1. Manuals
  2. Brands
  3. IP-COM Manuals
  4. Network Router
  5. M50
  6. User manual

IP-COM M50 User Manual

Multi-wan hotspot router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the M50 and is the answer not in the manual?

Questions and answers

Related Manuals for IP-COM M50

Summary of Contents for IP-COM M50

  • Page 2 IP-COM Networks Co., Ltd. No part of this publication can be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the prior written permission of IP-COM Networks Co., Ltd. Disclaimer Pictures, images and product specifications herein are for references only.
  • Page 3 Preface Thank you for purchasing IP-COM Multi-WAN Hotspot Router! This user manual helps you configure, manage and maintain the product. Conventions This user manual is applicable to IP-COM Multi-WAN Hotspot Router M50. Unless otherwise specified, “router”, "this router", “product”, or “device” mentioned in this user manual indicates M50.
  • Page 4 Technical support If you need more help, contact us using any of the following means. We will be glad to assist you as soon as possible. Tel: (86 755) 2765 3089 E-mail: info@ip-com.com.cn Website: http://www.ip-com.com.cn - iii -...

  • Page 5: Table Of Contents

    Table of contents Chapter 1 Product overview ..................2 1.1 Overview ..................................2 1.2 Main features................................2 1.3 Appearance ................................. 3 1.3.1 Front panel ................................3 1.3.2 Rear panel ................................4 Chapter 2 Quick internet connection setup ..............5 2.1 Logging in to the router web UI ..........................5 2.2 Configuring the router ..............................
  • Page 6 4.3.3 Static IP addresses assignment using DHCP ...................... 19 4.3.4 DHCP Client List ..............................21 4.4 Configuring port mirroring............................22 4.4.1 Overview................................22 4.4.2 Configuring port mirroring ..........................22 4.4.3 Port mirroring configuration example ....................... 23 4.5 Configuring a static route ............................24 4.5.1 Overview................................
  • Page 7 7.1.2 VPN types ................................63 7.1.3 IPSec-related concepts ............................63 7.2 Configuring a VPN ..............................64 7.2.1 Configuring M50 as a PPTP/L2TP client ......................64 7.2.2 Configuring M50 as a PPTP/L2TP server ......................66 7.2.3 Configuring the IPSec function .......................... 69 7.3 Example of configuring a VPN...........................
  • Page 8 9.1 Overview ................................... 89 9.2 Configuring wireless settings ............................ 90 9.2.1 Enabling the AC management function ......................90 9.2.2 Delivering wireless network policies to APs ...................... 90 9.3 Configuring advanced settings ..........................93 9.3.1 Configuring RF settings ............................93 9.3.2 Configuring global settings ..........................96 9.4 Managing APs ................................
  • Page 9 11.2.1 Configuring basic settings ..........................114 11.2.2 Managing accounts............................118 11.3 Example of configuring PPPoE authentication ...................... 120 Chapter 12 Virtual server ..................128 12.1 Overview ................................128 12.1.1 Port forwarding ............................. 128 12.1.2 UPnP ................................128 12.1.3 DMZ host ............................... 128 12.1.4 DDNS ................................
  • Page 10 13.6.1 Synchronizing the system time with the internet ..................143 13.6.2 Customizing the system time......................... 143 13.7 Remotly managing the router using the web UI ....................144 13.7.1 Configuring remote web management ......................144 13.7.2 Example of configuring remote web management ..................145 Chapter 14 System ....................

  • Page 11: Chapter 1 Product Overview

    AP management system The router is embedded with an AP management system, which is applicable to all IP-COM AP models and can manage up to 16 APs at the same time. Using the system, you can customize SSIDs, power, channels, user capacity, reboot policies, and alarm policies for APs.

  • Page 12: Appearance

    1.3.1 Front panel The front panel includes 12 LED indicators, 5 RJ45 ports, and 1 RESET button. See the following figure, which indicates the front panel of M50. Indicators There are 1 PWR indicator and 1 SYS indicator. Each RJ45 port has 1 Link indicator and 1 Act indicator.

  • Page 13: Rear Panel

    Product overview RJ45 ports M50 provides five 10/100/1000 Mbps auto-negotiation RJ45 ports. Each RJ45 port has 1 Link indicator and 1 Act indicator. The 5 RJ45 ports include 1 LAN port, 1 WAN port, and 3 LAN/WAN ports. You can set the LAN/WAN ports as LAN or WAN ports as required.

  • Page 14: Chapter 2 Quick Internet Connection Setup

    Quick internet connection setup Chapter 2 Quick internet connection setup This chapter describes:  Logging in to the router web UI  Configuring the router 2.1 Logging in to the router web UI You can use a browser to log in to the router web UI to perform management. To log in to the web UI, connect a computer to the router (or the switch connected to the router) using an Ethernet cable and perform the following procedure: 1.

  • Page 15: Configuring The Router

    Quick internet connection setup Note If the page does not appear, refer to in Appendix. After logging in to the web UI, you can configure the router. 2.2 Configuring the router By configuring the router, you can enable multiple computers in your LAN to access the internet. Before - 6 -...

  • Page 16: Pppoe

    Quick internet connection setup configuring the router, consult your ISP on your internet connection type. Internet Connection Description Type Your internet service provider (ISP) provides a user name and password for you to PPPoE access the internet. Your ISP does not provide any internet connection type information for you or specifies Dynamic IP address that you can access the internet using a dynamic IP address.

  • Page 17: Dynamic Ip Address

    Quick internet connection setup Perform the following procedure to configure an internet connection: 1. Set Connection Type to PPPoE. 2. Set PPPoE Username and PPPoE Password to the broadband service user name and password provided by your ISP. 3. Set Link Speed to the bandwidth of your broadband connection. If you are uncertain about the bandwidth, consult your ISP.

  • Page 18: Static Ip Address

    Quick internet connection setup Perform the following procedure to configure an internet connection: 1. Set Connection Type to Dynamic IP. 2. Set Link Speed to the bandwidth of your broadband connection. If you are uncertain about the bandwidth, consult your ISP. 3.
  • Page 19 Quick internet connection setup Perform the following procedure to configure an internet connection: 1. Set Connection Type to Static IP. 2. Set IP Address, Subnet Mask, Default Gateway, Primary DNS, and Secondary DNS to those provided by your ISP. 3. Link Speed to the bandwidth of your broadband connection. If you are uncertain about the bandwidth, consult your ISP.

  • Page 20: Chapter 3 Login

    Login Chapter 3 Login This chapter describes:  Logging in to the router web UI  Logging out of the router web UI  Web UI layout  Common buttons on the web UI 3.1 Logging in to the router web UI For details, see section 2.1 “Logging In to the Router Web UI .”...

  • Page 21: Common Buttons On The Web Ui

    Login Note The dimmed functions and parameters on the web UI are functions and parameters not supported by the router or unavailable for the current configuration. Area Description ❶ Level-1 navigation bar The navigation bars display router menus. You can easily access functions by choosing items of the menus.

  • Page 22: Chapter 4 Network

    Network Chapter 4 Network This chapter describes:  Setting up an internet connection  Setting WAN port parameters  Setting up your LAN  Configuring port mirroring  Configuring a static route  Using the Hotel mode  Configuring the DNS cache 4.1 Setting up an internet connection This function enables you to share your internet access service among multiple computers on your LAN.
  • Page 23 Network Parameter Description After you change the number of WAN ports, the status of the RJ45 ports changes accordingly. See the following figure. : normal connection : disconnected or connection failure The router can set up an internet connection using PPPoE, a dynamic IP address, or a static IP address.

  • Page 24: Setting Wan Port Parameters

    Network Parameter Description  Disconnected: No connection is set up or connection fails. In this case, verify the cable connection and internet connection information, or consult your ISP. If a state not specified here appears, take measures based on the message corresponding to the state.

  • Page 25: Mac Address

    Network find the suitable value that does not lead to the problem:  Some websites are not accessible or some secure websites cannot be displayed properly (such as the login pages of online banking websites and Alipay’s website).  Emails cannot be received or servers such as FTP and POP servers are not accessible. MTU Value Usage 1500...

  • Page 26: Setting Up Your Lan

    Network 5. Enter the MAC address of the computer with internet accessibility. 6. Click OK. To restore the default MAC address of the WAN port, choose Network > WAN Parameters, set MAC Address corresponding to the WAN port to Default MAC, and click OK. 4.3 Setting up your LAN Choose Network >...

  • Page 27: Lan Port Ip Addresses

    Network 4.3.1 LAN port IP addresses The LAN IP address is set for the router to communicate within your LAN and for you to manage the router. The default LAN IP address and subnet mask of the router are 192.168.0.252 and 255.255.255.0 respectively. Generally, you do not need to change the LAN IP address, unless it is in conflict with another IP address.

  • Page 28: Static Ip Addresses Assignment Using Dhcp

    Network Parameter Description It specifies the start IP address of the DHCP address pool (range of IP addresses that can be Start IP assigned by the DHCP server). The default value is 192.168.0.100. It specifies the end IP address of the DHCP address pool. The default value is 192.168.0.200. Note End IP The start and end IP addresses must belong to the same network segment as the LAN IP...
  • Page 29 Network Note When using this function, ensure that the DHCP server function of the router has been enabled. Adding a rule 1. Choose Network > LAN Setup. 2. Click in the DHCP Reservation area. The DHCP Reservation dialog box appears. The following table describes the parameters.

  • Page 30: Dhcp Client List

    Network Modifying a rule 1. Choose Network > LAN Setup. 2. Click corresponding to a rule to be modified. 3. Modify the rule. 4. To disable a rule, click corresponding to the rule. 5. To enable a rule, click corresponding to the rule. Deleting a rule 1.

  • Page 31: Configuring Port Mirroring

    4.4 Configuring port mirroring 4.4.1 Overview M50 provides the port mirroring function, which enables you to replicate data from one or more ports of the router (mirrored ports) to a specified port (mirroring port). Generally, a data monitoring device is deployed at the mirroring port so that network an administrator can monitor traffic, analyze performance, and diagnose faults in real time.

  • Page 32: Port Mirroring Configuration Example

    4.4.3 Port mirroring configuration example Networking requirement An enterprise has used M50 to set up a LAN. Recently, internet access failures occur frequently and the network administrator needs to capture data packets from the WAN and LAN ports of the router for analysis.

  • Page 33: Configuring A Static Route

    Network 4.5 Configuring a static route 4.5.1 Overview Routing is an operation to select the optimal route for delivering data from a source to a destination. A static route is a special route configured manually, which is simple, efficient, and reliable. Proper static routes help reduce route selection issues and prevent overload caused by route selection data flows, accelerating packet forwarding.
  • Page 34 Network The following table describes the parameters. Parameter Description Destination Network It specifies the IP address or IP address segment of the destination network. Subnet Mask It specifies the subnet mask of the IP address of the destination network. It specifies the IP address of the next hop of the packets forwarded from the router Gateway WAN port.

  • Page 35: Static Route Configuration Example

    M50 accesses the internet using a PPPoE connection and the WAN1 port of M50 accesses the enterprise LAN using a dynamic IP address. Users on the M50 LAN are allowed to access both the internet and enterprise LAN.
  • Page 36 Network Set up an internet connection. 1. Choose Network > Internet Setup. 2. Set internet connection parameters. 3. Click OK. II. Configure a static route. 1. Choose Network > Static Route. 2. Click 3. Configure the static route shown in the following figure. The configured static route appears in the Route Table module.

  • Page 37: Using The Hotel Mode

    Note If the enterprise LAN is connected to the internet, as shown in the following figure, M50 may point its default route to the other router, resulting in incorrect routing. In this case, choose Network > Internet Setup and set Link Speed of the WAN1 port to a value far smaller than the value of Link Speed of the WAN0 port.

  • Page 38: Configuring The Hotel Mode

    To address this issue, M50 offers the Hotel mode. After a hotel enables this mode, computers in the LAN of the hotel can access the internet using any IP addresses (including IP addresses out of the IP address groups configured on M50), gateway IP addresses, and DNS IP addresses.

  • Page 39: Chapter 5 Filter Management

    Filter management Chapter 5 Filter management 5.1 Overview This chapter describes:  Setting IP address groups and time groups  Setting the MAC address filter  Setting the port filter  Setting the web filter  Setting multi-WAN policies 5.1.1 Function description IP address group and time group This function sets IP address groups and time groups.

  • Page 40: Configuration Instruction

    Filter management Multi-WAN policy The router has 2 WAN ports by default but allows a maximum of 4 WAN ports. When multiple WAN ports are operational at the same time, an appropriate multi-WAN policy can greatly improve the bandwidth usage of the router.

  • Page 41: Setting Ip Address Groups And Time Groups

    Filter management Customizing a multi-WAN policy Step Task Description IP address groups are required when a multi-WAN policy is customized. Set IP address groups. Choose Filter Management > IP Group & Time Group and set IP address groups. Customize a multi-WAN Choose Filter Management >...
  • Page 42 Filter management The following table describes the parameters. Parameter Description Name It specifies the name of a time group. Duplicate group names are not allowed. Time It specifies the start time and end time in a day. 00:00~00:00 indicates a whole day. It specifies the days of week included.

  • Page 43: Setting Ip Address Groups

    Filter management 3. To delete multiple time groups at the same time, select them and click Note A time group that has been referenced cannot be deleted. 5.2.2 Setting IP address groups Note If you set an IP address group, the LAN devices not included in the group cannot access the internet. In this case, add the devices that require internet accessibility to the group.

  • Page 44: Setting The Mac Address Filter

    Filter management Modifying an IP address group 1. Choose Filter Management > IP Group & Time Group. 2. Click corresponding to an available IP address group. 3. Modify the group. If the IP address group has been referenced, the reference is updated when group modification is complete. Deleting an IP address group 1.
  • Page 45 Filter management Setting MAC address filtering rules  Adding a rule 1. Choose Filter Management > MAC Filter. 2. Click The Add dialog box appears. The following table describes the parameters. Parameter Description It specifies the type of a MAC address filter. The options include ...
  • Page 46 Filter management Parameter Description MAC Address It specifies the MAC addresses to which a rule is applicable. 3. Set the parameters and click OK. The MAC Filter page appears, showing the added rule. See the following figure. The following table describes the parameters. Parameter Description It indicates whether a rule is enabled.

  • Page 47: Example Of Setting The Mac Address Filter

    5.3.2 Example of setting the MAC address filter Networking requirement An enterprise uses M50 to set up a LAN to address the following requirement: During business hours (08:00 to 18:00 every weekday), only the purchaser is allowed to access the internet.
  • Page 48 Filter management Set the MAC address filter. 1. Enable the MAC address filter. (1) Choose Filter Management > MAC Filter. (2) Set MAC Filter to Enable. (3) Click OK. 2. Set a MAC address filtering rule. (1) Choose Filter Management > MAC Filter. (2) Click (3) Set Filter Type to Allow access to the internet.

  • Page 49: Setting The Port Filter

    Filter management internet. (3) Click OK. Verification During 08:00 to 18:00 in weekdays, verify that among the computers on the LAN, only the purchaser’s computer can access the internet. 5.4 Setting the port filter To access the page for setting the port filter, choose Filter Management > Port Filter. See the following figure. 5.4.1 Setting the port filter Enabling the port filter 1.
  • Page 50 Filter management Setting port filtering rules  Adding a rule 1. Choose Filter Management > Port Filter. 2. Click The Add a new rule dialog box appears. The following table describes the parameters. Parameter Description It specifies a referenced IP address group that indicates the users to which a rule is applicable.

  • Page 51: Example Of Setting The Port Filter

    5.4.2 Example of setting the port filter Networking requirement An enterprise uses M50 to set up a LAN to address the following requirement: During business hours (08:00 to 18:00 every weekday), computers with IP addresses ranging from 192.168.0.2 to 192.168.0.100 are not allowed to browse web pages. (The default port number of the web service is 80.) You can use the port filter of the router to meet this requirement.
  • Page 52 Filter management Configuration procedure Set a time group. 1. Choose Filter Management > IP Group & Time Group. 2. Set the time group shown in the following figure. Set an IP address group. 1. Choose Filter Management > IP Group & Time Group. 2.

  • Page 53: Setting The Web Filter

    Filter management 2. Set a port filtering rule. (1) Choose Filter Management > Port Filter. (2) Click (3) Set IP Group to the IP address group that includes the computers disallowed to browse web pages. (4) Set Time Group to the time group configured in step I, which is Business_hour in this example. (5) Set Ports to port number 80 used to browse web pages.

  • Page 54: Setting The Web Filter

    Filter management 5.5.1 Setting the web filter Enabling the web filter 1. Choose Filter Management > Web Filter. 2. Set Web Filter to Enable. 3. Click OK. Then, you can set web filtering rules, define website categories, and view websites by category. Adding a web categories Choose Filter Management >...
  • Page 55 Filter management The Web Filter page appears, showing the added web category. See the following figure. Setting web filtering rules  Adding a rule 1. Choose Filter Management > Web Filter. 2. Click The Add dialog box appears. - 46 -...
  • Page 56 Filter management The following table describes the parameters. Parameter Description It specifies a referenced IP address group that indicates the users to which a rule is applicable. IP Group IP address groups must be configured in advance on the Filter Management > IP Group & Time Group page.

  • Page 57: Example Of Setting The Web Filter

    5.5.2 Example of setting the web filter Networking requirement An enterprise uses M50 to set up a LAN to address the following requirement: During business hours (08:00 to 18:00 every weekday), computers with IP addresses ranging from 192.168.0.2 to 192.168.0.100 are not allowed to browse news websites.
  • Page 58 Filter management III. Enable the web filter. 1. Choose Filter Management > Web Filter. 2. Set Web Filter to Enable, 3. Click OK. IV. Add a web category. 1. Choose Filter Management > Web Filter. 2. Click +New. 3. Set Group Name to News. 4.
  • Page 59 Filter management Add all the news websites inaccessible to the computers. 1. Click News in the Web Category area. 2. Enter the URL of another website inaccessible to the computers and the description of the website. 3. Click 4. Repeat steps 2 and 3 to add the other websites inaccessible to the computers. VI.

  • Page 60: Setting Multi-Wan Policies

    Filter management 5.6 Setting multi-WAN policies To access the page for setting multi-WAN policies, choose Filter Management > Multi-WAN Policy. See the following figure. The following table describes the parameters. Parameter Description It specifies that the system automatically distributes traffic based on the following rules through the WAN ports to achieve load balancing: ...

  • Page 61: Customizing A Multi-Wan Policy

    Filter management Parameter Description Custom It enables you to assign WAN ports to source IP addresses as required. 5.6.1 Customizing a multi-WAN policy Enabling the multi-WAN policy function 1. Choose Filter Management > Multi-WAN Policy. 2. Set Multi-WAN Policy to Custom. 3.
  • Page 62 Filter management Parameter Description It specifies the referenced IP address group that indicates the users to which a rule is applicable. IP Group IP address groups must be configured in advance on the Filter Management > IP Group & Time Group page. It specifies the WAN port used for transmitting data traffic of a specified IP address group.

  • Page 63: Example Of Customizing A Multi-Wan Policy

    Networking requirement An enterprise has used M50 to set up a LAN. To meet its internet access requirement, the enterprise has set up two broadband connections with two different ISPs and can now access the internet properly. To achieve load balancing, the enterprise raises the following LAN requirements: ...
  • Page 64 Filter management Customize a multi-WAN policy. Enable multi-WAN policy customization. (1) Choose Filter Management > Multi-WAN Policy. (2) Select Custom. (3) Click OK. Set multi-WAN rules. (1) Choose Filter Management > Multi-WAN Policy. (2) Click (3) Set the rules shown in the following figure. - 55 -...

  • Page 65: Chapter 6 Bandwidth Control

     Example of setting user-defined bandwidth control 6.1.1 Function introduction M50 supports the following bandwidth control modes:  Smart bandwidth control In this mode, the router automatically allocate bandwidth to LAN users based on the Link Speed value that you set on the Network >...

  • Page 66: Setting Bandwidth Control

    Bandwidth control  User-defined bandwidth control Step Task Description When a user-defined bandwidth control rule is set, a time group is required. Set the Set a time group. time group on the Filter Management > IP Group & Time Group page. Set an IP address When a user-defined bandwidth control rule is set, an IP address group is required.

  • Page 67: Setting User-Defined Bandwidth Control Rules

    Bandwidth control 6.2.2 Setting user-defined bandwidth control rules  Adding a rule Choose Bandwidth Control. Click The Add dialog box appears. The following table describes the parameters. Parameter Description It specifies a referenced IP group that indicates the users to which a rule is IP Group applicable.
  • Page 68 Bandwidth control Parameter Description IP address groups must be configured in advance on the Filter Management > IP Group & Time Group page. It specifies a referenced time group that indicates the validity period of a rule. Time Group Time groups must be configured in advance on the Filter Management > IP Group & Time Group page.

  • Page 69: Setting Bandwidth Control Parameters For Non-Specified User Devices

    Networking requirement An enterprise uses M50 to set up a LAN to address the following requirement: During business hours (08:00 to 18:00 every weekday), each computer with an IP address ranging from 192.168.0.2 to 192.168.0.100 is allocated 1 Mbps upload and download bandwidth, while the bandwidth allocated to the computers with an IP address ranging from 192.168.0.101 to 192.168.0.254 is not limited.
  • Page 70 Bandwidth control Choose Filter Management > IP Group & Time Group. Set the time group shown in the following figure. Set an IP address group. Choose Filter Management > IP Group & Time Group. Set the IP address group shown in the following figure. To allow the other computers with IP addresses ranging from 192.168.0.101 to 192.168.0.254 to access the internet, add another IP address group to include these IP addresses.
  • Page 71 Bandwidth control IV. Set a user-defined bandwidth control rule. On the Bandwidth Control page, click Create a rule shown in the following figure (1 Mbps = 128 KB/s). - 62 -...

  • Page 72: Chapter 7 Vpn

    The Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) are layer-2 VPN tunnel protocols and the Point to Point Protocol (PPP) is used to encapsulate and add additional headers to data. M50 can functions as a PPTP/L2TP server or client. ...

  • Page 73: Configuring A Vpn

    7.2.1 Configuring M50 as a PPTP/L2TP client M50 can function as a PPTP/L2TP client to connect to a PPTP/L2TP server. For example, if your branch needs to exchange information with your HQ in a simple and secure manner, you can set up a PPTP/L2TP server at the HQ and configure the egress router of your branch as a PPTP/L2TP client to connect to the server.
  • Page 74 It specifies whether the PPTP/L2TP client function is enabled. If this parameter is set to PPTP/L2TP Client Enabled, M50 functions as a PPTP/L2TP VPN client. It specifies the client type of the router. The router supports the following types: ...

  • Page 75: Configuring M50 As A Pptp/L2Tp Server

    7.2.2 Configuring M50 as a PPTP/L2TP server M50 can function as a PPTP/L2TP server to connect to PPTP/L2TP clients. For example, if your branch needs to exchange information with your HQ in a simple and secure manner, you can set up a PPTP/L2TP server at the HQ and configure the egress router of your branch as a PPTP/L2TP client to connect to the server.
  • Page 76 It specifies the maximum VPN clients that can be connected to the PPTP/L2TP server at Max. Connections the same time. The number is fixed at 15. Configuring a PPTP/L2TP account A PPTP/L2TP account is required when a VPN user accesses M50 that functions as a PPTP/L2TP server. - 67 -...
  • Page 77  Adding a user Choose VPN > PPTP/L2TP Server. Click The Add dialog box appears. The following table describes the parameters. Parameter Description Username Username specifies the user name used to set up a PPTP/L2TP VPN connection. Password specifies the password for the user name. Password ...

  • Page 78: Configuring The Ipsec Function

     Modifying a user Choose VPN > PPTP/L2TP Server. Click corresponding to a user. Modify the user.  Deleting a user Choose VPN > PPTP/L2TP Server. Click corresponding to a user to be deleted. The user is deleted. To delete multiple users at the same time, select them and click 7.2.3 Configuring the IPSec function To access the page for configuring the IPSec function, choose VPN >...
  • Page 79 It specifies the security service protocol for the IPSec function. M50 supports the following protocols:  AH: It indicates the Authentication Header (AH) protocol used for verifying data integrity. If a packet is tampered during transmission, the receiver discards it during data integrity verification.
  • Page 80 communication, and set up an ISAKMP SA for exchanging more information in period 2 in a secure manner.  Period 2: The ISAKMP SA set up in period 1 is used as an IPSec security protocol negotiation parameter to set up an IPSec SA for protecting data exchanged between the peers.
  • Page 81 AGGRESSIVE: In this mode, the two peers exchange only a few packets without identity protection. This mode features quick negotiation and therefore is more suitable for scenarios where high-level identity protection is not required. It specifies an IKE session encryption algorithm. M50 supports the following encryption algorithms: ...
  • Page 82 Parameter Description Algorithm verification algorithms:  MD5: Short for Message Digest 5, MD5 generate a 128-bit digest of a message to prevent message tampering.  SHA1: Short for Secure Hash Algorithm 1, SHA1 generates a 160-bit digest of a message to prevent message tampering. Therefore, SHA1 offers better security than MD5.

  • Page 83: Example Of Configuring A Vpn

    Networking requirement An enterprise has used M50 to set up a LAN and access the internet. Employees of its branch must be allowed to access, through the internet, the HQ’s resources over the HQ LAN in a secure manner, including internal materials as well as the OA, ERP, CRM, and project management systems.
  • Page 84 You can set up a PPTP/L2TP VPN using the router to meet this requirement. This example describes the method to set up a PPTP VPN. You can set up an L2TP VPN using the same method. Network topology Configuration procedure Configure M50_1 as a VPN server and M50_2 as a VPN client as follows: Configure M50_1.
  • Page 85 2. Configure a PPTP/L2TP user. (1) On M50_1, choose VPN > PPTP/L2TP Server. (2) Click (3) Set Username to the user name used to connect the VPN client to the VPN server, which is Branch_1 in this example. (4) Set Password to the password for the user name, which is Branch_1 in this example. (5) Set Type to Network.
  • Page 86 (9) Click OK. Configure M50_2. (1) On M50_2, choose VPN > PPTP/L2TP Client. (2) Set PPTP/L2TP Client to Enable. (3) Set Type to the value matching the VPN server, which is PPTP Client in this example. (4) Set WAN to the outgoing port of the VPN client for setting up a tunnel with the VPN server, which is WAN0 in this example.
  • Page 87 Verification 1. On M50_2, choose VPN > PPTP/L2TP Client. 2. Verify that Status is Connected and an IP address has been obtained. See the following figure. - 78 -...

  • Page 88: Example Of Configuring An Ipsec Vpn

    Networking requirement An enterprise has used M50 to set up a LAN and access the internet. Employees of its branch must be allowed to access, through the internet, the HQ’s resources over the HQ LAN in a secure manner, including internal materials as well as the OA, ERP, CRM, and project management systems.
  • Page 89 Network topology Configuration procedure Assume that the two routers share the following basic IPSec tunnel information:  Key negotiation mode: auto  Pre-shared key: 12345678 Configure M50_1. (1) On M50_1, choose VPN > IPsec. (2) Click (3) Set IPSec to Enable. (4) Set WAN to the WAN port bound to the IPSec tunnel, which is WAN0 in this example.
  • Page 90 (10) Click OK. Configure M50_2. (1) On M50_2, choose VPN > IPsec. (2) Click The Add page appears. See the following figure. - 81 -...
  • Page 91 (3) Follow the M50_1 configuration procedure to set the parameters. Verification 1. Log in to the routers, choose System > Live Users. 2. Verify that IPSec displays the number of connections and related connection information. After the preceding configuration, employees at the branch and HQ can remotely access resources on the branch and HQ LANs through the internet in a secure manner.

  • Page 92: Chapter 8 Security

    You only need to click Bind corresponding to the mapping on the page to bind the IP address with the MAC address. Attack protection M50 can implement ARP attack defense, DDoS attack defense, IP attack defense, and WAN ping attack defense, which are described as follows: ...

  • Page 93: Binding An Ip Address With A Mac Address

    Security 8.2 Binding an IP address with a MAC address To access the page for binding an IP address with a MAC address, choose Security > IP-MAC Binding. See the following figure. 8.2.1 Enabling the IP-MAC binding function To enable the IP-MAC binding function, set IP-MAC Binding to Enable and click OK. Then, you can bind IP addresses with MAC addresses.

  • Page 94: Configuring An Ip-Mac Binding Entry

    Security Parameter Description IP Address IP Address specifies the IP addresses bound with MAC addresses. MAC Address specifies the MAC addresses bound with IP addresses. MAC Address It specifies the description of a binding between an IP address and a MAC Remark address.

  • Page 95: Protecting Against Attacks

    Security Click OK. The IP-MAC Binding page appears, showing the added IP-MAC binding entry. Modifying an entry Choose Security > IP-MAC Binding. Click corresponding to an entry to be modify. Modify the entry. Deleting an entry Choose Security > IP-MAC Binding. Click corresponding to an entry to be deleted.
  • Page 96 Security After enabling attack protection, you can view attack information on the System > Defense Logs page. Note Some data packets detected by the attack protection functions, such as some data packets used for network tests, are not attack packets. Therefore, enable the functions only when necessary. The following table describes the parameters.
  • Page 97 Security Parameter Description under UDP Flood attack. It specifies the maximum number of incoming TCP SYN packets allowed SYN Flood in one second. If the threshold is exceeded, it is inferred that the router Threshold is under SYN Flood attack. IP Timestamp It enables the router to block IP packets with the Internet Timestamp Option...

  • Page 98: Chapter 9 Ac Management

    Updating user information 9.1 Overview M50 can work as an AC to manage a maximum of 16 IP-COM APs. The following figure shows the network topology where M50 functions as an AC to manage APs. The AC management function of M50 allows you to...

  • Page 99: Configuring Wireless Settings

    AC management in batches.  User Status: This module allows you to view, after the AC management function is enabled, information about users connected to the APs managed by the router. 9.2 Configuring wireless settings To access the page for configuring wireless settings, choose AC Management > Wireless Settings. See the following figure.
  • Page 100 AC management The following table describes the parameters. Parameter Description It specifies the serial number of a wireless network policy. SNs 1 to 4 correspond to SSIDs 1 to 4 for the 2.4 GHz or 5 GHz frequency respectively, while SNs 5 to 8 correspond to SSIDs 5 to 8 for the 2.4 GHz frequency respectively.
  • Page 101 AC management Parameter Description Settings page. SSID It specifies the SSID for a wireless network policy. It specifies whether to hide an SSID. The options include:  Enable: It indicates that APs do not broadcast the corresponding SSID and the SSID is not listed among available networks of a user device.

  • Page 102: Configuring Advanced Settings

    AC management Parameter Description It allows you to specify whether to enable the client isolation function. The options include:  Enable: It indictes that wireless clients connected using the same SSID cannot Advanced communicate with each other.  Disable: It indictes that wireless clients connected using the same SSID can communicate with each other.
  • Page 103 AC management The following table describes the parameters. Parameter Description It specifies the intended AP operating frequency of the parameters on the page. Frequency Note The settings are delivered to all APs. Country It specifies the country where the router is used. WiFi It specifies whether to enable the wireless network for the specified frequency.
  • Page 104 AC management Parameter Description It specifies whether to enable the SSID isolation function. If it is enabled, AP clients connected SSID Isolation to networks at a specified frequency with different SSIDs cannot communicate with each other. It specifies whether to enable the air interface scheduling function. This function allows all clients to transmit data for the same duration.

  • Page 105: Configuring Global Settings

    AC management Parameter Description application scenario of the router. The options include:  Wide Coverage: This option is used in places with low AP density, such as offices, warehouses, and hospitals, to increase AP coverage.  High Density: This option is used in places with high AP density, such as conference venues, exhibition halls, banquet halls, stadiums, college classrooms, and departure lounges, to reduce mutual interference among APs.
  • Page 106 AC management Parameter Description It specifies whether to enable the QVLAN function of APs. After the function is enabled, the value of Management VLAN ID set on the current page and the values of VLAN ID set on the VLAN AC Management >...
  • Page 107 AC management Set the parameters and click OK. The settings are delivered to APs. The following table describes the parameters. Parameter Description It specifies the native VLAN ID of the Trunk ports of APs. This parameter is effective to an PVID AP only after the VLAN function of the AP is enabled.

  • Page 108: Managing Aps

    AC management Parameter Description Maintenance Time It specifies the time when automatic maintenance is performed. Reboot Interval It specifies the interval for circular maintenance. 9.4 Managing APs To access the page for managing APs, choose AC Management > AP Management. On this page, you can view and export information about APs managed by the router, reboot, reset, or upgrade online APs in batches, delete offline APs in batches, and modify configuration of APs individually.

  • Page 109: Upgrading Aps

    When the software of an AP is upgraded, do not shut down the router or AP. Otherwise, the AP may not work properly. Download corresponding fat AP software from http://www.ip-com.com.cn. Choose AC Management > AP Management and select the APs to be upgraded.

  • Page 110: Deleting Aps

    AC management 9.4.5 Deleting APs This function enables you to delete multiple offline APs at the same time. 1. Choose AC Management > AP Management and select the offline APs to be deleted. 2. Click Delete and follow the onscreen instruction to delete the APs. Note Online APs cannot be deleted.

  • Page 111: Viewing User Status

    AC management 4. Modify the configuration and click OK. 9.5 Viewing user status To access the page for viewing user status, choose AC Management > User Status. On the page, you can view information about users of the APs managed by the router. - 102 -...

  • Page 112: Exporting User Information

    AC management The following table describes the parameters. Parameter Description It specifies the operating frequency of user devices. The options include 2.4G, 5G, and Frequency 2.4G+5G. After an option is selected, the page displays only the user devices operating at the (above the list) specified frequency or frequencies.

  • Page 113: Updating User Information

    AC management Click Disconnect. If the user wants to access the network, he/she must reconnect to an AP. 9.6 Updating user information Choose AC Management > AP Management. Click Refresh. - 104 -...

  • Page 114: Chapter 10 Captive Portal

    Example of configuring web authentication 10.1 Overview M50 supports web authentication and PPPoE authentication and only either of them can be enabled on the router. If the computers connected to your LAN with or without cables must be authenticated for accessing the internet, select either authentication mode.

  • Page 115: Configuring Web Authentication

    Captive portal 10.2 Configuring web authentication 10.2.1 Configuring basic settings To access the page for configuring basic settings, choose Captive Portal > Basic Setup. On the page, you can enable or disable web authentication, set the authentication validity period, specify the computers that do not need to be authenticated, and configure the authentication web page.
  • Page 116 Captive portal Specifying the user devices that do not need to be authenticated Choose Captive Portal > Basic Setup. Click in the Authentication-free Host area. The Add dialog box appears. The following table describes the parameters. Parameter Description It specifies the MAC address of a user device that can access the internet without being MAC Address authenticated by the router.
  • Page 117 Captive portal The Basic Setup page appears, showing the user devices that can access the internet without being authenticated by the router. See the following figure. To modify the information about a user device on the list, click corresponding to the user device. To delete the information about a user device from the list, click corresponding to the user device.

  • Page 118: Managing Users

    Captive portal 10.2.2 Managing users To access the page for managing users, choose Captive Portal > User Management. See the following figure. On the page, you can create user accounts for web authentication. If web authentication is enabled, users can access the internet only after being authenticated with the accounts.

  • Page 119: Example Of Configuring Web Authentication

    10.3 Example of configuring web authentication Networking Requirement An enterprise uses M50 to set up a LAN to address the following requirement: The network administrator can access the internet without being authenticated, while the other employees must be authenticated before accessing the internet.
  • Page 120 Captive portal Configuration Procedure Configure basic settings for web authentication. Enable web authentication. (1) Choose Captive Portal > Basic Setup. (2) Set Captive Portal to Enable. (3) Set Session Timeout Interval to 4 h. (4) Click OK. - 111 -...
  • Page 121 (2) Set Web Title to the title of the message to be displayed on the authentication web page, which is Welcome to IP-COM network world in this example. (3) Set Web Content to the content of the message, which is Please enter a user name and password for authentication in this example.
  • Page 122 Captive portal (3) Set Password to the password of the user Tom, which is Tom123 in this example. (4) Set Remark (Optional) to the description of the user Tom, which is Tom Smith in this example. You can leave this parameter blank. (To add another user account, click and repeat the preceding steps.) (5) Click OK.

  • Page 123: Chapter 11 Pppoe Authentication

    Chapter 11 PPPoE authentication 11.1 Overview M50 supports web authentication and PPPoE authentication and only either of them can be enabled on the router. If the computers connected to your LAN with or without cables must be authenticated for accessing the internet, select either authentication mode.
  • Page 124 PPPoE authentication The following table describes the parameters. Parameter Description It specifies whether to enable PPPoE authentication. If the function is enabled, the PPPoE Authentication web authentication function of the router is disabled. It specifies the IP address of the PPPoE server. The default value is recommended. If you need to change the default value, set this parameter to a private IP address within the following ranges: Server IP...
  • Page 125 PPPoE authentication The following table describes the parameters. Parameter Description It specifies the number of days before account expiration to alert a user. By default, Alert Before Expiration the router alerts a user 7 days before account expiration. It specifies the message on the alert page for expiring accounts. You can click and modify the message.
  • Page 126 PPPoE authentication The Add dialog box appears. The following table describes the parameters. Parameter Description It specifies the physical address of the network adapter of the host that can access the MAC Address internet without being authenticated. Remark It specifies the description of a host that can access the internet without being (Optional) authenticated.

  • Page 127: Managing Accounts

    PPPoE authentication The following table describes the parameters. Parameter Description It specifies the names of flow control policies. Currently, flow control policy names cannot be modified. Policy Name If PPPoE authentication is enabled, the bandwidth control function of the router is replaced by the flow control policies for PPPoE users.
  • Page 128 PPPoE authentication Click The Add dialog box appears. The following table describes the parameters. Parameter Description Username Username specifies the user name to be entered by a user for authentication when setting by a PPPoE connection. Password specifies the password for the user name. Password Remark It specifies the description of an account.

  • Page 129: Example Of Configuring Pppoe Authentication

    11.3 Example of configuring PPPoE authentication Network Requirement The ISP of a residential estate uses M50 to offer internet accessibility to a building to address the following requirement: Residents need to set up PPPoE dial-up connections before accessing the internet. The network administrator of the building can access the internet merely with an automatically assigned IP address.
  • Page 130 PPPoE authentication Network Topology The following figure shows the network topology of the residential estate. Configuration Procedure Note For the parameters not mentioned in this procedure, retain their default settings. If an IP address group has been added for the router, add all the IP addresses in the IP address pool of the PPPoE server to the group (see the following figure).
  • Page 131 PPPoE authentication (3) Click OK. Configure the account expiration alert pages. Perform the following steps in the Expiration Alert area: (1) Click to the right of Alert Page for Expiring Account, set Web Title and Web Content, and click OK. (2) Click to the right of Alert Page for Expired Account, set Web Title and Web Content, and click OK.
  • Page 132 PPPoE authentication Add authentication-free hosts. In the Authentication-free area, click . The Add dialog box appears. Perform the following steps: (1) Set MAC Address to the MAC address of the computer that can access the internet without being authenticated, which is 44:37:E6:12:34:56 in this example. (2) Set Remark (Optional) to the description of the computer, which is Administrator in this example.
  • Page 133 PPPoE authentication Choose PPPoE Authentication > Account Management and click . The Add dialog box appears. Perform the following steps: (1) Set Username to the user name for PPPoE authentication, which is Tom is this example. (2) Set Password to the password for the user Tom, which is Tom123 in this example. (3) Set Remark to the description of the user Tom, which is Tom Smith in this example.
  • Page 134 PPPoE authentication Click Connect to the Internet and click Next. Click Broadband (PPPoE). - 125 -...
  • Page 135 PPPoE authentication Set User name and Password to the user name and password of a PPPoE account, which are Tom and Tom123 in this example. Select Remember this password and click Connect. The user can access the internet after a while. - 126 -...
  • Page 136 PPPoE authentication To reconnect the computer to the internet after the computer is restarted, click in the lower-right corner of the desktop and click Connect in the Broadband Connection entry. - 127 -...

  • Page 137: Chapter 12 Virtual Server

    Virtual server Chapter 12 Virtual server 12.1 Overview This chapter describes:  Port forwarding  UPnP  DMZ host  DDNS 12.1.1 Port forwarding By default, internet users cannot access any service on any of your local hosts. If you want to enable internet users to access a particular service on a local host, enable this function and specify the IP address and service port of the local host.

  • Page 138: Port Forwarding

    Virtual server This function always interworks with other functions, such as Port Forwarding, DMZ Host and Remote Web Management. 12.2 Port forwarding 12.2.1 Configuring port forwarding Adding a rule 1. Choose Virtual Server > Port Forwarding. 2. Click Add. The Add window appears. 3.

  • Page 139: Example Of Port Forwarding

    12.2.2 Example of port forwarding Networking requirement An enterprise uses M50 to deploy its WLAN network. The router is connected to the internet. Now the enterprise establishes a web server and wants to enable its employees to access the web server through the internet.

  • Page 140: Upnp

    Verification Internet users can access the local web server at http://202.105.11.22. If the router enables the DDNS function and the domain name is ip-com.ddns.net, internet users can access the local web server at http://ip-com.ddns.net. If you cannot access the web server, try the following methods to resolve the problem: ...

  • Page 141: Dmz Host

    12.4.2 Example of configuring the DMZ host function Networking requirement An enterprise uses M50 to deploy its WLAN network. The router is connected to the internet. Now the enterprise establishes a web server and wants to enable its employees to access the web server through the internet.
  • Page 142 4. Click OK. Verification Internet users can access the local web server at http://202.105.11.22. If the router enables the DDNS function and the domain name is ip-com.ddns.net, internet users can access the local web server at http://ip-com.ddns.net. - 133 -...

  • Page 143: Ddns

    Virtual server If you cannot access the web server, try the following methods to resolve the problem:  Make sure that the WAN IP address of the router is a public IP address.  Disable some programs, such as firewall, anti-virus software, and security guard, which may forbid internet users to access the local service.

  • Page 144: Example Of Configuring The Ddns Function

    Networking requirement An enterprise uses M50 to deploy its WLAN network. The router is connected to the internet. Now the enterprise establishes a web server and wants to be accessed by internet users. Thus when employees are not in the enterprise, they can also access the web server.
  • Page 145 Assume that the DDNS information is as follows:  User name: ip-com  Password: 123456  Domain name: ip-com.ddns.net Choose Virtual Server > DDNS. Set Username to ip-com. Set Password to 123456. Set Domain Name Info to ip-com.ddns.net. Click OK. - 136 -...
  • Page 146 When you complete the configuration, refresh the page and wait a moment. When the router is connected to the DDNS provider, the status changes to Authorized. Verification Verify that internet users can use access the local web server at http://ip-com.ddns.net. If you cannot access the web server, try the following methods to resolve the problem: ...

  • Page 147: Chapter 13 Maintenance

    Maintenance Chapter 13 Maintenance This chapter describes:  Setting user names and passwords  Rebooting the router  Backing up and restoring configuration  Upgrading the firmware  Restoring the factory settings  Setting the system date and time  Remotly managing the router using the web UI 13.1 Setting user names and passwords To access the page for changing the login user name or password of the router, choose Maintenance >...

  • Page 148: Rebooting The Router

    Maintenance 13.2 Rebooting the router To access the page for rebooting the router, choose Maintenance > Reboot. When some manually set parameters do not take effect, try rebooting the router. In addition, you can enable the reboot scheduling function to ensure the performance and stability of the router. 13.2.1 Rebooting the router manually 1.

  • Page 149: Backing Up And Restoring Configuration

    Maintenance To enable this function to work properly, ensure that the system time of your router is correct. For system time configuration, refer to Setting the system date and time. 13.3 Backing up and restoring configuration The backup function is used to export the current configuration of the router to your computer. Restore function is used to import a configuration file to the router.

  • Page 150: Upgrading The Firmware

    When you are upgrading a firmware, do not power off the router. To upgrade a firmware: Go to www.ip-com.com.cn and download a firmware verion of the router to your computer. Choose Maintenance > Firmware Upgrade on the router web UI.

  • Page 151: Resetting The Router Through Web Ui

    Maintenance you can reset the router to restore its factory settings on the web UI or using the RESET button. After the router is restored to its factory defaults, you can log in to the router using the following information: ...

  • Page 152: Synchronizing The System Time With The Internet

    Maintenance 13.6.1 Synchronizing the system time with the internet In this method, the system time of the router synchronizes its system time with the time servers on the internet. As long as the route is connected to the internet, the system time is correct, even after the router reboots. The following table describes the parameters.

  • Page 153: Remotly Managing The Router Using The Web Ui

    Maintenance 13.7 Remotly managing the router using the web UI By default, only local computers that are connected to the router can access the web UI of the router. In special cases, such as remote technical support, you can enable this function and access the web UI through a WAN port. 13.7.1 Configuring remote web management 1.

  • Page 154: Example Of Configuring Remote Web Management

    Networking requirement An enterprise uses M50 to deploy its WLAN network. When the network administrator of the enterprise cannot resolve a problem, he/she needs an IP-COM technician to remotely access the web UI of the router to resolve the problem.
  • Page 155 6. Click OK. Verification The IP-COM personnel can use http:// 202.105.11.22:8088 to access the web UI of the router. If the technician is on a remote LAN, as shown in the following figure, a public IP address of the router is required for the technical personnel to connect to the router.

  • Page 156: Chapter 14 System

    System Chapter 14 System This chapter describes:  Viewing router information  Viewing online users  Viewing traffic statistics  Viewing defense logs  Viewing system logs 14.1 Viewing router information 14.1.1 Port overview In this area, you can check whether a port is connected, and whether a port is a LAN port or a WAN port. A dimmed port is not connected to any device.

  • Page 157: Wan Information

    System 14.1.4 WAN information In this area, you can see information about all the WAN ports, including physical connection status, connection types, IP addresses, and so on. 14.2 Viewing online users 14.2.1 DHCP users To access the page for viewing the information about DHCP clients of the router, choose System > Live Users > DHCP User.

  • Page 158: Vpn Users

    System Parameter Description Uptime It specifies the connection duration of a DHCP client. Remaining It specifies the remaining lease time of an IP address. 14.2.2 VPN users To access the page for viewing the information about PPTP/L2TP clients of the router after you enable the PPTP/L2TP server function, choose System >...

  • Page 159: Captive Portal

    System The following table describes the parameters. Parameter Description User It specifies the user name of a PPPoE client. Remark It specifies the description of a user name. It specifies the IP address of a PPPoE client that is assigned by the PPPoE server of the IP address router.
  • Page 160 System The following table describes the parameters. Parameter Description Name It specifies the name of an IPSec tunnel. It specifies an SPI value, which is manually set or automatically assigned through negotiation. It specifies the data transmission direction of a tunnel. The oprions include: ...

  • Page 161: Viewing Traffic Statistics

    System 14.3 Viewing traffic statistics To access the page for viewing the upload and download speeds of a WAN port or each local IP address, choose System > Traffic Statistics. 14.4 Viewing defense logs If you enable the firewall function, the router logs attacks. According to the attack logs, a network administrator can locate attackers and try resolving problems.
  • Page 162 System The record time of system logs depends on the system time of the router. Ensure that the system time of your router is correct. You can set the time on the Maintenance > Time & Date page. Note  When the router reboots, the previous system logs are deleted.

  • Page 163: Appendix

    Appendix Appendix A Troubleshooting Q1: When I use the device for the first time, I cannot log in to the web UI of the device after entering 192.168.0.252. What should I do? A1: Verify that:  The Ethernet cables are connected correctly and firmly. ...
  • Page 164 Appendix For more technical support, contact us by: Website: http://www.ip-com.com.cn E-mail: info@ip-com.com.cn Tel: (86 755) 2765 3089 - 155 -...

  • Page 165: B Safety And Emission Statement

    Appendix B Safety and emission statement CE Mark Warning This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. For Pluggable Equipment, the socket-outlet shall be installed near the equipment and shall be easily accessible. WARNING: The mains plug is used as disconnect device, the disconnect device shall remain readily operable.
  • Page 166 Appendix interference in which case the user will be required to correct the interference at his own expense. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

Table of Contents