D-Link DSR-500 User Manual Download Page 100 | Manualshive

Page: 100 / 213

background image

Unified Services Router

User Manual

98



Timeout: The timeout period for reaching the authentication server.



Retries: The number of retries to authenticate with the authentication server

after which the DSR stops trying to reach the server.



Workgroup: This is required is for NT domain authentication. If there are

multiple workgroups, user can enter the details for upto two workgroups.



LDAP Base DN: This is the base domain name for the LDAP authentication

server. If there are multiple LDAP authentication servers, user can enter the
details for upto two LDAP Base DN.



Active Directory Domain: If the domain uses the Active Directory

authentication,  the  Active  Directory  domain  name  is  required.  Users
configured  in  the  Active  Directory  databa se  are  given  access  to  the  SSL  VPN
portal  with  their  Active  Directory  username  and  password.  If  there  are
multiple  Active  Directory  domains,  user  can  enter  the  details  for  upto  two
authentication domains.

Once the domain is configured, the DSR will display a list of all configured domains.

Advanced > Users > Groups

Groups  are  used  to  assign  access  policies  to  a  set  of  SSL  users  within  a  domain.
Groups  are  domain  subsets  that  can  be  seen  as  types  of  SSL  users;  some  groups
require access to all available network resources and some can be provided access to a
select  few.  With  groups,  a  very  secure  hierarchy  of  SSL  VPN  remote  access  can  be
created for all types of users with minimal number of policies to configure.

To configure a group in the DSR, enter the following information:



Name: This is a unique identifier for a group name.



Domain: This is the authenticating domain the group is attached to.



Idle timeout: This is the log in timeout period for users of this group.

Once the group is defined the DSR will display a list of all configured groups.



You  must create a Domain first, and then a  new  Group can be created and assigned
to  the  Domain.  The  last  step  is  to  add  specific  SSL  VPN  users  to  an  already -
configured Group.

7.1.1 User Types and Passwords

Advanced > Users > Users

User  level policies can be  specified by browser, IP address of the  host,  and  whether
the  user  can  login  to  the  router‘s  GUI  in  addition  to  the  SSL  VPN  portal.   The
following  user  types  are  assigned  to  a  user  that  reaches  the  GUI  login  screen  fr om
the LAN or WAN:



Administrator: This is the router‘s super -user, and can manage the router, use SSL

VPN to access network resources, and login to L2TP/PPTP servers on the WAN.

There will always be one default administrator user for the GUI.

«
...
98
99
100
101
102
...
»

Summary of Contents for DSR-500

Page 1: ...Unified Services Router User Manual DSR 500 500N 1000 1000N Ver 1 02 http www dlink com Building Networks for People Small Business Gateway Solution...

Page 2: ...User Manual Unified Services Router D Link Corporation Copyright 2011 http www dlink com...

Page 3: ...any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any p...

Page 4: ...3 2 3 DHCP WAN 28 3 2 4 PPPoE 29 3 2 5 Russia L2TP and PPTP WAN 32 3 2 6 WAN Configuration in an IPv6 Network 33 3 2 7 Checking WAN Status 35 3 3 Bandwidth Controls 37 3 4 Features with Multiple WAN L...

Page 5: ...n IPS 82 5 11 Protecting from Internet Attacks 83 Chapter 6 IPsec PPTP L2TP VPN 85 6 1 VPN Wizard 86 6 2 Configuring IPsec Policies 89 6 2 1 Extended Authentication XAUTH 92 6 2 2 Internet over IPSec...

Page 6: ...ce Status 133 10 1 2 Resource Utilization 135 10 2 Traffic Statistics 138 10 2 1 Wired Port Statistics 138 10 2 2 Wireless Statistics 139 10 3 Active Connections 140 10 3 1 Sessions through the Router...

Page 7: ...re 18 Connection Status information for both WAN ports 36 Figure 19 List of Configured Bandwidth Profiles 37 Figure 20 Bandwidth Profile Configuration page 38 Figure 21 Traffic Selector Configuration...

Page 8: ...Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded 79 Figure 48 Two trusted domains added to the Approved URLs List 80 Figure 49 Two keywords a...

Page 9: ...re 78 SNMP system information for this router 119 Figure 79 Date Time and NTP server setup 120 Figure 80 Facility settings for Logging 122 Figure 81 Log configuration options for traffic through route...

Page 10: ...Unified Services Router User Manual 8 Figure 98 List of connected 802 11 clients per AP 142 Figure 99 List of LAN hosts 143 Figure 100 List of current Active VPN Sessions 144...

Page 11: ...port allowing you to isolate servers from your LAN Superior Wireless Performance Designed to deliver superior wireless performance the DSR 500N and DSR 1000N include 802 11 a b g n allowing for opera...

Page 12: ...he 3G wireless WAN USB dongle is only available for DSR 1000 and DSR 1000N 1 1 About this User Manual This document is a high level manual to allow new D Link Unified Services Router users to configur...

Page 13: ...Internet Name Service WINS servers and the default gateway With the DHCP server enabled the router s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned I...

Page 14: ...Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clien...

Page 15: ...s for which IP addresses are leased to clients Enable DNS Proxy To enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers click the checkbox 3 Click Save S...

