X590_ERROR Failed to create File s DEBUG PAP Token not enabled in system configuration ERROR x509TblHandler DEBUG EAP MD5 not enabled in system configuration ERROR pCertType s DEBUG E...

Page 308: ... ERROR EAPAUTH_MALLOC failed ERROR Wrong challenge length ERROR EAPAUTH_MALLOC failed ERROR Incorrect password change version value ERROR eapTimerCreate failed ERROR Error generating password hash ERROR eapCtxDelete pCtx NULL ERROR Error generating password hash ERROR eapRole EAP_ROLE_PEER or EAP_ROLE_ AUTHENTICATOR ERROR Error encrypting password hash with block ERROR pEapCtx NULL or pPDU NULL ER...

Page 309: ...ts ERROR Memory allocation failed ERROR eapTimerCreate Currently unsupported for Peer role ERROR Query s ERROR eapTimerStart Currently unsupported for Peer role ERROR Invalid Sign Key Length d ERROR eapTimerDestroy Currently unsupported for Peer role ERROR Invalid Hash Alg d ERROR eapTimerCancel Currently unsupported for Peer role ERROR Invalid Sign Alg d ERROR eapTimerHandler Currently unsupporte...

Page 310: ...onth DEBUG radPairGen Attribute d has invalid length ERROR Printing the whole list after inserting DEBUG radPairValue unknown attribute type d ERROR s at d minute d hour d dayOfMonth d month DEBUG radPairValueLen unknown attribute type d ERROR email logs No logging events enabled DEBUG radPairLocate Attribute d has invalid length ERROR s DEBUG radPairUnpackDefault Unknown Attribute d ERROR Mail se...

Page 311: ...sqlite3QueryResGet failed ERROR Added Server s d with DEBUG empty result nRows d nCols d ERROR Default Timeout Set to d DEBUG sqlite3QueryResGet failed ERROR Default Retry Count Set to d DEBUG empty result nRows d nCols d ERROR s s d DEBUG RADIUS Accounting Exchange Failed ERROR Deleting Server s d with DEBUG Unable to set debug for radAcct ERROR Adding RowId d to Server s d with DEBUG Unable to s...

Page 312: ...RROR Next Synchronization after DEBUG Invalid username or password ERROR Next Synchronization after DEBUG Unable to set debug for radAuth ERROR Next Synchronization after d DEBUG Unable to set debug level for radAuth ERROR Primary is not available DEBUG ERROR option value not specified ERROR Secondary is not available DEBUG Unable to initialize RADIUS ERROR Invalid value for use default servers DE...

Page 313: ...UMI context ERROR umiRegister x x x x DEBUG Failed to create recvSem for UMI context ERROR srcId d s destId d s cmd d inLen d outLen d DEBUG Failed to create mutex locks for UMI context ERROR waiting for reply Giving Up DEBUG Failed to create mutex recvQLock for UMI context ERROR No request in the list after semTake DEBUG Invalid arguments to umiIoctl ERROR reply timeout DEBUG could not find the d...

Page 314: ... executing s DEBUG Invalid Security Level ERROR s returned status d DEBUG Invalid Authentication Algorithm ERROR s returned status d DEBUG Invalid Privacy Algorithm ERROR snmpd conf not found DEBUG Invalid Argument ERROR SNMP_DEBUG Fwrite Successful DEBUG Failed to allocate memory for engineID ERROR SNMP_DEBUG Fwrite failed DEBUG SNMP_DEBUG Failed to get host address ERROR radPairGen received unkn...

Page 315: ...top failed ERROR no component id matching s ERROR failed to create open RADVD configuration file s ERROR umiIoctl s UMI_CMD_DB_UPDATE d failed ERROR Restoring old configuration ERROR sqlite3_mprintf failed ERROR failed to write update RADVD configuration file ERROR sqlite3_mprintf failed ERROR upnpDisableFunc failed ERROR no component id matching s ERROR upnpEnableFunc failed ERROR umiIoctl s UMI_...

