User's Manual

ManualsBrandsD-Link ManualsElectronicsWireless N Service Router

Ë²·º·»¼ Í»®ª·½»- Î±«¬»®

Ë-»® Ó¿²«¿´

ÜÍÎóîëðÒ ñ ëðð ñ ëððÒ ñ ïððð ñ ïðððÒ

Ê»®ò ïòðí

¸¬¬°æññ-»½«®·¬§ò¼´·²µò½±³

Summary of content (150 pages)

PAGE 1
Þ«·´¼·²¹ Ò»¬©±®µ- º±® Ð»±°´» Ë²·º·»¼ Í»®ª·½»- Î±«¬»® Ë-»® Ó¿²«¿´ ÜÍÎóîëðÒ ñ ëðð ñ ëððÒ ñ ïððð ñ ïðððÒ Ê»®ò ïòðí Í³¿´´ Þ«-·²»-- Ù¿¬»©¿§ Í±´«¬·±² ¸¬¬°æññ-»½«®·¬§ò¼´·²µò½±³
PAGE 3
Unified Services Router User Manual User Manual DSR-250N / DSR-500 / 500N / 1000 / 1000N Unified Services Router Version 1.03 Copyright © 2011 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manua l, nor any of the material contained herein, may be reproduced without written consent of the author.
PAGE 4
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ..................................................................................................................... 10 1.1 About this User Manual ..................................................................................... 11 1.2 Typographical Conventions............................................................................... 11 Chapter 2. Configuring Your Network: LAN Setup ....................................
PAGE 5
Unified Services Router 4.4 4.5 4.6 User Manual Tuning Radio Specific Settings ......................................................................... 62 Advanced Wireless Settings ............................................................................. 63 Wi-Fi Protected Setup (WPS) ........................................................................... 63 Chapter 5. Securing the Private Network ........................................................................................ 65 5.
PAGE 6
Unified Services Router 9.1 9.1.1 9.1.2 9.2 9.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.6 9.7 9.8 9.8.1 9.8.2 9.8.3 9.8.4 User Manual Configuration Access Control.......................................................................... 118 Remote Management ...................................................................................... 118 CLI Access ....................................................................................................... 119 SNMP Configuration ..................................
PAGE 7
Unified Services Router User Manual Appendix F. Product Statement .......................................................................................................
PAGE 8
Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings .................................................................................. 15 Figure 2: IPv6 LAN and DHCPv6 configuration................................................................................. 17 Figure 3: Configuring the Router Advertisement Daemon................................................................ 20 Figure 4: IPv6 Advertisement Prefix settings .................................
PAGE 9
Unified Services Router User Manual Figure 33: Virtual AP configuration ..................................................................................................... 60 Figure 34: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID .............................................................................................. 61 Figure 35: Radio card configuration options ..................................................................
PAGE 10
Unified Services Router User Manual Figure 64: List of SSL VPN polices (Global filter)............................................................................ 103 Figure 65: SSL VPN policy configuration ......................................................................................... 104 Figure 66: List of configured resources, which are available to assign to SSL VPN policies....... 106 Figure 67: List of Available Applications for SSL Port Forwarding..........................................
PAGE 11
Unified Services Router User Manual Figure 98: List of connected 802.11 clients per AP......................................................................... 144 Figure 99: List of LAN hosts .............................................................................................................. 145 Figure 100: List of current Active VPN Sessions .............................................................................
PAGE 12
Unified Services Router User Manual Chapter 1. Introduction D-Link Unified Services Routers offer a secure, high performance networking solution to address the growing needs of small and medium businesses. Integrated high -speed IEEE 802.11n and 3G wireless technologies offer comparable performance to traditional wired networks, but with fewer limitations.
PAGE 13
Unified Services Router User Manual empowering your mobile users by providing remote access to a central corporate database. Site-to-site VPN tunnels use IP Security (IPsec) Protocol, Point-to-Point Tunneling Protocol (PPTP), or Layer 2 Tunneling Protocol (L2TP) to facilitate branch office connectivity through encrypted virtual links. The DSR-250N, DSR-500(N) and DSR-1000(N) support 25, 35 and 75 simultaneous IPSec VPN tunnels respectively.
PAGE 14
PAGE 15
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN. graphical user interface (GUI) for management by using any web browser, such as Microsoft Internet Explorer or Mozilla Firefox: Go to http://192.168.10.
PAGE 16
Unified Services Router User Manual To configure LAN Connectivity, please follow the steps below: 1. In the LAN Setup page, enter the following information for your router: IP address (factor y default: 192.168.10.1). If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again.
PAGE 17
Unified Services Router User Manual Lease Time: Enter the time, in hours, for which IP addresses are leased to clients. Enable DNS Proxy: To enable the router to act as a proxy for all DNS 3. Click Save Settings to apply all changes.
PAGE 18
Unified Services Router User Manual 2.1.1 LAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config In IPv6 mode, the LAN DHCP server is enabled by default (similar to IPv4 mode). The DHCPv6 server will serve IPv6 addresses from configured address pools with the IPv6 Prefix Length assigned to the LAN. IPv4 / IPv6 mode must be enabled in the Advanced > IPv6 > IP mode to enable IPv6 configuration options. LAN Settings The default IPv6 LAN address for the router is fec0::1.
PAGE 19
Unified Services Router User Manual Figur e 2: IPv6 LAN and DHCPv6 co nfig uratio n If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly accessing the router via changed IP address. As with an IPv4 LAN network, the router has a DHCPv6 server.
PAGE 20
Unified Services Router User Manual DHCP Mode: The IPv6 DHCP server is either stateless or stateful. If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-configured by this router. In this case the router advertisement daemon (RADVD) must be configured on this device and ICMPv6 router discover y messages are used by the host for auto-configuration. There are no managed addresses to serve the LAN nodes.
PAGE 21
Unified Services Router User Manual RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set the RADVD status to Enable. The following settings are used to configure RADVD: Advertise Mode: Select Unsolicited Multicast to send router advertisements known IPv6 addresses on the LAN, and thereby reduce overall network traffic, select Unicast only.
PAGE 22
Unified Services Router User Manual Figur e 3: Conf iguring the Ro uter Advert isem ent Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisemen t prefixes allow this router to inform hosts how to perform stateless address auto configuration. Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router .
PAGE 23
Unified Services Router User Manual IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6 address that define up the network portion of the address. Typically this is 64. Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix. It is analogous to DHCP lease time in an IPv4 network. Figur e 4: IPv6 Adver tisem ent P ref ix sett i ngs 2.
PAGE 24
Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled. Figur e 5: Adding VLAN mem berships to t he LAN 2.2.1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to a physical port. Setup > VLAN Settings > Port VLAN VLAN membership properties for the LAN and wireless LAN are listed on this page.
PAGE 25
Unified Services Router User Manual Figur e 6: Port VLAN list In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame. In Trunk mode the port is a member of a user selectable set of VLANs. All data going into and out of the port is tagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID =1, which is untagged.
PAGE 26
Unified Services Router User Manual Figur e 7: Conf iguring VLAN m em bership for a po rt 2.3 Configurable Port: DMZ Setup DSR-250N does not have a configurable port there is no DMZ support. This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a subnetwork that is open to the public but behind the firewall.
PAGE 27
Unified Services Router User Manual Figur e 8: DMZ conf igurat io n DMZ in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network > UPnP Universal Plug and Play (UPnP) is a feature that allows the router to discovery devices on the network that can communicate with the router and allow for auto configuration.
PAGE 28
Unified Services Router User Manual Once UPnP is enabled, you can configure the router to detect UPnP -supporting devices on the LAN (or a configured VLAN). If disabled, the router will not a llow for automatic device configuration. Configure the following settings to use UPnP: Advertisement Period: This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network.
PAGE 29
Unified Services Router User Manual IP Address: The IP address of the UPnP device detected by this router Click Refresh to refresh the portmap table and search for any new UPnP devices. 2.5 Captive Portal DSR-250N does not have support for the Captive Portal feature. LAN users can gain internet access via web portal authentication with the DSR.
PAGE 30
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to esta blish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). It is assumed that you have arranged for internet service with your Internet Service Provider (ISP).
PAGE 31
Unified Services Router User Manual 3G Internet access with a USB modem is supported on the secondary WAN port (WAN2). The Internet Connection Setup Wizard assists with the pr imary WAN port (WAN1) configuration only. 3.
PAGE 32
Unified Services Router User Manual My IP Address: Enter the IP address assigned to you by the ISP. Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR- 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated ea ch time you log in) or static (permanent). The IP Address Source option allows you to define whether the address is statically provided by the ISP or should be received dynamically at each login.
PAGE 33
Unified Services Router User Manual Figur e 12: Manual WAN conf ig ura tio n 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page. There are two types of PPPoE supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE.
PAGE 34
Unified Services Router User Manual Figur e 13: PP PoE configura tio n fo r sta nd ard ISPs password credentials to login and authenticate the DSR with the ISP. The ISP GUI will prompt you for authentication, service, and connection settings in order to establish the PPPoE link. Japanese required in order to establish concurrent primary and secondary PPPoE connections between the DSR and the ISP.
PAGE 35
Unified Services Router User Manual Figur e 14: WAN config ur atio n fo r Japa ne se Mult iple PPPoE (pa rt 1) There are a few key elements of a multiple PPPoE connection: Primary and secondary connections are concurrent Each session has a DNS server source for domain name lookup, this can be as signed by the ISP or configured through the GUI The DSR acts as a DNS proxy for LAN users (for example *.
PAGE 36
Unified Services Router User Manual When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added on that interface. These routes are needed to access the internal domain of the ISP where he hosts various services. These routes can even be configured through the static routing page as well. Figur e 15: WAN config ur atio n fo r M ultip le PPPo E (part 2) 3.2.
PAGE 37
Unified Services Router User Manual Figur e 16: R ussia L2TP ISP co nfig uration 3.2.
PAGE 38
Unified Services Router User Manual For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static conf iguration settings must be completed. In addition to the IPv6 address assigned to your router, the IPv6 prefix length defined by the ISP is needed.
PAGE 39
Unified Services Router User Manual Figur e 17: I Pv6 WAN Set up page 3.2.7 Checking WAN Status Setup > Internet Settings > WAN Status The status and summary of configured settings for both WAN1 and WAN2 are available on the WAN Status page. You can view the following key connection status information for each WAN port: Connection time: The connection uptime Connection type: Dynamic IP or Static IP Connection state: This is whether the WAN is connected or disconnected to an ISP.
PAGE 40
Unified Services Router User Manual Figur e 18: Conne ction Sta tus inform atio n for bot h WAN ports The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required.
PAGE 41
Unified Services Router User Manual 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (l ike guests or HTTP service) do -savings or bandwidth-priority-allocation purposes.
PAGE 42
Unified Services Router User Manual For finer control, the Rate profile type can be used. With this option the minimum and maximum bandwidth allowed by this profile can be limited. Choose the WAN interface that the profile should be associated with . Figur e 20: Band widt h Prof ile Co nfig uration pag e Advanced > Advanced Network > Traffic Management > Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN.
PAGE 43
Unified Services Router User Manual Figur e 21: Traff ic S ele ctor Config ura tio n 3.4 Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports. Setup > Internet Settings > WAN Mode To use Auto Failover or Load Balancing, WAN link failure detection must be configured.
PAGE 44
Unified Services Router User Manual Auto-Rollover using WAN port-WAN1: WAN1 is the primary internet link. Auto-Rollover using WAN port-WAN2: WAN2 is the primary internet link. Failover Detection Settings: To check connectivity of the primary internet link, one of the following failure detection methods can be selected: DNS lookup using WAN DNS Servers: DNS Lookup of the DNS Servers of the primary link are used to detect primary WAN connectivity.
PAGE 45
Unified Services Router User Manual Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another. In this case you can define protocol bindings to route low-latency services (such as VOIP) over the higher -speed link and let low-volume background traffic (such as SMTP) go over the lower speed link. Figur e 22: Load Balancing is ava ilable when m ultiple WAN ports a re conf igur ed and Protoco l Bindings ha ve been defined 3.4.
PAGE 46
Unified Services Router User Manual addresses can be assigned to the other WAN link. Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured. Figur e 23: Prot ocol binding setup t o asso ciat e a se rvice a nd/or LAN source to a WAN a nd/or d estinat io n net work 3.5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces.
PAGE 47
Unified Services Router User Manual NAT is a technique which allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP add ress range while the WAN port on the router is configured with a single "public" IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned only one IP address to you.
PAGE 48
Unified Services Router User Manual Figur e 24: Rout ing Mode is used to co nfigur e traffic ro ut ing bet we en WAN and LAN, as well as Dy nam ic r out ing (RIP) 3.5.2 Dynamic Routing (RIP) DSR-250N does not support RIP.
PAGE 49
Unified Services Router User Manual Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow f or dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow. The RIP direction will define how this router sends and receives RIP packets.
PAGE 50
Unified Services Router User Manual router and other devices to account for changes in the path; once configured the static route will be active and effective until the network changes. The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes. The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields (with one exception): Name: Name of the route, for identification and management .
PAGE 51
Unified Services Router User Manual Figur e 25: Static route conf ig urat io n fields 3.6 Configurable Port - WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. If the port is selected to be a secondary WAN interface, all configuration pages relating to WAN2 are enabled.
PAGE 52
Unified Services Router User Manual Figur e 26: WAN2 configuratio n f or 3 G internet (part 1) Cellular 3G internet access is available on WAN2 via a 3G USB modem for DSR1000 and DSR-1000N. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection. The dial Number and APN are specific to the cellular carriers.
PAGE 53
Unified Services Router User Manual Figur e 27: WAN2 configuratio n f or 3 G internet ( part 2) 3.7 WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network. The default MTU size supported by all ports is 1500.
PAGE 54
Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces, and can uniquely identify this router.
PAGE 55
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu.
PAGE 56
Unified Services Router User Manual Figur e 29: Wir eless Net work Set up Wiza rds 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients. The Wizard uses a TKIP+AES cipher for WPA / WPA2 security; depending on support on the client side, devices associate wit h this AP using either WPA or WPA2 security with the same pre-shared key.
PAGE 57
Unified Services Router User Manual Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client. Push B utton Configuration (PBC): for wireless devices that support PBC, press and hold down on this button and within 2 minutes, click the PBC connect button. The AP will detect the wireless device and establish a link to the client.
PAGE 58
Unified Services Router User Manual server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections. WPA2: this security type uses CCMP encryption (and the option to add TKIP encryption) on either PSK (pre-shared key) or Enterprise (RADIUS Server) authentication. WPA + WPA2: this uses both encryption algorithms, TKIP and CCMP. WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms. the strongest security that it supports.
PAGE 59
Unified Services Router User Manual size. Next choose one of the keys to be used for authentication. The selected key must be shared with wireless clients to connect to this device. Figur e 31: Prof ile conf igura tio n to s et ne twork s ec urity 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to authenticate the wireless client. An acceptable passphrase is between 8 to 63 characters in length.
PAGE 60
Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and/or WPA2 security. A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication. The Authentication IP Address is required to identify the server.
PAGE 61
Unified Services Router User Manual Figur e 32: RADIUS serve r (Ext er na l Aut hent icat io n) c onf ig ura tio n 4.3 Creating and Using Access Points Setup > Wireless Settings > Access Points Once a profile (a group of security settings) is created, it can be assigned to an AP on the router. The AP SSID can be configured to broadcast its availability to the 802.11 environment can be used to establish a WLAN network.
PAGE 62
Unified Services Router User Manual Figur e 33: V irt ual AP c onfig ura tio n A valuable power saving feature is the start and stop time control for this AP. You can conserve on the radio power by disabling the AP when it is not in use. For example on evenings and weekends if you know there are no wireless cli ents, the start and stop time will enable/disable the access point automatically.
PAGE 63
Unified Services Router User Manual Figur e 34: List of configured a ccess point s (Virt ual A Ps) sho ws o ne enabled access po int o n t he radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points. Traffic statistics ar e shown for that individual AP, as compared to the summary stats for each AP on the Statistics table.
PAGE 64
Unified Services Router User Manual broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario. 4.4 Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available the DSR. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though).
PAGE 65
Unified Services Router User Manual 4.5 Advanced Wireless Settings Advanced > Wireless Settings > Advanced Wireless Sophisticated wireless administrators can modify the 802.11 communication parameters in this page. Generally, the default settings are appropriate for most networks. Please refer to the GUI integrated help tex t for further details on the use of each configuration parameter. Figur e 36: Advanced Wire less com m unica tio n sett ings 4.
PAGE 66
Unified Services Router User Manual below the PIN field. There is no LED indication that a client has connected. Push Button Configuration (PBC): for wireless devices that support PBC, press and hold down on this button and within 2 minutes click the PBC connect button. The AP will detect the wireless device and establish a link to the client. More than one AP can use WPS, but only one AP can be used to establish WPS links to client at any given time.
PAGE 67
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply.
PAGE 68
Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used. Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources. The default outbound rule is to allow access from the secure zone (LAN) to either the public DMZ or insecure WAN.
PAGE 69
Unified Services Router User Manual Figur e 39: List of Availab le Schedules t o bind to a fire wa ll rule 5.3 Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects. To create a new firewall rules, follow the steps below: 1.
PAGE 70
Unified Services Router User Manual Service: ANY means all traffic is affected by this rule. For a specific service the drop down list has common services, or you can select a custom defined service. Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK . A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule.
PAGE 71
Unified Services Router User Manual External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic. This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address. On a single WAN interface, m ultiple public IP addresses are supported.
PAGE 72
Unified Services Router User Manual Figur e 40: Exam ple wher e a n o utbo und S NAT rule is used to map an exte rnal IP address (209.156.200. 225) to a privat e DMZ I P address (10.30.30 .
PAGE 73
Unified Services Router User Manual Figur e 41: The firewall rule co nf igurat io n page allo ws yo u to def i ne t he To/From zone, se rvice, act ion, sc hed ules, and spec ify source/destinat io n IP addresses as need ed.
PAGE 74
Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day. Solution: Create an inbound rule as follows.
PAGE 75
Unified Services Router User Manual Example 3: Multi-NAT configuration Situation: You want to configure multi-NAT to support multiple public IP addresses on one WAN port interface. Solution: Create an inbound rule that configures the firewall to host an additional public IP address. Associate this address with a web server on the DMZ. If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN.
PAGE 76
Unified Services Router User Manual In the Scheduled days box, check that you want the schedule to be active for In the scheduled time o this will apply the schedule between 12 am to 11:59 pm of the selected day. Click apply now s isolates all day Saturday and Sunday from the rest of the week.
PAGE 77
Unified Services Router User Manual Figur e 42: S chedule configurat ion for the above ex ample. 2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2) that is to be blocked according to schedule 75 .
PAGE 78
Unified Services Router User Manual 3. S This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule 4. As we defined our schedule in schedule Weekend , this is available in the dropdown menu 5. We want to block the IP range assigned to the marketing group. 192.168.10.20 to 192.168.10.30.
PAGE 79
Unified Services Router User Manual Figur e 43: List of use r def ined se rvice s. 5.5 ALG support Advanced > Firewall Settings > ALGs Application Level Gateways (ALGs) are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.
PAGE 80
Unified Services Router User Manual Figur e 44: Availab le ALG suppo rt o n t he rout er . 5.6 VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support; instead the appropriate check boxes in the VPN Passthrough page must be enabled.
PAGE 81
Unified Services Router User Manual Figur e 45: Passthrough options f or VPN t unnel s 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as p ort triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic.
PAGE 82
Unified Services Router User Manual Figur e 46: List of Availab le Applicat io n Rules s ho wing 4 unique rules The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. 5.8 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN.
PAGE 83
Unified Services Router User Manual Figur e 47: Cont ent F ilt er ing us ed to blo ck access to proxy s ervers a nd preve nt Ac tiveX co ntrols f rom being downlo aded 5.8.2 Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names. Domains added to this list are allowed in any form. m the LAN: www.yahoo.com, yahoo.co.uk, etc.
PAGE 84
Unified Services Router User Manual Figur e 48: Two trusted domains added to the Approved URLs List 5.8.3 Blocked Keywords Advanced > Website Filter > Blocked Keywords ite content that contains the keywords in the configured list. This is lower priority than the Approved URL List; i.e. if the blocked keyword is present in a site allowed by a Trusted Domain in the Approved URL List, then access to that site will be allowed. Import/export from a text or CSV file for keyword blocking is also supported.
PAGE 85
Unified Services Router User Manual Figur e 49: Two keywords added to the block list 5.9 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed.
PAGE 86
Unified Services Router User Manual Figur e 50: The following exam ple binds a MAC Address to a n IP address ser ved by DSR . If t here is an IP/MAC Binding violat ion, t he vio lat ing packet will be dr o pped and lo gs will be captured 5.10 Intrusion Prevention (IPS) Advanced > Advanced Network > IPS internet from accessing the private network. Static attack signatures loaded to the DSR allow common attacks to be detected and prevented.
PAGE 87
Unified Services Router User Manual Figur e 51: I nt rus ion P revent io n f eat ures on t he ro ute r 5.11 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discover y via ARP scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources.
PAGE 88
Unified Services Router User Manual Figur e 52: Prot ect ing t he ro uter a nd LA N from int er net attacks 86
PAGE 89
Unified Services Router User Manual Chapter 6. IPsec / PPTP / L2TP VPN routers or a remote PC client. The following types of tunnels can be created: Gateway-to-gateway VPN: to connect two or more routers to secure traffic between remote sites. Remote Client (client-to-gateway VPN tunnel): A remote client initiat es a VPN tunnel as the IP address of the remote PC client is not known in advance. The gateway in this case acts as a responder.
PAGE 90
Unified Services Router User Manual Figur e 54: Exam ple of t hr ee I Psec client connect io ns to t he inte rnal net wo rk t hroug h t he DSR IPsec gat e way 6.1 VPN Wizard Setup > Wizard > VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies. Once the IKE or VPN policy is created, you can modify it as required.
PAGE 91
Unified Services Router User Manual Figur e 55: V PN Wiz ard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: 1. Select the VPN tunnel type to create The tunnel can either be a gateway to gateway connection (site -to-site) or a tunnel to a host on the internet (remote access).
PAGE 92
Unified Services Router User Manual Local WAN IP address / FQDN: This field can be left blank if you are not using a configuration. 3. Configure the Secure Connection Remote Accessibility fields to identify the remote network: Remote LAN IP address: address of the LAN behind the peer gateway Remote LAN Subnet Mask: the subnet mask of the LAN behind the peer Note: The IP address range used on the remote LAN must be different from the IP address range used on the local LAN. 4.
PAGE 93
Unified Services Router User Manual 6.2 Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies An IPsec policy is between this router and another gateway or this router and a IPsec client on a remote host. The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints. Transport: This is used for end-to-end communication between this router and the tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host.
PAGE 94
Unified Services Router User Manual Figur e 56: I Psec policy conf ig ura tio n Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts.
PAGE 95
Unified Services Router User Manual Figur e 57: I Psec policy conf ig ura tio n continued (Aut o policy v ia IKE) A Manual policy does not use IKE and instead relies on ma nual keying to exchange authentication parameters between the two IPsec hosts. The incoming and outgoing security parameter index (SPI) values must be mirrored on the remote tunnel endpoint.
PAGE 96
Unified Services Router User Manual Figur e 58: I Psec policy conf ig ura tio n continued (Aut o / Ma nual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server.
PAGE 97
Unified Services Router User Manual 6.3 Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used in the VPN tunnel that the client wishes to use: encr yption, authentication, life time, and PFS key-group. Upon establishing these authentication parameters, the VPN Client user database must also be populated with an account to give a user access to the tunnel. VPN client software is required to establish a VPN tunnel between the router and remote endpoint.
PAGE 98
Unified Services Router User Manual Figur e 59: PPTP t unnel configurat ion PPTP Serve r 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access.
PAGE 99
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a preinstalled VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN.
PAGE 100
Unified Services Router User Manual Figur e 61: Exam ple of c lientless SSL VP N connect ions to t he DSR 7.1 Users, Groups, and Domains Advanced > Users > Users Authentication of the users (IPsec, SSL VPN, or GUI) is done by the router using either a local database on the router or external authentication servers (i.e. LDAP or RADIUS). The remote user must specify the user, group and domain when logging in to the router. One or more users are members of a Group.
PAGE 101
Unified Services Router User Manual Idle Timeout: The session timeout for the user. Once the user is configured, the DSR will display a list of all configured users. Figur e 62: Availab le Users wit h login stat us a nd associated Group/Dom ain Advanced > Users > Domains The Domain determines the authentication method (local user database, external server) to be us As well the Domain determines the portal layout presented to the remote SSL user.
PAGE 102
Unified Services Router User Manual Timeout: The timeout period for reaching the authentication server. Retries: The number of retries to authenticate with the authentication server after which the DSR stops trying to reach the server. Workgroup: This is required is for NT domain authentication. If there are multiple workgroups, user can enter the details for upto two workgroups. LDAP Base DN: This is the base domain name for the LDAP authentication server.
PAGE 103
Unified Services Router User Manual Guest (read only): The guest user gains read only access to the GUI to observe and review configuration settings. The guest does not have SSL VPN access. SSL VPN User: This user has access to the SSL VPN services as determined by the group policies and authentication domain of which it is a member. The domaindetermined SSL VPN portal will be displayed when logging in with this user type. XAuth User: RADIUS or other Enterprise server.
PAGE 104
Unified Services Router User Manual Figur e 63: User conf igurat io n opt ions 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies. These policies can be applied to a specific network resource, IP address or ranges on the LAN, or to different SSL VPN services supported by the router.
PAGE 105
Unified Services Router User Manual Figur e 64: List of SSL VPN po lices ( Glob al filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected. Similarly, for a user defined policy a SSL VPN user must be chosen from the available list of configured users. The next step is to define the policy details.
PAGE 106
Unified Services Router User Manual Figur e 65: SSL VPN policy co nf ig urat io n To configure a policy for a single user or group of users, enter the following information: Policy for: The policy can be assigned to a group of users, a single user, or all users (making it a global policy). To customize the policy for specific users or groups, the user can select from the Available Groups and Available Users drop down.
PAGE 107
Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used for defining TCP or UDP port number(s) corresponding to the governed traffic. Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic. Service: This is the SSL VPN service made available by this policy. services offered are VPN tunnel, port forwarding or both. The Defined resources: This policy can provide access to specific network resources.
PAGE 108
Unified Services Router User Manual Figur e 66: List of conf igured reso ur ces, whic h are available to assign to SSL VPN polic ies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding serv ice. Traffic from the remote user to the router is detected and re-routed based on configured port forwarding rules.
PAGE 109
Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution. This host name resolution provides users with easy-to-remember prone IP addresses when using the Port Forwarding service through the SSL User Portal. To configure port forwarding, following are required: Local Server IP address: The IP address of th e local server which is hosting the application.
PAGE 110
Unified Services Router User Manual Figur e 67: List of Availab le Applicat io ns for SSL Po rt Fo rwarding 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point -to-point connection between the browser side machine and this router. When a SSL VPN client is launched from the user portal, a "network adapter" with an IP address from the corporate subnet, DNS and WINS settings is automatically created.
PAGE 111
Unified Services Router User Manual Figur e 68: SSL VPN client adapt er a nd a ccess c onfig ura tio n The router allows full tunnel and split tunnel support. Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router. Split tunnel mode only sends traffic to the private LAN based on pre-specified client routes. These client routes give the SSL client access to specific private networks, thereby allowing access control over specific LAN services.
PAGE 112
Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel. As well a static route on the private LA (typically this router) is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client.
PAGE 113
Unified Services Router User Manual Figur e 70: List of configured SSL VPN portal s. The co nf ig ur ed porta l can the n be associat ed wit h a n a ut hent ica tio n dom ain 7.5.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication.
PAGE 114
Unified Services Router User Manual Banner message: The banner message that is displayed to SSL VPN clients prior to login. This field is optional. Display banner message on the login page: The user has the option to either display or hide the banner message in the login page. HTTP meta tags for cache control: This security feature prevents expired web It is recommended that the user selects this option.
PAGE 115
Unified Services Router User Manual Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings The DSR Unified Services Router has a USB interface for printer access, file sharing and on the DSR-1000 / DSR-1000N models 3G modem support. There is no configuration on the GUI to enable USB device support. Upon inserting your USB storage device, printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral.
PAGE 116
Unified Services Router User Manual Figur e 72: USB Devic e Det ect io n 8.2 Authentication Certificates Advanced > Certificates This gateway uses digital certificates for IPsec VPN authentication as well as SSL validation (for HTTPS and SSL VPN authentication). You can obtain a digital certificate from a well known Certificate Authority (CA) such as VeriSign, or generate and sign your own certificate using functionality available on this gateway.
PAGE 117
Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device (or self t the identity protection of a CA). The Active Self Certificate table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self certificate: Name: The name you use to identify this certificat e, it is not displayed to IPsec VPN peers or SSL users.
PAGE 118
Unified Services Router User Manual Figur e 73: C ert ificate sum m ary for IPse c and HTTPS m anag em ent 8.3 Advanced Switch Configuration The DSR allows you to adjust the power consumption of the hardware based on your for your LAN switch are Power consumption by the LAN switch is dependent function of on the number of connected ports. The overall current draw when a single when a smaller cable length is connected on a LAN port.
PAGE 119
Unified Services Router User Manual Figur e 74: Advanced Switc h Settings 117
PAGE 120
Unified Services Router User Manual Chapter 9. Administration & Management 9.1 Configuration Access Control The primary means to configure this gateway via the browser -independent GUI. The HTTP, or over SSL). Administrator interface. The user type is set in the Advanced > Users > Users page. The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet (WAN) by enabling the corresponding Login Policy. Figur e 75: User Login policy co nfig uratio n 9.1.
PAGE 121
Unified Services Router User Manual Figur e 76: R em ote Managem ent f rom the WAN 9.1.2 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users. console prompt and login with administrator user credentials. 9.
PAGE 122
Unified Services Router User Manual Figur e 77: SNM P Users, Traps, a nd Ac ce ss Contro l Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging.
PAGE 123
Unified Services Router User Manual Figur e 78: SNM P system inform atio n fo r this ro ute r 9.3 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol ( NTP) server to syn chronize the date and time.
PAGE 124
Unified Services Router User Manual Figur e 79: Dat e, Tim e, and NTP server setup 9.4 Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor th e type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router. The following sections describe the log configuration settings and the ways you can access these logs. 9.4.
PAGE 125
Unified Services Router User Manual System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for man aging the unit. Wireless: This facility corresponds to the 802.11 driver used for providing AP functionality to your network. Local1-UTM: This facitlity corresponds to IPS (Intrusion Prevension System) which helps in detecting malicious intrusion attempts from the WAN.
PAGE 126
Unified Services Router User Manual Figur e 80: Facility settings fo r Logg ing The display for logging can be customized based on where the logs are sent, either the Event Log viewer in the GUI (the Event Log viewer is in the Status > Logs page) or a remote Syslog server for later review. E-mail logs, discussed in a subsequent section, follow the same configuration as logs configured for a Syslog server.
PAGE 127
Unified Services Router User Manual Example: If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN, then whenever a LAN machine tries to make an SSH connection, those packets will be accepted and a message will be logged. (Assuming the log option is set to Allow for the SSH firewall rule.) Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment.
PAGE 128
Unified Services Router User Manual Figur e 81: Log conf igurat io n options f or traffic t hro ug h ro uter 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E -Mail address. For remote logging a key configuration field is the Remote Log Identifi er.
PAGE 129
Unified Services Router User Manual this requirement. In some cases the SMTP server may send out IDENT requests, and this router can have this response option enabled as needed. Once the e-mail server and recipient details are defined you can determine when the router should send out logs. E-mail logs can be sent out based on a defined schedule by first choosing the unit (i.e. the frequency) of sending logs: Hourly, Daily, or Weekly.
PAGE 130
Unified Services Router User Manual s GUI, and thus can collect a considerable number of logs over a sustained period. This is typically very useful for debugging network issues or to monitor router traffic over a long duration. This router supports up to 8 concurrent Syslog servers. Each can be configured to receive different log facility messages of var ying sever ity. To enable a Syslog server select the checkbox next to an empty Syslog server field and assign the IP address or FQDN to the Name field.
PAGE 131
Unified Services Router User Manual Figur e 84: V PN logs disp layed in GUI ev ent v iewe r 9.5 Backing up and Restoring Configuration Settings Tools > System You can back up custom configuration settings to restore them to a different device or the same router after some other changes. During backup, your settings are saved as a file on your host. You can restore the router's saved settings from this file as well.
PAGE 132
Unified Services Router User Manual 2. To restore your saved settings from a backup file, click Browse then locate the file on the host. settings. After the restore, the router reboots automatically with the restored settings. 3. To erase your current settings and revert to factory default settings, click the Default button. The router will then restore configuration settings to factory defaults and will reboot automatically. (See Appendix B for the factory default parameters for the router).
PAGE 133
Unified Services Router User Manual Figur e 86: Firmware versio n inf orm atio n and upgrade optio n This router also supports an automated notification to determine if a newer firmware version is available for this router. By clicking the Check Now button in the notification section, the router will check a D -Link server to see if a newer firmware version for this router is available for download and update the Status field below. 9.
PAGE 134
Unified Services Router User Manual Figur e 87: Dynam ic DNS co nf ig urat io n 9.8 Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health.
PAGE 135
Unified Services Router User Manual Figur e 88: Rout er diagnostics tools av aila ble i n t he GUI 9.8.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING . The command output will appear indicating the ICMP echo request status. 9.8.2 Trace Route This utility will display all the routers present between the destination IP address destination will be displayed.
PAGE 136
Unified Services Router User Manual Figur e 89: Sam ple t rac ero ut e o utput 9.8.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry This feature assumes there is internet access available on the WAN link(s) . 9.8.4 Router Options The static and dynamic routes configured on this router can be shown by clicking Display for the corresponding routing table.
PAGE 137
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DSR Status page, and then the resulting hardware resource and router usage details are 10.1.
PAGE 138
Unified Services Router User Manual Figur e 90: D evice Stat us display 136
PAGE 139
Unified Services Router User Manual Figur e 91: D evice Stat us display (cont i nued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memor y utilization is a function of the available hardware and current configuration and traffic through the router. Interface statistics for the wired connections (LAN, WAN1, WAN2/DMZ, VLANs) provide indication of packets through and packets dropped by the interface.
PAGE 140
Unified Services Router User Manual Figur e 92: R esource Utiliz atio n stat istics 138
PAGE 141
Unified Services Router User Manual Figur e 93: R esource Utiliz atio n data (co ntinued) 139
PAGE 142
Unified Services Router User Manual Figur e 94: R esource Utiliz atio n data (co ntinued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review.
PAGE 143
Unified Services Router User Manual Figur e 95: Physical po rt statist ics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link. If you suspect that a radio or VAP may be down, the details on this page would confirm if traffic is being sent and received through the VAP.
PAGE 144
Unified Services Router User Manual Figur e 96: A P spec ific statist ics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the state, local and remote IP addresses are shown.
PAGE 145
Unified Services Router User Manual Figur e 97: List of cur re nt Act ive Firewa ll Sessions 143
PAGE 146
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP. The statistics table has auto-refresh control which allows display of the most current port level data at each page refresh. The default auto-refresh for this page is 10 seconds.
PAGE 147
Unified Services Router User Manual Figur e 99: List of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs IPsec security associations. Here, the active IPsec SAs (security associations) are listed along with the traffic details and tunnel state. The traffic is a cumulative measure of transmitted/received packets since the tunnel was established. IPsec the Connect button of the corresponding policy. The Active IPsec SAs table displays a list of active IPsec SAs. Table fields are as follows.
PAGE 148
Unified Services Router User Manual Figur e 100: List of curre nt Act ive VPN S essions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, a re displayed on this page as well. Table fields are as follows. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router. IP Address IP address of the remote VPN client. Local PPP Interface The interface (WAN1 or WAN2) through which the session is active.
PAGE 149
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection -configuration interface from a PC on Symptom: your LAN. Recommended action: 1. Check the Ethernet connection between the PC and the router. 2. address is on the same subnet as the router. If you are using the 0.2 to 192.168.10.254. 3. Windows and Mac OS generate and assign an IP address. These auto-generated addresses are in the range 169.254.x.x.
PAGE 150
Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: 1. Launch your browser and go to an external site such as www.google.com. configuration main menu at http://192.168.10.1 . 2. 3. Select Monitoring > Router Status . 4. Ensure that an IP address is shown for the WAN port. If 0.0.0.