D-Link DI-804HV User Manual

D-Link

Broadband Hardware

VPN Router

DI-804HV

Manual

Building Networks for People

07/25/2003

Contents

Package Contents ................................................................................3

Introduction............................................................................................4

Getting Started ....................................................................................10

Using the Configuration Menu.............................................................. 11

Networking Basics ..............................................................................68

Reset to Factory Default Settings ........................................................94

Technical Specifications ......................................................................95

Frequently Asked Questions ................................................................96

Contacting Technical Support ............................................................142

Warranty and Registration ................................................................. 143

2

Package Contents

Contents of Package:



D-Link DI-804HV Broadband Hardware VPN Router

Power Adapter – 5V DC



Ethernet (CAT5-UTP/Straight-Through) Cable



Manual on CD



Quick Installation Guide



Note: Using a power supply with a different voltage rating than the one included with the
DI-804HV will cause damage and void the warranty for this product.

If any of the above items are missing, please contact your reseller.

System Requirements For Configuration:

Ethernet-Based Cable or DSL Modem



Computer with Windows, Macintosh, or Linux-based



operating system with an installed Ethernet adapter

Internet Explorer version 6.x or Netscape Navigator



version 6.x and above, with JavaScript enabled

3

Introduction

The D-Link DI-804HV is a 4-port Broadband Router with Virtual Private Network
(VPN) functionality. It provides a complete solution for Internet surfing, office
resources sharing, and secure access to remote corporate networks.. It is an
ideal way to extend the reach and number of computers connected to your
network.

After completing the steps outlined in the Quick Installation Guide (included in
your package) you will have the ability to share information and resources.

The DI-804HV is compatible with most popular operating systems, including
Macintosh, Linux and Windows, and can be integrated into a large network.

4

Connections

All Ethernet ports auto-sense
cable types to accommodate
straight-through or cross-over
cable.

WAN port is the
connection for the
Ethernet cable to the
Cable or DSL modem

Receptor
for the

Power
Adapter

COM port provides

serial connection for
dial-up analog modem.

LAN ports provide
connections to Ethernet­enabled devices.

Features & Benefits

Broadband modem and IP sharing



Connects multiple computers to a broadband (cable or DSL) modem to surf
the Internet

Auto-sensing Ethernet Switch



Equipped with a 4-port auto-sensing Ethernet switch

Hardware VPN Termination Device



Supports up to 40 VPN Tunnels

VPN Pass-Through supported



Supports pass-through VPN sessions and allows you to setup VPN server
and VPN clients

Firewall



Unwanted packets from outside intruders can be blocked to protect your
network

DHCP server supported



All of the networked computers can retrieve TCP/IP settings automatically
from the DI-804HV

Pressing the

Reset Button

restores the
router to its
original factory
default settings.

Web-based configuration



Configurable through any networked computer’s web browser using
Netscape or Internet Explorer

5

Features & Benefits continued

Access Control supported



Allows you to assign different access rights for different users.

Packet filter supported



Packet Filter allows you to control access to a network by analyzing the
incoming and outgoing packets and letting them pass or halting them
based on the IP address of the source and destination.

Virtual Server supported



Enables you to expose WWW, FTP and other services on your LAN to be
accessible to Internet users.

User-Definable Application Sensing Tunnel



You can define the attributes, for instance opening special ports to allow
packets to come through, to support special applications requiring multiple
connections, such as Internet gaming, video conferencing, and Internet
telephony. The DI-804HV can sense the application type and open a multi­port tunnel for it.

DMZ Host supported



Allows a networked computer to be fully exposed to the Internet; this
function is used when the special “application-sensing tunnel feature” is
insufficient to allow an application to function correctly.

Introduction to Broadband
Router Technology

A router is a device that forwards data packets from a source to a destination. Routers
forward data packets using IP addresses and not a MAC address. A router will forward
data from the Internet to a particular computer on your LAN.

The information that resides on the Internet gets moved around using routers. When
you click on a link on a web page, you send a request to a server to show you the next
page. The information that is sent and received from your computer is moved from your
computer to the server using routers. A router also determines the best route that your
information should follow to ensure that the information is delivered properly.

A router controls the amount of data that is sent through your network by eliminating
information that should not be there. This provides security for the computers con­nected to your router, because computers from the outside cannot access or send
information directly to any computer on your network. The router determines which
computer the information should be forwarded to and sends it. If the information is not
intended for any computer on your network, the data is discarded. This keeps any
unwanted or harmful information from accessing or damaging your network.

6

Introduction to Firewalls

A firewall is a device that sits between your computer and the Internet that prevents
unauthorized access to or from your network. A firewall can be a computer using
firewall software or a special piece of hardware built specifically to act as a firewall. In
most circumstances, a firewall is used to prevent unauthorized Internet users from
accessing private networks or corporate LAN's and Intranets.

A firewall watches all of the information moving to and from your network and analyzes
each piece of data. Each piece of data is checked against a set of criteria that the
administrator configures. If any data does not meet the criteria, that data is blocked
and discarded. If the data meets the criteria, the data is passed through. This method
is called packet filtering.

A firewall can also run specific security functions based on the type of application or
type of port that is being used. For example, a firewall can be configured to work with
an FTP or Telnet server. Or a firewall can be configured to work with specific UDP or
TCP ports to allow certain applications or games to work properly over the Internet.

Introduction to Local Area Networking

Local Area Networking (LAN) is the term used when connecting several computers
together over a small area such as a building or group of buildings. LAN's can be
connected over large areas. A collection of LAN's connected over a large area is called
a Wide Area Network (WAN).

A LAN consists of multiple computers connected to each other. There are many types
of media that can connect computers together. The most common media is CAT5
cable (UTP or STP twisted pair wire.) Each computer must have a Network Interface
Card (NIC), which communicates the data between computers. A NIC is usually a
10Mbps network card, or 10/100Mbps network card, or a wireless network card.
Wireless Local Area Networks (WLANs) do not use wires; instead they communicate
over radio waves.

Most networks use hardware devices such as hubs or switches that each cable can be
connected to in order to continue the connection between computers. A hub simply
takes any data arriving through each port and forwards the data to all other ports. A
switch is more sophisticated, in that a switch can determine the destination port for a
specific piece of data. A switch minimizes network traffic overhead and speeds up the
communication over a network.

Networks take some time in order to plan and implement correctly. There are many
ways to configure your network. You may want to take some time to determine the
best network set-up for your needs.

7

Introduction to Virtual Private Networking

Virtual Private Networking (VPN) uses a publicly wired network (the Internet) to se­curely connect two different networks as if they were the same network. For example,
an employee can access a corporate network from home using VPN, allowing the
employee to access files, databases, and other networked resources. Here are several
different implementations of VPN that can be used.

Point-to-Point Tunneling Protocol (PPTP)

PPTP uses proprietary means of connecting two private networks over the Internet.
PPTP is a way of securing the information that is communicated between networks.
PPTP secures information by encrypting the data inside of a packet.

IP Security (IPSec)

IPSec provides a more secure network-to-network connection across the Internet or a
Wide Area Network (WAN). IPSec encrypts all communication between the client and
server whereas PPTP only encrypts the data packets.

Both of these VPN implementations are used because there is not a standard for VPN
server software. Because of this, each ISP or business can implement its own VPN
network making interoperability a challenge.

8

LEDS

LED stands for Light-Emitting Diode. The DI-804HV has the following LEDs

as described below:

LED

Power

M1 LED

M2 LED

WAN

COM

LOCAL
NETWORK
(Ports 1-4)

LED Activity

A steady light indicates
a connection to a power sourcea power source

Flashes once per second to indicate an
active system

Lights up when the device has an Internet
connection

A solid light indicates connection on the
WAN port. This LED blinks during data
transmission

A solid light indicates a connection to an
external dial-up analog modem

A solid light indicates a connection to an
Ethernet-enabled computer on ports 1-4. This
LED blinks during data transmission

9

Getting Started

1

For additional information
about setting up a network,
see:

Networking Basics

Using the Configuration
Menu

6

2

5

4

3

For a typical network setup in a home or small office (as shown above),
please do the following:

You will need broadband Internet access (a Cable or DSL subscription line into
your home or office).

Consult with your Cable or DSL provider for proper installation of the modem.

Connect the Cable or DSL modem to the DI-804HV wireless broadband router (see
the Quick Installation Guide included with the DI-804HV.)

If you are connecting a desktop computer to your network and you need an Ethernet
connection, you can install the D-Link DFE-530TX+ Ethernet adapter into an
available PCI slot. (See the Quick Installation Guide included with the DFE-530TX+.)

If you are connecting a laptop computer to your network, install the drivers for the
Ethernet Cardbus adapter (e.g., D-Link DFE-690TXD) into a laptop computer.(See
the Quick Installation Guide included with the DFE-690TXD.)

You may connect an analog modem (optional) to function as a backup to the DI­804HV. To use a backup modem, you must have dial-up service.

10

Using the Configuration Menu

Whenever you want to configure your network or the DI-804HV, you can access the
Configuration Menu by opening the web-browser (i.e., Internet Explorer or Netscape
Navigator) and typing in the IP Address of the DI-804HV. The DI-804HV default IP
Address is shown below:

 Open the web browser
 Type in the IP Address of

the DI-804HV (http://192.168.0.1)

Note: If you have changed the default IP Address assigned to the DI-804HV, make sure to
enter the correct IP Address.

The factory default User name is admin and the default
Password is blank (empty). It is recommended that you

change the admin password for security purposes. Please
refer to Tools>Admin to change the admin password.

Home > Wizard

The Home>Wizard screen will
appear. Please refer to the
Quick Installation Guide for
more information regarding the
Setup Wizard.

http://192.168.0.1

Apply

Cancel

Help

Restart

Clicking Apply will save changes made to the page

Clicking Cancel will clear changes made to the page

Clicking Help will bring up helpful information regarding the page

Clicking Restart will restart the router. (Necessary for some changes.)

11

Using the Configuration Menu

Setup Wizard

Once you have logged in, the

Home screen will appear.

Click Run Wizard

The welcome screen outlines the
steps to complete the setup

wizard. Click Next to continue.

Click Next

12

Using the Configuration Menu

Setup Wizard > Set Password

Click Next

Old Password-

New Password-

Reconfirm-

This information is masked.

Type in the new password for the admin account.

Type in the new password again to confirm. Click Next to
continue with the Setup Wizard.

13

Using the Configuration Menu

Setup Wizard > Time Zone

Select the appropriate time zone for your location-

Select the proper time zone.
Selections can be made by
clicking on the drop down list.

Click Next to continue.

Click Next

Setup Wizard > Connection Type (WAN)

Select Your Internet Connection-

You will be prompted to select
the type of internet connection
for your router. Choose the
appropriate selection and click

Next to continue.

Click Next

If you are unsure of which setting to select, please contact
your Internet Service Provider.

Select Others only if you use PPTP in Europe or Big Pond
Cable in Australia.

14

Using the Configuration Menu

Setup Wizard > Set Dynamic IP Address

Click Next

If your ISP uses Dynamic IP Address, this screen will appear: (Used mainly for
Cable Internet service.)

Host Name-

MAC Address-

Clone MAC
Address-

Host name is the section where you input the name of your
ISP. This section is optional and is not required to be filled in.

Each network adapter has a discrete Media Access Control
(MAC) address. Note that some computer and peripherals may

already include built-in network adapter.

By clicking on Clone MAC Address, the DI-804HV will auto­matically copy the MAC address of the network adapter in your
computer. You can also manually type in the MAC address.

Click Next to continue.

15

Using the Configuration Menu

Setup Wizard > Set Static IP Address

Click Next

If your ISP uses a Static IP Address, and this option is selected, then this screen will
appear.

WAN IP Address-

WAN Subnet Mask-

WAN Gateway-

Primary DNS-

Secondary DNS-

If your ISP requires a Static IP Address, and this option is se­lected, then this screen appear. Enter the IP address informa­tion originally provided to you by your ISP. You will need to

complete all the required fields.

The subnet for the DI-804HV is preconfigured to 255.255.255.0.
Configurations can be made in, but not recommended. This

feature is for advanced users.

This information is provided by your ISP.

The Primary DNS can be found by contacting the ISP.

The Secondary DNS can be found by contacting the ISP.

16

Using the Configuration Menu

Setup Wizard > PPPoE

Click Next

If your ISP uses PPPoE (Point-to-Point Protocol over Ethernet), and this option is se­lected, then this screen will appear: (Used mainly for DSL Internet service.)

PPPoE Account-

PPPoE Password-

PPPoE Service
Name-

Enter in the username provided to you by your ISP.

Enter in the password provided to you by your ISP.

Enter in the name of your service provider. This is an optional
field and is not necessary to be filled in.

17

Using the Configuration Menu

Setup Wizard

Click Next

Configure this section only if you have an analog dial-up account. Otherwise click Next
to skip.

Dial-up
Telephone-

Dial-up Account-

Dial-up Password-

Primary DNS-

Secondary DNS-

Enter the telephone number to connect to your ISP.

This information is provided by your ISP. The Dial-up Account is
also known as username.

Enter in the password to log into your Dial-up account.

The Primary DNS can be found by contacting the ISP.

The Secondary DNS can be found by contacting the ISP.

18

Using the Configuration Menu

Setup Wizard

Click Restart

Back-

Restart-

Exit-

Click on Back button to go back to previous page.

Click on Restart button to finalize the settings made.

Click on Exit button to end the Setup Wizard without saving
any changes.

19

Using the Configuration Menu

Home > WAN

Choose WAN Type

WAN stands for Wide Area Network. In this case WAN represents the mode in which

you connect to the Internet. If you are uncertain, please ask your ISP which of the
following represents your connection mode to the Internet:

Dynamic
IP Address-

Static IP Address-

PPPoE-

Dial-up Network -

Others-

PPTP-

Big Pond Cable-

Obtain an IP address from your ISP automatically (mainly for
Cable users)

Your ISP assigns you a Static IP Address

Some ISPs require the use of PPPoE to connect to their
services (mainly for DSL users)

Dial-up users can select this option to connect to their ISP
through an analog dial-up modem if broadband connectivity
is unavailable.

For use in Europe only

For use in Australia only

20

Using the Configuration Menu

Home > WAN > Dynamic IP Address

Most Cable modem users will select this option to obtain an IP
from their ISP (Internet Service Provider).

Host Name-

MAC Address-

This is optional, but may be required by some ISPs. The host
name is the device name of the Router.

The default MAC Address is set to the WAN’s physical interface
MAC address on the Router.

Clone
MAC Address-

This feature will copy the MAC address of the Ethernet card, and
replace the WAN MAC address of the Router with this Ethernet
card MAC address. It is not recommended that you change the
default MAC address unless required by your ISP.

Primary DNS
Address-

Input the primary DNS address provided by your ISP

Secondary DNS
Address-

MTU-

Auto-reconnect -

Auto-backup -

(Optional) Input the Secondary DNS address provided by your ISP.

Maximum Transmission Unit; default is 1500; you may need to
change the MTU to conform to your ISP.

If enabled, the Broadband Router will automatically connect to
your ISP after your system is restarted or if the connection is
dropped.
Enabling this feature will connect your router to the Internet using
a dial-up service if your broadband connection becomes unavail­able. A subscription to a dial-up service is required for the auto­backup to work.

Address automatically

21

Using the Configuration Menu

Home > WAN > Static IP Address

If you use a Static IP Address, you will input information here that your ISP has provided
to you.

IP Address-

Subnet Mask-

ISP Gateway
Address-

Primary DNS
Address-

Secondary DNS
Address-

MTU-

Input the IP Address provided by your ISP

Input the Subnet Mask provided by your ISP

Input the Gateway address provided by your ISP

Input the primary DNS address provided by your ISP

(Optional) Input the Secondary DNS address provided by your
ISP.

Maximum Transmission Unit; default is 1500; you may need to
change the MTU to conform to your ISP.

22

Using the Configuration Menu

Home > WAN > PPPoE

Most DSL users will select this option to obtain an IP address automatically from their
ISP through the use of PPPoE.

User Name-

Password-

Service Name-

IP Address-

Primary DNS
Address-

Maximum
Idle Time-

MTU-

Your PPPoE username provided by your ISP

Your PPPoE password is provided by your ISP

(Optional) Check with your ISP for more information if they
require the use of service name.

(Optional) Enter in the IP Address if you are assigned a static
PPPoE address.

You will get the DNS IP automatically from your ISP but you
may enter a specific DNS address that you want to use instead.

(Optional) Input the secondary DNS address

Enter a maximum idle time during which Internet connection is
maintained during inactivity. To disable this feature, enable Auto-

reconnect.
Maximum Transmission Unit; default is 1492; you may need to

change the MTU to conform to your ISP.

23

Using the Configuration Menu

Home > WAN > Dial-up Network

Most Dial-up users will select this option to connect to their ISP through an analog
dial-up modem. This feature can be used as a back-up when your broadband connec­tivity is unavailable.

Dial-up Telephone -

Dial-up Account-

Dial-up Password-

Primary DNS­Seconday DNS-

Assigned
IP Address-

Extra Settings-

Maximum Idle Time-

Baud Rate-

Telephone number to connect to your ISP

Username provided by your ISP

Password provided by your ISP

If the settings are configured as “0.0.0.0,” they will be auto­matically assigned upon connection.

(Optional) Enter in the IP Address if you are assigned a static
PPPoE address.

This setting is used to optimize the communication quality
between the ISP and your analog dial-up modem. (Initializa­tion string) - optional.

Enter a maximum idle time during which Internet connection
is maintained during inactivity. To disable this feature, en­able Auto-reconnect.

The communication speed between the DI-804HV and your
modem.

24

Using the Configuration Menu

Home > WAN > PPTP

Point-to-Point Tunneling Protocol (PPTP) is a WAN connection used in Europe.

My IP Address-

My Subnet Mask-

Server IP Address-

PPTP Account-

PPTP Password-

Connection ID-

Maximum
Idle Time-

Enter the IP Address

Enter the Subnet Mask

Enter the Server IP Address

Enter the PPTP account name

Enter the PPTP password

(Optional) Enter the connection ID if required by your ISP

Enter a maximum idle time during which Internet connection is
maintained during inactivity. To disable this feature, enable Auto-

reconnect.

25

Using the Configuration Menu

Home > WAN > BigPond Cable

Dynamic IP Address for BigPond is a WAN connection used in Australia.

User Name-

Password-

Login Server IP-

Renew IP forever-

Enter in the username for the BigPond account

Enter the password for the BigPond account

(Optional) enter the Login Server name if required

If enabled, the device will automatically connect to
your ISP after your unit is restarted or when the
connection is dropped.

26

Using the Configuration Menu

Home > LAN

LAN (Local Area

Network). This is
considered your
internal network.
These are the IP
settings of the LAN
interface for the DI­804HV. These
settings may be
referred to as Private
settings. You may
change the LAN IP
address if needed.
The LAN IP address
is private to your
internal network and
cannot be seen on
the Internet.

LAN IP Address-

Subnet Mask-

Domain Name-

The IP address of the LAN interface.
The default IP address is: 192.168.0.1

The subnet mask of the LAN interface.
The default subnet mask is 255.255.255.0.

(Optional) The name of your local domain

27

Using the Configuration Menu

Home >DHCP

DHCP stands for Dynamic Host Control Protocol. The DI-804HV has a built-in DHCP

server. The DHCP Server will automatically assign an IP address to the computers on
the LAN/private network. Be sure to set your computers to be DHCP clients by setting
their TCP/IP settings to “Obtain an IP Address Automatically.” When you turn your
computers on, they will automatically load the proper TCP/IP settings provided by the
DI-804HV. The DHCP Server will automatically allocate an unused IP address from the
IP address pool to the requesting computer. You must specify the starting and ending

address of the IP address pool.

DHCP Server-

Enable or disable the DHCP service.

Starting IP
Address-

The starting IP address for the DHCP server’s IP assignment.

Ending IP
Address-

Lease Time-

The ending IP address for the DHCP server’s IP assignment.

The length of time for the DHCP lease.

DHCP Clients List- Lists the DHCP clients connected to the DI-804HV. Click

Refresh to update the list. The table will show the Host Name,

IP Address, and MAC Address of the DHCP client computer.

28

Using the Configuration Menu

Home >VPN Settings

VPN Settings are settings that are used to create virtual private tunnels to remote

VPN gateways. The tunnel technology supports data confidentiality, data origin,
authentication and data integrity of network information by utilizing encapsulation
protocols, encryption algorithms, and hashing algorithms.

VPN -

NetBIOS broadcast-

Max. number of
tunnels-

Tunnel Name-

Method-

More-

Check here to enable VPN tunnels. When you are not
using the VPN feature, it is best to keep VPN disabled.

Enable this to allow NetBIOS braodcast over the VPN
tunnels.

Select the maximum number of allowable tunnels.

Create a name for the tunnel.

IPSec VPN supports two kinds of key-obtained methods:
manual key and automatic key exchange. Manual key
approach indicates that the two endpoint VPN gateways
require setting up authentication and encryption key by
the Administrator manually. However, IKE approach will
perform automatic Internet key exchange. Admins of both
endpoint gateways will only need to set the same
pre-shared key.

For more in depth configuration to adjust
manual key or IKE method settings, click

More.

29

Using the Configuration Menu

Home >VPN Settings > Tunnel > Method>IKE

Tunnel Name-

Aggressive Mode-

Local Subnet-

Local Netmask-

Remote Subnet-

Remote Netmask-

Remote Gateway-

Preshared Key-

IKE Proposal index-

IPSec Proposal
index-

Current tunnel name.

Enabling this mode will accelerate establishing tunnel, but
the device will have less security.

The subnet of the VPN gateway’s local network. It can be a
host, a partial subnet or a whole subnet.

Local netmask combined with local subnet to form a subnet
domain.

The subnet of the remote VPN gateway’s local network. It
can be a host, a partial subnet or a whole subnet.

The subnet of the remote VPN gateway’s local network.
It can be a host, a partial subnet or a whole subnet.

The WAN IP address of remote VPN gateway.

The first key that supports IKE mechanism of both VPN
gateways for negotiating further security keys. The pre­shared key must be the same for both endpoint gateways.

Click the button to setup a set of frequent-used IKE proposals
and select from the set of IKE proposals for the tunnel.

Click the button to setup a set of frequent-used IPSec proposals
and select from the set of IKE proposals for the tunnel.

30