UTT TECHNOLOGIES UTT Router User Manual
SHANGHAI UTT TECHNOLOGIES CO., LTD. Router
User manual
HiPER 811
Quick Guide
2009-3-17
Version: 1.2
Copyright Notice
Copyright © 2000-2009, Shanghai UTT Technologies Co., Ltd.
All rights reserved.
The information of this publication is protected by copyright. No part of this publication
may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language without written permission from the copyright holders. The scope of
delivery and other details are subject to change without prior notice.
Trademark
UTT® is a registered trademark of Shanghai UTT Technologies Co., Ltd.
HiPER® is a registered trademark of Shanghai UTT Technologies Co., Ltd.
Other trademarks and registered trademarks of products mentioned in this publication
may be the properties of their respective owners and are only used for identification
purposes.
Warning
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one or more of the following
measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Caution: Any changes or modifications to this device not explicitly approved by
manufacturer could void your authority to operate this equipment.
Page I
Table of Contents
About This Guide ................................................................................................................. 1
0.1 Conventions ............................................................................................ 1
0.1.1 Conventions for page path ..................................................................... 1
0.1.2 Common Button ...................................................................................... 1
0.1.3 List .......................................................................................................... 2
0.1.3.1 Editable List ............................................................................................ 2
0.1.3.2 Read-only List ......................................................................................... 3
0.1.3.3 Sorting Function ...................................................................................... 4
0.2 Factory Default Settings ......................................................................... 4
Chapter 1 Product Overview ................................................................................... 5
1.1 Key Features .......................................................................................... 5
1.2 Specifications .......................................................................................... 7
Chapter 2 Physical Installation ................................................................................ 8
2.1 Front Panel ............................................................................................. 8
2.1.1 LEDs ....................................................................................................... 8
2.1.2 Ports ........................................................................................................ 9
2.1.3 Reset Button ........................................................................................... 9
2.2 Connecting the Device ......................................................................... 11
Chapter 3 Quick Setup Guide ................................................................................ 12
3.1 Configure PC ........................................................................................ 12
3.2 Login the Device ................................................................................... 14
3.3 Internet Connection .............................................................................. 17
3.3.1 Internet Connection Setup .................................................................... 17
3.3.1.1 PPPoE Connection ............................................................................... 19
3.3.1.2 Static IP Connection ............................................................................. 22
3.3.1.3 DHCP Connection ................................................................................ 23
3.3.2 Internet Connection List ........................................................................ 24
3.3.3 How to Dial and Hang up a PPPoE connection ................................... 26
3.3.4 How to Renew and Release a DHCP Connection ................................. 27
3.3.5 How to Edit the Connection .................................................................. 28
Page II
3.3.6 How to Delete the Connection .............................................................. 28
3.4 Network Security ................................................................................... 29
3.4.1 Virus Defense ....................................................................................... 29
3.4.2 Rate Limit .............................................................................................. 30
3.5 ARP Spoofing Defense ......................................................................... 31
3.5.1 ARP Spoofing Defense Setup .............................................................. 31
3.5.2 Dynamic ARP Table .............................................................................. 31
3.5.3 How to Defense Against ARP Spoofing Attack ..................................... 32
3.6 Port Forwarding .................................................................................... 33
3.6.1 Port Forwarding Setup .......................................................................... 33
3.6.2 Port Forwarding Rule List ..................................................................... 34
3.7 Change Administrator’s Password ....................................................... 35
3.8 Remote Management ........................................................................... 36
Appendix Contact Information ........................................................................................... 37
Page 1
About This Guide
Note
For best use of our product, it is strongly recommended that you update Windows
Internet Explorer browser to 6.0 or above.
0.1 Conventions
0.1.1 Conventions for page path
Lever one menu > lever two menu(bold)means the menu path to open some
configuration page. E.g. System admin > Time means that in web interface, first click
level one menu system admin, then click level two menu Time to open clock
management page.
0.1.2 Common Button
Following common action buttons are used in this doc.
: Save and apply current settings.
: Cancel current settings and recover to the previous saved settings.
: Refresh the information on page.
: Acquire related help information.
Page 2
: Delete the selected entry(s) with the corresponding settings.
0.1.3 List
In web page there are two kinds of lists: Editable list and read-only list.
0.1.3.1 Editable List
Editable list is used to display, edit and delete configuration item. Let us take DHCP
Static Binding List (see Table 0-1) as an example to explain the functions.
