D-Link DRO-210i, User Manual

Page 1: ...DRO 210i User Manual DRO 210i LOAD BALANCING ROUTER Users Guide Rev 1 0 July 2006 ...

Page 2: ...N 3 2 3 1 3 Interface WAN1 3 4 3 1 4 Interface WAN2 3 8 3 1 5 Interface AutoBackup 3 9 3 1 6 Interface LoadBalancing 3 11 3 2 Routing 3 12 3 2 1 Routing Static 3 12 3 2 2 Routing Dynamic 3 13 3 2 3 Routing Policy Based 3 15 3 3 Firewall 3 17 3 3 1 Firewall Interface Configuration 3 17 3 3 2 Firewall Policy 3 18 3 4 NAT 3 28 3 4 1 NAT Interface Configuration 3 28 3 4 2 NAT NAT Configuration 3 29 3 ...

Page 3: ...8 4 Tools Ping Test 3 67 3 8 5 Tools Remote Access 3 68 3 9 Status 3 69 3 9 1 Status Device Info 3 69 3 9 2 Status Traffic 3 71 3 9 3 Status Route Table 3 72 3 9 4 Status NAT Table 3 73 3 9 5 Status IPSec Status 3 74 3 9 6 Status Log Tables 3 74 3 9 6 1 Status Log Tables Session Log 3 75 3 9 6 2 Status Log Tables Blocking Log 3 76 3 9 6 3 Status Log Tables Intrusion Log 3 78 3 9 6 4 Status Log Tab...

Page 4: ...s easily in the near future Service providers are interested in meeting this demand for new network services to capitalize on opportunities with the growing SOHO enterprise market Dlink DRO 210i is a broadband router targeted at SOHO and SMB users The router uses XScale architecture ARM core with NPEs from INTEL IXP425 The router supports load balancing along with firewall access control secure VP...

Page 5: ... 100 Ethernet WAN Ports When only WAN link is required the other WAN Port can be optionally reconfigured to operate as a LAN Port Ethernet WAN Interfaces The Ethernet WAN interface can be used to connect to the internet using any broadband modem It can be configured in Static Dynamic or PPPoE mode thus enabling inter operability with any ISP 1 Static Statically define the Interface address and con...

Page 6: ...cy based routing helps to define custom policies for routing traffic For example policy routes can be defined to route all HTTP traffic through WAN1 and E mail traffic through WAN2 Load balancing User can connect to multiple WAN networks and the load can be distributed between these multiple WAN interfaces to get good bandwidth If any interface goes down the traffic will be diverted back to the co...

Page 7: ...s data in your network thus resulting in significant cost reductions Session Initiation Protocol SIP is widely used for VoIP calls and does not work behind NAT The SIP ALG in the router will ensure that SIP calls can be successfully established even when NAT is performed at the router VPN Using the DRO 210i integrated VPN you can provide a secure connection between widely separated office networks...

Page 8: ...rations onto the product as well as it can be downloaded to the local hard disk The same configuration can be uploaded to the device Web Based Configuration and Management The product provides SSL based secure user friendly Web Pages to configure and manage the device and the network Internet Access The product supports the TCP IP protocol which is the protocol language for the Internet DRO 210i R...

Page 9: ...Installing DRO 210i DRO 210i User Manual Page 2 1 2 INSTALLING DRO 210i 2 1 About the router This section will introduce hardware of the router Front View Rear View ...

Page 10: ...l Page 2 2 2 1 1 Front Panel Module Status Description Power On ON OFF WAN1 LED Ready ON Link and Protocol is UP OFF Link or Protocol is DOWN WAN2 LED Ready ON Link and Protocol is UP OFF Link or Protocol is DOWN WAN1 LED Power LED WAN2 LED ...

Page 11: ...00Mbps Ethernet LAN Ports RJ 45 LAN DMZ 10 100Mbps Ethernet Port RJ 45 configurable as LAN or DMZ Port LAN WAN2 10 100Mbps Ethernet Port RJ 45 configurable as LAN or WAN2 Port WAN1 10 100Mbps Ethernet WAN2 Port RJ 45 CONSOLE DB 9 Console Port 5V 3A DC INPUT Input Voltage 5V 3A DC Input AC 230v OFF ON RESET 5V 3A DC INPUT LAN LAN DMZ LAN WAN2 WAN1 CONSOLE ...

