HP R100-Series Configuration And Administration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. R100-Series
  6. Configuration and administration manual
HP R100-Series Configuration And Administration Manual

HP R100-Series Configuration And Administration Manual

Wireless vpn routers
Hide thumbs Also See for R100-Series:
Table of Contents

Advertisement

Quick Links

Download this manual
HP R100-Series Wireless VPN Routers
Configuration and Administration Guide
HP Part Number: 5998-8218
Published: October 2015
Edition: 1 (Software Version1.0.1.x)

Advertisement

Table of Contents
loading

Related Manuals for HP R100-Series

Summary of Contents for HP R100-Series

  • Page 1 HP R100-Series Wireless VPN Routers Configuration and Administration Guide HP Part Number: 5998-8218 Published: October 2015 Edition: 1 (Software Version1.0.1.x)
  • Page 2 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents 1 Deploying the HP R110/R120 ..............7 2 Using the Wizard Setup ................11 Overview..............................1 1 Automatically running the Wizard Setup the first time you log in ............... 1 1 Accessing the Wizard Setup after your first login ..................1 1 Wizard Setup............................
  • Page 4 DHCP client list............................40 VLAN settings............................41 IGMP settings ............................43 6 Wireless configuration ................45 Viewing wireless interface status ....................... 45 Basic wireless settings..........................46 Configuring virtual access point interfaces..................... 48 Configuring wireless security ....................... 49 Advanced wireless settings ........................57 WDS settings ............................
  • Page 5 Scheduling............................127 Support file ............................129 Viewing the EULA ..........................129 15 Support and other resources ..............131 Online documentation ..........................131 Contacting HP ............................131 HP websites ............................131 Conventions ............................132 A Resetting to factory defaults ..............133 Factory reset procedures .........................133 Using the reset button........................133...

  • Page 7: Deploying The Hp R110/R120

    1 Deploying the HP R1 10/R120 In a small office, the HP R1 10/R120 can be directly connected to a broadband modem (DSL or cable) to provide secure wireless networking for all employees. In the following scenario, employees can share data and resources with each other and access the Internet at the same...
  • Page 8 In the following scenario, HP R1 10/R120 #1 provides wireless network services to the employees in the main office, while HP R1 10/R120 #2 and HP R1 10/R120 #3 use the Wireless Distribution System (WDS) to create a wireless link between the main office network and a small network in a warehouse.
  • Page 9 In the following scenario, four HP R1 10/R120s provide a virtual private network (VPN) across the Internet between corporate headquarters and three branch offices. The R1 10/R120 #1 creates secure VPN connections to R1 10/R120 #2, R1 10/R120 #3, and R1 10/R120 #4 at three branch locations.
  • Page 10 Deploying the HP R110/R120...

  • Page 11: Using The Wizard Setup

    Automatically running the Wizard Setup the first time you log in The first time you log in to the management interface (see the HP R100-Series Wireless VPN Routers Quickstart for the first time login procedure), the HP end user license agreement displays.

  • Page 12: Step 2: Specify Wan Settings

    Choose either to configure the system time manually or have it automatically configured by an NTP server. You can also enable support for daylight savings time, if required for your location. For more information on setting the system time, see “System time settings”...
  • Page 13 Connection Type: Static IP Address The Static IP Address Connection Type sets the router to operate with a fixed IP address. If your ISP provides you with a static IP address, subnet mask, and ISP gateway address, enter them in the spaces provided.
  • Page 14 Connection Type: PPTP The Point-to-Point Tunneling Protocol (PPTP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure connection between the service provider and the local network. Enter the specific PPTP information assigned by your ISP. For more information on the WAN PPTP Connection Type, see “PPTP”...

  • Page 15: Step 3: Specify Wireless Settings

    Step 3: Specify wireless settings The R1 10 router features a single dual-band radio for 2.4 GHz or 5 GHz operation. The R120 router features two radios, one for 2.4 GHz and one for 5 GHz operation. This means that the R1 10 can operate at 2.4 GHz or 5 GHz, but not both at the same time.

  • Page 16: Step 4: Summary

    For more information on wireless security, see “Configuring wireless security” on page Step 4: Summary After you complete the Wizard Setup, the Summary page displays. Confirm the settings, and then click Finish. The router reboots and the HP R1 10/R120 is operational. Using the Wizard Setup...

  • Page 17: Managing The Hp R110/R120 System

    Internet Explorer 8 or later, Google Chrome v29 or later, or Mozilla Firefox v24 or later. You can access the HP R1 10/R120 management tool using either http or https. Using https is more secure, but you will see a warning because the security certificate is issued by the router and not a known certificate authority.

  • Page 18: Setting The Operating Mode

    In this mode there is no WAN configuration, including routing, VPN, NAT, firewall, and QoS settings; all Internet access features are disabled. In fact, all four LAN ports and WAN port are bridged together, so the WAN port operates like another LAN port. Managing the HP R110/R120 system...

