manualshive.com logo in svg

TP-Link TL-R470T Plus, Configuration Manual

The TP-Link TL-R470T Plus is a reliable and efficient router designed for small businesses. With its comprehensive configuration manual, users can easily set up and optimize network settings. This manual is available for free download from manualshive.com, offering a step-by-step guide to maximize the potential of this outstanding product.

Share
Download
background image

Configuration Guide  

  106

Configuring Behavior Control

Behavior Control

Behavior Control

1.1  Overview

With the Behavior Control feature, you can control the online behavior of local hosts. You can 

block specific hosts’ access to specific websites using URLs or keywords, block HTTP posts 

and prevent certain types of files from being downloaded from the internet.

1.2  Supported Features

The Behavior Control module supports two features: Web Filtering and Web Security.

Web Filtering

Web Filtering is used to filter specific websites. The router provides two ways to filter websites: 

Web Group Filtering and URL Filtering.

 

Web Group Filtering: You can configure multiple websites as a web group, and set a filtering 

rule for the group. More than one group can be created and several groups can share a 

same filtering rule.

 

URL Filtering: You can directly set a filtering rule for specific entire URLs or keywords.

Web Security

Web Security is used to control the specific online behaviors of local users. You can configure 

this feature to block HTTP post, which means that the local users cannot log in, submit 

comments or perform any other operation which needs HTTP post. Also, you can prohibit local 

users from downloading specific types of files from the internet.

Summary of Contents for TL-R470T Plus

Page 1: ...Configuration Guide 1910012201 REV9 0 0 June 2017 TL R470T TL R480T ...

Page 2: ...s 9 Configuring the WAN Connection 9 LAN Configuration 21 Configuring the IP Address of the LAN Port 21 Configuring the DHCP Server 22 Viewing the DHCP Client List 24 IPTV Configuration 25 Configuring IPTV Based on IGMP 25 Configuring IPTV in Bridge Mode 26 Configuring IPTV in Custom Mode 26 MAC Configuration 29 Configuring MAC Address 29 Switch Configuration 31 Viewing the Statistics 31 Configuri...

Page 3: ...sion 58 Transmission 59 Overview 59 Supported Features 59 NAT Configurations 61 Configuring the Multi Nets NAT 61 Configuring the One to One NAT 62 Configuring the Virtual Servers 63 Configuring the Port Triggering 64 Configuring the NAT DMZ 65 Configuring the ALG 65 Bandwidth Control Configuration 66 Session Limit Configurations 68 Configuring Session Limit 68 Viewing the Session Limit Informatio...

Page 4: ... Virtual Server 80 Network Requirements 80 Network Topology 81 Configuration Scheme 81 Configuration Procedure 81 Example for Configuring Policy Routing 82 Network Requirements 82 Network Topology 82 Configuration Scheme 82 Configuration Procedure 82 Configuring Firewall 85 Firewall 86 Overview 86 Supported Features 86 Firewall Configuration 88 Anti ARP Spoofing 88 Adding IP MAC Binding Entries 88...

Page 5: ...rted Features 109 Behavior Control Configuration 110 Configuring Web Filtering 110 Configure Web Group Filtering 110 Configuring URL Filtering 113 Configuring Web Security 115 Configuration Examples 117 Example for Access Control 117 Network Requirements 117 Configuration Scheme 117 Configuration Procedure 118 Example for Web Security 121 Network Requirements 121 Configuration Scheme 122 Configura...

Page 6: ...onfiguring the URL Type 141 Viewing the Authentication Status 143 Configuration Example 144 Network Requirements 144 Configuration Scheme 144 Configuration Procedures 145 Configuring the Authentication Page 145 Configuring Authentication Accounts for the Guests 146 Managing Services 147 Services 148 Overview 148 Support Features 148 Dynamic DNS Configurations 149 Configure and View Peanuthull DDNS...

Page 7: ...estore 163 Backup Restore 163 Reboot 164 Firmware Upgrade 164 SNMP 165 Diagnostics 166 Diagnostics 166 Configuring Ping 166 Configuring Traceroute 167 Remote Assistance 168 Time Settings 169 Setting the System Time 169 Getting time from the Internet Automatically 169 Setting the System Time Manually 170 Setting the Daylight Saving Time 170 Predefined Mode 170 Recurring Mode 171 Date Mode 172 Syste...

Page 8: ...dations in this document do not constitute the warranty of any kind express or implied Users must take full responsibility for their application of any products In this Guide the following conventions are used The symbol stands for Note Notes contains suggestions or references that helps you make better use of your device Menu Name Submenu Name Tab page indicates the menu structure Status Traffic ...

Page 9: ...Part 1 Viewing Status Information CHAPTERS 1 System Status 2 Traffic Statistics ...

Page 10: ...age displays the basic system information like the hardware version firmware version and system time and the running information like the WAN interface status memory utilization and CPU utilization Choose the menu Status System Status System Status to load the following page Figure 1 1 System Status ...

Page 11: ...tus Traffic Statistics Interface Statistics to load the following page Figure 2 1 Interface Statistics View the detailed traffic information of each interface in the statistics list TX Rate KB s Displays the rate for transmitting data in kilobytes per second RX Rate KB s Displays the rate for receiving data in kilobytes per second TX Packet Rate Pkt s Displays the rate for transmitting data in pac...

Page 12: ...nge to monitor Enable IP Statistics Check the box to enable IP Statistics IP Range Specify an IP range The router will monitor the packets whose source IP addresses or destination IP addresses are in this range and display the statistics information in Statistics List 2 In the Statistics List section view the detailed traffic information of the IP addresses IP Address Number Displays the number of...

Page 13: ...tes of packets received by the user who owns the IP address Total TX Packets Displays the number of packets transmitted by the user who owns the IP address Total RX Packets Displays the number of packets received by the user who owns the IP address You can enable Auto Refresh or click Refresh to get the latest statistics information or click Clear to clear the current statistics information ...

Page 14: ...Part 2 Configuring Network CHAPTERS 1 Overview 2 WAN Configuration 3 LAN Configuration 4 IPTV Configuration 5 MAC Configuration 6 Switch Configuration 7 VLAN Configuration 8 IPv6 Configuration ...

Page 15: ...he LAN IPTV IPTV services is based on the Internet protocol rather than through traditional satellite signal or cable transmission The router supports three kinds of IPTV configuration according to your ISP IPTV based on IGMP IPTV in Bridge mode IPTV in Custom mode MAC You can change the default MAC address of the WAN port or LAN port according to your needs Switch The router supports some basic s...

Page 16: ...gure physical interface 1 as WAN1 2 Configure physical interface 1 and interface 2 as WAN1 and WAN2 respectively 3 Configure physical interface 1 interface 2 and interface3 as WAN1 WAN2 and WAN3 respectively 4 Configure physical interface 1 interface 2 interface 3 and interface 4 as WAN1 WAN2 WAN3 and WAN4 respectively Note When a WAN port is added a port related tab is automatically added when a ...

Page 17: ... Configuring the Dynamic IP In the Connection Configuration section select the connection type as Dynamic IP Enter the corresponding parameters and click Save Connection Type Choose the connection type as Dynamic IP if your ISP automatically assigns the IP address Host Name Optional Enter a name for the router It is null by default Upstream Bandwidth Specify the upstream bandwidth of the WAN port ...

Page 18: ...ng VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatically create corresponding VLANs after you finished the configuration and add port 1 WAN 1 to the VLANs Users cannot then manually select the VLAN that WAN 1 belongs to G...

Page 19: ... is set correctly MTU Specify the MTU Maximum Transmission Unit of the WAN port MTU is the maximum data unit transmitted in the physical network When Static IP is selected MTU can be set in the range of 576 1500 bytes The default value is 1500 Primary Secondary DNS Optional Enter the IP address of the DNS server provided by your ISP VLAN Add the WAN port to a VLAN Generally you don t need to manua...

