D-Link DI-804 Broadband Router User’s Manual Rev.
Contents Introduction ................................................................................................4 Package Contents......................................................................................5 Introduction to Broadband Router Technology ........................................6 Introduction to Firewalls ..........................................................................6 Introduction to Local Area Networking ...................................................
Filter Rules Setup ...............................................................................31 System Management ................................................................................36 Passwords ...............................................................................................37 Local/Remote Configuration..................................................................38 Unit Status ..............................................................................................
Introduction Congratulations on your purchases of the D-Link Broadband Router. Your Broadband Router enables you to share your DSL or Cable Internet connection with computers on your network. This guide will explain the features and functions of the Broadband Router to help you get the most out of your Internet experience. D-Link’s Broadband Router allows LAN users to share a single Internet Connection while providing the safety and security of port blocking, packet filtering, and a natural firewall.
Internet and ensure complete Internet application compatibility even if specific ports are not known. Unlike proxy server or NAT software that requires the software server to remain visible on the Internet, no local computers are directly externally visible when using the Broadband Router. Also the Broadband Router, like broadband, is always on, removing the need to constantly boot a software server when access is desired from a client.
Introduction to Broadband Router Technology A router is a device that forwards data packets from a source to a destination. Routers work on OSI layer 3, which forwards data packets using an IP addresses and not a MAC address. A router will forward data from the Internet to a particular computer on your LAN. The information that makes up the Internet gets moved around using routers. When you click on a link on a web page, you send a request to a server to show you the next page.
A firewall watches all of the information moving to and from your network and analyzes each piece of data. Each piece of data is checked against a set of criteria that the administrator configures. If a ny data does not meet the criteria, that data is blocked and discarded. If the data meets the criteria, the data is passed through. This method is called packet filtering. A firewall can also run specific security functions based on the type of application or type of port that is being used.
forwards the data to all other ports. A switch is more sophisticated, in that a switch can determine the port that each piece of data is supposed to be delivered to. A switch minimizes network traffic and speeds up the communication over a network. Networks take some time in order to plan and implement correctly. There are many types of scenarios to consider which could affect the operability of a network.
standard for VPN server software. Because of this, each ISP or business can implement their own VPN network making interoperability a challenge.
Hardware Installation Placement Your Broadband Router should be placed in a safe and secure location. To ensure proper operation, please keep the unit away from water and other damaging elements. Your Broadband Router can be mounted on a wall or a shelf using the screw-holes located on the bottom of the unit. Self-adhesive rubber feet are provided to stick on the bottom of the unit to protect the surface where you have placed the unit.
Front Panel The front panel provides LED’s for device status. Refer to the following table for the meaning of each feature. Power/Test Power status of the DI-804. The Power/Test LED will blink once every two seconds to indicate proper operation. No LED light indicates no power. WAN Wide Area Network status. When connected to the Internet, Link/Act the WAN LED should be on. Ethernet Local Area Network port status. A steady LED indicates a 1 –4 connection between computers on your LAN.
Basic DI-804 Configuration Your Broadband Router provides a Web Configuration interface that can be accessed using standard web browsers such as Netscape Communicator or Microsoft Internet Explorer. Since the interface is web based (HTTP), your Broadband Router can be configured with any java and HTML compliant Internet browser in any operating system. This section will discuss the Web Configuration interface and how to use different options and settings.
In order to configure the Broadband Router you must input the user- name into the User Name box. Enter the password into the Password box and press the OK button. The default User Name is “Admin”. There is no default password, leave the Password field blank. Once you have logged-in as administrator, it is a good idea to change the administrator password to ensure a secure connection to your Broadband Router. The System Management section described later in this manual describes how to change the password.
Main Page The Main Page screen provides links to the main sections of the web configuration interface. Each section is described in detail in the following sections of this manual. The Unit Status links to the status screen to view current status of your internet connection and is described in the System Management chapter. Note: The Web Configuration Interface was designed to provide helpful information on each screen.
Setup Wizard The Setup Wizard page is a step-by-step guide to configuring the DI-804 to work with your ISP provider. Refer to the information provided in the left frame for information regarding each step.
Basic Setup The Basic Setup screen enables you to change basic settings related to accessing the Internet. All of the settings covered in the Basic Setup section are covered in the Setup Wizard.
Internet Settings The Internet Settings screen enables you to change the settings related to connecting to your ISP. The Computer Name is used to give a name to your connection if you are using a Cable modem. The Domain Name (host name) is the name given to you by your ISP provider if you using the @Home cable Internet service.
Choose the Type of Connection you use by selecting Dynamic IP, Static IP, or PPPoE. Select Dynamic IP if your ISP has not given you a unique IP address and you receive an automatic IP address each time you connect to your ISP. The rest of the settings related to your connection are retrieved automatically each time you connect to the Internet. Some Cable providers require your MAC address to ensure authentication, if all settings are verified correctly and you still cannot access the Internet.
connection and login to your ISP like you would do with a dial- in modem, then you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. The safest way to check is to call your ISP or read the documentation provided when you signed up for your Internet service. If you select PPPoE, you will need to enter the correct values for your User Name and Password in the fields provided.
Local Network Settings The Internet Settings screen enables you to change the settings related to the Local Network Settings. Select DHCP server if you require DI-804 to assign IP addresses automatically to PCs that have attached to your LAN. You need specify where you want DI-804 to start to assign IP addresses and how many IP addresses you hope to use. Please notice the Starting IP Address needs to have same values at the first three fields with DI-804 Local Port -> Local IP Address.
Specific Application Support The Specific Application Support screen enables you to select certain predefined applications to allow those applications to operate correctly over the Internet. To enable a specific application, put a check in the box next to that application by clicking on the box. Click the Finish button to save your settings.
DMZ Control The DMZ Control screen enables one computer to have full access to the Internet without the protection of the firewall. This allows a computer to be exposed to unrestricted two-way communication outside of your network. To enable DMZ, click the checkbox to the left of DMZ Enable. Then type the IP address in the box provided, or click the Choose PC button. When the Choose PC button is pressed, a list of IP Addresses will be displayed.
contact the maximum number of servers, which can improve ping times. Once the game connects to the game server, disable DMZ to ensure proper firewall protection.
Advanced DI-804 Configuration The default configuration of the DI-804 will stop most unrecognized information from entering your network. The only IP Address visible to the outside Internet is the IP address of the DI-804. Some applications and services require special configuration in order to operate correctly with the Internet. Your DI-804 provides additional features such as: Open Ports: Allows specific ports to be opened to allow certain Internet applications to work correctly.
Open Ports The DI-804 can open ports or port ranges to ensure application compatibility. This screen shows which Open Ports rules you have configured. Please note that opening a port or port range can be a security risk, so only open necessary ports. To open a port or port range, click on the underlined number on the right to configure. The following screen will be shown.
Click on the box next to Enable Open Ports to enable the use of the index that you are using. You can enter a comment in the Comment field to help recognize this index. Only one computer on your LAN can use each Index. You can choose which computer you want to use by entering the IP Address of that computer in the Local Computer field or click the Choose PC button and click on the IP Address. To configure certain ports to be opened, you must configure the Protocol, Start Port and End Port fields.
Port Redirection The DI-804 can redirect ports or port ranges to ensure application compatibility. This screen shows which Port Redirection rules that you have configured. Please note that redirecting a port or port range also opens the ports and can be a security risk, so only redirect necessary ports. To redirect a port or port range, click on the underlined number on the right to configure. The following screen will be shown.
You can enter a comment in the Comment field to help recognize this index. To configure certain ports to be redirected, you must configure the Internet Port, Local Port, Protocol and Local Computer fields. The Internet Port is the port on the Internet that the application will use to communicate with your computer. The Local Port is the port that you would like the Internet port to use on your LAN side. The Protocol drop down box enables you to choose TCP, UDP, or –.
Advanced Filter/Firewall This screen allows you to set up rules based filtering and logging to ensure maximum control over internal and external Internet communication. The default settings ensure proper configuration for normal Internet operation. Advanced users can use these settings to configure special settings for their need. Refer to the following sections for instructions on configuring the filters and firewall settings.
General Setup The General Setup screen enables you to configure general filtering and logging settings for all users. You can Enable or Disable the Call Filter or Data Filter and set a specific Start Filter Set. You can set the Log Flag to None, Pass, Block or No Match. None means that the log function is inactive. Block means that the log function will record all blocked packets. Pass means that the log function will record all passed packets.
(HEX Format) into the field provided. Entering “0” will disable the feature. Set to Default Rules The Set to Default Rules button will change all modified settings within the Advanced Filter/Firewall to the default settings.
you provide. For each filter set, you can enter a name in the Comments field to differentiate each filter set. Click on a Filter Rule button to add or edit each filter rule. When you click the Filter Rule button, the following screen will be shown. The Comments field can be used to name the rule.
to enable the Filter Rule. To disable the Filter Rule, click the checkbox so there is no check in the box. The Pass or Block dropdown box specifies the action applied to the packets that match the rule. § Use Block Immediately to block all packets matching the rule immediately upon detection. § Use Pass Immediately to pass all packets matching the rule immediately upon detection. § Use Block If No Further Match if you want any packets that match the rule and also do not match further rules to be dropped.
“!” before the IP Address to act as the logical NOT operator. The Subnet Mask column specifies the Subnet Mask for the IP Address for both Source and Destination IP Addresses. Select only the correct Subnet Mask for your specific IP Address. The Operator dropdown boxes specify the relative operator to use for the current Start and End ports. The Start Port specifies the port that will be used as the beginning port in the range. The End Port is the end ing port number for the specified range.
specify the path that a packet will take to and from the destination address. The Fragments dropdown box specifies what the filter will do with fragmented packets. Select Don’t Care to specify no fragment options in. Select Without Fragment to filter when packets are not fragmented. Use With Fragment to filter whe n packets are fragmented. Select With Short Fragment to filter when packets which are too short to contain a complete header.
System Management The System Management section enables you to manage your DI-804 and view information related to unit functions. The following functions are described in this chapter. Passwords : Change administrator password. Local/Remote Configuration: Change remote configuration settings. Unit Status : View WAN and LAN connection information. Logs: View logs related to routing, sessions, DHCP and PPPoE. Diagnostics : View WAN and LAN diagnostic information. Reboot: Reboot the DI-804.
TFTP Firmware Upload: Upload new firmware through TFTP. Passwords This screen allows you to change the administrator password for the DI-804. To change the administrator password, click your mouse inside of the Old Password box and type in the old password. Then click inside of the New Password box and type the password that you would like to change to. Next, click inside of the Reconfirm box and type in the new password again.
3. 4. Use a combination of letters and numbers. Make sure that the Caps Lock key is not on. Local/Remote Configuration The Local/Remote Configuration screen enables you to control the port numbers that are assigned to HTML and Telnet configuration. Enter the desired port number into the box provided for both HTML and Telnet Configuration Settings. Click inside of the checkbox located at the left of the Enable Remote HTML or Telnet Configuration to enable the use of remote configuration.
Unit Status The Unit Status screen displays all information related to the connection of your DI-804 to your ISP. Additiona l information is provided regarding the LAN ports of your DI-804 and the Firmware Version. The Internet section shows the connection information of your WAN port to your ISP. If no information is provided in this section, you do not have a current Internet connection. The Local section shows the IP Address and Subnet Mask that the local port.
Logs The Logs screen can be used to display information logs pertaining to different aspects of your DI-804. Clicking on the links will display a pop-up screen containing the desired information. The Triggered Packet Header Log shows the header information of the PPPoE packet that requests that the DI-804 dial your PPPoE connection. The Routing Table displays the DI-804 routing table. The Users – DHCP Log displays the allocation of LAN IP Address’s.
Diagnostics The Diagnostics screen displays current status and connection information. This screen is similar to the Unit Status screen, although both sections can be used to diagnose problems with your Internet connection. The following diagnostic pop-up screen displays WAN and LAN port information and allows you to dial or drop your PPPoE connection.
Refer to the fo llowing table for descriptions of the diagnostics pop-up window. LAN1 Status : IP Address: IP address of the LAN1 interface. TX Packets: Total number of transmitted IP packets sent since the DI-804 was powered on. RX Packets: Total number of received IP packets received since the DI-804 was powered on. LAN2/WAN Status : Mode : Indicates which broadband access mode is active. Depending upon the broadband access mode, you may see Static IP, Dynamic IP, PPTP, or PPPoE.
Reboot Pressing the Reboot button will allow you to reboot the DI-804 without turning the power off. The following screen will be shown asking you if you want to restart yo ur DI-804. Press OK to reboot the DI-804, or press Cancel to return to the DI-804 configuration interface. Restore Default Settings The Restore Default Settings button will change the configuration settings to the default settings used when you first received your DI-804.
TFTP Firmware Upload Updated firmware can be downloaded from D-Links website around the world. Follow instructions provided with the newer firmware to upload the firmware into the DI-804. Upgrade instructions are as follow: When you download the updated firmware which was ZIP file format completely. Please extract this ZIP file that has a execute file in it. The following screen will be shown when you double click your mouse directly in this execute file.
Please input your administrator ’s password. If you do not set your password, the value is empty. Press OK to next instruction, or press Cancel to return to the previously configuration interface. Ready to upgrade your DI-804’s firmware. Press Send to upgrade your DI-804’s firmware, or press Abort to quit your firmware upgrade.
Press Ok to finish your firmware upgrade.
Telnet Terminal Commands The following section describes how to use Telnet terminal commands to diagnose network problems and perform simple setting changes. We will use Windows’s Telnet client software for our example to explain how it works. If you are not using Microsoft Windows, you can use a similar terminal emulation program. To run Telnet to connect to the Broadband Router, click Start and then click Run and type “Telnet 192.168.0.1” in the Open box. Press OK and the Telnet window will be shown.
1. Log into the Telnet terminal. 2. Type “log -F c” to clear all call logs. 3. Ping any outside host to force the Broadband Router to dial the connection. 4. Type “log -c” to view the latest call log. Viewing PPP Logs Type “log -p” to get the detailed PPP. The steps are: 1. Login the Telnet terminal. 2. Type “log -F w” to clear all PPP logs. 3. Ping any outside host to force the Broadband Router to dial the connection. 4. Type “log -p” to view the latest PPP log.
Troubleshooting the DHCP Client on WAN On the cable access environment, the DHCP client (dynamic IP) is a popular way to access the Internet. Use the “ip dhcpc ...” command to help you diagnose DHCP client problems in a similar way as ipconfig.exe or winipcfg.exe on the Windows OS Platform. Type the “ip dhcpc ?” command to view additional help Type “ip dhcpc release to release the WAN IP address. Type “ip dhcpc renew” to renew the WAN IP address.
Troubleshooting In the event that you are unable to connect to or use your Broadband Router, please refer to the following troubleshooting guide. After each problem description, a possible cause and problem resolution is provided. If this section does not help you fix the problem, go to the D-Link web site (www.dlink.com) for additional troubleshooting tips. If neither of these helps, please contact D-Link Technical Support for additional help.
§ The unit is not receiving the correct voltage from the power supply. Resolution: § Download and upgrade the latest firmware. § Make sure the correct firmware has been used while upgrading. Use only the firmware provided on D-Link’s web or FTP sites. § Use only the power adapter provided. The Link or Act LED’s do not turn on. Cause: § The network cable is not connected. § The network cable is connected but not the right type, whether it is patch or straight-through.
streams. Some of these streams may cause the Broadband Router to lock up. When the Broadband Router locks up, it will not affect the computers attached to it. You may need to restart the client computers to regain Internet access. Although sometimes inconvenient, a lock- up is an indication of an attack. Part of the design of the Broadband Router is to act as a decoy for such traffic.
§ § settings. Make sure that the IP Address used on your computer is set to the same subnet as the Broadband Router. For example, if the Broadband Router is set to 192.168.0.1, change the IP address of your computer to 192.168.0.15 or another unique IP Address that corresponds to the 192.168.0.X subnet. Follow the instructions outlined in the Appendix section labeled “Console Mode” to check the basic settings of your Broadband router.
ISP Connection Problems I can access the Broadband Router, but I can’t connect to my ISP. Cause: § Your DSL or Cable modem is not functioning correctly. § The cable is connected from the WAN port of the Broadband Router to your DSL or Cable modem. § The wrong connection type is used in Setup. § The username and password is not input correctly. § If using @Home service, the computer name is not input correctly. § Your ISP may only allow one MAC address to access the Internet.
Internet Application Problems My online game does not work. Cause: § The NAT table has filled up. § The correct settings have not been used to open the correct ports for your application. § The unit has stopped working or crashed. Resolution: § If you are trying to connect to game servers and your connection has stopped working, wait a few minutes or turn the unit off and then on again. Games send out many requests to many different servers trying to find the best game server for your connection.
Cause: § The Domain Suffix is not set correctly. Resolution: § Some email applications require you to enter the Domain Suffix when you configure your network and TCP/IP settings. The Domain Suffix is the unique identifier for your email server. § The Domain Suffix is the Internet Protocol (TCP/IP) address of the email server you are using. Your cable modem or DSL provider usually lists it somewhere on your invoice. The Domain Suffix address should appear similar to this: dlink.occa.home.com.
Performing a Factory Reset Follow these steps to perform a Factory Reset using the Reset button on the back of the DI-804. 1. With the unit off, press and hold the Reset button with a pen or paper clip and turn the unit on. 2. Hold the reset button for about 5 or 6 seconds until the Power/Test LED on the front panel blinks very quickly and then release. 3. Wait a few seconds for the Broadband Router to reboot using default settings.
Using the PING Utility in Windows 95/98/Me In Windows, Microsoft has provided a small utility called PING that can be used to troubleshoot your IP address and connection. The PING utility is used mainly to test the connection between your computer and a client computer. Using the PING utility to check a connection can be helpful in determining where the problem is, whether it be your Broadband Router, your DSL or Cable modem, or your ISP.
§ connection is not complete. If a PING is unsuccessful between you and your DSL or Cable modem, then your connection is not setup correctly. If it is unsuccessful when PINGing your ISP or an Internet site, then your connection is setup correctly but there is a problem with your ISP or the Internet site you tried to PING is unavailable. The screen shown below is an example of an unsuccessful PING. C:\>ping 192.168.0.1 Pinging 192.168.0.1 with 32 bytes of data: Request timed out. Request timed out.
Using the WINIPCFG Utility in Windows 95/98/Me In Microsoft Windows versions 95 through Me, Microsoft has provided a small utility called WINIPCFG that can be used to troubleshoot your IP address and connection. The WINIPCFG utility is used mainly to view, release and renew your IP Address configuration. Windows NT (including Windows 2000) has a similar utility called IPCONFIG that can be used to perform similar tasks.
Renew buttons to receive the correct settings. If you manually set your network settings, make sure that the IP Address of your Broadband Router is set in the Gateway portion of the TCP/IP settings in your network settings. § Click on "More Info" to display additional IP information. The important settings to watch for in this screen are in the Host Information box. Make sure that the DNS Servers box has the correct DNS information.
Also check the DHCP server box to make sure that you are connected to the right DHCP server.
Technical Specifications Standards: • IEEE 802.3 10BASE-T Ethernet • IEEE 802.3u 100BASE-TX Fast Ethernet • ANSI/IEEE 802.
Key Features Network address translation (NAT): Multiple users may concurrently connect to an Internet service provider (ISP) with a single Internet account. Firmware upgrade (TFTP) server: Using the server and firmware upgrade utility software, you can upgrade new firmware for features enhancement. Web (HTTP) server: You also can use browsers such as Microsoft Internet Explorer or Netscape Communicator to configure DI-804.
D-Link Offices AUSTRALIA CANADA CHILE CHINA DENMARK EGYPT FRANCE GERMANY INDIA ITALY JAPAN RUSSIA SINGAPORE S. AFRICA SWEDEN TAIWAN U.K. U.S.A. D-LINK AUSTRALASIA Unit 16, 390 Eastern Valley Way, Roseville, NSW 2069, Australia TEL: 61 -2-9417 -7100 FAX: 61-2-9417-1077 TOLL FREE: 1800 -177-100 (Australia), 0800-900900 (New Zealand) URL: www.dlink.com.au E-MAIL: support@dlink.com.au, info@dlink.com.
Limited Warranty D-Link Systems, Inc. (“D-Link”) provides this limited warranty for its product only to the person or entity who originally purchased the product from D-Link or its authorized reseller or distributor.
any part thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. The Warranty Period shall extend for an additional ninety (90) days after any repaired or replaced Hardware is delivered.
replacement Software is delivered. If a material non-conformance is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to replace the non-conforming Software, the price paid by the original licensee for the non-conforming Software will be refunded by D-Link; provided that the non-conforming Software (and all copies thereof) is first returned to D-Link. The license granted respecting any Software for which a refund is given automatically terminates.
shipping package to ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. The packaged product shall be insured and shipped to D-Link, 53 Discovery Drive, Irvine CA 92618, with all shipping costs prepaid. D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package.
Disclaimer of Other Warranties: EXCEPT FOR THE LIMITED WARRANTY SPECIFIED HEREIN, THE PRODUCT IS PROVIDED “AS-IS” WITHOUT ANY WARRANTY OF ANY KIND INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IF ANY IMPLIED WARRANTY CANNOT BE DISCLAIMED IN ANY TERRITORY WHERE A PRODUCT IS SOLD, THE DURATION OF SUCH IMPLIED WARRANTY SHALL BE LIMITED TO NINETY (90) DAYS.
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR, REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-CONFORMING PRODUCT. GOVERNING LAW: This Limited Warranty sha ll be governed by the laws of the state of California. Some states do not allow exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and exclusions may not apply.
adequate measures Warnung! Dies ist in Produkt der Klasse B. Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen. In diesem Fall kann vom Benutzer verlangt werden, angemessene Massnahmen zu ergreifen. Advertencia de Marca de la CE Este es un producto de Clase B. En un entorno doméstico, puede causar interferencias de radio, en cuyo case, puede requerirse al usuario para que adopte las medidas adecuadas. Attention! Ceci est un produit de classe B.
frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
Register by mail or online at http://www.dlink.com/sales/reg/ Registration Card Print, type or use block letters. Your name: Mr./Ms _____________________________________________________________________________ Organization: ________________________________________________ Dept.