Table 0-1 DHCP Static Binding List
: Current page number/ total pages, the example means the current page is first
page, and total one page.
: Go to the first page.
: Go to the previous page.
: Go to the next page.
: Go to the last page.
: Enter page number in text field, then click Go to or type <Enter> to
Page 3
jump to that page.
: Enter the search text in text field, then type <Enter> to display
all the matched entries, besides, you can search within results. After search, if you want
to display all the entries, you only need type <Enter> in empty text field.
Note: The match criterion is that search text exists in entry’s information.
: Created entry number / maximum number, the example means two DHCP static
binding entries have been set up and the maximum configurable entries number is 53.
: Click to open corresponding edit page.
: Select it to select all the entries in current page. Else, unselect all the
entries.
: First select some entry(s) (by selecting the leftmost check box), and then click
it to delete the selected entry(s).
0.1.3.2 Read-only List
Read-only list is used to display the system status information that is not editable. Let us
take DHCP Leases List (see Table 0-2) as an example to explain the functions.
Table 0-2 DHCP Leases List
, , , , , ,
have the same meaning of the former.
Page 4
: Current status entry number /maximum number,the example means there are
two status information entry in the list.
: Refresh the list to view current status of the list.
0.1.3.3 Sorting Function
Except Access Rule List in Advanced Setup > Access Rule page, all the lists in web
page support sorting function. Steps are as following:
Clicking the column title in list will make the list sorts the data by clicked column. The first
click makes it sorted descendingly. And the secondary click makes it sorted ascendingly.
The third one is descending again, and so forth. Each sorting will make the list display
the first page.
0.2 Factory Default Settings
1. The following table provides the factory default settings of Interfaces.
Interface
IP Address
Subnet Mask
LAN
192.168.16.1
255.255.255.0
WAN
192.168.17.1
255.255.255.0
Table 0-3 the Factory Default Settings of Interfaces
2. The default administrator’s user name is Default (case sensitive) with empty
password.
Page 5
Chapter 1 Product Overview
The HiPER 811 security gateway/VPN firewall is a purpose-built security system
designed for small-sized businesses and enterprise branch offices.
The HiPER 811 integrates a rich suite of functions, including L2TP/PPTP/IPSec VPN,
NAT/PAT, firewall, bandwidth management, DHCP server/client, popular attack defense
capability, system management and monitor, and so on.
1.1 Key Features
Operation mode: NAT/NAPT, route and hybrid mode
Internet connection type: PPPoE, Static IP and DHCP
Supports Express Forwarding, excellent performance
Built-in firewall,Defense against ARP spoofing, DoS/DDoS attack, port scanning,
Worm.Blaster, Worm.Sasser, etc.
Supports NAT port forwarding, DMS host
Supports NAT ALG: ICMP, FTP, GRE, PPTP, ESP ALG, etc.
Supports NAT sessions limit for each internal host
Supports bandwidth limit for each internal host
Supports IP packet filtering IP address, protocol and TCP/UDP port filtering
Supports Web content filtering: URL and keyword filtering
Filtering based on schedule
IM (instant messenger) control: block or allow IM application, e.g., MSN and QQ
Page 6
Messenger
P2P (peer-to-peer) control: block or allow P2P application, e.g., BitTorrent and
BitSpirit
Supports personal policy settings to realize personal service according to need
Provide hierarchy management structure (include personal, group and global) to
flexibly manage the internal users
Supports IP/MAC binding, blacklist and whitelist Setting
IP/MAC intelligent binding: automatic binding and batch binding
Supports DHCP Server and Client,DHCP static binding;
Supports SNTP (Simple Network Time Protocol)
Supports DDNS (Dynamic DNS)
Supports Port-based VLAN
Supports UPnP
Supports port mirror
Supports MAC address clone
Supports static route,dynamic route protocol: RIP I and RIP II
Supports NAT traversal of IPSec, PPTP and L2TP
Provides Web user interface, Command line interface (Telnet)
Remote management via Web or CLI
Supports SYSLOG, SNMP v1 and v2c
Configuration file backup and restore
Firmware upgrade via TFTP or Web
Multi-level administration privileges
Built-in diagnostic tool: ping, traceroute, nslookup
Real-time monitoring, logging, alarms of system activities
Supports IPSec, L2TP and PPTP VPN
FQDN (fully qualified domain name) support for dynamic IP address VPN
connections
Site-to-site VPN, remote access VPN (client-to-site)
VPN pass-through of L2TP, PPTP, IPSec
L2TP server and client, PPTP server and client
Page 7
IPSec features as followed:
1. AutoIKE based on preshared key and manual key tunnels
2. ESP and AH protocols
3. DES, 3DES and AES 128/192/256 encryption algorithm
4. MD5 and SHA-1 hash algorithm
5. Diffie-Hellman group 1, 2 and 5
6. Main mode and aggressive mode
7. DPD (dead peer detection) and Anti-Replay
8. Hub-spoke and mesh connections
1.2 Specifications
Conforms to IEEE 802.3 Ethernet and IEEE 802.3u Fast Ethernet standards
Supports TCP/IP, PPPoE, DHCP, ICMP, NAT, Static Route, RIPI/II, SNMP (MIB II),
etc.
Supports 4-port LAN switch, a WAN port, and a reset button
Supports Auto-negotiation for 10/100Mbps and duplex mode for each physical port
Supports Auto MDI/MDI-X for each physical port
Provides status LEDs
Environment:
Operating Temperature: 32ºF to 104ºF (0ºC to 40ºC)
Storage Temperature: 32ºF to 158ºF (0ºC to 70ºC)
Operating Humidity: 10% to 90%, Non-condensing
Storage Humidity: 10% to 90%, Non-condensing
Power Supply: 180V to 240V AC, 50/60Hz
Page 8
Chapter 2 Physical Installation
This section describes how to install the Device.
2.1 Front Panel
The LEDs and network ports are located on the front panel of the Device.
Figure 2-1 Front Panel
2.1.1 LEDs
The LEDs give real-time information of system status. The following table provides
description of the LEDs status and their meaning.
LED
Status
Description
PWR
Green
The Device is powered on.
Off
The Device is powered off.
SYS
Blinking
When system is working well, the status light will
blink twice per second, and it will blink slower under
heavy load.
Off or Green
Ever-on or ever-off means system is abnormal.
Page 9
TRF
Blinking
Network activity on the Device.
Off
No activity on the Device.
FLT
Blinking
The Device is not operating correctly.
Off
The Device is operating correctly.
Link/Act
Green
Valid link on the associated port.
Blinking
Network activity on the associated port.
Off
No link established on the associated port.
100M
Green
The associated port is connected at 100Mbps.
Off
The associated port is connected at 10Mbps.
Table2-1 LEDs Description
2.1.2 Ports
Interface
Description
LAN (1, 2, 3, 4)
These Ethernet ports connect the Device to wired computers,
hubs, switches, and other Ethernet network devices.
WAN
This port connects to a cable or DSL modem, or other Ethernet
network device.
Table2-2 Ports Description
2.1.3 Reset Button
If you want to reset the Device to the factory default settings, press and hold in the Reset
button for more than 5 seconds when the Device is on, then release the button. After that,
the Device will restart with the factory default settings.
Note
Page 10
1. The reset operation will clear all the settings and preferences that you have
configured.
2. You can also reset the Device to the factory defaults on the System Admin >
Backup & Restore page.
Page 11
2.2 Connecting the Device
Before you install the Device, please make sure your PC can connect to the Internet
through your broadband service successfully. If there is any problem, please contact with
your ISP for help.
After that, please install the Device according to the following steps. Don’t forget to pull
out the power plug and keep your hands dry.
Step 1 Power off your PC(s), Cable/DSL modem, and the Device.
Step 2 Connect the PC(s) and the Switches or Hubs on your LAN to the Device’s LAN
port (see Figure 2-2).
Step 3 Connect the Cable/DSL modem to the Device’s WAN port (see Figure 2-2).
Step 4 Connect the power cord to the power connector on the back panel of the
Switch. Then plug the other end of the power cord to a grounded three-prong
AC power outlet. The Device will start to work automatically.
Step 5 Power on your network devices, PCs, Switches, Hubs, and so on.
Figure 2-2 Connecting the Device
Page 12
Chapter 3 Quick Setup Guide
After you have connected the Device into your network, you may configure it. This
chapter describes how to configure the basic functions of your Device. It will only take
you a few minutes. You can access the Internet via the Device immediately after it has
been successfully configured.
3.1 Configure PC
Before set up the Device, you need to install and configure TCP/IP properties on each
network PC.
Step 1 Connect the PC to the Device’s LAN port.
