D Link SR250NB1 Wireless N Service Router User Manual 13

D Link Corporation Wireless N Service Router 13

Contents

User Manual-1

Unied Services RouterUser ManualDSR-150/150N/250/250N/500/500N/1000/1000NVersion 2.01 | November 17, 2014Wireless N Service Router DSR-250NB1
D-Link DSR-Series User Manual iThe information in this document is subject to change without notice. The manufacturer makes no representations or warranties with respect to the contents hereof and specically disclaim any implied warranties of merchantability or tness for any particular purpose. The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any person of such revision or changes.Manual RevisionsRevision Date Description2.00 July 31, 2014 • DSR Products with rmware version 2.002.01 November 17, 2014 • add License Update section Trademarks/Copyright NoticeD-Link and the D-Link logo are trademarks or registered trademarks of D-Link Corporation or its subsidiaries in the United States or other countries. All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies.© 2014 D-Link Corporation, All Rights ReservedThis publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein, may be reproduced without written consent of the author.Limitations of LiabilityUNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, DLINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES. D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE PRODUCT.PrefacePreface
D-Link DSR-Series User Manual iiUse the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Safety CautionsTo reduce the risk of bodily injury, electrical shock, re, and damage to the equipment, observe the following precautions:•  Observe and follow service markings.•  Do not service any product except as explained in your system documentation.•  Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock.•  Only a trained service technician should service components inside these compartments.•  If any of the following conditions occur, unplug the product from the electrical outlet and replace the part or contact your trained service provider:•  The power cable, extension cable, or plug is damaged.•  An object has fallen into the product.•  The product has been exposed to water.•  The product has been dropped or damaged.•  The product does not operate correctly when you follow the operating instructions.•  Keep your system away from radiators and heat sources. Also, do not block cooling vents.• Do not spill food or liquids on your system components, and never operate the product in a wet environment. If the system gets wet, see the appropriate section in your troubleshooting guide or contact your trained service provider.•  Do not push any objects into the openings of your system. Doing so can cause re or electric shock by shorting out interior components.•  Use the product only with approved equipment.•  Allow the product to cool before removing covers or touching internal components.•  Operate the product only from the type of external power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service provider or local power company.•  Also, be sure that attached devices are electrically rated to operate with the power available in your location.•  Use only approved power cable(s). If you have not been provided with a power cable for your system or for any AC powered option intended for your system, purchase a power cable that is approved for use in your country. The power cable must be rated for the product and for the voltage and current marked on the product’s electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product.•  To help prevent electric shock, plug the system and peripheral power cables into properly grounded electrical outlets.Safety InstructionsPreface
D-Link DSR-Series User Manual iii• These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable. If you must use an extension cable, use a 3-wire cable with properly grounded plugs.•  Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip. •  To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).•  Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.•  Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modications.•  Always follow your local/national wiring rules.•  When connecting or disconnecting power to hot-pluggable power supplies, if oered with your system, observe the following guidelines:•  Install the power supply before connecting the power cable to the power supply.•  Unplug the power cable before removing the power supply.•  If the system has multiple sources of power, disconnect power from the system by unplugging all power cables from the power supplies.•  Move products with care; ensure that all casters and/or stabilizers are rmly connected to the system. Avoid sudden stops and uneven surfaces.Preface
D-Link DSR-Series User Manual ivStatic electricity can harm delicate components inside your system. To prevent static damage, discharge static electricity from your body before you touch any of the electronic components, such as the microprocessor. You can do so by periodically touching an unpainted metal surface on the chassis.You can also take the following steps to prevent damage from electrostatic discharge (ESD):1.  When unpacking a static-sensitive component from its shipping carton, do not remove the component from the antistatic packing material until you are ready to install the component in your system. Just before unwrapping the antistatic packaging, be sure to discharge static electricity from your body.2.  When transporting a sensitive component, rst place it in an antistatic container or package.3. Handle all sensitive components in a static-safe area. If possible, use antistatic oor pads, workbench pads and an antistatic grounding strap.Protecting Against Electrostatic DischargePreface
Power UsageThis device is an Energy Related Product (ErP) with High Network Availability (HiNA), and automatically switches to a power-saving Network Standby mode within 1 minute of no packets being transmitted. It can also be turned o through a power switch to save energy when it is not needed.DSR-250N/DSR-250NB1Network Standby:7.8336 wattsSwitched O: 0.1301 wattsDSR-250Network Standby: 7.8588 wattsSwitched O:  0.1290 wattsDSR-150NNetwork Standby: 8.2317 wattsSwitched O:  0.1283 wattsDSR-150Network Standby: 6.9133 wattsSwitched O:  0.12661 wattsDSR-1000NNetwork Standby: 10.969 wattsSwitched O: 0.0 wattsDSR-1000Network Standby: 10.912 wattsSwitched O: 0.0 wattsDSR-500NNetwork Standby: 11.487 wattsSwitched O: 0.0 wattsDSR-500Network Standby: 9.744 wattsSwitched O: 0.0 watts
D-Link DSR-Series User Manual viTable of ContentsPreface ........................................................................................................................................................... iManual Revisions ........................................................................................................................................................................iTrademarks/Copyright Notice ...............................................................................................................................................iLimitations of Liability ..............................................................................................................................................................iSafety Instructions ....................................................................................................................................................................iiSafety Cautions .................................................................................................................................................................iiProtecting Against Electrostatic Discharge .......................................................................................................... ivPower Usage ...............................................................................................................................................................................vIntroduction ................................................................................................................................................. 1Installation ................................................................................................................................................... 3Before you Begin ...................................................................................................................................................................... 3Connect to your Network ...................................................................................................................................................... 3Basic Conguration ..................................................................................................................................... 4#1 Log in to the Web UI .......................................................................................................................................................... 5#2 Change LAN IP Address .................................................................................................................................................... 6#3 Congure DHCP Server .................................................................................................................................................... 7#4 Set Time and Date .............................................................................................................................................................. 8#5 Internet Connection Setup ............................................................................................................................................. 9#6 Wireless Network Setup .................................................................................................................................................12#7 Create Users........................................................................................................................................................................13#8 Security/VPN Wizard .......................................................................................................................................................14#9 Dynamic DNS Wizard ......................................................................................................................................................16LAN  Conguration ..................................................................................................................................... 17LAN Settings.............................................................................................................................................................................18DHCP Server ....................................................................................................................................................................19DHCP Relay ......................................................................................................................................................................20DHCP Reserved IPs .......................................................................................................................................................21IGMP Setup ...............................................................................................................................................................................22UPnP Setup ...............................................................................................................................................................................23Jumbo Frames .........................................................................................................................................................................24VLAN ...........................................................................................................................................................................................25VLAN Settings .................................................................................................................................................................25Captive Portal ..........................................................................................................................................................27Port/Wireless VLAN .......................................................................................................................................................28Connect to the Internet ............................................................................................................................. 30Dynamic IP .......................................................................................................................................................................30Table of Contents
D-Link DSR-Series User Manual viiStatic IP .............................................................................................................................................................................31PPPoE .................................................................................................................................................................................32PPTP ...................................................................................................................................................................................33L2TP ....................................................................................................................................................................................34Japanese PPPoE .............................................................................................................................................................35Russian PPPoE ................................................................................................................................................................36Russian PPTP ...................................................................................................................................................................37Russian L2TP ...................................................................................................................................................................38WAN2 Settings.........................................................................................................................................................................39WAN ...................................................................................................................................................................................39DMZ....................................................................................................................................................................................40WAN3 (3G Internet) ...............................................................................................................................................................41WAN Mode ................................................................................................................................................................................42Single WAN Port .............................................................................................................................................................42Auto-Rollover using WAN IP ......................................................................................................................................43Load Balancing ...............................................................................................................................................................44Round Robin ............................................................................................................................................................45Spillover .....................................................................................................................................................................46Routing Mode.................................................................................................................................................................47NAT or Classical .......................................................................................................................................................47Transparent ..............................................................................................................................................................48Bridge .........................................................................................................................................................................49IP Aliasing .........................................................................................................................................................................50DMZ Settings ..................................................................................................................................................................51DMZ LAN DHCP Reserved IPs ............................................................................................................................52Dynamic DNS Settings ................................................................................................................................................53Trac Management .....................................................................................................................................................54Bandwidth Proles .................................................................................................................................................54Trac Shaping .........................................................................................................................................................56Routing ......................................................................................................................................................................................57Static Routes ...................................................................................................................................................................57RIP .......................................................................................................................................................................................59OSPF ...................................................................................................................................................................................60Protocol Binding ............................................................................................................................................................62IPv6 ..............................................................................................................................................................................................63IP Mode .............................................................................................................................................................................63WAN Settings ..................................................................................................................................................................64Dynamic IP ................................................................................................................................................................64Static IP.......................................................................................................................................................................65PPPoE ..........................................................................................................................................................................66Static Routing .................................................................................................................................................................67OSPFv3 ..............................................................................................................................................................................696 to 4 Tunneling .............................................................................................................................................................71Table of Contents
D-Link DSR-Series User Manual viiiISATAP ................................................................................................................................................................................72LAN Settings ...................................................................................................................................................................73DHCPv6 Server ........................................................................................................................................................73IPv6 Address Pools .................................................................................................................................................75IPv6 Prex Length ..................................................................................................................................................76Router Advertisement ..........................................................................................................................................77Advertisement Prexes ........................................................................................................................................78IPv6 Tunnels Status ................................................................................................................................................79Wireless Settings ....................................................................................................................................... 80Access Points ............................................................................................................................................................................80Proles ........................................................................................................................................................................................82Radio Settings .........................................................................................................................................................................84WMM Settings .........................................................................................................................................................................85WDS .............................................................................................................................................................................................86Advanced Settings .................................................................................................................................................................87WPS .............................................................................................................................................................................................88VPN ............................................................................................................................................................. 90IPSec VPN ..................................................................................................................................................................................91Policies ..............................................................................................................................................................................91Tunnel Mode ...................................................................................................................................................................95Split DNS Names ............................................................................................................................................................96DHCP Range ....................................................................................................................................................................97Certicates .......................................................................................................................................................................98Trusted Certicates ................................................................................................................................................98Active Self Certicates ..........................................................................................................................................99Self Certicate Requests ....................................................................................................................................100Easy VPN Setup ............................................................................................................................................................101PPTP VPN .................................................................................................................................................................................102Server ..............................................................................................................................................................................102Client................................................................................................................................................................................103PPTP Active Users List .........................................................................................................................................104L2TP VPN .................................................................................................................................................................................105Server ..............................................................................................................................................................................105Client................................................................................................................................................................................106L2TP Active Users List .........................................................................................................................................107SSL VPN ....................................................................................................................................................................................108Server Policies ..............................................................................................................................................................108Portal Layouts ...............................................................................................................................................................110Resources .......................................................................................................................................................................112Add New Resource...............................................................................................................................................112Port Forwarding ....................................................................................................................................................114Client................................................................................................................................................................................115Table of Contents
D-Link DSR-Series User Manual ixClient Routes .................................................................................................................................................................116Open VPN ................................................................................................................................................................................117Settings ...........................................................................................................................................................................117Server ........................................................................................................................................................................117Client .........................................................................................................................................................................118Access Server Client ............................................................................................................................................119Local Networks .............................................................................................................................................................120Remote Networks .......................................................................................................................................................121Authentication .............................................................................................................................................................122GRE ............................................................................................................................................................................................123Security .................................................................................................................................................... 125Groups ......................................................................................................................................................................................125Login Policies ................................................................................................................................................................126Browser Policies ...........................................................................................................................................................127IP Policies........................................................................................................................................................................128Users .........................................................................................................................................................................................129User Management ......................................................................................................................................................129Import User Database ...............................................................................................................................................130Create a User Database (CSV File) .........................................................................................................................131External Authentication Servers .....................................................................................................................................132RADIUS Server ..............................................................................................................................................................132POP3 Server...................................................................................................................................................................133POP3 Trusted Server ...................................................................................................................................................134LDAP Server ..................................................................................................................................................................135AD Server .......................................................................................................................................................................136NT Domain Server .......................................................................................................................................................138Login Proles .........................................................................................................................................................................139Web Content Filtering ........................................................................................................................................................142Static Filtering ..............................................................................................................................................................142Approved URLs ............................................................................................................................................................143Blocked Keywords .......................................................................................................................................................144Dynamic Filtering ........................................................................................................................................................145Firewall .....................................................................................................................................................................................146Firewall Rules ................................................................................................................................................................146Schedules .......................................................................................................................................................................148Custom Services ..........................................................................................................................................................149ALGs .................................................................................................................................................................................150SMTP ALGs ..............................................................................................................................................................151Approved Mail IDs ................................................................................................................................................152Blocked Mail IDs ....................................................................................................................................................153Mail Filtering ..........................................................................................................................................................154VPN Passthrough .........................................................................................................................................................155Dynamic Port Forwarding ........................................................................................................................................156Table of Contents
D-Link DSR-Series User Manual xApplication Rules .................................................................................................................................................156Attack Checks ...............................................................................................................................................................158Intel® AMT ......................................................................................................................................................................159IPS .....................................................................................................................................................................................160Maintenance ............................................................................................................................................ 161System Settings ....................................................................................................................................................................161Date and Time .......................................................................................................................................................................162Session Settings ....................................................................................................................................................................163License Updates ....................................................................................................................................................................164USB Share Ports .....................................................................................................................................................................165SMS Service ............................................................................................................................................................................166Inbox ................................................................................................................................................................................166Create SMS .....................................................................................................................................................................167Package Manager .................................................................................................................................................................168Set Language .........................................................................................................................................................................170Web GUI Management .......................................................................................................................................................171Remote Management .........................................................................................................................................................172SNMP ........................................................................................................................................................................................173SNMP User List .............................................................................................................................................................173SNMP Trap List ..............................................................................................................................................................174Access Control ..............................................................................................................................................................175SNMP System Info .......................................................................................................................................................176Diagnostics .............................................................................................................................................................................177Ping an IP Address/Domain Name ........................................................................................................................177Using Traceroute .........................................................................................................................................................178Performing DNS Lookups .........................................................................................................................................179Capture Packets ...........................................................................................................................................................180System Check ...............................................................................................................................................................181Power Saving ................................................................................................................................................................182Firmware Upgrade ...............................................................................................................................................................183Check Update ...............................................................................................................................................................183Using PC .........................................................................................................................................................................184Using USB .......................................................................................................................................................................185Conguration Files......................................................................................................................................................186Backup ......................................................................................................................................................................186Restore .....................................................................................................................................................................187Conguration Settings .......................................................................................................................................188Soft Reboot ...................................................................................................................................................................189Reset to Factory Default Settings ..........................................................................................................................190Log Settings ...........................................................................................................................................................................191Dening What to Log .................................................................................................................................................191Routing Logs .................................................................................................................................................................193Table of Contents
D-Link DSR-Series User Manual xiSystem Logs ..................................................................................................................................................................194Remote Logs .................................................................................................................................................................195Syslog Server ................................................................................................................................................................197Event Logs .....................................................................................................................................................................198IPv6 Logs ........................................................................................................................................................................199Status and Statistics ................................................................................................................................ 200Dashboard ..............................................................................................................................................................................200Manage Dashboard ....................................................................................................................................................201System ......................................................................................................................................................................................202LAN Info ...................................................................................................................................................................................203WAN1 ........................................................................................................................................................................................204WAN2 ........................................................................................................................................................................................205WAN3 ........................................................................................................................................................................................206Wireless ....................................................................................................................................................................................207All Logs .....................................................................................................................................................................................208Current Logs ..................................................................................................................................................................208Firewall Logs .................................................................................................................................................................209IPSec VPN Logs .............................................................................................................................................................210SSL VPN Logs ................................................................................................................................................................211USB Status ...............................................................................................................................................................................212Network Information ..........................................................................................................................................................213DHCP Leased Clients ..................................................................................................................................................213Active Sessions .............................................................................................................................................................214Active VPNs....................................................................................................................................................................215Interface Statistics .......................................................................................................................................................216View Wireless Clients..................................................................................................................................................217Device Stats ...................................................................................................................................................................218Wireless Statistics ........................................................................................................................................................219View LAN Clients .........................................................................................................................................................220Troubleshooting ...................................................................................................................................... 221Internet Connection ............................................................................................................................................................221Date and time ........................................................................................................................................................................223Pinging to Test LAN Connectivity ...................................................................................................................................224Testing the LAN path from your PC to your router  ........................................................................................224Testing the LAN path from your PC to a remote device ................................................................................225Restoring factory-default conguration settings .....................................................................................................226Appendix A - Glossary ............................................................................................................................. 227Appendix B - Factory Default Settings ................................................................................................... 229Appendix C - Standard Services for Port Forwarding & Firewall Conguration  ................................ 230
D-Link DSR-Series User Manual xiiAppendix D - Log Output Reference ...................................................................................................... 231Appendix E - RJ-45 Pin-outs  ................................................................................................................... 294Appendix F - New Wi Fi Frequency table ( New appendix section )  .................................................... 295Appendix G - Product Statement  ........................................................................................................... 298
D-Link DSR-Series User Manual 1Section 1 - IntroductionIntroductionD-Link Services Routers oer a secure, high performance networking solution to address the growing needs of small and medium businesses. Integrated high -speed IEEE 802.11n and 3G wireless technologies oer comparable performance to traditional wired networks, but with fewer limitations. Optimal network security is provided via features such as virtual private network (VPN) tunnels, IP Security ( IPsec), Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels.With the D-Link Services Router you are able to experience a diverse set of benets:•  Comprehensive Management Capabilities  The DSR-500, DSR-500N, DSR-1000 and DSR-1000N include dual-WAN Gigabit Ethernet which provides policy-based service management ensuring maximum productivity for your business operations. The failover feature maintains data trac without disconnecting when a landline connection is lost. The Outbound Load Balancing feature adjusts outgoing trac across two WAN interfaces and optimizes the system performance resulting in high availability. The solution supports conguring a port as a dedicated DMZ port allowing you to isolate servers from your LAN. Note: The DSR-150/150N/250/250N products have a single WAN interface, and thus do not support Auto Failover or Load Balancing scenarios.•  Superior Wireless Performance  Designed to deliver superior wireless performance, the DSR-500N and DSR-1000N include 802.11 a/b/g/n support, allowing for operation on either the 2.4 GHz or 5 GHz radio bands. Multiple In Multiple Out (MIMO) technology allows the DSR-500N and DSR-1000N to provide high data rates with minimal “dead spots” throughout the wireless coverage area. Note: The DSR-150N, DSR-250N, and DSR-500N support the 2.4GHz radio band only.•  Flexible Deployment Options  The DSR-1000/1000N supports Third Generation (3G) Networks via an extendable USB 3G dongle. This 3G network capability oers an additional secure data connection for networks that provide critical services. The DSR-1000N can be congured to automatically switch to a 3G network whenever a physical link is lost.•  Robust VPN features  A fully featured virtual private network (VPN) provides your mobile workers and branch oces with a secure link to your network. The DSR-150/150N/250/250N, DSR-500/500N and DSR-1000/1000N are capable of simultaneously managing 5, 5, 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering your mobile users by providing remote access to a central corporate database. Site-to-site VPN tunnels use IP Security (IPsec) Protocol, Point-to-Point Tunneling Protocol (PPTP), or Layer 2 Tunneling Protocol (L2TP) to facilitate branch oce connectivity through encrypted virtual links. The DSR-150/150N, DSR-250/250N, DSR-500/500N, and DSR-1000/1000N support 10, 25, 35 and 75 simultaneous IPsec VPN tunnels respectively.
D-Link DSR-Series User Manual 2Section 1 - Introduction•  Ecient D-Link Green Technology  As a concerned member of the global community, D-Link is devoted to providing eco-friendly products. D-Link Green Wi-Fi and D-Link Green Ethernet save power and prevent waste. The D-Link Green WLAN scheduler reduces wireless power automatically during o-peak hours. Likewise the D-Link Green Ethernet program adjusts power usage based on the detected cable length and link status. In addition, compliance with RoHS (Restriction of Hazardous Substances) and WEEE (Waste Electrical and Electronic Equipment) directives make D-Link Green certied devices the environmentally responsible choice. Note: Support for the 3G wireless WAN USB dongle is only available for the DSR-1000 and DSR-1000N.
D-Link DSR-Series User Manual 3Section 2 - InstallationInstallationObserve the following precautions to help prevent shutdowns, equipment failures, and injuries:•  Ensure that the room in which you operate the device has adequate air circulation and that the room temperature does NOT exceed 40˚C (104˚F).•  Allow 1 meter (3 feet) of clear space to the front and back of the device.•  Do NOT place the device in an equipment rack frame that blocks the air vents on the sides of the chassis. Ensure that enclosed racks have fans and louvered sides.• Before installation, please correct these hazardous conditions: moist or wet oors, leaks, ungrounded or frayed power cables, or missing safety grounds.Before you BeginThis section provides information and steps on how to connect your DSR router to your network. Connect to your NetworkThis section provides basic information about physically connecting the DSR-250 to a network. 1.  Connect an Ethernet cable from the port labeled WAN to the external router or modem. The port WAN is pre-allocated to the WAN network segment. 2.  Connect an Ethernet cable from one of the LAN ports to a switch or a computer in the LAN network segment.3. Connect an RJ45-to-DB9 cable from the console port for CLI (Command Line Interface) management access (optional). Note: Refer to the Quick Installation Guide included with your router for more information on network connectivity, port, and LED information.
D-Link DSR-Series User Manual 4Section 3 - Basic CongurationBasic CongurationAfter you install the router, perform the basic conguration instructions described in this section which includes:•  “#1 Log in to the Web UI” on page 5•  “#2 Change LAN IP Address” on page 6•  “#3 Congure DHCP Server” on page 7•  “#4 Set Time and Date” on page 8•  “#5 Internet Connection Setup” on page 9•  “#6 Wireless Network Setup” on page 12•  “#7 Create Users” on page 13•  “#8 Security/VPN Wizard” on page 14•  “#9 Dynamic DNS Wizard” on page 16
D-Link DSR-Series User Manual 5Section 3 - Basic CongurationNote: The workstation from which you manage the router must be in the same subnet as the router (192.169.10.0/24).To access the device with the Web UI:1.  Connect your workstation to an available LAN port on the router.2. Ensure your workstation has DHCP enabled or is assigned a static IP address within the 192.168.10.0/24 subnet. Note: Disable pop-up blocking software or add the management IP address http://192.168.10.1 to your pop-up blocker’s allow list.3.  Launch a browser, enter the IP address for the LAN interface (default = http://192.168.10.1), and then press Enter.4.  Enter your username (default = admin) and your password (default = admin), then click Login.#1 Log in to the Web UIThe LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface. Access the router’s Web user interface (Web UI) for management by using any web browser, such as Internet Explorer, Firefox, Chrome, or Safari.5.  The web management interface opens with the Status > Dashboard page. This page displays general, LAN, and WLAN status information. You can return to this page at any time by clicking Status > Dashboard.
D-Link DSR-Series User Manual 6Section 3 - Basic Conguration#2 Change LAN IP Address1.  Log in to the router.2. Click Network > LAN > LAN Settings. The LAN Settings page will appear.To change the LAN IP address of the router, follow the steps below:Note: If you change the IP address and click Save, the Web UI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained an IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.3. Under IP Address Setup, enter a new IP address for the router.4.  Enter a new subnet mask if needed.5. Click Save at the bottom of the page.
D-Link DSR-Series User Manual 7Section 3 - Basic Conguration#3 Congure DHCP Server1.  Log in to the router. 2. Click Network > LAN > LAN Settings. The LAN Settings page will appear.To change the DHCP settings of the router, follow the steps below:3. From the DHCP Mode drop-down menu under DHCP Setup, select None (disable), DHCP Server (enable), or DHCP Relay. Note: DHCP Relay will allow DHCP clients on the LAN to receive IP address leases and corresponding information from a DHCP server on a dierent subnet. When LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address you enter.4.  If enabled, ll in the following elds:Field DescriptionStarting IP AddressEnter the starting IP address in the DHCP address pool. Any new DHCP cli-ent joining the LAN is assigned an IP address within the starting and end-ing IP address range. Starting and ending IP addresses should be in the same IP address subnet as the wireless controller’s LAN IP address.Ending IP Address Enter the ending IP address in the DHCP address pool.Default GatewayBy default this setting is router’s LAN IP address. It can be customized to any valid IP within the LAN subnet, in the event that the network’s gateway is not this router. The DHCP server will give the congured IP address as the Default Gateway to its DHCP clients.Domain Name Enter a domain name.Lease Time Enter the time, in hours, for which IP addresses are leased to clients.Congure DNS/WINS Toggle to On and enter DNS and/or WINS server IP address(es).5. Click Save at the bottom of the page.
D-Link DSR-Series User Manual 8Section 3 - Basic Conguration#4 Set Time and Date1.  Log in to the router.2. Click Wizard in the upper-right side of the page. If you want to manually congure your date/time settings, refer to “Date and Time” on page 162.3. Click Run in the Date and Time Wizard box.4.  Click the continent from the map and then next to City, select your time zone from the drop-down menu. Toggle Daylight Saving to ON if it applies to you and then click Next.5.  Toggle NTP server to ON to use a time server or toggle to OFF to manually enter the time and date.6.  If you selected ON, select either Default or Custom from the drop-down menu. If you selected Custom, enter a primary and secondary NTP server address. 7.  Enter the time to synchronize with the NTP server and click Save.8.  A summary page will appear. Verify your settings and then click Finish.
D-Link DSR-Series User Manual 9Section 3 - Basic Conguration#5 Internet Connection Setup1.  Log in to the router.2. Click Wizard in the upper-right side of the page. If you want to manually congure your Internet settings, refer to “Connect to the Internet” on page 30.This router has two WAN ports that can be used to establish a connection to the internet. It is assumed that you have arranged for internet service with your Internet Service Provider (ISP). Please contact your ISP or network administrator for the conguration information that will be required to setup the router. Supported Internet connection types include Dynamic, Static, PPPoE, PPTP, L2TP, Japanese PPPoE, and Russian PPPoE/PPTP/L2TP.To congure your router to connect to the Internet, follow the steps below:3. Click Run in the Internet Connection Wizard box.4. Toggle On next to either DHCP or Static IP Address and click Next. If your connection type is not listed, refer to “Connect to the Internet” on page 30.
D-Link DSR-Series User Manual 10Section 3 - Basic Congurationa.  If you selected DHCP, complete the elds below:  Field DescriptionMAC Address SourceThis MAC address will be recognized by your ISP. Select from the following three options:• Use Default Address - Uses the default MAC address of the router.• Clone your PC’s MAC Address - Select to use the MAC address of the computer you are currently connecting with.• Use this MAC Address - Select to manually enter a MAC address and enter the address in the box.Host Name Enter a host name if required by your ISP.DNS Server SourceSelect from the following two options:• Get Dynamically from ISP - Select to use the DNS servers assigned by your ISP.• Use these DNS Servers - Select to manually enter a primary and secondary DNS server address(es).Skip to Step 5 on the bottom of the next page.
D-Link DSR-Series User Manual 11Section 3 - Basic Congurationb.  If you selected Static, complete the elds below:  Field DescriptionIP Address Enter the IP address assigned by your ISP.Gateway IP Address Enter the gateway IP address assigned by your ISP.IP Subnet Mask Enter the subnet mask assigned by your ISP.Primary DNS Server Enter the primary DNS server IP address assigned by your ISP.Secondary DNS Server Enter the secondary DNS server IP address assigned by your ISP.5. Click Save. The router will reboot and attempt to connect to your ISP. Please allow one to two minutes to connect.
D-Link DSR-Series User Manual 12Section 3 - Basic Conguration#6 Wireless Network Setup1.  Log in to the router.2. Click Wizard in the upper-right side of the page. This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identier that will be detected by supported clients. The Wizard uses a TKIP+AES cipher for WPA / WPA2 security; depending on support on the client side, devices associate with this AP using either WPA or WPA2 security with the same pre -shared key. The wizard has the option to automatically generate a network key for the AP. This key is the pre-shared key for WPA or WPA2 type security. Supported clients that have been given this PSK can associate with this AP. The default (auto-assigned) PSK is “passphrase”. 5.  Enter a SSID, which is the name of your wireless network.6.  Next to Network Key Type, select Manual. 7.  Enter a password for the wireless network. Wireless devices connecting to this network must enter this password to connect. The password is case-sensitive.8. Click Save.9.  A window will appear with a summary of your settings. Click Finish.3. Click Run in the Wireless Wizard box.4.  The wizard screen will appear.
D-Link DSR-Series User Manual 13Section 3 - Basic Conguration#7 Create Users1.  Log in to the router.2. Click Wizard in the upper-right side of the page. 3. Click Run in the Users Wizard box.The Users Wizard allows you to create user account that you can assign to groups. Refer to “Users” on page 129 for more information. You may want to create Groups before users so you may assign them to groups as you create them. To create groups, refer to “Groups” on page 125.To create new users, follow the steps below:5.  Enter a unique user name.6.  Select the group type from the drop-down menu. For more information on groups, refer to “Groups” on page 125. 7.  Enter a password for the user.8.  Enter the password again for conrmation.9. Click Save.4.  The wizard screen will appear.
D-Link DSR-Series User Manual 14Section 3 - Basic Conguration#8 Security/VPN Wizard1.  Log in to the router.2. Click Wizard in the upper-right side of the page. 3. Click Run in the Security Wizard box.The Security Wizard allows you to enable VPN passthrough and create a VPN.Follow the steps below:4.  The wizard screen will appear.5.  Select the default outbound policy from the drop-down menu.6.  Toggle which type(s) of VPN you want allowed to pass through the router to ON and click Next.
D-Link DSR-Series User Manual 15Section 3 - Basic CongurationNote: The IP address range used on the remote LAN must be dierent from the IP address range used on the local LAN.7.  You can quickly create both IKE and VPN policies. Once the IKE or VPN policy is created, you can modify it as required.8.  From the Select VPN Type drop-down menu, select either Site to Site or Remote Access.9.  Next to Connection Name, enter a name for this VPN connection.10.  Next to IP Protocol Version, select either IPv4 or IPv6.11.  Next to IKE Version, select the version of IKE.12.  Next to Pre-Shared Key, enter the pre-shared key used.13.  Next to Local Gateway, select which WAN port used for the local gateway.14.  Next to Remote Gateway Type and Local Gateway Type, select either IP Address or FQDN.15.  Enter the Remote and Local WAN IP Address or FQDN and click Next.16.  Enter the remote network IP address and subnet mask.17.  Enter the local network IP address and subnet mask.18. Click Save.
D-Link DSR-Series User Manual 16Section 3 - Basic Conguration#9 Dynamic DNS WizardDynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, D-Link DDNS, or Oray.net. Refer to “Dynamic DNS Settings” on page 53 for more information.Follow the steps below:5.  Next to Dynamic DNS, select WAN1 or WAN2.6.  Select the DNS Server Type from the drop-down menu.7.  Depending on your service, enter your DDNS user name, password, and domain name.8. Toggle Allow Wildcards to ON if required by your DDNS service.9. Toggle Update Periodically to ON to auto update every 30 days.10. Click Save.1.  Log in to the router.2. Click Wizard in the upper-right side of the page. 3. Click Run in the Dynamic DNS Wizard box.4.  The wizard screen will appear.
D-Link DSR-Series User Manual 17Section 4 - LAN CongurationLAN CongurationBy default, the router functions as a Dynamic Host Conguration Protocol (DHCP) server to the hosts on the LAN and WLAN network. With DHCP, PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers, Windows Internet Name Service (WINS) servers, and the default gateway. With DHCP server enabled the router’s IP address serves as the gateway address for LAN and WLAN clients. The PCs in the LAN are assigned IP addresses from a pool of addresses specied in this procedure. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN.For most applications, the default DHCP and TCP/IP settings are satisfactory. If you want another PC on your network to be the DHCP server or if you are manually conguring the network settings of all of your PCs, set the DHCP mode to ‘none’. DHCP relay can be used to forward DHCP lease information from another DHCP server on the network. This is particularly useful for wireless clients.Instead of using a DNS server, you can use a Windows Internet Naming Service (WINS) server. A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve host names. The router includes the WINS server IP address in the DHCP conguration when acknowledging a DHCP request from a DHCP client.You can also enable DNS proxy for the LAN. When this is enabled the router then as a proxy for all DNS requests and communicates with the ISP’s DNS servers. When disabled all DHCP clients receive the DNS IP addresses of the ISP.
D-Link DSR-Series User Manual 18Section 4 - LAN CongurationField DescriptionIP Address Enter an new IP address for the router. Default is 192.168.10.1.Subnet Mask Enter the subnet mask for your network. Default is 255.255.255.0.DHCP ModeSelect one of the following modes:•  None - Turns o DHCP.•  DHCP Server (default) - The router will act as the DHCP server on your network.•  DHCP Relay - DHCP clients on your network will receive IP address leases from a DHCP server on a dierent subnet.LAN SettingsPath: Network > LAN > LAN SettingsTo congure the LAN settings on the router:1. Click Network > LAN > LAN Settings. 2. Complete the elds in the table below and click Save.
D-Link DSR-Series User Manual 19Section 4 - LAN CongurationDHCP ServerField DescriptionDHCP Mode Select DHCP Server from the drop-down menu.Starting IP AddressEnter the starting IP address in the DHCP address pool. Any new DHCP client joining the LAN is assigned an IP address within the starting and ending IP address range. Starting and ending IP addresses must be in the same IP address subnet as the router’s LAN IP address.Ending IP Address Enter the ending IP address in the DHCP address pool.Default Gateway Enter the default gateway IP address you want to assign to your DHCP clients. This IP is usually the router’s LAN IP address (default is 192.168.10.1).Domain Name Enter a domain name.Lease Time Enter the time, in hours, for which IP addresses are leased to clients.Congure DNS/WINSToggle to On to manually enter DNS and/or WINS server IP address(es). If set to O, your router’s LAN IP address will be assigned the DNS server to your clients and the router will get the DNS information from your ISP.Save Click Save at the bottom to save and activate your settings.2. Complete the elds in the table below and click Save.1. Select DHCP Server from the drop-down menu.
D-Link DSR-Series User Manual 20Section 4 - LAN CongurationDHCP RelayField DescriptionDHCP Mode Select DHCP Relay from the drop-down menu.Domain Name Enter the domain name of your network.Gateway Enter the relay gateway IP address.Save Click Save at the bottom to save and activate your settings.2. Complete the elds in the table below and click Save.1. Select DHCP Relay from the drop-down menu.
D-Link DSR-Series User Manual 21Section 4 - LAN CongurationDHCP Reserved IPsThe router’s DHCP server can assign IP settings to your clients on your network by adding a client’s MAC address and the IP address to be assigned. Whenever the router receives a request from a client, the MAC address of that client is compared with the MAC address list present in the database. If an IP address is already assigned to that computer or device in the database, the customized IP address is congured otherwise an IP address is assigned to the client automatically from the DHCP pool.Field DescriptionHost Name Enter a host name for this device. Do not use spaces.IP Address Enter the IP address you want to assign to this device. Note that this IP address must be in the same range as the starting/ending IP address under DHCP Settings.MAC Address Enter the MAC address of this device (xx:xx:xx:xx:xx:xx format). This is not case-sensitive.Associate with IP/MAC Binding Toggle ON to associate this device’s information with IP/MAC binding.Save Click Save to save and activate your settings.Path: Network > LAN > LAN DHCP Reserved IPsTo create DHCP reservations:1. Click Network > LAN > LAN DHCP Reserved IPs. 2. Click Add New DHCP Reserved IP. 3.  Enter the following information and click Save.
D-Link DSR-Series User Manual 22Section 4 - LAN CongurationIGMP SetupPath: Network > LAN > IGMP SetupIGMP snooping (IGMP Proxy) allows the router to ‘listen’ in on IGMP network trac through the router. This then allows the router to lter multicast trac and direct it only to hosts that need this stream. This is helpful when there is a lot of multicast trac on the network where all LAN hosts do not need to receive this multicast trac. To enable IGMP Proxy:1. Click Network > LAN > IGMP Setup. 2. Toggle IGMP Proxy to On.3. Click Save.
D-Link DSR-Series User Manual 23Section 4 - LAN CongurationUPnP SetupPath: Network > LAN > UPnPUniversal Plug and Play (UPnP) is a feature that allows the router to discover devices on the network that can communicate with the router and allow for auto-conguration. If a network device is detected by UPnP, the router can open internal or external ports for the trac protocol required by that network device. If disabled, the router will not allow for automatic device conguration and you may have to manually open/forward ports to allow applications to work. To congure the UPnP settings:1. Click Network > LAN > UPnP. 2. Toggle Activate UPnP to On.3.  Select a VLAN from the LAN Segment drop-down menu.4.  Enter a value for Advertisement Period. This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network trac but cause delays in identifying new UPnP devices to the network.5.  Enter a value for Advertisement Time to Live. This is the number of steps a packet is allowed to propagate before being discarded. Small values will limit the UPnP broadcast range. A default of 4 is typical for networks with a few number of switches.6. Click Save.7.  Your entry will be displayed in the UPnP Port Map List. To edit or delete, right-click an entry and select the action from the menu. Repeat steps 2-6 to add multiple entries.
D-Link DSR-Series User Manual 24Section 4 - LAN CongurationJumbo FramesJumbo frames are Ethernet frames with more than 1500 bytes of payload. When this option is enabled, the LAN devices can exchange information at Jumbo frames rate.Path: Network > LAN > Jumbo FramesTo enable jumbo frames:1. Click Network > LAN > Jumbo Frames. 2. Toggle Activate Jumbo Frames to On.3. Click Save.
D-Link DSR-Series User Manual 25Section 4 - LAN CongurationVLANVLAN SettingsPath: Network > VLAN > VLAN SettingsThe VLAN List page displays a list of congured VLANs by name and VLAN ID. A VLAN membership can be created by clicking the Add New VLAN button below the list.A VLAN membership entry consists of a VLAN identier and the numerical VLAN ID which is assigned to the VLAN membership. The VLAN ID value can be any number from 2 to 4091. VLAN ID 1 is reserved for the default VLAN, which is used for untagged frames received on the interface.The router supports virtual network isolation on the LAN with the use of VLANs. LAN devices can be congured to communicate in a sub network dened by VLAN identiers. LAN ports can be assigned unique VLAN IDs so that trac to and from that physical port can be isolated from the general LAN.VLAN ltering is particularly useful to limit broadcast packets of a device in a large network VLAN support is enabled by default in the router. In the VLAN Conguration page, enable VLAN support on the router and then proceed to the next section to dene the virtual network. To create a new VLAN: 1. Click Network > LAN > VLAN Settings. 2. Click Add New VLAN at the bottom.3.  Enter the following required information from the table on the next page.
D-Link DSR-Series User Manual 26Section 4 - LAN CongurationField DescriptionVLAN ID Enter a number between 2 and 4053.Name Enter a name for your VLAN.Captive Portal Toggle ON to enable Captive Portal (refer to the next page for more information).Activate InterVLAN RoutingToggle ON to allow routing between multiple VLANs or OFF to deny communication between VLANs.IP Address Enter the IP address for the VLAN.Subnet Mask Enter the subnet mask for the VLAN.DHCP ModeSelect one of the following modes:•  None - Turns o DHCP for your VLAN.•  DHCP Server (default) - The router will act as the DHCP server for your VLAN.•  DHCP Relay - DHCP clients on your VLAN will receive IP address leases from a DHCP server on a dierent subnet.Enable DNS Proxy Toggle ON to enable the router to act as a proxy for all DNS requests and communicate with the ISP’s DNS servers.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 27Section 4 - LAN CongurationCaptive PortalNote: The DSR-150/150N/250/250N routers do not have support for the Captive Portal feature. Captive Portal is available for LAN users only and not for DMZ hosts.Captive Portals can be enabled on a per-VLAN basis. Hosts of a particular VLAN can be directed to authenticate via the Captive Portal, which may be a customized portal with unique instructions and branding as compared to another VLAN. The most critical aspect of this conguration page is choosing the authentication server. All users (VLAN hosts) that want to gain internet access via the selected Captive Portal will be authenticated through the selected server.To enable Creative Portal to a specic VLAN: 1. Click Network > LAN > VLAN Settings. 2. Click Add New VLAN at the bottom or right-click an existing VLAN and select Edit.3. Toggle Captive Portal to ON.4.  Next to Authentication Server, select an authentication server from the drop-down menu.5.  Next to Login Prole Name, select a prole from the drop-down or click Create a Prole to create a new one. 6.  Select either HTTP or HTTPS for the redirect type.7.  If you want users to enter a CAPTCHA challenge at login, toggle to ON.8.  If you would like communication between VLANs, toggle Activate InterVLAN Routing to ON.9.  Make any other changes/selections and click Save.
D-Link DSR-Series User Manual 28Section 4 - LAN CongurationPort/Wireless VLANPath: Network > VLAN Settings > Port VLANIn order to tag all trac through a specic LAN port with a VLAN ID, you can associate a VLAN to a physical port and wireless segment.VLAN membership properties for the LAN and wireless LAN are listed on this page. The VLAN Port table displays the port identier, the mode setting for that port and VLAN membership information. The conguration page is accessed by selecting one of the four physical ports or a congured access point and clicking Edit.To edit, right-click on the port and select Edit. The edit page oers the following conguration options:•  Mode: The mode of this VLAN can be General, Access (default), or Trunk. Refer to the next page for more information on the dierent modes.•  Select PVID for the port when General mode is selected.•  Congured VLAN memberships will be displayed on the VLAN Membership Conguration for the port. By selecting one more VLAN membership options for a General or Trunk port, trac can be routed between the selected VLAN membership IDs.
D-Link DSR-Series User Manual 29Section 4 - LAN CongurationIn Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Trac through a port in access mode looks like any other Ethernet frame.In General mode the port is a member of a user selectable set of VLANs. The port sends and receives data that is tagged or untagged with a VLAN ID. If the data into the port is untagged, it is assigned the dened PVID. For example, if Port 3 is a General port with PVID 3, then the untagged data into Port 3 will be assigned PVID 3. All tagged data sent out of the port with the same PVID will be untagged. This is mode is typically used with IP Phones that have dual Ethernet ports. Data coming from phone to the switch port on the router will be tagged. Data passing through the phone from a connected device will be untagged.Note: The DSR-150/150N do not support General mode due to hardware limitations.In  Trunk mode the port is a member of a user selectable set of VLANs. All data going into and out of the port is tagged. Untagged coming into the port is not forwarded, except for the default VLAN with PVID=1, which is untagged. Trunk ports multiplex trac for multiple VLANs over the same physical link.
D-Link DSR-Series User Manual 30Section 5 - Connect to the InternetConnect to the InternetThis router has two WAN ports that can be used to establish a connection to the internet. It is assumed that you have arranged for internet service with your Internet Service Provider (ISP). Please contact your ISP or network administrator for the conguration information that will be required to setup the router.Dynamic IPPath: Network > Internet > WAN1 SettingsSelect Dynamic IP (DHCP) to obtain IP address information automatically from your Internet Service Provider. Field DescriptionHost Name Enter a host name if required by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS serversPrimary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 31Section 5 - Connect to the InternetStatic IPPath: Network > Internet > WAN1 SettingsSelect Static IP to manually enter the Internet settings supplied by your Internet Service Provider. Field DescriptionIP Address Enter the IP address supplied by your ISP.IP Subnet Mask Enter the subnet mask supplied by your ISP.Gateway IP Address Enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 32Section 5 - Connect to the InternetPPPoEPath: Network > Internet > WAN1 SettingsSelect PPPoE to enter the PPPoE Internet settings supplied by your Internet Service Provider. Field DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).User Name Enter your PPPoE user name.Password Enter your PPPoE password.Service Enter if your ISP requires it.Authentication Type Select the authentication type from the drop-down menu.Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 33Section 5 - Connect to the InternetPPTPPath: Network > Internet > WAN1 SettingsSelect PPTP to enter the PPTP Internet settings supplied by your Internet Service Provider. Field DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).Server Address Enter your PPTP server address.User Name Enter your PPTP user name.Password Enter your PPTP password.MPPE Encryption Toggle to ON and select the level of MPPE encryption.Split Tunnel Toggle to ON to use split tunnelling. This will allow you to connect to a VPN and Internet using the same physical connection. Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 34Section 5 - Connect to the InternetL2TPField DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).Server Address Enter your PPTP server address.User Name Enter your PPTP user name.Password Enter your PPTP password.Secret Enter a shared secret if required.Split Tunnel Toggle to ON to use split tunnelling. This will allow you to connect to a VPN and Internet using the same physical connection. Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.Path: Network > Internet > WAN1 SettingsSelect L2TP to enter the L2TP Internet settings supplied by your Internet Service Provider.
D-Link DSR-Series User Manual 35Section 5 - Connect to the InternetJapanese PPPoEPath: Network > Internet > WAN1 SettingsSelect Japanese PPPoE to enter the PPPoE Internet settings supplied by your Internet Service Provider. Field DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).User Name Enter your PPPoE user name.Password Enter your PPPoE password.Service Enter if your ISP requires it.Authentication Type Select the authentication type from the drop-down menu.Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.Primary PPPoE DNS ServersSelect either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.Secondary PPPoE Prole You may create a secondary PPPoE prole. MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 36Section 5 - Connect to the InternetRussian PPPoEPath: Network > Internet > WAN1 SettingsSelect Russian PPPoE to enter the PPPoE Internet settings supplied by your Internet Service Provider. Field DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).User Name Enter your PPPoE user name.Password Enter your PPPoE password.Service Enter if your ISP requires it.Authentication Type Select the authentication type from the drop-down menu.Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect  Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.WAN2 Physical Setting Select Dynamic IP or Static IP (IP settings supplied by your ISP). If you select Static IP, enter the IP settings supplied by your ISP.WAN2 Physical DNS Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 37Section 5 - Connect to the InternetRussian PPTPField DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).Server Address Enter your PPTP server address.User Name Enter your PPTP user name.Password Enter your PPTP password.MPPE Encryption Toggle to ON and select the level of MPPE encryption.Split Tunnel Toggle to ON to use split tunnelling. This will allow you to connect to a VPN and Internet using the same physical connection. Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.Path: Network > Internet > WAN1 SettingsSelect Russian PPTP to enter the PPTP Internet settings supplied by your Internet Service Provider.
D-Link DSR-Series User Manual 38Section 5 - Connect to the InternetRussian L2TPPath: Network > Internet > WAN1 SettingsSelect Russian L2TP to enter the L2TP Internet settings supplied by your Internet Service Provider. Field DescriptionAddress Mode Select Dynamic IP or Static IP (IP settings supplied by your ISP).Server Address Enter your PPTP server address.User Name Enter your PPTP user name.Password Enter your PPTP password.Secret Enter a shared secret if required.Split Tunnel Toggle to ON to use split tunnelling. This will allow you to connect to a VPN and Internet using the same physical connection. Reconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.IP Address If you selected Static IP, enter the IP address supplied by your ISP.IP Subnet Mask If you selected Static IP, enter the subnet mask supplied by your ISP.Gateway IP Address If you selected Static IP, enter the gateway IP address supplied by your ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MAC Address SourceSelect Use Default MAC to use the MAC address from the WAN1 port to associate with your modem/ISP, Clone your PC’s MAC to use the MAC address of the computer you are currently using to associate with your modem/ISP, or Use this MAC to manually enter a MAC address.MAC Address If you selected Use this MAC, enter the MAC address you want to associate with your ISP.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP. Port Speed Select a value from the drop-down menu. The default value is Auto-Sense.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 39Section 5 - Connect to the InternetWAN2 SettingsWANPath: Network > Internet > WAN2 SettingsSelect  WAN and select the Internet connection type. Please refer to the previous pages (41-49) for more information. If you want to set WAN2 port to DMZ, skip to the next page.
D-Link DSR-Series User Manual 40Section 5 - Connect to the InternetDMZThis router supports one of the physical ports to be congured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a sub network that is open to the public but behind the rewall. The DMZ adds an additional layer of security to the LAN, as specic services/ports that are exposed to the internet on the DMZ do not have to be exposed on the LAN. It is recommended that hosts that must be exposed to the internet (such as web or email servers) be placed in the DMZ network. Firewall rules can be allowed to permit access specic services/ports to the DMZ from both the LAN or WAN. In the event of an attack to any of the DMZ nodes, the LAN is not necessarily vulnerable as well.DMZ conguration is identical to the LAN conguration. There are no restrictions on the IP address or subnet assigned to the DMZ port, other than the fact that it cannot be identical to the IP address given to the LAN interface of this gateway.Note: For the DSR-500N and 1000N, in order to congure a DMZ port, the router’s congurable port must be set to DMZ in the Network > Internet > DMZ Settings page.1. Click Network > Internet > WAN2 / DMZ Settings.2. Select DMZ and click Save.
D-Link DSR-Series User Manual 41Section 5 - Connect to the InternetWAN3 (3G Internet)Path: Network > Internet > WAN3 SettingsThis router supports the use of 3G Internet access. Cellular 3G internet access is available on WAN3 via a 3G USB modem for DSR-1000 and DSR-1000N. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection. The dial Number and APN are specic to the cellular carriers. Once the connection type settings are congured and saved, navigate to the WAN status page (Setup > Internet Settings > WAN3 Status) and Enable the WAN3 link to establish the 3G connection.Note: A 3G USB modem can be congured as the third WAN in DSR-1000 and DSR- 1000N.Field DescriptionReconnect ModeSome ISPs may require you to pay for usage time. Select On Demand if this is the case. This will have the router connect to the Internet only when you initiate an Internet connection. Select Always On to have the router stay connected to the Internet.Maximum Idle Time Enter the idle time in minutes before the router disconnects from the Internet (On Demand only).User Name Enter your 3G account user name.Password Enter your 3G account password.Dial-in Number Enter the phone number to access your Internet.Authentication Protocol Select one of following protocols from the drop-down menu: None, PAP or CHAP. APN Required Toggle to ON if your ISP requires APN to connect.APN Enter the APN (Access Point Name) provided by the ISP.DNS Server Source Select either Get Dynamically from ISP or Use These DNS Servers to manually enter DNS servers.Primary DNS Server If you selected “Use These DNS Servers”, enter the primary DNS server IP address.Secondary DNS Server If you selected “Use These DNS Servers”, enter the secondary DNS server IP address.MTU Size Select to use the default MTU value (1500) or select Custom to enter your own value.Custom MTU Enter a MTU value to optimize performance with your ISP.
D-Link DSR-Series User Manual 42Section 5 - Connect to the InternetWAN ModeSingle WAN PortPath: Network > Internet > WAN ModeThis router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports.To use Auto Failover or Load Balancing, WAN link failure detection must be congured. This involves accessing DNS servers on the internet or ping to an internet address (user dened). If required, you can congure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if a WAN port is down.If you do not want to use Auto Failover or Load Balancing, select Single WAN Port from the WAN Mode drop-down menu and select the WAN port you want to set. Click Save.
D-Link DSR-Series User Manual 43Section 5 - Connect to the InternetAuto-Rollover using WAN IPIn this mode one of your WAN ports is assigned as the primary internet link for all internet trac and the secondary WAN port is used for redundancy in case the primary link goes down for any reason. Both WAN ports (primary and secondary) must be congured to connect to the respective ISP’s before enabling this feature. The secondary WAN port will remain unconnected until a failure is detected on the primary link (either port can be assigned as the primary). In the event of a failure on the primary port, all internet trac will be rolled over to the backup port. When congured in Auto-Failover mode, the link status of the primary WAN port is checked at regular intervals as dened by the failure detection settings.Field DescriptionWAN Mode Select Auto-Rollover Using WAN IP from the drop-down menu.Use Primary WAN Port Select which WAN port is the primary.Use Secondary WAN Port Select which port to use if the primary port fails.WAN Health Check• DNS lookup using WAN DNS Servers: DNS Lookup of the DNS Servers of the primary link is used to detect primary WAN connectivity.•  DNS lookup using DNS Servers: DNS Lookup of the custom DNS Servers can be specied to check the connectivity of the primary link.• Ping these IP addresses: These IP’s will be pinged at regular intervals to check the connectivity of the primary link.• Retry Interval is: The number tells the router how often it should run the above congured failure detection method.•  Failover after: This sets the number of retries after which failover is initiated.WAN1/WAN2/WAN3 Enter the DNS server or IP address to ping.Retry Interval Enter the time in seconds to initiate the WAN health check. Default is every 30 seconds.Failover After Enter the number of failures before the router will enable the failover process.Note: The DSR-1000, DSR-1000N, DSR-500, DSR-500N, DSR-250, DSR-250N, DSR-150, and DSR-150N routers support 3G USB Modem as a failover link when the internet access is lost.1. Click Network > Internet > WAN Mode.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 44Section 5 - Connect to the InternetLoad BalancingPath: Network > Internet > WAN ModeThis feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously. After conguring more than one WAN port, the load balancing option is available to carry trac over more than one link. Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet ow. The congured failure detection method is used at regular intervals on all congured WAN ports when in Load Balancing mode.This router currently supports three algorithms for Load Balancing:Round Robin: This algorithm is particularly useful when the connection speed of one WAN port greatly diers from another. In this case you can dene protocol bindings to route low-latency services (such as VOIP) over the higher -speed link and let low-volume background trac (such as SMTP) go over the lower speed link. Protocol binding is explained in next section.Spillover: If Spillover method is selected, the primary WAN acts as a dedicated link until a dened bandwidth threshold are reached. After this, the secondary WAN will be used for new connections. Inbound connections on the secondary WAN are permitted with this mode, as the spillover logic governs outbound connections moving from the primary to secondary WAN. You can congure spillover mode by using following options:•  Load Tolerance: It is the percentage of bandwidth after which the router switches to secondary WAN.•  Max Bandwidth: This sets the maximum bandwidth tolerable by the primary WAN for outbound trac.If the link bandwidth of outbound trac goes above the load tolerance value of max bandwidth, the router will spillover the next connections to secondary WAN.For example, if the maximum bandwidth of primary WAN is 1Kbps and the load tolerance is set to 70. Now every time a new connection is established the bandwidth increases. After a certain number of connections say bandwidth reached 70% of 1Kbps, the new outbound connections will be spilled over to secondary WAN. The maximum value of load tolerance is 80% and the minimum is 20%.Note: The DSR-1000, DSR-1000N, DSR-500, and DSR-500N routers support the trac load balancing between physical WAN port and a 3G USB Modem.Load balancing is particularly useful when the connection speed of one WAN port greatly diers from another. In this case you can dene protocol bindings to route low-latency services (such as VOIP) over the higher-speed link and let low-volume background trac (such as SMTP) go over the lower speed link.
D-Link DSR-Series User Manual 45Section 5 - Connect to the InternetField DescriptionWAN Mode Select Load Balancing from the drop-down menu.Load Balance Select Round Robin.WAN Health Check• DNS lookup using WAN DNS Servers: DNS Lookup of the DNS Servers of the primary link is used to detect primary WAN connectivity.•  DNS lookup using DNS Servers: DNS Lookup of the custom DNS Servers can be specied to check the connectivity of the primary link.• Ping these IP addresses: These IP’s will be pinged at regular intervals to check the connectivity of the primary link.• Retry Interval is: The number tells the router how often it should run the above congured failure detection method.•  Failover after: This sets the number of retries after which failover is initiated.Save Click to save and activate your settings.Round Robin1. Click Network > Internet > WAN Mode.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 46Section 5 - Connect to the InternetField DescriptionWAN Mode Select Load Balancing from the drop-down menu.Load Balance Select Spillover Mode.WAN Health Check• DNS lookup using WAN DNS Servers: DNS Lookup of the DNS Servers of the primary link is used to detect primary WAN connectivity.•  DNS lookup using DNS Servers: DNS Lookup of the custom DNS Servers can be specied to check the connectivity of the primary link.• Ping these IP addresses: These IP’s will be pinged at regular intervals to check the connectivity of the primary link.• Retry Interval is: The number tells the router how often it should run the above congured failure detection method.•  Failover after: This sets the number of retries after which failover is initiated.Retry Interval is Enter the time in seconds to initiate the WAN health check. Default is every 30 seconds.Failover After Enter the number of failures before the router will enable the failover process.Load Tolerance Enter the percentage of bandwidth after which the router switches to the secondary WAN.Max Bandwidth This sets the maximum bandwidth tolerable by the primary WAN for outbound trac.Save Click to save and activate your settings.Spillover1. Click Network > Internet > WAN Mode.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 47Section 5 - Connect to the InternetRouting ModeRouting between the LAN and WAN will impact the way this router handles trac that is received on any of its physical interfaces. The routing mode of the gateway is core to the behavior of the trac ow between the secure LAN and the internet.NAT or ClassicalField DescriptionRouting Settings Select NAT or Classical.NAT with WAN1 Toggle to ON to use NAT with WAN1 or OFF for classical.NAT with WAN2 Toggle to ON to use NAT with WAN2 or OFF for classical.Save Click to save and activate your settings.Path: Network > Internet > Routing ModeWith classical routing, devices on the LAN can be directly accessed from the internet with their public IP addresses (assuming appropriate rewall settings are congured). If your ISP has assigned an IP address for each of the computers/devices that you use, select Classical.NAT is a technique which allows several computers and devices on your local network to share an Internet connection. The computers on the LAN use a “private” IP address range while the WAN port on the router is congured with a single “public” IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned only one IP address to you. The computers/devices that connect through the router will need to be assigned IP addresses from a private subnet.1. Click Network > Internet > Routing Mode.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 48Section 5 - Connect to the InternetTransparentField DescriptionRouting Settings Select Transparent.Save Click to save and activate your settings.When Transparent Routing Mode is enabled, NAT is not performed on trac between the LAN and WAN interfaces. Broadcast and multicast packets that arrive on the LAN interface are switched to the WAN and vice versa, if they do not get ltered by rewall or VPN policies. To maintain the LAN and WAN in the same broadcast domain select Transparent mode, which allows bridging of trac from LAN to WAN and vice versa, except for router-terminated trac and other management trac. All DSR features (such as 3G modem support) are supported in transparent mode assuming the LAN and WAN are congured to be in the same broadcast domain.Note: NAT routing has a feature called “NAT Hair -pinning” that allows internal network users on the LAN and DMZ to access internal servers (e.g., an internal FTP server) using their externally-known domain name. This is also referred to as “NAT loopback” since LAN generated trac is redirected through the rewall to reach LAN servers by their external name.1. Click Network > Internet > Routing.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 49Section 5 - Connect to the InternetBridgeField DescriptionRouting Settings Select Bridge.Bridge Interface IP Address Enter the bridge interface IP address.DMZ Interface IP Address Enter the DMZ interface IP address.Subnet Mask Enter the subnet mask.NAT with WAN1 Toggle ON to turn NAT on WAN1 or OFF for classical.Save Click to save and activate your settings.When Bridge Mode routing is enabled, the rst physical LAN port and secondary WAN/DMZ (port 2) interfaces are bridged together at Layer 2, creating an aggregate network. The other LAN ports and the primary WAN (WAN1) are not part of this bridge, and the router asks as a NAT device for these other ports. With Bridge mode for the LAN port 1 and WAN2/DMZ interfaces, L2 and L3 broadcast trac as well as ARP / RARP packets are passed through. When WAN2 receives tagged trac the tag information will be removed before the packet is forwarded to the LAN port 1 interface.Note: Bridge mode option is available on DSR-500 / 500N / 1000 / 1000N routers only.1. Click Network > Internet > Routing.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 50Section 5 - Connect to the InternetIP AliasingPath: Network > Internet > IP AliasingA single WAN Ethernet port can be accessed via multiple IP addresses by adding an alias to the port. This is done by conguring an IP Alias address. To edit or delete any existing aliases, right-click the alias and select either Edit or Delete.Field DescriptionInterface Select either WAN1 or WAN2.IP Address Enter an alias IP address for the WAN interface you selected.Subnet Mask Enter a subnet mask for the WAN interface you selected.Save Click to save and activate your settings.To create a new alias:1. Click Network > Internet > IP Aliasing. 2. Click Add New IP Aliasing. 3.  Enter the following information and click Save.
D-Link DSR-Series User Manual 51Section 5 - Connect to the InternetField DescriptionIP Address Enter an IP address for the DMZ interface.Subnet Mask Enter the subnet mask for the DMZ interface.DHCP ModeSelect one of the following modes:•  None - Turns o DHCP.•  DHCP Server (default) - The router will act as the DHCP server on your network.•  DHCP Relay - DHCP clients on your network will receive IP address leases from a DHCP server on a dierent subnet.DHCP Server Refer to “DHCP Server” on page 19 for more information.DHCP Relay Refer to “DHCP Relay” on page 20 for more information.Enable DNS ProxyToggle to On to manually enter DNS and/or WINS server IP address(es). If set to O, your router’s LAN IP address will be assigned the DNS server to your clients and the router will get the DNS information from your ISP.Primary DNS Server If DNS Proxy is set to ON, enter the primary DNS server IP address.Secondary DNS Server If DNS Proxy is set to ON, enter the secondary DNS server IP address.WINS Server If DNS Proxy is set to ON, enter the WINS server IP address.Save Click to save and activate your settings.DMZ SettingsPath: Network > Internet > DMZ SettingsIf you set WAN2 port to DMZ, you will need to congure the port here.To congure the DMZ Settings: 1. Click Network > Internet > DMZ Settings.2.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 52Section 5 - Connect to the InternetThe router’s DHCP server can assign IP settings to your DMZ clients on your network by adding a client’s MAC address and the IP address to be assigned. Whenever the router receives a request from a client, the MAC address of that client is compared with the MAC address list present in the database. If an IP address is already assigned to that computer or device in the database, the customized IP address is congured otherwise an IP address is assigned to the client automatically from the DMZ DHCP pool.To create DHCP reservations:1. Click Network > Internet > DMZ LAN DHCP Reserved IPs. 2. Click Add New DMZ DHCP Reserved IP. 3.  Enter the following information and click Save.Field DescriptionDMZ DHCP Reserved IP Enable Toggle to ON to enable this reservation.IP Address Enter the IP address you want to assign to this device. Note that this IP address must be in the same range as the starting/ending IP address under DHCP Settings.MAC Address Enter the MAC address of this device (xx:xx:xx:xx:xx:xx format).Save Click Save to save your reservation.DMZ LAN DHCP Reserved IPs
D-Link DSR-Series User Manual 53Section 5 - Connect to the InternetDynamic DNS SettingsPath: Network > Internet > Dynamic DNSDynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. To use DDNS, you must setup an account with a DDNS provider such as DynDNS.org, D-Link DDNS, or Oray.net.Each congured WAN can have a dierent DDNS service if required. Once congured, the router will update DDNS services changes in the WAN IP address so that features that are dependent on accessing the router’s WAN via FQDN will be directed to the correct IP address. When you set up an account with a DDNS service, the host and domain name, username, password and wildcard support will be provided by the account provider.To congure DDNS:1. Click Network > Internet > Dynamic DNS 2.  Click the tab on top to select which WAN port you want to congure DDNS to.3.  Next to Dynamic DNS Service Type, select your DDNS service.4.  Enter the following information and click Save. The information below is for DynDNS. Other services will have similar elds.Field DescriptionUser Name Enter your DDNS user name.Domain Name Enter the domain name.Password Enter your DDNS password.Status Displays the current connection status.Allow Wildcards Toggle to ON to allow wildcards.Update Periodically Toggle to ON to set a forced update.  Save Click Save to save your reservation.
D-Link DSR-Series User Manual 54Section 5 - Connect to the InternetTrac ManagementPath: Network > Internet > Trac Management > Bandwidth ProlesBandwidth proles allow you to regulate the trac ow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (like guests or HTTP service) do not monopolize the available WAN’s bandwidth for cost-savings or bandwidth-priority-allocation purposes.Bandwidth proles conguration consists of enabling the bandwidth control feature from the GUI and adding a prole which denes the control parameters. The prole can then be associated with a trac selector, so that bandwidth prole can be applied to the trac matching the selectors. Selectors are elements like IP addresses or services that would trigger the congured bandwidth regulation.To edit, delete, or create a new bandwidth prole:1. Click Network > Internet > Trac Management > Bandwidth Proles.2. Toggle Enable Bandwidth Proles to ON and click Save.Bandwidth Proles3. Click Add New Bandwidth Prole.
D-Link DSR-Series User Manual 55Section 5 - Connect to the Internet4.  Enter the following information and click Save. Field DescriptionName Enter a name for your prole. This identier is used to associate the congured prole to the trac selector.Policy Type Select the policy type (Inbound or Outbound) from the drop-down menu.WAN Interface Select which WAN interface you want to associate this prole with.Prole Type Select either Priority or Rate from the drop-down menu.Priority If you selected Priority, select Low, Medium, or High.Minimum Bandwidth Rate If you selected Rate, enter the minimum bandwidth rate.Maximum Bandwidth Rate If you selected Rate, enter the maximum bandwidth rate.  Save Click Save to save your reservation.
D-Link DSR-Series User Manual 56Section 5 - Connect to the InternetPath: Network > Internet > Trac Management > Trac ShapingOnce a prole has been created it can then be associated with a trac ow from the LAN to WAN. Trac selector conguration binds a bandwidth prole to a type or source of LAN trac with the following settings.To create a trac selector:1. Click Network > Internet > Trac Management > Trac Shaping. Trac Shaping2. Click Add New Trac Selector.Field DescriptionAvailable Proles Select a bandwidth prole from the drop-down menu.Service Select a service from the drop-down menu.Trac Selector Match Type Select IP or MAC Address.IP Address If you selected IP, enter the IP address of the source associated with this prole.Subnet Mask If you selected IP, enter a subnet mask.MAC Address If you selected MAC, enter the MAC address of the source associated with this prole.Save Click to save and activate your settings.3.  Complete the elds from the table below and click Save.
D-Link DSR-Series User Manual 57Section 5 - Connect to the InternetPath: Network > Routing > Static RoutesManually adding static routes to this device allows you to dene the path selection of trac from one interface to another. There is no communication between this router and other devices to account for changes in the path; once congured the static route will be active and eective until the network changes.The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes.To create a new static route:1. Click Network > Routing > Static Routes.Static Routes2. Click Add New Static Route.3. Complete the elds in the table on the next page and click Save.Routing
D-Link DSR-Series User Manual 58Section 5 - Connect to the InternetField DescriptionRoute Name Enter a name for your route. Active Toggle to ON to activate this route or to OFF to deactivate.Private Toggle to ON to make this route private. If the route is made private, then the route will not be shared in a RIP broadcast or multicast.Destination IP Address Enter the IP address of the static route’s destination.IP Subnet Mask Enter the subnet mask of the static route.Interface The physical network interface (WAN1, WAN2, WAN3, DMZ or LAN), through which this route is accessible.Gateway IP Address IP address of the gateway through which the destination host or network can be reached.Metric Determines the priority of the route. If multiple routes to the same destination exist, the route with the lowest metric is chosen.Save Click Save to save your route.
D-Link DSR-Series User Manual 59Section 5 - Connect to the InternetRIPDynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modications in the LAN without interrupting trac ow.Note: The DSR-150/150N/250/250N routers do not support RIP.Path: Network > Routing > RIPTo congure RIP:1. Click Network > Routing > RIP.2. Complete the elds in the table below and click Save.Field DescriptionDirectionThe RIP direction will dene how this router sends and receives RIP packets. Select one of the following:•  Both: The router both broadcasts its routing table and also processes RIP information received from other routers. This is the recommended setting in order to fully utilize RIP capabilities.•  Out Only: The router broadcasts its routing table periodically but does not accept RIP information from other routers.•  In Only: The router accepts RIP information from other routers, but does not broadcast its routing table.•  None: The router neither broadcasts its route table nor does it accept any RIP packets from other routers. This eectively disables RIP.VersionThe RIP version is dependent on the RIP support of other routing devices in the LAN.•  Disabled: This is the setting when RIP is disabled.•  RIP-1: A class-based routing version that does not include subnet information. This is the most commonly supported version.•  RIP-2: Includes all the functionality of RIPv1 plus it supports subnet information. Though the data is sent in RIP-2 format for both RIP-2B and RIP-2M, the mode in which packets are sent is dierent. RIP-2B broadcasts data in the entire subnet while RIP-2M sends data to multicast addresses.  Note: If RIP-2B or RIP-2M is the selected version, authentication between this router and other routers (congured with the same RIP version) is required. MD5 authentication is used in a rst/second key exchange process. The authentication key validity lifetimes are congurable to ensure that the routing information exchange is with current and supported routers detected on the LAN.Save Click Save to save your settings.
D-Link DSR-Series User Manual 60Section 5 - Connect to the InternetOSPFPath: Network > Routing > OSPFOSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single routing domain. It gathers link state information from available routers and constructs a topology map of the network.OSPF version 2 is a routing protocol which described in RFC2328 - OSPF Version 2. OSPF is IGP (Interior Gateway Protocols). OSPF is widely used in large networks such as ISP backbone and enterprise networks.Note: The DSR-150/150N/250/250N routers do not support OSPFv2.To congure OSPF:1. Click Network > Routing > OSPF.2.  Right-click the port you want to edit (LAN/WAN1/WAN2/WAN3) and select Edit.3.  Complete the elds in the table on the next page and click Save.
D-Link DSR-Series User Manual 61Section 5 - Connect to the InternetField DescriptionOSPFv2 Enable Toggle ON to enable OSPF.Interface Displays the physical network interface on which OSPFv2 is Enabled/Disabled.AreaEnter the area to which the interface belongs. Two routers having a common segment; their interfaces have to belong to the same area on that segment. The interfaces should belong to the same subnet and have similar mask.PriorityHelps to determine the OSPFv2 designated router for a network. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default value is 1. Lower the value means higher the priority.Hello IntervalThe number of seconds for Hello Interval timer value. Enter the number in seconds that the Hello packet will be sent. This value must be the same for all routers attached to a common network. The default value is 10 seconds.Dead IntervalThe number of seconds that a device’s hello packets must not have been seen before its neighbors declare the OSPF router down. This value must be the same for all routers attached to a common network. The default value is 40 seconds. OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals are dierent, these routers will not become neighbors on a particular segment.Cost Enter the cost of sending a packet on an OSPFv2 interface.Authentication TypeSelect one of the following authentication types:•  None: The interface does not authenticate OSPF packets.•  Simple: OSPF packets are authenticated using simple text key.•  MD5: The interface authenticates OSPF packets with MD5 authentication.Md5 Key ID If MD5 authentication is selected, enter the MD5 key ID.Md5 Authentication Key If MD5 authentication is selected, enter the MD5 authentication key.Save Click Save to save your settings.
D-Link DSR-Series User Manual 62Section 5 - Connect to the InternetProtocol BindingPath: Network > Routing > Protocol BindingProtocol bindings are useful when the Load Balancing feature is in use. Selecting from a list of congured services or any of the user-dened services, the type of trac can be assigned to go over only one of the available WAN ports. For increased exibility the source network or machines can be specied as well as the destination network or machines. For example, the VOIP trac for a set of LAN IP addresses can be assigned to one WAN and any VOIP trac from the remaining IP addresses can be assigned to the other WAN link. Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is congured.To add, edit, or delete a protocol binding entry:1. Click Network > Routing > Protocol Binding.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Protocol Binding. 3.  Complete the elds in the table below and click Save.Field DescriptionService Select a service from the drop-down menu.Local Gateway Select a WAN interface.Source Network Select the source network: Any, Single Address, or Address Range. If Single Address or Address Range is selected, enter the IP address or IP range.Destination Network Select the destination network: Any, Single Address, or Address Range. If Single Address or Address Range is selected, enter the IP address or IP range.Save Click Save to save your settings.
D-Link DSR-Series User Manual 63Section 5 - Connect to the InternetIPv6IP ModePath: Network > IPv6 > IP ModeThis page allows you to congure the IP protocol version to be used on the router. In order to support IPv6 on your local network (LAN), you must set the router to be in IPv4 / IPv6 mode. This mode will allow IPv4 nodes to communicate with IPv6 devices through this router.To enable IPv6 on the router:1. Click Network > IPv6 > IP Mode.2. Select IPv4 & IPv6.3. Click Save.
D-Link DSR-Series User Manual 64Section 5 - Connect to the InternetWAN SettingsPath: Network > IPv6 > WAN1 SettingsFor IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when congured as a DHCPv6 client. In the case where the ISP assigns you a xed address to access the internet, the static conguration settings must be completed. In addition to the IPv6 address assigned to your router, the IPv6 prex length dened by the ISP is needed. The default IPv6 Gateway address is the server at the ISP that this router will connect to for accessing the internet. The primary and secondary DNS servers on the ISP’s IPv6 network are used for resolving internet addresses, and these are provided along with the static IP address and prex length from the ISP.When the ISP allows you to obtain the WAN IP settings via DHCP, you need to provide details for the DHCPv6 client conguration. The DHCPv6 client on the gateway can be either stateless or stateful. If a stateful client is selected the gateway will connect to the ISP’s DHCPv6 server for a leased address. For stateless DHCP there need not be a DHCPv6 server available at the ISP, rather ICMPv6 discover messages will originate from this gateway and will be used for auto conguration. A third option to specify the IP address and prex length of a preferred DHCPv6 server is available as well.To congure a dynamic (DHCP) IPv6 Internet connection:1. Click Network > IPv6 > WAN1 Settings.2.  Complete the elds in the table below and click Save.Field DescriptionConnection Type Select DHCPv6 from the drop-down menu.DHCPv6 Auto Conguration Select either Stateless Address or Stateful Address.Prex DelegationSelect this option to request router advertisement prex from any availableDHCPv6 servers available on the ISP, the obtained prex is updated to the advertised prexes onthe LAN side. This option can be selected only in Stateless Address Auto Conguration mode ofDHCPv6 Client.Save Click Save to save your settings.Dynamic IP
D-Link DSR-Series User Manual 65Section 5 - Connect to the InternetTo congure a static IPv6 Internet connection:1. Click Network > IPv6 > WAN1 Settings.2.  Complete the elds in the table below and click Save.Static IPField DescriptionConnection Type Select Static.IPv6 Address Enter the IP address supplied by your ISP.IPv6 Prex Length Enter the IPv6 prex length supplied by your ISP.Default IPv6 Gateway Enter the IPv6 gateway address supplied by your ISP.Primary DNS Server Enter the primary DNS server IP address.Secondary DNS Server Enter the secondary DNS server IP address.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 66Section 5 - Connect to the InternetTo congure a dynamic (DHCP) IPv6 Internet connection:1. Click Network > IPv6 > WAN1 Settings.PPPoE2.  Complete the elds in the table below and click Save.Field DescriptionConnection Type Select PPPoE.User Name Enter your PPPoE user name.Password Enter your PPPoE password.Authentication Type Select the authentication type from the drop-down menu (Auto-negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2).DHCPv6 Options Select the mode of DHCPv6 client that will start in this mode (Disable dhcpv6/Stateless dhcpv6/Stateful dhcpv6/Stateless dhcpv6 with prex delegation.Primary DNS Server Enter the primary DNS server IP address.Secondary DNS Server Enter the secondary DNS server IP address.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 67Section 5 - Connect to the InternetPath: Network > IPv6 > Static RoutingManually adding static routes to this device allows you to dene the path selection of trac from one interface to another. There is no communication between this router and other devices to account for changes in the path; once congured the static route will be active and eective until the network changes.The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes.To create a new static route:1. Click Network > IPv6 > Static Routing.Static Routing2. Click Add New IPv6 Static Route.3. Complete the elds in the table on the next page and click Save.
D-Link DSR-Series User Manual 68Section 5 - Connect to the InternetField DescriptionRoute Name Enter a name for your route. Active Toggle to ON to activate this route or to OFF to deactivate.IPv6 Destination Enter the IP address of the static route’s destination.IPv6 Prex Length Enter the prex length of the static route.Interface The physical network interface (WAN1, WAN2, WAN3, DMZ or LAN), through which this route is accessible.IPv6 Gateway IPv6 address of the gateway through which the destination host or network can be reached.Metric Determines the priority of the route. If multiple routes to the same destination exist, the route with the lowest metric is chosen.Save Click Save to save your route.
D-Link DSR-Series User Manual 69Section 5 - Connect to the InternetPath: Network > IPv6 > OSPFv3OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single routing domain. It gathers link state information from available routers and constructs a topology map of the network.Open Shortest Path First version 3 (OSPFv3) supports IPv6. To enable an OSPFv3 process on a router, you need to enable the OSPFv3 process globally, assign the OSPFv3 process a router ID, and enable the OSPFv3 process on related interfaces.Note: The DSR-150/150N/250/250N routers do not support OSPFv3.To congure OSPF:1. Click Network > IPv6 > OSPFv3.2.  Right-click the port you want to edit (LAN/WAN1/WAN2) and select Edit.3.  Complete the elds in the table on the next page and click Save.OSPFv3
D-Link DSR-Series User Manual 70Section 5 - Connect to the InternetField DescriptionOSPFv3 Enable Toggle ON to enable OSPFv3.Interface Displays the physical network interface on which OSPFv3 is Enabled/Disabled.PriorityHelps to determine the OSPFv3 designated router for a network. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default value is 1. Lower the value means higher the priority.Hello IntervalThe number of seconds for Hello Interval timer value. Enter the number in seconds that the Hello packet will be sent. This value must be the same for all routers attached to a common network. The default value is 10 seconds.Dead IntervalThe number of seconds that a device’s hello packets must not have been seen before its neighbors declare the OSPF router down. This value must be the same for all routers attached to a common network. The default value is 40 seconds. OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals are dierent, these routers will not become neighbors on a particular segment.Cost Enter the cost of sending a packet on an OSPFv3 interface.Save Click Save to save your settings.
D-Link DSR-Series User Manual 71Section 5 - Connect to the InternetPath: Network > IPv6 > 6 to 4 Tunneling6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network. Select the check box to Enable Automatic Tunneling and allow trac from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network.To enable 6 to 4 tunneling:1. Click Network > IPv6 > 6 to 4 Tunneling.2. Toggle Activate Auto Tunneling to ON.3. Click Save.6 to 4 Tunneling
D-Link DSR-Series User Manual 72Section 5 - Connect to the InternetPath: Network > IPv6 > 6 to 4 Tunneling ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. ISATAP species an IPv6-IPv4 compatibility address format as well as a means for site border router discovery. ISATAP also species the operation of IPv6 over a specic link layer - that being IPv4 used as a link layer for IPv6.ISATAPTo add, edit, or delete a ISATAP entry:1. Click Network > IPv6 > ISATAP.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New ISATAP Tunnel.3.  Complete the elds in the table below and click Save.Field DescriptionISATAP Subnet Prex This is the 64-bit subnet prex that is assigned to the logical ISATAP subnet for this intranet. This can be obtained from your ISP or internet registry, or derived from RFC 4193.End Point Address This is the endpoint address for the tunnel that starts with this router. The endpoint can be the LAN interface (assuming the LAN is an IPv4 network), or a specic LAN IPv4 address.IPv4 Address The end point address if not the entire LAN.Save Click Save to save your settings.
D-Link DSR-Series User Manual 73Section 5 - Connect to the InternetLAN SettingsPath: Network > IPv6 > LAN Settings > IPv6 LAN SettingsIn IPv6 mode, the LAN DHCP server is disabled by default (similar to IPv4 mode). The DHCPv6 server will serve IPv6 addresses from congured address pools with the IPv6 Prex Length assigned to the LAN.The default IPv6 LAN address for the router is fec0::1. You can change this 128-bit IPv6 address based on your network requirements. The other eld that denes the LAN settings for the router is the prex length. The IPv6 network (subnet) is identied by the initial bits of the address called the prex. By default this is 64 bits long. All hosts in the network have common initial bits for their IPv6 address; the number of common initial bits in the network’s addresses is set by the prex length eld.To congure IPv6 LAN settings on the router:1. Click Network > IPv6 > LAN Settings > IPv6 LAN Settings.2.  Complete the elds in the table on the next page and click Save.DHCPv6 Server
D-Link DSR-Series User Manual 74Section 5 - Connect to the InternetField DescriptionIPv6 Address Enter the IPv6 LAN address for the router.IPv6 Prex Length Enter the prex length.Status Toggle to ON to enable  DHCPv6.ModeThe IPv6 DHCP server is either stateless or stateful. If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-congured by this router. In this case the router advertisement daemon (RADVD) must be congured on this device and ICMPv6 router discovery messages are used by the host for auto-conguration. There are no managed addresses to serve the LAN nodes. If stateful is selected the IPv6 LAN host will rely on an external DHCPv6 server to provide required conguration settings.Domain Name Enter a domain name (optional).Server PreferenceServer Preference is used to indicate the preference level of this DHCP server. DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages. The default is 255.DNS ServersThe DNS server details can be manually entered here (primary/secondary options. An alternative is to allow the LAN DHCP client to receive the DNS server details from the ISP directly. By selecting Use DNS proxy, this router acts as a proxy for all DNS requests and communicates with the ISP’s DNS servers (a WAN conguration parameter).Lease / Rebind Time Enter the duration of the DHCPv6 lease from this router to the LAN client.Prex Delegation Toggle to ON to enable prex delegation in DHCPv6 server. This option can be selected only in Stateless Address Auto Conguration mode of DHCPv6 server.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 75Section 5 - Connect to the InternetIPv6 Address PoolsPath: Network > IPv6 > LAN Settings > IPv6 Address PoolsThis feature allows you to dene the IPv6 delegation prex for a range of IP addresses to be served by the router’s DHCPv6 server. Using a delegation prex you can automate the process of informing other networking equipment on the LAN of DHCP information specic for the assigned prex.To add, edit, or delete a IPv6 address pool entry:1. Click Network > IPv6 > LAN Settings > IPv6 Address Pools tab.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Address Pool.3.  Complete the elds in the table below and click Save.Field DescriptionStart IPv6 Address Enter the starting IPv6 LAN address.End IPv6 Address Enter the ending IPv6 LAN address.Prex Length Enter the prex length.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 76Section 5 - Connect to the InternetIPv6 Prex LengthPath: Network > IPv6 > LAN Settings > IPv6 Prex LengthTo add, edit, or delete a IPv6 prex length entry:1. Click Network > IPv6 > LAN Settings > IPv6 Prex Length tab.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Prex Length.3.  Complete the elds in the table below and click Save.Field DescriptionProle Enter a name for this prole.Prex Length Enter the prex length.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 77Section 5 - Connect to the InternetRouter AdvertisementPath: Network > IPv6 > LAN Settings > Router AdvertisementTo congure router advertisement settings:1. Click Network > IPv6 > LAN Settings > Router Advertisement tab.2.  Complete the elds in the table on the next page and click Save.Field DescriptionStatus Toggle to ON to enable this feature.Advertise ModeSelect Unsolicited Multicast to send router advertisements (RA’s) to all interfaces in the multicast group. To restrict RA’s to well-known IPv6 addresses on the LAN, and thereby reduce overall network trac, select Unicast only.Advertise IntervalWhen advertisements are unsolicited multicast packets, this interval sets the maximum time between advertisements from the interface. The actual duration between advertisements is a random value between one third of this eld and this eld. The default is 30 seconds.Managed Toggle to ON to use the administered/stateful protocol for address auto-conguration. If set to OFF, the host uses administered/stateful protocol for non-address auto conguration.Other Toggle to ON to use administered/stateful protocol of other (i.e., non-address) information auto conguration.Router PreferenceThis parameter (low/medium/high) determines the preference associated with the RADVD process of the router. This is useful if there are other RADVD-enabled devices on the LAN as it helps avoid conicts for IPv6 clients.MTU The router advertisement will set this maximum transmission unit (MTU) value for all nodes in the LAN that are auto-congured by the router. The default is 1500.Router LifetimeThis value is present in RAs and indicates the usefulness of this router as a default router for the interface. The default is 3600 seconds. Upon expiration of this value, a new RADVD exchange must take place between the host and this router.Save Click Save at the bottom to save and activate your settings.Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients, in that the router will assign an IP address and supporting network information to devices that are congured to accept such details. Router Advertisement is required in an IPv6 network is required for stateless auto conguration of the IPv6 LAN. By conguring the Router Advertisement Daemon on this router, the router will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements.
D-Link DSR-Series User Manual 78Section 5 - Connect to the InternetAdvertisement PrexesPath: Network > IPv6 > LAN Settings > Advertisement PrexesTo add, edit, or delete an advertisement prex entry:1. Click Network > IPv6 > LAN Settings > Advertisement Prexes tab.Router advertisements congured with advertisement prexes allow this router to inform hosts how to perform stateless address auto conguration. Router advertisements contain a list of subnet prexes that allow the router to determine neighbors and whether the host is on the same link as the router.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Advertisement Length.3.  Complete the elds in the table below and click Save.Field DescriptionIPv6 Prex Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prex type. Selecting Global/Local/ISATAP will allow the nodes to support all other IPv6 routing options.SLA ID The SLA ID (Site-Level Aggregation Identier) is available when 6to4 Prexes are selected. This should be the interface ID of the router’s LAN interface used for router advertisements.IPv6 Prex When using Global/Local/ISATAP prexes, this eld is used to dene the IPv6 network advertised by this router.IPv6 Prex Length This value indicates the number contiguous, higher order bits of the IPv6 address that dene up the network portion of the address. Typically this is 64.Prex Lifetime This denes the duration (in seconds) that the requesting node is allowed to use the advertised prex. It is analogous to DHCP lease time in an IPv4 network.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 79Section 5 - Connect to the InternetIPv6 Tunnels StatusPath: Network > IPv6 > IPv6 Tunnels StatusThis page displays the current status of IPv6 Tunnels.
D-Link DSR-Series User Manual 80Section 6 - Wireless SettingsWireless SettingsAccess PointsThis router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Prole, and each congured prole will be available for selection in the AP conguration menu. The prole denes various parameters for the AP, including the security between the wireless client and the AP, and can be shared between multiple APs instances on the same device when needed. Up to four unique wireless networks can be created by conguring multiple “virtual” APs . Each such virtual AP appears as an independent AP (unique SSID) to supported clients in the environment, but is actually running on the same physical radio integrated with this router. Note: Proles may be thought of as a grouping of AP parameters that can then be applied to not just one but multiple AP instances (SSIDs), thus avoiding duplication if the same parameters are to be used on multiple AP instances or SSIDs.The Wireless Network Setup Wizard is available for users new to wireless networking. By going through a few conguration pages you can enable a Wi-Fi™ network on your LAN and allow supported 802.11 clients to connect to the congured Access Point. To run the wizard, refer to “#6 Wireless Network Setup” on page 12.Path: Wireless > General > Access PointsTo add, edit, or delete an access point entry:1. Click Wireless > General > Access Points.2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Access Point.
D-Link DSR-Series User Manual 81Section 6 - Wireless Settings3.  Complete the elds in the table below and click Save.Field DescriptionAP Name Enter a name for your virtual access point.Prole Name Select a prole from the drop-down menu to associate this access point with. If you do not want to use the default prole, create a prole (refer to the next page) and then create an access point.Active Time Toggle to ON to “turn on” this access point.  Schedule Control Toggle to ON if you want to specify a time to have this access point turned on.Start/Stop Time Enter a start and stop time.WLAN Partition Toggle to ON to prevent associated wireless clients from communicating with each other.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 82Section 6 - Wireless SettingsProlesCreating a prole allows you to assign the security type, encryption and authentication to use when connecting the AP to a wireless client. The default mode is “open”, i.e., no security. This mode is insecure as it allows any compatible wireless clients to connect to an AP congured with this security prole.To create a new prole, use a unique prole name to identify the combination of settings. Congure a unique SSID that will be the identier used by the clients to communicate to the AP using this prole. By choosing to broadcast the SSID, compatible wireless clients within range of the AP can detect this prole’s availability. The AP oers all advanced 802.11 security modes, including WEP, WPA, and WPA2.To add, edit, or delete a prole:1. Click Wireless > General > Proles.Path: Wireless > General > Proles2.  Right-click a current entry and select Edit or Delete. To add a new entry, click Add New Access Point.3.  Complete the elds in the table on the next page and click Save.
D-Link DSR-Series User Manual 83Section 6 - Wireless SettingsField DescriptionProle Name Enter a name for your prole.SSID Enter a name for your wireless network (SSID).  Broadcast SSID Toggle to ON if you want your SSID broadcast openly or toggle to OFF to hide it. Clients will have to know the SSID to connect.SecuritySelect what kind of wireless security you want to use:•  Open: Select this option to create a public “open” network to allow unauthenticated devices to access this wireless gateway.•  WEP (Wired Equivalent Privacy): This option requires a static (pre -shared) key to be shared between the AP and wireless client . Note that WEP does not support 802.11n data rates; is it appropriate for legacy 802.11 connections.•  WPA (Wi-Fi Protected Access): For stronger wireless security than WEP, choose this option. The encryption for WPA will use TKIP and also CCMP if required. The authentication can be a preshared key (PSK), Enterprise mode with RADIUS server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections.•  WPA2: This security type uses CCMP encryption (and the option to add TKIP encryption) on either PSK (pre-shared key) or Enterprise (RADIUS Server) authentication.•  WPA + WPA2: This uses both encryption algorithms, TKIP and CCMP. WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms.EncryptionSelect the encryption type:• WEP - Select Open or Shared.• WPA - Select TKIP or TKIP+CCMP.• WPA2 - Select CCMP or TKIP+CCMP.• WPA+WPA2 - TKIP+CCMP will be the only option.AuthenticationSelect the authentication type:• WEP - Select 64-bit or 128-bit.•  WPA/WPA2/WPA+WPA2 - Select PSK (passphrase), RADIUS (RADIUS server), or PSK+RADIUS (both).WEP Passphrase/Key (1-4) If you selected WEP, enter a passphrase or up to four hexadecimal keys (a-f, 0-9, A-F). WPA Password If you selected WPA, WPA2, or WPA+WPA2, enter a WPA password. Save Click Save at the bottom to save and activate your settings.The AP conguration page allows you to create a new AP and link to it one of the available proles. This router supports multiple AP’s referred to as virtual access points (VAPs). Each virtual AP that has a unique SSIDs appears as an independent access point to clients. This valuable feature allows the router’s radio to be congured in a way to optimize security and throughput for a group of clients as required by the user. To create a VAP, refer to “Access Points” on page 80. After setting the AP name, the prole drop-down menu is used to select one of the congured proles.
D-Link DSR-Series User Manual 84Section 6 - Wireless SettingsRadio SettingsPath: Wireless > General > Radio SettingsYou may congure the channels and power levels available for the AP’s enabled on the router. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though). Based on the selected operating frequency, the mode selection will let you dene whether legacy connections or only 802.11n connections (or both) are accepted on congured APs.The ratied 802.11n support on this radio requires selecting the appropriate broadcast mode, and then dening the channel spacing and control side band for 802.11n trac. The default settings are appropriate for most networks. For example, changing the channel spacing to 40MHz can improve bandwidth at the expense of supporting earlier 802.11n clients. The available transmission channels are governed by regulatory constraints based on the region setting of the router. To congure the radio settings:1. Click Wireless > General > Radio Settings.2.  Complete the elds in the table below and click Save.Field DescriptionOperating Frequency Select 2.4GHz or 5GHz.ModeSelect the 802.11 mode:   • 2.4GHz - g and b, g only, n and g, or n only.   • 5GHz - a only, n and a, or n only.Channel SpacingSelect the Channel Width:Auto 20/40 - This is the default setting. Select if you are using both 802.11n and non-802.11n wireless devices.20MHz - Select if you are not using any 802.11n wireless clients.Control Side Band Select Upper or Lower. Available for 802.11n only.Current Channel Displays the current channel.Channel Select the channel you want to use. Default Transmit Power Enter the default transmit power (0-31).Transmit Power Displays the current transmit power.Transmission Rate Select a transmission rate from the drop-down menu. This will lock the transmission rate of your wireless connection. It is strongly recommended to use Best (Automatic).Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 85Section 6 - Wireless SettingsWMM SettingsPath: Wireless > Advanced > WMMWi-Fi Multimedia (WMM) provides basic Quality of Service (QoS) features to IEEE 802.11 networks. WMM prioritizes trac according to four Access Categories (AC) - voice, video, best eort, and background.To congure the radio settings:1. Click Wireless > Advanced > WMM.2.  Complete the elds in the table below and click Save.Field DescriptionProle Name Select the prole to associate this conguration to from the drop-down menu.Enable WMM Toggle to ON to enable WMM.Default Class of Service Select an available access category (voice, video, best eort, or background) to assign as “default”.IP DSCP / TOS Under Class of Service, select a service and map it to the IP DSCP / TOS value.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 86Section 6 - Wireless SettingsWDSPath: Wireless > Advanced > WDSWireless Distribution System (WDS) is a system enabling the wireless interconnection of access points in a network. This feature is only guaranteed to work between devices of the same type (i.e., using the same chipset/driver).When you enable WDS, use the same security conguration as the default access point. The WDS links do not have true WPA/WPA2 support, as in there is no WPA key handshake performed. Instead the Session Key to be used with a WDS Peer is computed using a hashing function (similar to the one used for computing a WPA PMK). The inputs to this function are a PSK (congurable by an administrator from the WDS page) and an internal “magic” string (non-congurable).In eect the WDS links use TKIP/AES encryption, depending on the encryption congured for the default AP. In case the default AP uses mixed encryption (TKIP + AES). The WDS link will use the AES encryption scheme.Note: For a WDS link to function properly the Radio settings on the WDS peers have to be the same.To congure the radio settings:1. Click Wireless > Advanced > WDS.2.  Complete the elds in the table below and click Save.Field DescriptionWDS Enable Toggle to ON to enable WDS and click Save. WDS Encryption Displays the current wireless encryption used.WDS Security Displays the current security type.WDS Authentication Displays the current authentication type.WDS Passphrase Enter the WDS passphrase (if WEP, WPA, WPA2, or WPA+WPA2 is enabled).System MAC Address Displays the system MAC address.Add New WDS Once you enabled WDS (and clicked Save), click Add New WDS and enter the MAC address of a WDS peer. You can add up to four WDS peers.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 87Section 6 - Wireless SettingsAdvanced SettingsPath: Wireless > Advanced > Advanced SettingsYou can modify the 802.11 communication parameters in this page. Generally, the default settings are appropriate for most networks.Field DescriptionBeacon Interval Beacons are packets sent by an Access Point to synchronize a wireless network. The default value is 100.DTIM Interval (Delivery Trac Indication Message) 3 is the default setting. A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages.RTS Threshold This value should remain at its default setting of 2432. If inconsistent data ow is a problem, only a minor modication should be made. Fragmentation Threshold The fragmentation threshold, which is specied in bytes, determines whether packets will be fragmented. Packets exceeding the 2346 byte setting will be fragmented before transmission. 2346 is the default setting.Preamble ModeSelect either Long or Short. The Preamble Type denes the length of the CRC (Cyclic Redundancy Check) block for communication between the Access Point and roaming wireless adapters. High network trac areas should use Short preamble type. Protection ModeSelect either None or CTS-to-Self Protection. Select the CTS-to-Self Protection to enable CTS-to-Self protection mechanism, which is used to minimize collisions among stations in a mixed 802.11b & g environment. The default selection is None.Power Save Enable Toggle to ON to enable the Unscheduled Automatic Power Save Delivery (also referred to as WMM Power Save) feature that allows the radio to conserve power.Save Click Save at the bottom to save and activate your settings.1. Click Wireless > Advanced > Advanced Settings.2.  Complete the elds in the table below and click Save.
D-Link DSR-Series User Manual 88Section 6 - Wireless SettingsWPSPath: Wireless > Advanced > WPSWPS is a simplied method to add supporting wireless clients to the network. WPS is only applicable for APs that employ WPA or WPA2 security. To use WPS, select the eligible VAPs from the drop-down menu of APs that have been congured with this security and enable WPS status for this AP. The WPS Current Status section outlines the security, authentication, and encryption settings of the selected AP. These are consistent with the AP’s prole. There are two setup options:•  Personal Identication Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, if it does add the PIN in this eld. The router will connect within 60 seconds of clicking the “Congure via PIN” button immediately below the PIN eld. There is no LED indication that a client has connected.•  Push Button Conguration (PBC): For wireless devices that support PBC, press and hold the WPS button for two seconds, and then press the WPS button (or initiate WPS via GUI) on your wireless client within two minutes. The AP will detect the wireless device and establish a secure link to the client.To enable and connect clients using WPS:1. Click Wireless > Advanced > WPS.2.  Select which VAP you want to perform the WPS process from the drop-down menu.3. Toggle WPS Status to ON and click Save.
D-Link DSR-Series User Manual 89Section 6 - Wireless Settings4.  Once enabled the following screen will appear.5. Under WPS Setup Method, decide to either use PIN or PBC (Push Button). 6.  If you want to use PIN method, enter the PIN next to Station PIN and click Congure Via PIN. You will need to enter the PIN on your wireless client and start the WPS process within one minute.7.  If you want to use push button method, click Congure Via PBC. This will initiate the WPS session. You will need to press the WPS button (or initiate through an interface) on your client within one minute.8.  Allow up to two minutes to connect. Check the Session Status to see if it successfully connected.
D-Link DSR-Series User Manual 90Section 7 - VPNVPNA VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote PC client. The following types of tunnels can be created: •  Gateway-to-gateway VPN: To connect two or more routers to secure trac between remote sites.• Remote Client (client-to-gateway VPN tunnel): A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance. The gateway in this case acts as a responder.•  Remote client behind a NAT router: The client has a dynamic IP address and is behind a NAT Router. The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance. The gateway WAN port acts as responder.•  PPTP server for LAN / WAN PPTP client connections.•  L2TP server for LAN / WAN L2TP client connections.
D-Link DSR-Series User Manual 91Section 7 - VPNIPSec VPNPoliciesPath: VPN > IPSec VPN > PoliciesAn IPsec policy is between this router and another gateway or this router and an IPsec client on a remote host. The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints.•  Transport: This is used for end-to-end communication between this router and the tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host. Only the data payload is encrypted and the IP header is not modied or encrypted.•  Tunnel: This mode is used for network-to-network IPsec tunnels where this gateway is one endpoint of the tunnel. In this mode the entire IP packet including the header is encrypted and/or authenticated.When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec. DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN. As well in this mode you can dene the single IP address, range of IPs, or subnet on both the local and remote private networks that can communicate over the tunnel.To congure the radio settings:1. Click VPN > IPSec VPN > Policies.2. Click Add new IPSec Policy. Fill out the General section which you will name the VPN, select policy type, dene the tunnel type, and dene endpoints.
D-Link DSR-Series User Manual 92Section 7 - VPNField DescriptionPolicy Name Enter a unique name for the VPN Policy. This name is not an identier for the remote WAN/client.Policy TypeSelect either Manual or Auto. •  Manual: All settings (including the keys) for the VPN tunnel are manually input for each end point. No third-party server or organization is involved.• Auto: Some parameters for the VPN tunnel are generated automatically. This requires using the IKE (Internet Key Exchange) protocol to perform negotiations between the two VPN Endpoints.IP Protocol Version Select either IPv4 or IPv6.IKE Version Select the version of IKE.IPSec ModeSelect either Tunnel or Transport. IPsec tunnel mode is useful for protecting trac between dierent networks, when trac must pass through an intermediate, untrusted network. Tunnel mode is primarily used for interoperability with gateways, or end-systems that do not support L2TP/IPsec or PPTP connections. Transport mode is the default mode for IPsec, and it is used for end-to-end communications (for example, for communications between a client and a server).Select Local Gateway In the event that two WAN ports are congured to connect to your ISP, select the gateway that will be used as the local endpoint for this IPsec tunnel.Remote Endpoint Select the type of identier that you want to provide for the router at the remote endpoint (either IP Address or FQDN [Fully Qualied Domain Name])IP Address/FQDN Enter the identier for the router.Enable Mode Cong Toggle to ON to enable. Mode Cong is similar to DHCP and is used to assign IP addresses to the remote VPN clients.Enable NetBIOS Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnelEnable RollOver Toggle to ON to enable VPN rollover. You must have the WAN Mode set to Rollover.Protocol Select a protocol from the drop-down menu.Enable DHCP Toggle to ON to allow VPN clients that are connected to your router over IPsec to receive an assigned IP using DHCP.Local IP/Remote IPSelect the type of identier that you want to provide for the endpoint:•  Any: Species that the policy is for trac from the given end point (local or remote). Note that selecting Any for both local and remote end points is not valid.•  Single: Limits the policy to one host. Enter the IP address of the host that will be part of the VPN.•  Range: Allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End IP Address in the provided elds.•  Subnet: Allows an entire subnet to connect to the VPN. Enter the network address and subnet mask  in the provided elds.Enable Keepalive Toggle to ON to periodically send ping packets to the host on the peer side of the network to keep the tunnel alive.
D-Link DSR-Series User Manual 93Section 7 - VPN3.  Once the tunnel type and endpoints of the tunnel are dened you can determine the Phase 1/ Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts. The Phase 1 IKE parameters are used to dene the tunnel’s security association details.   The Phase 2 Auto policy parameters cover the security association lifetime and encryption/authentication details of the phase 2 key negotiation.  The VPN policy is one half of the IKE/VPN policy pair required to establish an Auto IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN endpoints are congured here, along with the policy parameters required to secure the tunnel.
D-Link DSR-Series User Manual 94Section 7 - VPN  A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPsec hosts. The incoming and outgoing security parameter index (SPI) values must be mirrored on the remote tunnel endpoint. As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully. Note that using Auto policies with IKE are preferred as in some IPsec implementations the SPI (security parameter index) values require conversion at each endpoint.  DSR routers supports VPN roll-over feature. This means that policies congured on the primary WAN will rollover to the secondary WAN in case of a link failure. This feature can be used only if your WAN is congured in Auto-Rollover mode. Note: Once you have created an IPSec policy, you may right-click the policy and select Export to save as a le. You can then upload this to another DSR router or keep as a backup. To upload a saved policy, refer to “Easy VPN Setup” on page 101.
D-Link DSR-Series User Manual 95Section 7 - VPNTunnel ModePath: VPN > IPSec VPN > Tunnel ModeWhen tunnel mode is selected, you can enable NetBIOS and DHCP over IPSec. DHCP over IPSec allows this router to serve IP leases to hosts on the remote LAN. You can also dene a single IP address, a range of IPs, or a subnet on both the local and remote private networks that can communicate over the tunnel.The router allows full tunnel and split tunnel support. Full tunnel mode just sends all trac from the client across the VPN tunnel to the router. Split tunnel mode only sends trac to the private LAN based on pre-specied client routes. These client routes give the client access to specic private networks, thereby allowing access control over specic LAN services.1. Click VPN > IPSec VPN > Tunnel Mode.2.  Complete the elds in the table below and click Save.Field DescriptionTunnel Mode Select either Full Tunnel or Split Tunnel.Start/End IP Address Enter the starting and ending IP addresses.Primary/Secondary DNS Enter the primary and secondary DNS server addresses.Primary/Secondary WINS Enter the primary and secondary WINS server addresses.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 96Section 7 - VPNSplit DNS NamesTo add a DNS name:1. Click VPN > IPSec VPN > Tunnel Mode > Split DNS Names tab.2. Click Add New Split DNS name. You can right-click any created entries to edit or delete.3.  Enter a domain name and click Save.In a split DNS infrastructure, you create two zones for the same domain, one to be used by the internal network, the other used by the external network. Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution.
D-Link DSR-Series User Manual 97Section 7 - VPNDHCP RangeTo congure the DHCP over IPSec DHCP server settings:1. Click VPN > IPSec VPN > DHCP Range.2.  Complete the elds in the table below and click Save.Field DescriptionStarting IP Address Enter the starting IP address to issue your clients connecting using DHCP over IPSec.Ending IP Address Enter the ending IP address.Subnet Mask Enter the subnet mask.Save Click Save to save and activate your settings.This page displays the IP range to be assigned to clients connecting using DHCP over IPsec. By default the range is in 192.168.12.0 subnet.
D-Link DSR-Series User Manual 98Section 7 - VPNCerticatesTrusted CerticatesThis router uses digital certicates for IPsec VPN authentication. You can obtain a digital certicate from a well-known Certicate Authority (CA) such as VeriSign, or generate and sign your own certicate using functionality available on this gateway.The router comes with a self-signed certicate, and this can be replaced by one signed by a CA as per your networking requirements. A CA certicate provides strong assurance of the server’s identity and is a requirement for most corporate network VPN solutions.The certicates menu allows you to view a list of certicates (both from a CA and self-signed) currently loaded on the router. The following certicate data is displayed in the list of Trusted (CA) certicates:CA Identity (Subject Name): The certicate is issued to this person or organizationIssuer Name: This is the CA name that issued this certicateExpiry Time: The date after which this Trusted certicate becomes invalidTo upload a certicate:1. Click VPN > IPSec VPN > Certicate > Trusted Certicates tab.2.  Click the Browse button. Locate your certicate and click Open.3. Click Upload.
D-Link DSR-Series User Manual 99Section 7 - VPNActive Self CerticatesA self certicate is a certicate issued by a CA identifying your device (or self-signed if you don’t want the identity protection of a CA). The Active Self Certicate table lists the self certicates currently loaded on the router. The following information is displayed for each uploaded self certicate:Name: The name you use to identify this certicate, it is not displayed to IPsec VPN peers.Subject Name: This is the name that will be displayed as the owner of this certicate. This should be your ocial registered or company name, as IPsec or SSL VPN peers are shown this eld.Serial Number: The serial number is maintained by the CA and used to identify this signed certicate.Issuer Name: This is the CA name that issued (signed) this certicateExpiry Time: The date after which this signed certicate becomes invalid. You should renew the certicate before it expires.To upload a certicate:1. Click VPN > IPSec VPN > Certicate > Active Self Certicates tab.2.  Click the Browse button. Locate your certicate and click Open.3. Click Upload.
D-Link DSR-Series User Manual 100Section 7 - VPNSelf Certicate RequestsTo request a self certicate to be signed by a CA, you can generate a Certicate Signing Request from the router by entering identication parameters and passing it along to the CA for signing. Once signed, the CA’s Trusted Certicate and signed certicate from the CA are uploaded to activate the self -certicate validating the identity of this gateway. The self certicate is then used in IPsec and SSL connections with peers to validate the gateway’s authenticity.To generate a certicate signing request:1. Click VPN > IPSec VPN > Certicates > Self Certicate Requests.2. Click New Self Certicate.3.  Complete the elds in the table below and click Save.Field DescriptionName Enter a name (identier) for the certicate.SubjectThis eld will populate the CN (Common Name) entry of the generated certicate. Subject names are usually dened in the following format: CN=<device name>, OU=<department>, O=<organization>, L=<city>, ST=<state>, C=<country>. For example: CN=router1, OU=my_company, O=mydept, L=SFO, C=US.Hash Algorithm Select the algorithm from the drop-down menu. Select either MD5 or SHA-1.Signature Key Length Select the signature key length from the drop-down menu. Select either 512, 1024, or 2048Application Type Select the application type from the drop-down menu. Select either HTTPS or IPSec.IP Address Enter an IP address (optional).Domain Name Enter a domain name (optional).Email Address Enter your email address. Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 101Section 7 - VPNEasy VPN SetupTo upload an exported IPSec VPN policy:1. Click VPN > IPSec VPN > Easy VPN Setup.2. Click Browse and navigate to the policy le you want to upload. Select it and click Open.3.  Click Upload. 4.  Once uploaded, go to VPN > IPSec VPN > Policies and the loaded VPN will be listed. Right-click it to edit or delete.
D-Link DSR-Series User Manual 102Section 7 - VPNPPTP VPNServerPath: VPN > PPTP VPN > ServerA PPTP VPN can be established through this router. Once enabled a PPTP server is available on the router for LAN and WAN PPTP client users to access. Once the PPTP server is enabled, PPTP clients that are within the range of congured IP addresses of allowed clients can reach the router’s PPTP server. Once authenticated by the PPTP server (the tunnel endpoint), PPTP clients have access to the network managed by the router.The range of IP addresses allocated to PPTP clients can coincide with the LAN subnet. As well the PPTP server will default to local PPTP user authentication, but can be congured to employ an external authentication server should one be congured.Field DescriptionEnable PPTP Server Select either IPv4 or IPv6.PPTP Routing Mode Select either NAT or Classical. Starting/Ending IP Address Enter the IP address range to assign your PPTP clients.IPv6 Prex If you selected IPv6, enter the IPv6 prex.IPv6 Prex Length If you selected IPv6, enter the IPv6 prex length.Authentication Select the authentication type from the drop-down menu.Authentication Supported Toggle which type of authentication you want to enable to ON.Idle TimeOut Enter the amount of time in seconds that the connection will disconnect when idle.NetBIOS Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel.Save Click to save your settings.To create a PPTP VPN server:1. Click VPN > PPTP VPN > Server.2.  Complete the elds in the table below and click Save.
D-Link DSR-Series User Manual 103Section 7 - VPNClientPath: VPN > PPTP VPN > ClientPPTP VPN Client can be congured on this router. Using this client you can access remote network which is local to PPTP server. Once client is enabled, the user can access Status > Active VPNs page and establish PPTP VPN tunnel clicking Connect. Field DescriptionClient Toggle to ON to enable PPTP client.Server IP Enter the IP address of the PPTP server you want to connect to.Remote Network Enter the remote network address. This address is local for the PPTP Server.Remote Netmask Enter the remote network subnet mask.Username Enter your PPTP user name.Password Enter your PPTP password.MPPE Encryption Toggle to ON to enable Microsoft Point-to-Point Encryption (MPPE).Idle Time Out Enter the amount of time (in seconds) that you will disconnect from the PPTP server when idle. Save Click Save to save and activate your settings.To congure the router as a PPTP VPN client:1. Click VPN > PPTP VPN > Client tab.2. Toggle Client to ON and complete the elds in the table below.
D-Link DSR-Series User Manual 104Section 7 - VPNPPTP Active Users ListA list of PPTP connections will be displayed on this page. Right-click the connection to connect and disconnect.
D-Link DSR-Series User Manual 105Section 7 - VPNL2TP VPNServerPath: VPN > L2TP VPN > ServerA L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access. Once the L2TP server is enabled, PPTP clients that are within the range of congured IP addresses of allowed clients can reach the router’s L2TP server. Once authenticated by the L2TP server (the tunnel endpoint), L2TP clients have access to the network managed by the router.The range of IP addresses allocated to L2TP clients can coincide with the LAN subnet. As well the L2TP server will default to local L2TP user authentication, but can be congured to employ an external authentication server should one be congured.Field DescriptionEnable L2TP Server Select either IPv4 or IPv6.L2TP Routing Mode Select either NAT or Classical. Starting/Ending IP Address Enter the IP address range to assign your L2TP clients.IPv6 Prex If you selected IPv6, enter the IPv6 prex.IPv6 Prex Length If you selected IPv6, enter the IPv6 prex length.Authentication Select the authentication type from the drop-down menu.Authentication Supported Toggle which type of authentication you want to enable to ON.Idle TimeOut Enter the amount of time in seconds that the connection will disconnect when idle.NetBIOS Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel.Save Click to save your settings.To create a L2TP VPN server:1. Click VPN >L2TP VPN > Server.2.  Complete the elds in the table below and click Save.
D-Link DSR-Series User Manual 106Section 7 - VPNClientField DescriptionClient Toggle to ON to enable L2TP client.Server IP Enter the IP address of the L2TP server you want to connect to.Remote Network Enter the remote network address. This address is local for the L2TP Server.Remote Netmask Enter the remote network subnet mask.Username Enter your L2TP user name.Password Enter your L2TP password.Reconnect Mode Select Always On or On Demand.MPPE Encryption Toggle to ON to enable Microsoft Point-to-Point Encryption (MPPE).Save Click Save to save and activate your settings.L2TP VPN Client can be congured on this router. Using this client we can access remote network which is local to L2TP server. Once client is enabled, the user can access Status > Active VPNs page and establish L2TP VPN tunnel clicking Connect. To congure the router as a L2TP VPN client:1. Click VPN > L2TP VPN > Client tab.2. Toggle Client to ON and complete the elds in the table below.
D-Link DSR-Series User Manual 107Section 7 - VPNL2TP Active Users ListA list of L2TP connections will be displayed on this page. Right-click the connection to connect and disconnect.
D-Link DSR-Series User Manual 108Section 7 - VPNSSL VPNSSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies. These policies can be applied to a specic network resource, IP address, or IP ranges on the LAN, or to dierent SSL VPN services supported by the router. The List of Available Policies can be ltered based on whether it applies to a user, group, or all users (global).To add a SSL VPN policy, you must rst assign it to a user, group, or make it global (i.e., applicable to all SSL VPN users). If the policy is for a group, the available congured groups are shown in a drop-down menu and one must be selected. Similarly, for a user-dened policy, a SSL VPN user must be chosen from the available list of congured users.The next step is to dene the policy details. The policy name is a unique identier for this rule. The policy can be assigned to a specic Network Resource (details follow in the subsequent section), IP address, IP network, or all devices on the LAN of the router. Based on the selection of one of these four options, the appropriate conguration elds are required (i.e., choosing the network resources from a list of dened resources, or dening the IP addresses). For applying the policy to addresses the port range/port number can be dened.The nal steps require the policy permission to be set to either permit or deny access to the selected addresses or network resources. As well the policy can be specied for one or all of the supported SSL VPN services (i.e. VPN tunnel).Once dened, the policy goes into eect immediately. The policy name, SSL service it applies to, destination (network resource or IP addresses), and permission (deny/permit) is outlined in a list of congured policies for the router.Note: You must enable Remote Management. Refer to “Remote Management” on page 172.To create a new SSL VPN policy:1.  Make sure you have enabled remote management and have created user(s) and group(s) to assign to this policy.2. Click VPN > SSL VPN > SSL VPN Server Policy.3. Click Add New SSL VPN Server Policy.Server Policies
D-Link DSR-Series User Manual 109Section 7 - VPN4.  Complete the elds from the table below and click Save.Field DescriptionPolicy Type Select Global, Group, or User.Available Groups/Users If you selected Group, select a group from the drop-down menu. If you selected User, select a user from the drop-down menu.Apply Policy To Select Network Resource, IP Address, IP Network, or All Addresses. Policy Name Enter a unique name for this policy.IP Address If you selected IP Address or IP Network, enter the IP address.Mask Length If you selected IP Network, enter the mask length (0-32).ICMP Toggle to ON to include ICMP trac.Begin/End Enter a port range or leave blank to include all TCP and UDP ports. These elds are not available when selecting Network Resource.Dened ResourcesIf you selected Network Resource, select the resource for the Dened Resource drop-down menu. If you have not created a resource, refer to “Resources” on page 112 to create a dened resource.Service Select either VPN Tunnel, Port Forwarding, or All. This eld is not available when selecting Network Resource.Permission Select either Permit or Deny.Save Click to save your settings.Network Resource IP Address
D-Link DSR-Series User Manual 110Section 7 - VPNPortal LayoutsPath: VPN > SSL VPN > Portal LayoutsYou may create a custom page for remote VPN users that is viewed during authentication. You may include login instructions, services, and other details. Note that the default portal LAN IP address is https://192.168.10.1/scgi-bin/userPortal/portal. This is the same page that opens when the “User Portal” link is clicked on the SSL VPN menu of the router web UI. To create a new portal layout:1. Click VPN > SSL VPN > Portal Layouts.2. Click Add New SSL VPN Portal Layout.Note: You may right-click a layout from the list and edit or delete a layout.3.  Complete the elds from the table on the next page and click Save.
D-Link DSR-Series User Manual 111Section 7 - VPNField DescriptionPortal Layout Name Enter a name for this portal. This name will be used as part of the path for the SSL portal URL. Only alphanumeric characters are allowed for this eld.Login Prole View Select a login prole from the drop-down menu.Portal Site Title Enter the portal web browser window title that appears when the client accesses this portal. This eld is optional.Banner Title The banner title that is displayed to SSL VPN clients prior to login. This eld is optional.Banner Message Enter a message you want to display.Display Banner Message on Login PageToggle to ON to display the banner title and message or OFF to hide the banner title and message.HTTP Meta Tags for Cache Control Toggle to ON or OFF. This security feature prevents expired web pages and data from being stored in the client‘s web browser cache. It is recommended to toggle to ON.Active X Web Cache Cleaner Toggle to ON or O. An ActiveX cache control web cleaner can be pushed from the gateway to the client browser whenever users login to this SSL VPN portal.Authentication Type Select the type of authentication from the drop-down menu.Group Select what group to include from the drop-down menu.VPN Tunnel Page Toggle to ON to allow remote users to view this page.Port Forwarding Toggle to ON to allow remote users to view this page.Save Click to save your settings.
D-Link DSR-Series User Manual 112Section 7 - VPNResourcesPath: VPN > SSL VPN > ResourcesNetwork resources are services or groups of LAN IP addresses that are used to easily create and congure SSL VPN policies. This shortcut saves time when creating similar policies for multiple remote SSL VPN users.Adding a Network Resource involves creating a unique name to identify the resource and assigning it to one or all of the supported SSL services. Once this is done, editing one of the created network resources allows you to congure the object type (either IP address or IP range) associated with the service. The Network Address, Mask Length, and Port Range/Port Number can all be dened for this resource as required. 3.  Complete the elds from the table on the next page and click Save.Add New ResourceTo add a new resource:1. Click VPN > SSL VPN > Resources.2. Click Add New Resource.
D-Link DSR-Series User Manual 113Section 7 - VPNField DescriptionResource Name Enter a unique name for this resource.Service Select VPN Tunnel, Port Forwarding, or All.ICMP Toggle to ON to include ICMP trac.Object Type Select Single IP Address or IP Network.Object Address Enter the IP address.Mask Length If you selected IP Network, enter the mask length (0-32).Begin/End Enter a port range for the object.Save Click to save your settings.
D-Link DSR-Series User Manual 114Section 7 - VPNPort ForwardingTo add a port forwarding rule:1. Click VPN > SSL VPN > Resources.2. Click Add New Rule under either Port Forwarding List for Congured Applications (TCP Port) or under Port Forwarding List for Congured Host Names (FQDN).3.  Enter the IP address of the local server.4.  Next enter either the TCP port number or the domain name (FQDN).5. Click Save.Port forwarding allows remote SSL users to access specied network applications or services after they login to the User Portal and launch the Port Forwarding service. Trac from the remote user to the router is detected and re-routed based on congured port forwarding rules.Internal host servers or TCP applications must be specied as being made accessible to remote users. Allowing access to a LAN server requires entering the local server IP address and TCP port number of the application to be tunnelled.
D-Link DSR-Series User Manual 115Section 7 - VPNClientTo congure client mode:1. Click VPN > SSL VPN > SSL VPN Client.Path: VPN > SSL VPN > SSL VPN ClientAn SSL VPN tunnel client provides a point-to-point connection between the browser-side machine and this router. When a SSL VPN client is launched from the user portal, a "network adapter" with an IP address from the corporate subnet, DNS and WINS settings is automatically created. This allows local applications to access services on the private network without any special network conguration on the remote SSL VPN client machine.It is important to ensure that the virtual (PPP) interface address of the VPN tunnel client does not conict with physical devices on the LAN. The IP address range for the SSL VPN virtual network adapter should be either in a dierent subnet or non-overlapping range as the corporate LAN.The router allows full tunnel and split tunnel support. Full tunnel mode just sends all trac from the client across the VPN tunnel to the router. Split tunnel mode only sends trac to the private LAN based on pre-specied client routes. These client routes give the SSL client access to specic private networks, thereby allowing access control over specic LAN services.2. Toggle Full Tunnel Support to ON to support full tunnel or OFF to enable split tunnel.3.  Enter a DNS sux to assign to this client (optional).3.  Enter a primary and secondary DNS server addresses (optional).4.  Enter the range of IP addresses clients will be assigned (DHCP).5.  Next to LCP Timeout, set the value for LCP echo interval (in seconds).6. Click Save.
D-Link DSR-Series User Manual 116Section 7 - VPNClient RoutesPath: VPN > SSL VPN > SSL VPN ClientIf the SSL VPN client is assigned an IP address in a dierent subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel. As well a static route on the private LAN‘s rewall (typically this router) is needed to forward private trac through the VPN Firewall to the remote SSL VPN client.When split tunnel mode is enabled, the user is required to congure routes for VPN tunnel clients:• Destination network: The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients‘ perspective is set here.•  Subnet mask: The subnet information of the destination network is set here.To congure a client route:1. Click VPN > SSL VPN > Client Routes.2. Click Add New Client Route.3.  Enter the destination network and subnet mask.4. Click Save.
D-Link DSR-Series User Manual 117Section 7 - VPNOpen VPNVPN > OpenVPN > SettingsOpenVPN allows peers to authenticate each other using a pre-shared secret key, certicates, or username/password. When used in a multiclient-server conguration, it allows the server to release an authentication certicate for every client, using signature and Certicate authority. An OpenVPN can be established through this router. You can select server mode, client mode, or access server client mode. In access server client mode, the user has to download the auto login prole from the OpenVPN Access Server and upload the same to connect.ServerSettingsField DescriptionMode Select Server.VPN Network Enter the IP network for the VPN.VPN Netmask Enter the netmask.Port Enter what port to use. The default port is 1194.Tunnel Protocol Select either TCP or UDP.Encryption Algorithm Select the encryption algorithm from the drop-down menu.Hash Algorithm Select the hash algorithm from the drop-down menu.Tunnel TypeSelect either Full Tunnel or Split Tunnel. Full Tunnel mode just sends all trac from the client across the VPN tunnel to the router. Split Tunnel mode only sends trac to the private LAN based on pre-specied client routes. If you select Split Tunnel, refer to “Local Networks” on page 120 to create local networks.Save Click Save to save and activate your settings.To congure the router as an OpenVPN Server:1. Click VPN > OpenVPN > Settings.2. Toggle OpenVPN to ON and complete the elds in the table below.
D-Link DSR-Series User Manual 118Section 7 - VPNClientField DescriptionMode Select Client.Server IP Enter the IP address of the OpenVPN server.Port Enter what port to use. The default port is 1194. Tunnel Protocol Select either TCP or UDP.Encryption Algorithm Select the encryption algorithm from the drop-down menu.Hash Algorithm Select the hash algorithm from the drop-down menu.Save Click Save to save and activate your settings.To congure the router as an OpenVPN client:1. Click VPN > OpenVPN > Settings.2. Toggle OpenVPN to ON and complete the elds in the table below.
D-Link DSR-Series User Manual 119Section 7 - VPNAccess Server ClientField DescriptionMode Select Access Server Client.Port Enter what port to use. The default port is 1194. Upload Status Displays if a conguration le has been uploaded.File Click Browse and locate the conguration le. Click Open and then click Upload.Save Click Save to save and activate your settings.To congure the router as an OpenVPN access server client:1. Click VPN > OpenVPN > Settings.2. Toggle OpenVPN to ON and complete the elds in the table below.
D-Link DSR-Series User Manual 120Section 7 - VPNLocal NetworksIf you selected Split Tunnel (from OpenVPN Server), you can create a local network by following the steps below:1. Click VPN > OpenVPN > Local Networks.2. Click Add New OpenVPN Local Network.3.  Enter a local IP network.4.  Enter the subnet mask.5. Click Save.
D-Link DSR-Series User Manual 121Section 7 - VPNRemote NetworksTo create remote networks:1. Click VPN > OpenVPN > Remote Networks.2. Click Add New OpenVPN Remote Network.3.  Enter a name of the remote network. 4.  Enter a local IP network.5.  Enter the subnet mask.6. Click Save.
D-Link DSR-Series User Manual 122Section 7 - VPNAuthenticationThis page will allow you to upload certicates and keys. Click Browse and select the le you want to upload. Click Open and then click Upload.
D-Link DSR-Series User Manual 123Section 7 - VPNGREVPN > VPN Settings > GREGRE tunnels allow for broadcast trac on the LAN of the router to be passed over the internet and received by remote LAN hosts. This is primarily useful in the D-Link Discovery Protocol (DDP) application where broadcast trac from one LAN host is to be received by all LAN hosts in the local subnets of the GRE endpoints.Note the following limits for the number of supported GRE tunnels per product:• DSR-150/150N: 5• DSR-250/250N: 10• DSR-500/500N: 15• DSR-1000/1000N: 20There are two simple steps involved in establishing a GRE tunnel on the router:1.  Create a GRE tunnel from the GUI2.  Setup a static route for the remote local networks using the GRE tunnelWhen creating the GRE tunnel, the IP Address should be a unique address that identies that GRE tunnel endpoint. It will be referenced in the other router’s static route as the Gateway IP address. The Remote End Address in the GRE tunnel conguration page is the WAN IP address of the other endpoint router.Once the tunnel is established, a static route on the router can be made using the interface set to the congured GRE tunnel name. The destination IP address of the static route is the remote LAN subnet, and the route’s gateway IP address will be the GRE tunnel IP of the terminating router (the same router that manages the remote LAN subnet). Once these two steps are completed, all DDP broadcast trac can ow between remote LAN subnets via the GRE Tunnel.To create a GRE tunnel:1. Click VPN > GRE > GRE Tunnels.2. Click Add New GRE Tunnel.
D-Link DSR-Series User Manual 124Section 7 - VPN3.  Complete the elds in the table below and then click Save.Field DescriptionGRE Tunnel Name Enter a name for the tunnel.IP Address Enter the IP address of this endpoint. It will be referenced in the other router’s static route as the Gateway IP address.Subnet Mask Enter the subnet mask.Interface Select the interface to create this tunnel with from the drop-down menu.Remote End Address Enter the WAN IP address of the endpoint router.Enable DDP Broadcast Toggle to ON to enable DDP broadcasting.IP Address Enter the destination IP address of the static route from the remote LAN subnet.Subnet Mask Enter the subnet mask.Gateway IP Address Enter the IP address of the termination router.Save Click Save to save and activate your settings.
D-Link DSR-Series User Manual 125Section 8 - SecurityField DescriptionGroup Name Enter a name for the group.Description Enter a description for the group.User TypeSelect the user type:• Admin - Grants all users in this group super-user privileges. By default, there is one admin user.• Network - Grants the next level of privileges.• Front Desk - Grants permissions to create temporary users who can Internet/network access (Hotspot).• Guest - Guest users will only have read access. Network and Admin users can toggle ON PPTP, L2TP, Xauth (Network only), SSLVPN, and Captive Portal.Idle TimeoutEnter the number of minutes of inactivity that must occur before the users in this user group are logged out of their web management session automatically. Entering an Idle Timeout value of 0 (zero) means never log out.Save Click Save at the bottom to save and activate your settings.GroupsPath: Security > Authentication > User Database > GroupsThe group page allows creating, editing, and deleting groups. The groups are associated to set of user types. To edit/delete an existing group, or add a new group:1. Click Security > Authentication > User Database > Groups tab.2.  Right-click a group entry and select either Edit or Delete. To add a new group, click Add New Group.3.  Complete the elds in the table below and click Save.Admin User Type Network User TypeSecurity
D-Link DSR-Series User Manual 126Section 8 - SecurityLogin PoliciesPath: Security > Authentication > Internal User Database > GroupsUsing the following procedure, you can grant or deny a user group login access to the web management interface.1. Click Security > Authentication > Internal User Database > Groups tab.2. Click Add Login Policies.3.  Complete the elds from the table below and click Save.Field DescriptionGroup Name Select the group you want to congure.Disable Login Toggle ON to deny login access to the web management interface for all users in this user group. Toggle OFF will allow users to log in.Deny Login from Option InterfaceToggle ON to deny login access to the web management interface from the WAN2/DMZ Port for all users in this user group. Toggle OFF will allow users.Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 127Section 8 - SecurityPath: Security > Authentication > Internal User Database > GroupsUse this feature to allow or deny users in a selected group from using a particular web browser to log in to the router’s web management interface.1. Click Security > Authentication > Internal User Database > Groups tab.Browser Policies2. Click Add Browser Policies.3.  Complete the elds from the table below and click Save.Field DescriptionGroup Name Select the group you want to congure from the drop-down menu.Client Browser Select a web browser from the drop-down menu.Save Click Save at the bottom to save and activate your settings.4.  Your policy will now be in the browser policies list. By default the status will be set to deny. If you want to set the status to allow, right-click the policy and select Allow.
D-Link DSR-Series User Manual 128Section 8 - SecurityPath: Security > Authentication > Internal User Database > GroupsUse this feature to allow or deny users in a user group to log in to the router’s web management interface from a particular network or IP address.1. Click Security > Authentication > Internal User Database > Groups tab.IP Policies2. Click Add IP Policies.3.  Complete the elds from the table below and click Save.Field DescriptionGroup Name Select the group you want to congure from the drop-down menu.Source Address Type Select either Network to specify a IP network or IP Address to specify a specic IP address.Network Address/IP Address Enter the network address or IP address.Mask Length If you selected Network, enter the mask length. Save Click Save at the bottom to save and activate your settings.
D-Link DSR-Series User Manual 129Section 8 - SecurityUsersPath: Security > Authentication > Internal User Database > UsersAfter you add user groups, you can add users to the user groups. Users can be added individually, or they can be imported from a comma-separated-value (CSV) formatted le. After you add users, you can edit them when changes are required or delete users when you no longer need them.To edit/delete existing users, or add a new user:1. Click Security > Authentication > Internal User Database > Users tab.User Management3.  Complete the elds from the table below and click Save.Field DescriptionUser Name Enter the user name for this user. This name is a unique identierFirst Name Enter the user’s rst name.Last Name Enter the user’s last name.Select Group Select the group you want to assign this user to from the drop-down menu.Password Enter a case-sensitive login password that the user must specify at the login prompt to access the web management interface. For security, each typed password character is masked with a dot (•).Conrm Password Enter the password to conrm.Save Click Save at the bottom to save and activate your settings.2.  Right-click a group entry and select either Edit or Delete. To add a new group, click Add New User.
D-Link DSR-Series User Manual 130Section 8 - SecurityPath: Security > Authentication > Internal User Database > Get User DBThe DSR administrator can add users to the local built-in database directly via an appropriately-formatted comma separated value (CSV) le. The advantage of this feature is to allow for a large number of users to be added to the system with one operation, and the same le can be uploaded to multiple DSR devices as needed. Once uploaded the specic users in the local user database can be modied via the GUI as needed.To import a user database:1. Click Security > Authentication > Internal User Database > Get User DB tab.2. Click Browse and locate the le you want to upload. Select it and click Open.3. Click Upload.4.  Once completed, go to Security > Authentication > User Database > Users and your imported users will be displayed in the Users List.5.  From the list you can right-click the user to edit or delete.Import User Database
D-Link DSR-Series User Manual 131Section 8 - SecurityThe following parameters must be used to dene the User database CSV le.1.  Create an empty text le with a .csv extension.2. Each line in the le corresponds to a single user entry. Every line should end with carriage return equivalent of CRLF. Do not add comments or other text in this le.3.  Formatting rules:a)  All the elds must be enclosed within double quotes.b)  Consecutive elds are separated by commas.c)  There should be no leading or trailing spaces in a line.d)  There should be no spaces between elds.  Each line in the CSV user database le should follow the following format: "UserName","FirstName","LastName","GroupName","MultiLogin","Password"  The above sample has elds that can assume the following values:•  Username (text eld): Name of the user and identier in the DSR’s database, and so it must be unique in the local user database.•  FirstName (text eld): This is a user detail and need not be unique.•  LastName (text eld): This is a user detail and need not be unique.•  GroupName (text eld): The group that is associated with this user.•  MultiLogSup (Boolean value): With this enabled (“1”), then multiple users can share a single username and password.•  Password (text eld): password to assign for this username•  The Group for a corresponding user (“GroupName” in the CSV) must be created via the GUI in advance of the User Database CSV upload action.•  None of the above elds can be left empty or NULL in the User Database CSV.Create a User Database (CSV File)
D-Link DSR-Series User Manual 132Section 8 - SecurityExternal Authentication ServersPath: Security > Authentication > External Auth Server > RADIUS ServerA RADIUS server can be congured and accessible by the router to authenticate client connections.To congure the router to connect to your RADIUS server:1. Click Security > Authentication > External Auth Server > RADIUS Server tab.RADIUS ServerField DescriptionAuthentication Server IP Address Enter the IP address of your RADIUS server.Authentication Port Enter the RADIUS authentication server port.Secret Enter the secret key that allows the device to log into the congured RADIUS server. It must match the secret on RADIUS server.Timeout Set the amount of time in seconds that the router should wait for a response from the RADIUS server.Retries This determines the number of tries the controller will make to the RADIUS server before giving up.Save Click Save at the bottom to save and activate your settings.Server Check Click to test the connection(s) to your RADIUS Server(s).2.  Complete the RADIUS server information from the table below and click Save. You can congure up to three servers.
D-Link DSR-Series User Manual 133Section 8 - SecurityPath: Security > Authentication > External Auth Server > POP3 ServerPOP3 is an application layer protocol most commonly used for e-mail over a TCP/IP connection. The authentication server can be used with SSL encryption over port 995 to send encrypted trac to the POP3 server. The POP3 server’s certicate is veried by a user-uploaded CA certicate. If SSL encryption is not used, port 110 will be used for the POP3 authentication trac.To congure the router to connect to your POP3 server:1. Click Security > Authentication > External Auth Server > POP3 Server tab.POP3 ServerField DescriptionAuthentication Server IP Address Enter the IP address of your POP3 server.Authentication Port Enter the POP3 authentication server port.SSL Enable Toggle to ON to enable SSL support for POP3. If this option is enabled, it is mandatory to select a certicate authority for it.CA File Certicate Authority to verify POP3 server’s certicate.Timeout Set the amount of time in seconds that the router should wait for a response from the POP3 server.Retries This determines the number of tries the controller will make to the POP3 server before giving up.Save Click Save at the bottom to save and activate your settings.Server Check Click to test the connection(s) to your POP3 Server(s).2.  Complete the POP3 server information from the table below and click Save. You can congure up to three servers.
D-Link DSR-Series User Manual 134Section 8 - SecurityPath: Security > Authentication > External Auth Server > POP3 Trusted CAA CA le is used as part of the POP3 negotiation to verify the congured authentication server identity. Each of the three congured servers can have a unique CA used for authentication.To congure:1. Click Security > Authentication > External Auth Server > POP3 Trusted CA tab.POP3 Trusted Server2. Click Add CA File.3. Click Browse and select a CA le. Click Open and then click Upload.
D-Link DSR-Series User Manual 135Section 8 - SecurityPath: Security > Authentication > External Auth Server > LDAP ServerThe LDAP authentication method uses LDAP to exchange authentication credentials between the router and an external server. The LDAP server maintains a large database of users in a directory structure, so users with the same user name but belonging to dierent groups can be authenticated since the user information is stored ina hierarchal manner. Also of note is that conguring a LDAP server on Windows or Linux servers is considerably less complex than setting up NT Domain or Active Directory servers for user authentication.The details congured on the controller will be passed for authenticating the router and its hosts. The LDAP attributes, domain name (DN), and in some cases the administrator account & password are key elds in allowing the LDAP server to authenticate the controller.To congure the router to connect to your LDAP server:1. Click Security > Authentication > External Auth Server > LDAP Server tab.LDAP ServerField DescriptionAuthentication Server (1-3) Enter the IP address of your primary LDAP server.LDAP Attribute (1-4)These are attributes related to LDAP users congured in LDAP server. These may include attributes like SAM account name, associated domain name etc. These can be used to distinguish between dierent users having same user name. LDAP Base DN Enter the base domain name. Timeout Set the amount of time in seconds that the router should wait for a response from the LDAP server.Retries This determines the number of tries the controller will make to the LDAP server before giving up.Save Click Save at the bottom to save and activate your settings.Administrator Account Enter the admin account information that will be used when LDAP authentication is required for PPTP/L2TP connection.Server Check Click to test the connection(s) to your LDAP Server(s).2.  Complete the LDAP server information from the table below and click Save. You can congure up to three servers.
D-Link DSR-Series User Manual 136Section 8 - SecurityPath: Security > Authentication > External Auth Server > AD ServerActive Directory authentication is an enhanced version of NT Domain authentication. The Kerberos protocol is leveraged for authentication of users, who are grouped in Organizational Units (OUs). In particular the Active Directory server can support more than a million users given is structure while the NT Domain server is limited to thousands. The congured Authentication Servers and Active Directory domain(s) are used to validate the user with the directory of users on the external Windows based server. This authentication option is common for SSL VPN client users and is also useful for IPsec / PPTP / L2TP client authentication.To congure the router to connect to your AD server:1. Click Security > Authentication > External Auth Server > AD Server tab.AD Server2.  Complete the AD server information from the table on the next page and click Save. You can congure up to three servers.
D-Link DSR-Series User Manual 137Section 8 - SecurityField DescriptionAuthentication Server (1-3) Enter the IP address of your AD server(s).Active Directory Domain (1-3) Enter the active directory domain name(s). Timeout Set the amount of time in seconds that the router should wait for a response from the AD server.Retries This determines the number of tries the controller will make to the AD server before giving up.Administrator Account Enter the admin account information that will be used when authentication is required for PPTP/L2TP connection.Save Click Save at the bottom to save and activate your settings.Server Check Click to test the connection(s) to your AD Server(s).
D-Link DSR-Series User Manual 138Section 8 - SecurityPath: Security > Authentication > External Auth Server > NT DomainThe NT Domain server allows users and hosts to authenticate themselves via a pre-congured Workgroup eld. Typically Windows or Samba servers are used to manage the domain of authentication for the centralized directory of authorized users.To congure the router to connect to your NT domain server:1. Click Security > Authentication > External Auth Server > NT Domain tab.NT Domain Server2.  Complete the NT server information from the table below and click Save. You can congure up to three servers.Field DescriptionAuthentication Server (1-3) Enter the IP address of your NT server(s).Workgroup (1-3) Enter the NT workgroup name(s). Timeout Set the amount of time in seconds that the router should wait for a response from the AD server.Retries This determines the number of tries the controller will make to the AD server before giving up.Administrator Account Enter the admin account information that will be used when authentication is required for PPTP/L2TP connection.Save Click Save at the bottom to save and activate your settings.Server Check Click to test the connection(s) to your AD Server(s).
D-Link DSR-Series User Manual 139Section 8 - SecurityPath: Security > Authentication > Login ProlesWhen a wireless client connects to the SSIDs or VLANs, the user sees a login page. The Login Prole and SLA page allows you to customize the appearance of that page with specic text and images. The wireless router supports multiple login and SLA pages. Associate login page or SLAs on SSIDs or VLANs separately.To add, delete, or edit login proles:1. Click Security > Authentication > Login Proles tab.Login Proles3.  Complete the elds from the table on the next page and click Save.2.  Right-click an entry and select either Edit or Delete. To add a new group, click Add New Login Prole.
D-Link DSR-Series User Manual 140Section 8 - SecurityField DescriptionGeneral DetailsProle Name Enter a name for this captive portal prole. The name should allow you to dierentiate this captive prole from others you may set up.Browser Title Enter the text that will appear in the title of the browser during the captive portal session.BackgroundSelect whether the login page displayed during the captive portal session will show an image or color. Choices are:•  Image: Displays an image as the background on the page. Use the Page Background Image eld to select a background image. •  Color: Sets the background color on the page. Select the color from the drop-down menuPage Background Image If you set Background to Image, upload the image le by clicking Add > Browse. Select an image, click Open and then click the Upload button. The maximum size of the image is 100 kb.Page Background Upload Choose the le you want to upload.Page Background Color If you set Background to Color, select the background color of the page that will appear during the captive portal session from the drop-down menu.Custom Color If you choose Custom on Page Background Color, enter the HTML color code. Minimal Page for Mobile Devices Toggle to ON to allow the web page to be properly viewed from a mobile device.Header DetailsBackgroundSelect whether the login page displayed during the captive portal session will show an image or color. Choices are:•  Image: Show image on the page. Use the Header Background Color eld to select a background color. The maximum size of the image is 100 kb.•  Color: Show background color on the page. Use the radio buttons to select an image.Header Background Image If you set Background to Image, upload the image le by clicking Add > Browse. Select an image, click Open and then click the Upload button. The maximum size of the image is 100 kb.Header Background Upload Choose the le you want to upload.Header Background Color If you set Background to Color, select the header color from the drop-down menu.Custom Color If you choose Custom on Page Background Color, you can choose particular color by lling in the HTML color code. Header Caption Enter the text that appears in the header of the login page during the captive portal session.Caption Font Select the font for the header text.Font Size Select the font size for the header text.Font Color Select the font color for the header text.Login DetailsLogin Section Title Enter the text that appears in the title of the login box when the user logs in to the captive portal session. This eld is optional.Welcome Message Enter the welcome message that appears when users log in to the captive session successfully. This eld is optional.Error Message Enter the error message that appears when users fail to log in to the captive session successfully. This eld is optional.Footer DetailsChange Footer Content Enables or disables changes to the footer content on the login page.Footer Content If Change Footer Content is checked, enter the text that appears in the footer.Footer Font Color If Change Footer Content is checked, select the color of the text that appears in the footer.
D-Link DSR-Series User Manual 141Section 8 - SecurityExternal Payment GatewayEnable External Payment Gateway Enables or disables external payment gateway and online wireless service purchasing from on the login page.Session Title 1 Enter the text that appears in the title of the online purchasing login box when the user logs in to the captive portal session.Message Enter the text appears in the online purchasing login box when the user logs in to the captive portal session.Session Title 2 Enter the text that appears in the title of the message box while online purchasing is complete.Success Message Enter the text that appears in the message box while online purchasing is complete.Session Title 3 Enter the text that appears in the title of the message box while online purchasing is fail.Failure Message Enter the text that appears in the message box while online purchasing is fail.Enable Billing Prole Select the billing prole which will be shown on the login page. The table only listed the billing proles which are set Unit Price. Enable the billing prole by switch ON on STATUS.Service Disclaimer Text Enter the service disclaimer text which is shown before user select and purchase wireless service.Payment Server Select the payment received account and its payment agent.
D-Link DSR-Series User Manual 142Section 8 - SecurityPath: Security > Authentication > Static FilteringYou may block access to certain Internet services.To block or allow a service:1. Click Security > Web Content Filter > Static Filtering tab.Static FilteringWeb Content Filtering2.  Toggle Content Filtering to ON.3.  Toggle the service to ON to block. Toggle to OFF to allow.4. Click Save.
D-Link DSR-Series User Manual 143Section 8 - SecurityPath: Security > Web Content Filter > Static Filtering > Approved URLThe approved URL list is an acceptance list for all URL domain names. Domains added to this list are allowed in any form. For example, if the domain “dlink” is added to this list then all of the following URL’s are permitted access from the LAN: www.dlink.com, support.dlink.com, etc. Importing/exporting from a text or CSV le is also supported.To add/import/export URLs to the approved list:1. Click Security > Web Content Filter > Static Filtering > Approved URL tab.Approved URLs2.  To import a list from a text/CSV le, click Upload URLs List from File. If you want to export the current list, click Export URLs List to File. To add a new URL, click Add New Approved URL. 3.  Enter a URL and click Save.
D-Link DSR-Series User Manual 144Section 8 - SecurityPath: Security > Web Content Filter > Static Filtering > Blocked KeywordsKeyword blocking allows you to block all website URL’s or site content that contains the keywords in the congured list. This is lower priority than the Approved URL List; i.e. if a blocked keyword is present in a site allowed by a trusted domain in the Approved URL List, then access to that site will be allowed. Import/export from a text or CSV le is also supported.To add/import/export URLs to the approved list:1. Click Security > Web Content Filter > Static Filtering > Blocked Keywords tab.Blocked Keywords2.  To import a list from a text/CSV le, click Upload Keywords List from File. If you want to export the current list, click Export Keywords List to File. To add a new URL, click Add New Keyword. 3.  Enter a keyword and click Save.
D-Link DSR-Series User Manual 145Section 8 - SecurityPath: Security > Web Content Filter > Dynamic FilteringDynamic Filtering will allow you to lter content from a list of categories. The router must be upgraded with  the WCF license and then the Content Filtering option, which allows the user to lter out internet sites, needs to be enabled. When enabled, access to a website belonging to one of these congured categories will be blocked with an error page.To add/import/export URLs to the approved list:1. Click Security > Web Content Filter > Dynamic Filtering.Dynamic Filtering2.  Toggle Global Filtering to ON to enable dynamic ltering.3.  Toggle any of the listed categories to ON to block. Toggle to OFF to allow.4. Click Save.
D-Link DSR-Series User Manual 146Section 8 - SecurityPath: Security > Firewall > Firewall Rules > IPv4 Firewall Rules or IPv6 Firewall RulesInbound (WAN to LAN/DMZ) rules restrict access to trac entering your network, selectively allowing only specic outside users to access specic local resources. By default all access from the insecure WAN side are blocked from accessing the secure LAN, except in response to requests from the LAN or DMZ. To allow outside devices to access services on the secure LAN, you must create an inbound rewall rule for each service.If you want to allow incoming trac, you must make the router’s WAN port IP address known to the public. This is called “exposing your host.” How you make your address known depends on how the WAN ports are congured; for this router you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used.Outbound (LAN/DMZ to WAN) rules restrict access to trac leaving your network, selectively allowing only specic local users to access specic outside resources. The default outbound rule is to allow access from the secure zone (LAN) to either the public DMZ or insecure WAN. On other hand the default outbound rule is to deny access from DMZ to insecure WAN. You can change this default behavior in the Firewall Settings > Default Outbound Policy page. When the default outbound policy is allow always, you can to block hosts on the LAN from accessing internet services by creating an outbound rewall rule for each service. To create a new rewall rule:1. Click Security > Firewall > IPv4 Firewall Rules tab or IPv6 Firewall Rules tab.FirewallFirewall Rules2.  Right-click an entry and select either Edit or Delete. To add a new group, click Add New IPv4/IPv6 Firewall Rule.
D-Link DSR-Series User Manual 147Section 8 - Security3.  Complete the elds from the table below and click Save.Field DescriptionFrom Zone Select the source of originating trac: either secure LAN, public DMZ, or insecure WAN. For an inbound rule WAN should be selected.To ZoneSelect the destination of trac covered by this rule. If the From Zone is the WAN, the To Zone can be the public DMZ or secure LAN. Similarly if the From Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN.Service Select a service from the drop-down menu. ANY means all trac is aected by this rule. Action Select an action from the drop-down menu.Source Hosts Select a source host. If you select Single Address or Address Range, you will need to enter the IP address or IP range.Destination Hosts Select a Destination host. If you select Single Address or Address Range, you will need to enter the IP address or IP range.Log Select whether to log rewall trac or not.QoS Priority (IPv4 only)Outbound rules (where To Zone = insecure WAN only) can have the trac marked with a QoS priority tag. Select a priority level:   • Normal-Service: ToS=0 (lowest QoS)   • Minimize-Cost: ToS=1   • Maximize-Reliability: ToS=2   • Maximize-Throughput: ToS=4   • Minimize-Delay: ToS=16

Navigation menu