Page 16: ...IPv6 IP mode to enable IPv6 configuration options LAN Settings The default IPv6 LAN address for the router is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The oth...

Page 17: ...d to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address As with an IPv4 LAN net...

Page 18: ...irectly By selecting Use DNS proxy this router acts as a proxy for all DNS requests and communicates with the ISP s DNS servers a WAN configuration parameter Primary and Secondary DNS servers If there...

Page 19: ...seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is...

Page 20: ...hether the host is on the same link as the router The following prefix options are available for the router advertisements IPv6 Prefix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4...

Page 21: ...raffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by d...

Page 22: ...e of the four physical ports or a configured access point and clicking Edit The edit page offers the following configuration options Mode The mode of this VLAN can be General Access or Trunk The defau...

Page 23: ...All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Trunk ports multiplex traffic for multiple VL...

Page 24: ...ot have to be exposed on the LAN It is recommended that hosts that must be exposed to the internet such as web or email servers be placed in the DMZ network Firewall rules can be allowed to permit acc...

Page 25: ...Play UPnP is a feature that allows the router to discovery devices on the network that can communicate with the router and allow for auto configuration If a network device is detected by UPnP the rou...

Page 26: ...of 4 is typical for networks with few switches Figure 9 UPnP Configuration UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that respond to the router s advertisements The...

Page 27: ...hing user request is made the DSR will intercept the request and prompt for a username password The login credentials are compared against the RunTimeAuth users in user database prior to granting HTTP...

Page 28: ...hrough a few straightforward configuration pages you can take the information provided by your ISP to get your WAN connection up and enable internet access for your network Figure 11 Internet Connecti...

Page 29: ...nfigured PPPoE profiles particularly useful when configuring multiple PPPoE connections i e for Japan ISPs that have multiple PPPoE support ISP login information This is required for PPTP and L2TP ISP...

Page 30: ...er the default is to receive that information dynamically from the ISP 3 2 2 WAN DNS Servers The IP Addresses of WAN Domain Name Servers DNS are typically provided dynamically from the ISP but in some...

Page 31: ...12 Manual WAN configuration 3 2 4 PPPoE Setup Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page There are two types of PPPoE ISP s supported by the DSR the standard us...

Page 32: ...ame Password The GUI will prompt you for authentication service and connection settings in order to establish the PPPoE link For some ISP s most popular in Japan the use of Japanese Multiple PPPoE is...

Page 33: ...has a DNS server source for domain name lookup this can be assigned by the ISP or configured through the GUI The DSR acts as a DNS proxy for LAN users Only HTTP requests that specifically identify the...

Page 34: ...hrough the static routing page as well Figure 15 WAN configuration for Multiple PPPoE part 2 3 2 5 Russia L2TP and PPTP WAN For Russia L2TP WAN connections you can choose the address mode of the conne...

Page 35: ...Unified Services Router User Manual 33 Figure 16 Russia L2TP ISP configuration 3 2 6 WAN Configuration in an IPv6 Network Setup IPv6 IPv6 WAN1 Config...

Page 36: ...DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP When the ISP allows you to obtain...

Page 37: ...he following key connection status information for each WAN port Connection time The connection uptime Connection type Dynamic IP or Static IP Connection state This is whether the WAN is connected or...

Page 38: ...ure 18 Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN links For WAN settings that are dynamically received from the ISP you can Renew o...

Page 39: ...that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation Figure 19 List...

Page 40: ...s a bandwidth profile to a type or source of LAN traffic with the following settings Available profiles Assign one of the defined bandwidth profiles Service You can have the selected bandwidth regulat...

Page 41: ...threshold of failures that determines if a WAN port is down 3 4 1 Auto Failover In this case one of your WAN ports is assigned as the primary internet link for all internet traffic The secondary WAN...

Page 42: ...detection method is used at regular intervals on all configured WAN ports when in Load Balancing mode DSR currently support three algorithms for Load Balancing Round Robin This algorithm is particula...

Page 43: ...ts are configured and Protocol Bindings have been defined 3 4 3 Protocol Bindings Advanced Routing Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use Choosing f...

Page 44: ...er handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet 3 5 1 Routing...

Page 45: ...that arrive on the LAN interface are switched to the WAN and vice versa if they do not get filtered by firewall or VPN policies To maintain the LAN and WAN in the same broadcast domain select Transpa...

Page 46: ...d Services Router User Manual 44 Figure 24 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP 3 5 2 Dynamic Routing RIP Setup Internet Settings Routin...

Page 47: ...her routing devices in the LAN Disabled This is the setting when RIP is disabled RIP 1 is a class based routing version that does not include subnet information This is the most commonly supported ver...

Page 48: ...roadcast if RIP is enabled Private Determines whether the route can be shared with other routers when RIP is enabled If the route is made private then the route will not be shared in a RIP broadcast o...

Page 49: ...rnet port or a dedicated DMZ port If the port is selected to be a secondary WAN interface all configuration pages relating to WAN2 are enabled Setup Internet Settings WAN2 Setup WAN2 configuration is...

Page 50: ...d DSR 1000N The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection The dial Number and APN are specific to the cellular carriers Once th...

Page 51: ...This is the largest packet size that can pass through the interface without fragmentation This size can be increased however large packets can introduce network lag and bring down the interface speed...

Page 52: ...manufacturing process for the interfaces and can uniquely identify this router You can customize each WAN port s MAC address as needed either by letting the WAN port assume the current LAN host s MAC...

Page 53: ...n independent AP unique SSID to supported clients in the environment but is actually running on the same physical radio integrated with this router You will need the following information to configure...

Page 54: ...key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or WPA2 type security Supported clients that have been given this PSK can assoc...

Page 55: ...s client The default mode is open i e no security This mode is insecure as it allows any compatible wireless clients to connect to an AP configured with this security profile To create a new profile u...

Page 56: ...n older wireless printer to connect to a secure AP where all the other wireless clients are using WPA2 Figure 30 List of Available Profiles shows the options available to secure the wireless link 4 2...

Page 57: ...ared with wireless clients to connect to this device Figure 31 Profile configuration to set network security 4 2 2 WPA or WPA2 with PSK A pre shared key PSK is a known passphrase configured on the AP...

Page 58: ...uired to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed Authentication Port the port for the RADIUS...

Page 59: ...vailable profiles This router supports multiple AP s referred to as virtual access points VAPs Each virtual AP that has a unique SSIDs appears as an independent access point to clients This valuable f...

Page 60: ...there are no wireless clients the start and stop time will enable disable the access point automatically Once the AP settings are configured you must enable the AP on the radio on the Setup Wireless S...

Page 61: ...ry benefits of Virtual APs Optimize throughput if 802 11b 802 11 g and 802 11n clients are expected to access the LAN via this router creating 3 VAPs will allow you to manage or shape traffic for each...

Page 62: ...or only 802 11n connections or both are accepted on configured APs Figure 35 Radio card configuration options The ratified 802 11n support on this radio requires selecting the appropriate broadcast NA...

Page 63: ...Advanced Wireless Settings WPS WPS is a simplified method to add supporting wireless clients to the network WPS is only applicable for APs that employ WPA or WPA2 security To use WPS select the eligib...

Page 64: ...ush Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and estab...

Page 65: ...ied services as defined by port number Reports and alerts that you want the router to send to you You can for example establish restricted access policies based on time of day web addresses and web ad...

Page 66: ...Policy page When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service Figure 38 List of...

Page 67: ...nd or inbound services rule do the following To edit a rule click the checkbox next to the rule and click Edit to reach that rule s configuration page To add a new rule click Add to be taken to a new...

Page 68: ...res configuring the router s logging feature separately QoS Priority Outbound rules where To Zone insecure WAN only can have the traffic marked with a QoS priority tag Select a priority level Normal S...

Page 69: ...or DMZ In this way the LAN DMZ server can be accessed from the internet by its aliased public IP address 7 Outbound rules can use Source NAT SNAT in order to map bind all LAN DMZ traffic matching the...

Page 70: ...Unified Services Router User Manual 68 Figure 40 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30...

Page 71: ...nified Services Router User Manual 69 Figure 41 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as neede...

Page 72: ...r IP address Destination Users Any Log Never Example 2 Allow videoconferencing from range of outside IP addresses Situation You want to allow incoming videoconferencing to be initiated from a restrict...

Page 73: ...10 1 0 118 LAN IP address 192 168 10 1 subnet 255 255 255 0 Web server host in the DMZ IP address 192 168 12 222 Access to Web server simulated public IP address 10 1 0 52 E x a m p l e 4 B l o c Exa...

Page 74: ...the schedule to be active for specific days Select Saturday and Sunday In the scheduled time of day select all day this will apply the schedule between 12 am to 11 59 pm of the selected day Click appl...

Page 75: ...uter User Manual 73 Figure 42 Schedule configuration for the above example 2 Since we are trying to block HTTP requests it is a service with To Zone Insecure WAN1 WAN2 that is to be blocked according...

Page 76: ...e zone The Destination Users dropdown should be any 7 We don t need to change default QoS priority or Logging unless desired clicking apply will add this firewall rule to the list of firewall rules 8...

Page 77: ...some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without wh...

Page 78: ...VPN Passthrough This router s firewall settings can be configured to allow encrypted VPN traffic for IPsec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or...

Page 79: ...n configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level o...

Page 80: ...wall rules web based content itself can be used to determine if traffic is allowed or dropped 5 8 1 Content Filtering Advanced Website Filter Content Filtering Content filtering must be enabled to con...

Page 81: ...eing downloaded 5 8 2 Approved URLs Advanced Website Filter Approved URLs The Approved URLs is an acceptance list for all URL domain names Domains added to this list are allowed in any form For exampl...

Page 82: ...king allows you to block all website URL s or site content that contains the keywords in the configured list This is lower priority than the Approved URL List i e if the blocked keyword is present in...

Page 83: ...tching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node the administra...

Page 84: ...tion IPS Advanced Advanced Network IPS The gateway s Intrusion Prevention System IPS prevents malicious attacks from the internet from accessing the private network Static attack signatures loaded to...

Page 85: ...e WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial o...

Page 86: ...Unified Services Router User Manual 84 Figure 52 Protecting the router and LAN from internet attacks...

Page 87: ...tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder Remote client behind a NAT router The client has a dynamic IP address and is behi...

Page 88: ...hree IPsec client connections to the internal network through the DSR IPsec gateway 6 1 VPN Wizard Setup Wizard VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies Once t...

Page 89: ...t or gateway to establish the tunnel Determine the local gateway for this tunnel if there is more than 1 WAN configured the tunnel can be configured for either of the gateways 2 Configure Remote and L...

Page 90: ...olicy with the following default values for a VPN Client or Gateway policy these can be accessed from a link on the Wizard page Parameter Default value from Wizard Exchange Mode Aggressive Client poli...

Page 91: ...her IPsec gateway or an IPsec VPN client on a host Only the data payload is encrypted and the IP header is not modified or encrypted Tunnel This mode is used for network to network IPsec tunnels where...

Page 92: ...col dynamically exchanges keys between two IPsec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security ass...

Page 93: ...well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferre...

Page 94: ...thenticate users With a configured RADIUS server the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client You can secure the connection between the...

Page 95: ...e contains the list of VPN user accounts that are authorized to use a given VPN tunnel Alternatively VPN tunnel users can be authenticated using a configured Radius database Refer to the online help t...

Page 96: ...led a L2TP server is available on the router for LAN and WAN L2TP client users to access Once the L2TP server is enabled L2TP clients that are within the range of configured IP addresses of allowed cl...

Page 97: ...mote host to establish a secure VPN tunnel A SSL VPN client Active X or Java based is installed in the remote host to allow the client to join the corporate LAN with pre configured access policy privi...

Page 98: ...ers of a Group One or more Groups belong to an authentication Domain The user settings contain the following User Name This is unique identifier of the user First Name This is the user s first name La...

Page 99: ...fining the authentication and features exposed to SSL users The following information is used to configure a domain Domain Name The unique identifier of the domain Authentication Type The authenticati...

Page 100: ...n subsets that can be seen as types of SSL users some groups require access to all available network resources and some can be provided access to a select few With groups a very secure hierarchy of SS...

Page 101: ...rnally configured RADIUS or other Enterprise server It is not part of the local user database L2TP User These are L2TP VPN tunnel LAN users that can establish a tunnel with the L2TP server on the WAN...

Page 102: ...l policies These policies can be applied to a specific network resource IP address or ranges on the LAN or to different SSL VPN services supported by the router The List of Available Policies can be f...

Page 103: ...equent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the netw...

Page 104: ...ers or groups the user can select from the Available Groups and Available Users drop down Apply policy to This refers to the LAN resources managed by the DSR and the policy can provide or prevent acce...

Page 105: ...y permitted or denied 7 2 1 Using Network Resources Setup VPN Settings SSL VPN Server Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configur...

Page 106: ...d and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires...

Page 107: ...gured applications for port forwarding allow users to access the private network servers by using a hostname instead of an IP address the FQDN corresponding to the IP address is defined in the port fo...

Page 108: ...y created This allows local applications to access services on the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the vir...

Page 109: ...full tunnel support if the split tunnel option is disabled the DSR acts in full tunnel mode all addresses on the private network are accessible over the VPN tunnel Client routes are not required DNS S...

Page 110: ...LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here Subnet mask The subnet information of the destination network is set here Figure 69 Configu...

Page 111: ...same page that opens when the User Portal link is clicked on the SSL VPN menu of the router GUI The router administrator creates and edits portal layouts from the configuration pages in the SSL VPN m...

Page 112: ...from being stored in the client s web browser cache It is recommended that the user selects this option ActiveX web cache cleaner An ActiveX cache control web cleaner can be pushed from the gateway t...

Page 113: ...e LAN host and traffic will be routed through the DSR between the LAN and printer USB 3G modem A 3G modem dongle can be plugged in and used as a secondary WAN Load balancing auto failover or primary W...

Page 114: ...self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for...

Page 115: ...or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certi...

Page 116: ...total power consumption by the LAN switch is dependent function of on the number of connected ports The overall current draw when a single port is connected is less than when all the ports are connec...

Page 117: ...Unified Services Router User Manual 115 Figure 74 Advanced Switch Settings...

Page 118: ...nterface The user type is set in the Advanced Users Users page The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet WAN by enabling the corresponding Login P...

Page 119: ...uters in a network are being managed by a central Master system When an external SNMP manager is provided with this router s Management Information Base MIB file the manager can update the router s hi...

Page 120: ...ure 77 SNMP Users Traps and Access Control Tools Admin SNMP System Info The router is identified by an SNMP manager via the System Information The identifier settings The SysName set here is also used...

Page 121: ...ock RTC If the router has access to the internet the most accurate mechanism to set the router time is to enable NTP server communication Accurate date and time on the router is critical for firewall...

Page 122: ...acks or errors when they are detected by the router The following sections describe the log configuration settings and the ways you can access these logs 9 4 1 Defining What to Log Tools Log Settings...

Page 123: ...rder of severity can be logged Emergency Alert Critical Error Warning Notification Information Debugging When a particular severity level is selected all events with severity equal to and greater than...

Page 124: ...the type of traffic through the router that is logged for display in Syslog E mailed logs or the Event Viewer Denial of service attacks general attack information login attempts dropped packets and s...

Page 125: ...N machine tries to make an ssh connection those packets will be dropped and a message will be logged Make sure the log option is set to allow for this firewall rule Enabling accepted packet logging th...

Page 126: ...device s logs Once you enable the option to e mail logs enter the e mail server s address IP address or FQDN of the SMTP server The router will connect to this server when sending e mails out to the...

Page 127: ...ould send out logs E mail logs can be sent out based on a defined schedule by first choosing the unit i e the frequency of sending logs Hourly Daily or Weekly Selecting Never will disable log e mails...

Page 128: ...led Syslog server once you save this configuration page s settings Figure 83 Syslog server configuration for Remote Logging continued 9 4 3 Event Log Viewer in GUI Status Logs View All Logs The router...

Page 129: ...factory default settings or execute a soft reboot of the router IMPORTANT During a restore operation do NOT try to go online turn off the router shut down the PC or do anything else to the router unti...

Page 130: ...irmware You can upgrade to a newer software version from the Administration web page In the Firmware Upgrade section to upgrade your firmware click Browse locate and select the firmware image on your...

Page 131: ...ic DNS Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider...

Page 132: ...er User Manual 130 Figure 87 Dynamic DNS configuration 9 8 Using Diagnostic Tools Tools System Check The router has built in tools to allow an administrator to evaluate the communication status and ov...

Page 133: ...d another device on the network connected to this router Enter an IP address and click PING The command output will appear indicating the ICMP echo request status 9 8 2 Trace Route This utility will d...

Page 134: ...tating Unknown Host indicates that the specified Internet Name does not exist This feature assumes there is internet access available on the WAN link s 9 8 4 Router Options The static and dynamic rout...

Page 135: ...arized on the router s Dashboard 10 1 1 Device Status Status Device Info Device Status The DSR Status page gives a summary of the router configuration settings configured in the Setup and Advanced men...

Page 136: ...Unified Services Router User Manual 134 Figure 90 Device Status display...

Page 137: ...dware and usage statistics The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router Interface statistics for the wired connection...

Page 138: ...Unified Services Router User Manual 136 Figure 92 Resource Utilization statistics...

Page 139: ...Unified Services Router User Manual 137 Figure 93 Resource Utilization data continued...

Page 140: ...cific packet level information provided for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with...

Page 141: ...ss link If you suspect that a radio or VAP may be down the details on this page would confirm if traffic is being sent and received through the VAP The clients connected to a particular AP can be view...

Page 142: ...AP specific statistics 10 3 Active Connections 10 3 1 Sessions through the Router Status Active Sessions This table lists the active internet sessions through the router s firewall The session s proto...

Page 143: ...Unified Services Router User Manual 141 Figure 97 List of current Active Firewall Sessions...

Page 144: ...time connected to the corresponding AP The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this pag...

Page 145: ...d packets since the tunnel was established If a VPN policy state is IPsec SA Not Established it can be enabled by clicking the Connect button of the corresponding policy The Active IPsec SAs table dis...

Page 146: ...Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router IP Address IP address of the remote VPN client Local PPP Interface The interface WAN1 or WAN2...

Page 147: ...factory defaults this sets the firewall s IP address to 192 168 10 1 5 If you do not want to reset to factory default settings and lose your configuration reboot the router and use a packet sniffer s...

Page 148: ...ndicate that it has resynchronized with the ISP reapply power to the router If the router still cannot obtain an ISP address see the next symptom Symptom Router still cannot obtain an IP address from...

Page 149: ...ime 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommended action 1 Select Administration...

Page 150: ...tion and firewall 6 If the path is still not up test the network configuration Verify that the Ethernet card driver software and TCP IP software are installed and configured on the PC Verify that the...

Page 151: ...your firewall to clone or spoof the MAC address from the authorized PC 11 4 Restoring factory default configuration settings To restore factory default configuration settings do either of the followi...

Page 152: ......

Page 153: ...Chapter 12 Credits Microsoft Windows are registered trademarks of Microsoft Corp Linux is a registered trademark of Linus Torvalds UNIX is a registered trademark of The Open Group...

Page 154: ...ncryption keys in ISAKMP as part of building a VPN tunnel IPsec IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPsec operates in ei...

Page 155: ...Internet with guaranteed reliability and in order delivery UDP User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery VP...

Page 156: ......

Page 157: ...2 168 10 1 IPv4 subnet mask 255 255 255 0 RIP direction None RIP version Disabled RIP authentication Disabled DHCP server Enabled DHCP starting IP address 192 168 10 2 DHCP ending IP address 192 168 1...

Page 158: ...DNS UDP DNS TCP FINGER FTP HTTP HTTPS ICMP TYPE 3 ICMP TYPE 4 ICMP TYPE 5 ICMP TYPE 6 ICMP TYPE 7 ICMP TYPE 8 ICMP TYPE 9 ICMP TYPE 10 ICMP TYPE 11 ICMP TYPE 13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING...

Page 159: ...t FAILED DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result SUCCESS DEBUG ddns SQL error s ERROR Write Old Entry s s s to s DEBUG Illegal operation interface got deleted ERROR Write New Entry...

Page 160: ...ss s DEBUG failed to open s ERROR nimfMacGet MacAddress s DEBUG failed to open s ERROR nimfMacGet MacAddress s DEBUG failed to query networkInterface table ERROR nimfMacGet Mac option Not changed DEBU...

Page 161: ...interface advanced ERROR Invalid lanmask DEBUG nimfAdvOptSetWrap error getting MTU size ERROR Invalid option DEBUG nimfAdvOptSetWrap unable to get Mac Address ERROR Failed to set config info DEBUG ni...

Page 162: ...tchConfig for port enable ERROR failed query s DEBUG Failed to execute ifconfig for port enable ERROR vlan disabled not applying vlan configuration DEBUG Failed to execute ethtool for ERROR removing s...

Page 163: ...eryResGet failed DEBUG Failed to set vlan entries while enabling ERROR Failed to remove vlan Interface for vlanId DEBUG sqlite3QueryResGet failed ERROR sqlite3QueryResGet failed DEBUG Failed to execut...

Page 164: ...update handler ERROR pid d DEBUG are we getting invoked twice ERROR PID File for pptpd interface found DEBUG could not open s to append ERROR pid d DEBUG could not write nameserver s to s ERROR option...

Page 165: ...dMgmt unable to open the ERROR pptpMgmtTblHandler MppeEncryptSupport s DEBUG Can t kill pptpd ERROR pptpMgmtTblHandler SplitTunnel s DEBUG pptpd restart failed ERROR pptpEnable ppp dial string s DEBUG...

Page 166: ...G pptpMgmtTblHandler dbRecordValueGet failed for s ERROR l2tpEnable command string s DEBUG pptpMgmtTblHandler pptp enable failed ERROR PID File for dhcpc found DEBUG pptpMgmtTblHandler pptp disable fa...

Page 167: ...rver configuration update failed ERROR Failed to stop tcpdump ERROR DHCPv6 Server Restart failed ERROR Invalid tcpdumpEnable value ERROR sqlite3QueryResGet failed Query s ERROR Facility System VPN Log...

Page 168: ...get Acknowledged result ERROR ERROR Got fragment n DEBUG Cannot understand AVP value ERROR ERROR Got last fragment DEBUG eapExtResp is NULL ERROR ERROR Got unfragmented message DEBUG eapWscCtxCreate...

Page 169: ...ponse ERROR ERROR Default EAP method state d decision d DEBUG Error checking authenticator response ERROR TTLS pkt data len d flags 0x x DEBUG Error generating NT response ERROR Got start DEBUG Userna...

Page 170: ...EBUG Unexpected tlsGlueContinue return value ERROR Send req ptr 0x x Send resp ptr 0x x DEBUG NULL request or response PDU or NULL context ERROR Request ptr 0x x DEBUG Protocol version mismatch ERROR...

Page 171: ...ializing cipher context ERROR malloc failed ERROR Error creating digest context ERROR BIO_new_mem_buf failed ERROR Error initializing digest context ERROR malloc failed ERROR Error initializing DES in...

Page 172: ...eapAuthTypeToType Invalid eapAuthType d ERROR invalid certificate data ERROR eapTypeToAuthType Invalid eapType d ERROR Query s ERROR unable to create method context ERROR Query s ERROR method ctxCrea...

Page 173: ...g events enabled DEBUG radPairLocate Attribute d has invalid length ERROR s DEBUG radPairUnpackDefault Unknown Attribute d ERROR Mail sent and the Database is reset DEBUG radConfigure can t open s s E...

Page 174: ...e d ERROR RADIUS Configured DEBUG radEapRecvTask Packet length mismatch d d ERROR d Server s d with DEBUG No attributes received in Access Challenge message ERROR DBUpdate event Table s opCode d rowId...

Page 175: ...DEBUG default reached ERROR Could not read data from file DEBUG Unable to initialize ntpControl ERROR ntpTblHandler DEBUG ntpMgmt Couldn t open database s ERROR status d DEBUG ERROR incomplete DB upd...

Page 176: ...disconnected for old usb type DEBUG Sqlite update failed ERROR s 4 Disabled old usb type Now DEBUG USB1 Touch failed ERROR usbdevice is d s d DEBUG USB2 Touch failed ERROR USB failed to begin transact...

Page 177: ...ERROR RADVD start failed ERROR sqlite3_mprintf failed ERROR RADVD stop failed ERROR no component id matching s ERROR failed to create open RADVD configuration file s ERROR umiIoctl s UMI_CMD_DB_UPDATE...

Page 178: ...ce DEBUG Disabling Firewall Rule for DHCP Relay Protocol DEBUG Disabling attack check for Stealth mode for tcp DEBUG Enabling Firewall Rule for DHCP Relay Protocol DEBUG Disabling attack check for Ste...

Page 179: ...up s DEBUG src firewall linux user firewalld c 60 un def ADP_DEBUG DEBUG Deleting lan host s from group s DEBUG src firewall linux user firewalld c 62 def ine ADP_DEBUG printf DEBUG Adding lan host s...

Page 180: ...abling DROP for INPUT DEBUG Enabling rule port triggering for protocol UDP DEBUG Enabling DROP for FORWARD DEBUG Enabling rule port triggering for protocol TCP DEBUG Disabling NAT based Firewall Rules...

Page 181: ...tion s DEBUG Failed to s traffic from s to s to IPS ERROR s firewall rule s for service s with action s DEBUG failed to start IPS service ERROR Added firewall rule s for service s with action s DEBUG...

Page 182: ...ed DEBUG KDOT11_GET_PARAM IEEE80211_I OC_CHANNEL failed ERROR unexpected reply from d cmd d DEBUG Failed to get the channel setting for s ERROR unexpected reply from d cmd d DEBUG sqlite3QueryResGet f...

Page 183: ...1314 ADP_ERROR ERROR processing pairwise key message 2 DEBUG BSSID value passed is NULL ERROR RSN IE matching OK DEBUG reserved requestId is passed ERROR processing pairwise key message 4 DEBUG inter...

Page 184: ...InstallProfile unable to get interface index ERROR Failed to process user request DEBUG adpHmacInit s failed ERROR Failed to process user request s d DEBUG interface s not found ERROR pnacIfConfigUmiI...

Page 185: ...EN failed ERROR pnacRecvASInfoMessage suppTimeout set to d DEBUG KDOT11_SET_PARAM IEEE80211_I OC_UCASTCIPHERS failed ERROR PORT SUCCESSFULLY DESTROYED DEBUG KDOT11_SET_PARAM IEEE80211_I OC_KEYMGTALGS...

Page 186: ...eck failed ERROR doing pnacTxLogoff DEBUG wpaAuthRecvKeyReq unexpected packet received ERROR doing pnacTxRspId 1st cond DEBUG wpaAuthRecvKeyReq keyDataLength not zero ERROR doing pnacTxRspId entering...

Page 187: ...reate a raw socket ERROR adpRand failed unable to generate random unicast key WARN pnacIsInterfaceUp failed to get interface flags ERROR using group key as unicast key WARN failed to allocate buffer E...

Page 188: ...ed Invalid IE data from WSC ERROR pnacIfNameToIndex failed ERROR Recd IE data for non existent AP s ERROR pnacPhyPortParamSet device invalid s d ERROR Recd WSC Start command without interface name ERR...

Page 189: ...not exist ERROR Error from pnacAuthConfig pAsArg cannot be NULL ERROR SSID should not be longer than d ERROR Error from pnacAuthConfig receive routine hook ERROR Profile s does not exist ERROR pnacAu...

Page 190: ...r from pnacEAPPktCreate basic pkt create failed ERROR Profile s does not exist ERROR Error from pnacTxCannedFail eap pkt create failed ERROR Profile s does not exist ERROR Error from pnacTxCannedSucce...

Page 191: ...e event expected on dot11RogueAP ERROR unable to create new EAP context ERROR sqlite3QueryResGet failed ERROR unable to apply s profile on the EAP context ERROR unhandled database operation d ERROR pn...

Page 192: ...UG s d bad sequence number d expected d DEBUG TKIP DEBUG PPPIOCDETACH file f_count d DEBUG s cannot map channel to mode freq u flags 0x x DEBUG PPP outbound frame not passed DEBUG s s vap iv_dev name...

Page 193: ...BUG s module use_count is d __FUNCTION__ mod_use_count DEBUG s 0x p len u tag p len DEBUG PPPOL2TP s _fmt DEBUG 03d i DEBUG PPPOL2TP s __FUNCTION__ DEBUG 02x u_int8_t p i DEBUG PPPOL2TP s __FUNCTION__...

Page 194: ...ot compare DEBUG a guy asks for address mask Who is it DEBUG FAIL ccmp decap failed DEBUG icmp v4 hw csum failure DEBUG FAIL decap botch length mismatch DEBUG expire u d d d expire DEBUG FAIL decap bo...

Page 195: ...VA_ARGS__ DEBUG expire u d d d expire DEBUG s Warning using only u entries in u key cache DEBUG rt_cache 02x u u u u hash DEBUG s TX99 support enabled dev name DEBUG rt_bind_peer 0 p DEBUG s grppoll B...

Page 196: ...UG grppoll_start grppoll Buf allocation failed DEBUG ip_conntrack can t register local_out defrag hook DEBUG s HAL qnum u out of range max u DEBUG ip_conntrack can t register pre routing hook DEBUG s...

Page 197: ...NULL DEBUG Should bcast u u u u u u u u sk p ptype u DEBUG xlr8NatSoftCtxEnqueue Calling xlr8NatIpFinishOutput status DEBUG ip_conntrack version s u buckets d max DEBUG xlr8NatSoftCtxEnqueue xlr8NatI...

Page 198: ...y to IPsec sa table DEBUG ID u SEQ u DEBUG ERROR Failed to add entry to IPsec sa table DEBUG PARAMETER u DEBUG ERROR Failed to add entry to IPsec sa table DEBUG GATEWAY u u u u DEBUG ERROR Failed to a...

Page 199: ...s DEBUG account Wrong netmask given by netmask parameter i Valid is 32 to 0 netmask INFO ip_ct_h245 packet dropped DEBUG IPT_ACCOUNT_NAME checkentry failed to create procfs entry INFO ip_ct_q931 deco...

Page 200: ...l DEBUG s Version 0 1 INFO pkt err s pktInfo error DEBUG s driver unloaded dev_info INFO pkt err s pktInfo error DEBUG wlan s backend registered be iab_name INFO pkt err s pktInfo error DEBUG wlan s b...

Page 201: ...DEBUG s s dev_info version INFO 3 selecting hop d lastHopSelected d selHop lastHopSelected DEBUG s driver unloaded dev_info INFO bwMonitor multipath selection enabled DEBUG ath_pci switching rfkill c...

Page 202: ...u u u u u u u INFO AES Software Test s aesSoftTest 0 Failed Passed DEBUG IPsec device unregistering s dev name INFO AES Hardware Test DEBUG IPsec device down s dev name INFO AES Hardware Test s aesHa...

Page 203: ...G DES Hardware Test d iterations iter DEBUG s request_irq failed dev name WARNIN G DES Hardware Test Duration d d DEBUG try_module_get failed WARNIN G SHA Software Test d iterations iter DEBUG try_mod...

Page 204: ...__ DEBUG host u u u u if d ignores WARNIN G s The MIC is OK Still use this frame and update PN __func__ DEBUG martian destination u u u u from WARNIN G ADDBA send failed recipient is not a 11n node DE...

Page 205: ...ory ERROR ieee80211_deliver_l2uf no buf available DEBUG s cannot allocate space for MPPC history ERROR s s vap iv_dev name buf NB no DEBUG s cannot load ARC4 module fname ERROR s s s vap iv_dev name D...

Page 206: ...ERROR s seen_option DEBUG s CryptoAPI SHA1 digest size too small fname ERROR s s dev name buf DEBUG s cannot allocate space for SHA1 digest fname ERROR s no memory for sysctl table __func__ DEBUG s d...

Page 207: ...r __func__ DEBUG JBD IO error d recovering block ERROR s allocation failed for pl_info __func__ DEBUG Logs_kernel txt 303 KERN_ERR ERROR s Unable to allocate buffer __func__ DEBUG Logs_kernel txt 304...

Page 208: ...x x 0x p 0x x 0x x 0x x 0x x DEBUG Bad ioctl command ERROR bb state 0x 08x 0x 08x bbstate sc 4ul bbstate sc 5ul DEBUG fResetMod Failed to configure gpio pin ERROR 08x 08x 08x 08x 08x 08x 08x 08x 08x 0...

Page 209: ...ers __func__ ERROR s unable to obtain busy times __func__ DEBUG s Wrong Key length __func__ ERROR s beacon is officially stuck DEBUG s Wrong parameters __func__ ERROR Busy environment detected DEBUG s...

Page 210: ...kernel MIBCTL registration failed ERROR failed to allocate beacon descripotrs d error DEBUG Bad ioctl command ERROR failed to allocate UAPSD descripotrs d error DEBUG WpsMod Failed to configure gpio p...

Page 211: ...ueAPEnable can not add more interfaces ERROR _fmt __VA_ARGS__ DEBUG kdot11RogueAPGetState called with NULL argument ERROR sample_pri d is a multiple of refpri d sample_pri refpri DEBUG kdot11RogueAPDi...

Page 212: ...BUG PRE proto u srcip u u u u sport u dstip u u u u dport u CRITICAL Cannot support setting tx and rx keys individually DEBUG POST proto u srcip u u u u sport u dstip u u u u dport u CRITICAL bogus fr...

Page 213: ...ervices Router User Manual 211 Appendix E RJ 45 Pin outs Signal RJ 45 Cable Adapter Signal RJ 45 PIN DB 9 PIN CTS NC NC NC DTR NC NC NC TxD 6 3 RxD GND 5 5 GND GND 4 5 GND RxD 3 2 TxD DSR NC NC NC RTS...

Reviews:

No comments

Related manuals for DSR-500

Brand: D-Linke Pages: 32

EtherLink 3C509B

Brand: 3Com Pages: 8

SISPM1040-582-LRT

Brand: Lantronix Pages: 2

Brand: Lantronix Pages: 7

Maestro E220 Series

Brand: Lantronix Pages: 25

Ethernet Communication Module DVPEN01-SL

Brand: Delta Electronics Pages: 54

Brand: Net to Net Technologies Pages: 4

MasterBus Tanklevel Interface

Brand: Mastervolt Pages: 8

Brand: UfiSpace Pages: 35

Brand: 3Com Pages: 50

ELITENAS EN104L+(B)

Brand: Sans Digital Pages: 9

Brand: Quantum Pages: 7

Brand: Federal Signal Corporation Pages: 49

Brand: Digisol Pages: 81

Brand: Deliberant Pages: 16

Brand: LaView Pages: 2

Dynalink MyZone 3G24W

Brand: NetComm Pages: 5

Brand: Jensen of Scandinavia Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands