D-Link DSR-250N User Manual Download

Page: 163 / 221

Unified Services Router

User Manual

161

%s:DBUpdate event: Table: %s
opCode:%d rowId:%d

DEBUG

Failed to commit

ERROR

%s:%d SIP ENABLE: %s

DEBUG

ifStatusDBUpdate: Failed to begin "

ERROR

sipTblHandler:failed to update ifStatic

DEBUG

%s: SQL error: %s

ERROR

sipTblHandler:failed to update Configport

DEBUG

%s: Failed to commit "

ERROR

%s:%d SIP DISABLE: %s

DEBUG

nimfNetIfaceTblHandler: unable to get
LedPinId

ERROR

%s:%d SIP SET CONF: %s

DEBUG

nimfNetIfaceTblHandler: unable to get
LedPinId

ERROR

Failed to open %s: %s

DEBUG

nimfNetIfaceTblHandler: unable to get
LedPinId

ERROR

Failed to start sipalg

DEBUG

%s: unable to kill dhclient

ERROR

Failed to stop sipalg

DEBUG

nimfAdvOptSetWrap: unable to get
current Mac Option

ERROR

Failed to get config info

DEBUG

nimfAdvOptSetWrap: unable to get
current Port "

ERROR

Network Mask: 0x%x

DEBUG

nimfAdvOptSetWrap: unable to get
current MTU Option

ERROR

RTP DSCP Value: 0x%x

DEBUG

nimfAdvOptSetWrap: error getting
Mac Address from "

ERROR

Need more arguments

DEBUG

nimfAdvOptSetWrap: unable to get
the MTU

ERROR

Invalid lanaddr

DEBUG

nimfAdvOptSetWrap: error setting
interface advanced "

ERROR

Invalid lanmask

DEBUG

nimfAdvOptSetWrap: error getting
MTU size

ERROR

Invalid option

DEBUG

nimfAdvOptSetWrap: unable to get
Mac Address

ERROR

Failed to set config info

DEBUG

nimfAdvOptSetWrap: error setting
interface advanced "

ERROR

Unknown option

DEBUG

nimfAdvOptSetWrap: failed to get old
connectiontype

ERROR

sshdTblHandler

DEBUG

nimfAdvOptSetWrap: old connection
type is: %s

ERROR

pPort: %s

DEBUG

nimfAdvOptSetWrap: failed to get old
MTU Option

ERROR

pProtocol: %s

DEBUG

nimfAdvOptSetWrap: error getting
MTU size

ERROR

pListerAddr: %s

DEBUG

nimfOldFieldValueGet: failed to get
old "

ERROR

pKeyBits: %s

DEBUG

nimfOldFieldValueGet: user has
changed MTU size

ERROR

pRootEnable: %s

DEBUG

nimfAdvOptSetWrap: failed to get old
Port Speed "

ERROR

pRsaEnable: %s

DEBUG

nimfAdvOptSetWrap: user has
changed Port Speed

ERROR

pDsaEnable: %s

DEBUG

nimfAdvOptSetWrap: failed to get old
Mac Address "

ERROR

pPassEnable: %s

DEBUG

nimfAdvOptSetWrap: user has
changed Mac Address "

ERROR

pEmptyPassEnable: %s

DEBUG

nimfAdvOptSetWrap: unable to get
Mac Address

ERROR

pSftpEnable: %s

DEBUG

nimfAdvOptSetWrap:Failed to RESET
the flag

ERROR

pScpEnable: %s

DEBUG

nimfAdvOptSetWrap: setting
advanced options failed

ERROR

pSshdEnable: %s

DEBUG

nimfAdvOptSetWrap: interface
advanced options applied

ERROR

Summary of Contents for DSR-250N

Page 1: ...Unified Services Router User Manual DSR 250N 500 500N 1000 1000N Ver 1 03 http security dlink com Building Networks for People Small Business Gateway Solution...

Page 3: ...for any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify a...

Page 4: ...3 2 3 DHCP WAN 30 3 2 4 PPPoE 31 3 2 5 Russia L2TP and PPTP WAN 34 3 2 6 WAN Configuration in an IPv6 Network 35 3 2 7 Checking WAN Status 37 3 3 Bandwidth Controls 39 3 4 Features with Multiple WAN L...

Page 5: ...IPS 84 5 11 Protecting from Internet Attacks 85 Chapter 6 IPsec PPTP L2TP VPN 87 6 1 VPN Wizard 88 6 2 Configuring IPsec Policies 91 6 2 1 Extended Authentication XAUTH 94 6 2 2 Internet over IPSec t...

Page 6: ...ce Status 135 10 1 2 Resource Utilization 137 10 2 Traffic Statistics 140 10 2 1 Wired Port Statistics 140 10 2 2 Wireless Statistics 141 10 3 Active Connections 142 10 3 1 Sessions through the Router...

Page 7: ...Unified Services Router User Manual 5 Appendix F Product Statement 214...

Page 8: ...re 18 Connection Status information for both WAN ports 38 Figure 19 List of Configured Bandwidth Profiles 39 Figure 20 Bandwidth Profile Configuration page 40 Figure 21 Traffic Selector Configuration...

Page 9: ...Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded 81 Figure 48 Two trusted domains added to the Approved URLs List 82 Figure 49 Two keywords a...

