IP address and
The management address is set in the same CIDR block, for example, 192.168.0.2. Open the browser of the 192.168.0.2 computer, enter "http: // 192.168.0.1: 8080" in the address bar, and press the Enter key to display the user logon Prompt window. Enter the bandwidth
The default management account and password in the manual go to the settings page.
To makeVroTo enable automatic dialing, we also need to integrate the ADSL accountVro.
Click the "Homepage" tab on the top, and then click "Wan" as the change. The location where the ADSL account is set is displayed in the PPP over Ethernet, enter your own ADSL account and password and save the settings.
Now,SystemThe "system information" in the "status" tab shows the network status, and the obtained by ADSL dialing is clearly displayed on the WAN side.NetworkInformation.
After configuring the ADSL account, we can use the bandwidthVroInternet access, but for better management and improvementSecurityYou also need to perform the following operations: click the "Homepage" tab, select "DHCP" on the left, set the IP address range in the IP range that the DHCP server can enter, and save the bandwidthVroYou can automatically assign IP addresses.
Prevent Unauthorized BT attacks
All connections are set by default.VroIs protected, that is, in the Intranet, using P2P software such as BT will be affected. We can use "DMZ" in the "Advanced Settings" label to set the declared host. The host set here is exposed in the network. On the one hand, you can use BT to download without any concerns.SoftwareAnd establish IIS, FTP server, and so on.HackerTherefore, the security of the computer must be well done. (It would be unwise to declare the host only to use P2P software such as Bt. In fact, we can use the UPnP function to solve the problem that P2P software cannot be used in the intranet. ClickVroSet "Other Projects" under the "Tools" tab on the page, and set UPnP to "start .)
Broadband AccessVroSet the filter tag in the interface. We can filter the source and address of the datagram by multiple items, including IP address, URL Information, MAC address, and region information.
Set "Activate" ip address filtering, and enter an IP address within the IP address range, for example, 192.168.0.111. Port information is actually entered in the "port range" field. Because BT downloads ports 6881 to 6889, We can filter them here. Select TCP for "protocol" and "Schedule" to set the time when the filter takes effect (depending on the actual situation ).
Service and Security
Computer exposureInternetHackers and viruses may exploit vulnerabilities to attack computers. In fact, we can solve this problem by setting up virtual servers.
Login to broadbandVroSettings page. Select the virtual server tag on the Advanced Settings page. Activate the virtual server settings and enter the relevant virtual server information. For example, we want to allow the computer 192.168.0.112 to provide FTP services, but we want other portsVroYou can simply virtualize the FTP service. The personal IP address is set to 192.168.0.112, the Protocol mode is TCP (the FTP service uses TCP), and the personal port is 21 (the FTP uses port 21 ). In addition, you can set the time period for this virtual service to take effect in the "arrange" area.
PairVroTo makeComputerPassVroThe process of achieving Internet sharing is relatively easy to implement. The following content of this document mainly describes the following parts:
1. Collect and judge the information for configurationVroPreparation;
2. EnterVroManagement InterfaceVroConfiguration;
3. Simple troubleshooting during configuration!
1, setVroPreparations (if you have a clear connection method, you can jump)
The first thing to confirm is what your "Broadband Access Method" is like?
Of course, the simplest way is to call your ISP (Internet Service Provider) for consultation. You can also purchaseVroThe previous network connection method was used for quick judgment.
Common Hardware connection methods include the following:
1. Telephone Line> ADSL modem> Computer
2. Twisted Pair wires (Ethernet cable)-> computers
3. Cable TV (coaxial cable)-> Cable Modem-> Computer
4. Optical Fiber> photoelectric converter> Proxy Server> PC
ADSL/VDSL pppoe: A computer runs a third-party dialing software such as enternet300 or a dialing program provided by WINXP. Fill in the account and password provided by the ISP, and dial the number before accessing the Internet each time;
Alternatively, your ADSL modem has enabled the routing function, fills in the account and password provided by the ISP, and sends the dialing action to the modem; (This broadband access method is typical, such as the "Network Express" provided by China Southern Telecom ")
Static IP: the ISP provides you with a fixed IP address, subnet mask, default gateway, and DNS;
Dynamic IP: The TCP/IP attribute of the computer is set to "automatically obtain IP addresses", and the computer can access the Internet each time it starts. (This broadband access method is typical, for example, Shenzhen "tianwei video ")
802.1X + static IP: the ISP provides fixed IP addresses, dedicated dialing software, accounts, and passwords;
802.1X + Dynamic IP: the ISP provides dedicated dialing software, accounts, and passwords;
Web Authentication: before accessing the internet, open the Internet Explorer, specify the home page of the ISP, enter the user name and password provided by the ISP, and perform other online operations only after the authentication;
(The black text above is your broadband access method, and the access method and hardware connection method are not fixed)
The above mentioned connection authentication methods are only some of the broadband access methods with high penetration rate, and of course there will be other topological connections and authentication methods; therefore, if you are not sure about your bandwidth, you 'd better ask your ISP: is the IP address static or dynamic? Are the protocols used for authentication pppoe, 802.1x, or Web Authentication? With the answers to the two questions above, you canVroConfigured;
2. How to enterVroManagement Interface?
First, refer to the figure above in the user manual,VroAnd computers;
TL-R4XX SeriesVroManagement address factory default: IP Address: 192. 168. 1. 1. subnet mask: 255. 255. 255. 0 (TL-R400 and TL-R400 + management address default: 192. 168. 123. 254, subnet mask: 255. 255. 255. 0) Use a network cableVroThe LAN port is connected to the computer Nic becauseVroThe Ethernet port on has the polar automatic flip function, so no matter whether your network cable uses a direct line or cross line can be, you need to ensure that the production of the cable crystal head is reliable and stable, the crystal head copper is not rust and so on.
Right-click "Network neighbors" on the desktop and select "properties". In the displayed window, double-click "Local Connection" and click "properties ", search for "Internet Protocol (TCP/IP)" and double-click it to bring up the "Internet Protocol (TCP/IP) Attribute" window;
In this window, select "Use the following IP Address" and fill in the corresponding location:
IP Address: 192. 168. 1. x (x range: 2-254 ),
Subnet Mask: 255. 255. 255. 0,
Default Gateway: 192. 168. 1. 1. After filling in, click "OK" twice;
3. Check the computer andVroCan you communicate?
You can use the following method to view the DOS interface of your computer:
"Start"-> "program", click "MS-DOS" (Win98 operating system)
"Start"-> "program"-"attachment", click "command prompt" (Win2000/XP operating system)
First, check whether the above IP Address Configuration has taken effect?
Enter ipconfig/all in the DOS window and press Enter. If the following information is displayed, the configuration takes effect,
IP address ..................................: 192. 168. 1. 10
Subnet mast .................................: 255. 255. 255. 0
Second, from computerVroWhen the LAN port sends data packets, can the packets be returned? Run in DOS window:
Ping 192. 168. 1. 1-T and press Enter. If the following similar information appears,
Reply from 192. 168. 1. 1: bytes = 32 time <10 ms TTL = 128 reply from 192. 168. 1. 1: bytes = 32 time <10 ms TTL = 128 reply from 192. 168. 1. 1: bytes = 32 time <10 ms TTL = 128 if the above information is not displayed after the carriage return, the prompt is displayed: "It is not an internal command or an external command, it is not a runable program or batch processing program, it indicates that the command input is incorrect. Please check whether the input such as spaces is ignored; 4, enterVroManagement Interface. A prompt is displayed, indicating that the computer canVroAfter communication, open IE, enter 192. 168. 1. 1 in the address bar, and press Enter. Normally, a dialog box asking for the user name and password will appear.
Of course, there are also exceptions: If you open the address bar of IE browser and enter the address and press enter, the "offline working" dialog box will pop up. After clicking "Connect", a dial-up window will appear, click "Tools"-"Internet Options" in the menu bar of the IE browser, and click the "connection" attribute page in the pop-up dialog box. The interface is shown as follows:VroThere should be no obstacles to the management interface; 5. Start to configureVroWith the information preparation for the broadband access method at the beginning, it is much easier to configure.VroManagement Interface, a page similar to "setting wizard" will pop up, you can cancel ignoring it; enterVroOn the Management page, choose "Network Parameters"> "Wan Port Settings" from the menu bar on the left.VroThis is the most critical step in the Internet-oriented WAN port mode;
Assume that your broadband access method is ADSL pppoe, select "Wan port connection type" as "pppoe", and enter "Internet account" and "Internet password ", if you are a monthly subscription user, select "Automatic Connection" and click "save" to complete the configuration; after the password is saved, several more passwords will be entered in the "Internet password" box. This isVroDedicated for security;
Click "running status" in the left column of the management interface. On the "Wan port properties" page, the corresponding IP address subnet mask, default gateway DNS server, and other addresses are not displayed at the beginning, it's like the figure below.VroDuring the dialing process, after the corresponding information appears for these addresses, fill in the DNS server address in the corresponding location on the "Internet Protocol (TCP/IP)" page of the computer, the basic settings are complete. If there is no problem, you can surf!
6. List the faults;
If you cannot see any address, you can exclude it one by one for the following reasons:
(1) there is usually an ADSL lamp on the ADSL Modem. Normally, after the modem is powered on and connected to the telephone line, the lamp will flash slowly roughly, And the flashing will eventually stop to grow; if the lamp is flashing endlessly, The Flash will not be on long. Please contact and inform the ISP that your ADSL modem cannot be synchronized with the switch at the local end. This ADSL/DSL lamp must be on long;
2) When you enter the "Internet password" during the configuration process, you may try again;
3) if the "routing mode" is enabled for the ADSL modem, You need to reset the ADSL mdoem to the "bridging mode". You can contact the modem manufacturer to obtain the operation method; it can also be determined that the computer is connected to the modem and dial on the computer. After the dial is successful, the computer can access the Internet. In this case, the modem works in the bridging mode, this possibility can be ruled out;
4) the ISP sets the MAC address of the computer Nic to the ADSL line. The solution is to useVroTo copy the MAC address of the network adapterVroWan port;
If all the above possibilities are ruled out, there is generally no problem with the dial-up of ADSL pppoe. The following lists the other two fault causes worth attention;
5) Your broadband access method is the type of Ethernet cable that is directly introduced, not ADSL, but also dial-up. The dialing software is not limited to one type, and the authentication protocol is pppoe, if the ISP promises a bandwidth of 10 Mbps, we recommend that you find a 10/100 M Adaptive hub, connect the incoming bandwidth to the hub, and then connect the hubVroWan port; after such a rate adaptation process, there should be no problems with dialing;
6) PurchaseVroYou also run the dialing software on your computer and enter the user name and password for dialing. However, the dialing software is a dedicated software provided by the ISP, and other software cannot be used for dialing. If this is the case, contact the ISP for consultation: Your broadband access, the authentication protocol is 802. 1x? If yes, it is possible that the authentication system adds private information during development, resulting inVroDialing failed;
7. Other configurations
1) Security Settings
If you can access the Internet normally, you may want to enable different permissions for the computers in the internal LAN for different reasons, for example, you can only log on to some websites, send and receive e-mails, some of them are limited, and some are not limited. In this regard, the user needs vary greatly, and someVroYes.VroIt cannot be fully implemented, such as the "binding IP addresses and network card addresses" function,VroCannot be fully implemented;
The essence of our online operations is that computers constantly send request packets. These request packets must contain parameters such as the source IP address, destination IP address, source port, and destination port;VroThese parameters are used to control different Internet access permissions of computers on the internal LAN;
Below we will list representative configuration examples to illustrateVroWhat are the functions of "firewall settings" and "ip address filtering" used? The examples listed and the explanations in the red text above are used to help you understand the meaning of each function parameter as much as possible. Only by understanding the meaning of the parameter can you configure filtering rules as you like, quickly achieve your intended purpose, without the failure to use these functions due to configuration errors, or delay your applications due to lack of timely technical support;
On the "firewall settings" page, you can see that this is a general Switch Settings page. Do not check and select any features that are not used;
In addition to the general switch, there are two filters that determine the "default filter rules". What is the default filter rule? On the specific rule settings page, we define specific rules to control and process qualified data packets. The "Default rule" here is the name suggests, what should we do if the Custom Rules do not contain non-conforming data packets? This should not be difficult to understand;
A data packet must comply with the rules we set, but must not comply with the rules we set but must also comply with the default rules;
We can see the default Filtering Rule, and you can enter a new entry. We configure a rule that limits the IP address of a computer in the internal LAN to 192. 168. 1. 10, just let it log on to the www.tp-link.com.cn site, any other operation can not;
The above rule can be interpreted as: the Intranet computer sends data packets to the public network. The source IP address of the data packet is the IP address of the computer to be limited to 192. 168. 1. 10. The destination IP address of the packet is 202. 96. 137. 26, that is, the www.tp-link.com.cn of the domain name corresponding to the Public IP address, Wan request because it is for the website restrictions, so the port number is 80; the rule settings can be clearly seen on the configured rules page, the rule takes effect for 24 hours.
192. 168. 1. 10 This host, lan behind the port default do not fill, Wan IP Address Bar Filled in is the www.tp-link.com.cn corresponding to the Public IP address, because the port is a website so fill 80, generally, all is selected by default. Is the protocol allowed? Because the default rule is to prohibit data packets that do not comply with the rules from passing throughVroTherefore, data packets that comply with the rules are allowed to pass, and the rule status is effective;
If your rule involves a restriction on the website, that is, the destination request port is 80, you should consider that the corresponding packet corresponding to port 53 is also allowed to pass, because 53 corresponds to a packet to the domain name resolution server, used to put the domain name (such as www.tp-link.com.cn) and IP address (such as 202. 96. 137. 26) Corresponding, so it must be enabled!