Product Manual
Page 1
Building Networks for People Unified Services Router User Manual DSR-250 / 250N / 500 / 500N / 1000 / 1000N Ver. 1.04 Small Business Gateway Solution http://security.dlink.com
Building Networks for People Unified Services Router User Manual DSR-250 / 250N / 500 / 500N / 1000 / 1000N Ver. 1.04 Small Business Gateway Solution http://security.dlink.com
Product Manual
Page 4
... 51 Chapter 4. Wireless Access Point Setup 53 4.1 4.1.1 4.1.2 4.1.3 Wireless Settings Wizard 53 Wireless Network Setup Wizard 54 Add Wireless Device with WPS 54 Manual Wireless Network Setup 55 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles ...55 WEP Security ...56 WPA or WPA2 with Multiple WAN Links 41 Auto Failover...41 Load Balancing...42 Protocol Bindings ...43 3.5 3.5.1 3.5.2 3.5.3 Routing Configuration 44...
... 51 Chapter 4. Wireless Access Point Setup 53 4.1 4.1.1 4.1.2 4.1.3 Wireless Settings Wizard 53 Wireless Network Setup Wizard 54 Add Wireless Device with WPS 54 Manual Wireless Network Setup 55 4.2 4.2.1 4.2.2 4.2.3 Wireless Profiles ...55 WEP Security ...56 WPA or WPA2 with Multiple WAN Links 41 Auto Failover...41 Load Balancing...42 Protocol Bindings ...43 3.5 3.5.1 3.5.2 3.5.3 Routing Configuration 44...
Product Manual
Page 5
SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 ...Wi-Fi Protected Setup (WPS 63 Chapter 5. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122 3 Securing the Private Network 65 5.1 Firewall Rules ...65 5.2 Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom...
SSL VPN ...101 7.1 Groups and Users 103 7.1.1 Users and Passwords 109 7.2 Using SSL VPN Policies 110 7.2.1 Using Network Resources 113 7.3 Application Port Forwarding 114 7.4 SSL VPN Client Configuration 116 7.5 User Portal ...118 7.5.1 Creating Portal Layouts 119 ...Wi-Fi Protected Setup (WPS 63 Chapter 5. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122 3 Securing the Private Network 65 5.1 Firewall Rules ...65 5.2 Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom...
Product Manual
Page 8
... Bindings have been defined 43 Figure 23: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network ...44 Figure 24: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) ...46... Figure 27: Physical WAN port settings ...52 Figure 28: Wireless Network Setup Wizards 54 Figure 29: List of Available Profiles shows the options available to secure the wireless link .........56 Figure 30: Profile configuration to set network security 57 Figure 31: RADIUS server (External Authentication) configuration 59 ...
... Bindings have been defined 43 Figure 23: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network ...44 Figure 24: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) ...46... Figure 27: Physical WAN port settings ...52 Figure 28: Wireless Network Setup Wizards 54 Figure 29: List of Available Profiles shows the options available to secure the wireless link .........56 Figure 30: Profile configuration to set network security 57 Figure 31: RADIUS server (External Authentication) configuration 59 ...
Product Manual
Page 9
...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...from internet attacks 87 Figure 53: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected to the Internet...88 Figure 54: Example of three IPsec client connections to the internal network through the DSR IPsec gateway ...89 Figure 55: VPN Wizard launch screen ...90 Figure 56: IPsec policy...
...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...from internet attacks 87 Figure 53: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected to the Internet...88 Figure 54: Example of three IPsec client connections to the internal network through the DSR IPsec gateway ...89 Figure 55: VPN Wizard launch screen ...90 Figure 56: IPsec policy...
Product Manual
Page 12
...Link Unified Services Routers offer a secure, high performance networking solution to address the growing needs of simultaneously managing 5, 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering your mobile users by providing remote access to traditional wired networks, but with minimal ―dead spots‖ throughout the wireless coverage area. DSR-250N and DSR...-500N supports the 2.4GHz radio band only. Flexible Deployment Options The DSR-1000 / 1000N supports Third Generation (3G) Networks via features such as...
...Link Unified Services Routers offer a secure, high performance networking solution to address the growing needs of simultaneously managing 5, 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering your mobile users by providing remote access to traditional wired networks, but with minimal ―dead spots‖ throughout the wireless coverage area. DSR-250N and DSR...-500N supports the 2.4GHz radio band only. Flexible Deployment Options The DSR-1000 / 1000N supports Third Generation (3G) Networks via features such as...
Product Manual
Page 15
... the LAN. When this is particularly useful for management connected to the LAN to avoid duplicate addresses on the WLAN or LAN network. Configuring Your Network: LAN Setup It is assumed that is assigned to the router. Access the router's graphical user interface (GUI) for management ...resolve hostnames. Instead of the ISP. With the DHCP server enabled the router's IP address serves as it is the network's DHCP server; A WINS server is complete, the DSR may also be assigned IP addresses as well as addresses for the management GUI: Username: admin ...
... the LAN. When this is particularly useful for management connected to the LAN to avoid duplicate addresses on the WLAN or LAN network. Configuring Your Network: LAN Setup It is assumed that is assigned to the router. Access the router's graphical user interface (GUI) for management ...resolve hostnames. Instead of the ISP. With the DHCP server enabled the router's IP address serves as it is the network's DHCP server; A WINS server is complete, the DSR may also be assigned IP addresses as well as addresses for the management GUI: Username: admin ...
Product Manual
Page 16
...) has obtained IP address from a DHCP server on the LAN enter their IP addresses here. WINS Server (optional): Enter the IP address for your network, the Windows NetBios server. 14 With this option the router assigns an IP address within the specified range plus additional specified information to the server...
...) has obtained IP address from a DHCP server on the LAN enter their IP addresses here. WINS Server (optional): Enter the IP address for your network, the Windows NetBios server. 14 With this option the router assigns an IP address within the specified range plus additional specified information to the server...
Product Manual
Page 18
...from configured address pools with the IPv6 Prefix Length assigned to the LAN. IPv4 / IPv6 mode must be enabled in the network have common initial bits for their IPv6 address; LAN Settings The default IPv6 LAN address for the router is the prefix length. You can...configuration options. Unified Services Router User Manual 2.1.1 LAN Configuration in the network's addresses is set by default (similar to IPv4 mode). The IPv6 network (subnet) is identified by the initial bits of common initial bits in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config In IPv6 mode...
...from configured address pools with the IPv6 Prefix Length assigned to the LAN. IPv4 / IPv6 mode must be enabled in the network have common initial bits for their IPv6 address; LAN Settings The default IPv6 LAN address for the router is the prefix length. You can...configuration options. Unified Services Router User Manual 2.1.1 LAN Configuration in the network's addresses is set by default (similar to IPv4 mode). The IPv6 network (subnet) is identified by the initial bits of common initial bits in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config In IPv6 mode...
Product Manual
Page 20
...IP address within the specified range plus additional specified information to receive the DNS server details from this router. There are preferred over other networking equipment on an external DHCPv6 server to provide required configuration settings The domain name of the DHCPv6 server is an optional setting ... define the IPv6 delegation prefix for a range of DHCP information specific for all DNS requests and communicates with an IPv4 LAN network, the router has a DHCPv6 server. This option can automate the process of informing other DHCP server advertise messages.
...IP address within the specified range plus additional specified information to receive the DNS server details from this router. There are preferred over other networking equipment on an external DHCPv6 server to provide required configuration settings The domain name of the DHCPv6 server is an optional setting ... define the IPv6 delegation prefix for a range of DHCP information specific for all DNS requests and communicates with an IPv4 LAN network, the router has a DHCPv6 server. This option can automate the process of informing other DHCP server advertise messages.
Product Manual
Page 21
... preference associated with router advisements. The default is useful if there are other RADVD enabled devices on the LAN, and thereby reduce overall network traffic, select Unicast only. Advertise Interval: When advertisements are unsolicited multicast packets, this field. The default is 1500. ... from the interface. By configuring the Router Advertisement Daemon on this router, the DSR will listen on the LAN, set this maximum transmission unit (MTU) value for all interfaces in an IPv6 network is required in the multicast group. RADVD Advanced > IPv6 > IPv6 LAN >...
... preference associated with router advisements. The default is useful if there are other RADVD enabled devices on the LAN, and thereby reduce overall network traffic, select Unicast only. Advertise Interval: When advertisements are unsolicited multicast packets, this field. The default is 1500. ... from the interface. By configuring the Router Advertisement Daemon on this router, the DSR will listen on the LAN, set this maximum transmission unit (MTU) value for all interfaces in an IPv6 network is required in the multicast group. RADVD Advanced > IPv6 > IPv6 LAN >...
Product Manual
Page 23
...Length: This value indicates the number contiguous, higher order bits of the IPv6 address that physical port can be isolated from that define up the network portion of the address. LAN ports can be assigned unique VLAN IDs so that traffic to and from the general LAN. A VLAN membership ...can be any 21 VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by default in seconds) that the requesting node is allowed to use of a VLAN identifier and the numerical VLAN ID which...
...Length: This value indicates the number contiguous, higher order bits of the IPv6 address that physical port can be isolated from that define up the network portion of the address. LAN ports can be assigned unique VLAN IDs so that traffic to and from the general LAN. A VLAN membership ...can be any 21 VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by default in seconds) that the requesting node is allowed to use of a VLAN identifier and the numerical VLAN ID which...
Product Manual
Page 26
... for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to be exposed on the DMZ do not have a configurable port - It is identical to the LAN, as well. Firewall rules can be placed in the DMZ network. The DMZ adds an additional layer of the DMZ nodes...
... for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to be exposed on the DMZ do not have a configurable port - It is identical to the LAN, as well. Firewall rules can be placed in the DMZ network. The DMZ adds an additional layer of the DMZ nodes...
Product Manual
Page 27
...in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network > UPnP Universal Plug and Play (UPnP) is a feature that allows the router to d iscovery devices on the network that network device. Once UPnP is detected by UPnP, the router can open internal or external ports for...configuration. If disabled, the router will not allow for the traffic protocol required by that can configure the router to use UPnP: 25 If a network device is enabled, you can communicate with the router and allow for automatic device configuration.
...in the Setup > Internet Settings > Configurable Port page. 2.4 Universal Plug and Play (UPnP) Advanced > Advanced Network > UPnP Universal Plug and Play (UPnP) is a feature that allows the router to d iscovery devices on the network that network device. Once UPnP is detected by UPnP, the router can open internal or external ports for...configuration. If disabled, the router will not allow for the traffic protocol required by that can configure the router to use UPnP: 25 If a network device is enabled, you can communicate with the router and allow for automatic device configuration.
Product Manual
Page 28
... UPnP packet. Port (External Port): The external ports opened by the DSR Int. Figure 9: UPnP Configuration UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that the router broadcasts UPnP information over the network. HTTP, FTP, etc.) used by UPnP (if any ) IP Address...
... UPnP packet. Port (External Port): The external ports opened by the DSR Int. Figure 9: UPnP Configuration UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that the router broadcasts UPnP information over the network. HTTP, FTP, etc.) used by UPnP (if any ) IP Address...
Product Manual
Page 30
... Internet (via USB modem). It is assumed that will be required to click the Connect button, which confirms the settings by establishing a link with the ISP. Figure 11: Internet Connection Setup Wizard You can start using the Wizard by your ISP to get your Internet Service Provider... few straightforward configuration pages you have arranged for the router. Once authenticated set the time zone that parameter. Please contact your network. The following ISP connection types are located in this router with your WAN connection up and enable internet access for users new to...
... Internet (via USB modem). It is assumed that will be required to click the Connect button, which confirms the settings by establishing a link with the ISP. Figure 11: Internet Connection Setup Wizard You can start using the Wizard by your ISP to get your Internet Service Provider... few straightforward configuration pages you have arranged for the router. Once authenticated set the time zone that parameter. Please contact your network. The following ISP connection types are located in this router with your WAN connection up and enable internet access for users new to...
Product Manual
Page 37
...internet, the static configuration settings must be completed. The default IPv6 Gateway address is needed. The DHCPv6 client on the ISP's IPv6 network are used for resolving internet addresses, and these are provided along with the static IP address and prefix length from the ISP. In... and secondary DNS servers on the 35 Unified Services Router Figure 16: Russia L2TP ISP configuration User Manual 3.2.6 WAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router will connect to for the DHCPv6 client configuration. In addition to...
...internet, the static configuration settings must be completed. The default IPv6 Gateway address is needed. The DHCPv6 client on the ISP's IPv6 network are used for resolving internet addresses, and these are provided along with the static IP address and prefix length from the ISP. In... and secondary DNS servers on the 35 Unified Services Router Figure 16: Russia L2TP ISP configuration User Manual 3.2.6 WAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router will connect to for the DHCPv6 client configuration. In addition to...
Product Manual
Page 40
... defines the control parameters. This is useful to ensure that are dynamically received from the ISP, you can Renew or Release the link parameters if required. 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to WAN 1 or WAN 2. Bandwidth profiles configuration consists of enabling the bandwidth control...
... defines the control parameters. This is useful to ensure that are dynamically received from the ISP, you can Renew or Release the link parameters if required. 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to WAN 1 or WAN 2. Bandwidth profiles configuration consists of enabling the bandwidth control...
Product Manual
Page 42
... this defines the parameter to WAN. FTP) from the LAN to filter against when applying the bandwidth profile. As well a wireless network can configure a custom service through the Advanced > Firewall Settings > Custom Services page. To have the selected bandwidth regulation apply to...or the profile can apply to a specific service (i.e. Unified Services Router Figure 20: Bandwidth Profile Configuration page User Manual Advanced > Advanced Network > Traffic Management > Traffic Selectors Once a profile has been created it can then be associated with the following settings: ...
... this defines the parameter to WAN. FTP) from the LAN to filter against when applying the bandwidth profile. As well a wireless network can configure a custom service through the Advanced > Firewall Settings > Custom Services page. To have the selected bandwidth regulation apply to...or the profile can apply to a specific service (i.e. Unified Services Router Figure 20: Bandwidth Profile Configuration page User Manual Advanced > Advanced Network > Traffic Management > Traffic Selectors Once a profile has been created it can then be associated with the following settings: ...
Product Manual
Page 46
...of the available WAN ports. Figure 23: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing... settings). Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is core to the other WAN link. If 44 The routing mode of the gateway is configured. Unified Services Router User Manual traffic can be assigned to one WAN and...
...of the available WAN ports. Figure 23: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing... settings). Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is core to the other WAN link. If 44 The routing mode of the gateway is configured. Unified Services Router User Manual traffic can be assigned to one WAN and...