D-Link DRO-210i User Manual
DRO-210i
Broadband Business Gateway
User Guide
(Updated for Firmware Revision 2.1.2)
D-Link India Ltd.,
Software and R&D Center,
Bangalore.
Phone: 91-80-26788345/46/50/51
www.dlink.co.in
Table Of Contents
ABOUT THIS MANUAL .............................................................................. 4
1 PRODUCT OVERVIEW ............................................................................ 5
1.1 HARDWARE DETAILS ................................................................................................. 6
1.2 SOFTWARE FEATURES ............................................................................................... 9
2 INTERFACES ........................................................................................... 12
2.1 PORT CONFIGURATION ............................................................................................ 12
2.2 LAN INTERFACE ..................................................................................................... 13
2.3 DMZ INTERFACE..................................................................................................... 13
2.4 WAN INTERFACE .................................................................................................... 14
2.4.1 Static Mode ................................................................................................................................ 15
2.4.2 Dynamic Mode ........................................................................................................................... 15
2.4.3 PPPoE Mode.............................................................................................................................. 16
3 DHCP, DNS AND TIME .......................................................................... 18
3.1 DHCP...................................................................................................................... 18
3.1.1 DHCP Server ............................................................................................................................. 18
3.1.2 DHCP Static Mapping ............................................................................................................... 19
3.1.3 DHCP Relay............................................................................................................................... 20
3.2 DNS PROXY ............................................................................................................. 21
3.3 TIME ........................................................................................................................ 22
4 ROUTING.................................................................................................. 23
4.1 STATIC ROUTING ..................................................................................................... 24
4.2 DYNAMIC ROUTING.................................................................................................. 24
4.3 ROUTING TABLE ...................................................................................................... 26
4.4 POLICY BASED ROUTING ......................................................................................... 26
5 HIGH AVAILABILITY............................................................................ 28
5.1 AUTO BACKUP.......................................................................................................... 28
5.2 LOAD BALANCING.................................................................................................... 29
5.3 ETHERNET LINK DETECTION................................................................................... 29
6 NETWORK ADDRESS TRANSLATION ............................................... 31
6.1 NAT......................................................................................................................... 31
6.1.1 NAT Interface Configuration ..................................................................................................... 31
6.1.2 NAT Configuration..................................................................................................................... 32
6.1.3 NAT Exception ........................................................................................................................... 32
6.2 VIRTUAL SERVER ..................................................................................................... 33
6.3 SIP-ALG ................................................................................................................. 34
6.4 NAT TABLE ............................................................................................................. 35
7 FIREWALL ............................................................................................... 36
7.1 FIREWALL POLICIES ................................................................................................ 36
7.1.1 Interface Configuration.............................................................................................................. 36
7.1.2 Policy Rules ............................................................................................................................... 37
7.1.3 Inbound Policies ........................................................................................................................ 38
7.1.4 Outbound Policies...................................................................................................................... 39
7.1.5 Domain Filter............................................................................................................................. 42
7.1.6 Web Filter .................................................................................................................................. 43
7.1.7 MAC Filter ................................................................................................................................. 45
7.1.8 Blocking Log .............................................................................................................................. 45
7.2 INTRUSION DETECTION ........................................................................................... 46
7.2.1 IDS Configuration...................................................................................................................... 46
7.2.2 Intrusion Log.............................................................................................................................. 48
7.2.3 Black List ................................................................................................................................... 48
8 VIRTUAL PRIVATE NETWORK........................................................... 49
8.1 IPSEC TUNNEL OR PASSTHROUGH .......................................................................... 50
8.2 PEER-TO-PEER........................................................................................................ 50
8.3 IPSEC SERVER......................................................................................................... 53
8.4 TUNNEL TABLE ........................................................................................................ 55
8.5 IPSEC STATUS ......................................................................................................... 56
8.6 IPSEC LOG .............................................................................................................. 57
9 QUALITY OF SERVICE.......................................................................... 58
9.1 HIERARCHICAL TOKEN BUCKET (HTB) .................................................................. 58
9.1.1 Class Configuration ................................................................................................................... 58
9.1.2 Filter Configuration ................................................................................................................... 60
9.2 TOS/DIFFSERV ....................................................................................................... 61
10 ADMINISTRATION............................................................................... 63
10.1 DEVICE INFORMATION .......................................................................................... 63
10.2 TRAFFIC STATISTICS ............................................................................................. 64
10.3 SESSION LOG ......................................................................................................... 64
10.4 SYSLOG.................................................................................................................. 65
10.5 PASSWORD CHANGE .............................................................................................. 65
10.6 SYSTEM .................................................................................................................. 66
10.7 UPLOAD/DOWNLOAD ............................................................................................. 67
10.8 PING TEST ............................................................................................................. 68
10.9 REMOTE ACCESS ................................................................................................... 68
11 FREQUENTLY ASKED QUESTIONS ................................................. 70
11.1 GENERAL ............................................................................................................... 70
11.2 DHCP, DNS.......................................................................................................... 71
11.3 ROUTING................................................................................................................ 72
11.4 HIGH AVAILABILITY .............................................................................................. 72
11.5 FIREWALL.............................................................................................................. 73
11.6 NAT....................................................................................................................... 75
11.7 VPN....................................................................................................................... 76
11.8 QOS ....................................................................................................................... 77
About This Manual
Web UI
This document provides information related to the installation and configuration of DRO210i along with a description of all its features. This document is intended for service
providers and network administrators who guide the network infrastructure deployment
in enterprises.
Note: Copyright to this manual is owned by D-Link India Ltd. This document shall not
be reproduced, distributed or copied without the permission from D-Link India Ltd.
Conventions
This document uses the following notational conventions:
bold
Italics This text format is used to highlight specific
This text format is used to give strong emphasis.
keywords, notes and cautions.
This icon is used to indicate that the Web User
Interface is explained.
This icon is used to highlight important notes
regarding the router.
This icon is used to caution the user about the
adverse affects of specific router configurations.
Product Overview
1 Product Overview
DRO-210i is a part of D-Link's DRO-2XX Business Gateway series, especially designed
as an all-in-one network solution for small and medium businesses. Today's network
infrastructure for small and medium business calls for highly reliable connectivity,
comprehensive security features and high throughput with sophisticated QoS to support
Voice/Video over IP. Such a network infrastructure can be implemented with different
boxes, but the cost, performance bottlenecks and interoperability issues make such an
approach impractical. DRO-2XX Business Gateways are a cost-effective, all-in-one-box
solution for converged network infrastructure of small and medium businesses.
Some of the key features of DRO-210i Broadband Business Gateway are:
Dual WAN Connectivity
The router supports Dual Ethernet Ports for xDSL connectivity. xDSL connectivity is
cheap, but more susceptible to outages. With two xDSL links, DRO-210i ensures high
reliability, and also the benefit of double internet capacity.
Converged Network Support
The router provides the following features to support Data, Voice and Video services
over the same IP Network:
Application Level Gateway support for Voice/Video over IP enables successful
deployment of voice/video equipment by addressing the interoperability issues
with Firewall/NAT devices.
QoS support allows prioritization, bandwidth reservation and upper ceiling for
each class of service. This enables optimal and dynamic utilization of bandwidth,
while guaranteeing voice and video quality.
Secure Remote Management
Administrators can remotely provision the router over a secure SSL-based Web User
Interface. He can also perform remote software upgrades and remote monitoring to
ensure smooth operation of the network.
Self monitoring and Restart
This feature monitors the health of the system and automatically restarts in panic cases,
without a need of intervention from the user; thus ensuring minimal system downtime in
case of failures.
Built-in Hardware accelerator
The router platform uses Intel’s XScale Architecture with on-board hardware crypto
accelerator. The hardware accelerator enables high-performance VPN connectivity for
branch offices and teleworkers requiring secure access to the corporate network
resources.
Dlink DRO-210i User Guide 5
Product Overview
1.1 Hardware Details
DRO-210i Package Contents
The DRO-210i package contains the following items:
DRO-210i Broadband
Business Gateway
2 Straight Ethernet
Cables
1 Cross Over
Ethernet Cable
1 Power cord
1 AC-DC Adapter
4 Stack rubber feet
1 CD with User Manual
& Quick Install Guide
Dlink DRO-210i User Guide 6
Product Overview
WAN1 LED
Power
WAN2 LED
Front Panel
The front panel provides the LEDs to indicate the status of the router.
Module Status Description
Power On ON
OFF
WAN1 LED Ready ON: Link and Protocol is UP
OFF: Link or Protocol is DOWN
WAN2 LED Ready ON: Link and Protocol is UP
OFF: Link or Protocol is DOWN
Dlink DRO-210i User Guide 7
Product Overview
RESET
5V/3A DC
INPUT
LAN
LAN/DMZ
CONSOLE
Rear Panel
The rear panel provides the router’s ports and reset button.
LAN/WAN2
WAN1
Input AC 230v
Interface Description
RESET Restore the Factory Default Settings in the router
LAN 10/100Mbps Ethernet LAN Ports (RJ-45)
LAN/DMZ 10/100Mbps Ethernet Port (RJ-45) - configurable
as LAN or DMZ Port
LAN/WAN2 10/100Mbps Ethernet Port (RJ-45) - configurable
as LAN or WAN2 Port
WAN1 10/100Mbps Ethernet WAN1 Port (RJ-45)
CONSOLE DB-9 Console Port
5V/3A DC INPUT Input Voltage 5V, 3A DC
Dlink DRO-210i User Guide 8
Product Overview
1.2 Software Features
The router has rich features like routing, load-balancing, auto backup, firewall access
control, secure VPN connectivity, network address translation, quality of service and
remote management satisfying most of the needs of the SMB market.
Routing
The router supports static, dynamic and policy-based routing.
Static Routing - The network administrator can manually configure the routes
according to his network topology.
RIP - The Routing Information Protocol (or RIP) enables the routes to be learnt
dynamically, avoiding cumbersome manual configuration. The router supports
both RIPv1 and RIPv2 versions.
Policy-Based - Policy-based routing helps to define custom policies for routing
traffic. For example, policy routes can be defined to route all HTTP traffic
through WAN1 and E-mail traffic through WAN2.
High Availability
The Load-Balancing feature is an ideal solution for businesses requiring uninterrupted,
low cost internet connectivity. With multiple Internet connections, it effectively uses the
combined bandwidth of all the internet links resulting in a significant increase in the total
available bandwidth. Also if any Internet connection goes down, uninterrupted internet
connectivity is provided utilizing the serviceable links.
With Auto Backup feature, one of the links can function as the Primary WAN Link, and
the other as the Backup Link. When the Primary Link fails, the Backup Link will become
operational and traffic will switchover to this link. And when the Primary Link becomes
serviceable, the traffic will automatically switchback to the Primary Link.
Firewall
An integrated network security provides the following features
Stateful Packet Inspection (SPI) Firewall performs deep packet inspection to filter
out unwanted packets
Real-time Intrusion Detection and Prevention System (IDS/IPS) detects intruders
or hackers trying to damage your network and denies further access to the
network by blacklisting them.
Flexible access control policies to restrict or permit traffic based on IP
Address/Port, MAC Address or Domain Name.
URL/Content filtering of web traffic based on keywords, file extensions etc.
Dlink DRO-210i User Guide 9
Product Overview
Network Address Translation (NAT)
NAT enables the router to act as an address translation agent between the Internet (public
network) and the local (or private) network. The router supports all the combinations of
NAT models like Many to Many, Many to One and One to One to provide internet access
to LAN client. And the Virtual Server (or Port Forwarding) feature enables remote access
to the Company Servers (HTTP/FTP etc) from WAN.
VoIP enables voice communication to use the same infrastructure as data in your
network; thus resulting in significant cost reductions. Session Initiation Protocol (SIP) is
widely used for VoIP calls, and does not work behind NAT. The SIP-ALG feature in the
router will ensure that SIP calls can be successfully established, even when NAT is
performed at the router. SIP-ALG overcomes the need for STUN support at VoIP end
points behind NAT.
VPN
Virtual Private Networks (VPN) feature enables secure connectivity between multiple
location offices (Gateway mode) and/or remote users (Dynamic VPN Mode). The IPSec
VPN includes strong encryption and authentication mechanisms to encapsulate data to
protect it from potential hackers. DRO Business Gateways provide high performance IPSec VPN tunneling with built-in Hardware Accelerator for DES, 3DES, AES crypto
algorithms. Apart from Gateway mode, the router also allows roaming users in Dynamic
VPN Mode, which makes it extremely useful for tele-workers and on-the-go sales force
to access data on the corporate network.
Quality of Service
The router provides sophisticated Quality of Service (QoS) algorithm to effectively use
the available WAN bandwidth. This feature allows prioritization and bandwidth
reservation with upper ceiling for each class of service and enables optimal dynamic
utilization of bandwidth while guaranteeing highest quality voice and video services.
DHCP Server
The router provides a built-in DHCP Server/Relay for assigning network settings for the
LAN clients. The DHCP Server also supports reservation of IP Addresses for specific
hosts (based on MAC address). The DHCP Relay in the router enables LAN clients to use
a DHCP Server connected to WAN Port, by relaying the DHCP messages between the
LAN and WAN subnet.
Dlink DRO-210i User Guide 10
Product Overview
Tools
The router supports various tools to manage and monitor the device.
Syslog - The Router can send the Syslog messages to the configured server to aid
in network administration.
NTP - The administrator can configure the system date and time manually. Or he
can use NTP feature to automatically synchronize the router’s time with specified
global time servers.
Configuration upload/download -This tool allows the administrator to download
the router configuration onto the local hard disk as a backup. The same
configuration can be later uploaded to restore the device to its original settings.
Firmware Upgrade – The administrator can easily upgrade the router’s firmware
whenever a new firmware release is made available. The firmware can be
upgraded from a local/remote location in a secure manner.
Secure Web-based Management
The product provides SSL-based secure, user friendly Web Pages to configure and
manage the device and the network. The router also supports Secure, Remote
Configuration of the device to enable easy remote monitoring and troubleshooting. In
addition, it provides Comprehensive Logging, Secure Local/Remote firmware upgrade,
Configuration Backup and Restoration.
