background image

98

NAT configuration

DMZ settings

If you have a client PC that cannot run an Internet application properly from behind the firewall, 
you can open the client up to unrestricted two-way Internet access. This may be necessary if the 
NAT feature is causing problems with an application, such as a game or video conferencing 
application. The DMZ feature allows all traffic from the public WAN that is destined for a 
specified computer (wired or wireless) on the private LAN, to pass through the router's firewall. 
Note that the router's virtual server feature allows the forwarding of a specific port, whereas the 
DMZ function forwards all ports/protocols to the specified IP addresses. 

Caution

Use this feature on a temporary basis. The computer in the DMZ is not protected from hacker 
attacks.

To put a computer in the DMZ, enter the last digits of its LAN IP address in the Client PC IP 
Address field. Enter the IP address (if known) on the Internet that will be used to access the 
DMZ computer into the Public IP Address field. This allows the computer on the Internet to 
access the DMZ computer through this address without firewall protection.

For the first line setting (line 1), the Public IP address is set to 0.0.0.0, which means it uses the 
router’s default WAN IP address. The router only allows one DMZ server to be accessed by all 
public IPs (many to one NAT). For all other line settings, if you have more than one DMZ server, 
you have to set the public IP address and specify the IP address of the DMZ server on the local 
network (one to one NAT).

This page includes the following settings:

Enable

Enables the DMZ feature for the router.

Public IP

The IP address for the DMZ computer that is used to access it from the Internet. When using the 
“0.0.0.0” setting, the router’s default WAN IP address is used.

Summary of Contents for PS110

Page 1: ...HP PS1 10 Wireless 802 1 1n VPN Router Configuration and Administration Guide HP Part Number 5998 6595 Published January 2015 Edition 1 ...

Page 2: ...h products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Microsoft and Windows are U S trademarks of the Microsoft group of companies Google Chrome browser is a trademark of Google Inc Warranty WARRANTY STATEMENT See the warranty information sheet provided...

Page 3: ...ral administration settings 21 System information General settings 21 Administrator login credentials 21 Setting the Country Code 21 Configuring web server settings 22 Configuring trusted users 23 System time settings 23 Set system time 23 Daylight saving 25 Configuring SNMP 25 Managing system logs 26 Events 27 Proxy ARP settings 28 Rebooting the router 30 Viewing traffic statistics 30 5 WAN confi...

Page 4: ...sthrough settings 75 9 Routing configuration 77 Viewing routing status 77 Viewing the IPv4 routing table 78 IPv4 Dynamic route settings 79 IPv4 Static route settings 80 Viewing the IPv6 routing table 81 IPv6 Dynamic route settings 82 IPv6 Static route settings 82 10 Firewall configuration 85 Viewing the firewall status 85 Security settings 86 Client filtering 88 MAC filtering 89 URL filtering 90 C...

Page 5: ...ewing tools status 1 17 Updating software 1 17 Saving configuration settings 1 18 Ping 120 Nslookup 121 Traceroute 121 Email alert 122 Scheduling 123 Support file 125 Viewing the EULA 125 16 Support and other resources 127 Online documentation 127 Contacting HP 127 HP websites 127 Conventions 128 A Resetting to factory defaults 129 Factory reset procedures 129 Using the reset button 129 Using the ...

Page 6: ...6 ...

Page 7: ... to a broadband modem DSL or cable to provide secure wireless networking for all employees In the following scenario employees can share data with each other and the MicroServer and access the Internet while being protected by the PS1 10 s firewall features With its wireless community feature the PS1 10 can be configured to provide up to four separate wireless networks all on the same wireless cha...

Page 8: ...0 1 provides wireless network services to the employees in the main office while PS1 10 2 and PS1 10 3 use the Wireless Distribution System WDS to create a wireless link between the main office network and a small network in a warehouse WDS eliminates the need to run cabling allowing for fast and easy deployment In the following scenario a PS1 10 located in an office provides a virtual private net...

Page 9: ... locations The computers on each branch network can access the computers and servers on the headquarters network Note The WDS and VPN features of the PS1 10 are completely interoperable with HP R100 Series Wireless VPN Routers LAN computers Office Internet Server LAN WAN VPN VPN Remote Client PS110 LAN computers Headquarters Branch 1 Branch 2 Branch 3 Internet LAN LAN LAN WAN WAN WAN Server LAN WA...

Page 10: ...10 Deploying the HP PS110 ...

Page 11: ...or cancelling out of the Wizard Setup the System Status page displays by default See also the HP PS1 10 Wireless VPN Router Quickstart which describes the configuration procedure for a basic wireless network Wizard Setup To start the Wizard Setup select Home Wizard Setup and then click Start Step 1 Specify system time settings The router keeps time by connecting to a Network Time Protocol NTP serv...

Page 12: ...ypes enter supplementary information as directed by the wizard and then click Next to apply the settings A description of each connection type follows DHCP See Connection Type DHCP on page 12 Static IP Address See Connection Type Static IP Address on page 13 PPPoE See Connection Type PPPoE on page 13 PPTP See Connection Type PPTP on page 14 L2TP See Connection Type L2TP on page 14 The Internet Con...

Page 13: ...mask and ISP gateway address enter them in the spaces provided For more information on the WAN Static IP Address Connection Type see Static IP address on page 35 Connection Type PPPoE The Point to Point Protocol over Ethernet PPPoE is a common WAN protocol that provides a secure tunnel connection between the service provider and the local network Enter the specific PPPoE information assigned by yo...

