User`s manual

ManualsBrandsApple ManualsComputer equipmentTW-EA510v4

TW-EA510v4

ADSL2+ WLAN 802.11g

VPN Firewall Router

User’s Manual

Summary of content (110 pages)

PAGE 1
TW-EA510v4 ADSL2+ WLAN 802.
PAGE 2
Table of Contents CHAPTER 1: INTRODUCTION ..........................................................................................................3 INTRODUCTION TO YOUR ROUTER ..........................................................................................................3 FEATURES .............................................................................................................................................3 TW-EA510V4 ADSL ROUTER APPLICATION .......................................
PAGE 3
DNS............................................................................................................................................48 ADSL ..........................................................................................................................................49 System ............................................................................................................................................51 Time Zone ...........................................................
PAGE 4
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Chapter 1: Introduction Introduction to your Router Welcome to the TeleWell TW-EA510v4 Router. The router is an “all-in-one” unit, combining an ADSL modem, IEEE 802.11g wireless access point, ADSL router with four-port 10/100M auto-crossover Switch, and Firewall, enabling you to maximize the potential of your existing resources.
PAGE 5
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Quick Installation Wizard It supports a WEB GUI page to install this device quickly. With this wizard, end users can enter the information easily which they get from their ISP, then surf the Internet immediately. Universal Plug and Play (UPnP) and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand-alone devices and PCs from many different vendors. It makes network simple and affordable for users.
PAGE 6
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Rich Packet Filtering Not only filters the packet based on IP address, but also based on Port numbers. It will filter packets from and to the Internet, and also provides a higher level of security control. Dynamic Host Configuration Protocol (DHCP) client and server In the WAN site, the DHCP client can get an IP address from the Internet Service Provider (ISP) automatically.
PAGE 7
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router TW-EA510v4 ADSL Router Application Figure 1.
PAGE 8
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Chapter 2: Installing the Router Important note for using this router Warning Do not use this router in high humidity or high temperatures. Do not use the same power source for this router as other equipment. Do not open or repair the case yourself. If this router is too hot, turn off the power immediately and have it repaired at a qualified service center. Avoid using this product and all accessories outdoors.
PAGE 9
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router The Front LEDs LED Meaning 1 Internet Lit green when IP connected. Flashes green when IP connected and IP traffic is passing thru the device. Lit red when device attempted to become IP connected and failed. 2 DSL Lit green when successfully connected to an ADSL DSLAM (“linesync”). 3 Ethernet Port 1X — 4X (RJ-45 connector) 4 Wireless 5 Mail 6 Power Lit when the LAN link is connected to an Ethernet device.
PAGE 10
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router The Rear Ports 6 4 1 3 5 2 The Ethernet Port # 4 can be used as a console port. You need a special console tool that already includes in the package to connect with LAN port 4 and PC’s RS-232 port (9-pin serial port). Port 1 Power Switch 2 Power 3 RESET Meaning Power ON/OFF switch Connect the supplied power adapter to this jack. To be sure the device is being turned on press RESET button for: 1-3 seconds: quick reset the device.
PAGE 11
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Cabling One of the most common causes of problems is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify that you are using the proper cables. Ensure that all other devices connected to the same telephone line as your router (e.g.
PAGE 12
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides a very easy and user-friendly interface for configuration. Please check your PC’s network components. The TCP/IP protocol stack and Ethernet network adapter must be installed.
PAGE 13
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PCs in Windows in Window XP 1. 2. Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection 3. In the LAN Area Connection Status window, click Properties. (See Figure 3.2) Figure 3.2: LAN Connection Status 4. Select Internet Protocol (TCP/IP) and click Properties. (See Figure 3.3) Figure 3.
PAGE 14
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PCs in Windows 2000 1. Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and Dial-up Connections. 2. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection 3. In the LAN Area Connection Status window, click Properties. (See Figure 3.6) Figure 3.6: LAN Connection Status 4. Select Internet Protocol (TCP/IP) and click Properties. (See Figure 3.7) Figure 3.
