HP R110 страница 100 Скачать руководство пользователя | Manualshive

Страница: 100 / 142

background image

100

NAT configuration

NAT settings

The Settings page includes the global NAT enable for all VLANs on the router. If NAT is
disabled on this page, the NAT features for all VLANs are also disabled.

Turning off NAT does not affect the firewall functions.

Virtual server settings

This function allows you to route external (Internet) calls for services, such as a web server (port
80), FTP server (port 21), or other applications, through your router to your internal network.
Because your internal computers are protected by a firewall, machines from the Internet cannot
reach them because they cannot be “seen.” If you need to configure the Virtual Server function
for a specific application, you need to contact the application vendor to find out which port
settings you need. To manually enter settings, enter the IP address in the space provided for the
internal machine, the port type (TCP or UDP), and the private and public port(s) required to
pass traffic. Then click

Add

and

Save

. You can only pass one port per private IP address.

Opening ports in your firewall can pose a security risk. HP recommends that you disable the
settings when you are not using a specific application. A maximum of 20 rules can be defined.

This page includes the following settings:

Private IP

The IPv4 address of the computer on the local network.

«
...
98
99
100
101
102
...
»

Содержание R110

Страница 1: ...HP R100 Series Wireless VPN Routers Configuration and Administration Guide HP Part Number 5998 5394 Published September 2014 Edition 1 ...

Страница 2: ...h products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Microsoft and Windows are U S trademarks of the Microsoft group of companies Google Chrome browser is a trademark of Google Inc Warranty WARRANTY STATEMENT See the warranty information sheet provided...

Страница 3: ...tration settings 25 System information General settings 25 Administrator login credentials 25 Setting the Country Code 25 Configuring web server settings 25 Configuring trusted users 26 System time settings 26 Set system time 27 Daylight saving 28 Configuring SNMP 28 Managing system logs 29 Events 30 Proxy ARP settings 31 Rebooting the router 33 Viewing traffic statistics 33 4 WAN configuration 35...

Страница 4: ...hrough settings 79 8 Routing configuration 81 Viewing routing status 81 Viewing the IPv4 routing table 82 IPv4 Dynamic route settings 83 IPv4 Static route settings 84 Viewing the IPv6 routing table 85 IPv6 Dynamic route settings 86 IPv6 Static route settings 86 9 Firewall configuration 89 Viewing the firewall status 89 Security settings 90 Client filtering 92 MAC filtering 93 URL filtering 94 Cont...

Страница 5: ... Viewing tools status 121 Updating software 121 Saving configuration settings 122 Ping 124 Nslookup 125 Traceroute 125 Email alert 126 Scheduling 128 Support file 129 Viewing the EULA 129 15 Support and other resources 131 Online documentation 131 Contacting HP 131 HP websites 131 Conventions 132 A Resetting to factory defaults 133 Factory reset procedures 133 Using the reset button 133 Using the ...

Страница 6: ...6 ...

Страница 7: ...e HP R1 10 R120 on VLAN 1 providing access to private resources on the company network and on the Internet Guests connect to wireless community 2 which is protected with WEP All guest traffic exits the HP R1 10 R120 on VLAN 2 providing access only to the Internet For offices that need Ethernet ports for wired connectivity the R1 10 R120 has a built in 4 port Gigabit switch It can also be used to e...

Страница 8: ...10 R120 located in an office provides a virtual private network VPN connection across the Internet to a remote client typically a mobile worker The R1 10 R120 forms secure VPN IPSec PPTP L2TP IPSec tunnel connection to the client which can then access the computers and servers in the office network The remote client can be a Windows or Mac computer or any Apple iOS or Android mobile device Wireles...

Страница 9: ...orms secure VPN tunnel connections to R1 10 R120 2 R1 10 R120 3 and R1 10 R120 4 at three branch locations The computers on each branch network can access the computers and servers on the headquarters network LAN computers Headquarters Branch 1 R110 R120 1 R110 R120 2 Branch 2 R110 R120 3 Branch 3 R110 R120 4 Internet LAN LAN LAN WAN WAN WAN Server LAN WAN VPN VPN VPN VPN ...

Страница 10: ...10 Deploying the HP R110 R120 ...

Страница 11: ...o completing or cancelling out of the Wizard Setup the System Status page displays by default See also the HP R100 Series Wireless VPN Routers Quickstart which describes the configuration procedure for a basic wireless network Wizard Setup To start the Wizard Setup select Home Wizard Setup and then click Start Step 1 Specify system time settings The router keeps time by connecting to a Network Tim...

Страница 12: ...time setting of the router Time Server Address The IP address or name of an NTP server Set Time Zone The local time zone where the router is installed Daylight saving Enable Enables daylight saving for the system time The router automatically sets daylight saving start and end dates based on the time zone selected Manually Set Time For Daylight Savings Sets the dates for starting and ending the da...

Страница 13: ...amic connections may require that you clone the MAC address of the PC that was originally connected to the modem To do so click WAN on the main menu and then MAC Clone to set the WAN MAC address Static IP Address The Static IP addresses mode sets the router to operate with a fixed IP address to connect to the Internet If your ISP uses static IP addressing you need an IP address subnet mask and ISP...

Страница 14: ...d spaces and then click Next to activate your settings Username Enter your ISP assigned user name Do not use characters Password Enter your password usually assigned by your ISP Do not use characters Confirm Password Confirm the password PPTP The Point to Point Tunneling Protocol PPTP is a common WAN protocol used for Virtual Private Networks VPNs that provides a secure tunnel connection between t...

Страница 15: ...gle radio for 2 4 GHz or 5 GHz operation The R120 router supports two radios one for 2 4 GHz and one for 5 GHz This means that the R1 10 can operate at 2 4 GHz or 5 GHz but not both at the same time The R120 can operate concurrently at 2 4 GHz and 5 GHz Therefore the wireless settings differ for the R1 10 and R120 routers The R1 10 router has a single configuration page for 2 4 GHz or 5 GHz operat...

