TP Link C2300 User Manual
Chapter 9 |
|
Parental Controls |
I want to: |
Control the times of day my children or other home network |
|
|
users are allowed to access the Internet and even types of |
|
|
websites they can visit. |
|
|
For example, I want to allow my children’s devices (e.g. a computer |
|
|
or a tablet) to access only www.tp-link.com and Wikipedia.org |
|
|
from 18:00 (6PM) to 22:00 (10PM) at the weekend and not other |
|
|
times. |
|
How can I |
1. |
Visit http://tplinkwifi.net, and log in with your TP-Link ID or |
do that? |
|
the password you set for the router. |
|
2. |
Go to Advanced > Parental Controls and enable Parental |
|
|
Controls. |
|
|
|
|
3. |
Click Add. And then Click Scan, and select the access device. |
|
|
Or, input the Device Name and MAC Address manually. |
|
|
|
4.Click the 
icon to set the Effective Time. Drag the cursor over the appropriate cell(s) and click Save.
47
Chapter 9 |
Parental Controls |
|
|
|
|
5.Enter a Description for the entry, Tick the Enable This Entry checkbox, and then click Save.
6.Enable Content Restriction, and select Whitelist as the restriction policy.
Tips:
•With Blacklist selected, the controlled devices cannot access any websites containing the specified keywords during the Internet Access Time period.
•With Whitelist selected, the controlled devices can only access websites containing the specified keywords during the Internet Access Time period.
7.Click 
. Enter a website and click Save.
You can add up to 32 keywords for either Blacklist or Whitelist. Below are some sample entries to allow access.
•For Whitelist: Enter a web address (e.g. wikipedia.org) to allow access only to its related websites. If you wish to block all Internet browsing access, do not add any keyword to the Whitelist.
•For Blacklist: Specify a web address (e.g. wikipedia.org), a web address keyword (e.g. wikipedia) or a domain suffix (eg. .edu or .org) to block access only to the websites containing that keyword or suffix.
48
Chapter 9 |
Parental Controls |
|
|
|
|
Done! |
Now you can control your children’s Internet access as needed. |
49
Chapter 10
QoS
This chapter introduces how to create a QoS (Quality of Service) rule to specify prioritization of traffic and minimize the impact caused when the connection is under heavy load.
It contains the following sections:
•Prioritize Internet Traffic with QoS
•Update the Database
Chapter 10 |
QoS |
10. 1. Prioritize Internet Traffic with QoS
QoS (Quality of Service) is designed to ensure the efficient operation of the network when come across network overload or congestion.
I want to:
How can I do that?
Specify priority levels for some devices or applications.
For example, I have several devices that are connected to my wireless network. I would like to set an intermediate speed on the Internet for my phone.
1.Enable QoS and set bandwidth allocation.
1) Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2) Go to Advanced > QoS > Settings.
3) Select Enable QoS.
4) Input the maximum upload and download bandwidth provided by your Internet service provider. 1Mbps equal s to 1000Kbps.
5) Click Advanced and drag the scroll bar to set the bandwidth priority percentage.
6) Click Save.
2.Add a middle priority QoS rule for the phone.
1 ) Select By Device and then click View Existing Devices.
51
Chapter 10 |
QoS |
|
|
|
|
2 ) Choose the respective device from the list.
3 ) Click OK.
|
3. Refer to the steps above to apply other QoS rules if any. |
||
|
|
|
Note: |
Done! |
If you want to delete a QoS rule, click to remove the responding rule from the list. |
||
Now QoS is implemented to prioritize Internet traffic. |
|||
10. 2. Update the Database
This function can help to add or update the applications the router supports. If the applications you need are not listed in the Application list, you can try to download the new version and upgrade the datebase. New database versions are posted at www.tp-link.com and can be downloaded for free.
52
Chapter 10 |
QoS |
1.Download the latest QoS database from our website www.tp-link.com.
2.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
3.Go to Advanced > QoS > Database. Click Browse to select the database upgrade file, and then click Upgrade. Wait until the upgrade is completed and do not operate during the process.
53
Chapter 11
Network Security
This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network against DoS (Denial of Service) attacks from flooding your network with server requests using DoS Protection, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
It contains the following sections:
•Protect the Network from Cyber Attacks
•Access Control
•IP & MAC Binding
Chapter 11 |
Network Security |
11. 1. Protect the Network from Cyber Attacks
The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection protect the router from cyber attacks.
The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default, and it’s recommended to keep the default settings.
DoS Protection can protect your home network against DoS attacks from flooding your network with server requests. Follow the steps below to configure DoS Protection.
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > Firewall & Dos Protection.
3.Enable DoS Protection.
4.Set the level (Off, Low, Middle or High) of protection for ICMP-FLOOD Attack Filtering, UDP-FlOOD Attack Filtering and TCP-SYN-FLOOD Attack Filtering.
•ICMP-FLOOD Attack Filtering - Enable to prevent the ICMP (Internet Control Message Protocol) flood attack.
•UDP-FlOOD Attack Filtering - Enable to prevent the UDP (User Datagram Protocol) flood attack.
•TCP-SYN-FLOODAttackFiltering-EnabletopreventtheTCP-SYN(Transmission Control Protocol-Synchronize) flood attack.
Tips:
The level of protection is based on the number of traffic packets. The protection will be triggered immediately when the number of packets exceeds the preset threshold value (the value can be set on Advanced > System Tools > System Parameters > DoS Protection Level Settings), and the vicious host will be displayed in the Blocked DoS Host List.
55
Chapter 11 |
Network Security |
||
|
|
|
|
|
|
|
|
5.If you want to ignore the ping packets from the WAN port, select Ignore Ping Packet From WAN Port; if you want to ignore the ping packets form the LAN port, select Ignore Ping Packet From LAN Port.
6.Click Save.
11. 2. Access Control
Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed devices (Whitelist).
I want to: |
Block or allow specific client devices to access my network (via |
|
|
wired or wireless). |
|
How can I |
1. |
Visit http://tplinkwifi.net, and log in with your TP-Link ID or |
do that? |
|
the password you set for the router. |
|
2. |
Go to Advanced > Security > Access Control. |
|
3. |
Enable Access Control. |
|
|
|
|
|
|
|
4. |
If you also want to control access of the devices connected |
|
|
to the guest network, toggle on Guest Devices Control. |
|
|
|
|
5. |
Select the access mode to either block (recommended) or |
|
|
allow the device(s) in the list. |
To block specific device(s)
1 ) Select Blacklist and click Save.
56
Chapter 11 |
Network Security |
|
|
|
|
2 ) Select the device(s) to be blocked in the Online Devices table by ticking the box.
3 ) Click Block above the Online Devices table. The selected devices will be added to Devices in Blacklist automatically.
To allow specific device(s)
1 ) Select Whitelist and click Save.
2 ) Click Add in the Devices in Whitelist section. Enter the Device Name and MAC Address (You can copy and paste the information from the Online Devices list if the device is connected to your network).
Done! |
3 ) Click OK. |
Now you can block or allow specific client devices to access your |
|
|
network (via wired or wireless) using the Blacklist or Whitelist. |
57
Chapter 11 |
Network Security |
11. 3. IP & MAC Binding
IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind network device’s IP address to its MAC address. This will prevent ARP Spoofing and other ARP attacks by denying network access to an device with matching IP address in the Binding list, but unrecognized MAC address.
I want to: |
Prevent ARP spoofing and ARP attacks. |
||
How can I |
1. |
Visit http://tplinkwifi.net, and log in with your TP-Link ID or |
|
do that? |
|
the password you set for the router. |
|
|
2. |
Go to Advanced > Security > IP & MAC Binding. |
|
|
3. |
Enable IP & MAC Binding. |
|
|
|
|
|
|
|
|
|
|
4. |
Bind your device(s) according to your need. |
|
|
|
To bind the connected device(s): |
|
|
|
Click |
to add the corresponding device to the Binding List. |
|
|
To bind the unconnected device |
|
|
|
1 ) Click Add in the Binding List section. |
|
|
|
|
|
|
2 ) Enter the MAC address and IP address that you want to |
|
bind. Enter a Description for this binding entry. |
Done! |
3 ) Check the box for Enable This Entry and click OK. |
Now you don’t need to worry about ARP spoofing and ARP |
|
|
attacks! |
58
Chapter 12
NAT Forwarding
The router’s NAT (Network Address Translation) feature makes devices on the LAN use the same public IP address to communicate with devices on the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that an external host cannot initiatively communicate with a specified device on the local network.
With the forwarding feature the router can penetrate the isolation of NAT and allows devices on the internet to initiatively communicate with devices on the local network, thus realizing some special functions.
The TP-Link router supports four forwarding rules. If two or more rules are set, the priority of implementation from high to low is Virtual Servers, Port Triggering, UPNP and DMZ.
It contains the following sections:
•Share Local Resources on the Internet by Virtual Servers
•Open Ports Dynamically by Port Triggering
•Make Applications Free from Port Restriction by DMZ
•Make Xbox Online Games Run Smoothly by UPnP
Chapter 12 |
NAT Forwarding |
12.1. Share Local Resources on the Internet by Virtual Servers
When you build up a server on the local network and want to share it on the internet, Virtual Servers can realize the service and provide it to internet users. At the same time Virtual Servers can keep the local network safe as other services are still invisible from the internet.
