Chapter 8 HomeCareTM – Parental Controls, QoS, Antivirus • Intrusion Prevention System Identifies and blocks potential threats from attackers and fixes vulnerabilities in the network. • Infected Device Quarantine Prevents infected devices from sending your sensitive information to clients outside your network or spreading security threats. • To access your router’s Antivirus settings: 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2.
Chapter 9 Network Security This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network against DoS (Denial of Service) attacks from flooding your network with server requests using DoS Protection, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
Chapter 9 9. 1. Network Security Protect the Network from Cyber Attacks The SPI (Stateful Packet Inspection) Firewall protects the router from cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Security > Firewall. It’s recommended to keep the default settings. 9. 2.
Chapter 9 Network Security 3 ) Select devices you want to be blocked and Click ADD. 4 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the blacklist. To allow specific device(s): 1 ) Select Whitelist and click SAVE in the lower page. 2 ) Your own device is in the whitelist by default and cannot be deleted. Click to add other devices to the whitelist. • Add connected devices 1 ) Click Select From Device List.
Chapter 9 Network Security 3 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the whitelist. • Add unconnected devices 1 ) Click Add Manually. 2 ) Enter the Device Name and MAC Address of the device you want to be allowed and click ADD. 3 ) The Operation Succeeded message will appear on the screen, which means the device has been successfully added to the whitelist.
Chapter 9 9. 3. Network Security IP & MAC Binding IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind network device’s IP address to its MAC address. This will prevent ARP Spoofing and other ARP attacks by denying network access to an device with matching IP address in the Binding list, but unrecognized MAC address. I want to: Prevent ARP spoofing and ARP attacks. How can I do that? 1. Visit http://tplinkwifi.
Chapter 9 Network Security 3 ) Click SAVE. To bind the unconnected device: 1 ) Click in the Binding List section. 2 ) Enter the MAC Address and IP Address that you want to bind. 3 ) Click SAVE.
Chapter 10 NAT Forwarding The router’s NAT (Network Address Translation) feature makes devices on the LAN use the same public IP address to communicate with devices on the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that an external host cannot initiatively communicate with a specified device on the local network.
Chapter 10 NAT Forwarding 10. 1. Share Local Resources on the Internet by Port Forwarding When you build up a server on the local network and want to share it on the internet, Port Forwarding can realize the service and provide it to internet users. At the same time Port Forwarding can keep the local network safe as other services are still invisible from the internet. Port Forwarding can be used for setting up public services on your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet.
Chapter 10 NAT Forwarding 5. Click VIEW COMMON SERVICES and select HTTP. The External Port, Internal Port and Protocol will be automatically filled in. 6. Click VIEW CONNECTED DEVICES and select your home PC. The Device IP Address will be automatically filled in. Or enter the PC’s IP address 192.168.0.100 manually in the Device IP Address field. 7. Click SAVE. Tips: It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use.
Chapter 10 NAT Forwarding 10. 2. Open Ports Dynamically by Port Triggering Port Triggering can specify a triggering port and its corresponding external ports. When a host on the local network initiates a connection to the triggering port, all the external ports will be opened for subsequent connections. The router can record the IP address of the host. When the data from the internet return to the external ports, the router can forward them to the corresponding host.
Chapter 10 NAT Forwarding 4. Click SAVE. Tips: • You can add multiple port triggering rules according to your network need. • The triggering ports can not be overlapped. • If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You should verify the external ports the application uses first and enter them into External Port field according to the format the page displays. 10. 3.
Chapter 10 NAT Forwarding 5. Click SAVE. Done! The configuration is completed. You’ve set your PC to a DMZ host and now you can make a team to game with other players. 10. 4. Make Xbox Online Games Run Smoothly by UPnP The UPnP (Universal Plug and Play) protocol allows applications or host devices to automatically find the front-end NAT device and send request to it to open the corresponding ports.
Chapter 10 NAT Forwarding 58
Chapter 11 VPN Server The VPN (Virtual Private Networking) Server allows you to access your home network in a secured way through internet when you are out of home. The router offers two ways to setup VPN connection: OpenVPN and PPTP (Point to Point Tunneling Protocol) VPN. OpenVPN is somewhat complex but with greater security and more stable. It is suitable for restricted environment, such as campus network and company intranet.
Chapter 11 VPN Server 11. 1. Use OpenVPN to Access Your Home Network In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, you should enable OpenVPN Server on your router, and install and run VPN client software on the remote device. Please follow the steps below to set up an OpenVPN connection. INTERNET Home Network Router Remote Device Step1.
Chapter 11 VPN Server 6. Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access internet through the VPN Server. 7. Click SAVE. 8. Click GENERATE to get a new certificate. Note: If you have already generated one, please skip this step, or click GENERATE to update the certificate. 9.
Chapter 11 VPN Server 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > VPN Server > PPTP or Game Center > VPN Server >PPTP, and tick the Enable box of PPTP. Note: Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet. 3.
Chapter 11 VPN Server 2 ) Enter the Username and Password to authenticate devices to the PPTP VPN Server. 3 ) Click ADD. Step 2. Configure PPTP VPN Connection on Your Remote Device The remote device can use the Windows built-in PPTP software or a third-party PPTP software to connect to PPTP Server. Here we use the Windows built-in PPTP software as an example. 1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center. 2. Select Set up a new connection or network. 3.
Chapter 11 VPN Server 4. Select Use my Internet connection (VPN). 5. Enter the internet IP address of the router (for example: 218.18.1.73) in the Internet address field. Click Next.
Chapter 11 VPN Server 6. Enter the User name and Password you have set for the PPTP VPN server on your router, and click Connect. 7. The PPTP VPN connection is created and ready to use.
Chapter 11 VPN Server 66
Chapter 12 Customize Your Network Settings This chapter guides you on how to configure advanced network features.
Chapter 12 Customize Your Network Settings 12. 1. Change the LAN Settings The router is preset with a default LAN IP 192.168.0.1, which you can use to log in to its web management page. The LAN IP address together with the Subnet Mask also defines the subnet that the connected devices are on. If the IP address conflicts with another device on your local network or your network requires a specific IP subnet, you can change it. 1. Visit http://tplinkwifi.
Chapter 12 Customize Your Network Settings 12. 3. Configure to Support IPTV Service I want to: Configure IPTV setup to enable Internet/IPTV/Phone service provided by my internet service provider (ISP). How can I do that? 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Network > IPTV/VLAN. 3. If your ISP provides the networking service based on IGMP technology, e.g.
Chapter 12 Customize Your Network Settings 3 ) After you have selected a mode, the necessary parameters, including the LAN port for IPTV connection, are predetermined. If not, select the LAN type to determine which port is used to support IPTV service. 4 ) Click SAVE. 5 ) Connect the set-top box to the corresponding LAN port which is predetermined or you have specified in Step 3. Done! Your IPTV setup is done now! You may need to configure your set-top box before enjoying your TV. 12. 4.
Chapter 12 • Customize Your Network Settings To specify the IP address that the router assigns: 1. Tick the Enable checkbox. 2. Enter the starting and ending IP addresses in the IP Address Pool. 3. Enter other parameters if the ISP offers. The Default Gateway is automatically filled in and is the same as the LAN IP address of the router. 4. Click SAVE. • To reserve an IP address for a specified client device: 1. Click Add in the Address Reservation section. 2.
Chapter 12 Customize Your Network Settings and you don’t know when it changes. In this case, you might apply the DDNS (Dynamic Domain Name Server) feature on the router to allow you and your friends to access your router and local servers (FTP, HTTP, etc.) using a domain name without checking and remembering the IP address. Note: DDNS does not work if the ISP assigns a private WAN IP address (such as 192.168.1.x) to the router. 1. Visit http://tplinkwifi.
Chapter 12 Customize Your Network Settings If you have selected NO-IP or DynDNS, enter the username, password and domain name of your account. 5. Click SAVE. Tips: If you want to use a new DDNS account, please click Logout first, and then log in with a new account. 12. 6. Create Static Routes Static routing is a form of routing that is configured manually by a network administrator or a user by adding entries into a routing table.
Chapter 12 Customize Your Network Settings want to visit my company’s network. Now I have a switch and Router B. I connect the devices as shown in the following figure so that the physical connection between my PC and my company’s server is established. To surf the internet and visit my company’s network at the same time, I need to configure the static routing. Router A Company’s server Router B WAN: 172.30.30.100 LAN: 192.168.0.1 LAN: 192.168.0.2 172.30.30.1 Switch 192.168.0.
Chapter 12 Customize Your Network Settings If the destination is a single IP address, enter 255.255.255.255; otherwise, enter the subnet mask of the corresponding network IP. In the example, the destination network is a single IP, so here enter 255.255.255.255. Default Gateway: The IP address of the gateway device to which the data packets will be sent. This IP address must be on the same subnet with the router’s IP which sends out data.
Chapter 12 Customize Your Network Settings 2. The wireless function is enabled by default. If you want to disable the wireless function of the router, just untick the Enable checkbox of each wireless network. In this case, all the wireless settings will be invalid. • To change the wireless network name (SSID) and wireless password: 1. Go to Wireless or Advanced > Wireless > Wireless Settings. 2. Create a new SSID in Network Name (SSID) and customize the password for the network in Password.
Chapter 12 Customize Your Network Settings 3. Keep the default values or set a new SSID and password, and click SAVE. This SSID and password will be applied for the 2.4GHz and 5GHz wireless networks. • To change the security option: 1. Go to Advanced > Wireless > Wireless Settings. 2. Select an option from the Security drop-down list. We recommend you don’t change the default settings unless necessary. If you select other options, configure the related parameters according to the help page.
Chapter 12 Customize Your Network Settings 2. Locate the 5GHz-1 or 5GHz-2 network. 3. Tick the Enable box for MU-MIMO. 4. Click SAVE. 12. 8. Schedule Your Wireless Function The wireless network can be automatically off at a specific time when you do not need the wireless connection. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Wireless > Wireless Schedule. 3. Enable the Wireless Schedule feature. 4.
Chapter 12 Customize Your Network Settings 12. 9. 1. Connect via the Client’s PIN Enter the PIN of your device and click Connect. Then your device will get connected to the router. 12. 9. 2. Connect via the Router’s PIN Select Router’s PIN in Method 1 to enable Router’s PIN. You can use the default PIN or generate a new one. Note: PIN (Personal Identification Number) is an eight-character identification number preset to each router. WPS supported devices can connect to your router with the PIN.
Chapter 12 Customize Your Network Settings 12. 10. Use WDS to Extend Network WDS (Wireless Distribution System) Bridging feature allows you to bridge a router with an access point to extend the wireless network coverage. The access point should also support the WDS Bridging feature. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Wireless > WDS. 3. Select Enable WDS Bridging of 2.4GHz WDS, 5GHz-1 WDS or 5GHz-2 WDS. 4.
Chapter 12 Customize Your Network Settings • WMM - WMM function can guarantee the packets with high-priority messages being transmitted preferentially. • Short GI - It is recommended to enable this function, for it will increase the data capacity by reducing the guard interval time. • AP Isolation - This function isolates all connected wireless stations so that wireless stations cannot access each other through WLAN.
Chapter 13 Manage the Router This chapter will show you the configuration for managing and maintaining your router.
Chapter 13 Manage the Router 13. 1. Upgrade the Firmware TP-Link aims at providing better network experience for users. We will inform you through the web management page if there’s any update firmware available for your router. Also, the latest firmware will be released at the TP-Link official website www.tp-link.com, and you can download it from the Support page for free. • • • Note: Make sure you remove all attached USB devices from the router before the firmware upgrade to prevent data loss.
Chapter 13 Manage the Router Tips: If there’s a new and important firmware update for your router, you will see the notification (similar as shown below) on your computer as long as a web browser is opened. Click UPGRADE, and log into the web management page with the username and password you set for the router. You will see the Firmware Upgrade page. 13. 1. 2. Local Upgrade 1. Download the latest firmware file for the router from www.tp-link.com. 2. Visit http://tplinkwifi.
Chapter 13 • To backup configuration settings: • To restore configuration settings: Manage the Router Click BACK UP to save a copy of the current settings to your local computer. A ‘.bin’ file of the current settings will be stored to your computer. 1. Click BROWSE to locate the backup configuration file stored on your computer, and click RESTORE. 2. Wait a few minutes for the restoring and rebooting. Note: During the restoring process, do not turn off or reset the router.
Chapter 13 Manage the Router 2. Wait a few minutes for the resetting and rebooting. Note: • During the resetting process, do not turn off or reset the router. • We strongly recommend you backup the current configuration settings before resetting the router. 13. 3. Change the Login Password The account management feature allows you to change your login password of the web management page.
Chapter 13 Manage the Router 1. Visit http://tplinkwifi.net, and log in with the password you set for the router. 2. Go to Advanced > System > Administration and focus on the Password Recovery section. 3. Tick the Enable box of Password Recovery. 4. Specify a mailbox (From) for sending the recovery letter and enter its SMTP Server address. Specify a mailbox (To) for receiving the recovery letter.
Chapter 13 • Access the router via HTTPS and HTTP: • Allow all LAN connected devices to manage the router: • Allow specific devices to manage the router: Manage the Router Tick the Enable box of Local Management via HTTPS to access the router via HTTPS and HTTP, or keep it disabled to access the router only via HTTP. Select All Devices for Local Managers. 1. Select All Devices for Local Managers and click SAVE. 2. Click Add Device.