Page 316: ...DEBUG Disabling Content Filter for d DEBUG Email alert in traffic meter enabled DEBUG Enabling Content Filter for d DEBUG Traffic Meter Monthly limit d MB has been DEBUG src firewall linux user firewalld c 59 undef ADP_DEBUG2 DEBUG Traffic Metering Adding rule to drop all traffic DEBUG src firewall linux user firewalld c 61 define ADP_DEBUG2 printf DEBUG Traffic Metering sabling Email traffic DEBU...

Page 317: ...tack check for TCP Flood DEBUG Enabling Firewall Rules for Auto Failover DEBUG Enabling attack check for UDP Flood DEBUG Deleting BlockSites Keyword DEBUG Enabling attack check for IPsec DEBUG Enabling BlockSites Keyword DEBUG Enabling attack check for PPTP DEBUG Disabling BlockSites Keyword DEBUG Enabling attack check for L2TP DEBUG Updating BlockSites Keyword from DEBUG Enabling attack check for...

Page 318: ...ion Settings DEBUG Adding host s to s group DEBUG Restarting IPv6 Firewall Rules DEBUG Enabling Keyword blocking for s keyword DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Disabling keyword Blocking for s keyword DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Deleting trusted domain with keyword s DEBUG Enabling Port Trigger Rule for d d d d d DEBUG Adding s keyword to trusted domain...

Page 319: ...s DEBUG Route addition failed Network Unreachable DEBUG Enabling WAN DMZ rules DEBUG Route addition failed Network is down DEBUG Restarting DMZ rule having s address with s address DEBUG Route addition failed DEBUG Enabling LAN DHCP relay DEBUG Failed to add rule in iptables DEBUG OneToOneNat configured successfully DEBUG Failed to delete rule from iptables DEBUG OneToOneNat configuration failed D...

Page 320: ... of s ERROR RIPng disabled DEBUG Illegal invocation of s ERROR RIPng enabled DEBUG xlr8NatMgmtTblHandler failed query s ERROR Disable IPv6 firewall rule DEBUG Could not open file s ERROR Enable IPv6 firewall rule DEBUG Rip Error Command Too Long ERROR Deleting IGMP proxy rule DEBUG No authentication for Ripv1 ERROR Enable IGMP proxy rule DEBUG Invalid Rip Direction ERROR Restarting IGMP rule DEBUG...

Page 321: ...EBUG WDS Profile s not found ERROR ran query s DEBUG Failed to initalize WPS on s ERROR sing VAP instance s DEBUG failed to get profile s ERROR VAP s set Short Preamble failed DEBUG could not initialize MGMT framework ERROR VAP s set Short Retry failed DEBUG could not initialize MGMT framework ERROR VAP s set Long Retry failed DEBUG dot11VapBssidUpdt SQL error s ERROR Decrypting context with key s...

Page 322: ...apped re generating DEBUG umiIoctl UMI_COMP_KDOT11 d d failed ERROR Got PNAC_EVENT_PREAUTH_SUCCESS event for s DEBUG UDP failed received Length is d ERROR event for non existent node s DEBUG umiIoctl UMI_COMP_KDOT11 ERROR PNAC_EVENT_EAPOL_START event received DEBUG umiIoctl UMI_COMP_UDOT11 d d ERROR PNAC_EVENT_EAPOL_LOGOFF event received DEBUG umiIoctl UMI_COMP_KDOT11 d d ERROR PNAC_EVENT_REAUTH e...

Page 323: ... size d DEBUG src dot11 iapp iappLib c 1803 ADP_ERROR ERROR WPA version 2x 2x not supported DEBUG failed created dot11dLock ERROR Unable to obtain IE of type d DEBUG failed initialize profile library ERROR PTK state changed from s to s DEBUG failed to create cipher contexts ERROR using PMKSA from cache DEBUG unable to register to UMI ERROR PTK GK state changed from s to s DEBUG could not create MI...

Page 324: ...ion of WPS EAP Profile failed ERROR pnacKernNotifier invalid PAE configuration DEBUG unsupported command d ERROR From pnacEapDemoAuthRecv unsupported response DEBUG device s not found ERROR From pnacEapDemoAuthRecv invalid codes received DEBUG unsupported command d ERROR From pnacRadXlateDemoRecv received unknown DEBUG dot11NodeAlloc failed ERROR From pnacRadXlateDemoRecv invalid codes received DE...

Page 325: ... DEBUG unknow cipher type d ERROR pnacSuppInit using defualt pnacSuppParams DEBUG umiIoctl UMI_COMP_IAPP d failed ERROR Error from pnacCombinedStMachTriggerFunc DEBUG invalid media value d ERROR Error from pnacCombinedStMachTriggerFunc DEBUG invalid mediaOpt value d ERROR Error from pnacCombinedStMachTriggerFunc DEBUG invalid mode value d ERROR Error from pnacCombinedStMachTriggerFunc DEBUG dot11P...

Page 326: ... packet received ERROR doing pnacTxRspId 1st cond DEBUG wpaAuthRecvKeyReq keyDataLength not zero ERROR doing pnacTxRspId entering 2nd cond DEBUG wpaAuthRecvKeyReq mic check failed ERROR from pnacTxRspId code d identifier d length d DEBUG invalid OUI x x x ERROR doing pnacTxRspId 2nd cond DEBUG s invalid OUI x x x ERROR doing pnacTxRspAuth 1st cond DEBUG s d Cipher in WPA IE x ERROR doing pnacTxRsp...

Page 327: ... arguments ERROR pnacIfConfig autoAuth Enabled DEBUG pnacPhyPortParamSet Failed to create socket ERROR pnacSendRtn no pnac port pae found for DEBUG Error from pnacPhyPortParamSet s device invalid ERROR sending portStatus s d to dot11 DEBUG Error from pnacPhyPortParamSet s Getting MAC address ERROR pnacRecvASInfoMessage Rkey of length d set DEBUG pnacPhyPortParamSet Failed to add 802 1X multicast E...

Page 328: ...lateRadPktIntegrityChk no message ERROR pnacPortPaeDeconfig kpnacPortPaeDeco nfig failed kpnacPortPaeDeconfig failed WARN Error from pnacRadXlateRadPktIntegrityChk ERROR pnacBackAuthSuccess failed to notify the destination WARN From pnacRadXlateRadChalPktHandle no encapsulated eap ERROR could not initialize MGMT framework ERROR Error from pnacRadXlateRadChalPktHandle malloc for eap ERROR umiInit f...

Page 329: ...t incorrect buffer length ERROR Failed to initiate PIN based association PIN s ERROR PNAC user component id not set ERROR Failed to initiate PBC based enrolle association ERROR pnacKeyInfoGet failed to allocate buffer ERROR Invalid association mode Allowed modes PIN PBC ERROR PNAC user comp id not set dropping EAPOL key pkt ERROR wpsEnable running wsccmd failed ERROR pnacUmiPortPaeParamSet invalid...

Page 330: ...AuthInit pnacAuthPAEInit failed ERROR Invalid Cipher type d ERROR Error from pnacAuthInit pnacAuthKeyTxInit failed ERROR Profile supports WEP stas Group cipher must be WEP ERROR Error from pnacAuthInit pnacReauthTimerInit failed ERROR Profile s does not exist ERROR Error from pnacAuthInit pnacBackAuthInit failed ERROR Profile s does not exist ERROR Error from pnacAuthInit pnacCtrlDirInit failed ER...

Page 331: ...pHmacInit failed ERROR sqlite3QueryResGet failed ERROR pnacUmiIoctlHandler invalid cmd d ERROR Error in executing DB update handler ERROR pnacEapRadAuthSend Invalid arguments ERROR sqlite3QueryResGet failed ERROR pnacEapRadAuthSend failed to allocate inbuffer ERROR ERROR incomplete DB update information ERROR pnacXmit umiIoctl failed d ERROR old values result does not contain 2 rows ERROR pnacPDUF...

Page 332: ...nfigure port ERROR s VAP s create failed ERROR pnacUmiPhyPortDestroy Invalid config data ERROR sqlite3QueryResGet failed ERROR pnacUmiPhyPortDestroy Invalid config data ERROR invalid query result ncols d nrows d ERROR pnacUmiPhyPortDestroy Failed to destroy the port ERROR Invalid config data ERROR Facility Kernel Log Message Severity Log Message Severity DNAT multiple ranges no longer supported DE...

Page 333: ...G s d wrong length code 0x X DEBUG ifmedia_set no match for 0x x 0x x DEBUG s d short packet len d __FUNCTION__ DEBUG ifmedia_set target DEBUG s d bad sequence number d expected d DEBUG ifmedia_set setting to DEBUG s d bad sequence number d expected d DEBUG ifmedia_ioctl no media found for 0x x DEBUG PPPIOCDETACH file f_count d DEBUG ifmedia_ioctl switching s to dev name DEBUG PPP outbound frame n...

Page 334: ...LINE__ DEBUG PASS DEBUG t R s 0x 0x 0x 08x 08x status ERROR page addr uint32_t pValue 32 uint32_t pValue 0xffffffff DEBUG u of u 802 11i WEP test vectors passed pass total DEBUG t W s 0x 0x 0x 08x 08x status ERROR page addr uint32_t value 32 uint32_t value 0xffffffff DEBUG s 0x p len u tag p len DEBUG s mac_add 02X 02X 02X 02X 02X 02X dev name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 DEBUG 03d i ...

Page 335: ...cate skbuff DEBUG UDP bad checksum From d d d d d to d d d d d ulen d DEBUG tkip enmic failed DEBUG s lookup policy list found s DEBUG enmic botch length mismatch DEBUG s called output START __FUNCTION__ DEBUG enmic botch DEBUG s flow dst s __FUNCTION__ XFRMSTRADDR fl fl4_dst family DEBUG tkip encap failed DEBUG s flow src s __FUNCTION__ XFRMSTRADDR fl fl4_src family DEBUG encrypt phase1 botch DEB...

Page 336: ...olicy list found s DEBUG s no skbuff __func__ DEBUG s called output START __FUNCTION__ DEBUG s hardware error resetting dev name DEBUG s flow dst s __FUNCTION__ XFRMSTRADDR fl fl4_dst family DEBUG s rx FIFO overrun resetting dev name DEBUG s flow src s __FUNCTION__ XFRMSTRADDR fl fl4_src family DEBUG s unable to reset hardware s HAL status u DEBUG s flow dst s __FUNCTION__ XFRMSTRADDR fl fl6_dst f...

Page 337: ...gister local out hook DEBUG s no buffer s dev name __func__ DEBUG ip_nat_init can t register local in hook DEBUG s no skbuff s dev name __func__ DEBUG ipt_hook happy cracking DEBUG s HAL qnum u out of range max u DEBUG ip_conntrack can t register pre routing defrag hook DEBUG grppoll_start grppoll Buf allocation failed DEBUG ip_conntrack can t register local_out defrag hook DEBUG s HAL qnum u out ...

Page 338: ...23 ip_nat_mangle_tcp_packet DEBUG radio d d ah ah_analog5GhzRev 4 DEBUG ip_nat_h323 ip_nat_mangle_udp_packet DEBUG s Use hw queue u for s traffic DEBUG ip_nat_h323 out of expectations DEBUG s Use hw queue u for CAB traffic dev name DEBUG ip_nat_h323 out of RTP ports DEBUG s Use hw queue u for beacons dev name DEBUG ip_nat_h323 out of TCP ports DEBUG Could not find Board Configuration Data DEBUG ip...

Page 339: ...o d spi d pPktInfo proto pPktInfo spi DEBUG SEQ u ACK u DEBUG IPSEC_INF Clock skew detected DEBUG WINDOW u ntohs th window DEBUG IPSEC_ERR s d Max d No of SA Limit reached DEBUG RES 0x 02x u8 ntohl tcp_flag_word th TCP_RESERVED_BITS 22 DEBUG IPSEC_ERR s d Max d No of SA Limit reached DEBUG URGP u ntohs th urg_ptr DEBUG IPSEC_ERR s d time secs u DEBUG TRUNCATED DEBUG ERROR Failed to add entry to IP...

