D-Link DFL-1500 User Manual

D-Link DFL-1500

VPN/Firewall Router

User Manual

D-Link

Building Networks for People

form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior writte n permission of D-Link Systems, Inc.

DFL-1500 User Man ual Version 0.4 January 30, 2004

Trademarks

Products mentioned in this document are trademarks or registered trademarks of their respective holders.

Regulatory Compliance

FCC Class A Part 15 CSA/CUS

Table of Contents

Part I Basic Configuration........... ......................................................... .......................................................... 2

Chapter 1 Quick Start ........................................................................................................................................... 3

1.1 Before You Begin................. ................ .............................. ................ ................ ........................................................3

1.2 Check Your Package Contents...................................................................................................................................3

1.3 Default Settings ..........................................................................................................................................................3

1.4 Wiring the DFL-1500 .................................................................................................................................................4

1.5 Default Architecture of DFL-1500.................................................. ................................. ..........................................6

1.6 Using the Setup Wizard......... .. .. .............................. ............................. .............................. ........................................6

1.7 Internet Connectivity..................................................................................................................................................9

1.7.1 LAN1-to-WAN1 Connectivity .........................................................................................................................9

1.7.2 WAN1-to-DMZ1 Connect ivity. .. ... .. .............................. ............................. ....................................................10

Chapter 2 System Overview............................................................................................................................... 13

2.1 Typical Example Topology......................................................................................................................................13

2.2 Changing the LAN1 IP Addr ess.. ... ............................. .............................. ............................. ..................................13

2.2.1 From DMZ1 to configure DFL-1500 LAN1 network settings.... .............................. ............................. .........14

2.2.2 From CLI (command line interface) to configure DFL-1500 LAN1 network settings...................................14

Chapter 3 Basic Setup ........................................................................................................................................ 15

3.1 Demand ....................................................................................................................................................................15

3.2 Objectives.................................................................................................................................................................15

3.3 Methods....................................................................................................................................................................15

3.4 Steps.........................................................................................................................................................................15

3.4.1 Setup WAN1 IP ..............................................................................................................................................16

3.4.2 Setup DMZ1, LAN1 Status.............................................................................................................................17

3.4.3 Setup WAN1 IP alias......................................................................................................................................19

Chapter 4 System Tools...................................................................................................................................... 21

4.1 Demand ....................................................................................................................................................................21

4.2 Objectives.................................................................................................................................................................21

4.3 Methods....................................................................................................................................................................21

4.4 Steps.........................................................................................................................................................................24

4.4.1 General settings...............................................................................................................................................24

4.4.2 DDNS setting... .. ... .. .............................. ........................................................ ..................................................26

4.4.3 DNS Proxy setting ..........................................................................................................................................27

4.4.4 DHCP Relay setting........................................................................................................................................27

4.4.5 Change DFL-1500 inter face ................ ................ ................ .............................. ................ .............................28

4.4.6 SNMP Control ................................................................................................................................................28

Chapter 5 Remote Management ......................................................................................................................... 31

5.1 Demands...................................................................................................................................................................31

5.2 Methods....................................................................................................................................................................31

5.3 Steps.........................................................................................................................................................................32

5.3.1 Telnet..............................................................................................................................................................32

5.3.2 WWW.............................................................................................................................................................32

5.3.3 SNMP .............................................................................................................................................................32

5.3.4 ICMP .............................................................................................................................................................. 32

Part II NAT、Routing & Firewall .................................................................................................................34

Chapter 6 NAT....................................................................................................................................................35

6.1 Demands...................................................................................................................................................................35

6.2 Objectives.................................................................................................................................................................35

6.3 Methods....................................................................................................................................................................36

6.4 Steps .........................................................................................................................................................................36

6.4.1 Setup Many-to-one NAT rules.......... .. .. .. .............................. .............................. ............................................36

6.4.2 Setup Virtual Server for the FtpServer1 .........................................................................................................40

Chapter 7 Routing...............................................................................................................................................45

7.1 Demands...................................................................................................................................................................45

7.2 Objectives.................................................................................................................................................................45

7.3 Methods....................................................................................................................................................................46

7.4 Steps .........................................................................................................................................................................46

7.4.1 Add a static routing entry........................ ....................................................................... .................................46

7.4.2 Add a policy routing entry.... ................ ......................................................... .................................................47

Chapter 8 Firewall...............................................................................................................................................49

8.1 Demands...................................................................................................................................................................49

8.2 Objectives.................................................................................................................................................................49

8.3 Methods....................................................................................................................................................................49

8.4 Steps .........................................................................................................................................................................50

8.4.1 Block internal PC session (LAN Æ WAN)............... .. ................................................................................... 50

8.4.2 Setup Alert detected attack ............................................................................................................................. 51

Part III Virtual Private Network......................................................................................................................54

Chapter 9 VPN T echnic al Introduction............................. ......... ............ ......... ......... ......... ........... .......................55

9.1 Terminol ogy Explan ation...... ... .... ..... .... ..... .... .. ..... ..... .... ..... .... .. ..... ..... .... ..... .... .. ..... ..... .... ..... ...................................55