Virtual Servers can be used for setting up public services on your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet. Different services use different service ports. Port 80 is used in HTTP service, port 21 in FTP service, port 25 in SMTP service and port 110 in POP3 service. Please verify the service port number before the configuration.
I want to: |
Share my personal website I’ve built in local network with my |
|
friends through the internet. |
|
For example, the personal website has been built on my home |
|
PC (192.168.0.100). I hope that my friends on the internet can |
|
visit my website in some way. The PC is connected to the router |
|
with the WAN IP address 218.18.232.154. |
|
Personal Website |
|
Router |
|
|
|
INTERNET |
|
Home |
LAN |
WAN: 218.18.232.154 |
How can I |
1. Assign a |
static |
IP address to your PC, for example |
do that? |
192.168.0.100. |
|
|
2.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
3.Go to Advanced > NAT Forwarding > Virtual Servers.
4.Click Add. Click View Existing Services and select HTTP. The External Port, Internal Port and Protocol will be automatically filled in. Enter the PC’s IP address 192.168.0.100 in the Internal IP field.
5.Click OK.
60
Chapter 12 |
NAT Forwarding |
|
|
|
|
Tips:
• It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use.
|
• If the service you want to use is not in the Service Type, you can enter the |
|
corresponding parameters manually. You should verify the port number that the |
|
service needs. |
|
• You can add multiple virtual server rules if you want to provide several services in a |
Done! |
router. Please note that the External Port should not be overlapped. |
Users on the internet can enter http:// WAN IP (in this example: |
|
|
http:// 218.18.232.154) to visit your personal website. |
Tips:
•The WAN IP should be a public IP address. For the WAN IP is assigned dynamically by the ISP, it is recommended to apply and register a domain name for the WAN referring to Set Up a Dynamic DNS Service Account. Then users on the internet can use http:// domain name to visit the website.
• If you have changed the default External Port, you should use http:// WAN IP: External Port or http:// domain name: External Port to visit the website.
12. 2. Open Ports Dynamically by Port Triggering
Port Triggering can specify a triggering port and its corresponding external ports. When a host on the local network initiates a connection to the triggering port, all the external ports will be opened for subsequent connections. The router can record the IP address of the host. When the data from the internet return to the external ports, the router can forward them to the corresponding host. Port Triggering is mainly applied to online games, VoIPs, video players and common applications including MSN Gaming Zone, Dialpad and Quick Time 4 players, etc.
Follow the steps below to configure the Port Triggering rules:
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > NAT Forwarding > Port Triggering and click Add.
61
Chapter 12 |
NAT Forwarding |
3.Click View Existing Applications, and select the desired application. The Triggering Port, External Port and Protocol will be automatically filled in. The following picture takes application MSN Gaming Zone as an example.
4.Click OK.
Tips:
•You can add multiple port triggering rules according to your network need.
•The triggering ports can not be overlapped.
•If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You should verify the external ports the application uses first and enter them into External Port field according to the format the page displays.
12.3. Make Applications Free from Port Restriction by DMZ
When a PC is set to be a DMZ (Demilitarized Zone) host on the local network, it is totally exposed to the internet, which can realize the unlimited bidirectional communication between internal hosts and external hosts. The DMZ host becomes a virtual server with all ports opened. When you are not clear about which ports to open in some special applications, such as IP camera and database software, you can set the PC to be a DMZ host.
62
Chapter 12 |
NAT Forwarding |
Note:
When DMZ is enabled, the DMZ host is totally exposed to the internet, which may bring some potential safety hazards. If DMZ is not in use, please disable it in time.
I want to: |
Make the home PC join the internet online game without port |
|
|
restriction. |
|
|
For example, due to some port restriction, when playing the |
|
|
online games, you can login normally but cannot join a team with |
|
|
other players. To solve this problem, set your PC as a DMZ host |
|
|
with all ports open. |
|
How can I |
1. |
Assign a static IP address to your PC, for example |
do that? |
|
192.168.0.100. |
|
2. |
Visit http://tplinkwifi.net, and log in with your TP-Link ID or |
|
|
the password you set for the router. |
|
3. |
Go to Advanced > NAT Forwarding > DMZ and select Enable |
|
|
DMZ. |
|
4. |
Enter the IP address 192.168.0.100 in the DMZ Host IP |
|
|
Address filed. |
|
|
|
Done! |
5. |
Click Save. |
The configuration is completed. You’ve set your PC to a DMZ |
||
|
host and now you can make a team to game with other players. |
|
12.4. Make Xbox Online Games Run Smoothly by UPnP
The UPnP (Universal Plug and Play) protocol allows applications or host devices to automatically find the front-end NAT device and send request to it to open the corresponding ports. With UPnP enabled, the applications or host devices on the local network and the internet can freely communicate with each other thus realizing the seamless connection of the network. You may need to enable the UPnP if you want to use applications for multiplayer gaming, peer-to-peer connections, real-time communication (such as VoIP or telephone conference) or remote assistance, etc.
63
Chapter 12 |
NAT Forwarding |
Tips:
•UPnP is enabled by default in this router.
•Only the application supporting UPnP protocol can use this feature.
•UPnP feature needs the support of operating system (e.g. Windows Vista/ Windows 7/ Windows 8, etc. Some of operating system need to install the UPnP components).
For example, when you connect your Xbox to the router which has connected to the internet to play online games, UPnP will send request to the router to open the corresponding ports allowing the following data penetrating the NAT to transmit. Therefore, you can play Xbox online games without a hitch.
LAN |
WAN |
Internet |
|
|
XBOX |
Router |
If necessary, you can follow the steps to change the status of UPnP.
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > NAT Forwarding > UPnP and toggle on or off according to your needs.
64
Chapter 13
VPN Server
The VPN (Virtual Private Networking) Server allows you to access your home network in a secured way through internet when you are out of home. The router offers two ways to setup VPN connection: OpenVPN and PPTP (Point to Point Tunneling Protocol) VPN.
OpenVPN is somewhat complex but with greater security and more stable. It is suitable for restricted environment, such as campus network and company intranet.
PPTP VPN is more easily used and its speed is faster, it’s compatible with most operating systems and also supports mobile devices. Its security is poor and your packets may be cracked easily, and PPTP VPN connection may be prevented by some ISP.
It contains the following sections, please choose the appropriate VPN server connection type as needed.
•Use OpenVPN to Access Your Home Network
•Use PPTP VPN to Access Your Home Network
Chapter 13 |
VPN Server |
13. 1. Use OpenVPN to Access Your Home Network
In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, you should enable OpenVPN Server on your router, and install and run VPN client software on the remote device. Please follow the steps below to set up an OpenVPN connection.
13. 1. 1. Step1. Set up OpenVPN Server on Your Router
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > VPN Server > OpenVPN, and select Enable VPN Server.
Note:
•Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet.
•The first time you configure the OpenVPN Server, you may need to Generate a certificate before you enable the VPN Server.
3.Select the Servive Type (communication protocol) for OpenVPN Server: UDP, TCP.
4.Enter a VPN Service Port to which a VPN device connects, and the port number should be between 1024 and 65535.
5.In the VPN Subnet/Netmask fields, enter the range of IP addresses that can be leased to the device by the OpenVPN server.
66
Chapter 13 |
VPN Server |
6.Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access internet through the VPN Server.
7.Click Save.
8.Click Generate to get a new certificate.
Note:
If you have already generated one, please skip this step, or click Generate to update the certificate.
9.Click Export to save the OpenVPN configuration file which will be used by the remote device to access your router.
13. 1. 2. Step 2. Configure OpenVPN Connection on Your Remote Device
1.Visit http://openvpn.net/index.php/download/community-downloads.html to download the OpenVPN software, and install it on your device where you want to run the OpenVPN client utility.
Note:
You need to install the OpenVPN client utility on each device that you plan to apply the VPN funxtion to access your router. Mobile devices should download a third-party app from Google Play or Apple App Store.
2.After the installation, copy the file exported from your router to the OpenVPN client utility’s “config” folder (for example, C:\Program Files\OpenVPN\config on Windows). The path depends on where the OpenVPN client utility is installed.
3.Run the OpenVPN client utility and connect it to OpenVPN Server.
13. 2. Use PPTP VPN to Access Your Home Network
PPTP VPN Server is used to create a VPN connection for remote device. To use the VPN feature, you should enable PPTP VPN Server on your router, and configure the PPTP connection on the remote device. Please follow the steps below to set up a PPTP VPN connection.
67
Chapter 13 |
VPN Server |
13. 2. 1. Step 1. Set up PPTP VPN Server on Your Router
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > VPN Server > PPTP VPN, and select Enable VPN Server.
Note:
Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet.
3.In the Client IP Address filed, enter the range of IP addresses (up to 10) that can be leased to the devices by the PPTP VPN server.
4.Enter the Username and Password to authenticate clients to the PPTP VPN server.
5.Click Save.
13. 2. 2. Step 2. Configure PPTP VPN Connection on Your Remote Device
The remote device can use the Windows built-in PPTP software or a third-party PPTP software to connect to PPTP Server. Here we use the Windows built-in PPTP software as an example.
1.Go to Start > Control Panel > Network and Internet > Network and Sharing Center.
2.Select Set up a new connection or network.
68
Loading...