0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
61 tayangan82 halaman
Copyright of the whole product as integration, including its accessories and software, belongs to shenzhen Tenda technology co., Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd, any indiidual or party is not allowed to copy, plagiarize, imitate or translate it into other languages.!all the photos and PRODUCT SPECIFICATIONS mentioned in this manual are for references only, as the upgrading of software and hardware, there will be changes.
Copyright of the whole product as integration, including its accessories and software, belongs to shenzhen Tenda technology co., Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd, any indiidual or party is not allowed to copy, plagiarize, imitate or translate it into other languages.!all the photos and PRODUCT SPECIFICATIONS mentioned in this manual are for references only, as the upgrading of software and hardware, there will be changes.
Copyright of the whole product as integration, including its accessories and software, belongs to shenzhen Tenda technology co., Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd, any indiidual or party is not allowed to copy, plagiarize, imitate or translate it into other languages.!all the photos and PRODUCT SPECIFICATIONS mentioned in this manual are for references only, as the upgrading of software and hardware, there will be changes.
Technology Co., Ltd. Other trademark or trade name mentioned herein are the trademark or registered trademark of the company. Copyright of the whole product as integration, including its accessories and software, belongs to Shenzhen Tenda Technology Co., Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd, any indiidual or party is not allowed to copy, plagiarize, imitate or translate it into other languages. !ll the photos and product specifications mentioned in this manual are for references only, as the upgrading of software and hardware, there will be changes. !nd if there are changes, Tenda is not responsible for informing in adance. "f you want to know more about our product information, please isit our website at www.tenda.cn T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Table of Contents COPYRIGHT STATEMENT....................................................................................................................................................................................... 1 TABLE OF CONTENTS............................................................................................................................................................................................. 1 CHAPTER 1 PRODUCT OVERVIEW........................................................................................................................................................................ 2 1.1 PRODUCT INTRODUCTION...............................................2 1.2 PRODUCT FEATURES.......................................................2 1.3 PRODUCT SPECIFICATIONS..............................................4 1.4 PACKAGE CONTENTS......................................................4 CHAPTER 2 HARDWARE DESCRIPTION............................................................................................................................................................... 5 2.1 PANEL LAYOUT...............................................................5 2.2 SYSTEM REQUIREMENTS................................................6 2.3 INSTALLATION REQUIREMENTS.......................................6 2.4 HARDWARE INSTALLATION ............................................6 CHAPTER3 QUICK INSTALLATION........................................................................................................................................................................ 3.1 CONFIGURATION OF COMPUTER..................................... 3.2 VERIFYING THE CONNECTIVITY....................................11 3.3 QUICK SETUP................................................................12 CHAPTER 4 CONFIGURATION.............................................................................................................................................................................. 1! 4.1 RUNNING STATUS..........................................................2" 4.2 QUICK SETUP................................................................23 4.3 NETWORK ....................................................................23 4.4 IAM..............................................................................35 4.5 SECURITY .....................................................................4 4.6 ADVANCED SETTINGS...................................................5! 4.# VPN..............................................................................65 4. MONITOR......................................................................6! 4.! SYSTEM TOOLS ............................................................#" 4.1" LOGOUT.......................................................................#5 APPENDI$ 1% HOW TO SET TCP&IP 'TAKE WINDOWS $P FOR E$AMPLE(..................................................................................................... #6 APPENDI$ 2% USEFUL COMMAND....................................................................................................................................................................... " FCC STATEMENT%...............................................................1 1 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Chapter 1 Product Overview 1.1 Product Introduction Tenda enterprise (/W!) ports broadband router ///T#"$%&T', is a new generation hardware network access deice, integrated with 0Online !pplication1"!2 3 and 0dual/ W!) ,outer 3 functions, specially designed for middle 1 small /sized enterprises, goernment organizations, education and scientific research institutions . "t enables enterprises to monitor, preent and manage staff online application so as to boost the working efficiency, reduce network bandwidth occupation, and minimize legal risks. 1.2 Product eatures Complies with "###%&(.4, "###%&(.4u and "###%&(.45 standards *roides ( 6&16&&2 auto/negotiation W!) interface to connect 57SL1Cable deice *roides 4 6&16&&2 auto/negotiation L!) interfaces to connect the internal L!) 7ouble W!)s support dual/W!) accesses, auto/realize bandwidth oerlapping "ntelligent cable backup"ntelligent load balancing. Supports TC*1"*TC*-7*8*)79C*)!TS)T*7)ST:T* etc. Supports "*/2!C binding to preent !,* attack, !,* cheat and unauthorized access. Supports special application access control oer port, 2!C, -,L to manage network easily. Supports fle5ible bandwidth management, and single/deice speed limit to secure the bandwidth stability and reasonable utilization of network resources. -* to 4%$29z C*- processor and powerful )!T forwarding feature, supports more users. Supports irtual serer, 72; host and !L. application Supports **T* 8*) clients. 2 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Supports **T*, 8*) serer function, % groups of users< simultaneous access to internet. Supports ==2S)S>?*#, :etion, !li wangwang software filter etc, enables to setup e5ceptional ==s to pass through. Supports website address classification and filter to facilitate management of domain names. Supports 7ynamic 7omain )ame System @77)SA resolution function. *roides system security log and flow statistics. Supports remote Web managementB proides all/#nglish interface. +uilt/in 79C* serer, static address distribution supported. !,* attack preention supported to secure network security and stability. "nternal firewall proided to accurately control online time, domain name filter and 2!C address filter. 3 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 1.! Product Specifications Supported *rotocols and Standards "###%&(.4, "###%&(.4u, "###%&(.45, TC*1"*, 79C*, "C2*, )!T, ***o#, S)T*, 9TT*, 7)S, !,* )etwork 2edia 6&+ase/TCat.4 or aboe Cat.4 -T* 6&&+ase/TCCat.D -T* *ort and L#7 "ndicator W!) *ort (0W!)3 "ndicator and (06&&23 "ndicator L!) *ort 4 0L!)3 "ndicators and 4 06&&23 "ndicators Others *ower @*ower "ndicator S?S @System Status "ndicatorA *ower 7imensionL 5 W 5 9 (E$mm 5 6F%.%mm 5 $$mm #nironment ,eGuirement Operating TemperatureH &IC to $DIC Storage TemperatureH /$&IC to F&IC Operating 9umidityH 6&J/EDJ ,9 )on/condensing Storage 9umidityH DJ/EDJ ,9 )on/condensing *ower and Consumption T#"$%&T' "nputH!C ((&8 D&9z ConsumptionH $W @2a5imumA 1." Pac#age Contents *lease unpack the bo5 and check the following itemsH One T#"$%&T' "nternet +ar1 #nterprise security gateway ,outer One *ower Cord One -ser .uide Two L/shaped brackets :our :oot *ads "f any of the listed items are incorrect, missing or damaged, please contact your Tenda reseller for immediate replacement. 4 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Chapter 2 $ardware %escription 2.1 Panel &ayout 2.1.1 ront Panel T'I"()T* ront Panel Show 6A ,eset >eep pressing this button for D seconds. The settings configured in this deice will be deleted and router will be restored to factory default alue and rebooted automatically. (A "ndicatorH Indicator %escription unction *OW#, *ower "ndicator !lways O) indicates the router has power. S?S System Status "ndicator :lashing indicates the system is functioning correctly. !lways O) or Off indicates the system is functioning incorrectly. W!)1L!) W!) and L!) Status "ndicator !lways O) indicates the W!)1L!) port is connected correctly. :lashing indicates the data packets are being transferred. 6&&2 W!) and L!) Speed "ndicator 6&&2 indicator///always on indicates the corresponding port is in 6&&2 working mode. 6&&2 indicator off indicates the corresponding port is in 6&2 working mode 4A W!) ( W!) *ort ,K/$D for 57SL 2odem1Cable 2odem or #thernet 5 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide connection. $A L!) *ortsH 4 L!) ports ,K/$Dfor computer<s #thernet network adapter , 9-+ and switch connection. 2.1.2 +ear Panel T'I"()T* +ear Panel Show *ower !dapterH *lease use the included power adapter. 2.2 System +e,uirements )etwork !dapter "nternet #5plorer D.& or higher +roadband "nternet Serice @ia 57SL1 Cable 2odem1 #thernet access modeA 2.! Installation +e,uirements >eep the deice in a safe position to aoid any possible damage or falling. *lease make sure the operating !C power accords with the ,outer<s rated standard and matches the oltage labeled on the ,outer. 7o not open the ,outer housing when it is working and een in power failure to aoid electric shock. "t is highly recommended to put the deice to earth to reduce danger and keep it away from lighting. 2ake sure there is enough space for entilation and heat dissipation. 2." $ardware Installation +efore installing the ,outer, we hope you can successfully access "nternet. "f your 6 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide computer has difficulty in accessing "nternet, please contact your "S*. When you can access the "nternet, please follow the steps below to install the ,outer. 'stablish &-. Connection Connect the ,outer<s L!) port to the switch or hub. ?ou can also connect the ,outer<s L!) port to the network adapter of your computer. 'stablish /-. Connection Connect the 57SL or #thernet to the ,outer<s W!) port ia cable Cat D. Connect Power -dapter When the power adapter is connected well, the ,outer will start automatically. # T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Chapter! 0uic# Installation !.1 Configuration of Computer The ,outer<s default "* is 6E(.6L%.&.6. ?ou can change it when necessary, but in this user guide the ,outer is configured according to default alue. Connect your computer to the ,outer<s L!) port and then follow the steps belowH 6. ,ight click 02y )etwork *laces3 on your desktop, and select 0*roperties3 on the menu. (. ,ight click 0Local !rea Connection3 on the appearing window and select 0*roperties3. 4. Select 0"nternet *rotocol @TC*1"*A3 and click 0*roperties3.
$ Select 0Obtain an "* address automatically3 or select 0-se the following "* address @SA3. ! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 0Obtain an "* address automatically3 as the following diagramH 0-se the following "* address3 IP -ddress1 6E(.6L%.&.CCCH @CCC is a number from (M(D$A Subnet 2as#1 233.233.233.) 4ateway1 6E(.6L%.&.6 %.S Server1 Certainly you need to input the 7)S serer address proided by your "S*. Otherwise, you can use the ,outer<s default gateway as the 7)S pro5y serer. Click 0O>3 to sae the configurations. 1" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide !.2 5erifying the Connectivity !fter configuring the TC*1"* parameters, you can use *ing command to check the connectiity between ,outer and computer. 6. Select 0StartN ,un. "nput 0cmd3 in 0,un3 page then click 0O>3. (. !ccording to the format shown on the following page, input 0*ing 6E(.6L%.&.63 and 11 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide press #nter. "f the system gies the result shown on the figure, the connectiity between your computer and the ,outer is normal. Otherwise please check the preious settings, the power of the ,outer, and the cables between the ,outer and the computer. !.! 0uic# Setup To access the ,outer<s browser/based configuration interface, launch a web browser such as "nternet #5plorer and enter the ,outer<s default "* address, httpH116E(.6L%.&.6. *ress 0#nter3. The configuration method also applies to any 2S Windows, 2acintosh or -)"C platform. The Login "nterface appears after the connection is established, to log in you need to "nput the 0admin3 @factory defaultA in both -ser )ame and *assword. Then Click 0O>3. To facilitate your ne5t time access to web/based management interface, it is recommended to tick 0,emember 2y *assword3. .ote1 To guarantee the security of +outer6 it is highly recommended that you 12 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide change the system default user name and password when you successfully log in. "f you enter the correct user name and password, the browser will moe to the administrator interface and setup wizard will pop up, click 0ne5t3 to go to the interface for access mode options. The ,outer supports fie most common access methods @,outer<s default access mode is dynamic "* accessAH Static "*H a fi5ed address proided by #thernet broadband access "S*. 7ynamic "*H distributed by +roadband network or the wired to the users ia 79C* serice. ***o# @!7SLAH !dopts ***o# irtual dial/up to access "nternet. **T*H "t refers to *oint/to/*oint Tunneling *rotocol, sharing accessed resources ia connection with remote serer. 13 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide L(T*H "t refers to Layer ( Tunneling *rotocol, sharing accessed resources ia connection with remote serer. ?ou can choose one mode according to your need. Then click 0)e5t3 to fill in all the basic network parameters. )oteH 6. There are W!)6 and W!)( for your choices. *lease configure W!)6 and W!)( respectiely according to your specific needs when configuring W!) ports. (. +andwidth unit is >bytes1s. :or (2 !7SL proided by "S*, upload rate is D6(>bps and download rate is (2bps. The unit conersion formula is as followsH -plink bandwidth D6(>bps O L$>byte1s 7ownlink bandwidth (2bps O (&$%>bps O (DL>+yte1s 4"n order not to affect the speed, please fill the actual -plink17ownlink bandwidth proided by your "S*. Select a W!) port and a correct access mode according to your needs, and input proper uplink1 downlink bandwidth. Then click 0)e5t3 to configure basic network parameters. !.!.1 Static IP "f your access mode is 0Static "*3, you need to enter the static "* address, subnet mask, gateway, 7)S Serer and secondary 7)S Serer addresses. !fter you finish all the 14 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide settings, click 0)e5t3 to sae them. IP -ddress1 W!) "* address proided by your local "S*. "f you are not clear, please inGuire your local "S*. Subnet 2as#1 W!) subnet mask proided by your local "S*. "f you are not clear, please inGuire your local "S*. 4ateway1 #nter the gateway proided by your "S*. "f you are not clear, please inGuire your local "S*. Preferred %.S Server1 #nter the 7)S serer proided by your "S*. "f you are not clear, please inGuire your local "S*. -lternate %.S server1 Optional. "f your "S* offers you two 7)S serer addresses, you can enter the other one here. .ote1 "f the ,outer<s W!) "* address and the L!) "* address are within the same net segment, the ,outer<s function will be damaged. *lease use the 0,eset3 button on the panel for the emergency. !.!.2 %ynamic IP "f your access mode is 07ynamic "*3, you can obtain an "* address from your "S* to access "nternet. Without other settings needed, you can Pust click 0)e5t3 to sae the settings. 15 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide !.!.! PPPo' -ccount1 #nter the !7SL account proided by your "S* to access internet. "f you are not clear, please inGuire your "S*. Password1 #nter the password proided by your "S*. "f you are not clear, please inGuire your "S*. !.!." PPTP "f the connection is 0**T*3, please input the following parameters proided by your "S*H **T* Serer "* !ddress, -ser )ame, and *assword. **T* proides two access modes. "f the **T* offered by your "S* is 7ynamic "*H *lease select 7ynamic "* without filling in "* address, subnet mask and default gateway. "f the **T* offered by your "S* is Static "*H *lease fill in the static access mode parameters proided by your "S*. !fter configuration, please click 0)e5t3. 7ynamic "*1 Static "* access modes are shown as the followingH 16 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 7ynamic access mode Static access mode !.!.3 &2TP Select L(T* @Layer ( Tunneling *rotocolA if your "S* use a L(T* connection, your "S* will proide you with a user name and password please fill in the parameters. L(T* proides two access modes. "f the L(T* offered by your "S* is 7ynamic "*H *lease select 7ynamic "* without filling in "* address, subnet mask and default gateway.. "f the L(T* offered by your "S* is Static "*H *lease fill in the parameters proided by your "S*. !fter configuration, please click 0)e5t3. 7ynamic "*1 Static "* access modes are shown as the followingH 1# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 7ynamic access mode Static access mode Click Q!pplyQ to sae the parameters and finish the =uick Setup. When the configuration is accomplished you can moe to 0W!) Status3 under 0,unning Status3 to check configuration information. 1 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Chapter " Configuration This chapter introduces the configuration of the ,outer<s functions on the Web/based management interface. On this page, 6& menus introduce the ,outer<s functions. ,unning Status =uick Setup )etwork "!2 Security !danced 8*) 2onitor System Tools Logout "f you hae any problems when you are using the product, please click 09elp3 on the page to find the detailed e5planation. 1! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".1 +unning Status ".1.1 /-.1 Status "t displays the W!)6 Connection Status, Connection 2ode, W!) "*, Subnet 2ask, .ateway, 7)S Serer, !lternate 7)S Serer, W!) 2!C !ddress, W!) Traffic, and Connection Time. Connection Status1 "t displays the W!) connection status. %isconnected1 "t indicates the W!) port hasn<t been connected with the network cable. Connecting1 "t indicates the W!) port is obtaining an "* address. Connected1 "t indicates the ,outer is connected well with the "S*. Connection 2ode1 "t displays your current access mode. /-. IP"* address obtained from "S*. Subnet 2as#1 The subnet mask obtained from "S*. 4ateway1 The gateway obtained from "S*. %.S1 Obtained from "S*. -lternate %.S1 Obtained from "S*. 2" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide /-. 2-C -ddress"t displays the W!) 2!C !ddress. /-. Port Traffic1 "t indicates the used bandwidth. The unit is >+1s. ".1.2 /-.2 Status "t displays the W!)( Connection Status, Connection 2ode, W!) "*, Subnet 2ask, .ateway, 7)S Serer, !lternate 7)S Serer, W!) 2!C !ddress, and W!) :low. Connection Status1 "t displays the W!) connection status. %isconnected1 "t indicates the W!) port hasn<t been connected with the network cable. Connecting1 "t indicates the W!) port is obtaining an "* address. Connected1 "t indicates the ,outer is connected well with the "S*. Connection 2ode1 "t displays your current access mode. /-. IP"* address obtained from "S*. Subnet 2as#1 The subnet mask obtained from "S*. 4ateway1 The gateway obtained from "S*. %.S1 Obtained from "S*. -lternate %.S1 Obtained from "S*. /-. 2-C -ddress"t displays the W!) 2!C !ddress. /-. Port Traffic1 "t indicates the used bandwidth. The unit is >+1s. Connection Time1 it indicates dynamic "* connection time. 21 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".1.! &-. Status "t displays the ,outer<s "* !ddress, Subnet 2ask, L!) 2!C !ddress, 79C* Serer, and )!T1)!T #ntry. IP -ddress1 "t displays the ,outer<s "* address. Subnet 2as#1 "t displays the ,outer<s subnet mask. &-. 2-C -ddress"t displays the ,outer<s L!) 2!C address. %$CP Server1 "t displays the disabled and enabled status of 79C* serer. .-T7.-T 'ntry1 "t displays the ,outer<s working mode1 used )!T entries. ".1." System Status "t displays the ,outer<s C*- and memory occupation, current ,unning time, System Time, Connected Client, System 8ersion, Setup Wizard 8ersion, and :irmware 8ersion. CP8 Occupation1 "t displays the using status of C*- 2emory Occupation1 "t displays the using status of memory. +unning Time1 "t displays the running time after the system starts normally. System Time1 "t displays the system updating time. 22 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Connected Client1 "t displays the connected computers @)ormally it displays the client counts obtained ia 79C* serer.A System 5ersion1 "t displays the ,outer<s software ersion. 9ootcore 5ersion1 "t displays the ,outer<s program ersion. irmware 5ersion1 "t displays the ,outer<s hardware ersion. ".2 0uic# Setup *lease refer to chapter 4 for =uick Setup. ".! .etwor# There are si5 submenus 0L!) Setting3, 0W!) Setting3 079C* Serer3, 072;3 0!ccess Control3 0*ort *arameter3 in the 0)etwork3 menu. Click any submenu and you can enter the corresponding setting. The following shows the detailed illustrations. 23 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".!.1 &-. Setting 2-C -ddress1 "t displays the ,outer<s L!) 2!C address. IP -ddress1 L!) "* address. The default alue of this "* address is 6E(.6L%.&.6. ?ou can change it when necessary. Subnet 2as#1 L!) Subnet 2ask. .ote1 6. "f you changed this "* address, you must use the new "* address to enter the Web/ based management interface. The default gateway alue of all the computers in L!) must be set at this "* address to access "nternet. (. "f the ,outer<s W!) "* address and the L!) "* address are at the same net segment, the ,outer<s function will be damaged. *lease use the reset button on the panel when in emergency. 4. "f your computer "* is set as 0Obtain an "* !ddress !utomatically 3, please first disable your network adapter and then enable it after you change L!) "*. ".!.2 /-. Setting There are 0W!) Setting3 and 02ulti/ W!) *olicy3 in 0W!) Setting3 menu. Click one of the two submenus and you can enter the corresponding setting. The following is the detailed e5planation of their functions. ".!.2.1 /-. Setting This interface shows dual/port access status and port parameters. 24 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Select the one you want to set up and click 3configure3 to enter the network setting interface. This interface enables you to configure W!) ports< parameter. #ach W!) supports three connection modesH static "*, dynamic "* and ***o# dial/up. 6A Static IP1 "f your access mode is 0Static "*3, it means you hae a fi5ed "* address proided by "S*. IP -ddress1 !pplied W!) "* address proided by your local "S*. "f you are not clear, please inGuire your local "S*. Subnet 2as#1 W!) subnet mask corresponds with current "* and is proided by your local "S*. "f you are not clear, please inGuire your local "S*. %efault 4ateway1 #nter the gateway which corresponds with current "* and is proided by your "S*. "f you are not clear, please inGuire your local "S*. Preferred %.S Server7 -lternate %.S server1 #nter the 7)S serer "* address proided by your "S*. "f you are not clear, please inGuire your local "S*. 8pstream7%ownstream 9andwidth The applied static upstream1downstream 25 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide bandwidth for W!) port6. "f you are not clear, please inGuire your "S*. 2T8 Setting 2T- 2a5imum Transmission -nit system default is 6$D& bytes. )oteH usually there is no need to configure it, and improper 2T- configuration may lead to poor network performance or make it unusable. (A %ynamic IP1 "f your access mode is dynamic "*B you can obtain "* address automatically from your "S*. 8pstream7%ownstream 9andwidthThe applied dynamic upstream1downstream bandwidth for W!) port6. "f you are not clear, please inGuire your "S*. 2T82T-2a5imum Transmission -nitsystem default is 6$D& bytes. )oteH usually there is no need to configure it, and improper 2T- configuration may lead to poor network performance or make it unusable. 4 PPPo'1 "f your access mode is ***o# dial/up, you can obtain "* address ia !7SL irtual dial/up. PPPo' -ccount1 #nter ***o# accountB if you are not clear inGuire your "S*. PPPO' Password1 ***o# password by "S*. "f you are not clear inGuire your "S*. 8pstream7%ownstream 9andwidthThe applied ***o# upstream1downstream 26 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide bandwidth for W!)6. "f you are not clear, please inGuire your "S*. 2T82T-2a5imum Transmission -nitsystem default is 6$D& bytes. )oteH usually there is no need to configure it, and improper 2T- configuration may lead to poor network performance or make it unusable. The configuration method of W!)( parameters is the same as that of W!)6. ".!.2.2 2ulti:/-. Policy. On this page you can choose 2ulti/W!) *olicy according to your needs.T#"$%&T' dual/ W!) router has four working modes. Intelligent &oad 9alancing 2ode ;automatic< System automatically distributes load according to flow and automatically searches for W!) port which has the minimum flow for communication, which is regarded as the smartest and best load mode. This load balancing mode automatically fulfills flow distribution and bandwidth oerlapping without any human interference inoled. .oteSystem default working mode is intelligent load balancing mode. Select operators according to different destination addresses1 ,outer based on destination address is used to sole problems arising from interconnection and intercommunication between Telecom and -nicom. +y adding policy routing mode to router deice, data transmission mode is successfully established in the wayH Telecom data ia Telecom, and -nicom data ia -nicom. 2# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Intelligent Cable 9ac#up 2ode ;9ac#up<1 -sers can choose one @W!)6 or W!)(A for communication port and the other for backup according to their own needs. 7eice will automatically shift to backup to fulfill communication when the chosen communication line comes across problems. IP 4roup8ser Customi=ed load Setting-sers can select W!)6 or W!)( according to their own needs, by specifying source address, destination address, and destination port. !ll data packets which are not included in defined range are to be dealt with by W!)6. This working mode allows you to specify the needed load setting based on your own needs. :or e5ampleH "f you want intranet L!) source "* addressesH 6E(.6L%.&.6&&/6E(.6L%.&.(&& to pass through W!)( at destination "* addressesH D%.(D6.%&.6/D%.(D6.%&.(D$, ia portsH &/LDD4D, you need to first fill in the corresponding source "* addresses ,destination "* addresses, destination port, designated W!) port, tick 0!ctie or not3 and click 0!dd to the corresponding list3. The configuration result is shown below in the diagram. .ote 6. !ll packets which are not included in user customized range are to be handled by 2 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide W!)6. (. "f rules are repeated or there is common ground, then only the finally configured rules are alid, the preiously configured rules will not go into effect. ".!.! %$CP Server There are three submenus in the 079C* Serer3H 079C* Serer3, 0Client List3, and 0Static !ssigning3. The corresponding functions are described in details below. ".!.!.1 %$CP Server *rotocol settings include "* !ddress, Subnet 2ask, .ateway and 7)S Serer. Configuring TC*1"* protocol for all the computers in L!) is not easy. 9oweer, 79C* serer proides this function. "f you use the ,outer<s 79C* serer function, you can enable 79C* serer to automatically configure the computer<s TC*1"* protocol in L!). %$CP Server1 "f you want 79C* to automatically configure the TC*1"* parameters. *lease select this option. IP Pool Starting -ddress1 The "* starting address automatically distributed by 79C* serer. IP Pool 'nding -ddress1 The "* ending address automatically distributed by 79C* serer. &ease Time1 The "* address lease time distributed by 79C* to client. The default alue is (%%& minutes. Primary %.S Server1 %istributed %.S server address. 2! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Secondary %.S Server1 %istributed %.S server address ;optional<. .ote1 "n order to use the ,outer<s 79C* serer, the TC*1"* protocol of the computer in L!) must be set as 0Obtain an "* address automatically3. ".!.!.2 Client &ist The 79C* client list displays all the 9ost )ames, "* !ddresses, 2!C !ddresses and Lease Time ia 79C*. $ost .ame1 The host name of client. IP -ddress1 The "* address applied by the client. 2-C -ddress1 The 2!C address of the computer which applies for the "* address. &ease Time1 The alid using time of the obtained "* address. ".!.!.! Static -ssigning 79C* serer supports static "* address assigning. ?ou can use it when you want to make a computer in L!) obtain the same "* address distributed by 79C* serer each time it starts. :or e5ampleThe 2!C address of a computer in L!) is &&H6DHD%Hc&Hd$H4f. "f you want it to obtain the "*H 6E(.6L%.&.6D& eery time it starts. :irst, enter the "* address and 2!C address and then click 0add3 and sae it .the finished configuration is as below. 3" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide IP -ddress,esered "* !ddress. 2-C -ddress.The 2!C address of the computer which reseres "* address. -dd!dd the resered "* address and 2!C address to the list. 'dit 2odify the "* address and 2!C address by static assignment. %elete Clear the established static assignment information. ".!." %2> "n some special cases, one computer in L!) is reGuired to be fully e5posed to W!) to achiee two/way communication. The computer needs to be set as 72; host. Setting StepsH :irst enter the W!) corresponding 72; host<s L!) computer<s "* in 072; 9ost "* !ddress 2apped by W!)6 and1or W!)(3 entry field. Then click 0#nable3 and sae 72; host setting. .ote1 :irework setting related to the "*s will be disabled after 72; is configured. ".!.3 -ccess Control "n order to enhance the ,outer<s management security, you can specify the computer<s "* address and change the ,outer<s port number. 31 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".!.3.1 &-. -ccess Control 'nable1 #nable the ,outer<s W#+ interface access control function. IP -ddress1 #nter the computer<s L!) "* address. Port1 The default port number is %&. #nter the Web interface port number you access. .ote1 When the "* address is set, other addresses can not log on the ,outer<s Web/ based interface. :or e5ampleH When the ,outer<s default "* address is 6E(.6L%.&.6, if you only permit the client computer with the "* address of 6E(.6L%.&.6&& to access the ,outer<s Web interface ia port %%%%, you need to set the following parameters and change the ,outer<s access address to httpH116E(.6L%.&.6H%%%% ".!.3.2 /-. -ccess Control )ormally, only L!) users can access ,outer, but this function will enable you to access and control ,outer remotely to meet the special needs. 32 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 'nable1 "t will enable W!) port to !ccess and Control ,outer function. IP address1 #nter the "* address of the remote client computer. Port1 default port is %&%&B enter the W#+/based interface port number you access. )oteH ,outer default W!) !ccess Control can be modified according to your needs. ?ou must only follow the formatH 0"* address @the "* is the ,outer<s W!) "* addressAH port3. @:or e5ample, "f router<s W!) port "* is (66.(4.6.(, enter httpH11(66.(4.6.(H%&%&A to access ,outer for remote management. !ll W!) computers can access ,outer for remote W#+ management at its default W!) !ccess Control "* addressH &.&.&.&. +ut if you change the default "* address @for e5ample you set it as D%.L&.666.((6A, then only the specified W!) computer @D%.L&.666.((6A can access the ,outer management interface. :or e5ampleH when router<s W!) default "* is D%.(D6.%%.E&, and you only want to allow client computer with "* addressH D%.L&.666.((6 to access, control router<s W#+ interface ia portH %&%& W!). Then you need to set the following parameters, and change router<s access address toH httpH11 D%.(D6.%%.E&H%&%& ".!.? Port Parameters Setting There are 0*ort 2ode3 and 02!C !ddress3 submenus, click one of them to enter corresponding function setting. 33 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".!.?.1 Port 2ode ?ou can set W!)6 and W!)( *ort 2odes respectielyH auto/negotiation, 6&2 half duple5, 6&2 full duple5, 6&&2 half duple5, 6&&2 full duple5 based on your needs. ".!.?.2 2-C -ddress ?ou can set all ports 2!C address of the ,outer on the following page. &-. Port 2-C -ddress1 displays router<s L!) 2!C address, you can input it manually. /-.1 Port 2-C -ddress1 displays routers W!)6 2!C address, you can input it manually. /-.2 Port 2-C -ddress1 displays routers W!)( 2!C address, you can input it manually. +estore to %efault 2-C1 factory 2!C address will be displayed after you click the button. .ote1 1. Some "S* binds users< computer 2!C, please copy the current administrator<s computer 2!C address to the corresponding W!) 2!C address field or change 2!C address manually. W!) 2!C address in 0,unning Status3 will be changed accordingly as you change the alue. (. W!) 2!C address modification only takes effect when router is rebooted. 7on<t use 34 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide this function "f your "S* does not bind your router 2!C address to aoid prolblems. "." I-2 There are 0.roup Settings3, 0Client :ilter3, 0-,L :ilter3, 0Website :ilter3, 0*rotocol :ilter3, 0+andwidth and )!T #ntry3 Setting submenus in "!2 menu. ?ou can enter the corresponding setting by clicking any of them. ".".1 4roup Settings There are 0-ser .roup3, 3Time .roup,3 *rotocol :eature3 three submenus. ?ou can enter the corresponding setting by clicking any of them. ".".1.1 8ser 4roup ?ou can set -ser .roup by adding "* .roup, .roup 7escription, and suitable "* or "* segment. The set "* .roup will cooperate with sub/functions of "!2. :or e5ample, if an enterprise<s , R 7<s "* segment is 6E(.6L%.&.(&/6E(.6L%.&.4&. Then you can click 0!dd "* .roup3 to finish its configuration. 35 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 1 IP 4roup .ame1 + and %. 2 IP 4roup %escription1 %evelopment. ! -dd IP1@2.1?(.).2):1@2.1?(.).!) ". Clic# A-ddB and A-pplyB6 the following will appear. ".".1.2 Time 4roup ?ou can set Time .roup by adding time group, setting group name, group description and the needed time or time range. :or e5ample, if you want to set %&&/6%&& on the work days from 2onday to :riday as a time group, you Pust need to click 0!dd Time .roup3 36 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 6.ameWork days (%escription 1 Work days 4Time range%&&/6%H&& from 2onday to :riday $Click 0Sae3, the following interface will display. ".".1.! Protocol eature This page shows the filterable software information. ".".2 Client ilter "n order to further manage the computers in L!), you can control the computers to access 3# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide internet ia some W!) ports by data packets filter function. Click 0!dd :iltering ,ule3 the following page will display. iltering 2ode1 There are two modes 07isable3 and 0#nable3 for options. iltering 2ode::::%isable1 :orbids the packets which accords with the rule to pass through the ,outer. Other unrestricted packets are allowed to pass. The filter rule takes effect on the corresponding "* or "* range. iltering 2ode::::'nable1 *ermits packets which accords with the "* .roup, Time .roup, and *ort rule to pass through the ,outerB packets that accord with "* .roup, Time .roup, but not match *ort rule are not allowed to pass. Other packets whose "* .roup and Time .roup rules are not enabled can pass through the router normally. The filter rule takes effect on the corresponding "* or "* range. 'nable1 enables filter. +emar#1 The simple description for configuration file. IP 4roup1 select the added "* .roup Time 4roup1 select the added Time .roup. /-. Port Segment1 :ill in the port numberB you can specify a port range. 0)ull3 means all the ports from 6 to LDD4D. Type1 Select the protocol used by the controlled packets. @0!ll3 includes TC*1-7*.A .ote1 :ilter rule only takes effect on corresponding "* range and time group. Others which don<t 3 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide accord with filter rule are not affected. 'Cample 1 "f you don<t want the computer at the "* addresses of 6E(.6L%.&.(&/ 6E(.6L%.&.4&"* groupH , and 7 to isit website at %H&&/6%H&&@Time groupH work daysA from 2onday to :riday without control oer other computers in L!), you need to set the parameters as follows. Click 0Sae 3, the following appearsH Tick 0#nable3 and Sae to bring it into effect. ".".! 8+& ilter "n order to control the L!) computers to isit websites, you can use -,L filter to specify the accessible1 inaccessible websites and accessible1inaccessible time. ?ou will reach the following page by clicking 0!dd :ilter ,ule3H 3! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ilter 2ode1 ?ou can only choose either 07isable3 or 0#nable3. ilter 2ode::::%isable1 :orbids the restricted data packets to pass through the ,outer. Other unrestricted data packets can pass through the ,outer. :ilter rule takes effect on "* group and time group. ilter 2ode:::::'nable1 *ermits data packets which accord with "* .roup, Time .roup, -,L String and :ile Suffi5 )ame rules to pass through the ,outerB *ackets which accord with "* .roup, Time .roup, but not match -,LString and :ile Suffi5 )ame rules are prohibited from passing through the ,outer. Other data packets whose "* and Time .roup are not enabled can pass through the router normally. 'nable1 #nables filter. +emar#1 The simple description of the configuration. IP 4roupH select the added "* group. Time 4roup1 select the added Time .roup. 8+& String1 #nter the filtered domain name. ile SuffiC .ame7omain name<s suffi5 name. .ote :ilter rule only takes effect on corresponding "* group and time groupB others which don<t accord with filter rules are not affected. 'Cample 11 "f you want the computers within the "* address segment of 6E(.6L%.&.(&M6E(.6L%.&.4& @"* .roupH , R 7A to only isit the websites which contains 0sina3 3baidu3 06L43 strings at the time of %H&&/6%H&& @Time .roupH work daysA from 2onday to :riday, and other computers can isit all websites, you need to set the parameters as followsH 4" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Click 0Sae3 to moe to the following pageH Tick #nable and Sae to effect the function. "."." /ebsites ilter ?ou can manage L!) computers< access to "nternet websites easily ia website classification and filter function. 41 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 9loc#1 "t will block you from accessing websites of this kind by prompting to you#rrorH Site or *age )ot :ound3 +ecord1 "t records the time, "* and website domain name you hae accessed in log. /arning"t prohibits you from accessing websites of this category and prompts that 0The website access is not permitted by this router.3 ".".3 Protocol ilter There are 0*rotocol :ilter3 and 0#5ceptional3 two submenus in *rotocol :ilter. ?ou will enter the corresponding setting by clicking one of them. The following gies the detailed e5planation. ".".3.1 Protocol ilter ?ou can manage access to some softwares and protocols ia *rotocol :ilter. Clicking 0!dd *rotocol :iltering :eature3 will bring you to the following interface. 42 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ,ule )ame)ame of protocol feature filter rule. #nable#nable filter rule. "* .roup )ameSelect the added "* group, default is 0all3. Time .roup )ameSelect added Time .roup, default is 0all3. ,ule 7escriptionSimple description of filter rule. *rotocol :eatureSelect and add the software you want to filter among all *rotocol :eature. or eCample 1 "f you don<t want users whose computers< "*s are within the "* address segment of 6E(.6L%.&.(&/6E(.6L%.&.4&@"* .roupH , R7 7epartmentA to oice/chat ia oip h.4(4 sip at %H&&/6%H&& from 2onday to :riday without control oer other computers in L!), you need to set the parameters as follows. Click 0!pply3 to moe to the following interfaceH 43 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".".3.2 'Cceptional ?ou can manage access to network chat tools ia 0#5ceptional3 menuH 'nable Chat Software ilter#nables filter rules. bang IP 4roup .ameThe already configured "* .roup name. .ote?ou hae to go to -ser .roup interface to add "* group to set "* .roup, if you hae not configured "* .roup. iltering SoftwareSelect the softwares you want to filter. 'Cceptional 00 ?ou allow them to pass by specifying #5ceptional ==s and adding remarks if you hae enabled == filter. :or e5ample "f you don<t want computers at the "* addressesH 6E(.6L%.&.(&/ 6E(.6L%.&.4& @"* .roupH , and 7A in L!) to access 0==3 02S)3 and 0:etion3 but allow manager @== numberH 6(4$DLA to access ==, you need to set the parameters as followsH 44 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide .oteOnly after you reboot the router can the configuration of Chat Software :ilter take effect. ".".? 9andwidth D .-T Setting There are +andwidth Setting and )!T #ntry two submenus in +andwidth R )!T Setting. The former enables you to 0!dd +andwidth Control3B while the latter allows you to configure 0!dd )!T #ntry Control3. ".".?.1 9andwidth Control +andwidth Control can limit the communication flow of intranet computers. "t allows the deice to support flow control oer ma5imum (D$ *Cs simultaneously. Configuration of "* address range is supported as well. Click 0!dd +andwidth Control3 to go to the following interface. 45 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 'nable#nable filter rules. IP -ddress +ange:low controlled host computers< "* address rangeH can be a single "* or a "* segment. 8plin# +ange 2a5imum data flow which is permitted to be uploaded by host computers within specified "* range. -nit is >bytes1s. %ownlin# +ange 2a5imum data flow which is permitted to be downloaded by host computers within specified "* range. -nit is >bytes1s. 8plin# 7%ownlin# 2odeSelect -plink17ownlink 0"ndependent1 Share3 +andwidth for "* within the range. 8plin#7%ownlin# PolicySelect -plink17ownlink fi5ed1 fle5ible +andwidth for "* address within the range. .ote if you choose 0 when the bandwidth has surplus , you can use more bandwidth3 the ,outer will fle5ibly manage the uplink and downlink flow. "f the bandwidth is surplus, you can use more than the configured uplink and downlink bandwidth limit, otherwise, you can also use bandwidth within the configured limit. %escriptionSimple description of the rules. ".".?.2 .-T 'ntry Setting ?ou can set the )!T #ntry of a computer to control the specified computer<s )!T entries. The e5cessie entries can<t pass through the ,outer, while undesignated computers can establish )!T entries without limit. Click 0!dd )!T #ntry Control3 to enter the following interface. 46 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Starting7'nding IP1 #nter the "* address range you want to control. Type1 Select the )!T entry control type. ?ou can select 0"ndependent3 or 0Shared3. Independent1 "t takes effect respectiely and separately on each single "* and controls the ma5imum entries of each "*. Shared1 "t takes effect on the whole "* segment as a group and controls the total entries of the whole "* segment. .-T 'ntry Control1 The ma5imum entries allowed. The range is from 6 to EEEE. 'nable1 Select it to enable )!T #ntry Control function. :or e5ampleH "f you want to control the computers with "* addresses of 6E(.6L%.&.6&&/6E(.6L%.&.(&&, allow them to achiee ma5imum entries of (&& with type 0Shared3, you need to configure as the picture below. .ote Only after you reboot the router can the configuration of )!T #ntry Setting take effect. 4# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".3 Security 0Security3 consists of 02!C :ilter3, 0!,* 7efense3, 0!ttack 7efense3 0"*/2!C +inding3 and 0!ttack List3. Their functions are described in details below. ".3.1 2-C ilter "n order to manage the computers in L!) better, you can control the "nternet accesses of L!) computers by 2!C address filter. Click 0!dd :ilter ,ules3 to moe to the following interfaceH ilter 2ode1 ?ou can only choose either 0#nable3 or 07isable3. %isable1 :orbid the limited data packets to pass through the ,outer. Other unlimited packets are allowed to pass. 'nable1 *ermit the limited packets to pass through the ,outer. Other unlimited packets are allowed to pass. 4 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide +emar#1 The simple description of this configuration. 2-C1 #nter the 2!C address you want to control or select the 2!C address in 2anual Setting. Time1 Set the start time and end time of the rule. "f the time is not set, the default alue & indicates ($ hours. %ate1 Select the options according to your demand. 'Cample 11 "f you forbid the computer at the 2!C address of &&H+&H&CHFFH%%H&& to access the "nternet from %H&&/6%H&& eeryday without restrict to other computers and other time, you need to set the parameters as follows. Click 0Sae3 to enable 2!C :ilter function. 'Cample 21 "f you only permit the computer at 2!C address of &&H+&H&CHFFH%%H&& to access "nternet only from %H&&/6%H&& eeryday but forbid other computers in L!) to access internet anytime. ?ou need to set the parameters as follows. Click Sae and tick 0:orbid deices not in list to access internet3 to enable the function. 4! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".3.2 -+P %efense "n order to preent !,* attack and cheat, the ,outer enabled this function by default to protect your network. The default !,* broadcast interal is one second, and you can set the range from 6 to L& seconds. ".3.! -ttac# %efense "n 0!ttack 7efense3 page there are 0W!) !ttack 7efense3 and 0L!) !ttack 7efense3. Click one to enter the corresponding setting. The following illustrates their functions in details. ".3.!.1 /-. -ttac# %efense There are 0Scan !ttacks 7efense3 and 07oS !ttacks 7efense3, 0Suspicious *ackets 7efense3, 0*ackets 7efense Containing "* Options 3,3Other !ttacks3 in W!) !ttack 7efense. IP Scan ! source "* sends "C2* reGuest packets to 6& different destination "* addresses within less than the prescribed time, which indicates "* scan attack is ongoing. 5" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Port Scan! source "* sends TC* S?) reGuest packets to 6& different ports of one destination address within less than the prescribed time, which indicates port scan attack is ongoing. IP Cheat Select "* Cheat checkbo5 to check whether packets from specified area are committing "* cheat. .ote1 This function takes effect on L!) only not on W!). IC2P lood"f "C2* reGuest packets a destination "* receies within one second are beyond the specified amount, it indicates this destination "* is being attacked by "C2* :lood. 8%P lood"f -7* packets a port of a destination "* receies within one second are beyond the specified amount, it indicates this destination "* is being attacked by -7* :lood. SE. lood"f TC* S?) packets a port of a destination "* receies within one second are beyond the specified amount, it indicates the port of this destination "* is being attacked by TC* S?) :lood. &-.% -ttac#1 This refers to the combined attack of S?) :lood !ttack and "* cheat. "t takes place when attacker sends deceptie S?) packets which include the ictim<s "* address as source and destination "* addresses. /in.u#e "t refers to Win)uke against 7oS attack of any online computer which runs Windows. !n attacker sends TC* fragment @usually configured as -,. )et+"OS port 64EA to connected hosts, which causes fragment oerlapping and leads to breakdown of the 51 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide computer. 9ig IC2P Pac#ets .enerally, an "C2* packet is within 6&($ +ytes and will be considered as a suspicious packet if it e5ceeds the amount. TCP Pac#ets /ithout lag! normal TC* packet has at least one configured symbol @flagA, and those without any control symbol are regarded as suspicious packets. Set the TCP Pac#ets of SE. and I. at the Same TimeThose that hae both simultaneously configured S?) and :") control symbols in the same TC* fragment packets are suspicious TC* packets TCP Pac#ets only Set I. without -CF TC* packet which hae configured :") symbol but no !C> symbol are abnormal. 8n#nown Protocol "f the character segment alue in protocol type of an "* packet is 64D or bigger, resered and undefined alue, it is impossible to figure out in adance, due to the undefined protocols, whether this unknown protocol is well/intentioned or malicious. The cautious solution for these non/standard protocols is to block and preent them from entering the protected network. IP Timestamp Option "t refers to whether to check "* from specified area contains 52 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 0"nternet Timestamp3 or not. IP Security Option "t refers to whether to check "* from specified area contains 0Security3 or not. IP Stream Option"t refers to whether to check "* from specified area contains 0Stream "73 or not. IP +ecord +oute Option"t refers to whether to check "* from specified area contains 0,ecord ,oute3 or not. IP &oose Source +oute Option"t refers to whether to check "* from specified area contains 0Loose Source ,oute3 or not. IP Strict Source +oute Option"t refers to whether to check "* from specified area contains 0Strict Source ,outeB or not. Invalid IP Options "t refers to whether to check the integrity or correctness of the "* packet from specified area or not. ilter Ping rom /-. Port,outer will not respond to ping detect from W!) port after this function is enabled. %%oS -ttac# %efense,outer will block 77)S attack after this function is enabled. Shoc# /aves6 Sasser and Other 5iruses %efense1 enabling this function to block shock waes sasser and other iruses attack. ".3.!.2 &-. -ttac# %efense There are 0Scan !ttacks 7efense3 , 07oS !ttacks 7efense3, 0Suspicious *ackets 7efense3, 0*ackets 7efense Containing "* Options 3 and 3Other !ttacks3 in L!) !ttack 7efense. 53 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide IP Scan ! source "* sends "C2* reGuest packets to 6& different destination "* addresses within less than the defined time, which indicates "* scan attack is ongoing. Port Scan! source "* sends TC* S?) packets to 6& different ports of one destination address within less than the defined time, which indicates ports scan attack is ongoing. IP Cheat Select "* Cheat checkbo5 to check whether packets from specified area are committing "* cheat. .ote1 This function takes effect on L!) only not on W!). IC2P lood"f "C2* reGuest packets a destination "* receies within one second are beyond the specified amount, it indicates this destination "* is being attacked by "C2* :lood. 8%P lood"f -7* packets a port of a destination "* receies within one second are beyond the specified amount, it indicates this destination "* is being attacked by -7* :lood. SE. lood"f TC* S?) packets a port of a destination "* receies within one second are beyond the specified amount, it indicates the port of this destination "* is being attacked by TC* S?) :lood. &-.% -ttac#1 This refers to the combined attack of S?) :lood !ttack and "* cheat. "t takes place when attacker sends a deceptie S?) packet which includes the ictim<s "* address as source and destination "* addresses. 54 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide /in.u#e "t refers to attacking 7oS of any computer which runs Windows. !ttacker sends TC* fragment @usually configured as -,. )et+"OS port 64EA to connected host, which causes fragment oerlapping and leads to breakdown of the computer. 9ig IC2P Pac#ets .enerally, "C2* packet is less than 6&($ +ytes and will be considered as a suspicious packet if it e5ceeds. TCP Pac#ets /ithout lag! normal TC* packet has at least one configured symbol @flagA, and those without any control symbol are regarded as suspicious packets. Set the TCP Pac#ets of SE. and I. at the Same Time1Those that hae both simultaneously configured S?) and :") control symbols in the same TC* fragment packet are suspicious TC* packets TCP Pac#ets only Set I. without -CF TC* packet headers which hae configured :") symbol but no !C> symbol are abnormal. 8n#nown Protocol"f the character segment in protocol type of "* packet which is 64D or bigger, is resered and undefined, it is impossible to figure out in adance whether this unknown protocol is well/intentioned or malicious. The cautious solution for these non/ standard protocols is to block and preent them from entering the protected network. 55 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide IP Timestamp Option "t refers to whether to check "* from specified area contains 0"nternet Timestamp3 or not. IP Security Option "t refers to whether to check "* from specified area contains 0Security3 or not. IP Stream Option"t refers to whether to check "* from specified area contains 0Stream "73 or not. IP +ecord +oute Option"t refers to whether to check "* from specified area contains 0,ecord ,oute3 or not. IP &oose Source +oute Option"t refers to whether to check "* from specified area contains 0Loose Source ,oute3 or not. IP Strict Source +oute Option"t refers to whether to check "* from specified area contains 0Strict Source ,outeB or not. Invalid IP "t refers to whether to check the integrity or correctness of the "* packet from specified area or not. 56 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ilter Ping rom &-. Port,outer will not respond to ping detect from L!) port after this function is enabled. %%oS -ttac# %efense,outer will block 77oS attack after this function is enabled. Shoc# /aves6 Sasser and Other 5iruses %efense1 enabling this function to block shock waes sasser and other iruses attack. ".3." IP:2-C 9inding There are "*/2!C +inding and 7ynamic +inding two submenus in "*/2!C +inding menu. The detailed function of each will be illustrated below. ".3.".1 IP:2-C 9inding This function realizes the binding of intranet computer<s "* and 2!C address. Once address binding configuration is completed, the specified "* can only be used by the corresponding designated computer, which soles "* address collision problem caused by random change of "* address in L!). :urthermore, you can also select 02andatory 2ode3 to forbid unbound computers to access internet. 'nable IP:2-C 9inding#nables "*/2!C +inding function. 5# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 2odeSelect 0)ormal 2ode3 or 02andatory 2ode3. .ote0 )ormal 2ode3 only forbids "* which does not match the bound 2!C, while "*s which are not included in binding list can communicate normally. 2andatory 2odeOnly permits "* that matches the 2!C addresses in binding list to access internet. Click 0!dd +inding3 to moe to the following screenH -+P &ist 7isplays the corresponding "* and 2!C addresses in the !,* List. Select 02anual set3 in !,* List if you want to add "* and 2!C addresses. IP -ddress"* address that needs to be bound. 2-C -ddress1 2!C addresses that need to be bound. Only when "* and 2!C addresses in binding list reach one/to/one correspondence can the computer access internet after binding function is enabled. +emar#1 simple description of binding. ".3.".2 %ynamic 9inding This binding list shows internal network "* and corresponding 2!C addresses access 5 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide information. ?ou can select 0binding< or 0!ll binding3 to fulfill "*/2!C address Guick binding. ".3.3 -ttac# &ist This page displays the host computers which are filtered by the ,outer because of attacks. These attacks are usually caused by network iruses. When you are sure that the iruses in the host computer are all cleared, you can click 07elete3 to restore the computer<s normal access ability. ,outer automatically displays the computer<s "* and 2!C addresses in !ttack List and shields1filters the corresponding host when detecting iruses or some computer is trying to make malicious attack. This computer is thus preented from accessing internet after the function is enabled. To restore this host<s normal access to internet, click 07elete3 ".? -dvanced Settings 0!danced Settings3 menu includes 08irtual Serer3, 0-*n*3, 0One /to /One )!T3, 077)S3, 0,outer Table3 fie submenus. Clicking on one submenu brings you to the corresponding configuration. 5! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".?.1 5irtual Server *ort 2apping defines the mapping relationship between the W!) serice port and L!) serer. !ll the accesses to W!) serice port will be redirected to the L!) network serer designated by "* address. *ort mapping allows you to establish public serices such as Web serer, :T* serer, etc. Click 0!dd 8irtual Serer3 to go to the following interfaceH /-.1 select a W!) for *ort 2apping, W!)6, or W!)( as options. /-. Port1 W!) serice port which proides e5ternal network serice. /ell:#nown Service1 "n the Well/known serice options, there are some commonly used protocol ports such as 7)S @D4A, :T* @(6A, .O*9#, @F&A, 9TT* @%&A, ))T* @66E&A, *O*4 @66&A, **T* @6F(4A, S2T* @(DA, SOC> @6&%&A and T#L)#T @(4A. ?ou can manually add the ports which are not included in the aboe to the list. &-. Port1 L!) serice port, namely the client<s *C port. &-. IP1 "* address of the computer which is used as a serer in L!). Protocol1 "ncludes TC*, -7* and !ll. When you are not sure of which protocol to use, please select all. 'nable1 Select this item to enable the set rules. 2odify1 2odify the mapping correspondingly numbered port. or eCample1 "f you build a Web serer in a computer at the internal L!) "* address of 6E(.6L%.&.6& ia 6" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide port of %&, and you want to access the web serer ia W!) through httpH115.5.5.5H$& @5.5.5.5 is the ,outer<s W!)( "* addressA, you can enter Q$&3 in 0W!) *ort3, 0%&3 in 0L!) *ort3, 06E(.6L%.&.6&3 in 0L!) "*3, 0!ll3 in 0*rotocol3 and then 0#nable3 and 0Sae3 it to effect the function. .ote1 "f you set a irtual serer at the serice port of %&, you need to set the 0,emote Web 2anagement3 at any alue e5cept %&, like %&%&. Otherwise, there will be collision which affects the irtual serer. ".?.2 8PnP The latest -niersal *lug and *lay network protocol is supported by Windows 2#1 Windows C* or higher, @The operating system needs to be integrated with or to install 7irect5E.& or higher ersion,A or application software which supports -*n*. :or e5ample, if Thunder or other *(* software is installed in Windows C*, you can use -*n* protocol in uploading and downloading. "f -*n* is enabled, you can see the port forwarding information when starting Thunder. *ort information forwarding is supplied at the reGuest of application program. 61 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide I%"t indicates the item<s number. +emote $ost1 The description of the remote host which receies or sends data. 'Cternal Port1 The ,outer<s port number used for forwarding. Internal $ost1 The description of the internal host which receies or sends data. Internal Port1 The host<s port number which needs port forwarding. Protocol1 "t specifies the port forwarding to TC* or -7*. %escription1 Software information of mapping port. ".?.! One:to:One .-T This function fulfills one/to/one )!T static mapping between L!) "* and W!) "*. Click 0!dd )!T3 to enter the following interfaceH L!) Starting !ddressH :ill in the internal host "* address. W!) Starting !ddress:ill in W!) "* address which is correspondingly mapped by internal "* address. "* Count"t indicates one/to/one )!T "* numbers. #nable#nables the currently set rule, which doesn<t take effect when 0#nable3 is not selected. :or e5ampleH by entering 6E(.6L%.&.6& in L!) starting "* address, 6F(.64%.66(.666 in W!) starting "* address, and D in 0"* Count3 field, you specify that L!) "*sH 6E(.6L%.&.6& S6E(.6L%.&.6$ and W!) "*sH 6F(.64%.66(.666S6F(.64%.66(.66D are reaching one/to/ one correspondence. 62 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".?." %%.S This page allows you to set dynamic 7)S parameters. When the connection is successfully established, other hosts on the "nternet can access your ,outer or irtual serer ia domain name. T#"$%&T' ,outer proides the same dynamic 7)S configuration method for each W!). 'nable %%.S1 Select it to enable this function. Service Provider1 Select the 77)S serice proider among 7yndns.org, %%ip.cn, freedns.afraid.org, zoneedit.com, no/ip.com, and 44((.org. 8ser .ame1 The user name registered on 77)S serer. Password1 The password registered on 77)S serer. %omain Information1 The 7omain )ame obtained from 77)S serer. Connection Status1 The current connection status of 77)S serer. 63 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 'nable %%.S1 Select it to enable this function. Service Provider1 Select the 77)S serice proider among 7yndns.org, %%ip.cn, freedns.afraid.org, zoneedit.com, no/ip.com, and 44((.org. 8ser .ame1 The user name registered on 77)S serer. Password1 The password registered on 77)S serer. %omain Information1 The 7omain )ame obtained from 77)S serer. Connection Status1 The current connection status of 77)S serer. ".?.3 +oute Table There are two submenus 0,oute Table3 and 0Static ,oute3 in 0,oute Setting3 menu. The functions of these submenus will be illustrated below. ".?.3.1 +oute Table This page displays the ,oute Table contents. ".?.3.2 Static +oute ?ou can configure the Static ,oute functions on this page, click 0!dd Static ,outing3 and 64 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide specify Static ,oute rules. %estination IP1 The "* address of destination host or destination network. Subnet 2as#1 The subnet mask of destination address. -sually the alue is (DD.(DD.(DD.&. 4ateway1 The "* address of the ,outer< entry for ne5t hop. ".G 5P. There are two submenusH 0**T* Client3, and 0**T* Serice3 in 8*). Click one to enter corresponding setting. The functions of each are illustrated in details below. ".G.1 PPTP Client **T* Client supports the connection between 8*) router client and 8*) router serice. :or e5ampleH if a branch and its headGuarter of an enterprise want to achiee simple, safe, mutual access to each other<s resources, they can simply use the **T* client in the router of the branch. The configuration method is illustrated belowH 65 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 'nable PPTP ClientTick to enable **T* client function PPTP Server -ddress**T* serice address which needs to be dialed 8ser .ame**T* user name assigned by serice Password"t corresponds with user name and is assigned by serice 'nable 'ncryption or .ot Select whether to 0enable encryption or not3 according to serice configuration. Only when serer and client share the same configuration can communication be normally maintained. PPTP .et Segment The accessed net segment ia **T* tunnelB usually it is configured as L!) address segment of **T* serice. PPTP 2as# **T* net segment mask. Status"t displays the connection status of **T* client. Obtained PPTP -ddress"t indicates the "* address assigned by **T* serice. ".G.2 PPTP Server There are three submenus in 0**T* Serer3H 0**T* Serer3 0Client Setting3, 07ial/in List3. The detailed functions of each are illustrated below. ".G.2.1 PPTP Server **T* serice supports the connection between **T* Client and 8*) router. :or e5ampleH a branch company needs to use **T* 8*) to send daily financial reports to its 66 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide headGuarter and receie emails from company internal email bo5. This is accomplished by dialing/in to access company internal network. Configuration methods are demonstrated in details belowH #nable **T*Tick to enable **T* 8*). 2a5imum **T* LinksThe largest number of supported **T* clients who dial/in simultaneously. System allows % different clients to dial/in at the same time. **T* Serer !ddress:ill in the **T* serer<s "* address. **T* Client !ddress ,angeThe "* address range assigned by serice to a client after his access ia 8*) dial/in. #nable or 7isable #ncryptionSupports 6(%/bit data encryption. Tick to enable 6(%/bit encryption mode for both sides< communication, which is only achieed when serice and client share the same configuration. ".G.2.2 PPTP Client Setting !fter the aboe configuration is finished you need to create **T* clients for router. #nter **T* Client Setting and click 0!dd -sers3. :or e5ample, you can configure like thisH user nameH test, passwordH 6(4, and client corresponding net segmentH 6E(.6L%.&.&, please follow the configuration method shown in the diagram below. 6# T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 8ser .ame -ser name for accessing **T* serer Password *assword for accessing **T* serer Confirm Password ,econfirm *assword for accessing **T* serer Client Is networ# or not Select network access or single *C access mode for client. .ote?ou hae to choose network for client if router is **T* client access mode and you want all L!) computers in router can be connected. .et Segment **T* client net segment. 2as# **T* client subnet mask ,emark :ill in remarks @optionalA. ".G.2.! %ial:in &ist This page shows the information of **T* client ia dial/up. 8ser name1 -ser name of **T* client ia dial/in. %ial:in IP**T* client "* address. -ssign IP"* address assigned by **T* serer to client. 6 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".( 2onitor There are three submenus in 02onitor3H 0Statistics3, 0Log 8iew3, 0Log Setting3. Click one to enter the corresponding setting. :unction of each submenu is illustrated in details below. ".(.1 Statiscs 'nable Traffic Statistics Select to enable this function. System default is 07isable3, please disable it to improe router<s capability in dealing with packets if there is no need for traffic statistics. ,efreshClick to refresh statistics list. .ote "t is normal, if there is a little deference between actual data and statistic data shown by Traffic Statistic, which is caused by actual traffic transient peak alue. ".(.2 &og 5iew "n system log you can check all kinds of conditions when system starts and whether there is network attack or not. 6! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".(.! &og Setting +ased on system default, when system log records reach the number of (DL, old log records will be automatically deleted. To proide complete knowledge of router<s running status, Log Setting function transfers router log information to log serer. Click 0!dd Log Setting3 to moe to the following interfaceH &og Server IP -ddress "* address of log serer. &og Server PortSerice port of log serer. 'nable#nable log serice function. ".@ System Tools There are seen submenus in system toolsH Time Setting, +ackup and ,estore, :irmware -pgrade, *olicy -pgrade, ,estore :actory 7efault, ,eboot, Change password 1-sername. Click one to enter the corresponding setting. The function of each is illustrated in details below. #" T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".@.1 Time Setting ?ou can set time zone yourself or obtain .2T from internet. The .2T can only be gotten after successful access to internet. ?ou can also manually input the current time. 'nable .etwor# TimeSystem time is obtained automatically from network. Time -dHusting Period Select system time and time adPusting period, which is ( hours by default, according to your specific needs. Time >oneSelect your local time zone. ".@.2 9ac#up 7 +estore ?ou can backup the current or restore preious router configuration. #1 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide +ackup 1 ,estore setting stepsH Click Q+ackupQ to enter configuration interface. Specify the path to sae the configured file and click O> to create a system/configured backup file in specified directory. Click 0+rowse3 to select the correctly uploaded file and click 0,estore3. Then reboot the ,outer to restore the preious settings. ".@.! irmware 8pgrade ?ou will get a more stable router ersion and additional router functions by upgrading router<s firmware. irmware upgrading steps +rowse to select the path of firmware file. Then Click 0-pgrade3 to upgrade. ,outer automatically reboots after being upgraded. )ote7o not shut down the router power during upgrading, otherwise the router will be damaged and can not be used. "t automatically restarts after successful upgrading. *lease wait patiently for the upgrading process to finish, which lasts for seeral minutes. #2 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".@." Policy 8pgrade Obtain more stable filter function by upgrading the router<s policy file. Policy upgrading steps +rowse to choose the path for the policy file. Click 0-pgrade3 to upgrade policy. #3 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide ".@.3 +estore actory %efault Click 0,estore :actory 7efault3 to bring all configurations to factory defaultH 7efault -ser )ameadmin. 7efault *asswordadmin. 7efault "* !ddress6E(.6L%.&.6. 7efault Subnet 2ask(DD.(DD.(DD.&. 0,estore :actory 7efault3 only takes effect after the router reboots ".@.? +eboot This interface below introduces function to reboot router ia software. "t takes about $& seconds. Click 0,eboot3 to bring configuration which can only be effected after the router is restarted. ,outer automatically ends network connection before restarting. ".@.G Change Password78sername #4 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide This page allows you to modify administrator<s user name and password. *lease enter a new username and the old password first then a new password. "f the old entered password is correct, after clicking 0Sae3, system user name and password is successfully modified. )ote"t is highly recommended that you change the original user name and password for the sake of safety. ".1) logout *lease log out router<s web/based management interface by clicking 0logout3 tag after all configurations are completed. #5 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide -ppendiC 11 $ow to Set TCP7IP ;Ta#e /indows IP for eCample< 6. Click 0Start3N 0Control *anel3 to enter the control panel. Picture 1 (. Click 0)etwork and "nternet Connections3 to enter the connection page. Picture 2 #6 T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide 4. Click 0)etwork Connections3 to display the following window. Picture ! $. ,ight click 0Local !rea Connection3 and select 0*roperties3 Picture " D. Select 0"nternet *rotocol @TC*1"*A3 on the appearing window and click 0*roperties3 button. ## T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide Picture 3 L. 2ethod 6H Click 0Obtain an "* address automatically3, 0Obtain 7)S serer<s address automatically3 and then click 0O>3. Picture ? 2ethod (H Select 0-se the following "* address3 and enter the "* addressH 6E(.6L%.&.555 # T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide @555 can be any alue from (M(D$A. Subnet maskH (DD.(DD.(DD.&. 7efault gatewayH 6E(.6L%.&.6. *referred 7)S sererH 6E(.6L%.&.6. "f you know the local 7)S serer address, you can fill it in. Picture G F. Click 0O>3 to return to the 0Local !rea Connection *roperties3 window. %. Click 0Close3 to e5it the window. "n this chapter, we introduce you to configure the TC*1 "* protocol. *lease make sure that you hae installed the network adapter in the computer. "f not, please refer to the -ser .uide of the network adapter to install the adapter and drier. #! T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide -ppendiC 21 8seful Command Command 'Cplanation cmd ,un this command to enter the Windows command mode. @Suitable for Windows (&&& or higher.A ipconfig 7isplay the computer<s "* address. ping The most useful command in TC*1"* protocol. When it sends a serial of packets to another system, the system will send back a response. "t is useful for checking remote host. The response shows whether it can reach the host and how long it costs to receie a response. netstat ,un this command to check the current connection status of "*. When your basic communication is processing, the system serice must be checked. The serice includes checking the input data or erifying the session. tracert Tracert command is used to display the path which the packets pass through. net stop Stop Windows )T )etwork Serice, such as net stop dnscache. net send Send messages to other network users or computers. ?ou must run messenger serice to receie messages. "f you hae any problem, please contact our customer serice or isit our website. Tenda websiteH httpH11www.tenda.cn T#LH @%LA&FDD/(FLDF6%& (FLD4&%E #mailH supportTtenda.com.cn " T#"$%&T'#nterprise ( W!) *orts +roadband ,outer -ser .uide CC Statement1 This eGuipment has been tested and found to comply with the limits for a Class + digital deice, pursuant to *art 6D of the :CC ,ules. These limits are designed to proide reasonable protection against harmful interference in a residential installation. This eGuipment generates, uses and can radiate radio freGuency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. 9oweer, there is no guarantee that interference will not occur in a particular installation. "f this eGuipment does cause harmful interference to radio or teleision reception, which can be determined by turning the eGuipment off and on, the user is encouraged to try and correct the interference by one or more of the following measuresH U ,eorient or relocate the receiing antenna. U "ncrease the separation between the eGuipment and receier. U Connect the eGuipment into an outlet on a circuit different from that to which the receier is connected. U Consult the dealer or an e5perienced radio1T8 technician for help. 1