Page 12: ...y Straight Ethernet Cables 1 power cord AC DC Adapter User Manual and QIG CD 4 Stack Rubber Feet 2 2 1 Mounting the DRO 210i The DRO 210i is a Desktop mount type router which can be installed as a standalone unit on any stable surface For standalone make sure the unit has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate airflow and cooling Dimensions 235 L x 165 B x 33 H mm ...

Page 13: ...figuration of the DRO 210i is completed you can connect the DRO 210i between your internal network and the internet Make the necessary power connections The power LED will turn ON to indicate proper operation Connect the LAN interface to the hub or switch connected to your internal network using cross cable Computers that act as servers Mail Server FTP Servers etc to provide Internet services shou...

Page 14: ...0i User Manual Page 2 6 1 1 1 1 1 I NTE RNE T WAN DOT FIBER DOT OPTIMUX DIC 2000FE2VL 2 Mbps Leased Line D Link Interface Converter D Link ADSL Modem DSL 502T DRO 210i WAN1 WAN2 LAN DMZ D LINK SWITCH DES 3208i DES 3208i Internet ...

Page 15: ... flash programmed board The Image is loaded on to the flash 2 Router supports WEB based management feature to configure the board Internet Explorer Version 5 5 and above is the preferred browser Connect the PC to the LAN port of Router and open internet explorer browser with the following https IP address of Router s LAN interface i e https 192 168 100 254 connection on Internet Explorer This will...

Page 16: ...Installing DRO 210i DRO 210i User Manual Page 2 8 3 It will ask for username and password User name admin Password admin D Link Welcome Page will appear and you can browse through the web page ...

Page 17: ...tep to configure the password and WAN settings of DRO 210i 3 1 Interface 3 1 1 Interface Port Config This Web Page is used to configure the optional ports of router Port 1 and Port 2 are always configured as LAN and user cannot configure these ports Port 3 can be configured as LAN or DMZ by selecting them in the drop down menu Port 4 can be configured as LAN or WAN2 by selecting them in the drop d...

Page 18: ...a subnet mask of 255 255 255 0 you might assign the Router an IP address of 192 168 100 254 and configure the Router s DHCP server to assign addresses in the range between 192 168 100 2 to 192 168 100 100 The default gateway setting for computers on the LAN side will be the Router s IP address in this case 192 168 100 254 When you enable DHCP and renew the IP address at computers connected to the ...

Page 19: ... 100 2 to 192 168 100 100 As an alternative user could disable the DHCP server and manually update the IP address subnet mask and default gateway information for each computer on the LAN side It is recommended that if user needs to change the IP addressing scheme for the Router he she can configure its DHCP server with the appropriate IP address range and subnet mask and then assign an IP address ...

Page 20: ...to configure the WAN interface The WAN interface can operate in 3 modes Static Dynamic and PPPoE WAN Settings Static Select this option to set static IP information You will need to enter the IP address subnet mask and gateway address provided to you by your ISP The default gateway field specified here will be used by Load balancing feature to route packets through this interface ...

Page 21: ...ally Dynamic IP address allows the DRO 210i to get its IP address information from your ISP using the Dynamic Host Configuration Protocol DHCP Use this setting if your ISP instructs you to use DHCP to automatically obtain an IP address A server on your ISP s network will then automatically send the necessary IP address information to your router ...

Page 22: ...For more information refer to Unnumbered Interfaces When this is not selected DRO 210iwill obtains an IP address automatically for your PPPoE connection User Name Enter your PPPoE username Password Enter your PPPoE password Idle Time This is the time interval which if there is no network traffic between your local network and your ISP your PPPoE connection will be disconnected MTU This is the maxi...

Page 23: ...ink Detection Allows enabling Link Detection on this Interface Mode To detect the Default Gateway IP address reachability status of the Link Detection enabled WAN interface using ARP AddressResolution Protocol or ICMP Internet Control Message Protocol No of Retries Number of attempts to reach the specified destination before confirming the status UP DOWN of the Link Delay between Retries Time in s...

