manualshive.com logo in svg

TP-Link TL-R470T Plus, Руководство по настройке


Поделиться
Скачать
background image

Configuring Firewall

Configuration Examples

Configuration Guide  

  95

Configuration Examples

3.1  Example for Anti ARP Spoofing

3.1.1  Network Requirements

In the diagram below, several hosts are connected to the network via a layer 2 switch, and the 

router is the gateway of this network. Since there exists the possibility that the attacker will 

launch a series of ARP attacks, it is required to configure the router to protect itself and the 

terminal hosts from the ARP attacks.

Figure 3-1 

Network Topology

Internet

Layer 2 Switch

Host A

192.168.0.10

00-19-56-8A-4C-71

Host B

192.168.0.20

00-19-56-82-3B-70

Host C

192.168.0.30

00-19-56-8D-22-75

Attacker

Gateway

LAN

192.168.0.1

WAN

3.1.2  Configuration Scheme

The attacker can launch three types of ARP attacks: cheating gateway, imitating gateway 

and cheating terminal hosts. The following section introduces the three ARP attacks and the 

corresponding solutions.

 

Cheating Gateway

Cheating gateway attack is aimed at the router. 

Содержание TL-R470T Plus

Страница 1: ...Configuration Guide 1910012201 REV9 0 0 June 2017 TL R470T TL R480T ...

Страница 2: ...s 9 Configuring the WAN Connection 9 LAN Configuration 21 Configuring the IP Address of the LAN Port 21 Configuring the DHCP Server 22 Viewing the DHCP Client List 24 IPTV Configuration 25 Configuring IPTV Based on IGMP 25 Configuring IPTV in Bridge Mode 26 Configuring IPTV in Custom Mode 26 MAC Configuration 29 Configuring MAC Address 29 Switch Configuration 31 Viewing the Statistics 31 Configuri...

Страница 3: ...sion 58 Transmission 59 Overview 59 Supported Features 59 NAT Configurations 61 Configuring the Multi Nets NAT 61 Configuring the One to One NAT 62 Configuring the Virtual Servers 63 Configuring the Port Triggering 64 Configuring the NAT DMZ 65 Configuring the ALG 65 Bandwidth Control Configuration 66 Session Limit Configurations 68 Configuring Session Limit 68 Viewing the Session Limit Informatio...

Страница 4: ... Virtual Server 80 Network Requirements 80 Network Topology 81 Configuration Scheme 81 Configuration Procedure 81 Example for Configuring Policy Routing 82 Network Requirements 82 Network Topology 82 Configuration Scheme 82 Configuration Procedure 82 Configuring Firewall 85 Firewall 86 Overview 86 Supported Features 86 Firewall Configuration 88 Anti ARP Spoofing 88 Adding IP MAC Binding Entries 88...

Страница 5: ...rted Features 109 Behavior Control Configuration 110 Configuring Web Filtering 110 Configure Web Group Filtering 110 Configuring URL Filtering 113 Configuring Web Security 115 Configuration Examples 117 Example for Access Control 117 Network Requirements 117 Configuration Scheme 117 Configuration Procedure 118 Example for Web Security 121 Network Requirements 121 Configuration Scheme 122 Configura...

Страница 6: ...onfiguring the URL Type 141 Viewing the Authentication Status 143 Configuration Example 144 Network Requirements 144 Configuration Scheme 144 Configuration Procedures 145 Configuring the Authentication Page 145 Configuring Authentication Accounts for the Guests 146 Managing Services 147 Services 148 Overview 148 Support Features 148 Dynamic DNS Configurations 149 Configure and View Peanuthull DDNS...

Страница 7: ...estore 163 Backup Restore 163 Reboot 164 Firmware Upgrade 164 SNMP 165 Diagnostics 166 Diagnostics 166 Configuring Ping 166 Configuring Traceroute 167 Remote Assistance 168 Time Settings 169 Setting the System Time 169 Getting time from the Internet Automatically 169 Setting the System Time Manually 170 Setting the Daylight Saving Time 170 Predefined Mode 170 Recurring Mode 171 Date Mode 172 Syste...

Страница 8: ...dations in this document do not constitute the warranty of any kind express or implied Users must take full responsibility for their application of any products In this Guide the following conventions are used The symbol stands for Note Notes contains suggestions or references that helps you make better use of your device Menu Name Submenu Name Tab page indicates the menu structure Status Traffic ...

Страница 9: ...Part 1 Viewing Status Information CHAPTERS 1 System Status 2 Traffic Statistics ...

Страница 10: ...age displays the basic system information like the hardware version firmware version and system time and the running information like the WAN interface status memory utilization and CPU utilization Choose the menu Status System Status System Status to load the following page Figure 1 1 System Status ...

Страница 11: ...tus Traffic Statistics Interface Statistics to load the following page Figure 2 1 Interface Statistics View the detailed traffic information of each interface in the statistics list TX Rate KB s Displays the rate for transmitting data in kilobytes per second RX Rate KB s Displays the rate for receiving data in kilobytes per second TX Packet Rate Pkt s Displays the rate for transmitting data in pac...

Страница 12: ...nge to monitor Enable IP Statistics Check the box to enable IP Statistics IP Range Specify an IP range The router will monitor the packets whose source IP addresses or destination IP addresses are in this range and display the statistics information in Statistics List 2 In the Statistics List section view the detailed traffic information of the IP addresses IP Address Number Displays the number of...

Страница 13: ...tes of packets received by the user who owns the IP address Total TX Packets Displays the number of packets transmitted by the user who owns the IP address Total RX Packets Displays the number of packets received by the user who owns the IP address You can enable Auto Refresh or click Refresh to get the latest statistics information or click Clear to clear the current statistics information ...

Страница 14: ...Part 2 Configuring Network CHAPTERS 1 Overview 2 WAN Configuration 3 LAN Configuration 4 IPTV Configuration 5 MAC Configuration 6 Switch Configuration 7 VLAN Configuration 8 IPv6 Configuration ...

Страница 15: ...he LAN IPTV IPTV services is based on the Internet protocol rather than through traditional satellite signal or cable transmission The router supports three kinds of IPTV configuration according to your ISP IPTV based on IGMP IPTV in Bridge mode IPTV in Custom mode MAC You can change the default MAC address of the WAN port or LAN port according to your needs Switch The router supports some basic s...

Страница 16: ...gure physical interface 1 as WAN1 2 Configure physical interface 1 and interface 2 as WAN1 and WAN2 respectively 3 Configure physical interface 1 interface 2 and interface3 as WAN1 WAN2 and WAN3 respectively 4 Configure physical interface 1 interface 2 interface 3 and interface 4 as WAN1 WAN2 WAN3 and WAN4 respectively Note When a WAN port is added a port related tab is automatically added when a ...

Страница 17: ... Configuring the Dynamic IP In the Connection Configuration section select the connection type as Dynamic IP Enter the corresponding parameters and click Save Connection Type Choose the connection type as Dynamic IP if your ISP automatically assigns the IP address Host Name Optional Enter a name for the router It is null by default Upstream Bandwidth Specify the upstream bandwidth of the WAN port ...

Страница 18: ...ng VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatically create corresponding VLANs after you finished the configuration and add port 1 WAN 1 to the VLANs Users cannot then manually select the VLAN that WAN 1 belongs to G...

Страница 19: ... is set correctly MTU Specify the MTU Maximum Transmission Unit of the WAN port MTU is the maximum data unit transmitted in the physical network When Static IP is selected MTU can be set in the range of 576 1500 bytes The default value is 1500 Primary Secondary DNS Optional Enter the IP address of the DNS server provided by your ISP VLAN Add the WAN port to a VLAN Generally you don t need to manua...

Страница 20: ...Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During the specified period the router will automatically activate the connection Time Choose the effective time range when the Connection Mode is...

Страница 21: ... is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV func...

Страница 22: ...ame provided by your ISP Password Enter the L2TP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During...

Страница 23: ...UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatically ...

Страница 24: ... provided by your ISP Password Enter the PPTP password provided by your ISP Connection Mode Choose the connection mode including Connect Automatically Connect Manually and Time Based Connect Automatically The router will activate the connection automatically when the router reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During th...

Страница 25: ...N is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN port to that VLAN To create VLANs go to Network VLAN VLAN Note When using the IPTV function either in Bridge mode or Custom mode the router will automatic...

Страница 26: ...outer reboots or the connection is down Connect Manually You can manually activate or terminate the connection Time Based During the specified period the router will automatically activate the connection Time Choose the effective time range when the Connection Mode is chosen as Time Based To create the time range go to Preferences Time Range Time Range Upstream Bandwidth Specify the upstream bandw...

Страница 27: ... don t need to manually configure it unless required by your ISP By default the WAN port is automatically assigned to a VLAN and the egress rule of the VLAN is UNTAG so the packets are transmitted by the WAN port without VLAN tags If you want the WAN port to transmit packets with VLAN tag you need to create the corresponding VLAN first and configure its egress rule as TAG then manually add the WAN...

Страница 28: ... Address of the LAN Port Choose the menu Network LAN LAN to load the following page Figure 3 1 Configuring the LAN IP Address Enter the IP address of the LAN port and click Save IP Address Enter the IP address of the LAN port This IP address is the default gateway of the LAN clients and the IP addresses of all the LAN clients should be in the same subnet with this LAN IP address Subnet Mask Enter ...

Страница 29: ...ing the DHCP Server You can configure an IP address pool for the DHCP server to assign IP addresses When clients send requests to the DHCP server the server will automatically assign IP addresses and the corresponding parameters to the clients Moreover if you want to reserve an IP address for a certain client you can use Address Reservation to bind the IP address with the client s MAC address and ...

Страница 30: ...d to enter the IP address of the LAN port Default Domain Optional Enter the domain name of your network Primary Secondary DNS Optional Enter the DNS server address provided by your ISP If you are not clear please consult your ISP Option60 Optional Specify the option 60 for device identification Mostly it is used under the scenario where the clients apply for different IP addresses from different s...

Страница 31: ...e box to export this binding entry to IP MAC Binding List on Firewall Anti ARP Spoofing IP MAC Binding page Status Check the box to enable this entry 3 3 Viewing the DHCP Client List Choose the menu Network LAN DHCP Client List to load the following page Figure 3 4 Viewing the DHCP Client List Here you can view the DHCP client list Client Name Displays the name of the client MAC Address Displays t...

Страница 32: ...Enable IGMP Snooping and IGMP Proxy and choose the IGMP version then click Save IGMP Snooping Check the box to enable IGMP Snooping Without IGMP Snooping the router will broadcast multicast stream to all LAN ports even though some LAN ports are not connected to any multicast member With IGMP Snooping enabled the LAN ports listen IGMP packets transmitted between the router and the clients and build...

Страница 33: ...o the IPTV becomes a dedicated port for IPTV service Port Mode Specify the service to be supported by the LAN port Internet Specify the port to support only internet service If you want to access the internet you should connect your host to this port IPTV Specify the port to only support IPTV service If you want to use IPTV you should connnect your IPTV set top box to this port 4 3 Configuring IPT...

Страница 34: ...2 Enter the parameters provided by your ISP including the VLAN IDs and priorities of different services Internet VLAN ID Enter the VLAN ID of the internet service It is provided by your ISP Internet VLAN Priority Enter the VLAN priority of the internet service It is provided by your ISP 802 1Q Tag Optional Check the box and the egress internet packets of WAN 1 port will be tagged IP Phone VLAN ID ...

Страница 35: ...ecify the port to support only IP Phone service If you want to make an IP Phone call you should connect your IP Phone to this port IPTV Specify the port to only support IPTV service If you want to use IPTV you should connnect your IPTV set top box to this port Note Among the WAN ports only WAN 1 supports IPTV service So if you want to use IPTV function connect your ISP network to WAN 1 In Bridge m...

Страница 36: ...al up device for a normal internet connection Configure the MAC Address of the LAN port In a complex network with all the devices are ARP bound if you want to replace the current router with this router you can just set the MAC address of this router s LAN port as the same as that of the previous router which can avoid all the devices under this network node to update their ARP binding tables 5 1 ...

Страница 37: ...actory default value Clone Current PC s MAC Click this button to clone the MAC address of the PC you are currently using to configure the router It s only available for the WAN ports Note To avoid a MAC address conflict in the LAN it is not permitted to set the MAC address of the router s LAN port as the MAC address of the current management PC ...

Страница 38: ... getting overloaded Negotiation Mode Select the negotiation mode for the port You can set the mode as Auto or manually set the speed and duplex mode for the port It is recommended to configure both devices of a link to work in Auto Negotiation mode or manually configure them to work in the same speed and duplex mode If the two devices at both sides work in Auto mode they will advertise their speed...

Страница 39: ...ure 6 2 Viewing Port Status Status Displays the port status Link Down The port is not connected Link Up The port is working normally Speed Mbps Displays the port speed Duplex Mode Displays the duplex mode of the port Flow Control Displays if the Flow Control is enabled ...

Страница 40: ... Network VLAN VLAN to load the following page Figure 7 1 Creating a VLAN Create a VLAN and add the port s to the VLAN then click OK VLAN ID Enter a VLAN ID The value ranges from 1 to 4094 Name Specify the name of the VLAN for easy identification Ports Check the box to select the port and specify the port type in the specified VLAN The port can be divided into two types TAG or UNTAG TAG The egress ...

Страница 41: ...Displays the ports which belongs to the corresponding VLAN Description Displays the description of the VLAN Note The VLAN list contains all the VLANs existing in the router Some of them are manually created by the user and can be edited or deleted Some are automatically created and referenced by the router for some special scenarios like IPTV or management VLAN and you cannot edit or delete these ...

Страница 42: ...on Guide 35 Figure 7 3 Configuring the PVID Configure the PVID of the port then click Save Port Displays the port PVID Specify the PVID for the port PVID indicates the default VLAN for the corresponding port VLAN Displays the VLAN s the port belongs to ...

Страница 43: ...nt 2 Configure the WAN connection 8 1 Configuring the LAN Configure the type of assigning IPv6 address to the LAN clients Choose the menu Network IPv6 LAN to load the following page Figure 8 1 Configuring the LAN 1 In the Global section enable IPv6 function and click Save IPv6 Check the box to enable IPv6 function for the LAN 2 In the LAN section configure the Assigned Type and Address prefix then...

Страница 44: ...orm an IPv6 address Generally the host identifier was formed using the EUI 64 The DHCP server will also automatically advertise the DNS information to the client Address Prefix Enter the LAN address prefix provided by your ISP Note If the Prefix Delegation in WAN configuration is enabled the LAN prefix will be automatically assigned by the ISP and you do not need to manually configure it here Rele...

Страница 45: ...he router will reboot after switching the WAN mode 8 2 2 Configuring the WAN Connection The router supports five IPv6 connection types Static IP Dynamic IP SLAAC DHCPv6 PPPoE 6to4 Tunnel and Pass Through Bridge you can choose one according to the information provided by your ISP Static IP Select this if your ISP provides you with a fixed IPv6 address default gateway and DNS address Dynamic IP SLAA...

Страница 46: ...he Internet section choose the Internet Connection type as Dynamic IP SLAAC DHCPv6 and configure the corresponding parameters Then click Save Internet Connection Type Choose Dynamic IP SLAAC DHCPv6 as the connection type IPv6 Address Primary DNS Secondary DNS Displays the IPv6 address Primary DNS Secondary DNS of the WAN port These parameters are automatically assigned by the DHCPv6 server from yo...

Страница 47: ...rmed using the EUI 64 Prefix Delegation Enable or disable prefix delegation The prefix will be assigned to the LAN clients Enable The prefix of the IPv6 address will automatically be assigned by the ISP and you do not need to configure the prefix on the LAN page Disable You need to enter a prefix manually on the LAN page Note If more than one WAN port is enabled with Prefix Delegation the LAN port...

Страница 48: ...x to enable IPv6 function 2 In the Internet section choose the Internet Connection type as Static IP and configure the corresponding parameters Then click Save Internet Connection Type Choose Static IP as the connection type IPv6 Address Enter the IPv6 address provided by your ISP Default Gateway Enter the default gateway provided by your ISP Primary DNS Secondary DNS Enter the DNS address provide...

Страница 49: ...he PPPoE Follow these steps to configure PPPoE connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet section choose the Internet Connection type as PPPoE and configure the corresponding parameters Then click Save ...

Страница 50: ...ddress and configure the Prefix Delegation Then click Save Get IPv6 Address Choose the method by which the IPv6 address is obtained from the ISP DHCPv6 The DHCP server automatically assigns the IPv6 address SLAAC Stateless DHCP The DHCP server advertises the IPv6 prefix to the WAN port the WAN port then dynamically forms a host identifier that is 64 bits long and will be suffixed to the end of the...

Страница 51: ...l Follow these steps to configure 6to4 Tunnel connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to enable IPv6 function 2 In the Internet section choose the Internet Connection type as 6to4 Tunnel and configure the corresponding parameters Then click Save Internet Connection Type Choose the connection type as PPPoE IPv4 Address IPv4 Subnet...

Страница 52: ...idge mode the router works as a transparent bridge The IPv6 packets received from the WAN port will be transparently forwarded to the LAN port and vice versa No extra parameter is required Figure 8 6 Configuring the Pass Through Bridge Follow these steps to configure Pass Through Bridge connection 1 In the General section check the box to enable IPv6 function then click Save IPv6 Check the box to ...

Страница 53: ...Part 3 Configuring Preferences CHAPTERS 1 Overview 2 IP Group Configuration 3 Time Range Configuration 4 Service Type Configuration ...

Страница 54: ...e IP groups configured here will appear as options when you are configuring the effective IP addresses for functions like Bandwidth Control Session Limit Policy Routing and so on Once you configure a preference here it can be applied to multiple functions saving time during the configuration For example after configuring a time range in the Preferences Time Range Time Range page you can use this t...

Страница 55: ...oup IP Address and click Add to load the following page Figure 2 1 Add an IP Address Entry Follow these steps to add an IP address entry 1 Enter a name and specify the IP address range Name Enter a name for the IP address entry Only letters digits or underscores are allowed IP Address Type Choose a type and enter the IP address in the corresponding format Two types are provided IP Address Range Sp...

Страница 56: ...e Enter a name for the IP group Only letters digits or underscores are allowed Address Name Select the IP address entries as the members of the group from the drop down list It is multi optional If no IP address entries are selected the rule that references this IP group will have no effect on any IP addresses Description Optional Enter an brief description of this IP group to make identifying it ...

Страница 57: ... Time Range Time Range and click Add to load the following page Figure 3 1 Add a Time Range Entry Follow these steps to add a time range entry 1 Enter a name for the time range entry Time Range Name Enter a name for the time range entry Only letters digits or underscores are allowed 2 Choose a mode to set the time range Two modes are provided Working Calendar and Manually Working Calendar Working ...

Страница 58: ...me range and select the effective days in a week manually In this mode effective time can be accurate to the minute Choose Manually mode to load the following page Figure 3 3 Manually Mode Week Select the effective days in a week Time Range Enter a start and end time If the effective time is discontinuous click to add another time range 3 Optional Enter an brief description of this time range to m...

Страница 59: ...d here can be used as part of the matching conditions when configuring the Access Control rules in Firewall Choose the menu Preferences Service Type Service Type to load the following page Figure 4 1 Service Type List The entries in gray are system predefined service types You can add other entries if your service type is not in the list ...

Страница 60: ...DP TCP UDP and ICMP For other protocols select the option Other When TCP UDP or TCP UDP is selected the following page will appear Figure 4 3 TCP UDP Protocol Source Port Range Destination Port Range Specify range of the source port and destination port of the TCP or UDP packets Packets whose source port and destination port are both in the range are considered as the target packets When ICMP is s...

Страница 61: ...5 Other Protocols Protocol Number Specify the protocol number of the packets Packets with the protocol number field matched are considered as the target packets 3 Optional Enter a brief description of this service type to make identifying it easier 4 Click OK Note A service type entry that is being referenced by a rule cannot be deleted ...

Страница 62: ...iguring Transmission CHAPTERS 1 Transmission 2 NAT Configurations 3 Bandwidth Control Configuration 4 Session Limit Configurations 5 Load Balancing Configurations 6 Routing Configurations 7 Configuration Examples ...

Страница 63: ...ti Nets NAT Multi Nets NAT function can help the router provide NAT translation for multiple subnets One to One NAT One to One NAT creates a relationship between a private IP address and a public IP address A device with a private IP address can be accessed through the corresponding valid public IP address Virtual Servers When you build up a server in the local network and want to share it on the ...

Страница 64: ...rol You can control the bandwidth by configuring bandwidth control rules for limiting various data flows In this way the network bandwidth can be reasonably distributed and utilized Session Limit The amount of TCP and UDP sessions supported by the router is finite If some local hosts transmit too many TCP and UDP sessions to the public network the communication quality of the other local hosts wil...

Страница 65: ...igure the Port Triggering Configure the NAT DMZ Configure the ALG 2 1 Configuring the Multi Nets NAT Note TL R470T does not support Multi Nets NAT Choose the menu Transmission NAT Multi Nets NAT and click Add to load the following page Figure 2 1 Configuring the Multi Nets NAT Follow these steps to configure the Multi Nets NAT 1 Specify the name of the Multi Nets NAT rule and configure other relat...

Страница 66: ... One NAT Follow these steps to configure the One to One NAT 1 Specify the name of the One to One NAT rule and configure other related parameters Interface Specify the effective interface for the rule Original IP Specify the original IP address for the rule The original IP address cannot be the broadcast address network address or IP address of the interface Translated IP Specify the translated IP ...

Страница 67: ...ervers 1 Specify the name of the Virtual Server rule and configure other related parameters Interface Specify the effective interface for the rule External Port Enter the service port or port range the router provided for accessing external network The ports or port ranges cannot overlap with those of other virtual server rules Internal Port Specify the service port or port range of the LAN host a...

Страница 68: ... trigger port or port range Each entry supports at most 5 groups of trigger ports For example you can enter 1 2 3 4 5 6 7 8 8 9 Note that the ports or port ranges cannot overlap with those of other port triggering rules Trigger Protocol Specify the trigger protocol for the trigger port Incoming Port Enter the incoming port or port range Each entry supports at most 5 groups of incoming ports For ex...

Страница 69: ...onfigure the NAT DMZ 1 Specify the name of the NAT DMZ rule and configure other related parameters Interface Specify the effective interface for the rule Host IP Address Specify the host IP address for NAT DMZ Status Check the box to enable the rule 2 Click OK 2 6 Configuring the ALG Choose the menu Transmission NAT ALG to load the following page Figure 2 6 Configuring the ALG Enable related ALG a...

Страница 70: ...ing page Figure 3 1 Configuring the Bandwidth Control Follow these steps to configure the Bandwidth Control rule 1 In the Bandwidth Control Config Section enable Bandwidth Control function globally Enable Bandwidth Control Check the box to enable Bandwidth Control globally Enable Bandwidth Control When With Enable Bandwidth Control selected you can specify a percentage and the Bandwidth Control wi...

Страница 71: ...r the rule Maximum Downstream Bandwidth Specify the Maximum Downstream Bandwidth in Kbps for the rule Mode Specify the bandwidth control mode for the address group Individual means the bandwidth of each user is equal to the current bandwidth of this entry Shared means the total bandwidth of all controlled IP addresses is equal to the current bandwidth of this entry Effective Time Specify the time ...

Страница 72: ...imit Choose the menu Transmission Session Limit Session Limit to load the following page Figure 4 1 Configuring the Session Limit Follow these steps to configure the Session Limit rule 1 In the General Section enable Session Limit function globally 2 In the Session Limit Rule List section click Add to load the following page Figure 4 2 Add Session Limit rules Specify the name of the Session Limit ...

Страница 73: ...Group page Max Sessions Specify the max sessions for the controlled users Status Check the box to enable the rule 4 2 Viewing the Session Limit Information Choose the menu Transmission Session Limit Session Monitor to load the following page Figure 4 3 Viewing the Session Limit Information View the Session Limit information of hosts configured with Session Limit Click the Refresh button to get the...

Страница 74: ...on globally and click Save 2 In the Basic Settings section select the appropriate method for load balancing and click Save Enable Application Optimized Routing With Application Optimized Routing enabled the router will consider the source IP address and destination IP address or destination port of the packets as a whole and record the WAN port they pass through Then the packets with the same sour...

Страница 75: ...AN Specify the backup WAN port to back up the traffic for the primary WAN port under the specified condition Mode Specify the mode as Timing or Failover Timing Link Backup will be enabled if the specified effective time is reached All the traffic on the primary WAN will switch to the backup WAN at the beginning of the effective time the traffic on the backup WAN will switch to the primary WAN at t...

Страница 76: ...l be selected as the destination for DNS Lookup to detect whether the WAN is online Manual In Manual Mode you can configure the destination IP address for PING and DNS Lookup manually to detect whether the WAN is online Always Online In Always Online Mode the status of the port will always be online Ping With Manual Mode selected specify the destination IP for Ping The correspoding port will ping ...

Страница 77: ...lick Add to load the following page Figure 6 1 Configuring the Static Routing Specify the name of the static route entry and configure other related parameters Then click OK Name Enter a name for the static route entry Destination IP Specify the destination IP address the route leads to Subnet Mask Specify the subnet mask of the destination network Next Hop Specify the IP address to which the pack...

Страница 78: ...ing page Figure 6 2 Configuring the Policy Routing Specify the name of the policy routing entry and configure other related parameters Then click OK Name Enter a name for the policy routing entry Service Type Specify the service type for the rule Source IP Enter the source IP range for the rule 0 0 0 0 0 0 0 0 means any IP is acceptable Destination IP Enter the destination IP range for the rule 0 ...

Страница 79: ...le shows the information of the current route entries Destination IP Displays the destination IP address the route leads to Subnet Mask Displays the subnet mask of the destination network Next Hop Displays the gateway IP address to which the packet should be sent next Interface Displays the physical network interface through which this route is accessible Metric Displays the metric to reach the de...

Страница 80: ... access the internet via the same gateway router 2 The company has a web server which needs to be accessed by the users on the internet 7 1 2 Network Topology Figure 7 1 Network Topology Internet L3 Switch Web Server Gateway Router RD Department 172 16 10 0 24 Market Department 172 16 20 0 24 WAN1 LAN 192 168 0 10 192 168 0 20 123 1 1 3 7 1 3 Configuration Scheme To meet the first requirement add ...

Страница 81: ... to One NAT take effects only when the connection type of WAN port is Static IP 7 1 4 Configuration Procedure Follow the steps below to configure NAT on the gateway router Configuring the Multi Nets NAT 1 Choose the menu Transmission NAT Multi Nets NAT to load the configuration page and click Add 2 Add Multi nets NAT entries for the two departments respectively Specify the entry name as RD Market ...

Страница 82: ...h as next hop then choose the interface as WAN1 Keep Status of this entry as Enable Click OK Figure 7 4 Configuring the Static Routing for RD Department Figure 7 5 Configuring the Static Routing for Market Department Configuring the One to One NAT 1 Choose the menu Transmission NAT One to One NAT to load the configuration page and click Add 2 Add a One to One NAT entry for the web server Specify t...

Страница 83: ...etwork administrator decides to bind two WAN links using load balancing 7 2 2 Network Topology Figure 7 7 Network Topology Internet Internet WAN1 PPPoE 8Mbps WAN2 Dynamic IP 12Mbps Router PC 7 2 3 Configuration Scheme To meet the requirement configure WAN parameters on the router in order that the two WAN links can work properly and have access to the internet then configure load balancing on the ...

Страница 84: ... and specify Upstream and Downstream bandwidth for this link according to data that ISP provides Make sure two WAN links can work properly and have access to the internet Configuring the Load Balancing Choose the menu Transmission Load Balancing Basic Settings to load the configuration page Enable Load Balancing globally and click Save Enable Application Optimized Routing and enable Bandwidth Base...

Страница 85: ... unsafety Configure the FTP server as a virtual server on the router so that the FTP server can be accessed by the internet user 7 3 4 Configuration Procedure Follow the steps below to configure virtual server on the router 1 Choose the menu Transmission NAT Virtual Servers to load the configuration page and click Add 2 Specify the entry name as ftp choose the interface as WAN1 and specify the int...

Страница 86: ...r web surfing WAN2 for other internet activities 7 4 1 Network Topology Figure 7 11 Network Topology WAN1 WAN2 Router PC PC PC 192 168 0 2 192 168 0 3 192 168 0 4 Internet Internet 7 4 2 Configuration Scheme To meet the first requirement configure link backup on the router To meet the second requirement configure policy routing rules for two computers which use 192 168 0 2 and 192 168 0 3 Note tha...

Страница 87: ...ng the Policy Routing Rules 1 Choose the menu Preferences IP Group IP Address to load the configuration page and click Add Specify the IP address name as tp the IP address type as IP Address Range 192 168 0 2 192 168 0 3 Click OK Figure 7 13 Configuring the IP Address 2 Choose the menu Preferences IP Group IP Address to load the configuration page and click Add Specify the IP group name as group1 ...

Страница 88: ... source IP as group1 the destination IP as IPGROUP_ANY which means no limit Choose WAN1 and keep Status of this entry as Enable Click OK Figure 7 15 Configuring the Policy Routing Rule 1 Specify the policy routing rule name as policy2 the service type as ALL the source IP as group1 the destination IP as IPGROUP_ANY which means no limit Choose WAN2 and keep Status of this entry as Enable Click OK F...

Страница 89: ...Part 5 Configuring Firewall CHAPTERS 1 Firewall 2 Firewall Configuration 3 Configuration Examples ...

Страница 90: ...ntries which results in a breakdown of normal communication Anti ARP Spoofing can protect the network from ARP spoofing attacks It works based on the IP MAC Binding entries These entries record the correct one to one relationships between IP addresses and MAC addresses When receiving an ARP packet the router checks whether it matches any of the IP MAC Binding entries If not the router will ignore ...

Страница 91: ...AC Filtering List and deny other packets or deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Access Control Access Control can filter the packets passing through the router based on the Access Control rules An Access Control rule includes a filter policy and some conditions such as service type receiving interface and effective time The router will apply th...

Страница 92: ...u add and verify the IP MAC Binding entries first before enabling Anti ARP Spoofing 2 1 1 Adding IP MAC Binding Entries You can add IP MAC Binding entries in two ways manually and via ARP scanning Adding IP MAC Binding Entries Manually You can manually bind the IP address MAC address and interface together on the condition that you have got the related information of the hosts on the network Addin...

Страница 93: ... Choose the menu Firewall Anti ARP Spoofing IP MAC Binding to load the following page Figure 2 1 IP MAC Binding Page Follow the steps below to add IP MAC Binding entries manually 1 In the IP MAC Binding List section click Add to load the following page Figure 2 2 Add IP MAC Binding Entries Manually 2 Configure the following parameters on this page IP Address Enter an IP address to be bound MAC Add...

Страница 94: ...ng If you want to get the IP addresses and MAC addresses of the hosts quickly you can use ARP Scanning to facilitate your operation Note Before using this feature make sure that your network is safe and the hosts are not suffering from ARP attacks at present otherwise you may obtain incorrect IP MAC Binding entries If your network is being attacked it s recommended to bind the entries manually Cho...

Страница 95: ...ure 2 5 ARP Scanning Result Also you can go to Firewall Anti ARP Spoofing ARP List to view and bind the ARP Scanning entries The ARP Scanning list displays all the historical scanned entries You can click to export the entry to the IP MAC Binding table Figure 2 6 ARP List 2 1 2 Enable Anti ARP Spoofing Choose the menu Firewall Anti ARP Spoofing IP MAC Binding to load the following page Figure 2 1 ...

Страница 96: ...d GARP packets when ARP attack is detected With this option enabled the router will send GARP packets to the hosts if it detects ARP spoofing packets on the network The GARP packets will inform the hosts of the correct ARP information which is used to replace the wrong ARP information in the hosts Interval If the Send GARP packets when ARP attack is detected is enabled configure the time interval ...

Страница 97: ...able your desired feature By default all the options are disabled For details refer to the following table Multi connections TCP SYN Flood With this feature enabled the router will filter the subsequent TCP SYN packets if the number of this kind of packets reaches the specified threshold The valid threshold ranges from 100 to 99999 Multi connections UDP Flood With this feature enabled the router w...

Страница 98: ...this option enabled the router will filter the TCP scan packets of Stealth FIN Xmas and Null Block Ping of Death With this option enabled the router will block Ping of Death attack Ping of Death attack means that the attacker sends abnormal ping packets larger than 65535 bytes to cause system crash on the target computer Block Large Ping With this option enabled the router will block Large Ping at...

Страница 99: ...rst before configuring the filtering rule Choose the menu Firewall MAC Filtering MAC Filtering to load the following page Figure 2 3 MAC Filtering Follow the steps below to configure MAC Filtering 1 In the MAC Filtering List section click Add to add MAC Filtering entries to the MAC Filtering list Specify a name and enter the MAC address in the format xx xx xx xx xx xx Click OK Figure 2 4 MAC Filte...

Страница 100: ... whether to select this filtering rule With this rule selected the router will deny the packets with the MAC addresses in the MAC Filtering List and allow other packets Note MAC Filtering rules take effect on the LAN interface instead of the WAN interface 2 4 Configuring Access Control Choose the menu Firewall Access Control Access Control and click Add to load the following page Figure 2 5 Access...

Страница 101: ...he rule Source Select an IP group to specify the source address range for the rule The IP group referenced here can be created on the Preferences IP Group page Destination Select an IP group to specify the destination address range for the rule The IP group referenced here can be created on the Preferences IP Group page Effective Time Select the effective time for the rule The effective time refer...

Страница 102: ...ired to configure the router to protect itself and the terminal hosts from the ARP attacks Figure 3 1 Network Topology Internet Layer 2 Switch Host A 192 168 0 10 00 19 56 8A 4C 71 Host B 192 168 0 20 00 19 56 82 3B 70 Host C 192 168 0 30 00 19 56 8D 22 75 Attacker Gateway LAN 192 168 0 1 WAN 3 1 2 Configuration Scheme The attacker can launch three types of ARP attacks cheating gateway imitating g...

Страница 103: ...t send packets to legal host correctly To protect the hosts from the attacks above it is recommend to take both of the precautions below Configure the firewall feature on the hosts Configure the router to send GARP packets to the hosts when the router detects ARP attacks The GARP packets will inform the hosts of the correct ARP maps and the wrong ARP maps in the hosts will be replaced by the corre...

Страница 104: ...terface and give a description Host A for this entry Since the IP address 192 168 0 10 has been used by Host A we keep Export to DHCP Address Reservation as Enable to preserve this IP address from being assigned to other hosts Keep Status of this entry as Enable Click OK Figure 3 3 Add IP MAC Binding Entry 3 Add the IP MAC Binding entries for Host B and Host C as introduced above and verify your c...

Страница 105: ...3 5 Configure Anti ARP Spoofing 3 2 Example for MAC Filtering 3 2 1 Network Requirements In the diagram below the router is the gateway of the network The network administrator now detects some abnormal attack packets from a host whose MAC address is 00 17 87 4A 5C 25 To protect the devices from being attacked it is required that all packets from the attacker should be dropped when passing through...

Страница 106: ...e rest 2 Add the MAC address of the attacker to the MAC Filtering List 3 2 3 Configuration Procedure Follow the steps below to configure MAC Filtering on the router 1 Choose the menu Firewall MAC Filtering MAC Filtering to load the following page In the General section enable MAC Filtering and select the filtering rule as Deny packets with the MAC addresses listed below and allow the rest Click Sa...

Страница 107: ... Switch Router LAN 192 168 0 1 24 WAN 1 1 1 2 Internet R D Department 192 168 0 10 24 192 168 0 120 24 Other Departments 3 3 2 Configuration Scheme To meet these requirements we can configure Access Control rules on the router to filter the specific types of packets from R D department only the HTTP and HTTPs packets are allowed to be sent to the internet and other types of packets are not allowed...

Страница 108: ...erences IP Group IP Address to load the configuration page and click Add Specify a name RD select IP Address Range and enter the IP address range of the R D department Click OK Figure 3 2 Configure IP Address Range 2 Choose the menu Preferences IP Group IP Group to load the configuration page and click Add Specify a group name RD_Dept select the preset address range RD and click OK Figure 3 3 Conf...

Страница 109: ...is rule means that all the HTTP packets from the R D department are allowed to be transmitted from LAN to the internet at any time Figure 3 5 Configure Allow Rule for HTTP Service 5 Choose the menu Firewall Access Control Access Control to load the configuration page and click Add Specify a name for this rule Select Allow as the rule policy HTTPS as the service type LAN as the effective interface ...

Страница 110: ...UP_ANY as the destination IP group and Any as the effective time Click OK This rule means that all DNS packets from the R D department are allowed to be sent from the LAN to the internet at any time Figure 3 7 Configure Allow Rule for DNS Service 7 Choose the menu Firewall Access Control Access Control to load the configuration page and click Add Specify a name for this rule Select Block as the ru...

Страница 111: ...nfiguration result In the Access Control List the rule with a smaller ID has a higher priority Since the router matches the rules beginning with the highest priority make sure the three Allow rules have the smaller ID numbers compared with the Block rule In this way the router checks whether the received packet matches the three Allow rules first and only packets that do not match any of the Allow...

Страница 112: ...Part 6 Configuring Behavior Control CHAPTERS 1 Behavior Control 2 Behavior Control Configuration 3 Configuration Examples ...

Страница 113: ...ites The router provides two ways to filter websites Web Group Filtering and URL Filtering Web Group Filtering You can configure multiple websites as a web group and set a filtering rule for the group More than one group can be created and several groups can share a same filtering rule URL Filtering You can directly set a filtering rule for specific entire URLs or keywords Web Security Web Securit...

Страница 114: ...ring There are two methods to filter websites Web Group Filtering and URL Filtering 2 1 1 Configure Web Group Filtering To configure Web Group Filtering add one or more web groups first and then add web group filtering entries using the created groups Add Web Groups Choose the menu Behavior Control Web Filtering Web Group and click Add to load the following page Figure 2 1 Web Group Page Configure...

Страница 115: ...dcard Use Enter key Space key or to divide different websites Description Enter a brief description for the group Add Web Group Filtering Entries Before configuring web group entries go to the Preferences module to configure the IP Group and Effective Time according to your needs Choose the menu Behavior Control Web Filtering Web Group Filtering and click Add to load the following page Figure 2 2 ...

Страница 116: ... Effective Time Select the effective time The effective time referenced here can be created on the Preferences Time Range page Description Enter a brief description for the group ID Specify a rule ID A smaller ID means a higher priority This value is optional A newly added rule with this field left blank will get the largest ID among all rules which means that the newly added rule has the lowest p...

Страница 117: ... menu Behavior Control Web Filtering URL Filtering and click Add to load the following page Figure 2 3 URL Filtering Page Follow the steps below to configure URL filtering 1 In the URL Filtering List section click Add and configure the required parameters Click OK IP Group Select an IP group for the rule The IP group referenced here can be created on the Preferences IP Group page Policy Choose to ...

Страница 118: ...e A and deny other websites you can add an Allow rule with the filtering content A and add a Deny rule with the filtering content Note that rule should have the largest ID number which means that it has the lowest priority Effective Time Select the effective time The effective time referenced here can be created on the Preferences Time Range page Status Check the box to enable the rule Description...

Страница 119: ...k Add to load the following page Figure 2 4 Web Security Page Follow the steps below to configure Web Security 1 In the Web Security List section configure the following parameters and click OK to add a Web Security rule IP Group Select an IP group for the rule The IP group referenced here can be created on the Preferences IP Group page Block HTTP Post With this option enabled HTTP posts will be b...

Страница 120: ...ferent file suffixes The hosts of the selected IP group cannot download these types of files from the internet Effective Select the effective time The effective time referenced here can be created on the Preferences Time Range page Description Enter a brief description for the group Status Check the box to enable the rule 2 In the General section enable Web Security and click Save ...

Страница 121: ...visit the official website of the company for example http www tp link com For other departments there is no limitation of website access Figure 3 1 Network Topology R R Layer 2 Switch Router LAN 192 168 0 1 24 WAN 1 1 1 2 Internet R D Department 192 168 0 10 24 192 168 0 120 24 Other Departments 3 1 2 Configuration Scheme We can configure Web Filtering to limit the website access of the specific ...

Страница 122: ...ist rule to allow the R D department users to access www tp link com 4 Add a Blacklist rule to forbid the R D department users from accessing all websites Note that the priority of this rule should be lower than the Whitelist rule 3 1 3 Configuration Procedure Follow the steps below to complete the configuration 1 Choose the menu Preferences IP Group IP Address to load the configuration page and c...

Страница 123: ... this web group and add the member www tp link com Click OK Figure 3 4 Configure Web Group 4 Choose the menu Behavior Control Web Filtering Web Group Filtering to load the configuration page and click Add Select RD_Dept as the IP Group Whitelist as the Policy RD_Filtering as the Web Group and Any as the Effective Time Click OK This rule means that the hosts in the R D department are allowed to acc...

Страница 124: ... that the hosts in the R D department are denied access to all websites at all times Figure 3 6 Configure Blacklist Rule 6 On the same page verify your configurations In the Web Filtering List the rule with a smaller ID has a higher priority Since the router matches the rules beginning with the highest priority make sure the Whitelist rule has the smaller ID number In this way the router allows th...

Страница 125: ... Figure 3 8 Enable Web Filtering 3 2 Example for Web Security 3 2 1 Network Requirements In the diagram below the company s hosts are connected to a layer 2 switch and access the internet via the router For security reasons it is required that the users in the LAN cannot log in submit comments or download rar files on the internet Figure 3 1 Network Topology Internet R R Layer 2 Switch Router LAN ...

Страница 126: ...ar in the file suffix column 3 2 3 Configuration Procedure Follow the steps below to complete the configuration 1 Choose the menu Behavior Control Web Security Web Security and click Add to load the following page Select IPGROUP_LAN as the IP Group enable Block HTTP Post enter rar in the File Suffix filed select Any as the Effective Time and keep the Status as Enable Click OK Figure 3 2 Configure ...

Страница 127: ...ntication CHAPTERS 1 Overview 2 Local Authentication Configuration 3 Radius Authentication Configuration 4 Onekey Online Configuration 5 Guest Resources Configuration 6 Viewing the Authentication Status 7 Configuration Example ...

Страница 128: ...Portal Authentication Client Access Device Web Server Authentication Server Client The end device that needs to be authenticated before permitted to access the internet Access Device The device that supports portal authentication In this configuration guide it means the router The Access Device helps to redirect all HTTP requests to the Web Server before authenticated interact with the Authenticat...

Страница 129: ...t through HTTP 2 The router redirects the client s HTTP request to the web server 3 The client visits the web server 4 The Web server returns the authentication login page to the client 5 The client enters the username and password on the authentication login page 6 The router forwards the username and password to the authentication server 7 The authentication server returns the authentication res...

Страница 130: ...tion Radius Authentication In Radius authentication you can specify an external Radius server as the authentication server The user s account information are recorded in the Radius server Local Authentication If you don t have an additional Radius server you can choose local authentication In local authentication the router uses the built in authentication server to authenticate The built in authe...

Страница 131: ...gure the local user account 2 1 Configuring the Authentication Page The browser will redirect to the authentication page when the client try to access the internet On the authentication page the user need to enter the username and password to log in After the authentication succeeded the user can access the internet Choose the menu Authentication Authentication Settings Web Authentication to load ...

Страница 132: ...to enable portal authentication Idle Timeout Specify the idle timeout The client will be disconnected after the specified period Idle Timeout of inactivity and is required to be authenticated again Value 0 means the client will always keep online until the authentication timeout leased even if the client remains inactive Portal Authentication Port Enter the service port for portal authentication T...

Страница 133: ... client starts the authentication Success Redirect URL Specify the Success Redirect URL if you choose the Authentication Page as External Links The browser will redirect to this URL after the authentication succeeded Fail redirect URL Specify the Fail Redirect URL if you choose the Authentication Page as External Links The browser will redirect to this URL if the authentication failed Note If the ...

Страница 134: ...he built in authentication server to authenticate users You need to configure the authentication accounts for the local users The router supports two types of local users Formal User If you want to provide the user with network service for a long period of time in days you can create Formal User accounts for them Free User If you want to provide the user with network service for a short period of ...

Страница 135: ...nticate before this date Authentication Peroid Specify the period during which the client is allowed to be authenticated MAC Binding Type Specify the MAC Binding type There are three types of MAC Binding No binding Static Binding and Dynamic Binding No Binding The client s MAC address will not be bound Static Binding Manually enter the MAC address of the client to be bound Only the bound client is...

Страница 136: ...idth Optional Specify the upstream downstream bandwidth for the user 0 means no limit Name Optional Record the user s name Telephone Optional Record the user s telephone number Description Optional Enter a brief description for the user Status Check the box to enable this account Configuring the Free User Account Choose the menu Authentication User Management User Management and click Add to load ...

Страница 137: ...the following page Figure 2 4 Configuring the Formal User To backup local users accounts Click Backup button to backup all the local users accounts as a CSV file in ANSI coding format To restore local users accounts You can import the accounts to the router if you have backups Click Browse to select the file path the backup must be a CSV file then click Restore to restore the accounts You can also...

Страница 138: ...nd configure the corresponding parameters 3 1 Configuring Radius Authentication Choose the menu Authentication Authentication Settings Web Authentication to load the following page Figure 3 1 Configuring the Radius Authentication Follow these steps to configure Radius Authentication 1 In the Settings section enable the authentication status configure the idle timeout and portal authentication port...

Страница 139: ... the welcome information to be displayed on the custom authentication page Copyright Specify the copyright information to be displayed on the custom authentication page Page Preview Click the Login Page Preview button and you can preview the customized authentication page Authentication URL Specify the URL for authentication page if you choose the Authentication Page as External Links The browser ...

Страница 140: ...ive Authentication Port Enter the service port for Radius authentication By default it is 1812 Authorized Share Key Specify the authorized share key This key should be the same configured in the Radius server Retry Times Specify the number of times the router will retry sending authentication requests after the authentication failed Timeout Interval Specify the timeout interval that the client can...

Страница 141: ...ation to load the following page Figure 4 1 Configuring the Web Authentication Follow these steps to configure Onekey Online Authentication 1 In the Settings section enable the authentication status configure the idle timeout and portal authentication port Status Check the box to enable portal authentication Idle Timeout Specify the idle timeout The client will be disconnected after the specified ...

Страница 142: ... Click the Upload button to choose a local image as the background picture of the custom authentication page Welcome Information Specify the welcome information to be displayed on the custom authentication page Copyright Specify the copyright information to be displayed on the custom authentication page Page Preview Click the Login Page Preview button and you can preview the customized authenticat...

Страница 143: ...o select Five Tuple Type when the IP address and service port of the free network resource are already known URL Type Specify the client and the network resources the client can visit based on the settings of the URL IP address MAC address and service port It is recommended to select URL Type when the URL of the free network resource is already known Note By default the Guest Resource table is emp...

Страница 144: ...work address and subnet mask bits Only the specified clients can visit the guest resources Destination IP Range Specify the IP range of the server s that provides the guest resources by entering the network address and subnet mask bits Source MAC Address Enter the MAC address of the client Source Port Range Enter the source service port range Destination Port Range Enter the destination service po...

Страница 145: ...load the following page Figure 5 1 Configuring the URL Specify the client and the network resources the client can visit by configuring the URL of the network resource and the parameters of the clients then click OK Name Enter the name of the guest resource entry Type Choose the guest resource type as URL Type URL Address Enter the URL address or IP address of the network resource that can be visi...

Страница 146: ...ources entry to make it easier to search and manage Status Check the box to enable the guest resource entry Note In a Guest Resource entry if some parameter is left empty it means the router will not restrict that parameter For example if the source IP range is left empty it means all the clients can visit the specified guest resources ...

Страница 147: ...tatus Authentication Status to load the following page Figure 6 1 Viewing the Authentication Status Here you can view the clients that pass the portal authentication Type Displays the authentication type of the client Starting Time Displays the starting time of the authentication IP Address Displays the client s IP address MAC Address Displays the client s MAC address ...

Страница 148: ...ork Topology Internet Router Clients Clients Clients Core Switch Access Switch Access Switch 7 2 Configuration Scheme For the hotel does not have an external Web server or Authentication server it is recommended to choose Local Authentication to meet this requirement To control the guests internet access you can create local user accounts for the guests The guests need to use the accounts assigned...

Страница 149: ...uring the Authentication Page Choose the menu Authentication Authentication Settings Web Authentication to load the following page 1 Enable portal authentication and keep the Idle Timeout and Portal Authentication Port as default settings Figure 7 2 Enable Portal Authentication 2 Choose the Authentication Page as Custom page pick a picture of the hotel as the background picture on the authenticati...

Страница 150: ...t to load the following page Here we take the configuration of Formal User account as an example We create an account for the guests of room 101 The username is Room101 and the password is 123456 and at most three guests can use this account to authenticate Then click OK Figure 7 5 Configure the Account for the guests After all the configuration finished the guest can use the account to authentica...

Страница 151: ...Part 8 Managing Services CHAPTERS 1 Services 2 Dynamic DNS Configurations 3 UPnP Configuration 4 Configuration Example for Dynamic DNS ...

Страница 152: ...ress to change dynamically DDNS is an internet service that ensures a fixed domain name can be used to access a network with a varying public IP address This means the user s network can be more easily accessed by internet hosts UPnP With the development of networking and advanced computing techniques greater numbers of devices feature in networks UPnP is designed to solve the problem of communica...

Страница 153: ...Follow these steps to configure Peanuthull DDNS 1 Click Go to register to visit the official website of Peanuthull register an account and a domain name 2 Configure the following parameters and click OK Interface Select the interface for the DDNS service Account Name Enter the account name of your DDNS account You can click Go to register to visit the official website of Peanuthull to register an ...

Страница 154: ... is working normally Incorrect account name or password The account name or password is incorrect Domain Name Displays the Domain Names obtained from the DDNS server Service Type Displays the DDNS service type including Professional service and Standard service 2 2 Configure and View Comexe DDNS Choose the menu Service Dynamic DNS Comexe and click Add to load the following page Figure 2 3 Configur...

Страница 155: ...P addresses for registered domain names Status Check the box to enable the DDNS service 3 View the DDNS status Figure 2 4 View the Status of Comexe DDNS Status Displays whether the corresponding DDNS service is enabled Service Status Displays the current status of DDNS service Offline DDNS service is offline Connecting DDNS client is connecting to the server Online DDNS is working normally Incorre...

Страница 156: ... the account name of your DDNS account You can click Go to register to visit the official website of DynDNS to register an account Password Enter the password of your DDNS account Domain Name Specify the domain name that you registered with your DDNS service provider Update Interval Specify the Update Interval that the device dynamically updates IP addresses for registered domain names Status Chec...

Страница 157: ...View NO IP DDNS Choose the menu Service Dynamic DNS NO IP and click Add to load the following page Figure 2 7 View NO IP DDNS Follow these steps to configure NO IP DDNS 1 Click Go to register to visit the official website of NO IP and register an account and a domain name 2 Configure the following parameters and click OK Interface Select the interface for the DDNS service Account Name Enter the ac...

Страница 158: ...2 8 View the Status of NO IP DDNS Status Displays whether the corresponding DDNS service is enabled Service Status Displays the current status of DDNS service Offline DDNS service is offline Connecting DDNS client is connecting to the server Online DDNS is working normally Incorrect account name or password The account name or password is incorrect Incorrect domain name The domain name is incorrec...

Страница 159: ...ptional In the UPnP Portmap List section view the portmap list Description Displays the description of the application using UPnP protocol Protocol Displays the protocol type used in the process of UPnP Interface Displays the interface used in the process of UPnP IP Address Displays the IP address of the local host External Port Displays the external port that is opened for the application by the ...

Страница 160: ...he router may be changed each time the dial up connection is established When the public IP address of the router changes DDNS service ensures the DNS server rebinds the current domain name to the new IP address This means the user can always reach the router using the same domain name even if the public IP address has been changed 4 3 Configuration Procedure 4 3 1 Specifying the IP Address of the...

Страница 161: ...ion Example for Dynamic DNS Figure 4 2 Registering a Domain Name 2 Set the Interface as WAN1 set the Update Interval as 6 hours and enter the Account Name and Password previously registered before Click OK Figure 4 3 Specifying Peanuthull DDNS Parameters ...

Страница 162: ...Part 9 System Tools CHAPTERS 1 System Tools 2 Admin Setup 3 Management 4 SNMP 5 Diagnostics 6 Time Settings 7 System Log ...

Страница 163: ...le reboot the router and upgrade the firmware SNMP SNMP Simple Network Management Protocol is a standard network management protocol It helps network managers to configure and monitor network devices With SNMP network managers can view and modify network device information detect and analyze network error and so on The router supports SNMPv1 and SNMPv2 Diagnostics Diagnostics is used to detect net...

Страница 164: ...ystem Tools Admin Setup Admin Setup to load the following page Figure 2 1 Modifying the Admin Account In the Account section configure the following parameters and click Save to modify the admin account Old Username Enter the old username Old Password Enter the old password New Username Enter a new username New Password Enter a new password Confirm New Password Re enter the new password for confir...

Страница 165: ...re the following parameters and click OK to specify the IP subnet and mask for remote management Subnet Mask Enter the IP Subnet and Mask of the remote host Status Check the box to enable the remote management function for the remote host 2 3 System Setting Choose the menu System Tools Admin Setup System Settings to load the following page Figure 2 3 Configuring System Settings In the Settings sec...

Страница 166: ... to enable the function then you will access the web management interface by HTTPS protocol instead of HTTP protocol HTTPS Server Port Enter the https server port for web management The port number should be different from other servers The default setting is 443 After changing the https server port you should access the interface by using IP address and the port number in the format of https 192 ...

Страница 167: ...de 3 1 Factory Default Restore Choose the menu System Tools Management Factory Default Restore to load the following page Figure 3 1 Reseting the Device Click Factory Restore to reset the device 3 2 Backup Restore Choose the menu System Tools Management Backup Restore to load the following page Figure 3 2 Backup Restore Page Choose the corresponding operation according to your need ...

Страница 168: ...host and click Restore to import the saved configuration to your router 3 3 Reboot Choose the menu System Tools Management Reboot to load the following page Figure 3 3 Rebooting the Device Click Reboot to reboot the device 3 4 Firmware Upgrade Choose the menu System Tools Management Firmware Upgrade to load the following page Figure 3 4 Configure System Settings Select one firmware file and click ...

Страница 169: ...dress Device Name Enter a name for the device Location Enter the location of the device For example the name can be composed of the building floor number and room location Get Community Specify the community that has read only access to the device s SNMP information Get Trusted Host Enter the IP address that can serve as Get Community to read the SNMP information of this device Set Community Speci...

Страница 170: ...can show the roundtrip time between the two devices directly and traceroute can show the IP address of routers along the route path 5 1 1 Configuring Ping Choose the menu System Tools Diagnostics Diagnostics to load the following page Figure 5 1 Configuring Diagnostics Follow these steps to configure Diagnostics 1 In Diagnostics section select Ping and configure the following parameters Diagnostic...

Страница 171: ...ollowing section will appear Figure 5 2 Advanced Parameters for Ping Method Ping Count Specify the count of the test packets to be sent during the ping process Ping Packet Size Specify the size of the test packets to be sent during the ping process 3 Click Start 5 1 2 Configuring Traceroute Choose the menu System Tools Diagnostics Diagnostics to load the following page Figure 5 3 Configuring Diagn...

Страница 172: ... Specify the traceroute max TTL Time To Live during the traceroute process It is the maximum number of the route hops the test packets can pass through 3 Click Start 5 2 Remote Assistance Note Please make contact with the technicians brfore trying to use this function Choose the menu System Tools Diagnostics Remote Assistance to load the following page Figure 5 5 Remote Assistance Page 1 In the Re...

Страница 173: ...s Time Settings Time Settings to load the following page Figure 6 1 Getting Automatically from the Internet In the Time Settings section configure the following parameters and click Save Current Time Displays the current system time Time Config Select Get automatically from the Internet to get the system time from the NTP server Time Zone Select the time zone the device is in Primary NTP Server En...

Страница 174: ...eters and click Save Current Time Displays the current system time Time Config Select Manually to set the system time manually Date Specify the date of the system Time Specify the time of the system Synchronize with PC s Clock Synchronize the system time of the router with PC s clock 6 2 Setting the Daylight Saving Time Choose one method to set the daylight saving time 6 2 1 Predefined Mode Choose...

Страница 175: ...t the Daylight Saving Time of Europe It is from 1 00 a m on the Last Sunday in March to 1 00 a m on the Last Sunday in October Australia Select the Daylight Saving Time of Australia It is from 2 00 a m on the First Sunday in October to 3 00 a m on the First Sunday in April New Zealand Select the Daylight Saving Time of New Zealand It is from 2 00 a m on the Last Sunday in September to 3 00 a m on ...

Страница 176: ...ing time is relative to daylight saving time 6 2 3 Date Mode Choose the menu System Tools Time Settings Time Settings to load the following page Figure 6 5 Date Mode Page In the Daylight Saving Time section select one predefined DST schedule and click Save DST Status Check the box to enable the DST function Mode Select Date Mode to specify an absolute time range for the daylight saving time Time O...

Страница 177: ... System Log to load the following page Figure 7 1 System Log Page Follow these steps to view the system log 1 In the Log Settings section configure the following parameters and click Save Enable Auto refresh Check the box to enable this function and the page will refresh automatically every 10 seconds ...

Страница 178: ...the system at risk such as a failure to release memory ERROR Generic errors WARNING Warning messages such as WinNuke attack warnings NOTICE Important notifications such as IKE policy mismatches INFO Informational messages DEBUG Debug level notifications such as when the router receives a DNS packet Send Log Enable the Send Log function and then the newly generated logs will be sent to the specifie...

Страница 179: ...ordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause ...

Страница 180: ...pareil ne doit pas produire de brouillage 2 l utilisateur de l appareil doit accepter tout brouillage radioélectrique subi meme si le brouillage est susceptible d en compromettre le fonctionnement Industry Canada Statement CAN ICES 3 A NMB 3 A NCC Notice 注意 依據 低功率電波輻射性電機管理辦法 第十二條 經型式認證合格之低功率射頻電機 非經許可 公司 商號或使用者均不得擅自變 更頻率 加大功率或變更原設計之特性或功能 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通行 經發現有干擾現象時 應立即停用 並改善至無干擾時方得繼續使用...

Страница 181: ...и актами України Safety Information Keep the device away from water fire humidity or hot environments Do not attempt to disassemble repair or modify the device Do not use damaged charger or USB cable to charge the device Do not use any other chargers than those recommended Please read and follow the above safety information when operating the device We cannot guarantee that no accidents or damage ...

Страница 182: ...te electrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its impact on the environment User has the choice to give his product to a competent recycling organization or to the retailer when he buys a new electrical or electronic equipment ...

Отзывы:

Нет отзывов

Похожие инструкции для TL-R470T Plus

D-Link DI-106 Series Faq preview
DI-106 Series
Бренд: D-Link Страницы: 29
D-Link DGS-3700 Series User Manual preview
DGS-3700 Series
Бренд: D-Link Страницы: 292
D-Link DGS-3224SR User Manual preview
DGS-3224SR
Бренд: D-Link Страницы: 140
D-Link DGS-1224T - Web Smart Switch User Manual preview
DGS-1224T - Web Smart Switch
Бренд: D-Link Страницы: 61
D-Link DI-LB604 - Load Balancing Router Quick Installation Manual preview
DI-LB604 - Load Balancing Router
Бренд: D-Link Страницы: 14
D-Link DIR-605L Specification preview
DIR-605L
Бренд: D-Link Страницы: 2
D-Link DIR-510L Manual preview
DIR-510L
Бренд: D-Link Страницы: 45
D-Link DES-3550 Manual preview
DES-3550
Бренд: D-Link Страницы: 218
D-Link DES-3528 - xStack Switch - Stackable User Manual preview
DES-3528 - xStack Switch - Stackable
Бренд: D-Link Страницы: 322
D-Link DIR-130 - Broadband VPN Router How To Set Up preview
DIR-130 - Broadband VPN Router
Бренд: D-Link Страницы: 10
D-Link DIR-130 - Broadband VPN Router Troubleshooting Manual preview
DIR-130 - Broadband VPN Router
Бренд: D-Link Страницы: 4
D-Link DIR-130 - Broadband VPN Router Configuration preview
DIR-130 - Broadband VPN Router
Бренд: D-Link Страницы: 13
D-Link DIR Series Configuration Manual preview
DIR Series
Бренд: D-Link Страницы: 13
D-Link DI-804HV - Express ENwork Router Configuration Manual preview
DI-804HV - Express ENwork Router
Бренд: D-Link Страницы: 19
D-Link DI-808HV Quick Installation Manual preview
DI-808HV
Бренд: D-Link Страницы: 12
D-Link DI-804 Quick Install Manual preview
DI-804
Бренд: D-Link Страницы: 8
D-Link DI-604UP Quick Install Manual preview
DI-604UP
Бренд: D-Link Страницы: 16
D-Link DI-304 Technical Bulletin preview
DI-304
Бренд: D-Link Страницы: 7

Бренды по названию

Популярные бренды

Загрузить еще бренды