D-Link DSR-250N User Manual
Unified services router
Show thumbs
Also See for DSR-250N:
- User manual (221 pages) ,
- Quick installation manual (33 pages) ,
- Reference manual (129 pages)
1
2
3
Table Of Contents
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
Related Manuals for D-Link DSR-250N
Summary of Contents for D-Link DSR-250N
- Page 1 Building Networks for People Unified Services Router User Manual DSR-150 / 150N / 250 / 250N / 500 / 500N / 1000 / 1000N Ver. 1.08 Small Business Gateway Solution...
-
Page 2: User Manual
User Manual Unified Services Router D-Link Corporation Copyright © 2013 http://www.dlink.com... - Page 3 RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D- LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
-
Page 4: Table Of Contents
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ........................... 11 About this User Manual ..................12 Typographical Conventions ................... 12 Chapter 2. Configuring Your Network: LAN Setup ................13 LAN Configuration....................13 2.1.1 LAN DHCP Reserved IPs ..................15 2.1.2 LAN DHCP Leased Clients.................. - Page 5 Unified Services Router User Manual WAN Port Settings ....................65 Chapter 4. Wireless Access Point Setup ..................... 67 Wireless Settings Wizard ..................67 4.1.1 Wireless Network Setup Wizard ................68 4.1.2 Add Wireless Device with WPS ................68 4.1.3 Manual Wireless Network Setup ................69 Wireless Profiles .....................
- Page 6 Unified Services Router User Manual GRE Tunnel Support .................... 123 OpenVPN Support ....................124 6.6.1 OpenVPN Remote Network ................126 6.6.2 OpenVPN Authentication ..................127 Chapter 7. SSL VPN ..........................129 Groups and Users ....................131 7.1.1 Users and Passwords ..................137 Using SSL VPN Policies ..................
- Page 7 Unified Services Router User Manual 9.9.4 Router Options ...................... 185 9.10 Localization ......................186 Chapter 10. Router Status and Statistics ..................... 187 10.1 System Overview ....................187 10.1.1 Device Status ......................187 10.1.2 Resource Utilization ....................189 10.2 Traffic Statistics ..................... 192 10.2.1 Wired Port Statistics .....................
- Page 8 Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings ..................15 Figure 2: LAN DHCP Reserved IPs ......................16 Figure 3: LAN DHCP Leased Clients ...................... 17 Figure 4: IPv6 LAN and DHCPv6 configuration ..................18 Figure 5: Configuring the Router Advertisement Daemon ..............
- Page 9 Unified Services Router User Manual Fi gu r e 3 4 : IP A l ias C o nf i gur a ti o n ....................52 Fi gu r e 3 5 : Ro ut i n g M o de t o d et er m in e tr af f ic r o ut i n g b et we e n W AN a n d L AN ..54 Figure 36: Static route configuration fields .....................
- Page 10 Unified Services Router User Manual Figure 67: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded ......................101 Figure 68: Two trusted domains added to the Approved URLs List ..........102 Figure 69: One keyword added to the block list ................... 103 Figure 70: Export Approved URL list .....................
- Page 11 Unified Services Router User Manual Figure 99: List of SSL VPN polices (Global filter) ................139 Figure 100: SSL VPN policy configuration .................... 140 Figure 101: List of configured resources, which are available to assign to SSL VPN policies ..142 Figure 102: List of Available Applications for SSL Port Forwarding..........
- Page 12 Unified Services Router User Manual Figure 134: Restoring configuration from a saved file will result in the current configuration being overwritten and a reboot ....................... 180 Figure 135: Firmware version information and upgrade option ............181 Figure 136: Firmware upgrade and configuration restore/backup via USB ........182 Figure 137: Dynamic DNS configuration ....................
-
Page 13: Chapter 1. Introduction
Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels. With the D-Link Services Router you are able to experience a diverse set of benefits: • Comprehensive Management Capabilities... -
Page 14: About This User Manual
DSR-1000N. About this User Manual This document is a high level manual to allow new D-Link Services Router users to configure connectivity, setup VPN tunnels, establish firewall rules and perform general administrative tasks. Typical deployment and use case scenarios are described in each section. -
Page 15: Chapter 2. Configuring Your Network: Lan Setup
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN. - Page 16 Unified Services Router User Manual If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.
-
Page 17: Lan Dhcp Reserved Ips
Unified Services Router User Manual • Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and communicate with the ISP’s DNS servers, click the checkbox. Click Save Settings to apply all changes. Figure 1: Setup page for LAN TCP/IP settings 2.1.1 LAN DHCP Reserved IPs Setup >... -
Page 18: Figure 2: Lan Dhcp Reserved Ips
Unified Services Router User Manual IP Addresses: The LAN IP address of a host that is reserved by the DHCP server. MAC Addresses: The MAC address that will be assigned the reserved IP address when it is on the LAN. Associate with IP/MAC Binding: When the user enables this option the Computer Name, IP and MAC addresses are associated with the IP/MAC binding. -
Page 19: Lan Dhcp Leased Clients
Unified Services Router User Manual 2.1.2 LAN DHCP Leased Clients Setup > Network Settings > LAN DHCP Leased Clients This page provides the list of clients connect to LAN DHCP server. Figure 3: LAN DHCP Leased Clients Addresses: address host that matches reserved... -
Page 20: Figure 4: Ipv6 Lan And Dhcpv6 Configuration
Unified Services Router User Manual the prefix length. The IPv6 network (subnet) is identified by the initial bits of the address called the prefix. By default this is 64 bits long. All hosts in the network have common initial bits for their IPv6 address;... -
Page 21: Configuring Ipv6 Router Advertisements
Unified Services Router User Manual As with an IPv4 LAN network, the router has a DHCPv6 server. If enabled, the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses. The following settings are used to configure the DHCPv6 server: •... - Page 22 Unified Services Router User Manual accept such details. Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN. By configuring the Router Advertisement Daemon on this router, the DSR will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements.
-
Page 23: Figure 5: Configuring The Router Advertisement Daemon
Unified Services Router User Manual Figure 5: Configuring the Router Advertisement Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration. Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router. -
Page 24: Vlan Configuration
Unified Services Router User Manual • Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix. It is analogous to DHCP lease time in an IPv4 network. Figure 6: IPv6 Advertisement Prefix settings VLAN Configuration The router supports virtual network isolation on the LAN with the use of VLANs. -
Page 25: Associating Vlans To Ports
Unified Services Router User Manual Figure 7: Adding VLAN memberships to the LAN 2.2.1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to a physical port. Setup >... -
Page 26: Figure 8: Port Vlan List
Unified Services Router User Manual Figure 8: Port VLAN list • In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame. -
Page 27: Multiple Vlan Subnets
Unified Services Router User Manual Figure 9: Configuring VLAN membership for a port 2.2.2 Multiple VLAN Subnets Setup > VLAN Settings > Multi VLAN Settings This page shows a list of available multi-VLAN subnets. Each configured VLAN ID can map directly to a subnet within the LAN. -
Page 28: Vlan Configuration
Unified Services Router User Manual Figure 10: Multiple VLAN Subnets 2.2.3 VLAN configuration Setup > VLAN Settings > VLAN configuration This page allows enabling or disabling the VLAN function on the router. Virtual LANs can be created in this router to provide segmentation capabilities for firewall rules and VPN policies. The LAN network is considered the default VLAN. -
Page 29: Configurable Port: Dmz Setup
Unified Services Router User Manual Figure 11: VLAN Configuration Configurable Port: DMZ Setup DSR-150/150N/250/250N does not have a configurable port – there is no DMZ support. This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. -
Page 30: Universal Plug And Play (Upnp)
Unified Services Router User Manual Figure 12: DMZ configuration Setup > In order to configure a DMZ port, the router’s configurable port must be set to DMZ in the Internet Settings > Configurable Port page. Universal Plug and Play (UPnP) Advanced >... -
Page 31: Figure 13: Upnp Configuration
Unified Services Router User Manual • Advertisement Period: This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network. • Advertisement Time to Live: This is expressed in hops for each UPnP packet. -
Page 32: Captive Portal
Unified Services Router User Manual Captive Portal LAN users can gain internet access via web portal authentication with the DSR. Also referred to as Run-Time Authentication, a Captive Portal is ideal for a web café scenario where users initiate HTTP connection requests for web access but are not interested in accessing any LAN services. Firewall policies underneath will define which users require authentication for HTTP access, and when a matching user request is made the DSR will intercept the request and prompt for a username / password. -
Page 33: Figure 15: Captive Portal Profile List
Unified Services Router User Manual Figure 15: Captive Portal Profile List List of Available Profiles: Any one of these profiles can be used for Captive Portal Login page while enabling Captive Portal. Click “Add” in the Captive Portal setup page to allow defining customized captive portal login page information (Page Background Color, Header Details, Header Caption, Login Section Details, Advertisement Details, Footer Details and Captive Portal Header Image). -
Page 34: Figure 16: Customized Captive Portal Setup
Unified Services Router User Manual Figure 16: Customized Captive Portal Setup Setup > Captive Portal > Block Clients Access for specific clients can be regulated by the Captive Portal as well. The Block Client page allows one to define a MAC address that will always be denied access through all configured Captive Portals. -
Page 35: Captive Portals On A Vlan
Unified Services Router User Manual Figure 17: Blocking specific clients by their MAC address 2.5.2 Captive Portals on a VLAN Setup > VLAN Settings > VLAN Configuration Captive Portals can be enabled on a per-VLAN basis. Hosts of a particular VLAN can be directed to authenticate via the Captive Portal, which may be a customized portal with unique instructions and branding as compared to another VLAN. -
Page 36: Chapter 3. Connecting To The Internet: Wan Setup
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to establish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). It is assumed that you have arranged for internet service with your Internet Service Provider (ISP). -
Page 37: Wan Configuration
Unified Services Router User Manual WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity: • ISP Connection type: Based on the ISP you have selected for the primary WAN link for this router, choose Static IP address, DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point- to-Point Protocol over Ethernet (PPPoE), Layer 2 Tunneling Protocol (L2TP). -
Page 38: Wan Dns Servers
Unified Services Router User Manual statically provided by the ISP or should be received dynamically at each login. If static, enter your IP address, IPv4 subnet mask, and the ISP gateway’s IP address. PPTP and L2TP ISPs also can provide a static IP address and subnet to configure, however the default is to receive that information dynamically from the ISP. -
Page 39: Figure 21: Pppoe Configuration For Standard Isps
Unified Services Router User Manual The PPPoE ISP settings are defined on the WAN Configuration page. There are two types of PPPoE ISP’s supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE. Figure 21: PPPoE configuration for standard ISPs Most PPPoE ISP’s use a single control and data connection, and require username / password credentials to login and authenticate the DSR with the ISP. -
Page 40: Figure 22: Wan Configuration For Japanese Multiple Pppoe (Part 1)
Unified Services Router User Manual Figure 22: WAN configuration for Japanese Multiple PPPoE (part 1) There are a few key elements of a multiple PPPoE connection: • Primary and secondary connections are concurrent • Each session has a DNS server source for domain name lookup, this can be assigned by the ISP or configured through the GUI •... -
Page 41: Russia L2Tp And Pptp Wan
Unified Services Router User Manual When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added on that interface. These routes are needed to access the internal domain of the ISP where he hosts various services. -
Page 42: Russia Dual Access Pppoe
Unified Services Router User Manual Figure 24: Russia L2TP ISP configuration 3.2.6 Russia Dual Access PPPoE For Russia dual access PPPoE connections, you can choose the address mode of the connection to get an IP address from the ISP or configure a static IP address provided by the ISP. -
Page 43: Wan Configuration In An Ipv6 Network
Unified Services Router User Manual Figure 25: Russia Dual access PPPoE configuration 3.2.7 WAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. -
Page 44: Figure 26: Ipv6 Wan Setup Page
Unified Services Router User Manual ICMPv6 discover messages will originate from this gateway and will be used for auto configuration. A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well. Figure 26: IPv6 WAN Setup page Prefix Delegation: Select this option to request router advertisement prefix from any available DHCPv6 servers available on the ISP, the obtained prefix is updated to the advertised prefixes on... -
Page 45: Checking Wan Status
Unified Services Router User Manual • Password: Enter the password required to login to the ISP. • Authentication Type: The type of Authentication in use by the profile: Auto- Negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2. • Dhcpv6 Options: The mode of Dhcpv6 client that will start in this mode: disable dhcpv6/stateless dhcpv6/stateful dhcpv6/stateless dhcpv6 with prefix delegation. -
Page 46: Bandwidth Controls
Unified Services Router User Manual Figure 27: Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required. Bandwidth Controls Advanced >... -
Page 47: Figure 28: List Of Configured Bandwidth Profiles
Unified Services Router User Manual Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and adding a profile which defines the control parameters. The profile can then be associated with a traffic selector, so that bandwidth profile can be applied to the traffic matching the selectors. Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation. -
Page 48: Figure 29: Bandwidth Profile Configuration Page
Unified Services Router User Manual Figure 29: Bandwidth Profile Configuration page Advanced > Advanced Network > Traffic Management > Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN. To create a traffic selector, click Add on the Traffic Selectors page. -
Page 49: Features With Multiple Wan Links
Unified Services Router User Manual Figure 30: Traffic Selector Configuration Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports. -
Page 50: Load Balancing
Failover after: This sets the number of retries after which failover is initiated. DSR-1000, DSR-1000N, DSR-500, DSR-500N, DSR-250, DSR-250N, DSR-150, and DSR-150N support 3G USB Modem as a failover link when the internet access is lost. 3.4.2 Load Balancing This feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously. - Page 51 Unified Services Router User Manual Protocol Bindings: Refer Section 3.4.3 for details Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another. In this case you can define protocol bindings to route low-latency services (such as VOIP) over the higher-speed link and let low-volume background traffic (such as SMTP) go over the lower speed link.
-
Page 52: Protocol Bindings
Unified Services Router User Manual Figure 31: Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined 3.4.3 Protocol Bindings Advanced > Routing > Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use. Choosing from a list of configured services or any of the user-defined services, the type of traffic can be assigned to go over only one of the available WAN ports. -
Page 53: Ip Aliasing
Unified Services Router User Manual Figure 32: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.4.4 IP Aliasing Setup>Internet Settings>IP Aliasing A single WAN ethernet port can be accessed via multiple IP addresses by adding an alias to the port. This is done by configuring an IP Alias address. - Page 54 Unified Services Router User Manual Figure 33: Configuring the IP Alias Interface: Sets the interface on which IP Alias is being configured. IP Address: Sets the IP address of the IP Alias. Subnet Mask: Sets the Subnet Mask of the IP Alias. Click Save Settings to save your changes.
-
Page 55: Routing Configuration
Unified Services Router User Manual Delete: Deletes the selected IP Aliases. Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces. The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet. - Page 56 Unified Services Router User Manual device for these other ports. With Bridge mode for the LAN port 1 and WAN2/DMZ interfaces, L2 and L3 broadcast traffic as well as ARP / RARP packets are passed through. When WAN2 receives tagged traffic the tag information will be removed before the packet is forwarded to the LAN port 1 interface.
-
Page 57: Dynamic Routing (Rip)
Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 150/150N/250/250N does not support RIP. Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow. -
Page 58: Static Routing
Unified Services Router User Manual 3.5.3 Static Routing Advanced > Routing > Static Routing Advanced > IPv6 > IPv6 Static Routing Manually adding static routes to this device allows you to define the path selection of traffic from one interface to another. There is no communication between this router and other devices to account for changes in the path;... -
Page 59: Ospfv2
Unified Services Router User Manual Figure 36: Static route configuration fields 3.5.4 OSPFv2 Advanced > Routing > OSPF OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single routing domain. It gathers link state information from available routers and constructs a topology map of the network. -
Page 60: Figure 37: Ospfv2 Configured Parameters
Unified Services Router User Manual Figure 37: OSPFv2 configured parameters Interface: The physical network interface on which OSPFv2 is Enabled/Disabled. Status: This column displays the Enable/Disable state of OSPFv2 for a particular interface. Area: The area to which the interface belongs. Two routers having a common segment; their interfaces have to belong to the same area on that segment. -
Page 61: Ospfv3
Unified Services Router User Manual Figure 38: OSPFv2 configuration 3.5.5 OSPFv3 Advanced > IPv6 > OSPF Open Shortest Path First version 3 (OSPFv3) supports IPv6. To enable an OSPFv3 process on a router, you need to enable the OSPFv3 process globally, assign the OSPFv3 process a router ID, and enable the OSPFv3 process on related interfaces. -
Page 62: Figure 39: Ospfv3 Configured Parameters
Unified Services Router User Manual Figure 39: OSPFv3 configured parameters Interface: The physical network interface on which OSPFv3 is Enabled/Disabled. Status: This column displays the Enable/Disable state of OSPFv3 for a particular interface. Priority: Helps to determine the OSPFv3 designated router for a network. The router with the highest priority will be more eligible to become Designated Router. -
Page 63: 6To4 Tunneling
Unified Services Router User Manual Figure 40: OSPFv3 configuration 3.5.6 6to4 Tunneling Advanced > IPv6 > 6to4 Tunneling 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network. Select the check box to Enable Automatic Tunneling and allow traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network. -
Page 64: Isatap Tunnels
Unified Services Router User Manual 3.5.7 ISATAP Tunnels Advanced > IPv6 > 6to4 Tunneling ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. ISATAP specifies an IPv6-IPv4 compatibility address format as well as a means for site border router discovery. -
Page 65: Wan 3 (3G) Configuration
Unified Services Router User Manual WAN 3 (3G) Configuration This router supports one of the physical ports WAN3 to be configured for 3G internet access. Setup > Internet Settings > WAN3 Setup WAN3 configuration for the 3G USB modem is available only on WAN3 interface. There are a few key elements of WAN 3 configuration. -
Page 66: Figure 43: Wan3 Configuration For 3G Internet
Unified Services Router User Manual DMZ: If this option is selected, you are able to configure the DMZ port on the DMZ Configuration menu. Click Save Settings to save your changes. Click Don't Save Settings to revert to the previous settings. Figure 43: WAN3 configuration for 3G internet Cellular 3G internet access is available on WAN3 via a 3G USB modem for DSR-1000 and DSR- 1000N. -
Page 67: Wan Port Settings
Unified Services Router User Manual WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network. -
Page 68: Figure 44: Physical Wan Port Settings
Unified Services Router User Manual Figure 44: Physical WAN port settings The 3G USB Modem can be configured as dedicated WAN2 for DSR-500 and DSR-500N as well as dedicated WAN3 for DSR-1000 and DSR-1000N. -
Page 69: Chapter 4. Wireless Access Point Setup
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu. -
Page 70: Wireless Network Setup Wizard
Unified Services Router User Manual Figure 45: Wireless Network Setup Wizards 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients. The Wizard uses a TKIP+AES cipher for WPA / WPA2 security;... -
Page 71: Manual Wireless Network Setup
Unified Services Router User Manual • Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client. •... -
Page 72: Wep Security
Unified Services Router User Manual • WPA + WPA2: this uses both encryption algorithms, TKIP and CCMP. WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms. “WPA+WPA2” is a security option that allows devices to connect to an AP using the strongest security that it supports. -
Page 73: Wpa Or Wpa2 With Psk
Unified Services Router User Manual Figure 47: Profile configuration to set network security 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to authenticate the wireless client. An acceptable passphrase is between 8 to 63 characters in length. Creating and Using Access Points Setup >... -
Page 74: Figure 48: Virtual Ap Configuration
Unified Services Router User Manual The AP configuration page allows you to create a new AP and link to it one of the available profiles. This router supports multiple AP’s referred to as virtual access points (VAPs). Each virtual AP that has a unique SSIDs appears as an independent access point to clients. This valuable feature allows the router’s radio to be configured in a way to optimize security and throughput for a group of clients as required by the user. -
Page 75: Primary Benefits Of Virtual Aps
Unified Services Router User Manual Figure 49: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points. -
Page 76: Tuning Radio Specific Settings
Unified Services Router User Manual Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP’s enabled on the DSR. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though). -
Page 77: Wireless Distribution System (Wds)
Unified Services Router User Manual Figure 51: Wi-Fi Multimedia Profile Name: This field allows you to select the available profiles in wireless settings. Enable WMM: This field allows you to enable WMM to improve multimedia transmission. Default Class of Service: This field allows you to select the available Access Categories (voice, video, best effort, and background). -
Page 78: Figure 52: Wireless Distribution System
Unified Services Router User Manual Figure 52: Wireless Distribution System This feature is only guaranteed to work only between devices of the same type (i.e. using the same chipset/driver). For example between two DSR250N boxes, or between two DSR1000N. It should also interoperate between a DSR 1000N and DSR 500 N boxes since they are based on the same chipset/driver. -
Page 79: Advanced Wireless Settings
Unified Services Router User Manual WDS Encryption - Displays the type of encryption used. It could be one of OPEN/64 bit WEP/128 bit WEP/TKIP/AES (Use the term being used throughout the box i.e. either CCMP or AES). WDS Passphrase - This is required if the encryption selected is TKIP/CCMP. We would expect it to be within 8~63 ASCII characters. -
Page 80: Wi-Fi Protected Setup (Wps)
Unified Services Router User Manual Figure 53: Advanced Wireless communication settings Wi-Fi Protected Setup (WPS) Advanced > Wireless Settings > WPS WPS is a simplified method to add supporting wireless clients to the network. WPS is only applicable for APs that employ WPA or WPA2 security. To use WPS, select the eligible VAPs from the dropdown list of APs that have been configured with this security and enable WPS status for this AP. -
Page 81: Figure 54: Wps Configuration For An Ap With Wpa/Wpa2 Profile
Unified Services Router User Manual Figure 54: WPS configuration for an AP with WPA/WPA2 profile... -
Page 83: Chapter 5. Securing The Private Network
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply. To do so, you must define the following: •... -
Page 84: Defining Rule Schedules
Unified Services Router User Manual Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources. The default outbound rule is to allow access from the secure zone (LAN) to either the public DMZ or insecure WAN. -
Page 85: Configuring Firewall Rules
Unified Services Router User Manual Figure 56: List of Available Schedules to bind to a firewall rule Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects. - Page 86 Unified Services Router User Manual • Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK. A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule.
- Page 87 Unified Services Router User Manual This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address. On a single WAN interface, multiple public IP addresses are supported. If your ISP assigns you more than one public IP address, one of these can be used as your primary IP address on the WAN port, and the others can be assigned to servers on the LAN or DMZ.
-
Page 88: Figure 57: Example Where An Outbound Snat Rule Is Used To Map An External Ip Address (209.156.200.225) To A Private Dmz Ip Address (10.30.30.30)
Unified Services Router User Manual Figure 57: Example where an outbound SNAT rule is used to map an external IP address (209.156.200.225) to a private DMZ IP address (10.30.30.30) -
Page 89: Figure 58: The Firewall Rule Configuration Page Allows You To Define The To/From Zone, Service, Action, Schedules, And Specify Source/Destination Ip Addresses As Needed
Unified Services Router User Manual Figure 58: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed. -
Page 90: Configuring Ipv6 Firewall Rules
Unified Services Router User Manual Configuring IPv6 Firewall Rules Advanced > Firewall Settings > IPv6 Firewall Rules All configured IPv6 firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects. -
Page 91: Figure 59: The Ipv6 Firewall Rule Configuration Page Allows You To Define The To/From Zone, Service, Action, Schedules, And Specify Source/Destination Ip Addresses As Needed
Unified Services Router User Manual Figure 59: The IPv6 firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed. -
Page 92: Firewall Rule Configuration Examples
Unified Services Router User Manual Figure 60: List of Available IPv6 Firewall Rules 5.4.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day. - Page 93 Unified Services Router User Manual Situation: You want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses (132.177.88.2 - 132.177.88.254), from a branch office. Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video conference service used) connections are allowed only from a specified range of external IP addresses.
- Page 94 Unified Services Router User Manual Send to Local Server (DNAT IP) 192.168.12.222 ( web server local IP address) Destination Users Single Address From 10.1.0.52 WAN Users Never 4: Bloc Example 4: Block traffic by schedule if generated from specific range of machines Use Case: Block all HTTP traffic on the weekends if the request originates from a specific group of machines in the LAN having a known range of IP addresses, and anyone coming in through the Network from the WAN (i.e.
-
Page 95: Figure 61: Schedule Configuration For The Above Example
Unified Services Router User Manual Figure 61: Schedule configuration for the above example. -
Page 96: Security On Custom Services
Unified Services Router User Manual Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2/WAN3) that is to be blocked according to schedule “Weekend”. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. - Page 97 Unified Services Router User Manual traffic, many custom or uncommon applications exist in the LAN or WAN. In the custom service configuration menu you can define a range of ports and identify the traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will appear in the services list of the firewall rules configuration menu.
-
Page 98: Figure 62: List Of User Defined Services
Unified Services Router User Manual Figure 62: List of user defined services. Figure 63: Custom Services configuration Created services are available as options for firewall rule configuration. Name: Name of the service for identification and management purposes. -
Page 99: Alg Support
Unified Services Router User Manual Type: The layer 3 Protocol that the service uses. (TCP, UDP, BOTH, ICMP or ICMPv6) Port Type: This fields allows to select Port Range or Multiple Ports ICMP Type: This field is enabled when the layer 3 protocol (in the Type field) is selected as ICMP or ICMPv6. -
Page 100: Vpn Passthrough For Firewall
Unified Services Router User Manual Figure 64: Available ALG support on the router. VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This router’s firewall settings can be configured to allow encrypted VPN traffic for IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support;... -
Page 101: Application Rules
Unified Services Router User Manual Figure 65: Passthrough options for VPN tunnels Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as port triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic. -
Page 102: Web Content Filtering
Unified Services Router User Manual and inbound ports to open. You can also specify a port triggering rule by defining the type of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when enabled. Figure 66: List of Available Application Rules showing 4 unique rules The application rule status page will list any active rules, i.e. -
Page 103: Approved Urls
Unified Services Router User Manual contain session information, can be blocked as well for all devices on the private network. Figure 67: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded 5.9.2 Approved URLs Advanced >... -
Page 104: Blocked Keywords
Unified Services Router User Manual Figure 68: Two trusted domains added to the Approved URLs List 5.9.3 Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL’s or site content that contains the keywords in the configured list. -
Page 105: Export Web Filter
Unified Services Router User Manual Figure 69: One keyw ord added to the block list 5.9.4 Export Web Filter Advanced > Website Filter > Export Export Approved URLs: Feature enables the user to export the URLs to be allowed to a .csv (comma-separated value) file which can then be downloaded to the local host. -
Page 106: Ip/Mac Binding
Unified Services Router User Manual Figure 70: Export Approved URL list 5.10 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed. -
Page 107: Intrusion Prevention (Ips)
Unified Services Router User Manual Figure 71: The following example binds a LAN host’s MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured 5.11 Intrusion Prevention (IPS) Advanced >... -
Page 108: Protecting From Internet Attacks
Unified Services Router User Manual Figure 72: Intrusion Prevention features on the router 5.12 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. -
Page 109: Figure 73: Protecting The Router And Lan From Internet Attacks
Unified Services Router User Manual Figure 73: Protecting the router and LAN from internet attacks WAN Security Checks: Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans from the WAN. This makes it less susceptible to discovery and attacks. Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets and be protected from a SYN flood attack. -
Page 110: Igmp Proxy To Manage Multicast Traffic
Unified Services Router User Manual Block Multicast Packets: selecting this option drops multicast packets, which could indicate a spoof attack, through or to the gateway. DoS Attacks: SYN Flood Detect Rate (max/sec): The rate at which the SYN Flood can be detected. Echo Storm (ping pkts/sec): The number of ping packets per second at which the router detects an Echo storm attack from the WAN and prevents further ping traffic from that external address. -
Page 111: Figure 74: Enabling Igmp Proxy For The Lan
Unified Services Router User Manual Figure 74: Enabling IGMP Proxy for the LAN Enable IGMP Proxy: selecting this allows the router to listen in on IGMP traffic through the network, and manage multicast streams bound for the LAN... -
Page 112: Chapter 6. Ipsec / Pptp / L2Tp Vpn
Unified Services Router User Manual Chapter 6. IPsec / PPTP / L2TP VPN A VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote PC client. The following types of tunnels can be created: • Gateway-to-gateway VPN: to connect two or more routers to secure traffic between remote sites. -
Page 113: Figure 76: Example Of Three Ipsec Client Connections To The Internal Network Through The Dsr Ipsec Gateway
Unified Services Router User Manual Figure 76: Example of three IPsec client connections to the internal network through the DSR IPsec gateway... -
Page 114: Vpn Wizard
Unified Services Router User Manual VPN Wizard Setup > Wizard > VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies. Once the IKE or VPN policy is created, you can modify it as required. Figure 77: VPN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: Select the VPN tunnel type to create... - Page 115 Unified Services Router User Manual • Remote Gateway Type: identify the remote endpoint of the tunnel by FQDN or static IP address • Remote WAN IP address / FQDN: This field is enabled only if the peer you are trying to connect to is a Gateway. For VPN Clients, this IP address or Internet Name is determined when a connection request is received from a client.
-
Page 116: Configuring Ipsec Policies
Unified Services Router User Manual The VPN Wizard is the recommended method to set up an Auto IPsec policy. Once the Wizard creates the matching IKE and VPN policies required by the Auto policy, one can modify the required fields through the edit link. Refer to the online help for details. -
Page 117: Figure 78: Ipsec Policy Configuration
Unified Services Router User Manual Figure 78: IPsec policy configuration Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto. -
Page 118: Figure 79: Ipsec Policy Configuration Continued (Auto Policy Via Ike)
Unified Services Router User Manual The VPN policy is one half of the IKE/VPN policy pair required to establish an Auto IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN endpoints are configured here, along with the policy parameters required to secure the tunnel Figure 79: IPsec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE and instead relies on manual keying to exchange... - Page 119 Unified Services Router User Manual As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully. Note that using Auto policies with IKE are preferred as in some IPsec implementations the SPI (security parameter index) values require conversion at each endpoint.
-
Page 120: Extended Authentication (Xauth)
Unified Services Router User Manual Figure 80: IPsec policy configuration continued (Auto / Manual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server. -
Page 121: Internet Over Ipsec Tunnel
Unified Services Router User Manual With a configured RADIUS server, the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client. You can secure the connection between the router and the RADIUS server with the authentication protocol supported by the server (PAP or CHAP). -
Page 122: Figure 81: Pptp Tunnel Configuration - Pptp Client
Unified Services Router User Manual Figure 81: PPTP tunnel configuration – PPTP Client Figure 82: PPTP VPN connection status Setup > VPN Settings > PPTP > PPTP Server A PPTP VPN can be established through this router. Once enabled a PPTP server is available on the router for LAN and WAN PPTP client users to access. -
Page 123: L2Tp Tunnel Support
Unified Services Router User Manual Figure 83: PPTP tunnel configuration – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access. -
Page 124: Figure 84: L2Tp Tunnel Configuration - L2Tp Server
Unified Services Router User Manual by the L2TP server (the tunnel endpoint), L2TP clients have access to the network managed by the router. Figure 84: L2TP tunnel configuration – L2TP Server Setup > VPN Settings > L2TP > L2TP Client A L2TP VPN Client can be configured on this router. -
Page 125: Gre Tunnel Support
Unified Services Router User Manual the user can access Status > Active VPN page and establish L2TP VPN tunnel clicking Connect. To disconnect the tunnel, click Drop. A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access. -
Page 126: Openvpn Support
Unified Services Router User Manual There are two simple steps involved in establishing a GRE tunnel on the router: 1. Create a GRE tunnel from the GUI 2. Setup a static route for the remote local networks using the GRE tunnel Figure 86: GRE Tunnel configuration When creating the GRE tunnel, the IP Address should be a unique address that identifies that GRE tunnel endpoint. - Page 127 Unified Services Router User Manual • Mode: OpenVPN daemon mode. It can run in server mode, client mode or access server client mode. In access server client mode, the user has to download the auto login profile from the OpenVPN Access Server and upload the same to connect.
-
Page 128: Openvpn Remote Network
Unified Services Router User Manual Figure 87: OpenVPN configuration 6.6.1 OpenVPN Remote Network Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-to- Site) This page allows the user to add/edit a remote network and netmask which allows the other OpenVPN clients to reach this network. -
Page 129: Openvpn Authentication
Unified Services Router User Manual Figure 88: OpenVPN Remote Network Common Name: Common Name of the OpenVPN client certificate. Remote Network: Network address of the remote resource. Subnet Mask: Netmask of the remote resource. 6.6.2 OpenVPN Authentication Setup > VPN Settings > OpenVPN > OpenVPN Authentication This page allows the user to upload required certificates and keys. -
Page 130: Figure 89: Openvpn Authentication
Unified Services Router User Manual Figure 89: OpenVPN Authentication Trusted Certificate (CA Certificate): Browse and upload the pem formatted CA Certificate. Server/Client Certificate: Browse and upload the pem formatted Server/Client Certificate. Server/Client Key: Browse and upload the pem formatted Server/Client Key. DH Key: Browse and upload the pem formatted Diffie Hellman Key. -
Page 131: Chapter 7. Ssl Vpn
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre- installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN. -
Page 132: Figure 90: Example Of Clientless Ssl Vpn Connections To The Dsr
Unified Services Router User Manual Figure 90: Example of clientless SSL VPN connections to the DSR... -
Page 133: Groups And Users
Unified Services Router User Manual Groups and Users Advanced > Users > Groups The group page allows creating, editing and deleting groups. The groups are associated to set of user types. The lists of available groups are displayed in the “List of Group”... -
Page 134: Figure 92: User Group Configuration
Unified Services Router User Manual • Guest User (read-only): The guest user gains read only access to the GUI to observe and review configuration settings. The guest does not have SSL VPN access. • Captive Portal User: Captive portal users obtain internet access via approval from the router. -
Page 135: Figure 93: Sslvpn Settings
Unified Services Router User Manual portal with their Active Directory username and password. If there are multiple Active Directory domains, user can enter the details for up to two authentication domains. • Timeout: The timeout period for reaching the authentication server. •... -
Page 136: Figure 94: Group Login Policies Options
Unified Services Router User Manual • Deny Login from WAN interface: Enable to prevent the users of this group from logging in from a WAN (wide area network) interface. In this case only login through LAN is allowed. Figure 94: Group login policies options Policy by Browsers To set browser policies for the group, select the corresponding group click “Policy by Browsers”. -
Page 137: Figure 95: Browser Policies Options
Unified Services Router User Manual Figure 95: Browser policies options Policy by IP To set policies bye IP for the group, select the corresponding group click “Policy by IP”. The following parameters are configured: • Group Name: This is the name of the group that can have its login policy edited •... -
Page 138: Figure 96: Ip Policies Options
Unified Services Router User Manual Figure 96: IP policies options Login Policies, Policy by Browsers, Policy by IP are applicable SSL VPN user only. Advanced > Users > Users The Users page allows the administrator to add, edit or delete existing groups. Each user is associated to configured groups. -
Page 139: Users And Passwords
Unified Services Router User Manual Figure 97: Available Users with login status and associated Group 7.1.1 Users and Passwords Advanced > Users > Users The user configurations allow creating users associated to group. The user settings contain the following key components: •... -
Page 140: Using Ssl Vpn Policies
Unified Services Router User Manual Figure 98: User configuration options Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies. -
Page 141: Figure 99: List Of Ssl Vpn Polices (Global Filter)
Unified Services Router User Manual Figure 99: List of SSL VPN polices (Global filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected. -
Page 142: Figure 100: Ssl Vpn Policy Configuration
Unified Services Router User Manual Figure 100: SSL VPN policy configuration To configure a policy for a single user or group of users, enter the following information: • Policy for: The policy can be assigned to a group of users, a single user, or all users (making it a global policy). -
Page 143: Using Network Resources
Unified Services Router User Manual • ICMP: Select this option to include ICMP traffic • Port range: If the policy governs a type of traffic, this field is used for defining TCP or UDP port number(s) corresponding to the governed traffic. Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic. -
Page 144: Application Port Forwarding
Unified Services Router User Manual Figure 101: List of configured resources, which are available to assign to SSL VPN policies Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service. - Page 145 Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution. This host name resolution provides users with easy-to-remember FQDN’s to access TCP applications instead of error- prone IP addresses when using the Port Forwarding service through the SSL User Portal.
-
Page 146: Ssl Vpn Client Configuration
Unified Services Router User Manual Figure 102: List of Available Applications for SSL Port Forwarding SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point-to-point connection between the browser- side machine and this router. -
Page 147: Figure 103: Ssl Vpn Client Adapter And Access Configuration
Unified Services Router User Manual Figure 103: SSL VPN client adapter and access configuration The router allows full tunnel and split tunnel support. Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router. Split tunnel mode only sends traffic to the private LAN based on pre-specified client routes. -
Page 148: Figure 104: Configured Client Routes Only Apply In Split Tunnel Mode
Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel. -
Page 149: User Portal
Unified Services Router User Manual User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. This portal provides the authentication fields to provide the appropriate access levels and privileges as determined by the router administrator. - Page 150 Unified Services Router User Manual authentication domain) can be presented with one or more of the router’s supported SSL services such as the VPN Tunnel page or Port Forwarding page. To configure a portal layout and theme, following information is needed: •...
-
Page 151: Figure 106: Ssl Vpn Portal Configuration
Unified Services Router User Manual Figure 106: SSL VPN Portal configuration... -
Page 152: Chapter 8. Advanced Configuration Tools
USB Device Setup Setup > USB Settings > USB Status The D-Link Services Router has a USB interface for printer access, file sharing and on the DSR-1000 / DSR-1000N models, 3G modem support. There is no configuration on the GUI to enable USB device support. Upon inserting your USB storage device, printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral. -
Page 153: Usb Share Port
Unified Services Router User Manual Figure 107: USB Device Detection USB share port Setup > USB Settings > USB SharePort This page allows configure the SharePort feature available in this router. -
Page 154: Figure 108: Usb Shareport
Unified Services Router User Manual Figure 108: USB SharePort USB-1: Enable USB Printer: Select this option to allow the USB printer connected to the router to be shared across the network. The USB printer can be accessed on any LAN host (with appropriate printer driver installed) connected to the router by using the following command in the host's add printers window http://... -
Page 155: Sms Service
SMS service Setup > USB Settings > SMS Service The D-Link Services Router has a USB interface to connect 3G modem support to send and receive Short Messaging Service. The received messages can be seen in the Inbox and allows the user to create a new SMS. If WAN3 is used in dedicated wan mode, load balancing mode or if 3G USB Device is not connected to router then the controls on this page will be greyed out. -
Page 156: External Authentication
Unified Services Router User Manual Figure 110: SMS Service – Receive SMS The following details to be provided in Create Message page: • Receiver: Enter the phone number of the intended receiver of the message. • Text Message: Enter the body of the message here Click Send Message to send the message. -
Page 157: Figure 111: Pop3 Authentication Server Configuration
Unified Services Router User Manual verified by a user-uploaded CA certificate. If SSL encryption is not used, port 110 will be used for the POP3 authentication traffic. The DSR router acts only as a POP3 client to authenticate a user by contacting an external POP3 server. -
Page 158: Nt Domain Server
Unified Services Router User Manual Figure 112: POP3 CA file upload 8.4.2 NT Domain Server Setup > External Authentication > NT Domain Settings The NT Domain server allows users and hosts to authenticate themselves via a pre- configured Workgroup field. Typically Windows or Samba servers are used to manage the domain of authentication for the centralized directory of authorized users. -
Page 159: Radius Server
Unified Services Router User Manual 8.4.3 RADIUS Server Setup > External Authentication > RADIUS Settings Enterprise Mode for wireless security uses a RADIUS Server for WPA and/or WPA2 security. A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication. -
Page 160: Active Directory Server
Unified Services Router User Manual 8.4.4 Active Directory Server Setup > External Authentication > Active Directory Settings Active Directory authentication is an enhanced version of NT Domain authentication. The Kerberos protocol is leveraged for authentication of users, who are grouped in Organizational Units (OUs). -
Page 161: Authentication Certificates
Unified Services Router User Manual The details configured on the router will be passed for authenticating the router and its hosts. The LDAP attributes, domain name (DN), and in some cases the administrator account & password are key fields in allowing the LDAP server to authenticate the router. - Page 162 Unified Services Router User Manual The certificates menu allows you to view a list of certificates (both from a CA and self-signed) currently loaded on the gateway. The following certificate data is displayed in the list of Trusted (CA) certificates: CA Identity (Subject Name): The certificate is issued to this person or organization Issuer Name: This is the CA name that issued this certificate Expiry Time: The date after which this Trusted certificate becomes invalid...
-
Page 163: Figure 117: Certificate Summary For Ipsec And Https Management
Unified Services Router User Manual Figure 117: Certificate summary for IPsec and HTTPS management... -
Page 164: Advanced Switch Configuration
Package Manager Advanced > Package Manager A package is a set of files which are installed by the router from D-Link’s repositories. This feature allows users to download new drivers for supported USB devices and language packs to enable multi-lingual support for the router’s management interface. -
Page 165: Figure 119: Device Drivers
GUI now supports. Only drivers provided by D-Link can be used for manual installation. A validation process will be performed during installation. 2. Auto Installation: By selecting the link “click here” the Auto installation of the package is exercised. -
Page 166: Figure 120: Installation Of Driver/Language Pack
Unified Services Router User Manual Manual Install: User can upload the provided driver package for installation. Browse: The user can choose the package to upload. Click on “Install” to save your changes. Figure 120: Installation of driver/language pack Upon clicking on the link “click here”, a page showing the list of device drivers is displayed. -
Page 167: Figure 121: Selection Of Installed Language
Unified Services Router User Manual Install History: This displays the history of the language packs installed/uninstalled previously along with the respective date and time to show when they were installed/uninstalled. Figure 121: Selection of Installed Language Once the language has been selected by the user from the list of Device Drivers, the “Set Language”... -
Page 168: Chapter 9. Administration & Management
Unified Services Router User Manual Chapter 9. Administration & Management Configuration Access Control The primary means to configure this gateway via the browser-independent GUI. The GUI can be accessed from LAN node by using the gateway’s LAN IP address and HTTP, or from the WAN by using the gateway’s WAN IP address and HTTPS (HTTP over SSL). -
Page 169: Remote Management
Unified Services Router User Manual Figure 123: Admin Settings 9.1.2 Remote Management Tools > Admin > Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses. The router administrator can define a known PC, single IP address or range of IP addresses that are allowed to access the GUI with HTTPS. -
Page 170: Cli Access
Unified Services Router User Manual Figure 124: Remote Management from the WAN 9.1.3 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users. To access the CLI, type “cli” in the SSH or console prompt and login with administrator user credentials. -
Page 171: Figure 125: Snmp Users, Traps, And Access Control
Unified Services Router User Manual Figure 125: SNMP Users, Traps, and Access Control Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging. -
Page 172: Configuring Time Zone And Ntp
Unified Services Router User Manual Figure 126: SNMP system information f or this router Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time. You can choose to set Date and Time manually, which will store the information on the router’s real time clock (RTC). -
Page 173: Log Configuration
Unified Services Router User Manual Figure 127: Date, Time, and NTP server setup Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router. - Page 174 Unified Services Router User Manual • Kernel: This refers to the Linux kernel. Log messages that correspond to this facility would correspond to traffic through the firewall or network stack. • System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for managing the unit.
-
Page 175: Figure 128: Facility Settings For Logging
Unified Services Router User Manual Figure 128: Facility settings for Logging The display for logging can be customized based on where the logs are sent, either Status > Logs the Event Log viewer in the GUI (the Event Log viewer is in the page) or a remote Syslog server for later review. - Page 176 Unified Services Router User Manual tries to make an SSH connection, those packets will be accepted and a message will be logged. (Assuming the log option is set to Allow for the SSH firewall rule.) Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment.
-
Page 177: Figure 129: Log Configuration Options For Traffic Through Router
Unified Services Router User Manual Figure 129: Log configuration options for traffic through router Tools > Log Settings > IPv6 logging This page allows you to configure the IPv6 logging... -
Page 178: Sending Logs To E-Mail Or Syslog
Unified Services Router User Manual Figure 130: IPv6 Log configuration options for traffic through router 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E-Mail address. -
Page 179: Figure 131: E-Mail Configuration As A Remote Logging Option
Unified Services Router User Manual Figure 131: E-mail configuration as a Remote Logging option An external Syslog server is often used by network administrator to collect and store logs from the router. This remote device typically has less memory constraints than the local Event Viewer on the router’s GUI, and thus can collect a considerable number of logs over a sustained period. -
Page 180: Event Log Viewer In Gui
Unified Services Router User Manual sent to the configured (and enabled) Syslog server once you save this configuration page’s settings. Figure 132: Syslog server configuration for Remote Logging (continued) 9.4.3 Event Log Viewer in GUI Status > Logs > View All Logs The router GUI lets you observe configured log messages from the Status menu. -
Page 181: Backing Up And Restoring Configuration Settings
Unified Services Router User Manual Figure 133: VPN logs displayed in GUI event viewer Backing up and Restoring Configuration Settings Tools > System You can back up the router’s custom configuration settings to restore them to a different device or the same router after some other changes. During backup, your settings are saved as a file on your host. -
Page 182: Upgrading Router Firmware
Unified Services Router User Manual To restore your saved settings from a backup file, click Browse then locate the file on the host. After clicking Restore, the router begins importing the file’s saved configuration settings. After the restore, the router reboots automatically with the restored settings. To erase your current settings and revert to factory default settings, click the Default button. -
Page 183: Upgrading Router Firmware Via Usb
By clicking the Check Now button in the notification section, the router will check a D-Link server to see if a newer firmware version for this router is available for download and update the Status field below. -
Page 184: Dynamic Dns Setup
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, D-Link DDNS, or Oray.net. -
Page 185: Using Diagnostic Tools
Unified Services Router User Manual Figure 137: Dynamic DNS configuration Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health. -
Page 186: Ping
Unified Services Router User Manual Figure 138: Router diagnostics tools available in the GUI 9.9.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING. The command output will appear indicating the ICMP echo request status. -
Page 187: Dns Lookup
Unified Services Router User Manual Figure 139: Sample trace route output 9.9.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address. -
Page 188: Localization
Unified Services Router User Manual 9.10 Localization Tools > Set Language The router GUI displays content in English by default. The package manager feature has to be enabled so that the appropriate language of the installed language package is shown. The user must configure the package manager feature under Advanced settings first, in order to install a language package. -
Page 189: Chapter 10. Router Status And Statistics
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DSR Status page, and then the resulting hardware resource and router usage details are summarized on the router’s Dashboard. -
Page 190: Figure 141: Device Status Display
Unified Services Router User Manual Figure 141: Device Status display... -
Page 191: Resource Utilization
Unified Services Router User Manual Figure 142: Device Status display (continued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router. -
Page 192: Figure 143: Resource Utilization Statistics
Unified Services Router User Manual Figure 143: Resource Utilization statistics... -
Page 193: Figure 144: Resource Utilization Data (Continued)
Unified Services Router User Manual Figure 144: Resource Utilization data (continued) -
Page 194: Traffic Statistics
Unified Services Router User Manual Figure 145: Resource Utilization data (continued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review. -
Page 195: Wireless Statistics
Unified Services Router User Manual Figure 146: Physical port statistics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link. -
Page 196: Active Connections
Unified Services Router User Manual Figure 147: AP specific statistics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the router’s firewall. The session’s protocol, state, local and remote IP addresses are shown. -
Page 197: Figure 148: List Of Current Active Firewall Sessions
Unified Services Router User Manual Figure 148: List of current Active Firew all Sessions... -
Page 198: Wireless Clients
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP. -
Page 199: Active Vpn Tunnels
Unified Services Router User Manual Figure 150: List of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs You can view and change the status (connect or drop) of the router’s IPsec security associations. Here, the active IPsec SAs (security associations) are listed along with the traffic details and tunnel state. -
Page 200: Figure 151: List Of Current Active Vpn Sessions
Unified Services Router User Manual Figure 151: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are displayed on this page as well. Table fields are as follows. Field Description The SSL VPN user that has an active tunnel or port forwarding session to this User Name router. -
Page 201: Chapter 11. Trouble Shooting
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router’s web-configuration interface from a PC on your LAN. Recommended action: Check the Ethernet connection between the PC and the router. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC’s address should be in the range 192.168.10.2 to 192.168.10.254. - Page 202 Unified Services Router User Manual Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: www.google.com Launch your browser and go to an external site such as http://192.168.10.1 Access the firewall’s configuration main menu at Monitoring >...
-
Page 203: Date And Time
Unified Services Router User Manual Recommended action: Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation. On your PC, configure the router to be its TCP/IP gateway. 11.2 Date and time Symptom: Date shown is January 1, 1970. -
Page 204: Testing The Lan Path From Your Pc To A Remote Device
Unified Services Router User Manual • If the path is working, you see this message sequence: Pingingwith 32 bytes of data Reply from : bytes=32 time=NN ms TTL=xxx • If the path is not working, you see this message sequence: Pinging ... -
Page 205: Restoring Factory-Default Configuration Settings
Unified Services Router User Manual • Verify that the network (subnet) address of your PC is different from the network address of the remote device. • Verify that the cable or DSL modem is connected and functioning. • Ask your ISP if it assigned a hostname to your PC. Network Configuration >... -
Page 207: Chapter 12. Credits
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group. -
Page 208: Appendix A. Glossary
Unified Services Router User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. Dynamic DNS. System for updating domain names in real time. Allows a domain name to be DDNS assigned to a device with a dynamic IP address. - Page 209 Unified Services Router User Manual Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP PPPoE without the ISP having to manage the allocation of IP addresses. Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data PPTP from remote clients to private servers over the Internet.
-
Page 211: Appendix B. Factory Default Settings
Appendix B. Factory Default Settings Feature Description Default Setting User login URL http://192.168.10.1 Device login User name (case sensitive) admin Login password (case sensitive) admin WAN MAC address Use default address Internet WAN MTU size 1500 Connection Port speed Autosense IP address 192.168.10.1 IPv4 subnet mask... -
Page 212: Appendix C. Standard Services Available For Port Forwarding & Firewall Configuration
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ICMP-TYPE-8 RLOGIN ICMP-TYPE-9 RTELNET ICMP-TYPE-10 RTSP:TCP BOOTP_CLIENT ICMP-TYPE-11 RTSP:UDP BOOTP_SERVER ICMP-TYPE-13 SFTP CU-SEEME:UDP SMTP CU-SEEME:TCP IMAP2 SNMP:TCP DNS:UDP IMAP3 SNMP:UDP DNS:TCP SNMP-TRAPS:TCP FINGER NEWS SNMP-TRAPS:UDP SQL-NET HTTP... -
Page 213: Appendix D. Log Output Reference
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message Severity Log Message Severity DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to rowId:%d DEBUG command %s ERROR BridgeConfig: too few arguments to networkIntable.txt not found DEBUG command %s ERROR... - Page 214 Unified Services Router User Manual nimfAdvOptSetWrap: user has changed MTU option DEBUG ddns: SQL error: %s ERROR nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old Port Speed Option: %d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap: old Mac Address...
- Page 215 Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d DEBUG Failed to commit ERROR %s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR sipTblHandler:failed to update Configport DEBUG %s: Failed to commit "...
- Page 216 Unified Services Router User Manual nimfGetUpdateMacFlag: unable to get pPrivSep: %s DEBUG Flag from MacTable ERROR %s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address opCode:%d rowId:%d DEBUG failed ERROR Re-Starting sshd daemon..DEBUG sqlite3QueryResGet failed.Query:%s ERROR sshd re-started successfully. DEBUG error executing the command %s ERROR sshd stopped .
- Page 217 Unified Services Router User Manual Subnetaddress should be provided GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR IdleTimeOutValue: %d DEBUG unable to open the " ERROR AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR executing %s ... %s DEBUG Error in executing DB update handler ERROR...
- Page 218 Unified Services Router User Manual %s: buffer overflow DEBUG Failed to clear vlan for %d ERROR %s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR Failed to set vlan entries, while %s: returning with status: %s DEBUG enabling \...
- Page 219 Unified Services Router User Manual pppoeMgmtTblHandler: NetMask: %s DEBUG xl2tpdStop failed ERROR pppoeMgmtTblHandler: AuthOpt: %d DEBUG writing xl2tpd.conf failed ERROR pppoeMgmtTblHandler: Satus: %d DEBUG writing options.xl2tpd failed ERROR pppoeEnable: ppp dial string: %s DEBUG xl2tpdStop failed ERROR pppoeMgmtDBUpdateHandler: returning with status: %s DEBUG xl2tpdStart failed ERROR...
- Page 220 Unified Services Router User Manual pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR pppoeMgmtTblHandler: pppoe enable l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR pppoeMgmtDBUpdateHandler: failed l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR...
- Page 221 Unified Services Router User Manual dhcpcMgmtTblHandler: dhclient The Enable Command is %s ERROR enable failed ERROR l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler: dhcpc disable l2tpDisable: command string: %s ERROR failed ERROR dhcpcMgmtDBUpdateHandler: failed l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR...
- Page 222 Unified Services Router User Manual Setting message in fragment buffer: Created EAP/PEAP context: OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL: Deleted EAP/PEAP context: OK DEBUG ERROR ERROR Upper EAP sent us: decision = %d method state = %d DEBUG Setting last fragment: ERROR ERROR...
- Page 223 Unified Services Router User Manual Error rcvd. opCode %d. DEBUG Plugin context is NULL ERROR pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR TLS message len changed in the fragment, ignoring. DEBUG Generating NT response: Error ERROR no data to send while fragment ack received.
- Page 224 Unified Services Router User Manual pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR Error calculating binary. DEBUG _eapCtxCreate failed. ERROR %d authentication not enabled in the Error calculating binary. DEBUG system. ERROR Initializing inner non-EAP auth plugin: adpDigestInit for SHA1 failed.
- Page 225 Unified Services Router User Manual password change is not allowed for this EAP-PEAP not enabled in system user DEBUG configuration. ERROR EAP-WSC not enabled in system completed writing the policy DEBUG configuration. ERROR PAP not enabled in system completed writing the SA DEBUG configuration.
- Page 226 Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR state machine is in invalid state.
- Page 227 Unified Services Router User Manual Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR radSendtoServer: bind() Failed: %s: MEM LOG File not found DEBUG ERROR cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed: update query: %s DEBUG ERROR radRecvfromServer: Packet too small...
- Page 228 Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR ERROR: incomplete DB update Adding Dictionary Value %s DEBUG information. ERROR old values result does not contain 2 Receiving attribute: %s DEBUG rows ERROR Processing attribute: %s DEBUG...
- Page 229 Unified Services Router User Manual Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR Primary is not available, " DEBUG ERROR: option value not specified ERROR Secondary is not available, "...
- Page 230 Unified Services Router User Manual timeout after semTake DEBUG memPartAlloc for %d size failed ERROR srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR No Handler registered for this UMI Un-registerting component with Id %d DEBUG context ERROR failed to send ioctl request: dst(%d) <--- Couldn't find component with ID src(%d)
- Page 231 Unified Services Router User Manual cpuMemUsageDBUpdateHandler: SQL error: %s ERROR Invalid Privacy Algorithm ERROR unable to open the DB file %s ERROR Failed to Get Host Address ERROR umiInit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database.
- Page 232 Unified Services Router User Manual wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG Deleting schedule based firewall rules Traffic limit has been reached DEBUG from DB. DEBUG Traffic meter monthly limit has been Update schedule based firewall rules in changed to %d.
- Page 233 Unified Services Router User Manual Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG Enabling attack check for IPsec. DEBUG Deleting Trusted Domain \ DEBUG Enabling attack check for PPTP.
- Page 234 Unified Services Router User Manual Internet on port %d %d:%d:%d:%d:%d Enabling remote access management Disabling Port Trigger Rule for for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG Enabling remote access management to Adding Port Trigger Rule for only this PC. DEBUG %d:%d:%d:%d:%d DEBUG Disabling Management Access from...
- Page 235 Unified Services Router User Manual Update FirewallRules6 where fwLBSpillOverConfigure: Could not set ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure: Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules.c: unable to open deleting interface to ifgroup failed DEBUG the database file "...
- Page 236 Unified Services Router User Manual Facility: Local0 (Wireless) Log Message Severity Log Message Severity (node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x)
- Page 237 Unified Services Router User Manual PNAC_EVENT_PREAUTH_SUCCESS event for : %s DEBUG UDP failed, received Length is %d ERROR event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR...
- Page 238 Unified Services Router User Manual DOT11_RX_EAPOL_KEYMSG: sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR creating pnac authenticator with values %d %d - %s DEBUG cmd %d not supported.sender=%d ERROR Profile %s does not exist DEBUG inteface name passed is NULL ERROR IAPP initialized.
- Page 239 Unified Services Router User Manual pnacRecvRtn: no corresponding pnac port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR sending unicast key DEBUG Invalid IE. ERROR umiIoctl(UMI_COMP_KDOT11_VAP, sending broadcast key DEBUG %d ) failed ERROR from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d ,% pnacTxCannedFail DEBUG d) failed ERROR from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I...
- Page 240 Unified Services Router User Manual from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor pktType = %d DEBUG version ERROR from pnacPDUProcess: received eapolRecvKeyMsg: incorrect PNAC_EAP_PACKET DEBUG descriptor version ERROR eapolRecvKeyMsg: Ack must not be from pnacPDUProcess: currentId = %d DEBUG ERROR from pnacPDUProcess: code = %d,...
- Page 241 Unified Services Router User Manual from pnacBackAuthFail: calling pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR %s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR %s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR could not process PDU received from the...
- Page 242 Unified Services Router User Manual phyPort:%s pnacRadXlateRadPktIntegrityChk: no corresponding " Error from pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no onfig failed WARN message " ERROR pnacPortPaeDeconfig:kpnacPortPaeDec Error from onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR From pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no the destination " WARN encapsulated eap "...
- Page 243 Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate association ERROR buffer ERROR Invalid association mode. (Allowed PNAC user comp id not set. dropping modes : PIN/PBC) ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet: invalid wpsEnable: running wsccmd failed ERROR buffer received ERROR...
- Page 244 Unified Services Router User Manual Error from pnacAuthInit: Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR Profile supports WEP stas,Group cipher Error from pnacAuthInit: must be WEP ERROR pnacReauthTimerInit failed ERROR Error from pnacAuthInit: Profile %s does not exist ERROR pnacBackAuthInit failed ERROR Error from pnacAuthInit: pnacCtrlDirInit...
- Page 245 Unified Services Router User Manual pnacEapRadAuthSend: Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend: failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR: incomplete DB update information. ERROR pnacXmit : umiIoctl failed[%d] ERROR old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR...
- Page 246 Unified Services Router User Manual Invalid config data ERROR Facility: Kernel Log Message Severity Log Message Severity DNAT: multiple ranges no longer supported DEBUG %s: %s%s:%d -> %s:%d %s, DEBUG DNAT: Target size %u wrong for %u ranges, DEBUG %s: %s%s:%d %s, DEBUG %s: Failed to add WDS MAC: %s, dev- DNAT: wrong table %s, tablename...
- Page 247 Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG ifmedia_ioctl: switching %s to , dev- PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG PPP: VJ decompression error DEBUG...
- Page 248 Unified Services Router User Manual %s: mac_del %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] DEBUG %02x, ((u_int8_t *)p)[i] DEBUG %s: mac_kick %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] DEBUG first difference at byte %u, i DEBUG %s: mac_undefined %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]...
- Page 249 Unified Services Router User Manual %s: flow dst=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG %s: flow src=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG a guy asks for address mask. Who is it? DEBUG tkip decap failed DEBUG icmp v4 hw csum failure)
- Page 250 Unified Services Router User Manual ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, DEBUG txmic DEBUG UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG UDP: bad checksum. From %d.%d.%d.%d:%d to %s: unable to update h/w beacon %d.%d.%d.%d:%d ulen %d, DEBUG queue parameters, DEBUG...
- Page 251 Unified Services Router User Manual %s: failed to register sysctls!, sc- ipt_time loading DEBUG >sc_dev->name DEBUG %s: mac %d.%d phy %d.%d, dev- ipt_time unloaded DEBUG >name, DEBUG ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio must be a positive integer DEBUG %d.%d, DEBUG...
- Page 252 Unified Services Router User Manual IPSEC_ERR [%s:%d]: Max (%d) No of WINDOW=%u , ntohs(th->window) DEBUG SA Limit reached, DEBUG RES=0x%02x , (u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No of TCP_RESERVED_BITS) >> 22) DEBUG SA Limit reached, DEBUG URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG...
- Page 253 Unified Services Router User Manual %s: Error. DST Refcount value less PHYSOUT=%s , physoutdev->name DEBUG than 1 (%d), DEBUG for %s DEVICE refcnt: %d ,pDst- MAC= DEBUG >dev->name, DEBUG %s: Got Null m:%p *m:%p sa:%p %02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG %s Got Deleted SA:%p NAT: no longer support implicit source state:%d,__func__,pIPsecInfo,pIPsecIn...
- Page 254 Unified Services Router User Manual >msg_iov[i].iov_base)[j] %02X, skb->data[i] DEBUG De initializing by \ INFO _lvl PPPOL2TP: _fmt, ##args DEBUG kernel UMI module loaded INFO %02X, ptr[length] DEBUG kernel UMI module unloaded INFO %02X, ((unsigned char *) m- >msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO %02X, skb->data[i] DEBUG...
- Page 255 Unified Services Router User Manual test key, key DEBUG %s: %s (, dev_info, ath_hal_version INFO pre-hashed key, key DEBUG %s: driver unloaded, dev_info INFO const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO AES 128-bit key, &key DEBUG %s: Version 2.0.0 INFO...
- Page 256 Unified Services Router User Manual Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: INFO AES %s Decrypt Test Duration: %d:%d, hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: Source INFO Wrong address mask %u.%u.%u.%u Failed to set AES encrypt key DEBUG from INFO...
- Page 257 Unified Services Router User Manual MD5 Software Test %s, %s: options rejected: o[0]=%02x, WARNIN md5SoftTest(0) ? Failed : Passed DEBUG o[1]=%02x, WARNIN MD5 Hardware Test: DEBUG %s: don't know what to do: o[5]=%02x, MD5 Hardware Test %s, *** New port %d ***, ntohs(expinfo- WARNIN md5HardTest(0) ? Failed : Passed DEBUG...
- Page 258 Unified Services Router User Manual Value = %x ::: At Page = %x : Addr = cix %u (%u) bad ratekbps %u mode WARNIN DEBUG WARNIN REG Size == 32 Bit DEBUG %s: no rates for %s?, Value = %x ::: At Page = %x : Addr = no rates yet! mode %u, sc- WARNIN DEBUG...
- Page 259 Unified Services Router User Manual from WARNIN %s(): ADDBA mode is AUTO, __func__ DEBUG martian source %u.%u.%u.%u from WARNIN %s(): Invalid TID value, __func__ DEBUG ll header: Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR %s(): Channel capabilities do not match, chan flags 0x%x, DEBUG Unable to create ip_set_hash...
- Page 260 Unified Services Router User Manual [%d]\tMacAddr\t%s, j, DEBUG PPP: no memory (VJ comp pkt) ERROR [%d]\tDescp\t\t%s, j, ni- >node_trace[i].descp DEBUG PPP: no memory (comp pkt) ERROR [%d]\tValue\t\t%llu(0x%llx), j, ni- >node_trace[i].value, DEBUG ppp: compressor dropped pkt ERROR ifmedia_add: null ifm DEBUG PPP: no memory (fragment) ERROR Adding entry for...
- Page 261 Unified Services Router User Manual __FUNCTION__ %s: failed to register sysctls!, proc_name DEBUG PPP: VJ uncompressed error ERROR PKTLOG_TAG %s: proc_mkdir failed, __FUNCTION__ DEBUG ppp_decompress_frame: no memory ERROR PKTLOG_TAG %s: pktlog_attach failed ppp_mp_reconstruct bad seq %u < for %s, DEBUG ERROR PKTLOG_TAG %s:allocation failed for pl_info, __FUNCTION__...
- Page 262 Unified Services Router User Manual %s: cancel DFS WAIT period on channel %d, __func__, sc- >sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR Non-DFS channel, cancelling previous DFS wait timer channel %d, sc- >sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR %s: unable to reset hardware;...
- Page 263 Unified Services Router User Manual failed ,__func__ int)len %s: unable to start recv logic, DEBUG %03d:, i ERROR %s: Invalid interface id = %u, __func__, if_id DEBUG %02x, ((unsigned char *)p)[i] ERROR %s: unable to allocate channel table, __func__ DEBUG mic check failed ERROR %s: Tx Antenna Switch.
- Page 264 Unified Services Router User Manual >ifName Wakingup due to wow signal DEBUG unable to register KIFDEV to UMI ERROR %s, wowStatus = 0x%x, __func__, ERROR: %s: Timeout at page %#0x wowStatus DEBUG addr %#0x ERROR ERROR: %s: Timeout at page %#0x Pattern added already DEBUG addr %#0x...
- Page 265 Unified Services Router User Manual 0x%08x 0x%08x, 0x%08x 0x%08x 0x%08x 0x%08x, DEBUG ath_pci: 32-bit DMA not available ERROR ath_pci: cannot reserve PCI memory sc_txq[%d] : , i DEBUG region ERROR ath_pci: cannot remap PCI memory tid %p pause %d : , tid, tid->paused DEBUG region) ;...
- Page 266 Unified Services Router User Manual Index:%d, value:%d, code:%x, rate:%d, flag:%x, i, (int)validRateIndex[i], DEBUG DEV is null %p %p ,dev,dst CRITICAL RateTable:%d, maxvalidrate:%d, ratemax:%d, pRc->rateTableSize,k,pRc- Packet is Fragmented %d,pBufMgr- >rateMaxPhy DEBUG >len CRITICAL Marked the packet proto:%d sip:%x dip:%x sport:%d dport:%d Can't allocate memory for ath_vap.
-
Page 267: Appendix E. Rj-45 Pin-Outs
Unified Services Router User Manual Appendix E. RJ-45 Pin-outs RJ-45 Signal Adapter Signal Cable RJ-45 PIN DB-9 PIN... -
Page 268: Appendix F. Product Statement
Unified Services Router User Manual Appendix F. Product Statement 1. DSR-1000N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. - Page 269 Unified Services Router User Manual IMPORTANT NOTE: Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction as documented in this manual.
- Page 270 Hereby, [D-Link Corporation], declares that this [DSR-1000N] is in compliance with the English essential requirements and other relevant provisions of Directive 1999/5/EC. Por medio de la presente [D-Link Corporation] declara que el [DSR-1000N] cumple con Español los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la [Spanish] Directiva 1999/5/CE.
- Page 271 [D-Link Corporation] declara que este [DSR-1000N]está conforme com os requisitos Português essenciais e outras disposições da Directiva 1999/5/CE. [Portuguese] [D-Link Corporation] izjavlja, da je ta [DSR-1000N] v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. Slovensko [Slovenian] [D-Link Corporation] týmto vyhlasuje, že [DSR-1000N] spĺňa základné požiadavky a Slovensky všetky príslušné...
- Page 272 Unified Services Router User Manual 2.DSR-500N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
- Page 273 Unified Services Router User Manual Europe – EU Declaration of Conformity This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R&TTE Directive 1999/5/EC: - EN 60950-1: 2006+A11:2009 Safety of information technology equipment...
- Page 274 Hereby, [D-Link Corporation], declares that this [DSR-500N] is in compliance with the English essential requirements and other relevant provisions of Directive 1999/5/EC. Por medio de la presente [D-Link Corporation] declara que el [DSR-500N] cumple con los Español requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la [Spanish] Directiva 1999/5/CE.
- Page 275 [D-Link Corporation] declara que este [DSR-500N]está conforme com os requisitos Português essenciais e outras disposições da Directiva 1999/5/CE. [Portuguese] [D-Link Corporation] izjavlja, da je ta [DSR-500N] v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. Slovensko [Slovenian] [D-Link Corporation] týmto vyhlasuje, že [DSR-500N] spĺňa základné požiadavky a Slovensky všetky príslušné...
- Page 276 Unified Services Router User Manual 3.DSR-250N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
- Page 277 Unified Services Router User Manual Regulatory statement (R&TTE) European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400- 2.4835GHz; In France, the equipment must be restricted to the 2.4465-2.4835GHz frequency range and must be restricted to indoor use. Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied.
- Page 278 Unified Services Router User Manual 4. DSR-150N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
- Page 279 Unified Services Router User Manual Electromagnetic compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment and services; Part 1: Common technical requirements EN 301 489-17 V2.1.1 (2009-05) Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment;...
- Page 280 Unified Services Router User Manual [Hungarian] követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Niniejszym [nazwa producenta] oświadcza, że [nazwa wyrobu] jest zgodny z zasadniczymi Polski wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. [Polish] [Nome do fabricante] declara que este [tipo de equipamento] está conforme com os Português requisitos essenciais e outras disposições da Directiva 1999/5/CE.