Chapter 8 USB Settings 3. Tick the checkbox to enable Time Machine. 4. Click Select to select a location for Time Machine backups. 5. Set the Size Limit for Backups. Note: 0 means no limit for the space. 6. Click Save.
Chapter 9 HomeShield Customize your home network with enhanced security using a kit of features built in TP-Link HomeShield. Whether protecting your sensitive data or limiting the access of kids and guests, TP-Link HomeShield provides you the tools you need to fully manage your network.
Chapter 9 9. 1. HomeShield Network Security TP-Link HomeShield provides many tools to protect your network from malicious attacks.
Chapter 9 HomeShield Child Protection Keep your child away from inappropriate content Family Incentive Program Manage screen time and create rewards Family Time Pause the internet to enjoy family time • To use this feature, download Tether to enjoy the HomeShield service 1. Scan the QR code or get the Tether app from the Apple App Store or Google Play. OR 2. Launch the Tether app and log in with your TP-Link ID. If you don’t have an account, create one first. 3.
Chapter 9 HomeShield 2. Launch the Tether app and log in with your TP-Link ID. If you don’t have an account, create one first. 3. Log in to your router and tap the HomeShield tab to use this feature.
Chapter 10 OneMesh with Seamless Roaming This chapter introduces the TP-Link OneMeshTM feature.
Chapter 10 OneMesh with Seamless Roaming TP-Link OneMesh router and TP-Link OneMesh extenders work together to form one unified Wi-Fi network. Walk through your home and stay connected with the fastest possible speeds thanks to OneMesh’s seamless coverage. SAME INTERNE T Network Name & Password for seamless roaming Unified Wi-Fi Network Router and extenders share the same wireless settings, including network name, password, access control settings and more.
Chapter 10 OneMesh with Seamless Roaming 3. Connect a OneMesh extender to this router by following the setup instructions in the extender’s manual. The extender will be listed on the router’s OneMesh page. Note: To check full list of TP-Link OneMesh devices, visit https://www.tp-link.com/onemesh/compatibility. 4. If you have set up the extender to join the OneMesh network, it will be listed on the router’s OneMesh page.
Chapter 10 OneMesh with Seamless Roaming 10. 2. Manage Devices in the OneMesh Network In a OneMesh network, you can manage all mesh devices and connected clients on your router’s web page. • To view mesh devices and connected clients in the network: 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Network Map. 3. Click • to view all mesh devices, and click to view all connected clients. To manage a OneMesh device in the network: 1.
Chapter 10 OneMesh with Seamless Roaming 4. Manage the OneMesh device as needed. You can: • Change device information. • Click Leave OneMesh to delete this device from the OneMesh network. • Click Manage Device to redirect to the web management page of this device.
Chapter 11 Network Security This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network from cyber attacks, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
Chapter 11 Network Security 11. 1. Protect the Network from Cyber Attacks The SPI (Stateful Packet Inspection) Firewall protects the router from cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Security > Firewall. It’s recommended to keep the default settings. 11. 2.
Chapter 11 2 ) Click Network Security and select devices you want to be blocked and Click ADD. 3 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the blacklist. To allow specific device(s): 1 ) Select Whitelist and click SAVE. 2 ) Your own device is in the whitelist by default and cannot be deleted. Click to add other devices to the whitelist. • Add connected devices 1 ) Click Select From Device List.
Chapter 11 Network Security 3 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the whitelist. • Add unconnected devices 1 ) Click Add Manually. 2 ) Enter the Device Name and MAC Address of the device you want to be allowed and click ADD. 3 ) The Operation Succeeded message will appear on the screen, which means the device has been successfully added to the whitelist.
Chapter 11 Network Security I want to: Prevent ARP spoofing and ARP attacks. How can I do that? 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Security > IP & MAC Binding. 3. Enable IP & MAC Binding. 4. Bind your device(s) according to your need. To bind the connected device(s): 1 ) Click in the Binding List section. 2 ) Click VIEW CONNECTED DEVICES and select the device you want to bind.
Chapter 11 Network Security To bind the unconnected device: 1 ) Click in the Binding List section. 2 ) Enter the MAC Address and IP Address that you want to bind. 3 ) Click SAVE. Done! Now you don’t need to worry about ARP spoofing and ARP attacks! 11. 4. ALG ALG allows customized Network Address Translation (NAT) traversal filters to be plugged into the gateway to support address and port translation for certain application layer “control/data” protocols such as FTP, TFTP, H323 etc.
Chapter 11 Network Security 61
Chapter 12 NAT Forwarding The router’s NAT (Network Address Translation) feature makes devices on the LAN use the same public IP address to communicate with devices on the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that an external host cannot initiatively communicate with a specified device on the local network.
Chapter 12 NAT Forwarding 12. 1. Share Local Resources on the Internet by Port Forwarding When you build up a server on the local network and want to share it on the internet, Port Forwarding can realize the service and provide it to internet users. At the same time Port Forwarding can keep the local network safe as other services are still invisible from the internet. Port Forwarding can be used for setting up public services on your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet.
Chapter 12 NAT Forwarding 5. Click VIEW COMMON SERVICES and select HTTP. The External Port, Internal Port and Protocol will be automatically filled in. 6. Click VIEW CONNECTED DEVICES and select your home PC. The Device IP Address will be automatically filled in. Or enter the PC’s IP address 192.168.0.100 manually in the Device IP Address field. 7. Click SAVE. Tips: It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use.
Chapter 12 NAT Forwarding Tips: The WAN IP should be a public IP address. For the WAN IP is assigned dynamically by the ISP, it is recommended to apply and register a domain name for the WAN referring to Set Up a Dynamic DNS Service Account. Then users on the internet can use http:// domain name to visit the website. • If you have changed the default External Port, you should use http:// WAN IP: External Port or http:// domain name: External Port to visit the website. • 12. 2.
Chapter 12 NAT Forwarding 4. Click SAVE. Tips: • You can add multiple port triggering rules according to your network need. • The triggering ports can not be overlapped. • If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You should verify the external ports the application uses first and enter them into External Port field according to the format the page displays. 12. 3.
Chapter 12 NAT Forwarding How can I do that? 1. Assign a static IP address to your PC, for example 192.168.0.100. 2. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 3. Go to Advanced > NAT Forwarding > DMZ and tick to enable DMZ. 4. Click VIEW CONNECTED DEVICES and select your PC. The Device IP Address will be automatically filled in. Or enter the PC’s IP address 192.168.0.100 manually in the DMZ Host IP Address field. 5. Click SAVE.
Chapter 12 NAT Forwarding corresponding ports allowing the following data penetrating the NAT to transmit. Therefore, you can play Xbox online games without a hitch. INTERNET If necessary, you can follow the steps to change the status of UPnP. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > NAT Forwarding > UPnP and toggle on or off according to your needs.
Chapter 13 VPN Server The VPN (Virtual Private Networking) Server allows you to access your home network in a secured way through internet when you are out of home. The router offers two ways to setup VPN connection: OpenVPN and PPTP (Point to Point Tunneling Protocol) VPN. OpenVPN is somewhat complex but with greater security and more stable. It is suitable for restricted environment, such as campus network and company intranet.
Chapter 13 VPN Server 13. 1. Use OpenVPN to Access Your Home Network In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, you should enable OpenVPN Server on your router, and install and run VPN client software on the remote device. Please follow the steps below to set up an OpenVPN connection. INTERNET Home Network Router Remote Devices Step1.
Chapter 13 VPN Server 6. Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access internet through the VPN Server. 7. Click SAVE. 8. Click GENERATE to get a new certificate. Note: If you have already generated one, please skip this step, or click GENERATE to update the certificate. 9.
Chapter 13 VPN Server 2. Go to Advanced > VPN Server > PPTP, and tick the Enable box of PPTP. Note: Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet. 3. In the Client IP Address field, enter the range of IP addresses (up to 10) that can be leased to the devices by the PPTP VPN server. 4. Set the PPTP connection permission according to your needs.
Chapter 13 VPN Server 3 ) Click ADD. Step 2. Configure PPTP VPN Connection on Your Remote Device The remote device can use the Windows built-in PPTP software or a third-party PPTP software to connect to PPTP Server. Here we use the Windows built-in PPTP software as an example. 1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center. 2. Select Set up a new connection or network. 3. Select Connect to a workplace and click Next.
Chapter 13 VPN Server 4. Select Use my Internet connection (VPN). 5. Enter the internet IP address of the router (for example: 218.18.1.73) in the Internet address field. Click Next.
Chapter 13 VPN Server 6. Enter the User name and Password you have set for the PPTP VPN server on your router, and click Connect. 7. The PPTP VPN connection is created and ready to use.
Chapter 13 VPN Server 76
Chapter 14 Customize Your Network Settings This chapter guides you on how to configure advanced network features.
Chapter 14 Customize Your Network Settings 14. 1. Change the LAN Settings The router is preset with a default LAN IP 192.168.0.1, which you can use to log in to its web management page. The LAN IP address together with the Subnet Mask also defines the subnet that the connected devices are on. If the IP address conflicts with another device on your local network or your network requires a specific IP subnet, you can change it. 1. Visit http://tplinkwifi.
Chapter 14 Customize Your Network Settings 2 ) Click SAVE. 3 ) After configuring IGMP proxy, IPTV can work behind your router now. You can connect your set-top box to any of the router’s Ethernet port. If IGMP is not the technology your ISP applies to provide IPTV service: 1 ) Tick Enable IPTV/VLAN. 2 ) Select the appropriate Mode according to your ISP. • Select Bridge if your ISP is not listed and no other parameters are required.