Page 24: ...ce is always 255 255 255 255 For Dialup interfaces the Remote IP field will be disabled and determined only through negotiation When NAT is enabled on an unnumbered interface local services such as DNS Proxy VoIP etc may be affected To overcome this problem configure one of the Global IP addresses from the NAT pool as the unnumbered interface s IP address Routers at both ends of the point to point...

Page 25: ...ckup and the web page opens as shown below This Web Page is used to configure primary and backup relation between WAN interfaces of router Backup Mode 1 Disable No backup activity will be done for this interface 2 Enable If the primary interface goes down the backup interface configured for this will be connected automatically In addition all features pertaining to the backup interface will be app...

Page 26: ...interface Static Routes configured on this interface NAT configured on this interface etc will be automatically activated on the backup interface 3 For an Ethernet WAN Port in Static Dynamic Mode configure Link Detection feature to enable automatic detection of link failure 4 When Link detection is enabled on Primary interface the switch back to Primary will happen automatically If Link Detection ...

Page 27: ...ffic to be sent through a WAN interface Load Balancing Click on this check box to enable disable the load balancing feature Interface WAN interfaces among which the load must be shared Status Enable Disable load balancing on this interface Weight Percentage of the load to be sent through this interface 1 Sum of weight of all enabled interfaces should be equal to 100 2 The Priority of route lookups...

Page 28: ...e allows the user to add and delete static routes View Active Routes This link is used to see all the active routes Interface Name Select the interface name e g LAN WAN1 WAN2 on which route is to be added Destination Network IP address Destination Network IP address for which route is to be added Subnet Mask Specify the subnet mask for the Destination Network IP address ...

Page 29: ... delete icon to delete a specific route entry The colour scheme indicates which route is active and which is inactive 1 Entries with yellow colour are active routes i e the interface on which the user has entered these entries is UP 2 Entries with grey colour are inactive routes i e the interface on which the user has entered these entries is DOWN 3 2 2 Routing Dynamic Click on Routing Dynamic to ...

Page 30: ...erface specific RIP settings Interface Name Name of the interface for which RIP can be configured Enable Enable or disable RIP on the particular interface Send Version The interface can use the global default RIP version to send RIP messages or be configured to use a specific RIP version Receive Version The interface can use the global default RIP version to receive RIP messages or be configured t...

Page 31: ...estination IP Inbound Interface Protocol Src Dest Ports are used to identify and direct the traffic out of a specific Outbound Interface Policy Based Routing Clicking on this check box will enable Policy routing in the Router Outbound Interface The network traffic which matches with all the below policy parameters will be sent out of this interface Policy Parameters These parameters of network tra...

Page 32: ...egardless of its destination IP 2 Specific Setting this will allow user to configure the specific Destination IP for which the Policy will be applied on the Network traffic Protocol The network traffic whose protocol matches with this field will follow this policy Source Port Number Network traffic uses Source port number to specify the type of application which generated this traffic This is an o...

Page 33: ...g is selected when this flag is not selected firewall is disabled on all Interfaces Status Firewall can be enabled disabled on a particular Interface with this field Security Type Interfaces can be set to either Trusted or Un Trusted type with this field If the security type is set to Trusted then Outbound Policies will be applied on that interface if the security type is set to Un Trusted then In...

Page 34: ...figuring LAN as Untrusted user should enter the IP of the LAN PC which is configuring the DRO 210i in the Remote access configuration web page 3 3 2 Firewall Policy Click on Firewall Policy to get the web page as shown below Firewall Enabled Firewall will be active only when this flag is selected when this flag is not selected firewall is disabled on all Interfaces Status Firewall can be enabled d...

Page 35: ... allows user to specify different policies for different times A policy is active for certain period of time according to the configuration Rules that are added for a policy take effect only when corresponding policy is active System Date Time The current system time is shown here This can be set from the Time webpage as per the time zone Policy Name Alphanumeric name representing the Policy All t...

Page 36: ...r are as follows Allow all network traffic going to Untrusted network from Trusted network Allow all network traffic from Untrusted network to access virtual server Deny network traffic coming from Untrusted network to access Trusted network and also web management of Router The different outbound policies that can be configured are Port Filter Port Filter Policy is used to allow or deny network p...

Page 37: ...nd logged in the Blocking Log 2 Cookie Filter Cookies are merely text files that are placed on a user s computer by Web sites that the user visits Cookies can be used to gain information about the surfer Cookies are not spy ware They cannot run Trojan horse or any other malicious code on the user s computer but can provide confidential information about users to others By enabling the Cookie Filte...

Page 38: ...nfiguration all URLs with jobs Keyword are dropped An exception to the keyword can be configured in the Keyword Exception page If jobsahead is an exception that is allow only URL with jobsahead To enable this feature check the Keyword Filter check box The URLs with blocked keywords are Blocked by dropping the packets and logged into the Blocking Log 5 File Extension Filter The file extensions spec...

Page 39: ...the content of WebPages File Extension Filter The administrator can configure the File Extensions that he wants to deny access to the users For example if Admin wants to block pdf files then enter pdf in the File extension Filter Configuration If that file extension is found in the URL the corresponding packets are dropped and logged in the Blocking Log The table displays the blocked File Extensio...

Page 40: ...mputers on your LAN that is the Trusted and the Untrusted networks These TCP or UDP ports are entered on the Port Filter Configuration page The Port Filter configurations are made for both Inbound and Outbound traffic Untrusted to Trusted and Trusted to Untrusted Transport Type This drop down menu allows you to specify the transport protocol that will be filtered by the Router You can choose from ...

Page 41: ... you have only one IP address that you want to filter enter this address if both the from and to fields Source IP address To This allows you to specify the last in a range of IP addresses that the IP filter policy will be applied to If you have only one IP address that you want to filter enter this address if both the From and To fields Status The status specifies Enable o r Disable status of the ...

Page 42: ...policy at the router Firewall IDS Configuration Click on Firewall IDS Configuration to get the web page as shown below IDS Intrusion Detection System detects few of the known Attacks The attacks detected by the IDS system can be configured in the IDS Configuration webpage The user can enable detection of the attacks by checking the checkboxes The attacks are classified into categories based on typ...

Page 43: ...nder this attack Land Attack The Land attack involves the perpetrator sending spoofed packet s with the SYN flag set to the victim s machine on any open port that is listening If the packet s contain the same destination and source IP address as the host the victim s machine could hang or reboot Winnuke Attack Denial of service attack to any windows 95 NT 3 x user by sending OOB data to an establi...

Page 44: ...Configuration Click on NAT Interface Configuration to get the web page as shown below NAT can be Enabled Disabled on the specific interface in this page Select the interface on which the NAT is to be applied and press apply button To configure the NAT please visit NAT configuration Page ...

Page 45: ...e Configuration webpage WAN Interface Select the WAN Interface from the drop down menu on which the NAT Configuration entry has to be made NAT Type Select the type of NAT to be applied on the interface from the drop down menu The types that can be configured are Many To One Any IP from Private network passing through the NAT enabled interface are mapped to the single Global IP specified Instead of...

Page 46: ...ng the starting and ending Private and Global IP addresses Note The Private IP range and the Global IP range need to be same in terms of numbers for one to one mapping Private IP Specify the start IP and the end IP to configure a range of IP addresses In case of single IP please enter the same IP in both the fields Global IP Specify the start IP and the end IP to configure a range of IP addresses ...

Page 47: ...y two interfaces If NAT is disabled between two Interfaces then sessions between these two Interfaces are not NATed NAT between WAN1 and WAN2 Click on this checkbox will Disable NAT between WAN1 and WAN2 NAT between WAN1 and DMZ Click on this checkbox will Disable NAT between WAN1 and DMZ NAT between WAN2 and DMZ Click on this checkbox will Disable NAT between WAN2 and DMZ ...

Page 48: ...nts to the server running the specified service on LAN by translating the global IP to the user s Private IP address of the server Interface Name Interface on which the virtual server is configured Transport Type You can select the transport protocol TCP or UDP that the application on the virtual server will use for its connections The choice of this protocol is dependent on the application that i...

Page 49: ...ocol drop down menu Private Settings IP address This is the IP address of the Server on your LAN that will provide the service to remote users Port The Port number on which the Server is running This is the Private or Internal Port number Global Settings IP address IP address to which the Server IP Private IP should be mapped External world sees only the global IP specified by the user Port Select...

Page 50: ... to make calls across the Internet User needs to configure the Port number for the SIP Session Initiation Protocol in the web page The LAN clients for Session Initiation Protocol use this port number only In other words the Real Time Protocol will not use this port number User can configure a maximum of 20 ports The recommended maximum number of simultaneous SIP calls is 20 ...

Page 51: ...onnectionless data integrity data origin authentication protection against replay attacks and confidentiality for each IPSec packet This is achieved by using headers and trailers on each packet which provide core pieces of information pertaining to authentication data integrity and confidentiality The AH Authentication Header addresses data origin authentication data integrity and replay protectio...

Page 52: ...s mode to passthrough With this mode the user will not be able to establish tunnels with the remote peer However this mode will allow IPSec VPN tunnels to be established between multiple LAN side IPSec clients and multiple remote IPSec servers simultaneously Also it can support multiple LAN side IPSec clients to connect simultaneously to a single remote IPSec server IPSec Tunnel Enabling this mode...

Page 53: ...hat identifies the remote tunnel Tunnel Source Interface The WAN interface which serves as the tunnel s source endpoint Termination Type Specifies the way in which a remote endpoint can be configured Either it can be specified as remote endpoint s domain name or IP address Termination IP NAME Specify remote gateway s IP address or domain name depending on the termination type selected When Domain ...

Page 54: ...ys used during Phase 1 negotiation Group 1 generates a 768 bit key and Group 2 generates a 1024 bit key The same DH Group must be used on both ends of an IPSec VPN tunnel IKE Life Duration This is the life duration of phase 1 key in seconds When it is expired the two IPSec peers should trigger phase 1 negotiation again to set up a fresh IPSec tunnel IKE Hash This drop down menu allows the user to ...

Page 55: ...lect the IPSec transform that will be applied to packets that are sent between the two endpoints of a VPN tunnel ESP specifies that the entire packet will be encrypted by the DES 3DES or AES algorithm as selected in ESP Transform field and authenticated by the MD5 or SHA algorithm as selected in ESP Authentication field AH specifies that only the authentication algorithm MD5 or SHA as selected bel...

Page 56: ...VPN tunnel Target Host Range Type This drop down menu allows user to select the type of network definition for the range of IP addresses on the remote LAN that will be allowed to access the VPN At the time of the writing this manual only the Subnet type is supported Target Network Address This specifies the remote host machines that can be accessible from a VPN tunnel This is specified as a combin...

Page 57: ... their corporate office securely So this page allows a router to work in the IPSec server mode along with the normal peer to peer mode When the router is configured in the IPSec server mode it won t bother about the client s address normally it will be dynamic It recognizes the clients based on their remote IDs which can be configured separately through the remote Id page Tunnel Name This is the n...

Page 58: ... router to generate shared keys in a secure manner This shared key is used for deriving encryption and hash algorithm keys used during Phase 1 negotiation Group 1 generates a 768 bit key and Group 2 generates a 1024 bit key The same DH Group must be used on both ends of an IPSec VPN tunnel IKE Life Duration This is the life duration of phase 1 key in seconds When it is expired the two IPSec peers ...

Page 59: ...roup 2 uses 1024 bit prime number and Disable disables the PFS mode User must use exactly the same PFS mode on both ends of the VPN tunnel IPSec Operation This drop down menu allows user to select the IPSec transform that will be applied to packets that are sent between the two endpoints of a VPN tunnel ESP specifies that the entire packet will be encrypted by the DES 3DES or AES algorithm as sele...

Page 60: ...elected in the IPSec Operation drop down menu above User can choose between Null no authentication MD5 using MD5 message digest authentication and SHA using the SHA authentication method User must select the same ESP authentication algorithm on both ends of a VPN tunnel AH Transform This drop down menu allows user to select the authentication algorithm to be used when AH is selected in the IPSec O...

Page 61: ...Each client that wants to connect to the router should have its remote id configured A remote id can be configured for a server only if the server is first configured Remote Id Type This indicates the type of remote id to be configured Currently only two type of remote ids can be configured One is of IPV4 address type other is of type FQDN Fully Qualified Domain Name Remote ID Data This is the act...

Page 62: ...is the name of the IPSec server if its a IPSec server configuration Termination IP Domain Name If its a peer to peer configuration then it indicates remote peer IP address or its domain name If its a IPSec server then ROAMING USER will be displayed No of Remote Ids This indicates the number of remote ids corresponding to a server For a peer to peer tunnel this field is not applicable since remote ...

Page 63: ...c configuration entries includes the number of peer to peer tunnel along with number of IPSec servers plus its corresponding remote ids For example If there are two peer to peer tunnels and two IPSec servers one with three remote ids and the other with 4 remote ids then the total no of entries will be 2 3 1st IPSec server 4 2nd IPSec server 9 3 6 QOS 3 6 1 QOS Q Discipline Click on QOS Q Disciplin...

Page 64: ...a relatively simple method of supporting differentiated service classes In classic PQ packets are first classified by the system and then placed into different priority queues Packets are scheduled from the head of a given queue only if all queues of higher priority are empty Within each of the priority queues packets are scheduled in FIFO order The PRIO qdisc is a classful queuing discipline that...

Page 65: ...witch Ports i e LAN DMZ or WAN2 2 It is recommended to configure HTB to rate limit the traffic at the interface and then configure PQ as a child of the HTB Token Bucket Filter TBF Token Bucket Filter is a classless qdisc The Token Bucket Filter TBF is a simple queue that only passes packets arriving at a rate which is not exceeding some administratively set rate with the possibility to allow short...

Page 66: ...longs Handle Queues are identified by a handle major number minor number where the minor number is zero for queues Major number uniquely identified the queue e g TBF can be a child of a PQ and user can configure by entering values like rate as 115 Kbps burst as 5Kb and latency as 70 ms These value are given just for an example Hierarchical Token Bucket HTB Hierarchical Token Bucket is a classful q...

Page 67: ... as the highest cburst of all children This field is optional Default value is 0 KB Burst should be between 0 and 100 000 KB Handle Queues are identified by a handle major number minor number where the minor number is zero for queues Major number uniquely identifies the queue Parent Parent does not apply for root qdisc Major number represents the parent of the sub queue or child queue This will be...

Page 68: ...to that qdisc class If the packet matches a filter it s placed in the class specified with the flowid parameter Each packet that enters the root qdisc must end in a leaf class so it can be send Filter Name Name of the Filter Max 20 characters Interface Name Select the Interface Name on which filter will apply Source The network traffic s source IP 1 Any If Any is set on this field the filter will ...

Page 69: ...otocol Select the Protocol to filter the network traffic In the case of Other specify the protocol number between 1 and 255 Source Port No Network traffic uses Source port number between 1 and 65535 to specify the type of application which generated this traffic Will be applied if Protocol is selected as TCP UDP Destination Port No Network traffic uses Destination port number between 1 and 65535 t...

Page 70: ...ed on the network traffic regardless of its source IP 2 Specific Setting this will allow user to configure specific Source IP for which the Policy will be applied on the network traffic Destination The network traffic s destination IP 1 Any If Any is set on this field the policy will be applied on the network traffic regardless of its destination IP 2 Specific Setting this will allow user to confi...

Page 71: ...port matches with this field will follow this policy This field is applicable only if Protocol is selected as TCP UDP Destination Port Number Network traffic whose Source port matches with this field will follow this policy This field is applicable only if Protocol is selected as TCP UDP TOS DiffServ This is the value to be set in the TOS field in packet s IP header It can take 8 bit binary values...

Page 72: ... DHCP Dynamic Host Configuration Protocol is a method of automatically assigning IP addresses subnet masks default gateway and DNS server IP address to computers on the LAN side of the Router The Router can be a DHCP server for your LAN assigning IP addresses etc DHCP Server Status This allows you to Enable or Disable the DHCP Server feature on the Router The default is Enabled ...

Page 73: ...192 168 100 100 gives 99 different IP addresses that the Router can assign to the computers on user s network Lease Time This is the length of time any computer on user s network that is assigned network IP address by the Router through the DHCP protocol can keep its network settings If the lease expires while a computer is logged on then that computer will request a new set of network settings Th...

Page 74: ...heck Disable checkbox to disable Secondary DNS DHCP client table shows the client computers to which the IP addresses have been assigned by DHCP The DHCP Client Table will show the Host Name IP address MAC Address and Expire Time of the DHCP lease for each client computer If any IP address in the DHCP server range is assigned as a static IP by some PC in the network and when DHCP Server tries to a...

Page 75: ...address to a defined MAC Address System administrator can use this feature to configure the static IP address for some of the systems in the LAN These IP address however will fall in the DHCP server configured IP addresses range If the Static IP in the DHCP Reservation entry does not fall within the DHCP Server IP Range then it will be treated as an invalid entry These invalid entries will be disp...

Page 76: ...rom the DHCP server which is in the different subnet Relay Status Enable or Disable the DHCP Relay DHCP Server IP The IP address of the DHCP Server from which LAN clients will get their IP address Both DHCP Server and DHCP Relay cannot be enabled at the router simultaneously When DHCP Relay is enabled the Server will be disabled automatically And when DHCP Server is enabled the Relay will be disab...

Page 77: ...DNS Server provided by the ISP Interface This is the Interface name corresponding to the DNS Server IP entered If Two or more interfaces have the same DNS Server select the interface type as DEFAULT The interface with DEFAULT type will have the highest priority In the DHCP Server Setting page Enable the Auto Configuration for the computers on the user s network to use the DNS Proxy ...

Page 78: ...e time zone in which he she belongs Time Set Type User can use either MANUAL or SNTP settings to set the time SNTP Settings User needs to enter values here if SNTP type is chosen Set Type There are two set types available in SNTP Setting User can use either IP address or Domain Name IP address User can enter the IP address of the remote server to set the system time It should be entered in dotted ...

Page 79: ...complete domain name Manual Settings User needs to enter values here if MANUAL type is chosen YYYY MM DD User can select the year month and date directly from the drop down menu HH MM SS To set the time manually user can select hour minute and seconds 3 7 4 Misc Sys Log Click on Misc Sys Log to get the web page as shown below Sys Log page is used to send the System Logs to a remote server ...

Page 80: ...nts to keep the system log files Sys Log level There are various System Log levels e g Alert Emergency Critical etc User can select any of the System Log levels according to which System Log files will be generated 3 8 Tools 3 8 1 Tools Password Click on Tools Password to get the web page as shown below This page allows you to change the Password used to control access to the router configuration ...

Page 81: ... verify that the password has been entered correctly 3 8 2 Tools System Click on Tools System to get the web page as shown below This page is used to save the Configuration to the flash so that user can get the configuration back after reboot of the device Save Settings Click this button to save the current settings of the router Save Settings and Restart the Device Click this button to save the c...

Page 82: ...nt changes in the settings 3 8 3 Tools Upload Click on Tools Upload to get the web page as shown below The Upload feature allows you to upload new configuration firmware or certificate on the Router This web page accepts only following files 1 upgrade tar gz 2 DRO210 cfg 3 cert der Certificate File for SSL Configuration 4 pkey der Private Key File for SSL Configuration upgrade tar gz is the upgrad...

Page 83: ...uration and download the configuration in cfg format on Local PC Subsequently he she can upload the configuration file DRO210 cfg on the device again whenever required 3 8 4 Tools Ping Test Click on Tools Ping Test to get the web page as shown below This page allows user to ping to any network device from the router which is helpful in checking network connectivity to that device Set Type This all...

Page 84: ...ield if Set Type chosen is Domain Name Count Number User needs to enter the number of packets he she wants to send Count should be always less than or equal to 10 three is usually sufficient User can click the Apply button to start once done the results are shown in the text box and user can use scroll bar to the right 3 8 5 Tools Remote Access Click on Tools Remote Access to get the web page as s...

Page 85: ...the Global IP should be entered here because DRO 210iwill get the request from that Global IP If Firewall is not enabled then remote access is enabled by default i e Since there is no firewall anybody can access your web configuration In order to use this remote access effectively configure firewall properly and block all the traffic which you do not need Then if you enable Remote access only thos...

Page 86: ...AN Port IP Address This is the Router s current LAN IP address Subnet Mask This is the subnet mask corresponding to the LAN IP address above DHCP Server Displays whether the Router is currently configured as a DHCP server on the LAN WAN Status WAN Physical Link Status Displays the WAN cable plug in UP or plug out DOWN status WAN Protocol Status Displays the WAN Protocol Static Dynamic PPPoE mode o...