Page 10: ...re 78 SNMP system information for this router 121 Figure 79 Date Time and NTP server setup 122 Figure 80 Facility settings for Logging 124 Figure 81 Log configuration options for traffic through route...

Page 11: ...Unified Services Router User Manual 9 Figure 98 List of connected 802 11 clients per AP 144 Figure 99 List of LAN hosts 145 Figure 100 List of current Active VPN Sessions 146...

Page 12: ...ss two WAN interfaces and optimizes the system performance resulting in high availability The second WAN port can be configured as a DMZ port allowing you to isolate servers from your LAN DSR 250N has...

Page 13: ...dition compliance with RoHS Restriction of Hazardous Substances and WEEE Waste Electrical and Electronic Equipment directives make D Link Green certified devices the environmentally responsible choice...

Page 14: ......

Page 15: ...Internet Name Service WINS servers and the default gateway With the DHCP server enabled the router s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned I...

Page 16: ...Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clien...

Page 17: ...s for which IP addresses are leased to clients Enable DNS Proxy To enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers click the checkbox 3 Click Save S...

Page 18: ...IPv6 IP mode to enable IPv6 configuration options LAN Settings The default IPv6 LAN address for the router is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The oth...

Page 19: ...d to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address As with an IPv4 LAN net...

Page 20: ...irectly By selecting Use DNS proxy this router acts as a proxy for all DNS requests and communicates with the ISP s DNS servers a WAN configuration parameter Primary and Secondary DNS servers If there...

Page 21: ...seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is...

Page 22: ...hether the host is on the same link as the router The following prefix options are available for the router advertisements IPv6 Prefix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4...

Page 23: ...raffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by d...

Page 24: ...e of the four physical ports or a configured access point and clicking Edit The edit page offers the following configuration options Mode The mode of this VLAN can be General Access or Trunk The defau...

Page 25: ...All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Trunk ports multiplex traffic for multiple VL...

Page 26: ...ed to the internet on the DMZ do not have to be exposed on the LAN It is recommended that hosts that must be exposed to the internet such as web or email servers be placed in the DMZ network Firewall...

Page 27: ...e Port page 2 4 Universal Plug and Play UPnP Advanced Advanced Network UPnP Universal Plug and Play UPnP is a feature that allows the router to discovery devices on the network that can communicate wi...

Page 28: ...hops for each UPnP packet This is the number of steps a packet is allowed to propagate before being discarded Small values will limit the UPnP broadcast range A default of 4 is typical for networks w...

Page 29: ...rewall policies underneath will define which users require authentication for HTTP access and when a matching user request is made the DSR will intercept the request and prompt for a username password...

Page 30: ...hrough a few straightforward configuration pages you can take the information provided by your ISP to get your WAN connection up and enable internet access for your network Figure 11 Internet Connecti...

Page 31: ...nfigured PPPoE profiles particularly useful when configuring multiple PPPoE connections i e for Japan ISPs that have multiple PPPoE support ISP login information This is required for PPTP and L2TP ISP...

Page 32: ...et to configure however the default is to receive that information dynamically from the ISP 3 2 2 WAN DNS Servers The IP Addresses of WAN Domain Name Servers DNS are typically provided dynamically fro...

Page 33: ...12 Manual WAN configuration 3 2 4 PPPoE Setup Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page There are two types of PPPoE ISP s supported by the DSR the standard us...

Page 34: ...ame Password The GUI will prompt you for authentication service and connection settings in order to establish the PPPoE link For some ISP s most popular in Japan the use of Japanese Multiple PPPoE is...

Page 35: ...as a DNS server source for domain name lookup this can be assigned by the ISP or configured through the GUI The DSR acts as a DNS proxy for LAN users Only HTTP requests that specifically identify the...

Page 36: ...hrough the static routing page as well Figure 15 WAN configuration for Multiple PPPoE part 2 3 2 5 Russia L2TP and PPTP WAN For Russia L2TP WAN connections you can choose the address mode of the conne...

Page 37: ...Unified Services Router User Manual 35 Figure 16 Russia L2TP ISP configuration 3 2 6 WAN Configuration in an IPv6 Network Setup IPv6 IPv6 WAN1 Config...

Page 38: ...DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP When the ISP allows you to obtain...

Page 39: ...he following key connection status information for each WAN port Connection time The connection uptime Connection type Dynamic IP or Static IP Connection state This is whether the WAN is connected or...

Page 40: ...ure 18 Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN links For WAN settings that are dynamically received from the ISP you can Renew o...

Page 41: ...that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation Figure 19 List...

Page 42: ...s a bandwidth profile to a type or source of LAN traffic with the following settings Available profiles Assign one of the defined bandwidth profiles Service You can have the selected bandwidth regulat...

Page 43: ...threshold of failures that determines if a WAN port is down 3 4 1 Auto Failover In this case one of your WAN ports is assigned as the primary internet link for all internet traffic The secondary WAN...

Page 44: ...detection method is used at regular intervals on all configured WAN ports when in Load Balancing mode DSR currently support three algorithms for Load Balancing Round Robin This algorithm is particula...

Page 45: ...ts are configured and Protocol Bindings have been defined 3 4 3 Protocol Bindings Advanced Routing Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use Choosing f...

Page 46: ...er handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet 3 5 1 Routing...