The supported Web Browsers for router configuration are:
Internet Explorer Ver 6.0 +
Mozilla 5.0 (Release 1.5)
Netscape 8.0
Mozilla FireFox 1.0
Dlink DRO-210i User Guide 11
Interfaces
Web UI
2 Interfaces
The router provides the following interface ports:
LAN Ports - The router has two dedicated 10/100 Ethernet LAN ports.
DMZ Port - The router has one 10/100 Ethernet DMZ port. A DMZ port is used to
connect to the company servers (e.g. Web server, FTP Server). This port can be
optionally reconfigured as a regular LAN port.
WAN Ports - The router has two 10/100 Ethernet WAN ports. One WAN port can be
optionally reconfigured to operate as LAN Port. The WAN interface can be used to
connect to the Internet using any broadband modem. The administrator has the
following three choices for WAN connectivity:
Static: The administrator can configure a Static IP Address assigned by the ISP to
connect to the broadband network.
Dynamic: The ISP assigns an IP Address dynamically using DHCP Protocol.
PPPoE (Point to Point link over Ethernet): This option is the most common mode
of WAN connectivity. Here the ISP assigns an IP Address dynamically through
PPPoE Protocol.
The following sections explain these interfaces and their configuration in detail.
2.1 Port Configuration
Select Interface →→→→ Port Config to configure Optional Port Configuration as explained
below.
Port 1
Port 2
Port 3
Port 4
Disabled WAN2/DMZ
The administrator may have configured certain features like Static Routing, Virtual
Server Entries, QoS Entries etc. on WAN2 or DMZ Port. At a later time when Port 3 or
Caution: Do not connect LAN & WAN2 Ports or LAN & DMZ Ports to the same
switch/hub in your network.
Optional Port Configuration
This Port will always be LAN. It cannot be reconfigured.
This Port will always be LAN. It cannot be reconfigured.
This Port is LAN by default. It can be reconfigured as DMZ.
This Port is WAN2 by default. It can be reconfigured as LAN.
Dlink DRO-210i User Guide 12
Interfaces
Web UI
Port 4 is reconfigured as LAN, the entries configured on WAN2/DMZ earlier will be
displayed in dark grey color in the corresponding feature tables to indicate that these
entries are currently invalid.
Note: When Port 4 is configured as LAN, Load Balancing and Auto Backup features
get disabled as there is only one WAN interface available.
2.2 LAN Interface
The user systems can be connected to the LAN Interface. And the administrator can
configure the router using HTTPS to this LAN Interface IP Address (i.e
https://RouterLANIP). If the administrator uses http://RouterLANIP by mistake, the
router will automatically redirect the Web Browser to use https.
Select Interface →→→→ LAN to configure LAN Settings as explained below.
IP Address
Subnet Mask
Forgot LAN IP ?
In case the administrator forgets the IP given to the LAN Port, it is possible to open the
Router’s Web Page by pressing the factory default switch and the settings will be restored
back to default settings. Type https://192.168.100.254. User name is “admin” and
password is also “admin”.
Note: Default LAN Interface IP Address is 192.168.100.254.
LAN Settings
Enter the IP address of the LAN interface.
Enter the subnet mask of the LAN interface.
2.3 DMZ Interface
DMZ stands for Demilitarized Zone. The DMZ interface is typically used for connecting
servers that need to be accessible from the outside world, such as e-mail, web and DNS
servers.
Typically, connections from the DMZ are only permitted to the external network, and
hosts in the DMZ may not connect to the internal network. This allows the DMZ's hosts
to provide services to the external network while protecting the internal network in case
intruders compromise a host in the DMZ. For someone on the external network who
wants to illegally connect to the internal network, the DMZ is a dead end.
Dlink DRO-210i User Guide 13
Interfaces
Web UI
Select Interface →→→→ DMZ to configure DMZ Settings as explained below.
IP Address
Subnet Mask
To add a DMZ Server in the network, the administrator can
a) Assign Private IP Addresses to the DMZ network. And configure a One-To-One
NAT entry to map a Global IP Address to the Private DMZ Server IP Address.
Refer NAT Configuration for more details.
b) Or assign Private IP Addresses to the DMZ network. And configure a Virtual
Server entry to map a Global IP Address/Port to the Private DMZ Server IP
Address/Port. Refer Virtual Server Configuration for more details.
c) Or assign Global IP Address to the DMZ network. And add a NAT Exception (i.e
disable NAT) between WAN and DMZ.
Note: To make the private DMZ Server accessible from the internet, use One-To-One
NAT only when multiple services are hosted by a single DMZ Server. When only one
service is provided by the DMZ Server, it is preferable to use Virtual Server feature.
This would enable you to save the number of Global IP Addresses required to expose
your DMZ services.
DMZ Settings
Enter the IP address of the DMZ interface
Enter the subnet mask of the DMZ interface
2.4 WAN Interface
This Interface is used for WAN Connectivity through an ISP. Typically ISPs support 3
modes of WAN Connectivity – Static, Dynamic and PPPoE. The WAN Interface
configurations for these modes are explained in the following sections. These
configurations are explained for WAN1 interface, and the same explanation holds good
for WAN2 also.
Maximum Transmission Unit:
MTU (or Maximum Transmission Unit) is the largest sized packet that can be transmitted
through the internet. A higher MTU brings higher bandwidth efficiency. However large
packets can block up a slow interface for some time, increasing the lag on other packets.
Packets with sizes greater than the MTU will be fragmented by the router.
Caution: Follow the ISP’s advice on whether to change the default MTU value and
what to change it to.
Dlink DRO-210i User Guide 14
Interfaces
Web UI
Web UI
2.4.1 Static Mode
In this mode, the ISP allocates and provides a static Global IP Address for WAN
connectivity. The ISP will also provide information regarding the Default Gateway IP
Address to be used for this connection.
If you have purchased multiple static Global IP Addresses from the ISP, then configure
the first IP Address as the WAN Interface IP Address. And use the rest of your static IP
Addresses for Many-To-Many or One-To-One NAT Configuration.
Select Interface →→→→ WAN1 and choose IP Setting Mode as Static. Configure IP
Settings for WAN1 Interface as explained below.
IP Address
IP Settings for WAN1 Interface
Enter the IP address assigned for the WAN interface
Subnet Mask
Default Gateway
MTU
Enter the subnet mask for the IP address
Enter the default gateway address (in the same subnet).
Enter the MTU value for the WAN. Default value is 1500.
Click on Detect Link Status to configure the Ethernet WAN Link Detection Feature.
Note: The default gateway field specified here will be used by Load balancing feature
to route packets through this interface.
2.4.2 Dynamic Mode
In this mode, ISP provides the Global IP address automatically using DHCP Protocol. A
DHCP Client is built into router to support this mode of connectivity.
Select Interface →→→→ WAN1 and choose IP Setting Mode as Dynamic. Configure DHCP
Settings for WAN1 Interface as explained below.
Host Name
(optional)
DHCP Settings for WAN1 Interface
Enter the hostname assigned for the WAN interface
MAC Address
MTU
Displays the MAC address of the router’s WAN Port.
Enter the MTU value for the WAN. Default value is 1500.
Dlink DRO-210i User Guide 15
Interfaces
After entering all the information press the Apply button. The DHCP Client Status table
will now show the DHCP client status at the bottom of the page.
Click on Detect Link Status to configure the Ethernet WAN Link Detection Feature.
2.4.3 PPPoE Mode
In this mode, ISP provides the Global IP address automatically using PPPoE Protocol.
PPPoE protocol is a method of transmitting PPP packets over Ethernet network. Hence
PPPoE is an acronym for PPP over Ethernet. It provides the ability to connect multiple
hosts at a remote site through the same customer premise access device. In addition, it
provides access control, billing and type of service on a per-user, rather than a per-site,
basis.
PPP has three main components:
• A method for encapsulating datagram over serial links.
• A Link Control Protocol (LCP) for establishing, configuring, and testing the data-
link connection.
• A family of Network Control Protocols (NCP) for establishing and configuring
different network-layer protocols. PPP is designed to allow the simultaneous use
of multiple network layer protocols.
PPPoE has two distinct stages. There is a Discovery stage and a PPP Session stage.
When a Host wishes to initiate a PPPoE session, it must first perform Discovery to
identify the Ethernet MAC address of the peer and establish a PPPoE SESSION_ID.
While PPP defines a peer-to-peer relationship, Discovery is inherently a client-server
relationship. In the Discovery process, a Host (the client) discovers an Access
Concentrator (the server). Based on the network topology, there may be more than one
Access Concentrator that the Host can communicate with. The Discovery stage allows
the Host to discover all Access Concentrators and then select one. When Discovery
completes successfully, both the Host and the selected Access Concentrator have the
information they will use to build their point-to-point connection over Ethernet.
Unnumbered Interfaces:
Point-to-point links are like pipes – any traffic sent through one end will be received at
the other end. So the IP Addresses of interfaces at either end of the point-to-point link can
be of local significance. The PPPoE interface at the router can be configured as an
unnumbered interface. In this case, the unnumbered interface can borrow the LAN IP
Address, and does not require a Global IP Addresses to be assigned by the ISP.
Select Interface →→→→ WAN1 and choose IP Setting Mode as PPPoE. Configure PPPoE
Settings for WAN1 Interface as explained below.
Dlink DRO-210i User Guide 16
Interfaces
Web UI
Unnumber Interface
IP Address
User Name
Password
Authentication
Type
Service Name
(optional)
Host Name
(optional)
MTU
PPPoE Settings for WAN1 Interface
Select the option to enable unnumbered mode. When this option is not
selected the router obtains an IP address from the ISP for the PPPoE
connection. Ensure that both ends of the PPPoE link are configured as
unnumbered.
Enter the local IP address for the PPPoE connection when Unnumbered
mode is enabled. An unnumbered interface borrows the LAN IP address
by default. The administrator can edit this and configure a custom IP
address on the unnumbered interface. The subnet mask for an
unnumbered interface is always 255.255.255.255.
Enter the PPPoE username.
Enter the PPPoE password.
Select the authentication protocol (PAP, CHAP or PAP-CHAP) to be used
for authentication with the PPPoE server.
Enter the service name provided by the ISP.
Enter the host name of the PPPoE connection.
Enter the MTU allowed for the PPPoE connect (preferred value 1492).
LCP Echo
Interval (sec)
Maximum Failures
Select this option to enable/disable Link Control Protocol (LCP). This is
used to detect PPPoE Link Failures.
Enter the time interval to send LCP Echo request from PPPoE client to
PPPoE server. The minimum value of this Interval is 10 seconds and the
maximum value is 90 seconds.
Enter the number of Maximum Failures for the PPPoE connection. This is
the number of times for which LCP Echo requests from PPPoE client did
not get response from PPPoE server. After the number of failures cross
this value, the PPPoE session is disconnected. The minimum value for
failure is 2 seconds and maximum value is 10 seconds.
After entering all the information press the Apply button and the PPPoE Status is
displayed at the bottom of the screen. The administrator may Connect or Disconnect
using the appropriate button.
Caution: When NAT is enabled on an unnumbered interface, local services (such as
DNS Proxy, VPN etc) may be affected. To overcome this problem, configure one of the
Global IP addresses from the NAT pool as the unnumbered interface's IP address.
Dlink DRO-210i User Guide 17
DHCP, DNS and Time
Web UI
3 DHCP, DNS and Time
3.1 DHCP
DHCP (Dynamic Host Configuration Protocol) is a method of automatically assigning IP address, subnet mask, default gateway and DNS server IP address to hosts on the LAN. This router provides an in-built DHCP Server. In addition, a DHCP Relay is available to relay the DHCP Requests to a DHCP Server on another port.
3.1.1 DHCP Server
The DHCP server assigns and manages IP addresses from a specified address pool to
DHCP clients. When a DHCP server receives a request from a DHCP client, it returns the
configuration parameters (such as an IP address, a MAC address, a domain name, and a
lease for the IP address) to the client in a unicast message format. Because the DHCP
server maintains all the configurations parameters, an administrator only needs to update
the central DHCP Server when any configuration parameter is to be changed.
Compared to the static assignment where the client owns the address, dynamic addressing
by the DHCP server leases the address to each client for a defined period of time. During
the life cycle of the lease, the client is guaranteed to have a unique IP address that can last
for the entire period. If the client needs to renew the lease from the server it can do so
before the expiration of the lease. The client may also decide at any time that it no longer
wishes to use the IP address it was assigned, and may terminate the lease by releasing the
IP address. The administrator can configure this lease time in the DHCP server.
Note: The DHCP Server can assign up to 253 IP Addresses to the LAN Clients. For
example, if the router IP address is 192.168.100.254, the DHCP Server can assign IP
Addresses from 192.168.100.1 to 192.168.100.253. Please note that the addresses
ending in 0 and 255 are reserved for other uses.
Select Misc →→→→ DHCP →→→→ DHCP Server to configure DHCP Server as explained below.
DHCP Server Status
Starting IP address
Ending IP address
Dlink DRO-210i User Guide 18
DHCP Server
Select Enable or Disable option to activate or deactivate the DHCP Server
feature on the router (default value is Enable).
Enter the starting IP address from the range of IP address assigned to the
DHCP Server.
Enter the ending IP address from the range of IP address assigned to the
DHCP Server.
DHCP, DNS and Time
Web UI
Default Gateway
Lease Time (sec)
Auto Configuration
Domain Name
Primary DNS
Server
Secondary DNS
Server (optional)
Enter the default gateway IP address that the router will assign to the
hosts on the network.
Enter the length of time any host on the network can keep its DHCP
settings assigned by the router. If the lease expires while the host is
logged on, then that host will request for a new set of DHCP settings. The
default Lease Time is 60 seconds.
Select Enable to enable the DNS Proxy in the router (the router acts as a
DNS server). In this case, the router gets the DNS IP manually or from
ISP. When Disable is selected, the network settings entered by the
administrator will be assigned to hosts on the network. In this case the
DNS server IP addresses should be specified.
Enter a domain name the router can assign to hosts on the network. This
suffix will then be automatically added to URL requests for access to your
ISP's servers.
Enter the IP address of a DNS server on the Internet that provides the
service of converting text URLs into IP address for sites on the Internet.
Enter the IP address of a secondary DNS server that is be used when
there is a problem with the Primary DNS Server. Select the Disable
checkbox to disable Secondary DNS.
After entering all the information press the Apply button. The DHCP Client Table will
list the client hosts (to which IP addresses have been assigned) with their Host Name, IP
Address, MAC Address, and Lease Time values.
Any IP address in the DHCP server range may be assigned as a static IP to some PC in
the network. When DHCP Server tries to assign this IP address to another client, the
client will send a DECLINE message to the server. This is shown in the DHCP Client
Table as DECLINED in host name, with MAC Address of zero and lease time of one
hour.
3.1.2 DHCP Static Mapping
DHCP Static Mapping (or DHCP Reservation) is a method of assigning static IP address
to a defined MAC Address. System administrators can use this feature to configure a
static IP address for some of the systems in the LAN. These IP addresses however need
to fall within the DHCP server configured IP Address Range.
Select Misc →→→→ DHCP →→→→ Static Mapping to configure DHCP Static Mapping as
explained below.
MAC Address
Dlink DRO-210i User Guide 19
DHCP Static Mapping
Enter the MAC Address of the system.
DHCP, DNS and Time
Web UI
IP Address
Enter the IP address to be assigned to the system with the above MAC
Address.
After entering all the information press the Apply button. The entries will now be
displayed under the DHCP Static Mapping Client Table.
If the Static IP in the DHCP Reservation entry does not fall within the DHCP Server IP
Range, then it will be treated as an invalid entry. These invalid entries will be displayed
in dark grey color in the DHCP Static Mapping Client Table.
3.1.3 DHCP Relay
In DHCP implementations, the DHCP clients send requests to locate the DHCP server by
broadcast messages. Since broadcast messages are normally limited to the local network,
the DHCP server and client always need to be in the same physical network. In large
networks, a server needs to exist on every LAN, which is not economical or easy to
maintain. DHCP relay solves this problem.
A DHCP relay acts as an intermediary between the client in the local network and the
remote DHCP server. It intercepts requests from clients and relays them to the server.
The server then responds back to the relay, which then forwards the response back to the
client.
This relay-agent functionality is most conveniently located in the router which
interconnects the clients and servers, but may alternatively be located in a host which is
directly connected to the client subnet.
Caution: Both DHCP Server and DHCP Relay cannot be enabled in the router
simultaneously. When DHCP Relay is enabled, the Server will be disabled
automatically. And when DHCP Server is enabled, the Relay will be disabled.
Select Misc →→→→ DHCP →→→→ DHCP Relay to configure DHCP Relay as explained below.
Relay-Status
DHCP Server IP
Dlink DRO-210i User Guide 20
DHCP Relay
Select Enable or Disable to activate or deactivate the DHCP Relay.
Enter the IP address of the DHCP Server from which LAN clients will get
their IP address.
DHCP, DNS and Time
Web UI
Note: In Relay mode, the DHCP server may unicast the DHCP ACK message to the
DHCP Client. So proper routes should be configured at the server to enable it to
reach the DHCP Client subnet.
3.2 DNS Proxy
DNS (Domain Name System) is the protocol used to translate Domain Names to IP
Addresses. DNS is an essential component of internet use, since it allows you to attach
easy-to-remember domain names (such as www.dlink.com) to hard-to-remember IP
Addresses. The DNS Servers maintain the database of Domain Name to IP Address
mappings. All user systems (PCs) contain a DNS Client which communicates with the
DNS Server to resolve any Domain Name.
With multiple WAN links, each ISP may provide a different set of DNS Servers to be
used. And it is a cumbersome task to configure all the user PCs with the correct DNS
Server IP Addresses. This problem can be overcome with the use of router’s DNS Proxy
feature. Here, the router’s LAN IP Address can be configured as the DNS server at all the
end user systems. The router acts as a DNS Proxy, and communicates with the DNS
Servers to resolve the domain names on behalf of the user systems.
Select Misc →→→→ DNS Proxy to configure DNS Proxy Settings as explained below.
DNS Server IP
Interface
After entering all the information press the Apply button. The DNS server configuration
entries will show up in a table at the bottom of the page. To delete any entry press the
Delete button next to the entry.
Note: In the DHCP Server Setting page, Enable the Auto Configuration for
computers on the user's network to use the DNS Proxy.
DNS Proxy Settings
Enter the IP address of the DNS Server provided by the ISP.
Select the Interface corresponding to the DNS Server IP address entered.
If two or more interfaces have the same DNS Server, select the interface
type as DEFAULT. The interface with DEFAULT type will have the
highest priority.
Dlink DRO-210i User Guide 21
DHCP, DNS and Time
Web UI
3.3 Time
The system date and time of the router can be configured via this option. The system date
and time can be configured manually, or it can be obtained automatically from a global
time server using NTP.
NTP is designed to synchronize the time on a network of machines. NTP runs over the
User Datagram Protocol (UDP), using port 123 as both the source and destination port.
NTP Version 3 RFC 1305 is used to synchronize timekeeping among a set of distributed
time servers and clients.
An NTP network usually gets its time from an authoritative time source, such as a radio
clock or an atomic clock attached to a time server. NTP Protocol is then used to distribute
this time across the network. An NTP client makes a transaction with its server over its
polling interval (from 64 to 1024 seconds) which dynamically changes over time
depending on the network conditions between the NTP server and the client.
The list of public NTP servers is available at http://www.ntp.org.
Select Misc →→→→ Time to configure System Time Settings as explained below.
System Date Time
Time Zone
Time Set Type
SNTP Settings
Set Type
IP address
Domain Name
Manual Settings
YYYY-MM-DD
HH-MM-SS
System Time Settings
The current date and time at the router.
Select the appropriate time zone that can be used to set the system time.
Administrator can select any one of the time zone to which he belongs.
Select either MANUAL or SNTP setting.
Select either IP address or Domain Name to be used for SNTP Setting.
The IP address of the NTP Server.
The domain name of the NTP Server e.g. ntp1.dlink.com.
Manually set the current year, month and date.
Manually set the hour, minute and seconds.
Dlink DRO-210i User Guide 22
Routing
4 Routing
Routing determines how to transport packets from the initiating host to the receiving host.
The packet needs to determine a path through which it can travel from the sender to the
receiver. The Routing Table in a router provides such a map to all packets. Each entry (or
route) in the routing table indicates the destination address of the packet, where the next
hop (or gateway) should be, which interface of the router the packet should go out to
reach the destination, and hence provides a path selection. When a packet arrives at a
router, it looks up the routing table to decide which path to take next. The router
compares the destination address of the packet with the entries in the routing table, and
finds out the associated interface and next hop from the matching route to forward the
packet.
As the networks grow large and complex, the entire domain of routing can be divided
into sub areas to provide better functionality and control. This routing hierarchy divides
all the routers in the network into administrative regions called the Autonomous System
(AS). Routers inside AS (i.e. intra-AS routers) run the same routing algorithm and only
need to know the topology of their network. RIP and OSPF are examples of intra-AS
routing algorithms. These algorithms are also referred to as Interior Gateway Routing
Protocols. This router supports RIP routing algorithm.
In the internetworking environment there are typically more than one path connecting the
two end hosts. The dynamic routing algorithm selects the “best” path that has the “least
cost” for transporting. RIP uses Path Length routing metric to determine the best path.
Path length is the sum of the costs associated with each link. Path Length is commonly
known as the hop count, or the number of routing devices (i.e. routers) that a packet takes
to travel from the source to its destination. The cost of a link may be determined based on
the below parameters:
• Bandwidth – Bandwidth is the traffic capacity of a path, rated by “Mbps”.
• Load – Load refers to the usage of a router. The usage can be evaluated by CPU
utilization and the throughput.
• Delay – Delay is the time it takes to move a packet from the source to the destination.
The time depends on many factors, such as the bandwidth, load, and the length of the
path.
In case of a device or a link failure, the router looses its “best” route (associated with that
link) and relies on the routing algorithm to select the next best route available in the
routing table. This is a continuous process to keep the internetworking functional and
help the router select the correct path at all times.
Dlink DRO-210i User Guide 23
Routing
Web UI
4.1 Static Routing
When Static Routing is selected as the routing algorithm, the network administrator needs
to manually configure all routes on the router. Any change in the network configuration
would require the administrator to update the information in all affected routers. This can
be a cumbersome task and lead to errors in case of large and complicated networks.
Hence Static routing is typically used for very small networks.
Select Routing →→→→ Static to configure Static Routing as explained below.
Interface Name
Destination
Network IP address
Subnet Mask
Gateway IP address
(optional)
Static Routing
Select the interface name (e.g. LAN, WAN1, WAN2) on which route is to
be added.
Enter the destination network IP address for which route is to be added.
Enter the subnet mask for the destination network IP address.
Enter the Gateway IP address for the route.
After entering all the information press the Apply button. The routes entered will now be
displayed under the Route Entries table. To delete a specific route press the Delete
button next to the specific route entry. In the table, entries with yellow color are active
routes (i.e. the corresponding interface is UP). The entries with grey color are inactive
routes (i.e. the corresponding interface is DOWN).
Click on View Active Routes, to view the Routing Table with the active routes.
Note: The Gateway IP Address for a static route should be disabled only in case of
PPPoE WAN Link. In all other cases, the Gateway IP Address is mandatory to ensure
proper ARP Resolution.
4.2 Dynamic Routing
Unlike Static routing, Dynamic routing adapts to changes in the network topology. It
automatically learns the routes from all the neighboring routers, selects the most suitable
route to a destination and then spreads the routing information through periodic updates
to all the other routers in the network. The routing updates due to device or link down (or
up) are sent immediately to all routers in the network. The administrator does not need to
manually update any information. There are also mechanisms of self-correction to avoid
Dlink DRO-210i User Guide 24
Loading...