  • Page 19: General Administration Settings

    General administration settings The System > Admin page configures the following settings for the router. System information (General) settings Configures settings that help identify the router, including the system name, location, and the name of a person to contact for administrative purposes. The system name appears on the banner and login screen.

  • Page 20: Configuring Web Server Settings

    When using the trusted users feature, only computers with specified MAC or IP addresses can access the router's web management interface. All other devices, either LAN or WLAN, cannot access the web interface. A maximum of five rules can be defined. Managing the HP R110/R120 system...

  • Page 21: System Time Settings

    System time settings Correct system time is important for proper operation of the router, especially when using the logs to troubleshoot. Select System > System time to open the System Time page. This page enables you to configure time server and time zone information. Set system time This section displays the current system time.

  • Page 22: Daylight Saving

    Configuring SNMP The Simple Network Management Protocol (SNMP) enables the remote management of the HP R1 10/R120 router by a computer that has SNMP management software installed. The HP R1 10/R120 provides a robust SNMP v1/v2c implementation supporting both industry-standard MIB II objects and HP-specific MIB objects.

  • Page 23: Managing System Logs

    To configure SNMP, set the following options: • Enable SNMP: Use this checkbox to enable/disable SNMP support. By default, SNMP support is disabled, which means that the HP R1 10/R120 does not respond to SNMP requests. • Read Community: The password that controls read-only access to SNMP information on the router.
  • Page 24 The System Log Level setting determines which messages are stored and are available for relay to a remote syslog server. • IP Address: Specify the IP address of the remote syslog server. Managing the HP R110/R120 system...

  • Page 25: Events

    • Port: The syslog process uses logical port 514 by default. It is recommended that you keep this default. If you specify a different port number, ensure that the port number is not being used by another protocol on your network and that your syslog server is also configured to use that port.
  • Page 26 Subnet Mask Of Public Hosts In LAN The local subnet mask for the IP address. Rules Name Applies a schedule rule to the Proxy ARP service. The schedule rules are configured on the Tools > Scheduling page. Managing the HP R110/R120 system...

  • Page 27: Rebooting The Router

    Rebooting the router For maintenance purposes or as a troubleshooting measure, you can reboot the HP R1 10/R120 by selecting Reboot. The process may take several minutes during which wireless services are not available. The HP R1 10/R120 resumes normal operation with the same configuration settings it had before the reboot.
  • Page 28 Displays a summary of traffic statistics for the WAN and LAN ports. Set the poll interval for updating statistics on the page and click Start. You can also click Refresh anytime to immediately update values. Click Reset Counters to set all statistics values back to zero. Managing the HP R110/R120 system...

  • Page 29: Wan Configuration

    4 WAN configuration The WAN pages are used to configure the parameters for your Internet connection. The information necessary to set up a connection can be obtained from your ISP. Check with your ISP first to find out what type of connection you should choose. Viewing the WAN interface status The Status page displays the setting of the WAN interface.

  • Page 30: Settings

    DDNS The status of a dynamic DNS service. MAC Clone Indicates if the WAN port MAC address has been copied from a LAN computer. Settings The WAN settings page configures the method that the router uses to connect to an ISP through the WAN port.

  • Page 31: Pppoe

    This page includes the following information: Connection Type Select Static IP Address as the router’s method of connecting to the ISP. IP Address Enter the IP address assigned to the router’s WAN port by the ISP. Subnet Mask Enter the IP subnet mask assigned to the router’s WAN port by the ISP. Gateway Enter the IP address of the ISP’s gateway.
  • Page 32 The service name is typically optional, but may be required by some service providers. The service name defines the attributes used to set up a dynamic PPPoE subscriber interface. HP recommends that you do not enter a service name unless your service provider instructs you to do so.

  • Page 33: Pptp

    Sets the size of the Maximum Transmission Unit (MTU) for the largest packet that the network protocol can transmit. Manual Connection: You can click Connect and Disconnect to connect or disconnect the PPPoE connection immediately. Multiple-PPPoE Allows you to configure a second PPPoE session to run over the same connection. The second session connects to another PPPoE server and the configuration allows routing rules to be defined so that different clients can be routed through either PPPoE channel.

  • Page 34: L2Tp

    Server IP Enter the PPTP server IPv4 address as assigned by your ISP. Username Enter your ISP-assigned user name. Do not use these characters: ` " & ' # \ Password Enter your password (usually assigned by your ISP). Do not use these characters: ` " & ' # \ Confirm Password Enter the password again to confirm it.

  • Page 35: Ddns

    Password Enter your password (usually assigned by your ISP). Do not use these characters: ` " & ' # \ Confirm Password Enter the password again to confirm it. Idle Time Select the number of minutes to elapse without activity before the L2TP connection is disconnected.

  • Page 36: Mac Clone

    Configure DDNS parameters as follows: Enable DDNS Select to enable Dynamic DNS support. DDNS Server Enter the name of your Dynamic DNS service provider. Domain Name Enter the name of your host domain. Username Enter the user name assigned by your DDNS service. Do not use these characters: ` " & ' # \ Password Enter your password.

  • Page 37: Lan Configuration

    5 LAN configuration The HP R1 10/R120 router is equipped with a DHCP server that automatically assigns IP addresses to each computer on your network. The factory default settings for the DHCP server work with most applications. If you need to make changes to the settings, the LAN setting pages allow you to: •...

  • Page 38: Lan Settings

    This page includes the following information: Displays current settings for the LAN port. • MAC address: The Ethernet base MAC address of the router. • IP address: The address of the router. • Subnet mask: The subnet mask for the IP address. •...

  • Page 39: Dhcp Relay

    This page includes the following settings: IP Address The IPv4 address of the router for the default VLAN. Subnet Mask Only change the subnet mask if you have a specific reason to do so. Enable DHCP Server The Dynamic Host Configuration Protocol (DHCP) server feature automatically assigns IP addresses to each computer on a VLAN.

  • Page 40: Spanning Tree

    Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches and routers. Enabling STP allows the router to interact with other STP-compliant switches and routers on the network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.

  • Page 41: Vlan Settings

    VLAN settings VLANs on the router are organized and controlled by VLAN profiles. Up to four VLAN profiles can be created. After a new VLAN profile is created, LAN or WLAN interfaces must be added to the VLAN by changing the VLAN settings of the interfaces. An interface can be a member of only one VLAN, either tagged or untagged.
  • Page 42 On the Add VLAN page, you can set the parameters to configure the behavior of VLANs. This page includes the following settings: Name A text description of the VLAN. Do not use these characters: ` " & ' # \ IP Address The IP address of the VLAN interface.

  • Page 43: Igmp Settings

    IGMP settings The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP can be used for one-to-many networking applications, such as online streaming video and gaming, and allows more efficient use of resources when supporting these types of applications.
  • Page 44 LAN configuration...

  • Page 45: Wireless Configuration

    6 Wireless configuration The wireless settings section displays configuration settings for the access point functionality of the router. The sections include configuration options for radio signal characteristics, wireless security features, Wireless Distribution System (WDS), Wi-Fi Protected Setup (WPS), Wi-Fi Multimedia (WMM), and MAC authentication. The R1 10 router features a single dual-band radio for 2.4 GHz or 5 GHz operation.

  • Page 46: Basic Wireless Settings

    This page includes the following information: Wireless Displays the basic radio settings and the status of other features. • Radio: Displays the status of the router’s radio. • Operating Frequency: (Applies to the R1 10 only) Shows if the radio is operating at 2.4 GHz or 5 GHz.
  • Page 47 This page includes the following settings: Enable Radio Enables the wireless section of your LAN. When disabled, no wireless clients can have access to either the Internet or other clients on your wired or wireless LAN. Radio Band (Applies to the R1 10 only.) Allows you to select the band of your wireless network. The R1 10 can operate in the 2.4 GHz band (for 802.1 1b/g/n) or the 5 GHz band (for 802.1 1a/n).

  • Page 48: Configuring Virtual Access Point Interfaces

    • 1 1n only: Up to 450 Mbps. Select a 5 GHz radio mode for the R1 10. • 1 1a only: Up to 54 Mbps. • 1 1n only: Up to 450 Mbps. • 1 1a/n Mixed: Up to 450 Mbps for 802.1 1n and 54 Mbps for 802.1 1a. Select a 5 GHz radio mode for the R120.

  • Page 49: Configuring Wireless Security

    The VAP table includes the following settings: Enable Enables a VAP interface. By default, only the primary VAP interface is enabled, but up to four VAP interfaces can be enabled and configured on the R1 10. The R120 supports four VAPs per radio, for a total of eight VAPs.

  • Page 50: Mac Authentication

    MAC Authentication You can control access to the wireless network based on the MAC address of a user’s wireless device. You can either block access or allow access, depending on your requirements. Select whether to disable MAC authentication, use a MAC authentication list stored locally on the router, or use a list stored on a RADIUS server.

  • Page 51: Wep Security

    • WPA/WPA2 Enterprise: The WPA2 Enterprise mode for mixed clients, that is, when there are some wireless clients in the network that support only WPA (TKIP encryption). This setting enables both WPA and WPA2 clients to associate and authenticate, but uses the more robust AES encryption (WPA2) for clients that support it.
  • Page 52 WPA and WPA2 uses IEEE 802.1X for user authentication and requires a RADIUS authentication server to be configured on the wired network. WPA2 is more secure than WPA (TKIP) or WEP, therefore HP recommends you select WPA2 for maximum security. WPA2 The enterprise mode of WPA2 that provides the maximum security.
  • Page 53 WPA2 security includes the following settings: Authentication Mode Select WPA2 to display all settings for WPA2 security. Encryption Type AES is the specified encryption for WPA2. All wireless clients must be capable of supporting AES encryption to be able to associate with the router. Group Key Interval Enter the interval at which the broadcast (group) key is refreshed for clients associated with this VAP interface (the default is 3600 seconds).
  • Page 54 Enter the key according to the type selected; in ASCII passphrase style (8 to 63 alphanumeric characters and keyboard symbols), or exactly 64 hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers.
  • Page 55 Encryption Type The TKIP/AES type is the only encryption available for mixed WPA/WPA2 security. In mixed mode, the unicast encryption (TKIP or AES) is negotiated for each client as they associate with the network. Group Key Interval Enter the interval at which the broadcast (group) key is refreshed for clients associated with this VAP interface (the default is 3600 seconds).

  • Page 56: Configuring Radius Settings

    64 Hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. The passphrase key cannot begin or end with spaces.

  • Page 57: Advanced Wireless Settings

    Accounting Enable Select this option to track and measure the resources a particular user has consumed, such as system time, amount of data transmitted and received, and so on. If you enable RADIUS accounting, it is enabled for the primary and secondary RADIUS servers. Interim Interval The interval between transmitting accounting updates to the RADIUS server.
  • Page 58 If the RTS threshold is set to 256, the router always sends RTS signals. If set to 2347, the router never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled. The stations contending for the wireless medium may not be aware of each other.

  • Page 59: Wds Settings

    R1 10/R120 (that is, it does not simultaneously provide a wireless network for wireless clients), HP recommends that, whenever possible, the WDS links use 802.1 1a, 802.1 1n, or 802.1 1ac in the 5 GHz band. This optimizes throughput and reduces the potential for interference, as follows: •...

  • Page 60: Wds Configuration

    VAP interface at the other end of the link configured in child (station) mode. • HP recommends setting the R1 10/R120 (the parent interface) that is connected to the main network and has Internet access to Router mode, and other R1 10/R120s (the child interfaces) connected through WDS links to Bridge mode.
  • Page 61 WDS links, see “Authentication Mode and Encryption Type” on 50. HP recommends using WPA2-PSK for wireless security on WDS links. Make sure page the same encryption Key Type and Passphrase are configured at each end of a WDS link.

  • Page 62: Example Of A Wds Deployment

    R1 10 #1 is installed on the main network. After configuration, R1 10 #2, R1 10 #3, and R1 10 #4 serve remote networks. • For configuration, HP recommends making a wired connection from a computer directly to each router, one at a time. •...
  • Page 63 Wireless > Basic. Select the radio band and select a channel that is unlikely to interfere with other devices in nearby networks. Note The HP R120 has separate wireless settings for the 2.4 GHz and 5 GHz bands. WDS settings...
  • Page 64 IP address 192.168.1.1. 2. Set the System Mode. For R1 10 #2, HP recommends setting the operation mode to Bridge. Select System > Mode. Select the Bridge option and click Save. Wait for the router to reboot in Bridge mode.
  • Page 65 3. Set a static IP address for the router. Select LAN > Settings. Set the IP address to 192.168.5.20. Click Save, and then restart the web browser session using the IP address 192.168.5.20. 4. Select a common operating channel. Select Wireless > Basic. Select the same radio band and channel as set for R1 10 #1. 5.
  • Page 66 Note The Parent MAC setting is not used in this example. Configure R1 10 #3 1. Connect your computer to one of the router’s LAN ports and access the web management interface using the default IP address 192.168.1.1. 2. Set the System Mode. Select System >...
  • Page 67 (8 to 63 alphanumeric characters), or exactly 64 hexadecimal characters. For an ASCII key, HP recommends that the key be at least 20 characters long, and be a mix of letters and numbers. Acceptable characters include upper and lowercase alphabetic letters, the numeric digits, and special symbols such as @ and #.

  • Page 68: Wps Settings

    After configuring encryption for the WDS links, use the ping tool again to test the links. Install the routers at their locations If required for your network, modify each router for static or dynamic IP address assignment. Make sure to save all router configurations before disconnecting the power. Install the routers at their intended locations.

  • Page 69: Wmm Settings

    • Unconfigured: Wireless security is set automatically by WPS. Lock This feature enables you to lock the WPS PIN setting, which prevents it from being changed by any external WPS registrar. Wireless clients can still be added to the network using the WPS push-button configuration.
  • Page 70 This page includes the following settings. Enable WMM Select the checkbox to enable the WMM QoS features on the router. Enable Power Saving The WMM power save feature enables wireless client devices to extend battery life by going into a sleep mode between sending and receiving data. WMM Parameters The WMM table includes these parameters: •...

  • Page 71: Mac Authentication Settings

    • TXOP: Transmit Opportunity. The maximum time an AC transmit queue has access to the wireless medium. When an AC queue is granted a transmit opportunity, it can transmit data for a time up to the TXOP. This data bursting greatly improves the efficiency for high data-rate traffic.

  • Page 72: Viewing The Client List

    SSID Select the VAP interface from the SSID list for which you want to configure MAC authentication. MAC Address Specify a wireless client MAC address to add to the filter table. Use Client List Select a wireless client MAC address to add to the filter table from those already associated with the VAP interface.

  • Page 73: Vpn Configuration

    7 VPN configuration The router includes a Virtual Private Network feature to provide a secure link between remote users and the corporate network by establishing an authenticated and encrypted tunnel for passing secure data over the Internet. The router supports IPSec, L2TP over IPSec client and server, and PPTP client and server for security protection.

  • Page 74: Vpn Settings

    VPN settings The VPN Settings page allows you to add and edit IPSec, L2TP over IPSec, and PPTP connections for the router. When creating VPN connections, remember that both ends of the connection must be configured in the same way. When you click Add on this page, the VPN connection page opens, enabling connection details to be configured.
  • Page 75 This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select IPSec as the tunnel type. • Tunnel Name: Enter a descriptive name for the tunnel. Do not use these characters: ` " & ' # \ • Remote VPN Gateway: Enter the IP address or host name of the remote VPN server, or select ANY if there is no specific server.
  • Page 76 If ID_FQDN or ID_USER_FQDN (fully-qualified domain name) is selected, enter the name for the Remote Party ID in the box next to the list. For example, an FQDN name could be mycompany.com, and a user FQDN could be a mail address, such as my_name@mycompany.com.

  • Page 77: L2Tp Over Ipsec Settings

    L2TP over IPSec settings The Layer 2 Tunneling Protocol is a common connection method used for VPN connections. You can specify the detailed L2TP tunnel settings on the VPN connections page by clicking Add. You can specify the Keep Alive time, which defines the time period without traffic after which the PPP session is terminated.

  • Page 78: Pptp Settings

    • Enable Auto Reconnect: For L2TP client connections, you can automatically reconnect when there is activity after a disconnection. • Remote Server: Enter the remote server IP address. IPSec Setting • Pre-shared Key: When set to client mode, enter the key for the client connection. Do not use these characters: ` "...

  • Page 79: Vpn Passthrough Settings

    This page includes the following settings: VPN Tunnel Parameters • Tunnel Type: Select PPTP as the tunnel type. • Tunnel Name: Enter a descriptive name for the tunnel. Do not use these characters: ` " & ' # \ • Username: Enter the user name for PPTP tunnel.
  • Page 80 VPN configuration...

  • Page 81: Routing Configuration

    8 Routing configuration Routing configuration allows both static and dynamic methods to set up routing between networks. You can configure static routes by entering routes directly into the routing table. Static routing has the advantage of being predictable and easy to configure. Alternatively, you can enable dynamic routing using RIP for IPv4 or RIPng for IPv6.

  • Page 82: Viewing The Ipv4 Routing Table

    This page includes the following information: Status • RIP: The current status of RIP on the router. • RIPng: The current status of RIPng on the router. IPv4 routing table Displays the IPv4 routes statically configured or dynamically learned by the router. For a detailed description, see “Viewing the IPv4 routing table”...

  • Page 83: Ipv4 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv4 Dynamic route settings The router supports the Routing Information Protocol (RIP).

  • Page 84: Ipv4 Static Route Settings

    • Enable: RIP is enabled for the interface. The router will transmit and receive RIP update information to and from other RIP-enabled devices. • Silent: RIP is enabled, however the router only receives RIP update messages, it will not transmit any of its own. Version Use this field to select RIPv1 or RIPv2.

  • Page 85: Viewing The Ipv6 Routing Table

    Destination Enter the IP address of the destination host or network to which the route leads. Subnet Mask Enter the IPv4 subnet mask for the destination host or network. For example, for Class C IP domains, the subnet mask is 255.255.255.0. Gateway Enter the IP address of the gateway through which the destination host or network can be reached.

  • Page 86: Ipv6 Dynamic Route Settings

    Interface The VLAN interface used to route data to the network specified by the destination network address. Metric A number used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. IPv6 Dynamic route settings The router supports RIP next generation (RIPng) over IPv6.
  • Page 87 Prefix Length Enter the IPv6 prefix length for the destination host or network. Gateway Enter the IP address of the gateway through which the destination host or network can be reached. If this router is used to connect your network to the Internet, your gateway IP is the router's IP address.
  • Page 88 Routing configuration...

  • Page 89: Firewall Configuration

    Turning off the firewall will not leave your network completely vulnerable to attacks, but HP recommends that you leave the firewall enabled whenever possible. In addition to the firewall, the router can block access to the Internet from clients on the local network based on IP addresses, MAC addresses, or network service.

  • Page 90: Security Settings

    Security settings The Security page allows you to configure global security parameters for the router. This page includes the following settings: Enable PING from WAN Computer hackers use what is known as Pinging to find potential victims on the Internet. By pinging a specific IP address and receiving a response from the IP address, a hacker can determine that something of interest might be there.
  • Page 91 DoS attack from multiple source machines that flood a target server with disruptive traffic until it fails. Turning off the DDoS Attack Filter does not leave your network completely vulnerable to hacker attacks. HP recommends that you enable the DoS detecting feature whenever possible.

  • Page 92: Client Filtering

    Client filtering The router can be configured to restrict access to the Internet, email, or other network services on specific days and times. Restriction can be set for a single computer, a range of computers, or multiple computers. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 93: Mac Filtering

    MAC filtering You can deny traffic from certain known machines or devices. Use its MAC address to identify a computer or device on the network and deny access. Traffic from a specified MAC address is filtered depending upon the policy. Enter the filter details in the fields provided, and then click Add to add the entry to the filter table.

  • Page 94: Url Filtering

    URL filtering The URL Filter feature blocks access to websites based on matching a specified URL address or specific keywords (HTTPS is not supported). For each filter rule, enter the URL address or a keyword, and then select a time schedule rule to apply, if needed. Also, specified computers on the local LAN can be excluded from the URL filtering by adding them to the Exclusion List.

  • Page 95: Content Filtering

    URL Filtering Deny List The list of URL text and keywords that match blocked websites for computers on the LAN. Exclusion List The list of computers on the local LAN that are excluded from the URL filtering. Content filtering Based on keywords contained on web pages, you can use this screen to restrict access to certain websites that you do not want users in your network to open.
  • Page 96 Note When the number of incomplete sessions from a same host reaches the maximum value (Maximum incomplete TCP/UDP sessions number from same host), a security alert symbol ( ) displays on the Security line of the System > Status page. If you open the Security section, an alert message next to SPI indicates the security violation.
  • Page 97 • TCP connection idle timeout: The length of time for which a TCP session is managed if there is no activity. • UDP session idle timeout: The length of time for which a UDP session is managed if there is no activity. •...
  • Page 98 Firewall configuration...

  • Page 99: Nat Configuration

    10 NAT configuration Network Address Translation (NAT) is a commonly used IP translation and mapping technology. NAT enables an entire home network to share a single Internet connection using a single IP address. Using NAT, a single device can connect all the computers in your home to the Internet simultaneously.

  • Page 100: Nat Settings

    Then click Add and Save. You can only pass one port per private IP address. Opening ports in your firewall can pose a security risk. HP recommends that you disable the settings when you are not using a specific application. A maximum of 20 rules can be defined.
  • Page 101 Use Client List Selects a computer name or IP address from the list of clients already discovered by the router. Popular Services Select one of the services to automatically configure the correct protocol and port numbers. The ports for well-known services are listed below: •...

  • Page 102: Dmz Settings

    DMZ settings If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. This may be necessary if the NAT feature is causing problems with an application, such as a game or video conferencing application.

  • Page 103: Alg Settings

    Caution Opening ports in your firewall can pose a security risk. You can enable and disable settings easily. HP recommends that you disable the settings when you are not using a specific application. ALG settings...
  • Page 104 Port Trigger lets you specify ports to be opened for specific applications to work properly with the Network Address Translation (NAT) feature of the router. A maximum of 10 rules can be defined. A list of popular applications has been included to choose from. Select your application from the Popular Applications list, and then click Add.

  • Page 105: Ipv6 Configuration

    1 1 IPv6 configuration If the attached network uses the IPv6 protocol, you can enable IPv6 support on the router. IPv6 functionality is disabled by default. IPv6 includes two distinct address types, link-local unicast and global unicast. A link-local address makes the router accessible over IPv6 for all devices attached to the local LAN. Traffic using this kind of address cannot be passed by any router outside of the LAN.

  • Page 106: Ipv6 Settings

    DHCP-PD The status of the DHCPv6 Prefix Delegation feature. IPv6 settings The router supports static, stateless address autoconfiguration (SLAAC), DHCPv6, and PPPoE modes for IPv6 settings for the WAN port. Select the method to use as instructed by your ISP, and then enter the required information and click Save.
  • Page 107 fields. Therefore, the same IPv6 address could be written instead as 2001:adca::123a:4567. • Subnet Prefix Length: The length of the IPv6 address prefix. For unicast addresses, the prefix is typically the first 64 bits, with the following 64 bits being the host identifier. •...

  • Page 108: Slaac

    SLAAC Stateless Address Auto Configuration (SLAAC) enables IPv6 hosts to automatically configure themselves when connected to an IPv6 network using the Neighbor Discovery Protocol through the Internet Control Message Protocol version 6 (ICMPv6) route discovery message. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters;...

  • Page 109: Dhcpv6

    • Auto Configuration: Select Stateless (RADVD) or Stateful (DHCPv6). • Disable: Disables the automatic assignment of IPv6 addresses to local hosts. • Stateless (RADVD): Enables the automatic assignment of IPv6 addresses by hosts on the local network. The network portion of the address is based on prefixes received in IPv6 router advertisement messages, and the host portion is automatically generated using the modified EUI-64 form of the client identifier (that is, the client MAC address).

  • Page 110: Pppoe

    VLAN (Default) Settings Sets the IPv6 settings for the local VLAN. • Enable DHCP-PD: Enables the Prefix Delegation feature that automatically uses an IPv6 prefix for the local LAN defined by the ISP. When disabled, the IPv6 address and prefix length need to be manually defined.

  • Page 111: Dhcpv6 Client List

    • Username: Enter the name assigned by the ISP. Do not use these characters: ` " & ' # \ • Password: Enter the password provided by the ISP. Do not use these characters: ` " & ' • Confirm Password: Enter the password again for confirmation. DNS Settings Configures IPv6 DNS settings: •...

  • Page 112: Mld Settings

    MLD settings Multicast Listener Discovery (MLD) proxy enables the router to issue MLD host messages on behalf of hosts that the router has discovered through standard MLD interfaces. IPv6 configuration...

  • Page 113: Qos Configuration

    12 QoS configuration The bandwidth gap between the LAN and WAN may significantly degrade performance of critical network applications, such as VoIP, gaming, and VPN. The router’s Quality of Service (QoS) feature allows users to classify application traffic and provide them with differentiated services (DiffServ).

  • Page 114: Traffic Shaping

    Traffic shaping The Traffic Shaping page enables the bandwidth of the WAN port output queues to be configured. For higher priority traffic, such as voice and video, the bandwidth allocation of queues 3 and 4 can be increased, and those for queues 1 and 2 decreased. This page includes the following settings: General Enables the traffic shaping settings on the router.

  • Page 115: Traffic Mapping

    Traffic mapping Up to 16 rules can be defined to classify traffic into DiffServ forwarding groups and outgoing connections. These rules can be mapped to the WAN port forwarding queues, for which the bandwidth can be configured on the Traffic Shaping page. This page includes the following settings: Rule Name A name to identify the traffic mapping rule.
  • Page 116 Map to Forwarding Queue Maps the traffic to one of the WAN port forwarding queues. Queue 1 is the lowest priority queue and queue 4 the highest priority. Remark 802.1p priority as Before the identified traffic is sent to the forwarding queue, the 802.1p priority tag can be set to the specified value.

  • Page 117: Usb Configuration

    13 USB configuration The router provides a USB 2.0-compliant port for network-connected users to share files through FTP or File Sharing. The files can be on an attached storage device that supports any number of partitions in VFAT, NTFS, EXT2, EXT3, or EXT4 format. User Account A File Sharing user can use Windows Network Neighborhood to access files on a USB drive.

  • Page 118: File Sharing Settings

    Authority Sets the file sharing access rights for an FTP user; either Read and Write or Read. An FTP user with Read access can only download shared files. An FTP user with Read and Write access can download and upload files to the USB storage, however they cannot delete or modify any existing shared folders or files (existing files can be overwritten).

  • Page 119: Ftp Settings

    with Read and Write access can download and upload files to the shared folder, however they cannot delete or modify any existing shared folders (existing files can be overwritten). Note that a shared folder allows only four File Sharing client connections at one time. FTP settings The router can be presented as an FTP server to provide a file transfer service (depending on a user’s access rights to the shared folders).

  • Page 120: Safe Removal

    Safe removal To ensure USB data correctness, the router supports a USB safe removal feature. Click Remove before unplugging a USB drive. USB configuration...

  • Page 121: Tools

    Updating software The Software page displays the current software versions installed on the router. You can upgrade the software installed on the router to a new version downloaded from the HP support website. The router supports a dual-image feature, which means that if the router fails to boot the active image, it automatically boots from the backup image.

  • Page 122: Saving Configuration Settings

    HP recommends that you backup your current configuration before performing a firmware update. Restore all settings to factory default Using this option restores all of the router's settings to factory default values. HP recommends that you backup your settings before you restore all of the defaults. Tools...
  • Page 123 Backup settings Select to backup the router’s settings. Select HTTP or TFTP as the transfer method (TFTP requires the server IPv4 address), and then click Save. Note The backup configuration files are written in a binary format and are not readable or end-user configurable.

  • Page 124: Ping

    Ping Ping is a network tool that sends ICMP ECHO_REQUEST datagrams to a remote host and elicits an ICMP ECHO_RESPONSE datagrams from the remote host. Enter the IPv4 or IPv6 address, or enter the domain name of the host, select the number of pings to send, and then click Start. This page includes the following settings: IP Address/Domain Name You can specify an IPv4 address, an IPv6 address, or a hostname.

  • Page 125: Nslookup

    Nslookup Nslookup is a DNS client that sends DNS requests to a DNS server to find the corresponding IP address of a target host name, or the host name of a target IP address. Traceroute Traceroute is a network tool that sends packets to a destination and produces a list of hosts that the packets have traversed to the destination.

  • Page 126: Email Alert

    Email alert The Email alert feature allows the router to automatically send email messages when an event at or above a configured severity level occurs. This page includes the following settings: From E-mail Address Sets the email address that is used in the "From" field of alert messages. You can use a symbolic email address that identifies the router, or the address of an administrator responsible for the router.

  • Page 127: Scheduling

    Caution Setting the Alert Level too low can result in a very high number of emails being sent to the recipient. HP recommends to only set the highest two or three levels. Scheduling The Scheduling feature enables scheduling of firewall and radio rules. Firewall and radio rules can be selectively activated to restrict access to the network or disable the radio.
  • Page 128 This page includes the following settings: Rules Name A name for the scheduling rule. Do not use the characters: ` “ & ‘ # \ Comment A comment of up to 31 characters that describes the scheduling rule. Do not use the characters: ` “...

  • Page 129: Support File

    This is a text file that includes the model, software version, wireless and other basic settings, as well as the ARP table, memory usage information, and the current system log. Viewing the EULA This page displays the HP End User License Agreement content. Support file...
  • Page 130 Tools...

  • Page 131: Support And Other Resources

    15 Support and other resources Online documentation You can download documentation from the HP Support Center website at www.hp.com/support/manuals. Search by product number or name. Contacting HP For worldwide technical support information, see the HP Networking Support website: www.hp.com/networking/support Before contacting HP, collect the following information: •...

  • Page 132: Conventions

    Conventions The following conventions are used in this guide. Management tool This guide uses specific syntax when directing you to interact with the web management user interface. Refer to the following image for identification of key user-interface elements and then the table below for example directions: Main Sub-menu...

  • Page 133: A Resetting To Factory Defaults

    A Resetting to factory defaults Factory reset procedures To force the router into its factory default state, follow the procedures in this section. Caution Resetting the router to factory defaults deletes all configuration settings, resets the manager user name and password to admin, and sets the IPv4 address of the LAN port to 192.168.1.1. Using the reset button Using a paper clip, press and hold the reset button for more than three seconds, then release.

  • Page 135: B Factory Default Settings

    B Factory default settings Feature Parameter Default Mode System Mode Router Admin General Settings System Name HP-R1 10 / HP-R120 System Location Null System Contact Null Administrator Login Username admin Password admin Country Code Country Code AM Models: US WW Models: Null...
  • Page 136 Remote Port Remote Log Level DEBUG Proxy ARP Enable Proxy ARP Disabled WAN settings Connection Type DHCP Host Name HP-R1 10 / HP-R120 Static IP Address 0.0.0.0 Static Subnet Mask 0.0.0.0 Static Gateway 0.0.0.0 Primary DNS Address 0.0.0.0 Secondary DNS Address 0.0.0.0...
  • Page 137 Feature Parameter Default DDNS Enable DDNS Disabled DDNS Server DynDNS.org Domain Name Null Username Null Password Null MAC Clone MAC Address Use router MAC LAN Settings IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Enable DHCP Server Enabled IP Pool Starting Address 192.168.1.2 IP Pool Ending Address 192.168.1.254...
  • Page 138 Feature Parameter Default R1 10 Wireless, Basic Enabled Radio Enabled Radio Band 2.4GHz Radio Mode 1 1b/g/n Mixed Channel Auto Bandwidth 20 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled, HP1 VAP 2 SSID Disabled, HP2 VAP 3 SSID Disabled, HP3 VAP 4 SSID Disabled, HP4...
  • Page 139 Feature Parameter Default R120 Wireless 5GHz, Enabled Radio Enabled Basic Radio Mode 1 1ac/n/a Channel Auto Bandwidth 20/40/80 MHz Enable Schedule Rules Disabled VAP 1 SSID Enabled, HP1_5G VAP 2 SSID Disabled, HP2_5G VAP 3 SSID Disabled, HP3_5G VAP 4 SSID Disabled, HP4_5G Station Isolation Disabled...
  • Page 140 Feature Parameter Default MAC Authentication Filter Block all stations in list SSID MAC Address None configured Enable IPSec Disabled Enable L2TP over IPSec Disabled Enable PPTP Disabled PPTP Passthrough Enabled L2TP Passthrough Enabled L2TP/IPSec Passthrough Enabled Dynamic Route Disabled RIP Auto Summary Disabled Static Route Disabled...
  • Page 141 Feature Parameter Default IPv6 IPv6 Connection Disabled MLD Proxy Disabled DHCP-PD Enabled Enabled Traffic Mapping Disabled User Account Disabled File Sharing Disabled Disabled Tools Email Alert Disabled Scheduling Rules None configured...

Table of Contents