ok AR-5381u ADSL2+ WLAN Router User Manual Version A2.
Preface This manual provides information related to the installation and operation of this device. The individual reading this manual is presumed to have a basic understanding of telecommunications terminology and concepts. If you find the product to be inoperable or malfunctioning, please contact technical support for immediate service by email at INT-support@comtrend.com For product update, new product release, manual revision, or software upgrades, please visit our website at http://www.comtrend.
Copyright Copyright© 2012 Comtrend Corporation. All rights reserved. The information contained herein is proprietary to Comtrend Corporation. No part of this document may be translated, transcribed, reproduced, in any form, or by any means without the prior written consent of Comtrend Corporation.
Table of Contents CHAPTER 1 INTRODUCTION...........................................................................................................6 1.1 FEATURES ........................................................................................................................................6 1.2 APPLICATION ...................................................................................................................................7 CHAPTER 2 INSTALLATION.........................................
.9.1 Default Gateway .............................................................................................................77 5.9.2 Static Route.....................................................................................................................78 5.9.3 Policy Routing ................................................................................................................79 5.9.4 RIP...............................................................................................
APPENDIX F - PRINTER SERVER................................................................................................
Chapter 1 Introduction The AR-5381u is an 802.11n (300Mbps) Wireless ADSL2+ router. AR-5381u has four 10/100 Base-T Ethernet ports, a Wi-Fi Protected Setup (WPS) button and a Wi-Fi switch button, one USB Host, and is backward compatible with existing 802.11b (11Mbps) and 11g (54bps) equipment. The AR-5381u ADSL2+ router also provides state of the art security features such as 64/128 bit WEP encryption and WPA/WPA2 encryption, Firewall, and VPN pass through.
1.2 Application The following diagram depicts a typical application of the AR-5381u.
Chapter 2 Installation 2.1 Hardware Setup Follow the instructions below to complete the hardware setup. BACK PANEL The figure below shows the back panel of the device. ADSL Connect to the ADSL port with the ADSL RJ11 cable. Ethernet (LAN) Ports You can connect the router to up to four LAN devices using RJ45 cables. The ports are auto-sensing MDI/X and either straight-through or crossover cable can be used. USB Host Port (Type A) This port can be used to connect the router to the print server.
FRONT PANEL The Wi-Fi & WPS buttons are located on the bottom-left of the front panel, as shown. WiFi Switch Press this button to enable/disable the wireless LAN (WLAN). WPS Button Press this button to begin searching for WPS clients.
6.2.1 WPS for instructions).
2.2 LED Indicators The front panel LED indicators are shown below and explained in the following table. This information can be used to check the status of the device and its connections. LED Color Green POWER Green Function On The device is powered up. Off The device is powered down. Blink Red ETH 1X-4X Mode Upgrade is in process. On POST (Power On Self Test) failure or other malfunction1. On An Ethernet Link is established. Off An Ethernet Link is not established.
Green INTERNET Red On IP connected and no traffic detected 2. Off Modem power off or modem in bridged mode. Blink IP connected and IP Traffic is passing thru the device (either direction). On Device attempted to become IP connected and failed (no DHCP response, no PPPoE response, PPPoE authentication failed, no IP address from IPCP, etc.). 1 A malfunction is any error of internal sequence or state that will prevent the device from connecting to the DSLAM or passing customer data.
Chapter 3 Web User Interface This section describes how to access the device via the web user interface (WUI) using an Internet browser such as Internet Explorer (version 5.0 and later). 3.1 Default Settings The factory default settings of this device are summarized below. • • • • LAN IP address: 192.168.1.1 LAN subnet mask: 255.255.255.0 Administrative access (username: root , password: 12345 ) WIFI access: enabled Technical Note During power on, the device initializes all settings to default values.
STEP 4: Click OK to submit these settings. If you experience difficulty with DHCP mode, you can try static IP mode instead.
STATIC IP MODE In static IP mode, you assign IP settings to your PC manually. Follow these steps to configure your PC IP address to use subnet 192.168.1.x. NOTE: The following procedure assumes you are running Windows XP. However, the general steps involved are similar for most operating systems (OS). Check your OS support documentation for further details.
3.3 Login Procedure Perform the following steps to login to the web user interface. NOTE: The default settings can be found in 3.1 Default Settings. STEP 1: Start the Internet browser and enter the default IP address for the device in the Web address field. For example, if the default IP address is 192.168.1.1, type http://192.168.1.1. NOTE: For local administration (i.e. LAN access), the PC running the browser must be attached to the Ethernet, and not necessarily to the device. For remote access (i.e.
STEP 3: After successfully logging in for the first time, you will reach this screen.
Chapter 4 Device Information The web user interface window is divided into two frames, the main menu (at left) and the display screen (on the right). The main menu has several options and selecting each of these options opens a submenu with more selections. NOTE: The menu items shown are based upon the configured connection(s) and user account privileges. For example, if NAT and Firewall are enabled, the main menu will display the NAT and Security submenus.
4.1 WAN Select WAN from the Device Info submenu to display the configured PVC(s). Heading Description Interface Name of the interface for WAN Description Name of the WAN connection Type Shows the connection type VlanMuxId Shows 802.
4.2 Statistics This selection provides LAN, WAN Service, XTM and xDSL statistics. NOTE: 4.2.1 These screens are updated automatically every 15 seconds. Click Reset Statistics to perform a manual update. LAN Statistics This screen shows data traffic statistics for each LAN interface.
4.2.2 WAN Service Statistics This screen shows data traffic statistics for each WAN interface.
4.2.3 xTM Statistics The following figure shows Asynchronous Transfer Mode (xTM) statistics.
4.2.4 xDSL Statistics The xDSL Statistics screen displays information corresponding to the xDSL type. ADSL Click the Reset Statistics button to refresh this screen. Field Description Mode G.Dmt, G.lite, T1.
Field Description Status Lists the status of the DSL link Link Power State Link output power state. Line Coding (Trellis) Trellis On/Off SNR Margin (0.1 dB) Signal to Noise Ratio (SNR) margin Attenuation (0.1 dB) Estimate of average loop attenuation in the downstream direction. Output Power (0.1 dBm) Total upstream output power Attainable Rate (Kbps) The sync rate you would obtain. Rate (Kbps) Current sync rates downstream/upstream In ADSL2+ mode, the following section is inserted.
Data Cells Total number of ATM data cells Bit Errors Total number of bit errors Total ES Total Number of Errored Seconds Total SES Total Number of Severely Errored Seconds Total UAS Total Number of Unavailable Seconds xDSL BER TEST Click xDSL BER Test on the xDSL Statistics screen to test the Bit Error Rate (BER). A small pop-up window will open after the button is pressed, as shown below. Click Start to start the test or click Close to cancel the test.
xDSL GRAPH Click Draw Graph on the xDSL Statistics screen and a pop-up window will display the xDSL bits per tone status, SNR, QLN and Hlog of the current xDSL connection, as shown below.
4.3 Route Choose Route to display the routes that the AR-5381u-NA2 has found. Field Description Destination Destination network or destination host Gateway Next hub IP address Subnet Mask Subnet Mask of Destination Flag U: route is up !: reject route G: use gateway H: target is a host R: reinstate route for dynamic routing D: dynamically installed by daemon or redirect M: modified from routing daemon or redirect Metric The 'distance' to the target (usually counted in hops).
4.4 ARP Click ARP to display the ARP information.
4.5 DHCP 4.5.1 DHCPv4 Click DHCPv4 to display all DHCPv4 Leases.
4.5.1 DHCPv6 Click DHCPv6 to display all DHCPv6 Leases.
4.6 NAT Session Press "Show All" will show all NAT session information. Pressing "Show Less" will show NAT session information on the WAN side only.
4.7 IGMP Proxy Displays a list of IGMP Proxy entries.
4.8 IPv6 4.8.
4.8.2 IPv6 Neighbor Provides a list of IPv6 devices found in the network.
4.8.
Chapter 5 Advanced Setup 5.1 Layer 2 Interface The ATM interface screen is described here. 5.1.1 ATM Interface Add or remove ATM interface connections here. Click Add to create a new ATM interface (see Appendix E - Connection Setup). NOTE: Up to 16 ATM interfaces can be created and saved in flash memory. To remove a connection, select its Remove column radio button and click Remove. 5.1.2 PTM Interface Add or remove PTM interface connections here.
5.1.3 ETH INTERFACE This screen displays the Ethernet WAN Interface configuration. Click Add to create a new connection (see Appendix E - Connection Setup). NOTE: One Ethernet WAN interface can be created and saved in flash memory. To remove a connection, select its Remove column radio button and click remove.
5.2 WAN Service This screen allows for the configuration of WAN interfaces. Click the Add button to create a new connection. For connections on ATM or ETH WAN interfaces see Appendix E - Connection Setup. NOTE: In Default Mode, up to 16 WAN connections can be configured; while VLAN Mux Connection Mode supports up to 16 WAN connections. To remove a connection, select its Remove column radio button and click Remove.
5.3 LAN Configure the LAN interface settings and then click Apply/Save. Consult the field descriptions below for more details. GroupName: Select an Interface Group. 1st LAN INTERFACE IP Address: Enter the IP address for the LAN port. Subnet Mask: Enter the subnet mask for the LAN port. Enable IGMP Snooping: Enable by ticking the checkbox . Standard Mode: In standard mode, multicast traffic will flood to all bridge ports when no client subscribes to a multicast group – even if IGMP snooping is enabled.
Blocking Mode: In blocking mode, the multicast data traffic will be blocked and not flood to all bridge ports when there are no client subscriptions to any multicast group. Enable LAN side firewall: Enable by ticking the checkbox . DHCP Server: To enable DHCP, select Enable DHCP server and enter Start and End IP addresses and the Leased Time. This setting configures the router to automatically assign IP, default gateway and DNS server addresses to every PC on your LAN.
IP Address: Enter the secondary IP address for the LAN port. Subnet Mask: Enter the secondary subnet mask for the LAN port. Ethernet Media Type: Configure auto negotiation, or enforce selected speed and duplex mode for each Ethernet port.
5.3.1 LAN IPv6 Autoconfig Configure the LAN interface settings and then click Apply/Save. Consult the field descriptions below for more details.
LAN IPv6 Link-Local Address Configuration Heading Description EUI-64 Use EUI-64 algorithm to calculate link-local address from MAC address User Setting Use the Interface Identifier field to define a link-local address Static LAN IPv6 Address Configuration Heading Description Interface Address (prefix length is required): Configure static LAN IPv6 address and subnet prefix length IPv6 LAN Applications Heading Description Stateless Use stateless configuration Refresh Time (sec): The information
To remove an entry, tick the corresponding checkbox in the Remove column and then click the Remove Entries button, as shown below.
5.3.2 Static IP Neighbor Click the Add button to display the following.
5.4 Auto-Detection The auto-detection function is used for CPE to detect WAN service for either ETHWAN or xDSL interface. The feature is designed for the scenario that requires only one WAN service in different applications. Tick the Checkbox to display the following. Enter the given PPP username/password and pre-configure service list for auto-detection. After that, clicking "Apply/Save" will activate the auto-detect function.
5.
4.5.1 DHCPv6 Click DHCPv6 to display all DHCPv6 Leases.
4.6 NAT Session Press "Show All" will show all NAT session information. Pressing "Show Less" will show NAT session information on the WAN side only.
4.7 IGMP Proxy Displays a list of IGMP Proxy entries.
4.8 IPv6 4.8.
4.8.2 IPv6 Neighbor Provides a list of IPv6 devices found in the network.
4.8.
- . NAT is not an available option in Bridge mode. 5.5.1 Virtual Servers Virtual Servers allow you to direct incoming traffic from the WAN side (identified by Protocol and External port) to the internal server with private IP addresses on the LAN side. The Internal port is required only if the external port needs to be converted to a different port number used by the server on the LAN side. A maximum of 32 entries can be configured. To add a Virtual Server, click Add. The following will be displayed.
Consult the table below for field and header descriptions. Field/Header Description Use Interface Select a WAN interface from the drop-down box. Select a Service Or Custom Service User should select the service from the list. Or User can enter the name of their choice. Server IP Address Enter the IP address for the server. External Port Start Enter the starting external port number (when you select Custom Server). When a service is selected, the port ranges are automatically configured.
5.5.2 Port Triggering Some applications require that specific ports in the firewall be opened for access by the remote parties. Port Triggers dynamically 'Open Ports' in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the 'Triggering Ports'. The Router allows the remote party from the WAN side to establish new connections back to the application on the LAN side using the 'Open Ports'. A maximum 32 entries can be configured.
Field/Header Description Use Interface Select a WAN interface from the drop-down box. Select an Application Or Custom Application User should select the application from the list. Or User can enter the name of their choice. Trigger Port Start Enter the starting trigger port number (when you select custom application). When an application is selected, the port ranges are automatically configured. Trigger Port End Enter the ending trigger port number (when you select custom application).
5.5.3 DMZ Host The DSL router will forward IP packets from the WAN that do not belong to any of the applications configured in the Virtual Servers table to the DMZ host computer. To Activate the DMZ host, enter the DMZ host IP address and click Save/Apply. To Deactivate the DMZ host, clear the IP address field and click Save/Apply.
5.5.4 IP Address Map Mapping Local IP (LAN IP) to some specified Public IP (WAN IP). Consult the table below for field and header descriptions. Field/Header Description Rule The number of the rule Type Mapping type from local to public. Local Start IP The beginning of the local IP Local End IP The ending of the local IP Public Start IP The beginning of the public IP Public End IP The ending of the public IP Remove Remove this rule Click the Add button to display the following screen.
Select a Service, then click the Save/Apply button.
5.5.5 IPSEC ALG IPSEC ALG provides multiple VPN passthrough connection support, allowing different clients on LAN side to establish a secured IP Connection to the WAN server. To enable IPSEC ALG, tick the checkbox and click the Save button.
5.5.6 SIP ALG This page allows you to enable / disable SIP ALG.
5.6 Security To display this function, you must enable the firewall feature in WAN Setup. For detailed descriptions, with examples, please consult Appendix A - Firewall. 5.6.1 IP Filtering This screen sets filter rules that limit IP traffic (Outgoing/Incoming). Multiple filter rules can be set and each applies at least one limiting condition. For individual IP packets to pass the filter all conditions must be fulfilled. NOTE: This function is not available when in bridge mode. Instead, 5.6.
Consult the table below for field descriptions. Field Description Filter Name The filter rule label. IP Version IPv4 selected by default. Protocol TCP, TCP/UDP, UDP, or ICMP. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range.
Consult the table below for field descriptions. Field Description Filter Name The filter rule label IP Version IPv4 selected by default. Protocol TCP, TCP/UDP, UDP, or ICMP. Policy Permit/Drop packets specified by the firewall rule. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range.
5.6.2 NOTE: MAC Filtering This option is only available in bridge mode. Other modes use 5.6.1 IP Filtering to perform a similar function. Each network device has a unique 48-bit MAC address. This can be used to filter (block or forward) packets based on the originating device. MAC filtering policy and rules for the AR-5381u can be set according to the following procedure. The MAC Filtering Global Policy is defined as follows.
Consult the table below for detailed field descriptions. Field Description Protocol Type PPPoE, IPv4, IPv6, AppleTalk, IPX, NetBEUI, IGMP Destination MAC Address Defines the destination MAC address Source MAC Address Defines the source MAC address Frame Direction Select the incoming/outgoing packet interface WAN Interfaces Applies the filter to the selected bridge interface.
5.7 Parental Control This selection provides WAN access control functionality. 5.7.1 Time Restriction This feature restricts access from a LAN device to an outside network through the device on selected days at certain times. Make sure to activate the Internet Time server synchronization as described in 8.5 Internet Time, so that the scheduled times match your local time. Click Add to display the following screen. See below for field descriptions. Click Apply/Save to add a time restriction.
User Name: A user-defined label for this restriction. Browser's MAC Address: MAC address of the PC running the browser. Other MAC Address: MAC address of another LAN device. Days of the Week: The days the restrictions apply. Start Blocking Time: The time the restrictions start. End Blocking Time: The time the restrictions end. 5.7.2 URL Filter This screen allows for the creation of a filter rule for access rights to websites based on their URL address and port number.
A maximum of 100 entries can be added to the URL Filter list. Tick the Exclude radio button to deny access to the websites listed. Tick the Include radio button to restrict access to only those listed websites.
5.8 Quality of Service (QoS) NOTE: QoS must be enabled in at least one PVC to display this option. (See Appendix E - Connection Setup for detailed PVC setup instructions). 5.8.1 Queue Management Configuration To Enable QoS tick the checkbox and select a Default DSCP Mark. Click Apply/Save to activate QoS.
5.8.2 Queue Configuration This function follows the Differentiated Services rule of IP QoS. You can create a new Queue entry by clicking the Add button. Enable and assign an interface and precedence on the next screen. Click Save/Reboot on this screen to activate it. Click Enable to activate the QoS Queue. Click Add to display the following screen.
Name: Identifier for this Queue entry. Enable: Enable/Disable the Queue entry. Interface: Assign the entry to a specific network interface (QoS enabled).
5.8.3 QoS Classification The network traffic classes are listed in the following table. Click Add to configure a network traffic class rule and Enable to activate it. To delete an entry from the list, click Remove. This screen creates a traffic class rule to classify the upstream traffic, assign queuing priority and optionally overwrite the IP header DSCP byte. A rule consists of a class name and at least one logical condition.
Field Description Traffic Class Name Enter a name for the traffic class. Rule Order Last is the only option. Rule Status Disable or enable the rule. Classification Criteria Class Interface Select an interface (i.e. Local, eth0-4, wl0) Ether Type Set the Ethernet type (e.g. IP, ARP, IPv6). Source MAC Address A packet belongs to SET-1, if a binary-AND of its source MAC address with the Source MAC Mask is equal to the binary-AND of the Source MAC Mask and this field.
Field Description Destination MAC Address A packet belongs to SET-1 then the result that the Destination MAC Address of its header binary-AND to the Destination MAC Mask must equal to the result that this field binary-AND to the Destination MAC Mask. Destination MAC Mask This is the mask used to decide how many bits are checked in Destination MAC Address. Classification Results Specify Class Queue Select corresponding queue to deliver outgoing traffic.
5.9 Routing These following routing functions are accessed from this menu: Default Gateway, Static Route, Policy Routing and RIP. NOTE: 5.9.1 In bridge mode, the RIP menu option is hidden while the other menu options are shown but ineffective.
5.9.2 Static Route This option allows for the configuration of static routes by destination IP. Click Add to create a static route or click Remove to delete a static route. After clicking Add the following screen will display. Input the Destination IP Address, select the interface type, Input the Gateway IP, (and the Metric number if required). Then, click Apply/Save to add an entry to the routing table.
5.9.3 Policy Routing This option allows for the configuration of static routes by policy. Click Add to create a routing policy or Remove to delete one. On the following screen, complete the form and click Apply/Save to create a policy.
5.9.4 RIP To activate RIP, configure the RIP version/operation mode and select the Enabled checkbox for at least one WAN interface before clicking Save/Apply.
5.10 DNS 5.10.1 DNS Server Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered.
5.10.2 Dynamic DNS The Dynamic DNS service allows you to map a dynamic IP address to a static hostname in any of many domains, allowing the AR-5381u to be more easily accessed from various locations on the Internet. To add a dynamic DNS service, click Add. The following screen will display.
Consult the table below for field descriptions.
5.10.3 DNS Entries The DNS Entry page allows you to add domain names and IP address desired to be resolved by the DSL router. Choose Add or Remove to configure DNS Entry. The entries will become active after save/reboot. Enter the domain name and IP address that needs to be resolved locally, and click the Add Entry button.
5.11 DSL The DSL Settings screen allows for the selection of DSL modulation modes. For optimum performance, the modes selected should match those of your ISP. DSL Mode Data Transmission Rate - Mbps (Megabits per second) G.Dmt Downstream: 12 Mbps Upstream: 1.3 Mbps G.lite Downstream: 4 Mbps Upstream: 0.5 Mbps T1.413 Downstream: 8 Mbps Upstream: 1.0 Mbps ADSL2 Downstream: 12 Mbps AnnexL Supports longer loops but with reduced transmission rates ADSL2+ Downstream: 24 Mbps Upstream: 1.
DSL Mode Data Transmission Rate - Mbps (Megabits per second) SRA Enable Enables Seamless Rate Adaptation (SRA) DSL LED behavior Normal (TR-68 compliant) – DSL LED blink/on/off following TR-68 standard Off – always turn off DSL LED G997.1 EOC xTU-R Serial Number Select Equipment Serial Number or Equipment MAC Address to use router’s serial number or MAC address in ADSL EOC messages Advanced DSL Settings Click Advanced Settings to reveal additional options.
5.12 UPnP Select the checkbox provided and click Apply/Save to enable UPnP protocol.
5.13 DNS Proxy/Relay DNS proxy receives DNS queries and forwards DNS queries to the Internet. After the CPE gets answers from the DNS server, it replies to the LAN clients. Configure DNS proxy with the default setting, when the PC gets an IP via DHCP, the domain name, Home, will be added to PC’s DNS Suffix Search List, and the PC can access route with “Comtrend.Home”.
5.14 Print Server The AR-5381u can provide printer support through an optional USB2.0 host port. If your device has this port, refer to Appendix F - Printer Server for detailed setup instructions.
5.15 DLNA Enabling DLNA allows users to share digital media, like pictures, music and video, to other LAN devices from the digital media server.
5.16 Storage Service Enabling Samba service allows the user to share files on the storage device. Different levels of user access can be configured after samba security mode is enabled. This page also displays storage devices attached to USB host. Display after storage device attached (for your reference).
92
5.17 Interface Grouping Interface Grouping supports multiple ports to PVC and bridging groups. Each group performs as an independent network. To use this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Add button. The Remove button removes mapping groups, returning the ungrouped interfaces to the Default group. Only the default group has an IP interface. To add an Interface Group, click the Add button. The following screen will appear.
Automatically Add Clients With Following DHCP Vendor IDs: Add support to automatically map LAN interfaces to PVC's using DHCP vendor ID (option 60). The local DHCP server will decline and send the requests to a remote DHCP server by mapping the appropriate LAN interface. This will be turned on when Interface Grouping is enabled.
For example, imagine there are 4 PVCs (0/33, 0/36, 0/37, 0/38). VPI/VCI=0/33 is for PPPoE while the other PVCs are for IP set-top box (video). The LAN interfaces are ENET1, ENET2, ENET3, and ENET4. The Interface Grouping configuration will be: 1. Default: ENET1, ENET2, ENET3, and ENET4. 2. Video: nas_0_36, nas_0_37, and nas_0_38. The DHCP vendor ID is "Video". If the onboard DHCP server is running on "Default" and the remote DHCP server is running on PVC 0/36 (i.e. for set-top box use only).
5.18 IP Tunnel 5.18.1 IPv6inIPv4 Configure 6in4 tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. Click the Add button to display the following.
Options Description Tunnel Name Input a name for the tunnel Mechanism Mechanism used by the tunnel deployment Associated WAN Interface Select the WAN interface to be used by the tunnel Associated LAN Interface Select the LAN interface to be included in the tunnel Manual/Automatic Select automatic for point-to-multipoint tunneling / manual for point-to-point tunneling IPv4 Mask Length The subnet mask length used for the IPv4 interface 6rd Prefix with Prefix Length Prefix and prefix length used
5.18.2 IPv4inIPv6 Configure 4in6 tunneling to encapsulate IPv4 traffic over an IPv6-only environment. Click the Add button to display the following.
Options Description Tunnel Name Input a name for the tunnel Mechanism Mechanism used by the tunnel deployment Associated WAN Interface Select the WAN interface to be used by the tunnel Associated LAN Interface Select the LAN interface to be included in the tunnel Manual/Automatic Select automatic for point-to-multipoint tunneling / manual for point-to-point tunneling AFTR Address of Address Family Translation Router 99
5.19 IPSec You can add, edit or remove IPSec tunnel mode connections from this page. Click Add New Connection to add a new IPSec termination rule. The following screen will display.