User manual TP-LINK TL-ER6020

[. . . ] These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. Operation is subject to the following two conditions: 1) 2) This device may not cause harmful interference. [. . . ] Choose the menu Advanced→Routing→Route Table to load the following page. Figure 3-46 RIP The following items are displayed on this screen: Route Table Destination: Gateway: Flags: The Destination of route entry. Logical Interface: Physical Interface: The logical interface of route entry. The physical interface of route entry. -69- Metric The Metric of route entry. 3. 4 Firewall 3. 4. 1 Anti ARP Spoofing ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly. ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP Table, where the latest used IP address-to-MAC address mapping entries are stored. ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network. The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping entries, and then the device will automatically update the ARP table after receiving wrong ARP packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is generated to prevent the network from this kind of attack. 3. 4. 1. 1 IP-MAC Binding IP-MAC Binding functions to bind the IP address, MAC address of the host together and only allows the Hosts matching the bound entries to access the network. Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the following page. Figure 3-47 IP-MAC Binding -70- The following items are displayed on this screen: General It is recommended to check all the options. You should import the IP and MAC address of the host to List of IP-MAC Binding and enable the corresponding entry before enabling “Permit the packets matching the IP-MAC Binding entries only”. When suffered ARP attack, the correct ARP information will be sent to the device suffering attack initiatively by GARP (Gratuitous ARP) packets, thus the error ARP information of the device will be replaced. Give a description for the entry. -75- List of Rules You can view the information of the entries and edit them by the Action buttons. 3. 4. 4 Access Control 3. 4. 4. 1 URL Filtering URL (Uniform Resource Locator) specifies where an identified resource is available and the mechanism for retrieving it. URL Filter functions to filter the Internet URL address, so as to provide a convenient way for controlling the access to Internet from LAN hosts. Choose the menu Firewall→Access Control→URL Filtering to load the following page. Figure 3-52 URL Filtering The following items are displayed on this screen: General To control the access to Internet for hosts in your private network, you are recommended to check the box before Enable URL Filtering and select a filtering rule based on the actual situation. URL Filtering Rule Object: Select the range in which the URL Filtering takes effect: Group: URL Filtering will take effect to all the users in group. ANY: URL Filtering will take effect to all the users. -76- Mode: Select the mode for URL Filtering. “Keywords’’ indicates that all the URL addresses including the specified keywords will be filtered. “URL Path” indicates that the URL address will be filtered only when it exactly matches the specified URL. Effective Time: Description: Specify the time for the entry to take effect. Give a description for the entry. List of Rules You can view the information of the entries and edit them by the Action buttons. Application Example: Network Requirements: Prevent the local hosts from accessing Internet website www. aabbcc. com anytime and downloading the files with suffix of “exe” at 8:00-20:00 from Monday to Friday. Configuration Procedure: Select Keywords mode and type ”exe“ in the field, select URL mode and type “www. aabbcc. com” as the following figure shows, then specify the effective time and click the <Add> button to make the setting take effect. -77- 3. 4. 4. 2 Web Filtering On this page, you can filter the desired web components. Choose the menu Firewall→Access Control→Web Filtering to load the following page. Figure 3-53 Web Filtering Check the box before Enable Web Filtering and select the web components to be filtered. 3. 4. 4. 3 Access Rules Choose the menu Firewall→Access Control→Access Rules to load the following page. Figure 3-54 Access Rule The following items are displayed on this screen: -78- Access Rules Policy: Select a policy for the entry: Block: When this option is selected, the packets obeyed the rule will not be allowed to pass through the router. [. . . ] DNS（Domain Name Server） DSL (Digital Subscriber Line) An Internet Server that translates the names of websites into IP addresses. A technology that allows data to be sent or received over existing traditional phone lines. Security protocol that provides data privacy services, optional data authentication, and anti-replay services. Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes. E ESP（Encapsulating Security Payload） F FTP（File Transfer Protocol） -139- Glossary Description H. 323 allows dissimilar communication devices to communicate H. 323 H with each other by using a standardized communication protocol. [. . . ]