TL-R470T+ Load Balance Broadband Router REV4.0.
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2014 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.
Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність вимогам нормативних документів та вимогам, що передбачені чинними законодавчими актами України. Safety Information When product has power button, the power button is one of the way to shut off the product; When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source. Don’t disassemble the product, or make repairs yourself.
CONTENTS Package Contents ..................................................................................................................1 Chapter 1 About this Guide ...................................................................................................2 1.1 Intended Readers ..................................................................................................................2 1.2 Conventions ......................................................................................
4.5 4.6 4.7 4.8 Advanced .............................................................................................................................51 4.5.1 NAT..........................................................................................................................51 4.5.2 Traffic Control ..........................................................................................................56 4.5.3 Session Limit .................................................................
Package Contents The following items should be found in your package: One TL-R470T+ Load Balance Broadband Router One Power cord One Ethernet Cable Quick Installation Guide Resource CD Note: ● Make sure that the package contains the above items. If any of the listed items are damaged or missing, please contact with your distributor. ● The provided power cord may be different due to local power specifications.
Chapter 1 About this Guide This User Guide contains information for setup and management of TL-R470T+ Load Balance Broadband Router. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for Network Engineer and Network Administrator. 1.2 Conventions In this Guide the following conventions are used: The router or TL-R470T+ mentioned in this Guide stands for TL-R470T+ Load Balance Broadband Router without any explanation.
Appendix B FAQ Provides the possible solutions to the problems that may occur during the installation and operation of the router. Appendix C Glossary Lists the glossary used in this guide.
Chapter 2 Introduction Thanks for choosing the Load Balance Broadband Router TL-R470T+. 2.
+ Featured Link Backup to switch all the new sessions from dropped line automatically to another for keeping an always on-line network. Easy-to-use + Providing easy-to-use GUI with clear configuration steps and detailed help information for the users to configure the router simply. + Helping administrators to monitor the whole network status and take actions to malfunctions according to the recorded log information. + Supporting remote management to manage the router from remote places. 2.
Traffic Control Supports Bandwidth Control Supports Session Limit Security Built-in firewall supporting URL/MAC Filtering Supports Access Control Supports Attack Defense Supports IP-MAC Binding Supports GARP (Gratuitous ARP) 2.3 Appearance 2.3.1 Front Panel The front panel of TL-R470T+ is shown as the following figure. LEDs LED Status Indication On The router is powered on. Off The router is powered off or power supply is abnormal. Flashing The router works properly.
2.3.2 Rear Panel The rear panel of TL-R470T+ is shown as the following figure. AC Power Receptacle Connect the female connector of the power cord to this power receptacle, and the male connector to the AC power outlet. Please make sure the voltage of the power supply meets the requirement of the input voltage (100-240V~ 50/60Hz). RESET button Use the button to restore the router to the factory defaults. With the router powered on, use a pin to press and hold the RESET button (about 5 seconds).
Chapter 3 Quick Installation Guide After connecting the TL-R470T+ router into your network, you should configure it. This chapter describes how to configure the basic functions of your TL-R470T+ Load Balance Broadband Router. These procedures only take you a few minutes. You can access the Internet via the router immediately after it has been successfully configured. 3.
Step 2: On the next screen, right click Local Area Connection (LAN), and then select Properties. Figure 3-2 Step 3: On the next screen, select General tab, highlight Internet Protocol (TCP/IP), and then click the Properties button.
Step 4: Configure the IP address as shown in Figure 3-4. After that, click OK. Figure 3-4 Note: You can configure the PC to get an IP address automatically, select “Obtain an IP address automatically” and “Obtain DNS server address automatically” on the screen above. For Windows98 OS or earlier, the PC and router may need to be restarted. Now, you can run the Ping command in the command prompt to verify the network connection. Please click the Start menu on your desktop, select run tab, type in ping 192.
Figure 3-6 You can check it by following the steps below: Note: ● Is the connection between your PC and the router correct? The LEDs of LAN port which you link to the device and the LEDs on your PC's adapter should be lit. ● Is the TCP/IP configuration for your PC correct? If the router's IP address is 192.168.0.1, your PC's IP address must be within the range of 192.168.0.2 – 192.168.0.254, the gateway must be 192.168.0.1. 3.
After a successful login, the “Quick Setup” screen will pop up as the Figure 3-8 shows. If it does not prompt, you can click the Quick Setup on the left of the main menu. Then click . Figure 3-8 Quick Setup Select the total number of WAN ports you prefer to use as the Figure 3-9 shows. Then click to load the WAN Port screen.
Select the WAN port you want to use as the Figure 3-10 shows, and then click to load the WAN Connection Type screen. Figure 3-10 WAN Port Select the connection type provided by your ISP as the Figure 3-11 shows. Three popular types are provided here. For other connection types, please refer to the 4.3.1 WAN.
1) If you choose PPPoE, you will see the screen as the Figure 3-12 shows. Enter the Account Name and Password provided by your ISP (Internet Service Provider). Figure 3-12 WAN Connection Type - PPPoE Click to dial up, and the process will take a few minutes. The process of configuring the network parameters is shown as Figure 3-14. If you close the screen during the process, the configuration will still be continued in the background. These fields are case sensitive.
2) If your ISP assigns the IP address automatically, please choose the Dynamic IP connection type to obtain the parameters for WAN port automatically. The process for obtain the parameter may take a few minutes as Figure 3-14 shows. If you close the screen during the process, the configuration will still be continued in the background. Figure 3-14 WAN Connection Type - Dynamic IP 3) If you choose Static IP, you should enter the detailed IP information provided by your ISP in Figure 3-15.
Figure 3-16 WAN Connection Type - Static IP Connecting After that, you will see the next screen. Click to complete the quick installation or click to configure other WAN ports.
Chapter 4 Configuration 4.1 Status The Status page shows the system information, the port connection status and other information related to this router. Choose the menu Status to load the following page.
4.2 Quick Setup Please refer to the Chapter 3 Quick Installation Guide. 4.3 Network 4.3.1 WAN 4.3.1.1 WAN Mode TL-R470T+ provides four available WAN ports. You can set the number of WAN ports on this page. Choose the menu Network→WAN→WAN Mode to load the following page. Figure 4-2 WAN Mode WAN Mode WAN Ports: Select the total number of WAN ports you prefer to use. And the router will adjust the physical ports accordingly, which can be illustrated on the following port sketch.
Tips: ● It is allowed to set the IP addresses of multiple WAN ports within the same subnet. However, to guarantee a normal communication, make sure that the WAN ports can access the same network, such as Internet or a local area network. ● The amount of tab pages for WAN port varies with the number of the WAN ports. For the configurations of the other WAN ports, please refer to the instructions of WAN1. Choose the menu Network→WAN→WAN1 to load the configuration page.
Default Gateway: Optional. Enter the Gateway assigned by your ISP. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network. It can be set in the range of 576-1500. The default MTU is 1500. You are recommended to keep the default value if no other MTU value is provided by your ISP. Primary DNS: Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are not clear, please consult your ISP.
Figure 4-4 WAN – Dynamic IP The following items are displayed on this screen: Dynamic IP Connection Type: Select Dynamic IP if your ISP assigns the IP address automatically. Click to get the IP address from your ISP’s server. Click to release the current IP address of WAN port. Host Name: Optional. This field allows you to give a name for the router. It is blank by default. MTU: MTU (Maximum Transmission Unit) is the maximum data unit transmitted by the physical network.
Get IP Address by The broadcast requirement may not be supported by a few ISPs. Unicast: Select this option if you can not get the IP address from your ISP even with a normal network connection. This option is not required generally. Use the following DNS Select this option to enter the DNS (Domain Name Server) address Server: manually. Primary DNS: Enter the IP address of your ISP’s Primary DNS (Domain Name Server). If you are not clear, please consult your ISP. Secondary DNS: Optional.
3) Primary DNS: Displays the IP address of your ISP’s Primary DNS. Secondary DNS: Displays the IP address of your ISP’s Secondary DNS. PPPoE If your ISP (Internet Service Provider) has provided the account information for the PPPoE connection, please choose the PPPoE/Russian PPPoE connection type (Used mainly for DSL Internet service).
The following items are displayed on this screen: PPPoE Settings Connection Type: Select PPPoE/Russian PPPoE if your ISP provides xDSL Virtual Dial-up connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP.
ISP Address: Optional. Enter the ISP address provided by your ISP. It is null by default. Service Name: Optional. Enter the Service Name provided by your ISP. It is null by default. Primary DNS: Enter the IP address of your ISP’s Primary DNS. Secondary DNS: Optional. Enter the IP address of your ISP’s Secondary DNS. Secondary Connection: Here allows you to configure the secondary connection. Dynamic IP and Static IP connection types are provided.
PPPoE Status Status: Displays the status of PPPoE connection. “Disabled” indicates that the PPPoE connection type is not applied. “Connecting” indicates that the router is obtaining the IP parameters from your ISP. “Connected” indicates that the router has successfully obtained the IP parameters from your ISP. “Disconnected” indicates that the connection has been manually terminated or the router gets no response from your ISP.
4) L2TP If your ISP (Internet Service Provider) has provided the account information for the L2TP connection, please choose the L2TP/Russian L2TP connection type.
The following items are displayed on this screen: L2TP Settings Connection Type: Select L2TP/Russian L2TP if your ISP provides an L2TP connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP.
IP Address: If Static IP is selected, configure the IP address of WAN port. If Dynamic IP is selected, the IP address of WAN port obtained is displayed. Subnet Mask: If Static IP is selected, configure the subnet mask of WAN port. If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. Default Gateway: If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed.
5) Primary DNS: Displays the IP address of your ISP’s Primary DNS. Secondary DNS: Displays the IP address of your ISP’s Secondary DNS. PPTP If your ISP (Internet Service Provider) has provided the account information for the PPTP connection, please choose the PPTP/Russian PPTP connection type.
The following items are displayed on this screen: PPTP Settings Connection Type: Select PPTP/Russian PPTP if your ISP provides a PPTP connection. Click to dial-up to the Internet and obtain the IP address. Click to disconnect the Internet and release the current IP address. Account Name: Enter the Account Name provided by your ISP. If you are not clear, please consult your ISP. Password: Enter the Password provided by your ISP.
IP Address: If Static IP is selected, configure the IP address of WAN port. If Dynamic IP is selected, the IP address of WAN port obtained is displayed. Subnet Mask: If Static IP is selected, configure the subnet mask of WAN port. If Dynamic IP is select, the subnet mask of WAN port obtained is displayed. Default Gateway: If Static IP is selected, configure the default gateway. If Dynamic IP is selected, the obtained default gateway is displayed.
Displays the IP address of your ISP’s Secondary DNS. Secondary DNS: 6) BigPond If your ISP (Internet Service Provider) has provided the account information for the BigPond connection, please choose the BigPond connection type. Figure 4-8 WAN – Bigpond The following items are displayed on this screen: BigPond Settings Connection Type: Select BigPond if your ISP provides a BigPond connection. Click to dial-up to the Internet and obtain the IP address.
Password: Enter the Password provided by your ISP. If you are not clear, please consult your ISP. Auth Server: Enter the address of authentication server. It can be IP address or server name. Auth Domain: Enter the domain name of authentication server. It is only required when the address of Auth Server is a server name. Auth Mode: You can select the proper Active mode according to your need.
BigPond Status Status: Displays the status of BigPond connection. “Disabled” indicates that the BigPond connection type is not applied. “Connecting” indicates that the router is obtaining the IP parameters from your ISP. “Connected” indicates that the router has successfully obtained the IP parameters from your ISP. “Disconnected” indicates that the connection has been manually terminated or the router gets no response from your ISP.
The following items are displayed on this screen: LAN IP Address: Enter the LAN IP address of the router. 192.168.0.1 is the default IP address. The Hosts in LAN can access the router via this IP address. It can be changed according to your network. Subnet Mask: Enter the Subnet Mask. The default subnet mask is 255.255.255.0. Note: If the LAN IP address is changed, you must use the new IP address to login to the router.
The following items are displayed on this screen: DHCP Settings DHCP Server: Enable or disable the DHCP server on your router. Select Enable to make the router automatically assign TCP/IP parameters to the computers in the LAN. Start IP Address: Enter the Start IP address to define a range for the DHCP server to assign dynamic IP addresses. This address should be in the same IP address subnet with the router’s LAN IP address. The default address is 192.168.0.2.
Figure 4-11 DHCP Client You can view the information of the DHCP clients in this table. Click the Refresh button for the updated information. 4.3.2.4 DHCP Reservation DHCP Reservation feature allows you to reserve an IP address for the specified MAC address. The client with this MAC address will always get the same IP address each time when it accesses the DHCP server. Choose the menu Network→LAN→DHCP Reservation to load the following page.
Status: Activate or Inactivate the corresponding entry. List of Reserved Address In this table, you can view the information of the entries and edit them by the Action buttons. Up to 512 DHCP static address entries can be supported for LAN by this router. The first entry in Figure 4-12 indicates: The IP address 192.168.0.101 is reserved for the computer with the MAC address 00-19-66-83-53-CF, and this entry is activated.
Tips: ● Among the WAN ports, only WAN1(Port1) can be used for IPTV service. ● When IGMP Proxy option is Enabled, you need to ensure the Block IP options under the Firewall→Attack Defense→Attack Defense is not selected. ● If the data traffic is heavy when you use IPTV function, it is recommended to increase the parameters of Stationary source UDP Flood and Multi-connections UDP Flood on the page of Firewall→Attack Defense→Attack Defense, or deselect the options. 4.3.
The following items are displayed on this screen: MAC Address Displays the port type of the router. Port: Current MAC Address: Displays the current MAC address of the port. MAC Clone: It is only available for WAN port. Click the button to restore the MAC address to the factory default value or click the button to clone the MAC address of the PC you are currently using to configure the router. Then click to apply.
Figure 4-15 Statistics The following items are displayed on this screen: Statistics Unicast: Displays the number of normal unicast packets received or transmitted on the port. Broadcast: Displays the number of normal broadcast packets received or transmitted on the port. Pause: Displays the number of flow control frames received or transmitted on the port. Multicast: Displays the number of normal multicast packets received or transmitted on the port.
Normal: Displays the number of the received packets (including error frames) that are between 64 bytes and the maximum frame length. The maximum untagged frame this router can support is 1518 bytes long and the maximum tagged frame is 1522 bytes long. Oversize: Displays the number of the received packets (including error frames) that are longer than the maximum frame. Total (Bytes): Displays the total number of the received or transmitted packets (including error frames).
The following items are displayed on this screen: General Enable Port Mirror: Check the box to enable the Port Mirror function. If unchecked, it will be disabled. Mode: Select the mode for the port mirror function. Options include: Ingress: When this mode is selected, only the incoming packets sent by the mirrored port will be copied to the mirroring port. Egress: When this mode is selected, only the outgoing packets sent by the mirrored port will be copied to the mirroring port.
Application Example To monitor all the traffic and analyze the network abnormity for an enterprise’s network, please set the Port Mirror function as below: 1) Check the box before Enable Port Mirror to enable the Port Mirror function and select the Ingress & Egress mode. 2) Select Port 3 to be the Mirroring Port to monitor all the packets of the other ports. 3) Select all the other ports to be the Mirrored Ports. 4) Click the button to apply. 4.3.5.
The following items are displayed on this screen: Rate Control Port: Displays the port number. Ingress Limit: Specify whether to enable the Ingress Limit feature. Ingress Rate: Specify the limit rate for the ingress packets. Egress Limit: Specify whether to enable Egress Limit feature. Egress Rate: Specify the limit rate for the egress packets. The first entry in Figure 4-17 indicates: The Ingress and Egress Limits are enabled for port 1. The Ingress and Egress Rates are 1Mbps.
Flow Control: Allows you to enable/disable the Flow Control function. Negotiation Mode: Select the Negotiation Mode for the port. All Ports: Allows you to configure the parameters for all the ports at one time. 4.3.5.5 Port Status On this page, you can view the current status of each port. Choose the menu Network→Switch→Port Status to load the following page. Figure 4-19 Port Status 4.3.5.
Figure 4-20 Port VLAN The following items are displayed on this screen: Port VLAN Network: Displays the current logical network of the physical port. VLAN: Select the desired VLAN for the port. Tips: The Port VLAN can only be created among the LAN ports. 4.4 User Group The User Group function is used to group different users for unified management, so that you can perform other applications such as Bandwidth Control, Session Limit, and Access Control etc. on per group. 4.4.
The following items are displayed on this screen: Group Config Group Name: Specify a unique name for the group. Description: Give a description for the group. It is optional. List of Group In this table, you can view the information of the Groups and edit them by the Action buttons. 4.4.2 User On this page, you can configure the User for the group. Choose the menu User Group→User to load the following page.
Choose the menu User Group→View to load the following page. Figure 4-23 View Configuration The following items are displayed on this screen: View Config View: Select the desired view for configuration. User Name: Select the name of the desired User. Available Group: Displays the Groups that the User can join. Selected Group: Displays the Groups to which this User belongs. Group Name: Select the name of the desired Group.
Selected Member: Displays the members of this group, including Users and Groups. 4.5 Advanced 4.5.1 NAT NAT (Network Address Translation) is the translation between private IP and public IP, which allows private network users to visit the public network using private IP addresses. With the explosion of the Internet, the number of available IP addresses is not enough.
Host IP Address: 4.5.1.2 Enter the IP address of the host specified as NAT DMZ server. Virtual Server Virtual server can be used for setting up public services in your private network, such as DNS, Email and FTP. Virtual server can define a service port. All the service requests to this port will be transmitted to the LAN server appointed by the router via IP address. Choose the menu Advanced→NAT→Virtual Server to load the following page.
Internal Server IP: Enter the IP address of the specified internal server for the entry. All the requests from the Internet to the specified LAN port will be redirected to this host. Status: Activate or inactivate the entry. Note: ● The External port and Internal Port should be set in the range of 1-65535. ● The external ports of different entries should be different, whereas the internal ports can be the same.
Figure 4-26 Port Triggering The following items are displayed on this screen: Port Triggering Name: Enter a name for Port Triggering entries. Up to 28 characters can be entered. Interface: Select an interface for forwarding data packets. Trigger Port: Enter the trigger port number or range of port numbers. Only when the trigger port initiates connection will all the corresponding incoming ports open and provide service for the applications, otherwise the incoming ports will not open.
Note: ● The Trigger Port and Incoming Port should be set in the range of 1-65535. The Incoming Port can be set in a continuous range such as 8690-8696. ● The router supports up to 16 Port Triggering entries. Each entry supports at most 5 groups of trigger ports and overlapping between the ports is not allowed. ● Each entry supports at most 5 groups of incoming ports and the sum of incoming ports you set for each entry should not be more than 100.
H.323 ALG: Enable or disable H.323 ALG. The default setting is enabled. H.323 is used for various applications such as NetMeeting and VoIP. SIP ALG: Enable or disable SIP ALG. The default setting is enabled. It is recommended to keep the default setting if no special requirement. IPsec ALG: Enable or disable IPsec ALG. The default setting is enabled. It is recommended to keep default if no special requirement. PPTP ALG: Enable or disable PPTP ALG. The default setting is enabled.
The following items are displayed on this screen: General Disable Bandwidth Select this option to disable Bandwidth Control. Control: Enable Bandwidth Select this option to enable Bandwidth Control all the time. Control all the time: Enable Bandwidth Control When: With this option selected, the Bandwidth Control will take effect when the bandwidth usage reaches the specified value.
4.5.2.2 Bandwidth Control On this page, you can configure the Bandwidth Control function. Choose the menu Advanced→Traffic Control→Bandwidth Control to load the following page. Figure 4-29 Bandwidth Control The following items are displayed on this screen: Bandwidth Control Rule Direction: Select the data stream direction for the entry. The direction of arrowhead indicates the data stream direction WAN-ALL means all WAN ports through which the data flow might pass.
Guaranteed Specify the Guaranteed Downstream Bandwidth for this entry. Bandwidth (Down): Limited Bandwidth Specify the Limited Downstream Bandwidth for this entry. (Down): Effective Time: Specify the time for the entry to take effect. Description: Give a description for the entry. Status: Activate or inactivate the entry. List of Rules You can view the information of the entries and edit them by the Action buttons.
Figure 4-30 Session Limit The following items are displayed on this screen: General Enable Session Limit: Check here to enable Session Limit, otherwise all the Session Limit entries will be disabled. Session Limit Group: Select a group to define the controlled user. Max. Sessions: Enter the max. Sessions for the users. Description: Give a description for the entry. Status: Activate or inactivate the entry.
Choose the menu Advanced→Session Limit→Session List to load the following page. Figure 4-31 Session List In this table, you can view the session limit information of users configured with Session Limit. Click the button to get the latest information. 4.5.4 Load Balance On this part, you can configure how the traffic load is shared by the WAN ports to optimize the resource utilization. 4.5.4.1 Configuration Choose the menu Advanced→Load Balance→Configuration to load the following page.
Choose the menu Advanced→Load Balance→Policy Routing to load the following page. Figure 4-33 Policy Routing The following items are displayed on this screen: General Protocol: Select the protocol for the entry in the drop-down list. If the protocol you want to set is not in the list, you can add it to the list on 4.5.4.4 Protocol page. Source IP: Enter the source IP range for the entry. 0.0.0.0 - 0.0.0.0 means any IP is acceptable. Destination IP: Enter the destination IP range for the entry. 0.0.
Effective Time: Specify the time for the entry to take effect. Status: Activate or inactivate the entry. Priority: Select this option to specify the priority for the added entries. The latest enabled entry will be displayed at the end of the list by default. List of Rules You can view the information of the entries and edit them by the Action buttons. The first entry in Figure 4-33 indicates: All the packets with Source IP between 192.168.0.100 and 192.168.0.199 and Destination IP between 116.10.
Figure 4-34 Link Backup The following items are displayed on this screen: General WAN Ports: Displays all the WAN ports in use. You can drag the light-blue WAN button to primary and backup WAN list. The color of WAN button changing to gray indicates that the WAN port is already in the primary and backup WAN list. WAN Config: The WAN port in the secondary WAN list will share the traffic for the WAN in the primary WAN list under the specified condition.
Failover: Specify the premise for Failover Mode. The backup WAN port will be enabled only when the premise is met. Backup Specify the backup effective time if Timing Mode has been selected. Then the Effective Time: backup WAN port will be enabled, while the primary WAN port is disabled in the specified time period. When the start time you enter is not earlier than the end time, the default effective time is from the start time of the day to the end time of the next day.
Figure 4-35 Protocol The following items are displayed on this screen: Protocol Name: Enter a name to indicate a protocol. The name will display in the drop-down list of Protocol on Access Rule page. Number: Enter the Number of the protocol in the range of 0-255. List of Protocol You can view the information of the entries and edit them by the Action buttons. Note: The system predefined protocols cannot be configured. 4.5.5 Routing 4.5.5.
Figure 4-36 Static Route The following items are displayed on this screen: Static Route Destination: Enter the destination host the route leads to. Subnet Mask: Enter the Subnet Mask of the destination network. Next Hop: Enter the gateway IP address to which the packet should be sent next. Interface: Select the physical network interface, through which this route is accessible. Metric: Defines the priority of the route. The smaller the value is, the higher the priority is.
The first entry in Figure 4-36 indicates: If there are packets being sent to a device with IP address of 211.162.1.0 and subnet mask of 255.255.255.0, the router will forward the packets from WAN1 port to the next hop of 211.200.1.1. Application Example Network Requirements LAN1 is under the router and it uses network segment 192.168.0.0 /24. LAN2 and LAN3 are under a layer 3 switch and they use network segments 192.168.2.0 /24 and 192.168.3.0 /24 respectively.
2. Add a static routing rule for LAN3 by referring to step 2. The static routing rules are shown in the following figure. 4.6 Firewall 4.6.1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Figure 4-37 IP-MAC Binding The following items are displayed on this screen: General It is recommended to check all the options. You should import the IP and MAC address of the host to List of IP-MAC Binding and enable the corresponding entry before enabling “Permit the packets matching the IP-MAC Binding entries only”.
List of Rules You can view the information of the entries and edit them by the Action buttons. The first entry in Figure 4-37 indicates: The IP address of 192.168.1.101 and MAC address of 00-19-66-83-53-CF have been bound and this entry is activated. Note: If all the entries in the binding list are disabled and “Permit the packets of IP-MAC Binding entries only” option is selected and saved, the WEB management page of the router cannot be login.
To bind the entries in the list, check these entries and click the button, then the settings will take effect if the entries do not conflict with the existed entries. Note: If the local hosts suffered from ARP attack, you cannot add IP-MAC Binding entries on this page. Please add entries manually on 4.6.1.1 IP-MAC Binding. 4.6.1.3 ARP List On this page, the IP-MAC information of the hosts which communicated with the router recently will be saved in the ARP list.
Figure 4-40 Attack Defense The following items are displayed on this screen: General Flood Defense: Flood attack is a kind of commonly used DoS (Denial of Service), which including TCP SYN, UDP, ICMP and so on. It is recommended to check all the Flood Defense options and specify the corresponding thresholds. Keep the default settings if you are not sure. Packet Anomaly Packet Anomaly refers Defense: recommended to select all the Packet Anomaly Defense options. -73- to the abnormal packets.
Enable Attack With this box checked, the router will record the defense logs. Defense Logs: Tips: When IPTV works in Automatic mode, ensure that the Block IP options is not selected. 4.6.3 MAC Filtering On this page, you can control the access to the Internet of local host by specifying their MAC addresses. Choose the menu Firewall→MAC Filtering→MAC Filtering to load the following page.
List of Rules You can view the information of the entries and edit them by the Action buttons. 4.6.4 Access Control 4.6.4.1 URL Filtering URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the Internet URL address, so as to provide a convenient way for controlling the access to Internet from LAN hosts. Choose the menu Firewall→Access Control→URL Filtering to load the following page.
URL Filtering Rule Object: Mode: Select the range in which the URL Filtering takes effect: Group: URL Filtering will take effect to all the users in group. ANY: URL Filtering will take effect to all the users. Select the mode for URL Filtering. “Keywords’’ indicates that all the URL addresses including the specified keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL.
4.6.4.2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 4-43 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 4.6.4.3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page.
Figure 4-44 Access Rule The following items are displayed on this screen: Access Rules Policy: Select a policy for the entry: Block: When this option is selected, the packets obeyed the rule will not be allowed to pass through the router. Allow: When this option is selected, the packets obeyed the rule will be allowed to pass through the router. Service: Select the service for the entry. Only the service belonging to the specified service type is limited by the entry.
Source: Select the Source IP Range for the entries, including the following three ways: IP/MASK: Enter an IP address or subnet mask. ("0.0.0.0/32" means any IP). Group: Select a predefined group of users. You can set the group on4.4.1 Group. Destination: ANY: Means for any users. Select the Destination IP Range for the entries, including the following two ways: IP/MASK: Enter an IP address or subnet mask. ("0.0.0.0/32" means any IP is acceptable). ANY: Means for any users.
4.6.4.4 Service The Service function allows you to specify the protocol and port number to be filtered for Firewall function conveniently. Protocol name and port range constitute a service type. The router predefines three commonly used services such as HTTP, FTP and TELNET and you can also add customized services if needed. Choose the menu Firewall→Access Control→Service to load the following page.
List of Service You can view the information of the entries and edit them by the Action buttons. Note: The service types predefined by the system cannot be modified. 4.7 Services 4.7.1 PPPoE Server The router can be configured as a PPPoE server to specify account and IP address to users in LAN and thus you can control the dial-up of users for a high efficiency in network management.
Dial-up Access Only: Specify whether to enable the Dial-up Access Only function. If enabled, only the Dial-in Users and the user with Exceptional IP can access the Internet. PPPoE User Isolation: Specify whether to allow the Dial-in Users to communicate with one another. Primary/Secondary Enter the Primary/Secondary DNS server address. The default is DNS: 0.0.0.0. Max Sessions: Specify the maximum number of the sessions for PPPoE server. The default is 256.
Shared Key: Enter the Shared Key for Remote authentication. It should be the same to the shared key of the Radius Server. 4.7.1.2 IP Address Pool On this page, you can define or edit the IP Address Pool. Choose the menu Services→PPPoE Server→IP Address Pool to load the following page. Figure 4-47 IP Address Pool The following items are displayed on this screen: IP Address Pool Pool Name: Specify a unique name to the IP Address Pool for identification and management purposes.
Figure 4-48 Account The following items are displayed on this screen: Account Account Name: Enter the account name. This name should not be the same with the one in L2TP/PPTP connection settings. Password: Enter the password. IP Address Assigned Select the IP Address Assigned Mode for IP assignment. Mode: Static: Select this option to assign a static IP address to the client. Dynamic: Select this option to assign available IP addresses to the client automatically.
Description: Enter the description for management and search purposes. Up to 28 characters can be entered. Status: Activate or inactivate the entry. MAC Binding: Select a MAC Binding type from the pull-down list. Options include: MAC Address: Disable: Select this option to disable the MAC Binding function. Manual: Select this option to bind the account to a MAC address manually. Only from the Host with this MAC address can the account log on to the server.
Figure 4-49 Exceptional IP The following items are displayed on this screen: Exceptional IP IP Address Range: Specify the start and the end IP address to make an exceptional IP address range. This range should be in the same IP range with LAN port of the router. The start IP address should not exceed the end address and the IP address ranges must not overlap. Description: Give a description to the exceptional IP address range for identification. Status: Activate or inactivate the entry.
4.7.2 E-Bulletin With E-Bulletin function, bulletin information can be released to the specified users. On this page you can edit the bulletin content and specify the receiving user group. Choose the menu Services→E-Bulletin to load the following page. Figure 4-51 E-Bulletin The following items are displayed on this screen: General Enable E-Bulletin: Specify whether to enable electronic bulletin function. Interval: Specify the interval to release the bulletin.
Enable Logs: Specify whether to log the E-Bulletin. E-Bulletin Title: Enter a title for the bulletin. Content: Enter the content of the bulletin. Object: Select the object of this bulletin. Options include: ANY: The bulletin will be released to all the users and the PCs on the LAN. Group: The bulletin will be released to the users in the selected group. You can click < > button to add a group to the selected group and click < > to remove a group from the selected group.
As many ISPs use DHCP to assign public IP addresses in WAN, the public IP address assigned to the client is unfixed. In this way, it is very difficult for other clients to get the latest IP address of this client for access. DDNS (Dynamic DNS) server provides a fixed domain name for DDNS client and maps its latest IP address to this domain name.
The following items are displayed on this screen: Dyndns DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of Dyndns for register. Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you registered with your DDNS service provider. Update Interval: Select the interval to update DDNS service. DDNS Service: Activate or inactivate DDNS service here.
Figure 4-53 NO-IP DDNS The following items are displayed on this screen: No-IP DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of No-IP for register. Password: Enter the password of your DDNS account. Domain Name: Enter the Domain Name that you registered with your DDNS service provider. Update Interval: Select the interval to update DDNS service. DDNS Service: Activate or inactivate DDNS service here.
DDNS Status: Displays the current status of DDNS service. Offline: DDNS service is disabled. Connecting: Client is connecting to the server. Online: DDNS works normally. Authorization fails: The Account Name or Password is incorrect. Please check and enter it again. Invalid Domain name: The Domain Name is incorrect or unregistered. Please check and enter it again. List of No-IP Account In this table, you can view the existing DDNS entries or edit them by the Action button.
The following items are displayed on this screen: PeanutHull DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of PeanutHull for register. Password: Enter the password of your DDNS account. DDNS Service: Activate or inactivate DDNS service here. WAN Port: Displays the WAN port for which PeanutHull DDNS is selected.
Figure 4-55 Comexe DDNS The following items are displayed on this screen: Comexe DDNS Account Name: Enter the Account Name of your DDNS account. If you have not registered, click to go to the website of Comexe for register. Password: Enter the password of your DDNS account. DDNS Service: Activate or inactivate DDNS service here. WAN Port: Displays the WAN port for which Comexe DDNS is selected. DDNS Status: Displays the current status of DDNS service.
List of Comexe Account In this table, you can view the existing DDNS entries or edit them by the Action button. 4.7.4 UPnP Devices based on UPnP (Universal Plug and Play) protocol from different manufacturer can automatically discover and communicate with one another.
Note: ● When using UPnP function, make sure the UPnP is enabled for the router, and the operating system and applications in the host support UPnP service. ● As some Trojan and viruses can open the specific port using UPnP service resulting in hacker attack on the host, be careful of using UPnP service. 4.8 Maintenance 4.8.1 Admin Setup 4.8.1.1 Administrator On this page, you can modify the factory default user name and password of the router.
Note: ● The factory default password and user name are both admin. ● You should enter the new user name and password when next login if the current username and password has been changed. ● The new user name and password must not exceed 31 characters in length and must consist of numbers or letters. All the fields are case-sensitive. 4.8.1.2 Login Parameter On this page, you can configure and modify the Web and Telnet port.
Note: ● The default Web Management Port is 80. If the port is changed, you should type in “http://IP address: port” to login the router. For example, if the Web Management Port is changed to 88, type in http://192.168.0.1:88 in the address filed to login the router. ● The new timeout period will take effect when next login. Application Example Network Requirements Allow the IP address within 210.10.10.0/24 segment to manage the router with IP address of 210.10.10.50 remotely.
Figure 4-59 Remote Management The following items are displayed on this screen: Remote Management Subnet/Mask: Specify a single IP address or network address for the hosts desired to access the router from external network. Status: Activate or inactivate the entry. List of Subnet In this list, you can view the Remote Management entries and edit them by the Action buttons. The first entry in Figure 4-59 indicates that: The hosts with IP address in subnet of 192.168.2.
Figure 4-61 Export and Import The following items are displayed on this screen: Configuration Version Displays the current configuration version of the router. Export Click the button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading or modifying the configuration. Import Click the button to locate the update file for the device, or enter the exact path to the saved file in the text box.
Figure 4-62 Reboot Click the button to reboot the router. The configuration will not be lost after rebooting. The Internet connection will be temporarily interrupted while rebooting. Note: To avoid damage, please do not turn off the device while rebooting. 4.8.2.4 Firmware Upgrade Choose the menu Maintenance→Management →Firmware Upgrade to load the following page. Figure 4-63 Firmware Upgrade Upgrade the router to get more functions and better performance. Go to http://www.tp-link.
Choose the menu Maintenance→SNMP→SNMP to load the following page. Figure 4-64 SNMP The following items are displayed on this screen: General SNMP: Enable or disable the SNMP function. Device Name: Enter the name of the router. Location: Enter the location of the router. Contact: Enter the name of the network administrator for the router, as well as a contact number or an e-mail address. Get Community: Enter the password that allows read-only access to the router’s SNMP information.
4.8.4 Statistics 4.8.4.1 Interface Traffic Statistics Interface Traffic Statistics screen displays the detailed traffic information of each port and extra information of WAN ports. Choose the menu Maintenance→Statistics→Interface Traffic Statistics to load the following page. Figure 4-65 Interface Traffic Statistics The following items are displayed on this screen: Interface Traffic Statistics Interface: Displays the interface. Rate Rx: Displays the rate for receiving data frames.
Figure 4-66 IP Traffic Statistics The following items are displayed on this screen: General Enable IP Traffic Statistics: Allows you to enable or disable IP Traffic Statistics. Enable Auto-refresh: Allows you to enable/disable refreshing the IP Traffic Statistics automatically. The default refresh interval is 5 seconds. Traffic Statistics Direction: Select the direction in the drop-down list to get the Flow Statistics of the specified direction.
Figure 4-67 Diagnostics The following items are displayed on this screen: Ping Destination IP/Domain: Enter destination IP address or Domain name here. Then select a port for testing, if you select “Auto”, the router will select the interface of destination automatically. After clicking button, the router will send Ping packets to test the network connectivity and reachability of the host and the results will be displayed in the box below.
Tracert Destination IP/Domain: 4.8.5.2 Enter destination IP address or Domain name here. Then select a port for testing, if Auto is selected, the router will select the interface of destination automatically. After clicking the button, the router will send Tracert packets to test the connectivity of the gateways during the journey from the source to destination of the test data and the results will be displayed in the box below.
List of WAN status Port: Displays the detected WAN port. Detection: Displays whether the Online Detection is enabled. WAN Status: Display the detecting results. 4.8.6 Time 4.8.6.1 Time System Time is the time displayed while the router is running. On this page you can configure the system time and the settings here will be used for other time-based functions like Access Rule, PPPoE and Logs. Choose the menu Maintenance→Time→Time to load the following page.
Config Get UTC: When this option is selected, you can configure the time zone and the IP address for the NTP server. The router will get UTC automatically if it has connected to an NTP server. Time Zone: Select the time zone for the router. Primary/Secondary NTP Server: Enter the IP address or domain name of the NTP server. Manual: With this option selected, you can set the date and time manually.
The following items are displayed on this screen: Daylight Saving Time(DST) State Show the work state of DST. Daylight Saving Time(DST) Config DST Status: Enable or disable the DST. Predefined Mode: Select a predefined DST configuration. Recurring Mode: Date Mode: USA: Second Sunday in March, 02:00 – First Sunday in November, 02:00. European: Last Sunday in March, 01:00 – Last Sunday in October, 01:00. Australia: First Sunday in October, 02:00 – First Sunday in April, 03:00.
Figure 4-71 Logs List of Logs List of Logs displays the system log information in log buffer. Config Enable Auto-refresh: With this option selected, the page will refresh automatically every 5 seconds. Severity: Displays the severity level of the log information. You can select a severity level to display the log information with the same level. Send System Logs: Select Send System Logs and specify the server IP, then the new added logs will be sent to the specified server.
Severity debugging 4.8.8 Level 7 Description Debug-level messages NAT Table NAT Table corresponds to a mapping relation, which displays the connection sessions in network to help user check forwarding status and troubleshoot network. Choose the menu Maintenance→NAT Table→NAT Table to load the following page. Figure 4-72 NAT Table The following items are displayed on this screen: Filter Setting Out Link: Select an interface for forwarding data packets.
Aging Time: Displays the time which the link lasts (Unit: second). Out Link: Displays the WAN port which is used in the link. Sorted by: Select the rule for displaying the NAT Table. You can click table headers to sort items.
Appendix A Hardware Specifications Standards and Protocols IEEE 802.3, 802.3u TCP/IP, PPPoE, DHCP, ICMP, NAT, SNTP,HTTP,DNS One 10/100 Auto-Negotiation WAN RJ45 port (Auto MDI/MDIX) Ports Three adjustable 10/100M Auto-Negotiation WAN/LAN RJ45 ports (Auto MDI/MDIX) One 10/100M Auto-Negotiation LAN RJ45 port (Auto MDI/MDIX) 10Base-T: UTP/STP of Cat. 3 or above (≤100m) Transmission Medium 100Base-TX: UTP/STP of Cat. 5 or above (≤100m) LEDs PWR, SYS, Link/Act Power 100-240V~ 50/60Hz 0.
Appendix B FAQ Q1. What can I do if I cannot access the web-based configuration page? 1. 2. For the first login, please try the following steps: 1) Make sure the cable is well connected to the LAN port of the router. The corresponding LED should flash or be solid light. 2) Make sure the IP address of your PC is set in the same subnet addresses of the router. It is recommended to set your PC to get the IP address automatically.
Q3: What can I do if the router with the remote management function enabled cannot be accessed by the remote computer? 1. Make sure that the IP address of the remote computer is in the subnet allowed to remotely access the router. 2. If the router’s management port has been modified, please log into the router with the new address, such as http://192.168.0.1:XX (“XX” is the new management port number). 3.
Appendix C Glossary Glossary Description Application Level Gateway (ALG) is application specific ALG ( Application Layer translation agent that allows an application on a host in one address realm to connect to its counterpart running on a host in Gateway) different realm transparently. A ARP ( Address Resolution Protocol) Internet protocol used to map an IP address to a MAC address. A security protocol that provides data authentication and AH(Authentication Header) optional anti-replay services.
Glossary Description H.323 allows dissimilar communication devices to communicate H.323 H with each other by using a standardized communication protocol. H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods. HTTP(Hypertext Transfer The protocol used by Web browsers and Web servers to transfer files, such as text and graphic files.
Glossary Description Standardized data link layer address that is required for every port or device that connects to a LAN. Other devices in the MAC address(Media network use these addresses to locate specific ports in the Access Control address) network and to create and update routing tables and data M structures. MAC addresses are 6 bytes long and are controlled by the IEEE. MTU(Maximum The size in bytes of the largest packet that can be transmitted.
T Glossary Description TCP(Transfer Control Connection-oriented transport layer protocol that provides Protocol) reliable full-duplex data transmission. TCP/IP(Transmission Common name for the suite of protocols to support the Control Protocol/ Internet construction of worldwide Internetworks. TCP and IP are the two Protocol) best-known protocols in the suite.
