tei480t+ user guide
TRANSCRIPT
R4148
Copyright Statementis the registered trademark of Shenzhen Tenda Technology Co., Ltd. Other trademark or trade name mentioned herein are the trademark or registered trademark of the company. Copyright of the whole product as integration, including its accessories and software, belongs to Shenzhen Tenda Technology Co., Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd, any individual or party is not allowed to copy, plagiarize, imitate or translate it into other languages.All the photos and product specifications mentioned in this manual are for references only, as the upgrading of software and hardware, there will be changes. And if there are changes, Tenda is not responsible for informing in advance. If you want to know more about our product information, please visit our website at www.tenda.cn
Table of Contents1Table of Contents
2Chapter 1 Product Overview
21.1 Product Introduction
21.2 Product Features
41.3 Product Specifications
41.4 Package Contents
5Chapter 2 Hardware Description
52.1 Panel Layout
62.2 System Requirements
62.3 Installation Requirements
62.4 Hardware Installation
8Chapter3 Quick Installation
83.1 Configuration of Computer
103.2 Verifying the Connectivity
113.3 Quick Setup
18Chapter 4 Configuration
184.1 Running Status
224.2 Quick Setup
224.3 Network
334.4 IAM
454.5 Security
574.6 Advanced Settings
624.7 VPN
664.8 Monitor
674.9 System Tools
714.10 logout
72Appendix 1: How to Set TCP/IP (Take Windows XP for example)
76Appendix 2: Useful Command
77FCC Statement:
Chapter 1 Product Overview
1.1 Product IntroductionTenda enterprise 2-WAN ports broadband router ---TEI480T+, is a new generation hardware network access device, integrated with Online Application/IAM and dual-WAN Router functions, specially designed for middle / small -sized enterprises, government organizations, education and scientific research institutions . It enables enterprises to monitor, prevent and manage staff online application so as to boost the working efficiency, reduce network bandwidth occupation, and minimize legal risks. 1.2 Product Features Complies with IEEE802.3, IEEE802.3u and IEEE802.3x standards Provides 2 10/100M auto-negotiation WAN interface to connect xDSL/Cable device
Provides 3 10/100M auto-negotiation LAN interfaces to connect the internal LAN
Double WANs support dual-WAN accesses, auto-realize bandwidth overlapping Intelligent cable backupIntelligent load balancing. Supports TCP/IPTCPUDPVPNDHCPNATSNTPDNSTFTP etc.
Supports IP-MAC binding to prevent ARP attack, ARP cheat and unauthorized access.
Supports special application access control over port, MAC, URL to manage network easily. Supports flexible bandwidth management, and single-device speed limit to secure the bandwidth stability and reasonable utilization of network resources. UP to 384MHz CPU processor and powerful NAT forwarding feature, supports more users. Supports virtual server, DMZ host and ALG application
Supports PPTP VPN clients. Supports PPTP, VPN server function, 8 groups of users simultaneous access to internet. Supports QQMSNSKYPE, Fetion, Ali wangwang software filter etc, enables to setup exceptional QQs to pass through. Supports website address classification and filter to facilitate management of domain names. Supports Dynamic Domain Name System (DDNS) resolution function. Provides system security log and flow statistics. Supports remote Web management; provides all-English interface. Built-in DHCP server, static address distribution supported. ARP attack prevention supported to secure network security and stability. Internal firewall provided to accurately control online time, domain name filter and MAC address filter.1.3 Product SpecificationsSupported Protocols and StandardsIEEE802.3, IEEE802.3u, IEEE802.3x, TCP/IP, DHCP, ICMP, NAT, PPPoE, SNTP, HTTP, DNS, ARP
Network Media10Base-TCat.3 or above Cat.3 UTP
100Base-TXCat.5 UTP
Port and LED IndicatorWAN Port2WAN Indicator and 2100M Indicator
LAN Port3 LAN Indicators and 3 100M Indicators
OthersPower (Power Indicator
SYS (System Status Indicator) Power
DimensionL x W x H294mm x 178.8mm x 44mm
Environment RequirementOperating Temperature: 0C to 45C
Storage Temperature: -40C to 70C
Operating Humidity: 10%-95% RH Non-condensing
Storage Humidity: 5%-95% RH Non-condensing
Power and ConsumptionTEI480T+ Input:AC 220V 50HzConsumption: 4W (Maximum)
1.4 Package ContentsPlease unpack the box and check the following items:
One TEI480T+ Internet Bar/ Enterprise security gateway Router
One Power Cord
One User Guide
Two L-shaped brackets
Four Foot Pads
If any of the listed items are incorrect, missing or damaged, please contact your Tenda reseller for immediate replacement.
Chapter 2 Hardware Description
2.1 Panel Layout
2.1.1 Front Panel
TEI480T+ Front Panel Show
1) Reset Keep pressing this button for 5 seconds. The settings configured in this device will be deleted and router will be restored to factory default value and rebooted automatically. 2) Indicator:
IndicatorDescriptionFunction
POWERPower IndicatorAlways ON indicates the router has power.
SYSSystem Status IndicatorFlashing indicates the system is functioning correctly.Always ON or Off indicates the system is functioning incorrectly.
WAN/LANWAN and LAN Status IndicatorAlways ON indicates the WAN/LAN port is connected correctly.Flashing indicates the data packets are being transferred.
100MWAN and LAN Speed Indicator100M indicator---always on indicates the corresponding port is in 100M working mode. 100M indicator off indicates the corresponding port is in 10M working mode
3) WAN2 WAN PortRJ-45for xDSL Modem/Cable Modem or Ethernet connection. 4) LAN Ports: 3 LAN portsRJ-45for computers Ethernet network adapter , HUB and switch connection. 2.1.2 Rear Panel
TEI480T+ Rear Panel ShowPower Adapter: Please use the included power adapter.
2.2 System Requirements
Network Adapter
Internet Explorer 5.0 or higher Broadband Internet Service (via xDSL/ Cable Modem/ Ethernet access mode) 2.3 Installation Requirements
Keep the device in a safe position to avoid any possible damage or falling.
Please make sure the operating AC power accords with the Routers rated standard and matches the voltage labeled on the Router. Do not open the Router housing when it is working and even in power failure to avoid electric shock. It is highly recommended to put the device to earth to reduce danger and keep it away from lighting. Make sure there is enough space for ventilation and heat dissipation.
2.4 Hardware Installation
Before installing the Router, we hope you can successfully access Internet. If your computer has difficulty in accessing Internet, please contact your ISP. When you can access the Internet, please follow the steps below to install the Router.
Establish LAN Connection
Connect the Routers LAN port to the switch or hub. You can also connect the Routers LAN port to the network adapter of your computer. Establish WAN Connection
Connect the xDSL or Ethernet to the Routers WAN port via cable Cat 5. Connect Power Adapter
When the power adapter is connected well, the Router will start automatically.
Chapter3 Quick Installation
3.1 Configuration of ComputerThe Routers default IP is 192.168.0.1. You can change it when necessary, but in this user guide the Router is configured according to default value.
