Ruijie RG-EG105G V2 Reyee Cloud Managed Router User Guide
- June 1, 2024
- RuiJie
Table of Contents
RG-EG105G V2 Reyee Cloud Managed Router
Product Information
Specifications
- Product: Ruijie Reyee RG-EG Series Routers
- Operating System: ReyeeOS 2.248
- Web-based Configuration Guide
- Manufacturer: Ruijie Networks
Product Usage Instructions
Configuration Environment Requirements
Before starting the configuration process, ensure the following
environment requirements are met:
-
PC with supported browsers: Google Chrome, Internet Explorer
9.0, 10.0, and 11.0, or some Chromium/Internet Explorer
kernel-based browsers like 360 Extreme Explorer. -
Resolution: Recommended resolution is 1024 x 768 or higher to
ensure proper alignment of page fonts and formats.
Network-Wide Monitoring
- Login
- Configuration Environment Requirements
- PC
* Supported Browsers: Google Chrome, Internet Explorer 9.0, 10.0, and 11.0, and some Chromium/Internet Explorer kernel-based
browsers.
* Resolution: Recommended 1024 x 768 or higher for proper display.
FAQ
Q: What browsers are supported for configuration?
A: Supported browsers include Google Chrome, Internet Explorer
9.0, 10.0, and 11.0, as well as some Chromium/Internet Explorer
kernel-based browsers like 360 Extreme Explorer.
Q: What is the recommended resolution for configuration?
A: It is recommended to use a resolution of 1024 x 768 or higher
to ensure proper alignment of page fonts and formats during
configuration.
Ruijie Reyee RG-EG Series Routers ReyeeOS 2.248
Web-based Configuration Guide
Document Version: V1.0 Date: October 20, 2023 Copyright © 2023 Ruijie Networks
Copyright Copyright © 2023 Ruijie Networks All rights are reserved in this document and this statement. Any reproduction, excerption, backup, modification, transmission, translation, or commercial use of this document or any portion of this document, in any form or by any means, without the prior written consent of Ruijie Networks is prohibited.
,
and other Ruijie networks logos are trademarks of Ruijie Networks.
All other trademarks or registered trademarks mentioned in this document are owned by their respective owners.
Disclaimer The products, services, or features you purchase are subject to
commercial contracts and terms. Some or all of the products, services or
features described in this document may not be within the scope of your
purchase or use. Unless otherwise agreed in the contract, Ruijie Networks does
not make any express or implied statement or guarantee for the content of this
document.
Due to product version upgrades or other reasons, the content of this document
will be updated from time to time. Ruijie Networks reserves the right to
modify the content of the document without any notice or prompt.
This manual is for reference only. Ruijie Networks endeavors to ensure content
accuracy and will not shoulder any responsibility for losses and damages
caused due to content omissions, inaccuracies or errors.
Preface
Intended Audience This document is intended for: Network engineers Technical
support and servicing engineers Network administrators
Technical Support Official website of Ruijie Reyee:
https://www.ruijienetworks.com/products/reyee Technical Support Website:
https://ruijienetworks.com/support Case Portal:
https://caseportal.ruijienetworks.com Community:
https://community.ruijienetworks.com Technical Support Email:
service_rj@ruijienetworks.com
Conventions
1. GUI Symbols Interface symbol Description
Boldface
1. Button names
2. Window names, tab name, field name and menu items
3. Link
Multi-level menus items
Example
1. Click OK. 2. Select Config Wizard. 3. Click the Download File link.
Select System > Time.
2. Signs The signs used in this document are described as follows:
Warning An alert that calls attention to important rules and information that
if not understood or followed can result in data loss or equipment damage.
Caution An alert that calls attention to essential information that if not understood or followed can result in function failure or performance degradation.
Note An alert that contains additional or supplementary information that if
not understood or followed will not lead to serious consequences.
I
Specification An alert that contains a description of product or version
support. 3. Note This manual introduces the product model, port type and CLI
for your reference. In case of any discrepancy or inconsistency between the
manual and the actual version, the actual version prevails.
II
Web-based Configuration Guide
Network-Wide Monitoring
1 Login
1.1 Configuration Environment Requirements
1.1.1 PC
Browser: Google Chrome, Internet Explorer 9.0, 10.0, and 11.0, and some
Chromium/Internet Explorer kernelbased browsers (such as 360 Extreme Explorer)
are supported. Exceptions such as garble or format error may occur if an
unsupported browser is used.
Resolution: 1024 x 768 or a higher resolution is recommended. If other
resolutions are used, the page fonts and formats may not be aligned, the GUI
is less artistic, or other exceptions may occur.
1.2 Default Configuration
Table 1-1 Default Web Configuration Item IP address
Username/Password
Default
192.168.110.1
A username is not required when you log in for the first time. The default
password is “admin”.
1.3 Login to Eweb
1.3.1 Connecting to the Router
You can open the management page and complete Internet access configuration
only after connecting a client to the router in either of the following ways:
Wired Connection Connect a local area network (LAN) port of the router to the
network port of the PC, and set the IP address of the PC. See Section 1.3.2
Configuring the IP Address of the Management Client for details. Wireless
Connection Connect the LAN port to the uplink port on the AP and power on the
AP. On a mobile phone or laptop, search for wireless network @Ruijie-mXXXX
(XXXX is the last four digits of the MAC address of each device). In this
mode, you do not need to set the IP address of the management client, and you
can skip the operation in Section 1.3.2 Configuring the IP Address of the
Management Client.
1.3.2 Configuring the IP Address of the Management Client
Configure an IP address for the management client in the same network segment
as the default IP address of the device (The default device IP address is
192.168.110.1, and the subnet mask is 255.255.255.0.) so that the
3
Web-based Configuration Guide
Network-Wide Monitoring
management client can access the device. For example, set the IP address of
the management client to 192.168.110.200.
1.3.3 Login
Enter the IP address (192.168.110.1 by default) of the router in the address bar of the browser to open the login page.
Note If the static IP address of the device is changed, or the device obtains
a new dynamic IP address, the new IP address can be used to access the web
management system of the device as long as the management client and the
device are in the same network segment of a LAN.
(1) On the web page, enter the password and click Log In to enter the web
management system.
You can use the default password admin to log in to the device for the first
time. For security purposes, you are advised to change the default password as
soon as possible after logging in, and to regularly update your password
thereafter. If you forget the IP address or password, hold down the Reset
button on the device panel for more than 5 seconds when the device is
connected to the power supply to restore factory settings. After restoration,
you can use the default IP address and password to log in.
Caution Restoring factory settings will delete the existing configuration and
you are required to configure the device again at your next login. Therefore,
exercise caution when performing this operation.
4
Web-based Configuration Guide
1.3.4 Frequently-Used Controls on the Web Page
Table 1-2 Frequently-Used Controls on the Web Page
Network-Wide Monitoring
Control
Description Local Device: Allows you to configure all functions of the local
device. Network: Allows you to configure common functions of all wired and
wireless Reyee products in batches on an ad hoc network. The navigation bar is
arranged horizontally on the top when the device acts as the slave device, and
vertically on the left when the device acts as the master device.
Click it to change the language.
Click it to log in to the Ruijie Cloud for remote O&M through the URL or by
scanning the QR code.
Click it to access the network setup wizard.
Click it to log out of the web management system.
Click Add or Batch Add to add one or more table entries in the dialog box that
appears. After adding the table entries, you can view the added table entries
on this page.
Click it to delete the selected table entries in batches.
Quickly locate the table entry you want to find through the dropdown list or
by entering a keyword.
Click them to edit, delete, or bind a table entry.
If the toggle switch is displayed in gray and the button is on the left, the
related function is disabled. If the toggle switch is displayed in blue and
the button is on the right, the related function is enabled.
Update data on the current page.
5
Web-based Configuration Guide Control
Network-Wide Monitoring
Description Set the number of table entries displayed on a page. Click a page
number or specify the page number to access the corresponding page.
1.4 Work Mode
The device can work in router mode and AC mode. The system menu pages and
configuration function scope vary depending on the work mode. By default, the
EG router works in router mode. To modify the work mode, see Section 3.1
Switching the Work Mode.
1.4.1 Router Mode
The device supports routing functions such as route-based forwarding and
network address translation (NAT), VPN, and behavior management. It can
allocate addresses to downlink devices, forward network data based on routes,
and perform NAT operations. In the router mode, the device can access the
network through Point-to-Point Protocol over Ethernet (PPPoE) dialing, dynamic
IP address, and static IP address. It can also directly connect to a fiber-to-
the-home (FTTH) network cable or an uplink device to provide network access
and manage downlink devices.
1.4.2 AC Mode
The device supports Layer 2 forwarding only. The device does not provide the
routing and Dynamic Host Configuration Protocol (DHCP) server functions. By
default, the WAN port obtains IP addresses through DHCP. The AC mode is
applicable to the scenario where the network is working normally. In AC mode,
the device serves as the management controller to access the network in bypass
mode and manage the AP.
1.5 Configuration Wizard (Router Mode)
1.5.1 Getting Started
(1) Power on the device. Connect the WAN port of the device to an uplink
device using an Ethernet cable, or connect the device to the optical modem
directly.
(2) Configure the Internet connection type according to requirements of the
local Internet Service Provider (ISP). Otherwise, the Internet access may fail
due to improper configuration. You are advised to contact your local ISP to
confirm the Internet connection type: Figure out whether the Internet
connection type is PPPoE, DHCP mode, or static IP address mode. In the PPPoE
mode, a username, a password, and possibly a service name are needed. In the
static IP address mode, an IP address, a subnet mask, a gateway, and a DNS
server need to be configured.
6
Web-based Configuration Guide
1.5.2 Configuration Steps
Network-Wide Monitoring
1. Adding a Device to Network
You can manage and configure all devices in the network in batches by default.
Please verify the device count and network status before configuration.
Note New devices will join in a network automatically after being powered on.
You only need to verify the device count. If a new device is detected not in
the network, click Add to My Network and enter its management password to add
the device manually.
Note If there is a firewall device in the network, the Firewall Port Config
page appears. Select the corresponding port for configuration.
2. Creating a Network Project Click Start Setup to configure the Internet
connection type and management password. (1) Network Name: Identify the
network where the device is located. (2) Internet: Configure the Internet
connection type according to the requirements of the local ISP.
DHCP: The router detects whether it can obtain an IP address via DHCP by
default. If the router connects to the Internet successfully, you can click
Next without entering an account.
PPPoE: Click PPPoE, and enter the username, password, and service name. Click
Next. Static IP: Enter the IP address, subnet mask, gateway, and DNS server,
and click Next. (3) Management Password: The password is used for logging in
to the management page.
7
Web-based Configuration Guide
Network-Wide Monitoring
(4) Country/Region: You are advised to select the actual country or region.
(5) Time Zone: Set the system time. The network time server is enabled by
default to provide the time service.
You are advised to select the actual time zone.
Click Create Network & Connect. The device will deliver the initialization and
check the network connectivity. The device can access the Internet now. Bind
the device with a Ruijie Cloud account for remote management. Follow the
instruction to log in to Ruijie Cloud for further configuration.
8
Web-based Configuration Guide
Network-Wide Monitoring
Note If your device is not connected to the Internet, click Exit to exit the
configuration wizard. Please log in again with the new password if you change
the management password.
1.5.3 Forgetting the PPPoE Account
(1) Consult your local ISP. (2) If you replace the old router with a new one,
click Obtain Account from Old Device. Connect the old and
new routers to a power supply and start them. Insert one end of an Ethernet
cable into the WAN port of the old router and connect the other end to a LAN
port of the new router, and click Obtain. The new router automatically fetches
the PPPoE account of the old router. Click Save to make the configuration take
effect.
1.6 Configuration Wizard (AC Mode)
1.6.1 Getting Started
Power on the device and connect the device to an uplink device. Make sure that
the device can access the Internet.
9
Web-based Configuration Guide
Network-Wide Monitoring
1.6.2 Configuration Steps
(1) On the work mode setting page, change the work mode from router mode to AC mode. For details, see Section 3.1 Switching the Work Mode.
(2) After mode switching, the device will restart. After restart, the WAN port
on the device obtains an IP address through DHCP and accesses the network by
using a dynamic IP address. The default Internet connection type is DHCP mode.
You can use the default value or manually configure a static IP address for
the WAN port. For details, see Section 1.5.2 Configuration Steps.
10
Web-based Configuration Guide
Network-Wide Monitoring
1.7 Switching Between Management Pages
After you disable self-organizing network discovery, the web page is in the
Local Device mode. (Self-organizing network discovery is enabled upon
delivery. For details, see Section 3.1 Switching the Work Mode) After you
enable self-organizing network discovery, you can switch between the Network
and Local Device web pages. Click the current management mode in the
navigation bar and select the desired mode from the dropdown list box. Network
mode: View the management information of all devices in the network and
configure all devices in the current network from the network-wide
perspective. Local Device mode: Configure the device that you log in to.
11
Web-based Configuration Guide Network page:
Local Device page:
Network-Wide Monitoring
12
Web-based Configuration Guide
Network-Wide Monitoring
2 Network-Wide Monitoring
Choose Networkwide Management > Overview.
The Overview page displays the current network topology, uplink and downlink
real-time traffic, network connection status, and number of users and provides
short-cut entries for configuring the network and devices. On the current
page, you can monitor, configure, and manage the network status of the entire
network.
2.1 Viewing Networking Information
The networking topology contains information about online devices, connected
port numbers, device SNs, and uplink and downlink real-time traffic.
13
Web-based Configuration Guide
Network-Wide Monitoring
Click a traffic data item to view the real-time total traffic information.
Click a device in the topology to view the running status and configuration of the device and configure device
functions. By default, the product model is used as the device name. Click so that the description can distinguish devices from one another.
to modify the device name
14
Web-based Configuration Guide
Network-Wide Monitoring
Click List in the upper-left corner of the topology to switch to the device
list view. Then, you can view device information in the current networking.
Click an item in the list to configure and manage the device separately.
The update time is displayed in the lower-left corner of the topology view.
