Unified Services Router User Manual Table of Contents Chapter 1. Introduction ........................... 11 About this User Manual ..................12 Typographical Conventions ................... 12 Chapter 2. Configuring Your Network: LAN Setup ................13 LAN Configuration ....................
Page 4
Unified Services Router User Manual WAN Port Settings ....................65 Chapter 4. Wireless Access Point Setup ..................... 67 Wireless Settings Wizard ..................67 4.1.1 Wireless Network Setup Wizard ................68 4.1.2 Add Wireless Device with WPS ................68 ...
Page 5
Unified Services Router User Manual GRE Tunnel Support .................... 123 OpenVPN Support ....................124 6.6.1 OpenVPN Remote Network ................126 6.6.2 OpenVPN Authentication ..................127 Chapter 7. SSL VPN ..........................129 ...
Page 6
Unified Services Router User Manual 9.9.4 Router Options ...................... 185 9.10 Localization ......................186 Chapter 10. Router Status and Statistics ..................... 187 10.1 System Overview ....................187 10.1.1 Device Status ......................187 ...
Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings ..................15 Figure 2: LAN DHCP Reserved IPs ......................16 Figure 3: LAN DHCP Leased Clients ...................... 17 Figure 4: IPv6 LAN and DHCPv6 configuration ..................18 ...
Page 8
Unified Services Router User Manual Fi gure 34 : IP Al ia s Con fig ura tio n ....................52 Fi gure 35 : Ro u ti ng Mod e to d e t ermi ne tra f f i c r o u t i ng bet wee n WAN a nd L A N ..54 ...
Page 9
Unified Services Router User Manual Figure 67: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded ......................101 Figure 68: Two trusted domains added to the Approved URLs List ..........102 Figure 69: One keyword added to the block list ...................
Page 10
Unified Services Router User Manual Figure 99: List of SSL VPN polices (Global filter) ................139 Figure 100: SSL VPN policy configuration .................... 140 Figure 101: List of configured resources, which are available to assign to SSL VPN policies ..142 ...
Page 11
Unified Services Router User Manual Figure 134: Restoring configuration from a saved file will result in the current configuration being overwritten and a reboot ....................... 180 Figure 135: Firmware version information and upgrade option ............181 Figure 136: Firmware upgrade and configuration restore/backup via USB ........182 ...
Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels. With the D-Link Services Router you are able to experience a diverse set of benefits: Comprehensive Management Capabilities...
DSR-1000N. About this User Manual This document is a high level manual to allow new D-Link Services Router users to configure connectivity, setup VPN tunnels, establish firewall rules and perform general administrative tasks. Typical deployment and use case scenarios are described in each section.
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN.
Page 15
Unified Services Router User Manual If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.
Unified Serv vices Router User Manual Enab ble DNS Pro oxy: To ena able the rou uter to act a as a proxy for all DNS S requests a comm municate wit th the ISP’s DNS servers s, click the ch heckbox.
Page 17
Unified Serv vices Router User Manual Addresses: The LAN IP P address of a a host that is s reserved by y the DHCP s server. AC Address ses: The MA AC address th hat will be a assigned the reserved IP P address wh hen it is on t...
Unified Serv vices Router User Manual 2.1.2 L LAN DH HCP Lea ased Cl lients tup > Netw ork Setting gs > LAN DH HCP Lease ed Clients This page pro ovides the lis st of clients c connect to LA AN DHCP se erver.
Page 19
Unified Serv vices Router User Manual he prefix len ngth. The IPv v6 network ( subnet) is id dentified by t the initial bi ts of the add dress called t refix. By de efault this is 64 bits long g.
Unified Services Router User Manual As with an IPv4 LAN network, the router has a DHCPv6 server. If enabled, the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses. The following settings are used to configure the DHCPv6 server: ...
Page 21
Unified Services Router User Manual accept such details. Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN. By configuring the Router Advertisement Daemon on this router, the DSR will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements.
Page 22
Unified Serv vices Router User Manual Figure 5: Configur ing the R outer Adv vertisemen nt Daemo Advertiseme ent Prefixes Advanced > IPv6 > IPv v6 LAN > A dvertisemen nt Prefixes The router ad dvertisement s configured d with advert tisement pre efixes allow this router t...
Unified Serv vices Router User Manual Prefix x Lifetime: T This defines the duration (in seconds ) that the req questing nod de is allowed use th he advertised d prefix. It is s analogous t to DHCP lea se time in an n IPv4 netwo ork.
Unified Serv vices Router User Manual Figure 7: Adding V VLAN mem mberships s to the LA 2.2.1 A Associa ating VL LANs to o ports n order to ta ag all traffic through a sp pecific LAN port with a VLAN ID, y you can asso ociate a VLA...
Page 25
Unified Serv vices Router User Manual Figure 8: Port VLA AN list In A Access mode the port is a member of a single VLA AN (and onl y one). All d data going in out of the po ort is untagg ged.
Unified Serv vices Router User Manual Figure 9: Configur ing VLAN N member rship for a a port 2.2.2 M Multiple e VLAN Subne Setup > VLA AN Settings s > Multi VL VLAN Settin This page sh hows a list of available e multi-VLA AN subnets.
Unified Serv vices Router User Manual Figure 10 : Multiple e VLAN S Subnets 2.2.3 V VLAN c onfigur ration Setup > VLA AN Settings s > VLAN c configuratio This page all lows enablin ng or disabl ling the VLA AN function n on the rou uter.
Unified Serv vices Router User Manual Figure 11 : VLAN C Configura tion onfigura able Por rt: DMZ S Setup R-150/150N/ /250/250N do oes not have e a configurab ble port – th ere is no DM MZ support. is router sup pports one of f the physica...
Unified Serv vices Router User Manual Figure 12 : DMZ co onfiguratio Setup p > In o order to conf figure a DM Z port, the r router’s conf figurable por rt must be s et to DMZ i n the Inte ernet Settin...
Page 30
Unified Serv vices Router User Manual Advertiseme nt Period: T This is the fr requency tha at the router broadcasts U UPnP inform mation over t network. A large value will minimi ize network traffic but c cause delays s in identifyi ing new UP devices to th...
Unified Serv vices Router User Manual aptive P Portal LAN users ca an gain intern net access v ia web porta al authenticat tion with the e DSR. Also o referred to Run-Time Au uthentication n, a Captive Portal is id deal for a w web café...
Page 32
Unified Serv vices Router User Manual Figure 15 : Captive Portal Pr rofile List List of Avail lable Profile es: Any one of these pro ofiles can be e used for C Captive Port tal Login pa while enablin ng Captive Po ortal.
Page 33
Unified Serv vices Router User Manual Figure 16 : Customi ized Capt ive Portal l Setup Setup > Cap ptive Portal > Block Cl lients Access for sp pecific clien ts can be re gulated by t the Captive Portal as we ell.
Unified Serv vices Router User Manual Figure 17 : Blockin g specific clients by y their MA AC addre 2.5.2 C Captive e Portal s on a VLAN Setup > VLA AN Settings s > VLAN C Configuratio Captive Porta als can be en nabled on a p per-VLAN ba...
Unified Serv vices Router User Manual Chapte er 3. Conn nectin g to th he Inter rnet: W WAN Se etup This router has t wo WAN po orts that can be used to es stablish a co onnection to the internet.
Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR-150/150N/250/250N doesn’t have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each time you log in) or...
Unified Serv vices Router User Manual tatically pro vided by the e ISP or shou uld be receiv ved dynamic cally at each login. If sta atic, enter yo P address, I Pv4 subnet mask, and t the ISP gate eway’s IP ad ddress.
Page 38
Unified Serv vices Router User Manual The PPPoE IS SP settings a are defined o on the WAN Configuratio on page. The ere are two ty ypes of PPP SP’s support ted by the DS SR: the stand dard usernam me/password PPPoE and J Japan Multip...
Page 39
Unified Serv vices Router User Manual Figure 22 : WAN co onfigurati on for Jap panese Mu ultiple PP PPoE (par t 1) There are a f few key elem ments of a mu ultiple PPPoE E connection Prim mary and seco ondary conne ections are c...
Unified Serv vices Router User Manual When Japane ese multiple PPPoE is co onfigured and d secondary connection i is up, some p predefined ro outes are add on that inter rface. These e routes are needed to a access the in nternal doma ain of the IS SP where he...
Unified Serv vices Router User Manual Figure 24 : Russia L L2TP ISP configura ation 3.2.6 R Russia Dual A ccess P PPPoE For Russia du ual access P PPoE conne ctions, you can choose t the address mode of the e connection to get an IP addr ress from the...
Unified Serv vices Router User Manual Figure 25 : Russia D Dual acces ss PPPoE configura ation 3.2.7 W WAN Co onfigur ration in n an IPv v6 Netw work Advanced > IPv6 > IPv v6 WAN1 C Config For IPv6 WA AN connect ions, this ro outer can h...
Page 43
Unified Serv vices Router User Manual CMPv6 disco over messag es will origi nate from th his gateway a and will be u used for auto configuratio A third option n to specify the IP addre ess and prefix x length of a a preferred D DHCPv6 serv ver is availab...
Unified Services Router User Manual Password: Enter the password required to login to the ISP. Authentication Type: The type of Authentication in use by the profile: Auto- Negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2. Dhcpv6 Options: The mode of Dhcpv6 client that will start in this mode: disable dhcpv6/stateless dhcpv6/stateful dhcpv6/stateless dhcpv6 with prefix delegation.
Unified Serv vices Router User Manual Figure 27 : Connect tion Statu us informa ation for b both WAN N ports The WAN sta atus page allo ows you to E Enable or Di sable static W WAN links. For WAN se ettings that a dynamically r received from...
Page 46
Unified Serv vices Router User Manual ndwidth pro files configu uration consi sts of enabli ing the bandw width contro l feature fro m the GUI a ding a profi le which de efines the co ontrol param meters. The p profile can then be asso ociated with...
Page 47
Unified Serv vices Router User Manual Figure 29 : Bandwid dth Profil le Configu uration pa dvanced > A Advanced N Network > T Traffic Man agement > Traffic Sel lectors nce a profile has been cr eated it can then be asso ociated with a traffic flo...
Unified Serv vices Router User Manual Figure 30 : Traffic Selector C Configura ation eatures with Mu ltiple W AN Link is router sup pports multi iple WAN li inks. This al llows you to o take advan ntage of fail lover and lo lancing featu ures to ensur...
Failover after: This sets the number of retries after which failover is initiated. DSR-1000, DSR-1000N, DSR-500, DSR-500N, DSR-250, DSR-250N, DSR-150, and DSR-150N support 3G USB Modem as a failover link when the internet access is lost. 3.4.2 Load Balancing This feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously.
Page 50
Unified Services Router User Manual Protocol Bindings: Refer Section 3.4.3 for details Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another. In this case you can define protocol bindings to route low-latency services (such as VOIP) over the higher-speed link and let low-volume background traffic (such as SMTP) go over the lower speed link.
Unified Serv vices Router User Manual Figure 31 : Load Ba alancing i s availabl le when m multiple W WAN ports are confi igured and Protoco l Binding s have bee en defined 3.4.3 P Protoco ol Bindi ings Advanced >...
Unified Serv vices Router User Manual Figure 32 : Protoco l binding setup to a associate a service and/or LA AN source e to a WA and/or d destinatio n network 3.4.4 I P Alias sing Setup>Inter rnet Setting s>IP Aliasi single WAN ethernet por rt can be acc...
Page 53
Unified Serv vices Router User Manual Figure 33 : Configu uring the I IP Alias terface: Sets the interface e on which IP P Alias is be eing configur red. Address: Set ts the IP add dress of the I P Alias.
Unified Services Router User Manual Delete: Deletes the selected IP Aliases. Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces. The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet.
Page 55
Unified Serv vices Router User Manual device fo or these othe er ports. With h Bridge mo de for the LA AN port 1 an nd WAN2/D MZ interface L2 and L L3 broadcast t traffic as w well as ARP / RARP pac ckets are pas sed through.
Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 150/150N/250/250N does not support RIP. Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow.
Unified Services Router User Manual 3.5.3 Static Routing Advanced > Routing > Static Routing Advanced > IPv6 > IPv6 Static Routing Manually adding static routes to this device allows you to define the path selection of traffic from one interface to another. There is no communication between this router and other devices to account for changes in the path;...
Unified Serv vices Router User Manual Figure 36 : Static ro oute confi iguration fields 3.5.4 O OSPFv2 Advanced > Routing > OSPF SPF is an int erior gatewa ay protocol t that routes In nternet Proto ocol (IP) pac ckets solely w within a sing uting domain...
Page 59
Unified Serv vices Router User Manual Figure 37 : OSPFv2 2 configur ed param eters terface: The p physical netw work interfa ce on which OSPFv2 is E Enabled/Disa abled. atus: This co lumn display ys the Enable e/Disable sta ate of OSPFv v2 for a parti icular interfa...
Unified Serv vices Router User Manual Figure 38 : OSPFv2 2 configur ation 3.5.5 O OSPFv3 Advanced > IPv6 > OSP pen Shortest Path First ve ersion 3 (OS PFv3) suppo orts IPv6. To o enable an O OSPFv3 proc ess on a rou ter, u need to en...
Page 61
Unified Serv vices Router User Manual Figure 39 : OSPFv3 3 configur ed param eters terface: The p physical netw work interfa ce on which OSPFv3 is E Enabled/Disa abled. atus: This co lumn display ys the Enable e/Disable sta ate of OSPFv v3 for a parti icular interfa...
Unified Serv vices Router User Manual Figure 40 : OSPFv3 3 configur ation 3.5.6 6 6to4 Tu nneling Adva anced > IPv v6 > 6to4 Tu unneling o4 is an Inte ernet transiti ion mechanis sm for migra ating from IP Pv4 to IPv6, a system th lows IPv6 p...
Unified Serv vices Router User Manual 3.5.7 I SATAP P Tunne Adva anced > IPv v6 > 6to4 Tu unneling ATAP (Intr ra-Site Auto omatic Tunn nel Address sing Protoco ol) is an IP Pv6 transiti echanism me eant to trans smit IPv6 pa ackets betwee en dual-stac...
Unified Services Router User Manual WAN 3 (3G) Configuration This router supports one of the physical ports WAN3 to be configured for 3G internet access. Setup > Internet Settings > WAN3 Setup WAN3 configuration for the 3G USB modem is available only on WAN3 interface. There are a few key elements of WAN 3 configuration.
Page 65
Unified Serv vices Router User Manual MZ: If this o option is sel lected, you are able to configure th he DMZ por rt on the DM nfiguration m menu. Click Save Settings to s save your ch hanges. Click Don't t Save Settin ngs to revert to the previo...
Unified Services Router User Manual WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network.
Page 67
Unified Serv vices Router User Manual Figure 44 : Physical l WAN po ort setting e 3G USB M Modem can b be configure d as dedicat ted WAN2 fo or DSR-500 and DSR-50 0 0N as well as icated WAN N3 for DSR-1 000 and DSR...
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu.
Unified Serv vices Router User Manual Figure 45 : Wireless s Network k Setup W Wizards 4.1.1 W Wireles s Netw work Set tup Wiz zard This wizard p provides a st ep-by-step g guide to creat te and secure e a new acce ess point on t the router.
Unified Services Router User Manual Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client. ...
Unified Serv vices Router User Manual WPA + WPA A2: this uses s both encryp ption algorith hms, TKIP a and CCMP. W WPA clients will use TK and WPA2 c lients will us se CCMP en cryption alg orithms.
Unified Serv vices Router User Manual Figure 47 : Profile c configura tion to se t network k security 4.2.2 W WPA or r WPA2 with P A pre-shared key (PSK) i is a known p passphrase co onfigured on n the AP and d client both and is used...
Page 73
Unified Serv vices Router User Manual The AP configuratio on page allow ws you to cr reate a new AP and link k to it one o f the availab profiles. This router supports mu ultiple AP’s referred to as virtual ac ccess points (VAPs).
Unified Serv vices Router User Manual Figure 49 : List of c configured d access p points (Vir rtual APs ) shows on ne enable d access point on n the radio o, broadc asting its SSID e clients con nnected to a a particular AP can be v...
Unified Serv vices Router User Manual uning Ra adio Spe ecific Se ettings tup > Wirel less Setting gs > Radio S Settings e Radio Set ttings page l lets you con nfigure the c channels and d power leve els available e for the AP P’s...
Unified Serv vices Router User Manual Figure 51 : Wi-Fi M Multimedia ofile Name: is field allow ws you to sel lect the avail lable profiles s in wireless settings. nable WMM is field allow ws you to ena able WMM t to improve m multimedia tr ransmission.
Page 77
Unified Serv vices Router User Manual Figure 52 : Wireless s Distribu ution Syst This s feature is only guaran nteed to work k only betw een devices of the same e type (i.e. u using the sam chip pset/driver).
Unified Services Router User Manual WDS Encryption - Displays the type of encryption used. It could be one of OPEN/64 bit WEP/128 bit WEP/TKIP/AES (Use the term being used throughout the box i.e. either CCMP or AES). WDS Passphrase - This is required if the encryption selected is TKIP/CCMP. We would expect it to be within 8~63 ASCII characters.
Unified Serv vices Router User Manual Figure 53 : Advance ed Wirele ss commu unication s settings Wi-Fi Prot tected S Setup (W WPS) dvanced > W Wireless Set ttings > WP PS is a simpl lified method d to add supp porting wire less clients t to the netwo...
Page 80
Unified Serv vices Router User Manual Figure 54 : WPS con nfiguratio o n for an AP with W W PA/WPA A2 profile...
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply. To do so, you must define the following: ...
Unified Serv vices Router User Manual utbound (LAN N/DMZ to W WAN) rules r restrict acce ss to traffic leaving you ur network, ectively allo owing only sp pecific local users to acc cess specific outside reso ources. The fault outboun nd rule is to o allow acce ess from the...
Unified Serv vices Router User Manual Figure 56 : List of A Available Schedules s to bind t to a firew wall rule onfiguri ng Firew wall Rule dvanced > F Firewall Set ttings > Fir rewall Rules l configured firewall rul les on the ro outer are dis...
Page 85
Unified Services Router User Manual Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK. A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule.
Page 86
Unified Services Router User Manual This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address. On a single WAN interface, multiple public IP addresses are supported. If your ISP assigns you more than one public IP address, one of these can be used as your primary IP address on the WAN port, and the others can be assigned to servers on the LAN or DMZ.
Page 87
Unified Serv vices Router User Manual Figure 57 : Example e where a n outboun nd SNAT r rule is use ed to map p an external l IP addre ess (209.15 56.200.225 5) to a pr ivate DMZ Z IP address (10.30.30 0.30)
Page 88
Unified Serv vices Router User Manual Figure 58 : The fire ewall rule configura ation page e allows y ou to defi ine the To/From m zone, se rvice, act ion, sched dules, and d specify source/d destinatio n IP addr resses as n needed.
Unified Serv vices Router User Manual onfiguri ng IPv6 Firewal l Rules dvanced > F Firewall Set ttings > IPv v6 Firewall Rules l configured IPv6 firewa all rules on the router ar re displayed d in the Firew wall Rules list t.
Page 90
Unified Serv vices Router User Manual Figure 59 : The IPv 6 firewall l rule conf figuration n page allo ows you t o define the To/F From zone e, service, action, s chedules, and speci source/d destinatio n IP addr resses as n needed.
Unified Serv vices Router User Manual Figure 60 : List of A Available IPv6 Fire ewall Rule 5.4.1 Fi rewall R Rule Co onfigur ration E Example Example 1: A Allow inboun nd HTTP traf ffic to the DM ituation: Yo ou host a pu ublic web ser rver on your...
Page 92
Unified Services Router User Manual Situation: You want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses (132.177.88.2 - 132.177.88.254), from a branch office. Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video conference service used) connections are allowed only from a specified range of external IP addresses.
Page 93
Unified Services Router User Manual Send to Local Server (DNAT IP) 192.168.12.222 ( web server local IP address) Destination Users Single Address From 10.1.0.52 WAN Users Never 4: Bloc Example 4: Block traffic by schedule if generated from specific range of machines Use Case: Block all HTTP traffic on the weekends if the request originates from a specific group of machines in the LAN having a known range of IP addresses, and anyone coming in through the Network from the WAN (i.e.
Page 94
Unified Serv vices Router User Manual Figure 61 : Schedul e configur ration for r the abov v e example...
Unified Serv vices Router User Manual Since we a are trying to bl lock HTTP req quests, it is a s service with T To Zone: Insec cure (WAN1/W WAN2/WAN3) ) that is to be b blocked accor rding to schedu ule “Weekend d”.
Page 96
Unified Services Router User Manual traffic, many custom or uncommon applications exist in the LAN or WAN. In the custom service configuration menu you can define a range of ports and identify the traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will appear in the services list of the firewall rules configuration menu.
Page 97
Unified Serv vices Router User Manual Figure 62 : List of u user defin ed service Figure 63 : Custom Services configura ation eated service es are availab ble as option ns for firewal ll rule config guration. me: Name of f the service for identific cation and m...
Unified Services Router User Manual Type: The layer 3 Protocol that the service uses. (TCP, UDP, BOTH, ICMP or ICMPv6) Port Type: This fields allows to select Port Range or Multiple Ports ICMP Type: This field is enabled when the layer 3 protocol (in the Type field) is selected as ICMP or ICMPv6.
Unified Serv vices Router User Manual Figure 64 : Availabl le ALG su upport on the route PN Pass sthrough h for Fire ewall dvanced > F Firewall Set ttings > VPN N Passthro is router’s f firewall settin ngs can be c configured t o allow encr rypted VPN...
Unified Serv vices Router User Manual Figure 65 : Passthro ough optio ons for VP PN tunnel pplicatio on Rules dvanced > A Application Rules > Ap pplication R Rules plication rul les are also referred to a as port trigg gering.
Unified Serv vices Router User Manual d inbound po orts to open. You can als so specify a p port triggerin ng rule by d efining the pe of traffic (TCP or UD DP) and the range of inc coming and o outgoing por rts to open hen enabled.
Unified Serv vices Router User Manual ntain session n informatio n, can be b locked as w well for all d devices on t the private twork. Figure 67 : Content Filtering g used to b block acce ess to prox xy servers s and prevent...
Unified Serv vices Router User Manual Figure 68 : Two tru sted doma ains adde d to the A Approved URLs Lis 5.9.3 B Blocked d Keyw ords dvanced > W Website Filt ter > Blocke ed Keyword yword block king allows y you to block all website U...
Unified Serv vices Router User Manual Figure 69 : One key yword add ded to the block list 5.9.4 E Export W Web Fi lter dvanced > W Website Filt ter > Expor port Approv ed URLs: Fe eature enable es the user to o export the URLs to be...
Unified Serv vices Router User Manual Figure 70 : Export A Approved d URL list 5.10 IP P/MAC B inding dvanced > IP P/MAC Bin nding nother availab ble security m measure is to o only allow outbound tr raffic (from t the LAN to AN) when th he LAN node...
AN, and a running co ounter will allow the ministrator to o see how m many maliciou us intrusion attempts fro om the WAN have been tected and pr revented. DSR-150/150 0N does not support Intru usion Preven ntion System...
Unified Serv vices Router User Manual Figure 72 : Intrusio on Prevent tion featu res on the e router 5.12 Pr rotecting g from In nternet A Attacks Advanced > Advanced N Network > A Attack Che ecks Attacks can be maliciou us security b breaches or...
Page 108
Unified Serv vices Router User Manual Figure 73 : Protecti ing the ro uter and L LAN from m internet attacks WAN Securit ty Checks: Enable Stealth h Mode: If S Stealth Mode e is enabled, the router w will not respo ond to port cans from th e WAN.
Unified Services Router User Manual Block Multicast Packets: selecting this option drops multicast packets, which could indicate a spoof attack, through or to the gateway. DoS Attacks: SYN Flood Detect Rate (max/sec): The rate at which the SYN Flood can be detected. Echo Storm (ping pkts/sec): The number of ping packets per second at which the router detects an Echo storm attack from the WAN and prevents further ping traffic from that external address.
Page 110
Unified Serv vices Router User Manual Figure 74 : Enablin g IGMP P Proxy for the LAN Enable IGMP P Proxy: sele ecting this a allows the ro outer to liste en in on IG MP traffic hrough the n etwork, and manage mul ticast stream...
Unified Serv vices Router User Manual Chapte er 6. IPse c / PPT TP / L2 2TP VP VPN provide s a secure communicat ion channel (“tunnel”) between tw wo gateway route ers or a remo ote PC client t. The follow wing types of f tunnels can be created:...
Page 112
Unified Serv vices Router User Manual Figure 76 : Example e of three IPsec clie ent conne ctions to t the intern network k through the DSR I IPsec gate eway...
Unified Serv vices Router User Manual PN Wiza tup > Wizar rd > VPN W Wizard u can use th he VPN wiza ard to quickl y create both h IKE and V VPN policies s. Once the E or VPN po olicy is creat ed, you can m modify it as...
Page 114
Unified Services Router User Manual Remote Gateway Type: identify the remote endpoint of the tunnel by FQDN or static IP address Remote WAN IP address / FQDN: This field is enabled only if the peer you are trying to connect to is a Gateway. For VPN Clients, this IP address or Internet Name is determined when a connection request is received from a client.
Unified Services Router User Manual The VPN Wizard is the recommended method to set up an Auto IPsec policy. Once the Wizard creates the matching IKE and VPN policies required by the Auto policy, one can modify the required fields through the edit link. Refer to the online help for details.
Page 116
Unified Serv vices Router User Manual Figure 78 : IPsec po olicy confi iguration nce the tunne el type and e endpoints of f the tunnel are defined you can det ermine the ase 1 / Phase e 2 negotiatio on to use for r the tunnel.
Page 117
Unified Serv vices Router User Manual e VPN polic y is one half f of the IKE/ /VPN policy y pair require ed to establis sh an Auto sec VPN tun nnel. The IP P addresses o of the mach hine or mach hines on the e two VPN...
Page 118
Unified Services Router User Manual As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully. Note that using Auto policies with IKE are preferred as in some IPsec implementations the SPI (security parameter index) values require conversion at each endpoint.
Unified Serv vices Router User Manual Figure 80 : IPsec po olicy confi iguration continued d (Auto / Manual P Phase 2) 6.2.1 E Extende ed Auth henticat tion (XA AUTH) You can also configure e xtended auth hentication ( (XAUTH).
Unified Services Router User Manual With a configured RADIUS server, the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client. You can secure the connection between the router and the RADIUS server with the authentication protocol supported by the server (PAP or CHAP).
Page 121
Unified Serv vices Router User Manual Figure 81 : PPTP tu unnel conf figuration n – PPTP C Client Figure 82 : PPTP V PN conne ction stat Setup > VPN N Settings > > PPTP > P PPTP Server A PPTP VPN N can be estab blished throu...
Unified Serv vices Router User Manual Figure 83 : PPTP tu unnel conf figuration n – PPTP S Server 6.4.2 L L2TP Tu unnel S Support Setup > VPN N Settings > > L2TP > L 2TP Server A L2TP VPN N can be estab blished throu ugh this rout...
Page 123
Unified Serv vices Router User Manual y the L2TP server (the t tunnel endpo oint), L2TP clients have access to th he network managed by th he router. Figure 84 : L2TP tu unnel conf figuration n – L2TP S Server Setup >...
Unified Serv vices Router User Manual he user can a access Status > Active VP PN page and establish L2 2TP VPN tun nnel licking Conn nect. To disc onnect the tu unnel, click D Drop. A L2TP VPN can be estab blished throu ugh this route er.
Unified Serv vices Router User Manual here are two o simple step s involved in n establishin g a GRE tun nnel on the ro outer: . Create a GR RE tunnel fro om the GUI . Setup a stat tic route for the remote l ocal network...
Page 126
Unified Services Router User Manual Mode: OpenVPN daemon mode. It can run in server mode, client mode or access server client mode. In access server client mode, the user has to download the auto login profile from the OpenVPN Access Server and upload the same to connect.
Unified Serv vices Router User Manual Figure 87 : OpenVP PN configu uration 6.6.1 O OpenVP PN Rem mote Ne etwork Setup > VPN N Settings > > OpenVPN N > OpenVP PN Remote N Network (S Site-to- Site) This page allows s the user to o add/edit a r...
Unified Serv vices Router User Manual Figure 88 : OpenVP PN Remote e Network mmon Name: : Common N Name of the O OpenVPN cli ient certifica ate. mote Network k: Network a address of th he remote res source. Subn net Mask: N Netmask of th...
Page 129
Unified Serv vices Router User Manual Figure 89 : OpenVP PN Authen ntication Trus sted Certifi icate (CA C Certificate): Browse an nd upload th he pem form matted CA Certi ificate. Serv ver/Client C Certificate: Browse an nd upload t the pem fo ormatted Ser rver/Client...
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre- installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN.
Page 131
Unified Serv vices Router User Manual Figure 90 : Example e of client tless SSL VPN conn n ections to o the DSR...
Unified Serv vices Router User Manual roups an nd Users dvanced > U Users > Gro e group pa ge allows creating, ed diting and d deleting gro oups. The g groups are sociated to se et of user typ pes.
Page 133
Unified Serv vices Router User Manual Guest U User (read-o only): The gu uest user gai ins read only y access to t the GUI to observe e and review w configurati on settings. The guest do oes not have e SSL VPN access.
Page 134
Unified Serv vices Router User Manual portal with their Active Dire ectory usern name and p assword. If there are multipl le Active Di irectory dom mains, user c can enter the e details for up to two authent tication dom ains.
Page 135
Unified Serv vices Router User Manual Deny L Login from W WAN interfa ace: Enable to prevent t the users of this group from lo ogging in fro om a WAN ( wide area ne etwork) inter rface. In this s case only login th hrough LAN...
Page 136
Unified Serv vices Router User Manual Figure 95 : Browser r policies options licy by IP set policies bye IP for t the group, se elect the cor rresponding g group click “Policy by IP” ”. The follow wing paramet ters are confi igured: ...
Page 137
Unified Serv vices Router User Manual Figure 96 : IP polic ies option gin Policies, Policy by Br rowsers, Poli icy by IP are e applicable S SSL VPN us er only. dvanced > U Users > Use e Users page e allows the administrat or to add, ed...
Unified Serv vices Router User Manual Figure 97 : Availabl le Users w with login status an nd associa ted Group 7.1.1 U Users a and Pas sswords dvanced > U Users > Use The user conf figurations a allow creatin ng users asso ociated to gr roup.
Unified Serv vices Router User Manual Figure 98 : User con nfiguratio on options sing SSL L VPN P Policies tup > VPN Settings > S SSL VPN S Server > SSL L VPN Poli icies L VPN Poli icies can be e created on n a Global, Group, or U...
Page 140
Unified Serv vices Router User Manual Figure 99 : List of S SSL VPN polices (G Global filt add a SSL V VPN policy, you must fi rst assign it to a user, gr roup, or mak ke it global (i.e e.
Page 141
Unified Serv vices Router User Manual Figure 10 0: SSL VP PN policy configura ation To c configure a policy for a single u user or grou up of users , enter the following infor rmation: Policy for: The pol icy can be as ssigned to a group of use...
Unified Services Router User Manual ICMP: Select this option to include ICMP traffic Port range: If the policy governs a type of traffic, this field is used for defining TCP or UDP port number(s) corresponding to the governed traffic. Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic.
Unified Serv vices Router User Manual Figure 10 1: List of configure ed resourc ces, which h are avai lable to a ssign to SSL VPN N policies pplicatio on Port F Forward ding tup > VPN Settings > S SSL VPN S Server >...
Page 144
Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution. This host name resolution provides users with easy-to-remember FQDN’s to access TCP applications instead of error- prone IP addresses when using the Port Forwarding service through the SSL User Portal.
Unified Serv vices Router User Manual Figure 10 2: List of Available e Applicat tions for S SSL Port Forwardi SL VPN Client C Configur ation tup > VPN Settings > S SSL VPN C Client > SSL L VPN Clie n SSL VPN tu unnel client provides a p...
Page 146
Unified Serv vices Router User Manual Figure 10 3: SSL VP PN client adapter a and access s configur ation e router allo ws full tunn nel and split tunnel suppo ort. Full tunn nel mode jus st sends all traf ffic from th e client acro...
Page 147
Unified Serv vices Router User Manual tup > VPN Settings > S SSL VPN C Client > Con nfigured Cl lient Routes the SSL VP PN client is s assigned a an IP addres ss in a diff ferent subne t than the rporate netw work, a client...
Unified Serv vices Router User Manual ser Port tup > VPN Settings > S SSL VPN C Client > SSL L VPN Clie ent Portal hen remote u users want to o access the private netw work through h an SSL tun nnel (either ng the Port Forwarding...
Page 149
Unified Services Router User Manual authentication domain) can be presented with one or more of the router’s supported SSL services such as the VPN Tunnel page or Port Forwarding page. To configure a portal layout and theme, following information is needed: ...
Page 150
Unified Serv vices Router U U ser Manual Figure 10 6: SSL VP PN Portal configur ation...
USB Device Setup Setup > USB Settings > USB Status The D-Link Services Router has a USB interface for printer access, file sharing and on the DSR-1000 / DSR-1000N models, 3G modem support. There is no configuration on the GUI to enable USB device support. Upon inserting your USB storage device, printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral.
Unified Serv vices Router User Manual Figure 10 7: USB D evice Dete ection SB shar e port tup > USB Settings > USB ShareP Port is page allow ws configure the SharePo ort feature av v ailable in th his router.
Page 153
Unified Serv vices Router User Manual Figure 10 8: USB Sh harePort SB-1: able USB P Printer: Selec ct this option n to allow t the USB pri inter connec cted to the uter to be sha ared across th he network.
MS serv tup > USB Settings > S SMS Servic e D-Link Se ervices Rout ter has a US SB interface to connect 3G modem support to nd and receiv ve Short Me ssaging Serv vice.
Unified Serv vices Router User Manual Figure 11 0: SMS Se ervice – R Receive SM e following d details to be provided in Create Mess sage page: Receiver: E Enter the pho one number o of the intend ed receiver o of the messag ...
Page 156
Unified Serv vices Router User Manual rified by a u ser-uploaded d CA certific cate. If SSL e encryption is s not used, p ort 110 ll be used fo or the POP3 a authenticatio on traffic. he DSR route er acts only a as a POP3 cli ient to authe...
Unified Serv vices Router User Manual Figure 11 2: POP3 C CA file up pload 8.4.2 N NT Dom main Se rver tup > Exter rnal Authen ntication > N NT Domain n Settings he NT Domai in server allo ows users an d hosts to au uthenticate th...
Unified Serv vices Router User Manual 8.4.3 R RADIUS S Serve tup > Exter rnal Authen ntication > R RADIUS Se ettings nterprise Mod de for wirele ess security u uses a RADIU US Server fo or WPA and/ /or WPA2 curity.
Unified Serv vices Router User Manual 8.4.4 A Active D Directo ry Serv tup > Exter rnal Authen ntication > A Active Dire ectory Settin ctive Directo ry authentica ation is an en nhanced vers sion of NT D Domain authe entication.
Unified Serv vices Router User Manual he details con nfigured on t the router wi ill be passed for authentic cating the ro outer and hosts. The L LDAP attribu utes, domain n name (DN), , and in some e cases the ministrator a account &...
Page 161
Unified Services Router User Manual The certificates menu allows you to view a list of certificates (both from a CA and self-signed) currently loaded on the gateway. The following certificate data is displayed in the list of Trusted (CA) certificates: CA Identity (Subject Name): The certificate is issued to this person or organization Issuer Name: This is the CA name that issued this certificate Expiry Time: The date after which this Trusted certificate becomes invalid...
Page 162
Unified Serv vices Router User Manual Figure 11 7: Certifi cate summ mary for I IPsec and HTTPS m manageme...
> P Package Ma anager package is a set of files w which are ins stalled by the e router from m D-Link’s r epositories. is feature al llows users to download d new driver rs for suppo orted USB d...
Page 164
G GUI now sup pports. Only y drivers pr rovided by D D-Link can be used for manual ins tallation. A validation proc cess will be p performed du uring installa ation.
Page 165
Unified Serv vices Router User Manual anual Install: User can up pload the pro ovided driver r package for r installation owse: The u ser can choo ose the pack kage to uploa ad. Click on “Install” to save your anges.
Page 166
Unified Serv vices Router User Manual stall History: : This displa ays the histo ory of the la anguage pack ks installed/u uninstalled eviously alo ong with th e respective e date and time to sh how when they were talled/uninst talled.
Unified Serv vices Router User Manual Chapte er 9. ministra ation & & Mana agemen onfigura ation Ac cess Co ontrol e primary m means to conf figure this g gateway via t the browser- -independent t GUI. The UI can be ac ccessed from m LAN node by using th...
Unified Serv vices Router User Manual Figure 12 3: Admin Settings 9.1.2 R Remote e Manag gement ols > Admi n > Remote e Managem Both HTTPS and telnet access can b be restricted d to a subset t of IP addr resses.
Unified Serv vices Router User Manual Figure 12 4: Remote e Managem ment from m the WAN 9.1.3 C CLI Acc cess n addition to the web b-based GU UI, the gate eway suppo orts SSH a and Telnet management for comman nd-line inter raction.
Page 170
Unified Serv vices Router User Manual Figure 12 5: SNMP Users, Tr raps, and Access Co ontrol ols > Admi n > SNMP System Inf e router is identified b by an SNMP P manager via the Sys stem Inform ation.
Unified Serv vices Router User Manual Figure 12 6: SNMP system in nformation n for this router onfiguri ng Time e Zone a nd NTP ols > Date and Time u can config gure your tim me zone, whe ether or not t o adjust for D Daylight Sav vings Time,...
Unified Serv vices Router User Manual Figure 12 7: Date, T Time, and NTP serv ver setup og Confi iguration is router allo ows you to c capture log m messages for r traffic throu ugh the firew wall, VPN, d over the w ireless AP.
Page 173
Unified Services Router User Manual Kernel: This refers to the Linux kernel. Log messages that correspond to this facility would correspond to traffic through the firewall or network stack. System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for managing the unit.
Page 174
Unified Serv vices Router User Manual Figure 12 8: Facility y settings for Logg The display f for logging c can be custom mized based d on where th he logs are s sent, either Statu us > Logs he Event Lo g viewer in the GUI (th he Event Log...
Page 175
Unified Services Router User Manual tries to make an SSH connection, those packets will be accepted and a message will be logged. (Assuming the log option is set to Allow for the SSH firewall rule.) Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment.
Page 176
Unified Serv vices Router User Manual Figure 12 9: Log co nfiguratio on options s for traff fic throug h router Tools > Log Settings > IPv6 loggin This page allo ows you to c onfigure the IPv6 loggin...
Unified Serv vices Router User Manual Figure 13 0: IPv6 L og configu uration op ptions for r traffic th hrough ro uter 9.4.2 S Sending g Logs to E-m ail or S Syslog Tools > Log Settings > Remote Lo ogging Once you hav ve configure...
Page 178
Unified Serv vices Router User Manual Figure 13 1: E-mail configura ation as a Remote L Logging o ption An external S Syslog server r is often use ed by networ k administra ator to collec ct and store ogs from the e router.
Unified Serv vices Router User Manual ent to the co onfigured (an nd enabled) S Syslog serve er once you s save this con nfiguration age’s setting Figure 13 2: Syslog server co nfiguratio on for Rem mote Logg ging (cont tinued) 9.4.3 E Event L...
Unified Serv vices Router User Manual Figure 13 3: VPN lo ogs display yed in GU UI event v iewer acking u up and R Restorin g Config guration n Setting ols > System u can back up the rou ter’s custom m configurat ion settings...
Unified Serv vices Router User Manual To restore your saved se ettings from a backup file, cl lick Browse th hen locate the file on the host. After r clicking Rest tore, the router r begins impor rting the file’s s saved config guration settings.
Check k Now butt ton in the tification sec ction, the rou uter will che eck a D-Link k server to se ee if a newe r firmware rsion for this s router is av vailable for d...
To use DDNS, you must up an accou unt with a D DDNS provi ider such as s DynDNS.o org, D-Link DDNS, or ay.net. ch configur ed WAN c can have a different D DDNS servi ce if requi ired.
Unified Serv vices Router User Manual Figure 13 7: Dynam mic DNS co onfigurati sing Dia agnostic Tools ols > System m Check e router has built in tool ls to allow a an administra a tor to evalu ate the comm munication tus and over all network h...
Unified Serv vices Router User Manual Figure 13 8: Router r diagnost ics tools a available i in the GU 9.9.1 P Ping This utility c an be used t to test conne ectivity betw ween this rou uter and anot ther device n the netwo rk connected...
Unified Serv vices Router User Manual Figure 13 9: Sample e trace rou ute outpu 9.9.3 D DNS Lo okup To retrieve th he IP address s of a Web, FTP, Mail o or any other server on th he Internet, ype the Inter rnet Name in n the text box...
Unified Serv vices Router User Manual 9.10 Lo ocalizati ols > Set La anguage e router GUI I displays co ontent in En glish by def fault. The pa ackage manag ger feature s to be enabl ed so that th he appropriat e language o of the installe...
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DSR Status page, and then the resulting hardware resource and router usage details are summarized on the router’s Dashboard.
Page 189
Unified Serv vices Router U U ser Manual Figure 14 1: Device Status di splay...
Unified Serv vices Router User Manual Figure 14 2: Device Status di splay (con ntinued) 10.1.2 R Resourc ce Utili zation Status > Dev vice Info > Dashboard The Dashboar rd page pres sents hardwa are and usage e statistics. The CPU an nd Memory tilization is...
Page 191
Unified Serv vices Router U U ser Manual Figure 14 3: Resour rce Utiliza ation stati istics...
Page 192
Unified Serv vices Router U U ser Manual Figure 14 4: Resour rce Utiliza ation data a (continue e d)
Unified Serv vices Router User Manual Figure 14 5: Resour rce Utiliza ation data a (continue 10.2 Tr raffic Sta atistics 10.2.1 W Wired P Port Sta atistics Status > Tra affic Monito or > Device e Statistics Detailed tran smit and rec ceive statisti ics for each...
Unified Serv vices Router User Manual Figure 14 6: Physica al port sta atistics 10.2.2 W Wireles s Statis stics Status > Tra affic Monito or > Wirele ess Statistics The Wireless s Statistics tab displays s the increm menting traf ffic statistics s for each nabled acces...
Unified Serv vices Router User Manual Figure 14 7: AP spe cific stati istics 10.3 Ac ctive Co onnectio 10.3.1 S Session ns throu ugh the e Route Status > Act tive Session This table li ists the acti ive internet sessions th hrough the router’s fire...
Page 196
Unified Serv vices Router U U ser Manual Figure 14 8: List of current A Active Fir rewall Sessions...
Unified Serv vices Router User Manual 10.3.2 W Wireles s Clien Status > Wir reless Clien The clients c connected to a particular r AP can be e viewed on n this page. Connected lients are so rted by the M MAC addres ss and indica ate the secur...
Unified Serv vices Router User Manual Figure 15 0: List of LAN host 10.3.4 A Active V VPN Tu nnels Status > Act tive VPNs You can view w and change e the status ( (connect or d drop) of the router’s IPse ec security ssociations.
Page 199
Unified Serv vices Router User Manual Figure 15 1: List of current A Active VP N Session All active SSL L VPN conn ections, both h for VPN tu unnel and VP PN Port forw arding, are isplayed on t this page as well.
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router’s web-configuration interface from a PC on your LAN. Recommended action: Check the Ethernet connection between the PC and the router. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC’s address should be in the range 192.168.10.2 to 192.168.10.254.
Page 201
Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: www.google.com Launch your browser and go to an external site such as http://192.168.10.1 Access the firewall’s configuration main menu at Monitoring >...
Unified Services Router User Manual Symptom: Router can obtain an IP address, but PC is unable to load Internet pages. Recommended action: Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation.
Unified Services Router User Manual Observe the display: If the path is working, you see this message sequence: Pinging <IP address> with 32 bytes of data Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message sequence: Pinging <IP address>...
Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is connected and functioning. Ask your ISP if it assigned a hostname to your PC. Network Configuration >...
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.
Unified Services Router User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. CHAP Dynamic DNS. System for updating domain names in real time. Allows a domain name to be DDNS assigned to a device with a dynamic IP address.
Page 208
Unified Services Router User Manual Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP PPPoE without the ISP having to manage the allocation of IP addresses. Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data PPTP from remote clients to private servers over the Internet.
Appendix B. Factory Default Settings Feature Description Default Setting User login URL http://192.168.10.1 User name (case sensitive) admin Device login Login password (case sensitive) admin WAN MAC address Use default address Internet WAN MTU size 1500 Connection Port speed Autosense IP address 192.168.10.1 IPv4 subnet mask...
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message Severity Log Message Severity DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to rowId:%d DEBUG command %s ERROR BridgeConfig: too few arguments to networkIntable.txt not found DEBUG command %s ERROR...
Page 213
Unified Services Router User Manual nimfAdvOptSetWrap: user has changed MTU option DEBUG ddns: SQL error: %s ERROR nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old Port Speed Option: %d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap: old Mac Address...
Page 214
Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d DEBUG Failed to commit ERROR %s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR sipTblHandler:failed to update Configport DEBUG %s: Failed to commit "...
Page 215
Unified Services Router User Manual nimfGetUpdateMacFlag: unable to get pPrivSep: %s DEBUG Flag from MacTable ERROR %s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address opCode:%d rowId:%d DEBUG failed ERROR Re-Starting sshd daemon..DEBUG sqlite3QueryResGet failed.Query:%s ERROR sshd re-started successfully. DEBUG error executing the command %s ERROR sshd stopped .
Page 216
Unified Services Router User Manual Subnetaddress should be provided GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR IdleTimeOutValue: %d DEBUG unable to open the " ERROR AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR executing %s ... %s DEBUG Error in executing DB update handler ERROR...
Page 217
Unified Services Router User Manual %s: buffer overflow DEBUG Failed to clear vlan for %d ERROR %s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR Failed to set vlan entries, while %s: returning with status: %s DEBUG enabling \...
Page 219
Unified Services Router User Manual pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR pppoeMgmtTblHandler: pppoe enable l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR pppoeMgmtDBUpdateHandler: failed l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR...
Page 220
Unified Services Router User Manual dhcpcMgmtTblHandler: dhclient The Enable Command is %s ERROR enable failed ERROR l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler: dhcpc disable l2tpDisable: command string: %s ERROR failed ERROR dhcpcMgmtDBUpdateHandler: failed l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR...
Page 221
Unified Services Router User Manual Setting message in fragment buffer: Created EAP/PEAP context: OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL: Deleted EAP/PEAP context: OK DEBUG ERROR ERROR Upper EAP sent us: decision = %d method state = %d DEBUG Setting last fragment: ERROR ERROR...
Page 222
Unified Services Router User Manual Error rcvd. opCode %d. DEBUG Plugin context is NULL ERROR pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR TLS message len changed in the fragment, ignoring. DEBUG Generating NT response: Error ERROR no data to send while fragment ack received.
Page 223
Unified Services Router User Manual pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR Error calculating binary. DEBUG _eapCtxCreate failed. ERROR %d authentication not enabled in the Error calculating binary. DEBUG system. ERROR Initializing inner non-EAP auth plugin: adpDigestInit for SHA1 failed.
Page 224
Unified Services Router User Manual password change is not allowed for this EAP-PEAP not enabled in system user DEBUG configuration. ERROR EAP-WSC not enabled in system completed writing the policy DEBUG configuration. ERROR PAP not enabled in system completed writing the SA DEBUG configuration.
Page 225
Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR state machine is in invalid state.
Page 226
Unified Services Router User Manual Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR radSendtoServer: bind() Failed: %s: MEM LOG File not found DEBUG ERROR cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed: update query: %s DEBUG ERROR radRecvfromServer: Packet too small...
Page 227
Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR ERROR: incomplete DB update Adding Dictionary Value %s DEBUG information. ERROR old values result does not contain 2 Receiving attribute: %s DEBUG rows ERROR Processing attribute: %s DEBUG...
Page 228
Unified Services Router User Manual Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR Primary is not available, " DEBUG ERROR: option value not specified ERROR Secondary is not available, "...
Page 229
Unified Services Router User Manual timeout after semTake DEBUG memPartAlloc for %d size failed ERROR srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR No Handler registered for this UMI Un-registerting component with Id %d DEBUG context ERROR failed to send ioctl request: dst(%d) <--- Couldn't find component with ID src(%d)
Page 230
Unified Services Router User Manual cpuMemUsageDBUpdateHandler: SQL error: %s ERROR Invalid Privacy Algorithm ERROR unable to open the DB file %s ERROR Failed to Get Host Address ERROR umiInit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database.
Unified Services Router User Manual wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG Deleting schedule based firewall rules Traffic limit has been reached DEBUG from DB. DEBUG Traffic meter monthly limit has been Update schedule based firewall rules in changed to %d.
Page 232
Unified Services Router User Manual Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG Enabling attack check for IPsec. DEBUG Deleting Trusted Domain \ DEBUG Enabling attack check for PPTP.
Unified Services Router User Manual Internet on port %d %d:%d:%d:%d:%d Enabling remote access management Disabling Port Trigger Rule for for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG Enabling remote access management to Adding Port Trigger Rule for only this PC. DEBUG %d:%d:%d:%d:%d DEBUG Disabling Management Access from...
Page 234
Unified Services Router User Manual Update FirewallRules6 where fwLBSpillOverConfigure: Could not set ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure: Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules.c: unable to open deleting interface to ifgroup failed DEBUG the database file "...
Page 235
Unified Services Router User Manual Facility: Local0 (Wireless) Log Message Severity Log Message Severity (node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x)
Page 236
Unified Services Router User Manual PNAC_EVENT_PREAUTH_SUCCESS event for : %s DEBUG UDP failed, received Length is %d ERROR event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR...
Page 237
Unified Services Router User Manual DOT11_RX_EAPOL_KEYMSG: sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR creating pnac authenticator with values %d %d - %s DEBUG cmd %d not supported.sender=%d ERROR Profile %s does not exist DEBUG inteface name passed is NULL ERROR IAPP initialized.
Page 238
Unified Services Router User Manual pnacRecvRtn: no corresponding pnac port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR sending unicast key DEBUG Invalid IE. ERROR umiIoctl(UMI_COMP_KDOT11_VAP, sending broadcast key DEBUG %d ) failed ERROR from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d ,% pnacTxCannedFail DEBUG d) failed ERROR from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I...
Page 239
Unified Services Router User Manual from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor pktType = %d DEBUG version ERROR from pnacPDUProcess: received eapolRecvKeyMsg: incorrect PNAC_EAP_PACKET DEBUG descriptor version ERROR eapolRecvKeyMsg: Ack must not be from pnacPDUProcess: currentId = %d DEBUG ERROR from pnacPDUProcess: code = %d,...
Page 240
Unified Services Router User Manual from pnacBackAuthFail: calling pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR %s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR %s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR could not process PDU received from the...
Page 241
Unified Services Router User Manual phyPort:%s pnacRadXlateRadPktIntegrityChk: no corresponding " Error from pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no onfig failed WARN message " ERROR pnacPortPaeDeconfig:kpnacPortPaeDec Error from onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR From pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no the destination " WARN encapsulated eap "...
Page 242
Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate association ERROR buffer ERROR Invalid association mode. (Allowed PNAC user comp id not set. dropping modes : PIN/PBC) ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet: invalid wpsEnable: running wsccmd failed ERROR buffer received ERROR...
Page 243
Unified Services Router User Manual Error from pnacAuthInit: Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR Profile supports WEP stas,Group cipher Error from pnacAuthInit: must be WEP ERROR pnacReauthTimerInit failed ERROR Error from pnacAuthInit: Profile %s does not exist ERROR pnacBackAuthInit failed ERROR Error from pnacAuthInit: pnacCtrlDirInit...
Page 244
Unified Services Router User Manual pnacEapRadAuthSend: Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend: failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR: incomplete DB update information. ERROR pnacXmit : umiIoctl failed[%d] ERROR old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR...
Page 246
Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG ifmedia_ioctl: switching %s to , dev- PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG PPP: VJ decompression error DEBUG...
Page 248
Unified Services Router User Manual %s: flow dst=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG %s: flow src=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG a guy asks for address mask. Who is it? DEBUG tkip decap failed DEBUG icmp v4 hw csum failure)
Page 249
Unified Services Router User Manual ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, DEBUG txmic DEBUG UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG UDP: bad checksum. From %d.%d.%d.%d:%d to %s: unable to update h/w beacon %d.%d.%d.%d:%d ulen %d, DEBUG queue parameters, DEBUG...
Page 250
Unified Services Router User Manual %s: failed to register sysctls!, sc- ipt_time loading DEBUG >sc_dev->name DEBUG %s: mac %d.%d phy %d.%d, dev- ipt_time unloaded DEBUG >name, DEBUG ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio must be a positive integer DEBUG %d.%d, DEBUG...
Page 251
Unified Services Router User Manual IPSEC_ERR [%s:%d]: Max (%d) No of WINDOW=%u , ntohs(th->window) DEBUG SA Limit reached, DEBUG RES=0x%02x , (u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No of TCP_RESERVED_BITS) >> 22) DEBUG SA Limit reached, DEBUG URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG...
Page 252
Unified Services Router User Manual %s: Error. DST Refcount value less PHYSOUT=%s , physoutdev->name DEBUG than 1 (%d), DEBUG for %s DEVICE refcnt: %d ,pDst- MAC= DEBUG >dev->name, DEBUG %s: Got Null m:%p *m:%p sa:%p %02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG %s Got Deleted SA:%p NAT: no longer support implicit source state:%d,__func__,pIPsecInfo,pIPsecIn...
Page 253
Unified Services Router User Manual >msg_iov[i].iov_base)[j] %02X, skb->data[i] DEBUG De initializing by \ INFO _lvl PPPOL2TP: _fmt, ##args DEBUG kernel UMI module loaded INFO %02X, ptr[length] DEBUG kernel UMI module unloaded INFO %02X, ((unsigned char *) m- >msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO %02X, skb->data[i] DEBUG...
Page 254
Unified Services Router User Manual test key, key DEBUG %s: %s (, dev_info, ath_hal_version INFO pre-hashed key, key DEBUG %s: driver unloaded, dev_info INFO const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO AES 128-bit key, &key DEBUG %s: Version 2.0.0 INFO...
Page 255
Unified Services Router User Manual Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: INFO AES %s Decrypt Test Duration: %d:%d, hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: Source INFO Wrong address mask %u.%u.%u.%u Failed to set AES encrypt key DEBUG from INFO...
Page 256
Unified Services Router User Manual MD5 Software Test %s, %s: options rejected: o[0]=%02x, WARNIN md5SoftTest(0) ? Failed : Passed DEBUG o[1]=%02x, WARNIN MD5 Hardware Test: DEBUG %s: don't know what to do: o[5]=%02x, MD5 Hardware Test %s, *** New port %d ***, ntohs(expinfo- WARNIN md5HardTest(0) ? Failed : Passed DEBUG...
Page 257
Unified Services Router User Manual Value = %x ::: At Page = %x : Addr = cix %u (%u) bad ratekbps %u mode WARNIN DEBUG WARNIN REG Size == 32 Bit DEBUG %s: no rates for %s?, Value = %x ::: At Page = %x : Addr = no rates yet! mode %u, sc- WARNIN DEBUG...
Page 258
Unified Services Router User Manual from WARNIN %s(): ADDBA mode is AUTO, __func__ DEBUG martian source %u.%u.%u.%u from WARNIN %s(): Invalid TID value, __func__ DEBUG ll header: Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR %s(): Channel capabilities do not match, chan flags 0x%x, DEBUG Unable to create ip_set_hash...
Unified Services Router User Manual Appendix F. Product Statement 1. DSR-1000N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules.
Page 268
Unified Serv vices Router User Manual IMPORTANT NOTE: Radia ation Exposur re Statement This equipme nt complies w with IC radiatio on exposure l imits set forth h for an uncon ntrolled enviro onment. End users must fo ollow the spec cific operating instructions f for satisfying...
Page 269
Česky požadavky y a dalšími přís slušnými ustan noveními smě rnice 1999/5/E [Czech] Undertegn nede [D-Link C Corporation] e erklærer herv ed, at følgen de udstyr [DS SR-1000N] Dansk overholder r de væsentlig e krav og øvri...
Page 270
U Unified Serv vices Router User Manual [D-Link Co orporation] de eclara que es ste [DSR-1000 0N]está confo orme com os requisitos Português essenciais e outras dispo osições da Dir rectiva 1999/5 5/CE. [Portuguese] [D-Link Co orporation] izja avlja, da je ta...
Page 271
Unified Services Router User Manual 2.DSR-500N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 272
Unified Serv vices Router User Manual Europe – EU Declaration o of Conformity This device co omplies with th he essential re equirements of f the R&TTE D Directive 1999/ /5/EC. The foll lowing test methods h have been app plied in order t to prove presu umption of con...
Page 273
Česky požadavky a dalšími přís slušnými ustan noveními směr rnice 1999/5/E [Czech] Undertegne ede [D-Link Co orporation] erk klærer herved, , at følgende u udstyr [DSR-50 00N] Dansk overholder de væsentlige e krav og øvrig ge relevante k rav i direktiv 1 999/5/EF.
Page 274
U Unified Serv vices Router User Manual [D-Link Co orporation] dec clara que este e [DSR-500N]e está conforme com os requis sitos Português essenciais s e outras disp posições da D irectiva 1999/5 5/CE. [Portuguese [D-Link Co orporation] izja avlja, da je ta [...
Page 275
Unified Serv vices Router User Manual 3.DSR-250 Federal Comm munication C Commission In nterference S Statement This equipmen nt has been te ested and foun nd to comply w with the limits f for a Class B digital device, pursuant to Part 15 of the e FCC Rules.
Page 276
Unified Services Router User Manual Regulatory statement (R&TTE) European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400- 2.4835GHz; In France, the equipment must be restricted to the 2.4465-2.4835GHz frequency range and must be restricted to indoor use. Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied.
Page 277
Unified Services Router User Manual 4. DSR-150N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 278
Unified Serv vices Router User Manual Electromagnet tic compatibilit ty and Radio S Spectrum Matt ters (ERM); El lectroMagnetic c Compatibility y (EMC) standard for ra adio equipmen nt and services s; Part 1: Com mmon technica l requirements EN 301 489-1 7 V2.1.1 (2009 9-05) Electromagnet...
Page 279
Unified Serv vices Router User Manual [Hungarian] követelmén nyeknek és az z 1999/5/EC irá ányelv egyéb elõírásainak. Niniejszym [nazwa produ ucenta] oświad dcza, że [nazw wa wyrobu] jes st zgodny z zas sadniczymi Polski wymogami oraz pozostał łymi stosowny ymi postanowie eniami Dyrekty ywy 1999/5/EC [Polish]...