Page 1
DG-W U2005V User Manual DG-WU2005V WIRELESS ACCESS CONTROLLER, 5GE LAN, 2GE WAN, 1GE DMZ, USB User Manual V1.0 2015-08-26 As our products undergo continuous development the speci f ications are subject to change without prior notice...
DG-WU2005V User Manual TABLE OF CONTENTS CHAPTER 1 INTRODUCTION ....................8 ................................9 ACKAGE ONT ENT S ..............................9 ARDWARE NSTALLATION 1.2.1 ATTENTION ........................9 1.2.2 SYSTEM REQUIRE ME NTS .................... 10 1.2.3 Hardware Configuration ....................11 1.2.4 LED Indicators........................ 12 CHAPTER 2 GETTING STARTED ...................
Page 3
DG-WU2005V User Manual 3.1.2.2.3 Tag-Based VLAN............................63 3.1.3 IPv6 Setup ........................66 3.1.3.1 6 to 4 ................................66 3.1.3.2 6 in 4 ................................67 3.1.4 NAT / Bridging........................ 69 3.1.4.1 Configuration ..............................69 3.1.4.2 Virtual Server & Virtual Computer ......................70 3.1.4.2.1...
Page 4
DG-WU2005V User Manual 3.2.1.5 MAC Control ..............................91 3.2.1.5.1 Configuration .............................91 3.2.1.5.2 MAC Control Rule List..........................92 3.2.1.5.3 MAC Control Rule Configuration ......................92 3.2.1.6 Application Filters ............................92 3.2.1.6.1 Configuration .............................93 3.2.1.7 IPS.................................. 94 3.2.1.8 Options ................................94 3.2.2 QoS & BWM ........................95 3.2.2.1...
Page 5
DG-WU2005V User Manual 3.2.3.3.3 User Account List.............................119 3.2.3.3.4 User Account Configuration ........................120 3.2.3.3.5 L2TP Client ..............................120 3.2.3.3.6 L2TP Client List & Status ........................121 3.2.3.3.7 L2TP Client Configuration ........................121 3.2.3.4 GRE ................................123 3.2.3.4.1 GRE VPN Tunnel Scenario........................123 3.2.3.4.2 GRE Configuration ..........................123 3.2.3.4.3...
Page 6
DG-WU2005V User Manual 3.4.3.1 User List ..............................147 3.4.3.2 User Profile ..............................147 3.4.3.3 User Group ..............................148 3.4.4 Grouping........................149 3.4.4.1 Grouping Configuration..........................149 3.4.4.2 Host Grouping ............................149 3.4.4.2.1 Host Group List............................149 3.4.4.2.2 Host Group Configuration ........................150 3.4.4.3 File Extension Grouping ...........................
Page 7
Trademarks: DIGISOL™ is a trademark of Smartlink Network Systems Ltd. All other trademarks are the property of the respective manufacturers. Safety This equipment is designed with the utmost care for the safety of those who install and use it.
DG-WU2005V User Manual Chapter 1 Introduction Congratulations on your purchase of this outstanding product: DG-WU2005V Multi-Service Gateway with WLAN Controller. The product series, the multi-service security gateway comes with fruitful functions to meet SMB fast growing intranet access requirement. Multi-WAN NAT function allows multiple clients to have high speed access.
DG-WU2005V User Manual Package Contents The following items should be present in your package: DG-WU2005V Wireless Access Controller Power Cord (1 No.) Patch Cord (1 No.) Rack Mount Kit Installation Guide CD (includes User Manual & QIG) Make sure that the package contains above items. If any of the listed items is damaged or missing, please contact your retailer immediately.
DG-WU2005V User Manual 1.2.2 SYSTEM REQUIREMENTS An Ethernet RJ45 cable or DSL modem Network Require ments 10/100/1000 Ethernet adapter on PC / NB. Computer with the following: Windows®, Macintosh, or Linux-based operating system. An installed Ethernet adapter. Web-based Configuration Utility...
DG-WU2005V User Manual 1.2.3 Hardware Configuration Rear View: Console Port (DB9) Power Receptor ON/OFF for Power Switch Cable Front View: Reset Auto MDI/MDIX RJ-45 Ports Button 2x GbE WAN to connect Internet, 1x GbE DMZ to connect local servers 5x GbE LAN to connect local devices...
DG-WU2005V User Manual 1.2.4 LED Indicators Description OFF: Device is powered down. Power Green: Device is powered on. Green in flash: Device is in normal operation. Status Green in fast flash: Device is in recovery mode or abnormal state. OFF: USB 3G/4G connection is not established.
DG-WU2005V User Manual Chapter 2 Getting Started 2.1 Connect Your Device Before you can use this product, you need to connect your PC or NB to this gateway first. You can connect your PC to one of the LAN1~LAN5 ports through an Ethernet cable.
DG-WU2005V User Manual 2.2.1 Wizard Select “Wizard” for basic network settings and VPN settings in a simple way. Or, you can go to Basic Network / Advanced Network / Applications / System to setup the configuration by your own selection.
Page 15
DG-WU2005V User Manual Step 2: Change Password Password setting. You can change the login password of web UI here. It‟s strongly recommended that you change this login password from default value. Press “Next” to continue. Step 3: Time Zone Time Zone setting. It will detect your time zone automatically. If the result of auto detection is not correct, you can press “Detect Again”...
