manualshive.com logo in svg

TP-Link SafeStream TL-R600VPN, Руководство по настройке


Поделиться
Скачать
background image

Configuration Guide

TL-R600VPN

1910012202  REV4.0.0

July 2017

Содержание SafeStream TL-R600VPN

Страница 1: ...Configuration Guide TL R600VPN 1910012202 REV4 0 0 July 2017...

Страница 2: ...9 Configuring the WAN Connection 9 LAN Configuration 21 Configuring the IP Address of the LAN Port 21 Configuring the DHCP Server 22 Viewing the DHCP Client List 24 IPTV Configuration 25 Configuring...

Страница 3: ...uration 56 Configuring Transmission 59 Transmission 60 Overview 60 Supported Features 60 NAT Configurations 62 Configuring the Multi Nets NAT 62 Configuring the One to One NAT 63 Configuring the Virtu...

Страница 4: ...cedure 81 Example for Configuring Virtual Server 81 Network Requirements 81 Network Topology 82 Configuration Scheme 82 Configuration Procedure 82 Example for Configuring Policy Routing 83 Network Req...

Страница 5: ...109 Behavior Control 110 Overview 110 Supported Features 110 Behavior Control Configuration 111 Configuring Web Filtering 111 Configure Web Group Filtering 111 Configuring URL Filtering 114 Configuri...

Страница 6: ...iguring PPTP Globally 139 Configuring the PPTP Server 139 Configuring the PPTP Client 140 Configuring the PPTP Users 141 Verifying the Connectivity of PPTP VPN Tunnel 142 Configuration Examples 144 Ex...

Страница 7: ...es Configuration 171 Configuring the Five Tuple Type 171 Configuring the URL Type 173 Viewing the Authentication Status 175 Configuration Example 176 Network Requirements 176 Configuration Scheme 176...

Страница 8: ...3 Management 195 Factory Default Restore 195 Backup Restore 195 Reboot 196 Firmware Upgrade 196 SNMP 197 Diagnostics 198 Diagnostics 198 Configuring Ping 198 Configuring Traceroute 199 Remote Assistan...

Страница 9: ...ess or implied Users must take full responsibility for their application of any products In this Guide the following conventions are used The symbol stands for Note Notes contains suggestions or refer...

Страница 10: ...Part 1 Viewing Status Information CHAPTERS 1 System Status 2 Traffic Statistics...

Страница 11: ...ge displays the basic system information like the hardware version firmware version and system time and the running information like the WAN interface status memory utilization and CPU utilization Cho...

Страница 12: ...us Traffic Statistics Interface Statistics to load the following page Figure 2 1 Interface Statistics View the detailed traffic information of each interface in the statistics list TX Rate KB s Displa...

Страница 13: ...ge to monitor Enable IP Statistics Check the box to enable IP Statistics IP Range Specify an IP range The router will monitor the packets whose source IP addresses or destination IP addresses are in t...

Страница 14: ...es of packets received by the user who owns the IP address Total TX Packets Displays the number of packets transmitted by the user who owns the IP address Total RX Packets Displays the number of packe...

Страница 15: ...Part 2 Configuring Network CHAPTERS 1 Overview 2 WAN Configuration 3 LAN Configuration 4 IPTV Configuration 5 MAC Configuration 6 Switch Configuration 7 VLAN Configuration 8 IPv6 Configuration...

Страница 16: ...TV services is based on the Internet protocol rather than through traditional satellite signal or cable transmission The router supports three kinds of IPTV configuration according to your ISP IPTV ba...

Страница 17: ...ure physical interface 1 as WAN1 2 Configure physical interface 1 and interface 2 as WAN1 and WAN2 respectively 3 Configure physical interface 1 interface 2 and interface3 as WAN1 WAN2 and WAN3 respec...

Страница 18: ...Configuring the Dynamic IP In the Connection Configuration section select the connection type as Dynamic IP Enter the corresponding parameters and click Save Connection Type Choose the connection type...

Страница 19: ...g VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom...

Страница 20: ...is set correctly MTU Specify the MTU Maximum Transmission Unit of the WAN port MTU is the maximum data unit transmitted in the physical network When Static IP is selected MTU can be set in the range o...

Страница 21: ...utomatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manu...

Страница 22: ...is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag...

Страница 23: ...me provided by your ISP Password Enter the L2TP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automat...

Страница 24: ...NTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egres...

Страница 25: ...provided by your ISP Password Enter the PPTP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automatica...

Страница 26: ...is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its...

Страница 27: ...uter reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During the specified period the router will automatically activate the connecti...

Страница 28: ...don t need to manually configure it unless required by your ISP By default the WAN port is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by t...

Страница 29: ...Address of the LAN Port Choose the menu Network LAN LAN to load the following page Figure 3 1 Configuring the LAN IP Address Enter the IP address of the LAN port and click Save IP Address Enter the IP...

Страница 30: ...ng the DHCP Server You can configure an IP address pool for the DHCP server to assign IP addresses When clients send requests to the DHCP server the server will automatically assign IP addresses and t...

Страница 31: ...to enter the IP address of the LAN port Default Domain Optional Enter the domain name of your network Primary Secondary DNS Optional Enter the DNS server address provided by your ISP If you are not c...

Страница 32: ...box to export this binding entry to IP MAC Binding List on Firewall Anti ARP Spoofing IP MAC Binding page Status Check the box to enable this entry 3 3 Viewing the DHCP Client List Choose the menu Ne...

