D-link DSR-500, DSR-1000N, DSR-250N, DSR-150N, DSR-250 User Manual

...

0 (0)

Building Networks for People

Unified Services Router

User Manual

DSR-150 / 150N / 250 / 250N / 500 / 500N / 1000 / 1000N

Ver. 1.05

Small Business Gateway Solution

User Manual

Unified Services Router

D-Link Corporation

http://www.dlink.com

Unified Services Router User Manual

User Manual

DSR-150 / 150N /250 / 250N / DSR-500 / 500N / 1000 / 1000N

Unified Services Router

Version 1.05

Th is p u b licat io n , in clu d in g all p h o t o g rap h s , illu s t rat io n s an d s o ft ware, is p ro t ect ed		u n d er
in t ern at io n al co p y rig h t laws , wit h all rig h t s	res erv ed . Neit h er t h is man u al, n o r an y	o f t h e
mat erial co n t ain ed h erein , may b e rep ro d u ced	wit h o u t writ t en co n s en t o f t h e au t h o r.

Disclaimer

Th e in fo rmat io n in t h is d o cumen t is s ubject t o ch ange wit h o ut n o tice . Th e man u fact u rer makes n o rep res ent at ions o r warran t ies wit h res p ect t o t h e co n t en t s h ereo f an d s p ecifically d is claim an y imp lied warran t ies o f merch an t ab ilit y o r fit n es s fo r an y p art icu lar p u rp o s e . Th e man u fact u rer res erv es t h e rig h t t o rev is e t h is p u b licat io n an d t o make ch an g es fro m t ime t o t ime in t h e co n t ent h ereof wit h o ut o b lig at ion o f t h e man u factu rer t o n o t ify an y p ers o n o f s u ch rev is io n o r ch an g es .

Limitations of Liability

UNDER NO CIRCUM STA NCES SHA LL D -LINK OR ITS SUPPLIERS BE LIA BLE FOR DA M A GES OF A NY CHA RA CTER (E.G. DA M A GES FOR LOSS OF PROFIT, SOFTW A RE RESTORA TION, W ORK STOPPA GE, LOSS OF SA VED DA TA OR A NY OTHER COM M ERCIA L DA M A GES OR LOSSES) RESULTING FROM THE A PPLICA TION OR IM PROPER USE OF THE D -LINK PRODUCT OR FA ILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORM ED OF THE POSSIBILITY OF SUCH DA M A GES. FURTHERM ORE, D- LINK W ILL NOT BE LIA BLE FOR THIRD -PA RTY CLA IM S A GA INST CUSTOM ER FOR LOSSES OR DA M A GES. D-LINK W ILL IN NO EVENT BE LIA BLE FOR A NY DA M A GES IN EXCESS OF THE A M OUNT D -LINK RECEIVED FROM THE END -USER FOR THE PRODUCT.

Unified Services Router User Manual

Table of Contents

Chapter	1.	Introduction..........................................................................................................................................		11
		1.1	About this User Manual ....................................................................................................	12
		1.2	Typographical Conventions .............................................................................................	12
Chapter	2.	Configuring Your Network: LAN Setup ......................................................................................		13
		2.1	LAN Configuration ..............................................................................................................	13
		2.1.1	LAN DHCP Reserved IPs ................................................................................................	16
		2.1.2	LAN DHCP Leas ed Clients..............................................................................................	17
		2.1.3	LAN Configuration in an IPv6 Network ........................................................................	18
		2.1.4	Configuring IPv6 Router Advertisements ...................................................................	21
		2.2	VLAN Configuration ...........................................................................................................	23
		2.2.1	Associating VLANs to ports .............................................................................................	24
		2.2.2	Multiple VLAN Subnets .....................................................................................................	26
		2.2.3	VLAN configuration ............................................................................................................	27
		2.3	Configurable Port: DMZ Setup .......................................................................................	28
		2.4	Universal Plug and Play (UPnP)....................................................................................	29
		2.5	Captive Portal .......................................................................................................................	31
		2.6	Captive portal setup ...........................................................................................................	32
Chapter	3.	Connecting to the Internet: WAN Setup ....................................................................................		35
		3.1	Internet Setup Wizard........................................................................................................	35
		3.2	WAN Configuration.............................................................................................................	36
		3.2.1	WAN Port IP address ........................................................................................................	37
		3.2.2	WAN DNS Servers .............................................................................................................	37
		3.2.3	DHCP WAN ..........................................................................................................................	37
		3.2.4	PPPoE ....................................................................................................................................	38
		3.2.5	Russia L2TP and PPTP WAN ........................................................................................	41
		3.2.6	Russia Dual Access PPPoE............................................................................................	42
		3.2.7	WAN Configuration in an IPv6 Network ......................................................................	43
		3.2.8	Checking WAN Status.......................................................................................................	45
		3.3	Bandwidth Controls ............................................................................................................	47
		3.4	Features with Multiple WAN Links ................................................................................	49
		3.4.1	Auto Failover ........................................................................................................................	49
		3.4.2	Load Balancing ....................................................................................................................	50
		3.4.3	Protocol Bindings ................................................................................................................	52
		3.5	Routing Configuration........................................................................................................	53
		3.5.1	Routing Mode .......................................................................................................................	53
		3.5.2	Dynamic Routing (RIP) .....................................................................................................	56
		3.5.3	Static Routing .......................................................................................................................	57
		3.5.4	OSPFv2 ..................................................................................................................................	58
		3.5.5	OSPFv3 ..................................................................................................................................	60
		3.5.6	6to4 Tunneling .....................................................................................................................	62
		3.5.7	ISATAP Tunnels ..................................................................................................................	63
		3.6	Configurable Port - WAN Option ...................................................................................	64
		3.7	WAN 3 (3G) Configuration...............................................................................................	64
		3.8	WAN Port Settings..............................................................................................................	66

Unified Services Router				User Manual
Chapter	4.	Wireless Access Point Setup ........................................................................................................		68
		4.1	Wireless Settings Wizard .................................................................................................	68
		4.1.1	Wireless Network Setup Wizard ....................................................................................	69
		4.1.2	Add Wireless Device with WPS .....................................................................................	69
		4.1.3	Manual Wireless Network Setup ...................................................................................	70
		4.2	Wireless Profiles..................................................................................................................	70
		4.2.1	WEP Security .......................................................................................................................	71
		4.2.2	WPA or WPA2 with PSK ..................................................................................................	73
		4.2.3	RADIUS Authentication ....................................................................................................	73
		4.3	Creating and Using Access Points ...............................................................................	75
		4.3.1	Primary benefits of Virtual APs: .....................................................................................	77
		4.4	Tuning Radio Specific Settings ......................................................................................	78
		4.5	WMM.......................................................................................................................................	79
		4.6	Wireless distribution system (WDS) .............................................................................	80
		4.7	Advanced Wireless Settings ...........................................................................................	81
		4.8	Wi-Fi Protected Setup (WPS).........................................................................................	82
Chapter	5.	Securing the Private Network .......................................................................................................		85
		5.1	Firewall Rules .......................................................................................................................	85
		5.2	Defining Rule Schedules ..................................................................................................	86
		5.3	Configuring Firewall Rules ...............................................................................................	87
		5.4	Configuring IPv6 Firewall Rules .....................................................................................	92
		5.4.1	Firewall Rule Configuration Examples.........................................................................	93
		5.5	Security on Custom Servic es..........................................................................................	97
		5.6	ALG support ..........................................................................................................................	99
		5.7	VPN Passthrough for Firewall ......................................................................................	100
		5.8	Application Rules ..............................................................................................................	101
		5.9	Web Content Filtering......................................................................................................	102
		5.9.1	Content Filtering ................................................................................................................	102
		5.9.2	Approved URLs .................................................................................................................	103
		5.9.3	Blocked Keywords ............................................................................................................	104
		5.9.4	Export Web Filter ..............................................................................................................	105
		5.10	IP/MAC Binding .................................................................................................................	106
		5.11	Intrusion Prevention (IPS)..............................................................................................	107
		5.12	Protecting from Internet Attacks ..................................................................................	108
Chapter	6.	IPsec / PPTP / L2TP VPN ............................................................................................................		111
		6.1	VPN Wizard ........................................................................................................................	113
		6.2	Configuring IPsec Policies .............................................................................................	115
		6.2.1	Extended Authentication (XAUTH) .............................................................................	119
		6.2.2	Internet over IPSec tunnel .............................................................................................	120
		6.3	Configuring VPN clients ..................................................................................................	120
		6.4	PPTP / L2TP Tunnels ......................................................................................................	120
		6.4.1	PPTP Tunnel Support .....................................................................................................	120
		6.4.2	L2TP Tunnel Support ......................................................................................................	122
		6.4.3	OpenVPN Support ............................................................................................................	123
		6.4.4	OpenVPN Remote Network ..........................................................................................	125
		6.4.5	OpenVPN Authentication ...............................................................................................	126

Unified Services Router				User Manual
Chapter	7.	SSL VPN ............................................................................................................................................		129
		7.1	Groups and Users.............................................................................................................	131
		7.1.1	Users and Passwords .....................................................................................................	137
		7.2	Using SSL VPN Policies .................................................................................................	138
		7.2.1	Using Network Res ourc es .............................................................................................	141
		7.3	Application Port Forwarding ..........................................................................................	142
		7.4	SSL VPN Client Configuration......................................................................................	144
		7.5	User Portal ..........................................................................................................................	147
		7.5.1	Creating Portal Layouts ..................................................................................................	147
Chapter	8.	Advanced Configuration Tools ...................................................................................................		150
		8.1	USB Device Setup ............................................................................................................	150
		8.2	USB share port ..................................................................................................................	151
		8.3	SMS service........................................................................................................................	153
		8.4	Authentication Certificates .............................................................................................	154
		8.5	Advanced Switch Configuration ...................................................................................	156
Chapter	9.	Administration & Management ...................................................................................................		157
		9.1	Configuration Access Control .......................................................................................	157
		9.1.1	Admin Settings ...................................................................................................................	157
		9.1.2	Remote Management ......................................................................................................	158
		9.1.3	CLI Access ..........................................................................................................................	159
		9.2	SNMP Configuration ........................................................................................................	159
		9.3	Configuring Time Zone and NTP .................................................................................	161
		9.4	Log Configuration..............................................................................................................	162
		9.4.1	Defining What to Log .......................................................................................................	162
		9.4.2	Sending Logs to E-mail or Syslog ...............................................................................	167
		9.4.3	Event Log Viewer in GUI ................................................................................................	169
		9.5	Backing up and Restoring Configuration Settings .................................................	170
		9.6	Upgrading Router Firmware..........................................................................................	171
		9.7	Upgrading Router Firmware via USB.........................................................................	172
		9.8	Dynamic DNS Setup ........................................................................................................	173
		9.9	Using Diagnostic Tools ...................................................................................................	174
		9.9.1	Ping........................................................................................................................................	175
		9.9.2	Trace Route ........................................................................................................................	175
		9.9.3	DNS Lookup .......................................................................................................................	176
		9.9.4	Router Options ...................................................................................................................	176
		9.10	Localization .........................................................................................................................	177
Chapter	10.	Router Status and Statistics........................................................................................................		178
		10.1	System Overview ..............................................................................................................	178
		10.1.1	Device Status .....................................................................................................................	178
		10.1.2	Resource Utilization .........................................................................................................	180
		10.2	Traffic Statistics .................................................................................................................	183
		10.2.1	Wired Port Statistics.........................................................................................................	183
		10.2.2	Wireless Statistics.............................................................................................................	184
		10.3	Active Connections...........................................................................................................	185
		10.3.1	Sessions through the Router ........................................................................................	185

Unified Services Router				User Manual
		10.3.2	Wireless Clients .................................................................................................................	187
		10.3.3	LAN Clients .........................................................................................................................	187
		10.3.4	Active VPN Tunnels .........................................................................................................	188
Chapter	11.	Trouble Shooting .............................................................................................................................		190
		11.1	Internet connection ...........................................................................................................	190
		11.2	Date and time .....................................................................................................................	192
		11.3	Pinging to Test LAN Connectivity................................................................................	192
		11.3.1	Testing the LAN path from your PC to your router ................................................	192
		11.3.2	Testing the LAN path from your PC to a remote device ......................................	193
		11.4	Restoring factory-default configuration settings .....................................................	194
Chapter	12.	Credits	.................................................................................................................................................	195
Appendix A.		Glossary .............................................................................................................................................		196
Appendix B.		Factory Default Settings................................................................................................................		199
Appendix C.		Standard Services Available for Port Forwarding & Firewall Configuration		................ 200
Appendix D.		Log Output Reference ...................................................................................................................		201
Appendix E.		RJ-45 Pin-outs..................................................................................................................................		255
Appendix F.		Product Statement ..........................................................................................................................		256

Unified Services Router	User Manual
List of Figures
Figure 1: Setup page for LAN TCP/IP settings .................................................................................................	15
Figure 2: LAN DHCP Reserved IPs .....................................................................................................................	17
Figure 3: LAN DHCP Leased Clients ...................................................................................................................	18
Figure 4: IPv6 LAN and DHCPv6 configuration ...............................................................................................	19
Figure 5: Configuring the Router Advertisement Daemon ...........................................................................	22
Figure 6: IPv6 Advertisement Prefix settings ....................................................................................................	23
Figure 7: Adding VLAN memberships to the LAN ...........................................................................................	24
Figure 8: Port VLAN list ............................................................................................................................................	25
Figure 9: Configuring VLAN membership for a port........................................................................................	26
Figure 10: Multiple VLAN Subnets........................................................................................................................	27
Figure 11: VLAN Configuration ..............................................................................................................................	28
Figure 12: DMZ configuration .................................................................................................................................	29
Figure 13: UPnP Configuration ..............................................................................................................................	30
Figure 14: Active Runtime sessions .....................................................................................................................	32
Figure 15: Captive Portal Setup.............................................................................................................................	33
Figure 16: Customized Captive Portal Setup ....................................................................................................	34
Figure 17: Internet Connection Setup Wizard ...................................................................................................	35
Figure 18: Manual WAN configuration .................................................................................................................	38
Figure 19: PPPoE configuration for standard ISPs .........................................................................................	39
Figure 20: WAN configuration for Japanese Multiple PPPoE (part 1) ......................................................	40
Figure 21: WAN configuration for Multiple PPPoE (part 2) ..........................................................................	41
Figure 22: Russia L2TP ISP configuration .........................................................................................................	42
Figure 23: Russia Dual access PPPoE configuration ....................................................................................	43
Figure 24: IPv6 WAN Setup page .........................................................................................................................	44
Figure 25: Connection Status information for both WAN ports ...................................................................	46
Figure 26: List of Configured Bandwidth Profiles ............................................................................................	47
Figure 27: Bandwidth Profile Configuration page ............................................................................................	48
Figure 28: Traffic Selector Configuration ............................................................................................................	49
Figure 29: Load Balancing is available when multiple WAN ports are configured and Protocol
Bindings have been defined ...............................................................................................................	52
Figure 30: Protocol binding setup to associate a service and/or LAN source to a WAN and/or
destination network ................................................................................................................................	53
Figure 31: Routing Mode is used to configure traffic routing between WAN and LAN, as well as
Dynamic routing (RIP) ..........................................................................................................................	55
Figure 32: Static route configuration fields.........................................................................................................	58

Unified Services Router	User Manual
Figure 33: OSPFv2 configured parameters .......................................................................................................		59
Figure 34: OSPFv2 configuration ..........................................................................................................................		60
Figure 35: OSPFv3 configured parameters .......................................................................................................		61
Figure 36: OSPFv3 configuration ..........................................................................................................................		62
Figure 37: 6 to 4 tunneling .......................................................................................................................................		63
Figure 38: ISATAP Tunnels Configuration .........................................................................................................		64
Figure 39: WAN3 configuration for 3G internet ................................................................................................		66
Figure 40: Physical WAN port settings ................................................................................................................		67
Figure 41: Wireless Network Setup Wizards .....................................................................................................		69
Figure 42: List of Available Profiles shows the options available to secure the wireless link ..........		71
Figure 43: Profile configuration to set network security .................................................................................		73
Figure 44: RADIUS server (External Authentication) configuration ..........................................................		75
Figure 45: Virtual AP configuration .......................................................................................................................		76
Figure 46: List of configured access points (Virtual APs) shows one enabled access point on the
radio, broadcasting its SSID ...............................................................................................................		77
Figure 47: Radio card configuration options ......................................................................................................		78
Figure 48: Wi-Fi Multimedia ....................................................................................................................................		79
Figure 49: Wireless Distribution System .............................................................................................................		80
Figure 50: Advanced Wireless communication settings ................................................................................		82
Figure 51: WPS configuration for an AP with WPA/WPA2 profile .............................................................		83
Figure 52: List of Available Firewall Rules .........................................................................................................		86
Figure 53: List of Available Schedules to bind to a firewall rule .................................................................		87
Figure 54: Example where an outbound SNAT rule is used to map an external IP address
(209.156.200.225) to a private DMZ IP address (10.30.30.30) .............................................		90
Figure 55: The firewall rule configuration page allows you to define the To/From zone, service,
action, schedules, and specify source/destination IP addresses as needed. ...................		91
Figure 56: The IPv6 firewall rule configuration page allows you to define the To/From zone,
service, action, schedules, and specify source/destination IP addresses as needed. ..		92
Figure 57: List of Available IPv6 Firewall Rules ...............................................................................................		93
Figure 58: Schedule configuration for the above example. ..........................................................................		96
Figure 59: List of us er defined services. .............................................................................................................		98
Figure 60: Custom Services configuration .........................................................................................................		98
Figure 61: Available ALG support on the router. ...........................................................................................		100
Figure 62: Passthrough options for VPN tunnels ..........................................................................................		101
Figure 63: List of Available Application Rules showing 4 unique rules ..................................................		102
Figure 64: Content Filtering used to block access to proxy servers and prevent	ActiveX controls
from being downloaded......................................................................................................................		103

Unified Services Router	User Manual
Figure 65: Two trusted domains added to the Approved URLs List .......................................................		104
Figure 66: One keyword added to the block list.............................................................................................		105
Figure 67: Export Approved URL list .................................................................................................................		106
Figure 68: The following example binds a LAN host’s MAC Address to a
DSR. If there is an IP/MAC Binding violation, the violating	packet will be dropped and
logs will be captured............................................................................................................................		107
Figure 69: Intrusion Prevention features on the router ................................................................................		108
Figure 70: Protecting the router and LAN from internet attacks ...............................................................		109
Figure 71: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected
to the Internet.........................................................................................................................................		111
Figure 72: Example of three IPsec client connections to the internal network through the DSR
IPsec gateway .......................................................................................................................................		112
Figure 73: VPN Wizard launch screen ..............................................................................................................		113
Figure 74: IPsec policy configuration .................................................................................................................		116
Figure 75: IPsec policy configuration continued (Auto policy via IKE) ...................................................		117
Figure 76: IPsec policy configuration continued (Auto / Manual Phas e 2) ...........................................		119
Figure 77: PPTP tunnel configuration – PPTP Client...................................................................................		121
Figure 78: PPTP VPN connection status..........................................................................................................		121
Figure 79: PPTP tunnel configuration – PPTP Server .................................................................................		122
Figure 80: L2TP tunnel configuration – L2TP Server...................................................................................		123
Figure 81: OpenVPN configuration .....................................................................................................................		125
Figure 82: OpenVPN Remote Network .............................................................................................................		126
Figure 83: OpenVPN Authentication ..................................................................................................................		127
Figure 84: Example of clientless SSL VPN connections to the DSR ......................................................		130
Figure 85: List of groups .........................................................................................................................................		131
Figure 86: User group configuration ...................................................................................................................		132
Figure 87: SSLVPN Settings.................................................................................................................................		133
Figure 88: Group login policies options .............................................................................................................		134
Figure 89: Browser policies options ...................................................................................................................		135
Figure 90: IP policies options................................................................................................................................		136
Figure 91: Available Users with login status and associated Group .......................................................		137
Figure 92: User configuration options ................................................................................................................		138
Figure 93: List of SSL VPN polices (Global filter) ..........................................................................................		139
Figure 94: SSL VPN policy configuration .........................................................................................................		140
Figure 95: List of configured resources, which are available to assign to SSL VPN policies ........		142
Figure 96: List of Available Applications for SSL Port Forwarding ..........................................................		144
Figure 97: SSL VPN client adapter and access configuration ..................................................................		145

Unified Services Router	User Manual
Figure 98: Configured client routes only apply in split tunnel mode........................................................	146
Figure 99: List of configured SSL VPN portals. The configured portal can then be associated with
an authentication domain ..................................................................................................................	147
Figure 100: SSL VPN Portal configuration .......................................................................................................	149
Figure 101: USB Device Detection .....................................................................................................................	151
Figure 102: USB SharePort...................................................................................................................................	152
Figure 103: SMS Service –Send SMS .............................................................................................................	153
Figure 104: SMS Service – Receive SMS .......................................................................................................	154
Figure 105: Certificate summary for IPsec and HTTPS management ...................................................	155
Figure 106: Advanced Switch Settings..............................................................................................................	156
Figure 107: User Login policy configuration ....................................................................................................	157
Figure 108: Admin Settings ...................................................................................................................................	158
Figure 109: Remote Management from the WAN .........................................................................................	159
Figure 110: SNMP Users, Traps, and Access Control ................................................................................	160
Figure 111: SNMP system information for this router ..................................................................................	161
Figure 112: Date, Time, and NTP server setup .............................................................................................	162
Figure 113: Facility settings for Logging ...........................................................................................................	164
Figure 114: Log configuration options for traffic through router ................................................................	166
Figure 115: IPv6 Log configuration options for traffic through router .....................................................	167
Figure 116: E-mail configuration as a Remote Logging option .................................................................	168
Figure 117: Syslog server configuration for Remote Logging (continued)............................................	169
Figure 118: VPN logs displayed in GUI event viewer ..................................................................................	170
Figure 119: Restoring configuration from a saved file will result in the current configuration being
overwritten and a reboot ....................................................................................................................	171
Figure 120: Firmware version information and upgrade option ................................................................	172
Figure 121: Firmware upgrade and configuration restore/backup via USB ..........................................	173
Figure 122: Dynamic DNS configuration ..........................................................................................................	174
Figure 123: Router diagnostics tools available in the GUI .........................................................................	175
Figure 124: Sample trace route output ..............................................................................................................	176
Figure 125: Localization .........................................................................................................................................	177
Figure 126: Device Status display ......................................................................................................................	179
Figure 127: Device Status display (continued) ...............................................................................................	180
Figure 128: Resource Utilization statistics.......................................................................................................	181
Figure 129: Resource Utilization data (continued) ........................................................................................	182
Figure 130: Resource Utilization data (continued) ........................................................................................	183
Figure 131: Physical port statistics .....................................................................................................................	184

Unified Services Router	User Manual
Figure 132: AP specific statistics.........................................................................................................................	185
Figure 133: List of current Active Firewall Sessions .....................................................................................	186
Figure 134: List of connected 802.11 clients per AP ....................................................................................	187
Figure 135: List of LAN hosts ...............................................................................................................................	188
Figure 136: List of current Active VPN Sessions ...........................................................................................	189

Unified Services Router User Manual

Chapter 1. Introduction

D-Lin k Un ified Serv ices Ro u t ers o ffer a s ecu re, h ig h p erforman ce n et wo rkin g s o lu t io n t o ad d ress t h e g rowin g n eed s o f s mall an d med iu m b u s in es s es . In t eg rat ed h ig h -s p eed

IEEE 802.11n	an d 3G	wireles s		t ech n o lo g ies	o ffer co mp arab le p erfo rman ce t o
t rad it io n al wired n et wo rks ,			b u t	wit h fewer limit at io n s . Op t imal n et wo rk s ecu rit y is
p ro v id ed v ia	feat u res	s u ch	as	v irt u al p riv at e	n et wo rk (VPN) t u n n els , IP Secu rit y

(IPs ec ), Po in t -t o -Poin t Tu n nelin g Pro t ocol (PPTP), Lay er 2 Tu n n elin g Pro t ocol (L2TP), an d Secu re So cket s Lay er (SSL). Emp o wer y o u r ro ad warrio rs wit h clien t les s remo t e acces s an y wh ere an d an y t ime u s in g SSL VPN t u n n els .

W it h t h e D-Lin k Un ified Serv ices Ro u t er y o u are ab le t o exp erien ce a d iv ers e s et o f b en efit s :

Co mp reh en s iv e M an ag emen t Cap ab ilit ies

Th e DSR-500, DSR-500N, DSR-1000 an d DSR-1000N in clu d e d u al-W A N

Gig ab it Et h ern et wh ich p ro v id es	p o licy -b as ed s erv ice man ag emen t en s u rin g
maximu m p ro d u ct iv it y fo r y o u r	b u s in es s o p erat io n s . Th e failo v er feat u re

main t ain s d at a t raffic wit h o ut d is conn ectin g wh en a lan d lin e co nnect io n is lo s t . Th e Ou t b o u nd Lo ad Balan cin g featu re ad ju sts o u tgo ing t raffic acro ss t wo W AN in t erfaces and o pt imizes t h e s ystem p erfo rman ce res u lt in g in h ig h av ailab ilit y . Th e s eco nd W AN p o rt can b e co n figu red as a DM Z p o rt allo win g y o u t o is o late s erv ers fro m y o u r LA N.

 DSR-150/ 150N/ 250 / 250N h av e a s in g le W A N in t erface, an d t h u s it d o es n o t s u p p o rt A u t o Failo v er an d Lo ad Balan cin g s cen ario s .

Su p erio r W ireles s Perfo rman ce

Des ig n ed t o d eliv er s u p erio r wireles s p erfo rman ce, t h e DSR -500N an d DSR1000N in clu d e 802.11 a/ b / g / n, allo win g fo r o p erat io n o n eit h er t h e 2.4 GHz o r 5 GHz rad io b an d s . M u lt ip le In M u lt ip le Ou t (M IM O) t ech n o lo g y allo ws t h e DSR-500N an d DSR-1000N t o p ro v id e h ig h d at a rat es wit h min imal “d ead s p o t s ” t h ro u g h o u t t h e wireles s co v erag e area .

 DSR-150N, 250N an d DSR-500N s u p p o rt s t h e 2.4GHz rad io b an d o n ly .

Flexib le Dep lo y men t Op t io n s

Th e DSR-1000 / 1000N s u p p o rt s Th ird Gen erat io n (3G) Net wo rks v ia an ext en d ab le USB 3G d o n g le . Th is 3G n et wo rk cap ab ilit y o ffers an ad d it io n al s ecu re d at a co n n ect io n fo r n et wo rks t h at p ro v id e crit ical s erv ices . Th e DSR - 1000N can b e co n fig u red t o au t o mat ically s wit ch t o a 3G n et wo rk wh en ev er a p h y s ical lin k is lo s t .

Ro b u s t VPN feat u res

A fu lly feat u red v irt u al p riv at e n et wo rk (VPN) p ro v id es y o u r mo b ile wo rkers

an d b ran ch o ffices	wit h a s ecu re lin k t o y o u r n et wo rk.	Th e DSR-
150/ 150N/ 250/ 250N,	DSR-500/ 500N an d DSR-1000 / 1000N are	cap ab le o f

s imu lt an eo usly man ag in g 5, 5, 10, 20 Secu re So cket s Lay er (SSL) VPN t u n n els res p ectiv ely , emp o werin g y o u r mo b ile u s ers b y p ro v id in g remo t e acces s t o a

Unified Services Router				User Manual
cen t ral co rp o rat e d at ab as e . Sit e -t o -s it e VPN t u n n els		u s e IP Secu rit y ( IPs ec )
Pro t o co l, Po in t -t o -Po in t Tu n n elin g	Pro t o co l (PPTP),	o r	Lay er 2	Tu n n elin g
Pro t o co l (L2TP) t o facilit at e b ran ch	o ffice co n n ect iv it y		t h ro u g h	en cry p t ed

v irt u al lin ks . Th e DSR-150/ 150N, DSR-250/ 250N, DSR-500/ 500N an d DSR1000/ 1000N s u p p o rt 10, 25, 35 an d 75 s imu lt an eo u s IPSec VPN t u n n els res p ect iv ely .

Efficien t D-Lin k Green Tech n o lo g y

A s a co n cern ed memb er o f t h e	g lo b al co mmu n it y , D -Lin k	is d ev o t ed t o
p ro v id in g eco -frien d ly p ro d u ct s .	D-Lin k Green W iFi an d	D-Lin k Green

Et h ern et s av e p o wer an d p rev en t was t e . Th e D -Lin k Green W LA N s ch ed u ler red u ces wireles s p o wer au t o mat ically d u rin g o ff-p eak h o u rs . Likewis e t h e D - Lin k Green Et h ern et p ro gram ad ju s ts p o wer u s ag e b ased o n t h e d et ect ed cab le len g t h an d lin k s t at u s . In ad d it io n , co mp lian ce wit h Ro HS (Res t rict io n o f Hazard o u s Su b stances) an d W EEE (W as t e Elect rical an d Elect ro ni c Eq u ip ment) d irect iv es make D-Lin k Green cert ified d ev ices t h e en viro nmen tally res ponsible ch o ice .

Su p p o rt fo r t h e 3G wireles s W A N USB d o n g le is o n ly av ailab le fo r DSR-1000 an d DSR-1000N.

1.1About this User Manual

Th is	d o cu men t is a h ig h lev el man u al t o allo w n ew D-Lin k Un ified Serv ices Ro u t er
u s ers	t o co n fig u re co n n ect iv it y , s et u p VPN t u n n els , es t ab lis h firewall ru les an d
p erfo rm g en eral ad min is t rativ e t asks. Ty p ical d ep lo ymen t an d u se cas e s cen ario s are

d es crib ed in each s ect io n . Fo r mo re d et ailed s et u p in s t ru ct io n s an d exp lan at io n s o f each co n fig u rat ion p aramet er, refer t o t h e o n lin e h elp t h at can b e acces s ed fro m each p ag e in t h e ro u t er GUI.

1.2 Typographical Conventions

Th e fo llo win g is a lis t o f t h e v ario u s t erms , fo llo wed b y an examp le o f h o w t h at t erm is rep res en t ed in t h is d o cu men t :

Pro d u ct Name – D-Lin k Un ified Serv ices Ro u t er.

oM o d el n u mb ers DSR-500/ 500N/ 1000/ 1000N/ 250/ 250N/ 150/ 150N

GUI M en u Pat h / GUI Nav ig at io n – Monitoring > Router Status

Imp o rt an t n o t e – 

Chapter 2. Configuring Your Network:

LAN Setup

It is as s umed t h at t h e u ser h as a mach in e fo r man ag emen t co nnected t o t h e LA N t o t h e ro u t er. Th e LA N co n n ectio n may b e t h ro u gh t h e wired Et h ern et p o rt s av ailab le o n t h e ro u t er, o r o n ce t h e in it ial s et up is co mp let e, t h e DSR may als o b e ma n ag ed t h ro u g h it s wireles s in t erface as it is b rid g ed wit h t h e LA N . A cces s t h e ro u t er’s g rap h ical u s er in t erface (GUI) fo r man ag emen t b y u s in g an y web b ro wser, s uch as M icro s o ft In t ern et Exp lo rer o r M o zilla Firefo x:

Go t o http:/ / 1 9 2 .1 6 8 .1 0 .1 (d efau lt IP ad d res s ) t o d is p lay t h e ro u t er’s

man ag emen t lo g in s creen .

Defau lt lo g in cred en t ials fo r t h e man ag emen t GUI:

Us ern ame: admi n

Pas s wo rd : admi n

 If t h e ro u t er’s LA N IP ad d res s was ch ang ed, u s e t h at IP ad d res s in t h e n av ig at io n

b ar o f t h e b ro ws er t o acces s t h e ro u t er ’s man ag emen t UI.

2.1 LAN Configuration

Setup > Network Settings > LAN Configuration

By d efau lt , t h e ro u t er fu n ct io n s as a Dy n amic Ho s t Co n fig u rat io n Pro t o co l (DHCP) s erv er t o t h e h ost s o n t h e W LA N o r LA N n et wo rk. W it h DHCP, PCs an d o t h er LA N d ev ices can b e assig ned IP ad d resses as well as ad d resses fo r DNS s erv ers , W in d o ws In t ern et Name Serv ice (W INS) s erv ers , an d t h e d efau lt g at eway . W it h t h e DHCP s erv er en ab led t h e ro u t er’s IP ad d res s s erv es as t h e g at eway ad d res s fo r LA N an d W LA N clien t s . Th e PCs in t h e LA N are as s ig n ed IP ad d res s es fro m a p o o l o f ad d res ses s pecified in t h is p ro cedu re. Each p o o l ad dress is t ested b efore it is as sig ned t o av o id d u p licat e ad d res s es o n t h e LA N.

Fo r mo s t ap p licat ion s t he d efault DHCP an d TCP/ IP s et t in g s are s at is fact o ry . If y o u wan t an o t h er PC o n y o u r n et wo rk t o b e t h e DHCP s erv er o r if y o u are man u ally

co n fig u rin g		t h e n et wo rk s et t in g s o f all o f y o u r PCs , s et t h e DHCP mo d e t o ‘n o n e’ .
DHCP relay		can b e u s ed t o	fo rward DHCP leas e in fo rmat io n	fro m an o t h er LA N
d ev ice	t h at	is t h e n et wo rk’s	DHCP s erv er; t h is is p art icu larly	u s efu l fo r wireles s
clien t s .
In s t ead	o f u s in g a DNS s erv er, y o u can u s e a W in d o ws In t ern et Namin g Serv ice
(W INS)	s erv er. A W INS s erv er is t h e eq u iv alen t o f a DNS s erv er b u t u s es t h e
Net BIOS p ro t o co l t o res o lv e h o s t n ames . Th e ro u t er in clu d es				t h e W INS s erv er IP
ad d res s	in t h e DHCP co n fig u rat io n wh en ackn o wled g in g a DHCP req u es t fro m a
DHCP clien t .

Yo u can als o en able DNS p ro xy fo r t h e LA N. W h en t h is is e n abled t he ro u t er t h en as a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS s erv ers . W h en d is ab led all DHCP clien t s receiv e t h e DNS IP ad d res s es o f t h e ISP.

Unified Services Router

User Manual

To co n fig u re LA N Co n n ect iv it y , p leas e fo llo w t h e s t ep s b elo w:

1. In the LAN Setup page, enter the following information for your router:

IP ad d res s (fact o ry d efau lt : 192.168.10.1).

 If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d . Op en a n ew co n n ect io n t o t h e n ew IP ad d res s an d lo g in ag ain . Be s u re t h e LA N h o s t (t h e mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP ad d res s fro m n ewly as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e ro u t er’s LA N s u b n et ) b efo re acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .

Su b n et mas k (fact o ry d e fau lt : 255.255.255.0).

2. In the DHCP section, select the DHCP mode:

No n e: t h e ro u t er’s DHCP s erv er is d is ab led fo r t h e LA N

DHCP Serv er. W it h t h is o p tio n t h e ro u ter assig ns an IP ad d res s wit h in t h e

s p ecified ran g e p lu s ad d it io n al s p ecified in fo rmat io n t o an y LA N d ev ice

t h at req u es t s DHCP s erv ed ad d res s es .

DHCP Relay : W it h t h is o p t io n en ab led , DHCP clien t s o n t h e LA N can

receiv e IP ad d res s leas es an d co rres p o n d in g in fo rmat io n fro m a DHCP

s erv er o n a d ifferen t s u b n et . Sp ecify t h e Relay Gat eway , an d wh en LA N

clien t s make a DHCP req u es t it will b e p as s ed alo n g t o t h e s erv er

acces s ib le v ia t h e Relay Gat eway IP ad d res s .

If DHCP is b ein g en ab led , en t er t h e fo llo win g DHCP s erv er p aramet ers :

St art in g an d	En d in g IP A d d res s es : En t er t h e firs t an d las t co n t in u o u s
ad d res ses in t h e IP ad d ress p o ol. A n y n ew DHCP clien t jo in in g t h e LA N is
as s ig n ed an	IP ad d res s in	t h is ran g e . Th e	d efau lt s t art in g ad d res s is
192.168.10.2.	Th e d efau lt	en d in g ad d res s	is 192.168.1 0.100. Th es e

ad d res ses s ho uld b e in t h e s ame IP ad d res s s u b n et as t h e ro u t er’s LA N IP

ad d res s . Yo u may wis h t o s av e p art o f t h e s u b n et ran g e fo r d ev ices wit h

s t at ically as s ig n ed IP ad d res s es in t h e LA N .

Primary an d Seco n d ary DNS s erv ers : If co n fig u red d o main n ame s y s t em

(DNS) s erv ers are av ailab le o n t h e LA N en t er t h eir IP ad d res s es h ere .

W INS Serv er (o p t io n al): En t er t h e IP ad d res s fo r t h e W INS s erv er o r, if p res en t in y o u r n et wo rk, t h e W in d o ws Net Bio s s erv er.

Unified Services Router

User Manual

Leas e Time: En t er t h e t ime, in h o u rs , fo r wh ich IP ad d res s es are leas ed t o clien t s .

		Relay Gat eway : En t er t h e g at eway add res s . Th is is t h e o n ly co n fig u rat io n
		p aramet er req u ired in t h is s ect io n wh en DHCP Relay	is s elect ed as it s
		DHCP mo d e
3.	In the DNS Host Name Mapping section:
		Ho s t Name: Pro v id e a v alid h o s t n ame
		IP ad d res s : Pro v id e t h e IP ad d res s o f t h e h o s t n ame,
4.	In the LAN proxy section:
		En ab le DNS Pro xy : To en ab le t h e ro u t er t o act as a	p ro xy fo r all DNS
		req u es ts an d co mmu n icat e wit h t h e ISP’s DNS s erv ers , click t h e ch eckb o x.
5.	Click Save Settings to apply all changes .

Figure 1: Se tup page for LAN TCP/IP s e ttings

Unified Services Router User Manual

2.1.1 LAN DHCP Reserved IPs

Setup > Network Settings > LAN DHCP Reserved IPs

Th is ro u t er DHCP s erv er can as sig n TCP/ IP co n fig urat io n s t o co mp u t ers in t h e LA N exp licit ly b y ad d in g clien t 's n etwo rk in t erface h ardware ad dress an d t he IP ad d ress t o b e as s ig ned t o t h at clien t in DHCP s erv er's d atabase . W h enever DHCP s erv er receiv es a req u est fro m c lien t , h ard ware ad dress o f t h at clien t is co mp ared wit h t h e h ard ware

ad d res s lis t	p res en t	in	t h e d at ab as e, if an	IP ad d res s is	alread y as s ig n ed t o t h at
co mp u t er o r	d ev ice	in	t h e d at ab as e , t h e	cu s t o mized	IP ad d res s is co n fig u red

o t h erwis e an IP ad d ress is ass ig n ed t o t h e clien t au t o mat ically fro m t h e DHCP p o o l.

Computer Name : Th e u s er d efin ed n ame fo r t h e LA N h o s t .

IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at is res erv ed b y t h e DHCP s erv er.

MAC Addres s es : Th e M A C ad d res s t h at will b e as s ig n ed t h e res e rv ed IP ad d res s wh en it is o n t h e LA N.

As s ociate with IP/MAC Binding : W h en t h e u s er en ab les t h is o p t io n t h e Co mp u t er Name, IP an d M A C ad d res s es are as s o ciat ed wit h t h e IP/ M A C b in d in g .

Th e act io n s t h at can b e t aken o n lis t o f res erv ed IP ad d res s es are:

S elect: Select s all t h e res erv ed IP ad d res s es in t h e lis t .

Edit: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ed it t h e s elect ed b in d in g ru le .

Delete : Delet es t h e s elect ed IP ad d res s res erv at io n (s )

Add: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ad d a n ew b in d in g ru le .

Unified Services Router	User Manual
Figure 2: LAN DHCP Re s e rve d IPs

2.1.2 LAN DHCP Leased Clients

Setup > Network Settings > LAN DHCP Leased Clients

Th is p ag e p ro v id es t h e lis t o f clien t s co n n ect t o LA N DHCP s erv er.

Unified Services Router	User Manual
Figure 3: LAN DHCP Le as e d Clie nts

IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at mat ch es t h e res erv ed IP lis t .

MAC Addres s es : Th e M A C ad d ress o f a LA N h o s t t h at h as a co n figu red IP ad d res s

res erv at io n .

2.1.3 LAN Configuration in an IPv6 Network

Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config

(1) In IPv 6 mo d e, t h e LA N DHCP s erv er is en ab led b y d efau lt (s imilar t o IPv 4 mo d e). Th e DHCPv 6 s erv er will s erv e IPv 6 ad d resses fro m co n fig u red ad d res s p o o ls wit h t h e IPv 6 Prefix Len g t h as s ig n ed t o t h e LA N.

 IPv 4 / IPv 6 mo d e mu s t b e en ab led in t h e Advanced > IPv6 > IP mode t o en ab le

IPv 6 co n fig u rat io n o p t io n s .

LAN Settings

Th e d efau lt IPv 6 LA N ad d ress fo r t h e ro u ter is fec0 ::1 . Yo u can ch ang e t h is 128 b it IPv 6 ad d res s b ased o n y o ur n et wo rk req u iremen t s . Th e o t h er field t h at d efin es t h e

LA N s et t in g s	fo r	t h e ro u t er is t h e p refix len g t h . Th e IPv 6	n et wo rk (s u b n et ) is
id en t ified b y	t h e	in it ial b it s o f t h e ad d res s called t h e p refix.	By d efau lt t h is is 6 4

b it s lo n g . A ll h o s ts in t h e n etwo rk h av e co mmo n in it ial b it s fo r t h eir IPv 6 ad d res s ; t h e n u mb er o f co mmo n in it ial b it s in t h e n et wo rk’s ad d res s es is s et b y t h e p refix len g t h field .

Unified Services Router

User Manual

Figure 4: IPv6 LAN and DHCPv6 configurat io n

Unified Services Router	User Manual
A s wit h an IPv 4 LA N n et wo rk, t h e	ro u t er h as a DHCPv 6 s erv er. If en ab led , t h e

ro u t er as s ig n s an IP ad d res s wit h in t h e s p ecified ran g e p lu s ad d it io n al s p ecified in fo rmat io n t o an y LA N PC t h at req u es t s DHCP s erv ed ad d res s es .

Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e DHCPv 6 s erv er:

DHCP M o d e: Th e IPv 6 DHCP s erv er is eit h er s t at eless o r s t at efu l. If s t ateless is

s elect ed an ext ern al IPv 6 DHCP s erv er is n o t req u ired as t h e IPv 6 LA N h o s t s

are au t o -co nfig ured b y t h is ro u ter. In t h is case t h e ro u ter ad vertis emen t d aemo n

(RA DVD) mu s t b e co n fig u red o n t h is d ev ice an d ICM Pv 6 ro u t er d is co v ery

mes s ag es are u s ed b y t h e h o s t fo r au t o -co n fig u rat io n . Th ere are n o man ag ed

ad d res ses t o s erv e t h e LA N n o d es. If s t at efu l is s elected t h e IPv 6 LA N h o s t will

rely o n an ext ern al DHCPv 6 s erv er t o p ro v id e req u ired co n fig u rat io n s et t in g s

Th e d o main n ame o f t h e DHCPv 6 s erv er is an o p t io n al s et t in g

Serv er Preferen ce is u s ed t o in d icat e t h e p re feren ce lev el o f t h is DHCP s erv er.

DHCP ad v ert is e mes s ag es wit h t h e h ig h es t s erv er p referen ce v alu e t o a LA N

h o s t are p referred o v er o t h er DHCP s erv er ad v ert is e mes s ag es . Th e d efau lt is

255.

Th e DNS s erv er d et ails can b e man u ally en t ered h ere (p rimary / s eco n d ary

o p t io n s . A n alt ern at iv e is t o allo w t h e LA N DHCP clien t t o receiv e t h e DNS

s erv er d et ails fro m t h e ISP d irect ly . By s elect in g Us e DNS p ro xy , t h is ro u t er

act s as a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS

s erv ers (a W A N co n fig u ra t io n p aramet er).

Primary an d Seco n d ary DNS s erv ers : If t h ere is co n fig u red d o main n ame

s y s t em (DNS) s erv ers av ailab le o n t h e LA N en t er t h e IP ad d res s es h ere .

Leas e/ Reb in d t ime s et s t h e d uratio n o f t h e DHCPv 6 leas e fro m t h is ro u t er to the

LA N clien t .

IPv6 Address Pools

Th is feat u re allo ws y o u t o d efin e t h e IPv 6 d eleg at io n p refix fo r a ran g e o f IP ad d res ses t o b e s erv ed b y t h e g at eway ’s DHCPv 6 s erv er . Us in g a d eleg at io n p refix y o u can au t omat e t he p ro cess o f in fo rmin g o t h er n et workin g eq uip men t o n t h e LA N o f DHCP in fo rmat io n s p ecific fo r t h e as s ig n ed p refix.

Prefix Delegation

Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e Prefix Deleg at io n :

Prefix Deleg at io n : Select t h is o p t io n t o en ab le p refix d eleg at io n in DHCPv 6

s erv er. Th is o p t io n can b e s elect ed o n ly in St at eles s A d d res s A u t o

Co n fig u rat io n mo d e o f DHCPv 6 s erv er.

Unified Services Router

User Manual

Prefix A d d res s : IPv 6 p refix ad d res s in t h e DHCPv 6 s erv er p refix p o o l

Prefix Len g t h : Len g t h p refix ad d res s

2.1.4Configuring IPv6 Router Advertisements

Ro u t er A d v ertis emen ts are an alo go us t o IPv 4 DHCP as s ig nmen ts fo r LA N clien t s , in t h at t h e ro u t er will as s ig n an IP ad d res s an d s u p p o rt in g n et wo rk in fo rmat io n t o d ev ices t hat are co n fig ured t o accept s uch d etails. Ro u t er A dv ert isemen t is req u ired in an IPv 6 n et wo rk is req u ired fo r s t at eless au to con fig u rat io n o f t h e IPv 6 LA N. By co n fig u rin g t he Ro u ter A d vertisemen t Daemo n o n t h is ro u ter, t h e DSR will lis t en o n t h e LA N fo r ro u t er s o licit at io n s an d res p o n d t o t h es e LA N h o s t s wit h ro u t er ad v is emen t s .

RADVD

Advanced > IPv6 > IPv6 LAN > Router Advertisement

To s u p p ort s tateless IPv 6 au t o co nfig uratio n o n t h e LA N, s et t h e RA DVD s t at u s t o En ab le . Th e fo llo win g s et t in g s are u s ed t o co n fig u re RA DVD:

A d v ert ise M o de: Select Un solicit ed M u lt icast t o send ro ut er ad v ert is emen t s

(RA ’s )	t o all in t erfaces		in	t h e mu lt icas t g ro u p . To res t rict RA ’s t o		well-
kn o wn	IPv 6 ad d res s es		o n	t h e LA N, an d t h ereb y red u ce o v erall n et wo rk
t raffic, s elect Un icas t o n ly .
A d v ert ise In t erv al: W h en ad vert isemen ts are u n s o licit ed mu lt icas t p acket s ,
t h is in t erv al s et s t h e			maximu m t ime b et ween ad v ert is emen t s fro m t h e
in t erface . Th e act u al d u rat io n b et ween ad v ert is emen t s is a ran d o m v alu e
b et ween o n e t h ird o f t h is field an d t h is field . Th e d efau lt is 30 s eco n d s .
RA Flag s : Th e ro u t er ad vertis emen ts (RA ’s ) can b e s en t wit h o n e o r b o t h o f
t h es e flag s. Ch o se M an ag ed t o u s e t h e ad min is t ered / s t a t efu l p ro t o co l fo r
ad d res s	au t o co n fig u rat io n . If t h e Ot h er flag				is s elect ed t h e h o s t	u s es
ad min is t ered / s t at efu l p ro t o co l fo r n o n -ad d res s au t o co n fig u rat io n .
Ro u t er	Preferen ce :	t h is		lo w/ med iu m/ h ig h	p aramet er d et ermin es	t h e
p referen ce asso ciat ed wit h t h e RA DVD p ro ces s o f t h e ro u t er. Th is is u s efu l
if t h ere are o t h er RA DVD en ab led d ev ices o n t h e LA N as it h elp s av o id
co n flict s fo r IPv 6 clien t s .
M TU: Th e ro u t er ad v ert is emen t will s et t h is					maximu m t ran s mis s io n u n it
(M TU) v alu e fo r all n o d es in t h e LA N t h at are au t o co n fig ured b y t he ro uter.
Th e d efau lt is 1500.
Ro u t er Lifet ime : Th is v alu e is p res en t in RA ’s an d in d icat es t h e u s efu ln es s
o f t h is	ro u t er as a	d efau lt		ro u t er fo r t h e in t erface . Th e d efau lt is		3600

Unified Services Router

User Manual

s eco n ds. Up o n exp irat io n o f t h is v alu e, a n ew RA DVD exch an g e mu s t t ake

p lace b et ween t h e h o s t an d t h is ro u t er.

Figure 5: Configu ri ng the Route r Adve rtis e me nt Dae mon

Advertisement Prefixes

Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes

Th e ro u t er ad v ert isemen ts co nfig ured wit h ad v ert is emen t p refixes allo w t h is ro u t er t o in fo rm h o s t s h o w t o p erfo rm s t at eles s ad d res s au t o co n fig u rat io n . Ro u t er ad v ert is emen ts co n t ain a lis t o f s u b n et p refixes t h at allo w t h e ro u t er t o d et ermin e n eig h b o u rs an d wh et h er t h e h o s t is o n t h e s ame lin k as t h e ro u t er .

Th e fo llo win g p refix o p t io n s are av ailab le fo r t h e ro u t er ad v ert is emen t s :

IPv 6 Prefix Ty p e : To en s u re h o s t s s u p p o rt IPv 6 t o IPv 4 t u n n el s elect t h e

6t o 4 p refix t y p e . Select in g Glo b al/ Lo cal/ ISA TA P will allo w t h e n o d es t o

s u p p o rt all o t h er IPv 6 ro u t in g o p t io n s

SLA ID: Th e SLA ID (Sit e -Lev el A g g reg at io n Id en t ifier) is av ailab le wh en

6t o 4 Prefixes are s elect ed . Th is s h o u ld b e t h e in t erface ID o f t h e ro u t er’s

LA N in t erface u s ed fo r ro u t er ad v ert is emen t s .

Unified Services Router

User Manual

IPv 6 Prefix: W h en u s ing Glo b al/ Lo cal/ISA TAP p refixes , t h is field is u s ed to

d efin e t h e IPv 6 n et wo rk ad v ert is ed b y t h is ro u t er.

IPv 6 Prefix Len g t h : Th is v alu e in d icat e s t h e n u mb er co n t ig u o u s , h ig h er

o rd er b it s o f t h e IPv 6 ad d res s t h at d efin e u p t h e n et wo rk p o rt io n o f t h e

ad d res s . Ty p ically t h is is 64.

Prefix Lifet ime: Th is d efin es t h e d u rat io n (in s eco n d s ) t h at t h e req u es t in g

n o d e is allo wed t o u s e t h e adv ert is ed p refix. It is an alo g o u s t o DHCP leas e

t ime in an IPv 4 n et wo rk.

Figure 6: IPv6 Adve rtis e me nt Pre fix s e ttings

2.2 VLAN Configuration

Th e ro u t er s u p p o rt s v irt u al n et wo rk is o lat io n o n t h e LA N wit h t h e u s e o f VLA Ns . LA N d ev ices can b e co n fig u red t o co mmu n icat e in a s u b n et wo rk d efin ed b y VLA N id en t ifiers . LA N p o rt s can b e as s ig n ed u n iq u e VLA N IDs s o t h at t raffic t o an d fro m t h at p h y s ical p o rt can b e is o lat ed fro m t h e g en eral LA N. VLA N filt erin g is p art icu larly u s efu l t o limit b ro ad cas t p acket s o f a d ev ice in a larg e n et wo rk

VLA N s u p p ort is d is abled b y d efault in t h e ro u ter. In t h e VLA N Co n fig u rat io n p ag e, en ab le VLA N s u p po rt o n t h e ro u ter a n d t h en p ro ceed t o t he n ext s ectio n t o d efin e t h e v irt u al n et wo rk.

Setup > VLAN Settings > Available VLAN

Th e A v ailab le VLA N p ag e s h o ws a lis t o f co n fig ured VLA Ns b y n ame an d VLA N ID. A VLA N memb ers h ip can b e creat ed b y clickin g t h e A d d b u t t o n b elo w t h e Lis t o f A v ailab le VLA Ns .

A VLA N memb ers h ip en t ry co n s is t s o f a VLA N id en t ifier an d t h e n u merical VLA N ID wh ich is as s ig n ed t o t h e VLA N memb ers h ip . Th e VLA N ID v alu e can b e an y

Unified Services Router User Manual

n u mb er fro m 2 t o 4091. VLA N ID 1 is res erv ed fo r t h e d efau lt VLA N, wh ich is u s e d fo r u n t ag ged frames receiv ed o n t h e in t erface. By en ab lin g In t er VLA N Ro u t in g , y o u will allo w t raffic fro m LA N h o s ts b elo ng ing t o t his VLA N ID t o p as s t h roug h t o o ther co n fig u red VLA N IDs t h at h av e In t er VLA N Ro u t in g en ab led .

Figure 7: Adding VLAN me mbe rs hips to the LAN

2.2.1 Associating VLANs to ports

In o rd er t o t ag all t raffic t h ro u g h a s p ecific LA N p o rt wit h a VLA N ID, y o u can as s o ciat e a VLA N t o a p h y s ical p o rt .

Setup > VLAN Settings > Port VLAN

VLA N memb ers h ip p ro p ert ies fo r t h e LA N an d wireles s LA N are lis t ed o n t h is page. Th e VLA N Po rt t ab le d is p lay s t he p o rt id en tifier, t h e mo d e s ett ing fo r t h at p o rt an d VLA N memb ers h ip in fo rmat io n . Th e co n fig u rat io n p ag e is acces s ed b y s elect in g o n e o f t h e fo u r p h y s ical p o rt s o r a co n fig u r ed acces s p o in t an d clickin g Ed it .

Th e ed it p ag e o ffers t h e fo llo win g co n fig u rat io n o p t io n s :

M o d e: Th e mo d e o f t h is VLA N can b e Gen eral, A cces s , o r T ru n k. Th e

d efau lt is acces s .

In Gen eral mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns .

Th e p o rt s en ds an d receiv es d at a t h at is t ag g ed o r u n t ag g ed wit h a VLA N

ID. If t h e d at a in t o t h e p ort is u n tagged, it is as sig n ed t h e d efin ed PVID. In

t h e co n fig u rat io n fro m Fig u re 4, Po rt 3 is a Gen eral p o rt wit h PVID 3, s o

u n t ag ged d at a in t o Po rt 3 will b e as s ig ned PVID 3. A ll t ag g ed d ata s ent o u t

o f t h e p o rt wit h t h e s ame PVID will b e u n t ag ged. Th is is mo d e is t y p ically

u s ed wit h IP Ph o n es t h at h ave d ual Et h ern et p o rts. Dat a co min g fro m p h o ne

t o t h e s wit ch p o rt o n t h e ro u t er will b e t ag g ed . Dat a p as s in g t h ro u g h t h e

p h o n e fro m a co n n ect ed d ev ice will b e u n t ag g ed .

Unified Services Router User Manual

Figure 8: Port VLAN lis t

In A cces s mo d e t h e p o rt is a memb er o f a s in g le VLA N (an d o n ly o n e). A ll
d at a g o in g in t o an d o u t o f t h e p o rt is u n t ag g ed . Traffic t h ro u g h a p o rt in
acces s mo d e lo o ks like an y o t h er Et h ern et frame .
In Tru n k mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns . A ll
d at a g o in g in t o an d o u t o f t h e p o rt is t ag ged. Un t agged co min g in t o t he p o rt
is n o t fo rward ed , excep t fo r t h e				d efau lt VLA N wit h PVID=1, wh ich is
u n t ag ged. Tru n k p o rt s mu lt ip lex t raffic fo r mu lt ip le VLA Ns o v er t h e s ame
p h y s ical lin k.
Select PVID fo r t h e p o rt wh en t h e Gen eral mo d e is s elect ed .
Co n fig u red	VLA N	memb ers h ip s		will b e	d is p lay ed	o n	t h e	VLA N
M emb ers h ip	Co n fig u rat io n		fo r t h e p o rt . By		s elect in g	o n e	mo re	VLA N
memb ers h ip	o p t io n s	fo r a	Gen eral o r Tru n k p o rt , t raffic can b e					ro u t ed

b et ween t h e s elect ed VLA N memb ers h ip IDs

Unified Services Router	User Manual
Figure 9: Configu ri ng	VLAN me mbe rs hip for a port

2.2.2 Multiple VLAN Subnets

Setup > VLAN Settings > Multi VLAN Settings

Th is p ag e s ho ws a lis t o f av ailab le mu lt i-VLA N s u b n ets . Each co n fig u red VLA N ID can map d irect ly t o a s u b n et wit h in t h e LA N. Each LA N p o rt can b e as s ig n ed a u n iq u e IP ad d ress an d a VLA N s p ecific DHCP s erv er can b e co nfig ured t o ass ig n IP ad d res s leas es t o d ev ices o n t h is VLA N.

VLAN ID: Th e PVID o f t h e VLA N t h at will h av e all memb er d ev ices b e p art o f t h e s ame s u b n et ran g e .

IP Addres s : Th e IP ad d res s as s o ciat ed wit h a p o rt as s ig n ed t h is VLA N ID.

S ubnet Mas k : Su b n et M as k fo r t h e ab o v e IP A d d res s

Unified Services Router	User Manual
Figure 10: M ultiple	VLAN Subne ts

2.2.3 VLAN configuration

Setup > VLAN Settings > VLANconfiguration

Th is p ag e allo ws en ab lin g o r d is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Virt u al LA Ns can b e creat ed in t h is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall ru les an d VPN p o licies . Th e LA N n et wo rk is co n s id ered t h e d efau lt VLA N. Ch eck t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N.

Unified Services Router

User Manual

Figure 11: VLAN Configu rat ion

2.3 Configurable Port: DMZ Setup

 DSR-150/ 150N/ 250/ 250N d o es n o t h av e a co n fig u rab le p o rt – t h ere is n o DM Z s u p p o rt .

Th is ro u t er s up port s o ne o f t h e p hy sical p o rt s t o b e co n fig u red as a s eco n d ary W A N Et h ern et p o rt o r a d ed icated DM Z p o rt . A DM Z is a s u b n et wo rk t h at is o p en t o t h e p u b lic b u t b eh ind t h e firewall. Th e DM Z ad d s an ad d it io n al lay er o f s ecu rit y t o t h e LA N, as s p ecific s erv ices/p ort s t h at are exp o s ed t o t h e in t ern et o n t h e DM Z d o n o t h av e t o b e exp o s ed o n t he LA N. It is reco mmen d ed t h at h osts t h at mu s t b e exp o sed t o t h e in t ern et (s u ch as web o r email s erv ers ) b e p laced in t h e DM Z n et wo rk. Firewall ru les can b e allo wed t o p ermit acces s s p ecific s erv ices / p o rt s t o t h e DM Z fro m b o t h t h e LA N o r W A N. In t h e ev en t o f an at t ack t o an y o f t h e DM Z n o d es , t h e LA N is n o t n eces s arily v u ln erab le as well.

Setup > DMZ Setup > DMZ Setup Configuration

DM Z co n fig u ratio n is id en tical t o t h e LA N co n fig u ratio n. Th ere are n o rest rictio ns on t h e IP ad d res s o r s u bnet as sign ed t o t h e DM Z p o rt , o t h er t h an t h e fact t h at it can n o t b e id en t ical t o t h e IP ad d res s g iv en t o t h e LA N in t erface o f t h is g at eway .

+ 240 hidden pages