Page 47: ...that arrive on the LAN interface are switched to the WAN and vice versa if they do not get filtered by firewall or VPN policies To maintain the LAN and WAN in the same broadcast domain select Transpa...

Page 48: ...fied Services Router User Manual 46 Figure 24 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP 3 5 2 Dynamic Routing RIP DSR 250N does not support R...

Page 49: ...r routers This effectively disables RIP The RIP version is dependent on the RIP support of other routing devices in the LAN Disabled This is the setting when RIP is disabled RIP 1 is a class based rou...

Page 50: ...needed without deleting and re adding the entry An inactive route is not broadcast if RIP is enabled Private Determines whether the route can be shared with other routers when RIP is enabled If the ro...

Page 51: ...rnet port or a dedicated DMZ port If the port is selected to be a secondary WAN interface all configuration pages relating to WAN2 are enabled Setup Internet Settings WAN2 Setup WAN2 configuration is...

Page 52: ...d DSR 1000N The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection The dial Number and APN are specific to the cellular carriers Once th...

Page 53: ...0 This is the largest packet size that can pass through the interface without fragmentation This size can be increased however large packets can introduce network lag and bring down the interface spee...

Page 54: ...manufacturing process for the interfaces and can uniquely identify this router You can customize each WAN port s MAC address as needed either by letting the WAN port assume the current LAN host s MAC...

Page 55: ...n independent AP unique SSID to supported clients in the environment but is actually running on the same physical radio integrated with this router You will need the following information to configure...

Page 56: ...key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or WPA2 type security Supported clients that have been given this PSK can assoc...

Page 57: ...client The default mode is open i e no security This mode is insecure as it allows any compatible wireless clients to connect to an AP configured with this security profile To create a new profile us...

Page 58: ...n older wireless printer to connect to a secure AP where all the other wireless clients are using WPA2 Figure 30 List of Available Profiles shows the options available to secure the wireless link 4 2...

Page 59: ...ared with wireless clients to connect to this device Figure 31 Profile configuration to set network security 4 2 2 WPA or WPA2 with PSK A pre shared key PSK is a known passphrase configured on the AP...

Page 60: ...uired to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed Authentication Port the port for the RADIUS...

Page 61: ...vailable profiles This router supports multiple AP s referred to as virtual access points VAPs Each virtual AP that has a unique SSIDs appears as an independent access point to clients This valuable f...

Page 62: ...there are no wireless clients the start and stop time will enable disable the access point automatically Once the AP settings are configured you must enable the AP on the radio on the Setup Wireless S...

Page 63: ...ry benefits of Virtual APs Optimize throughput if 802 11b 802 11 g and 802 11n clients are expected to access the LAN via this router creating 3 VAPs will allow you to manage or shape traffic for each...

Page 64: ...or only 802 11n connections or both are accepted on configured APs Figure 35 Radio card configuration options The ratified 802 11n support on this radio requires selecting the appropriate broadcast NA...

Page 65: ...Advanced Wireless Settings WPS WPS is a simplified method to add supporting wireless clients to the network WPS is only applicable for APs that employ WPA or WPA2 security To use WPS select the eligib...

Page 66: ...ush Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and estab...

Page 67: ...ied services as defined by port number Reports and alerts that you want the router to send to you You can for example establish restricted access policies based on time of day web addresses and web ad...

Page 68: ...Policy page When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service Figure 38 List of...

Page 69: ...nd or inbound services rule do the following To edit a rule click the checkbox next to the rule and click Edit to reach that rule s configuration page To add a new rule click Add to be taken to a new...

Page 70: ...res configuring the router s logging feature separately QoS Priority Outbound rules where To Zone insecure WAN only can have the traffic marked with a QoS priority tag Select a priority level Normal S...

Page 71: ...or DMZ In this way the LAN DMZ server can be accessed from the internet by its aliased public IP address 7 Outbound rules can use Source NAT SNAT in order to map bind all LAN DMZ traffic matching the...

Page 72: ...Unified Services Router User Manual 70 Figure 40 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30...

Page 73: ...nified Services Router User Manual 71 Figure 41 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as neede...

Page 74: ...r IP address Destination Users Any Log Never Example 2 Allow videoconferencing from range of outside IP addresses Situation You want to allow incoming videoconferencing to be initiated from a restrict...

Page 75: ...10 1 0 118 LAN IP address 192 168 10 1 subnet 255 255 255 0 Web server host in the DMZ IP address 192 168 12 222 Access to Web server simulated public IP address 10 1 0 52 E x a m p l e 4 B l o c Exa...

Page 76: ...the schedule to be active for specific days Select Saturday and Sunday In the scheduled time of day select all day this will apply the schedule between 12 am to 11 59 pm of the selected day Click appl...

Page 77: ...uter User Manual 75 Figure 42 Schedule configuration for the above example 2 Since we are trying to block HTTP requests it is a service with To Zone Insecure WAN1 WAN2 that is to be blocked according...

Page 78: ...e zone The Destination Users dropdown should be any 7 We don t need to change default QoS priority or Logging unless desired clicking apply will add this firewall rule to the list of firewall rules 8...

Page 79: ...some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without wh...

Page 80: ...VPN Passthrough This router s firewall settings can be configured to allow encrypted VPN traffic for IPsec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or...