Page 20: ...Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During the specified period the router will automatically activate the connection Time Choose the effective time range when the Connection Mode is...

Page 21: ... is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV func...

Page 22: ...ame provided by your ISP Password Enter the L2TP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During...

Page 23: ...UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatically ...

Page 24: ... provided by your ISP Password Enter the PPTP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During th...

Page 25: ...N is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatic...

Page 26: ...outer reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During the specified period the router will automatically activate the connection Time Choose the effective time range when the Connection Mode is chosen as Time Based To create the time range go to Preferences Time Range Time Range Upstream Bandwidth Specify the upstream bandw...

Page 27: ... don t need to manually configure it unless required by your ISP By default the WAN port is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN...

Page 28: ... Address of the LAN Port Choose the menu Network LAN LAN to load the following page Figure 3 1 Configuring the LAN IP Address Enter the IP address of the LAN port and click Save IP Address Enter the IP address of the LAN port This IP address is the default gateway of the LAN clients and the IP addresses of all the LAN clients should be in the same subnet with this LAN IP address Subnet Mask Enter ...

Page 29: ...ing the DHCP Server You can configure an IP address pool for the DHCP server to assign IP addresses When clients send requests to the DHCP server the server will automatically assign IP addresses and the corresponding parameters to the clients Moreover if you want to reserve an IP address for a certain client you can use Address Reservation to bind the IP address with the client s MAC address and ...

Page 30: ...d to enter the IP address of the LAN port Default Domain Optional Enter the domain name of your network Primary Secondary DNS Optional Enter the DNS server address provided by your ISP If you are not clear please consult your ISP Option60 Optional Specify the option 60 for device identification Mostly it is used under the scenario where the clients apply for different IP addresses from different s...

Page 31: ...e box to export this binding entry to IP MAC Binding List on Firewall Anti ARP Spoofing IP MAC Binding page Status Check the box to enable this entry 3 3 Viewing the DHCP Client List Choose the menu Network LAN DHCP Client List to load the following page Figure 3 4 Viewing the DHCP Client List Here you can view the DHCP client list Client Name Displays the name of the client MAC Address Displays t...

Page 32: ...Enable IGMP Snooping and IGMP Proxy and choose the IGMP version then click Save IGMP Snooping Check the box to enable IGMP Snooping Without IGMP Snooping the router will broadcast multicast stream to all LAN ports even though some LAN ports are not connected to any multicast member With IGMP Snooping enabled the LAN ports listen IGMP packets transmitted between the router and the clients and build...

Page 33: ...o the IPTV becomes a dedicated port for IPTV service Port Mode Specify the service to be supported by the LAN port Internet Specify the port to support only internet service If you want to access the internet you should connect your host to this port IPTV Specify the port to only support IPTV service If you want to use IPTV you should connnect your IPTV set top box to this port 4 3 Configuring IPT...

Page 34: ...2 Enter the parameters provided by your ISP including the VLAN IDs and priorities of different services Internet VLAN ID Enter the VLAN ID of the internet service It is provided by your ISP Internet VLAN Priority Enter the VLAN priority of the internet service It is provided by your ISP 802 1Q Tag Optional Check the box and the egress internet packets of WAN 1 port will be tagged IP Phone VLAN ID ...

Page 35: ...ecify the port to support only IP Phone service If you want to make an IP Phone call you should connect your IP Phone to this port IPTV Specify the port to only support IPTV service If you want to use IPTV you should connnect your IPTV set top box to this port Note Among the WAN ports only WAN 1 supports IPTV service So if you want to use IPTV function connect your ISP network to WAN 1 In Bridge m...

Page 36: ...al up device for a normal internet connection Configure the MAC Address of the LAN port In a complex network with all the devices are ARP bound if you want to replace the current router with this router you can just set the MAC address of this router s LAN port as the same as that of the previous router which can avoid all the devices under this network node to update their ARP binding tables 5 1 ...

Page 37: ...actory default value Clone Current PC s MAC Click this button to clone the MAC address of the PC you are currently using to configure the router It s only available for the WAN ports Note To avoid a MAC address conflict in the LAN it is not permitted to set the MAC address of the router s LAN port as the MAC address of the current management PC ...

Page 38: ... getting overloaded Negotiation Mode Select the negotiation mode for the port You can set the mode as Auto or manually set the speed and duplex mode for the port It is recommended to configure both devices of a link to work in Auto Negotiation mode or manually configure them to work in the same speed and duplex mode If the two devices at both sides work in Auto mode they will advertise their speed...

Page 39: ...ure 6 2 Viewing Port Status Status Displays the port status Link Down The port is not connected Link Up The port is working normally Speed Mbps Displays the port speed Duplex Mode Displays the duplex mode of the port Flow Control Displays if the Flow Control is enabled ...

Page 40: ... Network VLAN VLAN to load the following page Figure 7 1 Creating a VLAN Create a VLAN and add the port s to the VLAN then click OK VLAN ID Enter a VLAN ID The value ranges from 1 to 4094 Name Specify the name of the VLAN for easy identification Ports Check the box to select the port and specify the port type in the specified VLAN The port can be divided into two types TAG or UNTAG TAG The egress ...

Page 41: ...Displays the ports which belongs to the corresponding VLAN Description Displays the description of the VLAN Note The VLAN list contains all the VLANs existing in the router Some of them are manually created by the user and can be edited or deleted Some are automatically created and referenced by the router for some special scenarios like IPTV or management VLAN and you cannot edit or delete these ...

Page 42: ...on Guide 35 Figure 7 3 Configuring the PVID Configure the PVID of the port then click Save Port Displays the port PVID Specify the PVID for the port PVID indicates the default VLAN for the corresponding port VLAN Displays the VLAN s the port belongs to ...

Page 43: ...nt 2 Configure the WAN connection 8 1 Configuring the LAN Configure the type of assigning IPv6 address to the LAN clients Choose the menu Network IPv6 LAN to load the following page Figure 8 1 Configuring the LAN 1 In the Global section enable IPv6 function and click Save IPv6 Check the box to enable IPv6 function for the LAN 2 In the LAN section configure the Assigned Type and Address prefix then...

Page 44: ...orm an IPv6 address Generally the host identifier was formed using the EUI 64 The DHCP server will also automatically advertise the DNS information to the client Address Prefix Enter the LAN address prefix provided by your ISP Note If the Prefix Delegation in WAN configuration is enabled the LAN prefix will be automatically assigned by the ISP and you do not need to manually configure it here Rele...

Page 45: ...he router will reboot after switching the WAN mode 8 2 2 Configuring the WAN Connection The router supports five IPv6 connection types Static IP Dynamic IP SLAAC DHCPv6 PPPoE 6to4 Tunnel and Pass Through Bridge you can choose one according to the information provided by your ISP Static IP Select this if your ISP provides you with a fixed IPv6 address default gateway and DNS address Dynamic IP SLAA...

Page 46: ...he Internet section choose the Internet Connection type as Dynamic IP SLAAC DHCPv6 and configure the corresponding parameters Then click Save Internet Connection Type Choose Dynamic IP SLAAC DHCPv6 as the connection type IPv6 Address Primary DNS Secondary DNS Displays the IPv6 address Primary DNS Secondary DNS of the WAN port These parameters are automatically assigned by the DHCPv6 server from yo...

Page 47: ...rmed using the EUI 64 Prefix Delegation Enable or disable prefix delegation The prefix will be assigned to the LAN clients Enable The prefix of the IPv6 address will automatically be assigned by the ISP and you do not need to configure the prefix on the LAN page Disable You need to enter a prefix manually on the LAN page Note If more than one WAN port is enabled with Prefix Delegation the LAN port...

Page 48: ...x to enable IPv6 function 2 In the Internet section choose the Internet Connection type as Static IP and configure the corresponding parameters Then click Save Internet Connection Type Choose Static IP as the connection type IPv6 Address Enter the IPv6 address provided by your ISP Default Gateway Enter the default gateway provided by your ISP Primary DNS Secondary DNS Enter the DNS address provide...

Page 49: ...he PPPoE Follow these steps to configure PPPoE connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet section choose the Internet Connection type as PPPoE and configure the corresponding parameters Then click Save ...

Page 50: ...ddress and configure the Prefix Delegation Then click Save Get IPv6 Address Choose the method by which the IPv6 address is obtained from the ISP DHCPv6 The DHCP server automatically assigns the IPv6 address SLAAC Stateless DHCP The DHCP server advertises the IPv6 prefix to the WAN port the WAN port then dynamically forms a host identifier that is 64 bits long and will be suffixed to the end of the...

Page 51: ...l Follow these steps to configure 6to4 Tunnel connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet section choose the Internet Connection type as 6to4 Tunnel and configure the corresponding parameters Then click Save Internet Connection Type Choose the connection type as PPPoE IPv4 Address IPv4 Subnet...

Page 52: ...idge mode the router works as a transparent bridge The IPv6 packets received from the WAN port will be transparently forwarded to the LAN port and vice versa No extra parameter is required Figure 8 6 Configuring the Pass Through Bridge Follow these steps to configure Pass Through Bridge connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to ...

Page 53: ...Part 3 Configuring Preferences CHAPTERS 1 Overview 2 IP Group Configuration 3 Time Range Configuration 4 Service Type Configuration ...

Page 54: ...e IP groups configured here will appear as options when you are configuring the effective IP addresses for functions like Bandwidth Control Session Limit Policy Routing and so on Once you configure a preference here it can be applied to multiple functions saving time during the configuration For example after configuring a time range in the Preferences Time Range Time Range page you can use this t...

Page 55: ...oup IP Address and click Add to load the following page Figure 2 1 Add an IP Address Entry Follow these steps to add an IP address entry 1 Enter a name and specify the IP address range Name Enter a name for the IP address entry Only letters digits or underscores are allowed IP Address Type Choose a type and enter the IP address in the corresponding format Two types are provided IP Address Range Sp...

Page 56: ...e Enter a name for the IP group Only letters digits or underscores are allowed Address Name Select the IP address entries as the members of the group from the drop down list It is multi optional If no IP address entries are selected the rule that references this IP group will have no effect on any IP addresses Description Optional Enter an brief description of this IP group to make identifying it ...

Page 57: ... Time Range Time Range and click Add to load the following page Figure 3 1 Add a Time Range Entry Follow these steps to add a time range entry 1 Enter a name for the time range entry Time Range Name Enter a name for the time range entry Only letters digits or underscores are allowed 2 Choose a mode to set the time range Two modes are provided Working Calendar and Manually Working Calendar Working ...

Page 58: ...me range and select the effective days in a week manually In this mode effective time can be accurate to the minute Choose Manually mode to load the following page Figure 3 3 Manually Mode Week Select the effective days in a week Time Range Enter a start and end time If the effective time is discontinuous click to add another time range 3 Optional Enter an brief description of this time range to m...

Page 59: ...d here can be used as part of the matching conditions when configuring the Access Control rules in Firewall Choose the menu Preferences Service Type Service Type to load the following page Figure 4 1 Service Type List The entries in gray are system predefined service types You can add other entries if your service type is not in the list ...

Page 60: ...DP TCP UDP and ICMP For other protocols select the option Other When TCP UDP or TCP UDP is selected the following page will appear Figure 4 3 TCP UDP Protocol Source Port Range Destination Port Range Specify range of the source port and destination port of the TCP or UDP packets Packets whose source port and destination port are both in the range are considered as the target packets When ICMP is s...

Page 61: ...5 Other Protocols Protocol Number Specify the protocol number of the packets Packets with the protocol number field matched are considered as the target packets 3 Optional Enter a brief description of this service type to make identifying it easier 4 Click OK Note A service type entry that is being referenced by a rule cannot be deleted ...

Page 62: ...iguring Transmission CHAPTERS 1 Transmission 2 NAT Configurations 3 Bandwidth Control Configuration 4 Session Limit Configurations 5 Load Balancing Configurations 6 Routing Configurations 7 Configuration Examples ...

Page 63: ...ti Nets NAT Multi Nets NAT function can help the router provide NAT translation for multiple subnets One to One NAT One to One NAT creates a relationship between a private IP address and a public IP address A device with a private IP address can be accessed through the corresponding valid public IP address Virtual Servers When you build up a server in the local network and want to share it on the ...

Page 64: ...rol You can control the bandwidth by configuring bandwidth control rules for limiting various data flows In this way the network bandwidth can be reasonably distributed and utilized Session Limit The amount of TCP and UDP sessions supported by the router is finite If some local hosts transmit too many TCP and UDP sessions to the public network the communication quality of the other local hosts wil...

Page 65: ...igure the Port Triggering Configure the NAT DMZ Configure the ALG 2 1 Configuring the Multi Nets NAT Note TL R470T does not support Multi Nets NAT Choose the menu Transmission NAT Multi Nets NAT and click Add to load the following page Figure 2 1 Configuring the Multi Nets NAT Follow these steps to configure the Multi Nets NAT 1 Specify the name of the Multi Nets NAT rule and configure other relat...

Page 66: ... One NAT Follow these steps to configure the One to One NAT 1 Specify the name of the One to One NAT rule and configure other related parameters Interface Specify the effective interface for the rule Original IP Specify the original IP address for the rule The original IP address cannot be the broadcast address network address or IP address of the interface Translated IP Specify the translated IP ...

Page 67: ...ervers 1 Specify the name of the Virtual Server rule and configure other related parameters Interface Specify the effective interface for the rule External Port Enter the service port or port range the router provided for accessing external network The ports or port ranges cannot overlap with those of other virtual server rules Internal Port Specify the service port or port range of the LAN host a...

Page 68: ... trigger port or port range Each entry supports at most 5 groups of trigger ports For example you can enter 1 2 3 4 5 6 7 8 8 9 Note that the ports or port ranges cannot overlap with those of other port triggering rules Trigger Protocol Specify the trigger protocol for the trigger port Incoming Port Enter the incoming port or port range Each entry supports at most 5 groups of incoming ports For ex...

Page 69: ...onfigure the NAT DMZ 1 Specify the name of the NAT DMZ rule and configure other related parameters Interface Specify the effective interface for the rule Host IP Address Specify the host IP address for NAT DMZ Status Check the box to enable the rule 2 Click OK 2 6 Configuring the ALG Choose the menu Transmission NAT ALG to load the following page Figure 2 6 Configuring the ALG Enable related ALG a...

Page 70: ...ing page Figure 3 1 Configuring the Bandwidth Control Follow these steps to configure the Bandwidth Control rule 1 In the Bandwidth Control Config Section enable Bandwidth Control function globally Enable Bandwidth Control Check the box to enable Bandwidth Control globally Enable Bandwidth Control When With Enable Bandwidth Control selected you can specify a percentage and the Bandwidth Control wi...

Page 71: ...r the rule Maximum Downstream Bandwidth Specify the Maximum Downstream Bandwidth in Kbps for the rule Mode Specify the bandwidth control mode for the address group Individual means the bandwidth of each user is equal to the current bandwidth of this entry Shared means the total bandwidth of all controlled IP addresses is equal to the current bandwidth of this entry Effective Time Specify the time ...

Page 72: ...imit Choose the menu Transmission Session Limit Session Limit to load the following page Figure 4 1 Configuring the Session Limit Follow these steps to configure the Session Limit rule 1 In the General Section enable Session Limit function globally 2 In the Session Limit Rule List section click Add to load the following page Figure 4 2 Add Session Limit rules Specify the name of the Session Limit ...

Page 73: ...Group page Max Sessions Specify the max sessions for the controlled users Status Check the box to enable the rule 4 2 Viewing the Session Limit Information Choose the menu Transmission Session Limit Session Monitor to load the following page Figure 4 3 Viewing the Session Limit Information View the Session Limit information of hosts configured with Session Limit Click the Refresh button to get the...

Page 74: ...on globally and click Save 2 In the Basic Settings section select the appropriate method for load balancing and click Save Enable Application Optimized Routing With Application Optimized Routing enabled the router will consider the source IP address and destination IP address or destination port of the packets as a whole and record the WAN port they pass through Then the packets with the same sour...

Page 75: ...AN Specify the backup WAN port to back up the traffic for the primary WAN port under the specified condition Mode Specify the mode as Timing or Failover Timing Link Backup will be enabled if the specified effective time is reached All the traffic on the primary WAN will switch to the backup WAN at the beginning of the effective time the traffic on the backup WAN will switch to the primary WAN at t...

Page 76: ...l be selected as the destination for DNS Lookup to detect whether the WAN is online Manual In Manual Mode you can configure the destination IP address for PING and DNS Lookup manually to detect whether the WAN is online Always Online In Always Online Mode the status of the port will always be online Ping With Manual Mode selected specify the destination IP for Ping The correspoding port will ping ...

Page 77: ...lick Add to load the following page Figure 6 1 Configuring the Static Routing Specify the name of the static route entry and configure other related parameters Then click OK Name Enter a name for the static route entry Destination IP Specify the destination IP address the route leads to Subnet Mask Specify the subnet mask of the destination network Next Hop Specify the IP address to which the pack...

Page 78: ...ing page Figure 6 2 Configuring the Policy Routing Specify the name of the policy routing entry and configure other related parameters Then click OK Name Enter a name for the policy routing entry Service Type Specify the service type for the rule Source IP Enter the source IP range for the rule 0 0 0 0 0 0 0 0 means any IP is acceptable Destination IP Enter the destination IP range for the rule 0 ...

Page 79: ...le shows the information of the current route entries Destination IP Displays the destination IP address the route leads to Subnet Mask Displays the subnet mask of the destination network Next Hop Displays the gateway IP address to which the packet should be sent next Interface Displays the physical network interface through which this route is accessible Metric Displays the metric to reach the de...

Page 80: ... access the internet via the same gateway router 2 The company has a web server which needs to be accessed by the users on the internet 7 1 2 Network Topology Figure 7 1 Network Topology Internet L3 Switch Web Server Gateway Router RD Department 172 16 10 0 24 Market Department 172 16 20 0 24 WAN1 LAN 192 168 0 10 192 168 0 20 123 1 1 3 7 1 3 Configuration Scheme To meet the first requirement add ...

Page 81: ... to One NAT take effects only when the connection type of WAN port is Static IP 7 1 4 Configuration Procedure Follow the steps below to configure NAT on the gateway router Configuring the Multi Nets NAT 1 Choose the menu Transmission NAT Multi Nets NAT to load the configuration page and click Add 2 Add Multi nets NAT entries for the two departments respectively Specify the entry name as RD Market ...

Page 82: ...h as next hop then choose the interface as WAN1 Keep Status of this entry as Enable Click OK Figure 7 4 Configuring the Static Routing for RD Department Figure 7 5 Configuring the Static Routing for Market Department Configuring the One to One NAT 1 Choose the menu Transmission NAT One to One NAT to load the configuration page and click Add 2 Add a One to One NAT entry for the web server Specify t...

Page 83: ...etwork administrator decides to bind two WAN links using load balancing 7 2 2 Network Topology Figure 7 7 Network Topology Internet Internet WAN1 PPPoE 8Mbps WAN2 Dynamic IP 12Mbps Router PC 7 2 3 Configuration Scheme To meet the requirement configure WAN parameters on the router in order that the two WAN links can work properly and have access to the internet then configure load balancing on the ...

Page 84: ... and specify Upstream and Downstream bandwidth for this link according to data that ISP provides Make sure two WAN links can work properly and have access to the internet Configuring the Load Balancing Choose the menu Transmission Load Balancing Basic Settings to load the configuration page Enable Load Balancing globally and click Save Enable Application Optimized Routing and enable Bandwidth Base...

Page 85: ... unsafety Configure the FTP server as a virtual server on the router so that the FTP server can be accessed by the internet user 7 3 4 Configuration Procedure Follow the steps below to configure virtual server on the router 1 Choose the menu Transmission NAT Virtual Servers to load the configuration page and click Add 2 Specify the entry name as ftp choose the interface as WAN1 and specify the int...

Page 86: ...r web surfing WAN2 for other internet activities 7 4 1 Network Topology Figure 7 11 Network Topology WAN1 WAN2 Router PC PC PC 192 168 0 2 192 168 0 3 192 168 0 4 Internet Internet 7 4 2 Configuration Scheme To meet the first requirement configure link backup on the router To meet the second requirement configure policy routing rules for two computers which use 192 168 0 2 and 192 168 0 3 Note tha...

Page 87: ...ng the Policy Routing Rules 1 Choose the menu Preferences IP Group IP Address to load the configuration page and click Add Specify the IP address name as tp the IP address type as IP Address Range 192 168 0 2 192 168 0 3 Click OK Figure 7 13 Configuring the IP Address 2 Choose the menu Preferences IP Group IP Address to load the configuration page and click Add Specify the IP group name as group1 ...

Page 88: ... source IP as group1 the destination IP as IPGROUP_ANY which means no limit Choose WAN1 and keep Status of this entry as Enable Click OK Figure 7 15 Configuring the Policy Routing Rule 1 Specify the policy routing rule name as policy2 the service type as ALL the source IP as group1 the destination IP as IPGROUP_ANY which means no limit Choose WAN2 and keep Status of this entry as Enable Click OK F...

Page 89: ...Part 5 Configuring Firewall CHAPTERS 1 Firewall 2 Firewall Configuration 3 Configuration Examples ...

Page 90: ...ntries which results in a breakdown of normal communication Anti ARP Spoofing can protect the network from ARP spoofing attacks It works based on the IP MAC Binding entries These entries record the correct one to one relationships between IP addresses and MAC addresses When receiving an ARP packet the router checks whether it matches any of the IP MAC Binding entries If not the router will ignore ...

Page 91: ...AC Filtering List and deny other packets or deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Access Control Access Control can filter the packets passing through the router based on the Access Control rules An Access Control rule includes a filter policy and some conditions such as service type receiving interface and effective time The router will apply th...

Page 92: ...u add and verify the IP MAC Binding entries first before enabling Anti ARP Spoofing 2 1 1 Adding IP MAC Binding Entries You can add IP MAC Binding entries in two ways manually and via ARP scanning Adding IP MAC Binding Entries Manually You can manually bind the IP address MAC address and interface together on the condition that you have got the related information of the hosts on the network Addin...

Page 93: ... Choose the menu Firewall Anti ARP Spoofing IP MAC Binding to load the following page Figure 2 1 IP MAC Binding Page Follow the steps below to add IP MAC Binding entries manually 1 In the IP MAC Binding List section click Add to load the following page Figure 2 2 Add IP MAC Binding Entries Manually 2 Configure the following parameters on this page IP Address Enter an IP address to be bound MAC Add...

Page 94: ...ng If you want to get the IP addresses and MAC addresses of the hosts quickly you can use ARP Scanning to facilitate your operation Note Before using this feature make sure that your network is safe and the hosts are not suffering from ARP attacks at present otherwise you may obtain incorrect IP MAC Binding entries If your network is being attacked it s recommended to bind the entries manually Cho...

Page 95: ...ure 2 5 ARP Scanning Result Also you can go to Firewall Anti ARP Spoofing ARP List to view and bind the ARP Scanning entries The ARP Scanning list displays all the historical scanned entries You can click to export the entry to the IP MAC Binding table Figure 2 6 ARP List 2 1 2 Enable Anti ARP Spoofing Choose the menu Firewall Anti ARP Spoofing IP MAC Binding to load the following page Figure 2 1 ...

Page 96: ...d GARP packets when ARP attack is detected With this option enabled the router will send GARP packets to the hosts if it detects ARP spoofing packets on the network The GARP packets will inform the hosts of the correct ARP information which is used to replace the wrong ARP information in the hosts Interval If the Send GARP packets when ARP attack is detected is enabled configure the time interval ...

Page 97: ...able your desired feature By default all the options are disabled For details refer to the following table Multi connections TCP SYN Flood With this feature enabled the router will filter the subsequent TCP SYN packets if the number of this kind of packets reaches the specified threshold The valid threshold ranges from 100 to 99999 Multi connections UDP Flood With this feature enabled the router w...

Page 98: ...this option enabled the router will filter the TCP scan packets of Stealth FIN Xmas and Null Block Ping of Death With this option enabled the router will block Ping of Death attack Ping of Death attack means that the attacker sends abnormal ping packets larger than 65535 bytes to cause system crash on the target computer Block Large Ping With this option enabled the router will block Large Ping at...

Page 99: ...rst before configuring the filtering rule Choose the menu Firewall MAC Filtering MAC Filtering to load the following page Figure 2 3 MAC Filtering Follow the steps below to configure MAC Filtering 1 In the MAC Filtering List section click Add to add MAC Filtering entries to the MAC Filtering list Specify a name and enter the MAC address in the format xx xx xx xx xx xx Click OK Figure 2 4 MAC Filte...

Page 100: ... whether to select this filtering rule With this rule selected the router will deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Note MAC Filtering rules take effect on the LAN interface instead of the WAN interface 2 4 Configuring Access Control Choose the menu Firewall Access Control Access Control and click Add to load the following page Figure 2 5 Access...

Page 101: ...he rule Source Select an IP group to specify the source address range for the rule The IP group referenced here can be created on the Preferences IP Group page Destination Select an IP group to specify the destination address range for the rule The IP group referenced here can be created on the Preferences IP Group page Effective Time Select the effective time for the rule The effective time refer...

Page 102: ...ired to configure the router to protect itself and the terminal hosts from the ARP attacks Figure 3 1 Network Topology Internet Layer 2 Switch Host A 192 168 0 10 00 19 56 8A 4C 71 Host B 192 168 0 20 00 19 56 82 3B 70 Host C 192 168 0 30 00 19 56 8D 22 75 Attacker Gateway LAN 192 168 0 1 WAN 3 1 2 Configuration Scheme The attacker can launch three types of ARP attacks cheating gateway imitating g...

Page 103: ...t send packets to legal host correctly To protect the hosts from the attacks above it is recommend to take both of the precautions below Configure the firewall feature on the hosts Configure the router to send GARP packets to the hosts when the router detects ARP attacks The GARP packets will inform the hosts of the correct ARP maps and the wrong ARP maps in the hosts will be replaced by the corre...

Page 104: ...terface and give a description Host A for this entry Since the IP address 192 168 0 10 has been used by Host A we keep Export to DHCP Address Reservation as Enable to preserve this IP address from being assigned to other hosts Keep Status of this entry as Enable Click OK Figure 3 3 Add IP MAC Binding Entry 3 Add the IP MAC Binding entries for Host B and Host C as introduced above and verify your c...

Page 105: ...3 5 Configure Anti ARP Spoofing 3 2 Example for MAC Filtering 3 2 1 Network Requirements In the diagram below the router is the gateway of the network The network administrator now detects some abnormal attack packets from a host whose MAC address is 00 17 87 4A 5C 25 To protect the devices from being attacked it is required that all packets from the attacker should be dropped when passing through...

Page 106: ...e rest 2 Add the MAC address of the attacker to the MAC Filtering List 3 2 3 Configuration Procedure Follow the steps below to configure MAC Filtering on the router 1 Choose the menu Firewall MAC Filtering MAC Filtering to load the following page In the General section enable MAC Filtering and select the filtering rule as Deny packets with the MAC addresses listed below and allow the rest Click Sa...

Page 107: ... Switch Router LAN 192 168 0 1 24 WAN 1 1 1 2 Internet R D Department 192 168 0 10 24 192 168 0 120 24 Other Departments 3 3 2 Configuration Scheme To meet these requirements we can configure Access Control rules on the router to filter the specific types of packets from R D department only the HTTP and HTTPs packets are allowed to be sent to the internet and other types of packets are not allowed...

Page 108: ...erences IP Group IP Address to load the configuration page and click Add Specify a name RD select IP Address Range and enter the IP address range of the R D department Click OK Figure 3 2 Configure IP Address Range 2 Choose the menu Preferences IP Group IP Group to load the configuration page and click Add Specify a group name RD_Dept select the preset address range RD and click OK Figure 3 3 Conf...

Page 109: ...is rule means that all the HTTP packets from the R D department are allowed to be transmitted from LAN to the internet at any time Figure 3 5 Configure Allow Rule for HTTP Service 5 Choose the menu Firewall Access Control Access Control to load the configuration page and click Add Specify a name for this rule Select Allow as the rule policy HTTPS as the service type LAN as the effective interface ...

Page 110: ...UP_ANY as the destination IP group and Any as the effective time Click OK This rule means that all DNS packets from the R D department are allowed to be sent from the LAN to the internet at any time Figure 3 7 Configure Allow Rule for DNS Service 7 Choose the menu Firewall Access Control Access Control to load the configuration page and click Add Specify a name for this rule Select Block as the ru...

Page 111: ...nfiguration result In the Access Control List the rule with a smaller ID has a higher priority Since the router matches the rules beginning with the highest priority make sure the three Allow rules have the smaller ID numbers compared with the Block rule In this way the router checks whether the received packet matches the three Allow rules first and only packets that do not match any of the Allow...

Page 112: ...Part 6 Configuring Behavior Control CHAPTERS 1 Behavior Control 2 Behavior Control Configuration 3 Configuration Examples ...

Page 113: ...ites The router provides two ways to filter websites Web Group Filtering and URL Filtering Web Group Filtering You can configure multiple websites as a web group and set a filtering rule for the group More than one group can be created and several groups can share a same filtering rule URL Filtering You can directly set a filtering rule for specific entire URLs or keywords Web Security Web Securit...

Page 114: ...ring There are two methods to filter websites Web Group Filtering and URL Filtering 2 1 1 Configure Web Group Filtering To configure Web Group Filtering add one or more web groups first and then add web group filtering entries using the created groups Add Web Groups Choose the menu Behavior Control Web Filtering Web Group and click Add to load the following page Figure 2 1 Web Group Page Configure...

Page 115: ...dcard Use Enter key Space key or to divide different websites Description Enter a brief description for the group Add Web Group Filtering Entries Before configuring web group entries go to the Preferences module to configure the IP Group and Effective Time according to your needs Choose the menu Behavior Control Web Filtering Web Group Filtering and click Add to load the following page Figure 2 2 ...

Page 116: ... Effective Time Select the effective time The effective time referenced here can be created on the Preferences Time Range page Description Enter a brief description for the group ID Specify a rule ID A smaller ID means a higher priority This value is optional A newly added rule with this field left blank will get the largest ID among all rules which means that the newly added rule has the lowest p...

Page 117: ... menu Behavior Control Web Filtering URL Filtering and click Add to load the following page Figure 2 3 URL Filtering Page Follow the steps below to configure URL filtering 1 In the URL Filtering List section click Add and configure the required parameters Click OK IP Group Select an IP group for the rule The IP group referenced here can be created on the Preferences IP Group page Policy Choose to ...

Page 118: ...e A and deny other websites you can add an Allow rule with the filtering content A and add a Deny rule with the filtering content Note that rule should have the largest ID number which means that it has the lowest priority Effective Time Select the effective time The effective time referenced here can be created on the Preferences Time Range page Status Check the box to enable the rule Description...

Page 119: ...k Add to load the following page Figure 2 4 Web Security Page Follow the steps below to configure Web Security 1 In the Web Security List section configure the following parameters and click OK to add a Web Security rule IP Group Select an IP group for the rule The IP group referenced here can be created on the Preferences IP Group page Block HTTP Post With this option enabled HTTP posts will be b...

Page 120: ...ferent file suffixes The hosts of the selected IP group cannot download these types of files from the internet Effective Select the effective time The effective time referenced here can be created on the Preferences Time Range page Description Enter a brief description for the group Status Check the box to enable the rule 2 In the General section enable Web Security and click Save ...

Page 121: ...visit the official website of the company for example http www tp link com For other departments there is no limitation of website access Figure 3 1 Network Topology R R Layer 2 Switch Router LAN 192 168 0 1 24 WAN 1 1 1 2 Internet R D Department 192 168 0 10 24 192 168 0 120 24 Other Departments 3 1 2 Configuration Scheme We can configure Web Filtering to limit the website access of the specific ...

Page 122: ...ist rule to allow the R D department users to access www tp link com 4 Add a Blacklist rule to forbid the R D department users from accessing all websites Note that the priority of this rule should be lower than the Whitelist rule 3 1 3 Configuration Procedure Follow the steps below to complete the configuration 1 Choose the menu Preferences IP Group IP Address to load the configuration page and c...

Page 123: ... this web group and add the member www tp link com Click OK Figure 3 4 Configure Web Group 4 Choose the menu Behavior Control Web Filtering Web Group Filtering to load the configuration page and click Add Select RD_Dept as the IP Group Whitelist as the Policy RD_Filtering as the Web Group and Any as the Effective Time Click OK This rule means that the hosts in the R D department are allowed to acc...

Page 124: ... that the hosts in the R D department are denied access to all websites at all times Figure 3 6 Configure Blacklist Rule 6 On the same page verify your configurations In the Web Filtering List the rule with a smaller ID has a higher priority Since the router matches the rules beginning with the highest priority make sure the Whitelist rule has the smaller ID number In this way the router allows th...

Page 125: ... Figure 3 8 Enable Web Filtering 3 2 Example for Web Security 3 2 1 Network Requirements In the diagram below the company s hosts are connected to a layer 2 switch and access the internet via the router For security reasons it is required that the users in the LAN cannot log in submit comments or download rar files on the internet Figure 3 1 Network Topology Internet R R Layer 2 Switch Router LAN ...

Page 126: ...ar in the file suffix column 3 2 3 Configuration Procedure Follow the steps below to complete the configuration 1 Choose the menu Behavior Control Web Security Web Security and click Add to load the following page Select IPGROUP_LAN as the IP Group enable Block HTTP Post enter rar in the File Suffix filed select Any as the Effective Time and keep the Status as Enable Click OK Figure 3 2 Configure ...

Page 127: ...ntication CHAPTERS 1 Overview 2 Local Authentication Configuration 3 Radius Authentication Configuration 4 Onekey Online Configuration 5 Guest Resources Configuration 6 Viewing the Authentication Status 7 Configuration Example ...

Page 128: ...Portal Authentication Client Access Device Web Server Authentication Server Client The end device that needs to be authenticated before permitted to access the internet Access Device The device that supports portal authentication In this configuration guide it means the router The Access Device helps to redirect all HTTP requests to the Web Server before authenticated interact with the Authenticat...

Page 129: ...t through HTTP 2 The router redirects the client s HTTP request to the web server 3 The client visits the web server 4 The Web server returns the authentication login page to the client 5 The client enters the username and password on the authentication login page 6 The router forwards the username and password to the authentication server 7 The authentication server returns the authentication res...

Page 130: ...tion Radius Authentication In Radius authentication you can specify an external Radius server as the authentication server The user s account information are recorded in the Radius server Local Authentication If you don t have an additional Radius server you can choose local authentication In local authentication the router uses the built in authentication server to authenticate The built in authe...

Page 131: ...gure the local user account 2 1 Configuring the Authentication Page The browser will redirect to the authentication page when the client try to access the internet On the authentication page the user need to enter the username and password to log in After the authentication succeeded the user can access the internet Choose the menu Authentication Authentication Settings Web Authentication to load ...

Page 132: ...to enable portal authentication Idle Timeout Specify the idle timeout The client will be disconnected after the specified period Idle Timeout of inactivity and is required to be authenticated again Value 0 means the client will always keep online until the authentication timeout leased even if the client remains inactive Portal Authentication Port Enter the service port for portal authentication T...

Page 133: ... client starts the authentication Success Redirect URL Specify the Success Redirect URL if you choose the Authentication Page as External Links The browser will redirect to this URL after the authentication succeeded Fail redirect URL Specify the Fail Redirect URL if you choose the Authentication Page as External Links The browser will redirect to this URL if the authentication failed Note If the ...

Page 134: ...he built in authentication server to authenticate users You need to configure the authentication accounts for the local users The router supports two types of local users Formal User If you want to provide the user with network service for a long period of time in days you can create Formal User accounts for them Free User If you want to provide the user with network service for a short period of ...

Page 135: ...nticate before this date Authentication Peroid Specify the period during which the client is allowed to be authenticated MAC Binding Type Specify the MAC Binding type There are three types of MAC Binding No binding Static Binding and Dynamic Binding No Binding The client s MAC address will not be bound Static Binding Manually enter the MAC address of the client to be bound Only the bound client is...

Page 136: ...idth Optional Specify the upstream downstream bandwidth for the user 0 means no limit Name Optional Record the user s name Telephone Optional Record the user s telephone number Description Optional Enter a brief description for the user Status Check the box to enable this account Configuring the Free User Account Choose the menu Authentication User Management User Management and click Add to load ...

Page 137: ...the following page Figure 2 4 Configuring the Formal User To backup local users accounts Click Backup button to backup all the local users accounts as a CSV file in ANSI coding format To restore local users accounts You can import the accounts to the router if you have backups Click Browse to select the file path the backup must be a CSV file then click Restore to restore the accounts You can also...

Page 138: ...nd configure the corresponding parameters 3 1 Configuring Radius Authentication Choose the menu Authentication Authentication Settings Web Authentication to load the following page Figure 3 1 Configuring the Radius Authentication Follow these steps to configure Radius Authentication 1 In the Settings section enable the authentication status configure the idle timeout and portal authentication port...

Page 139: ... the welcome information to be displayed on the custom authentication page Copyright Specify the copyright information to be displayed on the custom authentication page Page Preview Click the Login Page Preview button and you can preview the customized authentication page Authentication URL Specify the URL for authentication page if you choose the Authentication Page as External Links The browser ...

Page 140: ...ive Authentication Port Enter the service port for Radius authentication By default it is 1812 Authorized Share Key Specify the authorized share key This key should be the same configured in the Radius server Retry Times Specify the number of times the router will retry sending authentication requests after the authentication failed Timeout Interval Specify the timeout interval that the client can...

Page 141: ...ation to load the following page Figure 4 1 Configuring the Web Authentication Follow these steps to configure Onekey Online Authentication 1 In the Settings section enable the authentication status configure the idle timeout and portal authentication port Status Check the box to enable portal authentication Idle Timeout Specify the idle timeout The client will be disconnected after the specified ...

Page 142: ... Click the Upload button to choose a local image as the background picture of the custom authentication page Welcome Information Specify the welcome information to be displayed on the custom authentication page Copyright Specify the copyright information to be displayed on the custom authentication page Page Preview Click the Login Page Preview button and you can preview the customized authenticat...

Page 143: ...o select Five Tuple Type when the IP address and service port of the free network resource are already known URL Type Specify the client and the network resources the client can visit based on the settings of the URL IP address MAC address and service port It is recommended to select URL Type when the URL of the free network resource is already known Note By default the Guest Resource table is emp...

Page 144: ...work address and subnet mask bits Only the specified clients can visit the guest resources Destination IP Range Specify the IP range of the server s that provides the guest resources by entering the network address and subnet mask bits Source MAC Address Enter the MAC address of the client Source Port Range Enter the source service port range Destination Port Range Enter the destination service po...

Page 145: ...load the following page Figure 5 1 Configuring the URL Specify the client and the network resources the client can visit by configuring the URL of the network resource and the parameters of the clients then click OK Name Enter the name of the guest resource entry Type Choose the guest resource type as URL Type URL Address Enter the URL address or IP address of the network resource that can be visi...

Page 146: ...ources entry to make it easier to search and manage Status Check the box to enable the guest resource entry Note In a Guest Resource entry if some parameter is left empty it means the router will not restrict that parameter For example if the source IP range is left empty it means all the clients can visit the specified guest resources ...

Page 147: ...tatus Authentication Status to load the following page Figure 6 1 Viewing the Authentication Status Here you can view the clients that pass the portal authentication Type Displays the authentication type of the client Starting Time Displays the starting time of the authentication IP Address Displays the client s IP address MAC Address Displays the client s MAC address ...

Page 148: ...ork Topology Internet Router Clients Clients Clients Core Switch Access Switch Access Switch 7 2 Configuration Scheme For the hotel does not have an external Web server or Authentication server it is recommended to choose Local Authentication to meet this requirement To control the guests internet access you can create local user accounts for the guests The guests need to use the accounts assigned...

Page 149: ...uring the Authentication Page Choose the menu Authentication Authentication Settings Web Authentication to load the following page 1 Enable portal authentication and keep the Idle Timeout and Portal Authentication Port as default settings Figure 7 2 Enable Portal Authentication 2 Choose the Authentication Page as Custom page pick a picture of the hotel as the background picture on the authenticati...

Page 150: ...t to load the following page Here we take the configuration of Formal User account as an example We create an account for the guests of room 101 The username is Room101 and the password is 123456 and at most three guests can use this account to authenticate Then click OK Figure 7 5 Configure the Account for the guests After all the configuration finished the guest can use the account to authentica...

Page 151: ...Part 8 Managing Services CHAPTERS 1 Services 2 Dynamic DNS Configurations 3 UPnP Configuration 4 Configuration Example for Dynamic DNS ...

Page 152: ...ress to change dynamically DDNS is an internet service that ensures a fixed domain name can be used to access a network with a varying public IP address This means the user s network can be more easily accessed by internet hosts UPnP With the development of networking and advanced computing techniques greater numbers of devices feature in networks UPnP is designed to solve the problem of communica...

Page 153: ...Follow these steps to configure Peanuthull DDNS 1 Click Go to register to visit the official website of Peanuthull register an account and a domain name 2 Configure the following parameters and click OK Interface Select the interface for the DDNS service Account Name Enter the account name of your DDNS account You can click Go to register to visit the official website of Peanuthull to register an ...

Page 154: ... is working normally Incorrect account name or password The account name or password is incorrect Domain Name Displays the Domain Names obtained from the DDNS server Service Type Displays the DDNS service type including Professional service and Standard service 2 2 Configure and View Comexe DDNS Choose the menu Service Dynamic DNS Comexe and click Add to load the following page Figure 2 3 Configur...

Page 155: ...P addresses for registered domain names Status Check the box to enable the DDNS service 3 View the DDNS status Figure 2 4 View the Status of Comexe DDNS Status Displays whether the corresponding DDNS service is enabled Service Status Displays the current status of DDNS service Offline DDNS service is offline Connecting DDNS client is connecting to the server Online DDNS is working normally Incorre...

Page 156: ... the account name of your DDNS account You can click Go to register to visit the official website of DynDNS to register an account Password Enter the password of your DDNS account Domain Name Specify the domain name that you registered with your DDNS service provider Update Interval Specify the Update Interval that the device dynamically updates IP addresses for registered domain names Status Chec...

Page 157: ...View NO IP DDNS Choose the menu Service Dynamic DNS NO IP and click Add to load the following page Figure 2 7 View NO IP DDNS Follow these steps to configure NO IP DDNS 1 Click Go to register to visit the official website of NO IP and register an account and a domain name 2 Configure the following parameters and click OK Interface Select the interface for the DDNS service Account Name Enter the ac...

Page 158: ...2 8 View the Status of NO IP DDNS Status Displays whether the corresponding DDNS service is enabled Service Status Displays the current status of DDNS service Offline DDNS service is offline Connecting DDNS client is connecting to the server Online DDNS is working normally Incorrect account name or password The account name or password is incorrect Incorrect domain name The domain name is incorrec...

Page 159: ...ptional In the UPnP Portmap List section view the portmap list Description Displays the description of the application using UPnP protocol Protocol Displays the protocol type used in the process of UPnP Interface Displays the interface used in the process of UPnP IP Address Displays the IP address of the local host External Port Displays the external port that is opened for the application by the ...

Page 160: ...he router may be changed each time the dial up connection is established When the public IP address of the router changes DDNS service ensures the DNS server rebinds the current domain name to the new IP address This means the user can always reach the router using the same domain name even if the public IP address has been changed 4 3 Configuration Procedure 4 3 1 Specifying the IP Address of the...

Page 161: ...ion Example for Dynamic DNS Figure 4 2 Registering a Domain Name 2 Set the Interface as WAN1 set the Update Interval as 6 hours and enter the Account Name and Password previously registered before Click OK Figure 4 3 Specifying Peanuthull DDNS Parameters ...

Page 162: ...Part 9 System Tools CHAPTERS 1 System Tools 2 Admin Setup 3 Management 4 SNMP 5 Diagnostics 6 Time Settings 7 System Log ...

Page 163: ...le reboot the router and upgrade the firmware SNMP SNMP Simple Network Management Protocol is a standard network management protocol It helps network managers to configure and monitor network devices With SNMP network managers can view and modify network device information detect and analyze network error and so on The router supports SNMPv1 and SNMPv2 Diagnostics Diagnostics is used to detect net...

Page 164: ...ystem Tools Admin Setup Admin Setup to load the following page Figure 2 1 Modifying the Admin Account In the Account section configure the following parameters and click Save to modify the admin account Old Username Enter the old username Old Password Enter the old password New Username Enter a new username New Password Enter a new password Confirm New Password Re enter the new password for confir...

Page 165: ...re the following parameters and click OK to specify the IP subnet and mask for remote management Subnet Mask Enter the IP Subnet and Mask of the remote host Status Check the box to enable the remote management function for the remote host 2 3 System Setting Choose the menu System Tools Admin Setup System Settings to load the following page Figure 2 3 Configuring System Settings In the Settings sec...

Page 166: ... to enable the function then you will access the web management interface by HTTPS protocol instead of HTTP protocol HTTPS Server Port Enter the https server port for web management The port number should be different from other servers The default setting is 443 After changing the https server port you should access the interface by using IP address and the port number in the format of https 192 ...

Page 167: ...de 3 1 Factory Default Restore Choose the menu System Tools Management Factory Default Restore to load the following page Figure 3 1 Reseting the Device Click Factory Restore to reset the device 3 2 Backup Restore Choose the menu System Tools Management Backup Restore to load the following page Figure 3 2 Backup Restore Page Choose the corresponding operation according to your need ...

Page 168: ...host and click Restore to import the saved configuration to your router 3 3 Reboot Choose the menu System Tools Management Reboot to load the following page Figure 3 3 Rebooting the Device Click Reboot to reboot the device 3 4 Firmware Upgrade Choose the menu System Tools Management Firmware Upgrade to load the following page Figure 3 4 Configure System Settings Select one firmware file and click ...

Page 169: ...dress Device Name Enter a name for the device Location Enter the location of the device For example the name can be composed of the building floor number and room location Get Community Specify the community that has read only access to the device s SNMP information Get Trusted Host Enter the IP address that can serve as Get Community to read the SNMP information of this device Set Community Speci...

Page 170: ...can show the roundtrip time between the two devices directly and traceroute can show the IP address of routers along the route path 5 1 1 Configuring Ping Choose the menu System Tools Diagnostics Diagnostics to load the following page Figure 5 1 Configuring Diagnostics Follow these steps to configure Diagnostics 1 In Diagnostics section select Ping and configure the following parameters Diagnostic...

Page 171: ...ollowing section will appear Figure 5 2 Advanced Parameters for Ping Method Ping Count Specify the count of the test packets to be sent during the ping process Ping Packet Size Specify the size of the test packets to be sent during the ping process 3 Click Start 5 1 2 Configuring Traceroute Choose the menu System Tools Diagnostics Diagnostics to load the following page Figure 5 3 Configuring Diagn...

Page 172: ... Specify the traceroute max TTL Time To Live during the traceroute process It is the maximum number of the route hops the test packets can pass through 3 Click Start 5 2 Remote Assistance Note Please make contact with the technicians brfore trying to use this function Choose the menu System Tools Diagnostics Remote Assistance to load the following page Figure 5 5 Remote Assistance Page 1 In the Re...

Page 173: ...s Time Settings Time Settings to load the following page Figure 6 1 Getting Automatically from the Internet In the Time Settings section configure the following parameters and click Save Current Time Displays the current system time Time Config Select Get automatically from the Internet to get the system time from the NTP server Time Zone Select the time zone the device is in Primary NTP Server En...

Page 174: ...eters and click Save Current Time Displays the current system time Time Config Select Manually to set the system time manually Date Specify the date of the system Time Specify the time of the system Synchronize with PC s Clock Synchronize the system time of the router with PC s clock 6 2 Setting the Daylight Saving Time Choose one method to set the daylight saving time 6 2 1 Predefined Mode Choose...

Page 175: ...t the Daylight Saving Time of Europe It is from 1 00 a m on the Last Sunday in March to 1 00 a m on the Last Sunday in October Australia Select the Daylight Saving Time of Australia It is from 2 00 a m on the First Sunday in October to 3 00 a m on the First Sunday in April New Zealand Select the Daylight Saving Time of New Zealand It is from 2 00 a m on the Last Sunday in September to 3 00 a m on ...

Page 176: ...ing time is relative to daylight saving time 6 2 3 Date Mode Choose the menu System Tools Time Settings Time Settings to load the following page Figure 6 5 Date Mode Page In the Daylight Saving Time section select one predefined DST schedule and click Save DST Status Check the box to enable the DST function Mode Select Date Mode to specify an absolute time range for the daylight saving time Time O...

Page 177: ... System Log to load the following page Figure 7 1 System Log Page Follow these steps to view the system log 1 In the Log Settings section configure the following parameters and click Save Enable Auto refresh Check the box to enable this function and the page will refresh automatically every 10 seconds ...

Page 178: ...the system at risk such as a failure to release memory ERROR Generic errors WARNING Warning messages such as WinNuke attack warnings NOTICE Important notifications such as IKE policy mismatches INFO Informational messages DEBUG Debug level notifications such as when the router receives a DNS packet Send Log Enable the Send Log function and then the newly generated logs will be sent to the specifie...

Page 179: ...ordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause ...

Page 180: ...pareil ne doit pas produire de brouillage 2 l utilisateur de l appareil doit accepter tout brouillage radioélectrique subi meme si le brouillage est susceptible d en compromettre le fonctionnement Industry Canada Statement CAN ICES 3 A NMB 3 A NCC Notice 注意 依據 低功率電波輻射性電機管理辦法 第十二條 經型式認證合格之低功率射頻電機 非經許可 公司 商號或使用者均不得擅自變 更頻率 加大功率或變更原設計之特性或功能 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通行 經發現有干擾現象時 應立即停用 並改善至無干擾時方得繼續使用...

Page 181: ...и актами України Safety Information Keep the device away from water fire humidity or hot environments Do not attempt to disassemble repair or modify the device Do not use damaged charger or USB cable to charge the device Do not use any other chargers than those recommended Please read and follow the above safety information when operating the device We cannot guarantee that no accidents or damage ...

Page 182: ...te electrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its impact on the environment User has the choice to give his product to a competent recycling organization or to the retailer when he buys a new electrical or electronic equipment ...

Reviews:

No comments

Related manuals for TL-R470T Plus

Eaton Power Xpert Meter 2000 Instructions Manual preview
Power Xpert Meter 2000
Brand: Eaton Pages: 16
Eaton POW-R-COMMAND 1000 User Manual preview
POW-R-COMMAND 1000
Brand: Eaton Pages: 84
N-Tron 7018 User Manual & Installation Manual preview
7018
Brand: N-Tron Pages: 138
Fortinet FortiAP S311C Quick Start Manual preview
FortiAP S311C
Brand: Fortinet Pages: 20
Idis DR-8400 Installation Manual preview
DR-8400
Brand: Idis Pages: 31
Ubiquiti EdgeRouter 12 Quick Start Manual preview
EdgeRouter 12
Brand: Ubiquiti Pages: 23
TP-Link Archer C7 How To Set Up preview
Archer C7
Brand: TP-Link Pages: 4
Ryobi RE180PL1 Operator'S Manual preview
RE180PL1
Brand: Ryobi Pages: 44
Patton electronics 1080ARC User Manual preview
1080ARC
Brand: Patton electronics Pages: 40
ADTRAN 1202880E1 Quick Start Manual preview
1202880E1
Brand: ADTRAN Pages: 4
Valcom VIP-997 Manual preview
VIP-997
Brand: Valcom Pages: 4
ZyXEL Communications GS-1116A Supplementary Manual preview
GS-1116A
Brand: ZyXEL Communications Pages: 1
Supero AOC-SAT2-MV8 User Manual preview
AOC-SAT2-MV8
Brand: Supero Pages: 18
LAWO A_madi4 User Manual preview
A_madi4
Brand: LAWO Pages: 68
Allied Telesis AT-24xx Owner'S Manual preview
AT-24xx
Brand: Allied Telesis Pages: 3
Huawei NIP6320 Quick Start Manual preview
NIP6320
Brand: Huawei Pages: 4
Huawei RT-16ASE Specifications preview
RT-16ASE
Brand: Huawei Pages: 2
Zte EPON SFU Series User Manual preview
EPON SFU Series
Brand: Zte Pages: 26

Brands by name

Popular brands

Load more brands