TRENDnet Not available User Manual

Size:
1.13 Mb
Download

MAC Address

Enter the MAC address of a computer that you want to control with MAC filtering. Computers that have obtained an IP address from the router's DHCP server will be in the DHCP Client List. Select a device from the drop down menu.

The rule of thumb:In mixed mode, multicast key has to be TKIP, but unicast key can be different per stations.In WPA or WPA2 only mode, unicast and multicast key can be only AES for WPA2, and TKIP for WPA. (AES means the unicast and multicast key are all AES. TKIP/AES means multicast is TKIP. But unicast can be AES or TKIP, which depends on the peer.)

WPS

21

Enable

Enable the WPS feature.

Lock Wireless Security Settings

Locking the wireless security settings prevents the settings from being changed by any new external registrar using its PIN. Devices can still be added to the wireless network using WPS.

PIN Settings

A PIN is a unique number that can be used to add the router to an existing network or to create a new network. The default PIN may be printed on the bottom of the router. For extra security, a new PIN can be generated. You can restore the default PIN at any time. Only the Administrator ("admin" account) can change or reset the PIN.

Current PIN

Shows the current value of the router's PIN.

Reset To WPS Default

Restore the default PIN of the router.

Generate New PIN

Create a random number that is a valid PIN. This becomes the router's PIN. You can then copy this PIN to the user interface of the registrar.

PBC Settings

The push button method can be used to allow wireless clients to connect to the router without entering/remember any encryption keys. The user can use the PBC method by pressing the WPS button on the side of the router or select the PBC option under Wireless/WPS settings page and hit Apply.

STATION LIST

All the wireless clients connecting to the router will be shown here, you could monitor your network and prevent any unauthorized wireless connection easily.

22

Advanced

DMZ

DMZ Setting

DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.

When a LAN host is configured as a DMZ host, it becomes the destination for all incoming packets that do not match some other incoming session or rule. If any other ingress rule is in place, that will be used instead of sending packets to the DMZ host; so, an active session, virtual server, active port trigger, or port forwarding rule will take priority over sending a packet to the DMZ host. (The DMZ policy resembles a default port forwarding rule that forwards every port that is not specifically sent anywhere else.)

The router provides only limited firewall protection for the DMZ host. The router does not forward a TCP packet that does not match an active DMZ session, unless it is a connection establishment packet (SYN). Except for this limited protection, the DMZ host is effectively "outside the firewall". Anyone considering using a DMZ host should also consider running a firewall on that DMZ host system to provide additional protection.

Packets received by the DMZ host have their IP addresses translated from the WAN-sideIP address of the router to theLAN-sideIP address of the DMZ host. However, port numbers are not translated; so applications on the DMZ host can depend on specific port numbers.

The DMZ capability is just one of several means for allowing incoming requests that might appear unsolicited to the NAT. In general, the DMZ host should be used only if there are no other alternatives, because it is much more exposed to cyberattacks than any other system on the LAN. Thought should be given to using other configurations instead: a virtual server, a port forwarding rule, or a port trigger. Virtual servers open one port for incoming sessions bound for a specific application (and also allow port redirection and the use of ALGs).

Port forwarding is rather like a selective DMZ, where incoming traffic targeted at one or more ports is forwarded to a specific LAN host (thereby not exposing as many ports as a DMZ host). Port triggering is a special form of port forwarding, which is activated by outgoing traffic, and for which ports are only forwarded while the trigger is active.

Few applications truly require the use of the DMZ host. Following are examples of when a

DMZ host might be required:

A host needs to support several applications that might use overlapping ingress ports such that two port forwarding rules cannot be used because they would potentially be in conflict.

23

To handle incoming connections that use a protocol other than ICMP, TCP, UDP, and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP and IPSec

Enable DMZ

Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.

DMZ IP Address

Specify the LAN IP address of the LAN computer that you want to have unrestricted Internet communication.

VIRTUAL SERVER

Enable

Specifies whether the entry will be active or inactive.

Name

Assign a meaningful name to the virtual server, for example Web Server. Severalwell-knowntypes of virtual server are available from the "Application Name"drop-downlist. Selecting one of these entries fills some of the remaining parameters with standard values for that type of server.

IP Address

The IP address of the system on your internal network that will provide the virtual service, for example 192.168.10.50. You can select a computer from the list of DHCP clients in the "Computer Name"drop-downmenu, or you can manually enter the IP address of the server computer.

Protocol

Select the protocol used by the service. The common choices --UDP, TCP, and both UDP and TCP--can be selected from thedrop-downmenu. To specify any other protocol, select "Other" from the list, then enter the corresponding protocol number (as assigned by the IANA) in theProtocol box.

Private Port

24

The port that will be used on your internal network.

Public Port

The port that will be accessed from the Internet.

Schedule

Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules.

Clear

Re-initializethis area of the screen, discarding any changes you have made.

ROUTING

Add/Edit Route

Adds a new route to the IP routing table or edits an existing route.

Destination IP

The IP address of packets that will take this route.

Gateway

Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN.

Metric

The route metric is a value from 1 to 16 that indicates the cost of using this route. A value of 1 is the lowest cost, and 15 is the highest cost. A value of 16 indicates that the route is not reachable from this

25

router. When trying to reach a particular destination, computers on your network will select the best route, ignoring unreachable routes.

Interface

Specifies the interface --LAN or WAN--that the IP packet must use to transit out of the router, when this route is used.

Clear

Re-initializethis area of the screen, discarding any changes you have made.

Routes List

The section shows the current routing table entries. Certain required routes are predefined and cannot be changed. Routes that you add can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Route" section is activated for editing. Click the Enable checkbox at the left to directly activate or de-activatethe entry.

ACCESS CONTROL

Enable

By default, the Access Control feature is disabled. If you need Access Control, check this option. Note: When Access Control is disabled, every device on the LAN has unrestricted access to the Internet. However, if you enable Access Control, Internet access is restricted for those devices that have an Access Control Policy configured for them. All other devices have unrestricted access to the Internet.

26

SPECIAL APPLICATIONS

Add/Edit Port Trigger Rule

Enable

Specifies whether the entry will be active or inactive. Name

Enter a name for the Special Application Rule, for example Game App, which will help you identify the rule in the future. Alternatively, you can select from theApplication list of common applications.

Protocol

Select the protocol used by the service. The common choices --UDP, TCP, and both UDP and TCP--can be selected from thedrop-downmenu.

Trigger Port

Enter the outgoing port range used by your application (for example 6500-6700).

Schedule

Select a schedule for when this rule is in effect.

Clear

Re-initializethis area of the screen, discarding any changes you have made. Port Trigger Rule List

27

This is a list of the defined application rules. Click the Enable checkbox at the left to directly activate or de-activatethe entry. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon.

GAMING

Add/Edit Port Range Rule

Use this section to add a Port Range Rule to the following list or to edit a rule already in the list.

Rule Enable

Specifies whether the entry will be active or inactive.

Rule Name

Give the rule a name that is meaningful to you, for example Game Server. You can also select from a list of popular games, and many of the remaining configuration values will be filled in accordingly. However, you should check whether the port values have changed since this list was created, and you must fill in the IP address field.

IP Address

Enter the local network IP address of the system hosting the server, for example 192.168.10.50. You can select a computer from the list of DHCP clients in the "Computer Name"drop-downmenu, or you can manually enter the IP address of the server computer.

TCP Ports to Open

Enter the TCP ports to open (for example 6159-6180, 99).

UDP Ports to Open

Enter the UDP ports to open (for example 6159-6180, 99).

Inbound Filter

Select a filter that controls access as needed for this rule.

Schedule

Select a schedule for the times when this rule is in effect.

28

Clear

Re-initializethis area of the screen, discarding any changes you have made.

Port Range Rule List

This is a list of the defined Port Range Rules. Click the Enable checkbox at the left to directly activate or de-activatethe entry. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Port Forwarding Rule" section is activated for editing.

INBOUND FILTER

Add/Edit Inbound Filter Rule

Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.

Name

Enter a name for the rule that is meaningful to you.

Action

The rule can either Allow or Deny messages.

Remote IP Range

Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start andEnd boxes. Up to eight ranges can be entered. TheEnable checkbox allows you to turn on or off specific entries in the list of ranges.

Clear

Re-initializethis area of the screen, discarding any changes you have made.

Inbound Filter Rules List

The section lists the current Inbound Filter Rules. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Inbound Filter Rule" section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:

Allow All

Permit any WAN user to access the related capability.

29

Deny All

Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)

SCHEDULE

Add/Edit Schedule Rule

In this section you can add entries to the Schedule Rules List below or edit existing entries.

Name

Give the schedule a name that is meaningful to you, such as "Weekday rule".

Day(s)

Place a checkmark in the boxes for the desired days or select the All Week radio button to select all seven days of the week.

All Day - 24 hrs

Select this option if you want this schedule in effect all day for the selected day(s).

Start Time

If you don't use the All Day option, then you enter the time here. The start time is entered in two fields. The first box is for the hour and the second box is for the minute. Email events are normally triggered only by the start time. End Time

The end time is entered in the same format as the start time. The hour in the first box and the minutes in the second box. The end time is used for most other rules, but is not normally used for email events.

Clear

Re-initializethis area of the screen, discarding any changes you have made. Schedule Rules List

This section shows the currently defined Schedule Rules. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Schedule Rule" section is activated for editing.

30