HP PS110 Configuration And Administration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Wireless Router
  5. PS110
  6. Configuration and administration manual
HP PS110 Configuration And Administration Manual

HP PS110 Configuration And Administration Manual

Wireless 802.11n vpn router
Hide thumbs Also See for PS110:
Table of Contents

Advertisement

Quick Links

HP PS1 10 Wireless 802.1 1n VPN Router
Configuration and Administration Guide
HP Part Number: 5998-6595
Published: January 2015
Edition: 1

Advertisement

Table of Contents
loading

Related Manuals for HP PS110

Summary of Contents for HP PS110

  • Page 1 HP PS1 10 Wireless 802.1 1n VPN Router Configuration and Administration Guide HP Part Number: 5998-6595 Published: January 2015 Edition: 1...
  • Page 2 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Step 3: Specify wireless settings......................15 Step 4: Summary..........................16 3 Servers..................... 17 Monitored Servers............................17 4 Managing the HP PS110 system ..............19 Viewing the router status ...........................19 Setting the HP PS1 10 mode ........................20 General administration settings ........................21 System information (General) settings ....................21 Administrator login credentials ......................21...
  • Page 4 DHCP client list............................45 VLAN settings............................45 IGMP settings ............................47 7 Wireless configuration ................49 Viewing wireless interface status ....................... 49 Basic wireless settings..........................50 Configuring virtual access point interfaces..................... 52 Configuring wireless security ....................... 53 Advanced wireless settings ........................61 WDS settings ............................
  • Page 5 Scheduling............................123 Support file ............................125 Viewing the EULA ..........................125 16 Support and other resources ..............127 Online documentation ..........................127 Contacting HP ............................127 HP websites ............................127 Conventions ............................128 A Resetting to factory defaults ..............129 Factory reset procedures .........................129 Using the reset button........................129 Using the management interface......................129...

  • Page 7: Deploying The Hp Ps110

    The PS1 10 router is designed for stacking on top of an HP ProLiant MicroServer Gen 8 Server. To be able to discover and monitor the health status of HP servers from the PS1 10, connect a network cable between any available LAN port on the PS1 10 and the server iLO port located on the back of the server (bottom right corner).
  • Page 8 VPN (IPSec, PPTP, L2TP/IPSec) tunnel connection to the client, which can then access the computers and servers in the office network. The remote client can be a Windows or Mac computer, or any Apple iOS or Android mobile device. Deploying the HP PS110...
  • Page 9 PS110 Server In the following scenario, four HP PS1 10s provide a virtual private network (VPN) across the Internet between a headquarters and three branch offices. The PS1 10 #1 forms secure VPN tunnel connections to PS1 10 #2, PS1 10 #3, and PS1 10 #4 at three branch locations. The computers on each branch network can access the computers and servers on the headquarters network.
  • Page 10 Deploying the HP PS110...

  • Page 11: Using The Wizard Setup

    Automatically running the Wizard Setup the first time you log in The first time you log in to the management interface (see the HP PS1 10 Wireless VPN Router Quickstart for first time login procedure), the HP end user license agreement displays. When you accept the agreement, a page displays to enable you to select your country so that wireless radio settings are configured appropriately.

  • Page 12: Step 2: Specify Wan Settings

    Choose either to configure the system time manually or have it automatically configured by an NTP server. You can also enable support for daylight savings time, if required for your location For more information on setting the system time, see “System time settings”...
  • Page 13 For more information on the WAN DHCP Connection Type, see “DHCP IP address” on page Connection Type: Static IP Address The Static IP Address Connection Type sets the router to operate with a fixed IP address. If your ISP provides you with a static IP address, subnet mask, and ISP gateway address, enter them in the spaces provided.
  • Page 14 Connection Type: PPTP The Point-to-Point Tunneling Protocol (PPTP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tunnel” connection between the service provider and the local network. Enter the specific PPTP information assigned by your ISP. For more information on the WAN PPTP Connection Type, see “PPTP”...

  • Page 15: Step 3: Specify Wireless Settings

    Step 3: Specify wireless settings The PS1 10 router supports a dual-band single radio for 2.4 GHz or 5 GHz operation. This means that the PS1 10 can operate at 2.4 GHz or 5 GHz, but not both at the same time. By default, the radio is enabled on the 2.4 GHz band.

  • Page 16: Step 4: Summary

    Configure wireless security for the default wireless community. The PS1 10 has no wireless security configured by default. HP recommends that WPA2 be configured for maximum security. Leaving the Authentication Mode setting as Open or using WEP security is not recommended.

  • Page 17: Servers

    There is a limit of ten servers that can be monitored. Note Server discovery and monitoring works with any HP ProLiant Server running iLO v1.4 or later. To discover and monitor servers running in IPv4-based environments, be sure to clear the iLO Client Applications use IPv6 first checkbox in the server’s iLO port IPv6 settings.
  • Page 18 Server: iLO IP Address Displays the IP address (IPv4 or IPv6) of the monitored server. Click the IP address to connect to the server. If the iLO IP address has changed, an alert icon is shown next to the IP address. Click the icon to update the link to display the new IP address.

  • Page 19: Managing The Hp Ps110 System

    The HP PS1 10 is managed via its web-based management interface using Microsoft Internet Explorer 8 or later, Google Chrome v29, or Mozilla Firefox v24 or later. You can access the HP PS1 10 management interface using either http or https. Using https is more secure, but you will see a warning because the security certificate is issued by the router and not a known certificate authority.

  • Page 20: Setting The Hp Ps1 10 Mode

    Displays the current status of a device attached to the router's USB port. SNMP Displays the status of the Simple Network Management Protocol feature. Setting the HP PS1 10 mode The System > Mode page configures the operation mode of the router. The device supports the following Router and Bridge modes: •...

  • Page 21: General Administration Settings

    General administration settings The System > Admin page configures the following settings for the router. System information (General) settings Configures settings that help identify the router, including the system name, location, and the name of a person to contact for administrative purposes. The system name appears on the banner and login screen.

  • Page 22: Configuring Web Server Settings

    Session Timeout Configure the Session Timeout for automatic log out from the web interface. If there is no activity on the management session for the specified time, then the administrator will be automatically logged off. Managing the HP PS110 system...

  • Page 23: Configuring Trusted Users

    A maximum of five rules can be defined. System time settings Correct system time is important for proper operation of the HP PS1 10, especially when using the logs to troubleshoot. Select System > System time to open the System Time page. This page enables you to configure time server and time zone information.
  • Page 24 Custom Entry. • Custom Entry: Specifies the IP address or name of an NTP server. • Set Time Zone: The local time zone where the router is installed. Managing the HP PS110 system...

  • Page 25: Daylight Saving

    To configure SNMP, set the following options: • Enable SNMP: Use this checkbox to enable/disable the SNMP agent. By default, the SNMP agent is disabled. When the agent is disabled, the HP PS1 10 does not respond to SNMP requests. Configuring SNMP...

  • Page 26: Managing System Logs

    You can specify the minimum severity level of the log messages to write to the system log. In the following list, the severity levels are listed from most severe (top) to least severe (bottom): • Emergency indicates that the system is unusable. It is the highest level of severity. Managing the HP PS110 system...

  • Page 27: Events

    • Alert indicates action must be taken immediately. • Critical indicates critical conditions. • Error indicates error conditions. • Warning indicates warning conditions. • Notice indicates normal but significant conditions. • Informational indicates informational messages. • Debug indicates debug-level messages. For example, if you select Critical, only critical, alert, and emergency messages are written to the log.

  • Page 28: Proxy Arp Settings

    LAN network. That is, traffic between the public network and the host computer on the LAN is still subject to the rules and policies configured on the router. A maximum of eight rules can be defined. Managing the HP PS110 system...
  • Page 29 To configure Proxy ARP, set the following options: Enable ARP Proxy Enables the feature on the router. Name A text name (1-31 alphanumeric or special characters) that describes the Proxy ARP service. (Do not use characters ` " & ' # \) Popular Services Selects common protocols that identify traffic that can be forwarded through the router to a host computer on the local LAN.

  • Page 30: Rebooting The Router

    For maintenance purposes or as a troubleshooting measure, you can reboot the HP PS1 10 by selecting Reboot. The process may take several minutes during which time the AP is unavailable. The HP PS1 10 resumes normal operation with the same configuration settings it had before the reboot.
  • Page 31 Interface Statistics Displays a summary of traffic statistics for the WAN and LAN ports. Set the poll interval for updating statistics on the page and click Start. You can also click Refresh anytime to immediately update values. Click Reset Counters to set all statistics values back to zero.
  • Page 32 Managing the HP PS110 system...

  • Page 33: Wan Configuration

    5 WAN configuration The WAN pages are used to configure the parameters for your Internet connection. The information necessary to set up a connection can be obtained from your ISP. Check with your ISP first to find out what type of connection you should choose. Viewing the WAN interface status The Status page displays the setting of the WAN interface.

  • Page 34: Settings

    DDNS The status of a dynamic DNS service. MAC Clone Indicates if the WAN port MAC address has been copied from a LAN computer. Settings The WAN settings page configures the method that the router uses to connect to an ISP through the WAN port.

  • Page 35: Static Ip Address

    Static IP address The Static IP address mode sets the router to operate with a fixed IP address to connect to the Internet. If your ISP uses static IP addressing, you need an IP address, subnet mask, and ISP gateway address. This information is available from your ISP or on the paperwork that your ISP left with you.
  • Page 36 The service name is typically optional, but may be required by some service providers. The service name defines the attributes used to set up a dynamic PPPoE subscriber interface. HP recommends that you do not enter a service name unless your service provider instructs you to do so.

  • Page 37: Pptp

    Sets the size of the Maximum Transmission Unit (MTU) for the largest packet that the network protocol can transmit. Manual Connection: You can click Connect and Disconnect to connect or disconnect the PPPoE connection immediately. Multiple-PPPoE Allows you to configure a second PPPoE session to run over the same connection. The second session connects to another PPPoE server and the configuration allows routing rules to be defined so that different clients can be routed through either PPPoE channel.

  • Page 38: L2Tp

    Server IP Enter the PPTP server IPv4 address as assigned by your ISP. Username Enter your ISP-assigned user name. (Do not use characters ` " & ' # \) Password Enter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \) Confirm Password Enter the password again to confirm it.

  • Page 39: Ddns

    Password Enter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \) Confirm Password Enter the password again to confirm it. Idle Time Select the number of minutes to elapse without activity before the L2TP connection is disconnected.

  • Page 40: Mac Clone

    The DDNS related parameters are described as follows: Enable DDNS Select to use a Dynamic DNS service. DDNS Server This is the name of your Dynamic DNS service provider. Domain Name The name of your host domain. Username Enter the user name assigned by your DDNS service. (Do not use characters ` " & ' # \) Password Enter your password.

  • Page 41: Lan Configuration

    6 LAN configuration The HP PS1 10 router is equipped with a DHCP server that automatically assigns IP addresses to each computer on your network. The factory default settings for the DHCP server work with most applications. If you need to make changes to the settings, the LAN setting pages allow you to: •...

  • Page 42: Lan Settings

    This page includes the following information: Displays current settings for the default VLAN. • MAC address: The Ethernet base MAC address of the router. • IP address: The IPv4 address of the router. • Subnet mask: The subnet mask for the IP address. •...
  • Page 43 This page includes the following settings: IP Address The IPv4 address of the router for the default VLAN. Subnet Mask There should be no need to change the subnet mask; however, it is possible to change the subnet mask if necessary. Only make changes to the subnet mask if you have a specific reason to do so.

  • Page 44: Dhcp Relay

    DHCP relay Dynamic Host Configuration Protocol (DHCP) can dynamically allocate IP addresses and other configuration information to network clients that broadcast a request. To receive broadcast requests, a DHCP server would normally have to be in the same broadcast domain (VLAN) as the clients.

  • Page 45: Dhcp Client List

    DHCP client list The DHCP Clients List displays the IP address, host name, MAC address, and client type of each client that has requested an IP address since the last reboot of the router. Only clients that have requested an IP address since the router’s last reboot and fixed associations are displayed in this list.
  • Page 46 On the Add VLAN page, you can set the parameters to configure the behavior of VLANs. This page includes the following settings: Name A text description of the VLAN. (Do not use characters ` " & ' # \) IP Address The IP address of the VLAN interface.

  • Page 47: Igmp Settings

    Enable IGMP Snooping Enables the feature that blocks unnecessary IP multicast traffic from flooding VLAN ports without a specific multicast membership. This feature is based on snooping IGMP join/leave messages from VLAN ports to update the bridging forwarding database. IGMP Snooping is extremely useful in saving bandwidth of low-speed interfaces to improve the network utilization.
  • Page 48 LAN configuration...

  • Page 49: Wireless Configuration

    7 Wireless configuration The wireless settings section displays configuration settings for the access point functionality of the router. The sections include configuration options for radio signal characteristics, wireless security features, Wireless Distribution System (WDS), Wi-Fi Protected Setup (WPS), Wi-Fi Multimedia (WMM), and MAC authentication. The PS1 10 router supports a dual-band single radio for 2.4 GHz and 5 GHz operation.

  • Page 50: Basic Wireless Settings

    • Channel: The current operating channel. • WMM: Displays the status of the WMM feature. • WMM Power Save: Displays the status of the WMM power save feature • Radio ON/OFF Schedule: Shows if a defined time schedule is set for the radio. VAP1 Displays the settings and feature status for the primary Virtual Access Point (VAP) interface.
  • Page 51 This page includes the following settings: Enable Radio Enables the wireless section of your LAN. When disabled, no wireless clients can have access to either the Internet or other clients on your wired or wireless LAN. Radio Band Allows you to select the band of your wireless network. The PS1 10 can operate in the 2.4 GHz band (for 802.1 1b/g/n) or the 5 GHz band (for 802.1 1a/n).

  • Page 52: Configuring Virtual Access Point Interfaces

    Enable Schedule Rules Implements a defined time schedule to start and stop the wireless network. Click Add to add the schedule to the rules table. A maximum of 10 rules can be defined. • Rules Name: Select the name of a configured schedule from the list. The schedule rules are configured on the Tools >...

  • Page 53: Configuring Wireless Security

    The router supports supports a number of security mechanisms that provide various levels of authentication and encryption, depending on the requirements of the network. HP recommends that WPA2 be configured for maximum security. Leaving the Authentication Mode setting as Open or using WEP security is not recommended.

  • Page 54: Wep Security

    the correct WEP key to exchange traffic with the router. Selecting WEP encryption also provides the option of using 802.1X for user authentication from a RADIUS server, which dynamically generates WEP keys and distributes them to all clients. For WEP settings, see “WEP security”...
  • Page 55 WEP security includes the following settings: Authentication Mode Leave as OPEN to configure WEP security. The static WEP security does not support user authentication. Encryption Type Select WEP to display the security options and to configure the keys. 802.1X Enables dynamic WEP security on the router. IEEE 802.1X enables you to authenticate wireless clients via user accounts stored on a third-party RADIUS server.
  • Page 56 “enterprise” mode of WPA and WPA2 uses IEEE 802.1X for user authentication and requires a RADIUS authentication server to be configured on the wired network. WPA2 is more secure than WPA (TKIP) or WEP, therefore HP recommends to select WPA2 for maximum possible security.
  • Page 57 64 Hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.
  • Page 58 WPA/WPA2 enterprise If you have a mix of wireless clients, some of which support WPA2 (AES) and others which support only the original WPA (TKIP), select the WPA/WPA2 Enterprise security mode. This setting enables both WPA and WPA2 wireless clients to associate to the router, but uses the more robust WPA2 for clients that support it.
  • Page 59 Enter the key according to the type selected; in ASCII passphrase style (8-63 alphanumeric characters), or in exactly 64 Hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.
  • Page 60 The RADIUS server configuration includes the following settings: Primary RADIUS Server Enter the IPv4 address for the primary RADIUS server that the router uses by default, for example 192.168.1.23. RADIUS Key The RADIUS key is the shared secret key for the RADIUS server. You can use up to 64 alphanumeric and special characters (do not use characters ` "...

  • Page 61: Advanced Wireless Settings

    Advanced wireless settings The Advanced wireless settings page includes additional parameters concerning the wireless network. This page includes the following settings: Beacon Interval The Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the router to synchronize the wireless network. DTIM Interval The DTIM Interval indicates the interval of the Delivery Traffic Indication Message (DTIM).
  • Page 62 The 802.1 1n standard specifies two guard intervals: 400ns (short) and 800ns (long). Support of the 400ns interval is optional for transmit and receive. The guard interval is the dead time, in nanoseconds, between symbols (or characters) transmitted by the AP. The guard interval helps distinguish where one symbol transmission stops and another starts, thereby reducing inter- symbol interference.

  • Page 63: Wds Settings

    WDS settings The router supports WDS (Wireless Distribution System). WDS enables one or more access points to rebroadcast received signals to extend the range and reach of the wireless network, although this can affect the overall throughput of data. Note that WDS implementations can vary from product to product. Hence, there is no guarantee that different products will interoperate.

  • Page 64: Wps Settings

    WPS settings Wi-Fi Protected Setup (WPS) is designed to be a convenient method to securely add new clients to a wireless network. WPS has two basic modes of operation, Push-button Configuration (PBC) and Personal Identification Number (PIN). The WPS PIN setup is optional to the PBC setup and provides more security.

  • Page 65: Wmm Settings

    Enter the 8-digit PIN number and click Start to activate the PIN method. If the WPS function is working correctly, you should see the WPS LED light up. • PBC: Uses the push-button method. Make sure the WPS function has been enabled on the device.
  • Page 66 Enable Power Saving The WMM-Power Save feature enables mobile client devices to extend battery life by going into a sleep mode between sending and receiving data. WMM Parameters The WMM table includes these parameters: • AC_BK: Access Category - Background. Lowest priority. Data with no delay or throughput requirement, such as bulk data transfers.

  • Page 67: Mac Authentication Settings

    MAC authentication settings For a more secure wireless network, you can specify that only certain wireless computers can connect to the router. Up to 20 MAC addresses can be added to the MAC Filtering Table. When enabled, all registered MAC addresses are controlled by the access rule. MAC Authentication is a powerful security feature that allows you to specify which wireless computers are allowed on the network.

  • Page 68: Viewing The Client List

    Viewing the client list The Client List page allows you to view all the wireless clients currently associated with the router. Select the SSID interface from the SSID list to display associated clients. The table of associated clients lists the MAC address, Receive Signal Strength Indicator (RSSI) value, wireless mode, and traffic statistics.

  • Page 69: Vpn Configuration

    8 VPN configuration The router includes a Virtual Private Network feature to provide a secure link between remote users and the corporate network by establishing an authenticated and encrypted tunnel for passing secure data over the Internet. The router supports IPSec, L2TP over IPSec client and server, and PPTP client and server for security protection.

  • Page 70: Vpn Settings

    VPN settings The VPN Settings page allows you to add and edit IPSec, L2TP over IPSec, and PPTP connections for the router. When creating VPN connections, remember that both ends of the connection must be configured in the same way. When you click Add on this page, the VPN connection page opens where the connection details can be configured.
  • Page 71 This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select IPSec as the tunnel type. • Tunnel Name: Enter a descriptive text name for the tunnel. (Do not use characters ` " & ' # \) • Remote VPN Gateway: Enter the IP address or host name of the remote VPN server, or select ANY if there is no specific server.
  • Page 72 If ID_FQDN or ID_USER_FQDN (fully qualified domain name) is selected, enter the name for the Remote Party ID in the text box next to the list. For example, an FQDN name could be “mycompany.com”, and a user FQDN could be a mail address, such as “my_name@mycompany.com.”...

  • Page 73: L2Tp Over Ipsec Settings

    L2TP over IPSec settings The Layer 2 Tunneling Protocol is a common connection method used for VPN connections. You can specify the detailed L2TP tunnel settings on the VPN connections page by clicking Add. You can specify the Keep Alive time, which defines the time period without traffic after which the PPP session is terminated.

  • Page 74: Pptp Settings

    • Enable Auto Reconnect: For L2TP client connections, you can automatically reconnect when there is activity after a disconnection. • Remote Server: Enter the remote server IP address. IPSec Setting • Pre-shared Key: When set to client mode, enter the key for the client connection. (Do not use characters ` "...

  • Page 75: Vpn Passthrough Settings

    This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select PPTP as the tunnel type. • Tunnel Name: Enter a descriptive text name for the tunnel. (Do not use characters ` " & ' # \) • Username: Enter the user name for PPTP tunnel.
  • Page 76 VPN configuration...

  • Page 77: Routing Configuration

    9 Routing configuration Routing configuration allows both static and dynamic methods to set up routing between networks. The network administrator configures static routes by entering routes directly into the routing table. Static routing has the advantage of being predictable and easy to configure. Alternatively, you can enable dynamic routing using RIP for IPv4 or RIPng for IPv6.

  • Page 78: Viewing The Ipv4 Routing Table

    This page includes the following information: Status • RIP: The current status of RIP on the router. • RIPng: The current status of RIPng on the router. IPv4 routing table Displays the IPv4 routes statically configured or dynamically learned by the router. For a detailed description, see “Viewing the IPv4 routing table”...

  • Page 79: Ipv4 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv4 Dynamic route settings The router supports the Routing Information Protocol (RIP).

  • Page 80: Ipv4 Static Route Settings

    • Enable: RIP is enabled for the interface. The router will transmit and receive RIP update information to and from other RIP-enabled devices. • Silent: RIP is enabled, however the router only receives RIP update messages, it will not transmit any of its own. Version Use this field to select RIPv1 or RIPv2.

  • Page 81: Viewing The Ipv6 Routing Table

    Destination Enter the IP address of the destination host or network to which the route leads. Subnet Mask Enter the IPv4 subnet mask for the destination host or network. For example, for Class C IP domains, the subnet mask is 255.255.255.0. Gateway Enter the IP address of the gateway through which the destination host or network can be reached.

  • Page 82: Ipv6 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv6 Dynamic route settings The router supports RIP next generation (RIPng) over IPv6.
  • Page 83 Prefix Length Enter the IPv6 prefix length for the destination host or network. Gateway Enter the IP address of the gateway through which the destination host or network can be reached. If this router is used to connect your network to the Internet, your gateway IP is the router's IP address.
  • Page 84 Routing configuration...

  • Page 85: Firewall Configuration

    Denial of Service (DoS) attacks. You can turn the firewall function off, if needed. Turning off the firewall protection will not leave your network completely vulnerable to hacker attacks, but HP recommends that you leave the firewall enabled whenever possible.

  • Page 86: Security Settings

    Security settings The Security page allows you to configure global security parameters for the router. This page includes the following settings: Enable PING from WAN Computer hackers use what is known as “Pinging” to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there.
  • Page 87 DoS attack from multiple source machines that flood a target server with disruptive traffic until it fails. Turning off the DDoS Attack Filter does not leave your network completely vulnerable to hacker attacks. HP recommends that you enable the DoS detecting function whenever possible.

  • Page 88: Client Filtering

    Client filtering The router can be configured to restrict access to the Internet, email, or other network services on specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 89: Mac Filtering

    MAC filtering You can deny traffic from certain known machines or devices. Use its MAC address to identify a computer or device on the network and deny access. Traffic from a specified MAC address is filtered depending upon the policy. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 90: Url Filtering

    URL filtering The URL Filter feature blocks access to websites based on matching a specified URL address or specific keywords (HTTPS is not supported). For each filter rule, enter the URL address or a keyword, and then select a time schedule rule to apply, if needed. Also, specified computers on the local LAN can be excluded from the URL filtering by adding them to the Exclusion List.

  • Page 91: Content Filtering

    URL Filtering Deny List The list of URL text and keywords that match blocked websites for computers on the LAN. Exclusion List The list of computers on the local LAN that are excluded from the URL filtering. Content filtering Based on keywords contained on web pages, you can use this screen to restrict access to certain websites that you do not want users in your network to open.
  • Page 92 Note When the number of incomplete sessions from a same host reaches the maximum value (Maximum incomplete TCP/UDP sessions number from same host), a security alert symbol ( ) displays on the Security line of the System > Status page. If you open the Security section, an alert message next to SPI indicates the security violation.
  • Page 93 • TCP connection idle timeout: The length of time for which a TCP session is managed if there is no activity. • UDP session idle timeout: The length of time for which a UDP session is managed if there is no activity. •...
  • Page 94 Firewall configuration...

  • Page 95: Nat Configuration

    1 1 NAT configuration Network Address Translation (NAT) is a commonly used IP translation and mapping technology. It is a technology that allows your network to share Internet access. Using a device or software that implements NAT allows an entire home network to share a single Internet connection using a single IP address.

  • Page 96: Nat Settings

    Then click Add and Save. You can only pass one port per private IP address. Opening ports in your firewall can pose a security risk. HP recommends that you disable the settings when you are not using a specific application. A maximum of 20 rules can be defined.
  • Page 97 Use Client List Selects a computer name or IP address from the list of clients already discovered by the router. Popular Services Select one of the services to automatically configure the correct protocol and port numbers. The ports for well known services are listed below: •...

  • Page 98: Dmz Settings

    DMZ settings If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. This may be necessary if the NAT feature is causing problems with an application, such as a game or video conferencing application.

  • Page 99: Alg Settings

    Caution Opening ports in your firewall can pose a security risk. You can enable and disable settings easily. HP recommends that you disable the settings when you are not using a specific application. ALG settings...
  • Page 100 Port Trigger lets you specify ports to be opened for specific applications to work properly with the Network Address Translation (NAT) feature of the router. A maximum of 10 rules can be defined. A list of popular applications has been included to choose from. Select your application from the Popular Applications list, and then click Add.

  • Page 101: Ipv6 Configuration

    12 IPv6 configuration If the attached network uses the IPv6 protocol, you can enable IPv6 support on the router. IPv6 functionality is disabled by default. IPv6 includes two distinct address types, link-local unicast and global unicast. A link-local address makes the router accessible over IPv6 for all devices attached to the local LAN. Traffic using this kind of address cannot be passed by any router outside of the LAN.

  • Page 102: Ipv6 Settings

    DHCP-PD The status of the DHCPv6 Prefix Delegation feature. IPv6 settings The router supports static, stateless address autoconfiguration (SLAAC), DHCPv6, and PPPoE modes for IPv6 settings for the WAN port. Select the method to use as instructed by your ISP, and then enter the required information and click Save.
  • Page 103 fields. Therefore, the same IPv6 address could be written instead as 2001:adca::123a:4567. • Subnet Prefix Length: The length of the IPv6 address prefix. For unicast addresses, the prefix is typically the first 64 bits, with the following 64 bits being the host identifier. •...

  • Page 104: Slaac

    SLAAC Stateless Address Auto Configuration (SLAAC) enables IPv6 hosts to automatically configure themselves when connected to an IPv6 network using the Neighbor Discovery Protocol through the Internet Control Message Protocol version 6 (ICMPv6) route discovery message. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters;...

  • Page 105: Dhcpv6

    • Auto Configuration: Select Stateless (RADVD) or Stateful (DHCPv6). • Disable: Disables the automatic assignment of IPv6 addresses to local hosts. • Stateless (RADVD): Enables the automatic assignment of IPv6 addresses by hosts on the local network. The network portion of the address is based on prefixes received in IPv6 router advertisement messages, and the host portion is automatically generated using the modified EUI-64 form of the client identifier (that is, the client MAC address).

  • Page 106: Pppoe

    VLAN (Default) Settings Sets the IPv6 settings for the local VLAN. • Enable DHCP-PD: Enables the Prefix Delegation feature that automatically uses an IPv6 prefix for the local LAN defined by the ISP. When disabled, the IPv6 address and prefix length need to be manually defined.

  • Page 107: Dhcpv6 Client List

    • Username: Enter the name assigned by the ISP. (Do not use characters ` " & ' # \) • Password: Enter the password provided by the ISP. (Do not use characters ` " & ' # \) • Confirm Password: Enter the password again for confirmation. DNS Settings Configures IPv6 DNS settings: •...

  • Page 108: Mld Settings

    MLD settings Multicast Listener Discovery (MLD) proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces. IPv6 configuration...

  • Page 109: Qos Configuration

    13 QoS configuration The bandwidth gap between the LAN and WAN may significantly degrade performance of critical network applications, such as VoIP, gaming, and VPN. The router’s Quality of Service (QoS) function allows users to classify application traffic and provide them with differentiated services (DiffServ).

  • Page 110: Traffic Shaping

    Traffic shaping The Traffic Shaping page enables the bandwidth of the WAN port output queues to be configured. For higher priority traffic, such as voice and video, the bandwidth allocation of queues 3 and 4 can be increased, and those for queues 1 and 2 decreased. This page includes the following settings: General Enables the traffic shaping settings on the router.

  • Page 111: Traffic Mapping

    Traffic mapping Up to 16 rules can be defined to classify traffic into DiffServ forwarding groups and outgoing connections. These rules can be mapped to the WAN port forwarding queues, for which the bandwidth can be configured on the Traffic Shaping page. This page includes the following settings: Rule Name A name to identify the traffic mapping rule.
  • Page 112 Map to Forwarding Queue Maps the traffic to one of the WAN port forwarding queues. Queue 1 is the lowest priority queue and queue 4 the highest priority. Remark 802.1p priority as Before the identified traffic is sent to the forwarding queue, the 802.1p priority tag can be set to the specified value.

  • Page 113: Usb Configuration

    14 USB configuration The router provides a USB 2.0-compliant port for network-connected users to share files through FTP or File Sharing. The files can be on an attached storage device that supports any number of partitions in VFAT, NTFS, EXT2, EXT3, or EXT4 format. User Account A File Sharing user can use Windows Network Neighborhood to access files on a USB drive.

  • Page 114: File Sharing Settings

    Authority Sets the file sharing access rights for an FTP user; either Read and Write or Read. An FTP user with Read access can only download shared files. An FTP user with Read and Write access can download and upload files to the USB storage, however they cannot delete or modify any existing shared folders or files (existing files can be overwritten).

  • Page 115: Ftp Settings

    with Read and Write access can download and upload files to the shared folder, however they cannot delete or modify any existing shared folders (existing files can be overwritten). Note that a shared folder allows only four File Sharing client connections at one time. FTP settings The router can be presented as an FTP server to provide a file transfer service (depending on a user’s access rights to the shared folders).

  • Page 116: Safe Removal

    Safe removal To ensure USB data correctness, this router supports a USB safe removal function. Click Remove before unplugging a USB drive. USB configuration...

  • Page 117: Tools

    Updating software The Software page displays the current software versions installed on the router. You can upgrade the software installed on the router to a new version downloaded from the HP support website. The router supports a dual-image function, which means that if the router fails to boot the active image, it automatically boots from the backup image.

  • Page 118: Saving Configuration Settings

    HP recommends that you backup your current configuration before performing a firmware update. Restore all settings to factory default Using this option restores all of the router's settings to factory default values. HP recommends that you backup your settings before you restore all of the defaults. Tools...
  • Page 119 Backup settings Select to backup the router’s settings. Select HTTP or TFTP as the transfer method (TFTP requires the server IPv4 address), and then click Save. Note The backup configuration files are written in a binary format and are not readable or end-user configurable.

  • Page 120: Ping

    Ping Ping is a network tool that sends ICMP ECHO_REQUEST datagrams to a remote host and elicits an ICMP ECHO_RESPONSE datagrams from the remote host. Enter the IPv4 or IPv6 address, or enter the domain name of the host, select the number of pings to send, and then click Start. This page includes the following settings: IP Address/Domain Name You can specify an IPv4 address, an IPv6 address, or a hostname.

  • Page 121: Nslookup

    Nslookup Nslookup is a DNS client that sends DNS requests to a DNS server to find the corresponding IP address of a target host name, or the host name of a target IP address. Traceroute Traceroute is a network tool that sends packets to a destination and produces a list of hosts that the packets have traversed to the destination.

  • Page 122: Email Alert

    Email alert The Email alert feature allows the router to automatically send email messages when an event at or above a configured severity level occurs. This page includes the following settings: From E-mail Address Sets the email address that is used in the “From” field of alert messages. You can use a symbolic email address that identifies the router, or the address of an administrator responsible for the router.

  • Page 123: Scheduling

    Caution Setting the Alert Level too low can result in a very high number of emails being sent to the recipient. HP recommends to only set the highest two or three levels. Scheduling The Scheduling feature enables scheduling of firewall and radio rules. Firewall and radio rules can be selectively activated to restrict access to the network or disable the radio.
  • Page 124 This page includes the following settings: Rules Name A name for the scheduling rule. (Do not use the characters ` “ & ‘ # \.) Comment A comment of up to 31 characters that describes the scheduling rule. (Do not use the characters ` “...

  • Page 125: Support File

    “showtech.rtf”. This is a text readable file that includes the model, software version, wireless and other basic settings, as well as the ARP table, memory usage information, and the current system log. Viewing the EULA This page displays the HP End User License Agreement content. Support file...
  • Page 126 Tools...

  • Page 127: Support And Other Resources

    You can download documentation from the HP Support Center website www.hp.com/support/manuals. Search by product number or name. Contacting HP For worldwide technical support information, see the HP Networking Support website: www.hp.com/networking/support Before contacting HP, collect the following information: • Product model names and numbers •...

  • Page 128: Conventions

    Conventions The following conventions are used in this guide. Management tool This guide uses specific syntax when directing you to interact with the web management user interface. Refer to the following image for identification of key user-interface elements and then the table below for example directions: Main Sub-menu...

  • Page 129: A Resetting To Factory Defaults

    A Resetting to factory defaults Factory reset procedures To force the router into its factory default state, follow the procedures in this section. Caution Resetting the router to factory defaults deletes all configuration settings, resets the manager user name and password to admin, and sets the IPv4 address to 192.168.1.1. Using the reset button Using a tool such as a paper clip, press and hold the reset button for more than three seconds, then release.

  • Page 131: B Factory Default Settings

    B Factory default settings Feature Parameter Default Mode System Mode Router Admin General Settings System Name HP-PS1 10 System Location Null System Contact Null Administrator Login Username admin Password admin Country Code Country Code AM Models: US WW Models: Null...
  • Page 132 Remote Port Remote Log Level DEBUG Proxy ARP Enable Proxy ARP Disabled WAN settings Connection Type DHCP Host Name HP-PS1 10 Static IP Address 0.0.0.0 Static Subnet Mask 0.0.0.0 Static Gateway 0.0.0.0 Primary DNS Address 0.0.0.0 Secondary DNS Address 0.0.0.0...
  • Page 133 Feature Parameter Default DDNS Enable DDNS Disabled DDNS Server DynDNS.org Domain Name Null Username Null Password Null MAC Clone MAC Address Use router MAC LAN Settings IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Enable DHCP Server Enabled IP Pool Starting Address 192.168.1.2 IP Pool Ending Address 192.168.1.254...
  • Page 134 Feature Parameter Default Wireless, Basic Enabled Radio Enabled Radio Band 2.4GHz Radio Mode 1 1b/g/n Mixed Channel Auto Bandwidth 20 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled, HP1 VAP 2 SSID Disabled, HP2 VAP 3 SSID Disabled, HP3 VAP 4 SSID Disabled, HP4 Station Isolation...
  • Page 135 Feature Parameter Default Enable WMM Enabled Enable Power Saving Enabled MAC Authentication Filter Block all stations in list SSID MAC Address None configured Enable IPSec Disabled Enable L2TP over IPSec Disabled Enable PPTP Disabled PPTP Passthrough Enabled L2TP Passthrough Enabled L2TP/IPSec Passthrough Enabled Dynamic Route...
  • Page 136 Feature Parameter Default Enabled Virtual Server Disabled Disabled Port Trigger Disabled ALG SIP Enabled ALG H323 Enabled IPv6 IPv6 Connection Disabled MLD Proxy Disabled DHCP-PD Enabled Enabled Traffic Mapping Disabled User Account Disabled File Sharing Disabled Disabled Tools Email Alert Disabled Scheduling Rules None configured...

Table of Contents