TL-R470T+ Load Balance Broadband Router Rev: 2.0.
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2012 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.
CONTENTS Package Contents ..................................................................................................................1 Chapter 1 About this Guide ...................................................................................................2 1.1 Intended Readers ..................................................................................................................2 1.2 Conventions ......................................................................................
.6 4.7 4.8 4.5.1 NAT..........................................................................................................................51 4.5.2 Traffic Control ..........................................................................................................56 4.5.3 Session Limit ...........................................................................................................60 4.5.4 Load Balance.............................................................................
Package Contents The following items should be found in your package: ¾ One TL-R470T+ Load Balance Broadband Router ¾ One Power cord ¾ One Ethernet Cable ¾ Quick Installation Guide ¾ Resource CD Note: ● Make sure that the package contains the above items. If any of the listed items are damaged or missing, please contact with your distributor. ● The provided power cord may be different due to local power specifications.
Chapter 1 About this Guide This User Guide contains information for setup and management of TL-R470T+ Load Balance Broadband Router. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used: ¾ The Router or TL-R470T+ mentioned in this Guide stands for TL-R470T+ Load Balance Broadband Router without any explanation.
Appendix B FAQ Provides the possible solutions to the problems that may occur during the installation and operation of the router. Appendix C Glossary Lists the glossary used in this guide.
Chapter 2 Introduction Thanks for choosing the Load Balance Broadband Router TL-R470T+. 2.
+ Featured Link Backup to switch all the new sessions from dropped line automatically to another for keeping an always on-line network. z Easy-to-use + Providing easy-to-use GUI with clear configuration steps and detailed help information for the users to configure the Router simply. + Helping administrators to monitor the whole network status and take actions to malfunctions according to the recorded log information. + Supporting remote management to manage the Router from remote places. 2.
Security ¾ Built-in firewall supporting URL/MAC Filtering ¾ Supports Access Control ¾ Supports Attack Defense ¾ Supports IP-MAC Binding ¾ Supports GARP (Gratuitous ARP) 2.3 Appearance 2.3.1 Front Panel The front panel of TL-R470T+ is shown as the following figure. z LEDs LED Status Indication On The Router is powered on. Off The Router is powered off or power supply is abnormal. Flashing The Router works properly. On/Off The Router works improperly.
z AC Power Receptacle Connect the female connector of the power cord to this power receptacle, and the male connector to the AC power outlet. Please make sure the voltage of the power supply meets the requirement of the input voltage (100-240V~ 50/60Hz). z Reset button Use the button to restore the Router to the factory defaults. With the Router powered on, use a pin to press and hold the Reset button (about 5 seconds). If the SYS LED is flashing 5 times in high frequency, release the Reset button.
Chapter 3 Quick Installation Guide After connecting the TL-R470T+ router into your network, you should configure it. This chapter describes how to configure the basic functions of your TL-R470T+ Load Balance Broadband Router. These procedures only take you a few minutes. You can access the Internet via the router immediately after it has been successfully configured. 3.
Step 2: In the next screen, right click Local Area Connection (LAN), and then select Properties. Figure 3-2 Step 3: In the next screen, select General tab, highlight Internet Protocol (TCP/IP), and then click the Properties button.
Step 4: Configure the IP address as shown in Figure 3-4. After that, click OK. Figure 3-4 Note: You can configure the PC to get an IP address automatically, select “Obtain an IP address automatically” and “Obtain DNS server address automatically” in the screen above. For Windows 98 OS or earlier, the PC and router may need to be restarted. Now, you can run the Ping command in the command prompt to verify the network connection.
Figure 3-6 You can check it by following the steps below: Note: ● Is the connection between your PC and the Router correct? The LEDs of LAN port which you link to the device and the LEDs on your PC's adapter should be lit. ● Is the TCP/IP configuration for your PC correct? If the Router's IP address is 192.168.0.1, your PC's IP address must be within the range of 192.168.0.2 ~ 192.168.0.254, the gateway must be 192.168.0.1. 3.
Figure 3-7 Note: If the above screen (Figure 3-7) does not prompt, it means that your web-browser may be set to a proxy. Choose Tools menu→Internet Options→Connections→LAN Settings, in the screen that appears, cancel the Using Proxy checkbox, and click OK to finish it. After a successful login, the “Quick Setup” screen will pop up as the Figure 3-8 shown. If it does not prompt, you can click the Quick Setup on the left of the main menu. Then click .
Figure 3-9 WAN Mode Select the WAN port you want to use as the Figure 3-10 shown, and then click to load the WAN Connection Type screen. Figure 3-10 WAN Port Select the connection type provided by your ISP as the Figure 3-11 shown. Three popular types are provided here. For other connection types, please refer to the 4.3.1 WAN.
Figure 3-11 WAN Connection Type 1) If you choose PPPoE, you will see the screen as the Figure 3-12 shown. Enter the Account Name and Password provided by your ISP (Internet Service Provider). Figure 3-12 WAN Connection Type - PPPoE Click to dial up, and the process will take a few minutes. The process of configuring the network parameters is shown as Figure 3-14. If you close the screen during the process, the configuration will still be continued in the background. These fields are case sensitive.
Figure 3-13 WAN Connection Type – PPPoE Connecting 2) If your ISP assigns the IP address automatically, please choose the Dynamic IP connection type to obtain the parameters for WAN port automatically. The process for obtain the parameter may take a few minutes as Figure 3-14 shown. If you close the screen during the process, the configuration will still be continued in the background.
Figure 3-15 WAN Connection Type - Static IP Then click . The process for configuring the network parameters is shown as Figure 3-16. If you close the screen during the process, the configuration will still be continued in the background. If you have difficulty in this process, please contact your ISP. Figure 3-16 WAN Connection Type - Static IP Connecting After that, you will see the next screen. Click to complete the quick installation or click to configure other WAN ports.
Figure 3-17 Configuration Completed -17-
Chapter 4 Configuration 4.1 Status The Status page shows the system information, the port connection status and other information related to this Router. Choose the menu Status to load the following page.
4.2 Quick Setup Please refer to the Chapter 3 Quick Installation Guide. 4.3 Network 4.3.1 WAN 4.3.1.1 WAN Mode TL-R470T+ provides four available WAN ports. You can set the number of WAN ports on this page. Choose the menu Network→WAN→WAN Mode to load the following page. Figure 4-2 WAN Mode ¾ WAN Mode WAN Ports: Select the total number of WAN ports you prefer to use. And the Router will adjust the physical ports accordingly, which can be illustrated on the following port sketch.
Tips: ● It’s allowed to set the IP addresses of multiple WAN ports within the same subnet. However, to guarantee a normal communication, make sure that the WAN ports can access the same network, such as Internet or a local area network. ● The amount of tab pages for WAN port varies with the number of the WAN ports. For the configurations of the other WAN ports, please refer to the instructions of WAN1. Choose the menu Network→WAN→WAN1 to load the configuration page.
Default Gateway: Optional. Enter the Gateway assigned by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1500. The default MTU is 1500. You are recommended to keep the default value if no other MTU value is provided by your ISP. Primary DNS: Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are not clear, please consult your ISP.
Figure 4-4 WAN – Dynamic IP The following items are displayed on this screen: ¾ Dynamic IP Connection Type: Select Dynamic IP if your ISP assigns the IP address automatically. Click to get the IP address from your ISP’s server. Click to release the current IP address of WAN port. Host Name: Optional. This field allows you to give a name for the Router. It's blank by default. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network.
Get IP Address by The broadcast requirement may not be supported by a few ISPs. Unicast: Select this option if you can not get the IP address from your ISP even with a normal network connection. This option is not required generally. Use the following DNS Select this option to enter the DNS (Domain Name Server) address Server: manually. Primary DNS: Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are not clear, please consult your ISP. Secondary DNS: Optional.
3) Primary DNS: Displays the IP address of your ISP’s Primary DNS. Secondary DNS: Displays the IP address of your ISP’s Secondary DNS. PPPoE If your ISP (Internet Service Provider) has provided the account information for the PPPoE connection, please choose the PPPoE connection type (Used mainly for DSL Internet service).
Figure 4-5 WAN - PPPoE The following items are displayed on this screen: ¾ PPPoE Settings -25-
Connection Type: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Active Mode: You can select the proper Active mode according to your need.
Service Name: Optional. Enter the Service Name provided by your ISP. It's null by default. Primary DNS: Enter the IP address of your ISP’s Primary DNS. Secondary DNS: Optional. Enter the IP address of your ISP’s Secondary DNS. Secondary Connection: Here allows you to configure the secondary connection. Dynamic IP and Static IP connection types are provided. Connection Type: Select the secondary connection type. Options include Disable, Dynamic IP and Static IP.
manually terminated or the Router gets no response from your ISP. Please ensure that your settings are correct and your network is connected well. Consult your ISP if this problem remains. 4) IP Address: Displays the IP address assigned by your ISP. Gateway Address: Displays the Gateway Address assigned by your ISP. Primary DNS: Displays the IP address of your ISP’s Primary DNS. Secondary DNS: Displays the IP address of your ISP’s Secondary DNS.
Figure 4-6 WAN - L2TP The following items are displayed on this screen: ¾ L2TP Settings Connection Type: Select L2TP if your ISP provides a L2TP connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address.
Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Server IP: Enter the Server IP provided by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1460. The default MTU is 1460. You are recommended to keep the default value if no other MTU value is provided by your ISP.
Default Gateway: If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed. Primary DNS/Secondary DNS: If Static IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. Upstream Specify the bandwidth for transmitting packets on the port. Bandwidth: Downstream Bandwidth: ¾ Specify the bandwidth for receiving packets on the port. L2TP Status Status: Displays the status of L2TP connection.
5) PPTP If your ISP (Internet Service Provider) has provided the account information for the PPTP connection, please choose the PPTP connection type. Figure 4-7 WAN - PPTP The following items are displayed on this screen: ¾ PPTP Settings Connection Type: Select PPTP if your ISP provides a PPTP connection.
address. Click to disconnect the Internet and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP. Server IP: Enter the Server IP provided by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1460. The default MTU is 1460.
Default Gateway: If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed. Primary DNS/Secondary DNS: If Static IP is selected, configure the DNS. If Dynamic IP is selected, the obtained DNS is displayed. ¾ Upstream Bandwidth: Specify the bandwidth for transmitting packets on the port. Downstream Bandwidth: Specify the bandwidth for receiving packets on the port. PPTP Status Status: Displays the status of PPTP connection.
6) BigPond If your ISP (Internet Service Provider) has provided the account information for the BigPond connection, please choose the BigPond connection type. Figure 4-8 WAN – Bigpond The following items are displayed on this screen: ¾ BigPond Settings Connection Type: Select BigPond if your ISP provides a BigPond connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address.
Password: Enter the Password provided by your ISP. If you are not clear, please consult your ISP. Auth Server: Enter the address of authentication server. It can be IP address or server name. Auth Domain: Enter the domain name of authentication server. It's only required when the address of Auth Server is a server name. Auth Mode: You can select the proper Active mode according to your need.
network is connected well. Consult your ISP if this problem remains. IP Address: Displays the IP address assigned by your ISP. Subnet Mask: Displays the Subnet Mask assigned by your ISP. Default Gateway: Displays the IP address of the default gateway assigned by your ISP. Note: To ensure the BigPond connection re-established normally, please restart the connection at least 5 seconds after the connection is off. 4.3.2 LAN 4.3.2.
Note: If the LAN IP address is changed, you must use the new IP address to login to the Router. To guarantee a normal communication, please be sure that the Gateway address and the Subnet Mask of the Hosts are consistent with that of the Router accordingly. 4.3.2.2 DHCP The Router with its DHCP (Dynamic Host Configuration Protocol) server enabled can automatically assign an IP address to the computers in the LAN. Choose the menu Network→LAN→DHCP to load the following page.
Lease Time: Specify the length of time the DHCP server will reserve the IP address for each computer. After the IP address expired, the client will be automatically assigned a new one. Default Gateway: Optional. Enter the Gateway address to be assigned. It is recommended to enter the IP address of the LAN port of the Router. Default Domain: Optional. Enter the domain name of your network. Primary DNS: Optional. Enter the Primary DNS server address provided by your ISP.
Figure 4-12 DHCP Reservation The following items are displayed on this screen: ¾ DHCP Reservation MAC Address: Enter the MAC address of the computer for which you want to reserve the IP address. IP Address: Enter the reserved IP address. Description: Optional. Enter a description for the entry. Up to 28 characters can be entered. Status: ¾ Activate or Inactivate the corresponding entry.
4.3.3 MAC Address The MAC (Media Access Control) address, as the unique identifier of the router in network, does not need to be changed commonly.
MAC Clone: It’s only available for WAN port. Click the button to restore the MAC address to the factory default value or click the button to clone the MAC address of the PC you are currently using to configure the Router. Then click to apply. Note: To avoid a conflict of MAC address on the LAN, it’s not allowed to set the MAC address of the Router’s LAN port to the MAC address of the current management PC. 4.3.
The following items are displayed on this screen: ¾ Statistics Unicast: Displays the number of normal unicast packets received or transmitted on the port. Broadcast: Displays the number of normal broadcast packets received or transmitted on the port. Pause: Displays the number of flow control frames received or transmitted on the port. Multicast: Displays the number of normal multicast packets received or transmitted on the port.
Figure 4-15 Port Mirror The following items are displayed on this screen: ¾ General Enable Port Mirror: Check the box to enable the Port Mirror function. If unchecked, it will be disabled. Mode: Select the mode for the port mirror function. Options include: z Ingress: When this mode is selected, only the incoming packets sent by the mirrored port will be copied to the mirroring port.
Tips: If both the mirrored port and the mirroring port are the LAN ports, these two LAN ports should be in the same Port VLAN. For example, if port 3 (the mirroring port) and port 4 (the mirrored port) are the LAN ports, the Port Mirror function can take effect only when port 3 and port 4 are in the same Port VLAN.
Figure 4-16 Rate Control The following items are displayed on this screen: ¾ Rate Control Port: Displays the port number. Ingress Limit: Specify whether to enable the Ingress Limit feature. Ingress Rate: Specify the limit rate for the ingress packets. Egress Limit: Specify whether to enable Egress Limit feature. Egress Rate: Specify the limit rate for the egress packets. The first entry in Figure 4-16 indicates: The Ingress and Egress Limits are enabled for port 1.
Figure 4-17 Port Config The following items are displayed on this screen: ¾ Port Config Status: Specify whether to enable the port. The packets can be transported via this port after being enabled. Flow Control: Allows you to enable/disable the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Ports: Allows you to configure the parameters for all the ports at one time. 4.3.4.5 Port Status On this page, you can view the current status of each port.
4.3.4.6 Port VLAN A VLAN (Virtual Local Area Network) is a network topology configured according to a logical scheme rather than the physical layout, which allows you to divide the physical LAN into multiple logical LANs so as to control the communication among the ports. The VLAN function can prevent the broadcast storm in LANs and enhance the network security. By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own.
4.4.1 Group On this page you can define the group for management. Choose the menu User Group→Group to load the following page. Figure 4-20 Group Configuration The following items are displayed on this screen: ¾ ¾ Group Config Group Name: Specify a unique name for the group. Description: Give a description for the group. It's optional. List of Group In this table, you can view the information of the Groups and edit them by the Action buttons. 4.4.
The following items are displayed on this screen: ¾ User Config User Name: Specify a unique name for the user. IP Address: Enter the IP Address of the user. It cannot be the network address or broadcast address of the port. Description: ¾ Give a description to the user for identification. It's optional. List of User In this table, you can view the information of the Users and edit them by the Action buttons. 4.4.3 View On this page, you can configure the User View or Group View.
¾ View Config View: Select the desired view for configuration. User Name: Select the name of the desired User. Available Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group. Group Structure: Click this button to view the tree structure of this group. All the members of this group will be displayed, including Users and sub-Groups. The Group Names are displayed in bold.
Figure 4-23 NAT Setup The following items are displayed on this screen: ¾ NAPT Source Port Range: Enter the source port range between 2049 and 65000, the span of which must be not less than 100. ¾ NAT-DMZ NAT-DMZ: Enable or disable NAT-DMZ. NAT DMZ is a special service of NAT application, which can be considered as a default forwarding rule.
Figure 4-24 Virtual Server The following items are displayed on this screen: ¾ Virtual Server Name: Enter a name for Virtual Server entries. Up to 28 characters can be entered. External Port: Enter the service port or port range provided by Router for accessing external network. All requests from Internet to this service port or port range will be redirected to the specified server in local network. Internal Port: Specify the service port of the LAN host as virtual server.
Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be different, whereas the internal ports can be the same. ¾ List of Rules In this table, you can view the information of the entries and edit them by the Action buttons.
¾ Port Triggering Name: Enter a name for Port Triggering entries. Up to 28 characters can be entered. Trigger Port: Enter the trigger port number or range of port numbers. Only when the trigger port initiates connection will all the corresponding incoming ports open and provide service for the applications, otherwise the incoming ports will not open. Trigger Protocol: Select the protocol used for trigger port. Incoming Port: Enter the incoming port number or range of port numbers.
Choose the menu Advanced→NAT→ALG to load the following page. Figure 4-26 ALG The following items are displayed on this screen: ¾ ALG FTP ALG: Enable or disable FTP ALG. The default setting is enabled. It is recommended to keep the default setting if no special requirement. H.323 ALG: Enable or disable H.323 ALG. The default setting is enabled. H.323 is used for various applications such as NetMeeting and VoIP. SIP ALG: Enable or disable SIP ALG. The default setting is enabled.
Figure 4-27 Configuration The following items are displayed on this screen: ¾ General Disable Bandwidth Select this option to disable Bandwidth Control. Control: Enable Bandwidth Select this option to enable Bandwidth Control all the time. Control all the time: Enable Bandwidth Control When: ¾ With this option selected, the Bandwidth Control will take effect when the bandwidth usage reaches the specified value.
¾ Interface Bandwidth Interface: Displays the current enabled WAN port(s). The Total bandwidth is equal to the sum of bandwidth of the enabled WAN ports. Upstream Displays the bandwidth of each WAN port for transmitting data. The Bandwidth: Upstream Bandwidth of WAN port can be configured on WAN page. Downstream Displays the bandwidth of each WAN port for receiving data. The Bandwidth: Downstream Bandwidth of WAN port can be configured on WAN page.
¾ Bandwidth Control Rule Direction: Select the data stream direction for the entry. The direction of arrowhead indicates the data stream direction WAN-ALL means all WAN ports through which the data flow might pass. Individual WAN port cannot be selected after WAN-ALL rules are added. Group: Select the group to define the controlled users. Mode: Individual: The bandwidth of each user equals to the current bandwidth of this entry.
Note: ● The premise for single rule taking effect is that the bandwidth of the interface for this rule is sufficient and not used up. ● It is impossible to satisfy all the guaranteed bandwidth if the total guaranteed bandwidth specified by all Bandwidth Control rules for certain interface exceeds the physical bandwidth of this interface. 4.5.3 Session Limit The amount of TCP and UDP sessions supported by the Router is finite.
¾ ¾ Session Limit Group: Select a group to define the controlled user. Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry. Status: Activate or inactivate the entry. List of Session Limit You can view the information of the entries and edit them by the Action buttons. The first entry in Figure 4-29 indicates: The amount of maximum sessions for the hosts within group1 is 100 and this entry is enabled. 4.5.3.
Figure 4-31 Configuration With the box before Enable Application Optimized Routing checked, the Router will consider the source IP address and destination IP address of the packets as a whole and record the WAN port they pass through. And then the packets with the same source IP address and destination IP address or destination port will be forwarded to the recorded WAN port. This feature is to ensure the multi-connected applications to work properly.
The following items are displayed on this screen: ¾ General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the list, you can add it to the list on 4.5.4.4 Protocol page. Source IP: Enter the source IP range for the entry. 0.0.0.0 - 0.0.0.0 means any IP is acceptable. Destination IP: Enter the destination IP range for the entry. 0.0.0.0 - 0.0.0.0 means any IP is acceptable.
On this page, you can configure the Link Backup function based on actual need to reduce the traffic burden of WAN port and improve the network efficiency. Choose the menu Advanced→Load Balance→Link Backup to load the following page. Figure 4-33 Link Backup The following items are displayed on this screen: ¾ General WAN Ports: Displays all the WAN ports in use. You can drag the light-blue WAN button to primary and backup WAN list.
Timing: Link Backup will be enabled if the specified effective time is reached. All the traffic on the primary WAN will switch to the backup WAN at the beginning of the effective time; the traffic on the backup WAN will switch to the primary WAN at the ending of the effective time. Failover: Specify the premise for Failover Mode. The backup WAN port will be enabled only when the premise is met. Backup Specify the backup effective time if Timing Mode has been selected.
Figure 4-34 Protocol The following items are displayed on this screen: ¾ Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: ¾ Enter the Number of the protocol in the range of 0-255. List of Protocol You can view the information of the entries and edit them by the Action buttons. Note: The system predefined protocols cannot be configured. 4.5.5 Routing 4.5.5.
Choose the menu Advanced→Routing→Static Route to load the following page. Figure 4-35 Static Route The following items are displayed on this screen: ¾ Static Route Destination: Enter the destination host the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network. Next Hop: Enter the gateway IP address to which the packet should be sent next. Interface: Select the physical network interface, through which this route is accessible. Metric: Defines the priority of the route.
The first entry in Figure 4-35 indicates: If there are packets being sent to a device with IP address of 211.162.1.0 and subnet mask of 255.255.255.0, the Router will forward the packets from WAN1 port to the next hop of 211.200.1.1. Application Example There is a network topology as the following figure shown: If the LAN port of TL-R470T+(with Non-NAT or Classic system mode)is connected to LAN1 with subnet of 192.168.0.0/24, while the LAN port of another Router R1 is connected to LAN2 with network of 192.
4.6 Firewall 4.6.1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly. ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP Table, where the latest used IP address-to-MAC address mapping entries are stored.
¾ General It is recommended to check all the options. You should import the IP and MAC address of the host to List of IP-MAC Binding and enable the corresponding entry before enabling “Permit the packets matching the IP-MAC Binding entries only”. When suffered ARP attack, the correct ARP information will be sent to the device suffering attack initiatively by GARP (Gratuitous ARP) packets, thus the error ARP information of the device will be replaced.
Figure 4-37 ARP Scanning Enter the start and the end IP addresses in the Scanning IP Range field. Then click the button, the Router will scan all the active hosts within the scanning range and display the result in the list. The entries displayed on the List of Scanning Result do not mean the IP and MAC addresses are already bound. The current status for the entry will display in the “Status” field.
Figure 4-38 ARP List The configurations for the entries is the same as the configuration of List of Scanning Result on 4.6.1.2 ARP Scanning page. The unbound IP-MAC information will be replaced by new IP-MAC information or be automatically removed from the list if it has not been communicated with others for a long time. This period is regarded as the aging time of the ARP information. 4.6.
Figure 4-39 Attack Defense The following items are displayed on this screen: ¾ General Flood Defense: Flood attack is a kind of commonly used DoS (Denial of Service), which including TCP SYN, UDP, ICMP and so on. It is recommended to check all the Flood Defense options and specify the corresponding thresholds. Keep the default settings if you are not sure.
Packet Anomaly Packet Anomaly refers to the abnormal packets. It is Defense: recommended to select all the Packet Anomaly Defense options. Enable Attack With this box checked, the Router will record the defense logs. Defense Logs: 4.6.3 MAC Filtering On this page, you can control the access to the Internet of local host by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following page.
¾ List of Rules You can view the information of the entries and edit them by the Action buttons. 4.6.4 Access Control 4.6.4.1 URL Filtering URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the Internet URL address, so as to provide a convenient way for controlling the access to Internet from LAN hosts. Choose the menu Firewall→Access Control→URL Filtering to load the following page.
z Mode: Group: URL Filtering will take effect to all the users in group. Select the mode for URL Filtering. “Keyword’’ indicates that all the URL addresses including the specified keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL. Description: ¾ Give a description for the entry. List of Rules You can view the information of the entries and edit them by the Action buttons.
4.6.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 4-42 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 4.6.4.3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page.
Policy: Select a policy for the entry: z Block: When this option is selected, the packets obeyed the rule will not be allowed to pass through the Router. z Allow: When this option is selected, the packets obeyed the rule will be allowed to pass through the Router. Service: Select the service for the entry. Only the service belonging to the specified service type is limited by the entry.
¾ List of Rules You can view the information of the entries and edit them by the Action buttons. The smaller the value is, the higher the priority is. The first entry in Figure 4-43 indicates: The TELNET packets transmitted from the hosts within the network of 192.168.0.0/24 will be not allowed to pass through the Router at 8:00-20:00 from Tuesday to Saturday. Note: ● For the users in the private network and not being set access rule, the default Policy is Allow. ● To specify all IP addresses, type “0.
¾ Service Name: Enter a name for the service. The name should not be more than 28 characters. The name will display in the drop-down list of Protocol on Access Rule page. Protocol: Select the protocol for the service. The system predefined protocols include TCP, UDP and TCP/UDP. Dest. Port: Enter the start and end ports to make a destination port range for the service. The start port number cannot be greater than the end port number.
Figure 4-45 General The following items are displayed on this screen: ¾ General PPPoE Server: Specify whether to enable the PPPoE Server function. Dial-up Access Only: Specify whether to enable the Dial-up Access Only function. If enabled, only the Dial-in Users and the user with Exceptional IP can access the Internet. PPPoE User Isolation: Specify whether to allow the Dial-in Users to communicate with one another. Primary/Secondary Enter the Primary/Secondary DNS server address.
Idle Timeout: Enter the maximum idle time. The session will be terminated after it has been inactive for this specified period. It can be 0-10080 minutes. If you want your Internet connection to remain on at all times, enter 0 in the Idle Timeout field. The default value is 30. Authentication: Select the Authentication type. It can be Local authentication and Remote authentication.
Figure 4-46 IP Address Pool The following items are displayed on this screen: ¾ IP Address Pool Pool Name: Specify a unique name to the IP Address Pool for identification and management purposes. IP Address Range: Specify the start and the end IP address for IP Pool. The start IP address should not exceed the end address and the IP address ranges must not overlap. ¾ List of IP Pool In this table, you can view the information of IP Address Pools and edit them by the Action buttons. 4.7.1.
Figure 4-47 Account The following items are displayed on this screen: ¾ Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Select the IP Address Assigned Mode for IP assignment. Mode: z Static: Select this option to assign a static IP address to the client. z Dynamic: Select this option to assign available IP addresses to the client automatically.
Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Status: Activate or inactivate the entry. MAC Binding: Select a MAC Binding type from the pull-down list. Options include: MAC Address: z Disable: Select this option to disable the MAC Binding function. z Manual: Select this option to bind the account to a MAC address manually. Only from the Host with this MAC address can the account log on to the server.
Figure 4-48 Exceptional IP The following items are displayed on this screen: ¾ Exceptional IP IP Address Range: Specify the start and the end IP address to make an exceptional IP address range. This range should be in the same IP range with LAN port of the Router. The start IP address should not exceed the end address and the IP address ranges must not overlap. ¾ Description: Give a description to the exceptional IP address range for identification. Status: Activate or inactivate the entry.
4.7.2 E-Bulletin With E-Bulletin function, bulletin information can be released to the specified users. On this page you can edit the bulletin content and specify the receiving user group. Choose the menu Services→E-Bulletin to load the following page. Figure 4-50 E-Bulletin The following items are displayed on this screen: ¾ General Enable E-Bulletin: Specify whether to enable electronic bulletin function. Interval: Specify the interval to release the bulletin.
Enable Logs: ¾ Specify whether to log the E-Bulletin. E-Bulletin Title: Enter a title for the bulletin. Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: z z ANY: The bulletin will be released to all the users and the PCs on the LAN. Group: The bulletin will be released to the users in the selected group. You can click < > button to add a group to the selected group and click < > to remove a group from the selected group.
As many ISPs use DHCP to assign public IP addresses in WAN, the public IP address assigned to the client is unfixed. In this way, it’s very difficult for other clients to get the latest IP address of this client for access. DDNS (Dynamic DNS) server provides a fixed domain name for DDNS client and maps its latest IP address to this domain name.
Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of Dyndns for register. Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you registered with your DDNS service provider. ¾ DDNS Service: Activate or inactivate DDNS service here. WAN Port: Displays the WAN port for which Dyndns DDNS is selected.
Figure 4-52 NO-IP DDNS The following items are displayed on this screen: ¾ No-IP DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of No-IP for register. Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you registered with your DDNS service provider. ¾ DDNS Service: Activate or inactivate DDNS service here.
4.7.3.3 PeanutHull On this page you can configure PeanutHull DDNS client. Choose the menu Services→Dynamic DNS→PeanutHull to load the following page. Figure 4-53 PeanutHull DDNS The following items are displayed on this screen: ¾ PeanutHull DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of PeanutHull for register. Password: Enter the password of your DDNS account.
DDNS Status: Domain Name: Displays the current status of DDNS service z Offline: DDNS service is disabled. z Connecting: client is connecting to the server. z Online: DDNS works normally. z Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. Displays the domain names obtained from the DDNS server. Up to 16 domain names can be displayed here.
Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of Comexe for register. Password: Enter the password of your DDNS account. Domain Name 1: Enter the Domain Name that you registered with your DDNS service provider. Domain Name 2: Optional. Enter the Domain Name that you registered with your DDNS service provider. Domain Name 3: Optional. Enter the Domain Name that you registered with your DDNS service provider.
If UPnP groupware are installed in the host in LAN and UPnP function is enabled for the Router, the host in LAN can automatically open the corresponding port to allow the UPnP application in WAN to access the resource of the host in LAN via this port, so that the functions limited to NAT can work normally. For example, MSN Messenger installed in Windows XP and Windows ME system is using UPnP protocol when audio and video communications are processing. On this page you can configure UPnP service.
4.8 Maintenance 4.8.1 Admin Setup 4.8.1.1 Administrator On this page, you can modify the factory default user name and password of the Router. Choose the menu Maintenance→Admin Setup→Administrator to load the following page. Figure 4-56 Administrator The following items are displayed on this screen: ¾ Administrator Current User Name: Enter the current user name of the Router. Current Password: Enter the current password of the Router. New User Name: Enter a new user name for the Router.
4.8.1.2 Login Parameter On this page, you can configure and modify the Web and Telnet port. Choose the menu Maintenance→Admin Setup→Login Parameter to load the following page. Figure 4-57 Login Parameter The following items are displayed on this screen: ¾ General Web Management Port: Enter the Web Management Port for the Router. Telnet Management Port: Enter the Telnet Management Port for the Router.
Type 210.10.10.0/24 in the Subnet/Mask field on Remote Management page and enable the entry as the following figure shows. Then type the corresponding port number in Web Management Port and Telnet Management Port fields as the following figure shows. Finally, start the web browser and type 210.10.10.50 in the URL field to log in the Web management page of the Router. 4.8.1.3 Remote Management On this page you can configure the Remote Management function.
¾ List of Subnet In this list, you can view the Remote Management entries and edit them by the Action buttons. The first entry in Figure 4-58 indicates that: The hosts with IP address in subnet of 192.168.2.0/24 are allowed to access the Router and this entry is activated. 4.8.2 Management 4.8.2.1 Factory Defaults Choose the menu Maintenance→Management→Factory Defaults to load the following page.
¾ Export Click the button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading or modifying the configuration. ¾ Import Click the button to locate the update file for the device, or enter the exact path to the saved file in the text box. Then click the button to restore the saved setting. Note: ● To avoid any damage, please don’t power down the Router while being restored.
Type the path and file name of the update file into the “File” field. Or click the button to locate the update file. Then click the button to complete. Note: ● After upgrading, the device will reboot automatically. ● To avoid damage, please don't turn off the device while upgrading. ● You are suggested to backup the configuration before upgrading. 4.8.3 Statistics 4.8.3.
Interface: Displays the interface. IP Fragment Rx: Displays the amount of IP Fragments received by WAN port. Abnormal IP Packets Rx: Displays the rate for transmitting data frames. 4.8.3.2 IP Traffic Statistics IP Traffic Statistics screen displays the detailed traffic information of each PC on LAN. Choose the menu Maintenance→Statistics→IP Traffic Statistics to load the following page.
Choose the menu Maintenance→Diagnostics→Diagnostics to load the following page. Figure 4-65 Diagnostics The following items are displayed on this screen: ¾ Ping Destination IP/Domain: ¾ Enter destination IP address or Domain name here. Then select a port for testing, if you select “Auto”, the Router will select the interface of destination automatically.
Destination IP/Domain: 4.8.4.2 Enter destination IP address or Domain name here. Then select a port for testing, if Auto is selected, the Router will select the interface of destination automatically. After clicking the button, the Router will send Tracert packets to test the connectivity of the gateways during the journey from the source to destination of the test data and the results will be displayed in the box below.
Port: Displays the detected WAN port. Detection: Displays whether the Online Detection is enabled. WAN Status: Display the detecting results. 4.8.5 Time System Time is the time displayed while the Router is running. On this page you can configure the system time and the settings here will be used for other time-based functions like Access Rule, PPPoE and Logs. Choose the menu Maintenance→Time→Time to load the following page.
Manual: Synchronize PC’S Clock: With this option selected, you can set the date and time manually. with With this option selected, the administrator PC’s clock is utilized. Note: ● If Get GMT function cannot be used properly, please add an entry with UDP port of 123 to the firewall software of the PC. ● The time will be lost when the Router is restarted. The Router will obtain GMT time automatically from Internet. 4.8.
Severity Level Description emergencies 0 The system is unusable. alerts 1 Action must be taken immediately.
Appendix A Hardware Specifications Standards and Protocols IEEE 802.3, 802.3u TCP/IP, PPPoE, DHCP, ICMP, NAT, SNTP,HTTP,DNS One 10/100 Auto-Negotiation WAN RJ45 port (Auto MDI/MDIX) Ports Three adjustable 10/100M Auto-Negotiation WAN/LAN RJ45 ports (Auto MDI/MDIX) One 10/100M Auto-Negotiation LAN RJ45 port (Auto MDI/MDIX) 10Base-T: UTP/STP of Cat. 3 or above Transmission Medium 100Base-TX: UTP/STP of Cat. 5 or above LEDs PWR, SYS, Link/Act, WAN Power 100-240V~ 50/60Hz 0.
Appendix B FAQ Q1. What can I do if I cannot access the web-based configuration page? 1. 2. For the first login, please try the following steps: 1) Make sure the cable is well connected to the LAN port of the Router. The corresponding LED should flash or be solid light. 2) Make sure the IP address of your PC is set in the same subnet addresses of the Router. It’s recommended to set your PC to get the IP address automatically.
Q3: What can I do if the Router with the remote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote computer is in the subnet allowed to remotely access the router. 2. If the router’s management port has been modified, please log into the Router with the new address, such as http://192.168.0.1:XX (“XX” is the new management port number). 3.
Appendix C Glossary Glossary Description DSL(Digital Subscriber A technology that allows data to be sent or received over existing traditional phone lines. Line) A Application Level Gateway (ALG) is application specific ALG ( Application Layer translation agent that allows an application on a host in one address realm to connect to its counterpart running on a host in Gateway) different realm transparently.
Glossary Description H.323 allows dissimilar communication devices to communicate H.323 H with each other by using a standardized communication protocol. H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods. HTTP(Hypertext Transfer The protocol used by Web browsers and Web servers to transfer files, such as text and graphic files.
Glossary Description Standardized data link layer address that is required for every port or device that connects to a LAN. Other devices in the MAC address(Media network use these addresses to locate specific ports in the Access Control address) network and to create and update routing tables and data M structures. MAC addresses are 6 bytes long and are controlled by the IEEE. MTU(Maximum The size in bytes of the largest packet that can be transmitted.
Glossary Telnet(Telecommunication Network protocol) UDP(User Datagram Protocol) U UPnP(Universal Plug and Play) Description Telnet is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols.