Страница 16: ...elect whether the router will operate in 802 1 1a only mode 802 1 1n only mode or 802 1 1a n mode The R120 router also supports the 802 1 1ac wireless standard and allows the selection of an 802 1 1ac operating mode Select a 2 4 GHz radio mode for the R1 10 and R120 routers 1 1b g Mixed Compatibility mode Up to 1 1 Mbps for 802 1 1b and 54 Mbps for 802 1 1g 1 1b g n Mixed Compatibility mode Up to ...

Страница 17: ...r you complete the quick setup wizard or to access additional configuration options use the Wireless pages MAC Authentication You can control access to the wireless network based on the MAC address of a user s wireless device You can either block access or allow access depending on your requirements Select whether to disable MAC authentication use a MAC authentication list stored locally on the ro...

Страница 18: ...uires the use of a RADIUS server WPA2 PSK The Personal pre shared key mode of WPA2 using AES encryption The pre shared key mode uses a common password phrase for user authentication that is manually entered on the router and all wireless clients Data encryption keys are automatically generated by the router and distributed to all clients connected to the network WPA WPA2 Enterprise The WPA2 Enterp...

Страница 19: ...mbols Passphrase Enter the key according to the type selected in ASCII passphrase style 8 63 alphanumeric characters or in exactly 64 hexadecimal characters For an ASCII key it is recommended that the key be at least 20 characters long and be a mix of letters and numbers The passphrase key cannot begin or end with spaces RADIUS Settings When using WPA2 WPA WPA2 Enterprise or WEP with 802 1X the RA...

Страница 20: ...ndary RADIUS servers Interim Interval The interval between transmitting accounting updates to the RADIUS server The valid range is 30 to 3600 seconds and the default is 300 seconds Step 4 Summary After you complete the Wizard Setup the Summary page displays Confirm the settings and then click Finish The router reboots and the HP R1 10 R120 is operational This page includes the following informatio...

Страница 21: ...ludes one radio that can operate at 2 4 GHz or 5 GHz Mode The wireless standard operating mode of the radio SSID The primary wireless network SSID MAC Authentication The configured MAC authentication setting used for the primary SSID Authentication Mode The configured wireless security mode used for the primary SSID Encryption Type The configured encryption type used for the primary SSID ...

Страница 22: ...22 Using the Wizard Setup ...

Страница 23: ...ecause the security certificate is issued by the router and not a known certificate authority With https it is acceptable to choose the option that allows you to proceed through the security warning In a web browser specify either http 192 168 1 1 or https 192 168 1 1 For information on launching the web based management interface for the first time see the HP R100 Series Wireless VPN Routers Quic...

Страница 24: ...the router s local network IP address MAC address and DHCP server status USB Displays the current status of a device attached to the router s USB port SNMP Displays the status of the Simple Network Management Protocol feature Setting the HP R1 10 R120 mode The device supports Router and Bridge modes for different applications Router Mode The normal router mode that allows connections between a wir...

Страница 25: ... Country Code The country of operation also known as the regulatory domain determines the availability of certain wireless settings on the router When the country is set the router automatically limits the available wireless channels and channel width and adjusts the radio power level in accordance with the regulations of the selected country Caution Incorrectly selecting the country can result in...

Страница 26: ...ctivity on the management session for the specified time then the administrator will be automatically logged off Configuring trusted users When using the trusted users feature only computers with specified MAC or IP addresses can access the router s web management interface All other devices either LAN or WLAN cannot access the web interface A maximum of five rules can be defined System time setti...

Страница 27: ...mestamp is used to indicate the date and time of each event in the system log or syslog messages When you select this option a field displays for you to specify the NTP server You can specify the NTP hostname or IP address although using the IP address is not recommended as these are more likely to change If you specify a hostname note the following requirements The length must be from 1 to 63 cha...

Страница 28: ...on supporting both industry standard MIB II objects and HP specific MIB objects Read only and read write access are supported Select System SNMP to open the SNMP configuration page To configure SNMP set the following options Enable SNMP Use this checkbox to enable disable the SNMP agent By default the SNMP agent is disabled When the agent is disabled the HP R1 10 R120 does not respond to SNMP requ...

Страница 29: ...em log is a list of system messages some of which may indicate error conditions The router stores up to 2048 system messages in volatile memory RAM You can view these events using the router s management interface and you can configure the router to relay them as syslog messages to a syslog server residing on the network Note that the log messages in volatile memory are lost when the system reboot...

Страница 30: ...evel setting determines which messages are stored in RAM and are available for relay to a remote syslog server IP Address Specify the IP address of the remote syslog server Port The syslog process uses logical port 514 by default It is recommended that you keep this default If you specify a different port number ensure that the port number is not being used by another protocol on your network and ...

Страница 31: ... computer on the router s LAN network can appear to be logically on the WAN network accessible using a public IP address Note that although the computer appears as part of the public network it is actually protected behind the router s firewall on the LAN network That is traffic between the public network and the host computer on the LAN is still subject to the rules and policies configured on the...

Страница 32: ...rotocol is selected the protocol numbers can be entered in the Protocol field Port s Specifies the TCP UDP port numbers More than one number can be entered separated by commas Protocol s Specifies special protocol numbers separated by commas IP Address Of Public Hosts In LAN The IP address of a computer in the local LAN The IP address and mask can define a range of addresses For example IP address...

Страница 33: ...tistics To view statistics on Ethernet packets received and transmitted on the wired and wireless ports select System Traffic Statistics The Traffic Statistics page displays The statistics accumulate until the router is rebooted Port Statistics Displays the WAN and LAN port status together with the number of frames bytes that have been transmitted and received Wireless LAN Statistics Displays the ...

Страница 34: ...lays a summary of traffic statistics for the WAN and LAN ports Set the poll interval for updating statistics on the page and click Start You can also click Refresh anytime to immediately update values Click Reset Counters to set all statistics values back to zero ...

Страница 35: ...ou are using DHCP as the connection type you can click Renew to request a new IP address This page includes the following information Connection Type The router s method of connection to the ISP Connection Time The time elapsed since the Internet connection was established IP Address The IP address assigned to the router s WAN port by the ISP Subnet Mask The IP subnet mask assigned to the router s...

Страница 36: ...require that you clone the MAC address of the PC that was originally connected to the modem To do so click on WAN MAC Clone to set the WAN MAC address For more information see MAC clone on page 42 This page includes the following information Connection Type Select DHCP as the router s method of connecting to the ISP Host Name The host name of the DHCP client The host name is optional but may be re...

Страница 37: ... assigned to the router s WAN port by the ISP Gateway Enter the IP address of the ISP s gateway Primary Secondary DNS Address Enter the IP addresses of primary and secondary domain name servers PPPoE The Point to Point Protocol over Ethernet PPPoE is a common WAN protocol that provides a secure tunnel connection between the service provider and the local network Enter the PPPoE information in the ...

Страница 38: ...word Enter the password again to confirm it Service Name The service name is normally optional but may be required by some service providers The service name defines the attributes used to set up a dynamic PPPoE subscriber interface Idle Time Select the number of minutes to elapse without activity before the PPPoE connection is disconnected Or you can leave the default setting of Always On so that...

Страница 39: ...imum of eight rules can be defined Source network The source IPv4 address and mask that identfies traffic to be routed through the specified PPP channel Destination network The destination IPv4 address and mask that identfies traffic to be routed through the specified PPP channel Protocol Identfies TCP or UDP protocol traffic Source port Identfies traffic by a specfied TCP or UDP source port Desti...

Страница 40: ...n DHCP Enable Enables DHCP for the dynamic assignment of the WAN IP address from the ISP You can click Release and Renew to refresh the DHCP assignment If you disable DHCP enter the static IPv4 address subnet mask gateway address as well as primary and secondary DNS server addresses as provided by the ISP L2TP The Layer 2 Tunneling Protocol L2TP is a common WAN protocol used for Virtual Private Ne...

Страница 41: ...g to track the IP address themselves A common use is for running server software on a computer that has a dynamic IP address for example a dialup connection where a new address is assigned at each connection or a DSL service where the address is changed by the ISP occasionally To implement Dynamic DNS you must set the maximum caching time of the domain to an unusually short period typically a few ...

Страница 42: ...lows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address provided to your ISP for registration If you are unsure of the computer MAC address originally registered by your ISP call your ISP and request to register a new MAC address for your account Register the default MAC address of the router s WAN port You can enter the registered MAC address ...

Страница 43: ...nges to the settings the LAN setting pages allow you to Change the default IP address of the router Configure VLANs Enable the DHCP server function for each VLAN Enable NAT features for each VLAN Enable IGMP Snooping and IGMP Proxy for each VLAN Enable the DHCP Relay function Enable Spanning Tree support Viewing the LAN interface status The Status page displays the current status of LAN related fe...

Страница 44: ...etwork Root MAC Address The MAC address of the root device in the Spanning Tree network LAN1 LAN4 Displays the state of the router s port interfaces in the Spanning Tree network Disabled Learning Forwarding or Blocking VLAN The table includes all VLANs currently configured on the router LAN Settings The router must have a valid IP address for management using a web browser and to support other fea...

Страница 45: ...be turned off if necessary Turning off the DHCP server requires you to manually set static IP addresses for each computer in the VLAN IP Pool Starting Ending Address The IP pool is the range of IP addresses set aside for dynamic assignment to the computers in the VLAN The default is 2 254 253 computers You can enter new starting and ending IP addresses for the VLAN IP pool or click Auto IP Range t...

Страница 46: ...ing a packet from that device to the root device Then it selects a designated device from each LAN that incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network pac...

Страница 47: ...rofiles can be created After a new VLAN profile is created LAN or WLAN interfaces must be added to the VLAN by changing the VLAN settings of the interfaces An interface can be a member of only one VLAN either tagged or untagged Add an interface as a VLAN tagged port if any connected network devices support VLANs otherwise add the port as untagged To prevent the forwarding of traffic between VLANs ...

Страница 48: ...re the behavior of VLANs This page includes the following settings Name A text description of the VLAN Do not use characters IP Address The IP address of the VLAN interface Subnet Mask The subnet mask of the VLAN interface Enable NAT Enables the NAT function for the VLAN interface ...

Страница 49: ...ons protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships IGMP can be used for one to many networking applications such as on line streaming video and gaming and allows more efficient use of resources when supporting these types of applications This page includes the following settings Enable IGMP Proxy IGMP proxy actively filters IGMP packets in order...

Страница 50: ...50 LAN configuration ...

Страница 51: ... R1 10 can operate at 2 4 GHz or 5 GHz but not both at the same time The R120 can operate concurrently at 2 4 GHz and 5 GHz Therefore the wireless settings differ for the R1 10 and R120 routers The R1 10 router has a single configuration page for 2 4 GHz or 5 GHz operation The R120 router includes separate configuration pages for 2 4 GHz and 5 GHz operation Note The router supports a maximum of 64...

Страница 52: ...the radio VAP1 Displays the settings and feature status for the primary Virtual Access Point VAP interface If other VAP interfaces are enabled VAP2 to VAP4 they are also listed SSID The service set identifier or network name of the VAP interface MAC Address The physical layer address of the VAP interface Authentication Mode The wireless security method configured for the VAP Encryption Type The da...

Страница 53: ...nd 5 GHz Radio Mode For 2 4 GHz the R1 10 and R120 support 802 1 1b 802 1 1g and 802 1 1n wireless standards This option allows the user to select whether the router will operate in 802 1 1b g mode 802 1 1b g n mode or 802 1 1n mode only For 5 GHz the R1 10 supports 802 1 1a and 802 1 1n wireless standards This option allows the user to select whether the router will operate in 802 1 1a only mode ...

Страница 54: ...t When you select Auto the router searches and selects a channel with the least amount of interference Click Save to save the setting Current Channel When the channel setting is Auto this displays the automatically selected channel number Bandwidth A single channel bandwidth is 20 MHz When two channels are bonded the bandwidth is a total of 40 MHz It is possible to use either 20MHz or 40MHz channe...

Страница 55: ... can contain any standard letters and should be a maximum of 32 characters in length If there are other wireless networks in your area you need to give your wireless network a unique name Enter a new name in the SSID box and click Save to make the change Station Isolation This function prevents wireless clients connected to the router from communicating with one another When enabled this creates a...

Страница 56: ...ed configure your MAC address list on the Wireless MAC Authentication page See MAC authentication settings on page 70 Note that MAC authentication occurs after other authentication methods have been applied Authentication Mode and Encryption Type Using authentication and encryption can help keep your network secure Encryption works on a system of keys where the key on a computer must match the key...

Страница 57: ...support only WPA TKIP encryption This setting enables both WPA and WPA2 clients to associate and authenticate but uses the more robust AES encryption WPA2 for clients that support it This option allows more interoperability at the expense of some security See WPA WPA2 PSK mixed on page 61 WEP security Wired Equivalent Privacy WEP is the security protocol initially specified in the IEEE 802 1 1 sta...

Страница 58: ...ure the RADIUS server settings See Configuring RADIUS settings on page 62 Key Length The number of characters you specify for the key determines the level of encryption 64 bit 128 bit Key Type Select the format used to specify the encryption keys The definition for the encryption keys must be the same on the router and all wireless clients Hexadecimal characters 0 9 a f and A F ASCII characters 0 ...

Страница 59: ... 1X for user authentication and requires a RADIUS authentication server to be configured on the wired network WPA2 is more secure than WPA TKIP or WEP therefore HP recommends to select WPA2 for maximum possible security WPA2 The enterprise mode of WPA2 that provides the maximum security You must set up at least one configured RADIUS server in your network before enabling WPA2 security For RADIUS s...

Страница 60: ...nd numbers that can include spaces or Hexadecimal format Hexadecimal Enter exactly 64 Hexadecimal characters characters 0 9 a f and A F ASCII Enter 8 63 characters alphanumeric characters 0 9 a z and A Z plus spaces and symbols Passphrase Enter the key according to the type selected in ASCII passphrase style 8 63 alphanumeric characters or in exactly 64 Hexadecimal characters For an ASCII key HP r...

Страница 61: ...ch client as they associate with the network Group Key Interval Enter the interval at which the broadcast group key is refreshed for clients associated with this VAP interface the default is 3600 seconds The valid range is 60 to 86400 seconds Specify a value of 0 to disable the refreshing of broadcast keys Session Key Interval Enter the interval at which the router refreshes session unicast keys f...

Страница 62: ...e a mix of letters and numbers The passphrase key cannot begin or end with spaces Group Key Interval Enter the interval at which the broadcast group key is refreshed for clients associated with this VAP interface the default is 3600 seconds The valid range is 60 to 86400 seconds Specify a value of 0 to disable the refreshing of broadcast keys Session Key Interval Enter the interval at which the ro...

Страница 63: ...d on the RADIUS server Secondary RADIUS Server Enter the IPv4 address for a backup RADIUS server If authentication fails with the primary server the configured backup server is tried instead If a secondary RADIUS server is configured be sure to enter the RADIUS key Accounting Enable Select this option to track and measure the resources a particular user has consumed such as system time amount of d...

Страница 64: ...icast messages The DTIM value is decremented every time a beacon is sent at the beacon interval RTS Threshold Sets the packet size threshold at which a Request to Send RTS signal must be sent to a receiving station prior to the sending station starting communications The router sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station...

Страница 65: ...le the data rate One is the primary channel and the other is the extension channel The primary channel is used for communications with clients incapable of the 40 MHz mode If the extension channel is used the 802 1 1 standard provides a way to protect transmission against other device transmission by using the RTS CTS protocol There are two types of protection CTS to Self The AP that wants to send...

Страница 66: ...the router WDS Mode Enables and sets the operating mode for the VAP interface Disable Wireless clients can access the VAP interface as a normal access point service WDS AP The VAP interface uses WDS to connect to another AP or router Wireless clients can associate to this VAP interface WDS STA The VAP interface uses WDS to connect to another AP or router Only wired clients can connect to the route...

Страница 67: ...Allows the wireless security to be set manually for the router or selected automatically by WPS Configured Wireless security is manually set by the user Unconfigured Wireless security is set automatically by WPS Lock This function enables you to lock the WPS PIN setting which prevents it being changed by any external WPS registrar Wireless clients can still be added to the network using the WPS pu...

Страница 68: ...information WPS Status Displays the WPS configured state Lock Status Displays the PIN lock function state Self PinCode The PIN code of the router SSID The SSID of the router s primary VAP interface Authentication Mode The wireless security mode being used by WPS Pre shared Key The security key being used by WPS WMM settings Wi Fi Multimedia WMM is a Wi Fi Alliance interoperability certification ba...

Страница 69: ...ue CWmax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium can be attempted The contention window is doubled after each detected collision up to the CWMax value Specify the CWMax value in the range 0 15 microseconds Note that the CWMax must be greater or equal to the CWMin value AIFSN Arbitration Inter Frame Space Number The minimum amount of ...

Страница 70: ...network to allow network access or copy the MAC address by selecting the name of the computer from Choose a PC By setting the access rule to Block all stations in list you can block specific wireless computers from accessing the network by adding them to the filter list A maximum of 20 rules can be defined This page includes the following settings Filter Select Allow only stations in list to confi...

Страница 71: ...u to view all the wireless clients currently associated with the router Select the SSID interface from the SSID list to display associated clients The table of associated clients lists the MAC address Receive Signal Strength Indicator RSSI value wireless mode and traffic statistics ...

Страница 72: ...72 Wireless configuration ...

Страница 73: ... over IPSec client and server and PPTP client and server for security protection A maximum of five VPN connections can be enabled Viewing VPN status The Status page displays the current status of VPN tunnel connections to the router This page includes the following information Tunnel type The tunnel type configured either IPSec L2TP over IPSec or PPTP Tunnel name The descriptive name that identifi...

Страница 74: ...tiple secure IPSec tunnels to remote end points To establish an IPSec tunnel the user needs to enable the feature and enter inbound and outbound addresses for the IPsec tunnel This router supports MD5 and SHA1 hash algorithm and DES 3DES AES128 AES192 and AES 256 encryption algorithms Note Enabling IPSec VPN disables pass through to IPSec and L2TP over IPSec Virtual Servers on the LAN Pass through...

Страница 75: ... no specific server IP Address Host Name The IP address or host name of the remote VPN server Remote Secure Group Remote Party ID Select either ID_IPV4_ADDR ID_FQDN or ID_USER_FQDN This information must be entered identically on the IPSec software installed on the client s machine If ID_IPV4_ADDR is selected enter the IPv4 address and subnet mask in the Remote Network Address and Remote Subnet Mas...

Страница 76: ...or IPSec authentication Encrypt Algorithm Select an encryption algorithm from the list Both authentication and encryption algorithms must be the same on the router and remote host Key lifetime Sets a time for the keys to be valid after which they are renewed Diffie Hellman Group Select one of the groups to use for the Diffie Hellman key exchange Pre shared Key Enter the same key on the router and ...

Страница 77: ...ings page From the VPN connection page you can configure detailed parameters for your L2TP over IPSec VPN connection A maximum of five L2TP connections can be defined This page includes the following settings VPN Tunnel Parameters Tunnel Type Select L2TP over IPSec as the tunnel type Tunnel Name Enter a descriptive text name for the tunnel Do not use characters Username Enter the user name for L2T...

Страница 78: ... the IP address and subnet mask PPTP settings The Point to Point Tunneling Protocol is used by some providers in Europe This router allows computers to use the Internet to remotely log into the LAN using the PPTP tunneling protocol You can configure the detailed PPTP tunnel settings on the VPN connection page by clicking Add You can specify the Idle Timeout which defines the time period without tr...

Страница 79: ...ets the router to act as the PPTP server or client When you set the type as a PPTP Client you can then enter the Remote Server IP address Enable Auto Reconnect For PPTP client connections you can automatically reconnect when there is activity after a disconnection Remote Server Enter the remote server IP address Remote Networking Setting Enable the remote network setting and then set the IP addres...

Страница 80: ...80 VPN configuration ...

Страница 81: ...r based approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Viewing routing status The Status page shows whether RIP or RIPng are enabled and displays the current IPv4 and IPv6 routing tables The routing tables include the information necessary to forward a packet along the best path toward its destination Each pa...

Страница 82: ...escription see Viewing the IPv6 routing table on page 85 Viewing the IPv4 routing table The routing table shows all the current IPv4 routes used by the router including any routes created using static routing or RIP This page includes the following information Flags Indicates the type of route C A network directly connected to the router S A route manually entered on the router R A route dynamical...

Страница 83: ...ed approach to routing Routes are chosen to minimize the distance vector or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to build consistent tables of next hop links which lead to relevant subnets The default setting is Disabled This pag...

Страница 84: ...on Required The router offers two modes of authentication for RIPv2 None Deactivates authentication on the specific interface Password An unencrypted text password that needs to be set on all RIP enabled devices connected to the router Otherwise RIP information is not shared between devices with mismatched passwords Password This field is used to enter the password required when password authentic...

Страница 85: ...se the static route does not appear in the routing table Metric A number used to indicate the cost of a route so that the best route among potentially multiple routes to the same destination can be selected Interface The interface used to route data to the network specified by the network address Viewing the IPv6 routing table The routing table shows all the current IPv6 routes used by the router ...

Страница 86: ...vector algorithm and hop count metric as well as the 30 second update timer However RIPng uses a different message format a different UDP port number and has no limit on the message size Also RIPng does not include an authentication mechanism it relies on the security built into IPv6 IPsec The default setting is Disabled IPv6 Static route settings The router supports an IPv6 static route function ...

Страница 87: ...P is the router s IP address If you have another router handing your network s Internet connection enter the IP address of that router instead The gateway IP address must also be routable otherwise the static route does not appear in the routing table Interface The interface used to route data to the network specified by the network address Metric A number used to indicate the cost of a route so t...

Страница 88: ...88 Routing configuration ...

Страница 89: ...e your network completely vulnerable to hacker attacks but HP recommends that you leave the firewall enabled whenever possible In addition to the extensive firewall protection the router can block access to the Internet from clients on the local network based on IP addresses MAC addresses or network service The router can also block access to specific websites or web page content Viewing the firew...

Страница 90: ...uced by tunnel endpoints so that the TCP connection automatically restricts itself to the maximum available packet size Obviously this does not work for UDP or other protocols that have no MSS This approach is most applicable and used with PPPoE but could be applied otherwise as well the approach also assumes that all the traffic goes through tunnel endpoints that do MSS clamping this is simple fo...

Страница 91: ...work completely vulnerable to hacker attacks HP recommends that you enable the DoS detecting function whenever possible IP Spoofing Prevents a hacker from creating an alias spoof of the unit s IP address to which all traffic is redirected Ping of Death Prevents the receival of an oversized ping packet that the unit cannot handle Normal ping packets are 56 bytes or 84 bytes with the IP header attac...

Страница 92: ...settings Client PC IP The IPv4 address of a computer on the local network Use Client List Selects a computer name or IP address from the list of clients already assigned an IP address by the router Popular Services Selects a common network service from the list instead of entering the protocol and ports numbers manually Protocol Selects the TCP or UDP protocol of a service to filter Port The TCP o...

Страница 93: ...etails in the fields provided and then click Add to add the entry to the filter table A maximum of 20 rules can be defined This page includes the following settings MAC Address The MAC address of a computer on the local network Use Client List Selects a computer name or MAC address from the list of clients already assigned an IP address by the router Enable Schedule Rule The name of a scheduling r...

Страница 94: ... page includes the following settings String The URL text or keywords that match websites to block Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page URL Exclusion Configures specific computers on the local LAN that are excluded from the URL filtering Exclusion Host The IPv4 address or range of addresses of computers on the local ne...

Страница 95: ...s Enable Schedule Rule The name of a scheduling rule to apply to the filter as configured on the Tools Scheduling page SPI settings Stateful Packet Inspection SPI is the intrusion detection feature of the router that limits access for incoming traffic This feature is called stateful because it examines the contents of packets to determine the state of the communications that is it ensures that the...

Страница 96: ...by another packet TCP SYN wait Defines how long the software waits for a TCP session to synchronize before dropping the session TCP FIN wait Specifies how long a TCP session is maintained after the firewall detects a FIN packet TCP connection idle timeout The length of time for which a TCP session is managed if there is no activity UDP session idle timeout The length of time for which a UDP sessio...

Страница 97: ...sessions number from same host Maximum number of incomplete TCP UDP sessions from the same host When the maximum value is exceeded the host is placed on the cracker list and packets from the host are then blocked for the duration specified by the Flooding cracker block time During the blocking duration packets are just dropped and no live session exists so there may be an incomplete session alert ...

Страница 98: ...98 Firewall configuration ...

Страница 99: ...NAT keeps your network fairly secure from hackers NAT acts as an interpreter between two networks In this case NAT sits between the Internet and your network The Internet is considered the public side and your network is considered the private side When a computer on the private side requests data from the public side the Internet the NAT device opens a conduit between your computer and the destin...

Страница 100: ...not reach them because they cannot be seen If you need to configure the Virtual Server function for a specific application you need to contact the application vendor to find out which port settings you need To manually enter settings enter the IP address in the space provided for the internal machine the port type TCP or UDP and the private and public port s required to pass traffic Then click Add...

Страница 101: ...rt 25 HTTP web port 80 HTTPS web port 443 Auth port 1 13 ISAKMP port 500 POP3 email port 1 10 IMAP4 email port 143 NetMeeting port 1720 DNS port 53 NBX Telephony ports 2093 2096 L2TP port 1701 PPTP port 1723 Protocol The protocol used by the service Either TCP UDP TCP UDP ICMP GRE ESP AH or IPv6 ICMP Private Port The port number of the service used by the host computer on the local network Public ...

Страница 102: ...omputer in the DMZ enter the last digits of its LAN IP address in the Client PC IP Address field Enter the IP address if known on the Internet that will be used to access the DMZ computer into the Public IP Address field This allows the computer on the Internet to access the DMZ computer through this address without firewall protection For the first line setting line 1 the Public IP address is set...

Страница 103: ...ttings Enable H323 ALG Enables H323 traffic priority passthrough on the router Enable SIP ALG Enables SIP traffic priority passthrough on the router for the listed ports SIP server ports The SIP ports on which to provide ALG support Up to eight ports can be configured The default SIP server ports are 5060 and 5061 Port number Specifies a SIP port number to add to the server port list Port trigger ...

Страница 104: ... port information into the router Multiple ports can be entered by separating the port numbers by commas for example 10 20 30 or ranges of ports can be specified by using dashes for example 20 30 This page includes the following settings Enable Enables the port trigger feature on the router Rule Enable Enables the configured port trigger rule Popular Applications Lists a number of popular applicat...

Страница 105: ...o a network outside of the LAN the router s WAN port must be configured with a global unicast address Viewing IPv6 status The Status page displays the current status of the IPv6 connection to the ISP This page includes the following information Connection Type Displays the method used for IPv6 configuration WAN IP Address The configured IPv6 addresses for the router s WAN port Default Gateway The ...

Страница 106: ...is information is available from your ISP or on the paperwork that your ISP left with you This page includes the following settings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select Static for the IPv6 address connection mode IPv6 Address The IPv6 address of the router IPv6 addresses are 16 bytes long 128 bits written as eight groups of hexadecimal quartets ...

Страница 107: ...s VLAN Default Settings Sets the IPv6 settings for the local VLAN IPv6 Address The IPv6 address of the router for the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts o...

Страница 108: ...ttings Connection Settings Sets basic IPv6 address configuration settings IPv6 Connection Select SLAAC for the IPv6 address connection mode DNS Settings Configures IPv6 DNS settings Obtain IPv6 DNS servers automatically Sets the IPv6 addresses for primary and secondary DNS servers automatically Use the following IPv6 DNS servers Enter the primary and secondary DNS server IPv6 addresses VLAN Defaul...

Страница 109: ...nge to define the pool Lifetime The time that the IPv6 address assignment is valid DHCPv6 Dynamic Host Configuration Protocol version 6 DHCPv6 automatically assigns IPv6 settings to hosts in an IPv6 network A dynamic connection type is the most common connection method used by ISPs with cable DSL modems If your ISP supports a DHCPv6 server and recommends using this option select DHCPv6 from the Co...

Страница 110: ...k The network portion of the address is based on prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the client identifier that is the client MAC address Stateful DHCPv6 Enables DHCPv6 automatic assignment of IPv6 addresses to local hosts based on a defined address pool Enter the start and end of the address rang...

Страница 111: ... the local LAN Subnet Prefix Length The prefix length of the IPv6 address Auto Configuration Select Stateless RADVD or Stateful DHCPv6 Disable Disables the automatic assignment of IPv6 addresses to local hosts Stateless RADVD Enables the automatic assignment of IPv6 addresses by hosts on the local network The network portion of the address is based on prefixes received in IPv6 router advertisement...

Страница 112: ...112 IPv6 configuration MLD settings Multicast Listener Discovery MLD proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces ...

Страница 113: ... data packets have greater priority when traffic is transmitted from the WAN port This router supports QoS with four priority queues on the WAN port Data packets in the WAN port s high priority queue will be transmitted before those in the lower priority queues You can set the maximum bandwidth for each priority queue trafffic shaping as well as classify traffic types and then map them to the WAN ...

Страница 114: ...eneral Enables the traffic shaping settings on the router Diffserv Displays the table of bandwidth settings for the WAN port s four output queues Name Identifies the port queue numbered 1 to 4 Priority Indicates that queue 1 is the lowest priority queue and queue 4 the highest priority queue Bandwidth Allocation Sets the bandwidth for each output queue in Kbps By default the maximum of 1024000 Kbp...

Страница 115: ...t use characters Source Address Select Any or a specific LAN host MAC address or IP subnet Destination Address Select Any or a specific IP subnet as the traffic destination Popular Services Select a popular service from the list to automatically configure the traffic type and IP protocol Traffic Type Specifies UDP TCP or other IP protocol IP Protocol Specifies the protocol type number when an appl...

Страница 116: ...owest priority queue and queue 4 the highest priority Remark 802 1p priority as Before the identified traffic is sent to the forwarding queue the 802 1p priority tag can be set to the specified value Remark DSCP as Before the identified traffic is sent to the forwarding queue the IP DSCP can be set to the specified value ...

Страница 117: ... USB drive An FTP user can log into the FTP server using an FTP client A maximum of eight File Sharing accounts and eight FTP accounts can be defined total 16 accounts maximum This page includes the following settings USB Type Selects a user account for access to USB files through File Sharing or FTP Username Enter a name containing 6 to 32 characters do not use characters or space Password Enter ...

Страница 118: ...users as normal Windows folders accessible on the network Users can use Windows Network Neighborhood to access files on the USB drive A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Work Group The Windows networking group name Enter 1 255 characters do not use characters Host Name A name that identifies the router in the Windows network Enter ...

Страница 119: ... the FTP server to share or download files to local or remote users through the router A maximum of 32 shared folders can be defined This page includes the following settings Global Setting Max Client Set the maximum number of FTP connections different IP addresses permitted at one time range 1 to 5 Only one connection from the same user same IP address is allowed at one time Network Sharing Folde...

Страница 120: ...120 USB configuration Safe removal To ensure USB data correctness this router supports a USB safe removal function Click Remove before unplugging a USB drive ...

Страница 121: ...lled on the router the status of the email alert feature and lists any configured time schedules Updating software The Software page displays the current software versions installed on the router You can upgrade the software installed on the router to a new version downloaded from the HP support website The router supports a dual image function which means that if the router fails to boot the acti...

Страница 122: ...web browser or TFTP requires server If you select HTTP you can download the software file from your computer The TFTP option requires the software file to be placed on a computer running a TFTP server utility The TFTP server IPv4 address and software file name must be entered Firmware File Locates the software file on the local computer when using the HTTP transfer method Saving configuration sett...

Страница 123: ...address and then click Save Restore settings Select to restore the router s settings and choose HTTP or TFTP as the transfer method For HTTP browse button to the location of the saved configuration file on the management computer For TFTP specify the file path and name on the TFTP server and enter the IPv4 server address Click Save to restore the saved settings ...

Страница 124: ...This page includes the following settings IP Address Domain Name You can specify an IPv4 address an IPv6 address or a hostname Ping Count Specify the number of pings to send 1 3 5 10 or 20 Results The results window shows the size and number of each packet sent and if the host is reached the size and number of each packet received in response and its round trip time It also displays statistics abo...

Страница 125: ...lue of one implying that they make a single hop The next three packets have a TTL value of 2 and so on When a packet passes through a host typically the host decrements the TTL value by one and forwards the packet to the next host When a packet with a TTL of one reaches a host the host discards the packet and sends an ICMP time exceeded type 1 1 packet to the sender The Traceroute utility uses the...

Страница 126: ...vent at or above a configured severity level occurs This page includes the following settings From E mail Address Sets the email address that is used in the From field of alert messages You can use a symbolic email address that identifies the router or the address of an administrator responsible for the router ...

Страница 127: ...ord The password to use for the mail server Do not use characters Confirm Password Enter the password again to confirm it Alert Level Sets the syslog severity threshold level used to trigger alert messages The alert levels from the lowest to the highest are Debug Informational Notice Warning Error Critical Alert and Emergency All events at the set level and higher will be sent to the configured em...

Страница 128: ... control rule on the Firewall and Wireless pages A maximum of 10 schedule rules can be defined This page includes the following settings Rules Name A name for the scheduling rule Do not use the characters Comment A comment of up to 31 characters that describes the scheduling rule Do not use the characters Date Selects a day of the week or daily Start End Time Specify the start and end times for th...

Страница 129: ...le is saved on your local computer with the name showtech rtf This is a text readable file that includes the model software version wireless and other basic settings as well as the ARP table memory usage information and the current system log Viewing the EULA This page displays the HP End User License Agreement content ...

Страница 130: ...130 Tools ...

Страница 131: ...on see the HP Networking Support website www hp com networking support Before contacting HP collect the following information Product model names and numbers Technical support registration number if applicable Product serial numbers Error messages Operating system type and revision level Problem description and any detailed questions HP websites For additional information see the following HP webs...

Страница 132: ... user interface Refer to the following image for identification of key user interface elements and then the table below for example directions Example directions in this guide What to do in the user interface Select System Admin Select System on the main menu and then select Admin on the sub menu Set Radio Mode to 1 1n only For the Radio Mode setting select 1 1n only from the list Main Sub menu ...

Страница 133: ...tings resets the manager user name and password to admin and sets the IPv4 address to 192 168 1 1 Using the reset button Using a tool such as a paper clip press and hold the reset button for more than three seconds then release Using the management interface 1 Launch the web based management interface default https 192 168 1 1 2 Select Tools Configuration 3 Select Restore All Settings to Factory D...

Страница 134: ...134 ...

Страница 135: ...dels US WW Models Null Web Server HTTP Server Enabled HTTPs Server Enabled Session Timeout 5 minutes Trusted Users MAC IP Address None configured System Time Set System Time SNTP System Date 2013 01 01 System Time 00 00 Time Server Address pool ntp org Time Zone 08 00 Pacific Time US Daylight Saving Enabled SNMP Enable SNMP Enabled Read Community public Write Community private Trap Receiver IP Add...

Страница 136: ...et Mask 0 0 0 0 Static Gateway 0 0 0 0 Primary DNS Address 0 0 0 0 Secondary DNS Address 0 0 0 0 PPPoE Username Null PPPoE Password Null PPPoE Service Name Null PPPoE Idle Time Always On PPPoE MTU 1454 bytes Multiple PPPoE Disabled PPPoE Routing Table Disabled PPTP Server IP 0 0 0 0 PPTP Username Null PPTP Password Null PPTP Idle Time Always On PPTP DHCP Enable Disabled L2TP Server IP 0 0 0 0 L2TP...

Страница 137: ... 255 255 0 Enable DHCP Server Enabled IP Pool Starting Address 192 168 1 2 IP Pool Ending Address 192 168 1 254 Lease TIme 1 day VLAN ID 1 DHCP Relay Disabled Spanning Tree Disabled VLAN Default VLAN ID 1 VLAN Port Membership LAN 1 2 3 4 WLAN 1 default VLAN untagged Block routing between VLANs Enabled IGMP Enable IGMP Proxy Enabled Enable IGMP Snooping Enabled Feature Parameter Default ...

Страница 138: ...oadcast Enabled MAC Authentication Disabled Authentication Mode OPEN Encryption Type NONE R120 Wireless 2 4GHz Basic Enabled Radio Enabled Radio Mode 1 1b g n Mixed Channel Auto Bandwidth 20 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled HP1_2G VAP 2 SSID Disabled HP2_2G VAP 3 SSID Disabled HP3_2G VAP 4 SSID Disabled HP4_2G Station Isolation Disabled Broadcast Enabled MAC Authentication Dis...

Страница 139: ...ication Mode OPEN Encryption Type NONE Wireless Advanced Beacon Interval 100 ms DTIM Interval 1 beacon RTS Threshold 2347 bytes Short Guard Interval Enabled 2 4GHz 802 1 1g Protection Mode CTS to Self Extension Channel Protection Mode No Protection 2 4GHz Preamble Mode Auto Max TX Power 100 WDS VAP 1 WDS Mode Disabled Authentication Mode OPEN Encryption Type NONE WPS WPS Enable Enabled Configurati...

Страница 140: ...Summary Disabled Static Route Disabled RIPng Disabled IPv6 Static Route Disabled Firewall PING from WAN Disabled MSS Clamping Enabled UPnP Disabled Remote Administration Disabled Enable DDoS Attack Filter Disabled Client Filtering Disabled MAC Filtering Disabled URL Filtering Disabled URL Exclusion Disabled Content Filtering Disabled SPI Settings Disabled NAT NAT Enabled Virtual Server Disabled DM...

Страница 141: ...sabled MLD Proxy Disabled DHCP PD Enabled QoS QoS Enabled Traffic Mapping Disabled USB User Account Disabled File Sharing Disabled FTP Disabled Tools Email Alert Disabled Scheduling Rules None configured Feature Parameter Default ...

Страница 142: ...142 ...

Отзывы:

Нет отзывов

Похожие инструкции для R110

Бренд: D-Link Страницы: 24

Бренд: Zenitel Страницы: 29

Бренд: Ruckus Wireless Страницы: 3

Бренд: Xylem Страницы: 20

RG-MAP552(SR) series

Бренд: Ruijie Networks Страницы: 19

Бренд: Microsemi Страницы: 2

3CRWX385075A - Wireless LAN Managed Access Point...

Бренд: 3Com Страницы: 4

Бренд: LevelOne Страницы: 30

MetroLinq2.5 ML2.5-60-35

Бренд: IgniteNet Страницы: 9

Бренд: EE Страницы: 2

Бренд: Audio Technica Страницы: 36

Бренд: Huawei Страницы: 2

Бренд: Huawei Страницы: 52

Бренд: Huawei Страницы: 57

Бренд: Huawei Страницы: 20

Бренд: Huawei Страницы: 24

Бренд: Huawei Страницы: 22

OptiXstar P622E

Бренд: Huawei Страницы: 19

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды