User’s Guide
GPT-2541GNAC
Indoor GPON HGU
Default Login Details
http://192.168.1.1
User Name: admin
Password: 1234
Firmware Version 1.00
Edition 1, 9/2015
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Graphics in this book may differ slightly from the product due to differences in operating systems,
operating system versions, or if you installed updated firmware/software for your device. Every
effort has been made to ensure that the information in this manual is accurate.
Contents
8 Chapter 1: Introduction
8Overview
9 Hardware Connection
11 LEDs (Lights)
12 Advanced Configuration
16 Chapter 2: Device Info
16 Device Info Summary
18 WAN Info
19 LAN Statistics
21 WAN Statistics
22 Route Info
23 ARP Info
24 DHCP Leases
25 Chapter 3: WAN
25 GPON Layer2 Interface
26 Layer-2 GPON Interface Configuration
26 Ethernet Layer2 Interface
27 Ethernet Layer-2 Interface Configuration
27 WAN Service
29 WAN Connection Configuration
46 Chapter 4: LAN
46 LAN Setup
49 Add DHCP Static IP Lease
50 LAN Additional Subnet
51 LAN VLAN
53 IPv6 LAN Auto Configuration
56 Chapter 5: VPN
56 L2TP VPN Client
56 L2TP VPN Client: Add
62 Chapter 6: Network Address Translation (NAT)
62 Virtual Servers
63 Virtual Servers Add
Contents 3
65 Port Triggering
68 Add Port Triggering Rule
70 DMZ Host
70 SIP ALG
72 Chapter 7: Firewall
72 Firewall General
73 Default Policy Configuration
74 Firewall Rules
76 Firewall Rules Configuration
77 MAC Filtering
78 MAC Filtering Add
80 Chapter 8: Parental Control
80 Time Restriction
81 Add a Time Restriction Rule
82 URL Filter
83 Add a URL Filter Rule
84 Chapter 9: Quality of Service (QoS)
84 QoS General
85 Queue Setup
86 Add a QoS Queue
87 Class Setup
89 Add QoS Class
92 Chapter 10: Routing
92 Default Gateway
93 Static Route
94 Add Static Route
94 Policy Routing
96 Add Policy Routing
97 RIP
98 Chapter 11: DNS
98 DNS Server
100 Dynamic DNS
102 Dynamic DNS Add
103 Chapter 12: UPnP
103 UPnP
104 Chapter 13: DNS Proxy
Contents 4
104 DNS Proxy
105 Chapter 14: Interface Grouping
105 Interface Grouping
106 Interface Group Configuration
109 Chapter 15: IP Tunnel
109 IPv6inIPv4 (6RD)
110 IPv6inIPv4 Configuration
111 IPv4inIPv6 (Dual Stack Lite)
113 IPv4inIPv6 Configuration
114 Chapter 16: IPSec VPN
114 IPSec VPN
116 IPSec VPN Add Screen
121 Technical Reference
121 IPSec Architecture
122 Encapsulation
123 IKE Phases
124 Negotiation Mode
124 IPSec and NAT
125 VPN, NAT, and NAT Traversal
126 ID Type and Content
127 Pre-Shared Key
128 Diffie-Hellman (DH) Key Groups
129 Chapter 17: Certificates
129 Local Certificates
130 Create Certificate Request
132 Load Signed Certificate
132 Trusted CA
134 View Trusted CA Certificate
135 Import Trusted CA Certificate
136 Chapter 18: Power Management
136 Power Management
138 Chapter 19: Multicast
138 Multicast
140 Chapter 20: Wireless
140 Wireless Basic
143 Wireless Security
Contents 5
147 Wireless MAC Filter
148 Wireless MAC Filter Add
149 Wireless Advanced
152 Wireless Station Info
153 Wireless 5GHz Basic
156 Wireless 5GHz Advanced Screen
157 Wireless 5GHz WPS
159 Push Button Configuration
160 Wireless 5GHz MAC Filter
161 Wireless MAC Filter Add
162 Wireless 5GHz Bridge
163 Wireless 5GHz Station Info
165 Chapter 21: Voice
165 SIP Account
170 SIP Server
176 Dial Plan Rules
177 Phone Region
178 Call Rule
179 Call History Summary
180 Outgoing Calls
181 Incoming Calls
181 Technical Reference
190 Quality of Service (QoS)
191 Phone Services Overview
197 Chapter 22: Diagnostics
197 Diagnostics
198 Ping/TraceRoute/Nslookup
199 Chapter 23: Settings
199 Backup Configuration Using the Web Configurator
200 Restore Configuration Using the Web Configurator
201 Restoring Factory Defaults
202 Chapter 24: Logs
202 Logs
202 What You Need To Know
203 System Log
204 System Log Configuration
205 Security Log
207 Chapter 25: SNMP
Contents 6
207 SNMP Agent
210 Chapter 26: TR-069 Client
210 TR-069 Client
212 Chapter 27: Internet Time
212 Internet Time
214 Chapter 28: User Passwords
214 User Passwords
215 Chapter 29: GPON Password
215 GPON Password
216 Chapter 30: Update Software
216 Update Software
218 Chapter 31: Reboot
218 Restart Using the Web Configurator
219 Chapter 32: Troubleshooting
219 Overview
219 Power, Hardware Connections, and LEDs
220 Router Access and Login
221 Internet Access
222 Wireless Internet Access
223 Phone Calls and VoIP
224 UPnP
225 Appendix A: Safety Warnings
Contents 7
CHAPTER 1
GPT-2541 GNAC
Set-Top Box
VoIP Phone
Chapter 1
Introduction
1.1 Overview
The GPT-2541GNAC GPON ONT combines high-speed Fiber Internet access with a built-in switch, a
firewall and high-speed wireless networking capability. It has a phone port for making calls over the
Internet (Voice over IP or VoIP). It also supports IPTV service when available from your service
provider.
The following figure shows an application example of the Router. The Router is connected to a
p
rovides IPTV, VoIP services as well as wired and wireless Internet access to home devices on the
LAN.
Figure 1 Application Example
1
Chapter
Chapter 1 Introduction 8
1.2 Hardware Connection
Make sure to use the proper cables and power adapter to connect the Router.
Figure 2
The following table explains the connect
Rear Panel
ors and buttons on the rear panel.
Table 1 Rear Panel
CONECTOR DESCRIPTION
12V-2A Connect the provided power adapter to the 12V-1A power connector. Attach the
po
wer adapter to a proper power source.
ON/OFF Use this button to turn the Router on or off.
Fibra Óptica Connect the service provider’s fiber optic cable to this port.
Tel f Use a telephone cable to connect the Router to a VoIP phone for VoIP service.
Eth 1-4 Use an Ethernet cable to connect a compu
configuration and/or Internet access.
Wifi/WPS Use this button to enable or disable the 2.4 GHz WiFi and WPS features on the Router.
By default, WiFi is enabled on the Router. Press this bu
To enable the WPS feature, press the button for more than 3 seconds The WPS LED on
e front panel will flash green while the Router sets up a WPS Connection with the
th
wireless device.
Note: To activate WPS, you must enable WPS in the Router and in another wireless
vice within two minutes of each other.
de
ter to one of these ports for initial
tton for 1 second to turn it off.
Chapter 1 Introduction 9
Table 1 Rear Panel (continued)
CONECTOR DESCRIPTION
Wifi5GHz/WPS Use this button to enable or disable the 5 GHz WiFi and WPS features on the Router.
By default, WiFi is enabled on the Router. Press this button for 1 second to turn it off.
To enable the WPS feature, press the button for more than 3 seconds The WPS LED on
the front panel will flash green while the Router sets up a WPS Connection with the
wireless device.
Note: To activate WPS, you must enable WPS in the Router and in another wireless
device within two minutes of each other.
Reset Use this button to restore the default settings of the Router. Press this button for 10
seconds to restore default values. Press 1 second or longer to restart it.
Note: If you reset the Router, you will lose all configurations that you had previously
and the password will be reset to the defaults.
Chapter 1 Introduction 10
1.3 LEDs (Lights)
The following graphic displays the labels of the LEDs.
Figure 3 Fr
ont Panel LEDs
Figure 4 Rear Panel
Table 2 LED Descriptions
LEDs
LED COLOR STATUS DESCRIPTION
Power Blue On The Router is receiving power and ready for use.
Red On The Router has hardware failure.
Blinking The Router detected an error while self-testing.
Off The Router is not receiving power.
Eth 1-4 Blue On The Router has a successful Ethernet connection with a device on
the LA
N.
Blinking The Router is sending or receiving data to/from the LAN.
Off The Router does not have an Ethernet connection with the LAN.
Chapter 1 Introduction 11
Table 2 LED Descriptions (continued)
LED COLOR STATUS DESCRIPTION
Tel f Blue On The SIP registration is successful.
Blinking The Router is negotiating the SIP registration.
Green On There is incoming or outgoing voice traffic.
Red Blinking The Router has failed to register the VoIP service.
Off There is no VoIP service.
Wifi/WPS
Wifi5GHz/
WPS
Internet
Blue On The 2.4 GHz wireless is on.
Blinking The 2.4 GHz WPS is activated. It also bli
setting up a WPS connection.
Off The 2.4 GHz wireless is not activated.
Blue On The 5 GHz wireless is on.
Blinking The 5 GHz WPS is activated. It also b
up a WPS connection.
Off The 5 GHz wireless is not activated.
Blue On The Router has a PPP connection but no traffic.
It has a WAN IP address (either static or assigned by a DHCP server),
PPP neg
Blinking Startup process. The Router is running an automatic startup
diagnostic pr
Fast Blinking The Router is sending or receiving IP traffic.
The Router is synchronizing with the PON. Activation phase. The
Rou
Red On The Router attempted to make an IP conn
causes are no response from a DHCP server, no PPPoE response,
PPPoE authentication failed.
The GPON port failed during the POST (Power On Self Test) or there
s an error due to hardware or firmware failure.
i
otiation was successfully completed (if used).
ocess on the GPON port.
ter is negotiating a PPP connection.
nks when the Router is
links when the Router is setting
ection but failed. Possible
Blinking The GPON port’s optical power level is below the threshold.
Off There is no Internet connection.
1.4 Advanced Configuration
Do the following to access the advanced configuration screens.
Chapter 1 Introduction 12
cess the Client Wizard screens. Enter the IP address: http://192.168.1.1.
1 Ac
2 The login screen appears. The default password is random. Please refer to the label sticker at the
bottom of the device. Enter the password. Click Entrar to enter the Client Wizard.
3 The main screen appears.
Chapter 1 Introduction 13
lick the Menu button and then Configuración avanzada.
4 C
5 Click Aceptar.
Chapter 1 Introduction 14
6 The
advanced configuration screens display. Use the menu on the left to navigate the screens. Refer
to the rest of this guide for details about the screens. Click Logout to exit the configuration screens.
Chapter 1 Introduction 15
CHAPTER 2
Chapter 2
Device Info
2.1 Device Info Summary
Click Device Info > Summary to open this screen with general device and WAN connection status
information.
Figure 5
Device Info Summary
2
Chapter
Table 3 Device Info Summary
LABEL DESCRIPTION
Board ID This field displays the ID number of the circuit board in the Router.
Symmetric
CPU Thr
Build
Timestamp
Software
Ve
Chapter 2 Device Info 16
eads
rsion
This field displays the number of threads in the Router’s CPU.
This field displays the date (YYMMDD) and time (
This field displays the current version of the firmware inside the Router.
HHMM) of the firmware in the Router.
Table 3 Device Info Summary (continued)
LABEL DESCRIPTION
Bootloader
(CFE) Version
Wireless
Driver Version
Voice Service
Version
Uptime This field displays how long the Router has been running since it last started up.
LAN IPv4
Address
Default
Gat ewa y
Primary DNS
Server
Secondary
DNS Server
LAN IPv6 ULA
Address
LAN IPv6
Address
(Global)
This field displays the version of bootloader the Router is using.
This field displays the version of the driver for the Router’s wireless chipset.
This field displays the version of the VoIP software the Router is using.
This field displays the current IP address of the Router in the LAN.