Page 340: ...UG MAC DEBUG for s DEVICE refcnt d pDst dev name DEBUG 02x c p DEBUG s Got Null m p m p sa p sa p __func__ ppBufMgr DEBUG NAT no longer support implicit source local NAT DEBUG s Got Deleted SA p state d __ func__ pIPsecInfo pIPsecInfo state DEBUG NAT packet src u u u u dst u u u u DEBUG s s fmt __FILE__ __FUNCTION__ args INFO SNAT multiple ranges no longer supported DEBUG s s fmt __FILE__ __FUNCTI...

Page 341: ...char m msg_iov i iov_ base j DEBUG Unloading ifDev module INFO 02X skb data i DEBUG ERROR d in alloc_chrdev_region result INFO KERN_EMERG THE value read is d value DEBUG ERROR d in cdev_add result INFO KERN_EMERG Factory Reset button is pressed DEBUG using bcm switch s bcmswitch INFO KERN_EMERG Returing error in INTR registration DEBUG privlegedID d wanporttNo d privlegedID wanportNo INFO KERN_EME...

Page 342: ...DEBUG s driver unloaded dev_info INFO pre hashed key key DEBUG wlan s backend registered be iab_name INFO const char descr krb5_keyblock k DEBUG wlan s backend unregistered INFO 128 bit AES key dk DEBUG wlan s acl policy registered iac iac_name INFO 256 bit AES key dk DEBUG wlan s acl policy unregistered iac iac_name INFO WARNING DEBUG s s dev_info version INFO bwMonMultipathNxtHopSelect checking ...

Page 343: ...NFO Oops AES_GCM_encrypt failed keylen u key cvm_keylen DEBUG s unloaded dev_info INFO Oops AES_GCM_decrypt failed keylen u key cvm_keylen DEBUG failed to create procfs entry INFO s msg DEBUG ICMP u u u u INFO 02x s data i DEBUG ICMP u u u u Source INFO Failed to set AES encrypt key DEBUG Wrong address mask u u u u from INFO Failed to set AES encrypt key DEBUG Redirect from u u u u on s about INFO...

Page 344: ...u fname opt_len WARNING DES Hardware Test DEBUG s options rejected o 0 02x o 1 02x WARNING DES Hardware Test s desHardTest 0 Failed Passed DEBUG s wrong options length u WARNING SHA Software Test DEBUG s options rejected o 0 02x o 1 02x WARNING SHA Software Test s shaSoftTest 0 Failed Passed DEBUG s don t know what to do o 5 02x WARNING SHA Hardware Test DEBUG s wrong options length u fname opt_le...

Page 345: ...d ratekbps u mode u WARNING REG Size 32 Bit DEBUG s no rates for s WARNING Value x At Page x Addr x DEBUG no rates yet mode u sc sc_ curmode WARNING REG Size 64 Bit DEBUG u u u u sent an invalid ICMP WARNING REG Size is not in 8 16 32 64 DEBUG dst cache overflow WARNING Written Value x At Page x Addr x DEBUG Neighbour table overflow WARNING bcm_ioctl Unknown Ioctl Case DEBUG host u u u u if d igno...

Page 346: ... s cannot map channel to mode freq u flags 0x x DEBUG ip_conntrack_in Frag of proto u hook u ERROR ic_get_currentCountry not initialized yet DEBUG Unable to register netfilter socket option ERROR Country ie is c c c DEBUG Unable to create ip_conntrack_hash ERROR s wrong state transition from d to d DEBUG Unable to create ip_conntrack slab cache ERROR s wrong state transition from d to d DEBUG Unab...

Page 347: ... comp pkt ERROR d tDescp t t s j ni node_trace i descp DEBUG PPP no memory comp pkt ERROR d tValue t t llu 0x llx j ni node_trace i value DEBUG ppp compressor dropped pkt ERROR ifmedia_add null ifm DEBUG PPP no memory fragment ERROR Adding entry for DEBUG PPP VJ uncompressed error ERROR ifmedia_set no match for 0x x 0x x DEBUG ppp_decompress_frame no memory ERROR ifmedia_set target DEBUG ppp_mp_re...

Page 348: ... pkt ERROR s No device __func__ DEBUG ppp compressor dropped pkt ERROR ath_ahb No devices found driver not installed DEBUG PPP no memory VJ comp pkt ERROR PKTLOG_TAG s proc_dointvec failed __ FUNCTION__ DEBUG PPP no memory comp pkt ERROR PKTLOG_TAG s proc_dointvec failed __ FUNCTION__ DEBUG PPP no memory fragment ERROR s failed to register sysctls proc_name DEBUG PPP VJ uncompressed error ERROR PK...

Page 349: ...al reset s __func__ DEBUG s s d BAD TUNNEL MAGIC ERROR OS_CANCEL_TIMER failed DEBUG socki_lookup socket file changed ERROR s unable to allocate channel table __func__ DEBUG s s d BAD TUNNEL MAGIC ERROR s unable to collect channel list from hal DEBUG s s d BAD SESSION MAGIC ERROR s cannot map channel to mode freq u flags 0x x DEBUG s s d BAD TUNNEL MAGIC ERROR s unable to reset channel u uMhz DEBUG...

Page 350: ... x 0x x 0x p 0x x 0x x 0x x 0x x DEBUG proc entry delete failed ERROR 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x DEBUG proc entry initialization failed ERROR s unable to allocate device object __func__ DEBUG testCompHandler received s from d char pInBuf ERROR s unable to attach hardware HAL status u DEBUG UMI proto registration failed d ret ERROR s HAL ABI msmatch DEBUG AF_UMI registration fa...

Page 351: ..._func__ des_key_len ERROR Inteference detected DEBUG s Wrong parameters d __func__ des_key_len ERROR rx_clear d rx_frame d tx_frame d DEBUG s Wrong Key Length d __func__ des_key_len ERROR s resume beacon xmit after u misses DEBUG s Wrong parameters __func__ ERROR s stuck beacon resetting bmiss count u DEBUG s Wrong Key Length __func__ ERROR EMPTY QUEUE DEBUG s Wrong parameters __func__ ERROR SWRIn...

Page 352: ...gister interrupt handler ERROR HAL AC u out of range max zu DEBUG registering char device failed ERROR HAL AC u out of range max zu DEBUG unregistering char device failed ERROR s unable to update hardware queue u DEBUG s d ERROR non NULL node pointer in p p s ERROR Multicast Q DEBUG s d ERROR non NULL node pointer in p p s ERROR p buf DEBUG can t alloc name s name ERROR buf flags 0x 08x buf bf_fla...

Page 353: ...I ERROR WARNING 10 minute CAC period as channel is a weather radar channel DEBUG The system is going to factory defaults CRITICAL s disable detects __func__ DEBUG s msg CRITICAL s enable detects __func__ DEBUG 02x data i CRITICAL s disable FFT val 0x x __func__ val DEBUG Inside crypt_open in driver CRITICAL s enable FFT val 0x x __func__ val DEBUG Inside crypt_release in driver CRITICAL s debug le...

Page 354: ...not called DEBUG ESP DONE p p sav m CRITICAL s no memory for cwm attach __func__ DEBUG ESP BAD p p sav m CRITICAL s error acw NULL Possible attach failure __func__ DEBUG Bug in ip_route_input_slow CRITICAL s unable to abort tx dma __func__ DEBUG Bug in ip_route_input_slow CRITICAL s no memory for ff attach __func__ DEBUG Bug in ip_route_input CRITICAL Failed to initiate PBC based enrolle associati...

Page 355: ...User Manual 341 Appendix E RJ 45 Pin outs Appendix E RJ 45 Pin outs Signal RJ 45 Cable Adapter Signal RJ 45 PIN DB 9 PIN CTS NC NC NC DTR NC NC NC TxD 6 3 RxD GND 5 5 GND GND 4 5 GND RxD 3 2 TxD DSR NC NC NC RTS NC NC NC ...

Page 356: ... 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 40 48 36 44 4 Singapore 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 52 56 60 64 149 153 157 161 165 40 48 56 64 153 161 36 44 52 60 149 157 5 Sweden 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 40 48 36 44 6 Taiwan 2 4Ghz 1 2 3 4 5 6 7 8 9 10 1...

Page 357: ...embourg 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 40 48 36 44 18 South Africa 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 40 48 36 44 19 United Kingdom 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 40 48 36 44 20 Ireland 2 4Ghz 1 2 3 4 5 6 7 8 9 1...

Page 358: ... 4 5 6 7 8 9 5 Ghz 36 40 44 48 149 153 157 161 165 40 48 153 161 36 44 149 157 27 Canada 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 5 6 7 8 9 10 11 1 2 3 4 5 6 7 5 Ghz 36 40 44 48 149 153 157 161 165 40 48 153 161 36 44 149 157 28 China 2 4Ghz 1 2 3 4 5 6 7 8 9 10 11 12 13 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 5 Ghz 36 40 44 48 149 153 157 161 165 40 48 153 161 36 44 149 157 ...

Page 359: ...dio TV technician for help FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This ...

Page 360: ...e compliance requirements please follow operation instruction as documented in this manual This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range Europe EU Declaration of Conformity This device complies with the essential requirements of the R TTE Directive 1999 5 EC The following test methods have been applied in order to prove presumption of conformity with the es...

Page 361: ...t power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHz For detailed information the enduser should contact the national spectrum authority in France This device is a 5 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries under the following conditions and or with the following restrictions This device may only be used indo...

Page 362: ...ΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ Français French Par la présente D Link Corporation déclare que l appareil DSR 1000N est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Italian Con la presente D Link Corporation dichiara che questo DSR 1000N è conforme ai requisiti essenziali ed alle altre ...

Page 363: ...ločili direktive 1999 5 ES Slovensky Slovak D Link Corporation týmto vyhlasuje že DSR 1000N spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999 5 ES Suomi Finnish D Link Corporation vakuuttaa täten että DSR 1000N tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen Svenska Swedish Härmed intygar D Link Corporation...

Page 364: ...tion exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received inc...

Page 365: ...ctromagnetic compatibility and Radio spectrum Matters ERM Wideband transmission systems Data transmission equipment operating in the 2 4 GHz ISM band and using wide band modulation techniques Harmonized EN covering essential requirements under article 3 2 of the R TTE Directive EN 301 489 17 V1 3 2 2008 04 and EN 301 489 1 V1 8 1 2008 04 Electromagnetic compatibility and Radio spectrum Matters ERM...

Page 366: ...ΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ Français French Par la présente D Link Corporation déclare que l appareil DSR 500N est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Italian Con la presente D Link Corporation dichiara che questo DSR 500N è conforme ai requisiti essenziali ed alle altre di...

Page 367: ...i direktive 1999 5 ES Slovensky Slovak D Link Corporation týmto vyhlasuje že DSR 500N spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999 5 ES Suomi Finnish D Link Corporation vakuuttaa täten että DSR 500N tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen Svenska Swedish Härmed intygar D Link Corporation att de...

Page 368: ... subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation RSS GEN 7 1 4 User Manual for Transmitters with Detachable Antennas The user manual of transmitter devices equipped with detachable antennas shall contain the following information in a conspicuou...

Page 369: ...of the original design of the certified lower power frequency electric machinery Article 14 The application of low power frequency electric machineries shall not affect the navigation safety nor interfere a legal communication if an interference is found the service will be suspended until improvement is made and the interference no longer exists Canadian Department of Communications Industry Cana...

Page 370: ... below with the maximum permissible gain and required antenna impedance for each antenna type indicated Antenna types not included in this list having a gain greater than the maximum gain indicated for that type are strictly prohibited for use with this device Le présent émetteur radio Model DSR 250N a été approuvé par Industrie Canada pour fonctionner avec les types d antenne énumérés ci dessous ...

Page 371: ...the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE FCC Radiation Exposure ...

Page 372: ...ompatibility EMC standard for radio equipment and services Part 1 Common technical requirements EN 301 489 17 V2 1 1 2009 05 Electromagnetic compatibility and Radio spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for radio equipment Part 17 Specific conditions for Broadband Data Transmission Systems This device is a 2 4 GHz wideband transmission system transceiver intended for use ...

Page 373: ...ite dalla direttiva 1999 5 CE Latviski Latvian Ar šo name of manufacturer izgatavotāja nosaukums deklarē ka type of equipment iekārtas tips atbilst Direktīvas 1999 5 EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem Lietuvių Lithuanian Šiuo manufacturer name deklaruoja kad šis equipment type atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Nederlands Dutch Hierb...

Page 374: ...ter This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body Déclaration d exposition aux radiations Le dispositif rencontre l exemption des limites courantes d évaluation dans la section 2 5 de RSS 102 et la conformité à l exposition de RSS 102 rf utilisateurs peut obtenir l information canadienne sur l exposition et la conformit...

Page 375: ...for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Operation of this device is restricted to indoor use only IM...

Page 376: ...nce entre la source de rayonnement et votre corps This radio transmitter IC 4216A SR500ACA1 has been approved by Industry Canada to operate with the antenna types listed below with the maximum permissible gain indicated Antenna types not included in this list having a gain greater than the maximum gain indicated for that type are strictly prohibited for use with this device Cet émetteur radio IC 4...

Page 377: ...for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Operation of this device is restricted to indoor use only IM...

Page 378: ...ce entre la source de rayonnement et votre corps This radio transmitter IC 4216A SR1000ACA1 has been approved by Industry Canada to operate with the antenna types listed below with the maximum permissible gain indicated Antenna types not included in this list having a gain greater than the maximum gain indicated for that type are strictly prohibited for use with this device Cet émetteur radio IC 4...

Reviews:

No comments

Related manuals for DSR-1000

Panasonic BL-C20 Troubleshooting Manual preview
BL-C20
Brand: Panasonic Pages: 18
C&H Technologies EM405-8 Manual preview
EM405-8
Brand: C&H Technologies Pages: 46
CAME QBEMFSB2 User Manual preview
QBEMFSB2
Brand: CAME Pages: 19
National Instruments NI 9265 Operating Instructions Manual preview
NI 9265
Brand: National Instruments Pages: 26
National Instruments NI 9203 User Manual And Specifications preview
NI 9203
Brand: National Instruments Pages: 85
National Instruments Module SCXI-1503 User Manual preview
Module SCXI-1503
Brand: National Instruments Pages: 79
LaCie 5BIG NAS PRO Quick Install Manual preview
5BIG NAS PRO
Brand: LaCie Pages: 22
Watchguard XTM 850 Hardware Manual preview
XTM 850
Brand: Watchguard Pages: 30
HMS Networks Anybus Communicator ABC4021 User Manual preview
Anybus Communicator ABC4021
Brand: HMS Networks Pages: 60
Eneo PNR-5304 Quick Installation Manual preview
PNR-5304
Brand: Eneo Pages: 68
THOMSON SpeedTouch 605 User Manual preview
SpeedTouch 605
Brand: THOMSON Pages: 212
NETGEAR GSM7224v2 - Layer 2 Managed Gigabit Switch Datasheet preview
GSM7224v2 - Layer 2 Managed Gigabit Switch
Brand: NETGEAR Pages: 3
Digisol DG-BG4100NU Quick Installation Manual preview
DG-BG4100NU
Brand: Digisol Pages: 22
Matrix Switch Corporation MSC-CP16X4E Product Manual preview
MSC-CP16X4E
Brand: Matrix Switch Corporation Pages: 48
Airlinkplus UG-ASW232-1103 User Manual preview
UG-ASW232-1103
Brand: Airlinkplus Pages: 24
SMC Networks SMCGS10P-Smart Installation Manual preview
SMCGS10P-Smart
Brand: SMC Networks Pages: 68
Helmholz REX 100 3G Quick Start Manual preview
REX 100 3G
Brand: Helmholz Pages: 20
COMBA TB-1800 Equipment Manual preview
TB-1800
Brand: COMBA Pages: 57

Brands by name

Popular brands

Load more brands