Page 16
DG-WU2005V User Manual Step 4: WAN WAN Interface setting. Choose the type of WAN connection. You can select Ethernet WAN if you want to connect to Internet through fixed line. Or select USB 3G/4G if you want to connect to Internet through 3G/4G network. A variety of WAN types are available for Ethernet WAN connection.
Page 17
DG-WU2005V User Manual Step 4-2: Ethernet (Dynamic IP Address) If you choose Ethernet->Dynamic IP Address, you can input host name or registered MAC address when your ISP requests it. In most cases, you can leave them as blank and go to next.
Page 18
DG-WU2005V User Manual Step 4-4: Ethernet (PPTP) If you choose Ethernet->PPTP, you need to input required dial- up information that you get from ISP. This PPTP WAN Type option is usually chosen when your ISP requests it. Press “Next” to continue.
Page 19
DG-WU2005V User Manual Step 5: LAN LAN Interface setting. Change the LAN IP address and subnet mask of this gateway. You can keep the default setting and go to next step. Press “Next” to continue. Step 6: Confirm and Apply Check the new settings again.
DG-WU2005V User Manual Step 7: Counting Down Configuration is completed. Press “Finish” button to close Setup Wizard and browser counts down for 65 seconds and provides you with “Click here” button to reconnect to the device. 2.2.1.2 Configure with the VPN Setup Wizard...
Page 21
DG-WU2005V User Manual Step 2: VPN Type Select type of VPN connection you want to create. Here you can choose IPSec, PPTP, L2TP or GRE. Press “Next” to continue. Step 2-1: IPSec If you choose IPSec, there are five options of tunnel scenario which can be chosen. “Site to Site”...
Page 22
DG-WU2005V User Manual pre-shared key for VPN connection. For Dynamic VPN, you don‟t need to input network information of remote subnet and remote gateway. Press “Next” to continue. Step 2-2: PPTP If you choose PPTP, there are two options of modes can be chosen. Choose “Client” if you want this device to connect to another PPTP server.
Page 23
DG-WU2005V User Manual accepted by PPTP server. Otherwise, remote PPTP server will reject the connection. Press “Next” to continue. If you choose PPTP Server, please select options of authentication and MPPE. You also need to create a set of username and password for PPTP clients. In this wizard, you can only create one user account.
Page 24
DG-WU2005V User Manual Press “Next” to continue. If you choose L2TP Client, please input tunnel name, IP/FQDN of L2TP server, username/password, authentication and MPPE options. Please make sure these settings are accepted by L2TP server. Otherwise, remote L2TP server will reject the connection.
Page 25
DG-WU2005V User Manual Press “Next” to continue. Step 3: Confirm and Apply Confirm new settings. If all new settings are correct, please press “Apply” button to save these new settings and make them effective.
DG-WU2005V User Manual 2.2.2 Status There are 4 kinds of system status to be shown at this window. They are Network Status, LAN Client list, Firewall Status, VPN Status and System Management Status.
DG-WU2005V User Manual 2.2.2.1 Network Status In Network Status page, you can review lots of information of network status, including a connection diagram, WAN IPv4 status, WAN IPv6 status, LAN status, 3G/4G modem status and Internet Traffic Statistics. You can also check the device time at the bottom of this page.
Page 28
DG-WU2005V User Manual LAN Interface Status Displays IPv4 and IPv6 information of local network. Press “Edit” button if you want to change the settings. 3G/4G Modem Status Displays modem card information, link status, signal strength and network (carrier) name of 3G/4G connection.
DG-WU2005V User Manual 2.2.2.2 LAN Client List Displays the LAN client information like IP address, host name, MAC address and remaining lease time. 2.2.2.3 Firewall Status In Firewall Status page, you can review information of filter status, including Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and other options of firewall.
DG-WU2005V User Manual MAC Control Displays all blocked MAC addresses of firing activated MAC control rules. Application Filters Displays all filtered applications of firing activated application filter rules. Displays all events of firing activated rules of IPS. Options Display option settings of firewall.
DG-WU2005V User Manual PPTP Client Status Displays the status of all activated PPTP clients. L2TP Server Status Displays the status of all activated accounts of L2TP server. L2TP Client Status Displays the status of all activated L2TP clients. SSL VPN Server Status Displays the status of all activated accounts of SSL VPN server.
DG-WU2005V User Manual TR-069 Status Displays link status of TR-069. UPnP Status Displays UPnP status. 2.2.2.6 DDNS Status In DDNS Status page, you can review information of DDNS status.
DG-WU2005V User Manual 2.2.2.7 UPnP Status In UPnP Status page, you can review information of UPnP status. 2.2.2.8 Storage Status In Storage status page, you can review information of storage status, including device description, usage, file system, speed and status.
Page 34
DG-WU2005V User Manual 2.2.2.9 Statistics and Reports In Statistics and reports status page, you can review information of statistics and reports. Device Manager Login Status Displays device management status like, user name, protocol type, IP address, user level and duration time.
Page 35
DG-WU2005V User Manual Captive portal user login Statistics Displays captive portal user login status, including user name, captive portal user login statistics, create time, remaining lease time, time used, expiration time and user level. Data usage record Displays the data usage records.
Page 36
DG-WU2005V User Manual Internet surfing list Displays the internet surfing list including, user name, protocol, internet IMP and port, MAC, external IMP & port and Duration time.
Page 37
DG-WU2005V User Manual Chapter 3 Making Configurations Whenever you want to configure your network or this device, you can access the Configuration Menu by opening the web-browser and typing in the IP Address of the device. The default IP Address is: 192.168.123.254. In the configuration section you may want to check the connec tion status of the device, to do Basic or Advanced Network setup or to check the system status.
DG-WU2005V User Manual Basic Network You can enter Basic Network for WAN, LAN&VLAN, IPv6, NAT / Bridging, Routing, and Client/Server/Proxy settings as the icon here shown 3.1.1 WAN Setup This device is equipped with three WAN Interfaces to support different WAN types of connections.
DG-WU2005V User Manual 3.1.1.1 Physical Interface Click on the “Edit” button for each WAN interface and you can get the detail physical interface settings and then configure the settings as well. By default, the WAN-1 interface is forced to “Always-on” mode, and operate as the primary internet connection;...
DG-WU2005V User Manual be failover and fallback. For the example above, if WAN-1 connection is broken, this gateway will try to failover the Internet connection to this WAN interface automatically. When WAN-1 connection becomes available again, the Internet connection will switch back to WAN -1 automatically.
DG-WU2005V User Manual 3.1.1.2.1 Ethernet WAN Click on the “Edit” button for the Ethernet WAN interface and you can get the detail WAN settings and then configure the settings as well. There are 5 Internet connection types for Ethernet physical interface. They are “Static IP”, “Dynamic IP”, “PPP over Ethernet”, “PPTP”...
Page 42
DG-WU2005V User Manual automatically since it‟s powered on. It‟s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time. If you choose “Dial-on-demand”, this gateway won‟t start to establish Internet connection until local data is going to be sent to WAN side.
Page 43
DG-WU2005V User Manual Static IP Address Select this WAN type to give your static IP information. You will need to enter in the IP address, subnet mask and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form, which is four IP octets separated by a dot (x.x.x.x).
Page 44
DG-WU2005V User Manual Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. PPP over Ethernet Select this WAN type if your ISP requires you to use a PPPoE connection. This option is typically used for DSL services.
Page 45
DG-WU2005V User Manual choose “Dial-on-demand”, this gateway won‟t start to establish Internet connection until local data is going to be sent to WAN side. After that, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. If you choose “Manually”, this gateway won‟t start to establish WAN connection until you press “Connect”...
Page 46
DG-WU2005V User Manual PPTP Choose PPTP (Point-to-Point Tunneling Protocol) if your ISP used a PPTP connection. Your ISP will provide you with a username and password. This WAN type is typically used for DSL services. 1. WAN Type: Choose “PPTP” from the drop list.
Page 47
DG-WU2005V User Manual password you input won‟t be displayed on web UI. 5. Connection ID: Optional, input the connection ID if your ISP requires it. 6. Connection Control: Select your connection control scheme from the drop down list: “Auto-reconnect (Always on)”, “Dial-on-demand”, or “Manually”. If you select “Auto-reconnect (Always on)”, this gateway will start to establish Internet connection...
Page 48
DG-WU2005V User Manual L2TP Choose L2TP (Layer 2 Tunneling Protocol) if your ISP uses a L2TP connection. Your ISP will provide you with a username and password. This option is typically used for DSL services. 1. WAN Type: Choose “L2TP” from the drop down list 2.
Page 49
DG-WU2005V User Manual “Auto-reconnect (Always on)”, this gateway will start to establish Internet connection automatically since it‟s powered on. It‟s recommended to choose this scheme if for mission critical applications to ensure Internet connection is available all the time. If you choose “Dial-on-demand”, this gateway won‟t start to establish Internet connection until...
DG-WU2005V User Manual Wireless WAN – 3G/4G 3.1.1.2.2 Click on the “Edit” button for the 3G/4G WAN interface and you can get the detail WAN settings and then configure the settings as well. 1. WAN Type: Choose “3G” from the drop list.
DG-WU2005V User Manual 4. Dialed Number: Enter the dialed number that is provided by your ISP. 5. Account, Password: Enter the account / Password that is provided by your ISP (Optional). 6. Authentication: Choose “Auto”, “PAP”, or “CHAP” according to your ISP‟s authentication approach.
Page 52
DG-WU2005V User Manual further configure which strategy is to be applied for load balancing the outbound traffics. There are three load balance strategy: “By Smart Weight”, “By Priority” and “By User Policy”. By Smart Weight: If you choose the “By Smart Weight” strategy, no other setting is required. This device will automatically allocate the outbound traffics to each WAN interface.
Page 53
DG-WU2005V User Manual one by one. Click the “add” button to add your load balance policy. You can manage the outbound traffics flow and the force specific traffics to access Internet through designated WAN interface. For those traffics not covered in the user policy rules, the device will allocate the WAN interface by applying “Smart Weight”...
DG-WU2005V User Manual 3.1.2 LAN & VLAN This device is equipped with five gigabit Ethernet LAN ports as to connect your local devices via Ethernet cables. Besides, VLAN function is provided to organize your local networks. 3.1.2.1 Ethernet LAN Please follow the below mentioned instructions for an IPv4 Network Setup.
DG-WU2005V User Manual Afterwards, click on “Save” to store your settings or click “Undo” to give up the changes. 3.1.2.2 VLAN This section provides a brief description of VLANs and explains how to create and modify virtual LANs which are more commonly known as VLANs. A VLAN is a logical network under a certain switch or router device to group lots of client hosts with a specific VLAN ID.
DG-WU2005V User Manual 3.1.2.2.1 VLAN Scenarios There are some common VLAN scenarios as follows: Port-Based VLAN Tagging for Differentiated Services Port-based VLAN function can group Ethernet ports, Port-1 ~ Port-5, together for differentiated services like Internet surfing, multimedia enjoyment, VoIP talking and so on.
Page 57
DG-WU2005V User Manual A port-based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wireless Gateway that form a logical group segment. Following is a descriptive example, and there is difference at interfaces for different models. In SMB or a company, administrator schemes out 4 segments, Lobby, Lab &...
Page 58
DG-WU2005V User Manual Tag-based VLAN Tagging for Location- free Departments Tag-based VLAN function can group Ethernet ports, Port-1 ~ Port-5 , together with different VLAN tags for deploying department subnets in Intranet. All packet flows can carry with different VLAN tags even at the same physical port for Intranet.
Page 59
DG-WU2005V User Manual VLAN Group Access Control Administrator can specify the Internet access right for all VLAN groups. He also can configure which VLAN groups can communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not.
Page 60
DG-WU2005V User Manual Inter VLAN Group Routing In Port-based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs. But communication pair has not the transitive property.
DG-WU2005V User Manual 3.1.2.2.2 Port-Based VLAN A port-based VLAN is a group of ports on an Ethernet switch or router that forms a logical group segment. There are five LAN ports in this device, so you can have various VLAN configurations to organize the available LAN ports if required.
Page 62
DG-WU2005V User Manual into different VLANs, click on the “Edit” button related to each port. 1. NAT/Bridge: Select “NAT” or “Bridge ” to identify if the packets are directly bridged to the WAN port or processed by NAT mechanism. 2. VLAN ID: Specify a VLAN identifier for this port. The ports with the same VID are in the same VLAN group.
DG-WU2005V User Manual 7. VLAN Routing Group: Above configuration example supports 3 access policies. The first one is Internet Access Policy that includes Port-1, Port-2 and Port-3. All client hosts via these ports can access the Internet. The second policy is Intranet access Policy that includes only Port-4. All client hosts via the port can‟t access the Internet.
Page 64
DG-WU2005V User Manual Besides DMZ Port, all the LAN ports belong to one VLAN group, and this VLAN ID is forced to “1”. It is a special tag based VLAN for devices to operate, there is no tag required for this default VLAN ID.
Page 65
DG-WU2005V User Manual “Add” command button. But also you can modify some existing VLAN groups by clicking corresponding “Edit” command buttons at the end of each VLAN group in the Tag-based VLAN List. Besides, unnecessary VLAN groups can be removed by checking the “Select”...
DG-WU2005V User Manual 3.1.3 IPv6 Setup The growth of the Internet has created a need for more addresses than those that are possible with IPv4. IPv6 (Internet Protocol ve rsion 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
DG-WU2005V User Manual list is constructed by snooping IPv6 multicast control packets. If necessary in your environment, please enable this feature. LAN Configuration: 4. Global Address: Please enter global Address. 5. LAN IPv6 address settings: Please enter “LAN IPv6 address” and ignore the “LAN IPv6 Link- Local address”.
Page 68
DG-WU2005V User Manual When “6 in 4” is selected you need to do the following settings: 6 in 4 WAN IPv6 address settings: 1. Remote / Local IPv4 and IPv6 Address: You may add remote / local IPv4 address and local IPv6 address, then set DNS address manually for Primary DNS address and secondary DNS address.
DG-WU2005V User Manual 3.1.4 NAT / Bridging 3.1.4.1 Configuration 1. NAT Loopback: Allows you to access the WAN IP address from inside your local network. This is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway‟s WAN IP address.
DG-WU2005V User Manual 3.1.4.2 Virtual Server & Virtual Computer 3.1.4.2.1 Virtual Server This device‟s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping.
DG-WU2005V User Manual Service Port Private Port Server IP Enable 10.0.75.1 10.0.75.2 8080 10.0.75.3 1723 10.0.75.6 3.1.4.2.2 Virtual Computer Virtual Computer enables you to use the original NAT feature, and a llows you to setup the one-to-one mapping of multiple pairs of global IP address and local IP address.
DG-WU2005V User Manual 1. SIP ALG: Support some SIP ALG, like STUN. 3.1.4.3.2 Special AP Some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT router. The Special Applications feature allows some of these applications to work with this product.
DG-WU2005V User Manual mechanism, you can indicate that LAN computer as a DMZ host to solve this problem. 1. IP Address of DMZ Host: Enter IP Address of DMZ Host. 2. DHCP Relay: DHCP Relay Agent component relays DHCP messages between DHCP clients and DHCP servers on different IP networks.
Page 74
DG-WU2005V User Manual then enable or disable the rule by checking or un-checking the Enable check box. Please click Add or Edit button to configure a static routing rule: 1. Destination IP: Enter the subnet network of routed destination. 2. Subnet Mask: Input your subnet mask. Subnet mask defines the range of IP address in destination network.
DG-WU2005V User Manual 3.1.5.2 Dynamic Routing The feature of static route is for you to maintain routing table manually. In addition, this gateway also supports dynamic routing protocol, such as RIPv1/RIPv2, OSPF, BGP for you to establish routing table automatically. The feature of dynamic routing will be very useful when there are lots of subnets in your network.
Page 76
DG-WU2005V User Manual You can enable the OSPF routing function by c hecking on the “Enable” box for the OSPF item and filling the “Backbone Subnet”. You can add up to 8 area subnets for the OSPF network and enable them individually by clicking on the “Add” command button.
DG-WU2005V User Manual You can enable the BGP routing function by checking on the “Enable” box for the BGP item and filling the “Self ID”. You can add up to 8 BGP neighbors for the BGP ne twork and enable them individually by clicking on the “Add” command button. But also you can modify some existing BGP neighbors by clicking corresponding “Edit”...
DG-WU2005V User Manual 3.1.6 Client/Server/Proxy 3.1.6.1 Dynamic DNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Anothe r simpler way is to apply a domain name to 3-party DDNS service provider.
DG-WU2005V User Manual Host Name: Register a domain name to the DDNS provider. The full domain name is concatenated with host name (you specify) and a suffix (DDNS provider specifies). Username/E-mail: Input username or E- mail based on the DDNS provider you registered.
DG-WU2005V User Manual 3.1.6.2.2 DHCP Server Configuration 1. DHCP Server Name: The server name of DHCP server. By default, they are “DHCP-1” ~ “DHCP-6”. 2. LAN IP Address: Specify the local IP address of the enabled DHCP Server. It‟s the LAN IP address of this gateway for DHCP-1 server.
Page 81
DG-WU2005V User Manual 4. IP Pool Starting / Ending Address: Whenever there is a request, the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer. You must specify the starting / ending address of the IP address pool.
DG-WU2005V User Manual 3.1.6.2.4 Fixed Mapping Press “Fixed Mapping …” button at the bottom of the DHCP server list page and you can specify a certain IP address for designated local device (MAC address) manually, so that the DHCP Server will reserve the special IPs for designated devices. For internal servers, you can...
DG-WU2005V User Manual Advanced Network This device also supports many advanced network features, such as Firewall, QoS & Bandwidth Management, VPN Security, Redundancy, System Management and Certificate. You can finish these configurations in this section.
DG-WU2005V User Manual 3.2.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. 3.2.1.1 Configuration One Firewall Enable check box lets you activate all firewall functions that you want.
DG-WU2005V User Manual 3.2.1.2.1 Configuration You can enable packet filter function here. And select one of the two filtering policies as follows. The first one is to define the black list. System will block the packets that match the active filter rules. However, the second one is the white list. System will allow the packets to pass the gateway, which match the active filter rules.
Page 86
DG-WU2005V User Manual 1. Rule Name: The name of packet filter rule. 2. From Interface: Any interface or some LAN interface or some WAN interface. 3. To Interface: Any interface or some LAN interface or some WAN interface. 4. Source IP: Specify the Source IP address of packets that want to be filtered out in the packet filter rule.
DG-WU2005V User Manual 7. Protocol: Specify which packet protocol is to be filtered. It can be TCP, UDP, or Both. 8. Time Schedule: The rule can be turned on according to the schedule rule you specified, and give user more flexibility on access control. By default, it is always turned on when the rule is enabled.
DG-WU2005V User Manual access is blocked by rules. 5. [Help]: At the right upper corner of the screen, one “[Help]” command lets you see the on- line help message about URL Blocking function. 3.2.1.3.2 URL Blocking Rule List It is a list of all URL Blocking rules. You can add one new rule by clicking on the “Add”...
DG-WU2005V User Manual and gives users more flexibility on access control. By default, it is always turned on when the rule is enabled. For more details, please refer to the System >> Scheduling menu. 5. Rule Enable: Check the enable box if you want to activate the rule. Each rule can be enabled or disabled individually.
DG-WU2005V User Manual 3.2.1.4.2 Web Content Filter Rule List It is a list of all Web Content Filter rules. You can add one new rule by clicking on the “Add” command button. But also you can modify some existing Web Content Filter rules by clicking corresponding “Edit”...
DG-WU2005V User Manual 3.2.1.5 MAC Control MAC Control allows you to assign different access rights for different users based on device‟s MAC address. 3.2.1.5.1 Configuration 1. MAC Control: Check the “Enable” box to activate the MAC Control function. All of the settings in this page will take effect only when “Enable ”...
DG-WU2005V User Manual 3.2.1.5.2 MAC Control Rule List It is a list of all MAC Control rules. You can add one new rule by clicking on the “Add” command button. But also you can modify some existing MAC control rules by clicking corresponding “Edit”...
DG-WU2005V User Manual 3.2.1.6.1 Configuration 1. Application Filters: Check the “Enable” box to activate the Application Filters function. All of the settings in this page will take effect only when “Enable” is checked. 2. Log Alert: Enable the log alerting so that system will record Application Filter events when filtering rules are fired.
DG-WU2005V User Manual 3.2.1.7 IPS IPS (Intrusion Prevention Systems) are network security appliances that monitor network and/or system activities for malicious activity. The main functions of IPS are to identify malicious activity, log information about this activity, attempt to block/stop it and report it.
DG-WU2005V User Manual 3. Discard PING from WAN: If this feature is enabled, this gateway won‟t reply any ICMP request packet from WAN side. It means any remote host can‟t get response when pinged to this gateway. “Ping” is a useful command that we use to detect if a certain host is alive or not.
DG-WU2005V User Manual 3.2.2.1 Configuration QoS on Multiple WAN Interfaces QoS on all WAN interfaces satisfies the requirements of latency-critical applications, minimum access right guarantee, fair bandwidth usage for same subscribed condition and flexible bandwidth management in a more flexible approach.
DG-WU2005V User Manual 1. Total Priority Queues of All WANs: Input the maximum number of priority queues for all WAN interfaces. 2. WAN Interface: Select the WAN interface to configure following parameters. 3. Bandwidth of Upstream: The maximum bandwidth of uplink in Mbps.
DG-WU2005V User Manual Auth(113), SFTP(TCP:115), SNMP&Traps(UDP:161-162), LDAP(TCP:389), HTTPS(TCP:443), SMTPs(TCP:465), ISAKMP(500), RTSP(TCP:554), POP3s(TCP:995), Net Meeting(1720), L2TP(UDP:1701) and PPTP(TCP:1723). Available Control Functions There are 4 resources that can be applied in a QoS rule: bandwidth, connection sessions, priority queues and DiffServ Code Point (DSCP).
DG-WU2005V User Manual 3.2.2.2.2 QoS Rule List It is a list of all QoS rules. You can add one new rule by clicking on the “Add” command button. But also you can modify some existing QoS rules by clicking corresponding “Edit”...
DG-WU2005V User Manual 3.2.2.2.3 QoS Rule Configuration It supports the adding of one new rule or the editing of one existing rule. There are some parameters that need to be specified in one QoS rule. They are Interface, Group, Service, Resource, Control Function, QoS Direction, Sharing Method, Time Schedule and finally, the rule enable.
Page 101
DG-WU2005V User Manual You need to choose a correct one according to your device‟s specification. When “TOS” is selected for Service, TOS value must be chosen from a list of 4 options. For example: When “User-defined Services” is selected, two more parameters, Protocol Number and Service Port Range, must be defined.
Page 102
DG-WU2005V User Manual 4. Resource: There are 4 resources that can be chosen to control in the QoS rule. They are “Bandwidth”, “Connection Sessions”, “Priority Queues” and “DiffServ Code Points”. 5. Control Function: It depends on the chosen resource. For “Bandwidth” resource, the control function is “Set MINR &...
Page 103
DG-WU2005V User Manual Example #1 for adding a “DSCP” type QoS rule Interface: Select “All WANs”. Group: Select “IP” and enter IP range: 10.0.75.196/30. Service: Select “DSCP” with DiffServ CodePoint is CS4. Resource: Select “DiffServ Code Points”.
DG-WU2005V User Manual Control Function: Select “Set Session Limitation”, and set session number to 20000. QoS Direction: Select “Outbound” for outbound traffic only. It is for the client devices under the gateway to establish multiple sessions with servers in the Internet.
There are some common IPSec VPN connection scenarios as follows: Site to Site DG-WU2005V establishes IPSec VPN tunnels with security gateway in headquarters or branch offices. Either local or remote device, which can be recognized by a static IP address or a FQDN can initiate the establishment of an IPSec VPN tunnel.
Page 106
DG-WU2005V User Manual Dynamic VPN Business Security Gateway can ignore IP information of clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile host or mobile site. Remote peer is a host or a site which will be indicated in the negotiation packets, including what remote subnet is.
DG-WU2005V User Manual 3.2.3.1.2 IPSec Configuration IPSec: You could trigger the function of IPSec VPN if you check “Enable” box. NetBIOS over IPSec: If you would like two Intranets behind two Business Security Gateways to receive the NetBIOS packets from Network Neighborhood, you have to check “Enable”...
DG-WU2005V User Manual 3.2.3.1.3 Tunnel List & Status Add: You can add one new IPSec tunnel with Site to S ite scenario by clicking the “Add” button. Delete: Delete selected tunnels by checking the “Select” box at the end of each tunnel list and then clicking the “Delete”...
DG-WU2005V User Manual 3.2.3.1.5 Local & Remote Configuration Local Subnet: The subnet of LAN site of local Business Security Gateway. It can be a host, a partial subnet, the whole subnet or multiple subnets of LAN site of local gateway.
DG-WU2005V User Manual Remote subnet: The subnet of LAN site of remote Business Security Gateway. It can be a host, a partial subnet, the whole subnet or multiple subnets of LAN site of remote gateway. Since the device supports VPN hub and spoke function, there are 5 remote subnets to be defined here and any packets that want these 5 remote subnets will be transferred via this VPN tunnel.
VPN rule with a pre-shared key for all remote users, but you can also designate account / password for specific users that are permitted to establish VPN connection with VPN server. There are 3 roles to let DG-WU2005V behave as for X-Auth authentication, including None, Server and Client. For None role, no X-Auth authentication happens during VPN tunnel establishment.
DG-WU2005V User Manual DH Group: There are nine groups that can be selected: None, Group 1 (MODP768), Group 2 (MODP1024), Group 5 (MODP1536) and Group14 ~ 18. Enable: Check this box to enable the IKE Proposal during tunnel establishment. 3.2.3.1.9...
PPTP / L2TP VPN Tunnel Scenarios There are some common PPTP/L2TP VPN connection scenarios as follows: PPTP / L2TP Server for Remote Mobile Users DG-WU2005V acts as Server role for remote users to dial in and share some services in Intranet for them. ...
DG-WU2005V User Manual The Business Security Gateway can behave as a PPTP server and a PPTP client at the same time. PPTP: Check the “Enable” box to activate PPTP client and server functions. Client/Server: Choose Server or Client to configure corresponding role of PPTP VPN tunnels for the Business Security Gateway beneath the choosing screen.
DG-WU2005V User Manual PPTP Server: Enable or disable PPTP server function. Server Virtual IP: It is the virtual IP address of PPTP server used in PPTP tunneling. This IP address should be different from the gateway one and members of LAN subnet of Business Security Gateway.
DG-WU2005V User Manual 3.2.3.2.4 User Account Configuration Add or edit one user account will activate the “User Account Configuration” screen. User Name: Enter the user name of user account. Password: Enter the password of user account. Account: Check the “Enable” box to validate the user account.
DG-WU2005V User Manual 3.2.3.2.7 PPTP Client Configuration PPTP Client Name: The name of this tunnel. Operation Mode: Default is “Always on” and other options depend on product models. Peer IP/Domain: The IP address or Domain name of remote PPTP server.
DG-WU2005V User Manual echo requests and the times that system can retry once system LCP echo fails. You also can choose “User-defined” option to define the time interval and the retry times by yourself. The last option is “Disable”. 11. Tunnel: Check the “Enable” box to activate the tunnel.
DG-WU2005V User Manual 1. L2TP Server: Enable or disable L2TP server function. 2. L2TP over IPSec: L2TP over IPSec VPNs allow you to transport data over the Internet, while it is still maintaining a high level of security to protect data. Enter a Pre-shared key that system will use it in IPSec tunneling.
DG-WU2005V User Manual Add: You can add one new user account by clicking on the “Add” button. Delete: Delete selected user accounts by checking the “Select” box at the end of each user account list and then clicking on the “Delete” button.
DG-WU2005V User Manual 3.2.3.3.6 L2TP Client List & Status You can add new up to 22 different L2TP client tunnels by clicking on the “Add” button, and modify each tunnel configuration by clicking on the corresponding “Edit” button at the end of each existing tunnel.
Page 122
DG-WU2005V User Manual User Name: The user name which can be validated by remote L2TP server. Password: The password which can be validated by remote L2TP server. Default Gateway/Remote Subnet: You can choose “Default Gateway” option or “Remote Subnet” option here. When “Default Gateway” is chosen, all traffic from Intranet of Business Security Gateway goes over this L2TP tunnel if these packets don‟t...
DG-WU2005V User Manual 3.2.3.4 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol inter network. 3.2.3.4.1 GRE VPN Tunnel Scenario There is one common GRE VPN connection scenario as follows: ...
DG-WU2005V User Manual 3.2.3.4.3 GRE Tunnel Definition Add: You can add one new GRE tunnel by clicking on the “Add” button. Delete: Delete selected tunnels by checking the “Select” box at the end of each tunnel list and then clicking on the “Delete” button.
DG-WU2005V User Manual server. If an Intranet packet wants to go to this peer subnet, the GRE tunnel will be established automatically. 3.2.3.4.5 SSL VPN...
DG-WU2005V User Manual 3.2.4 Redundancy 3.2.4.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network.
Page 127
DG-WU2005V User Manual 1. VRRP: Enable or disable the VRRP function. 2. Virtual Server ID : Means Group ID. Specify the ID number of the virtual server. Its value ranges from 1 to 255. 3. Priority of Virtual Server: Specify the priority to use in VRRP negotiations. Valid values are from 1 to 254, and a larger value has higher priority.
DG-WU2005V User Manual 3.2.5 System Management This device supports many system management protocols, such as TR-069, SNMP, Telnet with CLI and UPnP. You can finish those configurations in this sub-section. 3.2.5.1 TR-069 TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP).
Page 129
DG-WU2005V User Manual SNMP agents expose management data on the managed systems as variables. The protocol also permits active management tasks, such as modifying and applying a new configuration through remote modification of these variables. The variables accessible via SNMP are organized in hierarchies.
DG-WU2005V User Manual Management PCs. You have to specify it, so that the device can send SNMP Trap message to the management PCs consequently. 6. WAN Access IP Address: If you want to limit the remote SNMP access to specific computer, please enter the PC`s IP address.
DG-WU2005V User Manual 3.2.5.4 UPnP UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers. It is a common communication protocol of automatically configuring port forwarding. Applications using peer-to-peer networks, multiplayer gaming and remote assistance programs need a way to communicate through home and business gateways.
DG-WU2005V User Manual Applications In this section you can finish the AP Management and Captive Portal settings. This device supports AP Management function to discover, configure and control all trusted APs in the Intranet. Besides, it also serves as an Internet access gateway. Any client host in the Intranet wants to surf the Internet, the device will redirect the Internet surfing request to an internal or external captive portal Web server for user authentication.
DG-WU2005V User Manual 3.3.1 AP Management 3.3.1.1 Configuration The following tabs will appear in the configuration tab. 3.3.1.1.1 AP Management Configuration 1. AP Management: Check the Enable box if you want to enable this function. 3.3.1.1.2 AP Configuration Proposal List It is a list of AP Proposals, APC and APW proposal templates in default.
DG-WU2005V User Manual 1. Apply to APs: Click on the button and you can select some trusted APs to apply the dedicated AP Configuration Proposal for their configuration settings. Click on “Save” to store what you just select or “Undo” to give up.
DG-WU2005V User Manual Allow: It means stations which are connected to corresponded AP can access Intranet Network. Deny: It means stations which are connected to corresponded AP can‟t access Intranet Network. Edit: Click “Edit” to configure the trusted AP. Event: You can view some important logs from the trusted AP by clicking on the “Event”...
DG-WU2005V User Manual 3.3.2 Captive Portal 3.3.2.1 Captive Portal Configuration The gateway supports the Captive Portal function, including internal captive portal and external captive portal. For external captive portable, you must specify external RADIUS (Remote Authentication Dial In User Service) server and external UAM (Universal Access Method) server.
DG-WU2005V User Manual Internal Captive Portal Before enabling internal Captive Portal function, please go to System >> External Servers to define some external server objects, like LDAP server or AD server if necessary. Then configure Captive Portal function in this page to specific WAN Interface, select “Internal RADIUS Server”...
Page 139
DG-WU2005V User Manual About MMI (Man-Machine Interface), it means the Web-based GUI. User can set the administrator timeout of Web UI surfing while configuring the device by the administrator.
DG-WU2005V User Manual 3.4.1 System Related System Related sub-section includes “Change Password”, “System Information”, “System Status” and “System Tools”. Change Password is to change the password of administrator for configuring the device by using Web UI. System Tools support system time configurations, FW upgrade, system rebooting, system resetting to default, wake on LAN and configuration settings backup.
DG-WU2005V User Manual 3.4.1.2 System Information You can view the System Information in this page. It includes the WAN Type, Display Time and Modem Information. But the modem information will be existing only at the models with embedded modems, like ADSL modem and 3G/LTE modem.
DG-WU2005V User Manual 3.4.1.4 System Tools The device supports many system tools, including system time configuration, FW upgrading, system rebooting, system resetting to default, waking on LAN and configuration settings backup. 1. System Time: There are three approaches to setup the system time. Before the process, some basic information must be filled by clicking on the “Configure”...
Page 143
DG-WU2005V User Manual the configuration PC. 2. FW Upgrade: If new firmware is available, you can upgrade router firmware through the WEB GUI here. After clicking on the “FW Upgrade ” command button, you need to specify the file name of new firmware by using “Browse” button, and then click “Upgrade”...
Page 144
DG-WU2005V User Manual 4. Tracert Test: Traceroute is a network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an IP network. Traceroute proceeds unless all (three) sent packets are lost more than twice, then the connection is lost and the route cannot be evaluated.
DG-WU2005V User Manual 3.4.2 Scheduling You can set the schedule time to decide which service will be turned on or off. The added rules will be listed as below and they can be up to 100 rules. 1. Enable: Enable or disable the scheduling function.
DG-WU2005V User Manual 3.4.3 User Management You can manage user account in this section, including user list, user profile and user group. User List shows out all user accounts and User Profile can let you add one new account or edit it. User Group offers you to collect several user accounts to one group to own same properties and bound services.
DG-WU2005V User Manual 3.4.3.1 User List User List can show the list of all user accounts and their status of on- line or offline in this window. You can add one new rule by clicking on the “Add” command button. But also you can modify some existing user accounts by clicking corresponding “Edit”...
DG-WU2005V User Manual 3. User Level: Supports 4 levels for you to select, including “Admin”, “Staff”, “Guest” and “Passenger”. Admin level of user account can let the user configure the device with fully control ability. Staff level of users can access both the Intranet resources and the Internet resources.
DG-WU2005V User Manual 3.4.4 Grouping This device supports three types of objects to be grouped. They are host objects, file extension objects and L7 Application objects. One “Enable” Check box provides user to activate the grouping function for all types of objects.
DG-WU2005V User Manual 1. Add: Click on the button to add one host group. 2. Delete: Click on the button to delete the host groups that are specified in ad vance by checking on the “Select” box of those groups.
DG-WU2005V User Manual 3.4.4.3 File Extension Grouping 3.4.4.3.1 File Extension Group List File Extension Group List can show the list of all file extension groups and their member lists and bound services in this window. You can add one new grouping r ule by clicking on the “Add”...
DG-WU2005V User Manual 3.4.4.4 L7 Application Grouping 3.4.4.4.1 L7 Application Group List L7 Application Group List can show the list of all file extension groups and their member lists and bound services in this window. You can add one new grouping rule by clicking on the “Add”...
DG-WU2005V User Manual Choose one to join the group by clicking on the “Join” button. 5. Group: Check the “Enable” box to activate the group definition. 3.4.5 External Servers This device supports six types of external server objects to be created. They are Email Server objects, Syslog Server objects, RADIUS Server objects, Active Directory Server objects, LDAP Server objects and UAM Server objects.
DG-WU2005V User Manual 1. Add: Click on the button to add one external server object. 2. Delete: Click on the button to delete the external server objects that are specified in advance by checking on the “Select” box of those objects.
DG-WU2005V User Manual parameters, “User Name” and “Password”. For “Syslog Server”, no more parameter is required. For “RADIUS Server”, you can specify primary RADIUS server and secondary RADIUS server for redundancy. For each server, following parameters need to be specified: Shared Key, Authentication Protocol (CHAP or PAP), Session Timeout (1~60 Mins) and Idle Timeout (1~15 Mins).
DG-WU2005V User Manual CHAPTER 4 Troubleshooting This Chapter provides solutions to problems for the installation and operation of the Wireless Access Controller. You can refer to the following if you are having problems. 1 Why can’t I configure the router even when the cable is...
Page 157
DG-WU2005V User Manual Click Device Manager. Double-click on “Network Adapters”. Right-click on Wireless Card bus Adapter or your specific network adapte r. Select Properties to ensure that all drivers are installed properly. Look under Device Status to see if the device is working properly.
Need help?
Do you have a question about the DG-WU2005V and is the answer not in the manual?
Questions and answers