This field displays the IP address of the gateway through which the Router sends traffic
unless it matches a static route.
The Router tries this DNS server first when it needs to resolve a domain name into a
numeric IP address.
The Router uses this DNS server first when it needs to resolve a domain name into a
numeric IP address if the primary DNS server does not respond.
This field displays the current unique local address (ULA). This is a unique IPv6 address
for use in private networks but not routable in the global IPv6 Internet.
This field displays the current global IPv6 address of the Router.
LAN IPv6 Link
Local Address
Default IPv6
Gat ewa y
Date/Time This field displays the Router’s current day of the week, month, hour, minute, second,
This field displays the current IPv6 address of the Router in the LAN.
This field displays the IPv6 address of the gateway through which the Router sends IPv6
traffic unless it matches a static route.
and year.
Chapter 2 Device Info 17
2.2 WAN Info
Click Device Info > WAN to open this screen which lists the Router’s WAN connections and their
status.
Figure 6
WAN Info
Table 4 WAN Info
LABEL DESCRIPTION
Interface This shows the name of the WAN interface. veip0 s
is the foundation for veip0/* which are virtual WAN interfaces of the physical GPON line.
The ppp0.* indicates a PPP connection.
The number after the dot (.) r
through this connection. The number after the underscore (_) represents the index
number of connections through the same interface.
(null) means the entry is no
Description This is the service name of this connection.
Type This shows the method of encapsulation used b
over Ethernet, or bridging).
epresents the VLAN ID number assigned to traffic sent
t valid.
y this connection (IP over Ethernet, PPP
tands for a virtual Ethernet card and
VlanMuxID This indicates the VLAN ID number assigned to traffic sent through this connection. This
disp
lays N/A when there is no VLAN ID number assigned.
IPv6 This displays whether or not IPv6 is enabled on the interface.
Igmp Pxy This shows whether IGMP (Internet Group Multicast Protocol) proxy is activated or not
for this connection.
Igmp Src Enbl This shows whether IGMP source enable is activated or no
source enable has the Router add routing table entries based on the IGMP traffic.
MLD Pxy This shows whether Multicast Listener Discovery
connection. MLD is not available when the connection uses the bridging service.
MLD Src Enbl This shows whether MLD source enable is activated or not for this connection. MLD
sour
ce enable has the Router add routing table entries based on the MLD traffic.
NAT This shows whether NAT is activated or not for this interface. N
the connection uses the bridging service.
Status This displays the connection state or Uncon
configured.
IGMP is not available when the connection uses the bridging service.
t for this connection. IGMP
(MLD) proxy is activated or not for this
AT is not available when
figured if the interface has not yet been
Chapter 2 Device Info 18
Table 4 WAN Info (continued)
LABEL DESCRIPTION
IPv4 Address This displays the interface’s current IPv4 address if it has one.
IPv6 Address This displays the interface’s current IPv6 address if it has one.
2.3 LAN Statistics
Click Device Info > Statistics > LAN to open this screen of traffic statistics counters for the Router’s
wired and wireless LAN interfaces. Use the button to clear the counters.
Figure 7
LAN Statistics
Table 5 LAN Statistics
LABEL DESCRIPTION
Interface These fields identify the LAN interfaces. eth
~ 4. wlo represents the wireless LAN interface.
Received /
Transmitted
These fields display the number of bytes, packets, error packets, and dropped packets
for each interface.
0 ~ eth3 represent the ethernet LAN ports 1
Received
Bytes This indicates the number of bytes received on this interface.
Pkts This indicates the number of packets received on this interface.
Errs This indicates the number of frames with
Drops This indicates the number of received packets dropped on this interface.
Transmitted
Bytes This indicates the number of bytes transmitted on this interface.
errors received on this interface.
Chapter 2 Device Info 19
Table 5 LAN Statistics (continued)
LABEL DESCRIPTION
Pkts This indicates the number of transmitted packets on this interface.
Errs This indicates the number of frames with errors transmitted on this interface.
Drops This indicates the number of outgoing packets dropped on this interface.
Reset
Statistics
Click this to clear the screen’s statistics counters.
Chapter 2 Device Info 20
2.4 WAN Statistics
Click Device Info > Statistics > WAN Service to display the total, multicast, unicast, and broadcast
traffic statistics counters for the Router’s WAN interfaces. Use the button to clear the counters.
Figure 8
WAN Statistics
Table 6 WAN Statistics
LABEL DESCRIPTION
Interface This shows the name of the WAN interface used by this connection.
veip0 stands for a virtual Ethernet card and is the foundation for veip0/* which are
virtual WAN interfaces of the physical GPON line. The ppp0.* indicates a PPP
connection.
eth0 ~ eth3 r
which are virtual WAN interfaces of the physical Gigabit Ethernet line.
The number after the dot (.) r
through this connection. The number after the underscore (_) represents the index
number of connections through the same interface.
(null) means the entry is no
epresent the Ethernet LAN ports 1 ~ 4 and are the foundation for eth0/*
epresents the VLAN ID number assigned to traffic sent
t valid.
Description This is the service name of this connection.
Received
Bytes This indicates the number of bytes received on this interface.
Pkts This indicates the number of packets received on this interface.
Errs This indicates the number of frames with
Drops This indicates the number of received packets dropped on this interface.
Transmitted
Bytes This indicates the number of bytes transmitted on this interface.
Pkts This indicates the number of transmitted packets on this interface.
Errs This indicates the number of frames with
errors received on this interface.
errors transmitted on this interface.
Chapter 2 Device Info 21
Table 6 WAN Statistics (continued)
LABEL DESCRIPTION
Drops This indicates the number of outgoing packets dropped on this interface.
Reset Click this to clear the screen’s statistics counters.
2.5 Route Info
Click Device Info > Route to display the Router’s IPv4 and IPv6 routing tables.
Figure 9
Route Info
Table 7 Route Info
LABEL DESCRIPTION
Destination This displays the IP address to which this entry applies.
Gat ewa y This displays the gateway the Router uses to send tr
address.
Subnet Mask This displays the subnet mask of the destination net.
Flag This displays whether the route is up (U), t
(!), the route uses a gateway (G), the target is in the neighbor cache (C), the target is a
host (H), reinstate route for dynamic routing (R), the route was dynamically installed by
redirect (D), or modified from redirect (M).
he Router drops packets for this destination
affic to the entry’s destination
Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses
hop count as the measurement of cost, with a minimum of 1 for directly-connected
networks.
Service The name of a specific service to which the route applies if one is specified.
Interface The interface through which this route sends traffic.
Chapter 2 Device Info 22
2.6 ARP Info
Click Device Info > ARP to display the Router’s IPv4 Address Resolution Protocol and IPv6 neighbor
tables.
This screen lists the IP addresses the Router has mapped to MAC addresses.
Figure 10
ARP Info
Table 8 ARP Info
LABEL DESCRIPTION
IPv4 / IPv6
ad
dress
Flags Static - static entry, Dynamic - dynamic entry that is not yet complete, Complete -
HW Address The MAC address of the device with the listed IP address.
Device The interface through which the Router sends traffic to the device listed in the entry.
The learned IP address of a device connected to one of the system’s ports.
dynamic entry that is complete.
Chapter 2 Device Info 23
2.7 DHCP Leases
Click Device Info > DHCP to display the Router’s list of IP address currently leased to DHCP clients.
Figure 11 DHCP Leases
Table 9 DHCP Le
LABEL DESCRIPTION
Hostname This field displays the name used to identify thi
MAC Address This field displays the MAC address to which the IP addr
IP Address This field displays the IP address currently assigned to a DHCP client or reserved for a
Expires In This field displays how much longer the IP address is leased to the DHCP client.
ases
s device on the network (the computer
name). The Router learns these from the DHCP client requests. “None” shows here for a
static DHCP entry.
ess is currently assigned or for
which the IP address is reserved. Click the column’s heading cell to sort the table entries
by MAC address. Click the heading cell again to reverse the sort order.
specific MAC address. Click the column’s heading cell to sort the table entries by IP
address. Click the heading cell again to reverse the sort order.
Chapter 2 Device Info 24
CHAPTER 3
Chapter 3
WAN
3.1 GPON Layer2 Interface
The Router must have a layer-2 interface to allow users to use the GPON port to access the Internet.
Log into the Router’s Web Configurator and click Advanced Setup > Layer2 Interface > GPON
Interface to manage the GPON layer-2 interface.
The GPON and ETH layer-2 interfaces cannot work at the same time.
Figure 12 GPON Interface
3
Chapter
The following table describes the fields in this screen.
Table 10 GPON In
LABEL DESCRIPTION
Interface/(Name) The name of a configured layer-2 interface. veip0 stands fo
Connection Mode This shows the connection mode of the layer-2 interface.
Remove Select an interface and click the Remo
Add Click this button to create a new layer-2 interface. Y
terface
and is the foundation for veip0/* which are virtual WAN interfaces of the physical
GPON line.
The number after the dot (.) r
through this connection. The number after the underscore (_) represents the index
number of connections through the same interface.
layer-2 interface when a WAN service is associated with it.
2 interface at a time.
epresents the VLAN ID number assigned to traffic sent
ve button to delete it. You cannot remove a
ou can only have one GPON layer
r a virtual Ethernet card
Chapter 3 WAN 25
3.1.1 Layer-2 GPON Interface Configuration
Click the Add button in the Layer2 Interface: GPON Interface screen to open the following screen.
Use this screen to create a new layer-2 interface.
Figure 13 GPON In
Select the GPON port and click Apply/Save.
The following table describes the fields in this screen.
Table 11 GPON In
LABEL DESCRIPTION
Select a GPON
port
Back Click this button to return to the previous scr
Apply/Save Click this button to save your changes and go back
terface Configuration
terface Configuration
Select a GPON port. veip0 stand
for veip0/* which are virtual WAN interfaces of the physical GPON line.
s for a virtual Ethernet card and is the foundation
een without saving any changes.
to the previous screen.
3.2 Ethernet Layer2 Interface
The Router must have a layer-2 interface to allow users to use the Gigabit Ethernet port to access
the Internet. Log into the Router’s Web Configurator and click Advanced Setup > Layer2 Interface
> ETH Interface to manage the Ethernet layer-2 interface.
The GPON and ETH layer-2 interfaces cannot work at the same time.
Figure 14 ETH Interface
Chapter 3 WAN 26
The following table describes the fields in this screen.
Table 12 ETH
LABEL DESCRIPTION
Interface/(Name) The name of a configured layer-2 interface. eth
Connection Mode This shows the connection mode of the layer-2 interface.
Remove Select an interface and click the Remo
Add Click this button to create a new layer-2 interface. Y
Interface
ports 1 ~ 4.
layer-2 interface when a WAN service is associated with it.
interface at a time.
3.2.1 Ethernet Layer-2 Interface Configuration
Click the Add button in the Layer2 Interface: ETH Interface screen to open the following screen.
Use this screen to create a new layer-2 interface.
Figure 15 ETH Interfa
ce Configuration
0 ~ eth3 represent the ethernet LAN
ve button to delete it. You cannot remove a
ou can only have one ETH layer 2
The following table describes the fields in this screen.
Table 13 ETH Interface
LABEL DESCRIPTION
Select a ETH port Select an Ethernet port. eth
Back Click this button to return to the previous scr
Apply/Save Click this button to save your changes and go back
3.3 WAN Service
Use this screen to change your Router’s WAN settings. Click Advanced Setup > WAN Service. The
summary table shows you the configured WAN services (connections) on the Router.
Chapter 3 WAN 27
Configuration
0 ~ eth3 represent the ethernet LAN ports 1 ~ 4.
een without saving any changes.
to the previous screen.
To use NAT, firewall or IGMP proxy in the Router, you need to configure a WAN connection with
PPoE or IPoE.
P
When a layer-2 interface is in VLAN MUX Mode, you can configure up to five WAN services
on the Router.
Figure 16 WAN Service
Table 14 WAN Service
LABEL DESCRIPTION
Interface This shows the name of the interface used by this connection.
veip0 stands for a virtual Ethernet card and is the foundation for veip0/* which are virtual
WAN interfaces of the physical GPON line. The ppp0.* indicates a PPP connection.
The number after the dot (.) r
through this connection. The number after the underscore (_) represents the index number
of connections through the same interface.
means the entry is not valid.
(null)
epresents the VLAN ID number assigned to traffic sent
Description This is the service name of this connection.
Type This shows the method of encapsulation used by this connection (IP over Ethernet, PPP
o
ver Ethernet, or bridging).
IP This displays the IP address the
does not have an IP address.
Release Use the buttons in this column to renew, r
displays N/A for a connection with a static IP address.
Vlan8021p This indicates the 802.1P priority level assigned to tr
displays N/A when there is no priority level assigned.
VlanMuxId This indicates the VLAN ID number assigned to tr
displays N/A when there is no VLAN ID number assigned.
VlanTpid This field displays the VLAN Tag Protocol Identi
from 0000 to FFFF that the OLT adds to the matched packets.
Igmp Proxy This shows whether IGMP (Internet Group Multicast Protocol) proxy is activated or not for
this connection. IGMP is no
connection uses. This displays N/A when the connection
elease, or connect a WAN connection. This
affic sent through this connection. This
affic sent through this connection. This
fier (TPID), a four-digit hexadecimal number
t available when the connection uses the bridging service.
Chapter 3 WAN 28
Table 14 WAN Service (continued)
LABEL DESCRIPTION
NAT This shows whether NAT is activated or not for this interface. NAT is not available when the
connection uses the bridging service.
IPv6 This shows whether IPv6 is activated or not for this connection.
the connection uses the bridging service.
Mld Proxy This shows whether Multicast Listener Discovery (MLD) proxy is activated or not for this
connection. MLD is not available when the connection uses the bridging service.
MLD Source This shows whether MLD source is activated or not for this connection.
Remove Select an interface and click the Remo
interface when a WAN service is associated with it.
Edit Click the Edi
Click the Remo
Add Click Add to cr
t button to configure the WAN connection.
ve icon to delete the WAN connection.
eate a new connection.
3.3.1 WAN Connection Configuration
Click the Edit or Add button in the WAN Service screen to configure a WAN connection.
3.3.1.1 WAN Interface
This screen displays when you add a new WAN connection.
IPv6 is not available when
ve button to delete it. You cannot remove a layer-2
Figure 17 W
AN Configuration: WAN Interface
Table 15 WAN Configuration: WAN Interface
LABEL DESCRIPTION
Select a layer 2
interfac
service
e for this
Select the port this WAN service uses for data transmission.
veip0/veip0 is the GPON p
eth0 ~ eth
3 represent the ethernet LAN ports 1 ~ 4.
ort.
Chapter 3 WAN 29
Table 15 WAN Configuration: WAN Interface (continued)
LABEL DESCRIPTION
Back Click this button to return to the previous screen.
Next Click this button to continue.
3.3.1.2 WAN Service Configuration
This screen displays after you select the WAN interface for a new WAN connection.
Figure 18 W
AN Configuration: WAN Service Configuration
Table 16 WAN Configuration: WAN Service Configuration
LABEL DESCRIPTION
Select WAN
servic
e type
Allow as IGMP
Multicast Sour
Select the method of encapsulation used by your ISP.
Choices are PPP
This displays when you select the Bridging service type. Select this to have
ce
the Router add routing table entries based on the IGMP traffic.
over Ethernet (PPPoE), IP over Ethernet and Bridging.
Chapter 3 WAN 30
Table 16 WAN Configuration: WAN Service Configuration
LABEL DESCRIPTION
Allow as MLD
Multicast Source
Enter Service
Description
Enter 802.1P
Priority [0-7]
Enter 802.1Q
VLAN ID [0-4094]
Select VLAN TPID Select a Tag Protocol Identifier (TPID) the Router to add it to the service’s
Network Protocol
Selection
This displays when you select the Bridging service type. Select this to have
the Router add routing table entries based on the MLD traffic.
Specify a name to identify the service.
veip0 stands for a virtual Ethernet card and is the foundation for veip0/*
which are virtual WAN interfaces of the physical GPON line.
eth0 ~ eth3 represent the ethernet LAN ports 1 ~ 4.
IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a
MAC-layer frame that contains bits to define class of service.
Type the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this
connection. The greater the number, the higher the priority level.
Type the VLAN ID number (from 1 to 4094) for traffic through this
connection.
packets.
Select IPv4 Only to have the Router use only IPv4.
Select IPv4&IPv6(Dual Stack) to let the Router connect to IPv4 and IPv6
networks an choose the protocol for applications according to the address
type. This lets the Router use an IPv6 address when sending traffic through
this connection. You can only select this for a WAN service that uses the
PPPoE or IPoE encapsulation method over the layer 2 interface.
Select IPv6 Only to have the Router use only IPv6.
Back Click this button to return to the previous screen.
Next Click this button to continue.
3.3.1.3 WAN IP Address and DNS Server
The screen differs by the encapsulation you selected in the previous screen.
Chapter 3 WAN 31
PPPoE
This screen displays when you select PP
Configuration screen.
Figure 19 W
AN Configuration: PPPoE
P over Ethernet (PPPoE) in the WAN Service
Chapter 3 WAN 32
Table 17 WAN Configuration: PPPoE
LABEL DESCRIPTION
PPP Username Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain where domain identifies a service name, then enter both
components exactly as given.
PPP Password Enter the password associated with the user name above.
PPPoE Service
Name
Authentication
Method
Type the name of your PPPoE service here.
This field is not available for a PPPoA connection.
The Router supports PAP (Password Authentication Protocol) and CHAP (Challenge
Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP
is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing calls.
Options are:
AUTO - Your Router accepts either CHAP or PAP when requested by this remote
node.
PAP - Your Router accepts PAP only.
CHAP - Your Router accepts CHAP only.
MSCHAP - Your Router accepts MSCHAP only. MS-CHAP is the Microsoft version of
the CHAP.
Enable NAT Select this check box to activate NAT on this connection.
Enable Fullcone
NAT
This field is available only when you select Enable NAT. Select this check box to
activate full cone NAT on this connection.
PPP IP extension Select this only if your service provider requires it. PPP IP extension extends the
service provider’s IP subnet to a single LAN computer.
• It lets only one computer on the LAN connect to the WAN.
• The public IP address from the ISP is forwarded through DHCP to the LAN
computer instead of being used on the WAN PPP interface.
• It disables NAT and the firewall.
• DHCP tells the LAN computer to use the gateway as the default gateway and
DNS server.
• The Router bridges IP packets between the WAN and LAN ports except packets
destined for the Router’s LAN IP address.
Use Static IPv4
Select this option if you have a fixed IPv4 address assigned by your ISP.
Address
IPv4 Address Enter the IPv4 address assigned by your ISP.
WAN Interface
Identifier Type
Select Random to have the Device randomly configure a WAN Identifier, which is
shown in the WAN Interface Identifier field.
Select EUI-64 to use the EUI-64 format to generate an interface ID from the MAC
address of the WAN interface.
Select Manual to manually enter a WAN Identifier as the interface ID to identify the
WAN interface. The WAN Identifier is appended to the IPv6 address prefix to create
the routable global IPv6 address.
Chapter 3 WAN 33
Table 17 WAN Configuration: PPPoE (continued)
LABEL DESCRIPTION
WAN Interface
Identifier
Use Static IPv6
Address
IPv6 Address Enter the IPv6 address assigned by your ISP.
Enable IPv6
Unnumbered
Model
Launch Dhcp6c
for Address
Assignment
(IANA)
Launch Dhcp6c
for Prefix
Delegation (IAPD)
Enable PPP Debug
Mode
If you selected Random, this field is automatically configured.
If you selected Manual, enter the WAN Identifier in this field. The WAN identifier
should be unique and 64 bits in hexadecimal form. Every 16 bit block should be
separated by a colon as in XXXX:XXXX:XXXX:XXXX where X is a hexadecimal
character. Blocks of zeros can be represented with double colons as in
XXXX:XXXX::XXXX.
Select this option if you have a fixed IPv6 address assigned by your ISP.
Select this to enable IPv6 processing on the interface without assigning an explicit
IPv6 address to the interface.
Select this check box to obtain an IPv6 address from a DHCPv6 server.
The IP address assigned by a DHCPv6 server has priority over the IP address
automatically generated by the Router using the IPv6 prefix from an RA.
Select this to use DHCP PD (Prefix Delegation) that enables the Device to
pass the IPv6 prefix information to its LAN hosts. The hosts can then use
the prefix to generate their IPv6 addresses.
Select this option to display PPP debugging messages on the console.
Bridge PPPoE
Frames Between
WAN and Local
Ports
Enable IGMP
Multicast Proxy
Enable IGMP
Multicast Source
No Multicast VLAN
Filter
Enable MLD
Multicast Proxy
Select this option to forward PPPoE packets from the WAN port to the LAN ports and
from the LAN ports to the WAN port.
In addition to the Router's built-in PPPoE client, you can select this to allow up to ten
hosts on the LAN to use PPPoE client software on their computers to connect to the
ISP via the Router. Each host can have a separate account and a public WAN IP
address.
This is an alternative to NAT for application where NAT is not appropriate.
Clear this if you do not need to allow hosts on the LAN to use PPPoE client software
on their computers to connect to the ISP.
Select this check box to have the Router act as an IGMP proxy on this connection.
This allows the Router to get subscribing information and maintain a joined
member list for each multicast group. It can reduce multicast traffic significantly.
Select this check box to have the Router add routing table entries based on the
IGMP traffic.
Select this check box to have the Router not filter multicast traffic based on its
VLAN.
Select this check box to have the Router act as an MLD proxy on this connection.
This allows the Router to get subscription information and maintain a joined
member list for each multicast group. It can reduce multicast traffic significantly.
Chapter 3 WAN 34
Table 17 WAN Configuration: PPPoE (continued)
LABEL DESCRIPTION
Enable MLD
Multicast Source
Back Click this button to return to the previous screen.
Next Click this button to continue.
Select this check box to have the Router add routing table entries based on the MLD
traffic.
Chapter 3 WAN 35
IPoE
This screen displays when you select I
Figure 20 W
AN Configuration: IPoE
P over Ethernet in the WAN Service Configuration screen.
Chapter 3 WAN 36
Table 18 WAN Configuration: IPoE
LABEL DESCRIPTION
Obtain an IP
address
automatically
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet.
Select this if you have a dynamic IP address.
Option 60 Vendor IDDHCP Option 60 identifies the vendor and functionality of the Router in DHCP
requests that the Router sends to a DHCP server when getting a WAN IP address.
Enter the Vendor Class Identifier (Option 60), such as the type of the hardware or
firmware.
Option 61 IAID DHCP Option 61 identifies the Router in DHCP requests the Router sends to a DHCP
server when getting a WAN IP address. Enter the Identity Association Identifier (IAID)
of the Router. For example, the WAN connection index number.
Option 61 DUID Enter the DHCP Unique Identifier (DUID) of the Router.
Option 125 Enable this to add vendor specific information to DHCP requests that the Router
sends to a DHCP server when getting a WAN IP address.
Use the following
Select this if you have a static IP address.
Static IP address
WAN IP
Enter the static IP address provided by your ISP.
Address
WAN Subnet
Enter the subnet mask provided by your ISP.
Mask
WAN gateway
Enter the gateway IP address provided by your ISP.
IP Address
Obtain an IPv6
address
automatically
Dhcpv6
Address
Assignment
Dhcp6c Prefix
Delegation
(IAPD)
Use the following
Static IPv6
address
WAN IPv6
Address/Prefix
Length
WAN Next-Hop
IPv6 Address
Select this option to have the Router use the IPv6 prefix from the connected router’s
Router Advertisement (RA) to generate an IPv6 address.
Select this check box to obtain an IPv6 address from a DHCPv6 server.
The IP address assigned by a DHCPv6 server has priority over the IP address
automatically generated by the Router using the IPv6 prefix from an RA.
Select this to use DHCP PD (Prefix Delegation) that enables the Device to
pass the IPv6 prefix information to its LAN hosts. The hosts can then use
the prefix to generate their IPv6 addresses.
Select this option if you have a fixed IPv6 address assigned by your ISP.
Enter the static IPv6 address and bit number of the IPv6 subnet mask provided by
your ISP.
Enter the gateway IPv6 address provided by your ISP.
Chapter 3 WAN 37
Table 18 WAN Configuration: IPoE (continued)
LABEL DESCRIPTION
WAN Interface
Identifier Type
WAN Interface
Identifier
Back Click this button to return to the previous screen.
Next Click this button to continue.
Select Random to have the Device randomly configure a WAN Identifier, which is
shown in the WAN Interface Identifier field.
Select EUI-64 to use the EUI-64 format to generate an interface ID from the MAC
address of the WAN interface.
Select Manual to manually enter a WAN Identifier as the interface ID to identify the
WAN interface. The WAN Identifier is appended to the IPv6 address prefix to create
the routable global IPv6 address.
If you selected Random, this field is automatically configured.
If you selected Manual, enter the WAN Identifier in this field. The WAN identifier
should be unique and 64 bits in hexadecimal form. Every 16 bit block should be
separated by a colon as in XXXX:XXXX:XXXX:XXXX where X is a hexadecimal
character. Blocks of zeros can be represented with double colons as in
XXXX:XXXX::XXXX.
Chapter 3 WAN 38
3.3.1.4 NAT and IGMP Multicast
This screen is available only when you select IP over Ethernet in the WAN Service Configuration
screen.
Figure 21 W
AN Configuration: NAT and IGMP Multicast: IPoE
Table 19 WAN Configuration: NAT and IGMP Multicast: IPoE
LABEL DESCRIPTION
Enable NAT Select this check box to activate NAT on this connection.
Enable Fullcone
NA
T
Enable IGMP
Multicast Pr
Enable IGMP
Multicast Sour
oxy
Select this check box to activate full cone NAT on this connection.
This field is available only when you select Enable NA
Select this check box to have the Router act as an IGMP proxy on this connection.
This allows the Router to get subscribing information and maintain a joined
member list for each multicast group. It can reduce multicast traffic significantly.
Select this check box to have the Router add routing table entries based on the
ce
IGMP traffic.
T.
Chapter 3 WAN 39
Table 19 WAN Configuration: NAT and IGMP Multicast: IPoE (continued)
LABEL DESCRIPTION
No Multicast VLAN
Filter
Enable MLD
Multicast Proxy
Enable MLD
Multicast Source
Back Click this button to return to the previous screen.
Next Click this button to continue.
Select this check box to have the Router not filter multicast traffic based on its
VLAN.
Select this check box to have the Router act as an MLD proxy on this connection.
This allows the Router to get subscription information and maintain a joined
member list for each multicast group. It can reduce multicast traffic significantly.
Select this check box to have the Router add routing table entries based on the MLD
traffic.
Chapter 3 WAN 40
3.3.1.5 Default Gateway (PPPoE or IPoE)
The screen is not available when you select Bridging in the WAN Service Configuration screen.
Figure 22 W
AN Configuration: Default Gateway
Table 20 WAN Configuration: Default Gateway
LABEL DESCRIPTION
Selected Default
Ga
teway
Interfaces
Available Routed
WAN Interfaces
Select a WAN interface through which to forward the service’s traffic.
You can select multiple WAN interfaces for the device to try. The Router tries the
W
AN interfaces in the order listed and uses only the default gateway of the first
WAN interface that connects; there is no backup WAN function. To change the
priority order remove them all and add them back in again.
Select from these WAN interfaces.
Chapter 3 WAN 41
Table 20 WAN Configuration: Default Gateway (continued)
LABEL DESCRIPTION
Selected WAN
Interface
Selected Default
IPv6 Gateway
Interfaces
Available IPv6
WAN Interfaces
Back Click this button to return to the previous screen.
Next Click this button to continue.
3.3.1.6 DNS Server
The screen is not available when you select Bridging in the WAN Service Configuration screen.
Select a WAN interface through which to forward IPv6 traffic.
Select an IPv6 WAN interface through which to forward the service’s IPv6 traffic.
You can select multiple WAN interfaces for the device to try. The Router tries the
WAN interfaces in the order listed and uses only the default gateway of the first
WAN interface that connects; there is no backup WAN function. To change the
priority order remove them all and add them back in again.
Select from these IPv6 WAN interfaces.
Chapter 3 WAN 42
If you configure only one IPoE connection, you must enter the static DNS server address.
Figure 23 WAN Configuration: DNS Server: PPPoE or IPoE
Chapter 3 WAN 43
Table 21 WAN Configuration: DNS Server: PPPoE or IPoE
LABEL DESCRIPTION
Select DNS Server
Interface fr
om
available WAN
interfaces
Selected DNS
Server
Interfaces
Available WAN
Interfaces
Use the following
Sta
tic DNS IP
address
Primary DNS
server
Secondary
DNS
server
Obtain IPv6 DNS
info
from a WAN
interface
Select this to have the Router get the DNS server addresses from one of the
Router’s WAN interfaces.
Select a WAN interface through which to get DNS server addresses.
You can select multiple WAN interfaces for the device to try. The Router tries the
AN interfaces in the order listed and uses only the DNS server information of the
W
first WAN interface that connects; there is no backup WAN function. To change the
priority order remove them all and add them back in again.
These are the WAN interfaces you can select from.
Select this to have the Router use the DNS server addresses you configure
manually.
Enter the first DNS server address assigned by the ISP.
Enter the second DNS server address assigned by the ISP.
Select this to have the Router get the IPv6 DNS server addresses from the ISP
automatically.
WAN Interface
selected
Use the following
Sta
tic IPv6 DNS
Select a WAN interface through which you want to obtain the IPv6 DNS related
information.
Select this to have the Router use the IPv6 DNS server addresses you configure
manually.
address
Primary IPv6
Enter the first IPv6 DNS server address assigned by the ISP.
DNS server
Secondary
Enter the second IPv6 DNS server address assigned by the ISP.
IPv6 DNS
server
Back Click this button to r
eturn to the previous screen.
Next Click this button to continue.
Chapter 3 WAN 44
3.3.1.7 Configuration Summary
This read-only screen shows the current WAN connection settings.
Figure 24 W
AN Configuration: Configuration Summary
Table 22 WAN Configuration: Configuration Summary
LABEL DESCRIPTION
Connection Type This is the encapsulation method used by this connection.
NAT This shows whether NAT is active or not for this connection.
Full Cone NAT This shows whether full cone NAT is active or no
IGMP Multicast
Pr
oxy
IGMP Multicast
Sour
ce Enabled
MLD Multicast
oxy
Pr
MLD Multicast
Sour
ce Enabled
Quality Of Service This shows whether QoS is active or not for this connection.
Back Click this button to r
Apply/Save Click this button to save your changes.
This shows whether IGMP proxy is activated or not for this connection.
IGMP is not available when the connection uses the bridging service.
This shows whether IGMP source enable is activated or not for this
connection. IGMP source enable has the Router add routing table entries
based on the IGMP traffic.
This shows whether MLD proxy is activated or not for this connection. MLD
is not available when the connection uses the bridging service.
This shows whether MLD source enable is activated or not for this
connection. MLD source enable has the Router add routing table entries
based on the MLD traffic.
eturn to the previous screen.
t for this connection.
Chapter 3 WAN 45
Chapter 4 LAN
CHAPTER 4
4.1 LAN Setup
Click Advanced Setup > LAN to open the LAN Setup screen. Use this screen to set the Local Area
Network IP address and subnet mask of your Router and configure the DNS server information that
the Router sends to the DHCP client devices on the LAN.
4
Chapter
Chapter 4 LAN 46
Figure 25 LA
N Setup
Chapter 4 LAN 47
Table 23 LAN Setup
LABEL DESCRIPTION
Group Name Select the LAN interface for which to configure the IP address and subnet mask.
IP Address Enter the LAN IP address you want to assign to your Router. The factory default is
192.168.1.1.
Subnet Mask Type the subnet mask of your network. The factory default is 255.255.255.0. Your
Router automatically computes the subnet mask based on the IP address you enter,
so do not change this field unless you are instructed to do so.
Enable IGMP
Snooping
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
establish membership in a multicast group.
Select this to activate IGMP Snooping. This allows the Router to passively learn
memberships in multicast groups. Otherwise, clear the option to deactivate it.
Select Standard Mode to have the Router forward multicast packets to a port that
joins the multicast group and broadcast unknown multicast packets from the WAN
to all LAN ports.
Select Blocking Mode to have the Router block all unknown multicast packets from
the WAN.
Enable IGMP LAN to
Select this to allow IGMP multicast traffic to travel between the LAN ports.
LAN Multicast
Disable DHCP
Server
Select this to have the Router not provide DHCP services. Users must configure LAN
devices with manual network settings if you do not have another DHCP server on
the network.
Enable DHCP Server Select this to have the Router serve as the DHCP server for the network to assign IP
addresses and provide subnet mask, gateway, and DNS server information to LAN
devices.
Start IP Address This field specifies the first of the contiguous addresses in the IP address pool.
End IP Address This field specifies the last of the contiguous addresses in the IP address pool.
Leased Time
(hour)
Specify for how many hours to assign an IP address to a LAN device before making it
available for reassignment to other systems.
Static IP Lease
List
Use this table to assign IP addresses on the LAN to specific computers based on
their MAC Addresses.
MAC Address The MAC (Media Access Control) of a LAN device to which the entry’s IP address is
assigned.
IP Address This field displays the IP address reserved for the LAN device with the entry’s MAC.
Remove Select entries and click the Remove Entries button to delete them.
Add Entries Click this button to create a new static IP lease entry.
Enable DHCP
Conditional Serving
Pool
Select this to enable the DHCP conditional serving pool for IPTV set-top boxes. DHCP
server will offer IP address from the conditional pool if the DHCP request sent from a
set-top box contains the specific Vendor ID.
Chapter 4 LAN 48
Table 23 LAN Setup (continued)
LABEL DESCRIPTION
Gat ewa y Enter the IPTV server’s IP address.
Subnet Mask Enter the IPTV server’s subnet mask.
Pool Start/End Specify the first and last of the contiguous addr
pool.
DNS Server 1/2 Enter the IPTV server’s first/second DNS server IP address.
VendorID Specify the IPTV’s vendor ID.
VendorID Mode Specify the IPTV’s vendor
VendorID Exclude Specify if you want to enab
Option240 State Select Enabled
Option240 Value Enter the option 240 value.
Configure the
second IP Addr
and Subnet Mask
for LAN interface
IP Address Enter the second LAN IP address of your Router in dotted decimal notation.
Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example
ess
Select the check box to use IP alias to configure another LAN network for the Router.
IP alias partitions a physical network into differ
Ethernet interface. The Router supports multiple logical LAN interfaces via its
physical Ethernet interface with the Router itself as the gateway for the LAN
network. You can also configure firewall rules to control access to the LAN's logical
network (subnet).
255
.255.255.0 (factory default).
to have the Router assign DHCP option 240 to the LAN set top box.
ID mode type.
le vendor ID exclude.
esses in the IPTV server’s IP address
ent logical networks over the same
4.1.1 Add DHCP Static IP Lease
Click Add Entries in the LAN Setup screen to display the following screen.
Figure 26
Chapter 4 LAN 49
Add DHCP Static IP Lease
Table 24 Add DHCP Static IP Lease
LABEL DESCRIPTION
MAC Address Enter the MAC address of a computer on your LAN.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC
addr
ess is assigned at the factory and consists of six pairs of hexadecimal characters,
for example, 00:A0:C5:00:00:02.
IP Address Enter the IP address that you want to assign to the computer on your LAN with the
MAC address that you will also specify.
Apply/Save Click this button to save your changes and go b
4.2 LAN Additional Subnet
Click Advanced Setup > LAN > Additional Subnet to open the Additional Subnet screen. Use this
screen to configure IP alias and public static IP.
IP alias allows you to partition a physical network
Ethernet interface. The Router supports multiple logical LAN interfaces via its physical Ethernet
interface with the Router itself as the gateway for the LAN network. When you use IP alias, you can
also configure firewall rules to control access to the LAN's logical network (subnet).
If your ISP provides the Public LAN service, the Router may use an LAN IP address that can be
access
Figure 27 LAN Additional
ed from the WAN.
Subnet
ack to the previous screen.
into different logical networks over the same
Chapter 4 LAN 50
Table 25 LAN Additional
LABEL DESCRIPTION
Active Select the check box to configure a LAN network for the Router.
IP Address Enter the IP address of your Router in dotted decimal notation.
IP Subnet Mask Your Router will automatically calculate the subnet mask based on t
Offer Public IP by
DHCP
Enable ARP Proxy Select the check box to enable the ARP (Address Resolution Protocol) proxy.
Apply/Save Click this button to save your changes and
4.3 LAN VLAN
Click Advanced Setup > LAN > LAN VLAN to open this screen. Use this screen to control the VLAN
ID and IEEE 802.1p priority tags of traffic sent out through individual LAN ports.
Subnet
he IP address
that you assign. Unless you are implementing subnetting, use the subnet mask
computed by the Router.
Select the check box to enable the Router to pr
server.
ovide public IP addresses by DHCP
go back to the previous screen.
Figure 28 LA
N VLAN
Table 26 LAN VLAN
LABEL DESCRIPTION
Select a LAN
port
Enable VLAN
de
Mo
VLAN ID Specify the VLAN ID (from 0 to 4094) to use fo
eth0 ~ eth
Select this to use VLAN on the LAN port you selected.
3 represent the Ethernet LAN ports 1 ~ 4. Select a port.
r this LAN port’s downstream traffic.
Chapter 4 LAN 51
Table 26 LAN VLAN (continued)
LABEL DESCRIPTION
Pbits Set the IEEE 802.1p priority tag value (o to 7) to use for the LAN port’s downstream
traffic. The larger the number, the higher the priority.
Remove Select an entry and click the Remove button to delete it.
Add Click this button to create a new LAN VLAN setting entry.
Apply/Save Click this button to save your changes and go back to the previous screen.
Chapter 4 LAN 52
4.4 IPv6 LAN Auto Configuration
Click Advanced Setup > LAN > IPv6 Autoconfig to open the IPv6 LAN Auto Configuration screen.
Use this screen to set the Local Area Network interface IPv6 settings.
Figure 29 IPv
6 LAN Auto Configuration
Chapter 4 LAN 53
The following table describes the fields in this screen.
Table 27 IPv6 LAN Auto Configuration
LABEL DESCRIPTION
Interface Address To use a static IPv6 address, enter the IPv6 address prefix and prefix length that
the Router uses for the LAN IPv6 address.
The IPv6 prefix length specifies how many most significant bits (starting from
the left) in the address compose the network address. This field displays the bit
number of the IPv6 subnet mask.
Enable DHCPv6
Server
Stateless Select this to have the Router use IPv6 stateless autoconfiguration.
Stateful Select this to have the Router use IPv6 stateful autoconfiguration.
Obtain IPv6 DNS info
from a WAN interface
Use the following
Static IPv6 DNS
address
Primary IPv6 DNS
server
Secondary IPv6
DNS server
Select this to have the Router act as a DHCPv6 server and pass IPv6 addresses,
DNS server and domain name information to DHCPv6 clients.
Start interface ID: specify the first IPv6 address in the pool of addresses that
can be assigned to DHCPv6 clients.
End interface ID: specify the last IPv6 address in the pool of addresses that can
be assigned to DHCPv6 clients.
Leased Time (hour): Specify for how many hours to assign an IPv6 address to a
DHCPv6 client before making it available for reassignment to other systems.
Select this to have the Router get the IPv6 DNS server addresses from the ISP
automatically.
Select this to have the Router use the IPv6 DNS server addresses you configure
manually.
Enter the first IPv6 DNS server address assigned by the ISP.
Enter the second IPv6 DNS server address assigned by the ISP.
Enable RADVD Select this to have the Router send router advertisement messages to the LAN
hosts.
Router advertisement is a response to a router solicitation or a periodical
multicast advertisement from a router to advertise its presence and other
parameters, such as IPv6 prefix and DNS information. Router solicitation is a
request from a host to locate a router that can act as the default router and
forward packets.
Note: The LAN hosts neither generate global IPv6 addresses nor communicate
with other networks if you disable this feature.
Enable ULA Prefix
Advertisement
Randomly
Generate
Select this to send Unique Local IPv6 Unicast Addresses (ULA) advertisement
messages to the LAN hosts.
Select this to automatically create a LAN IPv6 address prefix.
Chapter 4 LAN 54
Table 27 IPv6 LAN Auto Configuration (continued)
LABEL DESCRIPTION
Statically
Configure
Select this to send a fixed LAN IPv6 address prefix.
Prefix: enter the IPv6 prefix and length the Router uses to generate the LAN
IPv6 address. The prefix length specifies how many most significant bits (starting
from the left) in the address compose the network address. This field displays
the bit number of the IPv6 subnet mask.
Preferred Life Time (hour): enter the preferred lifetime for the prefix. -1 means
no time limit.
Valid Life Time (hour): enter the valid lifetime for the prefix. Set this greater
than or equal to the preferred life time. -1 means no time limit.
Enable MLD Snooping Select this to have the Router check Multicast Listener Discovery (MLD) packets
to learn the multicast group membership. This helps reduce multicast traffic.
Standard Mode Select this to have the Router forward multicast packets to a port that joins the
multicast group and broadcast unknown multicast packets from the WAN to all
LAN ports.
Blocking Mode Select this to have the Router block all unknown multicast packets from the
WAN.
Enable MLD LAN to
Select this to allow MLD multicast traffic to travel between the LAN ports.
LAN Multicast
Save/Apply Click this button to save your changes.
Network Connections: My Network Places: Properties: Example
Chapter 4 LAN 55
CHAPTER 5
Chapter 5
VPN
5.1 L2TP VPN Client
Use this screen to manage WAN service Layer 2 Tunneling Protocol (L2TP) client settings for
connecting to L2TP servers.
Click Advanced Setup
Figure 30 L2TP Clie
nt
> VPN > L2TP Client to open this screen as shown next.
5
Chapter
This screen contains the following fields:
Table 28 L2TP Client
LABEL DESCRIPTION
Tunnel Name This is the name of this client connection.
LNS Ip Address This is the IP address of the L2TP VPN server.
Remove Select entries and click the Remo
Status This is the connection status.
Add Click this to add a VPN client profile.
5.1.1 L2TP VPN Client: Add
Click Advanced Setup > VPN > L2TP Client > Add to configure L2TP WAN service settings for
connecting to L2TP servers.
ve button to delete them.
Chapter 5 VPN 56
5.1.1.1 Name and Server IP Address
This screen displays when you add a new L2TP client WAN service.
Figure 31 L2TP Clie
nt: Add
This screen contains the following fields:
Table 29 L2T
LABEL DESCRIPTION
Tunnel Name Enter the name for this client connection.
L2TP Server Ip
Addr
ess
L2TP Protocol
Ve
rsion
P Client: Add
Enter the IP address of the L2TP server.
Select the L2TP Protocol Version 2 or 3. L2TPv2 is a standard method for
tunneling Point-to-Point Protocol (PPP) while L2TPv3 provides improved
support for other types of networks including frame relay and ATM.
NAT Mode? Select Yes if the client will be located behind a NAT enabled router. This will
allow multiple clients using NAT to connect with L2TP at the same time.
Auth Protocol Select the Authentication Protocol allowed for the connection. Options are:
PAP - Password Authentication Protocol (PAP) authentication occurs in clear
text and does not use encryption. It’s probably not a good idea to rely on this
for security.
lenge Handshake Authentication Protocol (CHAP) provides
osoft CHAP v1 (MSCHAPv1) provides authentication
osoft CHAP v2 (MSCHAPv2) provides encryption through a
0 bit session key length
h 128 bit session key length
tomatically select either MPPE 40 or MPPE 128
MPPE
Encryption
CHAP - Chal
authentication through a shared secret key and uses a three way handshake.
MSCHAPv1 - Micr
through a shared secret key and uses a three way handshake. It provides
improved usability with Microsoft products.
MSCHAPv2 - Micr
shared secret key and uses a three way handshake. It provides additional
security over MSCHAPv1, including two-way authentication.
If MSCHAPv1 or MSCHAPv2 is selected as an Auth Protocol, use the dropdown list box to select the type of Microsoft Point-to-Point Encryption
(MPPE). Options are:
MPPE 40 - MPPE with 4
MPPE 128 - MPPE wit
Auto - Au
Chapter 5 VPN 57
Table 29 L2TP Client: Add (continued)
LABEL DESCRIPTION
MPPE Stateful? Select Yes to enable stateful MPPE encryption. This can increase
performance over stateless MPPE, but should not be used in lossy network
environments like layer two tunnels over the Internet.
User Name Enter the user name for connecting to the L2TP server.
Password Enter the password for connecting to the L2TP server.
Retype Retype the password for connecting to the L2TP server.
Get IP
automatically
Assign IP
Address
Idle Timeout Enter the time in minutes to timeout L2TP connections.
Select Yes to have the L2TP server assign a local IP address to the client.
Enter the IP address for the client. Ensure that the IP address is configured to
be allowed on the L2TP server.
Chapter 5 VPN 58
5.1.1.2 PPP
This screen displays second when you add a new L2TP client WAN service.
Figure 32 L2TP
Client Add: PPP
Chapter 5 VPN 59
This screen contains the following fields:
Table 30 L2T
LABEL DESCRIPTION
PPP Username Enter the user name exactly as your ISP assigned. If assigned a name in the
PPP Password Enter the password associated with the user name above.
PPPoE Service
Name
Authentication
Me
thod
P Client Add: PPP
form user@d
components exactly as given.
Type the name of your PPPoE service here.
This field is not available for a PPPoA connection.
The Router supports PAP (Password Authentication Protocol) and CHAP
(Challenge Handshake Authentication Protocol ). CHAP is more secure than
PAP; however, PAP is readily available on more platforms.
Use the drop-down list box to select an authentication protocol for outgoing
ca
lls. Options are:
AUTO - Y
remote node.
PAP - Y
CHAP - Y
MSCHAP
version of the CHAP.
omain where domain identifies a service name, then enter both
our Router accepts either CHAP or PAP when requested by this
our Router accepts PAP only.
our Router accepts CHAP only.
- Your Router accepts MSCHAP only. MS-CHAP is the Microsoft
Enable NAT Select this check box to activate NAT on this connection.
Enable Fullcone
NA
T
Tunnel Name Enter the name for this client connection.
Use Static IPv4
Addr
ess
IPv4 Address Enter the IPv4 address assigned by your ISP.
Enable PPP
Debug Mode
Enable IGMP
Multicast Pr
Enable IGMP
Multicast Source
No Multicast
VLAN Filter
Back Click this button to r
oxy
This field is available only when you select Enable NAT. Select this check box
to activate full cone NAT on this connection.
Select this option if you have a fixed IPv4 address assigned by your ISP.
Select this option to display PPP d
Select this check box to have the Router act as an IGMP proxy on this
connection. This allows the Router to get subscribing information and
maintain a joined member list for each multicast group. It can reduce
multicast traffic significantly.
Select this check box to have the Router add routing table entries based on
the IGMP traffic.
Select this check box to have the Router not filter multicast traffic based on
AN.
its VL
eturn to the previous screen.
ebugging messages on the console.
Next Click this button to continue.
Chapter 5 VPN 60
5.1.1.3 L2TP Client Add: Configuration Summary
This read-only screen shows the current L2TP WAN connection settings.
Figure 33 L2TP
Client Add: Configuration Summary
Table 31 L2TP Client Add: Configuration Summary
LABEL DESCRIPTION
Connection Type This is the encapsulation method used by this connection.
NAT This shows whether NAT is active or not for this connection.
Full Cone NAT This shows whether full cone NAT is active or no
IGMP Multicast
Pr
oxy
IGMP Multicast
Sour
ce Enabled
MLD Multicast
oxy
Pr
MLD Multicast
Sour
ce Enabled
Quality Of Service This shows whether QoS is active or not for this connection.
Back Click this button to r
Apply/Save Click this button to save your changes.
This shows whether IGMP proxy is activated or not for this connection.
IGMP is not available when the connection uses the bridging service.
This shows whether IGMP source enable is activated or not for this
connection. IGMP source enable has the Router add routing table entries
based on the IGMP traffic.
This shows whether MLD proxy is activated or not for this connection.
This shows whether MLD source enable is activated or not for this
connection. MLD source enable has the Router add routing table entries
based on the MLD traffic.
eturn to the previous screen.
t for this connection.
Chapter 5 VPN 61
CHAPTER 6
Chapter 6
Network Address Translation
6
(NAT)
6.1 Virtual Servers
Click Advanced Setup > NAT > Virtual Servers to open the screen where you manage the list of
virtual server rules.
A virtual server set is a list of inside (behind NAT on the LA
you can make visible to the outside world even though NAT makes your whole inside network
appear as a single computer to the outside world.
Many residential broadband ISP accounts do not allow you to run any server processes
(such as a Web or FTP server) from your location. Your ISP may periodically check for
servers and may suspend your account if it discovers any active services at your location. If
you are unsure, refer to your ISP.
N) servers, for example, web or FTP, that
Chapter
Figure 34 Virtual Servers
Table 32 Virtual Servers
LABEL DESCRIPTION
Add Click this button to create a new entry.
Remove Select entries and click the Remo
ve button to delete them.
Chapter 6 Network Address Translation (NAT) 62
Table 32 Virtual Servers (continued)
LABEL DESCRIPTION
Server Name This field displays the name of the service used by the packets for this virtual server.
External Port
Start
External Port
End
Protocol This show whether the virtual server applies to TCP traffic, UDP traffic, or both.
Internal Port
Start
Internal Port
End
Server IP
Address
WAN Interface This field displays the WAN interface through which the service is forwarded.
Current UPNP
Rule Listing
External Port This is the external port number that identifies a service.
This is the first external port number that identifies a service.
This is the last external port number that identifies a service.
This is the first internal port number that identifies a service.
This is the last internal port number that identifies a service.
This field displays the inside IP address of the server.
Universal Plug and Play (UPnP) is a distributed, open networking standard that uses
TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device
can dynamically join a network, obtain an IP address, convey its capabilities and learn
about other devices on the network. In turn, a device can leave a network smoothly
and automatically when it is no longer in use.
These are the rules the Router has created using UPnP.
Internal This is the internal port number that identifies a service.
Client IP This is the IP address of the device for which the Router created the UPnP rule.
Protocol This is the protocol of the traffic for which the Router created the UPnP rule.
6.1.1 Virtual Servers Add
This screen lets you create or edit a virtual server rule. Click Add in the Virtual Servers screen to
open the following screen.
Chapter 6 Network Address Translation (NAT) 63
You may enter a single port number or a range of port numbers to
address of the desired server. The port number identifies a service; for example, web service is on
port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can
support more than one service (for example both FTP and web service), it might be better to specify
a range of port numbers. You can allocate a server IP address that corresponds to a port or a range
of ports.
be forwarded, and the local IP
Figure 35 Vir
tual Servers Add
Chapter 6 Network Address Translation (NAT) 64
Table 33 Virtual Servers Add
LABEL DESCRIPTION
Use Interface Select a WAN interface for which you want to configure a virtual server rules.
Service Name Select a Service: use the d
Custom Service: type a name to speci
Server IP
Addr
ess
Apply/Save Click this button to save your changes.
External Port
Sta
rt
External Port
En
d
Protocol Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP.
Internal Port
Sta
rt
Enter the inside IP address of the LAN device to which the virtual server forwards
traffic.
Enter the original destination port for the packets.
To forward only one port, enter the port number again in the External End
To forward a series of ports, enter the start port number here and the end port
er in the External End Port field.
numb
Enter the last port of the original destination port range.
To forward only one port, enter the port number in the External Start Port field abo
and then enter it again in this field.
To forward a series of ports, enter the last port number in a series that begins with the
port nu
Enter the port number here to which you want the Router to translate the incoming
port. For a range of ports, enter the first number of the range to which you want the
incoming ports translated.
mber in the External Start Port field above.
rop-down list to select a service.
fy a different service.
Port field.
ve
Internal Port
En
d
Apply/Save Click this button to save your changes.
Enter the last port of the translated port range.
6.2 Port Triggering
Some services use a dedicated range of ports on the client side and a dedicated range of ports on
the server side. With regular port forwarding you set a forwarding port in NAT to forward a service
(coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The
problem is that port forwarding only forwards a service to a single LAN IP address. In order to use
the same service on a different LAN computer, you have to manually replace the LAN computer's IP
address in the forwarding port with another LAN computer's IP address.
Chapter 6 Network Address Translation (NAT) 65
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take
using the service. The Router records the IP address of a LAN computer that sends traffic to
turns
the WAN to request a service with a specific port number and protocol (a "trigger" port). When the
Router's WAN port receives a response with a specific port number and protocol ("open" port), the
Router forwards the traffic to the LAN IP address of the computer that sent the request. After that
computer’s connection for that service closes, another computer on the LAN can use the service in
the same manner. This way you do not need to configure a new IP address each time you want a
different LAN computer to use the application.
For example:
Figure 36 T
1 Jane requests a file from the Real Audio server (port 7070).
ort 7070 is a “trigger” port and causes the Router to record Jane’s computer IP address. The Router
2 P
associates Jane's computer IP address with the "open" port range of 6970-7170.
he Real Audio server responds using a port number ranging between 6970-7170.
3 T
4 The
5 On
Router forwards the traffic to Jane’s computer IP address.
ly Jane can connect to the Real Audio server until the connection is closed or times out. The
Router times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP
(Transfer Control Protocol/Internet Protocol).
rigger Port Forwarding Process: Example
Click Advanced Setup
Figure 37 Port Triggering
Chapter 6 Network Address Translation (NAT) 66
> NAT > Port Triggering to manage your Router’s trigger port settings.
Table 34 Port Triggering
LABEL DESCRIPTION
Add Click this to create a new rule.
Remove Select entries and click the Remo
# This is the index number of the entry.
Status This field displays whether the port triggering rule is active or
signifies that this rule is active. A gray bulb signifies that this rule is not active.
Application
Name
Trigger
Pr
otocol
Trigger Port
Range Start
Trigger Port
Range End
Open
Protocol
Open Port
Range Start
This field displays the name of the service used by this rule.
This is the trigger transport layer protocol.
The trigger port is a port (or a range of ports) that causes (or triggers) the Router to
record the IP address of the LAN computer that sent the traffic to a server on the WAN.
This is the first port number that identifies a service.
This is the last port number that identifies a service.
This is the open transport layer protocol.
The open port is a port (or a range of ports) that a
out a particular service. The Router forwards the traffic with this port (or range of ports)
to the client computer on the LAN that requested the service.
This is the first port number that identifies a service.
ve button to delete them.
server on the WAN uses when it sends
not. A yellow bulb
Open Port
Range End
WAN Interface This field shows the WAN interface thr
This is the last port number that identifies a service.
ough which the service is forwarded.
Chapter 6 Network Address Translation (NAT) 67
6.2.1 Add Port Triggering Rule
This screen lets you create new port triggering rules. Click Add in the Port Triggering screen to
open the following screen.
Figure 38 Po
rt Triggering: Add
Table 35 Port T
LABEL DESCRIPTION
User Interface Select a WAN interface for which you want to config
Application
Name
Save/Apply Click this button to save your changes.
Trigger Port
Sta
rt
riggering: Add
ure port triggering rules.
Choose an application from the drop-down list or select Custom appli
a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
The trigger port is a port (or a range of ports) that causes (or triggers) the Router to
record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Type a port number or the starting port number in a range of port numbers.
cation and enter
Chapter 6 Network Address Translation (NAT) 68
Table 35 Port Triggering: Add (continued)
LABEL DESCRIPTION
Trigger Port
End
Trigger
Protocol
Open Port
Start
Open Port
End
Open
Protocol
Save/Apply Click this button to save your changes.
Type a port number or the ending port number in a range of port numbers.
Select the transport layer protocol from TCP, UDP, or TCP/UDP.
The open port is a port (or a range of ports) that a server on the WAN uses when it sends
out a particular service. The Router forwards the traffic with this port (or range of ports)
to the client computer on the LAN that requested the service.
Type a port number or the starting port number in a range of port numbers.
Type a port number or the ending port number in a range of port numbers.
Select the transport layer protocol from TCP, UDP, or TCP/UDP.
Chapter 6 Network Address Translation (NAT) 69
6.3 DMZ Host
Click Advanced Setup > NAT > DMZ Host to specify the IP address of a default server to receive
packets from ports not specified in the Port Forwarding screen.
Figure 39 DM
Z Host
Table 36 DMZ Host
LABEL DESCRIPTION
DMZ Host IP
Addr
ess
Save/Apply Click this button to save your changes.
Enter the IP address which receives packets from ports that are not specified in the Port
Forwarding screen.
Note: If you do not assign a default server, the Rou
ports not specified in the virtual server configuration.
ter discards all packets received for
6.4 SIP ALG
Click Advanced Setup > NAT > SIP ALG to enable and disable the NAT Application Layer Gateway (ALG)
in the Router.
Chapter 6 Network Address Translation (NAT) 70
The SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses
dded in the data stream. When the Router registers with the SIP register server, the SIP ALG
embe
translates the Router’s private IP address inside the SIP data stream to a public IP address. You do
not need to use STUN or an outbound proxy if you enable the SIP ALG.
Figure 40 SI
P ALG
Table 37 SIP ALG
LABEL DESCRIPTION
Enable SIP ALG Enable this to make sure SIP (VoIP) works c
Apply/Save Click this button to save your changes.
orrectly with port-forwarding.
Chapter 6 Network Address Translation (NAT) 71
CHAPTER 7
Chapter 7
Firewall
7.1 Firewall General
Use this screen to enable or disable the firewall and manage the default policies (filters). Click
Advanced Setup > Firewall to open the General screen.
Figure 41 Fir
ewall General
7
Chapter
Table 38 Firewall General
LABEL DESCRIPTION
Active
Fi
rewall
No. This displays the index number of the default firewall policy.
Active This field displays whether a policy is turned on or not. Select the check box to enable the
Name This displays the name of the policy.
Interface This displays the LAN or WAN interface(s)
Direction This displays the direction of travel of packets (In and
Select this check box to activate the firewall. The Router performs access control and
protects against Denial of Service (DoS) attacks when the firewall is activated. By default the
firewall allows traffic from all interfaces to go to all interfaces. Configure firewall interface
default policies to block specific traffic directions or firewall rules to block specific traffic.
p
olicy. Clear the check box to disable the policy.
to which this policy is applied.
Out).
Firewall rules are grouped based on the direction o
f travel of packets to which they apply.
Chapter 7 Firewall 72
Table 38 Firewall General (continued)
LABEL DESCRIPTION
Default
Action
Remove Select entries and click the Remo
Edit Click the Ed
Add Click Add to cr
Apply Click Apply to save your changes back to the Rou
This displays the default action that the firewall is to take on packets that are traveling in the
selected direction and do not match any of the firewall rules.
Drop: the
destination-unreachable message to the sender.
Permit: the Rou
Router silently discards the packets without sending a TCP reset packet or an ICMP
ter allows the passage of the packets.
it button to go to the screen where you can edit the rule.
eate a new policy.
7.1.1 Default Policy Configuration
In the Firewall General screen, click Add or click an entry’s Edit icon to configure a firewall policy.
Figure 42 D
efault Policy
ve button to delete them.
ter.
Table 39 Default Policy
LABEL DESCRIPTION
Active Select this check box to enable the rule.
Name Enter a descriptive name using printable English keyboard characters.
Interface Select Al
interface to which this policy applies.
Direction Specify the direction of travel of packets (in
l to apply the policy to all interfaces on the Router or select the specific LAN or WAN
coming or outgoing) in this policy.
Chapter 7 Firewall 73
Table 39 Default Policy (continued)
LABEL DESCRIPTION
Default
Action
Back Click Back
Apply Click App
Specify whether the firewall silently discards packets (Drop) or allows the passage of packets
(Permit).
to return to the previous screen.
ly to save your customized settings and exit this screen.
7.2 Firewall Rules
The ordering of your rules is very important as rules are applied in turn.
Click Advanced Setup > Firewall > Rules to display the following screen. This screen lists the
configured incoming or outgoing firewall rules. Note the order in which the rules are listed.
The firewall rules that you configure here take priority over the general firewall action
settings in the General screen.
Figure 43 Firewall Rules
Chapter 7 Firewall 74
Table 40 Fir
LABEL DESCRIPTION
Incoming/
Ou
tgoing
Rules
No. This is your firewall rule number. The ordering of your rules is important as rules are
Active This field displays whether a firewall rule is turned on or not. Select the check box to
Name This displays the name of the rule.
Interface This displays the LAN or WAN interface(s) to which t
Filter Criteria This displays the filtering criteria, such as the so
Action This displays whether the firewall silently discards packets (Dr
Remove Select entries and click the Remove button to delete them.
Edit Click the Edi
ewall Rules
The following fields summarize the rules you have created that apply to traffic traveling
in the selected packet direction.
applied in turn.
enable the rule. Clear the check box to disable the rule.
his rule is applied.
urce or destination IP addresses and
subnet mask to which this rule applies.
op), discards packets and
sends an ICMP message to the sender (Reject) or allows the passage of packets
(Permit).
t button to go to the screen where you can edit the rule.
Add Click Add to cr
Apply Click Apply to save your chan
eate a new rule.
ges back to the Router.
Chapter 7 Firewall 75
7.2.1 Firewall Rules Configuration
In the Firewall Rules screen, click Add or click a rule’s Edit button to display this screen and refer to
the following table for information on the labels.
Figure 44 Fir
ewall Rules: Add
Table 41 Firewall Rules: Add
LABEL DESCRIPTION
Active Select this check box to enable the rule.
Rule Name Enter a descriptive name of up to 16 printable English k
including spaces.
To add a firewall rule, you need to configure at least one of the following fields
(e
xcept the Interface field).
Interface Select an interface on the Router to which this rule applies
eyboard characters,
.
Chapter 7 Firewall 76
Table 41 Firewall Rules: Add (continued)
LABEL DESCRIPTION
Direction Select a direction of travel of packets for which you want to configure the firewall
rule.
Protocol Select the IP protocol (TCP, UDP or ICMP) and enter the protocol (service type)
number in the port field.
Source IP Address Enter the source IP address in dotted decimal notation.
Source Subnet
Mask
Source IPv6
Address
Source IPv6 Prefix
Length
Source Port Enter the single port number or the range of port numbers of the source.
Destination IP
Address
Destination
Subnet Mask
Destination IPv6
Address
Destination IPv6
Prefix Length
Enter the source subnet mask.
Enter the source IPv6 address in dotted decimal notation.
Enter the IPv6 prefix length for the source IPv6 address.
The IPv6 prefix length specifies how many most significant bits (starting from the
left) in the address compose the network address. This field displays the bit number
of the IPv6 subnet mask.
Enter the destination IP address in dotted decimal notation.
Enter the destination subnet mask.
Enter the destination IPv6 address in dotted decimal notation.
Enter the IPv6 prefix length for the destination IPv6 address.
The IPv6 prefix length specifies how many most significant bits (starting from the
left) in the address compose the network address. This field displays the bit number
of the IPv6 subnet mask.
Destination Port Enter the single port number or the range of port numbers of the destination.
Action Use the drop-down list box to select whether to discard (Drop), deny and send an
ICMP message to the sender of (Reject) or allow the passage of (Permit) packets
that match this rule.
Reject Type If you select Reject, specify the type of ICMP message to send to the sender.
Back Click Back to return to the previous screen.
Apply Click Apply to save your customized settings and exit this screen.
7.3 MAC Filtering
Click Advanced Setup > Firewall > MAC Filtering to allow or block wireless and LAN clients access
to the Router.
Chapter 7 Firewall 77
Every Ethernet device has a unique MAC (Media Access
Control) address. The MAC address is
assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.
Figure 45 M
AC Filtering
The following table describes the labels in this menu.
Table 42 MA
LABEL DESCRIPTION
MAC Restrict
Mo
de
MAC Address These are the MAC addresses of LAN devices. Enter the MAC addresses in a valid MAC
C Filtering
Select Disabled to turn off MAC address filtering.
Select Al
MAC addresses and block access from MAC addresses not in the list.
Select Deny to have the Rou
addresses and allow access from MAC addresses not in the list.
addr
low to have the Router permit access from the listed wireless and LAN client
ter block access from the listed wireless and LAN client MAC
ess format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Apply Click Apply to save your changes.
Cancel Click Ca
ncel to restore your previously saved settings.
7.3.1 MAC Filtering Add
Click Advanced Setup > Firewall > MAC Filtering > Add to add a MAC address to the MAC
Filtering screen’s list of wireless and LAN clients access to the Router.
Figure 46 M
AC Filtering Add
Chapter 7 Firewall 78
The following table describes the labels in this menu.
Table 43 MA
LABEL DESCRIPTION
MAC Address Enter the MAC address in a valid MAC address format, that is, six hexadecimal character
Apply/Save Click this button to save your changes.
C Filtering Add
p
airs, for example, 12:34:56:78:9a:bc.
Chapter 7 Firewall 79
CHAPTER 8
Chapter 8
Parental Control
8.1 Time Restriction
Click Advanced Setup > Parental Control > Time Restriction to configure access time schedules
for specific users.
Figure 47 Ti
me Restriction
8
Chapter
Table 44 Time Restriction
LABEL DESCRIPTION
Username This is the name of the user whose access the rule controls.
MAC This is the MAC address of the LAN or wireless d
Mon ~ Sun This shows an “x” for every day of the week the schedule applies to.
Start This shows the beginning of the access blocking time.
Stop This shows the end of the access blocking time.
Remove Select entries and click the Re
Add Click this to add a new entry.
move button to delete them.
evice whose access the rule controls.
Chapter 8 Parental Control 80
8.1.1 Add a Time Restriction Rule
Click Add in the Time Restriction screen to add a new rule. Use this screen to configure a restricted
access schedule.
Figure 48 Time Restriction:
Add
Table 45 Time Restriction: Add
LABEL DESCRIPTION
Username Specify the name of the user whose access the rule controls.
Browser's MAC
Addr
ess
Other MAC Address Select this and enter the MAC address of another LAN device. To find out the MAC
Days of the week Select check boxes for the days that you want the Router to perform parental
Start Blocking Time Enter the time in 24-hour format to begin blocking access.
End Blocking Time Enter the time in 24-hour format to stop blocking access.
Apply/Save Click this button to save your changes.
Select this to create the rule for the MAC address of the device with the browser you
are using to configure the Router.
'Browser's MAC Address' automatically displays the MAC address of the LAN device
wher
e the browser is running.
This is the MAC address of the LAN or wireless de
ad
dress of a Windows based PC, go to the command window and type "ipconfig /
all".
co
ntrol.
vice whose access the rule controls.
Chapter 8 Parental Control 81
8.2 URL Filter
Click Advanced Setup > Parental Control > Url Filter to use the Url Filter screen to block or allow
access to specific web sites.
Figure 49 U
RL Filter
Table 46 URL Filter
LABEL DESCRIPTION
URL List Type Select Ex
Select In
Address This shows the website address (URL) to which the entry applies
Port This shows the port number for the URL list entry.
Remove Select entries and click the Re
clude to block access to the URLs in the list and allow access to other URLs.
clude to allow access to the URLs in the list and block access to other URLs.
move button to delete them.
.
Add Click this to add a new entry.
Chapter 8 Parental Control 82
8.2.1 Add a URL Filter Rule
Click Add in the URL Filter screen to add a new entry. Use this screen to configure a URL filtering
setting to control access to certain web sites.
Figure 50 U
RL Filter: Add
Table 47 URL Filter: Add
LABEL DESCRIPTION
URL Address Specify a web site or URL to which to filter access.
Port Number Specify the port number if you need to control access to one other than 80.
Apply/Save Click this button to save your changes.
Chapter 8 Parental Control 83
CHAPTER 9
Chapter 9
Quality of Service (QoS)
9.1 QoS General
Click Advanced Setup > Quality of Service to enable or disable QoS, set the bandwidth, and select
to have the Router automatically assign priority to upstream traffic according to the IP precedence
or packet length.
Figure 51 QoS G
eneral
9
Chapter
Table 48 QoS General
LABEL DESCRIPTION
Enable QoS Select the check box to turn on QoS to impr
You can give priority to traffic that the Router forwards out through the WAN interface.
Give high prior
low priority to many large file downloads so that they do not reduce the quality of other
applications.
Select Default
DSCP Mark
Apply/Save Click this button to save your changes.
Chapter 9 Quality of Service (QoS) 84
Set the default DSCP (DiffServ Code Point) value for outgoing packets that do not match
any classification rules.
ity to voice and video to make them run more smoothly. Similarly, give
ove your network performance.
9.2 Queue Setup
Click Advanced Setup > Quality of Service > Queue Setup to use the Queue Setup screen to
configure QoS queue assignment.
Figure 52 Queue
Setup
Table 49 Queue Setup
LABEL DESCRIPTION
Name This shows the descriptive name of this queue.
Key This is the queue’s index number.
Interface This shows the name of the Router’s interface through which traffic in this queue passes.
Qid This shows the priority of this queue for the interface.
Prec/Alg/Wght This displays the queue’s default precedence, queue
weighted round robin weight. SP is strict priority.
Min Bit Rate
(b
ps)
Enable This shows whether the queue is active or not. For
Remove Select entries and click the Remo
This shows the minimum transmission rate for traffic in this queue.
click the Enable button to turn them on. Clear the check box to turn a queue off.
ve button to delete them.
management algorithm, and
queues with a check box, select it and
Chapter 9 Quality of Service (QoS) 85
Table 49 Queue Setup (continued)
LABEL DESCRIPTION
Add Click Add to create a new queue.
Enable
Select disabled entries and click the Enable button to activate them.
9.2.1 Add a QoS Queue
Click the Add button in the QoS Queue screen to configure a new queue.
Figure 53 Queue Setup: Add
Table 50 Queue Setup: Add
LABEL DESCRIPTION
Name Enter the descriptive name of this queue.
Enable Select to enable or disable this queue.
Interface Select the interface of this queue.
Chapter 9 Quality of Service (QoS) 86
Table 50 Queue Setup: Add (continued)
LABEL DESCRIPTION
Queue
Precedence
Minimum Rate This displays for GPON interface queues.
9.3 Class Setup
Click Advanced Setup > Quality of Service > Class Setup to configure QoS classifiers. A classifier
groups traffic into data flows according to specific criteria such as the source address, destination
address, source port number, destination port number or incoming interface.
You can give different priorities to traffic that the Rou
Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to
many large file downloads so that they do not reduce the quality of other applications.
Figure 54 QoS C
Select a queue precedence level (from 1 to 8) to configure for the selected interface. The
smaller the number, the higher the priority level. Traffic assigned to higher priority
queues gets through faster while traffic in lower priority queues is dropped if the
network is congested. If the queue precedence level already has a queue scheduler
configured, it displays after the precedence level.
The Router uses strict priority to service queues with different precedences.
Specify the minimum transmission rate (in Kbps) allowed for traffic on this queue.
ter forwards out through the WAN interface.
lassification Setup
Table 51 QoS Classification Setup
LABEL DESCRIPTION
Class Name This displays the name of the classifier rule.
Order This displays the rule’s place in the list of classifi
against classifiers in order until it matches one.
er rules. The Router checks traffic
Chapter 9 Quality of Service (QoS) 87
Table 51 QoS Classification Setup (continued)
LABEL DESCRIPTION
CLASSIFICATION
CRITERIA
Class Intf This displays the ingress interface to which the classifier applies.
Ether Type This displays the type of Ethernet frames to which the classifier applies.
SrcMAC/ Mask This displays the source MAC and network mask of traffic to which the classifier
DstMAC/ Mask This displays the destination MAC and network mask of traffic to which the classifier
SrcIP/
PrefixLength
DstIP/
PrefixLength
Proto This displays the protocol of traffic to which the classifier applies.
SrcPort This displays the source port of traffic to which the classifier applies.
DstPort This displays the destination port of traffic to which the classifier applies.
DSCP Check This displays the DSCP mark of traffic to which the classifier applies.
These fields show the criteria specified in the classifier rule. For example the
interface from which traffic of this class comes and the source MAC address of
traffic that matches this classifier.
applies.
applies.
This displays the source IP address and prefix length of traffic to which the classifier
applies.
This displays the destination IP address and prefix length of traffic to which the
classifier applies.
802.1P Check This displays the IEEE 802.1p priority level of traffic to which the classifier applies.
CLASSIFICATION
RESULTS
Queue Key This displays the number of the queue to which the Router adds traffic that matches
DSCP Mark This displays the DSCP mark the Router adds to traffic that matches this classifier.
802.1P Mark This displays the IEEE 802.1p priority level the Router assigns to traffic that matches
Enable Select an entry’s Enable option and click the Enable button to turn it on.
Remove Select an entry’s Remove option and click the Remove button to delete it.
Add Click this button to create a new classifier rule.
These fields show the changes the classifier rule applies to matching traffic.
this classifier.
this classifier.
Chapter 9 Quality of Service (QoS) 88
9.3.1 Add QoS Class
Click Add in the Class Setup screen to configure a new classifier.
Figure 55 Add QoS Class
Table 52 Add QoS Class
LABEL DESCRIPTION
Traffic Class Name Enter a descriptive name of up to 15 printable English k
eyboard characters, not
including spaces.
Rule Order Select this classifier’s place in the list of classifiers.
Select La
st to put this rule in the back of the classifier list.
Rule Status Turn this classifier on or off.
Chapter 9 Quality of Service (QoS) 89
Table 52 Add QoS Class (continued)
LABEL DESCRIPTION
Specify Classification
Criteria
Class Interface Select the ingress interface to which the classifier applies.
Ether Type Select the predefined application (IP, ARP, IPv6, PPPoE discovery, PPPoE session,
Source MAC Address Enter a MAC address to apply the classifier to packets from that MAC address.
Source MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s
Destination MAC
Address
Destination MAC
Mask
Configure these fields to identify the traffic to which the class applies. The fields
available vary depending on the selected interface and Ether type. Leave a field
blank to not apply that criterion.
8865, 8866, or IEEE 802.1q) to which the classifier applies. The list of types available
to choose from varies depending on the selected interface.
MAC address should match.
Enter “f” for each bit of the specified source MAC address that the traffic’s MAC
address should match. Enter “0” for the bit(s) of the matched traffic’s MAC address,
which can be of any hexadecimal character(s). For example, if you set the MAC
address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC
address of 00:13:49:12:34:56 matches this criteria.
Enter a MAC address to apply the classifier to packets destined for that MAC
address.
Type the mask for the specified MAC address to determine which bits a packet’s
MAC address should match.
Enter “f” for each bit of the specified source MAC address that the traffic’s MAC
address should match. Enter “0” for the bit(s) of the matched traffic’s MAC address,
which can be of any hexadecimal character(s). For example, if you set the MAC
address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC
address of 00:13:49:12:34:56 matches this criteria.
Source IP Address[/
Mask]
Vendor Class ID
(DHCP Option 60)
User Class ID DHCP
option 77
Destination IP
Address[/Mask]
Differentiated
Service Code Point
(DSCP) Check
802.1p Priority
Check
Select this and enter an IP address to apply the classifier to packets from that IP
address. You can also include a source subnet mask.
Select this and enter the Vendor Class Identifier (Option 60) of the matched traffic,
such as the type of the hardware or firmware.
Select this and enter a string that identifies the user’s category or application type in
the matched DHCP packets.
Enter an IP address to apply the classifier to packets destined for that IP address.
You can also include a destination subnet mask.
Select a DSCP mark of traffic to which to apply the classifier.
This field displays when you set the Ether Type field to 8021Q.
Select the IEEE 802.1p priority level (between 0 and 7) of traffic to which to apply the
classifier. "0" is the lowest priority level and "7" is the highest.
Chapter 9 Quality of Service (QoS) 90
Table 52 Add QoS Class (continued)
LABEL DESCRIPTION
Specify Classification
Results
Specify Class Queue Select the queue to which to add traffic that matches this classifier.
Mark Differentiated
Service Code Point
(DSCP):
Mark 802.1p priority Select the IEEE 802.1p priority level to assign to traffic that matches this classifier.
Set Rate Limit Set the rate limit to apply to traffic that matches this classifier.
Apply/Save Click this button to save your changes.
Configure these fields to change traffic that matches the classifier. The fields
available vary depending on the selected interface, Ether type, and sometimes on
the selected class queue. Leave a field blank to not apply that type of change.
Select the DSCP mark to add to traffic that matches this classifier. Use Auto marking
to automatically apply a DSCP mark according to the type of traffic. Use default to
leave the DSCP mark unchanged.
Chapter 9 Quality of Service (QoS) 91
CHAPTER 10
Chapter 10
Routing
10.1 Default Gateway
Click Advanced Setup > Routing > Default Gateway to open the Default Gateway screen. Use
this screen to select WAN interfaces to serve as system default gateways.
Figure 56 De
fault Gateway
10
Chapter
Move the WAN interfaces to serve as system default gateways from Available Routed WAN
Interfaces to Selected Default Gateway Interfaces.
Use the Selecte
Router’s default IPv6 gateway.
Click A
Chapter 10 Routing 92
pply/Save to save your changes.
d WAN Interface field to select the preferred WAN interface to server as the
10.2 Static Route
Click Advanced Setup > Routing > Static Route to view and configure the static route rules on the
Router.
Figure 57 Sta
tic Route
Table 53 Static Route
LABEL DESCRIPTION
IP Version This displays whether the entry uses IPv4 or IPv6.
DstIP/
Pr
efixLength
Gat ewa y This is the IP address of the gateway. The gate
Interface This is the interface this static route uses to forward traffic for the listed destination
This specifies the IP network address and prefix length of the final destination. Routing
is always based on network number.
way is a router or switch on the same
network segment as the device's LAN or WAN port. The gateway helps forward packets
to their destinations.
address.
metric The metric represents the "cost of transmission". A router determines the best route for
tr
ansmission by choosing a path with the lowest "cost". The smaller the number, the
lower the "cost".
Remove Select entries and click the Remo
Add Click this to configure a new static route.
ve button to delete them.
Chapter 10 Routing 93
10.2.1 Add Static Route
Use this screen to add a static route. Click Add in the Static Route screen to display the following
screen.
Figure 58 Sta
tic Route: Add
Table 54 Stati
LABEL DESCRIPTION
IP Version Select whether your IP type is IPv4 or IPv6.
Destination IP address/
pr
efix length
c Route: Add
Enter the IPv4 or IPv6 address and network length of the final destination.
Interface Select the interface through which this static route sends traffic.
Gateway IP Address Enter the IP address of the gateway when you configure a static route that
Apply/Save Click this button to save your changes.
10.3 Policy Routing
Traditionally, routing is based on the destination address only and the Router takes the shortest
path to forward a packet. Policy routing allows the Router to override the default routing behavior
and alter the packet routing based on the policy defined by the network administrator. Policy-based
routing is applied to outgoing packets, prior to the normal routing.
You can use source-based policy routing to direct
connections or distribute traffic among multiple paths for load sharing.
uses
an IP-based interface (such as IPoE, IPoA, or LAN). The gateway is a
router or switch on the same network segment as the device's LAN or WAN
port. The gateway helps forward packets to their destinations.
traffic from different users through different
Chapter 10 Routing 94
Use the Pol
icy Routing screen to view and configure routing policies on the Router. Click Advanced
Setup > Routing > Policy Routing to open the following screen.
Figure 59 P
olicy Routing
Table 55 Policy Rou
LABEL DESCRIPTION
Policy Name This displays the name of the rule.
Source IP This displays the source IP address.
LAN Port This displays the source LAN port number.
WAN This displays the WAN interface through which the traffic is routed.
Default GW This displays the default gateway IP address the route uses.
Remove Select entries and click the Remo
ting
ve button to delete them.
Add Click this to create a new policy routing rule.
Chapter 10 Routing 95
10.3.1 Add Policy Routing
Click Add in the Policy Routing screen to open the following screen. Use this screen to configure
the required information for a policy route.
Figure 60 P
olicy Routing: Add
Table 56 Policy Routin
LABEL DESCRIPTION
g: Add
Policy Name Enter a descriptive name of printable English keyboard characters, not including
spac
es.
Physical LAN
Port
Source IP Enter the source IP address.
Use Interface Select a WAN interface through which the traffic is sent. You must have the WAN
Default Gateway
IP
Apply/Save Click this button to save your changes.
Select the source LAN Ethernet port number.
int
erface(s) already configured in the Broadband screens.
Enter the default gateway IP address the route uses.
Chapter 10 Routing 96
10.4 RIP
Click Advanced Setup > Routing > RIP to open the RIP screen. Use this screen to configure RIP
settings. Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows a device to exchange
routing information with other routers.
Figure 61 RIP
Table 57 RIP
LABEL DESCRIPTION
Interface This is the name of the interface in which the RIP setting is used.
Version The RIP version controls the format and the broadcasting method of the RIP packets
th
at the Router sends (it recognizes both formats when receiving). RIP version 1 is
universally supported but RIP version 2 carries more information. RIP version 1 is
probably adequate for most networks, unless you have an unusual network topology.
Operation Select Passive to have the Router update the routing table based on the RIP packets
received from neighbors but not advertise its route information to other routers in this
interface.
Select Active to have the Rou
routing updates from neighboring routers.
Enabled Select the check box to activate the settings.
Apply/Save Click this button to save your changes.
ter advertise its route information and also listen for
Chapter 10 Routing 97
Chapter 11 DNS
CHAPTER 11
11.1 DNS Server
DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa.
The DNS server is extremely important because without it, you must know the IP address of a
machine before you can access it.
Use this screen to view and configure DNS routes on the Router. Click Advanced Setup > DNS >
DNS Server to open this screen.
11
Chapter
Chapter 11 DNS 98
Figure 62 DN
S Server
Chapter 11 DNS 99
The following table describes the fields in this screen.
Table 58 DN
LABEL DESCRIPTION
Select DNS Server
Interface fr
available WAN
interfaces
Selected DNS
rver Interfaces
Se
Available WAN
Interfaces
Use the following
Sta
tic DNS IP address
Primary DNS
server
Secondary DNS
server
Obtain IPv6 DNS info
fr
om a WAN interface
S Server
om
Select this to have the Router get the DNS server addresses from one of the
ter’s WAN interfaces.
Rou
Select a WAN interface through which to get DNS server addresses.
You can select multiple WAN interfaces for the device to try. The Router tries the
AN interfaces in the order listed and uses only the DNS server information of
W
the first WAN interface that connects; there is no backup WAN function. To
change the priority order remove them all and add them back in again.
These are the WAN interfaces you can select from.
Select this to have the Router use the DNS server addresses you configure
manually.
Enter the first DNS server address assigned by the ISP.
Enter the second DNS server address assigned by the ISP.
Select this to have the Router get the IPv6 DNS server addresses from the ISP
automatically.
Selected IPv6 DNS
Server Interfaces
Available IPv6
WA
N Interfaces
Use the following
Sta
tic IPv6 DNS
address
Primary IPv6 DNS
server
Secondary IPv6
DNS
server
Apply/Save Click this button to save your changes.
Select an IPv6 WAN interface through which you want to obtain the IPv6 DNS
related information.
These are the IPv6 WAN interfaces you can select from.
Select this to have the Router use the IPv6 DNS server addresses you configure
manually.
Enter the first IPv6 DNS server address assigned by the ISP.
Enter the second IPv6 DNS server address assigned by the ISP.
11.2 Dynamic DNS
Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic
DNS services. You need to have registered a dynamic DNS account with www.dyndns.org. This is for
people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name.
Chapter 11 DNS 100
Loading...