Page 81: ...n configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level o...

Page 82: ...wall rules web based content itself can be used to determine if traffic is allowed or dropped 5 8 1 Content Filtering Advanced Website Filter Content Filtering Content filtering must be enabled to con...

Page 83: ...eing downloaded 5 8 2 Approved URLs Advanced Website Filter Approved URLs The Approved URLs is an acceptance list for all URL domain names Domains added to this list are allowed in any form For exampl...

Page 84: ...king allows you to block all website URL s or site content that contains the keywords in the configured list This is lower priority than the Approved URL List i e if the blocked keyword is present in...

Page 85: ...tching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node the administra...

Page 86: ...tion IPS Advanced Advanced Network IPS The gateway s Intrusion Prevention System IPS prevents malicious attacks from the internet from accessing the private network Static attack signatures loaded to...

Page 87: ...e WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial o...

Page 88: ...Unified Services Router User Manual 86 Figure 52 Protecting the router and LAN from internet attacks...

Page 89: ...tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder Remote client behind a NAT router The client has a dynamic IP address and is behi...

Page 90: ...hree IPsec client connections to the internal network through the DSR IPsec gateway 6 1 VPN Wizard Setup Wizard VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies Once t...

Page 91: ...t or gateway to establish the tunnel Determine the local gateway for this tunnel if there is more than 1 WAN configured the tunnel can be configured for either of the gateways 2 Configure Remote and L...

Page 92: ...olicy with the following default values for a VPN Client or Gateway policy these can be accessed from a link on the Wizard page Parameter Default value from Wizard Exchange Mode Aggressive Client poli...

Page 93: ...her IPsec gateway or an IPsec VPN client on a host Only the data payload is encrypted and the IP header is not modified or encrypted Tunnel This mode is used for network to network IPsec tunnels where...

Page 94: ...col dynamically exchanges keys between two IPsec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security ass...

Page 95: ...well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferre...

Page 96: ...thenticate users With a configured RADIUS server the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client You can secure the connection between the...

Page 97: ...e contains the list of VPN user accounts that are authorized to use a given VPN tunnel Alternatively VPN tunnel users can be authenticated using a configured Radius database Refer to the online help t...

Page 98: ...led a L2TP server is available on the router for LAN and WAN L2TP client users to access Once the L2TP server is enabled L2TP clients that are within the range of configured IP addresses of allowed cl...

Page 99: ...mote host to establish a secure VPN tunnel A SSL VPN client Active X or Java based is installed in the remote host to allow the client to join the corporate LAN with pre configured access policy privi...

Page 100: ...ers of a Group One or more Groups belong to an authentication Domain The user settings contain the following User Name This is unique identifier of the user First Name This is the user s first name La...

Page 101: ...fining the authentication and features exposed to SSL users The following information is used to configure a domain Domain Name The unique identifier of the domain Authentication Type The authenticati...

Page 102: ...in subsets that can be seen as types of SSL users some groups require access to all available network resources and some can be provided access to a select few With groups a very secure hierarchy of S...

Page 103: ...ernally configured RADIUS or other Enterprise server It is not part of the local user database L2TP User These are L2TP VPN tunnel LAN users that can establish a tunnel with the L2TP server on the WAN...

Page 104: ...l policies These policies can be applied to a specific network resource IP address or ranges on the LAN or to different SSL VPN services supported by the router The List of Available Policies can be f...

Page 105: ...equent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the netw...

Page 106: ...ers or groups the user can select from the Available Groups and Available Users drop down Apply policy to This refers to the LAN resources managed by the DSR and the policy can provide or prevent acce...

Page 107: ...y permitted or denied 7 2 1 Using Network Resources Setup VPN Settings SSL VPN Server Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configur...

Page 108: ...d and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires...

Page 109: ...gured applications for port forwarding allow users to access the private network servers by using a hostname instead of an IP address the FQDN corresponding to the IP address is defined in the port fo...

Page 110: ...y created This allows local applications to access services on the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the vir...

Page 111: ...full tunnel support if the split tunnel option is disabled the DSR acts in full tunnel mode all addresses on the private network are accessible over the VPN tunnel Client routes are not required DNS S...

Page 112: ...LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here Subnet mask The subnet information of the destination network is set here Figure 69 Configu...

Page 113: ...same page that opens when the User Portal link is clicked on the SSL VPN menu of the router GUI The router administrator creates and edits portal layouts from the configuration pages in the SSL VPN m...

Page 114: ...from being stored in the client s web browser cache It is recommended that the user selects this option ActiveX web cache cleaner An ActiveX cache control web cleaner can be pushed from the gateway t...

Page 115: ...e LAN host and traffic will be routed through the DSR between the LAN and printer USB 3G modem A 3G modem dongle can be plugged in and used as a secondary WAN Load balancing auto failover or primary W...

Page 116: ...self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for...

Page 117: ...or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certi...

Page 118: ...total power consumption by the LAN switch is dependent function of on the number of connected ports The overall current draw when a single port is connected is less than when all the ports are connec...

Page 119: ...Unified Services Router User Manual 117 Figure 74 Advanced Switch Settings...

Page 120: ...nterface The user type is set in the Advanced Users Users page The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet WAN by enabling the corresponding Login P...

