Control the times of day my children or other home network
users are allowed to access the Internet and even types of
websites they can visit.
For example, I want to allow my children’s devices (e.g. a computer
or a tablet) to access only www.tp-link.com and Wikipedia.org
from 18:00 (6PM) to 22:00 (10PM) at the weekend and not other
times.
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or
the password you set for the router.
2. Go to Advanced > Parental Controls and enable Parental
Controls.
3. Click Add. And then Click Scan, and select the access device.
Or, input the Device Name and MAC Address manually.
4. Click the icon to set the Effective Time. Drag the cursor
over the appropriate cell(s) and click Save.
47
Chapter 9
Parental Controls
5. Enter a Description for the entry, Tick the Enable This Entry
checkbox, and then click Save.
6. Enable Content Restriction, and select Whitelist as the
restriction policy.
Tips:
• With Blacklist selected, the controlled devices cannot access any websites
containing the specified keywords during the Internet Access Time period.
• With Whitelist selected, the controlled devices can only access websites containing
the specified keywords during the Internet Access Time period.
7. Click . Enter a website and click Save.
You can add up to 32 keywords for either Blacklist or Whitelist.
Below are some sample entries to allow access.
• For Whitelist: Enter a web address (e.g. wikipedia.org) to allow access
only to its related websites. If you wish to block all Internet browsing
access, do not add any keyword to the Whitelist.
• For Blacklist: Specify a web address (e.g. wikipedia.org), a web address
keyword (e.g. wikipedia) or a domain suffix (eg. .edu or .org) to block
access only to the websites containing that keyword or suffix.
48
Chapter 9
Parental Controls
Done!
Now you can control your children’s Internet access as needed.
49
Chapter 10
QoS
This chapter introduces how to create a QoS (Quality of Service) rule to specify
prioritization of traffic and minimize the impact caused when the connection is under
heavy load.
It contains the following sections:
• Prioritize Internet Traffic with QoS
• Update the Database
Chapter 10
QoS
10. 1. Prioritize Internet Traffic with QoS
QoS (Quality of Service) is designed to ensure the efficient operation of the network
when come across network overload or congestion.
I want to:
How can I
do that?
Specify priority levels for some devices or applications.
For example, I have several devices that are connected to my
wireless network. I would like to set an intermediate speed on
the Internet for my phone.
1. Enable QoS and set bandwidth allocation.
1 ) Visit http://tplinkwifi.net, and log in with your TP-Link ID
or the password you set for the router.
2 ) Go to Advanced > QoS > Settings.
3 ) Select Enable QoS.
4 ) Input the maximum upload and download bandwidth
provided by your Internet service provider. 1Mbps equal
s to 1000Kbps.
5 ) Click Advanced and drag the scroll bar to set the
bandwidth priority percentage.
6 ) Click Save.
2. Add a middle priority QoS rule for the phone.
1 ) Select By Device and then click View Existing Devices.
51
Chapter 10
QoS
2 ) Choose the respective device from the list.
3 ) Click OK.
3. Refer to the steps above to apply other QoS rules if any.
Note:
If you want to delete a QoS rule, click to remove the responding rule from the list.
Done!
Now QoS is implemented to prioritize Internet traffic.
10. 2. Update the Database
This function can help to add or update the applications the router supports. If the
applications you need are not listed in the Application list, you can try to download
the new version and upgrade the datebase. New database versions are posted at
www.tp-link.com and can be downloaded for free.
52
Chapter 10
QoS
1. Download the latest QoS database from our website www.tp-link.com.
2. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
3. Go to Advanced > QoS > Database. Click Browse to select the database upgrade
file, and then click Upgrade. Wait until the upgrade is completed and do not operate
during the process.
53
Chapter 11
Network Security
This chapter guides you on how to protect your home network from cyber attacks
and unauthorized users by implementing these three network security functions. You
can protect your home network against DoS (Denial of Service) attacks from flooding
your network with server requests using DoS Protection, block or allow specific client
devices to access your network using Access Control, or you can prevent ARP spoofing
and ARP attacks using IP & MAC Binding.
It contains the following sections:
• Protect the Network from Cyber Attacks
• Access Control
• IP & MAC Binding
Chapter 11
Network Security
11. 1. Protect the Network from Cyber Attacks
The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection
protect the router from cyber attacks.
The SPI Firewall can prevent cyber attacks and validate the traffic that is passing
through the router based on the protocol. This function is enabled by default, and it’s
recommended to keep the default settings.
DoS Protection can protect your home network against DoS attacks from flooding your
network with server requests. Follow the steps below to configure DoS Protection.
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
2. Go to Advanced > Security > Firewall & Dos Protection.
3. Enable DoS Protection.
4. Set the level (Off, Low, Middle or High) of protection for ICMP-FLOOD Attack
Filtering, UDP-FlOOD Attack Filtering and TCP-SYN-FLOOD Attack Filtering.
• ICMP-FLOOD Attack Filtering - Enable to prevent the ICMP (Internet Control
Message Protocol) flood attack.
• UDP-FlOOD Attack Filtering - Enable to prevent the UDP (User Datagram
Protocol) flood attack.
• TCP-SYN-FLOOD Attack Filtering - Enable to prevent the TCP-SYN (Transmission
Control Protocol-Synchronize) flood attack.
Tips:
The level of protection is based on the number of traffic packets. The protection will be triggered immediately
when the number of packets exceeds the preset threshold value (the value can be set on Advanced > System
Tools > System Parameters > DoS Protection Level Settings), and the vicious host will be displayed in the Blocked
DoS Host List.
55
Chapter 11
5. If you want to ignore the ping packets from the WAN port, select Ignore Ping Packet
From WAN Port; if you want to ignore the ping packets form the LAN port, select
Ignore Ping Packet From LAN Port.
6. Click Save.
Network Security
11. 2. Access Control
Access Control is used to block or allow specific client devices to access your network
(via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed
devices (Whitelist).
I want to:
How can I
do that?
Block or allow specific client devices to access my network (via
wired or wireless).
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or
the password you set for the router.
2. Go to Advanced > Security > Access Control.
3. Enable Access Control.
4. If you also want to control access of the devices connected
to the guest network, toggle on Guest Devices Control.
5. Select the access mode to either block (recommended) or
allow the device(s) in the list.
To block specific device(s)
1 ) Select Blacklist and click Save.
56
Chapter 11
Network Security
2 ) Select the device(s) to be blocked in the Online Devices
table by ticking the box.
3 ) Click Block above the Online Devices table. The selected
devices will be added to Devices in Blacklist automatically.
To allow specific device(s)
1 ) Select Whitelist and click Save.
2 ) Click Add in the Devices in Whitelist section. Enter the
Device Name and MAC Address (You can copy and paste
the information from the Online Devices list if the device
is connected to your network).
Done!
3 ) Click OK.
Now you can block or allow specific client devices to access your
network (via wired or wireless) using the Blacklist or Whitelist.
57
Chapter 11
Network Security
11. 3. IP & MAC Binding
IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind
network device’s IP address to its MAC address. This will prevent ARP Spoofing and
other ARP attacks by denying network access to an device with matching IP address in
the Binding list, but unrecognized MAC address.
I want to:
How can I
do that?
Prevent ARP spoofing and ARP attacks.
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or
the password you set for the router.
2. Go to Advanced > Security > IP & MAC Binding.
3. Enable IP & MAC Binding.
4. Bind your device(s) according to your need.
To bind the connected device(s):
Click to add the corresponding device to the Binding List.
To bind the unconnected device
1 ) Click Add in the Binding List section.
Done!
2 ) Enter the MAC address and IP address that you want to
bind. Enter a Description for this binding entry.
3 ) Check the box for Enable This Entry and click OK.
Now you don’t need to worry about ARP spoofing and ARP
attacks!
58
Chapter 12
NAT Forwarding
The router’s NAT (Network Address Translation) feature makes devices on the LAN use
the same public IP address to communicate with devices on the internet, which protects
the local network by hiding IP addresses of the devices. However, it also brings about
the problem that an external host cannot initiatively communicate with a specified
device on the local network.
With the forwarding feature the router can penetrate the isolation of NAT and allows
devices on the internet to initiatively communicate with devices on the local network,
thus realizing some special functions.
The TP-Link router supports four forwarding rules. If two or more rules are set, the
priority of implementation from high to low is Virtual Servers, Port Triggering, UPNP and
DMZ.
It contains the following sections:
• Share Local Resources on the Internet by Virtual Servers
• Open Ports Dynamically by Port Triggering
• Make Applications Free from Port Restriction by DMZ
• Make Xbox Online Games Run Smoothly by UPnP
Chapter 12
NAT Forwarding
12. 1. Share Local Resources on the Internet by Virtual
Servers
When you build up a server on the local network and want to share it on the internet,
Virtual Servers can realize the service and provide it to internet users. At the same time
Virtual Servers can keep the local network safe as other services are still invisible from
the internet.
Virtual Servers can be used for setting up public services on your local network, such as
HTTP, FTP, DNS, POP3/SMTP and Telnet. Different services use different service ports.
Port 80 is used in HTTP service, port 21 in FTP service, port 25 in SMTP service and port
110 in POP3 service. Please verify the service port number before the configuration.
I want to:
How can I
do that?
Share my personal website I’ve built in local network with my
friends through the internet.
For example, the personal website has been built on my home
PC (192.168.0.100). I hope that my friends on the internet can
visit my website in some way. The PC is connected to the router
with the WAN IP address 218.18.232.154.
Personal Website
Home
1. Assign a static IP address to your PC, for example
192.168.0.100.
2. Visit http://tplinkwifi.net, and log in with your TP-Link ID or
the password you set for the router.
3. Go to Advanced > NAT Forwarding > Virtual Servers.
Router
INTERNET
WAN: 218.18.232.154LAN
4. Click Add. Click View Existing Services and select HTTP. The
External Port, Internal Port and Protocol will be automatically
filled in. Enter the PC’s IP address 192.168.0.100 in the
InternalIP field.
5. Click OK.
60
Chapter 12
Tips:
• It is recommended to keep the default settings of Internal Port and Protocol if you are
not clear about which port and protocol to use.
• If the service you want to use is not in the ServiceType, you can enter the
corresponding parameters manually. You should verify the port number that the
service needs.
• You can add multiple virtual server rules if you want to provide several services in a
router. Please note that the External Port should not be overlapped.
NAT Forwarding
Done!
Users on the internet can enter http:// WAN IP (in this example:
http:// 218.18.232.154) to visit your personal website.
Tips:
• The WAN IP should be a public IP address. For the WAN IP is assigned dynamically by
the ISP, it is recommended to apply and register a domain name for the WAN referring
to Set Up a Dynamic DNS Service Account. Then users on the internet can use
http:// domain name to visit the website.
• If you have changed the default External Port, you should use
http:// WAN IP: External Port or http:// domain name: External Port to visit the website.
12. 2. Open Ports Dynamically by Port Triggering
Port Triggering can specify a triggering port and its corresponding external ports.
When a host on the local network initiates a connection to the triggering port, all the
external ports will be opened for subsequent connections. The router can record the
IP address of the host. When the data from the internet return to the external ports, the
router can forward them to the corresponding host. Port Triggering is mainly applied to
online games, VoIPs, video players and common applications including MSN Gaming
Zone, Dialpad and Quick Time 4 players, etc.
Follow the steps below to configure the Port Triggering rules:
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
2. Go to Advanced > NAT Forwarding > Port Triggering and click Add.
61
Chapter 12
NAT Forwarding
3. Click View Existing Applications, and select the desired application. The Triggering
Port, External Port and Protocol will be automatically filled in. The following picture
takes application MSN Gaming Zone as an example.
4. Click OK.
Tips:
• You can add multiple port triggering rules according to your network need.
• The triggering ports can not be overlapped.
• If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You
should verify the external ports the application uses first and enter them into External Port field according to the
format the page displays.
12. 3. Make Applications Free from Port Restriction
by DMZ
When a PC is set to be a DMZ (Demilitarized Zone) host on the local network, it is totally
exposed to the internet, which can realize the unlimited bidirectional communication
between internal hosts and external hosts. The DMZ host becomes a virtual server with
all ports opened. When you are not clear about which ports to open in some special
applications, such as IP camera and database software, you can set the PC to be a DMZ
host.
62
Chapter 12
Note:
When DMZ is enabled, the DMZ host is totally exposed to the internet, which may bring some potential safety hazards. If
DMZ is not in use, please disable it in time.
NAT Forwarding
I want to:
How can I
do that?
Make the home PC join the internet online game without port
restriction.
For example, due to some port restriction, when playing the
online games, you can login normally but cannot join a team with
other players. To solve this problem, set your PC as a DMZ host
with all ports open.
1. Assign a static IP address to your PC, for example
192.168.0.100.
2. Visit http://tplinkwifi.net, and log in with your TP-Link ID or
the password you set for the router.
3. Go to Advanced > NAT Forwarding > DMZ and select Enable
DMZ.
4. Enter the IP address 192.168.0.100 in the DMZ Host IP
Address filed.
5. Click Save.
Done!
The configuration is completed. You’ve set your PC to a DMZ
host and now you can make a team to game with other players.
12. 4. Make Xbox Online Games Run Smoothly by
UPnP
The UPnP (Universal Plug and Play) protocol allows applications or host devices
to automatically find the front-end NAT device and send request to it to open the
corresponding ports. With UPnP enabled, the applications or host devices on the
local network and the internet can freely communicate with each other thus realizing
the seamless connection of the network. You may need to enable the UPnP if you
want to use applications for multiplayer gaming, peer-to-peer connections, real-time
communication (such as VoIP or telephone conference) or remote assistance, etc.
63
Chapter 12
Tips:
• UPnP is enabled by default in this router.
• Only the application supporting UPnP protocol can use this feature.
• UPnP feature needs the support of operating system (e.g. Windows Vista/ Windows 7/ Windows 8, etc. Some of
operating system need to install the UPnP components).
NAT Forwarding
For example, when you connect your Xbox to the router which has connected to
the internet to play online games, UPnP will send request to the router to open the
corresponding ports allowing the following data penetrating the NAT to transmit.
Therefore, you can play Xbox online games without a hitch.
LANWAN
Internet
XBOXRouter
If necessary, you can follow the steps to change the status of UPnP.
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
2. Go to Advanced > NAT Forwarding > UPnP and toggle on or off according to your
needs.
64
Chapter 13
VPN Server
The VPN (Virtual Private Networking) Server allows you to access your home network in
a secured way through internet when you are out of home. The router offers two ways
to setup VPN connection: OpenVPN and PPTP (Point to Point Tunneling Protocol) VPN.
OpenVPN is somewhat complex but with greater security and more stable. It is suitable
for restricted environment, such as campus network and company intranet.
PPTP VPN is more easily used and its speed is faster, it’s compatible with most
operating systems and also supports mobile devices. Its security is poor and your
packets may be cracked easily, and PPTP VPN connection may be prevented by some
ISP.
It contains the following sections, please choose the appropriate VPN server
connection type as needed.
• Use OpenVPN to Access Your Home Network
• Use PPTP VPN to Access Your Home Network
Chapter 13
VPN Server
13. 1. Use OpenVPN to Access Your Home Network
In the OpenVPN connection, the home network can act as a server, and the remote
device can access the server through the router which acts as an OpenVPN Server
gateway. To use the VPN feature, you should enable OpenVPN Server on your router,
and install and run VPN client software on the remote device. Please follow the steps
below to set up an OpenVPN connection.
13. 1. 1. Step1. Set up OpenVPN Server on Your Router
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
2. Go to Advanced > VPN Server > OpenVPN, and select Enable VPN Server.
Note:
• Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a
static IP address for router’s WAN port and synchronize your System Time with internet.
• The first time you configure the OpenVPN Server, you may need to Generate a certificate before you enable the VPN
Server.
3. Select the Servive Type (communication protocol) for OpenVPN Server: UDP, TCP.
4. Enter a VPN Service Port to which a VPN device connects, and the port number
should be between 1024 and 65535.
5. In the VPN Subnet/Netmask fields, enter the range of IP addresses that can be leased
to the device by the OpenVPN server.
66
Chapter 13
VPN Server
6. Select your Client Access type. Select Home Network Only if you only want the
remote device to access your home network; select Internet and Home Network if
you also want the remote device to access internet through the VPN Server.
7. Click Save.
8. Click Generate to get a new certificate.
Note:
If you have already generated one, please skip this step, or click Generate to update the certificate.
9. Click Export to save the OpenVPN configuration file which will be used by the remote
device to access your router.
13. 1. 2. Step 2. Configure OpenVPN Connection on Your Remote
Device
1. Visit http://openvpn.net/index.php/download/community-downloads.html to
download the OpenVPN software, and install it on your device where you want to run
the OpenVPN client utility.
Note:
You need to install the OpenVPN client utility on each device that you plan to apply the VPN funxtion to access your
router. Mobile devices should download a third-party app from Google Play or Apple App Store.
2. After the installation, copy the file exported from your router to the OpenVPN client
utility’s “config” folder (for example, C:\Program Files\OpenVPN\config on Windows).
The path depends on where the OpenVPN client utility is installed.
3. Run the OpenVPN client utility and connect it to OpenVPN Server.
13. 2. Use PPTP VPN to Access Your Home Network
PPTP VPN Server is used to create a VPN connection for remote device. To use the VPN
feature, you should enable PPTP VPN Server on your router, and configure the PPTP
connection on the remote device. Please follow the steps below to set up a PPTP VPN
connection.
67
Chapter 13
VPN Server
13. 2. 1. Step 1. Set up PPTP VPN Server on Your Router
1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for
the router.
2. Go to Advanced > VPN Server > PPTP VPN, and select Enable VPN Server.
Note:
Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static
IP address for router’s WAN port and synchronize your System Time with internet.
3. In the Client IP Address filed, enter the range of IP addresses (up to 10) that can be
leased to the devices by the PPTP VPN server.
4. Enter the Username and Password to authenticate clients to the PPTP VPN server.
5. Click Save.
13. 2. 2. Step 2. Configure PPTP VPN Connection on Your Remote
Device
The remote device can use the Windows built-in PPTP software or a third-party PPTP
software to connect to PPTP Server. Here we use the Windows built-in PPTP software
as an example.
1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center.
2. Select Set up a new connection or network.
68
Loading...
+ 49 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.