Download Print this page

HP R110 Configuration And Administration Manual

Wireless vpn routers.
Hide thumbs

Advertisement

HP R100-Series Wireless VPN Routers
Configuration and Administration Guide
HP Part Number: 5998-5394
Published: September 2014
Edition: 1

Advertisement

   Summary of Contents for HP R110

  • Page 1

    HP R100-Series Wireless VPN Routers Configuration and Administration Guide HP Part Number: 5998-5394 Published: September 2014 Edition: 1...

  • Page 2

    © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents 1 Deploying the HP R110/R120 ..............7 2 Using the Wizard Setup ................11 Overview..............................1 1 Automatically running the Wizard Setup the first time you log in ............... 1 1 Accessing the Wizard Setup after your first login ..................1 1 Wizard Setup............................

  • Page 4

    DHCP client list............................47 VLAN settings............................47 IGMP settings ............................49 6 Wireless configuration ................51 Viewing wireless interface status ........................51 Basic wireless settings..........................52 Configuring virtual access point interfaces..................... 55 Configuring wireless security ....................... 56 Advanced wireless settings ........................64 WDS settings ............................

  • Page 5

    Scheduling............................128 Support file ............................129 Viewing the EULA ..........................129 15 Support and other resources ..............131 Online documentation ..........................131 Contacting HP ............................131 HP websites ............................131 Conventions ............................132 A Resetting to factory defaults ..............133 Factory reset procedures .........................133 Using the reset button........................133...

  • Page 7: Deploying The Hp R110/r120

    1 Deploying the HP R1 10/R120 In a small office, the HP R1 10/R120 can be directly connected to a broadband modem (DSL or cable) to provide secure wireless networking for all employees. In the following scenario, employees can share data and resources with each other and access the Internet at the same...

  • Page 8

    In the following scenario, HP R1 10/R120 #1 provides wireless network services to the employees in the main office, while HP R1 10/R120 #2 and HP R1 10/R120 #3 use the Wireless Distribution System (WDS) to create a wireless link between the main office network and a small network in a warehouse.

  • Page 9

    In the following scenario, four HP R1 10/R120s provide a virtual private network (VPN) across the Internet between a headquarters and three branch offices. The R1 10/R120 #1 forms secure VPN tunnel connections to R1 10/R120 #2, R1 10/R120 #3, and R1 10/R120 #4 at three branch locations.

  • Page 10

    Deploying the HP R110/R120...

  • Page 11: Using The Wizard Setup

    Automatically running the Wizard Setup the first time you log in The first time you log in to the management interface (see the HP R100-Series Wireless VPN Routers Quickstart for first time login procedure), the HP end user license agreement displays.

  • Page 12: Step 2: Specify Wan Settings

    Select to configure the system time manually or have it automatically configured by an NTP server. You can also enable support for daylight savings time, if required for your location This page includes the following settings: Set system time • NTP: Enables the router to use NTP to synchronize the system clock to global Internet time, or allows the time to be set manually.

  • Page 13

    DHCP IP Address A dynamic connection type is the most common method used with cable modems. In many cases, setting the connection type to dynamic is enough to complete the connection to your ISP. Some dynamic connection types may require a Host Name. Enter the Host Name in the space provided if you were assigned one by your ISP (do not use characters ` "...

  • Page 14

    PPPoE The Point-to-Point Protocol over Ethernet (PPPoE) is a common WAN protocol that provides a secure “tunnel” connection between the service provider and the local network. Enter the PPPoE information in the provided spaces, and then click Next to activate your settings.

  • Page 15: Step 3: Specify Wireless Settings

    L2TP The Layer 2 Tunneling Protocol (L2TP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tunnel” connection between the service provider and the local network. Step 3: Specify wireless settings The R1 10 router supports a dual-band single radio for 2.4 GHz or 5 GHz operation. The R120 router supports two radios, one for 2.4 GHz and one for 5 GHz.

  • Page 16

    Radio Band (Applies to HP R1 10 only) Allows you to select the band of your wireless network. The R1 10 router can operate in the 2.4 GHz band (for 802.1 1b/g/n) or the 5 GHz band (for 802.1 1a/ n).

  • Page 17: Configure Wireless Security

    Configure the primary SSID The R1 10 allows you to create up to four wireless communities, and the R120 allows you to create up to eight wireless communities. Each wireless community defines the settings for a distinct wireless network, with its own network name (SSID), settings for wireless protection, user authentication, VLANs, and more.

  • Page 18

    “enterprise” mode of WPA and WPA2 uses IEEE 802.1X for user authentication and requires a RADIUS authentication server to be configured on the wired network. WPA2 is more secure than WPA (TKIP) or WEP, therefore HP recommends that you select WPA2 for maximum possible security.