PAGE 15
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PC in Windows 95/98/ME 1. 2. 3. Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Configuration tab. Select TCP / IP -> NE2000 Compatible, or the name of any Network Interface Card (NIC) in your PC. (See Figure 3.9) Click Properties. Figure 3.9: TCP / IP 4. Select the IP Address tab. In this page, click the Obtain an IP address automatically radio button. (See Figure 3.
PAGE 16
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PC in Windows NT4.0 1. Go to Start / Settings / Control Panel. In the 2. Control Panel, double-click Network and choose the Protocols tab. Select TCP/IP Protocol and click Properties. (See Figure 3.12) Figure 3.12: TCP / IP 3. Select the Obtain an IP address from a DHCP server radio button and click OK. (See Figure 3.13) Figure 3.
PAGE 17
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Factory Default Settings Before configuring your, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds to restore the factory default settings.
PAGE 18
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) and PPPoE. Gather the information as illustrated in the following table and keep it for reference.
PAGE 19
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.0.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin” and “admin”. (See Figure 3.14). Figure 3.
PAGE 20
TW-EA510 version 4 ADSL2+, WLAN 802.
PAGE 21
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Status ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall – MAC Address Filter function. See the Firewall section of this manual for more information on this feature.
PAGE 22
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route. RIP Routing Table Destination: The IP address of the destination network. Netmask: The destination netmask address.
PAGE 23
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Leased Table IP Address: The IP address that assigned to client. MAC Address: The MAC address of client. Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client. Expired Table Please refer the Leased Table. Permanent Table Name: The name you assigned to the Permanent configuration. IP Address: The fixed IP address for the specify client.
PAGE 24
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPTP Status This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. Tunnel Connected: Whether the VPN Tunnel is currently connected.
PAGE 25
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable Firewall logging. Error Log Any errors encountered by the router (e.g.
PAGE 26
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN). Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the WAN Internet connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your PC’s DNS settings is set correctly.
PAGE 27
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options.
PAGE 28
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Quick Start For detailed instructions on configuring your WAN settings, please see the WAN section of this manual. Your ISP will be able to supply all the details you need, alternatively, if you have deleted the current WAN Connection in the WAN – ISP section of the interface, you can use the router’s PVC Scan feature to attempt to determine the Encapsulation types offered by your ISP.
PAGE 29
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.
PAGE 30
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuration When you click this item, you get following sub-items to configure the ADSL router. LAN, WAN, System, Firewall, VPN, QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections.
PAGE 31
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Ethernet Primary IP Address IP Address: The default IP on this router. Subnet Mask: The default subnet mask on this router. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports to create multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. In this case, an internal router is not required.
PAGE 32
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules; you can add the filter rules to meet your requirements. Ethernet Client Filter: Default setting is set to Disable.
PAGE 33
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which connecting to the router. You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table. The maximum Ethernet client is 16. Wireless Mutiple APs AP Index: you can select “ Main”, “ Virtual AP1” and “Virtual AP2” Parameters WLAN Service: Default setting is set to Enable.
PAGE 34
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Disable: If you do not want broadcast your ESSID. Any client uses “any” wireless setting cannot discover the Access Point (AP) of your router. Enable: Any client that using the “any” setting can discover the Access Point (AP) in Regulation Domain: There are seven Regulation Domains for you to choose from, including North America (N.America), Europe, France, etc. The Channel ID will be different based on this setting.
PAGE 35
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Wireless Security You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is disabled. WPA-PSK (TKIP) / WPA-PSK (AES) Pre-Shared Key WPA Algorithms: There are two types of the WPA-PSK, WPA1 and WPA2. The WPA1 adapts the TKIP (Temporal Key Integrity Protocol) encrypted algorithms which incorporates Message Integrity Code (MIC) to provide protection against hackers.
PAGE 36
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router WEP WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers highly secure data encryption, known as WEP. If you require high security for transmissions, there are two alternatives to select from: WEP 64 and WEP 128. WEP 128 will offer increased security over WEP 64.
PAGE 37
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Wireless Client Filter The MAC Address supports up to 16 wireless network machines and helps you to manage your network control to accept traffic from specific authorized machines or to restrict unwanted machine(s) to access your LAN. There are no pre-define MAC Address filter rules; you can add the filter rules to meet your requirements. Filter Action: Default setting is set to Disable.
PAGE 38
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Associate Wireless Client displays a list of individual wireless device’s MAC Address that currently connects to the router. You can easily by checking the box next to the MAC address to be blocked or allowed. Then, Add to insert to the Wireless Client (MAC Address) Filter table. The maximum Ethernet client is 16.
PAGE 39
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.
PAGE 40
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router WAN (Wide Area Network) WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. There are two items within the WAN section: ISP, DNS and ADSL. ISP The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters as below. If your ISP does not use PPPoE, you can change the default WAN connection entry by clicking Change.
PAGE 41
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router RFC 1483 Routed Connections Description: Your description of this connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address.
PAGE 42
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router MAC Address Spoofing: This option is required by some service providers. You must fill in the MAC address that specify by service provider when it is required. Default is disabled. RFC 1483 Bridged Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer.
PAGE 43
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
PAGE 44
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Always on: If you want the router to establish a PPPoA session when starting up and to automatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet).
PAGE 45
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPPoE Connections Description: A user-definable name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single ISP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.
PAGE 46
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Authentication Protocol: Default is Chap (Auto). Your ISP will advise you whether to use Chap or Pap. Connection: Always on: If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoE session only when there is a packet requesting access to the Internet (i.e.
PAGE 47
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one WAN address to the router. With the PPPoE and PPPoE pass-through, concurrently, it allows user to have a WAN address assigned to the router but also able to get another WAN IP from ISP using PPPoE dialer (e.g WinPoETor Windows XP PPPoE Dialer) at the same time.
PAGE 48
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router IP Address: specify if the Router can get an IP address from the Internet Server Provider (ISP) automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address manually. The setting of this item is specified by your ISP. Authentication Protocol: Default is Chap(Auto).
PAGE 49
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router DNS A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www.helloworld.com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx, for example 192.168.0.254.
PAGE 50
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router ADSL Connect Mode: This mode will automatically detect your ADSL line code, ADSL2+, ADSL2, G.dmt, G.lite, T1.413, AnnexM2 and AnnexM2+. But in some area, multimode cannot detect the ADSL line code well. If it is the case, please adjust the ADSL line code to G.dmt or T1.413 first. If it still fails, please try the other values such as ALCTL, ADI, etc.
PAGE 51
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Upstream: Display current upstream rate of your ADSL line. Downstream: Display current downstream rate of your ADSL line. Advanced Options ADSL Parameters help to interpret your ADSL line statistics. SNR Margin: It is known as Signal to Noise Ration Margin. It is the relative of DSL strength to Noise ratio. This margin is measured in decibels (dB). Higher the dB figures better the DSL strength and better chance to get faster speed.
PAGE 52
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router System There are six items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart and User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.
PAGE 53
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minutes.
PAGE 54
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.
PAGE 55
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router You may also reset your router to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your router. Caution: After pressing the RESET button for more than 6 seconds, to be sure you power cycle the device again. User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password.
PAGE 56
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation.
PAGE 57
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Here are the items within the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking and Firewall Log. General Settings You can choose not to enable Firewall, to add all filter rules by yourself, or enable the Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter is used to filter packets based-on Applications (Port) or IP addresses.
PAGE 58
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detailed information.
PAGE 59
TW-EA510 version 4 ADSL2+, WLAN 802.
PAGE 60
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click predefined rules. The maximum name length is 32 characters. to select existing Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
PAGE 61
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click predefined rules. to select existing Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section Protocol Number: Insert the port number, i.e. GRE 47.
PAGE 62
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
PAGE 63
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring Packet Filter: 1. Click Packet Filter. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own. Click Delete 2. Click Delete to delete the existing HTTP rule. 3. Click Add TCP/UDP Filter. Click Add TCP/UDP Filter 4.
PAGE 64
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router 5. The new port filter rule for HTTP is shown below: 6. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more details.
PAGE 65
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
PAGE 66
TW-EA510 version 4 ADSL2+, WLAN 802.
PAGE 67
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements. Enable/Disable: To enable or disable URL Filter feature.
PAGE 68
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router 1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection attempt is sent to the remote web server. 2. If not, check if it is listed in the forbidden list. If yes, then the connection attempt will be dropped. 3. If the packet does not match either of the above two items, it is sent to the remote web server. 4. Please be note that the completed URL, “www” + domain name shall be specified.
PAGE 69
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer, is group of computer users who share file to specific groups of people across the Internet.
PAGE 70
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.
PAGE 71
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router VPN (Virtual Private Networks) Virtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network), PPTP PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported; Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to configure a new VPN connection.
PAGE 72
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPTP Connection - Remote Access Connection Name: A user-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router as a Client, enter the remote Server IP Address (or Domain Name) you wish to connection to.
PAGE 73
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Active as default route: Enables the default route. Click Apply button to apply your changes. Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
PAGE 74
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. 1 2 3 4 5 Item 1 2 3 4 5 Function Connection Name VPN_PPTP Dial out Server IP Address 69.121.1.33 (or Domain name) Username username Password 123456 Auth.
PAGE 75
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router PPTP Connection - LAN to LAN Connection Name: A user-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router as a Client, enter the remote Server IP Address (or Hostname) you wish to connection to.
PAGE 76
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Click Apply button to apply your changes. Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet.
PAGE 77
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PPTP VPN in the Head Office The IP address 192.168.0.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. 1 2 3 4 5 6 Item 1 2 3 4 5 6 Function Description Connection Name Dial in Private IP Address Assigned to Dialing User Peer Network IP Netmask Username Password Auth.
PAGE 78
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
PAGE 79
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream. Here are the items within the QoS section: Prioritization and Outbound / Inbound IP Throttling (bandwidth management).
PAGE 80
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Destination Port: The destination port of packets to be monitored. Source IP Address Range: The source IP address or range of packets to be monitored. Destination IP Address Range: The destination IP address or range of packets to be monitored. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify traffic based on DSCP value and send packets to next Router.
PAGE 81
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Click Clear You can click Clear to delete the existing Application. Application: A user-define description to identify this new policy/application. Time Schedule: Scheduling your prioritization policy.
PAGE 82
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Click Clear You can click Clear to delete the existing Application. Application: A user-define description to identify this new policy/application. Time Schedule: Scheduling your prioritization policy.
PAGE 83
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.0.1 Normal Users : 192.168.0.2~192.168.0.5 Restricted User: 192.168.0.
PAGE 84
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Throughput 500 400 300 VoIP/VPN HIGH 200 Others NORMAL 100 Restricted LOW kbps 0 VoIP/VPN HIGH Others NORMAL Restricted LOW Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping.
PAGE 85
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Advanced setting by using IP throttling With IP throttling you can specify more detail for allocating bandwidth; even the applications are located in the same level.
PAGE 86
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Virtual Server (“Port Forwarding”) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are preassigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them.
PAGE 87
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Add Virtual Server Because NAT can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NAT, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network. When your router needs to allow outside users to access internal servers, e.g.
PAGE 88
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Internal IP Address: The private IP in the LAN network, which will be providing the virtual server List all existing PCs connecting to the network. You may assign a PC with application. IP address and MAC from this list. Example: If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (Web/HTTP) and map to Router’s IP Address.
PAGE 89
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries. Cautious: This Local computer exposing to the Internet may face varies of security risks.
PAGE 90
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses. NAT Type: Select desired NAT type. As set in default setting, it disables the One-to-One NAT function.
PAGE 91
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Application: Users-defined description to identify this entry or click predefined rules. to select existing : 20 predefined rules are available.
PAGE 92
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 are reserved for privileged services and are designated as “well-known ports” (Please refer to Table 5). The registered ports are numbered from 1024 through 49151.
PAGE 93
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.
PAGE 94
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). 2. A detailed setting of this Time Slot will be shown. ID: This is the index of the time slot.
PAGE 95
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. There are four items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP, VLAN Bridge and WAN IP Alert.
PAGE 96
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
PAGE 97
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status – Email Checking section of the web interface, which also provides details on the number of new messages waiting. See the Status section of this manual for more information.
PAGE 98
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Embedded Web Server ( 2 Management IP Accounts) HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use. The default value is the standard HTTP port, 80.
PAGE 99
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router For Example: User A changes HTTP port number to 100, specifies their own IP address of 192.168.0.55, and sets the logout time to be 100 seconds. The router will only allow User A access from the IP address 192.168.0.55 to logon to the Web GUI by typing: http://192.168.0.254:100 in their web browser. After 100 seconds, the device will automatically logout User A.
PAGE 100
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router SNMP Version: SNMPv2c and SNMPv3 SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The "c" comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for "security", but is widely accepted as the SNMPv2 standard. SNMPv3 is a strong authentication mechanism, authorization with fine granularity for remote monitoring. Traps supported: Cold Start, Authentication Failure.
PAGE 101
TW-EA510 version 4 ADSL2+, WLAN 802.
PAGE 102
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable VLAN Bridge This section allows you to create VLAN group and specify the member. Edit: Edit your member ports in selected VLAN group.
PAGE 103
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router You can setup member ports for each VLAN group under Bridge Interface section. From the example, two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: P2, P3 and P4 (Port 2, 3, 4) Please uncheck P2, P3, and P4 from Ethernet VLAN Port first. Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order.
PAGE 104
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Spaces next to VPI and VCI, type 0 and 33 in respectively. Select appropriate ATM Class, Encapsulation Method, Acceptable Frame Type, Filter Type and PVID for Untagged Frames. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP.
PAGE 105
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Step 3: Setup VLAN Service Go to Configuration Advanced VLAN Bridge DefaultVlan lists all member ports. It is necessary to group specific member ports for each VLAN. From the example, two VLAN groups are requested: Data and Video. To create another VLAN group for Video by clicking Create VLAN. Given a name and ID (PVID) to identify the Video group. The valid value range for PVID is 1 ~ 4094.
PAGE 106
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the conformable relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration Advanced IGMP. IGMP Snooping must be enabled in order to allow video stream forwarding correctly. Mail Alert for WAN IP Send a log via Email When WAN IP is changed. Default is set to Disable. To Email Address: Enter the e-mail address you wish to send.
PAGE 107
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Save Configuration to Flash After changing the router’s configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router. Click Save to write your new configuration to FLASH. Logout To exit the router’s web interface, choose Logout. Please ensure that you have saved the configuration settings before you logout.
PAGE 108
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Chapter 5: Troubleshooting If the router is not functioning properly, first check this chapter for simple troubleshooting before contacting your service provider or TeleWell support. Problems starting up the router Problem Corrective Action None of the LEDs are on when you turn on the router. Check the connection between the adapter and the router. If the error persists, you may have a hardware problem.
PAGE 109
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router Problems with the LAN Interface Problem Corrective Action Can’t ping any PCs on the LAN. Check the Ethernet LEDs on the front panel. The LED should be on for a port that has a PC connected. If it is off, check the cables between your router and the PC. Make sure you have uninstalled any software firewall for troubleshooting. Verify that the IP address and the subnet mask are consistent between the router and the workstations.
PAGE 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router APPENDIX A: Product Support and Contact Information Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product. Contact TeleWell WORLDWIDE http://www.TeleWell.com/ Mac OS is a registered Trademark of Apple Computer, Inc.