Click Refresh to update the topology to the latest state. It takes some time
to update the topology data. Please wait patiently.
15
Web-based Configuration Guide
Network-Wide Monitoring
2.2 Adding Networking Devices
2.2.1 Wired Connection
(1) When a new device connects to an existing device on the network, the
system displays the message “A devices not in SON is discovered”. And the
number of such devices in orange under Devices. You can click Manage to add
this device to the current network.
16
Web-based Configuration Guide
Network-Wide Monitoring
(2) After the system switches to the Network List page, click Other Network. In the Other Network section, select the device to be added to the network and click Add to My Network.
17
Web-based Configuration Guide
Network-Wide Monitoring
(3) You do not need to enter the password if the device is newly delivered from factory. If the device has a password, enter the management password of the device. Device addition fails if the password is incorrect.
2.2.2 AP Mesh
If the AP supports the AP Mesh (Reyee Mesh) function, you do not need to
connect cables after powering on the AP. The AP can be added to the current
network in Reyee Mesh mode, establish a mesh networking with other wireless
devices, and automatically synchronize Wi-Fi configuration.
Caution To scan the AP, the Reyee Mesh function must be enabled on the current
network. (For details, see Section 4.11 Enabling Reyee Mesh.) The AP should be
powered on nearby. It may fail to be scanned in case of long distance or
obstacle blocking. (1) Place the powered new AP near an existing AP, where the
new AP can receive Wi-Fi signals from the existing
AP. Log in to a device in the network. On the Overview page, click +AP in the
upper-right corner of the topology to scan nearby APs that do not belong to
the current network and are not connected to a network cable.
(2) Select the target AP to add it to the current network. You do not need to
enter the password if the device to add is new. If the device has a password,
enter the management password of the device.
18
Web-based Configuration Guide
Network-Wide Monitoring
2.3 Configuring the Service Network
The wireless and wired network configurations of the current network are displayed in the lower-left of the Overview page. Click Setup to switch to the service network configuration page (Networkwide Management >Overview > Network Planning).
2.3.1 Configuring the Wired Network
(1) Click Add Wired VLAN to add wired network configuration, or select an
existing wired VLAN and click Setup to modify its configuration.
(2) Configure a VLAN for wired access, specify the address pool server for
access clients in this VLAN, and determine whether to create a new DHCP
address pool. By default, the gateway is used as the address pool server to
allocate addresses to access clients. If an access switch is available in this
networking, you can select this switch as the address pool server. After
setting the service parameters, click Next.
19
Web-based Configuration Guide
Network-Wide Monitoring
(3) Select the switch to configure in the topology, select the switch ports
added to this VLAN, and click Override.
(4) Wait a moment for the configuration to take effect. 20
Web-based Configuration Guide
2.3.2 Configuring the Wireless Network
(1) Click Add Wi-Fi VLAN to add wireless network configuration. (2) Set the
SSID, Wi-Fi password, and applicable bands. Click Next.
Network-Wide Monitoring
Applicable bands include 2.4 GHz, 5 GHz, and 2.4 GHz + 5 GHz. Security types
include Open, WPA-PSK, WPA2-PSK, and WPA_WPA2-PSK. When the security type is
set to WPA-PSK, WPA2-PSK, or WPA_WPA2-PSK, a Wi-Fi password is required.
Click Expand to configure the advanced parameters, including Hide SSID, Client
Isolation, and Band Steering.
(3) Configure a VLAN for wireless access, specify the address pool server for
access clients in this VLAN, and determine whether to create a new DHCP
address pool. By default, the gateway is used as the address pool server to
allocate addresses to access clients. If an access switch is available in this
networking, you can select this switch as the address pool server. After
setting the service parameters, click Next.
21
Web-based Configuration Guide
Network-Wide Monitoring
(4) Confirm that the configuration items to be delivered are correct and then click Save. Wait a moment for the configuration to take effect.
2.4 Supporting Traffic Monitoring
Traffic monitoring can be carried out based on ports, users, and applications.
The real-time or historical uplink traffic, downlink traffic, and number of
sessions can be displayed.
2.4.1 Viewing Real-time Traffic
Choose Local Device > Device Overview > Real-time Traffic (1) Set the refresh
frequency.
Select a refresh frequency from the drop-down list.
(2) View real-time traffic of a port. a Click the Interface Real-time Traffic
tab. b Set Interface. Set Interface to a port or ALL-WAN. You can view the
uplink or downlink traffic of a port or the system. 22
Web-based Configuration Guide
Network-Wide Monitoring
c View traffic in the last one hour. Choose a port or ALL-WAN from the Interface drop-down list and view the traffic and sessions (including sessions of an original WAN port after LAN/WAN switching) in the last one hour.
Note Uplink traffic and downlink traffic are color-coded in the figure. You
can move the cursor over a curve to view uplink traffic and downlink traffic
at a certain time. (3) View real-time traffic of a user. a Click the User
Real-Time Traffic tab.
b The system displays real-time traffic of users. You can view the IP address,
online duration, uplink traffic, and downlink traffic of each user. 23
Web-based Configuration Guide
Network-Wide Monitoring
If there are multiple users, the system displays traffic data by downlink
traffic in descending order by default. The sorting mode can be switched based
on uplink traffic or downlink traffic. You can set the traffic unit, number of
items to be displayed on the current page, paging display, and other functions
based on service requirements.
c View traffic details of a user.
Note Only EG3XX series devices (such as EG310G-E) support this function and
Flow-audit Switch on the App Real-time Traffic tab page needs to be turned on.
Click Detailed. The pop-up page displays the uplink traffic and downlink traffic of each app used by the current user. You can set the sorting mode (by downlink traffic or uplink traffic), unit, and other parameters based on service requirements.
(4) View real-time traffic of an app. a Click the App Real-time Traffic tab. b
Turn on Flow-audit Switch.
c The system displays real-time traffic of apps. You can view the name,
application group, uplink traffic, and downlink traffic of each app. If there
are multiple apps, the system displays traffic data by downlink traffic in
descending order by default. The sorting mode can be switched based on uplink
traffic or downlink traffic. You can set the traffic unit, number of items to
be displayed on the current page, paging display, and other functions based on
service requirements.
24
Web-based Configuration Guide
d View traffic details of an app. Note
Only EG3XX series devices (such as EG310G-E) support this function.
Network-Wide Monitoring
Click Detailed. The pop-up page displays details about the traffic of each user who uses the current app. You can set the sorting mode (by downlink traffic or uplink traffic), unit, and other parameters based on service requirements.
2.4.2 Viewing Historical Traffic
Choose Local Device > Device Overview > Traffic History (1) Set the refresh
frequency.
Select a refresh frequency from the drop-down list.
(2) View historical traffic of a port. a Click the Interface Traffic History
tab. b Set Interface and Period. Set Interface to a port or ALL-WAN. You can
view the uplink or downlink traffic of a port or the system. The system allows
you to view historical data of 24 hours or 48 hours. Set Period and Interface.
The system displays historical data of a port or all ports in the current time
span.
25
Web-based Configuration Guide
Network-Wide Monitoring
Note Uplink traffic and downlink traffic are color-coded in the figure. You
can move the cursor over a curve to view uplink traffic and downlink traffic
at a certain time.
(3) View historical traffic of a user. a Click the User Traffic History tab. b
Set Period. On the User Traffic History tab page, you can view today’s or this
week’s historical traffic data of a user. For example, you can click This Week
to switch to this week’s data statistics display page, as shown in the figure
below.
If there are multiple users, the system displays traffic data by downlink
traffic in descending order by default. You can view the online duration,
uplink traffic, and downlink traffic of each user in the time span. The
sorting mode can be switched based on uplink traffic or downlink traffic. You
can set the traffic unit, number of items to be displayed on the current page,
paging display, and other functions based on service requirements. c View
traffic details of apps used by a user.
Note Only EG3XX series devices (such as EG310G-E) support this function and
Flow-audit Switch on the App Flow History tab page needs to be turned on.
26
Web-based Configuration Guide
Network-Wide Monitoring
Click Detailed. The pop-up page displays the traffic and online duration of each app used by the current user. You can set the sorting mode (by downlink traffic or uplink traffic), unit, and other parameters based on service requirements.
(4) View historical traffic of an app. a Click the App Flow History tab. b
Turn on Flow-audit Switch. Note The status of Flow-audit Switch is consistent
with that of Flow-audit Switch on the App Real-Time Flow page. After it is
turned on, the app real-time flow function and app flow history function are
enabled. c Set the time span. On the App Flow History tab page, you can view
today’s or this week’s historical user data. For example, you can click This
Week to switch to this week’s data statistics display page, as shown in the
figure below.
27
Web-based Configuration Guide
Network-Wide Monitoring
If there are multiple apps, the system displays traffic data by downlink
traffic in descending order by default. You can view the name, application
group, uplink traffic, and downlink traffic of each app in the time span. The
sorting mode can be switched based on uplink traffic or downlink traffic. You
can set the traffic unit, number of items to be displayed on the current page,
paging display, and other functions based on service requirements.
d View traffic details of an app. Note
Only EG3XX series devices (such as EG310G-E) support this function. Click
Detailed. The pop-up page displays details about the traffic of each user who
uses the current app. You can set the sorting mode (by downlink traffic or
uplink traffic), unit, and other parameters based on service requirements.
28
Web-based Configuration Guide
Network-Wide Monitoring
2.5 Supporting the URL Logging Function
URL logs record and display website domain names accessed by devices connected
to LAN ports within a certain minute, access count, and audit results.
Note Only EG3XX series devices (such as EG310G-E) support this function.
Choose Local Device > Device Overview > URL Log. (1) Enable the URL logging
function.
Click Enable and then click OK.
(2) (Optional) Configure record IP. The system records access records of all
devices connected to LAN ports by default. If you need to view access records
of a single device, set record IP. Enter the device IP address in record IP
and click Save.
29
Web-based Configuration Guide
Network-Wide Monitoring
Note If you need to restore access records of all devices connected to LAN
ports, clear information in Record IP Only and click Save.
(3) Check access records. The system displays detailed access records,
including the time, IP address. You can search for access records by IP
address or URL.
2.6 Processing Alerts
If a network exception occurs, alert message on this exception and the
corresponding solution are displayed on the Overview page. Click the alert
message in the Alert Center section to view the faulty device, problem
details, and its solution. Troubleshoot and process the alert according to the
solution.
30
Web-based Configuration Guide
Network-Wide Monitoring
2.7 Configuring the Audit Log
After the audit log function is enabled and configured, the system will
generate the DHCP lease time logs, URL logs of online users, and NAT logs.
Choose Local Device > Advanced > Audit Log.
31
Web-based Configuration Guide
Network-Wide Monitoring
(1) Click Enable to enable the audit log function. Note
The system will clear the logs if you enable the audit log function and then
disable it.
(2) Configure the following parameters related to the audit log function.
Parameter
Description
Server Type
Configure the log output format. Currently DHCP logs, URL logs and NAT logs only support Türkiye-5651mode.
Server Address
Configure the log server address. Only IPv4 addresses are supported.
Configure the server port ID, which can be customized. Port
The default port ID is 514.
Log Sending Rate
Configure the log sending rate at which the device sends the audit logs to the server. The default rate is 5000 logs per second and the customized rate ranges from 1 to 10000 logs per second.
Log Type
Configure the log type sent to the server, including DHCP logs, NAT logs and
URL logs.
You can specify the sending priority for the logs: High, Medium, and Low. If
the log type is in the high-priority list, its cache line will be prioritized
and the logs will be sent to the server preferentially.
(3) Click Save.
32
Web-based Configuration Guide
Network-Wide Monitoring
Click Show Log Status to view the status of the audit log function, including the server IP address, server connection status, sending history of each log type (including the logs in the three statuses: Received, Sent, and Discarded).
33
Web-based Configuration Guide
Network-Wide Monitoring
3 Network Settings
3.1 Switching the Work Mode
3.1.1 Work Mode
For details, see Section 1.4 Work Mode.
3.1.2 Self-Organizing Network Discovery
When setting the work mode, you can set whether to enable the self-organizing
network discovery function. This function is enabled by default. After the
self-organizing network discovery function is enabled, the device can be
discovered in the network and discover other devices in the network. Devices
network with each other based on the device status and synchronize global
configuration. You can log in to the Web management page of any device in the
network to check information about all devices in the network. After this
function is enabled, clients can maintain and manage the current network more
efficiently. You are advised to keep this function enabled. If the self-
organizing network discovery function is disabled, the device will not be
discovered in the network and it runs in standalone mode. After logging in to
the Web page, you can configure and manage only the currently logged in
device. If only one device is configured or global configuration does not need
to be synchronized to the device, you can disable the self-organizing network
discovery function.
Note In AC mode, the self-organizing network discovery function is enabled by
default. After the self-organizing network discovery function is enabled, you
can view the self-organizing role of the device on the Device Details page.
The menus on the Web page vary depending on whether the self-organizing
network discovery function is enabled. (For details, see Section 1.7 Switching
Between Management Pages.) Find the configuration entry for this function
according to the instructions in Configuration Steps below.
3.1.3 Configuration Steps
Choose Local Device > Device Overview > Device Overview >Device Details. Click
the current work mode to edit the work mode.
Caution After you switch the work mode, the device will restore factory
settings and restart. Please proceed with caution.
AC function switch: If a device works in the router mode and the self-
organizing network discovery function is enabled, you can enable or disable
the AC function. After the AC function is enabled, the device in the router
34
Web-based Configuration Guide
Network-Wide Monitoring
mode supports the virtual AC function and can manage downlink devices. If this function is disabled, the device needs to be elected as an AC in self- organizing network mode and then manage downlink devices.
3.1.4 Viewing the Self-Organizing Role
Choose Local Device > Device Overview > Device Overview > Device Details.
After the self-organizing network discovery function is enabled, you can view
the self-organizing role of the device on the Device Details page. Master
AP/AC: The device functions as an AC to manage downlink devices. Slave AP: The
device connects to the AC in self-organizing mode and is managed by the AC.
Slave APs are uniformly managed by the master AP/AC. Some wireless network
configurations cannot be modified separately in local mode, and must be
delivered by the master AP/AC.
3.2 Port Settings
You can choose Port Settings to set port parameters and view the port
information.
3.2.1 Setting the Port Parameters
Choose Local Device >Network > Port Settings > Basics.
35
Web-based Configuration Guide (1) Choose the target port and click Edit.
Network-Wide Monitoring
(2) Set the port parameters and click OK.
3.2.2 Viewing the Port Information
Choose Local Device > Network > Port Settings > Port Info.
3.3 Configuring the WAN Ports
Choose Local Device > Network > WAN. 36
Web-based Configuration Guide
Network-Wide Monitoring
You can configure multi-line access for the device to allow multiple lines to work simultaneously. After you switch to multi-line access, you need to specify the egress provider of the lines and set the load balancing mode, in addition to setting basic network parameters for the WAN ports.
Caution The number of lines supported varies with the product. The actual configuration prevails.
3.3.1 Configuring the Internet Access Mode
Choose Local Device > Network > WAN >WAN0.
The device can access the WAN in one of the following three methods: static
IP, DHCP, and PPPoE dialing. Select a proper method based on the actual
broadband line type. For details, see Section 1.5 Configuration Wizard (Router
Mode).
3.3.2 Modifying the MAC Address
Choose Local Device > Network > WAN > WAN0 > Advanced Settings. Sometimes, the
provider restricts Internet access of devices with unknown MAC addresses out
of security considerations. In this case, you can change the MAC addresses of
the WAN ports to valid MAC addresses.
37
Web-based Configuration Guide
Network-Wide Monitoring
Click Advanced Settings, enter a MAC address, and click Save. You do not need to modify the default MAC address unless otherwise specified.
3.3.3 Modifying the MTU
Choose Local Device >Network > WAN > WAN0 > Advanced Settings. 1. Modifying
the MTU MTU specifies the maximum transmission unit allowed to pass a WAN
port. By default, the MTU of a WAN port is 1500 bytes. Sometimes, large data
packets are limited in transmission speed or prohibited in the ISP network,
leading to slow network speed or even network disconnection. If this occurs,
you can set the MTU to a smaller value.
If the MTU value is unknown, click MTU Detection to configure the one-click
MTU detection, and adjust the MTU settings based on the results obtained from
MTU detection.
38
Web-based Configuration Guide
Network-Wide Monitoring
2. Detecting the MTU
Click MTU Detection to configure the one-click MTU detection to determine the
MTU between two communication devices. Enter the destination IP/domain name,
retry count, ICMP echo request timeout, minimum MTU, maximum MTU, and click
Start to start the detection.
3.3.4 Configuring the Private Line
Choose Local Device > Network > WAN > WAN0 > Advanced Settings. Turn on
Private Line and determine whether to set the current WAN line as a private
line. Generally, private lines are used for access to specific internal
networks but not the Internet. Private lines provide higher network security.
39
Web-based Configuration Guide
Network-Wide Monitoring
3.3.5 Configuring the VLAN Tag
Choose Local Device > Network> WAN > WAN0 > Advanced Settings. Some ISPs
require that packets transmitted to their networks carry VLAN IDs. In this
case, you can enable the VLAN tag function and set a VLAN ID and Priority for
the WAN port. By default, the VLAN tag function is disabled. You are advised
to keep the VLAN tag function disabled unless otherwise specified.
3.3.6 Configuring the Multi-Link Load Balancing Mode
Choose Local Device >Network > WAN > Load Settings > Load Balancing Settings.
40
Web-based Configuration Guide
Network-Wide Monitoring
When multiple links are available, some traffic is forwarded along the link selected based on the address library and the remaining traffic is distributed to other links in load balancing mode.
Table 3-1 Load balancing modes
Load Balancing Mode
Description
Balanced
The traffic will be distributed across multiple links according to the weight
of each WAN port. Larger traffic will be distributed to the WAN port with a
higher weight.
When you select this mode, you must specify the weight of each WAN port.
For example, if the weight of WAN and WAN 1 ports is set to 3 and 2
respectively, then, 60% of the total traffic will be routed over WAN and 40%
over WAN 1.
Primary & Secondary
All traffic is routed over the primary interface. Once the primary interface
fails, traffic will be switched over to the secondary interface.
If there are multiple primary or secondary interfaces, the weight of these
interfaces must be set. (See balanced mode.)
The system supports IPv4 and IPv6 multi-link load balancing. IPv4 multi-link
load balancing is enabled by default, while IPv6 multi-link load balancing
needs to be enabled manually.
1. Configuring IPv4 Multi-Link Balancing
(1) Select a load balancing mode from the Load Mode drop-down list. (2) Select
a loading balancing policy from the Load Balancing Policy drop-down list.
41
Web-based Configuration Guide
Table 3-2 Description of Load Balancing Policies (IPv4)
Load Balancing Policy
Description
Network-Wide Monitoring
Based on Connections
After you enable this policy, the traffic is routed over multiple links based on the links. Packets with the same source IP address, destination IP address, source port, destination port, and protocol are routed over the same link.
Based on Src IP Address
After you enable this policy, the traffic is routed over multiple links based on the source IP address. The traffic from the same user (same source IP address) will be routed to the same interface. This policy prevents traffic from the same user from being routed to different links, lowering the risks of network access exceptions.
Based on Src and Dest IP Address
After you enable this policy, the traffic is routed over multiple links based on the source IP address and destination. The traffic of the same source IP address and destination IP address will be routed to the same interface.
Smart Load Balancing
After you enable this feature, the traffic is routed over multiple links based on the link bandwidth, the actual loads of the links, application recognition and traffic prediction.
(2) Set the uplink and downlink bandwidths or the weight for each WAN port.
When the load balancing policy is set to Based on Connections, Based on Src IP
Address, or Based on
Src and Dest IP Address, a weight must be set for each WAN port.
Note The higher the value of the weight, the more traffic is directed to the
WAN port.
When the load balancing policy is set to Smart Load Balancing, the uplink and
downlink bandwidths must be set for each WAN port.
42
Web-based Configuration Guide
Network-Wide Monitoring
(3) Click Save. 2. Configuring IPv6 Multi-Link Balancing
(1) Toggle on Enable to enable the IPv6 multi-link load balancing mode. (2) Select a load balancing mode from the Load Mode drop-down list. (3) Select a loading balancing policy from the Load Balancing Policy drop-down list.
Table 3-3 Description of Load Balancing Policies (IPv6)
Load Balancing Policy
Description
Based on Connections
After you enable this policy, the traffic is routed over multiple links based on the links. Packets with the same source IP address, destination IP address, source port, destination port, and protocol are routed over the same link.
Based on Src IP Address
After you enable this policy, the traffic is routed over multiple links based on the source IP address. The traffic from the same user (same source IP address) will be routed to the same interface. This policy prevents traffic from the same user from being routed to different links, lowering the risks of network access exceptions.
43
Web-based Configuration Guide
Network-Wide Monitoring
Load Balancing Policy
Based on Src and Dest IP Address
Description
After you enable this policy, the traffic is routed over multiple links based
on the source IP address and destination. The traffic of the same source IP
address and destination IP address will be routed to the same interface.
(4) Set a weight for each WAN port. The valid range of weight is 1 to 100000.
Note The higher the value of the weight, the more traffic is directed to the
WAN port.
(5) Click Save.
3.3.7 Configuring Link Detection
Choose Local Device > Network > WAN > Line Detection. After configuring
multiple WAN ports, use the link detection function to check whether lines are
connected to the external network. If the network is down, the system does not
select a route based on the interface, such as load balancing, policy-based
routing, and ISP routing. The system supports IPv4 and IPv6 WAN link
detection, which can be enabled separately. 1. Configuring IPv4 WAN Link
Detection (1) On the IPv4 WAN Link Detection page, toggle on Enable to enable
IPv4 WAN link detection. (2) In the WAN port list, select a WAN port for link
detection, and click Edit.
(3) Configure the parameters of the link detection function.
Table 3-4 Link Detection Parameter
Description
Detection Interval
The time interval of connectivity test.
Rounds for Going Online
The system periodically sends a ping message to a detection destination IP address at the specified interval. If the ping succeeds and the number of consecutive successful pings reaches the set number of Rounds for Going Online, the WAN port is set to be online.
44
Web-based Configuration Guide Parameter Rounds for Going Offline
Detected Dest IP
Network-Wide Monitoring
Description
The system periodically sends a ping message to a detection destination IP
address at the specified interval. If the ping fails and the number of
consecutive unsuccessful pings reaches the set number of Rounds for Going
Offline, the WAN port is set to be offline.
The destination IP address to which the system sends ping messages. You can
set up to three destination IP addresses. The system sends ping messages to
one of the IP addresses randomly during detection.
Note For RG-EG105G-V2 and RG-EG210G, the default destination IP address is
114.114.114.114, www.google.com, or 8.8.8.8. For other products, the default
destination IP address is 114.114.114.114 or www.google.com.
(4) Click OK.
3. Configuring IPv6 WAN Link Detection (1) On the IPv6 WAN Link Detection
page, toggle on Enable to enable IPv6 WAN link detection. (2) In the WAN port
list, select a WAN port for link detection, and click Edit.
(3) Configure the link detection parameters.
45
Web-based Configuration Guide
Network-Wide Monitoring
Parameter Detection Interval Rounds for Going Online
Rounds for Going Offline
Detected Dest IP
Description
The time interval of connectivity test.
The system periodically sends a ping message to a detection destination IP
address at the specified interval. If the ping succeeds and the number of
consecutive successful pings reaches the set number of Rounds for Going
Online, the WAN port is set to be online.
The system periodically sends a ping message to a detection destination IP
address at the specified interval. If the ping fails and the number of
consecutive unsuccessful pings reaches the set number of Rounds for Going
Offline, the WAN port is set to be offline.
The destination IP address (IPv6) to which the system sends ping messages. You
can set up to three destination IP addresses. The system sends ping messages
to one of the IP addresses randomly during detection.
(4) Click OK.
3.3.8 Configuring NAT Mode
Choose Local Device > Network> WAN > WAN0 > Advanced Settings. When an
intranet needs to communicate with an extranet, Network Address Translation
(NAT) must be configured to convert the private IP address into a globally
unique IP address, so that the private network can access the public network.
46
Web-based Configuration Guide
Network-Wide Monitoring
Toggle on NAT Mode to enable the NAT mode. When the NAT mode is disabled, this router operates in router mode to forward data packets, enabling mutual access between hosts connected to the LAN and the WAN ports of this router.
Caution Disabling NAT mode may potentially impact the functionality of the
self-organizing network (SON) feature.
3.4 Configuring the LAN Ports
3.4.1 Modifying the LAN Port IP Address
Choose Local Device > Network > LAN > LAN Settings. Click Edit. In the dialog
box that appears, enter the IP address and subnet mask, and then click OK.
After you modify the LAN port IP address, you need to enter the new IP address
in the browser to log in to the device again before you can configure and
manage this device.
47
Web-based Configuration Guide
Network-Wide Monitoring
3.4.2 Modifying the MAC Address
Choose Local Device > Network > LAN > LAN Settings. If a static Address
Resolution Protocol (ARP) entry (binding between IP address and MAC address of
the gateway) is configured to prevent ARP attacks to clients in the LAN, the
gateway IP address remains unchanged but its MAC address changes when the
gateway is replaced. As a result, the client may fail to learn the gateway MAC
address. You can modify the static ARP entry of the client to prevent this
problem. You can also change the LAN port MAC address of the new device to the
MAC address of the original device to allow clients in the LAN to access the
Internet normally. Click Edit. In the dialog box that appears, enter the MAC
address, and then click OK. You do not need to modify the default LAN port MAC
address unless otherwise specified.
48
Web-based Configuration Guide
Network-Wide Monitoring
3.5 Configuring VLAN
3.5.1 VLAN Overview
Virtual Local Area Network (VLAN) is a communication technology that divides a
physical LAN into multiple logical broadcast domains. Each VLAN has
independent broadcast domains. Hosts in the same VLAN can directly communicate
with each other, while hosts in different VLANs cannot as they are isolated at
Layer 2. Compared with traditional Ethernet, VLAN has the following
advantages: Control broadcast storms: Broadcast packets can only be forwarded
inside a VLAN. This saves bandwidth as
the performance of a VLAN is not affected by broadcast storms of other VLANs.
49
Web-based Configuration Guide
Network-Wide Monitoring
Enhance LAN security: As a VLAN is divided into multiple broadcast domains,
packets of different VLANs in a LAN are isolated. Different VLAN users cannot
directly communicate, enhancing network security.
Simplify network management: The VLAN technology can be used to divide the
same physical network into different logical networks. When the network
topology changes, you only need to modify the VLAN configuration, simplifying
network management.
3.5.2 Creating a VLAN
Choose Local Device > Network > LAN > LAN Settings. A LAN can be divided into multiple VLANs. Click Add and create a VLAN.
50
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-5 VLAN Configuration
Parameter
Description
Configure an IP address for the VLAN interface. This IP address is used as the
default IP
gateway for the LAN devices that need to access the Internet.
Subnet Mask
Configure an IP address subnet mask for the VLAN interface.
VLAN ID
Configure the VLAN ID.
Remark
Enter the VLAN description.
51
Web-based Configuration Guide
Network-Wide Monitoring
Parameter MAC Address
DHCP Server
Description
Configure an MAC address for the VLAN interface.
Enable the DHCP server function. After this function is enabled, devices in
the LAN can automatically obtain IP addresses. You also need to specify the
start address for IP address allocation by the DHCP server, the number of IP
addresses that can be allocated, and the address lease. You can also configure
DHCP Options. For details, see Section 3.7.3 Configuring the DHCP Server.
Caution The VLAN configuration is associated with the uplink configuration.
Exercise caution when you perform this operation.