Page 121: ...ters in a network are being managed by a central Master system When an external SNMP manager is provided with this router s Management Information Base MIB file the manager can update the router s hie...

Page 122: ...ure 77 SNMP Users Traps and Access Control Tools Admin SNMP System Info The router is identified by an SNMP manager via the System Information The identifier settings The SysName set here is also used...

Page 123: ...ock RTC If the router has access to the internet the most accurate mechanism to set the router time is to enable NTP server communication Accurate date and time on the router is critical for firewall...

Page 124: ...acks or errors when they are detected by the router The following sections describe the log configuration settings and the ways you can access these logs 9 4 1 Defining What to Log Tools Log Settings...

Page 125: ...rder of severity can be logged Emergency Alert Critical Error Warning Notification Information Debugging When a particular severity level is selected all events with severity equal to and greater than...

Page 126: ...the type of traffic through the router that is logged for display in Syslog E mailed logs or the Event Viewer Denial of service attacks general attack information login attempts dropped packets and s...

Page 127: ...N machine tries to make an ssh connection those packets will be dropped and a message will be logged Make sure the log option is set to allow for this firewall rule Enabling accepted packet logging th...

Page 128: ...device s logs Once you enable the option to e mail logs enter the e mail server s address IP address or FQDN of the SMTP server The router will connect to this server when sending e mails out to the...

Page 129: ...ould send out logs E mail logs can be sent out based on a defined schedule by first choosing the unit i e the frequency of sending logs Hourly Daily or Weekly Selecting Never will disable log e mails...

Page 130: ...led Syslog server once you save this configuration page s settings Figure 83 Syslog server configuration for Remote Logging continued 9 4 3 Event Log Viewer in GUI Status Logs View All Logs The router...

Page 131: ...factory default settings or execute a soft reboot of the router IMPORTANT During a restore operation do NOT try to go online turn off the router shut down the PC or do anything else to the router unti...

Page 132: ...irmware You can upgrade to a newer software version from the Administration web page In the Firmware Upgrade section to upgrade your firmware click Browse locate and select the firmware image on your...

Page 133: ...ic DNS Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider...

Page 134: ...er User Manual 132 Figure 87 Dynamic DNS configuration 9 8 Using Diagnostic Tools Tools System Check The router has built in tools to allow an administrator to evaluate the communication status and ov...

Page 135: ...d another device on the network connected to this router Enter an IP address and click PING The command output will appear indicating the ICMP echo request status 9 8 2 Trace Route This utility will d...

Page 136: ...tating Unknown Host indicates that the specified Internet Name does not exist This feature assumes there is internet access available on the WAN link s 9 8 4 Router Options The static and dynamic rout...

Page 137: ...arized on the router s Dashboard 10 1 1 Device Status Status Device Info Device Status The DSR Status page gives a summary of the router configuration settings configured in the Setup and Advanced men...

Page 138: ...Unified Services Router User Manual 136 Figure 90 Device Status display...

Page 139: ...dware and usage statistics The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router Interface statistics for the wired connection...

Page 140: ...Unified Services Router User Manual 138 Figure 92 Resource Utilization statistics...

Page 141: ...Unified Services Router User Manual 139 Figure 93 Resource Utilization data continued...

Page 142: ...cific packet level information provided for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with...

Page 143: ...ss link If you suspect that a radio or VAP may be down the details on this page would confirm if traffic is being sent and received through the VAP The clients connected to a particular AP can be view...

Page 144: ...AP specific statistics 10 3 Active Connections 10 3 1 Sessions through the Router Status Active Sessions This table lists the active internet sessions through the router s firewall The session s proto...

Page 145: ...Unified Services Router User Manual 143 Figure 97 List of current Active Firewall Sessions...

Page 146: ...time connected to the corresponding AP The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this pag...

Page 147: ...d packets since the tunnel was established If a VPN policy state is IPsec SA Not Established it can be enabled by clicking the Connect button of the corresponding policy The Active IPsec SAs table dis...

Page 148: ...Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router IP Address IP address of the remote VPN client Local PPP Interface The interface WAN1 or WAN2...

Page 149: ...factory defaults this sets the firewall s IP address to 192 168 10 1 5 If you do not want to reset to factory default settings and lose your configuration reboot the router and use a packet sniffer s...

Page 150: ...ndicate that it has resynchronized with the ISP reapply power to the router If the router still cannot obtain an ISP address see the next symptom Symptom Router still cannot obtain an IP address from...

Page 151: ...ime 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommended action 1 Select Administration...

Page 152: ...tion and firewall 6 If the path is still not up test the network configuration Verify that the Ethernet card driver software and TCP IP software are installed and configured on the PC Verify that the...

Page 153: ...your firewall to clone or spoof the MAC address from the authorized PC 11 4 Restoring factory default configuration settings To restore factory default configuration settings do either of the followi...

Page 154: ......

Page 155: ...Chapter 12 Credits Microsoft Windows are registered trademarks of Microsoft Corp Linux is a registered trademark of Linus Torvalds UNIX is a registered trademark of The Open Group...

Page 156: ...ncryption keys in ISAKMP as part of building a VPN tunnel IPsec IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPsec operates in ei...

Page 157: ...Internet with guaranteed reliability and in order delivery UDP User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery VP...

Page 158: ......

