- DL manuals
- D-Link
- Network Router
- DRO-210i
- User Manual
D-Link DRO-210i User Manual
Summary of DRO-210i
Page 1
Dro-210 i broadband business gateway user guide (updated for firmware revision 2.1.2) d-link india ltd., software and r&d center, bangalore. Phone: 91-80-26788345/46/50/51 www.Dlink.Co.In.
Page 2: Table Of Contents
Table of contents about this manual .............................................................................. 4 1 product overview ............................................................................ 5 1.1 h ardware d etails .................................................................
Page 3
7.1.1 interface configuration.............................................................................................................. 36 7.1.2 policy rules ............................................................................................................................... 37 7.1.3 i...
Page 4: About This Manual
About this manual this document provides information related to the installation and configuration of dro- 210i along with a description of all its features. This document is intended for service providers and network administrators who guide the network infrastructure deployment in enterprises. Not...
Page 5: Product Overview
Product overview dlink dro-210i user guide 5 1 product overview dro-210i is a part of d-link's dro-2xx business gateway series, especially designed as an all-in-one network solution for small and medium businesses. Today's network infrastructure for small and medium business calls for highly reliabl...
Page 6: 1.1
Product overview dlink dro-210i user guide 6 1.1 hardware details dro-210i package contents the dro-210i package contains the following items: dro-210i broadband business gateway 2 straight ethernet cables 1 cross over ethernet cable 1 power cord 1 ac-dc adapter 4 stack rubber feet 1 cd with user ma...
Page 7
Product overview dlink dro-210i user guide 7 front panel the front panel provides the leds to indicate the status of the router. Module status description power on on off wan1 led ready on: link and protocol is up off: link or protocol is down wan2 led ready on: link and protocol is up off: link or ...
Page 8
Product overview dlink dro-210i user guide 8 rear panel the rear panel provides the router’s ports and reset button. Interface description reset restore the factory default settings in the router lan 10/100mbps ethernet lan ports (rj-45) lan/dmz 10/100mbps ethernet port (rj-45) - configurable as lan...
Page 9: 1.2
Product overview dlink dro-210i user guide 9 1.2 software features the router has rich features like routing, load-balancing, auto backup, firewall access control, secure vpn connectivity, network address translation, quality of service and remote management satisfying most of the needs of the smb m...
Page 10
Product overview dlink dro-210i user guide 10 network address translation (nat) nat enables the router to act as an address translation agent between the internet (public network) and the local (or private) network. The router supports all the combinations of nat models like many to many, many to on...
Page 11
Product overview dlink dro-210i user guide 11 tools the router supports various tools to manage and monitor the device. Syslog - the router can send the syslog messages to the configured server to aid in network administration. Ntp - the administrator can configure the system date and time manually....
Page 12: Interfaces
Interfaces dlink dro-210i user guide 12 2 interfaces the router provides the following interface ports: lan ports - the router has two dedicated 10/100 ethernet lan ports. Dmz port - the router has one 10/100 ethernet dmz port. A dmz port is used to connect to the company servers (e.G. Web server, f...
Page 13: 2.2
Interfaces dlink dro-210i user guide 13 port 4 is reconfigured as lan, the entries configured on wan2/dmz earlier will be displayed in dark grey color in the corresponding feature tables to indicate that these entries are currently invalid. Note: when port 4 is configured as lan, load balancing and ...
Page 14: 2.4
Interfaces dlink dro-210i user guide 14 select interface → → → → dmz to configure dmz settings as explained below. Dmz settings ip address enter the ip address of the dmz interface subnet mask enter the subnet mask of the dmz interface to add a dmz server in the network, the administrator can a) ass...
Page 15
Interfaces dlink dro-210i user guide 15 2.4.1 static mode in this mode, the isp allocates and provides a static global ip address for wan connectivity. The isp will also provide information regarding the default gateway ip address to be used for this connection. If you have purchased multiple static...
Page 16
Interfaces dlink dro-210i user guide 16 after entering all the information press the apply button. The dhcp client status table will now show the dhcp client status at the bottom of the page. Click on detect link status to configure the ethernet wan link detection feature. 2.4.3 pppoe mode in this m...
Page 17
Interfaces dlink dro-210i user guide 17 pppoe settings for wan1 interface unnumber interface select the option to enable unnumbered mode. When this option is not selected the router obtains an ip address from the isp for the pppoe connection. Ensure that both ends of the pppoe link are configured as...
Page 18: Dhcp, Dns And Time
Dhcp, dns and time dlink dro-210i user guide 18 3 dhcp, dns and time 3.1 dhcp dhcp (dynamic host configuration protocol) is a method of automatically assigning ip address, subnet mask, default gateway and dns server ip address to hosts on the lan. This router provides an in-built dhcp server. In add...
Page 19
Dhcp, dns and time dlink dro-210i user guide 19 default gateway enter the default gateway ip address that the router will assign to the hosts on the network. Lease time (sec) enter the length of time any host on the network can keep its dhcp settings assigned by the router. If the lease expires whil...
Page 20
Dhcp, dns and time dlink dro-210i user guide 20 ip address enter the ip address to be assigned to the system with the above mac address. After entering all the information press the apply button. The entries will now be displayed under the dhcp static mapping client table. If the static ip in the dh...
Page 21: 3.2
Dhcp, dns and time dlink dro-210i user guide 21 note: in relay mode, the dhcp server may unicast the dhcp ack message to the dhcp client. So proper routes should be configured at the server to enable it to reach the dhcp client subnet. 3.2 dns proxy dns (domain name system) is the protocol used to t...
Page 22: 3.3
Dhcp, dns and time dlink dro-210i user guide 22 3.3 time the system date and time of the router can be configured via this option. The system date and time can be configured manually, or it can be obtained automatically from a global time server using ntp. Ntp is designed to synchronize the time on ...
Page 23: Routing
Routing dlink dro-210i user guide 23 4 routing routing determines how to transport packets from the initiating host to the receiving host. The packet needs to determine a path through which it can travel from the sender to the receiver. The routing table in a router provides such a map to all packet...
Page 24: 4.1
Routing dlink dro-210i user guide 24 4.1 static routing when static routing is selected as the routing algorithm, the network administrator needs to manually configure all routes on the router. Any change in the network configuration would require the administrator to update the information in all a...
Page 25
Routing dlink dro-210i user guide 25 other network configuration problems like routing loop. In the internet, there are two types of dynamic routing algorithms used – distance vector and link state algorithm. In the distance vector (dv) algorithm, each router computes the costs of its own attached l...
Page 26: 4.3
Routing dlink dro-210i user guide 26 4.3 routing table the router maintains all the active route entries, and displays them in the routing table. The static routes configured manually by the administrator are displayed in grey color. And the dynamic routes learnt via rip are displayed in yellow colo...
Page 27
Routing dlink dro-210i user guide 27 outbound interface the network traffic which matches with all the below policy parameters will be sent out of this interface. Policy parameters inbound interface select the interface through which the incoming traffic will come in. Source select the source ip add...
Page 28: High Availability
High availability dlink dro-210i user guide 28 5 high availability the high availability support in the router is an ideal solution for businesses requiring uninterrupted, low cost internet connectivity. The router supports dual ethernet wan ports for xdsl connectivity . Though xdsl connectivity is ...
Page 29: 5.2
High availability dlink dro-210i user guide 29 5.2 load balancing with multiple internet connections, load balancing effectively uses the combined bandwidth of all the internet links resulting in a significant increase in the total available bandwidth. Also if any internet connection goes down, unin...
Page 30
High availability dlink dro-210i user guide 30 select interface → → → → wan1 and choose ip setting mode as static or dynamic. Click on detect link status to configure the ethernet wan link detection as explained below. Ethernet wan link detection interface the wan interface on which link detection i...
Page 31: 6.1
Network address translation dlink dro-210i user guide 31 6 network address translation when a computer wants to connect to the internet, it needs a legal and unique global ip address to traverse the internet. With the explosion of internet, the unique ip address space available is insufficient. Nat ...
Page 32
Network address translation dlink dro-210i user guide 32 6.1.2 nat configuration this router supports the following types of nat: many-to-one - in this case, multiple private ip addresses are mapped to one global ip address by using different ports. Many-to-many - in this case, multiple private ip a...
Page 33: 6.2
Network address translation dlink dro-210i user guide 33 consider a scenario where wan1 is used for internet connectivity. Nat must be enabled at wan1 to enable lan systems to access the internet. The company’s servers (web/ftp server) may be installed at the dmz interface using public ip address fo...
Page 34: 6.3
Network address translation dlink dro-210i user guide 34 protocol select the appropriate application from the list. This selection is equivalent to entering a correct transport type (tcp or udp) and port number for an application. For example, when smtp is chosen transport type tcp and port number 2...
Page 35: 6.4
Network address translation dlink dro-210i user guide 35 6.4 nat table the router maintains a table of sessions for which ip address and port translations have been performed. This translation table can be viewed from the nat table page. Select status → → → → nat table to view the nat session table ...
Page 36: Firewall
Firewall dlink dro-210i user guide 36 7 firewall firewall is a set of security rules that prevents intruders from gaining access to confidential and sensitive information. Its task is to ensure that only approved communication happens and unauthorized communication is blocked and logged. The primary...
Page 37
Firewall dlink dro-210i user guide 37 note: if more than one interface is of same security type, then policy database for them is same i.E if wan1 and wan2 are configured as untrusted then both of them will share a common inbound policies database. Caution: if lan is configured as untrusted, then re...
Page 38
Firewall dlink dro-210i user guide 38 note: when an active policy is disabled or deleted, another enabled policy will become active. In this case, currently ongoing sessions will no longer function if they are not permitted by the new active policy. 7.1.3 inbound policies the traffic flowing from un...
Page 39
Firewall dlink dro-210i user guide 39 protocol select from this drop-down menu the application. This is the equivalent of entering the correct transport type and the port number corresponding to a given application. Port range enter the range of port numbers for which the current policy rules will b...
Page 40
Firewall dlink dro-210i user guide 40 select firewall → → → → policy to get to the policy table and click out button to configure outbound policies. Outbound policies port filter enabled select enable to activate outbound port filter. Port filter is used to deny network packets coming from the trust...
Page 41
Firewall dlink dro-210i user guide 41 blocked services click on the link “blocked services” to get to blocked services configuration page. This page allows administrator to specify the application to be blocked from trusted network to the untrusted network. Outbound policies (service blocked rule) a...
Page 42
Firewall dlink dro-210i user guide 42 after entering all the information press the apply button and the blocked ip table will now be displayed at the bottom of the page. Press view button for viewing and delete button for deleting the corresponding entry. 7.1.5 domain filter domain filter feature en...
Page 43
Firewall dlink dro-210i user guide 43 after entering all the information press the apply button and the status table will now be displayed at the bottom of the page. Press view button for viewing and delete button for deleting the corresponding entry. 7.1.6 web filter the different types of web filt...
Page 44
Firewall dlink dro-210i user guide 44 keyword filter http packets with specific keywords (like jobs) in the url can be blocked using the keyword filter. In outbound policies select keyword list (under web filter) to go to the keyword filter configuration page. Keyword filter enter the keyword enter ...
Page 45
Firewall dlink dro-210i user guide 45 after entering all the information press the apply button and the status table will now be displayed at the bottom of the page. Press delete button for deleting the corresponding entry. 7.1.7 mac filter mac filter feature can be used to block all traffic from a ...
Page 46: 7.2
Firewall dlink dro-210i user guide 46 7.2 intrusion detection an intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable. The security architecture that detects and prevents these types of intrusion is called intrusion d...
Page 47
Firewall dlink dro-210i user guide 47 select firewall → → → → ids configuration to configure the ids configuration as explained below. Ids configuration enable ids select enable to activate the ids. Flood attack select enable to activate all types of flood attacks available on this router i.E. Syn f...
Page 48
Firewall dlink dro-210i user guide 48 7.2.2 intrusion log when traffic matches an intrusion signature and is blocked by the ids engine, the blocking event is recorded in the intrusion detection log. Select status → → → → log tables → → → → intrusion log to view the intrusion log table as explained b...
Page 49: Virtual Private Network
Virtual private network dlink dro-210i user guide 49 8 virtual private network vpn or virtual private networks allow multiple sites from an organization (and its clients, suppliers, etc.) to communicate securely over an insecure internet by encrypting all communication between the sites. Ipsec proto...
Page 50: 8.1
Virtual private network dlink dro-210i user guide 50 8.1 ipsec tunnel or passthrough the ipsec vpn feature can operate in 2 modes: ipsec passthrough: in this mode, the router will allow ipsec-vpn tunnels to be established between multiple lan side ipsec clients and multiple remote ipsec servers. It ...
Page 51
Virtual private network dlink dro-210i user guide 51 add/modify tunnel tunnel id enter the alphanumeric string that identifies the remote tunnel. Tunnel source interface select the wan interface, which serves as the tunnel's source endpoint. Termination type select the termination type (domain name ...
Page 52
Virtual private network dlink dro-210i user guide 52 that of des key and hence it is more secure. User must select exactly the same ike encryption algorithm on both ends of a vpn tunnel. Phase 2 proposal pfs mode select the mode that will be used for ipsec perfect forward secrecy (pfs). (group 1, gr...
Page 53: 8.3
Virtual private network dlink dro-210i user guide 53 as 192.168.20.0 with subnet mask 255.255.255.0 and outgoing device same as that of the source interface which was specified in the corresponding tunnel entry. 8.3 ipsec server ipsec server allows tele-workers to connect to their corporate office s...
Page 54
Virtual private network dlink dro-210i user guide 54 maximum life duration is 86400 seconds. Ike hash select the hash algorithm that will be used to ensure that the messages exchanged between the two ipsec vpn tunnel endpoints has been received exactly as it was sent. In other words, a hash algorith...
Page 55: 8.4
Virtual private network dlink dro-210i user guide 55 esp authentication algorithm on both ends of a vpn tunnel. Ah transform select the ah authentication algorithm (md5, sha) to be used when ah is selected for the ipsec operation. The user needs to use the same ah authentication method on both ends ...
Page 56: 8.5
Virtual private network dlink dro-210i user guide 56 tunnel name this is the name of the tunnel if it is a peer-to-peer configuration or it is the name of the ipsec server if it’s an ipsec server configuration. Termination ip/domain name if this is a peer-to-peer tunnel, then it indicates remote pee...
Page 57: 8.6
Virtual private network dlink dro-210i user guide 57 8.6 ipsec log the router maintains a log of the ipsec protocol activities i.E tunnel negotiation, establishment and renegotiation. Select status → → → → log tables → → → → ipsec log to view the ipsec log table as explained below. Ipsec log table i...
Page 58: Quality Of Service
Quality of service dlink dro-210i user guide 58 9 quality of service traffic control in a network can be achieved by quality of service (qos) algorithms, which involves guiding the packets based on some predefined rules. Traffic control classifies packets and places them in individual flows or class...
Page 59
Quality of service dlink dro-210i user guide 59 interface bandwidth enter the upstream bandwidth of the interface. Default class id enter the default class id for the root class. Corresponding class needs to be added in the class configuration the unclassified traffic will be sent to the class with ...
Page 60
Quality of service dlink dro-210i user guide 60 9.1.2 filter configuration filters in qos help in classification of traffic, and assigning the traffic to a specific htb class. These filters use ip parameters like source ip, destination ip, protocol, source port and destination port. The packets that...
Page 61: 9.2
Quality of service dlink dro-210i user guide 61 after entering all the information press the apply button and the qos filter entries tablewill now be displayed at the bottom of the page. Press view button for editing and delete button for deleting the corresponding entry. Note: 1) always configure f...
Page 62
Quality of service dlink dro-210i user guide 62 of zero indicates "any" source port. This field is effective when tcp/udp is selected as the protocol. Tos/diffserv enter the tos value (8 bit binary number) to be set in the ip header of the filtered packet. After entering all the information press th...
Page 63: Administration
Administration dlink dro-210i user guide 63 10 administration the router provides several administrative features/tools to maintain and monitor the router. This section discusses these features and their configuration in detail. 10.1 device information the current status of the router can be obtaine...
Page 64: 10.2
Administration dlink dro-210i user guide 64 connection type displays the wan routing protocol selected (static, dynamic or pppoe). Ip address displays the current wan ip address. Subnet mask displays the subnet mask for the wan ip address. Default gateway displays the gateway ip address for this int...
Page 65: 10.4
Administration dlink dro-210i user guide 65 select status → → → → log tables → → → → session log to view session log as explained below. Session log start time displays the starting date and time. End time displays the ending date and time. Source: port displays the ip address and the tcp/udp port n...
Page 66: 10.6
Administration dlink dro-210i user guide 66 select tools → → → → password to configure change password as explained below. Change password username the username for the account should be admin. Old password enter the old password for the account. New password enter the new password for the account. ...
Page 67: 10.7
Administration dlink dro-210i user guide 67 restart the device the saved settings. Restore to factory default settings press this button to restore the factory default settings of the router. On reboot, the router can be accessed using lan ip address 192.168.100.254. Restart the device press this bu...
Page 68: 10.8
Administration dlink dro-210i user guide 68 10.8 ping test the ping test feature allows the user to ping to any network device from the router. This helps in checking network connectivity from the router. Select tools → → → → ping test to configure ping test as explained below. Ping test set type se...
Page 69
Administration dlink dro-210i user guide 69 note: if nat is enabled on the remote side then the global ip address should be entered as the remote ip address because the router will get the request from that address..
Page 70: Frequently Asked Questions
Frequently asked questions dlink dro-210i user guide 70 11 frequently asked questions 11.1 general q1. I have forgotten the router’s lan ip address. Now how can i access the router to configure it? Ans: press the factory default switch (reset switch on the front panel) and the router settings will b...
Page 71: 11.2
Frequently asked questions dlink dro-210i user guide 71 go to status → device info, and check the physical link status and protocol status of the wan interface. If the physical link status is down, check the cable connectivity. If the protocol status is down, then go to interfaces → wan and connect ...
Page 72: 11.3
Frequently asked questions dlink dro-210i user guide 72 11.3 routing q8. How can i verify that the dynamic routes got exchanged using the rip feature? Ans: go to status → route table. Here the list of active route entries is displayed. The routes in “grey” color are static route entries. The entries...
Page 73: 11.5
Frequently asked questions dlink dro-210i user guide 73 11.5 firewall q11. I want to block access to download of songs, movies etc. How can i do that? Ans: use the router’s file extension filter feature to block http access to extensions like .Avi, .Mp3 etc. To configure file extension filter, enabl...
Page 74
Frequently asked questions dlink dro-210i user guide 74 q14. One of the lan systems is affected by virus and is generating huge traffic; which is consuming the entire internet bandwidth. What can i do? Ans: use the mac filter feature to temporarily block all traffic from the infected system. To conf...
Page 75: 11.6
Frequently asked questions dlink dro-210i user guide 75 ans: the router can only block messengers based on domain names, url keywords, ip addresses or port numbers used for communication. Blocking of messengers (like skype) which cannot be identified by any of these methods is not supported by the r...
Page 76: 11.7
Frequently asked questions dlink dro-210i user guide 76 q21. What are the call features supported by sip-alg? Ans: the call features supported by sip-alg are as below: a. Registration b. Call establishment c. Attended call transfer d. Unattended call transfer e. Call forward f. Voice mail g. Confere...
Page 77: 11.8
Frequently asked questions dlink dro-210i user guide 77 ans: no. Vpn provides security by encrypting and decrypting data that passes through a vpn connection; it does not offer protection from viruses. Q28. How should i configure my vpn tunnel to ensure maximum security? Ans: configure the vpn tunne...
Page 78
Frequently asked questions dlink dro-210i user guide 78 q32. My company uses a financial application across the internet, and i want to ensure that this traffic is prioritized over all other traffic. Ans: configure htb qos on the wan interface as explained in q31. This will ensure that this router p...