9.1.1 VPN................................................................................................................................................................55

9.1.2 IPSec...............................................................................................................................................................55

9.1.3 Security Association ......... .. .. ................ ....................................................................... ...................................55

9.1.4 IPSec Algorithms............................................................................................................................................55

9.1.5 Key Management............................................................................................................................................55

9.1.6 Encapsulation..................................................................................................................................................56

9.1.7 IPSec Protocols...............................................................................................................................................57

9.2 Make VPN packets pass through DFL-1500.............................................. ..............................................................57

Chapter 10 Virtual Private Network – IPSec ......................................................................................................59

10.1 Demands...................................................................................................................................................................59

10.2 Objectives................................................................................................................................................................. 59

10.3 Methods....................................................................................................................................................................59

10.4 Steps.........................................................................................................................................................................60

　 DES/MD5 IPSec tunnel: the IKE way............................................................................................................60

　 DES/MD5 IPSec tunnel: the Manual-Key way ..................... ......................................................................... 67

Chapter 11 Virtual Private Network – PPTP.......................................................................................................75

11.1 Demands...................................................................................................................................................................75

11.2 Objectives................................................................................................................................................................. 75

11.3 Methods....................................................................................................................................................................75

III

11.4 Steps.........................................................................................................................................................................76

11.4.1 Setup PPTP Network Server.............. .. ... ................ ................ ............... .............................. ...........................76

11.4.2 Setup PPTP Network Client .. .. .. .. .............................. ............................. .............................. ...........................77

Chapter 12 Virtual Private Network – L2TP........................................... ........................................................... 79

12.1 Demands...................................................................................................................................................................79

12.2 Objectives.................................................................................................................................................................79

12.3 Methods....................................................................................................................................................................79

12.4 Steps.........................................................................................................................................................................80

12.4.1 Setup L2TP Network Server............ .. .. ... .. .............................. ............................. ...........................................80

Part IV Content Filters ................ ... ......................................................... ........................................................ 84

Chapter 13 Content Filtering – Web Filters........................................................................................................ 85

13.1 Demands...................................................................................................................................................................85

13.2 Objectives.................................................................................................................................................................86

13.3 Methods....................................................................................................................................................................86

13.4 Steps.........................................................................................................................................................................87

Chapter 14 Content Filtering – Mail Filters....................................................................................................... 93

14.1 Demands...................................................................................................................................................................93

14.2 Objectives.................................................................................................................................................................93

14.3 Methods....................................................................................................................................................................93

14.4 Steps for SMTP Filters.............................................................................................................................................94

14.5 Steps for POP3 Filters ..............................................................................................................................................95

Chapter 15 Content Filtering – FTP Filtering .................................................................................................... 97

15.1 Demands...................................................................................................................................................................97

15.2 Objectives.................................................................................................................................................................97

15.3 Methods....................................................................................................................................................................97

15.4 Steps.........................................................................................................................................................................98

Part V Intrusion Detection System .............................................................................................................. 100

Chapter 16 Intrusion Detection Systems.......... ... ....................................... ..................................... ................. 101

16.1 Demands.................................................................................................................................................................101

16.2 Objectives...............................................................................................................................................................101

16.3 Methods..................................................................................................................................................................101

16.4 Steps.......................................................................................................................................................................102

Part VI Bandwidth Management................................................................................................................... 104

Chapter 17 Bandwidth Management................................................................................................................ 105

17.1 Demands.................................................................................................................................................................105

17.2 Objectives...............................................................................................................................................................106

17.3 Methods..................................................................................................................................................................106

17.4 Steps.......................................................................................................................................................................107

17.4.1 Inbound Traffic Management....................... ............................................................... .................................107

17.4.2 Outbound Traffic Management........ .. ... ............................. .............................. ............................ .................111

Part VII System Maintenance..................................................................................................................114

Chapter 18 System Status..................................................................................................................................115

18.1 Demands.................................................................................................................................................................115

18.2 Objectives...............................................................................................................................................................115

18.3 Methods..................................................................................................................................................................115

18.4 Steps....................................................................................................................................................................... 115

Chapter 19 Log System..................................................................................................................................... 117

19.1 Demands.................................................................................................................................................................117

19.2 Objectives...............................................................................................................................................................117

19.3 Methods..................................................................................................................................................................117

19.4 Steps....................................................................................................................................................................... 117

19.4.1 System Logs...... .. .............................. ............................. .............................. .................................................117

19.4.2 Syslog & Mail log.......................... .............................. ............................. ....................................................118

Chapter 20 System Maintenance .................. ... ..................... ............................................................................ 119

20.1 Demands.................................................................................................................................................................119

20.2 Steps for TFTP Upgrade...... ................ ................ ................ ............................. ................ ......................................119

20.3 Steps for Firmware upgrade from Web GUI.......................................................................................................... 121

20.4 Steps for Factory Reset........................................................................................................................................... 121

20.4.1 Steps for NORMAL factory reset................................................................................................................. 121

20.4.2 Steps for EMERGENT factory reset.............................................................................................................121

20.5 Steps for Backup / Restore Configurations ............................................................................................................122

Appendix A Command Line Interface (CLI) .. ... ...........................................................................................123

A.1 Enable the port of DFL-1500................................. ...........................................................................123

A.2 CLI commands list............................................................................................................................123

Appendix B Trouble Shooting.......................................................................................................................125

Appendix C Packet Flow...... ... ........................................................................... ..................... ......................129

Appendix D Glossary of Terms.....................................................................................................................131

Appendix E Index ................ .........................................................................................................................133

Appendix F Hardware.......... ...... ...... ... ...... ...... ... ...... ...... ... ...... ...... ... ...... ...... ... ...... ...... ... ...... .........................135

Appendix G Version of Software and Firmware ...........................................................................................137

Appendix H Customer Support ..... ... ....................................... ......................................................................139

D-Link Part I

Part I

Basic Configuration

Quick Start DFL-1500 User Manual

Chapter 1

Quick Start

This chapter introduces how to quick setup the DFL-1500.

DFL-1500 is an integrated all-in-one solution that can facilitate the maximum security and the best resource utilization for the enterprises. It contains a high-performance stateful packet inspection (SPI) Firewall, policy-based NAT, ASIC-based wire-speed VPN, upgradeable Intrusion Detection System, Dynamic Routing, Content Filtering, Bandwidth Management, W AN Load Balancer, and other solutions in a single box. It is one of the most cost-effective all-in-one solutions for enterprises.

1.1 Before You Begin

Prepare a computer with an Ethernet adapter for configuring the DFL-1500. The default IP address for the DFL-1500 is

192.168.1.254 (LAN1, Port 4) with a Subnet Mask of 255.255.255.0. You will need to assign your computer a Static IP address within the same range as the DFL-1500’s IP address, say 192.168.1.2, to configure the DFL-1500.

1.2 Check Your Package Contents

These are the items included with your DFL-1500 purchase as Figure 1-1. They are the following items

1. DFL-1500 Device * 1

2. Ethernet cable (RJ-45)

3. RS-232 console * 1

4. CD (include User's manual and Quick Guide) * 1

5. Power code * 1

Figure 1-1 All items in the DFL-1500 package

1.3 Default Settings

You should have an Internet account already set up and have been given most of the following information as Table 1-1. Fill out this table when you edit the web configuration of DFL-1500.

If any of the items are missing, please contact your reseller.

D-Link Part I

Items Default value New value

Password: admin

IP Address ____.____.____.____ Subnet Mask ____.____.____.____ Gateway IP ____.____.____.____ Primary DNS ____.____.____.____

Fixed IP

Secondary DNS ____.____.____.____ PPPoE Username ____.____.____.____

PPPoE

PPPoE Password ____.____.____.____

WAN1

(Port 1)

DHCP

Not init ia li zed

IP Address ____.____.____.____ Subnet Mask ____.____.____.____ Gateway IP ____.____.____.____ Primary DNS ____.____.____.____

Fixed IP

Secondary DNS ____.____.____.____ PPPoE Username ____.____.____.____

PPPoE

PPPoE P asswor d

____.____.____.____

WAN2

(Port 2)

DHCP

Not init ia li zed

IP Address 10.1.1.254 ____.____.____.____

DMZ1(Port 3)

IP Subnet Mask 255.255.255.0 ____.____.____.____ IP Address 192.168.1.254 ____.____.____.____

LAN1(Po r t 4)

IP Subnet Mask 255.255.255.0 ____.____.____.____ IP Address 192.168.2.254 ____.____.____.____

LAN2(Po r t 5)

IP Subnet Mask 255.255.255.0 ____.____.____.____

Table 1-1 DFL-1500 related n etwor k sett ings

1.4 Wiring the DFL-1500

A. First, connect the power cord to the socket at the back panel of the DFL-1500 as in Figure 1-2 and

then plug the other end of the power adapter to a wall outlet or power strip. The Power LED will turn ON to indicate proper operation.

A. Power Socket

Quick Start DFL-1500 User Manual

Figure 1-2 Back panel of the DFL-1500

B. Using an Ethernet cable, insert one end of the cable to the W AN port on the front panel of t he DFL-1500

and the other end of the cable to a DSL or Cable modem, as in Figure 1-3.

C. Computers with an Ethernet adapter can be directly connected to any of the LAN ports using a

cross-over Ethernet cable, as in Figure 1-3.

D. Computers that act as servers to provide Internet services should be connected to the DMZ port using an

Ethernet Cable, as in Figure 1-3.

Figure 1-3 Front end of the DFL-1500

C. LAN Ports

For connecting computers and network devices to your LAN. Left to right: LAN1, LAN2

Console Port

For managing the DFL-1500 with CLI commands.

B. WAN Ports

For connecting the DFL-1500 to a DSL or Cable Modem supplied by your ISP to access the Internet. Left to right: WAN1, WAN2

D. DMZ Port

For connecting computers that act as servers for Internet users to access.

D-Link Part I

1.5 Default Architecture of DFL-1500

Figure 1-4 The defa ult settings of DFL-1500

The factory default settings for the DFL-1500 are in the Figure 1-4 and Table 1-1. You can configure the DFL-1500 by connecting to the LAN1_IP (192.168.1.254) from the PC1_1 (192.168.1.1). The following section will teach you how to quickly setup the DFL-1500 based on Figure 1-4.

1.6 Usi ng the Setup Wizard

A computer on your LAN1 must be assigned an IP address and Subnet Mask from the same range as the IP address and Subnet Mask assigned to the DFL-1500 in order to be able to make an HTTPS connection using a web browser. The DFL-1500 is assigned an IP address of 192.168.1.254 with a Subnet Mask of 255.255.255.0 by default. The computer that will be used to configure the DFL-1500 must be assigned an IP address between 192.168.1.1 and 192.168.1.253 with a Subnet Mask of 255.255.255.0 to be able to connect to the DFL-1500. This address range can be changed later. There are instructions in the DFL-1500 Quick Installation Guide, if you do not know how to set the IP address and Subnet Mask for your computer.

Quick Start DFL-1500 User Manual

Step 1 － Login

Type “admin” in the account field, “admin” in the Password field and click Login.

Connect to https://192.168.1.254

Step 2 － Run Setup Wizard

Click the Run Setup Wizard.

After login to https://192.168.1.254 BASIC SETUP > Wizard

Step 3 － System Name

Enter the Host Name and the Domain Name, followed by clicking the Next.

BASIC SETUP > Wizard

Step 4 － WAN Connectivity

To setup the first WAN link, make WAN1 as the Default WAN link (Gateway/DNS). Choose the type of IP Address Assignment provided by your ISP to access the Internet. Here we have four types to select. This will determine how the IP address of WAN1 is obtained. Click Next to proceed.

BASIC SETUP > Wizard > Next

D-Link Part I

Step 4. a — DHCP client

If Get IP Automatically (DHCP) is selected, DFL-1500 will request for IP address, netmask, and DNS servers from your ISP. You can use your preferred DNS by clicking the DNS IP Address and then completing the Primary DNS and Secondary DNS server IP addresses. Click Next to proceed.

BASIC SETUP > Wi zard > Next > DHCP

Step 4.b — Fixed IP

If Fixed IP Address is selected, enter the ISP-given IP Address, Subnet Mask, Gateway

IP, Primary DNS and Secondary DNS IP. Click Next to proceed.

BASIC SETUP > Wizard > Next > Fixed IP

Step 4. c — PPPoE client

If PPP over Ethernet is selected, enter the ISP-given User Name, Password and the optional Service Name. Click Next to proceed.

Notice: On the current firmware version, if you select PPPoE method a s the WAN li nk con nect ion . The bandwidth management feature will not be supported.

BASIC SETUP > Wizard > Next > PPPoE

Quick Start DFL-1500 User Manual

Step 5 － System Status

Here we select PPPoE method in WAN1 port. Then the DFL-1500 provides a short summary of the system. Please check i f any t hing m enti oned a bove is properly set into the system. Click Finish to close the wizard.

BASIC SETUP > Wizard > Next > Next

1.7 Internet Connectivity

After setting up DFL-1500 with the wizard, DFL-1500 can connect to the ISP. In this chapter, we introduce LAN1-to-WAN1 Connectivity to explain how the computers under LAN1 can access the Internet at WAN1 through DFL-1500. Subsequently, we introduce WAN1-to-DMZ1 Connectivity to explain how the servers under DMZ1 can be accessed by the LAN1 users and other Internet us ers on the W AN1 sid e .

You MUST press Apply to proceed to the next page. Once applying any changes, the settings are immediately

updated into the flash memory.

1.7.1 LAN1-to-WAN1 Connectivity

The LAN Settings page allows you to modify the IP address and Subnet Mask that will identify the DFL-1500 on your LAN. This is the IP address you will enter in the URL field of your web browser to connect to the DFL-1500. It is also the IP address that all of the computers and devices on your LAN will use as their Default Gateway.

D-Link Part I

Step 1 － Device IP Address

Setup the IP Address and IP Subnet Mask for the DFL-1500.

Step 2 － Client IP Range

Enable the DHCP server if you want to use DFL-1500 to assign IP addresses to the computers under LAN1. Specify the Pool Starting Address, Pool Size, Primary DNS, and Secondary DNS that will be assigned to them.

Example: in the figure, the DFL-1500 will assign one IP address from 192.168.1.100 ~

192.168.1.120, together with the DNS server

192.168.1.254, to the LAN1 PC that requests

for an IP address.

Step 3 － Apply the Changes

Click Apply to save. Now you can enable the DHCP clients on your LAN1 PCs to get an IP.

BASIC SETUP > LAN Settings > LAN1 Status

Note: The IP Pool Starting Address must be on the same subnet specified

in the IP Address and the IP Subnet Mask field. For example, the addresses given by the 192.168.1.100 with a pool size of 20 (192.168.1.100 ~

192.168.1.120) are all within the same range of 192.168.1.254 /

255.255.255.0

Step 4 － Check NAT Status

The default setting of NAT is in Basic Mode. After completing Step 3, the NAT is automatically configured with three rules to let all private-IP LAN/DMZ-to-WAN requests to be translated with the public IP assigned by the ISP.

ADVAN C E D SETTIN G S > N AT > S t atus

Step 5 － Check NAT Rules

The DFL-1500 has added three NAT rules. The rule Basic-LAN1 (number 3) means that, when matching the condition (requests of LAN/DMZ-to-WAN direction with its source IP falling in the range of 192.168.1.254 /

255.255.255.0), the request will be translated into a public-source-IP requests, and then be forwarded to the destinations.

ADVANCED SETTINGS > NAT > NAT Rules

1.7.2 WAN1-to-DMZ1 Connectivity

This section tells you how to provide an FTP service with a server installed under your DMZ1 to the public Internet users. After following the steps, users at the WAN side can connect to the FTP server at the DMZ1 side.

Quick Start DFL-1500 User Manual

Step 1 － Device IP Addres s

Setup the IP Address and IP Subnet Mask for the DFL-1500 of the DMZ1 i nterface.

Step 2 － Client IP Range

Enable the DHCP server if you want to use DFL-1500 to assign IP addresses to the computers under DMZ1. Here we do not enable DHCP feature.

Step 3 － Apply the Changes

Click Apply to save your settings.

BASIC SETUP > DMZ Settings > DMZ1 Status

Step 4 － Check NAT Status

The default setting of NAT is in Basic Mode. After applying the Step 3, the NAT is automatically configured with three rules to let all private-IP LAN/DMZ-to-WAN requests to be translated with the public IP assigned by the ISP.

ADVANCED SETTI NGS > NAT > Status

Step 5 － Check NAT Rules

The DFL-1500 has added three NAT rules. The rule Basic-DMZ1 (number 1) means that, when matching the condition (requests of LAN/DMZ-to-WAN direction with its source IP falling in the range of 10.1.1.254 /

255.255.255.0), the request will be translated into a public-source-IP requests, and then be forwarded to the destinations.

ADVANCED SETTI NGS > NAT > NAT Rules

Step 6 － Setup IP for the FTP Server

Assign an IP of 10.1.1.5/255.255.255.0 to the FTP server under DMZ1. Assume the FTP Server is at 10. 1.1.5. And it is listening on the well-known port (21).

D-Link Part I

Step 7 － Setup Server Rules

Insert a virtual server rule by clicking the Insert button.

ADVANCED SETTINGS > NAT > Virtual Servers

Step 8 － Customize the Rule

Customize the rule name as the ftpServer. For any packets with its destination IP address equaling to the WAN1 IP (61.2.1.1) and destination port equaling to 44444. DFL-1500 will translate the packet’s destination IP/port into

10.1.1.5/21. Check the Passive FTP client to maximize the compatibility of the FTP protocol. This is useful i f you want to pr ovi d e conn e cti vi ty to passive FTP clients. For passive FTP clients, the server at DMZ will return them the private IP address (10.1.1.5) and the port number for the clients to connect back for data transmissions. Since the FTP clients at the WAN side cannot connect to a private-IP (ex.10.1.1.5) through the internet. The data connections would be fail. A fter enabling this feature, the DFL-1500 will translate the private IP/port into an IP/port of its own. Thus the problem is gracefully solved. Click Apply to proceed.

ADVANCED SETTINGS > NAT > Virtual Servers > Insert

Step 9 － View the Result

Now any request towards the DFL-1500’s WAN1 IP (61.2.1.1) with dest. port 44444 will be translated into a request towards 10.1.1.5 with port 21, and then be forwarded to the 10.1.1.5. The FTP server listening at port 21 in 10.1.1.5 will pick up the request.

ADVANCED SETTINGS > NAT > Virtual Servers

System Overvi ew DFL-1500 User Manual

Chapter 2

System Overview

In this chapter, we will introduce the network topology for use with later chapters.

2.1 Typical Example Topology

In this chapter, we introduce a typical network topology for the DFL-1500. In Figure 2-1, the left half side is a DFL-1500 with one LAN, one DMZ, and two WAN links. Notice ther e are five ports in DF L-1500. In this top ology, we only use one LAN.

The right half side contains a DFL-1500 connected with one LAN, one DMZ, and one WAN. In this architecture, Organization_1 communicates with Organization_2 with a VPN tunnel established by the two DFL-1500 Firewall/VPN routers. The VPN tunnel secures communications between Organizations more safely.

On the Internet side, there are Web server, Mail server, DHCP server, and FTP server for testing the content filters and the bandwidth managemen t sy stem .

Figure 2-1 Typica l topology for deploying DFL-1500

2.2 Changing the LAN1 IP Address

The default settings of DFL-1500 are listing in Table 1-1. However, the original LAN1 setting is 192.168.1.254/255.255.255.0 instead of 192.168.40.254/255.255.255.0 as in Figure 2-1. We will change the LAN1 IP of the DFL-1500 to 192.168.40.254. Notice that you cannot change the LAN1 IP from the LAN1 interface because your configuration session to LAN1 will be terminated as long as the LAN1 IP address is changed. If you do change the IP from the LAN1 port, you will have to reboot the system, change your computer’s IP to the new subnet, and reconnect to the new LAN1 IP address. You can also use console to login into the system

D-Link Part I

and then logout the system. That will clean up the zombie left in the system so you will be able to login to the DFL-1500 from the LAN1 side after your computer’s IP is changed into the new subnet.

We provide two normal ways to configure the LAN1 IP address. One is to configure the LAN1 IP from another port such as DMZ1 or LAN2. The other is to configure the LAN1 IP through console. Note that when setting the IP address from console, the settings are updated into run-time system but not stored into the flash. Namely, the setting s will be lost after y ou reboot the system. So, it is best to use the first method for setting the LAN1 IP address.

2.2.1 From DMZ1 to configure DFL-1500 LAN1 network settings

Step 1 － Check NAT Status

In the DMZ_1 region, use a PC located 10.1.1.X to connect DFL-1500 DMZ1 port (10.1.1.254). Type https://10.1.1.254

to configure the

DFL-1500 in the web browser.

Use an IE 6.0 at 10.1.1.1 to connect to https://10.1.1.254

Step 2 － Setup LAN1 IP information

Enter the IP Address and IP Subnet Mask with

192.168.40.254 / 255.255.255.0 and click Apply.

BASIC SETUP > LAN Settings > LAN1 Status

2.2.2 From CLI (command line interface) to configure DFL-1500 L AN1 network settings

Step 1 － Use Console p ort to configure

DFL-1500

Use the supplied console line to connect the PC to the Diagnostic RS-232 socket of the DFL-1500. Start a new connection using the HyperTerminal with parameters: No Parity, 8 Data bits, 1 stop bit, and baud rate 9600. Enter admin for user name and admin for password to login. After logging into DFL-1500, enter the commands “en“ to enter the privileged mode. Enter the command “ip ifconfig INTF3

192.168.40.254 255.255.255.0” to change the IP of the LAN1 interface.

DFL-1500> en DFL-1500# ip ifconfig INTF3 192.168.40.254 255.255.255.0

DFL-1500# ip ifconfig INTF3

====== ======== =============== =============== ====== ============= Port Interface IP Address Netmask Status Type

------ -------- --------------- ---------------- ------- ------------ 4 LAN1 192.168.40.254 255.255.255.0 UP ====== ======== =============== =============== ======= =============

Basic Setup DFL-1500 User Manual

Chapter 3

Basic Setup

In this chapter, we will introduce how to setup network settings for each port separately

3.1 Demand

1. For the external network, suppose your company uses DSL to connect Internet via PPPoE. By this way, you should setup

WAN port of the DFL-1 5 00 in advance.

2. There are some adjustment within your company, so the original network stucture has been changed. Now, you should

modify the configuration between the internal network (DMZ, LAN).

3. Your company needs more network bandwidth if it is insufficent for your company to connect to the external network.

3.2 Objectives

1. Configure the network settings of the DFL-1500 WAN1 port.

2. Configure the network settings of the DFL-1500 DMZ1 and LAN1 ports.

3. Suppose your company applys another ISP, and hope that the applied Network IP can configure in the same WAN port of

DFL-1500.

3.3 Methods

1. Select the PPPoE method in the DFL-1500 Basic Setup/WAN settings/WAN1 IP, and then configure the related account

and password in order to connet to the internet.

2. Configure the related network settings in the pages of the DFL-1500 Basic Setup / DMZ settings / DMZ1 Status、Basic

Setup / LAN settings / LAN1 Status.

3. Configure the IP a lias in WAN1 port.

3.4 Steps

Notice：Do not try to configure the port network setting from the same port you login. Or the network will be terminated and system will be locked in the original IP address.

D-Link Part I

3.4.1 Setup WAN1 IP

Step 1 － Setup WAN1 port

Here we select Fixed IP Address method in WAN1 port. Fill in the IP Address, Subnet

Mask, Gateway IP. And then enter the other DNS IP Address, Routing Protocol fields. Click Apply to fini sh this setting.

BASIC SETUP > WAN Settings > WAN1 IP > Fix e d IP Address

IP Address

Assignment

FIELD DESCRIPTION EXAMPLE

Default WAN link (Gateway/DNS)

When Default WAN link is enabled. All the packets sent out from DFL-1500 will be via this port.

Enabled

Get DNS Automatically or DNS IP Address

Get DNS Automatically Æ Get DNS related information from DHCP Server

DNS IP Address Æ manually specify these Primary and Secondary DNS Server information

Get DNS

Automatically

Routing Protocol

Determine to enable the dynamic routing protocol, to receive RIP message, to send out the RIP message if the RIP message is received or not.

None

Get IP

Automatically

(DHCP)

OSPF Area ID Specify OSPF area ID number

Default WAN link

When Default WAN link is enabled. All the packets sent out from DFL-1500 will be via this port.

Enabled

IP Address / Subnet Mask Specified IP address and subnet mask

61.2.1.1

255.255.255.0 Gateway IP Default gateway IP address 61.2.1.254 DNS IP Address Specified Primary and Secondary DNS Server address 168.95.1.1

Routing Protocol

Determine to enable the dynamic routing protocol, to receive RIP message, to send out the RIP message if the RIP message is received or not.

None

Fixed IP

Address

OSPF Area ID Specify OSPF area ID number

Default WAN link

When Default WAN link is enabled. All the packets sent out from DFL-1500 will be via this port.

Enabled

Service Name ISP vendor (Optional) So-Net User Name The user name of PPPoE account Hey

PPP over

Ethernet

Password The password of PPPoE account G54688

Basic Setup DFL-1500 User Manual

Get DNS Automatically / DNS IP Address

Get DNS Automatically Æ Get DNS related information from PPPoE ISP

DNS IP Address Æ manually specify these Primary and Secondary DNS Server information

Get DNS

Automatically

Disconnected

Through click Connect or Disconnect button to connect or disconnect PPPoE line

Click Connect

Table 3-1 Detailed information of se tup WAN port configur ation

Step 2 － Show the Warning message

Note that if you have alr eady enabled bandwidth management (ADVANCED

SETTINGS>Bandwidth Mgt>E nabl e Bandwi dth Management) and then select PPPoE in BASIC SETUP>WAN Settings>WAN1 IP>PPPoE as your internet connection, it will show you a message indicated as right column to tell you that Bandwidth management will not support PPPoE in this version. If you still like to us e bandwidth management, please try to use another method, such as DHCP or Fixed IP, to connect Internet.

BASIC SETUP > WAN Settings > WAN1 IP > PPPoE

3.4.2 Setup DMZ1, LAN1 Status

Step 1 － Setup DMZ port

Here we are going to con fi gure the DMZ1 settings. Setup IP Address and IP Subnet

Mask, and determine if you would like to enable the DHCP Server. And then select Routing Protocol. Click Apply to finish this setting.

BASIC SETUP > DMZ Settings > DMZ1 Status

FIELD DESCRIPTION EXAMPLE IP Address DMZ port IP address 10.1.1.254 IP Subnet Mask DMZ port IP subnet m ask 255.255.255.0 Enable DHCP Server Enable DMZ port of the DHCP Sever or not Enabled IP Pool Starting Address Specify the starting address of the DHCP IP address. 10.1.1.1 Pool Size Specify the numbers of the DHCP IP address. 20

D-Link Part I

Primary DNS Server Specify the Primary DNS Server IP address of the DHCP information. 10.1.1.254 Secondary DNS Server Specify the Secondary DNS Server IP address of the DHCP information. Lease time(sec) Specify DHCP information lease ti me 7200

Routing Protocol

Determine to enable the dynamic routing protocol (RIP), to receive RIP message, to send out RIP message if the message is received or not.

None

OSPF Area ID Specify OSPF area ID number

Table 3-2 Configure DMZ network setting s

Step 2 － Setup LAN port

Here we are going to configur e the LAN 1 sett ings. Setup IP Address and IP Subnet Mask, and determine if you would like to enable the DHCP Server. And then select Routing Protocol. Click Apply to finish this setting.

BASIC SETUP > LAN Settings > LAN1 Status

FIELD DESCRIPTION EXAMPLE IP Address LAN port IP add re ss 192.168.40.254 IP Subnet Mask LAN port IP subnet mask 255.255.255.0 Enable DHCP Server Enable LAN port of the DHCP Sever or not Enabled IP Pool Starting Address Specify the starting address of the DHCP IP address. 192.168.40.100 Pool Size Specify the numbers of the DHCP IP address. 20 Primary DNS Server Specify the Primary DNS Server IP address of the DHCP information. 192.168.40.254 Secondary DNS Server Specify the Secondary DNS Server IP address of the DHCP information. Lease time(sec) Specify DHCP information lease ti me 7200

Routing Protocol

Determine to enable the dynamic routing protocol (RIP), to receive RIP message, to send out RIP message if the message is received or not.

None

OSPF Area ID Specify OSPF area ID number

Table 3-3 Configur e LAN network settings

Basic Setup DFL-1500 User Manual

3.4.3 Setup WAN1 IP alias

Step 1 － Add WAN1 IP alias

Suppose you apply 8 IP addresses from ISP. The range of the ISP-given IP address is fro m

211.17.25.56 to 211.17.25.63. Now you would like to add a WAN1 IP alias. Select WAN1 in the Interface. Enter the IP alias and Netmask with

211.17.25.62/255.255.255.248. And then click Apply.

Notice：It’s the sam e way to set IP ali as in DMZ or LAN.

BASIC SETUP > WAN Settings > IP Alias > Add

FIELD DESCRIPTION EXAMPLE Interface The interface which we set for the IP alias WAN1 IP alias The alias IP address

211.17.25.62

Netmask The netmask of the IP alias 255.255.255.248

Table 3-4 Add a IP alias record

Step 2 － Edit, Delete IP a lias record

You can easily add, edit, or delete IP alias records by the Add, Edit, or Delete button.

BASIC SETUP > WAN Settings > IP Alias

Step 3 － Add a static or policy routing

entry

Refer to the Chapter 7 ex planation.

In the “Advanced Settings > Routing” pages, setup the static or policy routing pages to share the outbound traffic load.

Syste m Tools DFL-1500 User Manual

Chapter 4

System Tools

This chapter introduces System Management and explains how to implement it.

4.1 Demand

1. Basic configurations for domain name, password, system time, timeout and services.

2. DDNS: Suppose the DFL-1500’s WAN uses dynamic IP but needs a fixed host name. When the IP is changed, it is

necessary to have the DNS record updated accordingly. To use this service, one has to register the account, password, and the wanted host name with the service provider.

3. DNS Proxy: Shorten the time of DNS look up performed by applic ations.

4. DHCP Relay: It is to s olve the problem that when the DHCP client is not in the same domain with the DHCP server, the

DHCP broadcast will not be received by the server. If the client is in the LAN (192.168.40.X) while the server is located in the DMZ (10.1.1.10), the server will not receive any broadcast packet from the client.

5. Suppose our company applies three ISPs, but there are ju st two default WAN ports in the DFL-1500. Y ou hope to connect

the whole ISP links to the DFL-1500.

6. The System Administrator would like to monitor the device from remote side efficiently.

4.2 Objectives

1. Configure the ge neral properties, such as domain name, password, system time, and connection timeout correctly. Besides,

we can configure the prefered service name as the service name/numeric mapping list.

2. DDNS: By using the DDNS (Dynamic DNS), the DFL-1500 will send the request for modifi cation of the cor responding

DNS record to the DDNS server after the IP is changed.

3. DNS Proxy: Reduce the number of DNS requests and the time for DNS lookup.

4. DHCP Relay: Enable the DHCP client to contact with the DHCP server located in different domain and get the required IP.

5. We hope to customize the interface of DFL-1500 to fit our requests.

6. Through the SNMP manager, we can easily monitor the device status.

4.3 Methods

1. Configure the domain name, password, system time, connection timeout and service name.

2. DDNS: Configure the DFL-1500 so that whenever the IP of the DF L-1500 is changed, i t will send requests to the DDNS

server to refresh the DNS record. As the following Figure 4-1 demonstrated, the original DFL-1 has registered WAN1 ip address “61.2.1.1” on the DDNS server (www.dyndns.org) . It’s domain name address is “me.dyndns.org”. If the WAN1 ip address is reassigned by the ISP. DFL-1 will update the registered ip address “61.2.1.1” as the assigned one. This is the base mechanism of the DDNS.

D-Link Part I

Figure 4-1 DDNS mechanism chart

3. DNS Proxy: After activating the DNS proxy mode, the client can set its DNS server to the DFL-1500 (that is, send the DNS

requests to the DFL-1500). The DFL-1500 will then make the enquiry to the DNS ser ver and return the result to the client. Besides, the caching mechanism performed by the DNS proxy can also help reduce possible duplicate DNS lookups. As the following Figure 4-2 described. DFL-1 redirects the DNS request from PC1_1 to the real DNS server (140.113.1.1).

Figure 4-2 DNS Proxy mechanism chart

4. DHCP Relay: Activate the DHCP relay mode of DFL-1500 so that the DFL-1500 will become the relay agent and relay the

DHCP broadcast to th e configured DHCP server. As the following Figure 4-3 described, DFL-1 redirects the DHCP request from the preconfigured port (LAN1, DMZ1) to the real DHCP server (210.176.25.3).

Syste m Tools DFL-1500 User Manual

Figure 4-3 DHCP Relay mechanism chart

5. We can adjust the DFL-1500 interface in the SYSTEM TOOLS > Admin Settings > Interface in according to our

preference and requirement (3 WAN, 1 LAN, 1 DMZ). As the following Figure 4-4 demonstrated, there are three ISP connected onto DFL-1500. So we must adjust the interface up to 3 WAN port s to fit the current condition.

Figure 4-4 Adjust DFL-1500 interface to fit present situation

6. As the following Figure 4-5 demonstrated, there is an embedded snmp agent in the DFL-1500. So you can use SNMP

manager to monitor the DFL-1500 system status, network status ,etc. from either LAN or internet.

D-Link Part I

Figure 4-5 It is ef ficient to use SNMP Mana ger to monitor DFL-1500 device

4.4 Steps

4.4.1 General settings

Step 1 － General Setup

Enter the Host Name as DFL-1, Domain Name as the domain name of your company Click Apply.

SYSTEM TOOLS > Admin Settings > General

FIELD DESCRIPTION EXAMPLE Host Name The host name of the DFL-1500 device DFL-1 Domain Name Fill in the domain name of company dlink.com

Table 4-1 System Too ls - General Setup menu

Step 2 － Change Password

Enter the current password in the Old Password field. Enter the new password in the New

Password and retype it in the Retype to Confirm field. Click Apply.

SYSTEM TOOLS > Admin Settings > Password

+ 117 hidden pages

D-Link DFL-1500 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual