Loading...
D-Link DI-804HV
Broadband Hardware
VPN Router
Manual
Building Networks for People
07/25/2003
Contents
Package Contents ................................................................................ |
3 |
Introduction............................................................................................ |
4 |
Getting Started .................................................................................... |
10 |
Using the Configuration Menu.............................................................. |
11 |
Networking Basics .............................................................................. |
68 |
Reset to Factory Default Settings ........................................................ |
94 |
Technical Specifications ...................................................................... |
95 |
Frequently Asked Questions ................................................................ |
96 |
Contacting Technical Support ............................................................ |
142 |
Warranty and Registration ................................................................. |
143 |
2
Package Contents
Contents of Package:
D-Link DI-804HV Broadband Hardware VPN Router
Power Adapter – 5V DC
Ethernet (CAT5-UTP/Straight-Through) Cable
Manual on CD
Quick Installation Guide
Note: Using a power supply with a different voltage rating than the one included with the DI-804HV will cause damage and void the warranty for this product.
If any of the above items are missing, please contact your reseller.
System Requirements For Configuration:
Ethernet-Based Cable or DSL Modem
Computer with Windows, Macintosh, or Linux-based operating system with an installed Ethernet adapter
Internet Explorer version 6.x or Netscape Navigator version 6.x and above, with JavaScript enabled
3
Introduction
The D-Link DI-804HV is a 4-port Broadband Router with Virtual Private Network (VPN) functionality. It provides a complete solution for Internet surfing, office resources sharing, and secure access to remote corporate networks.. It is an ideal way to extend the reach and number of computers connected to your network.
After completing the steps outlined in the Quick Installation Guide (included in your package) you will have the ability to share information and resources.
The DI-804HV is compatible with most popular operating systems, including Macintosh, Linux and Windows, and can be integrated into a large network.
4
Connections
All Ethernet ports auto-sense cable types to accommodate straight-through or cross-over cable.
WAN port is the connection for the Ethernet cable to the Cable or DSL modem
Receptor for the
Power Adapter
COM port provides |
LAN ports provide |
serial connection for |
connections to Ethernet- |
dial-up analog modem. |
enabled devices. |
Features & Benefits
Pressing the
Reset Button restores the router to its original factory default settings.
Broadband modem and IP sharing
Connects multiple computers to a broadband (cable or DSL) modem to surf the Internet
Auto-sensing Ethernet Switch
Equipped with a 4-port auto-sensing Ethernet switch
Hardware VPN Termination Device
Supports up to 40 VPN Tunnels
VPN Pass-Through supported
Supports pass-through VPN sessions and allows you to setup VPN server and VPN clients
Firewall
Unwanted packets from outside intruders can be blocked to protect your network
DHCP server supported
All of the networked computers can retrieve TCP/IP settings automatically from the DI-804HV
Web-based configuration
Configurable through any networked computer’s web browser using Netscape or Internet Explorer
5
Features & Benefits continued
Access Control supported
Allows you to assign different access rights for different users.
Packet filter supported
Packet Filter allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination.
Virtual Server supported
Enables you to expose WWW, FTP and other services on your LAN to be accessible to Internet users.
User-Definable Application Sensing Tunnel
You can define the attributes, for instance opening special ports to allow packets to come through, to support special applications requiring multiple connections, such as Internet gaming, video conferencing, and Internet telephony. The DI-804HV can sense the application type and open a multiport tunnel for it.
DMZ Host supported
Allows a networked computer to be fully exposed to the Internet; this function is used when the special “application-sensing tunnel feature” is insufficient to allow an application to function correctly.
Introduction to Broadband
Router Technology
A router is a device that forwards data packets from a source to a destination. Routers forward data packets using IP addresses and not a MAC address. A router will forward data from the Internet to a particular computer on your LAN.
The information that resides on the Internet gets moved around using routers. When you click on a link on a web page, you send a request to a server to show you the next page. The information that is sent and received from your computer is moved from your computer to the server using routers. A router also determines the best route that your information should follow to ensure that the information is delivered properly.
A router controls the amount of data that is sent through your network by eliminating information that should not be there. This provides security for the computers connected to your router, because computers from the outside cannot access or send information directly to any computer on your network. The router determines which computer the information should be forwarded to and sends it. If the information is not intended for any computer on your network, the data is discarded. This keeps any unwanted or harmful information from accessing or damaging your network.
6
Introduction to Firewalls
A firewall is a device that sits between your computer and the Internet that prevents unauthorized access to or from your network. A firewall can be a computer using firewall software or a special piece of hardware built specifically to act as a firewall. In most circumstances, a firewall is used to prevent unauthorized Internet users from accessing private networks or corporate LAN's and Intranets.
A firewall watches all of the information moving to and from your network and analyzes each piece of data. Each piece of data is checked against a set of criteria that the administrator configures. If any data does not meet the criteria, that data is blocked and discarded. If the data meets the criteria, the data is passed through. This method is called packet filtering.
A firewall can also run specific security functions based on the type of application or type of port that is being used. For example, a firewall can be configured to work with an FTP or Telnet server. Or a firewall can be configured to work with specific UDP or TCP ports to allow certain applications or games to work properly over the Internet.
Introduction to Local Area Networking
Local Area Networking (LAN) is the term used when connecting several computers together over a small area such as a building or group of buildings. LAN's can be connected over large areas. A collection of LAN's connected over a large area is called a Wide Area Network (WAN).
A LAN consists of multiple computers connected to each other. There are many types of media that can connect computers together. The most common media is CAT5 cable (UTP or STP twisted pair wire.) Each computer must have a Network Interface Card (NIC), which communicates the data between computers. A NIC is usually a 10Mbps network card, or 10/100Mbps network card, or a wireless network card. Wireless Local Area Networks (WLANs) do not use wires; instead they communicate over radio waves.
Most networks use hardware devices such as hubs or switches that each cable can be connected to in order to continue the connection between computers. A hub simply takes any data arriving through each port and forwards the data to all other ports. A switch is more sophisticated, in that a switch can determine the destination port for a specific piece of data. A switch minimizes network traffic overhead and speeds up the communication over a network.
Networks take some time in order to plan and implement correctly. There are many ways to configure your network. You may want to take some time to determine the best network set-up for your needs.
7
Introduction to Virtual Private Networking
Virtual Private Networking (VPN) uses a publicly wired network (the Internet) to securely connect two different networks as if they were the same network. For example, an employee can access a corporate network from home using VPN, allowing the employee to access files, databases, and other networked resources. Here are several different implementations of VPN that can be used.
Point-to-Point Tunneling Protocol (PPTP)
PPTP uses proprietary means of connecting two private networks over the Internet. PPTP is a way of securing the information that is communicated between networks. PPTP secures information by encrypting the data inside of a packet.
IP Security (IPSec)
IPSec provides a more secure network-to-network connection across the Internet or a Wide Area Network (WAN). IPSec encrypts all communication between the client and server whereas PPTP only encrypts the data packets.
Both of these VPN implementations are used because there is not a standard for VPN server software. Because of this, each ISP or business can implement its own VPN network making interoperability a challenge.
8
LEDS
LED stands for Light-Emitting Diode. The DI-804HV has the following LEDs as described below:
|
|
LED |
LED Activity |
|
|
|
Power |
A steady light indicates |
|
|
|
|
a connection to a power source |
|
|
|
|
|
|
|
|
M1 LED |
Flashes once per second to indicate an |
|
|
|
active system |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
M2 LED |
Lights up when the device has an Internet |
|
|
|
connection |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A solid light indicates connection on the |
|
|
|
WAN |
WAN port. This LED blinks during data |
|
|
|
|
transmission |
|
|
|
|
|
|
|
|
COM |
A solid light indicates a connection to an |
|
|
|
external dial-up analog modem |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LOCAL |
A solid light indicates a connection to an |
|
|
|
NETWORK |
Ethernet-enabled computer on ports 1-4. This |
|
|
|
(Ports 1-4) |
LED blinks during data transmission |
|
|
|
|
|
|
9
Getting Started
For additional information about setting up a network, see:
Networking Basics
Using the Configuration
Menu
|
|
1 |
6 |
2 |
5 |
|
4
3
For a typical network setup in a home or small office (as shown above), please do the following:
You will need broadband Internet access (a Cable or DSL subscription line into your home or office).
Consult with your Cable or DSL provider for proper installation of the modem.
Connect the Cable or DSL modem to the DI-804HV wireless broadband router (see the Quick Installation Guide included with the DI-804HV.)
If you are connecting a desktop computer to your network and you need an Ethernet connection, you can install the D-Link DFE-530TX+ Ethernet adapter into an available PCI slot. (See the Quick Installation Guide included with the DFE-530TX+.)
If you are connecting a laptop computer to your network, install the drivers for the Ethernet Cardbus adapter (e.g., D-Link DFE-690TXD) into a laptop computer.(See the Quick Installation Guide included with the DFE-690TXD.)
You may connect an analog modem (optional) to function as a backup to the DI804HV. To use a backup modem, you must have dial-up service.
10
Using the Configuration Menu
Whenever you want to configure your network or the DI-804HV, you can access the Configuration Menu by opening the web-browser (i.e., Internet Explorer or Netscape Navigator) and typing in the IP Address of the DI-804HV. The DI-804HV default IP Address is shown below:
Open the web browser
Type in the IP Address of
the DI-804HV (http://192.168.0.1) |
http://192.168.0.1 |
|
Note: If you have changed the default IP Address assigned to the DI-804HV, make sure to enter the correct IP Address.
The factory default User name is admin and the default Password is blank (empty). It is recommended that you change the admin password for security purposes. Please refer to Tools>Admin to change the admin password.
Home > Wizard
The Home>Wizard screen will appear. Please refer to the
Quick Installation Guide for more information regarding the Setup Wizard.
Clicking Apply will save changes made to the page
Apply
Clicking Cancel will clear changes made to the page
Cancel
Clicking Help will bring up helpful information regarding the page
Help
Clicking Restart will restart the router. (Necessary for some changes.)
Restart |
11 |
|
Using the Configuration Menu
Setup Wizard
Once you have logged in, the
Home screen will appear.
Click Run Wizard
The welcome screen outlines the steps to complete the setup
wizard. Click Next to continue.
Click Next
12
Using the Configuration Menu
Setup Wizard > Set Password
Click Next
Old Password-
New Password-
Reconfirm-
This information is masked.
Type in the new password for the admin account.
Type in the new password again to confirm. Click Next to continue with the Setup Wizard.
13
Using the Configuration Menu
Setup Wizard > Time Zone
Select the appropriate time zone for your location-
Select the proper time zone. Selections can be made by clicking on the drop down list.
Click Next to continue.
Click Next
Setup Wizard > Connection Type (WAN)
Select Your Internet Connection-
You will be prompted to select the type of internet connection for your router. Choose the appropriate selection and click
Next to continue.
Click Next
If you are unsure of which setting to select, please contact your Internet Service Provider.
Select Others only if you use PPTP in Europe or Big Pond
Cable in Australia.
14
Using the Configuration Menu
Setup Wizard > Set Dynamic IP Address
Click Next
If your ISP uses Dynamic IP Address, this screen will appear: (Used mainly for
Cable Internet service.)
Host Name- |
Host name is the section where you input the name of your |
|
ISP. This section is optional and is not required to be filled in. |
MAC Address- |
Each network adapter has a discrete Media Access Control |
|
(MAC) address. Note that some computer and peripherals may |
|
already include built-in network adapter. |
Clone MAC
Address-
By clicking on Clone MAC Address, the DI-804HV will automatically copy the MAC address of the network adapter in your computer. You can also manually type in the MAC address.
Click Next to continue.
15
Using the Configuration Menu
Setup Wizard > Set Static IP Address
Click Next
If your ISP uses a Static IP Address, and this option is selected, then this screen will appear.
WAN IP Address- If your ISP requires a Static IP Address, and this option is selected, then this screen appear. Enter the IP address information originally provided to you by your ISP. You will need to
complete all the required fields.
WAN Subnet Mask-
WAN Gateway-
Primary DNS-
Secondary DNS-
The subnet for the DI-804HV is preconfigured to 255.255.255.0. Configurations can be made in, but not recommended. This
feature is for advanced users.
This information is provided by your ISP.
The Primary DNS can be found by contacting the ISP.
The Secondary DNS can be found by contacting the ISP.
16
Using the Configuration Menu
Setup Wizard > PPPoE
Click Next
If your ISP uses PPPoE (Point-to-Point Protocol over Ethernet), and this option is selected, then this screen will appear: (Used mainly for DSL Internet service.)
PPPoE Account- |
Enter in the username provided to you by your ISP. |
PPPoE Password- Enter in the password provided to you by your ISP.
PPPoE Service |
Enter in the name of your service provider. This is an optional |
Name- |
field and is not necessary to be filled in. |
17
Using the Configuration Menu
Setup Wizard
Click Next
Configure this section only if you have an analog dial-up account. Otherwise click Next to skip.
Dial-up
Telephone-
Dial-up Account-
Dial-up Password-
Enter the telephone number to connect to your ISP.
This information is provided by your ISP. The Dial-up Account is also known as username.
Enter in the password to log into your Dial-up account.
Primary DNS- |
The Primary DNS can be found by contacting the ISP. |
Secondary DNS- |
The Secondary DNS can be found by contacting the ISP. |
18
Using the Configuration Menu
Setup Wizard
Click Restart
Back-
Restart-
Exit-
Click on Back button to go back to previous page.