Connect your computer to the Routers LAN port and then follow the steps below:
1. Right click My Network Places on your desktop, and select Properties on the menu.
2. Right click Local Area Connection on the appearing window and select Properties.
3. Select Internet Protocol (TCP/IP) and click Properties.
4 Select Obtain an IP address automatically or select Use the following IP address (S). Obtain an IP address automatically as the following diagram: Use the following IP address
IP Address: 192.168.0.XXX: (XXX is a number from 2~254)
Subnet Mask: 255.255.255.0
Gateway: 192.168.0.1
DNS Server: Certainly you need to input the DNS server address provided by your ISP. Otherwise, you can use the Routers default gateway as the DNS proxy server. Click OK to save the configurations.
3.2 Verifying the ConnectivityAfter configuring the TCP/IP parameters, you can use Ping command to check the connectivity between Router and computer. 1. Select Start Run. Input cmd in Run page then click OK.2. According to the format shown on the following page, input Ping 192.168.0.1 and press Enter. If the system gives the result shown on the figure, the connectivity between your computer and the Router is normal. Otherwise please check the previous settings, the power of the Router, and the cables between the Router and the computer.
3.3 Quick Setup
To access the Routers browser-based configuration interface, launch a web browser such as Internet Explorer and enter the Routers default IP address, http://192.168.0.1. Press Enter. The configuration method also applies to any MS Windows, Macintosh or UNIX platform. The Login Interface appears after the connection is established, to log in you need to Input the admin (factory default) in both User Name and Password. Then Click OK. To facilitate your next time access to web-based management interface, it is recommended to tick Remember My Password.
Note: To guarantee the security of Router, it is highly recommended that you change the system default user name and password when you successfully log in.
If you enter the correct user name and password, the browser will move to the administrator interface and setup wizard will pop up, click next to go to the interface for access mode options.
The Router supports five most common access methods (Routers default access mode is dynamic IP access): Static IP: a fixed address provided by Ethernet broadband access ISP.
Dynamic IP: distributed by Broadband network or the wired to the users via DHCP service. PPPoE (ADSL): Adopts PPPoE virtual dial-up to access Internet. PPTP: It refers to Point-to-Point Tunneling Protocol, sharing accessed resources via connection with remote server. L2TP: It refers to Layer 2 Tunneling Protocol, sharing accessed resources via connection with remote server.
You can choose one mode according to your need. Then click Next to fill in all the basic network parameters.
Note: 1. There are WAN1 and WAN2 for your choices. Please configure WAN1 and WAN2 respectively according to your specific needs when configuring WAN ports. 2. Bandwidth unit is Kbytes/s. For 2M ADSL provided by ISP, upload rate is 512Kbps and download rate is 2Mbps. The unit conversion formula is as follows: Uplink bandwidth 512Kbps = 64Kbyte/s
Downlink bandwidth 2Mbps = 2048Kbps = 256KByte/s
3In order not to affect the speed, please fill the actual Uplink/Downlink bandwidth provided by your ISP. Select a WAN port and a correct access mode according to your needs, and input proper uplink/ downlink bandwidth. Then click Next to configure basic network parameters. 3.3.1 Static IP
If your access mode is Static IP, you need to enter the static IP address, subnet mask, gateway, DNS Server and secondary DNS Server addresses. After you finish all the settings, click Next to save them.
IP Address: WAN IP address provided by your local ISP. If you are not clear, please inquire your local ISP.
Subnet Mask: WAN subnet mask provided by your local ISP. If you are not clear, please inquire your local ISP.
Gateway: Enter the gateway provided by your ISP. If you are not clear, please inquire your local ISP.
Preferred DNS Server: Enter the DNS server provided by your ISP. If you are not clear, please inquire your local ISP.
Alternate DNS server: Optional. If your ISP offers you two DNS server addresses, you can enter the other one here. Note: If the Routers WAN IP address and the LAN IP address are within the same net segment, the Routers function will be damaged. Please use the Reset button on the panel for the emergency.3.3.2 Dynamic IP
If your access mode is Dynamic IP, you can obtain an IP address from your ISP to access Internet. Without other settings needed, you can just click Next to save the settings.
3.3.3 PPPoE
Account: Enter the ADSL account provided by your ISP to access internet. If you are not clear, please inquire your ISP.
Password: Enter the password provided by your ISP. If you are not clear, please inquire your ISP.
3.3.4 PPTP
If the connection is PPTP, please input the following parameters provided by your ISP: PPTP Server IP Address, User Name, and Password.
PPTP provides two access modes.
If the PPTP offered by your ISP is Dynamic IP: Please select Dynamic IP without filling in IP address, subnet mask and default gateway.If the PPTP offered by your ISP is Static IP: Please fill in the static access mode parameters provided by your ISP.
After configuration, please click Next. Dynamic IP/ Static IP access modes are shown as the following:
Dynamic access mode
Static access mode3.3.5 L2TP
Select L2TP (Layer 2 Tunneling Protocol) if your ISP use a L2TP connection, your ISP will provide you with a user name and password please fill in the parameters.
L2TP provides two access modes.
If the L2TP offered by your ISP is Dynamic IP: Please select Dynamic IP without filling in IP address, subnet mask and default gateway..
If the L2TP offered by your ISP is Static IP: Please fill in the parameters provided by your ISP.
After configuration, please click Next. Dynamic IP/ Static IP access modes are shown as the following:
Dynamic access mode
Static access mode
Click "Apply" to save the parameters and finish the Quick Setup.
When the configuration is accomplished you can move to WAN Status under Running Status to check configuration information.
Chapter 4 Configuration
This chapter introduces the configuration of the Routers functions on the Web-based management interface. On this page, 10 menus introduce the Routers functions. Running Status Quick Setup Network IAM Security
Advanced VPN Monitor System Tools LogoutIf you have any problems when you are using the product, please click Help on the page to find the detailed explanation.4.1 Running Status4.1.1 WAN1 StatusIt displays the WAN1 Connection Status, Connection Mode, WAN IP, Subnet Mask, Gateway, DNS Server, Alternate DNS Server, WAN MAC Address, WAN Traffic, and Connection Time.
Connection Status: It displays the WAN connection status.Disconnected: It indicates the WAN port hasnt been connected with the network cable.Connecting: It indicates the WAN port is obtaining an IP address.Connected: It indicates the Router is connected well with the ISP. Connection Mode: It displays your current access mode. WAN IPIP address obtained from ISP. Subnet Mask: The subnet mask obtained from ISP. Gateway: The gateway obtained from ISP.
DNS: Obtained from ISP. Alternate DNS: Obtained from ISP. WAN MAC AddressIt displays the WAN MAC Address. WAN Port Traffic: It indicates the used bandwidth. The unit is KB/s.
4.1.2 WAN2 Status
It displays the WAN2 Connection Status, Connection Mode, WAN IP, Subnet Mask, Gateway, DNS Server, Alternate DNS Server, WAN MAC Address, and WAN Flow. Connection Status: It displays the WAN connection status.
Disconnected: It indicates the WAN port hasnt been connected with the network cable.
Connecting: It indicates the WAN port is obtaining an IP address.
Connected: It indicates the Router is connected well with the ISP.
Connection Mode: It displays your current access mode.
WAN IPIP address obtained from ISP.
Subnet Mask: The subnet mask obtained from ISP.
Gateway: The gateway obtained from ISP.
DNS: Obtained from ISP.
Alternate DNS: Obtained from ISP.
WAN MAC AddressIt displays the WAN MAC Address.
WAN Port Traffic: It indicates the used bandwidth. The unit is KB/s.
Connection Time: it indicates dynamic IP connection time.4.1.3 LAN Status
It displays the Routers IP Address, Subnet Mask, LAN MAC Address, DHCP Server, and NAT/NAT Entry.
IP Address: It displays the Routers IP address.
Subnet Mask: It displays the Routers subnet mask.
LAN MAC AddressIt displays the Routers LAN MAC address.
DHCP Server: It displays the disabled and enabled status of DHCP server.
NAT/NAT Entry: It displays the Routers working mode/ used NAT entries.
4.1.4 System StatusIt displays the Routers CPU and memory occupation, current Running time, System Time, Connected Client, System Version, Setup Wizard Version, and Firmware Version.
CPU Occupation: It displays the using status of CPU
Memory Occupation: It displays the using status of memory.
Running Time: It displays the running time after the system starts normally. System Time: It displays the system updating time. Connected Client: It displays the connected computers (Normally it displays the client counts obtained via DHCP server.) System Version: It displays the Routers software version. Bootcore Version: It displays the Routers program version. Firmware Version: It displays the Routers hardware version.4.2 Quick SetupPlease refer to chapter 3 for Quick Setup.4.3 Network There are six submenus LAN Setting, WAN Setting DHCP Server, DMZ Access Control Port Parameter in the Network menu. Click any submenu and you can enter the corresponding setting. The following shows the detailed illustrations.
4.3.1 LAN Setting
MAC Address: It displays the Routers LAN MAC address. IP Address: LAN IP address. The default value of this IP address is 192.168.0.1. You can change it when necessary. Subnet Mask: LAN Subnet Mask.Note:1. If you changed this IP address, you must use the new IP address to enter the Web-based management interface. The default gateway value of all the computers in LAN must be set at this IP address to access Internet.2. If the Routers WAN IP address and the LAN IP address are at the same net segment, the Routers function will be damaged. Please use the reset button on the panel when in emergency.3. If your computer IP is set as Obtain an IP Address Automatically , please first disable your network adapter and then enable it after you change LAN IP. 4.3.2 WAN SettingThere are WAN Setting and Multi- WAN Policy in WAN Setting menu. Click one of the two submenus and you can enter the corresponding setting. The following is the detailed explanation of their functions. 4.3.2.1 WAN SettingThis interface shows dual-port access status and port parameters.
Select the one you want to set up and click configure to enter the network setting interface. This interface enables you to configure WAN ports parameter. Each WAN supports three connection modes: static IP, dynamic IP and PPPoE dial-up.1) Static IP: If your access mode is Static IP, it means you have a fixed IP address provided by ISP.
IP Address: Applied WAN IP address provided by your local ISP. If you are not clear, please inquire your local ISP.
Subnet Mask: WAN subnet mask corresponds with current IP and is provided by your local ISP. If you are not clear, please inquire your local ISP.
Default Gateway: Enter the gateway which corresponds with current IP and is provided by your ISP. If you are not clear, please inquire your local ISP. Preferred DNS Server/ Alternate DNS server: Enter the DNS server IP address provided by your ISP. If you are not clear, please inquire your local ISP.
Upstream/Downstream BandwidthThe applied static upstream/downstream bandwidth for WAN port1. If you are not clear, please inquire your ISP. MTU SettingMTUMaximum Transmission Unitsystem default is 1450 bytes. Note: usually there is no need to configure it, and improper MTU configuration may lead to poor network performance or make it unusable.
2) Dynamic IP: If your access mode is dynamic IP; you can obtain IP address automatically from your ISP.
Upstream/Downstream BandwidthThe applied dynamic upstream/downstream bandwidth for WAN port1. If you are not clear, please inquire your ISP.
MTUMTUMaximum Transmission Unitsystem default is 1450 bytes. Note: usually there is no need to configure it, and improper MTU configuration may lead to poor network performance or make it unusable.3 PPPoE: If your access mode is PPPoE dial-up, you can obtain IP address via ADSL virtual dial-up.
PPPoE Account: Enter PPPoE account; if you are not clear inquire your ISP. PPPOE Password: PPPoE password by ISP. If you are not clear inquire your ISP. Upstream/Downstream BandwidthThe applied PPPoE upstream/downstream bandwidth for WAN1. If you are not clear, please inquire your ISP.
MTUMTUMaximum Transmission Unitsystem
default is 1450 bytes. Note: usually there is no need to configure it, and improper MTU configuration may lead to poor network performance or make it unusable.
The configuration method of WAN2 parameters is the same as that of WAN1.4.3.2.2 Multi-WAN Policy.On this page you can choose Multi-WAN Policy according to your needs.TEI480T+ dual-WAN router has four working modes.
Intelligent Load Balancing Mode (automatic)System automatically distributes load according to flow and automatically searches for WAN port which has the minimum flow for communication, which is regarded as the smartest and best load mode. This load balancing mode automatically fulfills flow distribution and bandwidth overlapping without any human interference involved.
NoteSystem default working mode is intelligent load balancing mode. Select operators according to different destination addresses: Router based on destination address is used to solve problems arising from interconnection and intercommunication between Telecom and Unicom. By adding policy routing mode to router device, data transmission mode is successfully established in the way: Telecom data via Telecom, and Unicom data via Unicom. Intelligent Cable Backup Mode (Backup): Users can choose one (WAN1 or WAN2) for communication port and the other for backup according to their own needs. Device will automatically shift to backup to fulfill communication when the chosen communication line comes across problems. IP GroupUser Customized load SettingUsers can select WAN1 or WAN2 according to their own needs, by specifying source address, destination address, and destination port. All data packets which are not included in defined range are to be dealt with by WAN1. This working mode allows you to specify the needed load setting based on your own needs. For example: If you want intranet LAN source IP addresses: 192.168.0.100-192.168.0.200 to pass through WAN2 at destination IP addresses: 58.251.80.1-58.251.80.254, via ports: 0-65535, you need to first fill in the corresponding source IP addresses ,destination IP addresses, destination port, designated WAN port, tick Active or not and click Add to the corresponding list. The configuration result is shown below in the diagram.
Note1. All packets which are not included in user customized range are to be handled by WAN1.2. If rules are repeated or there is common ground, then only the finally configured rules are valid, the previously configured rules will not go into effect. 4.3.3 DHCP ServerThere are three submenus in the DHCP Server: DHCP Server, Client List, and Static Assigning. The corresponding functions are described in details below.
4.3.3.1 DHCP ServerProtocol settings include IP Address, Subnet Mask, Gateway and DNS Server. Configuring TCP/IP protocol for all the computers in LAN is not easy. However, DHCP server provides this function. If you use the Routers DHCP server function, you can enable DHCP server to automatically configure the computers TCP/IP protocol in LAN.
DHCP Server: If you want DHCP to automatically configure the TCP/IP parameters. Please select this option.
IP Pool Starting Address: The IP starting address automatically distributed by DHCP server.
IP Pool Ending Address: The IP ending address automatically distributed by DHCP server. Lease Time: The IP address lease time distributed by DHCP to client. The default value is 2880 minutes. Primary DNS Server: Distributed DNS server address. Secondary DNS Server: Distributed DNS server address (optional).
Note: In order to use the Routers DHCP server, the TCP/IP protocol of the computer in LAN must be set as Obtain an IP address automatically.
4.3.3.2 Client List
The DHCP client list displays all the Host Names, IP Addresses, MAC Addresses and Lease Time via DHCP.
Host Name: The host name of client.
IP Address: The IP address applied by the client.
MAC Address: The MAC address of the computer which applies for the IP address.
Lease Time: The valid using time of the obtained IP address.4.3.3.3 Static Assigning
DHCP server supports static IP address assigning. You can use it when you want to make a computer in LAN obtain the same IP address distributed by DHCP server each time it starts.
For exampleThe MAC address of a computer in LAN is 00:15:58:c0:d4:3f. If you want it to obtain the IP: 192.168.0.150 every time it starts. First, enter the IP address and MAC address and then click add and save it .the finished configuration is as below.
IP AddressReserved IP Address.
MAC Address.The MAC address of the computer which reserves IP address.
AddAdd the reserved IP address and MAC address to the list.
Edit Modify the IP address and MAC address by static assignment.
Delete Clear the established static assignment information.
4.3.4 DMZ
In some special cases, one computer in LAN is required to be fully exposed to WAN to achieve two-way communication. The computer needs to be set as DMZ host.
Setting Steps: First enter the WAN corresponding DMZ hosts LAN computers IP in DMZ Host IP Address Mapped by WAN1 and/or WAN2 entry field. Then click Enable and save DMZ host setting.
Note: Firework setting related to the IPs will be disabled after DMZ is configured.
4.3.5 Access ControlIn order to enhance the Routers management security, you can specify the computers IP address and change the Routers port number.4.3.5.1 LAN Access Control
Enable: Enable the Routers WEB interface access control function. IP Address: Enter the computers LAN IP address. Port: The default port number is 80. Enter the Web interface port number you access. Note: When the IP address is set, other addresses can not log on the Routers Web-based interface. For example: When the Routers default IP address is 192.168.0.1, if you only permit the client computer with the IP address of 192.168.0.100 to access the Routers Web interface via port 8888, you need to set the following parameters and change the Routers access address to http://192.168.0.1:8888
4.3.5.2 WAN Access Control Normally, only LAN users can access Router, but this function will enable you to access and control Router remotely to meet the special needs.
Enable: It will enable WAN port to Access and Control Router function.
IP address: Enter the IP address of the remote client computer.
Port: default port is 8080; enter the WEB-based interface port number you access.
Note:Router default WAN Access Control can be modified according to your needs. You must only follow the format: IP address (the IP is the Routers WAN IP address): port. (For example, If routers WAN port IP is 211.23.1.2, enter http://211.23.1.2:8080) to access Router for remote management.All WAN computers can access Router for remote WEB management at its default WAN Access Control IP address: 0.0.0.0. But if you change the default IP address (for example you set it as 58.60.111.221), then only the specified WAN computer (58.60.111.221) can access the Router management interface.For example: when routers WAN default IP is 58.251.88.90, and you only want to allow client computer with IP address: 58.60.111.221 to access, control routers WEB interface via port: 8080 WAN. Then you need to set the following parameters, and change routers access address to: http:// 58.251.88.90:8080
4.3.6 Port Parameters Setting
There are Port Mode and MAC Address submenus, click one of them to enter corresponding function setting.
4.3.6.1 Port Mode
You can set WAN1 and WAN2 Port Modes respectively: auto-negotiation, 10M half duplex, 10M full duplex, 100M half duplex, 100M full duplex based on your needs. 4.3.6.2 MAC Address
You can set all ports MAC address of the Router on the following page.
LAN Port MAC Address: displays routers LAN MAC address, you can input it manually.
WAN1 Port MAC Address: displays routers WAN1 MAC address, you can input it manually.
WAN2 Port MAC Address: displays routers WAN2 MAC address, you can input it manually.
Restore to Default MAC: factory MAC address will be displayed after you click the button.
Note: 1. Some ISP binds users computer MAC, please copy the current administrators computer MAC address to the corresponding WAN MAC address field or change MAC address manually. WAN MAC address in Running Status will be changed accordingly as you change the value. 2. WAN MAC address modification only takes effect when router is rebooted. Dont use this function If your ISP does not bind your router MAC address to avoid prolblems. 4.4 IAMThere are Group Settings, Client Filter, URL Filter, Website Filter, Protocol Filter, Bandwidth and NAT Entry Setting submenus in IAM menu. You can enter the corresponding setting by clicking any of them.
4.4.1 Group SettingsThere are User Group, Time Group, Protocol Feature three submenus. You can enter the corresponding setting by clicking any of them.
4.4.1.1 User Group
You can set User Group by adding IP Group, Group Description, and suitable IP or IP segment. The set IP Group will cooperate with sub-functions of IAM.
For example, if an enterprises R & Ds IP segment is 192.168.0.20-192.168.0.30. Then you can click Add IP Group to finish its configuration.
1IP Group Name: R and D.2IP Group Description: Development.3 Add IP192.168.0.20-192.168.0.30
4. Click Add and Apply, the following will appear.
4.4.1.2 Time Group
You can set Time Group by adding time group, setting group name, group description and the needed time or time range.
For example, if you want to set 800-1800 on the work days from Monday to Friday as a time group, you just need to click Add Time Group
1NameWork days2Description : Work days3Time range800-18:00 from Monday to Friday4Click Save, the following interface will display.
4.4.1.3 Protocol Feature
This page shows the filterable software information.
4.4.2 Client Filter
In order to further manage the computers in LAN, you can control the computers to access internet via some WAN ports by data packets filter function. Click Add Filtering Rule the following page will display.
Filtering Mode: There are two modes Disable and Enable for options.
Filtering Mode----Disable: Forbids the packets which accords with the rule to pass through the Router. Other unrestricted packets are allowed to pass. The filter rule takes effect on the corresponding IP or IP range.
Filtering Mode----Enable: Permits packets which accords with the IP Group, Time Group, and Port rule to pass through the Router; packets that accord with IP Group, Time Group, but not match Port rule are not allowed to pass. Other packets whose IP Group and Time Group rules are not enabled can pass through the router normally. The filter rule takes effect on the corresponding IP or IP range. Enable: enables filter. Remark: The simple description for configuration file.
IP Group: select the added IP Group
Time Group: select the added Time Group. WAN Port Segment: Fill in the port number; you can specify a port range. Null means all the ports from 1 to 65535. Type: Select the protocol used by the controlled packets. (All includes TCP/UDP.)
Note:
Filter rule only takes effect on corresponding IP range and time group. Others which dont accord with filter rule are not affected.
Example : If you dont want the computer at the IP addresses of 192.168.0.20-192.168.0.30IP group: R and D to visit website at 8:00-18:00(Time group: work days) from Monday to Friday without control over other computers in LAN, you need to set the parameters as follows.
Click Save , the following appears:
Tick Enable and Save to bring it into effect.
4.4.3 URL FilterIn order to control the LAN computers to visit websites, you can use URL filter to specify the accessible/ inaccessible websites and accessible/inaccessible time. You will reach the following page by clicking Add Filter Rule:
Filter Mode: You can only choose either Disable or Enable.
Filter Mode----Disable: Forbids the restricted data packets to pass through the Router. Other unrestricted data packets can pass through the Router. Filter rule takes effect on IP group and time group.
Filter Mode-----Enable: Permits data packets which accord with IP Group, Time Group, URL String and File Suffix Name rules to pass through the Router;
Packets which accord with IP Group, Time Group, but not match URLString and File Suffix Name rules are prohibited from passing through the Router. Other data packets whose IP and Time Group are not enabled can pass through the router normally. Enable: Enables filter.
Remark: The simple description of the configuration.
IP Group: select the added IP group.
Time Group: select the added Time Group.
URL String: Enter the filtered domain name. File Suffix NameDomain names suffix name.
Note
Filter rule only takes effect on corresponding IP group and time group; others which dont accord with filter rules are not affected. Example 1: If you want the computers within the IP address segment of 192.168.0.20~192.168.0.30 (IP Group: R & D) to only visit the websites which contains sina baidu 163 strings at the time of 8:00-18:00 (Time Group: work days) from Monday to Friday, and other computers can visit all websites, you need to set the parameters as follows:
Click Save to move to the following page:
Tick Enable and Save to effect the function.4.4.4 Websites Filter
You can manage LAN computers access to Internet websites easily via website classification and filter function.
Block: It will block you from accessing websites of this kind by prompting to youError: Site or Page Not Found
Record: It records the time, IP and website domain name you have accessed in log. WarningIt prohibits you from accessing websites of this category and prompts that The website access is not permitted by this router. 4.4.5 Protocol Filter
There are Protocol Filter and Exceptional two submenus in Protocol Filter. You will enter the corresponding setting by clicking one of them. The following gives the detailed explanation. 4.4.5.1 Protocol FilterYou can manage access to some softwares and protocols via Protocol Filter. Clicking Add Protocol Filtering Feature will bring you to the following interface.
Rule NameName of protocol feature filter rule.
EnableEnable filter rule. IP Group NameSelect the added IP group, default is all.
Time Group NameSelect added Time Group, default is all. Rule DescriptionSimple description of filter rule.
Protocol FeatureSelect and add the software you want to filter among all Protocol Feature.
For example : If you dont want users whose computers IPs are within the IP address segment of 192.168.0.20-192.168.0.30(IP Group: R &D Department) to voice-chat via voiph.323sipat 8:00-18:00 from Monday to Friday without control over other computers in LAN, you need to set the parameters as follows.
Click Apply to move to the following interface:
4.4.5.2 Exceptional You can manage access to network chat tools via Exceptional menu:
Enable Chat Software FilterEnables filter rules. bang IP Group NameThe already configured IP Group name.
NoteYou have to go to User Group interface to add IP group to set IP Group, if you have not configured IP Group.
Filtering SoftwareSelect the softwares you want to filter.
Exceptional QQYou allow them to pass by specifying Exceptional QQs and adding remarks if you have enabled QQ filter.
For exampleIf you dont want computers at the IP addresses: 192.168.0.20-192.168.0.30 (IP Group: R and D) in LAN to access QQMSN and Fetion but allow manager (QQ number: 123456) to access QQ, you need to set the parameters as follows:
NoteOnly after you reboot the router can the configuration of Chat Software Filter take effect. 4.4.6 Bandwidth & NAT SettingThere are Bandwidth Setting and NAT Entry two submenus in Bandwidth & NAT Setting. The former enables you to Add Bandwidth Control; while the latter allows you to configure Add NAT Entry Control. 4.4.6.1 Bandwidth ControlBandwidth Control can limit the communication flow of intranet computers. It allows the device to support flow control over maximum 254 PCs simultaneously. Configuration of IP address range is supported as well. Click Add Bandwidth Control to go to the following interface.
EnableEnable filter rules. IP Address RangeFlow controlled host computers IP address range: can be a single IP or a IP segment. Uplink RangeMaximum data flow which is permitted to be uploaded by host computers within specified IP range. Unit is Kbytes/s. Downlink RangeMaximum data flow which is permitted to be downloaded by host computers within specified IP range. Unit is Kbytes/s. Uplink /Downlink ModeSelect Uplink/Downlink Independent/ Share Bandwidth for IP within the range.
Uplink/Downlink PolicySelect Uplink/Downlink fixed/ flexible Bandwidth for IP address within the range.
Note if you choose when the bandwidth has surplus , you can use more bandwidththe Router will flexibly manage the uplink and downlink flow. If the bandwidth is surplus, you can use more than the configured uplink and downlink bandwidth limit, otherwise, you can also use bandwidth within the configured limit. DescriptionSimple description of the rules. 4.4.6.2 NAT Entry Setting You can set the NAT Entry of a computer to control the specified computers NAT entries. The excessive entries cant pass through the Router, while undesignated computers can establish NAT entries without limit. Click Add NAT Entry Control to enter the following interface.
Starting/Ending IP: Enter the IP address range you want to control.
Type: Select the NAT entry control type. You can select Independent or Shared.
Independent: It takes effect respectively and separately on each single IP and controls the maximum entries of each IP.
Shared: It takes effect on the whole IP segment as a group and controls the total entries of the whole IP segment.
NAT Entry Control: The maximum entries allowed. The range is from 1 to 9999.
Enable: Select it to enable NAT Entry Control function.For example: If you want to control the computers with IP addresses of 192.168.0.100-192.168.0.200, allow them to achieve maximum entries of 200 with type Shared, you need to configure as the picture below.
Note
Only after you reboot the router can the configuration of NAT Entry Setting take effect.
4.5 Security
Security consists of MAC Filter, ARP Defense, Attack Defense IP-MAC Binding and Attack List. Their functions are described in details below.
4.5.1 MAC Filter
In order to manage the computers in LAN better, you can control the Internet accesses of LAN computers by MAC address filter. Click Add Filter Rules to move to the following interface:
Filter Mode: You can only choose either Enable or Disable.
Disable: Forbid the limited data packets to pass through the Router. Other unlimited packets are allowed to pass.
Enable: Permit the limited packets to pass through the Router. Other unlimited packets are allowed to pass.
Remark: The simple description of this configuration. MAC: Enter the MAC address you want to control or select the MAC address in Manual Setting.
Time: Set the start time and end time of the rule. If the time is not set, the default value 0 indicates 24 hours.
Date: Select the options according to your demand.
Example 1: If you forbid the computer at the MAC address of 00:B0:0C:77:88:00 to access the Internet from 8:00-18:00 everyday without restrict to other computers and other time, you need to set the parameters as follows.
Click Save to enable MAC Filter function.
Example 2: If you only permit the computer at MAC address of 00:B0:0C:77:88:00 to access Internet only from 8:00-18:00 everyday but forbid other computers in LAN to access internet anytime. You need to set the parameters as follows.
Click Save and tick Forbid devices not in list to access internet to enable the function.
4.5.2 ARP Defense
In order to prevent ARP attack and cheat, the Router enabled this function by default to protect your network. The default ARP broadcast interval is one second, and you can set the range from 1 to 60 seconds.
4.5.3 Attack Defense
In Attack Defense page there are WAN Attack Defense and LAN Attack Defense. Click one to enter the corresponding setting. The following illustrates their functions in details. 4.5.3.1 WAN Attack DefenseThere are Scan Attacks Defense and DoS Attacks Defense, Suspicious Packets Defense, Packets Defense Containing IP Options ,Other Attacks in WAN Attack Defense.
IP ScanA source IP sends ICMP request packets to 10 different destination IP addresses within less than the prescribed time, which indicates IP scan attack is ongoing. Port ScanA source IP sends TCP SYN request packets to 10 different ports of one destination address within less than the prescribed time, which indicates port scan attack is ongoing.IP CheatSelect IP Cheat checkbox to check whether packets from specified area are committing IP cheat.Note: This function takes effect on LAN only not on WAN.
ICMP FloodIf ICMP request packets a destination IP receives within one second are beyond the specified amount, it indicates this destination IP is being attacked by ICMP Flood. UDP FloodIf UDP packets a port of a destination IP receives within one second are beyond the specified amount, it indicates this destination IP is being attacked by UDP Flood.
SYN FloodIf TCP SYN packets a port of a destination IP receives within one second are beyond the specified amount, it indicates the port of this destination IP is being attacked by TCP SYN Flood. LAND Attack: This refers to the combined attack of SYN Flood Attack and IP cheat. It takes place when attacker sends deceptive SYN packets which include the victims IP address as source and destination IP addresses. WinNuke It refers to WinNuke against DoS attack of any online computer which runs Windows. An attacker sends TCP fragment (usually configured as URG NetBIOS port 139) to connected hosts, which causes fragment overlapping and leads to breakdown of the computer.
Big ICMP PacketsGenerally, an ICMP packet is within 1024 Bytes and will be considered as a suspicious packet if it exceeds the amount.TCP Packets Without FlagA normal TCP packet has at least one configured symbol (flag), and those without any control symbol are regarded as suspicious packets.Set the TCP Packets of SYN and FIN at the Same TimeThose that have both simultaneously configured SYN and FIN control symbols in the same TCP fragment packets are suspicious TCP packets TCP Packets only Set FIN without ACK TCP packet which have configured FIN symbol but no ACK symbol are abnormal.
Unknown ProtocolIf the character segment value in protocol type of an IP packet is 135 or bigger, reserved and undefined value, it is impossible to figure out in advance, due to the undefined protocols, whether this unknown protocol is well-intentioned or malicious. The cautious solution for these non-standard protocols is to block and prevent them from entering the protected network.
IP Timestamp OptionIt refers to whether to check IP from specified area contains Internet Timestamp or not. IP Security OptionIt refers to whether to check IP from specified area contains Security or not.IP Stream OptionIt refers to whether to check IP from specified area contains Stream ID or not.IP Record Route OptionIt refers to whether to check IP from specified area contains Record Route or not. IP Loose Source Route OptionIt refers to whether to check IP from specified area contains Loose Source Route or not. IP Strict Source Route OptionIt refers to whether to check IP from specified area contains Strict Source Route or not. Invalid IP Options It refers to whether to check the integrity or correctness of the IP packet from specified area or not.
Filter Ping From WAN PortRouter will not respond to ping detect from WAN port after this function is enabled.DDoS Attack DefenseRouter will block DDNS attack after this function is enabled.Shock Waves, Sasser and Other Viruses Defense: enabling this function to block shock waves sasser and other viruses attack. 4.5.3.2 LAN Attack DefenseThere are Scan Attacks Defense , DoS Attacks Defense, Suspicious Packets Defense, Packets Defense Containing IP Options and Other Attacks in LAN Attack Defense.
IP ScanA source IP sends ICMP request packets to 10 different destination IP addresses within less than the defined time, which indicates IP scan attack is ongoing. Port ScanA source IP sends TCP SYN packets to 10 different ports of one destination address within less than the defined time, which indicates ports scan attack is ongoing.IP CheatSelect IP Cheat checkbox to check whether packets from specified area are committing IP cheat.Note: This function takes effect on LAN only not on WAN.
ICMP FloodIf ICMP request packets a destination IP receives within one second are beyond the specified amount, it indicates this destination IP is being attacked by ICMP Flood.
UDP FloodIf UDP packets a port of a destination IP receives within one second are beyond the specified amount, it indicates this destination IP is being attacked by UDP Flood.
SYN FloodIf TCP SYN packets a port of a destination IP receives within one second are beyond the specified amount, it indicates the port of this destination IP is being attacked by TCP SYN Flood.
LAND Attack: This refers to the combined attack of SYN Flood Attack and IP cheat. It takes place when attacker sends a deceptive SYN packet which includes the victims IP address as source and destination IP addresses.
WinNuke It refers to attacking DoS of any computer which runs Windows. Attacker sends TCP fragment (usually configured as URG NetBIOS port 139) to connected host, which causes fragment overlapping and leads to breakdown of the computer.
Big ICMP PacketsGenerally, ICMP packet is less than 1024 Bytes and will be considered as a suspicious packet if it exceeds.
TCP Packets Without FlagA normal TCP packet has at least one configured symbol (flag), and those without any control symbol are regarded as suspicious packets.Set the TCP Packets of SYN and FIN at the Same Time:Those that have both simultaneously configured SYN and FIN control symbols in the same TCP fragment packet are suspicious TCP packets TCP Packets only Set FIN without ACK TCP packet headers which have configured FIN symbol but no ACK symbol are abnormal.
Unknown ProtocolIf the character segment in protocol type of IP packet which is 135 or bigger, is reserved and undefined, it is impossible to figure out in advance whether this unknown protocol is well-intentioned or malicious. The cautious solution for these non-standard protocols is to block and prevent them from entering the protected network.
IP Timestamp OptionIt refers to whether to check IP from specified area contains Internet Timestamp or not. IP Security OptionIt refers to whether to check IP from specified area contains Security or not.
IP Stream OptionIt refers to whether to check IP from specified area contains Stream ID or not.
IP Record Route OptionIt refers to whether to check IP from specified area contains Record Route or not.IP Loose Source Route OptionIt refers to whether to check IP from specified area contains Loose Source Route or not. IP Strict Source Route OptionIt refers to whether to check IP from specified area contains Strict Source Route or not. Invalid IP It refers to whether to check the integrity or correctness of the IP packet from specified area or not.
Filter Ping From LAN PortRouter will not respond to ping detect from LAN port after this function is enabled.DDoS Attack DefenseRouter will block DDoS attack after this function is enabled.Shock Waves, Sasser and Other Viruses Defense: enabling this function to block shock waves sasser and other viruses attack.
4.5.4 IP-MAC Binding There are IP-MAC Binding and Dynamic Binding two submenus in IP-MAC Binding menu. The detailed function of each will be illustrated below. 4.5.4.1 IP-MAC BindingThis function realizes the binding of intranet computers IP and MAC address.Once address binding configuration is completed, the specified IP can only be used by the corresponding designated computer, which solves IP address collision problem caused by random change of IP address in LAN. Furthermore, you can also select Mandatory Mode to forbid unbound computers to access internet.
Enable IP-MAC BindingEnables IP-MAC Binding function. ModeSelect Normal Mode or Mandatory Mode.NoteNormal Mode only forbids IP which does not match the bound MAC, while IPs which are not included in binding list can communicate normally.Mandatory ModeOnly permits IP that matches the MAC addresses in binding list to access internet. Click Add Binding to move to the following screen:
ARP ListDisplays the corresponding IP and MAC addresses in the ARP List. Select Manual set in ARP List if you want to add IP and MAC addresses.
IP AddressIP address that needs to be bound. MAC Address: MAC addresses that need to be bound. Only when IP and MAC addresses in binding list reach one-to-one correspondence can the computer access internet after binding function is enabled.
Remark: simple description of binding. 4.5.4.2 Dynamic Binding
This binding list shows internal network IP and corresponding MAC addresses access information. You can select binding or All binding to fulfill IP-MAC address quick binding. 4.5.5 Attack ListThis page displays the host computers which are filtered by the Router because of attacks. These attacks are usually caused by network viruses. When you are sure that the viruses in the host computer are all cleared, you can click Delete to restore the computers normal access ability.
Router automatically displays the computers IP and MAC addresses in Attack List and shields/filters the corresponding host when detecting viruses or some computer is trying to make malicious attack. This computer is thus prevented from accessing internet after the function is enabled. To restore this hosts normal access to internet, click Delete 4.6 Advanced SettingsAdvanced Settings menu includes Virtual Server, UPnP, One -to -One NAT, DDNS, Router Table five submenus. Clicking on one submenu brings you to the corresponding configuration.
4.6.1 Virtual ServerPort Mapping defines the mapping relationship between the WAN service port and LAN server. All the accesses to WAN service port will be redirected to the LAN network server designated by IP address. Port mapping allows you to establish public services such as Web server, FTP server, etc. Click Add Virtual Server to go to the following interface:
WAN: select a WAN for Port Mapping, WAN1, or WAN2 as options. WAN Port: WAN service port which provides external network service.
Well-known Service: In the Well-known service options, there are some commonly used protocol ports such as DNS (53), FTP (21), GOPHER (70), HTTP (80), NNTP (1190), POP3 (110), PPTP (1723), SMTP (25), SOCK (1080) and TELNET (23).
You can manually add the ports which are not included in the above to the list. LAN Port: LAN service port, namely the clients PC port.
LAN IP: IP address of the computer which is used as a server in LAN.
Protocol: Includes TCP, UDP and All. When you are not sure of which protocol to use, please select all.
Enable: Select this item to enable the set rules.
Modify: Modify the mapping correspondingly numbered port.
For example:
If you build a Web server in a computer at the internal LAN IP address of 192.168.0.10 via port of 80, and you want to access the web server via WAN through http://x.x.x.x:40 (x.x.x.x is the Routers WAN2 IP address), you can enter "40 in WAN Port, 80 in LAN Port, 192.168.0.10 in LAN IP, All in Protocol and then Enable and Save it to effect the function.
Note: If you set a virtual server at the service port of 80, you need to set the Remote Web Management at any value except 80, like 8080. Otherwise, there will be collision which affects the virtual server.4.6.2 UPnP
The latest Universal Plug and Play network protocol is supported by Windows ME/ Windows XP or higher, (The operating system needs to be integrated with or to install Directx9.0 or higher version,) or application software which supports UPnP. For example, if Thunder or other P2P software is installed in Windows XP, you can use UPnP protocol in uploading and downloading. If UPnP is enabled, you can see the port forwarding information when starting Thunder. Port information forwarding is supplied at the request of application program.
IDIt indicates the items number.
Remote Host: The description of the remote host which receives or sends data.
External Port: The Routers port number used for forwarding.
Internal Host: The description of the internal host which receives or sends data. Internal Port: The hosts port number which needs port forwarding. Protocol: It specifies the port forwarding to TCP or UDP. Description: Software information of mapping port.
4.6.3 One-to-One NAT
This function fulfills one-to-one NAT static mapping between LAN IP and WAN IP. Click Add NAT to enter the following interface:
LAN Starting Address: Fill in the internal host IP address.
WAN Starting AddressFill in WAN IP address which is correspondingly mapped by internal IP address. IP CountIt indicates one-to-one NAT IP numbers.
EnableEnables the currently set rule, which doesnt take effect when Enable is not selected.For example: by entering 192.168.0.10 in LAN starting IP address, 172.138.112.111 in WAN starting IP address, and 5 in IP Count field, you specify that LAN IPs: 192.168.0.10192.168.0.14 and WAN IPs: 172.138.112.111172.138.112.115 are reaching one-to-one correspondence.
4.6.4 DDNSThis page allows you to set dynamic DNS parameters. When the connection is successfully established, other hosts on the Internet can access your Router or virtual server via domain name. TEI480T+ Router provides the same dynamic DNS configuration method for each WAN.
Enable DDNS: Select it to enable this function.
Service Provider: Select the DDNS service provider among Dyndns.org, 88ip.cn, freedns.afraid.org, zoneedit.com, no-ip.com, and 3322.org.
User Name: The user name registered on DDNS server.
Password: The password registered on DDNS server.
Domain Information: The Domain Name obtained from DDNS server. Connection Status: The current connection status of DDNS server.
Enable DDNS: Select it to enable this function.
Service Provider: Select the DDNS service provider among Dyndns.org, 88ip.cn, freedns.afraid.org, zoneedit.com, no-ip.com, and 3322.org.
User Name: The user name registered on DDNS server.
Password: The password registered on DDNS server.
Domain Information: The Domain Name obtained from DDNS server.
Connection Status: The current connection status of DDNS server.4.6.5 Route Table
There are two submenus Route Table and Static Route in Route Setting menu. The functions of these submenus will be illustrated below.
4.6.5.1 Route TableThis page displays the Route Table contents.
4.6.5.2 Static RouteYou can configure the Static Route functions on this page, click Add Static Routing and specify Static Route rules.
Destination IP: The IP address of destination host or destination network.
Subnet Mask: The subnet mask of destination address. Usually the value is 255.255.255.0.
Gateway: The IP address of the Router entry for next hop.4.7 VPN
There are two submenus: PPTP Client, and PPTP Service in VPN. Click one to enter corresponding setting. The functions of each are illustrated in details below.
4.7.1 PPTP ClientPPTP Client supports the connection between VPN router client and VPN router service. For example: if a branch and its headquarter of an enterprise want to achieve simple, safe, mutual access to each others resources, they can simply use the PPTP client in the router of the branch. The configuration method is illustrated below:
Enable PPTP ClientTick to enable PPTP client function
PPTP Server AddressPPTP service address which needs to be dialed User NamePPTP user name assigned by servicePasswordIt corresponds with user name and is assigned by service Enable Encryption or NotSelect whether to enable encryption or not according to service configuration. Only when server and client share the same configuration can communication be normally maintained. PPTP Net Segment The accessed net segment via PPTP tunnel; usually it is configured as LAN address segment of PPTP service. PPTP Mask PPTP net segment mask. StatusIt displays the connection status of PPTP client.Obtained PPTP AddressIt indicates the IP address assigned by PPTP service. 4.7.2 PPTP Server
There are three submenus in PPTP Server: PPTP Server Client Setting, Dial-in List. The detailed functions of each are illustrated below. 4.7.2.1 PPTP ServerPPTP service supports the connection between PPTP Client and VPN router. For example: a branch company needs to use PPTP VPN to send daily financial reports to its headquarter and receive emails from company internal email box. This is accomplished by dialing-in to access company internal network. Configuration methods are demonstrated in details below:
Enable PPTPTick to enable PPTP VPN.
Maximum PPTP LinksThe largest number of supported PPTP clients who dial-in simultaneously. System allows 8 different clients to dial-in at the same time. PPTP Server AddressFill in the PPTP servers IP address. PPTP Client Address RangeThe IP address range assigned by service to a client after his access via VPN dial-in. Enable or Disable EncryptionSupports 128-bit data encryption. Tick to enable 128-bit encryption mode for both sides communication, which is only achieved when service and client share the same configuration.4.7.2.2 PPTP Client SettingAfter the above configuration is finished you need to create PPTP clients for router. Enter PPTP Client Setting and click Add Users. For example, you can configure like this: user name: test, password: 123, and client corresponding net segment: 192.168.0.0, please follow the configuration method shown in the diagram below.
User Name User name for accessing PPTP server
Password Password for accessing PPTP server
Confirm Password Reconfirm Password for accessing PPTP serverClient Is network or not Select network access or single PC access mode for client.
NoteYou have to choose network for client if router is PPTP client access mode and you want all LAN computers in router can be connected. Net Segment PPTP client net segment. Mask PPTP client subnet mask Remark Fill in remarks (optional). 4.7.2.3 Dial-in ListThis page shows the information of PPTP client via dial-up.
User name: User name of PPTP client via dial-in.
Dial-in IPPPTP client IP address. Assign IPIP address assigned by PPTP server to client. 4.8 Monitor
There are three submenus in Monitor: Statistics, Log View, Log Setting. Click one to enter the corresponding setting. Function of each submenu is illustrated in details below.
4.8.1 Statiscs
Enable Traffic StatisticsSelect to enable this function. System default is Disable, please disable it to improve routers capability in dealing with packets if there is no need for traffic statistics. RefreshClick to refresh statistics list.
Note
It is normal, if there is a little deference between actual data and statistic data shown by Traffic Statistic, which is caused by actual traffic transient peak value. 4.8.2 Log View In system log you can check all kinds of conditions when system starts and whether there is network attack or not.
4.8.3 Log Setting
Based on system default, when system log records reach the number of 256, old log records will be automatically deleted. To provide complete knowledge of routers running status, Log Setting function transfers router log information to log server. Click Add Log Setting to move to the following interface:
Log Server IP Address IP address of log server. Log Server PortService port of log server. EnableEnable log service function.4.9 System Tools There are seven submenus in system tools: Time Setting, Backup and Restore, Firmware Upgrade, Policy Upgrade, Restore Factory Default, Reboot, Change password /Username. Click one to enter the corresponding setting. The function of each is illustrated in details below.
4.9.1 Time Setting
You can set time zone yourself or obtain GMT from internet. The GMT can only be gotten after successful access to internet. You can also manually input the current time.
Enable Network TimeSystem time is obtained automatically from network.
Time Adjusting Period Select system time and time adjusting period, which is 2 hours by default, according to your specific needs. Time ZoneSelect your local time zone.4.9.2 Backup / RestoreYou can backup the current or restore previous router configuration.
Backup / Restore setting steps:
Click "Backup" to enter configuration interface. Specify the path to save the configured file and click OK to create a system-configured backup file in specified directory. Click Browse to select the correctly uploaded file and click Restore. Then reboot the Router to restore the previous settings.
4.9.3 Firmware UpgradeYou will get a more stable router version and additional router functions by upgrading routers firmware.
Firmware upgrading steps Browse to select the path of firmware file. Then Click Upgrade to upgrade.
Router automatically reboots after being upgraded.
NoteDo not shut down the router power during upgrading, otherwise the router will be damaged and can not be used. It automatically restarts after successful upgrading. Please wait patiently for the upgrading process to finish, which lasts for several minutes.
4.9.4 Policy Upgrade
Obtain more stable filter function by upgrading the routers policy file.
Policy upgrading steps
Browse to choose the path for the policy file. Click Upgrade to upgrade policy. 4.9.5 Restore Factory Default
Click Restore Factory Default to bring all configurations to factory default:
Default User Nameadmin. Default Passwordadmin. Default IP Address192.168.0.1. Default Subnet Mask255.255.255.0. Restore Factory Default only takes effect after the router reboots 4.9.6 RebootThis interface below introduces function to reboot router via software. It takes about 40 seconds.
Click Reboot to bring configuration which can only be effected after the router is restarted. Router automatically ends network connection before restarting. 4.9.7 Change Password/Username
This page allows you to modify administrators user name and password. Please enter a new username and the old password first then a new password. If the old entered password is correct, after clicking Save, system user name and password is successfully modified.
NoteIt is highly recommended that you change the original user name and password for the sake of safety. 4.10 logoutPlease log out routers web-based management interface by clicking logout tag after all configurations are completed. Appendix 1: How to Set TCP/IP (Take Windows XP for example)
1. Click Start Control Panel to enter the control panel. Picture 12. Click Network and Internet Connections to enter the connection page.
Picture 2
3. Click Network Connections to display the following window.
Picture 34. Right click Local Area Connection and select Properties
Picture 4
5. Select Internet Protocol (TCP/IP) on the appearing window and click Properties button.
Picture 56. Method 1: Click Obtain an IP address automatically, Obtain DNS servers address automatically and then click OK.
Picture 6Method 2: Select Use the following IP address and enter the IP address: 192.168.0.xxx (xxx can be any value from 2~254). Subnet mask: 255.255.255.0. Default gateway: 192.168.0.1. Preferred DNS server: 192.168.0.1. If you know the local DNS server address, you can fill it in.
Picture 77. Click OK to return to the Local Area Connection Properties window.
8. Click Close to exit the window.
In this chapter, we introduce you to configure the TCP/ IP protocol. Please make sure that you have installed the network adapter in the computer. If not, please refer to the User Guide of the network adapter to install the adapter and driver.
Appendix 2: Useful CommandCommandExplanation
cmdRun this command to enter the Windows command mode. (Suitable for Windows 2000 or higher.)
ipconfigDisplay the computers IP address.
pingThe most useful command in TCP/IP protocol. When it sends a serial of packets to another system, the system will send back a response. It is useful for checking remote host. The response shows whether it can reach the host and how long it costs to receive a response.
netstatRun this command to check the current connection status of IP. When your basic communication is processing, the system service must be checked. The service includes checking the input data or verifying the session.
tracertTracert command is used to display the path which the packets pass through.
net stopStop Windows NT Network Service, such as net stop dnscache.
net sendSend messages to other network users or computers. You must run messenger service to receive messages.
If you have any problem, please contact our customer service or visit our website.
Tenda website: http://www.tenda.cnTEL: (86)0755-27657180 27653089
Email: [email protected] Statement:
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try and correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
PAGE 2
_1135667257.unknown