TEI480T+ User Guide

Copyright Statement
is the registered trademark of Shenzhen Tenda

Technology Co., Ltd. Other trademark or trade name mentioned herein
are the trademark or registered trademark of the company. Copyright
of the whole product as integration, including its accessories and
software, belongs to Shenzhen Tenda Technology Co., Ltd. Without
the permission of Shenzhen Tenda Technology Co., Ltd, any indiidual
or party is not allowed to copy, plagiarize, imitate or translate it into
other languages.
!ll the photos and product specifications mentioned in this manual are
for references only, as the upgrading of software and hardware, there
will be changes. !nd if there are changes, Tenda is not responsible for
informing in adance. "f you want to know more about our product
information, please isit our website at www.tenda.cn
T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide
Table of Contents
COPYRIGHT STATEMENT....................................................................................................................................................................................... 1
TABLE OF CONTENTS............................................................................................................................................................................................. 1
CHAPTER 1 PRODUCT OVERVIEW........................................................................................................................................................................ 2
1.1 PRODUCT INTRODUCTION...............................................2
1.2 PRODUCT FEATURES.......................................................2
1.3 PRODUCT SPECIFICATIONS..............................................4
1.4 PACKAGE CONTENTS......................................................4
CHAPTER 2 HARDWARE DESCRIPTION............................................................................................................................................................... 5
2.1 PANEL LAYOUT...............................................................5
2.2 SYSTEM REQUIREMENTS................................................6
2.3 INSTALLATION REQUIREMENTS.......................................6
2.4 HARDWARE INSTALLATION ............................................6
CHAPTER3 QUICK INSTALLATION........................................................................................................................................................................
3.1 CONFIGURATION OF COMPUTER.....................................
3.2 VERIFYING THE CONNECTIVITY....................................11
3.3 QUICK SETUP................................................................12
CHAPTER 4 CONFIGURATION.............................................................................................................................................................................. 1!
4.1 RUNNING STATUS..........................................................2"
4.2 QUICK SETUP................................................................23
4.3 NETWORK ....................................................................23
4.4 IAM..............................................................................35
4.5 SECURITY .....................................................................4
4.6 ADVANCED SETTINGS...................................................5!
4.# VPN..............................................................................65
4. MONITOR......................................................................6!
4.! SYSTEM TOOLS ............................................................#"
4.1" LOGOUT.......................................................................#5
APPENDI$ 1% HOW TO SET TCP&IP 'TAKE WINDOWS $P FOR E$AMPLE(..................................................................................................... #6
APPENDI$ 2% USEFUL COMMAND....................................................................................................................................................................... "
FCC STATEMENT%...............................................................1
1
Chapter 1 Product Overview
1.1 Product Introduction
Tenda enterprise (/W!) ports broadband router ///T#"$%&T', is a new generation
hardware network access deice, integrated with 0Online !pplication1"!2 3 and 0dual/
W!) ,outer 3 functions, specially designed for middle 1 small /sized enterprises,
goernment organizations, education and scientific research institutions . "t enables
enterprises to monitor, preent and manage staff online application so as to boost the
working efficiency, reduce network bandwidth occupation, and minimize legal risks.
1.2 Product eatures
Complies with "###%&(.4, "###%&(.4u and "###%&(.45 standards
*roides ( 6&16&&2 auto/negotiation W!) interface to connect 57SL1Cable deice
*roides 4 6&16&&2 auto/negotiation L!) interfaces to connect the internal L!)
7ouble W!)s support dual/W!) accesses, auto/realize bandwidth oerlapping
"ntelligent cable backup"ntelligent load balancing.
Supports TC*1"*TC*-7*8*)79C*)!TS)T*7)ST:T* etc.
Supports "*/2!C binding to preent !,* attack, !,* cheat and unauthorized access.
Supports special application access control oer port, 2!C, -,L to manage
network easily.
Supports fle5ible bandwidth management, and single/deice speed limit to secure
the bandwidth stability and reasonable utilization of network resources.
-* to 4%$29z C*- processor and powerful )!T forwarding feature, supports more
users.
Supports irtual serer, 72; host and !L. application
Supports **T* 8*) clients.
2
Supports **T*, 8*) serer function, % groups of users< simultaneous access to
internet.
Supports ==2S)S>?*#, :etion, !li wangwang software filter etc, enables to
setup e5ceptional ==s to pass through.
Supports website address classification and filter to facilitate management of
domain names.
Supports 7ynamic 7omain )ame System @77)SA resolution function.
*roides system security log and flow statistics.
Supports remote Web managementB proides all/#nglish interface.
+uilt/in 79C* serer, static address distribution supported.
!,* attack preention supported to secure network security and stability.
"nternal firewall proided to accurately control online time, domain name filter and
2!C address filter.
3
1.! Product Specifications
Supported *rotocols and
Standards
"###%&(.4, "###%&(.4u, "###%&(.45, TC*1"*, 79C*,
"C2*, )!T, ***o#, S)T*, 9TT*, 7)S, !,*
)etwork 2edia
6&+ase/TCat.4 or aboe Cat.4 -T*
6&&+ase/TCCat.D -T*
*ort and
L#7
"ndicator
W!) *ort (0W!)3 "ndicator and (06&&23 "ndicator
L!) *ort 4 0L!)3 "ndicators and 4 06&&23 "ndicators
Others
*ower @*ower "ndicator
S?S @System Status "ndicatorA *ower
7imensionL 5 W 5 9 (E$mm 5 6F%.%mm 5 $$mm
#nironment ,eGuirement
Operating TemperatureH &IC to $DIC
Storage TemperatureH /$&IC to F&IC
Operating 9umidityH
6&J/EDJ ,9 )on/condensing
Storage 9umidityH
DJ/EDJ ,9 )on/condensing
*ower and Consumption
T#"$%&T' "nputH!C ((&8 D&9z
ConsumptionH $W @2a5imumA
1." Pac#age Contents
*lease unpack the bo5 and check the following itemsH
One T#"$%&T' "nternet +ar1 #nterprise security gateway ,outer
One *ower Cord
One -ser .uide
Two L/shaped brackets
:our :oot *ads
"f any of the listed items are incorrect, missing or damaged, please contact your Tenda
reseller for immediate replacement.
4
Chapter 2 $ardware %escription
2.1 Panel &ayout
2.1.1 ront Panel
T'I"()T* ront Panel Show
6A ,eset >eep pressing this button for D seconds. The settings configured in this deice
will be deleted and router will be restored to factory default alue and rebooted
automatically.
(A "ndicatorH
Indicator %escription unction
*OW#, *ower "ndicator !lways O) indicates the router has power.
S?S
System Status
"ndicator
:lashing indicates the system is functioning
correctly.
!lways O) or Off indicates the system is
functioning incorrectly.
W!)1L!)
W!) and L!)
Status "ndicator
!lways O) indicates the W!)1L!) port is
connected correctly.
:lashing indicates the data packets are being
transferred.
6&&2
W!) and L!)
Speed
"ndicator
6&&2 indicator///always on indicates the
corresponding port is in 6&&2 working mode.
6&&2 indicator off indicates the corresponding
port is in 6&2 working mode
4A W!) ( W!) *ort ,K/$D for 57SL 2odem1Cable 2odem or #thernet
5
connection.
$A L!) *ortsH 4 L!) ports ,K/$Dfor computer<s #thernet network adapter , 9-+
and switch connection.
2.1.2 +ear Panel
T'I"()T* +ear Panel Show
*ower !dapterH *lease use the included power adapter.
2.2 System +e,uirements
)etwork !dapter
"nternet #5plorer D.& or higher
+roadband "nternet Serice @ia 57SL1 Cable 2odem1 #thernet access modeA
2.! Installation +e,uirements
>eep the deice in a safe position to aoid any possible damage or falling.
*lease make sure the operating !C power accords with the ,outer<s rated standard
and matches the oltage labeled on the ,outer.
7o not open the ,outer housing when it is working and een in power failure to
aoid electric shock. "t is highly recommended to put the deice to earth to reduce
danger and keep it away from lighting.
2ake sure there is enough space for entilation and heat dissipation.
2." $ardware Installation
+efore installing the ,outer, we hope you can successfully access "nternet. "f your
6
computer has difficulty in accessing "nternet, please contact your "S*. When you can
access the "nternet, please follow the steps below to install the ,outer.
'stablish &-. Connection
Connect the ,outer<s L!) port to the switch or hub. ?ou can also connect the
,outer<s L!) port to the network adapter of your computer.
'stablish /-. Connection
Connect the 57SL or #thernet to the ,outer<s W!) port ia cable Cat D.
Connect Power -dapter
When the power adapter is connected well, the ,outer will start automatically.
#
Chapter! 0uic# Installation
!.1 Configuration of Computer
The ,outer<s default "* is 6E(.6L%.&.6. ?ou can change it when necessary, but in this user
guide the ,outer is configured according to default alue.
Connect your computer to the ,outer<s L!) port and then follow the steps belowH
6. ,ight click 02y )etwork *laces3 on your desktop, and select
0*roperties3 on the menu.
(. ,ight click 0Local !rea Connection3 on the appearing window and select 0*roperties3.
4. Select 0"nternet *rotocol @TC*1"*A3 and click 0*roperties3.

$ Select 0Obtain an "* address automatically3 or select 0-se the following "* address
@SA3.
!
0Obtain an "* address automatically3 as the following diagramH
0-se the following "* address3
IP -ddress1 6E(.6L%.&.CCCH @CCC is a number from (M(D$A
Subnet 2as#1 233.233.233.)
4ateway1 6E(.6L%.&.6
%.S Server1 Certainly you need to input the 7)S serer address proided by your "S*.
Otherwise, you can use the ,outer<s default gateway as the 7)S pro5y serer. Click 0O>3
to sae the configurations.
1"
!.2 5erifying the Connectivity
!fter configuring the TC*1"* parameters, you can use *ing command to check the
connectiity between ,outer and computer.
6. Select 0StartN ,un. "nput 0cmd3 in 0,un3 page then click 0O>3.
(. !ccording to the format shown on the following page, input 0*ing 6E(.6L%.&.63 and
11
press #nter. "f the system gies the result shown on the figure, the connectiity between
your computer and the ,outer is normal. Otherwise please check the preious settings,
the power of the ,outer, and the cables between the ,outer and the computer.
!.! 0uic# Setup
To access the ,outer<s browser/based configuration interface, launch a web browser such
as "nternet #5plorer and enter the ,outer<s default "* address, httpH116E(.6L%.&.6. *ress
0#nter3. The configuration method also applies to any 2S Windows, 2acintosh or -)"C
platform.
The Login "nterface appears after the connection is established, to log in you need to "nput
the 0admin3 @factory defaultA in both -ser )ame and *assword. Then Click 0O>3. To
facilitate your ne5t time access to web/based management interface, it is recommended to
tick 0,emember 2y *assword3.
.ote1 To guarantee the security of +outer6 it is highly recommended that you
12
change the system default user name and password when you successfully log
in.
"f you enter the correct user name and password, the browser will moe to the
administrator interface and setup wizard will pop up, click 0ne5t3 to go to the interface for
access mode options.
The ,outer supports fie most common access methods @,outer<s default access mode is
dynamic "* accessAH
Static "*H a fi5ed address proided by #thernet broadband access "S*.
7ynamic "*H distributed by +roadband network or the wired to the users ia 79C*
serice.
***o# @!7SLAH !dopts ***o# irtual dial/up to access "nternet.
**T*H "t refers to *oint/to/*oint Tunneling *rotocol, sharing accessed resources
ia connection with remote serer.
13
L(T*H "t refers to Layer ( Tunneling *rotocol, sharing accessed resources ia
connection with remote serer.
?ou can choose one mode according to your need. Then click 0)e5t3 to fill in all the basic
network parameters.
)oteH 6. There are W!)6 and W!)( for your choices. *lease configure W!)6 and W!)(
respectiely according to your specific needs when configuring W!) ports.
(. +andwidth unit is >bytes1s. :or (2 !7SL proided by "S*, upload rate is D6(>bps
and download rate is (2bps. The unit conersion formula is as followsH
-plink bandwidth D6(>bps O L$>byte1s
7ownlink bandwidth (2bps O (&$%>bps O (DL>+yte1s
4"n order not to affect the speed, please fill the actual -plink17ownlink bandwidth
proided by your "S*.
Select a W!) port and a correct access mode according to your needs, and input proper
uplink1 downlink bandwidth. Then click 0)e5t3 to configure basic network parameters.
!.!.1 Static IP
"f your access mode is 0Static "*3, you need to enter the static "* address, subnet mask,
gateway, 7)S Serer and secondary 7)S Serer addresses. !fter you finish all the
14
settings, click 0)e5t3 to sae them.
IP -ddress1 W!) "* address proided by your local "S*. "f you are not clear, please
inGuire your local "S*.
Subnet 2as#1 W!) subnet mask proided by your local "S*. "f you are not clear,
please inGuire your local "S*.
4ateway1 #nter the gateway proided by your "S*. "f you are not clear, please
inGuire your local "S*.
Preferred %.S Server1 #nter the 7)S serer proided by your "S*. "f you are not
clear, please inGuire your local "S*.
-lternate %.S server1 Optional. "f your "S* offers you two 7)S serer addresses,
you can enter the other one here.
.ote1 "f the ,outer<s W!) "* address and the L!) "* address are within the same net
segment, the ,outer<s function will be damaged. *lease use the 0,eset3 button on the
panel for the emergency.
!.!.2 %ynamic IP
"f your access mode is 07ynamic "*3, you can obtain an "* address from your "S* to
access "nternet. Without other settings needed, you can Pust click 0)e5t3 to sae the
settings.
15
!.!.! PPPo'
-ccount1 #nter the !7SL account proided by your "S* to access internet. "f you
are not clear, please inGuire your "S*.
Password1 #nter the password proided by your "S*. "f you are not clear, please
inGuire your "S*.
!.!." PPTP
"f the connection is 0**T*3, please input the following parameters proided by your "S*H
**T* Serer "* !ddress, -ser )ame, and *assword.
**T* proides two access modes.
"f the **T* offered by your "S* is 7ynamic "*H *lease select 7ynamic "* without filling in
"* address, subnet mask and default gateway.
"f the **T* offered by your "S* is Static "*H *lease fill in the static access mode
parameters proided by your "S*.
!fter configuration, please click 0)e5t3. 7ynamic "*1 Static "* access modes are shown as
the followingH
16
7ynamic access mode
Static access mode
!.!.3 &2TP
Select L(T* @Layer ( Tunneling *rotocolA if your "S* use a L(T* connection, your "S* will
proide you with a user name and password please fill in the parameters.
L(T* proides two access modes.
"f the L(T* offered by your "S* is 7ynamic "*H *lease select 7ynamic "* without filling in
"* address, subnet mask and default gateway..
"f the L(T* offered by your "S* is Static "*H *lease fill in the parameters proided by your
"S*.
!fter configuration, please click 0)e5t3. 7ynamic "*1 Static "* access modes are shown as
the followingH
1#
7ynamic access mode
Static access mode
Click Q!pplyQ to sae the parameters and finish the =uick Setup.
When the configuration is accomplished you can moe to 0W!) Status3 under 0,unning
Status3 to check configuration information.
1
Chapter " Configuration
This chapter introduces the configuration of the ,outer<s functions on the Web/based
management interface. On this page, 6& menus introduce the ,outer<s functions.
,unning Status
=uick Setup
)etwork
"!2
Security
!danced
8*)
2onitor
System Tools
Logout
"f you hae any problems when you are using the product, please click 09elp3 on the page
to find the detailed e5planation.
1!
".1 +unning Status
".1.1 /-.1 Status
"t displays the W!)6 Connection Status, Connection 2ode, W!) "*, Subnet 2ask,
.ateway, 7)S Serer, !lternate 7)S Serer, W!) 2!C !ddress, W!) Traffic, and
Connection Time.
Connection Status1 "t displays the W!) connection status.
%isconnected1 "t indicates the W!) port hasn<t been connected with the network
cable.
Connecting1 "t indicates the W!) port is obtaining an "* address.
Connected1 "t indicates the ,outer is connected well with the "S*.
Connection 2ode1 "t displays your current access mode.
/-. IP"* address obtained from "S*.
Subnet 2as#1 The subnet mask obtained from "S*.
4ateway1 The gateway obtained from "S*.
%.S1 Obtained from "S*.
-lternate %.S1 Obtained from "S*.
2"
/-. 2-C -ddress"t displays the W!) 2!C !ddress.
/-. Port Traffic1 "t indicates the used bandwidth. The unit is >+1s.
".1.2 /-.2 Status
"t displays the W!)( Connection Status, Connection 2ode, W!) "*, Subnet 2ask,
.ateway, 7)S Serer, !lternate 7)S Serer, W!) 2!C !ddress, and W!) :low.
Connection Status1 "t displays the W!) connection status.
%isconnected1 "t indicates the W!) port hasn<t been connected with the network
cable.
Connecting1 "t indicates the W!) port is obtaining an "* address.
Connected1 "t indicates the ,outer is connected well with the "S*.
Connection 2ode1 "t displays your current access mode.
/-. IP"* address obtained from "S*.
Subnet 2as#1 The subnet mask obtained from "S*.
4ateway1 The gateway obtained from "S*.
%.S1 Obtained from "S*.
-lternate %.S1 Obtained from "S*.
/-. 2-C -ddress"t displays the W!) 2!C !ddress.
/-. Port Traffic1 "t indicates the used bandwidth. The unit is >+1s.
Connection Time1 it indicates dynamic "* connection time.
21
".1.! &-. Status
"t displays the ,outer<s "* !ddress, Subnet 2ask, L!) 2!C !ddress, 79C* Serer, and
)!T1)!T #ntry.
IP -ddress1 "t displays the ,outer<s "* address.
Subnet 2as#1 "t displays the ,outer<s subnet mask.
&-. 2-C -ddress"t displays the ,outer<s L!) 2!C address.
%$CP Server1 "t displays the disabled and enabled status of 79C* serer.
.-T7.-T 'ntry1 "t displays the ,outer<s working mode1 used )!T entries.
".1." System Status
"t displays the ,outer<s C*- and memory occupation, current ,unning time, System Time,
Connected Client, System 8ersion, Setup Wizard 8ersion, and :irmware 8ersion.
CP8 Occupation1 "t displays the using status of C*-
2emory Occupation1 "t displays the using status of memory.
+unning Time1 "t displays the running time after the system starts normally.
System Time1 "t displays the system updating time.
22
Connected Client1 "t displays the connected computers @)ormally it displays the
client counts obtained ia 79C* serer.A
System 5ersion1 "t displays the ,outer<s software ersion.
9ootcore 5ersion1 "t displays the ,outer<s program ersion.
irmware 5ersion1 "t displays the ,outer<s hardware ersion.
".2 0uic# Setup
*lease refer to chapter 4 for =uick Setup.
".! .etwor#
There are si5 submenus 0L!) Setting3, 0W!) Setting3 079C* Serer3, 072;3 0!ccess
Control3 0*ort *arameter3 in the 0)etwork3 menu. Click any submenu and you can enter
the corresponding setting. The following shows the detailed illustrations.
23
".!.1 &-. Setting
2-C -ddress1 "t displays the ,outer<s L!) 2!C address.
IP -ddress1 L!) "* address. The default alue of this "* address is 6E(.6L%.&.6.
?ou can change it when necessary.
Subnet 2as#1 L!) Subnet 2ask.
.ote1
6. "f you changed this "* address, you must use the new "* address to enter the Web/
based management interface. The default gateway alue of all the computers in L!) must
be set at this "* address to access "nternet.
(. "f the ,outer<s W!) "* address and the L!) "* address are at the same net segment,
the ,outer<s function will be damaged. *lease use the reset button on the panel when in
emergency.
4. "f your computer "* is set as 0Obtain an "* !ddress !utomatically 3, please first disable
your network adapter and then enable it after you change L!) "*.
".!.2 /-. Setting
There are 0W!) Setting3 and 02ulti/ W!) *olicy3 in 0W!) Setting3 menu. Click one of the
two submenus and you can enter the corresponding setting. The following is the detailed
e5planation of their functions.
".!.2.1 /-. Setting
This interface shows dual/port access status and port parameters.
24
Select the one you want to set up and click 3configure3 to enter the network setting
interface. This interface enables you to configure W!) ports< parameter. #ach W!)
supports three connection modesH static "*, dynamic "* and ***o# dial/up.
6A Static IP1 "f your access mode is 0Static "*3, it means you hae a fi5ed "* address
proided by "S*.
IP -ddress1 !pplied W!) "* address proided by your local "S*. "f you are not clear,
please inGuire your local "S*.
Subnet 2as#1 W!) subnet mask corresponds with current "* and is proided by
your local "S*. "f you are not clear, please inGuire your local "S*.
%efault 4ateway1 #nter the gateway which corresponds with current "* and is proided
by your "S*. "f you are not clear, please inGuire your local "S*.
Preferred %.S Server7 -lternate %.S server1 #nter the 7)S serer "* address
proided by your "S*. "f you are not clear, please inGuire your local "S*.
8pstream7%ownstream 9andwidth The applied static upstream1downstream
25
bandwidth for W!) port6. "f you are not clear, please inGuire your "S*.
2T8 Setting 2T- 2a5imum Transmission -nit system default is 6$D&
bytes. )oteH usually there is no need to configure it, and improper 2T-
configuration may lead to poor network performance or make it unusable.
(A %ynamic IP1 "f your access mode is dynamic "*B you can obtain "* address
automatically from your "S*.
8pstream7%ownstream 9andwidthThe applied dynamic upstream1downstream
bandwidth for W!) port6. "f you are not clear, please inGuire your "S*.
2T82T-2a5imum Transmission -nitsystem default is 6$D& bytes. )oteH
usually there is no need to configure it, and improper 2T- configuration may lead to
poor network performance or make it unusable.
4 PPPo'1 "f your access mode is ***o# dial/up, you can obtain "* address ia !7SL
irtual dial/up.
PPPo' -ccount1 #nter ***o# accountB if you are not clear inGuire your "S*.
PPPO' Password1 ***o# password by "S*. "f you are not clear inGuire your "S*.
8pstream7%ownstream 9andwidthThe applied ***o# upstream1downstream
26
bandwidth for W!)6. "f you are not clear, please inGuire your "S*.
2T82T-2a5imum Transmission -nitsystem
default is 6$D& bytes. )oteH usually there is no need to configure it, and improper 2T-
configuration may lead to poor network performance or make it unusable.
The configuration method of W!)( parameters is the same as that of W!)6.
".!.2.2 2ulti:/-. Policy.
On this page you can choose 2ulti/W!) *olicy according to your needs.T#"$%&T' dual/
W!) router has four working modes.
Intelligent &oad 9alancing 2ode ;automatic< System automatically distributes load
according to flow and automatically searches for W!) port which has the minimum flow
for communication, which is regarded as the smartest and best load mode. This load
balancing mode automatically fulfills flow distribution and bandwidth oerlapping without
any human interference inoled.
.oteSystem default working mode is intelligent load balancing mode.
Select operators according to different destination addresses1 ,outer based on
destination address is used to sole problems arising from interconnection and
intercommunication between Telecom and -nicom. +y adding policy routing mode
to router deice, data transmission mode is successfully established in the wayH
Telecom data ia Telecom, and -nicom data ia -nicom.
2#
Intelligent Cable 9ac#up 2ode ;9ac#up<1 -sers can choose one @W!)6 or
W!)(A for communication port and the other for backup according to their own
needs. 7eice will automatically shift to backup to fulfill communication when the
chosen communication line comes across problems.
IP 4roup8ser Customi=ed load Setting-sers can select W!)6 or W!)(
according to their own needs, by specifying source address, destination address,
and destination port. !ll data packets which are not included in defined range are to
be dealt with by W!)6. This working mode allows you to specify the needed load
setting based on your own needs.
:or e5ampleH "f you want intranet L!) source "* addressesH 6E(.6L%.&.6&&/6E(.6L%.&.(&&
to pass through W!)( at destination "* addressesH D%.(D6.%&.6/D%.(D6.%&.(D$, ia portsH
&/LDD4D, you need to first fill in the corresponding source "* addresses ,destination "*
addresses, destination port, designated W!) port, tick 0!ctie or not3 and click 0!dd to
the corresponding list3. The configuration result is shown below in the diagram.
.ote
6. !ll packets which are not included in user customized range are to be handled by
2
W!)6.
(. "f rules are repeated or there is common ground, then only the finally configured
rules are alid, the preiously configured rules will not go into effect.
".!.! %$CP Server
There are three submenus in the 079C* Serer3H 079C* Serer3, 0Client List3, and 0Static
!ssigning3. The corresponding functions are described in details below.
".!.!.1 %$CP Server
*rotocol settings include "* !ddress, Subnet 2ask, .ateway and 7)S Serer. Configuring
TC*1"* protocol for all the computers in L!) is not easy. 9oweer, 79C* serer proides
this function. "f you use the ,outer<s 79C* serer function, you can enable 79C* serer
to automatically configure the computer<s TC*1"* protocol in L!).
%$CP Server1 "f you want 79C* to automatically configure the TC*1"* parameters.
*lease select this option.
IP Pool Starting -ddress1 The "* starting address automatically distributed by
79C* serer.
IP Pool 'nding -ddress1 The "* ending address automatically distributed by
79C* serer.
&ease Time1 The "* address lease time distributed by 79C* to client. The default
alue is (%%& minutes.
Primary %.S Server1 %istributed %.S server address.
2!
Secondary %.S Server1 %istributed %.S server address ;optional<.
.ote1 "n order to use the ,outer<s 79C* serer, the TC*1"* protocol of the computer
in L!) must be set as 0Obtain an "* address automatically3.
".!.!.2 Client &ist
The 79C* client list displays all the 9ost )ames, "* !ddresses, 2!C !ddresses and
Lease Time ia 79C*.
$ost .ame1 The host name of client.
IP -ddress1 The "* address applied by the client.
2-C -ddress1 The 2!C address of the computer which applies for the "*
address.
&ease Time1 The alid using time of the obtained "* address.
".!.!.! Static -ssigning
79C* serer supports static "* address assigning. ?ou can use it when you want to make
a computer in L!) obtain the same "* address distributed by 79C* serer each time it
starts.
:or e5ampleThe 2!C address of a computer in L!) is &&H6DHD%Hc&Hd$H4f. "f you want it
to obtain the "*H 6E(.6L%.&.6D& eery time it starts. :irst, enter the "* address and 2!C
address and then click 0add3 and sae it .the finished configuration is as below.
3"
IP -ddress,esered "* !ddress.
2-C -ddress.The 2!C address of the computer which reseres "* address.
-dd!dd the resered "* address and 2!C address to the list.
'dit 2odify the "* address and 2!C address by static assignment.
%elete Clear the established static assignment information.
".!." %2>
"n some special cases, one computer in L!) is reGuired to be fully e5posed to W!) to
achiee two/way communication. The computer needs to be set as 72; host.
Setting StepsH :irst enter the W!) corresponding 72; host<s L!) computer<s "* in 072;
9ost "* !ddress 2apped by W!)6 and1or W!)(3 entry field. Then click 0#nable3 and
sae 72; host setting.
.ote1 :irework setting related to the "*s will be disabled after 72; is configured.
".!.3 -ccess Control
"n order to enhance the ,outer<s management security, you can specify the computer<s "*
address and change the ,outer<s port number.
31
".!.3.1 &-. -ccess Control
'nable1 #nable the ,outer<s W#+ interface access control function.
IP -ddress1 #nter the computer<s L!) "* address.
Port1 The default port number is %&. #nter the Web interface port number you
access.
.ote1 When the "* address is set, other addresses can not log on the ,outer<s Web/
based interface. :or e5ampleH When the ,outer<s default "* address is 6E(.6L%.&.6, if you
only permit the client computer with the "* address of 6E(.6L%.&.6&& to access the
,outer<s Web interface ia port %%%%, you need to set the following parameters and
change the ,outer<s access address to httpH116E(.6L%.&.6H%%%%
".!.3.2 /-. -ccess Control
)ormally, only L!) users can access ,outer, but this function will enable you to access
and control ,outer remotely to meet the special needs.
32
'nable1 "t will enable W!) port to !ccess and Control ,outer function.
IP address1 #nter the "* address of the remote client computer.
Port1 default port is %&%&B enter the W#+/based interface port number you access.
)oteH
,outer default W!) !ccess Control can be modified according to your needs. ?ou must
only follow the formatH 0"* address @the "* is the ,outer<s W!) "* addressAH port3. @:or
e5ample, "f router<s W!) port "* is (66.(4.6.(, enter httpH11(66.(4.6.(H%&%&A to access
,outer for remote management.
!ll W!) computers can access ,outer for remote W#+ management at its default W!)
!ccess Control "* addressH &.&.&.&. +ut if you change the default "* address @for e5ample
you set it as D%.L&.666.((6A, then only the specified W!) computer @D%.L&.666.((6A can
access the ,outer management interface.
:or e5ampleH when router<s W!) default "* is D%.(D6.%%.E&, and you only want to allow
client computer with "* addressH
D%.L&.666.((6 to access, control router<s W#+ interface ia portH %&%& W!). Then you
need to set the following parameters, and change router<s access address toH httpH11
D%.(D6.%%.E&H%&%&
".!.? Port Parameters Setting
There are 0*ort 2ode3 and 02!C !ddress3 submenus, click one of them to enter
corresponding function setting.
33
".!.?.1 Port 2ode
?ou can set W!)6 and W!)( *ort 2odes respectielyH auto/negotiation, 6&2 half duple5,
6&2 full duple5, 6&&2 half duple5, 6&&2 full duple5 based on your needs.
".!.?.2 2-C -ddress
?ou can set all ports 2!C address of the ,outer on the following page.
&-. Port 2-C -ddress1 displays router<s L!) 2!C address, you can input it
manually.
/-.1 Port 2-C -ddress1 displays routers W!)6 2!C address, you can input it
manually.
/-.2 Port 2-C -ddress1 displays routers W!)( 2!C address, you can input it
manually.
+estore to %efault 2-C1 factory 2!C address will be displayed after you click the
button.
.ote1
1. Some "S* binds users< computer 2!C, please copy the current administrator<s
computer 2!C address to the corresponding W!) 2!C address field or change 2!C
address manually. W!) 2!C address in 0,unning Status3 will be changed accordingly as
you change the alue.
(. W!) 2!C address modification only takes effect when router is rebooted. 7on<t use
34
this function "f your "S* does not bind your router 2!C address to aoid prolblems.
"." I-2
There are 0.roup Settings3, 0Client :ilter3, 0-,L :ilter3, 0Website :ilter3, 0*rotocol :ilter3,
0+andwidth and )!T #ntry3 Setting submenus in "!2 menu. ?ou can enter the
corresponding setting by clicking any of them.
".".1 4roup Settings
There are 0-ser .roup3, 3Time .roup,3 *rotocol :eature3 three submenus. ?ou can enter
the corresponding setting by clicking any of them.
".".1.1 8ser 4roup
?ou can set -ser .roup by adding "* .roup, .roup 7escription, and suitable "* or "*
segment. The set "* .roup will cooperate with sub/functions of "!2.
:or e5ample, if an enterprise<s , R 7<s "* segment is 6E(.6L%.&.(&/6E(.6L%.&.4&. Then
you can click 0!dd "* .roup3 to finish its configuration.
35
1 IP 4roup .ame1 + and %.
2 IP 4roup %escription1 %evelopment.
! -dd IP1@2.1?(.).2):1@2.1?(.).!)
". Clic# A-ddB and A-pplyB6 the following will appear.
".".1.2 Time 4roup
?ou can set Time .roup by adding time group, setting group name, group description and
the needed time or time range.
:or e5ample, if you want to set %&&/6%&& on the work days from 2onday to :riday as
a time group, you Pust need to click 0!dd Time .roup3
36
6.ameWork days
(%escription 1 Work days
4Time range%&&/6%H&& from 2onday to :riday
$Click 0Sae3, the following interface will display.
".".1.! Protocol eature
This page shows the filterable software information.
".".2 Client ilter
"n order to further manage the computers in L!), you can control the computers to access
3#
internet ia some W!) ports by data packets filter function. Click 0!dd :iltering ,ule3 the
following page will display.
iltering 2ode1 There are two modes 07isable3 and 0#nable3 for options.
iltering 2ode::::%isable1 :orbids the packets which accords with the rule to pass
through the ,outer. Other unrestricted packets are allowed to pass. The filter rule
takes effect on the corresponding "* or "* range.
iltering 2ode::::'nable1 *ermits packets which accords with the "* .roup, Time
.roup, and *ort rule to pass through the ,outerB packets that accord with "* .roup,
Time .roup, but not match *ort rule are not allowed to pass. Other packets whose
"* .roup and Time .roup rules are not enabled can pass through the router
normally. The filter rule takes effect on the corresponding "* or "* range.
'nable1 enables filter.
+emar#1 The simple description for configuration file.
IP 4roup1 select the added "* .roup
Time 4roup1 select the added Time .roup.
/-. Port Segment1 :ill in the port numberB you can specify a port range. 0)ull3
means all the ports from 6 to LDD4D.
Type1 Select the protocol used by the controlled packets. @0!ll3 includes TC*1-7*.A
.ote1
:ilter rule only takes effect on corresponding "* range and time group. Others which don<t
3
accord with filter rule are not affected.
'Cample 1 "f you don<t want the computer at the "* addresses of 6E(.6L%.&.(&/
6E(.6L%.&.4&"* groupH , and 7 to isit website at %H&&/6%H&&@Time groupH work daysA
from 2onday to :riday without control oer other computers in L!), you need to set the
parameters as follows.
Click 0Sae 3, the following appearsH
Tick 0#nable3 and Sae to bring it into effect.
".".! 8+& ilter
"n order to control the L!) computers to isit websites, you can use -,L filter to specify
the accessible1 inaccessible websites and accessible1inaccessible time. ?ou will reach the
following page by clicking 0!dd :ilter ,ule3H
3!
ilter 2ode1 ?ou can only choose either 07isable3 or 0#nable3.
ilter 2ode::::%isable1 :orbids the restricted data packets to pass through the
,outer. Other unrestricted data packets can pass through the ,outer. :ilter rule
takes effect on "* group and time group.
ilter 2ode:::::'nable1 *ermits data packets which accord with "* .roup, Time
.roup, -,L String and :ile Suffi5 )ame rules to pass through the ,outerB
*ackets which accord with "* .roup, Time .roup, but not match -,LString and :ile Suffi5
)ame rules are prohibited from passing through the ,outer. Other data packets whose "*
and Time .roup are not enabled can pass through the router normally.
'nable1 #nables filter.
+emar#1 The simple description of the configuration.
IP 4roupH select the added "* group.
Time 4roup1 select the added Time .roup.
8+& String1 #nter the filtered domain name.
ile SuffiC .ame7omain name<s suffi5 name.
.ote
:ilter rule only takes effect on corresponding "* group and time groupB others which don<t
accord with filter rules are not affected.
'Cample 11 "f you want the computers within the "* address segment of
6E(.6L%.&.(&M6E(.6L%.&.4& @"* .roupH , R 7A to only isit the websites which contains
0sina3 3baidu3 06L43 strings at the time of %H&&/6%H&& @Time .roupH work daysA from
2onday to :riday, and other computers can isit all websites, you need to set the
parameters as followsH
4"
Click 0Sae3 to moe to the following pageH
Tick #nable and Sae to effect the function.
"."." /ebsites ilter
?ou can manage L!) computers< access to "nternet websites easily ia website
classification and filter function.
41
9loc#1 "t will block you from accessing websites of this kind by prompting to you#rrorH
Site or *age )ot :ound3
+ecord1 "t records the time, "* and website domain name you hae accessed in log.
/arning"t prohibits you from accessing websites of this category and prompts that 0The
website access is not permitted by this router.3
".".3 Protocol ilter
There are 0*rotocol :ilter3 and 0#5ceptional3 two submenus in *rotocol :ilter. ?ou will
enter the corresponding setting by clicking one of them. The following gies the detailed
e5planation.
".".3.1 Protocol ilter
?ou can manage access to some softwares and protocols ia *rotocol :ilter. Clicking 0!dd
*rotocol :iltering :eature3 will bring you to the following interface.
42
,ule )ame)ame of protocol feature filter rule.
#nable#nable filter rule.
"* .roup )ameSelect the added "* group, default is 0all3.
Time .roup )ameSelect added Time .roup, default is 0all3.
,ule 7escriptionSimple description of filter rule.
*rotocol :eatureSelect and add the software you want to filter among all *rotocol
:eature.
or eCample 1 "f you don<t want users whose computers< "*s are within the "* address
segment of 6E(.6L%.&.(&/6E(.6L%.&.4&@"* .roupH , R7 7epartmentA to oice/chat ia
oip h.4(4 sip at %H&&/6%H&& from 2onday to :riday without control oer other
computers in L!), you need to set the parameters as follows.
Click 0!pply3 to moe to the following interfaceH
43
".".3.2 'Cceptional
?ou can manage access to network chat tools ia 0#5ceptional3 menuH
'nable Chat Software ilter#nables filter rules. bang
IP 4roup .ameThe already configured "* .roup name.
.ote?ou hae to go to -ser .roup interface to add "* group to set "* .roup, if
you hae not configured "* .roup.
iltering SoftwareSelect the softwares you want to filter.
'Cceptional 00 ?ou allow them to pass by specifying #5ceptional ==s and
adding remarks if you hae enabled == filter.
:or e5ample "f you don<t want computers at the "* addressesH 6E(.6L%.&.(&/
6E(.6L%.&.4& @"* .roupH , and 7A in L!) to access 0==3 02S)3 and 0:etion3 but
allow manager @== numberH 6(4$DLA to access ==, you need to set the
parameters as followsH
44
.oteOnly after you reboot the router can the configuration of Chat Software :ilter
take effect.
".".? 9andwidth D .-T Setting
There are +andwidth Setting and )!T #ntry two submenus in +andwidth R
)!T Setting. The former enables you to 0!dd +andwidth Control3B while the
latter allows you to configure 0!dd )!T #ntry Control3.
".".?.1 9andwidth Control
+andwidth Control can limit the communication flow of intranet computers. "t allows the
deice to support flow control oer ma5imum (D$ *Cs simultaneously. Configuration of "*
address range is supported as well. Click 0!dd +andwidth Control3 to go to the following
interface.
45
'nable#nable filter rules.
IP -ddress +ange:low controlled host computers< "* address rangeH can be a
single "* or a "* segment.
8plin# +ange 2a5imum data flow which is permitted to be uploaded by host
computers within specified "* range. -nit is >bytes1s.
%ownlin# +ange 2a5imum data flow which is permitted to be downloaded by
host computers within specified "* range. -nit is >bytes1s.
8plin# 7%ownlin# 2odeSelect -plink17ownlink 0"ndependent1 Share3 +andwidth
for "* within the range.
8plin#7%ownlin# PolicySelect -plink17ownlink fi5ed1 fle5ible +andwidth for "*
address within the range.
.ote if you choose 0 when the bandwidth has surplus , you can use more
bandwidth3 the ,outer will fle5ibly manage the uplink and downlink flow. "f the
bandwidth is surplus, you can use more than the configured uplink and downlink
bandwidth limit, otherwise, you can also use bandwidth within the configured limit.
%escriptionSimple description of the rules.
".".?.2 .-T 'ntry Setting
?ou can set the )!T #ntry of a computer to control the specified computer<s )!T entries.
The e5cessie entries can<t pass through the ,outer, while undesignated computers can
establish )!T entries without limit. Click 0!dd )!T #ntry Control3 to enter the following
interface.
46
Starting7'nding IP1 #nter the "* address range you want to control.
Type1 Select the )!T entry control type. ?ou can select 0"ndependent3 or 0Shared3.
Independent1 "t takes effect respectiely and separately on each single "* and
controls the ma5imum entries of each "*.
Shared1 "t takes effect on the whole "* segment as a group and controls the total
entries of the whole "* segment.
.-T 'ntry Control1 The ma5imum entries allowed. The range is from 6 to EEEE.
'nable1 Select it to enable )!T #ntry Control function.
:or e5ampleH
"f you want to control the computers with "* addresses of 6E(.6L%.&.6&&/6E(.6L%.&.(&&,
allow them to achiee ma5imum entries of (&& with type 0Shared3, you need to configure
as the picture below.
.ote
Only after you reboot the router can the configuration of )!T #ntry Setting take effect.
4#
".3 Security
0Security3 consists of 02!C :ilter3, 0!,* 7efense3, 0!ttack 7efense3 0"*/2!C +inding3
and 0!ttack List3. Their functions are described in details below.
".3.1 2-C ilter
"n order to manage the computers in L!) better, you can control the "nternet accesses of
L!) computers by 2!C address filter. Click 0!dd :ilter ,ules3 to moe to the following
interfaceH
ilter 2ode1 ?ou can only choose either 0#nable3 or 07isable3.
%isable1 :orbid the limited data packets to pass through the ,outer. Other unlimited
packets are allowed to pass.
'nable1 *ermit the limited packets to pass through the ,outer. Other unlimited
packets are allowed to pass.
4
+emar#1 The simple description of this configuration.
2-C1 #nter the 2!C address you want to control or select the 2!C address in
2anual Setting.
Time1 Set the start time and end time of the rule. "f the time is not set, the default
alue & indicates ($ hours.
%ate1 Select the options according to your demand.
'Cample 11 "f you forbid the computer at the 2!C address of &&H+&H&CHFFH%%H&& to
access the "nternet from %H&&/6%H&& eeryday without restrict to other computers and other
time, you need to set the parameters as follows.
Click 0Sae3 to enable 2!C :ilter function.
'Cample 21 "f you only permit the computer at 2!C address of &&H+&H&CHFFH%%H&& to
access "nternet only from %H&&/6%H&& eeryday but forbid other computers in L!) to
access internet anytime. ?ou need to set the parameters as follows.
Click Sae and tick 0:orbid deices not in list to access internet3 to enable
the function.
4!
".3.2 -+P %efense
"n order to preent !,* attack and cheat, the ,outer enabled this function by default to
protect your network. The default !,* broadcast interal is one second, and you can set
the range from 6 to L& seconds.
".3.! -ttac# %efense
"n 0!ttack 7efense3 page there are 0W!) !ttack 7efense3 and 0L!) !ttack 7efense3.
Click
one to enter the corresponding setting. The following illustrates their functions in details.
".3.!.1 /-. -ttac# %efense
There are 0Scan !ttacks 7efense3 and 07oS !ttacks 7efense3, 0Suspicious *ackets
7efense3, 0*ackets 7efense Containing "* Options 3,3Other !ttacks3 in W!) !ttack
7efense.
IP Scan ! source "* sends "C2* reGuest packets to 6& different destination "*
addresses within less than the prescribed time, which indicates "* scan attack is ongoing.
5"
Port Scan! source "* sends TC* S?) reGuest packets to 6& different ports of one
destination address within less than the prescribed time, which indicates port scan attack
is ongoing.
IP Cheat Select "* Cheat checkbo5 to check whether packets from specified area are
committing "* cheat.
.ote1 This function takes effect on L!) only not on W!).
IC2P lood"f "C2* reGuest packets a destination "* receies within one second are
beyond the specified amount, it indicates this destination "* is being attacked by "C2*
:lood.
8%P lood"f -7* packets a port of a destination "* receies within one second are
beyond the specified amount, it indicates this destination "* is being attacked by -7*
:lood.
SE. lood"f TC* S?) packets a port of a destination "* receies within one second
are beyond the specified amount, it indicates the port of this destination "* is being
attacked by TC* S?) :lood.
&-.% -ttac#1 This refers to the combined attack of S?) :lood !ttack and "* cheat. "t
takes place when attacker sends deceptie S?) packets which include the ictim<s "*
address as source and destination "* addresses.
/in.u#e "t refers to Win)uke against 7oS attack of any online computer which runs
Windows. !n attacker sends TC* fragment @usually configured as -,. )et+"OS port 64EA
to connected hosts, which causes fragment oerlapping and leads to breakdown of the
51
computer.
9ig IC2P Pac#ets .enerally, an "C2* packet is within 6&($ +ytes and will be
considered as a suspicious packet if it e5ceeds the amount.
TCP Pac#ets /ithout lag! normal TC* packet has at least one configured symbol
@flagA, and those without any control symbol are regarded as suspicious packets.
Set the TCP Pac#ets of SE. and I. at the Same TimeThose that hae both
simultaneously configured S?) and :") control symbols in the same
TC* fragment packets are suspicious TC* packets
TCP Pac#ets only Set I. without -CF TC* packet which hae configured :")
symbol but no !C> symbol are abnormal.
8n#nown Protocol "f the character segment alue in protocol type of an "* packet is
64D or bigger, resered and undefined alue, it is impossible to figure out in adance, due
to the undefined protocols, whether this unknown protocol is well/intentioned or malicious.
The cautious solution for these non/standard protocols is to block and preent them from
entering the protected network.
IP Timestamp Option "t refers to whether to check "* from specified area contains
52
0"nternet Timestamp3 or not.
IP Security Option "t refers to whether to check "* from specified area contains
0Security3 or not.
IP Stream Option"t refers to whether to check "* from specified area contains 0Stream
"73
or not.
IP +ecord +oute Option"t refers to whether to check "* from specified area contains
0,ecord ,oute3 or not.
IP &oose Source +oute Option"t refers to whether to check "* from specified area
contains 0Loose Source ,oute3 or not.
IP Strict Source +oute Option"t refers to whether to check "* from specified area
contains 0Strict Source ,outeB or not.
Invalid IP Options "t refers to whether to check the integrity or correctness of the "*
packet from specified area or not.
ilter Ping rom /-. Port,outer will not respond to ping detect from W!) port
after this function is enabled.
%%oS -ttac# %efense,outer will block 77)S attack after this function is enabled.
Shoc# /aves6 Sasser and Other 5iruses %efense1 enabling this function to block shock
waes sasser and other iruses attack.
".3.!.2 &-. -ttac# %efense
There are 0Scan !ttacks 7efense3 , 07oS !ttacks 7efense3, 0Suspicious *ackets
7efense3, 0*ackets 7efense Containing "* Options 3 and 3Other !ttacks3 in L!) !ttack
7efense.
53
IP Scan ! source "* sends "C2* reGuest packets to 6& different destination "*
addresses within less than the defined time, which indicates "* scan attack is ongoing.
Port Scan! source "* sends TC* S?) packets to 6& different ports of one destination
address within less than the defined time, which indicates ports scan attack is ongoing.
IP Cheat Select "* Cheat checkbo5 to check whether packets from specified area are
committing "* cheat.
.ote1 This function takes effect on L!) only not on W!).
IC2P lood"f "C2* reGuest packets a destination "* receies within one second are
beyond the specified amount, it indicates this destination "* is being attacked by "C2*
:lood.
8%P lood"f -7* packets a port of a destination "* receies within one second are
beyond the specified amount, it indicates this destination "* is being attacked by -7*
:lood.
SE. lood"f TC* S?) packets a port of a destination "* receies within one second
are beyond the specified amount, it indicates the port of this destination "* is being
attacked by TC* S?) :lood.
&-.% -ttac#1 This refers to the combined attack of S?) :lood !ttack and "* cheat. "t
takes place when attacker sends a deceptie S?) packet which includes the ictim<s "*
address as source and destination "* addresses.
54
/in.u#e "t refers to attacking 7oS of any computer which runs Windows. !ttacker
sends TC* fragment @usually configured as -,. )et+"OS port 64EA to connected host,
which causes fragment oerlapping and leads to breakdown of the computer.
9ig IC2P Pac#ets .enerally, "C2* packet is less than 6&($ +ytes and will be
considered as a suspicious packet if it e5ceeds.
TCP Pac#ets /ithout lag! normal TC* packet has at least one configured symbol
@flagA, and those without any control symbol are regarded as suspicious packets.
Set the TCP Pac#ets of SE. and I. at the Same Time1Those that hae both
simultaneously configured S?) and :") control symbols in the same TC* fragment
packet are suspicious TC* packets
TCP Pac#ets only Set I. without -CF TC* packet headers which hae configured
:") symbol but no !C> symbol are abnormal.
8n#nown Protocol"f the character segment in protocol type of "* packet which is 64D
or bigger, is resered and undefined, it is impossible to figure out in adance whether this
unknown protocol is well/intentioned or malicious. The cautious solution for these non/
standard protocols is to block and preent them from entering the protected network.
55
IP Timestamp Option "t refers to whether to check "* from specified area contains
0"nternet Timestamp3 or not.
IP Security Option "t refers to whether to check "* from specified area contains
0Security3
or not.
IP Stream Option"t refers to whether to check "* from specified area contains 0Stream
"73
or not.
IP +ecord +oute Option"t refers to whether to check "* from specified area contains
0,ecord ,oute3 or not.
IP &oose Source +oute Option"t refers to whether to check "* from specified area
contains 0Loose Source ,oute3 or not.
IP Strict Source +oute Option"t refers to whether to check "* from specified area
contains 0Strict Source ,outeB or not.
Invalid IP "t refers to whether to check the integrity or correctness of the "* packet from
specified area or not.
56
ilter Ping rom &-. Port,outer will not respond to ping detect from L!) port
after
this function is enabled.
%%oS -ttac# %efense,outer will block 77oS attack after this function is enabled.
Shoc# /aves6 Sasser and Other 5iruses %efense1 enabling this function to block shock
waes sasser and other iruses attack.
".3." IP:2-C 9inding
There are "*/2!C +inding and 7ynamic +inding two submenus in "*/2!C +inding menu.
The detailed function of each will be illustrated below.
".3.".1 IP:2-C 9inding
This function realizes the binding of intranet computer<s "* and 2!C address.
Once address binding configuration is completed, the specified "* can only be used by the
corresponding designated computer, which soles "* address collision problem caused by
random change of "* address in L!). :urthermore, you can also select 02andatory 2ode3
to forbid unbound computers to access internet.
'nable IP:2-C 9inding#nables "*/2!C +inding function.
5#
2odeSelect 0)ormal 2ode3 or 02andatory 2ode3.
.ote0 )ormal 2ode3 only forbids "* which does not match the bound 2!C, while "*s
which are not included in binding list can communicate normally.
2andatory 2odeOnly permits "* that matches the 2!C addresses in
binding list to access internet.
Click 0!dd +inding3 to moe to the following screenH
-+P &ist 7isplays the corresponding "* and 2!C addresses in the !,* List.
Select 02anual set3 in !,* List if you want to add "* and 2!C addresses.
IP -ddress"* address that needs to be bound.
2-C -ddress1 2!C addresses that need to be bound. Only when "* and 2!C
addresses in binding list reach one/to/one correspondence can the computer
access internet after binding function is enabled.
+emar#1 simple description of binding.
".3.".2 %ynamic 9inding
This binding list shows internal network "* and corresponding 2!C addresses access
5
information. ?ou can select 0binding< or 0!ll binding3 to fulfill "*/2!C address Guick
binding.
".3.3 -ttac# &ist
This page displays the host computers which are filtered by the ,outer because of
attacks. These attacks are usually caused by network iruses. When you are sure that the
iruses in the host computer are all cleared, you can click 07elete3 to restore the
computer<s normal access ability.
,outer automatically displays the computer<s "* and 2!C addresses in !ttack List and
shields1filters the corresponding host when detecting iruses or some computer is trying to
make malicious attack. This computer is thus preented from accessing internet after the
function is enabled. To restore this host<s normal access to internet, click 07elete3
".? -dvanced Settings
0!danced Settings3 menu includes 08irtual Serer3, 0-*n*3, 0One /to /One )!T3,
077)S3, 0,outer Table3 fie submenus. Clicking on one submenu brings you to the
corresponding configuration.
5!
".?.1 5irtual Server
*ort 2apping defines the mapping relationship between the W!) serice port and L!)
serer. !ll the accesses to W!) serice port will be redirected to the L!) network serer
designated by "* address. *ort mapping allows you to establish public serices such as
Web serer, :T* serer, etc. Click 0!dd 8irtual Serer3 to go to the following interfaceH
/-.1 select a W!) for *ort 2apping, W!)6, or W!)( as options.
/-. Port1 W!) serice port which proides e5ternal network serice.
/ell:#nown Service1 "n the Well/known serice options, there are some commonly used
protocol ports such as 7)S @D4A, :T* @(6A, .O*9#, @F&A, 9TT* @%&A, ))T* @66E&A,
*O*4 @66&A, **T* @6F(4A, S2T* @(DA, SOC> @6&%&A and T#L)#T @(4A.
?ou can manually add the ports which are not included in the aboe to the list.
&-. Port1 L!) serice port, namely the client<s *C port.
&-. IP1 "* address of the computer which is used as a serer in L!).
Protocol1 "ncludes TC*, -7* and !ll. When you are not sure of which protocol to use,
please select all.
'nable1 Select this item to enable the set rules.
2odify1 2odify the mapping correspondingly numbered port.
or eCample1
"f you build a Web serer in a computer at the internal L!) "* address of 6E(.6L%.&.6& ia
6"
port of %&, and you want to access the web serer ia W!) through httpH115.5.5.5H$&
@5.5.5.5 is the ,outer<s W!)( "* addressA, you can enter Q$&3 in 0W!) *ort3, 0%&3 in 0L!)
*ort3, 06E(.6L%.&.6&3 in 0L!) "*3, 0!ll3 in 0*rotocol3 and then 0#nable3 and 0Sae3 it to
effect the function.
.ote1 "f you set a irtual serer at the serice port of %&, you need to set the 0,emote Web
2anagement3 at any alue e5cept %&, like %&%&. Otherwise, there will be collision which
affects the irtual serer.
".?.2 8PnP
The latest -niersal *lug and *lay network protocol is supported by Windows 2#1
Windows C* or higher, @The operating system needs to be integrated with or to install
7irect5E.& or higher ersion,A or application software which supports -*n*. :or e5ample, if
Thunder or other *(* software is installed in Windows C*, you can use -*n* protocol in
uploading and downloading. "f -*n* is enabled, you can see the port forwarding
information when starting Thunder. *ort information forwarding is supplied at the reGuest
of application program.
61
I%"t indicates the item<s number.
+emote $ost1 The description of the remote host which receies or sends data.
'Cternal Port1 The ,outer<s port number used for forwarding.
Internal $ost1 The description of the internal host which receies or sends data.
Internal Port1 The host<s port number which needs port forwarding.
Protocol1 "t specifies the port forwarding to TC* or -7*.
%escription1 Software information of mapping port.
".?.! One:to:One .-T
This function fulfills one/to/one )!T static mapping between L!) "* and W!) "*. Click
0!dd )!T3 to enter the following interfaceH
L!) Starting !ddressH :ill in the internal host "* address.
W!) Starting !ddress:ill in W!) "* address which is correspondingly mapped
by internal "* address.
"* Count"t indicates one/to/one )!T "* numbers.
#nable#nables the currently set rule, which doesn<t take effect when 0#nable3 is
not selected.
:or e5ampleH by entering 6E(.6L%.&.6& in L!) starting "* address, 6F(.64%.66(.666 in
W!) starting "* address, and D in 0"* Count3 field, you specify that L!) "*sH 6E(.6L%.&.6&
S6E(.6L%.&.6$ and W!) "*sH 6F(.64%.66(.666S6F(.64%.66(.66D are reaching one/to/
one correspondence.
62
".?." %%.S
This page allows you to set dynamic 7)S parameters. When the connection is
successfully established, other hosts on the "nternet can access your ,outer or irtual
serer ia domain name.
T#"$%&T' ,outer proides the same dynamic 7)S configuration method for each W!).
'nable %%.S1 Select it to enable this function.
Service Provider1 Select the 77)S serice proider among 7yndns.org, %%ip.cn,
freedns.afraid.org, zoneedit.com, no/ip.com, and 44((.org.
8ser .ame1 The user name registered on 77)S serer.
Password1 The password registered on 77)S serer.
%omain Information1 The 7omain )ame obtained from 77)S serer.
Connection Status1 The current connection status of 77)S serer.
63
'nable %%.S1 Select it to enable this function.
Service Provider1 Select the 77)S serice proider among 7yndns.org, %%ip.cn,
freedns.afraid.org, zoneedit.com, no/ip.com, and 44((.org.
8ser .ame1 The user name registered on 77)S serer.
Password1 The password registered on 77)S serer.
%omain Information1 The 7omain )ame obtained from 77)S serer.
Connection Status1 The current connection status of 77)S serer.
".?.3 +oute Table
There are two submenus 0,oute Table3 and 0Static ,oute3 in 0,oute Setting3 menu. The
functions of these submenus will be illustrated below.
".?.3.1 +oute Table
This page displays the ,oute Table contents.
".?.3.2 Static +oute
?ou can configure the Static ,oute functions on this page, click 0!dd Static ,outing3 and
64
specify Static ,oute rules.
%estination IP1 The "* address of destination host or destination network.
Subnet 2as#1 The subnet mask of destination address. -sually the alue is
(DD.(DD.(DD.&.
4ateway1 The "* address of the ,outer< entry for ne5t hop.
".G 5P.
There are two submenusH 0**T* Client3, and 0**T* Serice3 in 8*). Click one to enter
corresponding setting. The functions of each are illustrated in details below.
".G.1 PPTP Client
**T* Client supports the connection between 8*) router client and 8*) router serice.
:or e5ampleH if a branch and its headGuarter of an enterprise want to achiee simple, safe,
mutual access to each other<s resources, they can simply use the **T* client in the router
of the branch. The configuration method is illustrated belowH
65
'nable PPTP ClientTick to enable **T* client function
PPTP Server -ddress**T* serice address which needs to be dialed
8ser .ame**T* user name assigned by serice
Password"t corresponds with user name and is assigned by serice
'nable 'ncryption or .ot Select whether to 0enable encryption or not3 according to
serice configuration. Only when serer and client share the same configuration can
communication be normally maintained.
PPTP .et Segment The accessed net segment ia **T* tunnelB usually
it is configured as L!) address segment of **T* serice.
PPTP 2as# **T* net segment mask.
Status"t displays the connection status of **T* client.
Obtained PPTP -ddress"t indicates the "* address assigned by **T* serice.
".G.2 PPTP Server
There are three submenus in 0**T* Serer3H 0**T* Serer3 0Client Setting3, 07ial/in List3.
The detailed functions of each are illustrated below.
".G.2.1 PPTP Server
**T* serice supports the connection between **T* Client and 8*) router. :or
e5ampleH a branch company needs to use **T* 8*) to send daily financial reports to its
66
headGuarter and receie emails from company internal email bo5. This is accomplished by
dialing/in to access company internal network. Configuration methods are demonstrated in
details belowH
#nable **T*Tick to enable **T* 8*).
2a5imum **T* LinksThe largest number of supported **T* clients who dial/in
simultaneously. System allows % different clients to dial/in at the same time.
**T* Serer !ddress:ill in the **T* serer<s "* address.
**T* Client !ddress ,angeThe "* address range assigned by serice to a client after
his access ia 8*) dial/in.
#nable or 7isable #ncryptionSupports 6(%/bit data encryption. Tick to enable 6(%/bit
encryption mode for both sides< communication, which is only achieed when serice and
client share the same configuration.
".G.2.2 PPTP Client Setting
!fter the aboe configuration is finished you need to create **T* clients for router. #nter
**T* Client Setting and click 0!dd -sers3. :or e5ample, you can configure like thisH user
nameH test, passwordH 6(4, and client corresponding net segmentH 6E(.6L%.&.&, please
follow the configuration method shown in the diagram below.
6#
8ser .ame -ser name for accessing **T* serer
Password *assword for accessing **T* serer
Confirm Password ,econfirm *assword for accessing **T* serer
Client Is networ# or not Select network access or single *C access mode for client.
.ote?ou hae to choose network for client if router is **T* client access mode and you
want all L!) computers in router can be connected.
.et Segment **T* client net segment.
2as# **T* client subnet mask
,emark :ill in remarks @optionalA.
".G.2.! %ial:in &ist
This page shows the information of **T* client ia dial/up.
8ser name1 -ser name of **T* client ia dial/in.
%ial:in IP**T* client "* address.
-ssign IP"* address assigned by **T* serer to client.
6
".( 2onitor
There are three submenus in 02onitor3H 0Statistics3, 0Log 8iew3, 0Log Setting3. Click one to
enter the corresponding setting. :unction of each submenu is illustrated in details below.
".(.1 Statiscs
'nable Traffic Statistics Select to enable this function. System default is
07isable3, please disable it to improe router<s capability in dealing with packets if
there is no need for traffic statistics.
,efreshClick to refresh statistics list.
.ote
"t is normal, if there is a little deference between actual data and statistic data shown by
Traffic Statistic, which is caused by actual traffic transient peak alue.
".(.2 &og 5iew
"n system log you can check all kinds of conditions when system starts and whether there
is network attack or not.
6!
".(.! &og Setting
+ased on system default, when system log records reach the number of (DL, old log
records will be automatically deleted. To proide complete knowledge of router<s running
status, Log Setting function transfers router log information to log serer. Click 0!dd Log
Setting3 to moe to the following interfaceH
&og Server IP -ddress "* address of log serer.
&og Server PortSerice port of log serer.
'nable#nable log serice function.
".@ System Tools
There are seen submenus in system toolsH Time Setting, +ackup and ,estore,
:irmware -pgrade, *olicy -pgrade, ,estore :actory 7efault, ,eboot, Change
password 1-sername. Click one to enter the corresponding setting. The function of each
is illustrated in details below.
#"
".@.1 Time Setting
?ou can set time zone yourself or obtain .2T from internet. The .2T can only be gotten
after successful access to internet. ?ou can also manually input the current time.
'nable .etwor# TimeSystem time is obtained automatically from network.
Time -dHusting Period Select system time and time adPusting period, which is (
hours by default, according to your specific needs.
Time >oneSelect your local time zone.
".@.2 9ac#up 7 +estore
?ou can backup the current or restore preious router configuration.
#1
+ackup 1 ,estore setting stepsH
Click Q+ackupQ to enter configuration interface. Specify the path to sae the
configured file and click O> to create a system/configured backup file in specified
directory.
Click 0+rowse3 to select the correctly uploaded file and click 0,estore3. Then reboot
the ,outer to restore the preious settings.
".@.! irmware 8pgrade
?ou will get a more stable router ersion and additional router functions by upgrading
router<s firmware.
irmware upgrading steps
+rowse to select the path of firmware file. Then Click 0-pgrade3 to upgrade.
,outer automatically reboots after being upgraded.
)ote7o not shut down the router power during upgrading, otherwise the router will
be damaged and can not be used. "t automatically restarts after successful upgrading.
*lease wait patiently for the upgrading process to finish, which lasts for seeral minutes.
#2
".@." Policy 8pgrade
Obtain more stable filter function by upgrading the router<s policy file.
Policy upgrading steps
+rowse to choose the path for the policy file. Click 0-pgrade3 to upgrade policy.
#3
".@.3 +estore actory %efault
Click 0,estore :actory 7efault3 to bring all configurations to factory defaultH
7efault -ser )ameadmin.
7efault *asswordadmin.
7efault "* !ddress6E(.6L%.&.6.
7efault Subnet 2ask(DD.(DD.(DD.&.
0,estore :actory 7efault3 only takes effect after the router reboots
".@.? +eboot
This interface below introduces function to reboot router ia software. "t takes about $&
seconds.
Click 0,eboot3 to bring configuration which can only be effected after the router is
restarted. ,outer automatically ends network connection before restarting.
".@.G Change Password78sername
#4
This page allows you to modify administrator<s user name and password.
*lease enter a new username and the old password first then a new password. "f
the old entered password is correct, after clicking 0Sae3, system user name and
password is successfully modified.
)ote"t is highly recommended that you change the original user name and password
for the sake of safety.
".1) logout
*lease log out router<s web/based management interface by clicking 0logout3 tag after all
configurations are completed.
#5
-ppendiC 11 $ow to Set TCP7IP ;Ta#e /indows IP for eCample<
6. Click 0Start3N 0Control *anel3 to enter the control panel.
Picture 1
(. Click 0)etwork and "nternet Connections3 to enter the connection page.
Picture 2
#6
4. Click 0)etwork Connections3 to display the following window.
Picture !
$. ,ight click 0Local !rea Connection3 and select 0*roperties3
Picture "
D. Select 0"nternet *rotocol @TC*1"*A3 on the appearing window and click
0*roperties3 button.
##
Picture 3
L. 2ethod 6H Click 0Obtain an "* address automatically3, 0Obtain 7)S serer<s
address automatically3 and then click 0O>3.
Picture ?
2ethod (H Select 0-se the following "* address3 and enter the "* addressH 6E(.6L%.&.555
#
@555 can be any alue from (M(D$A. Subnet maskH (DD.(DD.(DD.&. 7efault gatewayH
6E(.6L%.&.6. *referred 7)S sererH 6E(.6L%.&.6. "f you know the local 7)S serer
address, you can fill it in.
Picture G
F. Click 0O>3 to return to the 0Local !rea Connection *roperties3 window.
%. Click 0Close3 to e5it the window.
"n this chapter, we introduce you to configure the TC*1 "* protocol. *lease make sure that
you hae installed the network adapter in the computer. "f not, please refer to the -ser
.uide of the network adapter to install the adapter and drier.
#!
-ppendiC 21 8seful Command
Command 'Cplanation
cmd
,un this command to enter the Windows command mode.
@Suitable for Windows (&&& or higher.A
ipconfig 7isplay the computer<s "* address.
ping
The most useful command in TC*1"* protocol. When it sends a
serial of packets to another system, the system will send back a
response. "t is useful for checking remote host. The response
shows whether it can reach the host and how long it costs to
receie a response.
netstat
,un this command to check the current connection status of "*.
When your basic communication is processing, the system
serice must be checked. The serice includes checking the
input data or erifying the session.
tracert
Tracert command is used to display the path which the packets
pass through.
net stop Stop Windows )T )etwork Serice, such as net stop dnscache.
net send
Send messages to other network users or computers. ?ou must
run messenger serice to receie messages.
"f you hae any problem, please contact our customer serice or isit our
website.
Tenda websiteH httpH11www.tenda.cn
T#LH @%LA&FDD/(FLDF6%& (FLD4&%E
#mailH supportTtenda.com.cn
"
CC Statement1
This eGuipment has been tested and found to comply with the limits for a Class + digital
deice, pursuant to *art 6D of the :CC ,ules. These limits are designed to proide
reasonable protection against harmful interference in a residential installation. This
eGuipment generates, uses and can radiate radio freGuency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio
communications. 9oweer, there is no guarantee that interference will not occur in a
particular installation. "f this eGuipment does cause harmful interference to radio or
teleision reception, which can be determined by turning the eGuipment off and on, the
user is encouraged to try and correct the interference by one or more of the following
measuresH
U ,eorient or relocate the receiing antenna.
U "ncrease the separation between the eGuipment and receier.
U Connect the eGuipment into an outlet on a circuit different from that to which the receier
is connected.
U Consult the dealer or an e5perienced radio1T8 technician for help.
1

TEI480T+ User Guide

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

TEI480T+ User Guide

Diunggah oleh

Hak Cipta:

Format Tersedia

Copyright Statement

is the registered trademark of Shenzhen Tenda

T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide

Anda mungkin juga menyukai