3.5.3 Configuring a Port VLAN
Choose Local Device > Network > Port VLAN. This page displays the VLAN
division of the current port. Create VLANs on the LAN Settings page and then
configure the port based on the VLANs on this page. For details, see Section
3.4.2 Creating a VLAN. Click the check box under a port and select the
relationship between VLAN and port from the drop-down list box. UNTAG:
Configure the VLAN as the native VLAN of the port. When the port receives
packets from the specified
VLAN, the port removes the VLAN ID before forwarding the packets. When the
port receives packets without a VLAN ID, the port adds this VLAN ID to the
packets before forwarding them. You can set only one VLAN of the port to
UNTAG. TAG: Configure the port to allow packets with this VLAN ID to pass.
This VLAN is not the native VLAN. When the port receives packets from the
specified VLAN, it forwards the packets with the original VLAN ID. Not Join:
Configure the port to deny packets with this VLAN ID to pass. For example, if
you set VLAN 10 and VLAN 20 to Not Join for port 2, port 2 will not receive
packets from VLAN 10 and VLAN 20.
52
Web-based Configuration Guide
3.6 Configuring Rate Test
Network-Wide Monitoring
Note Only EG3XX series devices (such as EG310GH-E) support this function.
You can use the rate test function to easily monitor the transmission rate of
individual ports. In the case of ports with low transmission rates, you can
identify and address potential issues to ensure that service quality remains
high. Choose Local Device > Network > Rate Test.
(1) Select the WAN port to be tested. You can click Select All to select all
WAN ports for the rate test. (2) Click Start Test. After the rate test is
complete, the system will display the test results, including latency, jitter,
and packet loss.
53
Web-based Configuration Guide
Network-Wide Monitoring
3.7 Configuring DNS
3.7.1 Local DNS
When the WAN interface runs DHCP or PPPoE protocol, the device automatically
obtains the DNS server address. If the upper-layer device does not deliver the
DNS server address or the DNS server needs to be changed, you can manually
configure a new DNS server. Choose Local Device > Advanced > Local DNS. Local
DNS server: Configure the DNS server address used by the local device. If
multiple addresses exist, separate them with spaces.
3.7.2 DNS Proxy
DNS proxy is optional configuration. By default, the device obtains the DNS
server address from the upper-layer device. Choose Local Device > Network >
LAN > LAN Settings. DNS Proxy: By default, the DNS proxy is disabled, and the
DNS address delivered by the ISP is used. If the DNS configuration is
incorrect, the device may fail to parse domain names and network access will
fail. It is recommended to keep the DNS proxy disabled. DNS Server: Enable
clients to access the Internet by using the DNS server address delivered by
the upper-layer device. The default settings are recommended. After the DNS
proxy is enabled, you need to enter the DNS server IP address. The DNS
settings vary with the region. Consult the local ISP for details.
54
Web-based Configuration Guide
Network-Wide Monitoring
3.8 Configuring IPv6
3.8.1 IPv6 Overview
Internet Protocol Version 6 (IPv6) is the next-generation IP protocol designed
by Internet Engineering Task Force (IETF) to substitute IPv4. It is used to
compensate insufficient IPv4 network addresses.
3.8.2 IPv6 Basics
1. IPv6 Address Format
IPv6 extends 32-bit IPv4 address into 128 bits, providing wider address space
than IPv4. The basic format of an IPv6 address is X:X:X:X:X:X:X:X. It is
represented as eight groups of four hexadecimal digits (0-9, A-F), each group
representing16 bits. The groups are separated by colons (:). In this format,
each X represents a group of four hexadecimal digits. Samples of IPv6
addresses are 2001:ABCD:1234:5678:AAAA:BBBB:1200:2100, 800:0:0:0:0:0:0:1, and
1080:0:0:0:8:800:200C:417A. The digit 0 in an IPv6 address can be suppressed
as follows: Leading zeros in each 16-bit field are suppressed. For example,
2001:00CD:0034:0078:000A:000B:1200:2100
can be suppressed to 2001:CD:34:78:A:B:1200:2100. The long sequence of
consecutive all-zero fields in some IPv6 addresses can be replaced with two
colons (::).
For example, 800:0:0:0:0:0:0:1 can be represented as 800::1. The two colons
(::) can be used only when all the 16 bits in a group are 0s, and it can
appear only once in an IPv6 address.
2. IPv6 Prefix
IPv6 addresses are typically composed of two logical parts: Network prefix: n
bits, corresponding to the network ID in IPv4 addresses interface ID: (128
n) bits, corresponding to the host ID in IPv4 addresses A slash (/) is used to
separate the length of network prefix from an IPv6 address. For example,
12AB::CD30:0:0:0:0/60 indicates that the 60-bit network prefix in the address
is used for route selection. IPv6 prefixes can be obtained from the IPv6 DHCP
server, along with IPv6 addresses. A downlink DHCP server can also
automatically obtain IPv6 prefixes from its uplink DHCP server.
3. Special IPv6 Addresses
There are some special IPv6 addresses: fe80::/8: loopback address, similar to
the IPv4 address 169.254.0.0/16 fc00::/7: local address, similar to IPv4
addresses 10.0.0.0/8, 172.16.0.0/16, and 192.168.0.0/16 ff00::/12: multicast
address, similar to the IPv4 address 224.0.0.0/8
4. NAT66
IPv6-to-IPv6 Network Address Translation (NAT66) is a process of converting
the IPv6 address in the IPv6 data packet header into another IPv6 address.
NAT66 can be implemented by converting the prefix in an IPv6 address
55
Web-based Configuration Guide
Network-Wide Monitoring
in an IPv6 data packet header into another IPv6 address prefix. NAT66 enables
mutual access between an internal network and an external public network.
3.8.3 IPv6 Address Allocation Modes
Manual configuration: IPv6 addresses, prefixes, and other network parameters
are configured manually. Stateless Address Autoconfiguration (SLAAC): The
link-local address is generated based on the interface ID,
and the lPv6 address is automatically allocated based on the prefix
information in the Router Advertisement (RA) packet. Stateful address
allocation (DHCPv6): Two DHCPv6 allocation methods are as follows: Automatic
DHCPv6 allocation: The DHCPv6 server automatically allocates IPv6 addresses,
prefixes, and
other network parameters. Automatic allocation of DHCPv6 Prefix Delegations
(PDs): The lower-layer network device submits a prefix
allocation application to the upper-layer network device. The upper-layer
network device allocates an appropriate address prefix to the lower-layer
device. The lower-layer device further divides the obtained prefix (usually
less than 64 bits) into 64-bit prefixed subnet segments and advertises the
address prefixes to the user link directly connected to the IPv6 host through
the RA packet, implementing automatic address configuration for hosts.
3.8.4 Enabling the IPv6 Function
Choose Local Device > Network > IPv6 Address. Turn on Enable to enable the IPv6 function.
3.8.5 Configuring an IPv6 Address for the WAN Port
Choose Local Device > Network> IPv6 Address > WAN Settings. After you enable
the IPv6 function, you can set related parameters on the WAN Settings tab. The
number of WAN_V6 tabs indicates the number of WAN ports on the current device.
56
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-6 IPv6 address configuration for WAN port
Parameter
Description
Internet IPv6 Address
Configure a method for the WAN port to obtain an IPv6 address.
DHCP: The current device functions as the DHCPv6 client, and it applies for an
IPv6 address and prefix from the uplink network device. Static IP: You need to
manually configure a static IPv6 address, gateway address, and DNS server.
Null: The IPv6 function is disabled on the WAN port.
When Internet is set to DHCP, the automatically obtained IPv6 address is
displayed.
When Internet is set to Static IP, you need to configure this parameter
manually.
IPv6 Prefix
When Internet is set to DHCP, the IPv6 address prefix automatically obtained by the current device is displayed.
57
Web-based Configuration Guide
Network-Wide Monitoring
Parameter Gateway DNS Server NAT66 Default Preference
Description
When Internet is set to DHCP, the automatically obtained gateway address is
displayed. When Internet is set to Static IP, you need to configure this
parameter manually.
When Internet is set to DHCP, the automatically obtained DNS server address is
displayed. When Internet is set to Static IP, you need to configure this
parameter manually.
If the current device cannot access the Internet through DHCP or cannot obtain
the IPv6 prefix, you need to enable the NAT66 function to allocate IPv6
addresses to clients on the internal network.
Set the default route preference for the current line. A smaller value
indicates a higher preference. For the same destination address, the route
with the highest preference is selected as the optimal route.
Caution The RG-EG105G and RG-EG105G-P does not support the NAT66 function.
3.8.6 Configuring an IPv6 Address for the LAN Port
Choose Local Device > Network > IPv6 Address > LAN Settings. When the device
accesses the Internet through DHCP, it can obtain LAN port IPv6 addresses from
the uplink device and allocate IPv6 addresses to the clients in the LAN based
on the IPv6 address prefix. If the uplink device cannot allocate an IPv6
address prefix to the device, you need to manually configure an IPv6 address
prefix for the LAN port and enable the NAT66 function to allocate IPv6
addresses to the clients in the LAN. For details, see Section 3.6.5
Configuring an IPv6 Address for the WAN Port.
Click Edit next to the default VLAN, and set IPv6 Address/Prefix Length to a
local address with no more than 64 bits. This address is also used as the IPv6
address prefix. You can use either of the following methods to allocate IPv6
addresses to clients: Auto: Allocate IPv6 addresses to clients in DHCPv6 or
SLAAC mode.
58
Web-based Configuration Guide
Network-Wide Monitoring
DHCPv6: Allocate IPv6 addresses to clients through DHCPv6. SLAAC: Allocate IPv6 addresses to clients through SLAAC. Null: Do not allocate addresses to clients. You should select an allocation method based on the protocol supported by clients on the internal network. If you are not sure about the supported protocol, select Auto.
Click Advanced Settings to configure more address attributes.
59
Web-based Configuration Guide
Table 3-7 IPv6 address configuration for LAN port
Parameter
Description
Network-Wide Monitoring
Subnet Prefix Name
Specify the interface from which the prefix is obtained, such as WAN_V6 or WAN1_V6. By default, the device obtains prefixes from all interfaces.
Subnet Prefix Length
Specify the length of the subnet prefix. The value is in the range of 48 to 64.
Subnet ID
Configure the subnet ID in the hexadecimal format. The value 0 indicates auto increment.
Lease Time(Min)
Set the lease of the IPv6 address, in minutes.
DNS Server
Configure the IPv6 DNS server address.
3.8.7 Viewing the DHCPv6 Client
Choose Local Device > Network > IPv6 Address > DHCPv6 Clients.
When the device functions as a DHCPv6 server to allocate IPv6 addresses to
clients, you can view the information about the client that obtains an IPv6
address from the device on the current page. The client information includes
the host name, IPv6 address, remaining lease time, and DHCPv6 Unique
Identifier (DUID).
Enter the DUID in the search bar and click client.
to quickly find relative information of the specified DHCPv6
Click Convert to Static IP to convert the IP binding of a client with an IP
address to static binding. Then the DHCP server assigns a static IP address to
the client.
Click Bind Selected to convert the IP binding of multiple clients with IP
addresses to static binding. Then the DHCP server assigns static IP addresses
to the clients.
3.8.8 Configuring the Static DHCPv6 Address
Configure the IPv6 address statically bound to the DUID of a client so that
the client can obtain the specified address each time. Choose Local Device >
Network > IPv6 Address > Static DHCPv6.
60
Web-based Configuration Guide
Network-Wide Monitoring
(1) Click Add.
(2) Enter the IPv6 address and DUID. (3) Click OK.
3.8.9 Configuring the IPv6 Neighbor List
In IPv6, Neighbor Discovery Protocol (NDP) is an important basic protocol. NDP
replaces the ARP and ICMP route discovery protocols of IPv4, and supports the
following functions: address resolution, neighbor status tracking, duplicate
address detection, router discovery, and redirection. Choose Local Device >
Security > IPv6 Address > IPv6 Neighbor List.
61
Web-based Configuration Guide
Network-Wide Monitoring
(1) Click Add and manually add the interface, IPv6 address and MAC address of the neighbor.
(2) Select the MAC address and IP address to be bound, and click Bind in the
Action column to bind the IP address to the MAC address to prevent ND attacks.
62
Web-based Configuration Guide
Network-Wide Monitoring
3.9 Configuring a DHCP Server
3.9.1 DHCP Server Overview
After the DHCP server function is enabled in the LAN, the device can
automatically deliver IP addresses to clients, so that clients connected to
the LAN ports of the device or connected to Wi-Fi can access the Internet
using the obtained addresses. See Section 3.6.6 Configuring an IPv6 Address
for the LAN Port for more information about the DHCPv6 server function.
3.9.2 Address Allocation Mechanism
The DHCP server allocates an IP address to a client in the following way: (1)
When the device receives an IP address request from a DHCP client, the device
searches the DHCP static
address allocation list. If the MAC address of the DHCP client is in the DHCP
static address allocation list, the device allocates the corresponding IP
address to the DHCP client. (2) If the MAC address of the DHCP client is not
in the DHCP static address allocation list or the IP address that the DHCP
client applies is not in the same network segment as the LAN port IP address,
the device selects an IP address not used from the address pool and allocates
the address to the DHCP client. (3) If no IP address in the address pool is
allocable, the client will fail to obtain an IP address.
3.9.3 Configuring the DHCP Server
1. Configuring Basic Parameters
Choose Local Device > Network > LAN > LAN Settings. DHCP Server: The DHCP
server function is enabled by default in the router mode. You are advised to
enable the function if the device is used as the sole router in the network.
When multiple routers are connected to the upperlayer device through LAN
ports, disable this function.
Caution If the DHCP server function is disabled on all devices in the network,
clients cannot automatically obtain IP addresses. You need to enable the DHCP
server function on one device or manually configure a static IP address for
each client for Internet access.
Start: Enter the start IP address of the DHCP address pool. A client obtains
an IP address from the address pool. If all the addresses in the address pool
are used up, no IP address can be obtained from the address pool. IP Count:
Enter the number of IP addresses in the address pool. Lease Time(Min): Enter
the address lease term. When a client is connected, the leased IP address is
automatically renewed. If a leased IP address is not renewed due to client
disconnection or network instability, the IP address will be reclaimed after
the lease term expires. After the client connection is restored, the client
can request an IP address again. The default lease term is 30 minutes.
63
Web-based Configuration Guide
Network-Wide Monitoring
1. Configuring DHCP Option Choose Local Device > Network > LAN > DHCP. The
DHCP Option configuration is shared by all LAN ports. You can configure DHCP
Option based on actual needs.
64
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-8 DHCP Option configuration
Parameter
Description
DNS Server
Enter the DNS server address provided by the ISP.
Option 43
When the AC (wireless controller) and the AP are not in the same LAN, the AP cannot discover the AC through broadcast after obtaining an IP address from the DHCP server. To enable the AP to discover the AC, you need to configure Option 43 carried in the DHCP response packet on the DHCP server.
Option 138
Enter the IP address of the AC. Similar to Option 43, when the AC and AP are not in the same LAN, you can configure Option 138 to enable the AP to obtain the IPv4 address of the AC.
Option 150
Enter the IP address of the TFTP server. The TFTP server allocates addresses to clients.
3.9.4 Viewing the DHCP Client
Choose Local Device > Network> LAN > DHCP Clients. View the client addresses
automatically allocated by thorough DHCP. Find the target client and click
Convert to Static IP in the Status column, or select desired clients and click
Batch Convert. The dynamic address allocation relationship is added to the
static address allocation list, so that the host can obtain the bound IP
address for each
65
Web-based Configuration Guide
Network-Wide Monitoring
connection. For details on how to view the static address allocation list, see Section 3.7.5 Configuring Static IP Addresses.
3.9.5 Configuring Static IP Addresses
Choose Local Device > Network > LAN Static IP Addresses. The page displays all
configured static IP addresses. Click Add. In the pop-up window, enter the
device name, MAC address and IP address of the client to be bound, and click
OK. After a static IP address is bound, the bound IP address will be obtained
each time the client connects to the network.
66
Web-based Configuration Guide
Network-Wide Monitoring
3.10 Configuring Routes
3.10.1 Configuring Static Routes
Static routes are manually configured by the user. When a data packet matches
a static route, the packet will be forwarded according to the specified
forwarding mode.
Caution Static routes cannot automatically adapt to changes of the network
topology. When the network topology changes, you need to reconfigure the
static routes. 1. Configuring IPv4 Static Routing Choose Local Device >
Advanced > Routing > Static Routing. Click Add. In the dialog box that
appears, enter the destination address, subnet mask, outbound interface, and
next-hop IP address to create a static route.
67
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-9 Static route configuration
Parameter
Description
Dest IP Address
Specify the destination network to which the data packet is to be sent. The device matches the data packet based on the destination address and subnet mask.
Subnet Mask
Specify the subnet mask of the destination network. The device matches the data packet based on the destination address and subnet mask.
Outbound Interface
Specify the interface that forwards the data packet.
Next Hop
Specify the IP address of the next hop in the route for the data packet. If the outbound interface accesses the Internet through PPPoE dialing, you do not need to configure the next-hop address.
After a static route is created, you can find the relevant route configuration and reachability status in the static route list. The Reachable parameter specifies whether the next hop is reachable, based on which you can determine whether the route takes effect. If the value is No, check whether the outbound interface in the current route can ping the next-hop address.
2. Configuring the IPv6 Static Route Choose Local Device > Advanced > Routing
Static Routing_v6.
68
Web-based Configuration Guide (1) Click Add.
Network-Wide Monitoring
(2) Configure an IPv6 static route of the device.
Table 3-10 Description of IPv6 Static Routing Configuration Parameters
Parameter
Description
IPv6 Address/Prefix Length
Destination network of the packet. The destination address of the packet is matched according to the IPv6 address and prefix length.
Outbound Interface
Interface that forwards the packet.
Next Hop
IP address of the next routing node to which the packet is sent.
(3) Click OK.
69
Web-based Configuration Guide
Network-Wide Monitoring
3.10.2 Configuring PBR
Policy-based routing (PBR) is a mechanism for routing and forwarding based on
user-specified policies. When a router forwards data packets, it filters the
packets according to the configured rules, and then forwards the matched
packets according to the specified forwarding policy. The PBR feature enables
the device to formulate rules according to specific fields (source or
destination IP address and protocol type) in the data packets, and forward the
data packets from a specific interface.
In a multi-line scenario, if the device is connected to the Internet and the
internal network through different lines, the traffic will be evenly routed
over the lines if no routing settings are available. In this case, access data
to the internal network may be sent to the external network, or access data to
the external network may be sent to the internal network, resulting in network
exceptions. To prevent these exceptions, you need to configure PBR to control
data isolation and forwarding on the internal and external networks.
The device can forward data packets using either of the following three
policies: PBR, address-based routing, and static routing. When all the
policies exist, PBR, static routing, and address-based routing have descending
order in priority. For details on address-based routing, see Section 3.2.6
Configuring the Multi-Line Load Balancing Mode.
1. Configuring IPv4 PBR
Choose Local Device > Advanced > Routing > PBR.
Click Add to add a PBR rule.
70
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-11 Description of IPv4 PBR Configuration Parameters
Parameter
Description
Name
Specify the name of the PBR rule, which uniquely identifies a PBR rule. The name must be unique for each rule.
Protocol Type
Specify the protocol to which the PBR rule is effective. You can set this parameter to IP, ICMP, UDP, TCP, or Custom.
Protocol Number
When Protocol Type is set to Custom, you need to enter the protocol number.
Src IP/IP Range Custom Src IP
Configure the source IP address or IP address range for matching PBR entries.
The default value is All IP Addresses.
All IP Addresses: Match all the source IP addresses. Custom: Match the source
IP addresses in the specified IP range.
When Src IP/IP Range is set to Custom, you need to enter a single source IP
address or a source IP range.
71
Web-based Configuration Guide
Network-Wide Monitoring
Parameter Dest IP/IP Range
Custom Dest IP Src Port Range Dest Port Range Outbound Interface Traffic
Assurance Status
Description
Configure the destination IP address or IP address range for matching PBR
entries. The default value is All IP Addresses.
All IP Addresses: Match all the destination IP addresses. Custom: Match the
destination IP addresses in the specified IP range. When Dest IP/IP Range is
set to Custom, you need to enter a destination source IP address or a
destination IP range.
This parameter is available only when Protocol Type is set to TCP or UDP. This
parameter specifies the source port range for packet matching using PBR.
This parameter is available only when Protocol Type is set to TCP or UDP. This
parameter specifies the destination port range for packet matching using PBR.
Specify the interface that forwards the data packet based on the hit PBR rule.
When an outbound interface is unreachable, the traffic will be automatically
routed to other reachable outbound interfaces.
Turn on Status to specify whether to enable the PBR rule. If Status is turned
off, this rule does not take effect.
Note If you want to restrict the access device to access only the specified
internal network, you can set the outbound interface in the corresponding
route to the WAN port in the private line network. For details on how to set
the private line network, see Section 3.2.4 Configuring the Private Line.
All the created PBR policies are displayed in the PBR list, with the latest
policy listed on the top. The device matches the policies according to their
sorting in the list. You can manually adjust the policy matching sequence by
clicking or in the Match Order column.
4. Configuring IPv6 PBR Choose Local Device > Advanced > Routing > PBR_v6.
72
Web-based Configuration Guide
Network-Wide Monitoring
Click Add to add a PBR rule.
73
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-12 Description of IPv6 PBR Configuration Parameters
Parameter
Description
Name
Specify the name of the PBR rule, which uniquely identifies a PBR rule. The name must be unique for each rule.
Protocol Type
Specify the protocol to which the PBR rule is effective. You can set this parameter to IP, ICMPv6, UDP, TCP, or Custom.
Protocol Number
When Protocol Type is set to Custom, you need to enter the protocol number.
74
Web-based Configuration Guide Parameter Src IP/IP Range
Custom Src IP
Dest IP/IP Range
Custom Dest IP Src Port Range Dest Port Range Outbound Interface Traffic
Assurance Status
Network-Wide Monitoring
Description
Configure the source IP address or IP address range for matching PBR entries.
The default value is All IP Addresses.
All IP Addresses: Match all the source IP addresses. Custom: Match the source
IP addresses in the specified IP range. When Src IP/IP Range is set to Custom,
you need to enter a single source IP address or a source IP range.
Configure the destination IP address or IP address range for matching PBR
entries. The default value is All IP Addresses.
All IP Addresses: Match all the destination IP addresses. Custom: Match the
destination IP addresses in the specified IP range. When Dest IP/IP Range is
set to Custom, you need to enter a destination source IP address or a
destination IP range.
This parameter is available only when Protocol Type is set to TCP or UDP. This
parameter specifies the source port range for packet matching using PBR.
This parameter is available only when Protocol Type is set to TCP or UDP. This
parameter specifies the destination port range for packet matching using PBR.
Specify the interface that forwards the data packet based on the hit PBR rule.
When an outbound interface is unreachable, the traffic will be automatically
routed to other reachable outbound interfaces.
Turn on Status to specify whether to enable the PBR rule. If Status is turned
off, this rule does not take effect.
Note If you want to restrict the access device to access only the specified
internal network, you can set the outbound interface in the corresponding
route to the WAN port in the private line network. For details on how to set
the private line network, see Section3.3.4 Configuring the Private Line.
All the created PBR policies are displayed in the PBR list, with the latest
policy listed on the top. The device matches the policies according to their
sorting in the list. You can manually adjust the policy matching sequence by
clicking or in the Match Order column.
75
Web-based Configuration Guide
Network-Wide Monitoring
2. Typical Configuration Example
Networking Requirements Two lines with different bandwidths are deployed for
an enterprise. Line A (WAN 1) is used for access to the Internet and Line B
(WAN 2) is used for access to the specific internal network (10.1.1.0/24). The
enterprise wants to configure PBR to guarantee correct data flows between the
internal and external networks, isolate devices in the specified address range
(172.26.31.1 to 172.26.31.200) from the external network, and allow these
devices to access the specific internal network only. Configuration Roadmap
Configure the private line. Add a PBR policy for access to the internal
network. Add a PBR policy for access to the external network. Add a PBR policy
to restrict specific devices to access the internal network only.
Configuration Steps (1) Configure WAN 2 as the private line for the internal
network.
When you configure networking parameters for WAN 2 port, click Advanced
Settings, turn on Private Line, and click Save. For details, see Section 3.2.4
Configuring the Private Line.
(2) Add a PBR policy to forward data packets destined to the external network
through WAN 1 port. Choose Advanced > Routing > PBR and click Add. In the
dialog box that appears, create a PBR policy and set Outbound Interface to
WAN1.
76
Web-based Configuration Guide
Network-Wide Monitoring
(3) Add a PBR policy to forward data packets destined to the internal network through WAN 2 port. In this policy, set Custom Dest IP to 10.1.1.1-10.1.1.254 and Outbound Interface to WAN2.
(4) Add a PBR policy to restrict devices in the IP range 172.26.31.1 to
172.26.31.200 to access the internal private line only. In this policy, set
Src IP/IP Range to Custom, Custom Src IP to 172.26.31.1-172.26.31.200, and
Outbound Interface to WAN2.
77
Web-based Configuration Guide
Network-Wide Monitoring
3.10.3 Configuring RIP
Routing Information Protocol (RIP) is applicable to small and medium-sized
networks and is a dynamic routing protocol that is easy to configure. RIP
measures the network distance based on the number of hops and selects a route
based on the distance. RIP uses UDP port 520 to exchange the routing
information. 1. Configuring RIP Basic Functions Choose Local Device > Advanced
Routing > RIP Settings Click Add and configure the network segment and interface.
78
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-13 RIP Configuration Parameters Parameter
Type
Network Segment Port
Description
Network Segment: Enable RIP in the specified network segment. The IP addresses
of this network segment are added to the RIP routing table. The device and its
RIPenabled neighbor devices learn the routing table from each other. Port:
Enable RIP on the specified port. All the IP addresses of this port are added
to the RIP routing table. The device and its RIP-enabled neighbor devices
learn the routing table from each other.
Enter the network segment, for example, 10.1.0.0/24, when Type is set to
Network Segment. RIP will be enabled on all interfaces of the device covered
by this network segment.
Select a VLAN interface or physical port when Type is set to Port.
79
Web-based Configuration Guide
Network-Wide Monitoring
Auth Mode Auth Key
No Authentication: The protocol packets are not authenticated. Encrypted Text:
The protocol packets are authenticated, and the authentication key is
transmitted with the protocol packets in the form of encrypted text. Plain
Text: The protocol packets are authenticated, and the authentication key is
transmitted with the protocol packets in the form of plain text.
Enter the authentication key to authenticate protocol packets when Auth Mode
is set to Encrypted Text or Plain Text.
2. Configuring the RIP Port Choose Local Device > Advanced > Routing > RIP Settings >> Port Settings
Table 3-14 Configuration Parameters in the Port List
Parameter
Description
Port Name
Name of the port where RIP is enabled.
Rx Status
RIP version of packets currently received.
Tx Status
RIP version of packets currently transmitted.
Poison Reverse
After the port learns the route, the route overhead is set to 16 (indicating that the route is unreachable), and the route is sent back to the neighbor from the original port to avoid a loop.
v2 Broadcast Packet
When a neighbor does not support multicast, broadcast packets can be sent.
You are advised to disable RIPv2 broadcast packets to improve network
performance.
80
Web-based Configuration Guide Auth Mode
Auth Key Action
Network-Wide Monitoring
No Authentication: The protocol packets are not authenticated. Encrypted Text:
The protocol packets are authenticated, and the authentication key is
transmitted with the protocol packets in the form of encrypted text. Plain
Text: The protocol packets are authenticated, and the authentication key is
transmitted with the protocol packets in the form of plain text.
Enter the authentication key to authenticate protocol packets when Auth Mode
is set to Encrypted Text or Plain Text.
Click Edit to modify RIP settings of the port.
3. Configuring the RIP Global Configuration
Choose Local Device > Advanced > Routing > RIP Settings >> Advanced, click
Edit Config, and configure RIP global configuration parameters.
81
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-15 RIP Global Configuration Parameters Parameter
RIP Version
Description
Default: Select RIPv2 for sending packets and RIPv1/v2 for receiving packets.
V1: Select RIPv1 for sending and receiving packets. V2: Select RIPv2 for
sending and receiving packets.
82
Web-based Configuration Guide Parameter
Route Advertisement Administrative Distance Update Timer Invalid Timer
Flush Timer
Network-Wide Monitoring
Description
After route advertisement is enabled, the current device generates a default
route and sends it to the neighbor.
Redistribute routes of other protocols to the RIP domain so that RIP can
interwork with other routing domains.
RIP update cycle. The routing information is updated every 30 seconds by
default.
If no update is received before a route becomes invalid, the route is
considered unreachable. The default value is 180 seconds.
If no update is received before the flush timer of an invalid route expires,
the route is completely deleted from the RIP routing table. The default value
is 120 seconds.
4. Configuring the RIP Route Redistribution List
Redistribute routes of other protocols to the RIP domain so that RIP can
interwork with other routing domains. Choose Local Device > Advanced > Routing
RIP Settings >> Advanced, click Add in RIP Redistribution List, and select the type and administrative distance.
83
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-16 RIP Route Redistribution Parameters Parameter Type
Administrative Distance
Instance ID
Description
Direct Routing OSPF Routing Static Routing
A smaller administrative distance indicates a higher priority. The default
value is 0. The value ranges from 0 to 16.
Select the instance ID of OSPF that needs to be redistributed. OSPFv2 needs to
be enabled on the local device.
5. Configuring the Passive Interface
If an interface is configured as a passive interface, it will suppress RIP
update packets. If the connected peer device does not run RIP, you are advised
to enable the passive interface. Choose Local Device > Advanced > Routing >
RIP Settings >> Advanced, click Add in Passive Interface and select a passive
interface.
84
Web-based Configuration Guide
Network-Wide Monitoring
6. Configuring the Neighbor Route
When the router cannot process broadcast packets, another router can be
designated as the neighbor to establish a RIP direct link. Choose Local Device
Advanced > Routing > RIP Settings >> Advanced, click Add in Neighbor Route, and enter the IP address of the neighbor router.
85
Web-based Configuration Guide
Network-Wide Monitoring
3.10.4 Configuring RIPng
RIP Next Generation (RIPng) provides the routing function for IPv6 networks. RIPng uses UDP port 512 to exchange the routing information. 1. Configuring RIPng Basic Functions Choose Local Device > Advanced > Routing > RIPng Settings Click Add, set Type to Network Segment or Port, and specify the network segment or port accordingly.
86
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-17 RIPng Configuration Parameters Parameter
Type
Network Segment Port
Description
Network Segment: Enable RIP in the specified network segment. The IP addresses
of this network segment are added to the RIP routing table, and the device and
its RIP-enabled neighbor devices learn the routing table from each other.
Port: Enable RIP on the specified port. All the IP addresses of this port are
added to the RIP routing table, and the device and its RIP-enabled neighbor
devices learn the routing table from each other.
Enter the IPv6 address and prefix length when Type is set to Network Segment.
RIPng will be enabled on all interfaces of the device covered by this network
segment.
Select a VLAN interface or physical port when Type is set to Port.
2. Configuring the RIPng Port
RIPng poison reverse: After the port learns the route, the route overhead is
set to 16 (indicating that the route is unreachable), and the route is sent
back to the neighbor from the original port to avoid a loop. Choose Local
Device > Advanced > Routing > RIPng Settings > Port Settings, click Edit, and
enable IPv6 poison reverse.
87
Web-based Configuration Guide
Network-Wide Monitoring
3. Configuring the RIPng Global Configuration
Choose Local Device > Advanced > Routing > RIPng Settings >> Advanced, click
Edit Config in RIPng Global Config, and configure RIPng global configuration
parameters.
88
Web-based Configuration Guide
Network-Wide Monitoring
4. Configuring the RIPng Route Redistribution List Redistribute routes of
other protocols to the RIPng domain to interwork with other routing domains.
Choose Local Device > Advanced > Routing > RIPng Settings > Advanced, click
Add in Route Redistribution List, and configure RIPng route redistribution.
89
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-18 RIP Route Redistribution Parameters Parameter
Type
Administrative Distance
Description Direct Routing OSPF Routing Static Routing Value range: 0-16. The default value is 0.
5. Configuring the RIPng Passive Interface
If an interface is configured as a passive interface, it will suppress RIPng
update packets. If the connected peer device does not run RIP, you are advised
to enable the passive interface. Choose Local Device > Advanced > Routing >
RIPng Settings > Advanced, click Add in Passive Interface, and select a
passive interface.
90
Web-based Configuration Guide
Network-Wide Monitoring
6. Configuring the IPv6 Aggregate Route
Choose Local Device > Advanced > Routing > RIPng Settings > Advanced, click
Add in RIPng Aggregate Routing, and enter the IPv6 address or length. The
length of IPv6 address prefix ranges from 0 bit to 128 bits.
3.10.5 OSPF v2
Open Shortest Path First (OSPF) can be applied to large-scale networks. IPv4
uses OSPFv2, and IPv6 uses OSPFv3. OSPF is a typical link-state routing
protocol, which can solve the problems of slow route update, inaccurate
measurement, and poor scalability in large networks. It is suitable for
networks of various sizes, and even a network with up to thousands of devices.
91
Web-based Configuration Guide
Network-Wide Monitoring
1. Configuring OSPFv2 Basic Parameters
Choose Local Device > Advanced > Routing > OSPFV2, click Start Setup, and then
configure an instance and an interface respectively.
(1) Configure an instance. a Configure basic parameters for an instance.
92
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-19 Description of Basic OSPF Instance Configuration Parameters
Parameter
Description
Instance ID Router ID
Create an OSPF instance based on the service type. The instance only takes
effect locally, and does not affect packet exchange with other devices.
It identifies a router in an OSPF domain.
Caution Router IDs within the same domain must be unique. The same
configuration may cause neighbor discovery failures.
Advertise Default Route Import External Route
Generate a default route and send it to the neighbor. After this function is enabled, you need to enter the metric and select a type. The default metric is
- Type 1: The metrics displayed on different routers vary. Type 2: The
metrics displayed on all routers are the same.
Redistribute routes of other protocols to the OSPF domain to interwork with other routing domains. If Static Route Redistribution is selected, enter the metric, which is 20 by default. If Direct Route Redistribution is selected, enter the metric, which is 20 by default. If RIP Redistribution is selected, enter the metric, which is 20 by default.
b Click Details to display detailed configurations.
93
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-20 Description of Detailed OSPF Instance Configuration Parameters
Parameter
Description
Distance
It is used for protocol selection. By default, the intraarea, inter-area, and external distances are all 110.
Frequent network changes and route flapping may
occupy too much network bandwidth and device
LSA
resources. The LSA generation and reception delays
are specified in OSPF by default.
The default value is 1000 ms.
94
Web-based Configuration Guide Parameter SPF Calculation
Graceful Restart (2) Configure an interface.
Network-Wide Monitoring
Description
When the link state database (LSDB) changes, OSPF recalculates the shortest
path, and sets the interval to prevent frequent network changes from occupying
a large number of resources Waiting Interval: When the state changes, the
timer is triggered. The delay is calculated for the first time after the timer
expires. The default value is 0 ms. Min Interval: As the number of changes
increases, the time of each interval will increase according to the algorithm,
and the default value is 50 ms. Max Interval: When the calculated interval
reaches the maximum interval, the subsequent interval is always equal to the
maximum interval. If the time from the last calculation exceeds the maximum
interval and the LSDB is not updated, the timer is disabled.
Graceful Restart (GR) can avoid route flapping caused by traffic interruption
and active/standby board switchover, thus ensuring the stability of key
services. Graceful Restart Helper: The Graceful Restart Helper function is
enabled when this switch is turned on. LSA Check: LSA packets outside the
domain are checked when this switch is turned on. Max Wait Time: Timing starts
after the device receives the GR packet from the peer device. If the peer
device does not complete GR within Max Wait Time, the device exits the GR
Helper mode. The default value is 1800 seconds.
95
Web-based Configuration Guide
Network-Wide Monitoring
c Configure basic parameters for an OSPFv2 interface.
Table 3-21 Description of Basic OSPFv2 Interface Configuration Parameters
Parameter
Description
Interface
Select the OSPF-enabled L3 interface.
Area
Configure the area ID. Value range: 0-4294967295
Stub Area
If Stub Area is enabled, you need to configure the area type and inter-area
route isolation.
Stub area: Routers at the edge of the area do not advertise routes outside the
area, and the routing table in the area is small.
Not-So-Stubby Area (NSSA): A few external routes can be imported.
Inter-area route isolation: After this function is enabled, inter-area routes
will not be imported to this area.
Details
Expand the detailed configuration.
d Click Details to display detailed configurations.
96
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-22 Description of Detailed OSPFv2 Interface Configuration Parameters
Parameter
Description
Priority
It is 1 by default.
Network Type
Broadcast Unicast Multicast Non-Broadcast Multiple Access
Hello Packets
Interval for periodic transmission, which is used to discover and maintain OSPF neighbor relationship. The default value is 10 seconds.
97
Web-based Configuration Guide Parameter Dead Interval LSA Transmission Delay
LSA Retransmission Interval
Interface Auth
Ignore MTU Check
Network-Wide Monitoring
Description
Time after which the neighbor becomes invalid. The default value is 40
seconds.
LSA transmission delay of the interface. The default value is 1 second.
Time after which LSA is retransmitted after LSA is lost. The default value is
5 seconds.
No Auth: The protocol packets are not authenticated. It is the default value.
Plain Text: The protocol packets are authenticated, and the authentication key
is transmitted with the protocol packets in the form of plain text. MD5: The
protocol packets are authenticated, and the authentication key is MD5
encrypted and then transmitted with the protocol packets.
Enabled by default.
e Click Add to add an interface to Interface List. (3) Click Finish.
98
Web-based Configuration Guide
Network-Wide Monitoring
After you create an instance and an interface, choose Local Device > Advanced
Routing > OSPFV2 to check the current Instance List.
2. Adding an OSPFv2 Interface Choose Local Device > Advanced > Routing > OSPFV2, select the instance to be configured in Instance List, and choose More V2 Interface.
99
Web-based Configuration Guide
Network-Wide Monitoring
3. Redistributing OSPFv2 Instance Routes Choose Local Device > Advanced >
Routing > OSPFV2, select the instance to be configured in Instance List, and
choose More > V2 Instance Route Redistribution.
100
Web-based Configuration Guide
Network-Wide Monitoring
4. Managing OSPFv2 Stub Areas
Choose Local Device > Advanced > Routing > OSPFV2, select the instance to be
configured in Instance List, and choose More > V2 Stub Area Management.
5. Managing OSPFv2 Neighbors Choose Local Device > Advanced > Routing > OSPFV2, select the instance to be configured in Instance List, and choose More
V2 Neighbor Management.
101
Web-based Configuration Guide
Network-Wide Monitoring
6. Viewing OSPFv2 Neighbor Information
Choose Local Device > Advanced > Routing > OSPFV2, select the instance to be
configured in Instance List, and click Neighbor Info.
102
Web-based Configuration Guide
Network-Wide Monitoring
3.10.6 OSPF v3
Open Shortest Path First (OSPF) can be applied to large-scale networks. IPv4
uses OSPFv2, and IPv6 uses OSPFv3. 1. Configuring OSPFv3 Basic Parameters
Choose Local Device > Advanced > Routing > OSPFV3, click Start Setup, and then
configure an instance and an interface respectively. (1) Configure an
instance.
a Configure basic parameters for an instance.
103
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-23 Description of Basic OSPF Instance Configuration Parameters
Parameter
Description
Instance ID
Create an OSPF instance based on the service type. The instance only takes effect locally, and does not affect packet exchange with other devices.
It identifies a router in an OSPF domain.
Router ID
Caution Router IDs within the same domain must be unique. The same configuration may cause neighbor discovery failures.
104
Web-based Configuration Guide Parameter Advertise Default Route
Import External Route
Network-Wide Monitoring
Description
Generate a default route and send it to the neighbor. After this function is
enabled, you need to enter the metric and select a type. The default metric is
- Type 1: The metrics displayed on different routers vary. Type 2: The
metrics displayed on all routers are the same.
Redistribute routes of other protocols to the OSPF domain to interwork with other routing domains. If Static Route Redistribution is selected, enter the metric, which is 20 by default. If Direct Route Redistribution is selected, enter the metric, which is 20 by default. If RIP Redistribution is selected, enter the metric, which is 20 by default.
b Click Details to display detailed configurations.
105
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-24 Description of Detailed OSPF Instance Configuration Parameters
Parameter
Description
Distance
It is used for protocol selection. By default, the intraarea, inter-area, and external distances are all 110.
Frequent network changes and route flapping may
occupy too much network bandwidth and device
LSA
resources. The LSA generation and reception delays
are specified in OSPF by default.
The default value is 1000 ms.
106
Web-based Configuration Guide Parameter SPF Calculation
Graceful Restart (2) Configure an interface.
Network-Wide Monitoring
Description
When the link state database (LSDB) changes, OSPF recalculates the shortest
path, and sets the interval to prevent frequent network changes from occupying
a large number of resources Waiting Interval: When the state changes, the
timer is triggered. The delay is calculated for the first time after the timer
expires. The default value is 0 ms. Min Interval: As the number of changes
increases, the time of each interval will increase according to the algorithm,
and the default value is 50 ms. Max Interval: When the calculated interval
reaches the maximum interval, the subsequent interval is always equal to the
maximum interval. If the time from the last calculation exceeds the maximum
interval and the LSDB is not updated, the timer is disabled.
Graceful Restart (GR) can avoid route flapping caused by traffic interruption
and active/standby board switchover, thus ensuring the stability of key
services. Graceful Restart Helper: The Graceful Restart Helper function is
enabled when this switch is turned on. LSA Check: LSA packets outside the
domain are checked when this switch is turned on. Max Wait Time: Timing starts
after the device receives the GR packet from the peer device. If the peer
device does not complete GR within Max Wait Time, the device exits the GR
Helper mode. The default value is 1800 seconds.
107
Web-based Configuration Guide
Network-Wide Monitoring
a Configure basic parameters for an interface.
Table 3-25 Description of Basic OSPF Interface Configuration Parameters
Parameter
Description
Interface
Select the OSPF-enabled L3 interface.
Area
Configure the area ID. Value range: 0-4294967295
Stub Area
If Stub Area is enabled, you need to configure the area type and inter-area
route isolation.
Stub area: Routers at the edge of the area do not advertise routes outside the
area, and the routing table in the area is small.
Not-So-Stubby Area (NSSA): A few external routes can be imported.
b Click Details to display detailed configurations.
108
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-26 Description of Detailed OSPF Interface Configuration Parameters
Parameter
Description
Priority
It is 1 by default.
Network Type
Broadcast Unicast Multicast Non-Broadcast Multiple Access
Hello Packets
Interval for periodic transmission, which is used to discover and maintain OSPF neighbor relationship. The default value is 10 seconds.
Dead Interval
Time after which the neighbor becomes invalid. The default value is 40 seconds.
109
Web-based Configuration Guide Parameter LSA Transmission Delay LSA
Retransmission Interval
Interface Auth
Ignore MTU Check
Network-Wide Monitoring
Description
LSA transmission delay of the interface. The default value is 1 second.
Time after which LSA is retransmitted after LSA is lost. The default value is
5 seconds.
No Auth: The protocol packets are not authenticated. It is the default value.
Plain Text: The protocol packets are authenticated, and the authentication key
is transmitted with the protocol packets in the form of plain text. MD5: The
protocol packets are authenticated, and the authentication key is MD5
encrypted and then transmitted with the protocol packets.
Enabled by default.
c Click Add to add an interface to Interface List. (2) Click Finish.
110
Web-based Configuration Guide
Network-Wide Monitoring
After you complete configuration, choose Advanced > Routing > OSPFV3 to check
Instance List.
2. Adding an OSPFv3 Interface Choose Local Device > Advanced > Routing >
OSPFV3, select the instance to be configured in Instance List, and choose More
V3 Interface.
111
Web-based Configuration Guide
Network-Wide Monitoring
3. Managing OSPFv3 Stub Areas Choose Local Device > Advanced > Routing > OSPFV3, select the instance to be configured in Instance List, and choose More
V3 Stub Area Management.
112
Web-based Configuration Guide
Network-Wide Monitoring
3.10.7 Viewing Routing Tables
Choose Local Device > Advanced > Routing > Routing Table Info to view IPv4 and
IPv6 routing table details.
3.11 Configuring ARP Binding and ARP Guard
3.11.1 Overview
The device learns the IP address and MAC address of the network devices
connected to its interfaces and generates the corresponding ARP entries. You
can enable ARP guard and configure IP-MAC binding to restrict Internet access
of LAN hosts and improve network security.
113
Web-based Configuration Guide
Network-Wide Monitoring
3.11.2 Configuring ARP Binding
Choose Local Device > Security > ARP List. Before you enable ARP guard, you
must configure the binding between IP addresses and MAC addresses in either of
the following ways: (1) Select a dynamic ARP entry in the ARP list and click
Bind. You can select multiple entries to be bound at one
time and click Bind Selected to bind them.
(2) Click Add, enter the device name, IP address and MAC address to be bound, and click OK. The input box can display existing address mappings in the ARP list. You can click a mapping to automatically enter the address mapping.
To remove the binding between a static IP address and a MAC address, click Delete in the Action column. 114
Web-based Configuration Guide
Network-Wide Monitoring
3.11.3 Configuring ARP Guard
After ARP guard is enabled, only LAN hosts with IP-MAC binding can access the external network. For details on how to configure ARP binding, see Section 3.10.2 Configuring ARP Binding. (1) Choose Local Device > Security > ARP List.
(2) Turn on Enable in the ARP Guard section to enable ARP guard.
(3) Set the range for the function to take effect. If you select Select All,
the ARP guard function will take effect on all clients on the LAN. If you
select a specified port, the ARP guard function will take effect only on
clients connected to the port.
3.12 Configuring MAC Address Filtering
3.12.1 Overview
You can enable MAC address filtering and configure an Allowlist or Blocklist
to effectively control Internet access from LAN hosts.
115
Web-based Configuration Guide
Network-Wide Monitoring
Allowlist: Allow only hosts whose MAC addresses are in the filter rule list to
access the Internet. Blocklist: Deny hosts whose MAC addresses are in the
filter rule list from accessing the Internet.
3.12.2 Configuration Steps
Choose Local Device > Security > MAC Filtering.
(1) Click Add. In the dialog box that appears, enter the MAC address and
remarks. The input box can display existing address mappings in the ARP list.
You can click a mapping to automatically enter the MAC address. Click OK. A
filter rule is created.
(2) Turn on MAC Filtering, set Filtering Type, and click Save. 116
Web-based Configuration Guide
Network-Wide Monitoring
3.13 Configuring the PPPoE Server
3.13.1 Overview
Point-to-Point Protocol over Ethernet (PPPoE) is a network tunneling protocol
that encapsulates PPP frames inside Ethernet frames. When the router functions
as a PPPoE server, it provides the access service to LAN users and supports
bandwidth management.
3.13.2 Global Settings
Choose Local Device > Advanced > PPPoE Server > Global Settings. Set PPPoE
Server to Enable and configure PPPoE server parameters.
117
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-27 PPPoE server configuration
Parameter
Description
PPPoE Server
Specify whether to enable the PPPoE server function.
Mandatory PPPoE Dialup
Specify whether LAN users must access the Internet through dialing.
Local Tunnel IP
Set the point-to-point address of the PPPoE server.
IP Range
Specify the IP address range that can be allocated by the PPPoE server to authenticated users.
VLAN
Set the VLAN of the current PPPoE server.
Primary/Secondary DNS Server
Specify the DNS server address delivered to authenticated users.
Unanswered LCP Packet Limit
When the number of LCP packets not answered in one link exceeds the specified value, the PPPoE server automatically disconnects the link.
118
Web-based Configuration Guide
Network-Wide Monitoring
Parameter
Description
Auth Mode
Select at least one authentication mode from the following: PAP, CHAP, MSCHAP, and MSCHAP2.
3.13.3 Configuring a PPPoE User Account
Choose Local Device > Advanced > PPPoE Server > Account Settings. Click Add to
create a PPPoE authentication user account. The currently created PPPoE
authentication user accounts are displayed in the Account List section. Find
the target account and click Edit to modify the account information. Find the
target account and click Delete to delete the account.
119
Web-based Configuration Guide
Table 3-28 PPPoE user account configuration
Parameter
Description
Network-Wide Monitoring
Username/Password
Set the username and password of the authentication account for Internet access through PPPoE dialing.
Expire Date
Set the expiration date of the authentication account. After the account expires, it can no longer be used for Internet access through PPPoE authentication.
Remark
Enter the account description.
Status
Specify whether to enable this user account. If the account is disabled, the account is invalid and cannot be used for Internet access through PPPoE authentication.
Rate Limiting
Specify whether to apply flow control on the account. If flow control is enabled, you need to configure flow control policies for the PPPoE authentication user. If smart flow control is disabled, Rate Limiting must be turned off. To turn on Rate Limiting, enable smart flow control first.
Account Management
After flow control is enabled, you need to configure a flow control package for the current account to restrict user bandwidth accordingly. For details on how to configure and view flow control packages, see Section 3.12.4 Configuring a Flow Control Package.
3.13.4 Configuring a Flow Control Package
Choose Local Device > Advanced > PPPoE Server > Account Management. If smart
flow control is disabled, the flow control package for the account does not
take effect. Before you configure a flow control package, enable smart flow
control first. For details on how to set smart flow control, see Section 6.6.2
Smart Flow Control. Click Add to create a flow control package. The currently
created flow control packages are displayed in the Account Management List
section. You can modify or delete the packages.
120
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-29 PPPoE user flow control package configuration
Parameter
Description
Account Name
Set the name of the flow control package. When you configure an authentication account, you can select a flow control package based on the name.
Uplink Bandwidth
The following uplink bandwidth options can be configured, all measured in
Mbps. Limit-at: Guaranteed available uplink bandwidth for authenticated users
when bandwidth resources are limited. Max-Limit: Maximum available uplink
bandwidth for authenticated users when bandwidth resources are sufficient.
Max-Limit per User: Maximum available uplink bandwidth for each user. This
parameter is optional and the default value is no limit.
Downlink Bandwidth
The following downlink bandwidth options can be configured, all measured in
Mbps. Limit-at: Guaranteed available downlink bandwidth for authenticated
users when bandwidth resources are limited. Max-Limit: Maximum available
downlink bandwidth for authenticated users when bandwidth resources are
sufficient.
Max-Limit per User: Maximum available downlink bandwidth for each user. This
parameter is optional and the default value is no limit.
121
Web-based Configuration Guide
Network-Wide Monitoring
Parameter
Description
Interface
Specify the interface to which the flow control package applies.
3.13.5 Configuring Exceptional IP Addresses
Choose Local Device > Advanced > PPPoE Server > Exceptional IP Address. When
the PPPoE server is enabled, if you want to allow some IP addresses in a
specific VLAN to access the Internet without passing account and password
authentication, you can configure these IP addresses as exceptional IP
addresses. The currently created exceptional IP addresses are displayed in the
Exceptional IP Address List section. Click Edit to modify the exceptional IP
address. Click Delete to delete the exceptional IP address. Start IP
Address/End IP Address: Start and end of exceptional IP addresses. Remark:
Description of an exceptional IP address. Status: Whether the exceptional IP
address is effective.
122
Web-based Configuration Guide
Network-Wide Monitoring
3.13.6 Viewing Online Users
Choose Local Device > Advanced > PPPoE Server > Online Clients. View the
information of end users that access the Internet through PPPoE dialing. Click
Disconnect to disconnect the user from the PPPoE server.
Table 3-30 PPPoE online user information
Parameter
Description
Username
Total number of online users that access the Internet through PPPoE dialing.
IP Address
IP address of the client.
MAC Address
MAC address of the client.
Online Time
Time when the user accesses the Internet.
123
Web-based Configuration Guide
3.14 Port Mapping
3.14.1 Overview
Network-Wide Monitoring
1. Port Mapping
The port mapping function can establish a mapping relationship between the IP
address and port number of a WAN port and the IP address and port number of a
server in the LAN, so that all access traffic to a service port of the WAN
port will be redirected to the corresponding port of the specified LAN server.
This function enables external users to actively access the service host in
the LAN through the IP address and port number of the specified WAN port.
Application scenario: Port mapping enables users to access the cameras or
computers in their home network when they are in the enterprise or on a
business trip.
2. NAT-DMZ
When an incoming data packet does not hit any port mapping entry, the packet
is redirected to the LAN server according to the Demilitarized Zone (DMZ)
rule. All data packets actively sent from the Internet to the device are
forwarded to the designated DMZ host, thus realizing LAN server access of
external network users. DMZ not only realizes the external network access
service, but also ensures the security of other hosts in the LAN. Application
scenario: Configure port mapping or DMZ when an external network user wants to
access the LAN server, for example, access a server deployed in the home
network when the user is in the enterprise or on a business trip.
3.14.2 Getting Started
Confirm the intranet IP address of the mapping device on the LAN and the port
number used by the service. Confirm that the mapped service can be normally
used on the LAN.
3.14.3 Configuration Steps
Choose Local Device > Advanced > Port Mapping > Port Mapping. Click Add. In
the dialog box that appears, enter the rule name, service type, protocol type,
external port/range, internal server IP address, and internal port/range. You
can create a maximum of 50 port mapping rules.
124
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-31 Port mapping configuration
Parameter
Description
Name
Enter the description of the port mapping rule, which is used to identify the rule.
Preferred Server
Select the type of service to be mapped, such as HTTP or FTP. The internal port number commonly used by the service is automatically entered. If you are not sure about the service type, select Custom.
Protocol
Select the transmission layer protocol type used by the service, such as TCP or UDP. The value ALL indicates that the rule applies to both protocols. The value must comply with the client configuration of the service.
External IP Address
Specify the host address used for accessing the external network. You can set
it to the following:
Outbound Interface: You can select All WAN Ports or specify a WAN port. Enter
or select an IP address: Select or enter the IP address of a WAN port.
125
Web-based Configuration Guide
Network-Wide Monitoring
Parameter
Description
External Port/Range
Specify the port number used for Internet access. You need to confirm the port number in the client software, such as the camera monitoring software. You can enter a port number or a port range, such as 1050-1060. If you enter a port range, the value of Internal Port/Range must also be a port range.
Internal IP Address
Specify the IP address of the internal server to be mapped to the WAN port, that is, the IP address of the LAN device that provides Internet access, such as the IP address of the network camera.
Internal Port/Range
Specify the service port number of the internal server to be mapped to the WAN
port, that is, the port number of the application that provides Internet
access, such as port 8080 of the Web service.
You can enter a port number or a port range, such as 1050-1060. If you enter a
port range, the number of ports must be the same as that specified in External
Port/Range.
3.14.4 Verification and Test
Check whether the external network device can access services on the
destination host using the external IP address and external port number.
3.14.5 Solution to Test Failure
(1) Modify the value of External Port/Range and use the new external port
number to perform the test again. The possible cause is that the port is
blocked by the firewall.
(2) Enable the remote access permission on the server. The possible cause is
that remote access is displayed on the server, resulting in normal internal
access but abnormal access across network segments.
(3) Configure DMZ rules. For details, see Section 3.13.6 Configuration Steps
(DMZ). The possible cause is that the specified ports are incorrect or
incomplete.
3.14.6 Configuration Steps (DMZ)
Choose Local Device > Advanced > Port Mapping > NAT-DMZ. Click Add. Enter the
rule name and internal server IP address, select the interface to which the
rule applies, specify the rule status, and click OK. You can configure only
one DMZ rule for an outbound interface.
126
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-32 DMZ rule configuration
Parameter
Description
Name
Enter the description of the mapping rule, which is identify the DMZ rule.
Dest IP Address
Specify the IP address of the DMZ host to which packets are redirected, that is, the IP address of the internal server that can be accessed from the Internet.
Outbound Interface
Specify the WAN port in the DMZ rule. You can configure only one rule for a WAN port.
Status
Specify whether the rule is effective. The rule is effective after you turn on Status.
127
Web-based Configuration Guide
Network-Wide Monitoring
3.15 UPnP
3.15.1 Overview
After the Universal Plug and Play (UPnP) function is enabled, the device can
change the port used by the Internet access service according to the client
request, implementing NAT. When a client on the Internet wants to access the
internal resources on the LAN device, the device can automatically add port
mapping entries to realize traversal of some services between internal and
external networks. The following commonly used programs support the UPnP
protocol: MSN Messenger, Thunder, BT, and PPLive. Before you use the UPnP
service, note that clients (PCs and mobile phones) used in combination also
support UPnP.
Note To implement automatic port mapping using UPnP, the following conditions
must be met: UPnP is enabled on the device. The operating system of the LAN
host supports UPnP and has UPnP enabled. The programs support UPnP and have
UPnP enabled.
3.15.2 Configuring UPnP
Choose Local Device > Advanced > UPnP. Turn on Enable to enable the UPnP
function. Select a port from the drop-down list box of Default Interface.
Click Save to make the configuration take effect. If any relevant program
converts the port automatically, the information is displayed in the UPnP List
section.
Table 3-33 UPnP configuration
Parameter
Description
Enable
Specify whether to enable UPnP. By default, UPnP is disabled.
Default Interface
Specify the WAN port address bound to the UPnP service. By default, the default interface is a WAN port. On the device with multiple WAN ports, you can manually select the WAN port to bind or set this parameter to Auto to allow the device to select a WAN port automatically.
128
Web-based Configuration Guide
Network-Wide Monitoring
3.15.3 Verifying Configuration
After the UPnP service is enabled, open a program that supports the UPnP protocol (such as Thunder or BitComet) on the client used with the device, and refresh the Web page on the device. If a UPnP entry is displayed in the UPnP list, a UPnP tunnel is created successfully.
3.16 DDNS
3.16.1 Overview
After the Dynamic Domain Name Server (DDNS) service is enabled, external users
can use a fixed domain name to access service resources on the device over the
Internet at any time, without the need to search for the WAN port IP address.
You need to register an account and a domain name on the third-party DDNS
service provider for this service. The device supports No-IP DNS and Other
DNS.
3.16.2 Getting Started
Before you use the DDNS service, register an account and a domain name on the
DDNS or No-IP official website.
3.16.3 Configuring DDNS
1. No-IP DNS
Choose Local Device > Advanced > Dynamic DNS > No-IP DNS. Enter the registered
username and password and click Log In to initiate a connection request to the
server. The binding between the domain name and WAN port IP address of the
device takes effect. Click Delete to clear all the entered information and
remove the server connection relationship. The Link Status parameter specifies
whether the server connection is established successfully. If you do not
specify the domain name upon login, the domain name list of the current
account is displayed after successful connection. All the domain names of this
account are parsed to the WAN port IP address.
129
Web-based Configuration Guide
Network-Wide Monitoring
Note Both No-IP DNS and other DNS support IPv6 connectivity. To ensure
compatibility with the IPsec VPN functionality, you are advised to enable IPv6
when IPv6 is used
for IPsec VPN connection.
Table 3-34 DDNS login information
Parameter
Description
Service Interface
One domain name can be parsed to only one IP address. Therefore, you need to specify the WAN port bound to the domain name when multiple WAN ports are available. By default, the service interface is a WAN port.
130
Web-based Configuration Guide
Network-Wide Monitoring
Parameter
Description
Username & Password
Enter the username and password of the account registered on the official website. If no registered account is available, click Register to switch to the official website and create a new account.
Domain
Specify the domain name bound to the service interface IP address.
This parameter is optional for No-IP DNS. One account can be bound to multiple
domain names. You can choose to bind only one domain name to the IP address of
the current service interface. Only the selected domain name is parsed to the
WAN port IP address. If no domain name is specified, all the domain names of
the current account are parsed to the WAN port IP address.
2. Other DNS
Choose Local Device > Advanced > Dynamic DNS > Other DNS. Select the service
provider and service interface, enter the username and password for login, and
click Log In to initiate a connection request to the server to make the
binding relationship between the domain name and the device WAN port IP
address effective. Clicking Delete will clear all input information and
disconnect from the server. The connection status indicates whether a
connection has been successfully established with the server.
131
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-35 DDNS Login Information
Parameter
Description
An organization that provides dynamic domain name services, such as 3322.2org,
Service provider
cloudflare. com v4, and aliyun.
Service interface
One domain name can be parsed to only one IP address. Therefore, you need to specify the WAN port bound to the domain name when multiple WAN ports are available. By default, the service interface is a WAN port.
Username & Password
Enter the username and password of the account registered on the official website.
Domain name Specify the domain name bound to the service interface IP address.
132
Web-based Configuration Guide
Network-Wide Monitoring
Note Both No-IP DNS and other DNS support IPv6 connectivity. To ensure
compatibility with the IPsec VPN functionality, you are advised to enable IPv6
when IPv6 is used
for IPsec VPN connection.
3. Verifying Configuration If Link Status is displayed as Connected, the
server connection is established successfully. After the configuration is
completed, ping the domain name from the Internet. The ping succeeds and the
domain name is parsed to the WAN port IP address.
3.17 Connecting to IPTV
Caution To connect to IPTV in the Chinese environment, switch the system
language. For details, see Section 9.11 Switching System Language. IPTV is a
network television service provided by the ISP.
3.17.1 Getting Started
Confirm that the IPTV service is activated. Check the local IPTV type: VLAN or
IGMP. If the type is VLAN, confirm the VLAN ID. If you cannot confirm the
type or VLAN ID, contact the local ISP.
3.17.2 Configuration Steps (VLAN Type)
Choose Local Device > Network > IPTV > IPTV/VLAN. Select a proper mode based
on your region, click the drop-down list box next to the interface to connect
and select IPTV, and enter the VLAN ID provided by the ISP. For example, when
you want to connect the IPTV set top box to LAN 3 port of the device and the
VLAN ID is 20, the configuration UI is as follows. Internet VLAN: If you need
to set a VLAN ID for the Internet access service, turn on this parameter and
enter the VLAN ID. By default, the VLAN tag function is disabled. You are
advised to keep the VLAN tag function disabled unless otherwise specified.
After the configuration is completed, confirm that the IPTV set top box is
connected to the correct port, for example, LAN 3 in the example.
Caution Enabling this function may lead to network disconnection. Exercise
caution when performing this operation.
133
Web-based Configuration Guide
Network-Wide Monitoring
3.17.3 Configuration Steps (IGMP Type)
Choose Local Device > Network > IPTV > IPTV/IGMP. The IGMP type is applicable
to the ISP FPT. After you enable IPTV connection, connect the IPTV set top box
to any LAN port on the router.
134
Web-based Configuration Guide
Network-Wide Monitoring
3.18 Port Flow Control
Caution Only the RG-EG105G-E and RG-EG210G-E support this function. Choose
Local Device > Advanced > Port Settings. When wired ports of the device work
in different rates, data blocking may occur, leading to slow network speed.
Enabling port flow control helps relieve the data congestion.
3.19 Limiting the Number of Connections
Choose Local Device > Advanced > Session Limit. This function is used to
control the maximum number of connections per IP address. Click Add to add an
IP session limit rule.
135
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-36 IP session limit rule information
Parameter
Description
Name
Enter the name of the IP session limit rule.
Start IP Address
Enter the start IP address for session matching in the rule.
End IP Address
Enter the end IP address for session matching in the rule.
Session Count Limit
Specify the maximum number of session connections for an IP address matching the rule.
Status
Specify whether the rule is effective. The rule takes effect after you turn on this parameter.
3.20 Configuring Local Security
3.20.1 Configuring an Admin IP Address
Admin IP addresses are exempt from the ping prohibition function. Packets sent
from admin IP addresses can pass through and will not be discarded. Choose
Local Device > Security > Security Zone. Click Add. Then, you can configure
admin IP address information.
136
Web-based Configuration Guide
Network-Wide Monitoring
1. Configuring an Admin IP Address (Based on an IP Address)
(1) Configure a name for the admin IP address. The name is a string of 132
characters.
(2) Set Specific Mode to IP Range. (3) Configure an IP address.
137
Web-based Configuration Guide You can specify a single P address or an IP
address range.
2. Configuring an Admin IP Address (Based on a Port)
Network-Wide Monitoring
(1) Configure a name for the admin IP address. The name is a string of 132
characters.
(2) Set Specific Mode to Interface. (3) Specify the port.
You can select a LAN port or WAN port as the interface. 3. Deleting an Admin
IP Address Select an entry and click Delete to delete information about the
admin IP address. Select multiple entries and click Delete Selected to bulk
delete selected entries.
4. Editing Information About an Admin IP Address You cannot modify the name
and specified mode of an admin IP address but modify the IP address range or
port in the specified mode.
138
Web-based Configuration Guide
Network-Wide Monitoring
3.20.2 Configuring Security Zones
Note This feature is not supported on RG-EG105G-P-L. For devices that do not
support SNMP, the SNMP service cannot be disabled in a LAN zone.
A security zone is a logical zone consisting of a group of systems that trust
each other and share the same security protection requirements. Generally, a
security zone consists of a group of interfaces. Networks formed by interfaces
in the same security zone share the same security attributes. Each interface
can only belong to one security zone.
139
Web-based Configuration Guide
Network-Wide Monitoring
Up to eight security zones can be added. Pre-defined security zones include:
Pre-defined LAN zone: By default, all VLANs are mapped to the pre-defined LAN
zone. Pre-defined WAN zone: By default, all WAN interfaces are mapped to the
pre-defined WAN zone. Choose Security > Local Security > Security Zone.
(1) Click Add. (2) Configure parameters for the security zone.
140
Web-based Configuration Guide
Network-Wide Monitoring
Table 3-37 Description of Security Zone Configuration Parameters
Parameter
Description
Name
Name of the security zone.
Network Interface
Interfaces mapped to the security zone, including LAN and WAN. LAN refers to VLAN, and WAN refers to WAN interfaces. Note: After a new security zone is created and VLANs or WAN interfaces are mapped to this new security zone, the VLANs or WAN interfaces will be removed from the pre-defined LAN zone or pre- defined WAN zone.
Accessible Security Zones
Other security zones to which this security zone can access.
Authorized Security Zones
Other security zones that can access this security zone.
Disabled Service
Services disabled for the security zone.
(3) Click OK.
3.20.3 Configuring Session Attack Prevention
1. Overview
Session Attack Prevention In a session attack, an attacker sends heavy traffic
to the device. In this case, the device has to consume many resources when
creating connections. To reduce the impact of the attack, you can limit the
rate of creating sessions.
Flood Attack Prevention In a flood attack, an attacker sends tremendous
abnormal packets to a device. As a result, the device uses a large amount of
resources to handle the packets. This causes the device performance to
deteriorate or the system to break down. If the value of TCP SYN and other TCP
Flood parameters is too small, the authentication function and access to local
web pages will be affected. If the value of UDP Flood parameter is too small,
the DHCP address allocation, DNS domain name resolution, and VPN
functionalities will be affected. You are advised to set the value to be
greater than the load capacity of the local device.
Suspicious Packet Attack Prevention In a suspicious packet attack, an attacker
sends tremendous error packets to the device. When the host or server handles
the error packets, its system will crash.
2. Configuring Session Attack Prevention
Choose Local Device > Security > Security Domain > Attack Defense. (1) Enable
Anti Session Attack.
141
Web-based Configuration Guide
Network-Wide Monitoring
(2) Configure the session creation rate limit, including global and per-IP values. (3) Click Save. 3. Configuring Flood Attack Prevention Choose Local Device > Security > Local Security > Attack Defense. (1) Select required attack prevention types and enable this feature.
(2) Configure rate limiting. (3) Click Save. 4. Configuring Suspicious Packet
Attack Prevention Choose Local Device > Security > Local Security > Attack
Defense. (1) Select required attack prevention types and validity check types
to enable this feature.
(2) To enable large ping attack prevention, enter the packet length. (3) Click
Save. 5. Configuring Packet Receiving and Sending Control Choose Local Device
Security > Security Domain > Attack Defense. (1) Select the packet types that are prohibited from being sent by the device. Select at least one packet type.
Enable Disable ICMP Error Messages. You can select ICMP Timeout, Destination Unreachable, Redirection, and Parameter. 142
Web-based Configuration Guide
Network-Wide Monitoring
Enable Disable ICMPv6 Error Message. You can select Destination Unreachable,
Datagram too Big, Time Exceeded, and Parameter Problem.
(2) Click Save.
3.20.4 Checking the Security Log
Choose Local Device > Security > Security Domain >Security Log. Check defense
results of the device against various attacks on the Security Log page.
3.21 Configuring TTL Rules
3.21.1 Overview
Time to live (TTL) aims to prevent unauthorized connections. It limits the
number of devices that can transmit data packets in the network by limiting
the existence time of the data packets in the computer network, so as to
prevent infinite transmission of data packets in the network and the waste of
resources. When TTL is set to 1 and is valid for LANs, packets are directly
discarded when passing through the next router. If a user connects a router to
Ruijie device without permission and connects a client to the router, packets
cannot pass through the client, either. This restriction prevents users from
connecting routers without
References
- baidu.com
- 百度一下
- csm
- csm
- Ruijie Community
- Ruijie Community
- Support Center - Ruijie Reyee
- 百度一下
- Ruijie Reyee - Redefine your easy network
- Twilio Cloud Communications | Web Service API for building Voice and SMS Applications