D Link DIR855A1 Users Manual

Section 3 - Configuration
Network Filters
Use MAC (Media Access Control) Filters to allow or deny LAN (Local Area Network) computers by their MAC addresses from accessing the Network. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the Broadband Router.
Configure MAC
Filtering:
MAC Address:
DHCP Client:
Clear:
Select Turn MAC Filtering Off, Allow MAC addresses listed below, or Deny MAC addresses listed below from the drop-down
menu.
Enter the MAC address you would like to filter.
To find the MAC address on a computer, please refer to the Networking Basics section in this manual.
Select a DHCP client from the drop-down menu and click << to copy that MAC Address.
Click to remove the MAC address.
39D-Link DIR-855 User Manual
Section 3 - Configuration
Access Control
The Access Control section allows you to control access in and out of your network. Use this feature as Parental Controls to only grant access to approved sites, limit web access based on time or dates, and/or block access from applications like P2P utilities or games.
Add Policy:
Click Next to continue with the wizard.
Click the Add Policy button to start the Access Control Wizard.
Access Control Wizard
40D-Link DIR-855 User Manual
Section 3 - Configuration
Access Control Wizard (continued)
Enter a name for the policy and then click Next to continue.
Select a schedule (I.E. Always) from the drop-down menu and then click Next to continue.
Enter the following information and then click Next to continue.
• Address Type - Select IP address, MAC address, or Other Machines.
• IP Address - Enter the IP address of the computer you want to apply the rule to.
41D-Link DIR-855 User Manual
Section 3 - Configuration
Access Control Wizard (continued)
Select the filtering method and then click Next to continue.
Enter the rule: Enable - Check to enable the rule. Name - Enter a name for your rule. Dest IP Start - Enter the starting IP address. Dest IP End - Enter the ending IP address. Protocol - Select the protocol. Dest Port Start - Enter the starting port number. Dest Port End - Enter the ending port number.
To enable web logging, click Enable.
Click Save to save the access control rule.
42D-Link DIR-855 User Manual
Section 3 - Configuration
Website Filters
Website Filters are used to allow you to set up a list of allowed Web sites that can be used by multiple users through the network. To use this feature select to Allow or Deny, enter the domain or website and click Save Settings. You must also select Apply Web Filter under the Access Control section (page 40).
Add Website
Filtering Rule:
Website URL/
Domain:
Select Allow or Deny.
Enter the keywords or URLs that you want to allow or block. Click Save Settings.
43D-Link DIR-855 User Manual
Section 3 - Configuration
Inbound Filters
The Inbound Filter option is an advanced method of controlling data received from the Internet. With this feature you can configure inbound data filtering rules that control data based on an IP address range. Inbound Filters can be used with Virtual Server, Port Forwarding, or Remote Administration features.
Name:
Action:
Enable:
Remote IP Start:
Remote IP End:
Add:
Inbound Filter
Rules List:
Enter a name for the inbound filter rule.
Select Allow or Deny.
Check to enable rule.
Enter the starting IP address. Enter 0.0.0.0 if you do not want to specify an IP range.
Enter t h e en d in g I P a d dr es s. En t er
255.255.255.255 if you do not want to specify and IP range.
Click the Add button to apply your settings. You must click Save Settings at the top to save the settings.
This section will list any rules that are created. You may click the Edit icon to change the settings or enable/disable the rule, or click the Delete icon to remove the rule.
44D-Link DIR-855 User Manual
Section 3 - Configuration
Firewall Settings
A firewall protects your network from the outside world. The DIR-855 offers a firewall type functionality. The SPI feature helps prevent cyber attacks. Sometimes you may want a computer exposed to the outside world for certain types of applications. If you choose to expose a computer, you can enable DMZ. DMZ is short for Demilitarized Zone. This option will expose the chosen computer completely to the outside world.
Enable SPI:
NAT Endpoint
Filtering:
Anti-Spoof Check:
Enable DMZ:
SPI (Stateful Packet Inspection, also known as dynamic packet filtering) helps to prevent cyber attacks by tracking more state per session. It validates that the traffic passing through the session conforms to the protocol.
Select one of the following for TCP and UDP ports: Endpoint Independent - Any incoming traffic sent to an open port will be forwarded to the application that opened the port. The port will close if idle for 5 minutes.
Address Restricted - Incoming traffic must match the IP address of the outgoing connection.
Address + Port Restriction - Incoming traffic must match the IP address and port of the outgoing connection.
Enable this feature to protect your network from certain kinds of “spoofing” attacks.
If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.
DMZ IP Address:
Note: Placing a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.
Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer obtains it’s IP address automatically using DHCP, be sure to make a static reservation on the Basic > DHCP page so that the IP address of the DMZ machine does not change.
45D-Link DIR-855 User Manual
Section 3 - Configuration
Application Level Gateway (ALG) Configuration
Here you can enable or disable ALG’s. Some protocols and applications require special handling of the IP payload to make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol or application. A number of ALGs for common applications are enabled by default.
PPTP:
IPSEC (VPN):
Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.
Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off. Please check with the system adminstrator of your corporate network whether your VPN client supports NAT traversal.
46D-Link DIR-855 User Manual
Section 3 - Configuration
Advanced Wireless Settings
802.11n/g (2.4GHz)
Transmit Power:
Beacon Period:
RTS Threshold:
Fragmentation
Threshold:
DTIM Interval:
802.11d:
Set the transmit power of the antennas.
Beacons are packets sent by an Access Point to synchronize a wireless network. Specify a value. 100 is the default setting and is recommended.
This value should remain at its default setting of
2432. If inconsistent data flow is a problem, only a minor modification should be made.
The fragmentation threshold, which is specified in bytes, determines whether packets will be fragmented. Packets exceeding the 2346 byte setting will be fragmented before transmission. 2346 is the default setting.
(Delivery Traffic Indication Message) 3 is the default setting. A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages.
This enables 802.11d operation. 802.11d is a wireless specification developed to allow implementation of wireless networks in countries that cannot use the 802.11 standard. This feature should only be enabled if you are in a country that requires it.
Wireless Isolation:
WMM Function:
A-MPDU
Aggregation:
Short GI:
When checked, it will disable the ability for computers on the wireless network from seeing each other, but will allow you to see computers on the wired network.
WMM is QoS for your wireless network. This will improve the quality of video and voice applications for your wireless clients.
Aggregated-MAC Packet Data Unit, is a group of MPDUs which built an PSDU (Physical Service Data Unit). It has lower overhead and provides robust recovery in case of loss.
Check this box to reduce the guard interval time therefore increasing the data capacity. However, it’s less reliable and may create higher data loss.
47D-Link DIR-855 User Manual
Section 3 - Configuration
Advanced Wireless Settings
802.11n/a (5GHz)
Transmit Power:
Beacon Period:
RTS Threshold:
Fragmentation
Threshold:
DTIM Interval:
802.11d:
Set the transmit power of the antennas.
Beacons are packets sent by an Access Point to synchronize a wireless network. Specify a value. 100 is the default setting and is recommended.
This value should remain at its default setting of
2432. If inconsistent data flow is a problem, only a minor modification should be made.
The fragmentation threshold, which is specified in bytes, determines whether packets will be fragmented. Packets exceeding the 2346 byte setting will be fragmented before transmission. 2346 is the default setting.
(Delivery Traffic Indication Message) 3 is the default setting. A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages.
This enables 802.11d opration. 802.11d is a wireless specification developed to allow implementation of wireless networks in countries that cannot use the 802.11 standard. This feature should only be enabled if you are in a country that requires it.
Wireless Isolation:
WMM Function:
A-MPDU
Aggregation:
Short GI:
When checked, it will disable the ability for computers on the wireless network from seeing each other, but will allow you to see computers on the wired network.
WMM is QoS for your wireless network. This will improve the quality of video and voice applications for your wireless clients.
Aggregated-MAC Packet Data Unit, is a group of MPDUs which built an PSDU (Physical Service Data Unit). It will lower overhead and provides robust recovery in case of loss.
Check this box to reduce the guard interval time therefore increasing the data capacity. However, it’s less reliable and may create higher data loss.
48D-Link DIR-855 User Manual
Section 3 - Configuration
WISH Settings
WISH is short for Wireless Intelligent Stream Handling, a technology developed to enhance your experience of using a wireless network by prioritizing the traffic of different applications.
Enable WISH:
HTTP:
Windows Media
Center:
Automatic:
Enable this option if you want to allow WISH to prioritize your traffic.
Allows the router to recognize HTTP transfers for many common audio and video streams and prioritize them above other traffic. Such streams are frequently used by digital media players.
Enables the router to recognize certain audio and video streams generated by a Windows Media Center PC and to prioritize these above other traffic. Such streams are used by systems known as Windows Media Extenders, such as the Xbox 360.
When enabled, this option causes the router to automatically attempt to prioritize traffic streams that it doesn’t otherwise recognize, based on the behaviour that the streams exhibit. This acts to deprioritize streams that exhibit bulk transfer characteristics, such as file transfers, while leaving interactive traffic, such as gaming or VoIP, running at a normal priority.
WISH Rules:
A WISH Rule identifies a specific message flow and assigns a priority to that flow. For most applications, the priority classifiers ensure the right priorities and specific WISH Rules are not required.
WISH supports overlaps between rules. If more than one rule matches for a specific message flow, the rule with the highest priority will be used.
49D-Link DIR-855 User Manual
Section 3 - Configuration
Name:
Priority:
Protocol:
Host IP Range:
Host Port Range:
Create a name for the rule that is meaningful to you.
The priority of the message flow is entered here. The four priorities are defined as:
BK: Background (least urgent) BE: Best Effort. VI: Video VO: Voice (most urgent)
The protocol used by the messages.
The rule applies to a flow of messages for which one computer’s IP address falls within the range set here.
The rule applies to a flow of messages for which host’s port number is within the range set here.
50D-Link DIR-855 User Manual
Section 3 - Configuration
Advanced Network Settings
Enable UPnP:
WAN Ping:
WAN Ping Inbound
Filter:
WAN Port Speed:
Multicast streams:
To use the Universal Plug and Play (UPnP™) feature click on Enabled. UPNP provides compatibility with networking equipment, software and peripherals.
Unchecking the box will not allow the DIR-855 to respond to pings. Blocking the Ping may provide some extra security from hackers. Check the box to allow the Internet port to be “pinged”.
Select from the drop-down menu if you would like to apply the Inbound Filter to the WAN ping. Refer to page 44 for more information regarding Inbound Filter.
You may set the port speed of the Internet port to 10Mbps, 100Mbps, or auto. Some older cable or DSL modems may require you to set the port speed to 10Mbps.
Check the box to allow multicast traffic to pass through the router from the Internet.
UPnP Internet Ping Block Internet Port Speed Multicast Streams
51D-Link DIR-855 User Manual
Loading...
+ 29 hidden pages