Click on Restart button to finalize the settings made.
Click on Exit button to end the Setup Wizard without saving any changes.
19
Using the Configuration Menu
Home > WAN
Choose WAN Type
WAN stands for Wide Area Network. In this case WAN represents the mode in which you connect to the Internet. If you are uncertain, please ask your ISP which of the
following represents your connection mode to the Internet:
Dynamic
IP Address-
Static IP Address-
PPPoE-
Dial-up Network -
Others-
PPTP-
Big Pond Cable-
Obtain an IP address from your ISP automatically (mainly for Cable users)
Your ISP assigns you a Static IP Address
Some ISPs require the use of PPPoE to connect to their services (mainly for DSL users)
Dial-up users can select this option to connect to their ISP through an analog dial-up modem if broadband connectivity
is unavailable.
For use in Europe only
For use in Australia only
20
Using the Configuration Menu
Home > WAN > Dynamic IP Address
Most Cable modem users will select this option to obtain an IP Address automatically from their ISP (Internet Service Provider).
Host Name-
MAC Address-
Clone
MAC Address-
Primary DNS
Address-
Secondary DNS
Address-
MTU-
Auto-reconnect -
Auto-backup -
This is optional, but may be required by some ISPs. The host name is the device name of the Router.
The default MAC Address is set to the WAN’s physical interface MAC address on the Router.
This feature will copy the MAC address of the Ethernet card, and replace the WAN MAC address of the Router with this Ethernet card MAC address. It is not recommended that you change the default MAC address unless required by your ISP.
Input the primary DNS address provided by your ISP
(Optional) Input the Secondary DNS address provided by your ISP.
Maximum Transmission Unit; default is 1500; you may need to change the MTU to conform to your ISP.
If enabled, the Broadband Router will automatically connect to your ISP after your system is restarted or if the connection is dropped.
Enabling this feature will connect your router to the Internet using a dial-up service if your broadband connection becomes unavailable. A subscription to a dial-up service is required for the auto-
backup to work. |
21 |
|
Using the Configuration Menu
Home > WAN > Static IP Address
If you use a Static IP Address, you will input information here that your ISP has provided to you.
IP Address-
Subnet Mask-
ISP Gateway
Address-
Primary DNS
Address-
Secondary DNS
Address-
MTU-
Input the IP Address provided by your ISP
Input the Subnet Mask provided by your ISP
Input the Gateway address provided by your ISP
Input the primary DNS address provided by your ISP
(Optional) Input the Secondary DNS address provided by your ISP.
Maximum Transmission Unit; default is 1500; you may need to change the MTU to conform to your ISP.
22
Using the Configuration Menu
Home > WAN > PPPoE
Most DSL users will select this option to obtain an IP address automatically from their ISP through the use of PPPoE.
User Name-
Password-
Service Name-
IP Address-
Primary DNS
Address-
Maximum
Idle Time-
MTU-
Your PPPoE username provided by your ISP
Your PPPoE password is provided by your ISP
(Optional) Check with your ISP for more information if they require the use of service name.
(Optional) Enter in the IP Address if you are assigned a static PPPoE address.
You will get the DNS IP automatically from your ISP but you may enter a specific DNS address that you want to use instead.
(Optional) Input the secondary DNS address
Enter a maximum idle time during which Internet connection is maintained during inactivity. To disable this feature, enable Autoreconnect.
Maximum Transmission Unit; default is 1492; you may need to change the MTU to conform to your ISP.
23
Using the Configuration Menu
Home > WAN > Dial-up Network
Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broadband connectivity is unavailable.
Dial-up Telephone -
Dial-up Account-
Dial-up Password-
Primary DNS-
Seconday DNS-
Assigned
IP Address-
Extra Settings-
Telephone number to connect to your ISP
Username provided by your ISP
Password provided by your ISP
If the settings are configured as “0.0.0.0,” they will be automatically assigned upon connection.
(Optional) Enter in the IP Address if you are assigned a static PPPoE address.
This setting is used to optimize the communication quality between the ISP and your analog dial-up modem. (Initialization string) - optional.
Maximum Idle Time- Enter a maximum idle time during which Internet connection is maintained during inactivity. To disable this feature, en-
|
able Auto-reconnect. |
|
Baud Rate- |
The communication speed between the DI-804HV and your |
|
|
modem. |
24 |
|
|
|
Using the Configuration Menu
Home > WAN > PPTP
Point-to-Point Tunneling Protocol (PPTP) is a WAN connection used in Europe.
My IP Address-
My Subnet Mask-
Server IP Address-
PPTP Account-
PPTP Password-
Connection ID-
Maximum
Idle Time-
Enter the IP Address
Enter the Subnet Mask
Enter the Server IP Address
Enter the PPTP account name
Enter the PPTP password
(Optional) Enter the connection ID if required by your ISP
Enter a maximum idle time during which Internet connection is maintained during inactivity. To disable this feature, enable Autoreconnect.
25
Using the Configuration Menu
Home > WAN > BigPond Cable
Dynamic IP Address for BigPond is a WAN connection used in Australia.
User Name-
Password-
Login Server IP-
Renew IP forever-
Enter in the username for the BigPond account
Enter the password for the BigPond account
(Optional) enter the Login Server name if required
If enabled, the device will automatically connect to your ISP after your unit is restarted or when the connection is dropped.
26
Using the Configuration Menu
Home > LAN
LAN IP Address-
Subnet Mask-
LAN (Local Area Network). This is considered your internal network. These are the IP settings of the LAN interface for the DI804HV. These settings may be referred to as Private settings. You may change the LAN IP address if needed. The LAN IP address is private to your internal network and cannot be seen on the Internet.
The IP address of the LAN interface.
The default IP address is: 192.168.0.1
The subnet mask of the LAN interface.
The default subnet mask is 255.255.255.0.
Domain Name- (Optional) The name of your local domain
27
Using the Configuration Menu
Home >DHCP
DHCP stands for Dynamic Host Control Protocol. The DI-804HV has a built-in DHCP server. The DHCP Server will automatically assign an IP address to the computers on the LAN/private network. Be sure to set your computers to be DHCP clients by setting their TCP/IP settings to “Obtain an IP Address Automatically.” When you turn your computers on, they will automatically load the proper TCP/IP settings provided by the DI-804HV. The DHCP Server will automatically allocate an unused IP address from the IP address pool to the requesting computer. You must specify the starting and ending
address of the IP address pool.
DHCP Server-
Starting IP
Address-
Ending IP
Address-
Lease Time-
DHCP Clients List-
Enable or disable the DHCP service.
The starting IP address for the DHCP server’s IP assignment.
The ending IP address for the DHCP server’s IP assignment.
The length of time for the DHCP lease.
Lists the DHCP clients connected to the DI-804HV. Click Refresh to update the list. The table will show the Host Name, IP Address, and MAC Address of the DHCP client computer.
28
Using the Configuration Menu
Home >VPN Settings
VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways. The tunnel technology supports data confidentiality, data origin, authentication and data integrity of network information by utilizing encapsulation protocols, encryption algorithms, and hashing algorithms.
VPN -
NetBIOS broadcast-
Max. number of tunnels-
Tunnel Name-
Method-
More-
Check here to enable VPN tunnels. When you are not using the VPN feature, it is best to keep VPN disabled.
Enable this to allow NetBIOS braodcast over the VPN tunnels.
Select the maximum number of allowable tunnels.
Create a name for the tunnel.
IPSec VPN supports two kinds of key-obtained methods: manual key and automatic key exchange. Manual key approach indicates that the two endpoint VPN gateways require setting up authentication and encryption key by the Administrator manually. However, IKE approach will perform automatic Internet key exchange. Admins of both endpoint gateways will only need to set the same pre-shared key.
For more in depth configuration to adjust manual key or IKE method settings, click
More.
29
Using the Configuration Menu
Home >VPN Settings > Tunnel > Method>IKE
Tunnel Name-
Aggressive Mode-
Local Subnet-
Local Netmask-
Remote Subnet-
Current tunnel name.
Enabling this mode will accelerate establishing tunnel, but the device will have less security.
The subnet of the VPN gateway’s local network. It can be a host, a partial subnet or a whole subnet.
Local netmask combined with local subnet to form a subnet domain.
The subnet of the remote VPN gateway’s local network. It can be a host, a partial subnet or a whole subnet.
Remote Netmask-
Remote Gateway-
Preshared Key-
The subnet of the remote VPN gateway’s local network. It can be a host, a partial subnet or a whole subnet.
The WAN IP address of remote VPN gateway.
The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys. The preshared key must be the same for both endpoint gateways.
IKE Proposal index- Click the button to setup a set of frequent-used IKE proposals and select from the set of IKE proposals for the tunnel.
IPSec Proposal |
Click the button to setup a set of frequent-used IPSec proposals |
index- |
and select from the set of IKE proposals for the tunnel. |
|
30
Loading...