Page 159: ...2 168 10 1 IPv4 subnet mask 255 255 255 0 RIP direction None RIP version Disabled RIP authentication Disabled DHCP server Enabled DHCP starting IP address 192 168 10 2 DHCP ending IP address 192 168 1...

Page 160: ...DNS UDP DNS TCP FINGER FTP HTTP HTTPS ICMP TYPE 3 ICMP TYPE 4 ICMP TYPE 5 ICMP TYPE 6 ICMP TYPE 7 ICMP TYPE 8 ICMP TYPE 9 ICMP TYPE 10 ICMP TYPE 11 ICMP TYPE 13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING...

Page 161: ...t FAILED DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result SUCCESS DEBUG ddns SQL error s ERROR Write Old Entry s s s to s DEBUG Illegal operation interface got deleted ERROR Write New Entry...

Page 162: ...ss s DEBUG failed to open s ERROR nimfMacGet MacAddress s DEBUG failed to open s ERROR nimfMacGet MacAddress s DEBUG failed to query networkInterface table ERROR nimfMacGet Mac option Not changed DEBU...

Page 163: ...interface advanced ERROR Invalid lanmask DEBUG nimfAdvOptSetWrap error getting MTU size ERROR Invalid option DEBUG nimfAdvOptSetWrap unable to get Mac Address ERROR Failed to set config info DEBUG ni...

Page 164: ...tchConfig for port enable ERROR failed query s DEBUG Failed to execute ifconfig for port enable ERROR vlan disabled not applying vlan configuration DEBUG Failed to execute ethtool for ERROR removing s...

Page 165: ...eryResGet failed DEBUG Failed to set vlan entries while enabling ERROR Failed to remove vlan Interface for vlanId DEBUG sqlite3QueryResGet failed ERROR sqlite3QueryResGet failed DEBUG Failed to execut...

Page 166: ...update handler ERROR pid d DEBUG are we getting invoked twice ERROR PID File for pptpd interface found DEBUG could not open s to append ERROR pid d DEBUG could not write nameserver s to s ERROR option...

Page 167: ...dMgmt unable to open the ERROR pptpMgmtTblHandler MppeEncryptSupport s DEBUG Can t kill pptpd ERROR pptpMgmtTblHandler SplitTunnel s DEBUG pptpd restart failed ERROR pptpEnable ppp dial string s DEBUG...

Page 168: ...G pptpMgmtTblHandler dbRecordValueGet failed for s ERROR l2tpEnable command string s DEBUG pptpMgmtTblHandler pptp enable failed ERROR PID File for dhcpc found DEBUG pptpMgmtTblHandler pptp disable fa...

Page 169: ...rver configuration update failed ERROR Failed to stop tcpdump ERROR DHCPv6 Server Restart failed ERROR Invalid tcpdumpEnable value ERROR sqlite3QueryResGet failed Query s ERROR Facility System VPN Log...

Page 170: ...get Acknowledged result ERROR ERROR Got fragment n DEBUG Cannot understand AVP value ERROR ERROR Got last fragment DEBUG eapExtResp is NULL ERROR ERROR Got unfragmented message DEBUG eapWscCtxCreate...

Page 171: ...ponse ERROR ERROR Default EAP method state d decision d DEBUG Error checking authenticator response ERROR TTLS pkt data len d flags 0x x DEBUG Error generating NT response ERROR Got start DEBUG Userna...

Page 172: ...EBUG Unexpected tlsGlueContinue return value ERROR Send req ptr 0x x Send resp ptr 0x x DEBUG NULL request or response PDU or NULL context ERROR Request ptr 0x x DEBUG Protocol version mismatch ERROR...

Page 173: ...ializing cipher context ERROR malloc failed ERROR Error creating digest context ERROR BIO_new_mem_buf failed ERROR Error initializing digest context ERROR malloc failed ERROR Error initializing DES in...

Page 174: ...eapAuthTypeToType Invalid eapAuthType d ERROR invalid certificate data ERROR eapTypeToAuthType Invalid eapType d ERROR Query s ERROR unable to create method context ERROR Query s ERROR method ctxCrea...

Page 175: ...g events enabled DEBUG radPairLocate Attribute d has invalid length ERROR s DEBUG radPairUnpackDefault Unknown Attribute d ERROR Mail sent and the Database is reset DEBUG radConfigure can t open s s E...

Page 176: ...e d ERROR RADIUS Configured DEBUG radEapRecvTask Packet length mismatch d d ERROR d Server s d with DEBUG No attributes received in Access Challenge message ERROR DBUpdate event Table s opCode d rowId...

Page 177: ...DEBUG default reached ERROR Could not read data from file DEBUG Unable to initialize ntpControl ERROR ntpTblHandler DEBUG ntpMgmt Couldn t open database s ERROR status d DEBUG ERROR incomplete DB upd...

Page 178: ...disconnected for old usb type DEBUG Sqlite update failed ERROR s 4 Disabled old usb type Now DEBUG USB1 Touch failed ERROR usbdevice is d s d DEBUG USB2 Touch failed ERROR USB failed to begin transact...

Page 179: ...ERROR RADVD start failed ERROR sqlite3_mprintf failed ERROR RADVD stop failed ERROR no component id matching s ERROR failed to create open RADVD configuration file s ERROR umiIoctl s UMI_CMD_DB_UPDATE...

Page 180: ...ce DEBUG Disabling Firewall Rule for DHCP Relay Protocol DEBUG Disabling attack check for Stealth mode for tcp DEBUG Enabling Firewall Rule for DHCP Relay Protocol DEBUG Disabling attack check for Ste...

Page 181: ...up s DEBUG src firewall linux user firewalld c 60 un def ADP_DEBUG DEBUG Deleting lan host s from group s DEBUG src firewall linux user firewalld c 62 def ine ADP_DEBUG printf DEBUG Adding lan host s...

Page 182: ...abling DROP for INPUT DEBUG Enabling rule port triggering for protocol UDP DEBUG Enabling DROP for FORWARD DEBUG Enabling rule port triggering for protocol TCP DEBUG Disabling NAT based Firewall Rules...

Page 183: ...tion s DEBUG Failed to s traffic from s to s to IPS ERROR s firewall rule s for service s with action s DEBUG failed to start IPS service ERROR Added firewall rule s for service s with action s DEBUG...

Page 184: ...ed DEBUG KDOT11_GET_PARAM IEEE80211_I OC_CHANNEL failed ERROR unexpected reply from d cmd d DEBUG Failed to get the channel setting for s ERROR unexpected reply from d cmd d DEBUG sqlite3QueryResGet f...

Page 185: ...1314 ADP_ERROR ERROR processing pairwise key message 2 DEBUG BSSID value passed is NULL ERROR RSN IE matching OK DEBUG reserved requestId is passed ERROR processing pairwise key message 4 DEBUG inter...

Page 186: ...InstallProfile unable to get interface index ERROR Failed to process user request DEBUG adpHmacInit s failed ERROR Failed to process user request s d DEBUG interface s not found ERROR pnacIfConfigUmiI...

Page 187: ...EN failed ERROR pnacRecvASInfoMessage suppTimeout set to d DEBUG KDOT11_SET_PARAM IEEE80211_I OC_UCASTCIPHERS failed ERROR PORT SUCCESSFULLY DESTROYED DEBUG KDOT11_SET_PARAM IEEE80211_I OC_KEYMGTALGS...

Page 188: ...eck failed ERROR doing pnacTxLogoff DEBUG wpaAuthRecvKeyReq unexpected packet received ERROR doing pnacTxRspId 1st cond DEBUG wpaAuthRecvKeyReq keyDataLength not zero ERROR doing pnacTxRspId entering...

Page 189: ...reate a raw socket ERROR adpRand failed unable to generate random unicast key WARN pnacIsInterfaceUp failed to get interface flags ERROR using group key as unicast key WARN failed to allocate buffer E...

Page 190: ...ed Invalid IE data from WSC ERROR pnacIfNameToIndex failed ERROR Recd IE data for non existent AP s ERROR pnacPhyPortParamSet device invalid s d ERROR Recd WSC Start command without interface name ERR...

Page 191: ...not exist ERROR Error from pnacAuthConfig pAsArg cannot be NULL ERROR SSID should not be longer than d ERROR Error from pnacAuthConfig receive routine hook ERROR Profile s does not exist ERROR pnacAu...

Page 192: ...r from pnacEAPPktCreate basic pkt create failed ERROR Profile s does not exist ERROR Error from pnacTxCannedFail eap pkt create failed ERROR Profile s does not exist ERROR Error from pnacTxCannedSucce...

Page 193: ...e event expected on dot11RogueAP ERROR unable to create new EAP context ERROR sqlite3QueryResGet failed ERROR unable to apply s profile on the EAP context ERROR unhandled database operation d ERROR pn...

Page 194: ...UG s d bad sequence number d expected d DEBUG TKIP DEBUG PPPIOCDETACH file f_count d DEBUG s cannot map channel to mode freq u flags 0x x DEBUG PPP outbound frame not passed DEBUG s s vap iv_dev name...

Page 195: ...BUG s module use_count is d __FUNCTION__ mod_use_count DEBUG s 0x p len u tag p len DEBUG PPPOL2TP s _fmt DEBUG 03d i DEBUG PPPOL2TP s __FUNCTION__ DEBUG 02x u_int8_t p i DEBUG PPPOL2TP s __FUNCTION__...

Page 196: ...ot compare DEBUG a guy asks for address mask Who is it DEBUG FAIL ccmp decap failed DEBUG icmp v4 hw csum failure DEBUG FAIL decap botch length mismatch DEBUG expire u d d d expire DEBUG FAIL decap bo...

Page 197: ...VA_ARGS__ DEBUG expire u d d d expire DEBUG s Warning using only u entries in u key cache DEBUG rt_cache 02x u u u u hash DEBUG s TX99 support enabled dev name DEBUG rt_bind_peer 0 p DEBUG s grppoll B...

Page 198: ...UG grppoll_start grppoll Buf allocation failed DEBUG ip_conntrack can t register local_out defrag hook DEBUG s HAL qnum u out of range max u DEBUG ip_conntrack can t register pre routing hook DEBUG s...

Page 199: ...NULL DEBUG Should bcast u u u u u u u u sk p ptype u DEBUG xlr8NatSoftCtxEnqueue Calling xlr8NatIpFinishOutput status DEBUG ip_conntrack version s u buckets d max DEBUG xlr8NatSoftCtxEnqueue xlr8NatI...

Page 200: ...y to IPsec sa table DEBUG ID u SEQ u DEBUG ERROR Failed to add entry to IPsec sa table DEBUG PARAMETER u DEBUG ERROR Failed to add entry to IPsec sa table DEBUG GATEWAY u u u u DEBUG ERROR Failed to a...

Page 201: ...s DEBUG account Wrong netmask given by netmask parameter i Valid is 32 to 0 netmask INFO ip_ct_h245 packet dropped DEBUG IPT_ACCOUNT_NAME checkentry failed to create procfs entry INFO ip_ct_q931 deco...

Page 202: ...l DEBUG s Version 0 1 INFO pkt err s pktInfo error DEBUG s driver unloaded dev_info INFO pkt err s pktInfo error DEBUG wlan s backend registered be iab_name INFO pkt err s pktInfo error DEBUG wlan s b...

Page 203: ...DEBUG s s dev_info version INFO 3 selecting hop d lastHopSelected d selHop lastHopSelected DEBUG s driver unloaded dev_info INFO bwMonitor multipath selection enabled DEBUG ath_pci switching rfkill c...

Page 204: ...u u u u u u u INFO AES Software Test s aesSoftTest 0 Failed Passed DEBUG IPsec device unregistering s dev name INFO AES Hardware Test DEBUG IPsec device down s dev name INFO AES Hardware Test s aesHa...

Page 205: ...G DES Hardware Test d iterations iter DEBUG s request_irq failed dev name WARNIN G DES Hardware Test Duration d d DEBUG try_module_get failed WARNIN G SHA Software Test d iterations iter DEBUG try_mod...

Page 206: ...__ DEBUG host u u u u if d ignores WARNIN G s The MIC is OK Still use this frame and update PN __func__ DEBUG martian destination u u u u from WARNIN G ADDBA send failed recipient is not a 11n node DE...

Page 207: ...ory ERROR ieee80211_deliver_l2uf no buf available DEBUG s cannot allocate space for MPPC history ERROR s s vap iv_dev name buf NB no DEBUG s cannot load ARC4 module fname ERROR s s s vap iv_dev name D...

Page 208: ...ERROR s seen_option DEBUG s CryptoAPI SHA1 digest size too small fname ERROR s s dev name buf DEBUG s cannot allocate space for SHA1 digest fname ERROR s no memory for sysctl table __func__ DEBUG s d...

Page 209: ...r __func__ DEBUG JBD IO error d recovering block ERROR s allocation failed for pl_info __func__ DEBUG Logs_kernel txt 303 KERN_ERR ERROR s Unable to allocate buffer __func__ DEBUG Logs_kernel txt 304...

Page 210: ...x x 0x p 0x x 0x x 0x x 0x x DEBUG Bad ioctl command ERROR bb state 0x 08x 0x 08x bbstate sc 4ul bbstate sc 5ul DEBUG fResetMod Failed to configure gpio pin ERROR 08x 08x 08x 08x 08x 08x 08x 08x 08x 0...

Page 211: ...ers __func__ ERROR s unable to obtain busy times __func__ DEBUG s Wrong Key length __func__ ERROR s beacon is officially stuck DEBUG s Wrong parameters __func__ ERROR Busy environment detected DEBUG s...

Page 212: ...kernel MIBCTL registration failed ERROR failed to allocate beacon descripotrs d error DEBUG Bad ioctl command ERROR failed to allocate UAPSD descripotrs d error DEBUG WpsMod Failed to configure gpio p...

Page 213: ...ueAPEnable can not add more interfaces ERROR _fmt __VA_ARGS__ DEBUG kdot11RogueAPGetState called with NULL argument ERROR sample_pri d is a multiple of refpri d sample_pri refpri DEBUG kdot11RogueAPDi...

Page 214: ...BUG PRE proto u srcip u u u u sport u dstip u u u u dport u CRITICAL Cannot support setting tx and rx keys individually DEBUG POST proto u srcip u u u u sport u dstip u u u u dport u CRITICAL bogus fr...

Page 215: ...ervices Router User Manual 213 Appendix E RJ 45 Pin outs Signal RJ 45 Cable Adapter Signal RJ 45 PIN DB 9 PIN CTS NC NC NC DTR NC NC NC TxD 6 3 RxD GND 5 5 GND GND 4 5 GND RxD 3 2 TxD DSR NC NC NC RTS...

Page 216: ...ers between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 Th...

Page 217: ...th for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance with IC RF exposure compliance requirements pl...

Page 218: ...radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must...

Page 219: ...s with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance wit...

Page 220: ...device must accept any interference received including interference that may cause undesired operation RSS GEN 7 1 4 User Manual for Transmitters with Detachable Antennas The user manual of transmitt...

Page 221: ...z In France the equipment must be restricted to the 2 4465 2 4835GHz frequency range and must be restricted to indoor use Operation of this device is subjected to the following National regulations an...

Search results

Summary of Contents for DSR-250N

Reviews:

Related manuals for DSR-250N

Brands by name

Popular brands

D-Link DSR-250N, User Manual

Search results

Summary of Contents for DSR-250N

Reviews:

Related manuals for DSR-250N

Brands by name

Popular brands