Chapter 14 Customize Your Network Settings 14. 3. Specify DHCP Server Settings By default, the DHCP (Dynamic Host Configuration Protocol) Server is enabled and the router acts as a DHCP server; it dynamically assigns TCP/IP parameters to client devices from the IP Address Pool. You can change the settings of the DHCP Server if necessary, and you can reserve LAN IP addresses for specified client devices. 1. Visit http://tplinkwifi.
Chapter 14 Customize Your Network Settings 2. Click VIEW CONNECTED DEVICES and select the you device you want to reserve an IP for. Then the MAC Address will be automatically filled in. Or enter the MAC address of the client device manually. 3. Enter the IP address to reserve for the client device. 4. Click SAVE. 14. 4. Set Up a Dynamic DNS Service Account Most ISPs assign a dynamic IP address to the router and you can use this IP address to access your router remotely.
Chapter 14 Customize Your Network Settings If you have selected NO-IP or DynDNS, enter the username, password and domain name of your account. 5. Click LOGIN AND SAVE. Tips: If you want to use a new DDNS account, please click Logout first, and then log in with a new account. 14. 5. Create Static Routes Static routing is a form of routing that is configured manually by a network administrator or a user by adding entries into a routing table.
Chapter 14 Customize Your Network Settings I want to: Visit multiple networks and servers at the same time. For example, in a small office, my PC can surf the internet through Router A, but I also want to visit my company’s network. Now I have a switch and Router B. I connect the devices as shown in the following figure so that the physical connection between my PC and my company’s server is established.
Chapter 14 Customize Your Network Settings Network Destination: The destination IP address that you want to assign to a static route. This IP address cannot be on the same subnet with the WAN IP or LAN IP of Router A. In the example, the IP address of the company network is the destination IP address, so here enter 172.30.30.1. Subnet Mask: Determines the destination network with the destination IP address. If the destination is a single IP address, enter 255.255.255.
Chapter 15 Manage the Router This chapter will show you the configuration for managing and maintaining your router.
Chapter 15 Manage the Router 15. 1. Upgrade the Firmware TP-Link aims at providing better network experience for users. We will inform you through the web management page if there’s any update firmware available for your router. Also, the latest firmware will be released at the TP-Link official website www.tp-link.com, and you can download it from the Support page for free. • • Note: Backup your router configuration before firmware upgrade. Do NOT turn off the router during the firmware upgrade. 15.
Chapter 15 Manage the Router 3. Focus on the Online Upgrade section, and click UPGRADE if there is new firmware. 4. Wait a few minutes for the upgrade and reboot to complete. Tips: If there’s a new and important firmware update for your router, you will see the prompt notification on your computer as long as a web browser is opened. Click UPGRADE, and log in to the web management page with the username and password you set for the router. You will see the Firmware Upgrade page. 15. 1. 3.
Chapter 15 Manage the Router 5. Wait a few minutes for the upgrade and reboot to complete. Note: If you fail to upgrade the firmware for the router, please contact our Technical Support. 15. 2. Backup and Restore Configuration Settings The configuration settings are stored as a configuration file in the router. You can backup the configuration file to your computer for future use and restore the router to a previous settings from the backup file when needed.
Chapter 15 Manage the Router 2. Wait a few minutes for the resetting and rebooting. Note: • During the resetting process, do not turn off the router. • After reset, you can still use the current login password or the TP-Link ID to log in to the web management page. • To reset the router to factory default settings: 1. Click FACTORY RESTORE to reset the router. 2. Wait a few minutes for the resetting and rebooting. Note: • During the resetting process, do not turn off or reset the router.
Chapter 15 Manage the Router 4. Use the new password for future logins. 15. 4. Password Recovery This feature allows you to recover the login password you set for you router in case you forget it. Note: If you are using a TP-Link ID to log in to the web management page, the Password Recovery feature will be disabled. To manage the TP-Link ID, go to Advanced > TP-Link ID. 1. Visit http://tplinkwifi.net, and log in with the password you set for the router. 2.
Chapter 15 Manage the Router 15. 5. Local Management This feature allows you to limit the number of client devices on your LAN from accessing the router by using the MAC address-based authentication. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > System > Administration and complete the settings In Local Management section as needed.
Chapter 15 Manage the Router 2. Click Add Device. 3. Click VIEW CONNECTED DEVICES and select the device to manage the router from the Connected Devices list, or enter the MAC address of the device manually. 4. Specify a Description for this entry. 5. Click SAVE. 15. 6. Remote Management This feature allows you to control remote devices’ authority to manage the router. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2.
