manualshive.com logo in svg

HP R100-Series, Configuration And Administration Manual

The HP R100-Series is a cutting-edge product that offers exceptional performance and advanced features. Get started quickly and hassle-free with the included Quick Start Manual. Download the comprehensive user manual for free from manualshive.com to ensure optimal usage and unlock its full potential.

Share
Download
background image

96

Firewall configuration

Note

When the number of incomplete sessions from a same host reaches the maximum value 
(

Maximum incomplete TCP/UDP sessions number from same host

), a security 

alert symbol ( ) displays on the 

Security

 line of the 

System

 > 

Status

 page. If you open 

the 

Security

 section, an alert message next to 

SPI

 indicates the security violation. Click 

Alert

 

to view the log details on the 

System

 > 

Log

 page. Click 

Clear

 to remove the alert message 

from the status page.

This page includes the following settings:

Enable

Enables the SPI features on the router.

Connection Policy

Fragmentation half-open wait

: Configures the number of seconds that a packet state 

structure remains active. When the timeout value expires, the router drops the un-assembled 
packet, freeing that structure for use by another packet.

TCP SYN wait

: Defines how long the software waits for a TCP session to synchronize 

before dropping the session.

TCP FIN wait

: Specifies how long a TCP session is maintained after the firewall detects a 

FIN packet.

Summary of Contents for R100-Series

Page 1: ...HP R100 Series Wireless VPN Routers Configuration and Administration Guide HP Part Number 5998 8218 Published October 2015 Edition 1 Software Version1 0 1 x ...

Page 2: ...in should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Microsoft and Windows are U S trademarks of the Microsoft group of companies Google Chrome browser is a trademark of Google Inc Mozilla and Firefox are registered trademarks of the Mozilla Foundation Warranty WARRANTY STATEMENT See the...

Page 3: ...ation settings 19 System information General settings 19 Administrator login credentials 19 Setting the Country Code 19 Configuring web server settings 20 Configuring trusted users 20 System time settings 21 Set system time 21 Daylight saving 22 Configuring SNMP 22 Managing system logs 23 Events 25 Proxy ARP settings 25 Rebooting the router 27 Viewing traffic statistics 27 4 WAN configuration 29 V...

Page 4: ... IPSec settings 77 PPTP settings 78 VPN passthrough settings 79 8 Routing configuration 81 Viewing routing status 81 Viewing the IPv4 routing table 82 IPv4 Dynamic route settings 83 IPv4 Static route settings 84 Viewing the IPv6 routing table 85 IPv6 Dynamic route settings 86 IPv6 Static route settings 86 9 Firewall configuration 89 Viewing the firewall status 89 Security settings 90 Client filter...

Page 5: ...4 Tools 121 Viewing tools status 121 Updating software 121 Saving configuration settings 122 Ping 124 Nslookup 125 Traceroute 125 Email alert 126 Scheduling 127 Support file 129 Viewing the EULA 129 15 Support and other resources 131 Online documentation 131 Contacting HP 131 HP websites 131 Conventions 132 A Resetting to factory defaults 133 Factory reset procedures 133 Using the reset button 133...

Page 6: ...6 ...

Page 7: ...the HP R1 10 R120 on VLAN 1 providing access to private resources on the company network and on the Internet Guests connect to wireless community 2 which is protected with WEP All guest traffic exits the HP R1 10 R120 on VLAN 2 providing access only to the Internet For offices that need Ethernet ports for wired connectivity the R1 10 R120 has a built in 4 port gigabit switch It can also be used to...

Page 8: ...P R1 10 R120 located in an office provides a virtual private network VPN connection across the Internet to a remote client typically a mobile worker The R1 10 R120 forms a secure VPN IPSec PPTP L2TP IPSec connection to the remote client which can then access the computers and servers in the office network The remote client can be a Windows or Mac computer or any Apple iOS or Android mobile device ...

Page 9: ...20 1 creates secure VPN connections to R1 10 R120 2 R1 10 R120 3 and R1 10 R120 4 at three branch locations The computers on each branch network can access the computers and servers on the headquarters network LAN computers Headquarters Branch 1 R110 R120 1 R110 R120 2 Branch 2 R110 R120 3 Branch 3 R110 R120 4 Internet LAN LAN LAN WAN WAN WAN Server LAN WAN VPN VPN VPN VPN ...

Page 10: ...10 Deploying the HP R110 R120 ...

Page 11: ...ompleting or canceling out of the Wizard Setup the System Status page displays by default See also the HP R100 Series Wireless VPN Routers Quickstart which describes the configuration procedure for a basic wireless network Wizard Setup To start the Wizard Setup select Home Wizard Setup and then click Start Step 1 Specify system time settings The router keeps time by connecting to a Network Time Pr...

Page 12: ...nnection and the parameters that need to be configured Select one of the following Connection Types enter supplementary information as directed by the wizard and then click Next to apply the settings A description of each connection type follows DHCP See Connection Type DHCP on page 12 Static IP Address See Connection Type Static IP Address on page 13 PPPoE See Connection Type PPPoE on page 13 PPT...

Page 13: ...m in the spaces provided For more information on the WAN Static IP Address Connection Type see Static IP address on page 30 Connection Type PPPoE The Point to Point Protocol over Ethernet PPPoE is a common WAN protocol that provides a secure connection between the service provider and the local network Enter the specific PPPoE information assigned by your ISP For more information on the WAN PPPoE ...

Page 14: ...ecific PPTP information assigned by your ISP For more information on the WAN PPTP Connection Type see PPTP on page 33 Connection Type L2TP The Layer 2 Tunneling Protocol L2TP is a common WAN protocol used for Virtual Private Networks VPNs that provides a secure connection between the service provider and the local network Enter the specific L2TP information assigned by your ISP For more informatio...

Page 15: ...ngle configuration page for 2 4 GHz or 5 GHz operation The R120 router has separate configuration pages for 2 4 GHz and 5 GHz operation Configure the following basic wireless settings before clicking Next Radio Band and Radio Mode Configure the R1 10 router to operate in the 2 4 GHz band for 802 1 1b g n or the 5 GHz band for 802 1 1a n For R1 10 and R120 select an operating mode For 2 4 GHz the 1...

Page 16: ...o MAC Authentication Authentication Mode and Encryption Type Configure wireless security for the default wireless community The R1 10 R120 has no wireless security configured by default HP recommends that WPA2 be configured for maximum security Leaving the Authentication Mode setting as Open or using WEP security is not recommended For more information on wireless security see Configuring wireless...

Page 17: ...rning because the security certificate is issued by the router and not a known certificate authority With https it is acceptable to choose the option that allows you to proceed through the security warning In a web browser specify either http 192 168 1 1 or https 192 168 1 1 For information on launching the web based management interface for the first time see the HP R100 Series Wireless VPN Route...

Page 18: ...terface including radio enable operating frequency mode channel SSID MAC address authentication and encryption WAN Displays the WAN connection type status and IP address assignment LAN Displays the router s local network IP address MAC address and DHCP server status USB Displays the current status of a device attached to the router s USB port SNMP Displays the status of the Simple Network Manageme...

Page 19: ...e characters Administrator login credentials Configures the web management interface login username and password The login user name and password can be from 6 to 32 alphanumeric and special characters in length Do not use these characters Setting the Country Code The country of operation also known as the regulatory domain determines the availability of certain wireless settings on the router Whe...

Page 20: ...are includes HTTP and HTTPS functionality to enable communication with your web browser Unlike HTTP HTTPS provides secure communications using a digital certificate to encrypt data exchanged between the router and your web browser HTTP and HTTPS are both enabled by default Session Timeout Configure the Session Timeout for automatic log out from the web interface If there is no activity on the mana...

Page 21: ...e current system time You can configure the time manually or have it automatically configured by a Network Time Protocol NTP server Manually Select the date time in 24 hour notation and timezone Using network time protocol NTP servers transmit Coordinated Universal Time UTC also known as Greenwich Mean Time to their client systems NTP sends periodic time requests to servers using the returned time...

Page 22: ...me when the router is connected to the Internet Daylight saving Use this section to enable support for daylight saving time if required for your location When you select Manually Set Time For Daylight Savings additional fields display to enable you to configure the starting and ending dates and times and the DST offset The DST offset specifies how many minutes to move the clock forward or backward...

Page 23: ...racters The router can also be configured to send status messages to an SNMP server if a problem occurs on the network This is done by setting the Trap Receiver option To configure an SNMP Trap Receiver set the following options Trap Receiver IP Address The IP address on the computer to which the status messages are to be sent Trap Receiver Port The port number on the computer to which the status ...

Page 24: ...example if you select Critical only critical alert and emergency messages are written to the log Max Size Specifies the maximum number of log entries to store in the router s volatile memory When the maximum number is reached the old log messages are overwritten by new messages Log Prefix A text identification string that is added to the log messages This is useful for quickly identifying messages...

Page 25: ...used the event message and the message text You can select Refresh to display the most recent data from the router or Clear to remove all entries from the list Click Download to save all entries to a file on the management computer Proxy ARP settings Proxy ARP Address Resolution Protocol is a mechanism that enables a computer in a network connected to a router to appear to be logically part of ano...

Page 26: ... is selected the protocol numbers can be entered in the Protocol field Port s Specifies the TCP UDP port numbers More than one number can be entered separated by commas Protocol s Specifies special protocol numbers separated by commas IP Address Of Public Hosts In LAN The IP address of a computer on the local LAN The IP address and mask can define a range of addresses For example the IP address 10...

Page 27: ...raffic statistics To view statistics on Ethernet packets received and transmitted on the wired and wireless ports select System Traffic Statistics The Traffic Statistics page displays Statistics accumulate until the router is rebooted Port Statistics Displays WAN and LAN port status together with the number of frames bytes that have been transmitted and received Wireless LAN statistics Displays tr...

Page 28: ...lays a summary of traffic statistics for the WAN and LAN ports Set the poll interval for updating statistics on the page and click Start You can also click Refresh anytime to immediately update values Click Reset Counters to set all statistics values back to zero ...

Page 29: ...ou are using DHCP as the connection type you can click Renew to request a new IP address This page includes the following information Connection Type The router s method of connection to the ISP Connection Time The time elapsed since the Internet connection was established IP Address The IP address assigned to the router s WAN port by the ISP Subnet Mask The IP subnet mask assigned to the router s...

Page 30: ...require that you clone the MAC address of the computer that was originally connected to the modem To do so click on WAN MAC Clone to set the WAN MAC address For more information see MAC clone on page 36 This page includes the following information Connection Type Select DHCP as the router s method of connecting to the ISP Host Name The host name assigned to the router by your ISP The host name is ...

Page 31: ...et mask assigned to the router s WAN port by the ISP Gateway Enter the IP address of the ISP s gateway Primary Secondary DNS Address Enter the IP addresses of primary and secondary domain name servers PPPoE The Point to Point Protocol over Ethernet PPPoE is a common WAN protocol that provides a secure connection between the service provider and the router Enter the PPPoE information in the provide...

Page 32: ...rvice Name The service name is typically optional but may be required by some service providers The service name defines the attributes used to set up a dynamic PPPoE subscriber interface HP recommends that you do not enter a service name unless your service provider instructs you to do so Idle Time Select the number of minutes to elapse without activity before the PPPoE connection is disconnected...

Page 33: ...maximum of eight rules can be defined Source network The source IPv4 address and mask that identifies traffic to be routed through the specified PPP channel Destination network The destination IPv4 address and mask that identifies traffic to be routed through the specified PPP channel Protocol Identifies TCP or UDP protocol traffic Source port Identifies traffic from a specific TCP or UDP source p...

Page 34: ...d Always On DHCP Enable Enables DHCP for the dynamic assignment of the WAN IP address from the ISP You can click Release and Renew to refresh the DHCP assignment If you disable DHCP enter the static IPv4 address subnet mask gateway address as well as primary and secondary DNS server addresses as provided by the ISP L2TP The Layer 2 Tunneling Protocol L2TP is a common WAN protocol used for Virtual ...

Page 35: ...to establish connections to the server without needing to track the IP address themselves A common use is for running server software on a computer that has a dynamic IP address for example a DSL service where the address is frequently changed by the ISP To implement Dynamic DNS you must set the maximum caching time of the domain to a short period typically a few minutes This prevents other sites ...

Page 36: ...puter This setting allows you to manually change the MAC address of the router s WAN interface to match the MAC address of the computer that was originally registered with your ISP If you are unsure of the MAC address originally registered by your ISP call your ISP and request to register the default MAC address of the router s WAN port You can enter the registered MAC address by manually entering...

Page 37: ...changes to the settings the LAN setting pages allow you to Change the default IP address of the router Configure VLANs Enable the DHCP server feature for each VLAN Enable NAT features for each VLAN Enable IGMP Snooping and IGMP Proxy for each VLAN Enable the DHCP Relay feature Enable Spanning Tree support Viewing LAN interface status The Status page displays the current status of LAN related featu...

Page 38: ...f the Spanning Tree network Root MAC Address The MAC address of the root device in the Spanning Tree network LAN1 LAN4 Displays the state of the router s port interfaces in the Spanning Tree network Disabled Learning Forwarding or Blocking VLAN The table includes all VLANs currently configured on the router LAN Settings The router must have a valid IP address for management using a web browser and...

Page 39: ... addresses for the VLAN IP pool or click Auto IP Range to automatically set a valid range of addresses Lease Time The length of time the DHCP server reserves an IP address for each computer on the VLAN VLAN ID The ID number for the default VLAN The default VLAN ID is 1 For more information on configuring VLANs see VLAN settings on page 41 DHCP relay Dynamic Host Configuration Protocol DHCP can dyn...

Page 40: ... possible network loops Once a stable network topology has been established all devices listen for Hello BPDUs Bridge Protocol Data Units transmitted from the root device Root Bridge If a device does not get a Hello BPDU after a predefined interval Maximum Age the device assumes that the link to the Root Bridge is down This device will then initiate negotiations with other devices to reconfigure t...

Page 41: ...d an interface as a VLAN tagged port if any connected network devices support VLANs otherwise add the port as untagged To prevent the forwarding of traffic between VLANs for security select Block routing between VLANs Note that the default VLAN profile is read only and cannot be deleted To create a new VLAN profile click Add To modify or delete a VLAN profile click the edit or delete icons in the ...

Page 42: ...orts without a specific multicast membership This feature is works by inspecting IGMP join leave messages from VLAN ports to update the bridge forwarding database IGMP Snooping is extremely useful in saving bandwidth of low speed interfaces to improve network utilization Enable DHCP Server Enables the automatic assignment of IP addresses to clients on the VLAN IP Pool Starting Ending Address Sets ...

Page 43: ... filters IGMP packets in order to reduce the load on the multicast router Join and leave messages heading upstream to the router are filtered so that only the minimal quantity of information is sent Enable IGMP Snooping IGMP snooping is the process of listening to Internet Group Management Protocol IGMP network traffic The feature allows a network switch to monitor the IGMP conversation between ho...

Page 44: ...44 LAN configuration ...

Page 45: ...e for 5 GHz operation This means that the R1 10 can operate at 2 4 GHz or 5 GHz but not both at the same time The R120 can operate concurrently at 2 4 GHz and 5 GHz The R1 10 router has a single configuration page for 2 4 GHz or 5 GHz operation The R120 router has separate configuration pages for 2 4 GHz and 5 GHz operation Note The router supports a maximum of 64 wireless clients per radio Viewin...

Page 46: ... the radio VAP1 Displays the settings and feature status for the primary Virtual Access Point VAP interface If other VAP interfaces are enabled VAP2 to VAP4 they are also listed SSID The service set identifier or network name of the VAP interface MAC Address The physical layer address of the VAP interface Authentication Mode The wireless security method configured for the VAP Encryption Type The d...

Page 47: ... 802 1 1n wireless standards This option allows you to select whether the router will operate in 802 1 1b g mode 802 1 1b g n mode or 802 1 1n mode only For 5 GHz the R1 10 supports the 802 1 1a and 802 1 1n wireless standards This option allows you to select whether the router will operate in 802 1 1a only mode 802 1 1n only mode or 802 1 1a n mode The R120 also supports the 802 1 1ac wireless st...

Page 48: ... MHz 20 40 MHz When two channels are bonded the total bandwidth is 40 MHz 20 40 80 MHz Applies to 802 1 1ac setting for the R120 When two 40 MHz channels are bonded total bandwidth is 80 MHz Enable Schedule Rules Implements a defined time schedule to start and stop the wireless network Click Add to add the schedule to the rules table A maximum of 10 rules can be defined Rules Name Select the name ...

Page 49: ...uter does not include SSIDs in beacon messages nor does it respond to probe requests from clients that do not include a valid SSID Disabling the SSID broadcast increases security of the network because wireless clients need to know the SSID before attempting to connect to the network If you decide to disable the SSID broadcast ensure that your clients know the name of the network first Encryption ...

Page 50: ...ilable configuration options if any are displayed The router provides the following Authentication Mode options Open Allows a client to associate with the router without any authentication but provides the option of using WEP for encrypting data If WEP encryption is used clients must have the correct WEP key to exchange traffic with the router Selecting WEP encryption also provides the option of u...

Page 51: ...for wireless communications WEP provides a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless clients and the router WEP uses static shared keys fixed length hexadecimal or alphanumeric strings that are manually distributed to all clients that want to use the network The static WEP security on the router enables wireless data encr...

Page 52: ...elect the number 1 to 4 of the Key String to use for encryption when transmitting data Re Key Interval When using 802 1X dynamic WEP keys enter the interval at which the router refreshes the keys for each associated client Specify a value in the range of 60 to 86400 seconds Configuring WPA and WPA2 security Wi Fi Protected Access WPA was introduced as an interim solution for the vulnerability of W...

Page 53: ...ast keys Session Key Interval Enter the interval at which the router refreshes session unicast keys for each client associated with the VAP interface To enable session key refreshing specify a value in the range of 60 to 86400 seconds Specify a value of 0 to disable session key refresh WPA2 PSK If your network does not have a RADIUS server select the WPA2 pre shared key PSK option The WPA2 PSK sec...

Page 54: ... is 3600 seconds The valid range is 60 to 86400 seconds Specify a value of 0 to disable the refreshing of broadcast keys Session Key Interval Enter the interval at which the router will refresh session unicast keys for each client associated with the VAP interface To enable session key refreshing specify a value in the range of 60 to 86400 seconds Specify a value of 0 to disable session key refres...

Page 55: ...the original WPA TKIP select the WPA WPA2 PSK security option The WPA WPA2 PSK option is typically used for home or small business networks This setting enables both WPA and WPA2 wireless clients to associate to the router but uses the more robust WPA2 for clients that support it This security option allows more interoperability at the expense of some security WPA WPA2 PSK security includes the fo...

Page 56: ...is an authentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of user credentials for each user that requires network access When using WPA2 or WPA WPA2 enterprise security both of which use 802 1X as the method of user authentication or WEP with 802 1X a RADIUS server must be confi...

Page 57: ...o synchronize the wireless network DTIM Interval The DTIM Interval indicates the interval of the Delivery Traffic Indication Message DTIM A DTIM field is a countdown field informing clients of the next window for listening to broadcast and multicast messages When the router has buffered broadcast or multicast messages for associated clients it sends the next DTIM with a DTIM Interval value Its cli...

Page 58: ...g the RTS or CTS frames 802 1 1 compliant devices know that somebody is about to transmit and therefore do not initiate transmission themselves Extension Channel Protection Mode With 802 1 1n there is the option to use a 40 2x20 MHz bandwidth to double the data rate One is the primary channel and the other is the extension channel The primary channel is used for communications with clients incapab...

Page 59: ...a warehouse while also supporting local wireless communities on another VAP interface Simultaneous AP and WDS support The R1 10 R120 simultaneously supports wireless communities and one or more WDS links Although this offers flexibility note that the total available bandwidth on the radio is shared between all WDS links and wireless users This can result in reduced throughput if high volumes of tr...

Page 60: ... PSK security is enabled the same link name and key must be defined on both R1 10 R120s that are linked by the WDS connection IEEE 802 1 1n uses frame aggregation whereby multiple frames are combined into one to reduce overhead and increase throughput WEP encrypted frames are not aggregated however so enabling WEP security over WDS will result in reduced throughput Although the R1 10 R120 can supp...

Page 61: ...iates with another R1 10 R120 VAP interface using this SSID Parent MAC For WDS STA mode optionally enter the MAC address of the parent VAP interface set to WDS AP mode with which the VAP interface should associate Typically a VAP interface in WDS STA mode automatically associates with the parent SSID that is in range If more than one parent with the same SSID is in range the MAC address of the int...

Page 62: ... are in Bridge mode with their DHCP servers disabled HP recommends to preconfigure each router with a static IP address following the instructions provided in the HP R100 Series Wireless VPN Routers Quickstart The IP address of each router is required to launch the web based management interface to configure each router After WDS configuration routers can be set for static or dynamic IP address as...

Page 63: ...structions provided in the HP R100 Series Wireless VPN Routers Quickstart 2 Set a static IP address for the router Select LAN Settings Set the IP address to 192 168 5 10 the IP Pool Starting Address to 192 168 5 1 1 and the IP Pool Ending Address to 192 168 5 254 Click Save and then restart the web browser session using the IP address 192 168 5 10 3 Select a common operating channel For routers to...

Page 64: ...do not need to be changed on the WDS page the SSIDs have already been configured in step 4 Configure R1 10 2 1 Connect your computer to one of the router s LAN ports and access the web management interface using the default IP address 192 168 1 1 2 Set the System Mode For R1 10 2 HP recommends setting the operation mode to Bridge Select System Mode Select the Bridge option and click Save Wait for ...

Page 65: ...Select the same radio band and channel as set for R1 10 1 5 Set a common SSID for each WDS link To configure SSIDs for R1 10 2 select Wireless Basic enable the first two VAP interfaces and set the SSIDs as follows Set VAP 1 to HP22 for WDS link with R1 10 3 Set VAP 2 to HP12 for WDS link with R1 10 1 6 Enable WDS Mode for the VAP interfaces Select Wireless WDS For R1 10 2 VAP interfaces set the WD...

Page 66: ...ct Wireless Basic enable the first two VAP interfaces and set the SSIDs as follows Set VAP 1 to HP31 provides an access point service for wireless clients Set VAP 2 to HP22 for WDS link with R1 10 2 6 Enable WDS Mode for the VAP interfaces Select Wireless WDS For R1 10 3 VAP interfaces set the WDS Mode as follows Set VAP 1 to Disable Set VAP 2 to WDS STA Configure R1 10 4 1 Connect your computer t...

Page 67: ...work Both ends of each WDS link must be configured with the same WPA2 PSK passphrase However different WDS links can use different WPA2 PSK passphrases Go to the Wireless WDS page on each router For each VAP configured as a WDS link click the Authentication Mode drop down list and select WPA2 PSK In the Passphrase box enter the same shared key for both ends of each WDS link If this key is not the ...

Page 68: ...rly configured WPS settings Wi Fi Protected Setup WPS is designed to be a convenient method to securely add new clients to a wireless network WPS has two basic modes of operation Push button Configuration PBC and Personal Identification Number PIN The WPS PIN setup is optional to the PBC setup and provides more security You can use this mode by entering a PIN number on the web page Alternatively t...

Page 69: ...n enabled on the router On the client side start the WPS utility that is provided by your Wi Fi card s vendor and select the PBC method Follow the instructions for your WPS utility Push the WPS button on the router the WPS LED begins blinking While the LED is blinking do not push the button again If the WPS feature is working correctly the WPS LED lights up Status Displays the following WPS status...

Page 70: ...reaming video AC_VO Access Category Voice Highest priority minimum delay Time sensitive data such as VoIP Voice over IP calls CWmin Minimum Contention Window The initial upper limit of the random backoff wait time before wireless access can be attempted The initial wait time is a random value between zero and the CWMin value Specify the CWMin value in the range 0 15 microseconds Note that the CWMi...

Page 71: ...rs can connect to the router Up to 20 MAC addresses can be added to the MAC Filtering Table When enabled all registered MAC addresses are controlled by the access rule MAC Authentication is a powerful security feature that allows you to specify which wireless computers are allowed on the network By setting the access rule to Allow only stations in list any wireless computer attempting to access th...

Page 72: ...s client MAC address to add to the filter table from those already associated with the VAP interface Viewing the client list The Client List page allows you to view all the wireless clients currently associated with the router Select the SSID interface from the SSID list to display associated clients The table of associated clients lists the MAC address Receive Signal Strength Indicator RSSI value...

Page 73: ...ec L2TP over IPSec client and server and PPTP client and server for security protection A maximum of five VPN connections can be enabled Viewing VPN status The Status page displays the current status of VPN connections to the router This page includes the following information Tunnel type The tunnel type configured IPSec L2TP over IPSec or PPTP Tunnel name The descriptive name that identifies the ...

Page 74: ...require manual reconnection IPSec settings The router supports the IPSec tunneling protocol It allows users to create multiple secure IPSec tunnels to remote end points To establish an IPSec tunnel the user needs to enable the feature and enter inbound and outbound addresses for the IPSec tunnel This router supports MD5 and SHA1 hash algorithm and DES 3DES AES128 AES192 and AES 256 encryption algo...

Page 75: ... no specific server IP Address Host Name The IP address or host name of the remote VPN server Remote Secure Group Remote Party ID Select either ID_IPV4_ADDR ID_FQDN or ID_USER_FQDN This information must be entered identically on the IPSec software installed on the client s machine If ID_IPV4_ADDR is selected enter the IPv4 address and subnet mask in the Remote Network Address and Remote Subnet Mas...

Page 76: ...cation Encrypt Algorithm Select an encryption algorithm from the list Both authentication and encryption algorithms must be the same on the router and remote host Key lifetime Sets the amount of time that the keys are valid after which they are renewed Diffie Hellman Group Select one of the groups to use for the Diffie Hellman key exchange Pre shared Key Enter the same key on the router and the re...

Page 77: ...age From the VPN connection page you can configure detailed parameters for your L2TP over IPSec VPN connection A maximum of five L2TP connections can be defined This page includes the following settings VPN Tunnel Parameters Tunnel Type Select L2TP over IPSec as the tunnel type Tunnel Name Enter a descriptive name for the tunnel Do not use these characters Username Enter the user name for L2TP tun...

Page 78: ... the IP address and subnet mask PPTP settings The Point to Point Tunneling Protocol is used by some ISPs in Europe This router allows computers to use the Internet to remotely log into the LAN using the PPTP tunneling protocol You can configure the detailed PPTP tunnel settings on the VPN connection page by clicking Add You can specify the Idle Timeout which defines the time period without traffic...

Page 79: ...ype Sets the router to act as the PPTP server or client When you set the type as a PPTP Client you can then enter the Remote Server IP address Enable Auto Reconnect For PPTP client connections you can automatically reconnect when there is activity after a disconnection Remote Server Enter the remote server IP address Remote Networking Setting Enable the remote network setting and then set the IP a...

Page 80: ...80 VPN configuration ...

Page 81: ...ed approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Viewing routing status The Status page shows whether RIP or RIPng are enabled and displays the current IPv4 and IPv6 routing tables The routing tables include the information necessary to forward a packet along the best path toward its destination Each packet ...

Page 82: ...description see Viewing the IPv6 routing table on page 85 Viewing the IPv4 routing table The routing table shows all the current IPv4 routes used by the router including any routes created using static routing or RIP This page includes the following information Flags Indicates the type of route C A network directly connected to the router S A route manually entered on the router R A route dynamica...

Page 83: ...ed approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to build consistent tables of next hop links which lead to relevant subnets The default setting is Disabled This pag...

Page 84: ...on Required The router offers two modes of authentication for RIPv2 None Deactivates authentication on the specific interface Password An unencrypted text password that needs to be set on all RIP enabled devices connected to the router Otherwise RIP information is not shared between devices with mismatched passwords Password This field is used to enter the password required when password authentic...

Page 85: ...se the static route does not appear in the routing table Metric A number used to indicate the cost of a route so that the best route among potentially multiple routes to the same destination can be selected Interface The interface used to route data to the network specified by the network address Viewing the IPv6 routing table The routing table shows all the current IPv6 routes used by the router ...

Page 86: ...ce vector algorithm and hop count metric as well as the 30 second update timer However RIPng uses a different message format a different UDP port number and has no limit on the message size Also RIPng does not include an authentication mechanism it relies on the security built into IPv6 IPsec The default setting is Disabled IPv6 Static route settings The router supports an IPv6 static routing A ma...

Page 87: ...P is the router s IP address If you have another router handing your network s Internet connection enter the IP address of that router instead The gateway IP address must also be routable otherwise the static route does not appear in the routing table Interface The interface used to route data to the network specified by the network address Metric A number used to indicate the cost of a route so t...

Page 88: ...88 Routing configuration ...

Page 89: ...leave your network completely vulnerable to attacks but HP recommends that you leave the firewall enabled whenever possible In addition to the firewall the router can block access to the Internet from clients on the local network based on IP addresses MAC addresses or network service The router can also block access to specific websites or web page content Viewing the firewall status The Status pa...

Page 90: ...uced by tunnel endpoints so that the TCP connection automatically restricts itself to the maximum available packet size Obviously this does not work for UDP or other protocols that have no MSS This approach is most applicable and used with PPPoE but could be applied otherwise as well the approach also assumes that all the traffic goes through tunnel endpoints that do MSS clamping this is simple fo...

Page 91: ...Security line of the System Status page also the router s Alert LED flashes until an attack ends If you open the Security section an alert message next to DOS indicates the security violation Click Alert to view the log details on the System Log page Click Clear to remove the alert message from the status page IP Spoofing Prevents a hacker from creating an alias spoof of the unit s IP address to w...

Page 92: ...ettings Client PC IP The IPv4 address of a computer on the local network Use Client List Selects a computer name or IP address from the list of clients already assigned an IP address by the router Popular Services Selects a common network service from the list instead of entering the protocol and ports numbers manually Protocol Selects the TCP or UDP protocol of a service to filter Port The TCP or...

Page 93: ...etails in the fields provided and then click Add to add the entry to the filter table A maximum of 20 rules can be defined This page includes the following settings MAC Address The MAC address of a computer on the local network Use Client List Selects a computer name or MAC address from the list of clients already assigned an IP address by the router Enable Schedule Rule The name of a scheduling r...

Page 94: ... page includes the following settings String The URL text or keywords that match websites to block Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page URL Exclusion Configures specific computers on the local LAN that are excluded from the URL filtering Exclusion Host The IPv4 address or range of addresses of computers on the local ne...

Page 95: ...ontent to block Do not use these characters Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page SPI settings Stateful Packet Inspection SPI is an intrusion detection feature on the router that limits access for incoming traffic This feature is called stateful because it examines the contents of packets to determine the state of the c...

Page 96: ... Click Clear to remove the alert message from the status page This page includes the following settings Enable Enables the SPI features on the router Connection Policy Fragmentation half open wait Configures the number of seconds that a packet state structure remains active When the timeout value expires the router drops the un assembled packet freeing that structure for use by another packet TCP ...

Page 97: ...ns per minute Incomplete TCP UDP sessions per min LOW Minimum number of allowed incomplete TCP UDP sessions per minute Maximum incomplete TCP UDP sessions number from same host Maximum number of incomplete TCP UDP sessions from the same host When the maximum value is exceeded the host is placed on the cracker list and packets from the host are then blocked for the duration specified by the Floodin...

Page 98: ...98 Firewall configuration ...

Page 99: ...erpreter between two networks In this case NAT sits between the Internet and your network The Internet is considered the public side and your network is considered the private side When a computer on the private side requests data from the public side the Internet the NAT device opens a conduit between your computer and the destination computer When the public computer returns results from the req...

Page 100: ...each them because they cannot be seen If you need to configure the Virtual Server feature for a specific application you need to contact the application vendor to find out which port settings you need To manually enter settings enter the IP address in the space provided for the internal machine the port type TCP or UDP and the private and public port s required to pass traffic Then click Add and S...

Page 101: ...25 HTTP web port 80 HTTPS web port 443 Auth port 1 13 ISAKMP port 500 POP3 email port 1 10 IMAP4 email port 143 NetMeeting port 1720 DNS port 53 NBX Telephony ports 2093 2096 L2TP port 1701 PPTP port 1723 Protocol The protocol used by the service Either TCP UDP TCP UDP ICMP GRE ESP AH or IPv6 ICMP Private Port The port number of the service used by the host computer on the local network Public Por...

Page 102: ...omputer in the DMZ enter the last digits of its LAN IP address in the Client PC IP Address field Enter the IP address if known on the Internet that will be used to access the DMZ computer into the Public IP Address field This allows the computer on the Internet to access the DMZ computer through this address without firewall protection For the first line setting line 1 the Public IP address is set...

Page 103: ...ttings Enable H323 ALG Enables H323 traffic priority passthrough on the router Enable SIP ALG Enables SIP traffic priority passthrough on the router for the listed ports SIP server ports The SIP ports on which to provide ALG support Up to eight ports can be configured The default SIP server ports are 5060 and 5061 Port number Specifies a SIP port number to add to the server port list Port trigger ...

Page 104: ... port information into the router Multiple ports can be entered by separating the port numbers by commas for example 10 20 30 or ranges of ports can be specified by using dashes for example 20 30 This page includes the following settings Enable Enables the port trigger feature on the router Rule Enable Enables the configured port trigger rule Popular Applications Lists a number of popular applicat...

Page 105: ...o a network outside of the LAN the router s WAN port must be configured with a global unicast address Viewing IPv6 status The Status page displays the current status of the IPv6 connection to the ISP This page includes the following information Connection Type Displays the method used for IPv6 configuration WAN IP Address The configured IPv6 addresses for the router s WAN port Default Gateway The ...

Page 106: ...is information is available from your ISP or on the paperwork that your ISP left with you This page includes the following settings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select Static for the IPv6 address connection mode IPv6 Address The IPv6 address of the router IPv6 addresses are 16 bytes long 128 bits written as eight groups of hexadecimal quartets ...

Page 107: ...s VLAN Default Settings Sets the IPv6 settings for the local VLAN IPv6 Address The IPv6 address of the router for the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts o...

Page 108: ...ttings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select SLAAC for the IPv6 address connection mode DNS Settings Configures IPv6 DNS settings Obtain IPv6 DNS servers automatically Sets the IPv6 addresses for primary and secondary DNS servers automatically Use the following IPv6 DNS servers Enter the primary and secondary DNS server IPv6 addresses VLAN Defaul...

Page 109: ...nge to define the pool Lifetime The time that the IPv6 address assignment is valid DHCPv6 Dynamic Host Configuration Protocol version 6 DHCPv6 automatically assigns IPv6 settings to hosts in an IPv6 network A dynamic connection type is the most common connection method used by ISPs with cable DSL modems If your ISP supports a DHCPv6 server and recommends using this option select DHCPv6 from the Co...

Page 110: ...k The network portion of the address is based on prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the client identifier that is the client MAC address Stateful DHCPv6 Enables DHCPv6 automatic assignment of IPv6 addresses to local hosts based on a defined address pool Enter the start and end of the address rang...

Page 111: ...er for the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts on the local network The network portion of the address is based on prefixes received in IPv6 router adverti...

Page 112: ...112 IPv6 configuration MLD settings Multicast Listener Discovery MLD proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces ...

Page 113: ... data packets have greater priority when traffic is transmitted from the WAN port This router supports QoS with four priority queues on the WAN port Data packets in the WAN port s high priority queue will be transmitted before those in the lower priority queues You can set the maximum bandwidth for each priority queue traffic shaping as well as classify traffic types and then map them to the WAN p...

Page 114: ...eneral Enables the traffic shaping settings on the router Diffserv Displays the table of bandwidth settings for the WAN port s four output queues Name Identifies the port queue numbered 1 to 4 Priority Indicates that queue 1 is the lowest priority queue and queue 4 the highest priority queue Bandwidth Allocation Sets the bandwidth for each output queue in Kbps By default the maximum of 1024000 Kbp...

Page 115: ...se these characters Source Address Select Any or a specific LAN host MAC address or IP subnet Destination Address Select Any or a specific IP subnet as the traffic destination Popular Services Select a popular service from the list to automatically configure the traffic type and IP protocol Traffic Type Specifies UDP TCP or other IP protocol IP Protocol Specifies the protocol type number when an a...

Page 116: ...owest priority queue and queue 4 the highest priority Remark 802 1p priority as Before the identified traffic is sent to the forwarding queue the 802 1p priority tag can be set to the specified value Remark DSCP as Before the identified traffic is sent to the forwarding queue the IP DSCP can be set to the specified value ...

Page 117: ...rive An FTP user can log into the FTP server using an FTP client A maximum of eight File Sharing accounts and eight FTP accounts can be defined total 16 accounts maximum This page includes the following settings USB Type Selects a user account for access to USB files through File Sharing or FTP Username Enter a name containing 6 to 32 characters Do not use these characters or space Password Enter ...

Page 118: ...Windows users as normal Windows folders accessible on the network Users can use Windows Network Neighborhood to access files on the USB drive A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Work Group The Windows networking group name Enter 1 to 255 characters Do not use these characters Host Name A name that identifies the router in the Windo...

Page 119: ...s Users can set up the FTP server to share or download files to local or remote users through the router A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Max Client Set the maximum number of FTP connections different IP addresses permitted at one time range 1 to 5 Only one connection from the same user same IP address is allowed at one time Net...

Page 120: ...120 USB configuration Safe removal To ensure USB data correctness the router supports a USB safe removal feature Click Remove before unplugging a USB drive ...

Page 121: ...lled on the router the status of the email alert feature and lists any configured time schedules Updating software The Software page displays the current software versions installed on the router You can upgrade the software installed on the router to a new version downloaded from the HP support website The router supports a dual image feature which means that if the router fails to boot the activ...

Page 122: ...web browser or TFTP requires server If you select HTTP you can download the software file from your computer The TFTP option requires the software file to be placed on a computer running a TFTP server utility The TFTP server IPv4 address and software file name must be entered Firmware File Locates the software file on the local computer when using the HTTP transfer method Saving configuration sett...

Page 123: ...tion files are written in a binary format and are not readable or end user configurable Restore settings Select to restore the router s settings and choose HTTP or TFTP as the transfer method For HTTP browse to the location of the saved configuration file on the management computer For TFTP specify the file path and name on the TFTP server and enter the IPv4 server address Click Save to restore th...

Page 124: ...This page includes the following settings IP Address Domain Name You can specify an IPv4 address an IPv6 address or a hostname Ping Count Specify the number of pings to send 1 3 5 10 or 20 Results The results window shows the size and number of each packet sent and if the host is reached the size and number of each packet received in response and its round trip time It also displays statistics abo...

Page 125: ...lue of one implying that they make a single hop The next three packets have a TTL value of 2 and so on When a packet passes through a host typically the host decrements the TTL value by one and forwards the packet to the next host When a packet with a TTL of one reaches a host the host discards the packet and sends an ICMP time exceeded type 1 1 packet to the sender The Traceroute utility uses the...

Page 126: ...vent at or above a configured severity level occurs This page includes the following settings From E mail Address Sets the email address that is used in the From field of alert messages You can use a symbolic email address that identifies the router or the address of an administrator responsible for the router ...

Page 127: ... lowest to the highest are Debug Informational Notice Warning Error Critical Alert and Emergency All events at the set level and higher will be sent to the configured email recipient For example setting the Warning level will report all events from Warning to Emergency Caution Setting the Alert Level too low can result in a very high number of emails being sent to the recipient HP recommends to on...

Page 128: ...he characters Comment A comment of up to 31 characters that describes the scheduling rule Do not use the characters Date Selects a day of the week or daily Start End Time Specify the start and end times for the schedule in 24 hour format Rules List This table shows all the configured schedules on the router ...

Page 129: ...e The file is saved on your computer with the name showtech rtf This is a text file that includes the model software version wireless and other basic settings as well as the ARP table memory usage information and the current system log Viewing the EULA This page displays the HP End User License Agreement content ...

Page 130: ...130 Tools ...

Page 131: ...on see the HP Networking Support website www hp com networking support Before contacting HP collect the following information Product model names and numbers Technical support registration number if applicable Product serial numbers Error messages Operating system type and revision level Problem description and any detailed questions HP websites For additional information see the following HP webs...

Page 132: ... user interface Refer to the following image for identification of key user interface elements and then the table below for example directions Example directions in this guide What to do in the user interface Select System Admin Select System on the main menu and then select Admin on the sub menu Set Radio Mode to 1 1n only For the Radio Mode setting select 1 1n only from the list Main Sub menu ...

Page 133: ...ings resets the manager user name and password to admin and sets the IPv4 address of the LAN port to 192 168 1 1 Using the reset button Using a paper clip press and hold the reset button for more than three seconds then release Using the management interface 1 Launch the web based management interface default https 192 168 1 1 2 Select Tools Configuration 3 Select Restore All Settings to Factory D...

Page 134: ...134 ...

Page 135: ...dels US WW Models Null Web Server HTTP Server Enabled HTTPs Server Enabled Session Timeout 5 minutes Trusted Users MAC IP Address None configured System Time Set System Time SNTP System Date 2013 01 01 System Time 00 00 Time Server Address pool ntp org Time Zone 08 00 Pacific Time US Daylight Saving Enabled SNMP Enable SNMP Enabled Read Community public Write Community private Trap Receiver IP Add...

Page 136: ...et Mask 0 0 0 0 Static Gateway 0 0 0 0 Primary DNS Address 0 0 0 0 Secondary DNS Address 0 0 0 0 PPPoE Username Null PPPoE Password Null PPPoE Service Name Null PPPoE Idle Time Always On PPPoE MTU 1454 bytes Multiple PPPoE Disabled PPPoE Routing Table Disabled PPTP Server IP 0 0 0 0 PPTP Username Null PPTP Password Null PPTP Idle Time Always On PPTP DHCP Enable Disabled L2TP Server IP 0 0 0 0 L2TP...

Page 137: ... 255 255 0 Enable DHCP Server Enabled IP Pool Starting Address 192 168 1 2 IP Pool Ending Address 192 168 1 254 Lease Time 1 day VLAN ID 1 DHCP Relay Disabled Spanning Tree Disabled VLAN Default VLAN ID 1 VLAN Port Membership LAN 1 2 3 4 WLAN 1 default VLAN untagged Block routing between VLANs Enabled IGMP Enable IGMP Proxy Enabled Enable IGMP Snooping Enabled Feature Parameter Default ...

Page 138: ...oadcast Enabled MAC Authentication Disabled Authentication Mode OPEN Encryption Type NONE R120 Wireless 2 4GHz Basic Enabled Radio Enabled Radio Mode 1 1b g n Mixed Channel Auto Bandwidth 20 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled HP1_2G VAP 2 SSID Disabled HP2_2G VAP 3 SSID Disabled HP3_2G VAP 4 SSID Disabled HP4_2G Station Isolation Disabled Broadcast Enabled MAC Authentication Dis...

Page 139: ...ication Mode OPEN Encryption Type NONE Wireless Advanced Beacon Interval 100 ms DTIM Interval 1 beacon RTS Threshold 2347 bytes Short Guard Interval Enabled 2 4GHz 802 1 1g Protection Mode CTS to Self Extension Channel Protection Mode No Protection 2 4GHz Preamble Mode Auto Max TX Power 100 WDS VAP 1 WDS Mode Disabled Authentication Mode OPEN Encryption Type NONE WPS WPS Enable Enabled Configurati...

Page 140: ...Summary Disabled Static Route Disabled RIPng Disabled IPv6 Static Route Disabled Firewall PING from WAN Disabled MSS Clamping Enabled UPnP Disabled Remote Administration Disabled Enable DDoS Attack Filter Disabled Client Filtering Disabled MAC Filtering Disabled URL Filtering Disabled URL Exclusion Disabled Content Filtering Disabled SPI Settings Disabled NAT NAT Enabled Virtual Server Disabled DM...

Page 141: ...sabled MLD Proxy Disabled DHCP PD Enabled QoS QoS Enabled Traffic Mapping Disabled USB User Account Disabled File Sharing Disabled FTP Disabled Tools Email Alert Disabled Scheduling Rules None configured Feature Parameter Default ...

Page 142: ...142 ...

Reviews:

No comments

Related manuals for R100-Series

Lindy 25046 User Manual preview
25046
Brand: Lindy Pages: 4
Teknim TWM-1886 Installation & User Manual preview
TWM-1886
Brand: Teknim Pages: 10
Z Microsystems TranzStor 8X User Manual preview
TranzStor 8X
Brand: Z Microsystems Pages: 51
Buffalo LinkStation Mini User Manual preview
LinkStation Mini
Brand: Buffalo Pages: 71
H3C LSWM12H2Q User Manual preview
LSWM12H2Q
Brand: H3C Pages: 9
Hunter Pro-C Series Programming Instructions preview
Pro-C Series
Brand: Hunter Pages: 2
NetComm NB3300 Installation And Setup preview
NB3300
Brand: NetComm Pages: 4
Carrier 40VMW005 Installation And Maintenance Instructions Manual preview
40VMW005
Brand: Carrier Pages: 18
Qvis 72-8P Series User Manual preview
72-8P Series
Brand: Qvis Pages: 233
N-Tron 900B Installation & User Manual preview
900B
Brand: N-Tron Pages: 21
S-Access SA-REP-ETHERLINK_II-1DA-PL Manual preview
SA-REP-ETHERLINK_II-1DA-PL
Brand: S-Access Pages: 106
NETGEAR WNR2000v2 - Wireless- N 300 Router User Manual preview
WNR2000v2 - Wireless- N 300 Router
Brand: NETGEAR Pages: 144
IBM BladeCenter 1/10 Gb Uplink Ethernet SwitchModule Installation Manual preview
BladeCenter 1/10 Gb Uplink Ethernet SwitchModule
Brand: IBM Pages: 58
Cambium Networks PTP 820C User Manual preview
PTP 820C
Brand: Cambium Networks Pages: 672
Arista CloudVision DCA-CV-100 Quick Start Manual preview
CloudVision DCA-CV-100
Brand: Arista Pages: 46
Datacom Systems WANswitch W2358DSL Hardware Manual preview
WANswitch W2358DSL
Brand: Datacom Systems Pages: 36
AVYCON AVK-HN41V4-1T-NVR Quick Start Manual preview
AVK-HN41V4-1T-NVR
Brand: AVYCON Pages: 2
Samsung Techwin SPN-10050 Quick Installation Manual preview
Techwin SPN-10050
Brand: Samsung Pages: 2

Brands by name

Popular brands

Load more brands