Page 14: ...ecific PPTP information assigned by your ISP For more information on the WAN PPTP Connection Type see PPTP on page 37 Connection Type L2TP The Layer 2 Tunneling Protocol L2TP is a common WAN protocol used for Virtual Private Networks VPNs that provides a secure tunnel connection between the service provider and the local network Enter the specific L2TP information assigned by your ISP For more inf...

Page 15: ...e same time By default the radio is enabled on the 2 4 GHz band Configure the following basic wireless settings before clicking Next Radio Band and Radio Mode Configure the PS1 10 router to operate in the 2 4 GHz band for 802 1 1b g n or the 5 GHz band for 802 1 1a n and then select an operating mode The 1 1b g n Mixed mode is configured by default For more information see Basic wireless settings ...

Page 16: ...unities MAC Authentication Authentication Mode and Encryption Type Configure wireless security for the default wireless community The PS1 10 has no wireless security configured by default HP recommends that WPA2 be configured for maximum security Leaving the Authentication Mode setting as Open or using WEP security is not recommended For more information on wireless security see Configuring wirele...

Page 17: ... more information see the HP ProLiant Server documentation Monitored Servers The Monitored Servers list is the server dashboard providing basic information and system health status for servers that the user has chosen to monitor This page includes the following settings Server System Health Displays the status of the monitored server with one of these symbols The device or subsystem is working cor...

Page 18: ... server IP address or by selection from a list of discovered devices Use the list to select which method to use The default method is Select from discovered list Discovered Servers The Discovered Servers list can include a maximum of 100 recently discovered iLO server devices The list includes the following information for each server Server Product Name Displays the product name of the discovered...

Page 19: ...ecause the security certificate is issued by the router and not a known certificate authority With https it is acceptable to choose the option that allows you to proceed through the security warning In a web browser specify either http 192 168 1 1 or https 192 168 1 1 For information on launching the web based management interface for the first time see the HP PS1 10 Wireless VPN Router Quickstart...

Page 20: ...including radio enable operating frequency mode channel SSID MAC address authentication and encryption WAN Displays the WAN connection type status and IP address assignment LAN Displays the router s local network IP address MAC address and DHCP server status USB Displays the current status of a device attached to the router s USB port SNMP Displays the status of the Simple Network Management Proto...

Page 21: ...se characters Administrator login credentials Configures the web management interface login username and password The administrator user name and password can be from 6 to 32 alphanumeric and special characters Do not use characters Setting the Country Code The country of operation also known as the regulatory domain determines the availability of certain wireless settings on the router When the c...

Page 22: ...onfiguring web server settings This section configures access to the web management interface HTTP Server HTTPS Server The router software includes HTTP and HTTPS functionality to enable communication with your web browser Unlike HTTP HTTPS enables secure sessions using a digital certificate to encrypt data exchanged between the router and your web browser HTTP and HTTPS are both enabled by defaul...

Page 23: ...System time settings Correct system time is important for proper operation of the HP PS1 10 especially when using the logs to troubleshoot Select System System time to open the System Time page This page enables you to configure time server and time zone information Set system time This section displays the current system time You can configure the time manually or have it automatically configured...

Page 24: ...he NTP hostname or IP address although using the IP address is not recommended as these are more likely to change If you specify a hostname note the following requirements The length must be from 1 to 63 characters Upper and lower case characters numbers and hyphens are accepted The first character must be a letter a to z or A to Z and the last character cannot be a hyphen A actual NTP server host...

Page 25: ...d end dates based on the time zone selected Manually Set Time For Daylight Savings Sets the dates for starting and ending the daylight saving Configuring SNMP The Simple Network Management Protocol SNMP enables the remote management of the HP PS1 10 router by a computer that has SNMP management software installed The HP PS1 10 provides a robust SNMP v1 v2c implementation supporting both industry s...

Page 26: ...o which the status messages are to be sent Trap Receiver Port The port number of the computer to which the status messages are to be sent Trap Community The computer network management program must supply this name to receive the trap messages Do not use characters Managing system logs The system log is a list of system messages some of which may indicate error conditions The router stores up to 2...

Page 27: ... the router to send syslog messages to the remote server The System Log Level setting determines which messages are stored in RAM and are available for relay to a remote syslog server IP Address Specify the IP address of the remote syslog server Port The syslog process uses logical port 514 by default It is recommended that you keep this default If you specify a different port number ensure that t...

Page 28: ...hat a computer on the router s LAN network can appear to be logically on the WAN network accessible using a public IP address Note that although the computer appears as part of the public network it is actually protected behind the router s firewall on the LAN network That is traffic between the public network and the host computer on the LAN is still subject to the rules and policies configured o...

Page 29: ... is selected the protocol numbers can be entered in the Protocol field Port s Specifies the TCP UDP port numbers More than one number can be entered separated by commas Protocol s Specifies special protocol numbers separated by commas IP Address Of Public Hosts In LAN The IP address of a computer in the local LAN The IP address and mask can define a range of addresses For example IP address 10 8 0...

Page 30: ...tistics To view statistics on Ethernet packets received and transmitted on the wired and wireless ports select System Traffic Statistics The Traffic Statistics page displays The statistics accumulate until the router is rebooted Port Statistics Displays the WAN and LAN port status together with the number of frames bytes that have been transmitted and received Wireless LAN Statistics Displays the ...

