D-Link DRO-210i User Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Gateway
  5. DRO-210i
  6. User manual
D-Link DRO-210i User Manual

D-Link DRO-210i User Manual

Broadband business gateway
Hide thumbs Also See for DRO-210i:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
DRO-210i
(Updated for Firmware Revision 2.1.2)
D-Link India Ltd.,
Software and R&D Center,
Bangalore.
Phone: 91-80-26788345/46/50/51
www.dlink.co.in

Advertisement

Table of Contents
loading

Related Manuals for D-Link DRO-210i

Summary of Contents for D-Link DRO-210i

  • Page 1 DRO-210i (Updated for Firmware Revision 2.1.2) D-Link India Ltd., Software and R&D Center, Bangalore. Phone: 91-80-26788345/46/50/51 www.dlink.co.in...

  • Page 2: Table Of Contents

    ABOUT THIS MANUAL ... 4 1 PRODUCT OVERVIEW ... 5 1.1 H ... 6 ARDWARE ETAILS 1.2 S OFTWARE EATURES 2 INTERFACES ... 12 2.1 P ONFIGURATION 2.2 LAN I ... 13 NTERFACE 2.3 DMZ I ... 13 NTERFACE 2.4 WAN I ...
  • Page 3 7.1.1 Interface Configuration... 36 7.1.2 Policy Rules ... 37 7.1.3 Inbound Policies ... 38 7.1.4 Outbound Policies... 39 7.1.5 Domain Filter... 42 7.1.6 Web Filter ... 43 7.1.7 MAC Filter ... 45 7.1.8 Blocking Log ... 45 7.2 I NTRUSION ETECTION 7.2.1 IDS Configuration...

  • Page 4: About This Manual

    Note: Copyright to this manual is owned by D-Link India Ltd. This document shall not be reproduced, distributed or copied without the permission from D-Link India Ltd. Conventions...

  • Page 5: Product Overview

    Dual WAN Connectivity The router supports Dual Ethernet Ports for xDSL connectivity. xDSL connectivity is cheap, but more susceptible to outages. With two xDSL links, DRO-210i ensures high reliability, and also the benefit of double internet capacity. Converged Network Support...

  • Page 6: Hardware Details

    1.1 Hardware Details DRO-210i Package Contents The DRO-210i package contains the following items: DRO-210i Broadband Business Gateway 2 Straight Ethernet Cables 1 Cross Over Ethernet Cable 1 Power cord 1 AC-DC Adapter 4 Stack rubber feet 1 CD with User Manual...

  • Page 7: Front Panel

    Front Panel The front panel provides the LEDs to indicate the status of the router. Power Module Status Power WAN1 LED Ready WAN2 LED Ready WAN2 LED WAN1 LED Description ON: Link and Protocol is UP OFF: Link or Protocol is DOWN ON: Link and Protocol is UP OFF: Link or Protocol is DOWN...

  • Page 8: Rear Panel

    Rear Panel The rear panel provides the router’s ports and reset button. LAN/WAN2 Input AC 230v RESET Interface Description RESET Restore the Factory Default Settings in the router 10/100Mbps Ethernet LAN Ports (RJ-45) LAN/DMZ 10/100Mbps Ethernet Port (RJ-45) - configurable as LAN or DMZ Port LAN/WAN2 10/100Mbps Ethernet Port (RJ-45) - configurable...

  • Page 9: Software Features

    1.2 Software Features The router has rich features like routing, load-balancing, auto backup, firewall access control, secure VPN connectivity, network address translation, quality of service and remote management satisfying most of the needs of the SMB market. Routing The router supports static, dynamic and policy-based routing. Static Routing - The network administrator can manually configure the routes according to his network topology.

  • Page 10: Quality Of Service

    Network Address Translation (NAT) NAT enables the router to act as an address translation agent between the Internet (public network) and the local (or private) network. The router supports all the combinations of NAT models like Many to Many, Many to One and One to One to provide internet access to LAN client.
  • Page 11 Tools The router supports various tools to manage and monitor the device. Syslog - The Router can send the Syslog messages to the configured server to aid in network administration. NTP - The administrator can configure the system date and time manually. Or he can use NTP feature to automatically synchronize the router’s time with specified global time servers.

  • Page 12: Interfaces

    The router provides the following interface ports: LAN Ports - The router has two dedicated 10/100 Ethernet LAN ports. DMZ Port - The router has one 10/100 Ethernet DMZ port. A DMZ port is used to connect to the company servers (e.g. Web server, FTP Server). This port can be optionally reconfigured as a regular LAN port.

  • Page 13: Lan Interface

    Port 4 is reconfigured as LAN, the entries configured on WAN2/DMZ earlier will be displayed in dark grey color in the corresponding feature tables to indicate that these entries are currently invalid. Note: When Port 4 is configured as LAN, Load Balancing and Auto Backup features get disabled as there is only one WAN interface available.

  • Page 14: Wan Interface

    Select Interface → → → → DMZ to configure DMZ Settings as explained below. To add a DMZ Server in the network, the administrator can a) Assign Private IP Addresses to the DMZ network. And configure a One-To-One NAT entry to map a Global IP Address to the Private DMZ Server IP Address. Refer NAT Configuration b) Or assign Private IP Addresses to the DMZ network.

  • Page 15: Static Mode

    2.4.1 Static Mode In this mode, the ISP allocates and provides a static Global IP Address for WAN connectivity. The ISP will also provide information regarding the Default Gateway IP Address to be used for this connection. If you have purchased multiple static Global IP Addresses from the ISP, then configure the first IP Address as the WAN Interface IP Address.

  • Page 16: Pppoe Mode

    After entering all the information press the Apply button. The DHCP Client Status table will now show the DHCP client status at the bottom of the page. Click on Detect Link Status to configure the 2.4.3 PPPoE Mode In this mode, ISP provides the Global IP address automatically using PPPoE Protocol. PPPoE protocol is a method of transmitting PPP packets over Ethernet network.
  • Page 17 After entering all the information press the Apply button and the PPPoE Status is displayed at the bottom of the screen. The administrator may Connect or Disconnect using the appropriate button. Caution: When NAT is enabled on an unnumbered interface, local services (such as DNS Proxy, VPN etc) may be affected.

  • Page 18: Dhcp, Dns And Time

    3.1 DHCP DHCP (Dynamic Host Configuration Protocol) is a method of automatically assigning IP address, subnet mask, default gateway and DNS server IP address to hosts on the LAN. This router provides an in-built DHCP Server. In addition, a DHCP Relay is available to relay the DHCP Requests to a DHCP Server on another port.

  • Page 19: Dhcp Static Mapping

    After entering all the information press the Apply button. The DHCP Client Table will list the client hosts (to which IP addresses have been assigned) with their Host Name, IP Address, MAC Address, and Lease Time values. Any IP address in the DHCP server range may be assigned as a static IP to some PC in the network.

  • Page 20: Dhcp Relay

    After entering all the information press the Apply button. The entries will now be displayed under the DHCP Static Mapping Client Table. If the Static IP in the DHCP Reservation entry does not fall within the DHCP Server IP Range, then it will be treated as an invalid entry. These invalid entries will be displayed in dark grey color in the DHCP Static Mapping Client Table.

  • Page 21: Dns Proxy

    Note: In Relay mode, the DHCP server may unicast the DHCP ACK message to the DHCP Client. So proper routes should be configured at the server to enable it to reach the DHCP Client subnet. 3.2 DNS Proxy DNS (Domain Name System) is the protocol used to translate Domain Names to IP Addresses.

  • Page 22: Time

    3.3 Time The system date and time of the router can be configured via this option. The system date and time can be configured manually, or it can be obtained automatically from a global time server using NTP. NTP is designed to synchronize the time on a network of machines. NTP runs over the User Datagram Protocol (UDP), using port 123 as both the source and destination port.

  • Page 23: Routing

    Routing Routing determines how to transport packets from the initiating host to the receiving host. The packet needs to determine a path through which it can travel from the sender to the receiver. The Routing Table in a router provides such a map to all packets. Each entry (or route) in the routing table indicates the destination address of the packet, where the next hop (or gateway) should be, which interface of the router the packet should go out to reach the destination, and hence provides a path selection.

  • Page 24: Static Routing

    4.1 Static Routing When Static Routing is selected as the routing algorithm, the network administrator needs to manually configure all routes on the router. Any change in the network configuration would require the administrator to update the information in all affected routers. This can be a cumbersome task and lead to errors in case of large and complicated networks.
  • Page 25 other network configuration problems like routing loop. In the Internet, there are two types of dynamic routing algorithms used – Distance vector and Link State algorithm. In the Distance Vector (DV) algorithm, each router computes the costs of its own attached links and shares the route information with its neighbor routers.

  • Page 26: Routing Table

    4.3 Routing Table The router maintains all the active route entries, and displays them in the Routing table. The static routes configured manually by the administrator are displayed in grey color. And the dynamic routes learnt via RIP are displayed in yellow color. Select Status →...
  • Page 27 After entering all the information press the Apply button. The routes entered will now be displayed under the Policy Based Routing Table. Note: Policy Based Routes will be given higher preference over Static/Dynamic routes to the same destination.

  • Page 28: High Availability

    The router supports Dual Ethernet WAN Ports for xDSL connectivity. Though xDSL connectivity is cheap, it is more susceptible to outages. Hence with two xDSL links, DRO-210i guarantees uninterrupted internet connectivity. High Availability is made possible through two key features in the router - Auto Backup and Load Balancing.

  • Page 29: Load Balancing

    5.2 Load Balancing With multiple Internet connections, Load Balancing effectively uses the combined bandwidth of all the internet links resulting in a significant increase in the total available bandwidth. Also if any Internet connection goes down, uninterrupted internet connectivity is assured utilizing the serviceable links. Based on the speed of the WAN link, the administrator can configure an appropriate percentage of internet traffic to be routed through each of the WAN Links.
  • Page 30 Select Interface → → → → WAN1 and choose IP Setting Mode as Static or Dynamic. Click on Detect Link Status to configure the Ethernet WAN Link Detection as explained below. After entering all the information press the Apply button. The Ethernet WAN Status Table will display the list of interfaces on which Link Detection is enabled and their status.

  • Page 31: Network Address Translation

    Network Address Translation When a computer wants to connect to the Internet, it needs a legal and unique Global IP address to traverse the internet. With the explosion of Internet, the unique IP address space available is insufficient. NAT solves this problem by allocating single or a small range of legal Global IP addresses.

  • Page 32: Nat Configuration

    6.1.2 NAT Configuration This router supports the following types of NAT: Many-To-One - In this case, multiple private IP addresses are mapped to one Global IP address by using different ports. Many-To-Many - In this case, multiple private IP addresses are mapped to a pool of Global IP addresses.

  • Page 33: Virtual Server

    Consider a scenario where WAN1 is used for internet connectivity. NAT must be enabled at WAN1 to enable LAN systems to access the internet. The company’s servers (Web/FTP Server) may be installed at the DMZ interface using public IP Address for direct access from the internet.

  • Page 34: Sip-Alg

    After entering all the information press the Apply button and the Virtual Server table will now be displayed at the bottom. Each entry can be deleted by selecting the Delete button next to the entry. 6.3 SIP-ALG Session Initiation Protocol (SIP) packets have IP address embedded in the data packet. So NAT is not fully effective for such applications.

  • Page 35: Nat Table

    6.4 NAT Table The router maintains a table of sessions for which IP Address and Port Translations have been performed. This translation table can be viewed from the NAT Table Page. Select Status → → → → NAT Table to view the NAT Session Table explained below.

  • Page 36: Firewall

    Most firewalls, including D-Link firewalls, ensure that network traffic complies with current protocol definitions. This can prevent poorly implemented services on the protected servers and client software from being exposed to unexpected data, causing them to hang or crash.

  • Page 37: Policy Rules

    Caution: If LAN is configured as UnTrusted, then Remote Access needs to be configured for getting the web-configuration. So before configuring LAN as UnTrusted, first enter the IP of the LAN PC (which is configuring the DRO-210i) in the Remote access configuration webpage.

  • Page 38: Inbound Policies

    Note: When an active policy is disabled or deleted, another enabled policy will become active. In this case, currently ongoing sessions will no longer function if they are not permitted by the new active policy. 7.1.3 Inbound Policies The traffic flowing from UnTrusted to Trusted network is the Inbound traffic. By default, all network traffic going from UnTrusted network to Trusted network are blocked.

  • Page 39: Outbound Policies

    After entering all the information press the Apply button and the Service Permitted Rule table will now be displayed at the bottom of the page. Press the Delete button to delete the corresponding entry. IP Permitted Rules In Service Permitted Rule table, click the icon under IP Permitted Rule column to configure Permitted IP Rules.
  • Page 40 Select Firewall → → → → Policy to get to the Policy Table and click Out button to configure Outbound Policies.
  • Page 41 Blocked Services Click on the link “Blocked Services” to get to Blocked Services configuration page. This page allows administrator to specify the application to be blocked from Trusted network to the UnTrusted network. After entering all the information press the Apply button and the Service Blocked Rule table will now be displayed at the bottom of the page.

  • Page 42: Domain Filter

    After entering all the information press the Apply button and the Blocked IP Table will now be displayed at the bottom of the page. Press View button for viewing and Delete button for deleting the corresponding entry. 7.1.5 Domain Filter Domain Filter feature enables the administrator to block specific domain names (or) allow only specific domain names.

  • Page 43: Web Filter

    After entering all the information press the Apply button and the status table will now be displayed at the bottom of the page. Press View button for viewing and Delete button for deleting the corresponding entry. 7.1.6 Web Filter The different types of Web Filters in the firewall are Java Filter Cookie Filter ActiveX Filter...
  • Page 44 Keyword Filter HTTP Packets with specific keywords (like jobs) in the URL can be blocked using the Keyword Filter. In Outbound Policies select Keyword List (under Web Filter) to go to the Keyword Filter configuration page. After entering all the information press the Apply button and the status table will now be displayed at the bottom of the page.

  • Page 45: Mac Filter

    After entering all the information press the Apply button and the status table will now be displayed at the bottom of the page. Press Delete button for deleting the corresponding entry. 7.1.7 MAC Filter MAC Filter feature can be used to block all traffic from a specific user’s system. The user’s system can be uniquely identified by its MAC Address.

  • Page 46: Intrusion Detection

    7.2 Intrusion Detection An Intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable. The security architecture that detects and prevents these types of intrusion is called Intrusion Detection and Prevention System. Intrusion Detection Systems (IDS) detect unwanted access to devices on the private network mainly from the public Internet.
  • Page 47 Select Firewall → → → → IDS Configuration to configure the IDS Configuration as explained below. After entering all the information press the Apply button. The attacks are logged on the Intrusion Log. The IP address of the attacker is blacklisted to prevent any further attacks. Note: To ensure the highest level of security in a network, it is recommended to enable detection of all the attacks supported by the router.

  • Page 48: Intrusion Log

    7.2.2 Intrusion Log When traffic matches an Intrusion signature and is blocked by the IDS engine, the blocking event is recorded in the Intrusion Detection Log. Select Status → → → → Log Tables → → → → Intrusion Log to view the Intrusion Log Table as explained below.

  • Page 49: Virtual Private Network

    VPN or virtual private networks allow multiple sites from an organization (and its clients, suppliers, etc.) to communicate securely over an insecure internet by encrypting all communication between the sites. IPSec protocol is the Internet standard protocol for tunneling, encryption and authentication.

  • Page 50: Ipsec Tunnel Or Passthrough

    8.1 IPSec Tunnel or Passthrough The IPSec VPN Feature can operate in 2 modes: IPSec Passthrough: In this mode, the router will allow IPSec-VPN tunnels to be established between multiple LAN side IPSec clients and multiple remote IPSec servers. It can also support multiple LAN side IPSec clients to connect simultaneously to a single remote IPSec server.
  • Page 51 • • • •...
  • Page 52 • • • • • Note: The user has to specify a proper routing entry in the routing page for the remote network address. For example, if the remote network address range is 192.168.20.1 / 28 , then the user can specify the route entry with destination address...

  • Page 53: Ipsec Server

    as 192.168.20.0 with subnet mask 255.255.255.0 and outgoing device same as that of the source interface which was specified in the corresponding tunnel entry. 8.3 IPSec Server IPSec server allows tele-workers to connect to their corporate office securely from anywhere in the world. Since the remote user’s IP Address will vary based on the user’s current location, the IPSec server tunnel ignores the client's address.
  • Page 54 • • • • • • •...

  • Page 55: Tunnel Table

    A Remote ID needs to exist for each remote user client that wants to connect to the IPSec Server at the router. Note: Ensure that the remote user’s VPN client is configured with the same Tunnel Parameters (Password, Phase 1 and Phase 2 algorithms) as the IPSec Server Tunnel at the router.

  • Page 56: Ipsec Status

    Press View button for editing and Delete button for deleting the corresponding IPSec Peer-To-Peer or IPSec Server tunnel entry. When an IPSec server entry is deleted, all its corresponding Remote IDs are also deleted. Note: The total no of IPSec configuration entries includes the number of peer-to-peer tunnel along with number of IPSec servers plus its corresponding Remote IDs.

  • Page 57: Ipsec Log

    8.6 IPSec Log The router maintains a log of the IPSec protocol activities i.e Tunnel Negotiation, Establishment and Renegotiation. Select Status → → → → Log Tables → → → → IPSec Log to view the IPSec Log Table as explained below.

  • Page 58: Quality Of Service

    Quality of Service Traffic control in a network can be achieved by Quality of Service (QoS) algorithms, which involves guiding the packets based on some predefined rules. Traffic control classifies packets and places them in individual flows or classes. It can then police by limiting the number of packets transmitted and/or schedule the packets in different order of priority for transmission.
  • Page 59 Select QoS → → → → HTB Configuration to enter the HTB QoS Configuration. Select Node as Class to configure the HTB Class Settings. After entering all the information press the Apply button and the HTB QoS Entries table will now be displayed at the bottom of the page. Press Delete button for deleting the corresponding entry.

  • Page 60: Filter Configuration

    9.1.2 Filter Configuration Filters in QoS help in classification of traffic, and assigning the traffic to a specific HTB class. These filters use IP parameters like Source IP, Destination IP, Protocol, Source Port and Destination Port. The packets that match a filter configuration is placed in the class specified with the Class ID parameter and will receive the specified traffic treatment.

  • Page 61: Tos/Diffserv

    After entering all the information press the Apply button and the QoS Filter Entries table will now be displayed at the bottom of the page. Press View button for editing and Delete button for deleting the corresponding entry. Note: 1) Always configure filters to direct traffic to a leaf class (i.e class which has no children).
  • Page 62 After entering all the information press the Apply button and the TOS/DiffServ Table will now be displayed at the bottom of the page. Press Delete button for deleting the corresponding entry.

  • Page 63: Administration

    Administration The router provides several administrative features/tools to maintain and monitor the router. This section discusses these features and their configuration in detail. 10.1 Device Information The current status of the router can be obtained through this page. Select Status → → → → Device Info to view Device Information table as explained below.

  • Page 64: Traffic Statistics

    10.2 Traffic Statistics The number of packets transmitted, received, errors at each interface can be obtained through the traffic statistics page. These counters will be reset when the router is rebooted. Select Status → → → → Traffic to view Traffic Statistics as explained below. 10.3 Session Log The Session Log is used to log and display the sessions created at the router.

  • Page 65: Syslog

    Select Status → → → → Log Tables → → → → Session Log to view Session Log as explained below. 10.4 SysLog The SysLog feature is used to send the System Logs to a remote server. Select Misc → → → → SysLog to configure SysLog as explained below. Caution: The router’s performance may be affected if the Log Level is set to Debug Level.

  • Page 66: System

    Select Tools → → → → Password to configure Change Password as explained below. Password Recovery If administrator misplaces the router password he/she can call Dlink Technical Support to inform the router MAC address which is on the product sticker of the router. The Technical Support will then generate and mail a <username>...

  • Page 67: Upload/Download

    Caution: After configuring the router, use Save Settings to save the configurations permanently. Otherwise on reboot, the router would not remember the current settings. 10.7 Upload/Download This feature allows the administrator to upload new configuration file, firmware or certificate to the router. configuration and download the configuration in cfg format on the local PC.

  • Page 68: Ping Test

    10.8 Ping Test The Ping Test feature allows the user to ping to any network device from the router. This helps in checking network connectivity from the router. Select Tools → → → → Ping Test to configure Ping Test as explained below. Press the Apply button to start the ping test.
  • Page 69 Note: If NAT is enabled on the remote side then the Global IP address should be entered as the remote IP address because the router will get the request from that address.

  • Page 70: Frequently Asked Questions

    11.1 General Q1. I have forgotten the router’s LAN IP Address. Now how can I access the router to configure it? Ans: Press the Factory Default switch (RESET switch on the Front Panel) and the router settings will be restored to default settings. Now you can configure the router using https://192.168.100.254.

  • Page 71: Dhcp, Dns

    Go to Status → Device Info, and check the Physical Link Status and Protocol Status of the WAN Interface. If the Physical Link Status is DOWN, check the cable connectivity. If the Protocol Status is DOWN, then go to Interfaces → WAN and connect the interface.

  • Page 72: Routing

    11.3 Routing Q8. How can I verify that the dynamic routes got exchanged using the RIP feature? Ans: Go to Status → Route Table. Here the list of active route entries is displayed. The routes in “Grey” color are static route entries. The entries in “Yellow” color are the routes that were received from the RIP enabled neighboring routers.

  • Page 73: Firewall

    11.5 Firewall Q11. I want to block access to download of songs, movies etc. How can I do that? Ans: Use the router’s File Extension Filter feature to block HTTP access to extensions like .avi, .mp3 etc. To configure File Extension Filter, enable Firewall on all the relevant LAN, DMZ and WAN interfaces.
  • Page 74 Q14. One of the LAN Systems is affected by Virus and is generating huge traffic; which is consuming the entire internet bandwidth. What can I do? Ans: Use the MAC Filter feature to temporarily block all traffic from the infected system.

  • Page 75: Nat

    Ans: The router can only block messengers based on Domain names, URL Keywords, IP Addresses or Port numbers used for communication. Blocking of messengers (like skype) which cannot be identified by any of these methods is not supported by the router. 11.6 NAT Q18.

  • Page 76: Vpn

    Q21. What are the call features supported by SIP-ALG? Ans: The call features supported by SIP-ALG are as below: a. Registration b. Call Establishment c. Attended Call transfer d. Unattended Call transfer e. Call Forward f. Voice Mail g. Conference Call Q22.

  • Page 77: Qos

    For the purpose of secure remote access (i.e. Server Tunnels for Roaming Users), the product has been tested & interoperates successfully with SafeNet SoftRemote VPN client and D-Link VPN client. Q30. What is the maximum number of VPN Tunnels supported by the router? Ans: The router supports up to 32 VPN Tunnels.
  • Page 78 Q32. My company uses a Financial Application across the internet, and I want to ensure that this traffic is prioritized over all other traffic. Ans: Configure HTB QoS on the WAN interface as explained in Q31. This will ensure that this router prioritizes your application over all other traffic. To ensure that every hop router prioritizes your application, configure the TOS/DiffServ feature to appropriately set the TOS Octet in the IP Header of your application packets.

Table of Contents