  • Page 19

    • Key Type: Hexadecimal (characters 0-9, a-f, and A-F) ASCII (characters 0-9, a-z, and A-Z) • Key 1-4 String: Enter encryption keys Hexadecimal: Enter keys as 10 hexadecimal characters (0-9 and A-F) for 64 bit keys, or 26 hexadecimal characters for 128 bit keys. ASCII: Enter keys as 5 alphanumeric characters for 64 bit keys, or 13 alphanumeric characters for 128 bit keys.

  • Page 20: Step 4: Summary

    RADIUS server. The valid range is 30 to 3600 seconds and the default is 300 seconds. Step 4: Summary After you complete the Wizard Setup, the Summary page displays. Confirm the settings, and then click Finish. The router reboots and the HP R1 10/R120 is operational. This page includes the following information: Indicates if the router is using NTP to synchronize the system clock to global Internet time.

  • Page 21

    Enable Radio Shows if the router’s wireless radio is enabled. The R120 includes a radio setting for 2.4 GHz and 5 GHz. Radio Band The operating band of the R1 10. The R1 10 includes one radio that can operate at 2.4 GHz or 5 GHz.

  • Page 22

    Using the Wizard Setup...

  • Page 23: Managing The Hp R110/r120 System

    Internet Explorer 8 or later, Google Chrome v29, or Mozilla Firefox v24 or later. You can access the HP R1 10/R120 management tool using either http or https. Using https is more secure, but you will see a warning because the security certificate is issued by the router and not a known certificate authority.

  • Page 24: Setting The Hp R1 10/r120 Mode

    Displays the current status of a device attached to the router's USB port. SNMP Displays the status of the Simple Network Management Protocol feature. Setting the HP R1 10/R120 mode The device supports Router and Bridge modes for different applications. •...

  • Page 25: General Administration Settings

    General administration settings The Admin page configures the following settings for the router: System information (General) settings Configures settings that help identify the router, including the system name, location, and the name of a person to contact for administrative purposes. The system name appears on the banner and login screen.

  • Page 26: Configuring Trusted Users

    A maximum of five rules can be defined. System time settings Correct system time is important for proper operation of the HP R1 10/R120, especially when using the logs to troubleshoot. Select System > System time to open the System Time page. This page enables you to configure time server and time zone information.

  • Page 27: Set System Time

    Set system time This section displays the current system time. You can configure the time manually or have it automatically configured by a Network Time Protocol (NTP) server. Manually Select the date, time (in 24-hour notation), and timezone. Using network time protocol (NTP) NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems.

  • Page 28: Daylight Saving

    To configure SNMP, set the following options: • Enable SNMP: Use this checkbox to enable/disable the SNMP agent. By default, the SNMP agent is disabled. When the agent is disabled, the HP R1 10/R120 does not respond to SNMP requests. •...

  • Page 29: Managing System Logs

    get or set SNMP information on the router. By default, the name is set to private. (Do not use characters ` " & ' # \) The router can also be configured to send status messages to an SNMP server if a problem occurs on the network.

  • Page 30: Events

    You can select Refresh to display the most recent data from the router, or Clear to remove all entries from the list. Click Download to save all entries to a file on the management computer. Managing the HP R110/R120 system...

  • Page 31: Proxy Arp Settings

    Proxy ARP settings Proxy ARP (Address Resolution Protocol) is a mechanism that enables a computer in a network connected to a router appear to be logically part of another network connected to the same router. This means that a computer on the router’s LAN network can appear to be logically on the WAN network, accessible using a public IP address.

  • Page 32

    Subnet Mask Of Public Hosts In LAN The local subnet mask for the IP address. Rules Name Applies a schedule rule to the Proxy ARP service. The schedule rules are configured on the Tools > Scheduling page. Managing the HP R110/R120 system...

  • Page 33: Rebooting The Router

    For maintenance purposes or as a troubleshooting measure, you can reboot the HP R1 10/R120 by selecting Reboot. The process may take several minutes during which time the AP is unavailable. The HP R1 10/ R120 resumes normal operation with the same configuration settings it had before the reboot.

  • Page 34

    Displays a summary of traffic statistics for the WAN and LAN ports. Set the poll interval for updating statistics on the page and click Start. You can also click Refresh anytime to immediately update values. Click Reset Counters to set all statistics values back to zero. Managing the HP R110/R120 system...

  • Page 35: Wan Configuration

    4 WAN configuration The WAN pages are used to configure the parameters for your Internet connection. The information necessary to set up a connection can be obtained from your ISP. Check with your ISP first to find out what type of connection you should choose. Viewing the WAN interface status The Status page displays the setting of the WAN interface.

  • Page 36: Settings

    DDNS The status of a dynamic DNS service. MAC Clone Indicates if the WAN port MAC address has been copied from a LAN computer. Settings The WAN settings page configures the method that the router uses to connect to an ISP through the WAN port.