Page 87: ...P address Subnet Mask This is the subnet mask corresponding to the DMZ IP address above 3 9 2 Status Traffic Click on Status Traffic to get the web page as shown below The Router maintains statistics of traffic that it receives or forwards You can view the number of packets that are transmitted and received by the Router on each Port The traffic counters will be reset when the Router is rebooted ...

Page 88: ...ute Table to get the web page as shown below This page shows all the active route entries both static and dynamic The colour scheme indicates to the user whether an entry is static or dynamic 1 Entries with yellow colour are dynamic routing entries 2 Entries with grey colour are static routing entries ...

Page 89: ...tistics can be viewed on the NAT Session table Private IP address Port This is the IP address and port number of a computer or device on your LAN that has an active NAT session Peer IP address Port This is the IP address and port number of a computer or device on the WAN that has an active connection with the Router Mapped IP address Port This is the IP address and port number that will be seen by...

Page 90: ...mber of packets transmitted and received through the tunnel IPSec configurations that are in the broken state will not be displayed in this page All IPSec entries consisting of peer to peer and client status will be displayed 3 9 6 Status Log Tables The Router s Firewall VPN and Intrusion Detection System logs information about various system activities Session Log This shows the current traffic s...

Page 91: ...tects suspicious attacks and logs all the information about the intrusion attempts here Black List It shows the blacklist of intruders in the Intruder Blacklist which are automatically blocked as soon as they are detected IPSec Log This shows information about all the VPN session through the router 3 9 6 1 Status Log Tables Session Log Click on Status Log Tables Session Log to get the web page as ...

Page 92: ...ber of the computer or device that initiated the session is displayed here Destination port The IP address and TCP UDP port number of the computer or device that responded to the session initiation is displayed here Type The protocol used to conduct the session is displayed here Terminate Reason The reason for session termination is displayed here 3 9 6 2 Status Log Tables Blocking Log Click on St...

Page 93: ...ween computers on your LAN or between computers on your LAN and the WAN because they met the criteria you entered on the Port Filter Policy page are recorded here in the Blocking Log Transport Type The protocol used to make the connection attempt is displayed here Source The blocked IP address of a computer or device that made a connection attempt to the Router is displayed here Destination port T...

Page 94: ...e defined by the factory and are commonly used intrusion methods Events blocked attempts to connect to computers on your LAN between computers on your LAN or between computers on your LAN and the WAN because they meet the criteria pre defined at the factory as being a commonly used intrusion method are recorded here in the Intrusion Detection Log Intrusion Type A brief statement of the type of int...

Page 95: ...P UDP port that the intrusion was attempted to 3 9 6 4 Status Log Tables Black List Click on Status Log Tables Black List to get the web page as shown below The Router firewall is pre programmed to recognize and block many commonly used intrusion methods from computers on the WAN Internet from one computer to another on the LAN and from computers on your LAN to the WAN In addition you can define a...

Page 96: ...er information is entered the Routers firewall will block packets from this location from crossing the Router from the WAN to the LAN from two computers on the LAN or from the LAN to the WAN Source IP The IP address of a computer or device that will not be allowed to make a connection from the WAN to the Router is displayed here Destination IP The IP address of the computer or device that the intr...

Page 97: ...ine a Port Filter Policy that will set additional intrusion criteria for the Router firewall to block connections When a serious intrusion attempt is detected that is when a large number of packets consistent with a commonly used intrusion method are detected by the Router the IP address the protocol used and the corresponding port number is determined and entered into the Router Intruder Blacklis...

Page 98: ...vice that the intruder has tried to connect to is displayed here Destination Port ICMP Type The port number or ICMP Type that an intruder used to attempt to make a connection is displayed here 3 9 6 6 Status Log Tables IPSec Log Click on Status Log Tables IPSec Log to get the web page as shown below The Router maintains a log concerning the IPSec protocol connection between the WAN and the LAN The...

Page 99: ...User Manual Page 3 83 Index This is the sequence of the IPSec log Description A brief description of the log entry will be displayed here User can use it to check tunnel behaviour 3 10 Help Click on Help to get the web page as shown below ...

Page 100: ... the following URL https ip address of LAN port html Backup html To access this page user has to enter DRO210i as username and DRO210i as the password This web page will ask for username and serial key If user enters the username and serial key properly same as received from the Tech support then the password will be displayed to the user for subsequent login to the router Once user has used the s...