D Link DIR855A1 Users Manual

Section 3 - Configuration

Network Filters

Use MAC (Media Access Control) Filters to allow or deny LAN (Local Area Network) computers by their MAC addresses
from accessing the Network. You can either manually add a MAC address or select the MAC address from the list of
clients that are currently connected to the Broadband Router.

Configure MAC

Filtering:

MAC Address:

DHCP Client:

Clear:

Select Turn MAC Filtering Off, Allow MAC
addresses listed below, or Deny MAC
addresses listed below from the drop-down

menu.

Enter the MAC address you would like to
filter.

To find the MAC address on a computer,
please refer to the Networking Basics section
in this manual.

Select a DHCP client from the drop-down menu
and click << to copy that MAC Address.

Click to remove the MAC address.

39D-Link DIR-855 User Manual

Section 3 - Configuration

Access Control

The Access Control section allows you to control access in and out of your network. Use this feature as Parental Controls
to only grant access to approved sites, limit web access based on time or dates, and/or block access from applications
like P2P utilities or games.

Add Policy:

Click Next to continue with the wizard.

Click the Add Policy button to start the Access
Control Wizard.

Access Control Wizard

40D-Link DIR-855 User Manual

Section 3 - Configuration

Access Control Wizard (continued)

Enter a name for the policy and then click Next to continue.

Select a schedule (I.E. Always) from the drop-down menu
and then click Next to continue.

Enter the following information and then click Next to
continue.

• Address Type - Select IP address, MAC address, or
Other Machines.

• IP Address - Enter the IP address of the computer
you want to apply the rule to.

41D-Link DIR-855 User Manual

Section 3 - Configuration

Access Control Wizard (continued)

Select the filtering method and then click Next to continue.

Enter the rule:
Enable - Check to enable the rule.
Name - Enter a name for your rule.
Dest IP Start - Enter the starting IP address.
Dest IP End - Enter the ending IP address.
Protocol - Select the protocol.
Dest Port Start - Enter the starting port number.
Dest Port End - Enter the ending port number.

To enable web logging, click Enable.

Click Save to save the access control rule.

42D-Link DIR-855 User Manual

Section 3 - Configuration

Website Filters

Website Filters are used to allow you to set up a list of allowed Web sites that can be used by multiple users through
the network. To use this feature select to Allow or Deny, enter the domain or website and click Save Settings. You
must also select Apply Web Filter under the Access Control section (page 40).

Add Website

Filtering Rule:

Website URL/

Domain:

Select Allow or Deny.

Enter the keywords or URLs that you want to
allow or block. Click Save Settings.

43D-Link DIR-855 User Manual

Section 3 - Configuration

Inbound Filters

The Inbound Filter option is an advanced method of controlling data received from the Internet. With this feature you
can configure inbound data filtering rules that control data based on an IP address range. Inbound Filters can be used
with Virtual Server, Port Forwarding, or Remote Administration features.

Name:

Action:

Enable:

Remote IP Start:

Remote IP End:

Add:

Inbound Filter

Rules List:

Enter a name for the inbound filter rule.

Select Allow or Deny.

Check to enable rule.

Enter the starting IP address. Enter 0.0.0.0
if you do not want to specify an IP range.

Enter t h e en d in g I P a d dr es s. En t er

255.255.255.255 if you do not want to
specify and IP range.

Click the Add button to apply your settings.
You must click Save Settings at the top to
save the settings.

This section will list any rules that are created.
You may click the Edit icon to change the
settings or enable/disable the rule, or click
the Delete icon to remove the rule.

44D-Link DIR-855 User Manual

Section 3 - Configuration

Firewall Settings

A firewall protects your network from the outside world. The DIR-855 offers a firewall type functionality. The SPI feature
helps prevent cyber attacks. Sometimes you may want a computer exposed to the outside world for certain types of
applications. If you choose to expose a computer, you can enable DMZ. DMZ is short for Demilitarized Zone. This option
will expose the chosen computer completely to the outside world.

Enable SPI:

NAT Endpoint

Filtering:

Anti-Spoof Check:

Enable DMZ:

SPI (Stateful Packet Inspection, also known as dynamic packet
filtering) helps to prevent cyber attacks by tracking more state per
session. It validates that the traffic passing through the session
conforms to the protocol.

Select one of the following for TCP and UDP ports:
Endpoint Independent - Any incoming traffic sent to an open port
will be forwarded to the application that opened the port. The port
will close if idle for 5 minutes.

Address Restricted - Incoming traffic must match the IP address
of the outgoing connection.

Address + Port Restriction - Incoming traffic must match the IP
address and port of the outgoing connection.

Enable this feature to protect your network from certain kinds of
“spoofing” attacks.

If an application has trouble working from behind the router, you
can expose one computer to the Internet and run the application
on that computer.

DMZ IP Address:

Note: Placing a computer in the DMZ may expose that computer to
a variety of security risks. Use of this option is only recommended
as a last resort.

Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer
obtains it’s IP address automatically using DHCP, be sure to make a static reservation on the Basic > DHCP page so that
the IP address of the DMZ machine does not change.

45D-Link DIR-855 User Manual

Section 3 - Configuration

Application Level Gateway (ALG) Configuration

Here you can enable or disable ALG’s. Some protocols and applications require special handling of the IP payload to
make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol
or application. A number of ALGs for common applications are enabled by default.

PPTP:

IPSEC (VPN):

Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.

Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec
through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your
corporate network, try turning this ALG off. Please check with the system adminstrator of your corporate network whether
your VPN client supports NAT traversal.

46D-Link DIR-855 User Manual

Section 3 - Configuration

Advanced Wireless Settings

802.11n/g (2.4GHz)

Transmit Power:

Beacon Period:

RTS Threshold:

Fragmentation

Threshold:

DTIM Interval:

802.11d:

Set the transmit power of the antennas.

Beacons are packets sent by an Access Point to
synchronize a wireless network. Specify a value.
100 is the default setting and is recommended.

This value should remain at its default setting of

2432. If inconsistent data flow is a problem, only
a minor modification should be made.

The fragmentation threshold, which is specified
in bytes, determines whether packets will be
fragmented. Packets exceeding the 2346 byte
setting will be fragmented before transmission.
2346 is the default setting.

(Delivery Traffic Indication Message) 3 is the default setting. A DTIM is a countdown informing clients of the next window
for listening to broadcast and multicast messages.

This enables 802.11d operation. 802.11d is a wireless specification developed to allow implementation of wireless networks in
countries that cannot use the 802.11 standard. This feature should only be enabled if you are in a country that requires it.

Wireless Isolation:

WMM Function:

A-MPDU

Aggregation:

Short GI:

When checked, it will disable the ability for computers on the wireless network from seeing each other, but will allow you to
see computers on the wired network.

WMM is QoS for your wireless network. This will improve the quality of video and voice applications for your wireless
clients.

Aggregated-MAC Packet Data Unit, is a group of MPDUs which built an PSDU (Physical Service Data Unit). It has lower
overhead and provides robust recovery in case of loss.

Check this box to reduce the guard interval time therefore increasing the data capacity. However, it’s less reliable and may
create higher data loss.

47D-Link DIR-855 User Manual

Section 3 - Configuration

Advanced Wireless Settings

802.11n/a (5GHz)

Transmit Power:

Beacon Period:

RTS Threshold:

Fragmentation

Threshold:

DTIM Interval:

802.11d:

Set the transmit power of the antennas.

Beacons are packets sent by an Access Point to
synchronize a wireless network. Specify a value.
100 is the default setting and is recommended.

This value should remain at its default setting of

2432. If inconsistent data flow is a problem, only
a minor modification should be made.

The fragmentation threshold, which is specified
in bytes, determines whether packets will be
fragmented. Packets exceeding the 2346 byte
setting will be fragmented before transmission.
2346 is the default setting.

(Delivery Traffic Indication Message) 3 is the
default setting. A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast
messages.

This enables 802.11d opration. 802.11d is a wireless specification developed to allow implementation of wireless networks in
countries that cannot use the 802.11 standard. This feature should only be enabled if you are in a country that requires it.

Wireless Isolation:

WMM Function:

A-MPDU

Aggregation:

Short GI:

When checked, it will disable the ability for computers on the wireless network from seeing each other, but will allow you to
see computers on the wired network.

WMM is QoS for your wireless network. This will improve the quality of video and voice applications for your wireless
clients.

Aggregated-MAC Packet Data Unit, is a group of MPDUs which built an PSDU (Physical Service Data Unit). It will lower
overhead and provides robust recovery in case of loss.

Check this box to reduce the guard interval time therefore increasing the data capacity. However, it’s less reliable and may
create higher data loss.

48D-Link DIR-855 User Manual

Section 3 - Configuration

WISH Settings

WISH is short for Wireless Intelligent Stream Handling, a technology developed to enhance your experience of using
a wireless network by prioritizing the traffic of different applications.

Enable WISH:

HTTP:

Windows Media

Center:

Automatic:

Enable this option if you want to allow WISH
to prioritize your traffic.

Allows the router to recognize HTTP transfers
for many common audio and video streams
and prioritize them above other traffic. Such
streams are frequently used by digital media
players.

Enables the router to recognize certain audio
and video streams generated by a Windows
Media Center PC and to prioritize these above
other traffic. Such streams are used by systems
known as Windows Media Extenders, such as
the Xbox 360.

When enabled, this option causes the router
to automatically attempt to prioritize traffic
streams that it doesn’t otherwise recognize,
based on the behaviour that the streams
exhibit. This acts to deprioritize streams that
exhibit bulk transfer characteristics, such as
file transfers, while leaving interactive traffic,
such as gaming or VoIP, running at a normal
priority.

WISH Rules:

A WISH Rule identifies a specific message flow and assigns a priority to that flow. For most applications, the priority classifiers
ensure the right priorities and specific WISH Rules are not required.

WISH supports overlaps between rules. If more than one rule matches for a specific message flow, the rule with the highest
priority will be used.

49D-Link DIR-855 User Manual

Section 3 - Configuration

Name:

Priority:

Protocol:

Host IP Range:

Host Port Range:

Create a name for the rule that is meaningful
to you.

The priority of the message flow is entered
here. The four priorities are defined as:

BK: Background (least urgent)
BE: Best Effort.
VI: Video
VO: Voice (most urgent)

The protocol used by the messages.

The rule applies to a flow of messages for which one computer’s IP address falls within the range set here.

The rule applies to a flow of messages for which host’s port number is within the range set here.

50D-Link DIR-855 User Manual

Section 3 - Configuration

Advanced Network Settings

Enable UPnP:

WAN Ping:

WAN Ping Inbound

Filter:

WAN Port Speed:

Multicast streams:

To use the Universal Plug and Play (UPnP™) feature
click on Enabled. UPNP provides compatibility with
networking equipment, software and peripherals.

Unchecking the box will not allow the DIR-855 to
respond to pings. Blocking the Ping may provide
some extra security from hackers. Check the box
to allow the Internet port to be “pinged”.

Select from the drop-down menu if you would
like to apply the Inbound Filter to the WAN ping.
Refer to page 44 for more information regarding
Inbound Filter.

You may set the port speed of the Internet port
to 10Mbps, 100Mbps, or auto. Some older cable
or DSL modems may require you to set the port
speed to 10Mbps.

Check the box to allow multicast traffic to pass
through the router from the Internet.

UPnP
Internet Ping Block
Internet Port Speed
Multicast Streams

51D-Link DIR-855 User Manual