Страница 33: ...nable IGMP Snooping and IGMP Proxy and choose the IGMP version then click Save IGMP Snooping Check the box to enable IGMP Snooping Without IGMP Snooping the router will broadcast multicast stream to a...

Страница 34: ...the IPTV becomes a dedicated port for IPTV service Port Mode Specify the service to be supported by the LAN port Internet Specify the port to support only internet service If you want to access the i...

Страница 35: ...Enter the parameters provided by your ISP including the VLAN IDs and priorities of different services Internet VLAN ID Enter the VLAN ID of the internet service It is provided by your ISP Internet VL...

Страница 36: ...cify the port to support only IP Phone service If you want to make an IP Phone call you should connect your IP Phone to this port IPTV Specify the port to only support IPTV service If you want to use...

Страница 37: ...l up device for a normal internet connection Configure the MAC Address of the LAN port In a complex network with all the devices are ARP bound if you want to replace the current router with this route...

Страница 38: ...ctory default value Clone Current PC s MAC Click this button to clone the MAC address of the PC you are currently using to configure the router It s only available for the WAN ports Note To avoid a MA...

Страница 39: ...Viewing the Statistics Statistics displays the detailed traffic information of each port which allows you to monitor the traffic and locate faults promptly Unicast Displays the number of normal unicas...

Страница 40: ...ength including error frames Note Error Frame The frames that have a false checksum Maximum frame length The maximum frame length supported by the router For untagged frames it s 1518 bytes long for t...

Страница 41: ...k Save Mirroring Port The packets through the mirrored port will be copied to this port Usually the mirroring port is connected to a data diagnose device which is used to analyze the mirrored packets...

Страница 42: ...the ingress packets Egress Limit Check the box to enable Egress Limit feature Egress Rate Mbps Specify the limit rate for the egress packets 6 4 Configuring Port Config You can configure the flow cont...

Страница 43: ...h other and negotiate the optimal speed and duplex mode If the local device works in Auto mode while the peer device does not the local device will automatically detect and match the speed with the pe...

Страница 44: ...Network VLAN VLAN to load the following page Figure 7 1 Creating a VLAN Create a VLAN and add the port s to the VLAN then click OK VLAN ID Enter a VLAN ID The value ranges from 1 to 4094 Name Specify...

Страница 45: ...isplays the ports which belongs to the corresponding VLAN Description Displays the description of the VLAN Note The VLAN list contains all the VLANs existing in the router Some of them are manually cr...

Страница 46: ...figuration Figure 7 3 Configuring the PVID Configure the PVID of the port then click Save Port Displays the port PVID Specify the PVID for the port PVID indicates the default VLAN for the correspondin...

Страница 47: ...lient 2 Configure the WAN connection 8 1 Configuring the LAN Configure the type of assigning IPv6 address to the LAN clients Choose the menu Network IPv6 LAN to load the following page Figure 8 1 Conf...

Страница 48: ...rm an IPv6 address Generally the host identifier was formed using the EUI 64 The DHCP server will also automatically advertise the DNS information to the client Address Prefix Enter the LAN address pr...

Страница 49: ...e router will reboot after switching the WAN mode 8 2 2 Configuring the WAN Connection The router supports five IPv6 connection types Static IP Dynamic IP SLAAC DHCPv6 PPPoE 6to4 Tunnel and Pass Throu...

Страница 50: ...e Internet section choose the Internet Connection type as Dynamic IP SLAAC DHCPv6 and configure the corresponding parameters Then click Save Internet Connection Type Choose Dynamic IP SLAAC DHCPv6 as...

Страница 51: ...was formed using the EUI 64 Prefix Delegation Enable or disable prefix delegation The prefix will be assigned to the LAN clients Enable The prefix of the IPv6 address will automatically be assigned b...

Страница 52: ...to enable IPv6 function 2 In the Internet section choose the Internet Connection type as Static IP and configure the corresponding parameters Then click Save Internet Connection Type Choose Static IP...

Страница 53: ...e PPPoE Follow these steps to configure PPPoE connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet sec...

Страница 54: ...d DNS address and configure the Prefix Delegation Then click Save Get IPv6 Address Choose the method by which the IPv6 address is obtained from the ISP DHCPv6 The DHCP server automatically assigns the...

Страница 55: ...Follow these steps to configure 6to4 Tunnel connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet sect...

Страница 56: ...ge mode the router works as a transparent bridge The IPv6 packets received from the WAN port will be transparently forwarded to the LAN port and vice versa No extra parameter is required Figure 8 6 Co...

Страница 57: ...Part 3 Configuring Preferences CHAPTERS 1 Overview 2 IP Group Configuration 3 Time Range Configuration 4 VPN IP Pool Configuration 5 Service Type Configuration...

Страница 58: ...IP groups configured here will appear as options when you are configuring the effective IP addresses for functions like Bandwidth Control Session Limit Policy Routing and so on Once you configure a p...

Страница 59: ...up IP Address and click Add to load the following page Figure 2 1 Add an IP Address Entry Follow these steps to add an IP address entry 1 Enter a name and specify the IP address range Name Enter a nam...

Страница 60: ...Enter a name for the IP group Only letters digits or underscores are allowed Address Name Select the IP address entries as the members of the group from the drop down list It is multi optional If no...

Страница 61: ...Time Range Time Range and click Add to load the following page Figure 3 1 Add a Time Range Entry Follow these steps to add a time range entry 1 Enter a name for the time range entry Time Range Name En...

Страница 62: ...e range and select the effective days in a week manually In this mode effective time can be accurate to the minute Choose Manually mode to load the following page Figure 3 3 Manually Mode Week Select...

Страница 63: ...the following page Figure 4 1 Add an IP Pool Entry Follow these steps to add an IP Pool 1 Enter a name and specify the starting and ending IP address of the IP Pool IP Pool Name Enter a name for the I...

Страница 64: ...here can be used as part of the matching conditions when configuring the Access Control rules in Firewall Choose the menu Preferences Service Type Service Type to load the following page Figure 5 1 S...

Страница 65: ...P TCP UDP and ICMP For other protocols select the option Other When TCP UDP or TCP UDP is selected the following page will appear Figure 5 3 TCP UDP Protocol Source Port Range Destination Port Range S...

Страница 66: ...Other Protocols Protocol Number Specify the protocol number of the packets Packets with the protocol number field matched are considered as the target packets 3 Optional Enter a brief description of...

Страница 67: ...guring Transmission CHAPTERS 1 Transmission 2 NAT Configurations 3 Bandwidth Control Configuration 4 Session Limit Configurations 5 Load Balancing Configurations 6 Routing Configurations 7 Configurati...

Страница 68: ...i Nets NAT Multi Nets NAT function can help the router provide NAT translation for multiple subnets One to One NAT One to One NAT creates a relationship between a private IP address and a public IP ad...

Страница 69: ...ol You can control the bandwidth by configuring bandwidth control rules for limiting various data flows In this way the network bandwidth can be reasonably distributed and utilized Session Limit The a...

Страница 70: ...e the NAT DMZ Configure the ALG 2 1 Configuring the Multi Nets NAT Choose the menu Transmission NAT Multi Nets NAT and click Add to load the following page Figure 2 1 Configuring the Multi Nets NAT Fo...

Страница 71: ...Interface Specify the effective interface for the rule Original IP Specify the original IP address for the rule The original IP address cannot be the broadcast address network address or IP address of...

Страница 72: ...other related parameters Interface Specify the effective interface for the rule External Port Enter the service port or port range the router provided for accessing external network The ports or port...

Страница 73: ...trigger port or port range Each entry supports at most 5 groups of trigger ports For example you can enter 1 2 3 4 5 6 7 8 8 9 Note that the ports or port ranges cannot overlap with those of other por...

Страница 74: ...nfigure the NAT DMZ 1 Specify the name of the NAT DMZ rule and configure other related parameters Interface Specify the effective interface for the rule Host IP Address Specify the host IP address for...

Страница 75: ...ng page Figure 3 1 Configuring the Bandwidth Control Follow these steps to configure the Bandwidth Control rule 1 In the Bandwidth Control Config Section enable Bandwidth Control function globally Ena...

Страница 76: ...the rule Maximum Downstream Bandwidth Specify the Maximum Downstream Bandwidth in Kbps for the rule Mode Specify the bandwidth control mode for the address group Individual means the bandwidth of eac...

Страница 77: ...mit Choose the menu Transmission Session Limit Session Limit to load the following page Figure 4 1 Configuring the Session Limit Follow these steps to configure the Session Limit rule 1 In the General...

Страница 78: ...roup page Max Sessions Specify the max sessions for the controlled users Status Check the box to enable the rule 4 2 Viewing the Session Limit Information Choose the menu Transmission Session Limit Se...

Страница 79: ...n globally and click Save 2 In the Basic Settings section select the appropriate method for load balancing and click Save Enable Application Optimized Routing With Application Optimized Routing enable...

Страница 80: ...N Specify the backup WAN port to back up the traffic for the primary WAN port under the specified condition Mode Specify the mode as Timing or Failover Timing Link Backup will be enabled if the specif...

Страница 81: ...be selected as the destination for DNS Lookup to detect whether the WAN is online Manual In Manual Mode you can configure the destination IP address for PING and DNS Lookup manually to detect whether...

Страница 82: ...guring the Static Routing Specify the name of the static route entry and configure other related parameters Then click OK Destination IP Specify the destination IP address the route leads to Subnet Ma...

Страница 83: ...Specify the name of the policy routing entry and configure other related parameters Then click OK Service Type Specify the service type for the rule Source IP Enter the source IP range for the rule 0...

Страница 84: ...e shows the information of the current route entries Destination IP Displays the destination IP address the route leads to Subnet Mask Displays the subnet mask of the destination network Next Hop Disp...

Страница 85: ...he internet 7 1 2 Network Topology Figure 7 1 Network Topology Internet L3 Switch Web Server Gateway Router RD Department 172 16 10 0 24 Market Department 172 16 20 0 24 WAN1 LAN 192 168 0 10 192 168...

Страница 86: ...the gateway router Configuring the Multi Nets NAT 1 Choose the menu Transmission NAT Multi Nets NAT to load the configuration page and click Add 2 Add Multi nets NAT entries for the two departments re...

Страница 87: ...is entry as Enable Click OK Figure 7 4 Configuring the Static Routing for RD Department Figure 7 5 Configuring the Static Routing for Market Department Configuring the One to One NAT 1 Choose the menu...

Страница 88: ...twork administrator decides to bind two WAN links using load balancing 7 2 2 Network Topology Figure 7 7 Network Topology Internet Internet WAN1 PPPoE 8Mbps WAN2 Dynamic IP 12Mbps Router PC 7 2 3 Conf...

Страница 89: ...and specify Upstream and Downstream bandwidth for this link according to data that ISP provides Make sure two WAN links can work properly and have access to the internet Configuring the Load Balancing...

Страница 90: ...n unsafety Configure the FTP server as a virtual server on the router so that the FTP server can be accessed by the internet user 7 3 4 Configuration Procedure Follow the steps below to configure virt...

Страница 91: ...web surfing WAN2 for other internet activities 7 4 1 Network Topology Figure 7 11 Network Topology WAN1 WAN2 Router PC PC PC 192 168 0 2 192 168 0 3 192 168 0 4 Internet Internet 7 4 2 Configuration...

Страница 92: ...g the Policy Routing Rules 1 Choose the menu Preferences IP Group IP Address to load the configuration page and click Add Specify the IP address name as tp the IP address type as IP Address Range 192...

Страница 93: ...source IP as group1 the destination IP as IPGROUP_ANY which means no limit Choose WAN1 and keep Status of this entry as Enable Click OK Figure 7 15 Configuring the Policy Routing Rule 1 Specify the po...

Страница 94: ...Part 5 Configuring Firewall CHAPTERS 1 Firewall 2 Firewall Configuration 3 Configuration Examples...

Страница 95: ...tries which results in a breakdown of normal communication Anti ARP Spoofing can protect the network from ARP spoofing attacks It works based on the IP MAC Binding entries These entries record the cor...

Страница 96: ...C Filtering List and deny other packets or deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Access Control Access Control can filter the packets passing throug...

Страница 97: ...add and verify the IP MAC Binding entries first before enabling Anti ARP Spoofing 2 1 1 Adding IP MAC Binding Entries You can add IP MAC Binding entries in two ways manually and via ARP scanning Addi...

Страница 98: ...Choose the menu Firewall Anti ARP Spoofing IP MAC Binding to load the following page Figure 2 1 IP MAC Binding Page Follow the steps below to add IP MAC Binding entries manually 1 In the IP MAC Bindin...

Страница 99: ...g If you want to get the IP addresses and MAC addresses of the hosts quickly you can use ARP Scanning to facilitate your operation Note Before using this feature make sure that your network is safe an...

Страница 100: ...re 2 5 ARP Scanning Result Also you can go to Firewall Anti ARP Spoofing ARP List to view and bind the ARP Scanning entries The ARP Scanning list displays all the historical scanned entries You can cl...

Страница 101: ...GARP packets when ARP attack is detected With this option enabled the router will send GARP packets to the hosts if it detects ARP spoofing packets on the network The GARP packets will inform the hos...

Страница 102: ...ble your desired feature By default all the options are disabled For details refer to the following table Multi connections TCP SYN Flood With this feature enabled the router will filter the subsequen...

Страница 103: ...his option enabled the router will filter the TCP scan packets of Stealth FIN Xmas and Null Block Ping of Death With this option enabled the router will block Ping of Death attack Ping of Death attack...

Страница 104: ...st before configuring the filtering rule Choose the menu Firewall MAC Filtering MAC Filtering to load the following page Figure 2 3 MAC Filtering Follow the steps below to configure MAC Filtering 1 In...

Страница 105: ...whether to select this filtering rule With this rule selected the router will deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Note MAC Filtering rules take ef...

Страница 106: ...e rule Source Select an IP group to specify the source address range for the rule The IP group referenced here can be created on the Preferences IP Group page Destination Select an IP group to specify...

Страница 107: ...red to configure the router to protect itself and the terminal hosts from the ARP attacks Figure 3 1 Network Topology Internet Layer 2 Switch Host A 192 168 0 10 00 19 56 8A 4C 71 Host B 192 168 0 20...

Страница 108: ...t send packets to legal host correctly To protect the hosts from the attacks above it is recommend to take both of the precautions below Configure the firewall feature on the hosts Configure the route...

Страница 109: ...erface and give a description Host A for this entry Since the IP address 192 168 0 10 has been used by Host A we keep Export to DHCP Address Reservation as Enable to preserve this IP address from bein...

Страница 110: ...5 Configure Anti ARP Spoofing 3 2 Example for MAC Filtering 3 2 1 Network Requirements In the diagram below the router is the gateway of the network The network administrator now detects some abnorma...

Страница 111: ...e rest 2 Add the MAC address of the attacker to the MAC Filtering List 3 2 3 Configuration Procedure Follow the steps below to configure MAC Filtering on the router 1 Choose the menu Firewall MAC Filt...

Страница 112: ...Switch Router LAN 192 168 0 1 24 WAN 1 1 1 2 Internet R D Department 192 168 0 10 24 192 168 0 120 24 Other Departments 3 3 2 Configuration Scheme To meet these requirements we can configure Access Co...

Страница 113: ...rences IP Group IP Address to load the configuration page and click Add Specify a name RD select IP Address Range and enter the IP address range of the R D department Click OK Figure 3 2 Configure IP...

Страница 114: ...s rule means that all the HTTP packets from the R D department are allowed to be transmitted from LAN to the internet at any time Figure 3 5 Configure Allow Rule for HTTP Service 5 Choose the menu Fir...

Страница 115: ...P_ANY as the destination IP group and Any as the effective time Click OK This rule means that all DNS packets from the R D department are allowed to be sent from the LAN to the internet at any time Fi...

Страница 116: ...figuration result In the Access Control List the rule with a smaller ID has a higher priority Since the router matches the rules beginning with the highest priority make sure the three Allow rules hav...

Страница 117: ...Part 6 Configuring Behavior Control CHAPTERS 1 Behavior ControlBehavior Control 2 Behavior Control Configuration 3 Configuration Examples...

Страница 118: ...tes The router provides two ways to filter websites Web Group Filtering and URL Filtering Web Group Filtering You can configure multiple websites as a web group and set a filtering rule for the group...

Страница 119: ...ing There are two methods to filter websites Web Group Filtering and URL Filtering 2 1 1 Configure Web Group Filtering To configure Web Group Filtering add one or more web groups first and then add we...

Страница 120: ...card Use Enter key Space key or to divide different websites Description Enter a brief description for the group Add Web Group Filtering Entries Before configuring web group entries go to the Preferen...

Страница 121: ...Effective Time Select the effective time The effective time referenced here can be created on the Preferences Time Range page Description Enter a brief description for the group ID Specify a rule ID A...

Страница 122: ...menu Behavior Control Web Filtering URL Filtering and click Add to load the following page Figure 2 3 URL Filtering Page Follow the steps below to configure URL filtering 1 In the URL Filtering List s...

Страница 123: ...A and deny other websites you can add an Allow rule with the filtering content A and add a Deny rule with the filtering content Note that rule should have the largest ID number which means that it ha...

Страница 124: ...Add to load the following page Figure 2 4 Web Security Page Follow the steps below to configure Web Security 1 In the Web Security List section configure the following parameters and click OK to add...

Страница 125: ...erent file suffixes The hosts of the selected IP group cannot download these types of files from the internet Effective Select the effective time The effective time referenced here can be created on t...

Страница 126: ...isit the official website of the company for example http www tp link com For other departments there is no limitation of website access Figure 3 1 Network Topology R R Layer 2 Switch Router LAN 192 1...

Страница 127: ...st rule to allow the R D department users to access www tp link com 4 Add a Blacklist rule to forbid the R D department users from accessing all websites Note that the priority of this rule should be...

Страница 128: ...this web group and add the member www tp link com Click OK Figure 3 4 Configure Web Group 4 Choose the menu Behavior Control Web Filtering Web Group Filtering to load the configuration page and click...

Страница 129: ...that the hosts in the R D department are denied access to all websites at all times Figure 3 6 Configure Blacklist Rule 6 On the same page verify your configurations In the Web Filtering List the rule...

Страница 130: ...Figure 3 8 Enable Web Filtering 3 2 Example for Web Security 3 2 1 Network Requirements In the diagram below the company s hosts are connected to a layer 2 switch and access the internet via the route...

Страница 131: ...r in the file suffix column 3 2 3 Configuration Procedure Follow the steps below to complete the configuration 1 Choose the menu Behavior Control Web Security Web Security and click Add to load the fo...

Страница 132: ...Part 7 Configuring VPN CHAPTERS 1 VPN 2 IPSec VPN Configuration 3 L2TP Configuration 4 PPTP Configuration 5 Configuration Examples...

Страница 133: ...ocol Figure 1 1 Typical Topology of VPN Remote Client Gateway Client Enterprise Server Gateway Server Internet VPN Tunnel 1 2 Supported Features The router supports Layer 2 tunneling protocol PPTP L2T...

Страница 134: ...ion of protocols and algorithms based on the user specified policy and to generate the encryption and authentication keys to be used by IPSec IPSec can be used to protect one or more paths between a p...

Страница 135: ...ntical For both ends of the VPN tunnel the Remote Gateway Local Remote Subnet Local Remote ID Type should be matched 2 1 Configuring the IPSec Policy 2 1 1 Configuring the Basic Parameters Choose the...

Страница 136: ...formed from the IP address and subnet mask Pre shared Key Specify the unique pre shared key for both peers authentication Status Choose to enable the IPSec policy When the Client to LAN mode is select...

Страница 137: ...Specify the IKE Exchange Mode as Main Mode or Aggressive Mode By default it is Main Mode Main Mode Main mode provides identity protection and exchanges more information which applies to scenarios with...

Страница 138: ...eer is alive DPD Interval If DPD is triggered specify the interval between sending DPD requests If the IKE endpoint receives a response from the peer during this interval it considers the peer alive I...

Страница 139: ...ing page Figure 2 4 IPSec SA List The IPSec SA List shows the information of the established IPSec VPN tunnel Name Displays the name of the IPSec policy associated with the SA SPI Displays the SPI Sec...

Страница 140: ...t to LAN and the router acts as the L2TP server you don t need to configure the L2TP client on the router When the network mode is configured as LAN to LAN and the router acts as the L2TP client gatew...

Страница 141: ...ly In the General section configure L2TP parameters globally and click Save L2TP Hello Interval Specify the time interval of sending L2TP peer detect packets PPP Hello Interval Specify the time interv...

Страница 142: ...he L2TP server will determine whether to encrypt the tunnel according to the client s encryption settings 3 Specify the Pre shared Key for IKE authentication 4 Enable the L2TP tunnel 5 Click OK 3 4 Co...

Страница 143: ...hared Key Specify the Pre shared Key for IKE authentication Remote Subnet Specify the remote network It s always the IP address range of LAN on the remote peer of the VPN tunnel It s the combination o...

Страница 144: ...password of user This parameter should be the same with that of the L2TP client 2 Specify the protocol as L2TP and configure other relevant parameters according to your actual network environment Pro...

Страница 145: ...f the L2TP PPTP tunnel It s the combination of IP address and subnet mask 3 Click OK 3 6 Verifying the Connectivity of L2TP VPN Tunnel Choose the menu VPN L2TP Tunnel List to load the following page F...

Страница 146: ...ient to LAN and the router acts as the PPTP server you don t need to configure a PPTP client on the router When the network mode is configured as LAN to LAN and the router acts as the PPTP client gate...

Страница 147: ...ly In the General section configure PPTP parameters globally and click Save PPTP Hello Interval Specify the time interval of sending PPTP peer detect packets PPP Hello Interval Specify the time interv...

Страница 148: ...onfiguring the PPTP Client Follow these steps to configure the PPTP client 1 Specify the name of the PPTP tunnel and configure other relevant parameters of the PPTP client according to your actual net...

Страница 149: ...h Specify the downstream limited rate in Kbps for PPTP tunnel Working Mode Specify the Working Mode as NAT or Routing NAT NAT Network Address Translation mode allows the router to translate source IP...

Страница 150: ...N IP Pool page DNS Address Specify the DNS address to be assigned to the VPN client 8 8 8 8 for example Network Mode Specify the network mode There are two modes Client to LAN Select this option when...

Страница 151: ...e name of the tunnel when the router is a PPTP client Local IP Displays the local IP address of the tunnel Remote IP Displays the remote real IP address of the tunnel Remote Local IP Displays the remo...

Страница 152: ...the head office VPN gateway router A via the LAN port Figure 5 1 Site to Site IPSec VPN Topology Router B WAN IP 20 20 20 1 LAN IP 192 168 1 1 Router A WAN IP 30 30 30 1 LAN IP 192 168 2 1 Branch Offi...

Страница 153: ...AN to LAN as the network is connected to the other network then configure other relevant parameters Keep Enable selected as the Status of this entry Click OK Figure 5 3 Configuring the IPSec Policy 3...

Страница 154: ...the IKE Phase 2 Parameters Configuring the Router B 1 Choose the menu VPN IPSec IPSec Policy to load the following page Click Add Figure 5 6 IPSec Policy List 2 The following page will appear Specify...

Страница 155: ...tings to load the following page Advanced settings include IKEv1 phase 1 settings and IKEv1 phase 2 settings You can keep the default advanced settings In the Phase 1 Settings section configure the IK...

Страница 156: ...ring L2TP VPN 5 2 1 Network Requirements Employees out of the office need to communicate with the head office and access the internal resources at any time And the communication data needs to be well...

Страница 157: ...e steps below to configure L2TP VPN on the router and PC Configuring the router 1 Choose the menu Preferences VPN IP Pool VPN IP Pool to load the configuration page and click Add Specify the pool name...

Страница 158: ...e gateway router select VPN_Pool as the IP address pool to assign an IP address for the L2TP client enter the DNS address for example 8 8 8 8 select the network mode as Client to LAN as the VPN gatewa...

Страница 159: ...d L2TP can be used Here we take PPTP VPN as an example Figure 5 17 Remote Access PPTP VPN Topology Remote PC IP 192 168 0 1 US subsidiary Gateway Router A Internet PPTP VPN Tunnel WAN1 LAN Head Office...

Страница 160: ...re 5 19 Configuring PPTP Globally 3 Choose the menu VPN PPTP PPTP Server to load the configuration page and click Add Specify WAN1 as the outgoing interface of PPTP VPN tunnel enable MPPE encryption F...

Страница 161: ...Add Specify the entry name as VPN_to_Internet and choose WAN1 as the outgoing interface Specify the LAN subnet 192 168 0 0 on which the employees are as the Source IP Range Keep Enable selected as th...

Страница 162: ...figuring VPN Configuration Examples Verifying the connectivity of the PPTP VPN tunnel On the router choose the menu VPN PPTP Tunnel List to verify the connectivity of the PPTP VPN tunnel Figure 5 23 V...

Страница 163: ...tication CHAPTERS 1 Overview 2 Local Authentication Configuration 3 RADIUS Authentication Configuration 4 Onekey Online Configuration 5 Guest Resources Configuration 6 Viewing the Authentication Statu...

Страница 164: ...ortal Authentication Client Access Device Web Server Authentication Server Client The end device that needs to be authenticated before permitted to access the internet Access Device The device that su...

Страница 165: ...through HTTP 2 The router redirects the client s HTTP request to the web server 3 The client visits the web server 4 The Web server returns the authentication login page to the client 5 The client en...

Страница 166: ...ion RADIUS Authentication In RADIUS authentication you can specify an external RADIUS server as the authentication server The user s account information are recorded in the RADIUS server Local Authent...

Страница 167: ...ure the local user account 2 1 Configuring the Authentication Page The browser will redirect to the authentication page when the client try to access the internet On the authentication page the user n...

Страница 168: ...o enable portal authentication Idle Timeout Specify the idle timeout The client will be disconnected after the specified period Idle Timeout of inactivity and is required to be authenticated again Val...

Страница 169: ...client starts the authentication Success Redirect URL Specify the Success Redirect URL if you choose the Authentication Page as External Links The browser will redirect to this URL after the authentic...

Страница 170: ...e built in authentication server to authenticate users You need to configure the authentication accounts for the local users The router supports two types of local users Formal User If you want to pro...

Страница 171: ...ticate before this date Authentication Peroid Specify the period during which the client is allowed to be authenticated MAC Binding Type Specify the MAC Binding type There are three types of MAC Bindi...

Страница 172: ...dth Optional Specify the upstream downstream bandwidth for the user 0 means no limit Name Optional Record the user s name Telephone Optional Record the user s telephone number Description Optional Ent...

Страница 173: ...he following page Figure 2 4 Configuring the Formal User To backup local users accounts Click Backup button to backup all the local users accounts as a CSV file in ANSI coding format To restore local...

Страница 174: ...e corresponding parameters 3 1 Configuring RADIUS Authentication Choose the menu Authentication Authentication Settings Web Authentication to load the following page Please make sure that the Authenti...

Страница 175: ...re of the custom authentication page Welcome Information Specify the welcome information to be displayed on the custom authentication page Copyright Specify the copyright information to be displayed o...

Страница 176: ...n the secondary server will be effective Authentication Port Enter the service port for RADIUS authentication By default it is 1812 Authorized Share Key Specify the authorized share key This key shoul...

Страница 177: ...as Onekey Online Figure 4 1 Configuring the Web Authentication Follow these steps to configure Onekey Online Authentication 1 In the Settings section enable the authentication status configure the id...

Страница 178: ...he background picture of the custom authentication page Welcome Information Specify the welcome information to be displayed on the custom authentication page Copyright Specify the copyright informatio...

Страница 179: ...select Five Tuple Type when the IP address and service port of the free network resource are already known URL Type Specify the client and the network resources the client can visit based on the sett...

Страница 180: ...ork address and subnet mask bits Only the specified clients can visit the guest resources Destination IP Range Specify the IP range of the server s that provides the guest resources by entering the ne...

Страница 181: ...oad the following page Figure 5 1 Configuring the URL Specify the client and the network resources the client can visit by configuring the URL of the network resource and the parameters of the clients...

Страница 182: ...urces entry to make it easier to search and manage Status Check the box to enable the guest resource entry Note In a Guest Resource entry if some parameter is left empty it means the router will not r...

Страница 183: ...atus Authentication Status to load the following page Figure 6 1 Viewing the Authentication Status Here you can view the clients that pass the portal authentication Type Displays the authentication ty...

Страница 184: ...rk Topology Internet Router Clients Clients Clients Core Switch Access Switch Access Switch 7 2 Configuration Scheme For the hotel does not have an external Web server or Authentication server it is r...

Страница 185: ...ring the Authentication Page Choose the menu Authentication Authentication Settings Web Authentication to load the following page 1 Enable portal authentication and keep the Idle Timeout and Portal Au...

Страница 186: ...to load the following page Here we take the configuration of Formal User account as an example We create an account for the guests of room 101 The username is Room101 and the password is 123456 and a...

Страница 187: ...Part 9 Managing Services CHAPTERS 1 Services 2 Dynamic DNS Configurations 3 UPnP Configuration 4 Configuration Example for Dynamic DNS...

Страница 188: ...ess to change dynamically DDNS is an internet service that ensures a fixed domain name can be used to access a network with a varying public IP address This means the user s network can be more easily...

Страница 189: ...ollow these steps to configure Peanuthull DDNS 1 Click Go to register to visit the official website of Peanuthull register an account and a domain name 2 Configure the following parameters and click O...

Страница 190: ...is working normally Incorrect account name or password The account name or password is incorrect Domain Name Displays the Domain Names obtained from the DDNS server Service Type Displays the DDNS serv...

Страница 191: ...addresses for registered domain names Status Check the box to enable the DDNS service 3 View the DDNS status Figure 2 4 View the Status of Comexe DDNS Status Displays whether the corresponding DDNS s...

Страница 192: ...the account name of your DDNS account You can click Go to register to visit the official website of DynDNS to register an account Password Enter the password of your DDNS account Domain Name Specify t...

Страница 193: ...iew NO IP DDNS Choose the menu Service Dynamic DNS NO IP and click Add to load the following page Figure 2 7 View NO IP DDNS Follow these steps to configure NO IP DDNS 1 Click Go to register to visit...

Страница 194: ...8 View the Status of NO IP DDNS Status Displays whether the corresponding DDNS service is enabled Service Status Displays the current status of DDNS service Offline DDNS service is offline Connecting...

Страница 195: ...tional In the UPnP Portmap List section view the portmap list Description Displays the description of the application using UPnP protocol Protocol Displays the protocol type used in the process of UPn...

Страница 196: ...e router may be changed each time the dial up connection is established When the public IP address of the router changes DDNS service ensures the DNS server rebinds the current domain name to the new...

Страница 197: ...NS Configuration Guide 189 Figure 4 2 Registering a Domain Name 2 Set the Interface as WAN1 set the Update Interval as 6 hours and enter the Account Name and Password previously registered before Clic...

Страница 198: ...Part 10 System Tools CHAPTERS 1 System Tools 2 Admin Setup 3 Management 4 SNMP 5 Diagnostics 6 Time Settings 7 System Log...

Страница 199: ...e reboot the router and upgrade the firmware SNMP SNMP Simple Network Management Protocol is a standard network management protocol It helps network managers to configure and monitor network devices W...

Страница 200: ...stem Tools Admin Setup Admin Setup to load the following page Figure 2 1 Modifying the Admin Account In the Account section configure the following parameters and click Save to modify the admin accoun...

Страница 201: ...e the following parameters and click OK to specify the IP subnet and mask for remote management Subnet Mask Enter the IP Subnet and Mask of the remote host Status Check the box to enable the remote ma...

Страница 202: ...to enable the function then you will access the web management interface by HTTPS protocol instead of HTTP protocol HTTPS Server Port Enter the https server port for web management The port number sho...

Страница 203: ...e 3 1 Factory Default Restore Choose the menu System Tools Management Factory Default Restore to load the following page Figure 3 1 Reseting the Device Click Factory Restore to reset the device 3 2 Ba...

Страница 204: ...ost and click Restore to import the saved configuration to your router 3 3 Reboot Choose the menu System Tools Management Reboot to load the following page Figure 3 3 Rebooting the Device Click Reboot...

Страница 205: ...ress Device Name Enter a name for the device Location Enter the location of the device For example the name can be composed of the building floor number and room location Get Community Specify the com...

Страница 206: ...an show the roundtrip time between the two devices directly and traceroute can show the IP address of routers along the route path 5 1 1 Configuring Ping Choose the menu System Tools Diagnostics Diagn...

Страница 207: ...llowing section will appear Figure 5 2 Advanced Parameters for Ping Method Ping Count Specify the count of the test packets to be sent during the ping process Ping Packet Size Specify the size of the...

Страница 208: ...Specify the traceroute max TTL Time To Live during the traceroute process It is the maximum number of the route hops the test packets can pass through 3 Click Start 5 2 Remote Assistance Note Please m...

Страница 209: ...Time Settings Time Settings to load the following page Figure 6 1 Getting Automatically from the Internet In the Time Settings section configure the following parameters and click Save Current Time D...

Страница 210: ...ters and click Save Current Time Displays the current system time Time Config Select Manually to set the system time manually Date Specify the date of the system Time Specify the time of the system Sy...

Страница 211: ...the Daylight Saving Time of Europe It is from 1 00 a m on the Last Sunday in March to 1 00 a m on the Last Sunday in October Australia Select the Daylight Saving Time of Australia It is from 2 00 a m...

Страница 212: ...ng time is relative to daylight saving time 6 2 3 Date Mode Choose the menu System Tools Time Settings Time Settings to load the following page Figure 6 5 Date Mode Page In the Daylight Saving Time se...

Страница 213: ...System Log to load the following page Figure 7 1 System Log Page Follow these steps to view the system log 1 In the Log Settings section configure the following parameters and click Save Enable Auto r...

Страница 214: ...he system at risk such as a failure to release memory ERROR Generic errors WARNING Warning messages such as WinNuke attack warnings NOTICE Important notifications such as IKE policy mismatches INFO In...

Страница 215: ...rdance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the us...

Страница 216: ...esired operation of the device Le pr sent appareil est conforme aux CNR d Industrie Canada applicables aux appareils radio exempts de licence L exploitation est autoris e aux deux conditions suivantes...

Страница 217: ...modify the device Do not use damaged charger or USB cable to charge the device Do not use any other chargers than those recommended Please read and follow the above safety information when operating t...

Страница 218: ...e electrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its impact on the en...

Отзывы:

Нет отзывов

Похожие инструкции для SafeStream TL-R600VPN

ABB RELION REF615R Manual preview
RELION REF615R
Бренд: ABB Страницы: 66
Ubiquiti M900 Quick Start Manual preview
M900
Бренд: Ubiquiti Страницы: 24
3Com 486 Getting Started Manual preview
486
Бренд: 3Com Страницы: 20
D-Link DSL-2750U Setup preview
DSL-2750U
Бренд: D-Link Страницы: 14
NEC Univerge SV8100 System Configuration Manual preview
Univerge SV8100
Бренд: NEC Страницы: 44
Canon C50FSi - VB Network Camera Setup Manual preview
C50FSi - VB Network Camera
Бренд: Canon Страницы: 32
D-Link ShareCenter DNS-320L Datasheet preview
ShareCenter DNS-320L
Бренд: D-Link Страницы: 4
ABB i-bus KNX IPR/S 3.5.1 Product Manual preview
i-bus KNX IPR/S 3.5.1
Бренд: ABB Страницы: 44
PACOM Professional Series Quick Manual preview
Professional Series
Бренд: PACOM Страницы: 15
Barracuda Networks Network Quick Start Manual preview
Network
Бренд: Barracuda Networks Страницы: 2
Baracoda All in One Printer Communication Protocol Manual preview
All in One Printer
Бренд: Baracoda Страницы: 42
Canon Vb-C60 - Ptz Network Camera Setup Manual preview
Vb-C60 - Ptz Network Camera
Бренд: Canon Страницы: 30
D-Link PowerLine DHP-W611AV User Manual preview
PowerLine DHP-W611AV
Бренд: D-Link Страницы: 78
D-Link ShareCenter Quattro DNS-345 Datasheet preview
ShareCenter Quattro DNS-345
Бренд: D-Link Страницы: 4
D-Link DNS-722-4 Quick Install Manual preview
DNS-722-4
Бренд: D-Link Страницы: 16
D-Link MYDLINK DNR-322L Datasheet preview
MYDLINK DNR-322L
Бренд: D-Link Страницы: 4
D-Link mydlink DNR-312L Quick Install Manual preview
mydlink DNR-312L
Бренд: D-Link Страницы: 8
D-Link ShareCenter Quattro DNS-345 Quick Install Manual preview
ShareCenter Quattro DNS-345
Бренд: D-Link Страницы: 40

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Загрузить еще бренды