Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Snap One Manuals
  4. Network Router
  5. Araknis AN-220-RT
  6. Quick start manual

Snap One AN-220-RT Quick Start Manual

Single-wan, multi-gig vpn router
Hide thumbs Also See for AN-220-RT:

Advertisement

Quick Links

Download this manual
AN-220-RT
Single-WAN, Multi-Gig VPN RouterQuick Start
Guide
Welcome to Araknis Networks™
Thank you for choosing our new line of Araknis 220 Routers. With Multi-Gigabit WAN and
LAN port, VPN Support, and advanced networking functionality (QoS, VLANs, port
forwarding), these routers are top of the line and meant for some serious networking
applications!
Features
 
Multi-mounting design
l
 
1× 2.5 Gigabit WAN port
l
 
1× 2.5 Gigabit LAN port
l
 
Fanless
l
 
OvrC enabled
l
 
Embedded OvrC Pro Hub
l
Unboxing
 
1

Advertisement

loading
Need help?

Need help?

Do you have a question about the AN-220-RT and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Snap One AN-220-RT

Summary of Contents for Snap One AN-220-RT

  • Page 1 AN-220-RT Single-WAN, Multi-Gig VPN RouterQuick Start Guide Welcome to Araknis Networks™ Thank you for choosing our new line of Araknis 220 Routers. With Multi-Gigabit WAN and LAN port, VPN Support, and advanced networking functionality (QoS, VLANs, port forwarding), these routers are top of the line and meant for some serious networking...

  • Page 2: Installation

    Router Rubber feet (4) Rack-mount kit Documentation QR card Wall mount Structured wiring VersaPlate Power Supply hardware mounting mounting hardware hardware Installation  ...
  • Page 3 Rack mount Wall mount Shelf mount Mount less than 2m (6.6') to thick plywood or a concrete ution: Do not stack wall using wall anchors and other equipment on two M3*L20 screws. top of the router to avoid possible interference or damage. Structured wiring VersaPlate installation installation...
  • Page 4 Connections Caution: Power off all other network devices before connecting the router.  A. Power input — Connect the supplied power cable.  B. LAN port — Connect a client device such as a network switch, computer, etc.  C. WAN port — Connect the internet gateway (modem).  D.
  • Page 5 LED State Description Router is powered on Power   Router is powered off Connection speed is 2.5 Gbps 2.5 Gbps Connection speed is 10/100/1000   Mbps A device is connected to the port Link/Act Packets are running through the   Blinking port  ...
  • Page 6 Araknis routers can be configured through OvrC or the local interface. The local interface is accessible using OvrC’s WebConnect feature, or typing the router’s default IP address, 192.168.1.1, into your browser's address bar. Configuring the router in OvrC OvrC provides remote device management, real-time notifications, and intuitive customer management, right from your computer or mobile device.
  • Page 7 Logging in to the local interface  1. Log into the AP using the default credentials: Username araknis Password araknis  2. You must update the password after initial login. Pro Tip: Strong passwords are long and unrelated to the client’s public details. For example, thepepperonipizzas is stronger and easier to remember than P@ssword or thesmiths.

  • Page 8: System Information

    Status System This page provides an overview of the router’s system information, port status, and WAN configuration. System Information   System Name - The DHCP hostname of the device, which is how the router appears in network scans. Configurable under Settings > System > System Name.  ...

  • Page 9: Wan Status

    Port Overview and Status The Port Overview is color-coded based on its negotiated speed:   Gray — The port is not detecting a connection.   Red — The port is disabled.   Orange — The port detects a 10/100Mbps connection.  ...

  • Page 10: Firewall Status

    The displayed fields are configurable under Settings > WAN.   IP Address — The WAN/Public IP address of the connection.   Subnet Mask — The subnet mask assigned to the WAN.   Default Gateway — The IP address of the WAN gateway.  ...
  • Page 11   SPI (Stateful Packet Inspection) — Inspects incoming and outgoing packets and their connection state. Enabled by default.   DoS (Denial of Service) — Prevents a denial-of-service attack, which attempts to make a network unavailable by flooding the network host with irrelevant traffic. Enabled by default.
  • Page 12 VPN Tunnel Status This table provides the amount and type of VPN tunnels used on the router and how many VPN tunnels can be configured. Note: The 220 series router does not support IPSec. DHCP Clients and Status The router presents tiles for the total number of clients connected to the network and separates them into DHCP clients that the router has assigned an IP address and the total number of static clients that have manually been assigned IP addresses.
  • Page 13 Note: Clients with a prohibitory icon ( ) in their row did not obtain an IP address from the DHCP server. These clients either had an IP address statically assigned to them or had an IP assigned to them before the DHCP server starting up, like if the router had been restarted.

  • Page 14: Port Forwarding Table

    Port Forwarding table This table shows the rules configured under Settings > Port Forwarding. If a port forwarding rule was added by UPnP the entry displays the amount of minutes left in its Lease Time column. Manually configured port forwarding rules display a dash as their lease time.

  • Page 15: System Settings

    The Port Overview is color-coded based on its negotiated speed:   Gray — The port is not detecting a connection.   Red — The port is disabled.   Orange — The port detects a 10/100Mbps connection.   Green — The port detects a 1Gbps connection.  ...

  • Page 16: Time Settings

      System LEDs — Toggle the router’s LEDs on or off.   Password Reset — Enabled by default. Disabling this feature removes the ability to use the Reset button's 10-19 second Password Reset function.   Automatic OUI  Updates — Enabled by default. If disabled, the router relies on the embedded OUI table to display manufacturer names in the Client table.

  • Page 17: Auto Reboot

    Auto-Reboot Enable Auto-Reboot to create a schedule for the router to restart regularly to help ensure the router is always up and functioning for the client. Pro Tip: Set Auto-Reboot to restart the router in the early morning hours when the network is not being used.

  • Page 18: Wan Settings

    WAN Settings   Name — Type to enter a new name for the WAN port, such as the name of the internet service, if you’re using two WAN connections. This field accepts alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 19   PPPoE includes fields for the Username, Password, a Keep Alive toggle, and the Redial Period. This option is typically used with DSL and other peer-to- peer Internet Service Providers (ISPs). The PPPoE password can have a maximum of 63 characters which include This field accepts alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, =, and periods.
  • Page 20 DHCP Options DHCP options are commonly used with VoIP (Voice Over IP), as certain manufacturers require specific DHCP options for the system to work. Common DHCP options are given to assist with the configuration. Click Add DHCP Option to configure a new setting. Consult the service you’re configuring for more information.
  • Page 21 Multi-WAN (520 router only) To use WAN2 you must go to Settings > LAN and click on LAN 2 at the top of the page, then click the Enable WAN Mode toggle. Go back to Settings > WAN to configure the WAN2 settings and enable Multi-WAN.
  • Page 22 The Multi-WAN feature has three modes:   Load Balance — Evenly distributes the bandwidth from two WAN connections to the LAN. When enabled, you can route traffic to specific WAN interfaces using advanced features like Route Binding or ACLs. Note: Load balancing marks the flow of traffic from both WAN ports with a random probability of 50%, instead of marking each flow as WAN1 and WAN2.
  • Page 23 Network Service Detection (NSD) Toggle on to configure the detection system used to determine if the WAN port is down, and what actions the router should take. Note: All configured conditions must be met for NSD to take Action. If Ping Remote IPs and Resolve Domain Names are configured, but only the pings are failing, NSD will not fail over.

  • Page 24: Lan Settings

      Action — Determines what happens when the WAN interface does not detect a connection. Options include:   Log Only — Logs the events in the System Log.   Log and Reboot Interface — Logs the events in the System Log and restarts the interface (port).
  • Page 25 Click on a port to open a new window to configure the port’s Name, Speed, and enable Jumbo Frames. The MTU (Maximum Transmission Unit) can be edited when Jumbo Frames are enabled. The MTU sets the maximum size of each packet (in bytes) that can be transmitted.

  • Page 26: Dhcp Server Settings

    How the MTU is determined across multiple LANs Each VLAN on the router has its own bridge. The MTU of each bridge is determined by the lowest MTU value among its associated interfaces. Example: If VLAN1 is configured as Untagged on LAN1 and LAN2. LAN1 has an MTU of 1500 and LAN2 has an MTU of 9216.
  • Page 27 This opens a new window with configurable settings.   VLAN ID — The VLAN ID is assigned to the DHCP server. This cannot be changed for the default DHCP server.   Name — Enter a name for the DHCP server. This field accepts alphanumeric (a - z and A - Z) characters, spaces, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 28   DHCP Mode — VLAN1 is set to Server, by default, to allow the router to hand out DHCP requests to connected client devices. When creating new VLANS, your options are:   Server — Allows the router to hand out DHCP requests to connected client devices.

  • Page 29: Vlan Settings

    Click Add DHCP Option to configure a new setting. Consult the service you’re configuring for more information. VLAN Settings The VLAN Settings button takes you to the VLAN Settings page under Advanced > VLANs. To create a new VLAN, click the + Add VLAN button, and configure the below settings:  ...
  • Page 30 Select which VLANs to forward data TO, and the VLANs to receive data FROM. Then click Apply. Note: You must enable this feature on each VLAN that you want to communicate with each other.   Device Management — Allows devices connected to this VLAN to access the router at its default gateway IP address.

  • Page 31: Dhcp Reservation Table

    DHCP Reservation Table This shows a list of all DHCP addresses reserved by your system. DHCP (MAC) Reservations can be created in OvrC or the router. Click Add DHCP Reservation to create a new reservation from this page. You must provide the MAC address of the device you wish to reserve.
  • Page 32 Firewall Use this page for more advanced Firewall features, compared to the options on the Status > Clients & Services page.   Enable Firewall — Toggle the Firewall settings on or off. Default is on.   Block ICMP Broadcast — Enabled by default, this feature prevents the router from responding to ICMP (Internet Control Message Protocol) probe packets.
  • Page 33   DoS (Denial of Service) Prevention — Prevents a Denial of Service attack, which attempts to make a network unavailable by flooding the network host with irrelevant traffic. Enabled by default.   Block WAN Request — Prevents the router from responding to ping requests on the WAN port, making your network seem invisible from the outside.

  • Page 34: Misc. Settings

      DNS Rebind Protection — Enabled by default. DNS rebinding manipulates DNS (Domain Name System) responses to change the IP address associated with a domain name, causing a user's browser to unknowingly communicate with a different server than it originally intended to. DNS Rebind Protection can prevent legitimate DNS resolution on networks with an internal domain or running security software that redirects all DNS lookups.
  • Page 35 Note: Bonjour must be enabled in Safari’s Preferences. Then it is accessible in Safari’s Bookmarks feature.   Flow Control — Enables IEEE 802.3x protocols around managing congestion on the network. Only enable this feature if a use case specifically asks for it. Disabled by default.
  • Page 36 Select which DNS Service to use and enter your desired URL into the Host Name field, then click Apply. A unique ID (often two to four digits) is added to the hostname if that specific URL is already being used. If you do not like this assignment, try a different hostname or DNS service.
  • Page 37 Caution: Port forwarding is not a secure method of remote access. Consider using a VPN or OvrC WebConnect instead. Common uses for port forwarding include:   Remote access for surveillance cameras and recorders   Computer games and server applications   Remote storage devices  ...

  • Page 38: Port Triggering

     5. Enter a meaningful Name for the port forwarding rule. This field accepts alphanumeric (a - z and A - Z) characters, spaces, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods. Port Triggering Port Triggering is similar to port forwarding, except the ports only open when there is a specific request to open the port from an application.
  • Page 39 Click Add User to add a secondary user to the router. You cannot set permission levels, but this does allow you to delete the user should they no longer require access to the router. Usernames can contain alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.

  • Page 40: Access Management

    Access Management For security reasons, Enable HTTPS is enabled by default to encrypt all user communication with the router. For convenience Enable Automatic HTTP to HTTPS Redirect is also enabled by default. This feature automatically takes you to the router’s user interface without manually typing the HTTPS port at the end of the address.

  • Page 41: Whitelist & Blacklist

    IP Based Access Management limits access to the router’s interface to the IP addresses listed in the table. Click Add IP Address to enter up to 16 addresses. Note: You cannot use both MAC based and IP based access management at the same time.
  • Page 42 Tools Ping Use a ping test to measure the amount of time it takes to reach an address on the local network or the internet. Enter the a Target Host or IP address, such as www.wikipedia.com or the IP address of a device on the local network, select the Interface to test from, then click Ping.
  • Page 43 Note: A router can only take configuration files from the same model router. Pro Tip: The shorter the file path to the configuration file the better. If the file upload continues to fail, place the file on your desktop and try again. Click Restore Factory Defaults to set the router back to factory settings.
  • Page 45 Click the Advanced button to run MTR (My Traceroute). An MTR runs a traceroute and ping tests, which is helpful when troubleshooting packet loss or high latency. To run an MTR test:  1. Enter a Hostname or IP address. This can be an IP address or a hostname, such as www.wikipedia.com.
  • Page 47 iPerf Use iPerf to create TCP and UDP data streams to measure the throughput of the network. This requires the iPerf utility, available at https://iperf.fr. Read iPerf's user documentation, available on the same site as the utility download, to learn more. Configuration Click Export Current Configuration to save a profile of all the settings currently applied to the router.
  • Page 48 Click Choose File to import a configuration file Firmware Settings The Firmware Settings tile displays information about the current firmware version installed on the router. Use OvrC to keep the router on the latest firmware. Download the latest firmware from the router’s support tab to update the firmware manually.

  • Page 49: Routing Table

    Pro Tip: The shorter the file path to the firmware file the better. If the file upload continues to fail, place the file on your desktop and try again. Advanced Static Route Static routes are used to create routes to other subnets using a fixed routing table. Static routes are commonly used to pass traffic between subnets on different routers.

  • Page 50: Static Routing Table

    Static Routing Table This table displays configured Static Routes. Click Add Static Route and enter the following information to create a static route:   Destination — The subnet you’re configuring a static route for.   Subnet Mask — The subnet mask of the Destination.  ...
  • Page 51 Net Address Translation (NAT) allows you to map local IP addresses to a specific public IP address. 1:1 NAT Use this table to view and configure NAT. Enable 1:1 NAT to allow the LAN IP entries to appear under the WAN IP entries. Click Add 1:1 NAT Rule to map a LAN IP address to a WAN IP address.
  • Page 52 Route Binding (520 routers only) Use Route Binding to force a subnet route through a specific WAN interface. Click Enable Route Binding to Add a new entry or make the previously configured entries active. Click Add/Modify Route Binding to add or modify a Route Binding rule and modify the below information.
  • Page 53 VLANs Virtual Local Area Networks (VLANs) are used to segment traffic on the LAN to increase the reliability and security of the network. To create a new VLAN, click the + Add VLAN button, and configure the below settings:   VLAN ID —...
  • Page 54 Select which VLANs to forward data TO, and the VLANs to receive data FROM. Then click Apply. Note: You must enable this feature on each VLAN that you want to communicate with each other.   Device Management — Allows devices connected to this VLAN to access the router.
  • Page 55 A Virtual Private Network (VPN) connects different networks through a secure tunnel over the Internet. Data sent through the VPN tunnel is encrypted for privacy even when connected to a public or shared network that isn’t secure. VPNs are commonly used to send data between networks in different geographical locations without requiring a dedicated physical connection between networks.
  • Page 56 OpenVPN communicates using encrypted SSL/TLS channels between networks that hide traffic from other devices on the internet. The OpenVPN server runs on the router to control access to the tunnels, and users connect using a client application installed on their computer. To create an OpenVPN tunnel:  1.
  • Page 57  2. Enable Redirect Gateway, if desired. This feature ensures all internet traffic is routed through the VPN tunnel, but it also reduces VPN connection speed. Note: If this feature is enabled after you configured the VPN you must re-export the configuration.  3.
  • Page 58 IPSec IPSec, sometimes known as Gateway-to-Gateway, allows you to configure a VPN tunnel between two routers so that devices on each network can communicate with each other. Note: Because IPSec VPNs connect two sites, you must configure the VPN on both routers.
  • Page 59  1. Click Add a New Tunnel and Enable it.  2. Give your tunnel a Name. This field accepts alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods. Note: The Mode cannot be modified.
  • Page 60 Note: Each router must use a different IP scheme to connect to the tunnel.  6. The Remote Group Setup auto-fills with the information you entered in Step 4. The Subnet Mask field shows the CIDR notation of the Remote Group. Pro Tip: Verify the last digit is zero, to include the entire IP range.
  • Page 61 Note: The Preshared Key must match on both routers. The password must be between 6 –64 characters and accepts alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 62 Advanced Options   Aggressive Mode — Enable for a less secure, but faster VPN authentication.   Compress — Enable to compress the traffic sent over the VPN, before it’s encrypted. Note: Compress cannot be used when IKEv1 with Phase 2 Authentication SHA- 256/SHA-512 is selected.
  • Page 63 If using a PPTP tunnel, set the IP range for the tunnel to use, click Apply, then click the Add New Tunnel button to create a new PPTP tunnel. To configure a PPTP tunnel, you must create the following:   Name —...
  • Page 64 IPv6 The Araknis router can handle IPv6 in one of two ways:   Dual-Stack IP (IPv4 and IPv6) is recommended for most applications. The router recognizes both address styles and parses out whichever address is unnecessary.   IPv6 to IPv4 Tunnel creates a tunnel for transferring IPv6 addresses across an IPv4 by encapsulating the IPv6 packets into IPv4 packets, and the opposite way (IPv4 packets encapsulated in IPv6 packets).
  • Page 65 Dual-Stack IP (IPv4 and IPv6) Settings LAN Settings   IPv6 Address — Enter the LAN IPv6 Address.   Prefix Length — Set the IPv6 equivalent to the IPv4 subnet mask. This is done by specifying the number of bits rather than using IP notation.  ...
  • Page 66 WAN Settings The options change based on the selected WAN IP Mode. DHCP WAN IP Mode   Static DNS — Enable to enter specific DNS servers. You must enter the IPv6 addresses for the DNS servers.   Auto MTU — Leave this enabled for optimal performance. The MTU (Maximum Transmission Unit) specifies the largest packet or frame allowed to be transmitted across the WAN interface.
  • Page 67   Auto MTU — Leave this enabled for optimal performance. The MTU (Maximum Transmission Unit) specifies the largest packet or frame allowed to be transmitted across the WAN interface. PPoE WAN IP Mode Using IPv6 for PPPoE is like IPv4 in that the WAN connection is authenticated using encapsulated Point-to-Point Protocol (PPP) frames.
  • Page 68 IPv6 to IPv4 Tunnel Settings   IPv6 Address — An IPv6 address for the tunnel. This field is automatically generated but can be edited.   IPv6 to IPv4 Relay — An IPv4 address for the relay server running on the router.  ...
  • Page 69 In the Domain Name text box at the top, enter the URL for the device to serve as the local DNS for your network. This field accepts up to 63 characters, including alphanumeric (a - z and A - Z) characters, hyphens ( - ), and underscores ( _ ). Click the Add Local DNS button to add an entry.

  • Page 70: Snmp Settings

    SNMP Network administrators use Simple Network Management Protocol (SNMP) to monitor the performance and settings of network devices. Configure SNMP to communicate with management on the network. Note: SNMP communities should be managed on a network-wide basis and require coordinated settings for managers and agents on the network. Pro Tip: Do not enable both SNMP v1/2 and SNMPv3 because SNMP3 is not backward compatible with v1 and 2.

  • Page 71: Snmpv3 Settings

      System Name — This field is auto-generated but can be edited. This field accepts alphanumeric characters (a - z and A - Z), spaces, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.  ...
  • Page 72 Click Add User to determine who has access and privileges to the SNMP traffic. Click Add User once more, and enter a Username, Authentication Method, Encryption Method, and the Privileges they should have (Read Only or Read/Write). Then click Apply. These fields have the following character limitations:  ...
  • Page 73 For the Trap Receiver IP Address, enter an IPv4 address to send all the Trap Community messages from all SNMP devices on the network. The Trap Receiver User has access to the Trap Community messages.

  • Page 74: Service Management

    ACLs Access Command Lists (ACLs) are commonly used to block undesired port uses, like Remote Desktop (RDP). They can also be used to allow a printer across VLANs while restricting access to the rest of the VLAN or to restrict access to specific websites. Service Management The router comes with a list of common services, including the protocol(s) and port range they typically use.

  • Page 75: Access Control List Settings

    Service Name Protocol Port TELNET SSL 992-992 DHCP 67-67 L2TP 1701-1701 PPTP 1723-1723 IPSec 500-500 Service Names have a maximum of 32 characters and accept alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 76   Enable – Toggle the rule on or off.   Name – Enter a name to identify the rule, with a maximum of 63 characters. This field accepts alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 77 Quality of Service (QoS) is a protocol that optimizes traffic across the network by tagging packets and giving them priority based on policy. This is an advanced feature that rarely needs to be implemented except in large, congested networks that require prioritization of network services.
  • Page 78 Click to Enable QoS and select a Schedule. Options include:   SP – Strict Priority.   WFQ – Weighted Fair Queuing. When selected, you must assign a Weight to each Queue number. The router calculates the Percentage of Bandwidth as you determine an appropriate weight value.
  • Page 79 The Name field has a maximum of 63 characters and accepts alphanumeric characters (a - z and A - Z), spaces, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.
  • Page 80 Bandwidth Control Bandwidth Control allows you to manage WAN interface bandwidth for specific network clients based on their IP addresses, using upstream or downstream traffic limits. Rules can be “stacked” to further segment the use of bandwidth. Caution: Bandwidth control can cause network performance and reliability issues when configured incorrectly.

  • Page 81: Bandwidth Control Settings

    Service Management The Service Management table shows commonly used services, their protocol(s), and port range. These services are selectable when creating Bandwidth Control rules. Click Add Service, at the bottom of the table, to add more services. Service Names have a maximum of 32 characters and accept alphanumeric (a - z and A - Z) characters, hyphens ( - ), underscores ( _ ), !, @, #, $, %, ^, &, *, (,), ?, +, and periods.

  • Page 82: Example Configuration

      Bandwidth (kbit/s) – The number of kilobits per second to allot for the bandwidth rule.   Bandwidth Sharing – Select Sharing total bandwidth for all IP’s to split the specified bandwidth among the clients, or Assign for each IP to allow the full specified bandwidth for each IP address.

  • Page 84: New Features

    Araknis 220 Router Firmware Release Notes Version 1.0.07 Release date: 24-06-21 New Features   Added an integrated iPerf Server   Added MTR to Traceroute   Added Global DDNS Settings   Added the ability to select which interface to use for Ping, Trace Route, and DNS Lookup  ...

  • Page 85: Bug Fixes

      Improved various log-related items, including UPNP, DNS, DHCP, and DDNS   Improved various security features Bug Fixes   Fixed a bug with ACLs containing a space in the name   Fixed a bug with changing VLAN ID impacting DHCP settings  ...
  • Page 86 Wirepath ONE are also registered trademarks or trademarks of Snap One, LLC. Other names and brands may be claimed as the property of their respective owners. Snap One makes no claim that the information contained herein covers all installation scenarios and contingencies, or product use risks. Information within this specification subject to change without notice.