HP R100 Administrator's Guide

HP R100-Series Wireless VPN Routers Configuration and Administration Guide

HP Part Number: 5998-5394 Published: September 2014 Edition: 1

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Acknowledgments

Microsoft® and Windows® are U.S. trademarks of the Microsoft group of companies. Google Chrome™ browser is a trademark of Google Inc.

Warranty

WARRANTY STATEMENT: See the warranty information sheet provided in the product box and available online.

1 Deploying the HP R110/R120 ......................................................................7

2 Using the Wizard Setup .............................................................................11

Overview................................................................................................................................................ 11

Automatically running the Wizard Setup the first time you log in ...............................................................11

Accessing the Wizard Setup after your first login ....................................................................................11

Wizard Setup.......................................................................................................................................... 11

Step 1: Specify system time settings .......................................................................................................11

Step 2: Specify WAN settings ..............................................................................................................12

Step 3: Specify wireless settings............................................................................................................15

Step 4: Summary............................................................................................................................... 20

3 Managing the HP R110/R120 system..........................................................23

Viewing the router status .......................................................................................................................... 23

Setting the HP R110/R120 mode ............................................................................................................... 24

General administration settings ................................................................................................................. 25

System information (General) settings ................................................................................................... 25

Administrator login credentials ............................................................................................................ 25

Setting the Country Code.................................................................................................................... 25

Configuring web server settings ........................................................................................................... 25

Configuring trusted users.......................................................................................................................... 26

System time settings................................................................................................................................. 26

Set system time.................................................................................................................................. 27

Daylight saving ................................................................................................................................. 28

Configuring SNMP.................................................................................................................................. 28

Managing system logs............................................................................................................................. 29

Events .............................................................................................................................................. 30

Proxy ARP settings....................................................................................................................................31

Rebooting the router................................................................................................................................ 33

Viewing traffic statistics............................................................................................................................ 33

4 WAN configuration................................................................................... 35

Viewing the WAN interface status............................................................................................................. 35

Settings ................................................................................................................................................. 36

DHCP IP address ............................................................................................................................... 36

Static IP address ................................................................................................................................ 36

PPPoE............................................................................................................................................... 37

PPTP................................................................................................................................................. 39

L2TP ................................................................................................................................................ 40

DDNS ....................................................................................................................................................41

MAC clone ............................................................................................................................................ 42

5 LAN configuration .....................................................................................43

Viewing the LAN interface status............................................................................................................... 43

LAN Settings .......................................................................................................................................... 44

Default VLAN settings......................................................................................................................... 44

DHCP relay....................................................................................................................................... 46

Spanning Tree................................................................................................................................... 46

DHCP client list....................................................................................................................................... 47

VLAN settings......................................................................................................................................... 47

IGMP settings......................................................................................................................................... 49

6 Wireless configuration ...............................................................................51

Viewing wireless interface status ................................................................................................................51

Basic wireless settings.............................................................................................................................. 52

Configuring virtual access point interfaces............................................................................................. 55

Configuring wireless security ............................................................................................................... 56

Advanced wireless settings....................................................................................................................... 64

WDS settings ......................................................................................................................................... 66

WPS settings.......................................................................................................................................... 67

WMM settings ....................................................................................................................................... 68

MAC authentication settings ..................................................................................................................... 70

Viewing the client list............................................................................................................................... 71

7 VPN configuration .....................................................................................73

Viewing VPN status ................................................................................................................................. 73

VPN settings .......................................................................................................................................... 74

IPSec settings .................................................................................................................................... 74

L2TP over IPSec settings...................................................................................................................... 77

PPTP settings ..................................................................................................................................... 78

VPN passthrough settings......................................................................................................................... 79

8 Routing configuration.................................................................................81

Viewing routing status...............................................................................................................................81

Viewing the IPv4 routing table .................................................................................................................. 82

IPv4 Dynamic route settings...................................................................................................................... 83

IPv4 Static route settings .......................................................................................................................... 84

Viewing the IPv6 routing table .................................................................................................................. 85

IPv6 Dynamic route settings...................................................................................................................... 86

IPv6 Static route settings .......................................................................................................................... 86

9 Firewall configuration ................................................................................89

Viewing the firewall status........................................................................................................................ 89

Security settings...................................................................................................................................... 90

Client filtering......................................................................................................................................... 92

MAC filtering ......................................................................................................................................... 93

URL filtering............................................................................................................................................ 94

Content filtering...................................................................................................................................... 95

SPI settings............................................................................................................................................. 95

10 NAT configuration................................................................................... 99

Viewing NAT status................................................................................................................................. 99

NAT settings......................................................................................................................................... 100

Virtual server settings............................................................................................................................. 100

DMZ settings.........................................................................................................................................102

ALG settings..........................................................................................................................................103

Port trigger settings.................................................................................................................................103

11 IPv6 configuration .................................................................................105

Viewing IPv6 status ............................................................................................................................... 105

IPv6 settings......................................................................................................................................... 106

Static IPv6 ...................................................................................................................................... 106

SLAAC ........................................................................................................................................... 108

DHCPv6......................................................................................................................................... 109

PPPoE.............................................................................................................................................. 110

DHCPv6 client list ...................................................................................................................................111

MLD settings ......................................................................................................................................... 112

12 QoS configuration .................................................................................113

Viewing QoS status ................................................................................................................................ 113

Traffic shaping....................................................................................................................................... 114

Traffic mapping ..................................................................................................................................... 115

13 USB configuration..................................................................................117

User Account......................................................................................................................................... 117

File Sharing settings ............................................................................................................................... 118

FTP settings ........................................................................................................................................... 119

Safe removal .........................................................................................................................................120

14 Tools....................................................................................................121

Viewing tools status ................................................................................................................................ 121

Updating software ................................................................................................................................. 121

Saving configuration settings ...................................................................................................................122

Ping .....................................................................................................................................................124

Nslookup..............................................................................................................................................125

Traceroute.............................................................................................................................................125

Email alert ............................................................................................................................................126

Scheduling............................................................................................................................................128

Support file ...........................................................................................................................................129

Viewing the EULA ..................................................................................................................................129

15 Support and other resources ................................................................... 131

Online documentation ............................................................................................................................ 131

Contacting HP....................................................................................................................................... 131

HP websites .......................................................................................................................................... 131

Conventions ..........................................................................................................................................132

A Resetting to factory defaults ...................................................................... 133

Factory reset procedures .........................................................................................................................133

Using the reset button........................................................................................................................133

Using the management interface.........................................................................................................133

B Factory default settings .............................................................................135

1 Deploying the HP R110/R120

Wireless community

High security wireless network for

employees using WPA/WPA2.

DSL/Cable modem

R110/R120

Wireless community 1

High security wireless network

(WPA/WPA2) for employees

Wireless community 2

Low security wireless network

for guests

VLAN 1

VLAN 2

Guests with access to a network

printer and the Internet

Employees with secure access

to all network resources

and the Internet

R110/R120

DSL/Cable modem

In a small office, the HP R110/R120 can be directly connected to a broadband modem (DSL or cable) to provide secure wireless networking for all employees. In the following scenario, employees can share data and resources with each other and access the Internet at the same time:

With its wireless community feature, the R110 can be configured to provide up to four separate wireless networks (all on the same wireless channel), and the R120 up to eight wireless networks (split between two radios), each with its own configuration settings for security, VLAN support, and more.

In this scenario, employees connect to wireless community 1, which is protected with WPA/ WPA2. All employee traffic exits the HP R110/R120 on VLAN 1, providing access to private resources on the company network and on the Internet.

Guests connect to wireless community 2, which is protected with WEP. All guest traffic exits the HP R110/R120 on VLAN 2, providing access only to the Internet.

For offices that need Ethernet ports for wired connectivity, the R110/R120 has a built-in 4-port Gigabit switch. It can also be used to extend the reach of the network to areas that are difficult or impossible to reach with traditional cabling.

In the following scenario, HP R110/R120 #1 provides wireless network services to the

Wireless community

File server DHCP server

computers

WDS

Wireless link

Employee

Main office area Warehouse

Wireless community

R110/R120

LAN computers

Office

R110/R120

Internet

Server

LAN WAN

VPN

Remote Client

employees in the main office, while HP R110/R120 #2 and HP R110/R120 #3 use the Wireless Distribution System (WDS) to create a wireless link between the main office network and a small network in a warehouse. WDS eliminates the need to run cabling, allowing for fast and easy deployment.

In the following scenario, an HP R110/R120 located in an office provides a virtual private network (VPN) connection across the Internet to a remote client (typically a mobile worker). The R110/R120 forms secure VPN (IPSec, PPTP, L2TP/IPSec) tunnel connection to the client, which can then access the computers and servers in the office network. The remote client can be a Windows or Mac computer, or any Apple iOS or Android mobile device.

8 Deploying the HP R110/R120

In the following scenario, four HP R110/R120s provide a virtual private network (VPN) across

LAN computers

Headquarters

Branch 1

R110/R120

Branch 2

R110/R120

Branch 3

R110/R120

Internet

LAN

WAN

Server

LAN WAN

VPN

the Internet between a headquarters and three branch offices. The R110/R120 #1 forms secure VPN tunnel connections to R110/R120 #2, R110/R120 #3, and R110/R120 #4 at three branch locations. The computers on each branch network can access the computers and servers on the headquarters network.

10 Deploying the HP R110/R120

2 Using the Wizard Setup

Overview

The Wizard Setup provides an easy way to quickly configure basic settings on the R110/R120 and make the router operational.

Automatically running the Wizard Setup the first time you log in

The first time you log in to the management interface (see the HP R100-Series Wireless VPN Routers Quickstart for first time login procedure), the HP end user license agreement displays. When you accept the agreement, a page displays to enable you to select your country so that wireless radio settings are configured appropriately. Select the country in which the router is operating, and then click Save. The first page in the Wizard Setup appears.

Accessing the Wizard Setup after your first login

When you log in subsequent to completing or cancelling out of the Wizard Setup, the System Status page displays by default.

See also the HP R100-Series Wireless VPN Routers Quickstart, which describes the configuration procedure for a basic wireless network.

Wizard Setup

To start the Wizard Setup, select Home > Wizard Setup, and then click Start:

Step 1: Specify system time settings

The router keeps time by connecting to a Network Time Protocol (NTP) server. This enables the router to synchronize the system clock to the global Internet. The synchronized clock in the router is used to record the system log and control client filtering. Select the time zone that you reside in. The system clock may not update immediately. The router updates the current time after it has made contact with time servers on the Internet and received a response. Alternatively, the system clock can be entered manually or imported from the host computer (copies the system time from the management computer).

Select to configure the system time manually or have it automatically configured by an NTP server. You can also enable support for daylight savings time, if required for your location

This page includes the following settings:

Set system time

• NTP: Enables the router to use NTP to synchronize the system clock to global Internet time,

or allows the time to be set manually.

• Current System Time: Displays the current time setting of the router.

• Time Server Address: The IP address or name of an NTP server.

• Set Time Zone: The local time zone where the router is installed.

Daylight saving

• Enable: Enables daylight saving for the system time. The router automatically sets daylight

saving start and end dates based on the time zone selected.

• Manually Set Time For Daylight Savings: Sets the dates for starting and ending the

daylight saving.

Step 2: Specify WAN settings

The Internet Connection page allows you to set up the router for the type of Internet connection you have. Before setting up your connection type, have your account information from your ISP ready.

12 Using the Wizard Setup

DHCP IP Address

A dynamic connection type is the most common method used with cable modems. In many cases, setting the connection type to dynamic is enough to complete the connection to your ISP. Some dynamic connection types may require a Host Name. Enter the Host Name in the space provided if you were assigned one by your ISP (do not use characters ` " & ' # \). Some dynamic connections may require that you clone the MAC address of the PC that was originally connected to the modem. To do so, click WAN on the main menu and then MAC Clone to set the WAN MAC address.

Static IP Address

The Static IP addresses mode sets the router to operate with a fixed IP address to connect to the Internet. If your ISP uses static IP addressing, you need an IP address, subnet mask, and ISP gateway address. This information is available from your ISP or on the paperwork that your ISP left with you. Enter your information in the provided spaces, and then click Next.

Wizard Setup 13

PPPoE

The Point-to-Point Protocol over Ethernet (PPPoE) is a common WAN protocol that provides a secure “tunnel” connection between the service provider and the local network.

Enter the PPPoE information in the provided spaces, and then click Next to activate your settings.

• Username: Enter your ISP-assigned user name. (Do not use characters ` " & ' # \)

• Password: Enter your password (usually assigned by your ISP). (Do not use characters ` "

& ' # \)

• Confirm Password: Confirm the password.

PPTP

The Point-to-Point Tunneling Protocol (PPTP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tunnel” connection between the service provider and the local network.

14 Using the Wizard Setup

L2TP

The Layer 2 Tunneling Protocol (L2TP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tunnel” connection between the service provider and the local network.

Step 3: Specify wireless settings

The R110 router supports a dual-band single radio for 2.4 GHz or 5 GHz operation. The R120 router supports two radios, one for 2.4 GHz and one for 5 GHz. This means that the R110 can operate at 2.4 GHz or 5 GHz, but not both at the same time. The R120 can operate concurrently at 2.4 GHz and 5 GHz.

Therefore, the wireless settings differ for the R110 and R120 routers. The R110 rou t e r h a s a single configuration page for 2.4 GHz or 5 GHz operation. The R120 router includes separate configuration pages for 2.4 GHz and 5 GHz operation.

Wizard Setup 15

Enable Radio

Enables the 2.4 GHz or 5 GHz wireless section of your LAN. When disabled, no wireless computers can gain access to either the Internet or other computers on your wired or wireless LAN.

Configure the radio band and mode

Radio Band

(Applies to HP R110 only) Allows you to select the band of your wireless network. The R110 router can operate in the 2.4 GHz band (for 802.11b/g/n) or the 5 GHz band (for 802.11a/ n). The R110 router does not support concurrent operation at 2.4 GHz and 5 GHz.

Mode

For 2.4 GHz, the R110 and R120 routers support 802.11b, 802.11g, and 802.11n wireless standards. This option allows the user to select whether the router will operate in 802.11b/g mode, 802.11b/g/n mode, or 802.11n mode only.

For 5 GHz, the R110 router supports 802.11a and 802.11n wireless standards. This option allows the user to select whether the router will operate in 802.11a only mode, 802.11n only mode, or 802.11a/n mode. The R120 router also supports the 802.11ac wireless standard and allows the selection of an 802.11ac operating mode.

Select a 2.4 GHz radio mode for the R110 and R120 routers.

• 11b/g Mixed: (Compatibility mode.) Up to 11 Mbps for 802.11b and 54 Mbps for

802.11g.

• 11b/g/n Mixed: (Compatibility mode.) Up to 11 Mbps for 802.11b, 54 Mbps for

802.11g, and 450 Mbps for 802.11n. If support for 802.11b/g is not required, HP recommends that you choose the 802.11n-only mode.

• 11 n o n l y : (Pure 802.11n) Up to 450 Mbps.

Select a 5 GHz radio mode for the R110 router.

• 11 a o n l y : (Pure 802.11a) Up to 54 Mbps.

• 11 n o n l y : (Pure 802.11n) Up to 450 Mbps.

• 11a/n Mixed: (Compatibility mode.) Up to 450 Mbps for 802.11n and 54 Mbps for

802.11a.

Select a 5 GHz radio mode for the R120 router.

• 11 a o n l y : (Pure 802.11a) Up to 54 Mbps.

• 11 n o n l y : (Pure 802.11n) Up to 450 Mbps.

• 11a/n Mixed: (Compatibility mode.) Up to 450 Mbps for 802.11n and 54 Mbps for

802.11a.

• 11ac/n/a: (Compatibility mode.) Up to 1.3 Gbps.

16 Using the Wizard Setup

Configure the primary SSID

The R110 allows you to create up to four wireless communities, and the R120 allows you to create up to eight wireless communities. Each wireless community defines the settings for a distinct wireless network, with its own network name (SSID), settings for wireless protection, user authentication, VLANs, and more. Radio settings are shared by all wireless communities.

A default wireless community is defined on the R110/R120. Its name (or SSID) is HP1 on the R110 , HP1_2G and HP1_5G on the R120, and it is assigned to VLAN 1. The settings that initially display in the wireless community settings pertain to the default community.

The SSID can be changed if desired. The SSID name is case-sensitive and can contain up to 32 standard alphanumeric characters, including spaces. The following are not allowed:

• only spaces

• space as the first character

• space as the last character

If there are other wireless networks in your area, make sure that you give your wireless network a unique name. Click on the SSID box and enter a new name. Click Next to make the change.

Configure wireless security

A security method (or no security method) can be associated with the default wireless community and any additional communities you create. This section defines the available security methods as they display in the quick setup wizard. To modify these settings after you complete the quick setup wizard, or to access additional configuration options, use the Wireless pages.

MAC Authentication

You can control access to the wireless network based on the MAC address of a user's wireless device. You can either block access or allow access, depending on your requirements.

Select whether to disable MAC authentication, use a MAC authentication list stored locally on the router, or use a list stored on a RADIUS server. If local MAC authentication is selected, configure your MAC address list on the Wireless > MAC Authentication page.

Note that MAC authentication occurs after other authentication methods have been applied.

Authentication Mode and Encryption Type

The router supports several different security mechanisms that provide various levels of authentication and encryption depending on the requirements of the network. Using encryption can help keep your network secure. Encryption works on a system of keys, where the key on a computer must match the key on the router. The router supports the following authentication and encryption methods:

WEP: Wired Equivalent Privacy (WEP) is the security protocol initially specified in the IEEE

802.11 standard for wireless communications. WEP provides a basic level of security, preventing unauthorized access to the network, and encrypting data transmitted between wireless clients and the router. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. WEP is not as secure as the other security methods available.

Wizard Setup 17

WPA and WPA2: Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP, replacing WEP encryption with TKIP. WPA2 includes the complete wireless security standard (802.11i) and offers backward compatibility with WPA, but uses the stronger AES-CCMP encryption. Both WPA and WPA2 provide an “enterprise” and “personal” mode of operation. The “personal” WPA Pre-Shared Key mode uses a common password phrase for user authentication that is manually entered on the router and all wireless clients. The “enterprise” mode of WPA and WPA2 uses IEEE 802.1X for user authentication and requires a RADIUS authentication server to be configured on the wired network. WPA2 is more secure than WPA (TKIP) or WEP, therefore HP recommends that you select WPA2 for maximum possible security.

The router provides the following Authentication Mode and Encryption Type options:

• Open: Allows a client to associate with the router without any authentication, but provides

the option of using WEP for encrypting data. If WEP encryption is used, clients must have the correct WEP key to exchange traffic with the router. Selecting WEP encryption also provides the option of using 802.1X for user authentication from a RADIUS server, which dynamically generates WEP keys and distributes them to all clients.

• WPA2: The Enterprise mode of WPA2 using AES encryption. If all clients in the network

are WPA2 compatible, select this option for maximum security. This mode requires the use of a RADIUS server.

• WPA2-PSK: The Personal (pre-shared key) mode of WPA2 using AES encryption. The pre-

shared key mode uses a common password phrase for user authentication that is manually entered on the router and all wireless clients. Data encryption keys are automatically generated by the router and distributed to all clients connected to the network.

• WPA/WPA2 Enterprise: The WPA2 Enterprise mode for mixed clients, that is, when

there are some wireless clients in the network that support only WPA (TKIP encryption). This setting enables both WPA and WPA2 clients to associate and authenticate, but uses the more robust AES encryption (WPA2) for clients that support it. This option allows more interoperability at the expense of some security. This mode requires the use of a RADIUS server.

• WPA/WPA2-PSK Mixed: The WPA2 Personal mode for mixed clients, that is, when

• WEP Keys: To configure WEP keys on the router you must first specify the key length and

type. You must configure at least one key, although up to four keys can be entered. Only four WEP keys are supported for each radio, that is, the four keys are shared by all SSIDs using a static WEP security configuration. Therefore, you must have a consistent WEP key setup for all SSIDs. Note that the number of keys, the key index (1-4), type, and length must match those configured on the clients.

• Key Length:

18 Using the Wizard Setup

64-bit

12 8 - b i t

• Key Type:

Hexadecimal (characters 0-9, a-f, and A-F)

ASCII (characters 0-9, a-z, and A-Z)

• Key 1-4 String: Enter encryption keys

Hexadecimal: Enter keys as 10 hexadecimal characters (0-9 and A-F) for 64 bit keys, or 26 hexadecimal characters for 128 bit keys.

ASCII: Enter keys as 5 alphanumeric characters for 64 bit keys, or 13 alphanumeric characters for 128 bit keys.

• Default Key: You can enter up to four keys (Key 1 to Key 4). Select the key number

from the list that is used to transmit data.

• Re-Key Interval: When using 802.1X dynamic WEP keys, enter the interval at which

the router refreshes the keys for each associated client. Specify a value in the range of 60 to 86400 seconds.

• WPA/WPA2 Pre-Shared Key: The router uses the pre-shared key (PSK) you specify to

generate the WPA (TKIP) or WPA2 (AES) keys that are used for data encryption. Each client that connects to the network must use the same pre-shared key.

• Key Type:

• Hexadecimal (characters 0-9, a-f, and A-F)

• ASCII (alphanumeric characters 0-9, a-z, and A-Z, plus spaces and symbols)

• Passphrase: Enter the key according to the type selected; in ASCII passphrase style

(8-63 alphanumeric characters), or in exactly 64 hexadecimal characters. For an ASCII key, it is recommended that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.

• RADIUS Settings: When using WPA2, WPA/WPA2 Enterprise, or WEP with 802.1X,

the RADIUS server details must be configured.

• Group Key Interval: Enter the interval at which the broadcast (group) key is

refreshed for clients associated with the router. Specify a value of 0 to disable refreshing of broadcast keys.

• Session Key Interval: Enter the interval at which the router refreshes session

(unicast) keys for each associated client. Specify a value of 0 to disable refreshing of unicast keys.

• Primary RADIUS Server: Enter the IPv4 address for the primary RADIUS server that

the router uses by default, for example 192.168.1.23.

• RADIUS Key: The RADIUS key is the shared secret key for the RADIUS server. You

can use up to 64 alphanumeric and special characters (do not use characters ` " & ' # \). Do not use blank spaces in the key. The key is case-sensitive, and you must configure the same key on the router and on the RADIUS server.

Wizard Setup 19

• Secondary RADIUS Server: Enter the IPv4 address for a backup RADIUS server. If

• Accounting Enable: Select this option to track and measure the resources a

• Interim Interval: The interval between transmitting accounting updates to the

Step 4: Summary

After you complete the Wizard Setup, the Summary page displays.

Confirm the settings, and then click Finish. The router reboots and the HP R110/R120 is operational.

authentication fails with the primary server, the configured backup server is tried instead. If a secondary RADIUS server is configured, be sure to enter the RADIUS key.

particular user has consumed, such as system time, amount of data transmitted and received, and so on. If you enable RADIUS accounting, it is enabled for the primary and secondary RADIUS servers.

RADIUS server. The valid range is 30 to 3600 seconds and the default is 300 seconds.

This page includes the following information:

NTP

Indicates if the router is using NTP to synchronize the system clock to global Internet time.

Time Zone

The configured local time zone where the router is installed.

Daylight Saving

Shows if the router is applying daylight saving to the time setting.

Connection Type

The connection method used for the WAN port.

20 Using the Wizard Setup

Enable Radio

Shows if the router’s wireless radio is enabled. The R120 includes a radio setting for 2.4 GHz and 5 GHz.

Radio Band

The operating band of the R110. The R110 includes one radio that can operate at 2.4 GHz or 5 GHz.

Mode

The wireless standard operating mode of the radio.

SSID

The primary wireless network SSID.

MAC Authentication

The configured MAC authentication setting used for the primary SSID.

Authentication Mode

The configured wireless security mode used for the primary SSID.

Encryption Type

The configured encryption type used for the primary SSID.

Wizard Setup 21

22 Using the Wizard Setup

3 Managing the HP R110/R120 system

The HP R110/R120 is managed via its web-based management interface using Microsoft Internet Explorer 8 or later, Google Chrome v29, or Mozilla Firefox v24 or later. You can access the HP R110/R120 management tool using either http or https. Using https is more secure, but you will see a warning because the security certificate is issued by the router and not a known certificate authority. With https, it is acceptable to choose the option that allows you to proceed through the security warning.

In a web browser, specify either: http://192.168.1.1 or https://192.168.1.1.

For information on launching the web-based management interface for the first time, see the HP R100-Series Wireless VPN Routers Quickstart.

Viewing the router status

The Status page displays a summary of the router’s key settings. Click Refresh to update the status.

The Status page includes these items:

Device Information

Shows the router's software version, hardware serial number, host name, device description, and country selection.

Resource Utilization

Indicates the status of the router's resources, including CPU and memory usage.