Page 31: ...s a summary of traffic statistics for the WAN and LAN ports Set the poll interval for updating statistics on the page and click Start You can also click Refresh anytime to immediately update values Click Reset Counters to set all statistics values back to zero ...

Page 32: ...32 Managing the HP PS110 system ...

Page 33: ...ou are using DHCP as the connection type you can click Renew to request a new IP address This page includes the following information Connection Type The router s method of connection to the ISP Connection Time The time elapsed since the Internet connection was established IP Address The IP address assigned to the router s WAN port by the ISP Subnet Mask The IP subnet mask assigned to the router s...

Page 34: ...o your ISP Some dynamic connection types may require a Host Name Enter the Host Name in the space provided if you were assigned one by your ISP do not use characters Some dynamic connections require that you clone the MAC address of the PC that was originally connected to the modem To do so click WAN MAC Clone to set the WAN MAC address For more information see MAC clone on page 40 This page inclu...

Page 35: ...pe Select Static IP Address as the router s method of connecting to the ISP IP Address Enter the IP address assigned to the router s WAN port by the ISP Subnet Mask Enter the IP subnet mask assigned to the router s WAN port by the ISP Gateway Enter the IP address of the ISP s gateway Primary Secondary DNS Address Enter the IP addresses of primary and secondary domain name servers PPPoE The Point t...

Page 36: ...Name The service name is typically optional but may be required by some service providers The service name defines the attributes used to set up a dynamic PPPoE subscriber interface HP recommends that you do not enter a service name unless your service provider instructs you to do so Idle Time Select the number of minutes to elapse without activity before the PPPoE connection is disconnected Or yo...

Page 37: ...imum of eight rules can be defined Source network The source IPv4 address and mask that identfies traffic to be routed through the specified PPP channel Destination network The destination IPv4 address and mask that identfies traffic to be routed through the specified PPP channel Protocol Identfies TCP or UDP protocol traffic Source port Identfies traffic by a specfied TCP or UDP source port Desti...

Page 38: ...n DHCP Enable Enables DHCP for the dynamic assignment of the WAN IP address from the ISP You can click Release and Renew to refresh the DHCP assignment If you disable DHCP enter the static IPv4 address subnet mask gateway address as well as primary and secondary DNS server addresses as provided by the ISP L2TP The Layer 2 Tunneling Protocol L2TP is a common WAN protocol used for Virtual Private Ne...

Page 39: ...g to track the IP address themselves A common use is for running server software on a computer that has a dynamic IP address for example a dialup connection where a new address is assigned at each connection or a DSL service where the address is changed by the ISP occasionally To implement Dynamic DNS you must set the maximum caching time of the domain to an unusually short period typically a few ...

Page 40: ...lows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address provided to your ISP for registration If you are unsure of the computer MAC address originally registered by your ISP call your ISP and request to register a new MAC address for your account Register the default MAC address of the router s WAN port You can enter the registered MAC address ...

Page 41: ...es to the settings the LAN setting pages allow you to Change the default IP address of the router Configure VLANs Enable the DHCP server function for each VLAN Enable NAT features for each VLAN Enable IGMP Snooping and IGMP Proxy for each VLAN Enable the DHCP Relay function Enable Spanning Tree support Viewing the LAN interface status The Status page displays the current status of LAN related feat...

Page 42: ...ce of the Spanning Tree network Root MAC Address The MAC address of the root device in the Spanning Tree network LAN1 LAN4 Displays the state of the router s port interfaces in the Spanning Tree network Disabled Learning Forwarding or Blocking VLAN The table includes all VLANs currently configured on the router LAN Settings The router must have a valid IP address for management using a web browser...

Page 43: ...be turned off if necessary Turning off the DHCP server requires you to manually set static IP addresses for each computer in the VLAN IP Pool Starting Ending Address The IP pool is the range of IP addresses set aside for dynamic assignment to the computers in the VLAN The default is 2 254 253 computers You can enter new starting and ending IP addresses for the VLAN IP pool or click Auto IP Range t...

Page 44: ...ing a packet from that device to the root device Then it selects a designated device from each LAN that incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network pac...

Page 45: ...rofiles can be created After a new VLAN profile is created LAN or WLAN interfaces must be added to the VLAN by changing the VLAN settings of the interfaces An interface can be a member of only one VLAN either tagged or untagged Add an interface as a VLAN tagged port if any connected network devices support VLANs otherwise add the port as untagged To prevent the forwarding of traffic between VLANs ...

Page 46: ...re the behavior of VLANs This page includes the following settings Name A text description of the VLAN Do not use characters IP Address The IP address of the VLAN interface Subnet Mask The subnet mask of the VLAN interface Enable NAT Enables the NAT function for the VLAN interface ...

Page 47: ...cations protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships IGMP can be used for one to many networking applications such as online streaming video and gaming and allows more efficient use of resources when supporting these types of applications This page includes the following settings Enable IGMP Proxy IGMP proxy actively filters IGMP packets in or...

Page 48: ...48 LAN configuration ...

Page 49: ...GHz operation This means that the PS1 10 can operate either at 2 4 GHz or 5 GHz but not both at the same time Note The router supports a maximum of 64 wireless clients Viewing wireless interface status The Status page displays the current status of radio settings including operating frequency mode and channel as well as specific SSID settings This page includes the following information Wireless D...

Page 50: ... to VAP4 they are also listed SSID The service set identifier or network name of the VAP interface MAC Address The physical layer address of the VAP interface Authentication Mode The wireless security method configured for the VAP Encryption Type The data encryption configured for the VAP WPS Indicates if WPS is enabled for the VAP WDS Indicates if WDS is enabled for the VAP Basic wireless setting...

Page 51: ...bility mode Up to 1 1 Mbps for 802 1 1b and 54 Mbps for 802 1 1g 1 1b g n Mixed Compatibility mode Up to 1 1 Mbps for 802 1 1b 54 Mbps for 802 1 1g and 450 Mbps for 802 1 1n If support for 802 1 1b g is not required it is recommended that you choose the 802 1 1n only mode 1 1n only Pure 802 1 1n Up to 450 Mbps Select a 5 GHz radio mode 1 1a only Pure 802 1 1a Up to 54 Mbps 1 1n only Pure 802 1 1n ...

Page 52: ...ed under the basic radio settings but up to four VAP interfaces can be enabled and configured SSID The SSID is equivalent to the wireless network name and it can be changed if needed The SSID is case sensitive and can contain up to 32 standard alphanumeric characters including spaces a space as the first or last character or all spaces is not allowed If there are other wireless networks in your ar...

Page 53: ...n control access to the wireless network based on the MAC address of a user s wireless device You can either block access or allow access depending on your requirements Select whether to disable MAC authentication use a MAC authentication list stored locally on the router or use a list stored on a RADIUS server If local MAC authentication is selected configure your MAC address list on the Wireless...

Page 54: ...RADIUS server See WPA WPA2 enterprise on page 58 WPA WPA2 PSK Mixed The WPA2 Personal mode for mixed clients that is when there are some wireless clients in the network that support only WPA TKIP encryption This setting enables both WPA and WPA2 clients to associate and authenticate but uses the more robust AES encryption WPA2 for clients that support it This option allows more interoperability at...

Page 55: ...S server settings See Configuring RADIUS settings on page 59 Key Length The number of characters you specify for the key determines the level of encryption 64 bit 128 bit Key Type Select the format used to specify the encryption keys The definition for the encryption keys must be the same on the router and all wireless clients Hexadecimal characters 0 9 a f and A F ASCII characters 0 9 a z and A Z...

Page 56: ...1X for user authentication and requires a RADIUS authentication server to be configured on the wired network WPA2 is more secure than WPA TKIP or WEP therefore HP recommends to select WPA2 for maximum possible security WPA2 The enterprise mode of WPA2 that provides the maximum security You must set up at least one configured RADIUS server in your network before enabling WPA2 security For RADIUS se...

Page 57: ...xadecimal Enter exactly 64 Hexadecimal characters characters 0 9 a f and A F ASCII Enter 8 63 characters alphanumeric characters 0 9 a z and A Z plus spaces and symbols Permitted symbols include all those that can be typed on a standard English keyboard such as and Passphrase Enter the key according to the type selected in ASCII passphrase style 8 63 alphanumeric characters and keyboard symbols or...

Page 58: ...ch client as they associate with the network Group Key Interval Enter the interval at which the broadcast group key is refreshed for clients associated with this VAP interface the default is 3600 seconds The valid range is 60 to 86400 seconds Specify a value of 0 to disable the refreshing of broadcast keys Session Key Interval Enter the interval at which the router refreshes session unicast keys f...

Page 59: ...e a mix of letters and numbers The passphrase key cannot begin or end with spaces Group Key Interval Enter the interval at which the broadcast group key is refreshed for clients associated with this VAP interface the default is 3600 seconds The valid range is 60 to 86400 seconds Specify a value of 0 to disable the refreshing of broadcast keys Session Key Interval Enter the interval at which the ro...

Page 60: ...d on the RADIUS server Secondary RADIUS Server Enter the IPv4 address for a backup RADIUS server If authentication fails with the primary server the configured backup server is tried instead If a secondary RADIUS server is configured be sure to enter the RADIUS key Accounting Enable Select this option to track and measure the resources a particular user has consumed such as system time amount of d...

Page 61: ...lticast messages The DTIM value is decremented every time a beacon is sent at the beacon interval RTS Threshold Sets the packet size threshold at which a Request to Send RTS signal must be sent to a receiving station prior to the sending station starting communications The router sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the stati...

Page 62: ... the data rate One is the primary channel and the other is the extension channel The primary channel is used for communications with clients incapable of the 40 MHz mode If the extension channel is used the 802 1 1 standard provides a way to protect transmission against other device transmission by using the RTS CTS protocol There are two types of protection CTS to Self The AP that wants to send a...

Page 63: ... VAP interface Disable Wireless clients can access the VAP interface as a normal access point service WDS AP The VAP operates as an access point in WDS mode which accepts connections from other PS1 10 router VAPs in WDS STA mode WDS STA The VAP operates as a client station in WDS mode which connects to a PS1 10 VAP in WDS AP mode You must specify the SSID and optionally the MAC address of the PS1 ...

