Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER604W Network Security, LAN ARP Defense, Scan and import the entries to ARP List

Models: TL-ER604W

1 159

Download 159 pages 47.9 Kb

Page 148

4.3.4 Network Security

Figure 4-15 Session Limit

4.3.4 Network Security

You can enable the IP-MAC Binding function to defend the ARP attack from local or public network and enable Sending GARP packets function to defend ARP attack. Moreover, you can enable DoS Defense function to implement flood defense and Packet Anomaly Defense. Moreover, you can enable Port Mirror function and Statistics function to monitor the real-time traffic of the local network.

4.3.4.1LAN ARP Defense

You can configure IP-MAC Binding manually or by ARP Scanning. For the first time configuration, please bind most of the ARP information by ARP Scanning. For some special items not bound, you can bind them manually.

1)Scan and import the entries to ARP List

Specify ARP Scanning range.

Choose the menu Firewall→Anti ARP Spoofing→ARP Scanning to load the configuration page. No ARP attack in the local network is the premise of ARP Scanning.

Figure 4-16 ARP Scanning

Turn on all the hosts that need to be bound. Then click the <Scan> button, the scanning result will display as below.

Figure 4-17 Scanning Result

-143-

Image 148

TP-Link TL-ER604W manual Network Security, LAN ARP Defense, Scan and import the entries to ARP List

Contents

TL-ER604W Wireless N Gigabit Broadband VPN RouterFCC STATEMENT COPYRIGHT & TRADEMARKSCE Mark Warning CONTENTS Chapter 1 About this GuideAdvanced Hardware Specifications Chapter 4 ApplicationGlossary Appendix APackage Contents  One TL-ER604W Router  One Power Adapter  One RJ45 Ethernet Cable Quick Installation Guide  Resource CD The following items should be found in your packageSymbol Chapter 1 About this Guide1.1 Intended Readers 1.2 Conventions Powerful Data Processing Capability  Wireless Feature Powerful Firewall Chapter 2 Introduction2.2 Features  Flexible Traffic Control Dual-WAN Ports  Easy-to-useTraffic Control WirelessSecurity 2.3 Appearance 2.3.1 Front Panel LEDs Status Reset button  Wifi button Power 2.3.2 Rear PanelChapter 3 Configuration 3.1.2 System Mode3.1 Network 3.1.1 StatusFigure 3-2 Network Topology - NAT Mode Figure 3-3 Network Topology - Non-NAT ModeFigure 3-4 Network Topology - Classic Mode Choose the menu Network→System Mode to load the following page3.1.3.1 WAN Mode  NAT Mode Non-NAT Mode  Classic Mode WAN Mode 3.1.3.2 WAN1Tips 1 Static IP Static IP 2 Dynamic IP  Dynamic IPConnection Type Host NameGet IP Address by UnicastUse the following DNS Server3 PPPoE Gateway Address Displays the Gateway Address assigned by your ISPPrimary DNS Displays the IP address of your ISP’s Primary DNS Secondary DNS Displays the IP address of your ISP’s Secondary DNS PPPoE Settings PasswordActive Mode SettingsService Name ISP AddressSecondary Connection Subnet AddressGateway Address 4 L2TPIP Address Primary DNS L2TP Settings Default Gateway SecondaryConnection the obtained DNS is displayed L2TP Status 5 PPTPStatus IP Address PPTP Settings Server IPPassword Connection TypeDefault Gateway Primary DNS Secondary DNS Upstream Bandwidth Active ModeSecondary Connection Connection Type PPTP Status 6 BigPondStatus IP Address BigPond Settings  BigPond Status Default GatewayStatus IP Address3.1.4 LAN 3.1.4.1 LAN3.1.4.2 DHCP  LAN DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client DHCP Reservation 3.1.5 MAC Address  List of Reserved AddressSet the MAC Address for LAN port Set the MAC Address for WAN port3.1.6 Switch 3.1.6.1 Statistics MAC Address Port Statistics 3.1.6.2 Port MirrorTips Enable Port Mirror GeneralMode Port MirrorApplication Example 3.1.6.3 Rate Control Rate Control  Port Config 3.1.6.4 Port ConfigPort 3.1.6.6 Port VLAN 3.1.6.5 Port Status Port VLAN 3.2 Wireless 3.2.1 Wireless Setting3.2.1.1 Wireless Setting  Wireless Setting Wireless Parameter ModeSSID DescriptionSSID Broadcast AP Isolationor above. Enter 0 to disable the update GroupPeriod 2 WPA/WPA23 WEP or above. Enter 0 to disable the updateGroup Period3.2.1.2 Multi-SSID Key FormatHexadecimal and ASCII formats are Tips Multi-SSID Config  GeneralSpecify a name for the wireless network SSIDEnable/Disable Guest NetworkAP Isolation SSIDEncryption Group KeyPassword PeriodAuth Type Hexadecimal and ASCII formats are provided . Hexadecimal formator above. Enter 0 to disable the update Group3.2.1.3 WDS  List of GroupTips TipsScan  ParameterBSSIDto be bridged Key Type3.2.1.4 Wireless Advanced  Wireless AdvancedKey ： Short GI3.2.2 MAC Filtering Beacon IntervalRTS Threshold Fragmentation3.2.3 Host Status  Filtering Rules Rule List  General3.3 User Group 3.3.1 Group Host Status  General Group Config  User Config3.3.2 User  List of Group View Config 3.3.3 View List of User View3.4.1.1 NAT Setup 3.4 Advanced3.4.1 NAT  NAPT3.4.1.2 One-to-One NAT  One-to-One NAT3.4.1.3 Multi-Nets NAT  List of Rules Multi-Nets NAT  list of RulesConfiguration procedure Application Example Network Requirements3.4.1.4 Virtual Server  Virtual Server InterfaceProtocol Status Port Triggering 3.4.1.5 Port Triggering List of Rules Status 3.4.1.6 ALG List of Rules 3.4.2.1 Setup 3.4.2 Traffic Control ALG FTP ALGDefault Limit ControlControl all the time LimitedGuaranteed Bandwidth 3.4.2.2 Bandwidth Control Bandwidth Control Rule Direction3.4.3 Session Limit 3.4.3.1 Session LimitLimited Bandwidth Effective TimeEnable Session Check here to enable Session Limit, otherwise all the Session Limitentries will be disabled 3.4.3.2 Session List3.4.4 Load Balance 3.4.4.1 Configuration3.4.4.2 Policy Routing  General Select the WAN port for transmitting packets List of Rules 3.4.4.3 Link Backup General WAN Config 3.4.4.4 ProtocolTiming Failover3.4.5 Routing 3.4.5.1 Static Route Protocol  List of Protocol Static Route  List of Rules3.4.5.2 RIP Application ExampleChoose the menu Advanced→Routing→RIP to load the following page  List of RIP General 3.4.5.3 Route Table DestinationThe Destination of route entry Gateway3.5 Firewall 3.5.1 Anti ARP Spoofing3.5.1.1 IP-MAC Binding  General3.5.1.2 ARP Scanning  IP-MAC BindingIP Address Status3.5.1.3 ARP List 3.5.2 Attack Defense Enable Attack Flood DefensePacket Anomaly Defense3.5.4 Access Control 3.5.3 MAC Filtering3.5.4.1 URL Filtering  MAC Filtering URL Filtering Rule Object General Mode3.5.4.3 Access Rules Configuration Procedure3.5.4.2 Web Filtering Application Example Network Requirements Access Rules ServicePolicy Source3.5.4.4 Service group on 3.3.1 GroupPriority Destination Service  List of ServiceName Dest. Port3.5.5 App Control 3.5.5.1 Control Rules Control Rules Application3.5.5.2 Database 3.6 VPN List of Rules 3.6.1 IKE 3.6.1.1 IKE Policy IKE Policy 3.6.1.2 IKE Proposal Local IDRemote ID Type Remote ID IKE Proposal 3.6.2.1 IPsec Policy 3.6.2 IPsec List of IKE Proposal  IPsec Policy Policy NameLocal Subnet  GeneralPolicy Mode  IKE ModeRemote Subnet Remote Gateway Manual Mode AH Authentication Key-InESP Authentication Key-In AH Authentication Key-Out3.6.2.2 IPsec Proposal  List of IPsec Policy IPsec IPsec Proposal Tips List of IPsec Proposal Authentication 3.6.3 L2TP/PPTP3.6.2.3 IPsec SA Protocol3.6.3.1 L2TP/PPTP Tunnel  L2TP/PPTP Tunnel General ProtocolTunnel Max ConnectionsL2TP/PPTP Server Pre-shard Key List of Configurations 3.6.3.2 IP Address Pool3.6.3.3 List of L2TP/PPTP Tunnel  IP Address Pool3.7.1 PPPoE Server 3.7 Services3.7.1.1 General Figure 3-70 General The following items are displayed on this screen  General3.7.1.2 IP Address Pool  IP Address Pool3.7.1.3 Account  AccountIP Address Assigned Static IP Addressis 48. If Enable Advanced Account Features is not selected, the 3.7.1.4 Exceptional IP List of Account Status3.7.2 E-Bulletin 3.7.1.5 List of Account Exceptional IP StatusInterval  E-BulletinTitle  General3.7.3 Dynamic DNS Publisher List of E-Bulletin Object3.7.3.1 DynDNS  Dyndns DDNS List of DynDNS Account 3.7.3.2 No-IP No-IP DDNS  List of No-IP Account 3.7.3.3 PeanutHull PeanutHull DDNS 3.7.3.4 Comexe  List of PeanutHull Account Comexe DDNS 3.7.4 UPnP List of Comexe Account 3.8 Maintenance 3.8.1 Admin Setup3.8.1.1 Administrator  List of UPnP Mapping3.8.1.2 Login Parameter  Administrator Remote Management 3.8.1.3 Remote Management General 3.8.2.1 Factory Defaults 3.8.2 Management List of Subnet Configuration Procedure3.8.2.3 Reboot  Configuration Version3.8.2.2 Export and Import  Export3.8.2.4 Firmware Upgrade 3.8.3 License3.8.4 Statistics 3.8.4.1 Interface Traffic Statistics Interface Traffic Statistics Displays the interface3.8.4.2 IP Traffic Statistics Packets RxDisplays the number of packets received on the interface Packets Tx3.8.5 Diagnostics 3.8.5.1 Diagnostics Traffic Statistics  IP Traffic Statistics3.8.5.2 Online Detection  Ping Tracert  General3.8.6 Time PingDNS Lookup  List of WAN statusConfig 3.8.7 LogsCurrent Time System Time Config  List of LogsSeverity Send System LogsChapter 4 Application 4.1 Network Requirements4.2 Network Topology 4.3 Configurations 4.3.1 Internet Setting4.3.1.1 System Mode Tips4.3.1.3 Link Backup 4.3.1.2 Internet Connection4.3.2 VPN Setting 1 IKE SettingSettings 4.3.2.1 IPsec VPNSettings  IKE PolicyClick the Add button to apply Figure 4-4 IKE Proposal 2 IPsec Setting  IPsec ProposalSettings TipsSettings  IPsec PolicyproposalIPsec1 you just created  IP Address Pool 4.3.2.2 PPTP VPN SettingTips Settings  L2TP/PPTP TunnelL2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg 4.3.3 Network Management 4.3.3.1 User Group Group  User View 4.3.3.2 App ControlSettings 4.3.3.3 Bandwidth Control 1 Enable Bandwidth Control2 Interface Bandwidth 4.3.3.4 Session Limit 3 Bandwidth Control RuleSettings Settings4.3.4.1 LAN ARP Defense 4.3.4 Network Security1 Scan and import the entries to ARP List 4.3.4.2 WAN ARP Defense 2 Set IP-MAC Binding Entry Manually3 Set Attack Defense Settings4.3.4.3 Attack Defense 1 Port Mirror 4.3.4.4 Traffic Monitoring2 Statistics Figure 4-23 IP Traffic Statistics Appendix A Hardware Specifications Environmental and PhysicalWireless GeneralAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Appendix C Glossary GlossaryAH （Authentication Header ） data authentication, and anti-replay services. ESP encapsulatesGlossary for services such as IPSec that require keys. Before any IPSecDescription Glossary DescriptionDescription Glossaryenterprise