Security

Displays the current settings for Denial of Service (DoS) and Stateful Packet Inspection (SPI) features.

Wireless

Displays the current settings for the wireless interface, including radio enable, operating frequency, mode, channel, SSID, MAC address, authentication, and encryption.

WAN

Displays the WAN connection type, status, and IP address assignment.

LAN

Displays the router's local network IP address, MAC address, and DHCP server status.

USB

Displays the current status of a device attached to the router's USB port.

SNMP

Displays the status of the Simple Network Management Protocol feature.

Setting the HP R110/R120 mode

The device supports Router and Bridge modes for different applications.

• Router Mode: The normal router mode that allows connections between a wired LAN and

wireless clients to the WAN Internet connection, such as a cable or DSL modem. This is the factory set default mode.

• Bridge Mode: The router operates like an access point, extending a wired LAN to wireless

clients. In this mode there is no WAN configuration, including routing, VPN, NAT, firewall, and QoS settings; all Internet access features are disabled. In fact, all four LAN ports and WAN port are bridged together, so the WAN port operates like another LAN port.

24 Managing the HP R110/R120 system

General administration settings

The Admin page configures the following settings for the router:

System information (General) settings

Configures settings that help identify the router, including the system name, location, and the name of a person to contact for administrative purposes. The system name appears on the banner and login screen. (Do not use characters ` " & ' # \)

Administrator login credentials

Configures the web management interface login username and password. The administrator user name and password can be from 6 to 32 alphanumeric and special characters. (Do not use characters ` " & ' # \)

Setting the Country Code

The country of operation, also known as the regulatory domain, determines the availability of certain wireless settings on the router. When the country is set, the router automatically limits the available wireless channels and channel width, and adjusts the radio power level in accordance with the regulations of the selected country.

Caution Incorrectly selecting the country can result in illegal operation and can cause harmful

interference to other systems. You must ensure that the router is operating in accordance with channel, power, indoor/outdoor restrictions, and license requirements for the intended country. If you fail to heed this caution, you might be held liable for violating the local regulatory compliance.

Configuring web server settings

This section configures access to the web management interface.

General administration settings 25

HTTP Server HTTPS Server

The router software includes HTTP and HTTPS functionality to enable communication with your web browser. Unlike HTTP, HTTPS enables secure sessions, using a digital certificate to encrypt data exchanged between the router and your web browser. HTTP and HTTPS are both enabled by default.

Session Timeout

Configure the Session Timeout for automatic log out from the web interface. If there is no activity on the management session for the specified time, then the administrator will be automatically logged off.

Configuring trusted users

When using the trusted users feature, only computers with specified MAC or IP addresses can access the router's web management interface. All other devices, either LAN or WLAN, cannot access the web interface. A maximum of five rules can be defined.

System time settings

Correct system time is important for proper operation of the HP R110/R120, especially when using the logs to troubleshoot.

Select System > System time to open the System Time page. This page enables you to configure time server and time zone information.

26 Managing the HP R110/R120 system

Set system time

This section displays the current system time. You can configure the time manually or have it automatically configured by a Network Time Protocol (NTP) server.

Manually

Select the date, time (in 24-hour notation), and timezone.

Using network time protocol (NTP)

NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock. The timestamp is used to indicate the date and time of each event in the system log or syslog messages.

When you select this option, a field displays for you to specify the NTP server. You can specify the NTP hostname or IP address, although using the IP address is not recommended, as these are more likely to change. If you specify a hostname, note the following requirements:

• The length must be from 1 to 63 characters.

• Upper and lower case characters, numbers, and hyphens are accepted.

• The first character must be a letter (a to z or A to Z), and the last character cannot be a

hyphen.

A actual NTP server host name, pool.ntp.org, is configured by default and will provide the time when the AP is connected to the Internet.

System time settings 27

Daylight saving

Use this section to enable support for daylight saving time, if required for your location. When you select Manually Set Time For Daylight Savings, additional fields display to enable you to configure the starting and ending dates and times, and the DST offset.

The DST offset specifies how many minutes to move the clock forward or backward.

Configuring SNMP

The Simple Network Management Protocol (SNMP) enables the remote management of the HP R110/R120 router by a computer that has SNMP management software installed. The HP R110/R120 provides a robust SNMP v1/v2c implementation supporting both industry-standard MIB II objects and HP-specific MIB objects. Read-only and read-write access are supported.

Select System > SNMP to open the SNMP configuration page.

To configure SNMP, set the following options:

• Enable SNMP: Use this checkbox to enable/disable the SNMP agent. By default, the

SNMP agent is disabled. When the agent is disabled, the HP R110/R120 does not respond to SNMP requests.

• Read Community: The password that controls read-only access to SNMP information on

the router. A network management program must supply this name when attempting to get SNMP information from the router. By default, the name is set to public. (Do not use characters ` " & ' # \)

• Write Community: The password that controls read/write access to SNMP information

on the router. A network management program must supply this name when attempting to

28 Managing the HP R110/R120 system

get or set SNMP information on the router. By default, the name is set to private. (Do not use characters ` " & ' # \)

The router can also be configured to send status messages to an SNMP server if a problem occurs on the network. This is done by setting the Trap Receiver option. To configure an SNMP Trap Receiver, set the following options:

• Trap Receiver IP Address: The IP address of the computer to which the status messages

are to be sent.

• Trap Receiver Port: The port number of the computer to which the status messages are

to be sent.

• Trap Community: The computer network management program must supply this name

to receive the trap messages. (Do not use characters ` " & ' # \)

Managing system logs

The system log is a list of system messages, some of which may indicate error conditions. The router stores up to 2048 system messages in volatile memory (RAM). You can view these events using the router’s management interface, and you can configure the router to relay them as syslog messages to a syslog server residing on the network. Note that the log messages in volatile memory are lost when the system reboots.

To configure system logging, set the following options:

System Log Level

You can specify the minimum severity level of the log messages to write to the system log. In the following list, the severity levels are listed from most severe (top) to least severe (bottom):

• Emergency indicates that the system is unusable. It is the highest level of severity.

• Alert indicates action must be taken immediately.

• Critical indicates critical conditions.

• Error indicates error conditions.

• Warning indicates warning conditions.

Managing system logs 29

• Notice indicates normal but significant conditions.

• Informational indicates informational messages.

• Debug indicates debug-level messages.

For example, if you select Critical, only critical, alert, and emergency messages are written to the log.

Max Size

Specifies the maximum number of log entries to store in the router's volatile memory. When the maximum number is reached, the old log messages are overwritten by new messages.

Log Prefix

A text identification string that is added to the log messages. This is useful for quickly identifying events you are interested in when using a remote syslog server.

Remote Syslog Configuration

To view a longer history of log messages, you can set up a remote syslog server that acts as a syslog log relay host on your network. Then, you can configure the router to send syslog messages to the remote server. The System Log Level setting determines which messages are stored in RAM and are available for relay to a remote syslog server.

• IP Address: Specify the IP address of the remote syslog server.

Events

• Port: The syslog process uses logical port 514 by default. It is recommended that you keep

this default. If you specify a different port number, ensure that the port number is not being used by another protocol on your network and that your syslog server is also configured to use that port.

• Log Level: When Remote Syslog is enabled, messages of the selected Log Level or higher

are sent to the configured syslog server.

The Events section of the System log page shows real-time system events on the router, such as wireless clients associating with the router and being authenticated. The log shows the date the event occurred, its severity level, the software program or process that caused the event message, and the message text.

You can sele ct Refresh to display the most recent data from the router, or Clear to remove all entries from the list. Click Download to save all entries to a file on the management computer.

30 Managing the HP R110/R120 system

+ 112 hidden pages

HP R100 Administrator's Guide

Contents

1 Deploying the HP R110/R120

2 Using the Wizard Setup

Overview

Automatically running the Wizard Setup the first time you log in

Accessing the Wizard Setup after your first login

Wizard Setup

Step 1: Specify system time settings

Step 2: Specify WAN settings

Step 3: Specify wireless settings

Enable Radio

Configure the radio band and mode

Configure the primary SSID

Configure wireless security

Step 4: Summary

3 Managing the HP R110/R120 system

Viewing the router status

Setting the HP R110/R120 mode

General administration settings

System information (General) settings

Administrator login credentials

Setting the Country Code

Configuring web server settings

Configuring trusted users

System time settings

Set system time

Daylight saving

Configuring SNMP

Managing system logs

Events