Step 2 Install TCP/IP protocol components on your PC. If it has been installed, please
ignore it.
Step 3 Setup IP settings for your PC. You can setup manually or configure the PC to
obtain an IP address automatically.
Setup manually: Your PC’s IP address should be within the range from
192.168.16.2 to 192.168.16.254, the default gateway should be
192.168.16.1 (LAN interface’s IP address), and the DNS server should be
provided by your ISP.
Setup automatically: In the Internet Protocol (TCP/IP) Properties
screen, select Obtain an IP address automatically. The Device’s built-in
DHCP server will automatically assign an IP address to the PC.
Step 4 To verify the network connection between your PC and Device, you can use
the ping command at the command prompt on the PC: Ping 192.168.16.1
If the displayed page is similar to the screenshot below, the connection
between your PC and Device has been established.
Page 13
If the displayed page is similar to the screenshot below, it means that your
PC has not connected to the Device.
If it is failed to connect, please check it follow the steps below:
1. Is the connection between your PC and the Route correct?
The LEDs of LAN port which links to the device and the LED on your PC’s adapter
should be lit.
2. Is the TCP/IP configuration for your PC correct?
If the Device’s IP address is 192.168.16.1, your PC’s IP address should be within the
range from 192.168.16.2 to 192.168.16.254, the gateway should be 192.168.16.1.
Page 14
3.2 Login the Device
Once your PC is properly configured, please do the following to use the Web-based
Utility.
For local access of the Device’s web-based utility, launch your web browser, and enter
the Device’s default IP address: 192.168.16.1, in the RUL filed (see Figure 3-1). Then
press the Enter key.
Figure 3-1 Address Bar
A login screen prompts you for your User name and Password. Enter Default (case
sensitive) in the User name field, and keep the Password field empty (see Figure 3-2).
Then click OK.
Figure 3-2 Login Screen
Page 15
The first screen that appears is the Homepage (see Figure 3-3).
Figure 3-3 Homepage
Note
If you have not setup the Internet connection yet, the system will push a prompt dialog
box as below:
Model and Version
Start Menu
Click to Restart
the Device
Click to jump to
the related page
Level One Menu
Page 16
Figure 3-4 A Dialog Box
Please click OK, then you can do common settings through the Start menu (see Figure
3-5), which including: Internet Connection, Network Security, Port Forwarding Rule, ARP
Spoofing Defense, User Personal Policy, User Group Policy, Firewall Policy and System
Info.
Figure 3-5 Start Menu
Page 17
3.3 Internet Connection
Click Start > Internet Connection,it will jump to Basic Setup > Internet Connection
page. This page lets you setup the Internet Connection, view its status, and modify or
delete it.
Note
1. When you have finished the Internet connection setup, it is strongly recommended
that you go to Start > Network Security page to do essential security settings.
2. If you change the IP address of the LAN interface during the connection setup, you
should use a new address to login to the Device. And the default gateway of each
LAN PC should use this new address to access Internet.
3.3.1 Internet Connection Setup
At first, please click the Default hyperlink of the connection entry in the Internet
Connection List (see Figure 3-6).
Then select Connection Type provide by your ISP.
Connection Name: The connection name is Default, which is reserved by system.
You can’t modify it.
Physical Interface: The Default connection is bound to the WAN interface, you
can’t modify it.
Connection Type: Select connection type from the radio boxes, which is provided
by your ISP, available options: PPPoE, Static IP and DHCP (Obtain an IP
automatically).
PPPoE: Some DSL-based Internet Service Providers (ISPs) use PPPoE
(Point-to-Point Protocol over Ethernet) to establish Internet connections for
end-users. If you use a DSL line, check with your ISP to see if they use PPPoE,
Page 18
and then select PPPoE;
Static IP: If you are required to use a permanent IP address, select Static IP;
DHCP: If your ISP automatically assigns an IP address, select DHCP. Most
cable modem subscribers use this connection type.
Figure 3-6 Select Connection Type
Depending on which connection type you select, you will see various settings. We will
describe the settings for each connection type respectively (see chapter 3.3.1.1, 3.3.1.2
and 3.3.1.3).
② Select Type
① Click Default
Page 19
3.3.1.1 PPPoE Connection
If you choose PPPoE connection type, you will see the following page.
Figure 3-7 PPPoE Connection Setup
User Name and Password: Enter the PPPoE login user name and password
provided by your ISP.
Page 20
PPP Authentication: Select PPP authentication mode from this drop-down box,
available options: NONE, PAP, CHAP and Either.
PAP: Password Authentication Protocol;
CHAP: Challenge Handshake Authentication Protocol;
None: It means that there is no protocol will be used.
Either: It means that the Device will automatically negotiate it with the peer
device.
LAN IP Address: Enter the IP address for the Device’s LAN interface.
LAN Subnet Mask: Enter the subnet mask for the Device’s LAN interface.
Primary DNS Server: Enter the IP address of your ISP’s primary DNS server.
Secondary DNS Server: Enter the IP address of your ISP’s secondary DNS server
if it is available.
Advanced Options: Select this check box to configure advanced parameters. In
most case, you need not configure them.
Service Name: Enter the Service Name, if provided by your ISP.
MRU: The MRU (Maximum Receive Unit) setting specifies the largest packet size
permitted for network receive. In most cases, keep the default value (1492). When
dialing, the Device will automatically negotiate it with the peer device.
Dial Type: Select type of dial connection from this drop-down box, available options:
Always On, Manual and On Demand.
Always On: If you want the Device to establish a PPPoE session when starting
up and to automatically re-establish the PPPoE session once disconnected,
select this option.
Manual: If you want to dial and hang up a PPPoE session manually, select this
option. In the case of Manual type, you should dial and hang up manually in the
Internet Connection List on Basic Setup > Internet Connection page (See
chapter 3.3.3).
On Demand: If you want the Device to establish a PPPoE session only when
there are packets requesting to access the Internet (i.e., when a program on
your computer attempts to access the Internet), select this option.
Page 21
Dial Schedule: If you select a schedule (set up on User Admin > Schedule
Settings page), it will allow your Device to dial-up only in the selected schedule
range. Else, the Device always can dial-up.
Online Schedule: If you select a schedule rule (set up on User Admin > Schedule
Settings page), your Device can keep the Internet connection active only in the
online schedule range. Else, the connection always can keep active.
Keepalive Period: When the Internet connection is connected, the Device will
periodically send keepalive packets to the peer device per 1000 milliseconds. If the
Device does not receive a response during a specified period (set by Keepalive
Period), it will terminate the connection.
Idle Timeout: This determines how long the Device keeps the Internet connection
active after no Internet activity. If you set the value to zero, the Device will not
terminate it.
Session Timeout: This determines how long the Device keeps the Internet
connection active since connected. If you set the value to zero, the Device will not
disconnect it.
Priority: It specifies the routing priority for connected connection. When there are
several connections having the same destination subnet, the Device will choose the
connection having the highest priority to transmit the packets. The lower value
means the higher priority.
Down Priority: It specifies the routing priority for disconnected connection. When
there are several connections having the same destination subnet, the Device will
choose the connection having the highest priority to dial-up. The lower value means
the higher priority.
Dial Sub-interface: This Device doesn’t support it.
Page 22
3.3.1.2 Static IP Connection
If you choose Static IP connection type, you will see the following page.
Figure 3-8 Static IP Connection Setup
LAN IP Address: Enter the IP address for the Device’s LAN interface.
LAN Subnet Mask: Enter the subnet mask for the Device’s LAN interface.
WAN IP Address: Enter the IP address for the Device’s WAN interface, which is
provided by your ISP.
WAN Subnet Mask: Enter the subnet mask for the Device’s WAN interface, which is
provided by your ISP.
Default Gateway: Enter the IP address for the default gateway, which is provided
by your ISP.
Primary DNS Server: Enter the IP address of your ISP’s primary DNS server.
Secondary DNS Server: Enter the IP address of your ISP’s secondary DNS server
if it is available.
Page 23
3.3.1.3 DHCP Connection
If you choose DHCP connection type, you will see the following page.
Figure 3-9 DHCP Connection Setup
LAN IP Address: Enter the IP address for the Device’s LAN interface.
LAN Subnet Mask: Enter the subnet mask for the Device’s LAN interface.
WAN MAC Address: This field displays the current MAC address of the WAN
interface. In most cases, you need not change it. But when using DHCP connection
type, your ISP may only allow one MAC address to be registered. To bypass this
restriction, you should enter the registered MAC address that is stored by your ISP.
Primary DNS Server: Enter the IP address of your ISP’s primary DNS server.
Secondary DNS Server: Enter the IP address of your ISP’s secondary DNS server
if it is available.
Page 24
3.3.2 Internet Connection List
When you have configured the Default connection, you can view its status in the Internet
Connection List (see Table 3-1).
To view current status of the connection, click Refresh button.
Table 3-1 Internet Connection List
Table 3-1 Internet Connection List (continued)
Name: It displays the connection’s name.
Interface: It displays the name of the physical interface to which the connection is
bound.
Connection Type: It displays the connection’s type. In the case of PPPoE type, it
will also display the user name.
Connection Status: It displays current status of the connection. We will describe
each connection type respectively.
Page 25
1. PPPoE Connection Status
There are eight kinds of status for PPPoE connection (see Table 3-2). During it is in
connected status, it will also display the elapsed time (day: hour: minute: second)
since connected.
Status
Description
Closed
The physical interface is inactive, or not dial-up.
Dialing
Start dialing up, but not receive response yet.
Authenticating
Server responded and is authenticating.
Connected
Authenticated succeed, and the connection is established
and ready for date transmit.
Disconnecting
The PPPoE session is disconnecting.
Hang up
Either peer has hanged up.
Disconnected
PPPoE session has terminated, waiting for dialing up.
Internal Error
Undefined status.
Table 3-2 Description of Connection Status – PPPoE
2. Static IP Connection Status
There are three kinds of status for Static IP connection (see Table 3-3).
Status
Description
Closed
The physical interface is inactive.
Connected
The connection is established between the local and peer
devices.
Internal Error
Undefined status.
Table 3-3 Description of Connection Status – Static IP
3. DHCP Connection Status
There are three kinds of status for DHCP connection (see Table 3-4). During it is in
connected status, it will also display the time left before the lease expires (day: hour:
minute: second) for current IP address, which is assigned by your ISP’s DHCP
server.
Page 26
Status
Description
Closed
The physical interface is inactive, or the connection has
release the IP address but not request a new one yet.
Connecting
Requesting an IP address.
Connected
Have acquired an IP address, the connection is established.
Internal Error
Undefined status.
Table 3-4 Description of Connection Status – DHCP
NAT Status: It displays whether the connection enable NAT function or not. The
system will automatically enable NAT function during connection setup.
Rx Rate(bps): It displays current download rate of the connection during the refresh
interval.
Tx Rate(bps): It displays current upload rate of the connection during the refresh
interval.
IP Address, Subnet Mask and Default Gateway: They display the IP settings
status of the Device as seen by the external users of the Internet.
If your connection type is PPPoE or DHCP, it will show the information currently
being used, which received from your ISP’s PPPoE or DHCP server.
If your connection type is Static IP, the information will be the same as your
input.
3.3.3 How to Dial and Hang up a PPPoE connection
If your connection type is PPPoE, when you click the Default hyperlink of the connection
entry, the Dial, Disconnect and Refresh buttons will show below the list (see Table 3-5).
Note
If you have chosen Manual as Dial Type for your PPPoE connection (see chapter
3.3.1.1), you need click Dial button to dial-up the Internet connection, and click
Disconnect button to hang it up here.
Page 27
Click Refresh button to view current status of the connection.
Table 3-5 Internet Connection List - PPPoE Connection
3.3.4 How to Renew and Release a DHCP Connection
If your connection type is DHCP, when you click the Default hyperlink of the connection
entry, the Renew, Release and Refresh buttons will show below the list (see Table 3-6).
Click Renew button to re-acquire an IP address from the ISP’s DHCP server.
Click Release button to release the IP address obtained from the ISP’s DHCP server.
Click Refresh button to view current status of the connection.
Table 3-6 Internet Connection List - DHCP Connection
Page 28
3.3.5 How to Edit the Connection
If you want to edit the connection, do the following:
Step 1 In the Internet Connection List, click the Default hyperlink of the connection
entry, the related information will display in the setup fields.
Step 2 Modify the connection settings.
Step 3 Click Apply button to save and apply your settings.
3.3.6 How to Delete the Connection
If you want to delete the connection, do the following:
Step 1 In the Internet Connection List, click the Default hyperlink of the connection
entry, the related information will display in the setup fields.
Step 2 In the Connection Type radio boxes, select none (See Figure 3-10).
Step 3 Click Apply button to delete the connection.
Figure 3-10 Delete the Connection
Page 29
3.4 Network Security
On the Start > Network Security page, you can do essential security settings: virus
defense and rate limit. You can’t go to this page if the Internet connection hasn’t been
configured yet.
Note
When you click Apply button to save and apply your settings, the system will
automatically enable the Synchronize with SNTP Server function (you also can setup it
in System Admin >Time page), so it will acquire standard time once connected to
Internet.
3.4.1 Virus Defense
In this section (see Figure 3-11), you can do basic security settings to effectively defense
ARP spoofing attack, Dos and DDoS attack, and popular virus attack (e.g., Worm.Blaster
and Worm.Sasser). It will make your network robust and security.
Figure 3-11 Virus Defense
Enable ARP Spoofing Defense: To protect the Device against ARP spoofing attack
effectively, select this check box, and then bind all IP/MAC address pairs of the
whole LAN PCs (setup on Security > ARP Spoofing Defense, see chapter 3.5.2).
Enable Auto IP/MAC Binding: If you select this check box, it will periodically detect
active hosts connected to the device, and immediately bind all of the new valid
dynamic ARP information (IP and MAC address pairs) once learned them.
Page 30
Enable Popular Virus Defense: Select this check box to protect the device against
popular virus attack, e.g., Worm.Blaster and Worm.Sasser. And it will discard those
TCP packets whose destination port is 135, 136, 137, 138, 139, 445, 1025, 5554 or
9996, so your LAN hosts can’t access related services provided by outside hosts,
e.g., windows file sharing and print sharing services.
Enable DoS/DDoS Attack Defense: Select this check box to protect the device
against popular DoS and DDoS attack.
Note
If your LAN hosts’ IP addresses often change, it is recommended that you don’t select
Enable Auto IP/MAC Binding. If you want to manually bind IP and MAC address pairs,
please go to Security > ARP Spoofing Defense page to setup (see chapter 3.5.2).
3.4.2 Rate Limit
In this section, you can specify a bandwidth limit for each LAN host. This function lets
you allocate bandwidth equally to avoid few hosts occupying too much bandwidth.
Figure 3-12 Rate Limit
Max. Rx Rate for each LAN Host: Select the maximum download rate for each
LAN host. If you don’t want to limit the download rate, select NoLimit. If you want to
block internal users from downloading, select Block.
Max. Tx Rate for each LAN Host: Select the maximum upload rate for each LAN
host. If you don’t want to limit the upload rate, select NoLimit. If you want to block
internal users from uploading, select Block.
Page 31
3.5 ARP Spoofing Defense
Click Start > ARP Spoofing Defense,it will jump to Security > ARP Spoofing
Defense page. This page lets you setup ARP Spoofing Defense to protect the device
and your LAN hosts.
3.5.1 ARP Spoofing Defense Setup
Figure 3-13 ARP Spoofing Defense
Restrict ARP Update: Select this check box to disable the gratuitous ARP packets
learning function, so the device will discard gratuitous ARP packets directly. This
function will effectively protect the device against ARP spoofing attack.
Enable ARP Broadcast: Select this check box to enable the device to periodically
broadcast gratuitous ARP packets, it will inform your LAN hosts the correct MAC
address of the device’s LAN interface. This function will effectively protect your LAN
hosts against ARP spoofing attack.
Interval: Specify the interval between Gratuitous ARP packets (how often you want
the packets to be broadcast). It should be a multiple of 10 between 100 and 5000
(milliseconds).
3.5.2 Dynamic ARP Table
Click Scan LAN button (see Figure 3-14), it will automatically detect active hosts
connected to the device, learn and display dynamic ARP information (IP and MAC
address entries).
Page 32
Click Bind All button to bind all current valid IP and MAC address pairs.
Figure 3-14 Dynamic ARP Table
Note
1. If you want to bind all IP and MAC address pairs in the whole LAN, please make
sure that the hosts are turned on, and then click Scan LAN button, last click Bind
All button.
2. If you click Scan LAN button, the system will also check if there are any repeated IP
or MAC addresses in the Dynamic ARP Table, and then display repeated
information above it: repeated MAC addresses indicate that potential ARP spoofing
attack existing in your LAN, and repeated IP addresses indicate that potential IP
spoofing attack or IP address conflicting existing in it.
3.5.3 How to Defense Against ARP Spoofing Attack
To defense against ARP Spoofing Attack, do the following:
Step 1 Select both Restrict ARP Update and Enable ARP Broadcast check boxes.
Step 2 Turn on all of the hosts in your LAN, and then click Scan LAN button to learn
current dynamic ARP information.
Step 3 Click Bind All button to bind all current valid IP and MAC address pairs.
When you have finished these steps, it will protect the device and your LAN hosts
against ARP Spoofing Attack.
Page 33
3.6 Port Forwarding
Click Start > Port Forwarding, it will jump to Advanced > NAT & DMZ page. In this
page, you can setup some port forwarding rules.
Port forwarding can be used to set up public services on your network. When users from
the Internet make certain requests on your network, the Device can forward those
requests to computers equipped to handle the requests. For example, if you set the port
number 443 (HTTPS) to be forwarded to IP address 192.168.16.12, then all HTTPS
requests from outside users will be forwarded to 192.168.16.12.
3.6.1 Port Forwarding Setup
Figure 3-15 Port Forwarding Setup
Rule Name: Enter a name. It should be between 1 and 11 characters long.
Protocol: Select the protocol which it uses, available options: TCP, UDP and GRE.
Start External Port: Enter the lowest port number, which the Device provides for
outside users to access.
Internal IP: Enter the IP address of the local server that you want outside users to
access.
Start Internal Port: Enter the lowest port number used by the service.
Port Count: Enter the number of ports used by the service. If the service uses only
one port number, enter 1. The maximum value is 20. For example, if the start
internal port is 21, the start external port is 2000 and the port count is 10, then the
Page 34
internal port range is from 21 to 30, and the external port range is from 2001 to
2010.
Bind to: Select the NAT rule to which this port forwarding rule is bound. The port
forwarding rule will use the NAT rule’s external IP address as the external IP
address.
Note
1. If you select GRE protocol, the start external port and start external port should be 0,
and the port count should be 1.
2. The system will automatically create some port forwarding rules. You can not modify
or delete them.
3.6.2 Port Forwarding Rule List
Table 3-7 Port Forwarding Rule List
Add a Port Forwarding Rule: If you want to add a port forwarding rule, select Add
radio box, and then setup it, last click Apply button.
View Port Forwarding Rules: When you have created some port forwarding rules,
you can view them in the Port Forwarding Rule List.
Edit a Port Forwarding Rule: If you want to modify a port forwarding rule you have
created, click the Rule Name or Edit hyperlink of this rule entry, the related
information will display in the setup fields, and then modify it, last click Apply button.
Delete Port Forwarding Rule(s): If you want to delete some port forwarding rules,
select the leftmost check boxes of these entries, and then click delete button.
Page 35
3.7 Change Administrator’s Password
The default administrator’s user name is Default (case sensitive) with empty password.
To ensure the Device's security, you had better change the default password and
remember it. If the password has been changed, you should enter your new password
when you access the Device with the user name Default.
If you want to change the password, go to System > Administrator page, do the
following setup (see Figure 3-16):
Step 1 Click the Default or Edit hyperlink of the default administrator’s entry in the
Administrator List, the related information will display in the setup fields.
Step 2 Then modify the password in the setup fields.
Step 3 Click Apply button to save and apply your settings.
Figure 3-16 Administrator’s Password Setup
① Click Default
② Modify password
③ Click Apply
Page 36
3.8 Remote Management
If you want to allow HTTP, SNMP or TELNET remote management via Internet, go to
System Admin > Remote Admin page to setup.
Figure 3-17 Remote Management
HTTP: Select this check box to allow HTTP remote management. When accessing
the Device from Internet, you will enter http:// and enter the Device's WAN IP
address, followed by a colon (:) and the port number. For example, if WAN IP
address is 218.21.31.3 and the port number is 8081, enter in your browser:
http://218.21.31.3:8081.
Port: Enter the port number for HTTP remote management. The default value is
8081.
SNMP: Select this check box to allow SNMP remote management via Internet.
TELNET: Select this check box to allow TELENET remote management via Internet.
Note
To ensure security, it is strongly recommended that you don’t enable remote
management functions unless necessary. If you are sure to enable them, you had better
change the default password.
Page 37
Appendix Contact Information
For help with the installation or operation of this Device, contact UTT Technical Support
at one of the phone numbers or Internet addresses below.
Technical Support: +86-4006-781-781
E-mail: support@utt.com.cn
Official Website: http://www.utt.com.cn
Official BBS: http://www.utt.com.cn/bbs
Fax: +86-21-52655269