Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER604W manual Firewall, Anti ARP Spoofing, IP-MAC Binding,  General

Models: TL-ER604W

1 159

Download 159 pages 47.9 Kb

Page 82

3.5 Firewall

3.5 Firewall

3.5.1 Anti ARP Spoofing

ARP (Address Resolution Protocol) is used for analyzing and mapping IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.

ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP Table in which the latest used IP address-to-MAC address mapping entries are stored. ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network.

The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping entries, and then the device will automatically update the ARP table after receiving wrong ARP packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is generated to prevent the network from this kind of attack.

3.5.1.1IP-MAC Binding

IP-MAC Binding functions to bind the IP address, MAC address of the host together and only allows the Hosts matching the bound entries to access the network.

Choose the menu Firewall→Anti ARP Spoofing→IP-MAC Binding to load the following page.

Figure 3-50 IP-MAC Binding

The following items are displayed on this screen:

General

-77-

Image 82

TP-Link TL-ER604W manual Firewall, Anti ARP Spoofing, IP-MAC Binding,  General

Contents

TL-ER604W Wireless N Gigabit Broadband VPN RouterFCC STATEMENT COPYRIGHT & TRADEMARKSCE Mark Warning CONTENTS Chapter 1 About this GuideAdvanced Glossary Hardware SpecificationsChapter 4 Application Appendix A Quick Installation Guide  Resource CD Package Contents One TL-ER604W Router  One Power Adapter  One RJ45 Ethernet Cable The following items should be found in your package1.1 Intended Readers SymbolChapter 1 About this Guide 1.2 Conventions Powerful Firewall  Powerful Data Processing Capability Wireless Feature Chapter 2 Introduction Dual-WAN Ports 2.2 Features Flexible Traffic Control  Easy-to-useTraffic Control WirelessSecurity  LEDs 2.3 Appearance2.3.1 Front Panel Status Power  Reset button Wifi button 2.3.2 Rear Panel3.1 Network Chapter 3 Configuration3.1.2 System Mode 3.1.1 StatusFigure 3-4 Network Topology - Classic Mode Figure 3-2 Network Topology - NAT ModeFigure 3-3 Network Topology - Non-NAT Mode Choose the menu Network→System Mode to load the following page Non-NAT Mode 3.1.3.1 WAN Mode NAT Mode  Classic ModeTips  WAN Mode3.1.3.2 WAN1 1 Static IP Static IP Connection Type 2 Dynamic IP Dynamic IP Host NameUse the following DNS Get IP Address byUnicast ServerPrimary DNS Displays the IP address of your ISP’s Primary DNS 3 PPPoEGateway Address Displays the Gateway Address assigned by your ISP Secondary DNS Displays the IP address of your ISP’s Secondary DNSActive Mode  PPPoE SettingsPassword SettingsSecondary Connection Service NameISP Address Subnet AddressIP Address Gateway Address4 L2TP Primary DNS L2TP Settings Connection Default GatewaySecondary the obtained DNS is displayedStatus  L2TP Status5 PPTP IP AddressPassword  PPTP SettingsServer IP Connection TypeSecondary Connection Default Gateway Primary DNS Secondary DNS Upstream BandwidthActive Mode Connection TypeStatus  PPTP Status6 BigPond IP Address BigPond Settings Status  BigPond StatusDefault Gateway IP Address3.1.4.2 DHCP 3.1.4 LAN3.1.4.1 LAN  LAN DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client DHCP Reservation Set the MAC Address for LAN port 3.1.5 MAC Address List of Reserved Address Set the MAC Address for WAN port MAC Address 3.1.6 Switch3.1.6.1 Statistics Port Statistics 3.1.6.2 Port MirrorTips Mode Enable Port MirrorGeneral Port MirrorApplication Example 3.1.6.3 Rate Control Rate Control  Port Config 3.1.6.4 Port ConfigPort 3.1.6.6 Port VLAN 3.1.6.5 Port Status Port VLAN 3.2.1.1 Wireless Setting 3.2 Wireless3.2.1 Wireless Setting  Wireless Setting Wireless Parameter ModeSSID Broadcast SSIDDescription AP IsolationPeriod or above. Enter 0 to disable the updateGroup 2 WPA/WPA2Group 3 WEPor above. Enter 0 to disable the update PeriodHexadecimal and ASCII formats are 3.2.1.2 Multi-SSIDKey Format TipsSpecify a name for the wireless network  Multi-SSID Config General SSIDAP Isolation Enable/DisableGuest Network SSIDPassword EncryptionGroup Key Periodor above. Enter 0 to disable the update Auth TypeHexadecimal and ASCII formats are provided . Hexadecimal format GroupTips 3.2.1.3 WDS List of Group TipsBSSIDto be bridged Scan Parameter Key TypeKey ： 3.2.1.4 Wireless Advanced Wireless Advanced Short GIRTS Threshold 3.2.2 MAC FilteringBeacon Interval Fragmentation Rule List 3.2.3 Host Status Filtering Rules  General Host Status 3.3 User Group3.3.1 Group  General3.3.2 User  Group Config User Config  List of Group List of User  View Config3.3.3 View View3.4.1 NAT 3.4.1.1 NAT Setup3.4 Advanced  NAPT3.4.1.2 One-to-One NAT  One-to-One NAT Multi-Nets NAT 3.4.1.3 Multi-Nets NAT List of Rules  list of RulesConfiguration procedure Application Example Network Requirements3.4.1.4 Virtual Server Protocol  Virtual ServerInterface Status Port Triggering 3.4.1.5 Port Triggering List of Rules Status 3.4.1.6 ALG List of Rules  ALG 3.4.2.1 Setup3.4.2 Traffic Control FTP ALGControl all the time Default LimitControl Limited Bandwidth Control Rule Guaranteed Bandwidth3.4.2.2 Bandwidth Control DirectionLimited Bandwidth 3.4.3 Session Limit3.4.3.1 Session Limit Effective Timeentries will be disabled Enable SessionCheck here to enable Session Limit, otherwise all the Session Limit 3.4.3.2 Session List3.4.4 Load Balance 3.4.4.1 Configuration3.4.4.2 Policy Routing  General Select the WAN port for transmitting packets List of Rules 3.4.4.3 Link Backup General Timing WAN Config3.4.4.4 Protocol Failover Protocol 3.4.5 Routing3.4.5.1 Static Route  List of Protocol Static Route  List of Rules3.4.5.2 RIP Application ExampleChoose the menu Advanced→Routing→RIP to load the following page  List of RIP General The Destination of route entry 3.4.5.3 Route TableDestination Gateway3.5.1.1 IP-MAC Binding 3.5 Firewall3.5.1 Anti ARP Spoofing  GeneralIP Address 3.5.1.2 ARP Scanning IP-MAC Binding Status3.5.1.3 ARP List 3.5.2 Attack Defense Packet Anomaly Enable AttackFlood Defense Defense3.5.4.1 URL Filtering 3.5.4 Access Control3.5.3 MAC Filtering  MAC Filtering General  URL Filtering RuleObject Mode3.5.4.2 Web Filtering 3.5.4.3 Access RulesConfiguration Procedure Application Example Network RequirementsPolicy  Access RulesService SourcePriority 3.5.4.4 Servicegroup on 3.3.1 Group DestinationName  Service List of Service Dest. Port Control Rules 3.5.5 App Control3.5.5.1 Control Rules Application3.5.5.2 Database 3.6 VPN List of Rules 3.6.1 IKE 3.6.1.1 IKE Policy IKE Policy Remote ID Type 3.6.1.2 IKE ProposalLocal ID Remote ID IKE Proposal 3.6.2.1 IPsec Policy 3.6.2 IPsec List of IKE Proposal Local Subnet  IPsec PolicyPolicy Name  GeneralRemote Subnet Policy Mode IKE Mode Remote GatewayESP Authentication Key-In  Manual ModeAH Authentication Key-In AH Authentication Key-Out IPsec Proposal 3.6.2.2 IPsec Proposal List of IPsec Policy IPsec Tips List of IPsec Proposal 3.6.2.3 IPsec SA Authentication3.6.3 L2TP/PPTP Protocol General 3.6.3.1 L2TP/PPTP Tunnel L2TP/PPTP Tunnel ProtocolL2TP/PPTP Server TunnelMax Connections Pre-shard Key3.6.3.3 List of L2TP/PPTP Tunnel  List of Configurations3.6.3.2 IP Address Pool  IP Address Pool3.7.1 PPPoE Server 3.7 Services3.7.1.1 General Figure 3-70 General The following items are displayed on this screen  General3.7.1.2 IP Address Pool  IP Address PoolIP Address Assigned 3.7.1.3 Account Account Static IP Address List of Account is 48. If Enable Advanced Account Features is not selected, the3.7.1.4 Exceptional IP Status Exceptional IP 3.7.2 E-Bulletin3.7.1.5 List of Account StatusTitle Interval E-Bulletin  General List of E-Bulletin 3.7.3 Dynamic DNSPublisher Object3.7.3.1 DynDNS  Dyndns DDNS List of DynDNS Account 3.7.3.2 No-IP No-IP DDNS  List of No-IP Account 3.7.3.3 PeanutHull PeanutHull DDNS 3.7.3.4 Comexe  List of PeanutHull Account Comexe DDNS 3.7.4 UPnP List of Comexe Account 3.8.1.1 Administrator 3.8 Maintenance3.8.1 Admin Setup  List of UPnP Mapping3.8.1.2 Login Parameter  Administrator Remote Management 3.8.1.3 Remote Management General  List of Subnet 3.8.2.1 Factory Defaults3.8.2 Management Configuration Procedure3.8.2.2 Export and Import 3.8.2.3 Reboot Configuration Version  Export3.8.2.4 Firmware Upgrade 3.8.3 License Interface Traffic Statistics 3.8.4 Statistics3.8.4.1 Interface Traffic Statistics Displays the interfaceDisplays the number of packets received on the interface 3.8.4.2 IP Traffic StatisticsPackets Rx Packets Tx Traffic Statistics 3.8.5 Diagnostics3.8.5.1 Diagnostics  IP Traffic Statistics Tracert 3.8.5.2 Online Detection Ping  GeneralDNS Lookup 3.8.6 TimePing  List of WAN statusCurrent Time Config3.8.7 Logs System TimeSeverity  Config List of Logs Send System LogsChapter 4 Application 4.1 Network Requirements4.3.1.1 System Mode 4.2 Network Topology 4.3 Configurations4.3.1 Internet Setting Tips4.3.1.3 Link Backup 4.3.1.2 Internet ConnectionSettings 4.3.2 VPN Setting1 IKE Setting 4.3.2.1 IPsec VPNSettings  IKE PolicyClick the Add button to apply Figure 4-4 IKE Proposal Settings 2 IPsec Setting IPsec Proposal TipsSettings  IPsec PolicyproposalIPsec1 you just created  IP Address Pool 4.3.2.2 PPTP VPN SettingTips Settings  L2TP/PPTP TunnelL2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  Group 4.3.3 Network Management4.3.3.1 User Group  User View 4.3.3.2 App ControlSettings 4.3.3.3 Bandwidth Control 1 Enable Bandwidth Control2 Interface Bandwidth Settings 4.3.3.4 Session Limit3 Bandwidth Control Rule Settings4.3.4.1 LAN ARP Defense 4.3.4 Network Security1 Scan and import the entries to ARP List 3 Set Attack Defense 4.3.4.2 WAN ARP Defense2 Set IP-MAC Binding Entry Manually Settings4.3.4.3 Attack Defense 1 Port Mirror 4.3.4.4 Traffic Monitoring2 Statistics Figure 4-23 IP Traffic Statistics Wireless Appendix A Hardware SpecificationsEnvironmental and Physical GeneralAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled AH （Authentication Header ） Appendix C GlossaryGlossary data authentication, and anti-replay services. ESP encapsulatesGlossary for services such as IPSec that require keys. Before any IPSecDescription Glossary DescriptionDescription Glossaryenterprise