Page 64: ...tate Allows the wireless security to be set manually for the router or selected automatically by WPS Configured Wireless security is manually set by the user Unconfigured Wireless security is set automatically by WPS Lock This function enables you to lock the WPS PIN setting which prevents it being changed by any external WPS registrar Wireless clients can still be added to the network using the W...

Page 65: ...formation WPS Status Displays the WPS configured state Lock Status Displays the PIN lock function state Self PinCode The PIN code of the router SSID The SSID of the router s primary VAP interface Authentication Mode The wireless security mode being used by WPS Pre shared Key The security key being used by WPS WMM settings Wi Fi Multimedia WMM is a Wi Fi Alliance interoperability certification base...

Page 66: ...ax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium can be attempted The contention window is doubled after each detected collision up to the CWMax value Specify the CWMax value in the range 0 15 microseconds Note that the CWMax must be greater or equal to the CWMin value AIFSN Arbitration Inter Frame Space Number The minimum amount of wait t...

Page 67: ...ur network to allow network access or copy the MAC address by selecting the name of the computer from Choose a PC By setting the access rule to Block all stations in list you can block specific wireless computers from accessing the network by adding them to the filter list A maximum of 20 rules can be defined This page includes the following settings Filter Select Allow only stations in list to co...

Page 68: ...u to view all the wireless clients currently associated with the router Select the SSID interface from the SSID list to display associated clients The table of associated clients lists the MAC address Receive Signal Strength Indicator RSSI value wireless mode and traffic statistics ...

Page 69: ... over IPSec client and server and PPTP client and server for security protection A maximum of five VPN connections can be enabled Viewing VPN status The Status page displays the current status of VPN tunnel connections to the router This page includes the following information Tunnel type The tunnel type configured either IPSec L2TP over IPSec or PPTP Tunnel name The descriptive name that identifi...

Page 70: ... require manual reconnection IPSec settings The router supports the IPSec tunneling protocol It allows users to create multiple secure IPSec tunnels to remote end points To establish an IPSec tunnel the user needs to enable the feature and enter inbound and outbound addresses for the IPSec tunnel This router supports MD5 and SHA1 hash algorithm and DES 3DES AES128 AES192 and AES 256 encryption alg...

Page 71: ... no specific server IP Address Host Name The IP address or host name of the remote VPN server Remote Secure Group Remote Party ID Select either ID_IPV4_ADDR ID_FQDN or ID_USER_FQDN This information must be entered identically on the IPSec software installed on the client s machine If ID_IPV4_ADDR is selected enter the IPv4 address and subnet mask in the Remote Network Address and Remote Subnet Mas...

Page 72: ...or IPSec authentication Encrypt Algorithm Select an encryption algorithm from the list Both authentication and encryption algorithms must be the same on the router and remote host Key lifetime Sets a time for the keys to be valid after which they are renewed Diffie Hellman Group Select one of the groups to use for the Diffie Hellman key exchange Pre shared Key Enter the same key on the router and ...

Page 73: ...ings page From the VPN connection page you can configure detailed parameters for your L2TP over IPSec VPN connection A maximum of five L2TP connections can be defined This page includes the following settings VPN Tunnel Parameters Tunnel Type Select L2TP over IPSec as the tunnel type Tunnel Name Enter a descriptive text name for the tunnel Do not use characters Username Enter the user name for L2T...

Page 74: ...et the IP address and subnet mask PPTP settings The Point to Point Tunneling Protocol is used by some ISPs in Europe This router allows computers to use the Internet to remotely log into the LAN using the PPTP tunneling protocol You can configure the detailed PPTP tunnel settings on the VPN connection page by clicking Add You can specify the Idle Timeout which defines the time period without traff...

Page 75: ...s the router to act as the PPTP server or client When you set the type as a PPTP Client you can then enter the Remote Server IP address Enable Auto Reconnect For PPTP client connections you can automatically reconnect when there is activity after a disconnection Remote Server Enter the remote server IP address Remote Networking Setting Enable the remote network setting and then set the IP address ...

Page 76: ...76 VPN configuration ...

Page 77: ...tor based approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Viewing routing status The Status page shows whether RIP or RIPng are enabled and displays the current IPv4 and IPv6 routing tables The routing tables include the information necessary to forward a packet along the best path toward its destination Each ...

Page 78: ...escription see Viewing the IPv6 routing table on page 81 Viewing the IPv4 routing table The routing table shows all the current IPv4 routes used by the router including any routes created using static routing or RIP This page includes the following information Flags Indicates the type of route C A network directly connected to the router S A route manually entered on the router R A route dynamical...

Page 79: ...ed approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to build consistent tables of next hop links which lead to relevant subnets The default setting is Disabled This pag...

Page 80: ...on Required The router offers two modes of authentication for RIPv2 None Deactivates authentication on the specific interface Password An unencrypted text password that needs to be set on all RIP enabled devices connected to the router Otherwise RIP information is not shared between devices with mismatched passwords Password This field is used to enter the password required when password authentic...

Page 81: ...se the static route does not appear in the routing table Metric A number used to indicate the cost of a route so that the best route among potentially multiple routes to the same destination can be selected Interface The interface used to route data to the network specified by the network address Viewing the IPv6 routing table The routing table shows all the current IPv6 routes used by the router ...

Page 82: ...vector algorithm and hop count metric as well as the 30 second update timer However RIPng uses a different message format a different UDP port number and has no limit on the message size Also RIPng does not include an authentication mechanism it relies on the security built into IPv6 IPsec The default setting is Disabled IPv6 Static route settings The router supports an IPv6 static route function ...

Page 83: ...P is the router s IP address If you have another router handing your network s Internet connection enter the IP address of that router instead The gateway IP address must also be routable otherwise the static route does not appear in the routing table Interface The interface used to route data to the network specified by the network address Metric A number used to indicate the cost of a route so t...

Page 84: ...84 Routing configuration ...

Page 85: ...e your network completely vulnerable to hacker attacks but HP recommends that you leave the firewall enabled whenever possible In addition to the extensive firewall protection the router can block access to the Internet from clients on the local network based on IP addresses MAC addresses or network service The router can also block access to specific websites or web page content Viewing the firew...

Page 86: ...uced by tunnel endpoints so that the TCP connection automatically restricts itself to the maximum available packet size Obviously this does not work for UDP or other protocols that have no MSS This approach is most applicable and used with PPPoE but could be applied otherwise as well the approach also assumes that all the traffic goes through tunnel endpoints that do MSS clamping this is simple fo...

Page 87: ...curity line of the System Status page also the router s Alert LED flashes until an attack ends If you open the Security section an alert message next to DOS indicates the security violation Click Alert to view the log details on the System Log page Click Clear to remove the alert message from the status page IP Spoofing Prevents a hacker from creating an alias spoof of the unit s IP address to whi...

Page 88: ...settings Client PC IP The IPv4 address of a computer on the local network Use Client List Selects a computer name or IP address from the list of clients already assigned an IP address by the router Popular Services Selects a common network service from the list instead of entering the protocol and ports numbers manually Protocol Selects the TCP or UDP protocol of a service to filter Port The TCP o...

Page 89: ...etails in the fields provided and then click Add to add the entry to the filter table A maximum of 20 rules can be defined This page includes the following settings MAC Address The MAC address of a computer on the local network Use Client List Selects a computer name or MAC address from the list of clients already assigned an IP address by the router Enable Schedule Rule The name of a scheduling r...

Page 90: ... page includes the following settings String The URL text or keywords that match websites to block Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page URL Exclusion Configures specific computers on the local LAN that are excluded from the URL filtering Exclusion Host The IPv4 address or range of addresses of computers on the local ne...

Page 91: ... content to block Do not use characters Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page SPI settings Stateful Packet Inspection SPI is the intrusion detection feature of the router that limits access for incoming traffic This feature is called stateful because it examines the contents of packets to determine the state of the comm...

Page 92: ... Click Clear to remove the alert message from the status page This page includes the following settings Enable Enables the SPI features on the router Connection Policy Fragmentation half open wait Configures the number of seconds that a packet state structure remains active When the timeout value expires the router drops the un assembled packet freeing that structure for use by another packet TCP ...

Page 93: ...ns per minute Incomplete TCP UDP sessions per min LOW Minimum number of allowed incomplete TCP UDP sessions per minute Maximum incomplete TCP UDP sessions number from same host Maximum number of incomplete TCP UDP sessions from the same host When the maximum value is exceeded the host is placed on the cracker list and packets from the host are then blocked for the duration specified by the Floodin...

Page 94: ...94 Firewall configuration ...

Page 95: ... NAT keeps your network fairly secure from hackers NAT acts as an interpreter between two networks In this case NAT sits between the Internet and your network The Internet is considered the public side and your network is considered the private side When a computer on the private side requests data from the public side the Internet the NAT device opens a conduit between your computer and the desti...

Page 96: ...not reach them because they cannot be seen If you need to configure the Virtual Server function for a specific application you need to contact the application vendor to find out which port settings you need To manually enter settings enter the IP address in the space provided for the internal machine the port type TCP or UDP and the private and public port s required to pass traffic Then click Add...

Page 97: ...t 25 HTTP web port 80 HTTPS web port 443 Auth port 1 13 ISAKMP port 500 POP3 email port 1 10 IMAP4 email port 143 NetMeeting port 1720 DNS port 53 NBX Telephony ports 2093 2096 L2TP port 1701 PPTP port 1723 Protocol The protocol used by the service Either TCP UDP TCP UDP ICMP GRE ESP AH or IPv6 ICMP Private Port The port number of the service used by the host computer on the local network Public P...

Page 98: ...omputer in the DMZ enter the last digits of its LAN IP address in the Client PC IP Address field Enter the IP address if known on the Internet that will be used to access the DMZ computer into the Public IP Address field This allows the computer on the Internet to access the DMZ computer through this address without firewall protection For the first line setting line 1 the Public IP address is set...

Page 99: ...ttings Enable H323 ALG Enables H323 traffic priority passthrough on the router Enable SIP ALG Enables SIP traffic priority passthrough on the router for the listed ports SIP server ports The SIP ports on which to provide ALG support Up to eight ports can be configured The default SIP server ports are 5060 and 5061 Port number Specifies a SIP port number to add to the server port list Port trigger ...

Page 100: ... port information into the router Multiple ports can be entered by separating the port numbers by commas for example 10 20 30 or ranges of ports can be specified by using dashes for example 20 30 This page includes the following settings Enable Enables the port trigger feature on the router Rule Enable Enables the configured port trigger rule Popular Applications Lists a number of popular applicat...

Page 101: ...o a network outside of the LAN the router s WAN port must be configured with a global unicast address Viewing IPv6 status The Status page displays the current status of the IPv6 connection to the ISP This page includes the following information Connection Type Displays the method used for IPv6 configuration WAN IP Address The configured IPv6 addresses for the router s WAN port Default Gateway The ...

Page 102: ...is information is available from your ISP or on the paperwork that your ISP left with you This page includes the following settings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select Static for the IPv6 address connection mode IPv6 Address The IPv6 address of the router IPv6 addresses are 16 bytes long 128 bits written as eight groups of hexadecimal quartets ...

Page 103: ...s VLAN Default Settings Sets the IPv6 settings for the local VLAN IPv6 Address The IPv6 address of the router for the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts o...

Page 104: ...ttings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select SLAAC for the IPv6 address connection mode DNS Settings Configures IPv6 DNS settings Obtain IPv6 DNS servers automatically Sets the IPv6 addresses for primary and secondary DNS servers automatically Use the following IPv6 DNS servers Enter the primary and secondary DNS server IPv6 addresses VLAN Defaul...

Page 105: ...nge to define the pool Lifetime The time that the IPv6 address assignment is valid DHCPv6 Dynamic Host Configuration Protocol version 6 DHCPv6 automatically assigns IPv6 settings to hosts in an IPv6 network A dynamic connection type is the most common connection method used by ISPs with cable DSL modems If your ISP supports a DHCPv6 server and recommends using this option select DHCPv6 from the Co...

Page 106: ...k The network portion of the address is based on prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the client identifier that is the client MAC address Stateful DHCPv6 Enables DHCPv6 automatic assignment of IPv6 addresses to local hosts based on a defined address pool Enter the start and end of the address rang...

Page 107: ... the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts on the local network The network portion of the address is based on prefixes received in IPv6 router advertisement...

Page 108: ...108 IPv6 configuration MLD settings Multicast Listener Discovery MLD proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces ...

Page 109: ... data packets have greater priority when traffic is transmitted from the WAN port This router supports QoS with four priority queues on the WAN port Data packets in the WAN port s high priority queue will be transmitted before those in the lower priority queues You can set the maximum bandwidth for each priority queue trafffic shaping as well as classify traffic types and then map them to the WAN ...

Page 110: ...eneral Enables the traffic shaping settings on the router Diffserv Displays the table of bandwidth settings for the WAN port s four output queues Name Identifies the port queue numbered 1 to 4 Priority Indicates that queue 1 is the lowest priority queue and queue 4 the highest priority queue Bandwidth Allocation Sets the bandwidth for each output queue in Kbps By default the maximum of 1024000 Kbp...

Page 111: ...t use characters Source Address Select Any or a specific LAN host MAC address or IP subnet Destination Address Select Any or a specific IP subnet as the traffic destination Popular Services Select a popular service from the list to automatically configure the traffic type and IP protocol Traffic Type Specifies UDP TCP or other IP protocol IP Protocol Specifies the protocol type number when an appl...

Page 112: ...owest priority queue and queue 4 the highest priority Remark 802 1p priority as Before the identified traffic is sent to the forwarding queue the 802 1p priority tag can be set to the specified value Remark DSCP as Before the identified traffic is sent to the forwarding queue the IP DSCP can be set to the specified value ...

Page 113: ... USB drive An FTP user can log into the FTP server using an FTP client A maximum of eight File Sharing accounts and eight FTP accounts can be defined total 16 accounts maximum This page includes the following settings USB Type Selects a user account for access to USB files through File Sharing or FTP Username Enter a name containing 6 to 32 characters do not use characters or space Password Enter ...

Page 114: ...users as normal Windows folders accessible on the network Users can use Windows Network Neighborhood to access files on the USB drive A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Work Group The Windows networking group name Enter 1 255 characters do not use characters Host Name A name that identifies the router in the Windows network Enter ...

Page 115: ... the FTP server to share or download files to local or remote users through the router A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Max Client Set the maximum number of FTP connections different IP addresses permitted at one time range 1 to 5 Only one connection from the same user same IP address is allowed at one time Network Sharing Folde...

Page 116: ...116 USB configuration Safe removal To ensure USB data correctness this router supports a USB safe removal function Click Remove before unplugging a USB drive ...

Page 117: ...lled on the router the status of the email alert feature and lists any configured time schedules Updating software The Software page displays the current software versions installed on the router You can upgrade the software installed on the router to a new version downloaded from the HP support website The router supports a dual image function which means that if the router fails to boot the acti...

Page 118: ...web browser or TFTP requires server If you select HTTP you can download the software file from your computer The TFTP option requires the software file to be placed on a computer running a TFTP server utility The TFTP server IPv4 address and software file name must be entered Firmware File Locates the software file on the local computer when using the HTTP transfer method Saving configuration sett...

Page 119: ...n files are written in a binary format and are not readable or end user configurable Restore settings Select to restore the router s settings and choose HTTP or TFTP as the transfer method For HTTP browse button to the location of the saved configuration file on the management computer For TFTP specify the file path and name on the TFTP server and enter the IPv4 server address Click Save to restor...

Page 120: ...This page includes the following settings IP Address Domain Name You can specify an IPv4 address an IPv6 address or a hostname Ping Count Specify the number of pings to send 1 3 5 10 or 20 Results The results window shows the size and number of each packet sent and if the host is reached the size and number of each packet received in response and its round trip time It also displays statistics abo...

Page 121: ...lue of one implying that they make a single hop The next three packets have a TTL value of 2 and so on When a packet passes through a host typically the host decrements the TTL value by one and forwards the packet to the next host When a packet with a TTL of one reaches a host the host discards the packet and sends an ICMP time exceeded type 1 1 packet to the sender The Traceroute utility uses the...

Page 122: ...vent at or above a configured severity level occurs This page includes the following settings From E mail Address Sets the email address that is used in the From field of alert messages You can use a symbolic email address that identifies the router or the address of an administrator responsible for the router ...

Page 123: ... to the highest are Debug Informational Notice Warning Error Critical Alert and Emergency All events at the set level and higher will be sent to the configured email recipient For example setting the Warning level will report all events from Warning to Emergency Caution Setting the Alert Level too low can result in a very high number of emails being sent to the recipient HP recommends to only set ...

Page 124: ...cters Comment A comment of up to 31 characters that describes the scheduling rule Do not use the characters Date Selects a day of the week or daily Start End Time Specify the start and end times for the schedule in the standard 24 hour format Rules List This table includes all the configured schedules on the router ...

Page 125: ...e is saved on your local computer with the name showtech rtf This is a text readable file that includes the model software version wireless and other basic settings as well as the ARP table memory usage information and the current system log Viewing the EULA This page displays the HP End User License Agreement content ...

Page 126: ...126 Tools ...

Page 127: ...n see the HP Networking Support website www hp com networking support Before contacting HP collect the following information Product model names and numbers Technical support registration number if applicable Product serial numbers Error messages Operating system type and revision level Problem description and any detailed questions HP websites For additional information see the following HP websi...

Page 128: ... user interface Refer to the following image for identification of key user interface elements and then the table below for example directions Example directions in this guide What to do in the user interface Select System Admin Select System on the main menu and then select Admin on the sub menu Set Radio Mode to 1 1n only For the Radio Mode setting select 1 1n only from the list Main Sub menu ...

Page 129: ...tings resets the manager user name and password to admin and sets the IPv4 address to 192 168 1 1 Using the reset button Using a tool such as a paper clip press and hold the reset button for more than three seconds then release Using the management interface 1 Launch the web based management interface default https 192 168 1 1 2 Select Tools Configuration 3 Select Restore All Settings to Factory D...

Page 130: ...130 ...

Page 131: ...s US WW Models Null Web Server HTTP Server Enabled HTTPs Server Enabled Session Timeout 5 minutes Trusted Users MAC IP Address None configured System Time Set System Time SNTP System Date 2013 01 01 System Time 00 00 Time Server Address pool ntp org Time Zone 08 00 Pacific Time US Daylight Saving Enabled SNMP Enable SNMP Enabled Read Community public Write Community private Trap Receiver IP Addres...

Page 132: ...Mask 0 0 0 0 Static Gateway 0 0 0 0 Primary DNS Address 0 0 0 0 Secondary DNS Address 0 0 0 0 PPPoE Username Null PPPoE Password Null PPPoE Service Name Null PPPoE Idle Time Always On PPPoE MTU 1454 bytes Multiple PPPoE Disabled PPPoE Routing Table Disabled PPTP Server IP 0 0 0 0 PPTP Username Null PPTP Password Null PPTP Idle Time Always On PPTP DHCP Enable Disabled L2TP Server IP 0 0 0 0 L2TP Us...

Page 133: ... 255 255 0 Enable DHCP Server Enabled IP Pool Starting Address 192 168 1 2 IP Pool Ending Address 192 168 1 254 Lease TIme 1 day VLAN ID 1 DHCP Relay Disabled Spanning Tree Disabled VLAN Default VLAN ID 1 VLAN Port Membership LAN 1 2 3 4 WLAN 1 default VLAN untagged Block routing between VLANs Enabled IGMP Enable IGMP Proxy Enabled Enable IGMP Snooping Enabled Feature Parameter Default ...

Page 134: ...cation Disabled Authentication Mode OPEN Encryption Type NONE Wireless Advanced Beacon Interval 100 ms DTIM Interval 1 beacon RTS Threshold 2347 bytes Short Guard Interval Enabled 2 4GHz 802 1 1g Protection Mode CTS to Self Extension Channel Protection Mode No Protection 2 4GHz Preamble Mode Auto Max TX Power 100 WDS VAP 1 WDS Mode Disabled Authentication Mode OPEN Encryption Type NONE WPS WPS Ena...

Page 135: ...ough Enabled L2TP IPSec Passthrough Enabled Dynamic Route RIP Disabled RIP Auto Summary Disabled Static Route Disabled RIPng Disabled IPv6 Static Route Disabled Firewall PING from WAN Disabled MSS Clamping Enabled UPnP Disabled Remote Administration Disabled Enable DDoS Attack Filter Disabled Client Filtering Disabled MAC Filtering Disabled URL Filtering Disabled URL Exclusion Disabled Content Fil...

Page 136: ...3 Enabled IPv6 IPv6 Connection Disabled MLD Proxy Disabled DHCP PD Enabled QoS QoS Enabled Traffic Mapping Disabled USB User Account Disabled File Sharing Disabled FTP Disabled Tools Email Alert Disabled Scheduling Rules None configured Servers Monitored Servers None configured Feature Parameter Default ...

Reviews: