ESR350H 11N X-TRA RANGE Wireless Router V1.2 [ pg.
Table of Contents 1. Product Overview .................................................................................................................................................................................................................. 6 1.1. 1.2. 2. 3. 1.3. 2.1. 6. Wall Mounting .............................................................................................................................................................................................................
7. Internet ................................................................................................................................................................................................................................ 34 7.1. 7.2. Dynamic IP.................................................................................................................................................................................................................. 35 7.4.
11. 11.1. 11.2. 11.3. 11.4. 11.5. 11.6. 11.7. 12. 12.1. 12.2. 12.3. 12.4. 12.5. 13. 13.1. IPv6.................................................................................................................................................................................................................................. 56 Basic ..........................................................................................................................................................................
14.3. Port Forwarding ......................................................................................................................................................................................................... 86 14.4. Port Triggering (Special Application)........................................................................................................................................................................ 87 14.5. ALG (Application Layer Gateway)............................
1. Product Overview Thank you for purchasing the ESR350H 300Mbps Wireless-N Gigabit Router from EnGenius Technologies. By applying the latest in 802.11n technology, the ESR350H provides users with high speed (up to 300Mbps) to stream HD multimedia, play games online, or download large files. With 5dBi antenna, it has up to twice the range compared to other wireless routers and has better coverage to reach what would be normally weak or dead spots.
• Parental Control: Enable centralized control to restrict some Internet access for different computers on the network. • VPN: Supports up to 5 VPN tunnels to better secure your network from remote access. • IPv6 Compliance: Supports the next generation IPv6 (Internet Protocol version 6) to enable highly reliable applications and enhanced security for • safer Internet connectivity. Easy Smart Wizard Setup 1.1. Package Contents 1. ESR350H Wireless N Router 2. 5dBi Antenna * 2 3.
1.2. Product Layout Front Panel Components Description WPS LED This LED goes BLINK when the WPS feature is being triggered. Power LED This LED goes ON when the power is being supplied to the router. WAN LED This LED goes ON when an Ethernet cable is connected to the router’s WAN port. LAN (1 – 4 ) LEDs These LEDs go ON when an Ethernet cable is connected to the corresponding router LAN port. WLAN LED WPS Button This LED goes ON when the RF (wireless LAN) feature is enabled.
Back Panel Components Description LAN Ports (1 – 4) Use an Ethernet cable to connect each port to a computer on your Local Area Network (LAN). WAN /Internet Port Use an Ethernet cable to connect this port to a cable or DSL modem. DC-Jack (POWER) Connect the power adapter to this connector. Reset Button Press 0 to 5 seconds to reboot the router. Antenna Connector Interface for the antennas. Press longer than 10 seconds to reset the router to the factory default settings. 1.3.
2. Installation 2.1. System Requirements To begin installing the ESR350H, you need the following: • • • • • • • Computer (Windows, Linux, OS X Operating System) CD-ROM* Web Browser (Internet Explorer, FireFox, Chrome, Safari) Network Interface Card with an open RJ-45 Ethernet Port WiFi Card or USB WiFi Dongle (802.11 B/G/N)** External xDSL (ADSL) or Cable Modem with an open RJ-45 Ethernet Port CAT5 Ethernet Cables * You can only using ESR350H Installation CD for Windows operation system.
3. Getting Started 3.1. Using your CD Before getting started, please power off your cable modem or the DSL. 1. Insert the ESR350H Installation CD into your CD-ROM drive. The CD should automatically start in a few seconds. If you are not using Windows (Internet Explorer), please browse the CD and open the file names index.html to start. 2. Click Quick Start. The wizard will guide you through setting up your ESR350H. [ pg.
3.2. Setup your network cables 1. Power on ESR350H. 2. Plug either end of an Ethernet cable into the WAN port on the back panel of the router (see CABLE 1). Plug the other end of the cable into your cable/DSL modem. [ pg.
3. Plug either end of an Ethernet cable into the LAN port on the back panel of the router (see CABLE 2). Plug the other end of the cable into your computer. 4. Make sure the network cable and power adapter are firmly connected. Click Next. You will then be prompted with the login screen. Please enter the default user name as admin and the default password as admin for your router. NOTE: If the browser is not automatically prompted. Please manually enter the default router IP address 192.168.0.
3.3. Login your Router 1. Once logged in, the landing page will display information about the ESR350H. 2. Icon introduction NOTE: The default user name is admin and the default password is admin. On the top right, you will see five icons: • Home • Setup Wizard Mode • Advanced Networking Setting • Language • Logout [ pg.
On the bottom left, you will see: • View the router information and connection status • Open the setup wizard by clicking Wizard button • Customize the parent control setting by clicking Parent Control button [ pg.
3.4. Configuring your Internet 1. Select Wizard on the bottom left hand corner of the landing page. 2. The wizard will then explain to you that it will set up the Internet connection. Click Next. 3. The Wizard will then proceed to automatically detect the type of Internet connection being used based on the connection on the WAN port of 4. If the ESR350H does not detect the appropriate Internet connection, you can select the correct one on the drop down menu of Login Method the ESR350H.
Dynamic IP Address (DHCP) A DHCP type of connection is where your Internet connection is usually always on and your Internet service provider automatically provides you with an IP address. A DHCP connection is usually from a Cable Internet service. Static IP To set up a Static IP connection, enter the following: IP Address of the Internet Connection, Subnet Mask, Default Gateway, and both DNS Servers. This information can be obtained by either your Internet Service provider or Network Administrator.
Layer 2 Tunneling Protocol (L2TP) To set up an L2TP connection, enter the type of WAN connection (Static IP or DHCP). After, depending on the type of WAN, follow the instructions of DHCP or Static IP to fill out the corresponding information. Then, proceed to enter the Username, Password, and Service. Click next when completed. Once configured, the Internet connection will successfully connect. MTU: Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission.
6. It is highly recommended to select High as the security level to better secure your router and prevent outside intrusion. 7. Enter your desired router name in the column of SSID, and enter your desired password in the column of Key. [ pg.
8. Click Apply to save the information. You have now completed the ESR350H setup. Now ESR350H is ready for use. [ pg.
4. Parental Control Parental control enables centralized control on the Internet access restriction for each connected computer. You can make the access policies for a keyword or URL filtered based on weekdays or weekend. [ pg.
You can add policies by clicking Add Policy. You will then be prompted to: Name the Policy. Click Next. 1. Select the device (by its MAC Address) to apply the policy to. Click Next. 2. Schedule when the policy will be active. Click Next. [ pg.
3. Enter Keywords and URLs to be filtered/ blocked. Check Enable Application Filter if you would like the application filtering. Click Next. 4. Enable or disable Web Access Logging. Click Save for your settings. [ pg.
5. If you would like to proceed to the advanced Networking Setting, please click: . [ pg.
5. Networking Setting If you would like to manually configure the advanced Networking Settings please open your browser (Internet Explorer or Firefox), and type in the default IP 192.168.0.1 to get access to the web-based management utility. Once open, click to start the configuration. There are 10 main tabs in the Networking Setting. They are System, Internet, Wireless, Parental Control, Guest Network, IPv6, Firewall, VPN, Advanced, and Tools. [ pg.
6. System 6.1. Status You can review the router information and setting status. System • • • • • • Model: The model name. Mode: The operation mode you use. Uptime: The duration which ESR350H is powered on. Hardware Version: The hardware version number of your ESR350H Serial Number: The serial number of your ESR350H. The serial number is required when you need customer support or repair for your ESR350H. Application Version: The software version of your ESR350H.
LAN Settings • • • • IP Address: Your router’s local IP address. The default LAN IP address is 192.168.0.1 Subnet Mask: Your router’s local subnet mask DHCP Server: The status of your router’s DHCP server function. Enable or disable.
6.2. LAN LAN IP • • • IP Address: Your router’s LAN IP address IP Subnet Mask: Your router’s LAN Subnet Mask 802.1d Spanning Tree: 802.1d Spanning Tree is disabled by default. When enabled, the spanning tree protocol is applied to prevent network loops (transmissions won’t pass the same node twice to reach the destination). DHCP Server DHCP server automatically assigns IP address to computers on your network.
• Second DNS Server: If you get a second DNS Server IP or you wish to assign a second DNS Server IP, please type in the desired IP address in the field. Click Apply to save your settings. [ pg.
6.3. DHCP DHCP Client Table: Displays all the connected DHCP clients whose IP addresses are assigned by the DHCP Server in your network. Click Refresh to update the table. Enable Static DHCP IP: Check Enable Static DHCP IP if you wish to add more Static DHCP IP addresses. Click Reset if you would like to erase IP address or MAC address. Current Static DHCP Table: Once the desired DHCP IP address is added in the previous step, it will be listed in the Current Static DHCP Table.
6.4. Log Records the system log of the router. The log displays any event that occurred after your router starts up. Click Save if you wish to save the log in a local file for further analysis. Click Clear if you wish to erase the current log. Click Refresh to get the most updated information. If the router is powered off, the system log will disappear if it is not saved in a local file. [ pg.
6.5. Monitor Displays the bandwidth utilized on LAN, WAN and WLAN. [ pg.
6.6. Language ESR350H supports multiple languages. Please select your preferred language. [ pg.
7. Internet 7.1. Status Displays the Internet connection type and status WAN Settings • • • • Attain IP Protocol: Displays the IP Protocol currently used by the ESR350H. It can be Dynamic IP Address, Static IP, PPPoE, PPTP, L2TP. IP Address: Your router’s WAN IP address Subnet Mask: Your router’s WAN Subnet mask Default Gateway: Your ISP’s Gateway IP address • MAC Address: Your router’s WAN MAC address.
7.2. Dynamic IP A DHCP type of connection where your Internet connection is usually always on and your Internet service provider automatically provides you with a dynamic IP address. A DHCP connection is usually from a Cable Internet service. • • Hostname: Assign a name for your Internet connection type. You can leave it blank. MTU: Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. The factory default MTU size of Dynamic IP (DHCP) is 1500.
7.3. Static IP To set up a Static IP connection, enter the following: IP Address of the Internet connection, Subnet Mask, Default Gateway, and both DNS Servers provided by your Internet Service provider (ISP) or Network Administrator. MTU: Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. The factory default MTU size of Static IP is 1500. If you wish to manually change the MTU size, set it between 1200 and 1500. Click Apply to enable your settings.
7.4. PPPoE (Point-to-Point Protocol over Ethernet) Point-to-Point Protocol over Ethernet (PPPoE): To set up a PPPoE connection, enter the Username, Password, and Service (name) of the Internet connection provided by your ISP. A PPPoE connection is usually from a DSL Internet service. • Username: The username or e-mail address that the Internet connection uses to access Internet connectivity.
7.5. PPTP To set up a PPTP connection, enter the type of WAN connection (Static IP or DHCP). After, depending on the type of WAN, follow the instructions of DHCP or Static IP to fill out the corresponding information. Then, proceed to enter the Username, Password, and Service IP address provided by your ISP. Clone MAC: Some ISPs require you to register the MAC address of your network interface card (NIC) connected directly to your cable or DSL modem during installation.
7.6. L2TP To set up an L2TP connection, enter the type of WAN connection (Static IP or DHCP). After, depending on the type of WAN, follow the instructions of DHCP or Static IP to fill out the corresponding information. Then, proceed to enter the Username, Password, and Service IP Address provided by your ISP. Clone MAC: Some ISPs require you to register the MAC address of your network interface card (NIC) connected directly to your cable or DSL modem during installation.
7.7. DS-Lite Dual-Stack Lite, or DS-Lite, allows ISPs to stop IPv4 addresses from reaching a customer’s network devices and only use IPv6. • DS-Lite Configuration: Select DS-Lite DHCPv6 Option or Manual Configuration. • AFTR IPv6 Address: Enter the AFTR (Address Family Transition Router) • B4 IPv4 Address: Enter an Optional B4 IPv4 address. • • IPv6 address. WAN IPv6 Address: Display the WAN IPv6 address. IPv6 WAN Default Gateway: Display the IPv6 WAN default gateway address.
8. Wireless LAN 8.1. Basic In the Basic Wireless Setup (Located in the Wireless section in the Main Menu), select Basic and you can quickly enable and configure the Wireless network. Radio: You can turn on/off the wireless radio. If wireless Radio is off, you cannot set an access point through wireless. Mode: Select Access Point mode or Wireless Distribution Service (WDS) mode for your router. • AP: Use the ESR350H as a Wireless Access Point for wireless devices to connect.
Wireless Distribution System Mode Configure the router's wireless settings in WDS mode. • Channel: Select a channel to assign to the wireless network. • MAC Address [#]: Enter the MAC address(es) for the wireless access point(s) that are part of • WDS Data Rate: Select the data rate for the WDS. • the WDS. Set Security: Click Set Security to display the WDS security settings screen and setup the WDS security. Click Apply to save the settings or Cancel to discard changes. [ pg.
8.2. Advanced To change more advanced wireless features of the ESR350H, select the Advanced option of the Wireless section. In the Advanced option, you can change the following: • Fragment Threshold: This specifies the maximum size of a packet during data transmission. A value too low could lead to low performance.
8.3. Security To change the wireless security of the ESR350H, select the Security option of the Wireless section. It is recommended to enable security options on the wireless network to prevent intrusions to systems on your wireless network. • SSID Selection: Choose the wireless network group to change the wireless security settings for.
Wi-Fi Protected Access (WPA) Pre-Shared Key To enable WPA on your wireless network, select WPA-Pre-Shared Key in the encryption type. • WPA Type: You can select between WPA (TKIP) (Temporal Key Integrity Protocol; a 128-bit key is user per packet and is generates a new key for each packet sent), WPA2(AES) (Advanced Encryption Standard; government standard packet encryption and stronger than TKIP), or WPA2 Mixed.
8.4. Filter When Enable Wireless Access Control selected, only wireless clients with MAC addresses listed in the table are allowed to connect to the wireless network. Enable Wireless Access Control • • Description: Enter a description of the device allowed to connect to the network. MAC Address: Enter the MAC address of the wireless device. Click Add to append a new device to the list or Reset to discard changes. MAC Address Filtering Table • • • • No.: The sequence number of the device.
8.5. WPS To configure the WiFi Protected Setup information, select the WPS option from the Wireless section. WPS is an easy way to allow wireless clients to connect to the ESR350H. This can automate connection between the device and the ESR350H by use of a button or a PIN. • WPS: Check the box if you want to enable WPS. • WPS Current Status: A notification if the wireless security is configured or not • Self Pin Code: This is the Wireless PIN of this ESR350H. • • configured.
8.6. Client List To view the wireless devices currently connected to the ESR350H, select the Client List option in the Wireless section. [ pg.
9. Parental Control Parental control enables centralized control on the Internet access restriction for each connected computer. You can make the access policies for keywords or URLs filtered based on weekdays or weekend. 9.1. Wizard To access the Parental Control Wizard, select the Wizard option in the Parental Control section. The Parental Control Wizard will bring up simple network monitoring controls. You can add policies and then limit keyword usages or block specific URLs during specified times.
You can add policies by clicking Add Policy. You will then be prompted to: Name the Policy. Click Next. 1. Select the device (by its MAC Address) to apply the policy to. Click Next. 2. Schedule when the policy will be active. Click Next. [ pg.
3. Enter Keywords and URLs to be filtered/ blocked. Check Enable Application Filter if you would like the application filtering. Click Next. 4. Enable or disable Web Access Logging. Click Save for your settings. [ pg.
9.2. Web Monitor To quickly view the Parental Control policies you already made in Parent Control Wizard, select the Web Monitor option from the Parental Control section. [ pg.
10. Guest Network The Guest Network function enables you to offer Internet connectivity to visitors or guests while keeping other networked devices (computers and hard drives) and sensitive personal or company information private and secure. The Guest Network is controlled by the Wireless SSID function. When the Guest Network function is enabled, the Guest SSID can only get the internet connection from WAN, but can not reach the client from the LAN port. 10.1.
10.2. DHCP Server Setting DHCP server automatically assigns IP address to computers on your Guest network. • • • • • • Router IP Address: Define the router IP address for the Guest network. Default Subnet Mask: Define the Subnet Mask IP address for the Guest network. DHCP Server: To enable or disable the Guest network DHCP server. Lease Time: To define the Guest Network DHCP server lease time. Start IP: To define the Guest network DHCP server start IP.
10.3. DHCP Client Table Displays all the connected DHCP clients whose IP addresses are assigned by the DHCP Server in your Guest network. DHCP Client Table: View the guest network client list. Click Refresh to refresh the view of the list. [ pg.
11. IPv6 There are several connection types to choose from: Auto Detection, Static IPv6, Auto configuration (SLAAC/DHCPv6), PPPoE, IPv6 in IPv4 Tunnel, 6to4, and Link-local. If you are unsure of your connection method, please contact your IPv6 Internet Service Provider. Note: If using the PPPoE option, you will need to ensure that any PPPoE client software on your computers has been removed or disabled. 11.1. Basic • • IPv6: Enable or disable IPv6 feature.
11.3. Static IPv6 • • • • • • • • • Use Link-Local Address: Enable or disable LAN link-local address. IPv6 Address: Enter the LAN (local) IPv6 address for the router. Subnet Prefix Length: Enter the subnet prefix length. Default Gateway: Enter the default gateway. Primary IPv6 DNS Address: Enter the primary IPv6 DNS address. Secondary IPv6 DNS Address: Enter the secondary IPv6 DNS address. LAN IPv6 Address: Enter the LAN IPv6 address. LAN IPv6 Link-Local Address: Enter the LAN IPv6 link-local address.
11.4. Auto Configuration • • • • • • • Obtain A DNS Server Address Automatically: Enable or disable obtaining a DNS server automatically. Primary IPv6 DNS Address: Enter the primary IPv6 DNS address. Secondary IPv6 DNS Address: Enter the secondary IPv6 DNS address. Enable DHCP-PD: Enable or disable DHCP-prefix delegation (PD). LAN IPv6 Address: Enter the LAN IPv6 address. LAN IPv6 Link-Local Address: Enter the LAN IPv6 link-local address.
11.5. PPPoE • Address Mode: Select Static if your ISP assigned you the IP address, subnet mask, gateway, and DNS server addresses. In most cases, select Dynamic. • • • • • • • IP Address: Enter the IP address (Static PPPoE only). User Name: Enter your PPPoE user name. Password: Enter your PPPoE password. Verify Password: Retype the your PPPoE password. Service Name: Enter the ISP Service Name (optional). Reconnect Mode: Select either Always-on, On-Demand, or Manual.
11.6. 6to4 • • • • • • 6to4 Address: Enter the 6to4 IP address. Primary IPv6 DNS Address: Enter the primary IPv6 DNS address. Secondary IPv6 DNS Address: Enter the secondary IPv6 DNS address. LAN IPv6 Address: Enter the LAN IPv6 address. LAN IPv6 Link-Local Address: Enter the LAN IPv6 link-local address. Enable Automatic IPv6 Address Assignment: Enable or disable automatic IPv6 address assignment. • Autoconfiguration Type: Select the autoconfiguration type.
11.7. Link Local • LAN IPv6 Link-Local Address: Enter the LAN IPv6 link-local address. Click Apply to save the settings or Cancel to discard changes. [ pg.
12. Firewall To access the Firewall Section of the Expert Menu, select Firewall on the left hand side. 12.1. Basic To enable or disable firewall, select the Basic option in the Firewall section. In the Basic option, select whether or not you wan to Enable or Disable the firewall settings of the ESR350H. [ pg.
12.2. Advanced VPN Passthrough: Allows VPN (Virtual Private Network) packets to pass through the Firewall. If you are not using VPN, these options can be disabled. VPN L2TP Passthrough, VPN PPTP Passthrough, VPN IPSec Passthrough and PPPoE Passthrough are enabled by factory default. [ pg.
12.3. DMZ (Demilitarized Zone) If you have a client PC that cannot run an Internet application (e.g. Games) properly from behind the NAT firewall, then you can open up the firewall restrictions to allow unrestricted two-way Internet access by defining a DMZ Host. The DMZ function allows you to re-direct all packets going to your WAN port IP address to a particular IP address in your LAN.
12.4. DoS (Denial of Service) To enable blocking of DoS attacks, select the DoS option in the Firewall section. DoS attacks can flood your Internet connection with continuous transmission of data. Blocking these attack can ensure that the Internet connection will always be available. • • Block DoS: Enable or disable blocking DoS attacks. Discard Ping on WAN: ICMP (ping) packages are blocked while Block DoS is enabled. Enable Discard Ping on WAN if the WAN port is required.
12.5. ACL To manage Parental Control settings (either through the Parental Control Wizard or the ACL option), select the ACL option in the Firewall section. Please refer to Parental Control Section for details. [ pg.
13. VPN (Virtual Private Network) 13.1. Status A Virtual Private Network (VPN) provides a secure connection between two remote locations or two users over the public Internet. It provides authentication to securely encrypt the data communicated between the two remote endpoints. The ESR350H supports up to 5 VPN tunnels, making it ideal for small-office and home-office (SOHO) users. To view the status of your VPN tunnels that were configured on the ESR350H, select the Status option in the VPN section.
13.2. VPN Wizard Click Next to start VPN Wizard Create a name for the VPN tunnel in the Name field. Click Next. [ pg.
You can select IPSec, L2TP over IPSec, L2TP or PPTP as the VPN Connection Type. Then click Next. [ pg.
IPSec Setting You can select Client to Site or Site to Site in this page then click Next to next page. Note. If you select Client to Site, you will pass next step. Enter the Security Gateway and Remote Network. Then click Next to next page. [ pg.
Enter the Shared Key for the VPN connection. Then click Next to next page. Setup successfully, enable this policy immediately. If you don’t want enable this policy, you can un-tick the box. Then click Apply button to apply the settings. [ pg.
L2TP over IPSec Setting Enter the Username, Password and VPN Server IP setting. Then click Next to next page. Enter the Shared Key for the VPN connection. Then click Next to next page. [ pg.
Setup successfully, enable this policy immediately. If you don’t want enable this policy, you can un-tick the box. Then click Apply to apply the settings. [ pg.
L2TP Settings • • User Name: Enter the user name used to connect to L2TP server Password: Enter the password used to connect to L2TP server VPN Server IP Setting • Server IP: Enter an IP address which is different from your router’s LAN IP address. (example: the default LAN IP of ESR350H is 192.168.0.1. You could create a Server IP address as 10.0.174.45) • Remote IP Range: Enter an IP range under the same subnet as the above Server IP. (example: if your Server IP address is 10.0.174.
PPTP Setting • • User Name: Enter the user name to connect to the PPTP server Password: Enter the password to connect to the PPTP server VPN Server IP Setting • Server IP: Enter an IP address which is different from your router’s LAN IP address. (example: the default LAN IP of ESR350H is 192.168.0.1. You could create a Server IP address as 10.0.174.45) • Remote IP Range: Enter an IP range under the same subnet of the above Server IP. (example: if your Server IP address is 10.0.174.
13.3. User Setting • • • Name: Enter the name to connect to L2TP or PPTP VPN tunnels. Password: Enter the password to connect to L2TP or PPTP VPN tunnels. Confirm: Enter the password again to confirm the password entered above. Click Add to enter the VPN user to the Current VPN User Table. [ pg.
13.4. Profile Setting If you wish to manually setup a VPN tunnel, you can go to Profile Setting in the VPN section. Before getting started, please select User Setting to create the user profile ahead of time. After completing the User Setting, please go to Profile Setting to start a manual VPN tunnel configuration. Click Add to get started. In the General tab, enter a name for the VPN tunnel in the Name field. Select PPTP, L2TP, IPSec or L2TP over IPSec for the Connection Type. [ pg.
IPSec profile setting General • Name: Enter a name for your VPN policy. • Connection Type: Supports PPTP, L2TP, IPSec and L2TP over • Authentication Type: Supports pre-shared key method for • Shared Key: Enter the Shared Key in box. • IPSec methods to establish VPN connection. authentication. Confirm: Enter your Shared Key again for verification.
SA (Security Association) IKE (Phase 1) Proposal Exchange: Select Main Mode or Aggressive Mode for IKE Phase 1 • negotiation. o Main Mode: Select this option to configure the standard negotiation parameters for IKE Phase 1 of the VPN Tunnel. (Recommended Setting) o Aggressive Mode: Select this option to configure IKE Phase 1 of the VPN Tunnel to carry out negotiation in a shorter amount of time.
• Perfect Forward Secrecy: Select Enable or Disable to enable or disable PFS (Perfect Forward Secrecy). PFS is an additional security protocol. • DH Group: Select a PFS DH Group from the drop-down menu (Group 1, Group 2, Group 5, Group 14). As the DH Group number increases, the • Life Time: Enter the number of seconds for the IPSec Lifetime. The period of time to pass before establishing a new IPSec security association higher the level of encryption implemented for PFS.
L2TP over IPSec profile setting General • Name: Enter a name for your VPN policy. • Connection Type: Supports PPTP, L2TP, IPSec and L2TP over IPSec • Shared Key: Enter the Shared Key in box. • methods to establish VPN connection. Confirm: Enter your Shared Key again for verification. L2TP • • Authentication: There are three authentication algorithms. Please select CHAP, PAP, or MSCHAP_V2. Available Users: The users who you created in the User Setting to connect to L2TP server will be displayed.
PPTP profile setting If you select PPTP as VPN Connection Type, go to PPTP tab. PPTP • Authentication: There are three authentication algorithms. Please select CHAP, PAP, or MSCHAP_V2. • Encryption: Supports No, 40-bit or 128-bit encryption lengths for traffic • Available Users: The users who you created in the User Setting to connect through the VPN. to PPTP server will be displayed.
L2TP profile setting If you select L2TP as VPN Connection Type, go to L2TP tab. L2TP • • Authentication: There are three authentication algorithms. Please select CHAP, PAP, or MSCHAP_V2. Available Users: The users who you created in the User Setting to connect to L2TP server will be displayed. Select the users in the list who you wish to include in the VPN tunnel, and click the forward arrow to then add them to the Member Box. Click the backward arrow if you want to remove users from the Member box.
14. Advanced To access the Advanced section of the Expert Menu, select Advanced on the left hand side. 14.1. NAT (Network Address Translation) Network Address Translation (NAT) allows multiple users at your local site to access the Internet through a single Public IP Address or multiple Public IP Addresses. NAT provides Firewall protection from hacker attacks and has the flexibility to allow you to map Private IP Addresses to Public IP Addresses for key services such as Websites and FTP.
14.2. Port Mapping Port Mapping allows you to re-direct a particular range of service port numbers (from the Internet / WAN Port) to a particular LAN IP address. • • • • • Enable Port Mapping: Mark the checkbox to Enable Port Mapping. Description: Enter the description on why the ports will be mapped. Local IP: The local IP address of the server behind the NAT firewall. Protocol: Select whether TCP, UDP, or Both ports will be mapped. Port Range: Enter the range of ports to be forwarded to the private IP.
14.3. Port Forwarding Use the Port Forwarding (Virtual Server) function when you want different servers/clients in your LAN to handle different Internet application type (e.g. Email, FTP, Web server etc.) from the Internet. Computers use port numbers to recognize a particular Internet application type. The Virtual Server allows you to re-direct a particular port number (from the Internet/WAN Port) to a particular LAN private IP address and its service port number.
14.4. Port Triggering (Special Application) Some applications require multiple connections, such as online games, videoconferencing, VoIP telephony and etc. You can configure port triggering function to support multiple connections if more than one local computer needs port forwarding for the same application or your application needs to open incoming ports that are different from the outgoing port. • • Enable Port Triggering: Mark the checkbox to Enable Port Triggering.
14.5. ALG (Application Layer Gateway) The ALG (Application Layer Gateway) serves as a window between correspondent application processes so that they may exchange information on an open environment. Select the listed applications that need ALG support and then the router will authorize them to pass through the NAT gateway. Then click Apply. [ pg.
14.6. UPnP (Universal Plug and Play) UPnP helps Internet devices, such as gaming and videoconferencing to access the network and connect to other registered UPnP devices. [ pg.
14.7. IGMP (Internet Group Multicast Protocol) IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group. [ pg.
14.8. QoS (Quality of Service) QoS can prioritize the bandwidth use such as video streaming, online gaming, VoIP telephony, videoconferencing, and etc. to ensure the stable and efficient performance of the network. Total Bandwidth Settings You can specify the maximum value of the outgoing bandwidth of Uplink and Downlink for the application by selecting the speed from drop-down menus. [ pg.
Priority Queue • Local IP Address: Enter the Local IP address which will have the highest priority to stream data and will not be bounded by the QoS limitation. • High/Low Priority Queue: Specify the priority for different protocol. You can add and priority the desired protocol on the table. [ pg.
Bandwidth Allocation You can set the bandwidth allocation type (download and/or upload). You must provide the IP and Port ranges and select the type of protocol, policy, and rate (bps).
14.9. Routing Typically you do not need to setup static routing since the ESR350H usually has adequate routing information after it has been configured for Internet access. You will only need to set up static routing if the router is connected with a network under a different subnet and you need the static routing to allow network connection in two different subnets. • • Enable Static Routing: Mark the checkbox to Enable Static Routing.
14.10. WOL (Wake on LAN) WOL allows you to turn on a computer through the router. You will just need to provide the Server Port as well as the MAC address of the computer to utilize this feature. [ pg.
15. Tools 15.1. Admin In the Admin option of the Tools section, you can change the password used to log in to the router at the login screen by entering the old password, followed by the new password twice. The password can contain 0 to 12 alphanumeric characters and is case sensitive. You can also allow only one computer to edit the settings on the ESR350H by supplying its static IP address.
15.2. Time In the Time option of the Tools section, you can change the current time on the ESR350H. Enter the web address of the Network Time Protocol you want to have the ESR350H to match time with or have it synchronize with the PC accessing the ESR350H. You can also enable Daylight Saving. [ pg.
15.3. DDNS (Dynamic DNS) DDNS allows users to map a static domain name to a dynamic IP address. You must get an account, password, and static domain name from the DDNS service provider such as DynDNS, ZoneEdit, CyberGate, and etc. to use this feature. DDNS benefits end users when they have their own websites or FTP sites. • • • • • Dynamic DNS: Choose to Enable or Disable this feature. Server Address: Select the Server Address in which to obtain the Dynamic DNS.
15.4. Diagnosis The diagnosis feature allows the administrator to verify that another device is available on the network and is accepting request packets. If the ping result returns alive, it means a device is on line. This feature does not work if the target device is behind a firewall or has security software installed. [ pg.
15.5. Firmware In the Firmware option of the Tools section, you can update the firmware of the ESR350H. To update the firmware, follow these steps: 1. Download the appropriate firmware approved by Engenius® Technologies Inc. from an approved site. 2. Make sure the firmware file is in a known local location. 3. Select Browse. 4. Navigate through the file system and select the firmware file. 5. Select Apply. This process may take a few minutes. The ESR350H will restart when completed. [ pg.
Emergency Upgrade If your firmware upgrade failed, you may enter the Emergency Upgrade WEB page. 1. Enter IP address: 192.168.99.9 and enter Emergency Upgrade WEB page. Note: You have to configure PC/Notebook IP address to 192.168.99.8 manually. 2. Click the Browse button and navigate to the location of the upgrade file and then click Upload. 3. Wait for firmware upgrade and reboot the device. [ pg.
4. You can access the device again. [ pg.
15.6. Back-Up In the Back-Up option of the Tools section, you can: 1. Restore the ESR350H to factory defaults. 2. Save the current configuartion on the ESR350H to a .dlf file. 3. Restore saved settings by: a. Select Browse. b. Browse location for the file with the saved settings of the ESR350H. c. Select Upload. [ pg.
15.7. Reset In the Reset option of the Tools section, you can manually restart the ESR350H. [ pg.
Appendix A – FCC Interference Statement Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
Appendix B – Industry Canada statement This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. French translation: Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts de licence.