  • Page 37: Pppoe

    This page includes the following information: Connection Type Select Static IP Address as the router’s method of connecting to the ISP. IP Address Enter the IP address assigned to the router’s WAN port by the ISP. Subnet Mask Enter the IP subnet mask assigned to the router’s WAN port by the ISP. Gateway Enter the IP address of the ISP’s gateway.

  • Page 38

    This page includes the following information: Connection Type Select PPPoE as the router’s method of connecting to the ISP. Username Enter your ISP-assigned user name. (Do not use characters ` " & ' # \) Password Enter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \) Confirm Password Enter the password again to confirm it.

  • Page 39: Pptp

    Sets the size of the Maximum Transmission Unit (MTU) for the largest packet that the network protocol can transmit. Manual Connection: You can click Connect and Disconnect to connect or disconnect the PPPoE connection immediately. Multiple-PPPoE Allows you to configure a second PPPoE session to run over the same connection. The second session connects to another PPPoE server and the configuration allows routing rules to be defined so that different traffic can be routed through either PPPoE channel.

  • Page 40: L2tp

    Server IP Enter the PPTP server IPv4 address as assigned by your ISP. Username Enter your ISP-assigned user name. (Do not use characters ` " & ' # \) Password Enter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \) Confirm Password Enter the password again to confirm it.

  • Page 41: Ddns

    Password Enter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \) Confirm Password Enter the password again to confirm it. Idle Time Select the number of minutes to elapse without activity before the L2TP connection is disconnected.

  • Page 42: Mac Clone

    The DDNS related parameters are described as follows: Enable DDNS Select to use a Dynamic DNS service. DDNS Server This is the name of your Dynamic DNS service provider. Domain Name The name of your host domain. Username Enter the user name assigned by your DDNS service. (Do not use characters ` " & ' # \) Password Enter your password.

  • Page 43: Lan Configuration

    5 LAN configuration The HP R1 10/R120 router is equipped with a DHCP server that automatically assigns IP addresses to each computer on your network. The factory default settings for the DHCP server work with most applications. If you need to make changes to the settings, the LAN setting pages allow you to: •...

  • Page 44: Lan Settings

    This page includes the following information: Displays current settings for the default VLAN. • MAC address: The Ethernet base MAC address of the router. • IP address: The IPv4 address of the router. • Subnet mask: The subnet mask for the IP address. •...

  • Page 45

    This page includes the following settings: IP Address The IPv4 address of the router for the default VLAN. Subnet Mask There should be no need to change the subnet mask; however, it is possible to change the subnet mask if necessary. Only make changes to the subnet mask if you have a specific reason to do so.

  • Page 46: Dhcp Relay

    DHCP relay Dynamic Host Configuration Protocol (DHCP) can dynamically allocate IP addresses and other configuration information to network clients that broadcast a request. To receive broadcast requests, a DHCP server would normally have to be in the same broadcast domain (VLAN) as the clients.

  • Page 47: Dhcp Client List

    DHCP client list The DHCP Clients List displays the IP address, host name, MAC address, and client type of each client that has requested an IP address since the last reboot of the router. Only clients that have requested an IP address since the router’s last reboot and fixed associations are displayed in this list.

  • Page 48

    On the Add VLAN page, you can set the parameters to configure the behavior of VLANs. This page includes the following settings: Name A text description of the VLAN. (Do not use characters ` " & ' # \) IP Address The IP address of the VLAN interface.

  • Page 49: Igmp Settings

    Enable IGMP Snooping Enables the feature that blocks unnecessary IP multicast traffic from flooding VLAN ports without a specific multicast membership. This feature is based on snooping IGMP join/leave messages from VLAN ports to update the bridging forwarding database. IGMP Snooping is extremely useful in saving bandwidth of low-speed interfaces to improve the network utilization.

  • Page 50

    LAN configuration...

  • Page 51: Wireless Configuration

    6 Wireless configuration The wireless settings section displays configuration settings for the access point functionality of the router. The sections include configuration options for radio signal characteristics, wireless security features, Wireless Distribution System (WDS), Wi-Fi Protected Setup (WPS), Wi-Fi Multimedia (WMM), and MAC authentication. The R1 10 router supports a dual-band single radio for 2.4 GHz and 5 GHz operation.

  • Page 52: Basic Wireless Settings

    This page includes the following information: Wireless Displays the basic radio settings and the status of other features. • Radio: Displays the status of the router’s radio. • Operating Frequency: (Applies to the R1 10 only) Shows if the radio is operating at 2.4 GHz or 5 GHz.

  • Page 53

    This page includes the following settings: Enable Radio Enables the wireless section of your LAN. When disabled, no wireless clients can have access to either the Internet or other clients on your wired or wireless LAN. Radio Band (Applies to the R1 10 only) Allows you to select the band of your wireless network. The R1 10 can operate in the 2.4 GHz band (for 802.1 1b/g/n) or the 5 GHz band (for 802.1 1a/n).

  • Page 54

    • 1 1b/g/n Mixed: (Compatibility mode.) Up to 1 1 Mbps for 802.1 1b, 54 Mbps for 802.1 1g, and 450 Mbps for 802.1 1n. If support for 802.1 1b/g is not required, it is recommended that you choose the 802.1 1n-only mode. •...

  • Page 55: Configuring Virtual Access Point Interfaces

    Configuring virtual access point interfaces The router supports up to four virtual access point (VAP) interfaces per radio; a total of four for the R1 10 and eight for the R120. One VAP is the primary (with default SSID “HP1” for R1 10), and the others can be enabled if required.

  • Page 56: Configuring Wireless Security

    Configuring wireless security The router’s wireless interface is configured by default as an open system, which broadcasts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon and automatically connect to the wireless network. To implement wireless security, you need to employ authentication, which verifies users connecting to the network, and traffic encryption, to protect transmitted data from interception and eavesdropping.

  • Page 57: Wep Security

    • WPA2: The Enterprise mode of WPA2 using AES encryption. If all clients in the network are WPA2 compatible, select this option for maximum security. This mode requires the use of a RADIUS server. See “WPA2” on page • WPA2-PSK: The Personal (pre-shared key) mode of WPA2 using AES encryption. The pre-shared key mode uses a common password phrase for user authentication that is manually entered on the router and all wireless clients.

  • Page 58

    WEP security includes the following settings: Authentication Mode Leave as OPEN to configure WEP security. The static WEP security does not support user authentication. Encryption Type Select WEP to display the security options and to configure the keys. 802.1X Enables dynamic WEP security on the router. IEEE 802.1X enables you to authenticate wireless clients via user accounts stored on a third-party RADIUS server.

  • Page 59

    “enterprise” mode of WPA and WPA2 uses IEEE 802.1X for user authentication and requires a RADIUS authentication server to be configured on the wired network. WPA2 is more secure than WPA (TKIP) or WEP, therefore HP recommends to select WPA2 for maximum possible security.

  • Page 60

    Enter the key according to the type selected; in ASCII passphrase style (8-63 alphanumeric characters), or in exactly 64 Hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.

  • Page 61

    WPA/WPA2 enterprise If you have a mix of wireless clients, some of which support WPA2 (AES) and others which support only the original WPA (TKIP), select the WPA/WPA2 Enterprise security mode. This setting enables both WPA and WPA2 wireless clients to associate to the router, but uses the more robust WPA2 for clients that support it.

  • Page 62: Configuring Radius Settings

    Enter the key according to the type selected; in ASCII passphrase style (8-63 alphanumeric characters), or in exactly 64 Hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.

  • Page 63

    The RADIUS server configuration includes the following settings: Primary RADIUS Server Enter the IPv4 address for the primary RADIUS server that the router uses by default, for example 192.168.1.23. RADIUS Key The RADIUS key is the shared secret key for the RADIUS server. You can use up to 64 alphanumeric and special characters (do not use characters ` "...

  • Page 64: Advanced Wireless Settings

    Advanced wireless settings The Advanced wireless settings page includes additional parameters concerning the wireless network. This page includes the following settings: Beacon Interval The Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the router to synchronize the wireless network. DTIM Interval The DTIM Interval indicates the interval of the Delivery Traffic Indication Message (DTIM).

  • Page 65

    The 802.1 1n standard specifies two guard intervals: 400ns (short) and 800ns (long). Support of the 400ns interval is optional for transmit and receive. The guard interval is the dead time, in nanoseconds, between symbols (or characters) transmitted by the AP. The guard interval helps distinguish where one symbol transmission stops and another starts, thereby reducing inter- symbol interference.

  • Page 66: Wds Settings

    WDS settings The router supports WDS (wireless Distribution System). WDS enables one or more access points to rebroadcast received signals to extend the range and reach of the wireless network, although this can affect the overall throughput of data. Note that WDS implementations can vary from product to product. Hence, there is no guarantee that different products will interoperate.

  • Page 67: Wps Settings

    WPS settings Wi-Fi Protected Setup (WPS) is designed to be a convenient method to securely add new clients to a wireless network. WPS has two basic modes of operation, Push-button Configuration (PBC) and Personal Identification Number (PIN). The WPS PIN setup is optional to the PBC setup and provides more security.

  • Page 68: Wmm Settings

    Enter the 8-digit PIN number and click Start to activate the PIN method. If the WPS function is working correctly, you should see the WPS LED light up. • PBC: Uses the push-button method. Make sure the WPS function has been enabled on the device.

  • Page 69

    Enable Power Saving The WMM-Power Save feature enables mobile client devices to save a significant amount of battery life by going into a sleep mode between sending and receiving data. WMM Parameters The WMM table includes these parameters: • AC_BK: Access Category - Background. Lowest priority. Data with no delay or throughput requirement, such as bulk data transfers.

  • Page 70: Mac Authentication Settings

    MAC authentication settings For a more secure wireless network, you can specify that only certain wireless computers can connect to the router. Up to 20 MAC addresses can be added to the MAC Filtering Table. When enabled, all registered MAC addresses are controlled by the access rule. MAC Authentication is a powerful security feature that allows you to specify which wireless computers are allowed on the network.

  • Page 71: Viewing The Client List

    Viewing the client list The Client List page allows you to view all the wireless clients currently associated with the router. Select the SSID interface from the SSID list to display associated clients. The table of associated clients lists the MAC address, Receive Signal Strength Indicator (RSSI) value, wireless mode, and traffic statistics.

  • Page 72

    Wireless configuration...

  • Page 73: Vpn Configuration

    7 VPN configuration The router includes a Virtual Private Network feature to provide a secure link between remote users and the corporate network by establishing an authenticated and encrypted tunnel for passing secure data over the Internet. The router supports IPSec, L2TP over IPSec client and server, and PPTP client and server for security protection.

  • Page 74: Vpn Settings

    VPN settings The VPN Settings page allows you to add and edit IPSec, L2TP over IPSec, and PPTP connections for the router. When creating VPN connections, remember that both ends of the connection must be configured in the same way. When you click Add on this page, the VPN connection page opens where the connection details can be configured.

  • Page 75

    This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select IPSec as the tunnel type. • Tunnel Name: Enter a descriptive text name for the tunnel. (Do not use characters ` " & ' # \) • Remote VPN Gateway: Enter the IP address or host name of the remote VPN server, or select ANY if there is no specific server.

  • Page 76

    If ID_FQDN or ID_USER_FQDN (fully qualified domain name) is selected, enter the name for the Remote Party ID in the text box next to the list. For example, an FQDN name could be “mycompany.com”, and a user FQDN could be a mail address, such as “my_name@mycompany.com.”...

  • Page 77: L2tp Over Ipsec Settings

    L2TP over IPSec settings The Layer 2 Tunneling Protocol is a common connection method used for VPN connections. You can specify the detailed L2TP tunnel settings on the VPN connections page by clicking Add. You can specify the Keep Alive time, which defines the time period without traffic after which the PPP session is terminated.

  • Page 78: Pptp Settings

    • Enable Auto Reconnect: For L2TP client connections, you can automatically reconnect when there is activity after a disconnection. • Remote Server: Enter the remote server IP address. IPSec Setting • Pre-shared Key: When set to client mode, enter the key for the client connection. (Do not use characters ` "...

  • Page 79: Vpn Passthrough Settings

    This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select PPTP as the tunnel type. • Tunnel Name: Enter a descriptive text name for the tunnel. (Do not use characters ` " & ' # \) • Username: Enter the user name for PPTP tunnel.

  • Page 80

    VPN configuration...

  • Page 81: Routing Configuration

    8 Routing configuration Routing configuration allows a static and dynamic methods to set up routing between networks. The network administrator configures static routes by entering routes directly into the routing table. Static routing has the advantage of being predictable and easy to configure. Alternatively, you can enable dynamic routing using RIP for IPv4 or RIPng for IPv6.

  • Page 82: Viewing The Ipv4 Routing Table

    This page includes the following information: Status • RIP: The current status of RIP on the router. • RIPng: The current status of RIPng on the router. IPv4 routing table Displays the IPv4 routes statically configured or dynamically learned by the router. For a detailed description, see “Viewing the IPv4 routing table”...

  • Page 83: Ipv4 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv4 Dynamic route settings The router supports the Routing Information Protocol (RIP).

  • Page 84: Ipv4 Static Route Settings

    • Enable: RIP is enabled for the interface. The router will transmit and receive RIP update information to and from other RIP-enabled devices. • Silent: RIP is enabled, however the router only receives RIP update messages, it will not transmit any of its own. Version Use this field to select RIPv1 or RIPv2.

  • Page 85: Viewing The Ipv6 Routing Table

    Destination Enter the IP address of the destination host or network to which the route leads. Subnet Mask Enter the IPv4 subnet mask for the destination host or network. For example, for Class C IP domains, the subnet mask is 255.255.255.0. Gateway Enter the IP address of the gateway through which the destination host or network can be reached.

  • Page 86: Ipv6 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv6 Dynamic route settings The router supports RIP next generation (RIPng) over IPv6.

  • Page 87

    Prefix Length Enter the IPv6 prefix length for the destination host or network. Gateway Enter the IP address of the gateway through which the destination host or network can be reached. If this router is used to connect your network to the Internet, your gateway IP is the router's IP address.

  • Page 88

    Routing configuration...

  • Page 89: Firewall Configuration

    Denial of Service (DoS) attacks. You can turn the firewall function off, if needed. Turning off the firewall protection will not leave your network completely vulnerable to hacker attacks, but HP recommends that you leave the firewall enabled whenever possible.

  • Page 90: Security Settings

    Security settings The Security page allows you to configure global security parameters for the router. This page includes the following settings: Enable PING from WAN Computer hackers use what is known as “Pinging” to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there.

  • Page 91

    DoS attack from multiple source machines that flood a target server with disruptive traffic until it fails. Turning off the DDoS Attack Filter does not leave your network completely vulnerable to hacker attacks. HP recommends that you enable the DoS detecting function whenever possible.

  • Page 92: Client Filtering

    Client filtering The router can be configured to restrict access to the Internet, email, or other network services on specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 93: Mac Filtering

    MAC filtering You can deny traffic from certain known machines or devices. Use its MAC address to identify a computer or device on the network and deny access. Traffic from a specified MAC address is filtered depending upon the policy. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 94: Url Filtering

    URL filtering The URL Filter feature blocks access to websites based on matching a specified URL address or specific keywords (HTTPS is not supported). For each filter rule, enter the URL address or a keyword, and then select a time schedule rule to apply, if needed. Also, specified computers on the local LAN can be excluded from the URL filtering by adding them to the Exclusion List.

  • Page 95: Content Filtering

    URL Filtering Deny List The list of URL text and keywords that match blocked websites for computers on the LAN. Exclusion List The list of computers on the local LAN that are excluded from the URL filtering. Content filtering Based on keywords contained on web pages, you can use this screen to restrict access to certain websites that you do not want users in your network to open.

  • Page 96

    This page includes the following settings: Enable Enables the SPI features on the router. Connection Policy • Fragmentation half-open wait: Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the un-assembled packet, freeing that structure for use by another packet.

  • Page 97

    DoS Detect Criteria • Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished sessions that cause the software to start deleting half-open sessions. • Total incomplete TCP/UDP sessions LOW: Defines the rate of new unestablished sessions that cause the software to stop deleting half-open sessions. •...

  • Page 98

    Firewall configuration...

  • Page 99: Nat Configuration

    10 NAT configuration Network Address Translation (NAT) is a commonly used IP translation and mapping technology. It is a technology that allows your network to share Internet access. Using a device or software that implements NAT allows an entire home network to share a single Internet connection using a single IP address.

  • Page 100: Nat Settings

    Then click Add and Save. You can only pass one port per private IP address. Opening ports in your firewall can pose a security risk. HP recommends that you disable the settings when you are not using a specific application. A maximum of 20 rules can be defined.

  • Page 101

    Use Client List Selects a computer name or IP address from the list of clients already discovered by the router. Popular Services Select one of the services to automatically configure the correct protocol and port numbers. The ports for well known services are listed below: •...

  • Page 102: Dmz Settings

    DMZ settings If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. This may be necessary if the NAT feature is causing problems with an application, such as a game or video conferencing application.

  • Page 103: Alg Settings

    Caution Opening ports in your firewall can pose a security risk. You can enable and disable settings easily. HP recommends that you disable the settings when you are not using a specific application. ALG settings...

  • Page 104

    Port Trigger lets you specify ports to be opened for specific applications to work properly with the Network Address Translation (NAT) feature of the router. A maximum of 10 rules can be defined. A list of popular applications has been included to choose from. Select your application from the Popular Applications list, and then click Add.

  • Page 105: Ipv6 Configuration

    1 1 IPv6 configuration If the attached network uses the IPv6 protocol, you can enable IPv6 support on the router. IPv6 functionality is disabled by default. IPv6 includes two distinct address types, link-local unicast and global unicast. A link-local address makes the router accessible over IPv6 for all devices attached to the local LAN. Traffic using this kind of address cannot be passed by any router outside of the LAN.

  • Page 106: Ipv6 Settings

    DHCP-PD The status of the DHCPv6 Prefix Delegation feature. IPv6 settings The router supports static, stateless address autoconfiguration (SLAAC), DHCPv6, and PPPoE modes for IPv6 settings for the WAN port. Select the method to use as instructed by your ISP, and then enter the required information and click Save.

  • Page 107

    fields. Therefore, the same IPv6 address could be written instead as 2001:adca::123a:4567. • Subnet Prefix Length: The length of the IPv6 address prefix. For unicast addresses, the prefix is typically the first 64 bits, with the following 64 bits being the host identifier. •...

  • Page 108: Slaac

    SLAAC Stateless Address Auto Configuration (SLAAC) enables IPv6 hosts to automatically configure themselves when connected to an IPv6 network using the Neighbor Discovery Protocol through the Internet Control Message Protocol version 6 (ICMPv6) route discovery message. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters;...

  • Page 109: Dhcpv6

    • Auto Configuration: Select Stateless (RADVD) or Stateful (DHCPv6). • Disable: Disables the automatic assignment of IPv6 addresses to local hosts. • Stateless (RADVD): Enables the automatic assignment of IPv6 addresses by hosts on the local network. The network portion of the address is based on prefixes received in IPv6 router advertisement messages, and the host portion is automatically generated using the modified EUI-64 form of the client identifier (that is, the client MAC address).

  • Page 110: Pppoe

    VLAN (Default) Settings Sets the IPv6 settings for the local VLAN. • Enable DHCP-PD: Enables the Prefix Delegation feature that automatically uses an IPv6 prefix for the local LAN defined by the ISP. When disabled, the IPv6 address and prefix length need to be manually defined.

  • Page 111: Dhcpv6 Client List

    • Username: Enter the name assigned by the ISP. (Do not use characters ` " & ' # \) • Password: Enter the password provided by the ISP. (Do not use characters ` " & ' # \) • Confirm Password: Enter the password again for confirmation. DNS Settings Configures IPv6 DNS settings: •...

  • Page 112: Mld Settings

    MLD settings Multicast Listener Discovery (MLD) proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces. IPv6 configuration...

  • Page 113: Qos Configuration

    12 QoS configuration The bandwidth gap between the LAN and WAN may significantly degrade performance of critical network applications, such as VoIP, gaming, and VPN. The router’s Quality of Service (QoS) function allows users to classify application traffic and provide them with differentiated services (DiffServ).

  • Page 114: Traffic Shaping

    Traffic shaping The Traffic Shaping page enables the bandwidth of the WAN port output queues to be configured. For higher priority traffic, such as voice and video, the bandwidth allocation of queues 3 and 4 can be increased, and those for queues 1 and 2 decreased. This page includes the following settings: General Enables the traffic shaping settings on the router.

  • Page 115: Traffic Mapping

    Traffic mapping Up to 16 rules can be defined to classify traffic into DiffServ forwarding groups and outgoing connections. These rules can be mapped to the WAN port forwarding queues, for which the bandwidth can be configured on the Traffic Shaping page. This page includes the following settings: Rule Name A name to identify the traffic mapping rule.

  • Page 116

    Map to Forwarding Queue Maps the traffic to one of the WAN port forwarding queues. Queue 1 is the lowest priority queue and queue 4 the highest priority. Remark 802.1p priority as Before the identified traffic is sent to the forwarding queue, the 802.1p priority tag can be set to the specified value.

  • Page 117: Usb Configuration

    13 USB configuration The router provides a USB 2.0-compliant port for network-connected users to share files through FTP or File Sharing. The files can be on an attached storage device that supports any number of partitions in VFAT, NTFS, EXT2, EXT3, or EXT4 format. User Account A File Sharing user can use Windows Network Neighborhood to access files on a USB drive.

  • Page 118: File Sharing Settings

    Authority Sets the file sharing access rights for an FTP user; either Read and Write or Read. An FTP user with Read access can only download shared files. An FTP user with Read and Write access can download and upload files to the USB storage, however they cannot delete or modify any existing shared folders or files (existing files can be overwritten).

  • Page 119: Ftp Settings

    with Read and Write access can download and upload files to the shared folder, however they cannot delete or modify any existing shared folders (existing files can be overwritten). Note that a shared folder allows only four File Sharing client connections at one time. FTP settings The router can be presented as an FTP server to provide a file transfer service (depending on a user’s access rights to the shared folders).

  • Page 120: Safe Removal

    Safe removal To ensure USB data correctness, this router supports a USB safe removal function. Click Remove before unplugging a USB drive. USB configuration...

  • Page 121: Tools

    Updating software The Software page displays the current software versions installed on the router. You can upgrade the software installed on the router to a new version downloaded from the HP support website. The router supports a dual-image function, which means that if the router fails to boot the active image, it automatically boots from the backup image.

  • Page 122: Saving Configuration Settings

    HP recommends that you backup your current configuration before performing a firmware update. Restore all settings to factory default Using this option restores all of the router's settings to factory default values. HP recommends that you backup your settings before you restore all of the defaults. Tools...

  • Page 123

    Backup settings Select to backup the router’s settings. Select HTTP or TFTP as the transfer method (TFTP requires the server IPv4 address), and then click Save. Restore settings Select to restore the router’s settings and choose HTTP or TFTP as the transfer method. For HTTP, browse button to the location of the saved configuration file on the management computer.

  • Page 124: Ping

    Ping Ping is a network tool that sends ICMP ECHO_REQUEST datagrams to a remote host and elicits an ICMP ECHO_RESPONSE datagrams from the remote host. Enter the IPv4 or IPv6 address, or enter the domain name of the host, select the number of pings to send, and then click Start. This page includes the following settings: IP Address/Domain Name You can specify an IPv4 address, an IPv6 address, or a hostname.

  • Page 125: Nslookup

    Nslookup Nslookup is a DNS client that sends DNS requests to a DNS server to find the corresponding IP address of a target host name, or the host name of a target IP address. Traceroute Traceroute is a network tool that sends packets to a destination and produces a list of hosts that the packets have traversed to the destination.

  • Page 126: Email Alert

    Email alert The Email alert feature allows the router to automatically send email messages when an event at or above a configured severity level occurs. This page includes the following settings: From E-mail Address Sets the email address that is used in the "From" field of alert messages. You can use a symbolic email address that identifies the router, or the address of an administrator responsible for the router.

  • Page 127

    For example, setting the Warning level will report all events from Warning to Emergency. Caution Setting the Alert Level too low can result in a very high number of emails being sent to the recipient. HP recommends to only set the highest two or three levels. Email alert...

  • Page 128: Scheduling

    Scheduling The Scheduling feature enables the scheduling of access control and LAN server rules. Each access control or LAN server rule can be selectively activated at a predefined scheduled time. The user must first define a schedule rule on the Scheduling page, and then associate the schedule rule with a control rule on the Firewall and Wireless pages.

  • Page 129: Support File

    "showtech.rtf". This is a text readable file that includes the model, software version, wireless and other basic settings, as well as the ARP table, memory usage information, and the current system log. Viewing the EULA This page displays the HP End User License Agreement content. Support file...

  • Page 130

    Tools...

  • Page 131: Support And Other Resources

    15 Support and other resources Online documentation You can download documentation from the HP Support Center website at: www.hp.com/support/manuals. Search by product number or name. Contacting HP For worldwide technical support information, see the HP Networking Support website: www.hp.com/networking/support Before contacting HP, collect the following information: •...

  • Page 132: Conventions

    Conventions The following conventions are used in this guide. Management tool This guide uses specific syntax when directing you to interact with the web management user interface. Refer to the following image for identification of key user-interface elements and then the table below for example directions: Main Sub-menu...

  • Page 133: A Resetting To Factory Defaults

    A Resetting to factory defaults Factory reset procedures To force the router into its factory default state, follow the procedures in this section. Caution Resetting the router to factory defaults deletes all configuration settings, resets the manager user name and password to admin, and sets the IPv4 address to 192.168.1.1. Using the reset button Using a tool such as a paper clip, press and hold the reset button for more than three seconds, then release.

  • Page 135: B Factory Default Settings

    B Factory default settings Feature Parameter Default Mode System Mode Router Admin General Settings System Name HP-R1 10 / HP-R120 System Location Null System Contact Null Administrator Login Username admin Password admin Country Code Country Code AM Models: US WW Models: Null...

  • Page 136

    Remote Port Remote Log Level DEBUG Proxy ARP Enable Proxy ARP Disabled WAN settings Connection Type DHCP Host Name HP-R1 10 / HP-R120 Static IP Address 0.0.0.0 Static Subnet Mask 0.0.0.0 Static Gateway 0.0.0.0 Primary DNS Address 0.0.0.0 Secondary DNS Address 0.0.0.0...

  • Page 137

    Feature Parameter Default DDNS Enable DDNS Disabled DDNS Server DynDNS.org Domain Name Null Username Null Password Null MAC Clone MAC Address Use router MAC LAN Settings IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Enable DHCP Server Enabled IP Pool Starting Address 192.168.1.2 IP Pool Ending Address 192.168.1.254...

  • Page 138

    Feature Parameter Default R1 10 Wireless, Basic Enabled Radio Enabled Radio Band 2.4GHz Radio Mode 1 1b/g/n Mixed Channel Auto Bandwidth 20 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled, HP1 VAP 2 SSID Disabled, HP2 VAP 3 SSID Disabled, HP3 VAP 4 SSID Disabled, HP4...

  • Page 139

    Feature Parameter Default R120 Wireless 5GHz, Enabled Radio Enabled Basic Radio Mode 1 1ac/n/a Channel Auto Bandwidth 20/40/80 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled, HP1_5G VAP 2 SSID Disabled, HP2_5G VAP 3 SSID Disabled, HP3_5G VAP 4 SSID Disabled, HP4_5G Station Isolation Disabled...

  • Page 140

    Feature Parameter Default MAC Authentication Filter Block all stations in list SSID MAC Address None configured Enable IPSec Disabled Enable L2TP over IPSec Disabled Enable PPTP Disabled PPTP Passthrough Enabled L2TP Passthrough Enabled L2TP/IPSec Passthrough Enabled Dynamic Route Disabled RIP Auto Summary Disabled Static Route Disabled...

  • Page 141

    Feature Parameter Default IPv6 IPv6 Connection Disabled MLD Proxy Disabled DHCP-PD Enabled Enabled Traffic Mapping Disabled User Account Disabled File Sharing Disabled Disabled Tools Email Alert Disabled Scheduling Rules None configured...

This manual also for:

R120

Comments to this Manuals

Symbols: 0
Latest comments: