User Manual
Contents
1. Service TE IP 492 168 19 to tele B ngg a paa Mini Rate veer Max Rate Kbissc Bandwidth Share total bandwidth with al F addresses ical Li Assign bandwidth for each IP address Ze Ze Let Select on which WAN the QoS rule should be executed It can be a Interface Single selection or multiple selections Service Select what bandwidth control is to be configured in the QoS rule If the bandwidth for all services of each IP is to be controlled select All TCP amp UDP 1 65535 If only FTP uploads or downloads need to be controlled select FTP Port 21 21 Refer to the Default Service Port 24 d SE Daon D F r d o Hd wm i ik i AJ hi A kaal il V i A your future life IP Direction Mini Rate amp Max Rate Kbit Sec Bandwidth Sharing 3WAN 1LAN Small Scale Multi WAN QoS Router Number List This is to select which user is to be controlled If only a single IP is to be restricted input this IP address such as 192 168 1 100 to 100 The rule will control only the IP 192 168 1 100 If an IP range is to be controlled input the range such as 192 168 1 100 150 The rule will control IPs from 192 168 1 100 to 150 If all Intranet users that connect with the device are to be controlled input 0 in the boxes of IP address This means all Intranet IPs will be restricted QoS can also control the range of Class B Upstr2. Firewall gt Access Rule KS Services Action Allow Service All Traffic TCPAUDP 1 65535 E Service Management Log mot loe SOURCE Interface Lan el Source IP Single zl III IT Destination IP Single zl LI Eg S scheduling Apply this rule always T w IT 24 Hour Formati E Everyday Fo sun D mon D Tue D wegl mhu D gut sat Action This allows setting the rule under control Allow Permits the pass of packets compliant with this control rule Deny Prevents the pass of packets not compliant with this control rule Service From the drop down menu select the service that users grant or do not give permission Service Management If the service that users wish to manage does not exist in the drop down menu press Service Management to add the new service From the pop up window enter a service name and communications protocol and port and then click the Add to list button to add the new service 57 d a ee H zeg F A a LA your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Source Interface Source IP Destination Scheduling Apply this rule _to Day Control Select the source port whether users are permitted or not for example LAN WAN1 WAN2 WANS or Any Select from the drop down menu Select the source IP range for example Any Single Range or preset IP group name If Single or Range is selected please enter a s
3. Access Rule Saw Jump to oF 2 page Io H entries per page Next page gt Priority Enable Action Service E OUrce Destination Time IR Deny TCP 445 S Any Any Always IR Deny UDF 135 Any Any Always E Deny TCP 135 j Any Any Always F o Allow Al Traffic 1 LAM Any Any Always RI Deny All Trattic 1 VAN Any Any Always hdd Hew Rule Restore to Default Rules 74 d gt WW sa a IN H d Bessa your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 3 ARP virus attack prevention 1 ARP Issue and Information Recently many cyber cafes in China experienced disconnection partially or totally fora Short period of time but connection is resumed quickly This is caused by the clash with MAC address When virus contained MAC mirrors to such NAT equipments as host devices there is complete disconnection within the network If it mirrors to other devices of the network only devices of this affected network have problems This happens mostly to legendary games especially those with private servers Evidently the network is attacked by ARP which aims to crack the encryption method By doing so they hackers may intercept the packet data and user information through the analysis of the game s communication protocol Through the spread of this virus the detailed information of the game players within the local network can be obtained Their account and information are stolen The following desc
4. Java Cookies Active X and HTTP Proxy access 54 d Ae gt ae y Wa l At H P f Qil ik hi id H K We sal Be 3WAN 1LAN Small Scale Multi WAN QoS Router Don t block If this option is activated users can add trusted Java ActiveX Cookies Proxy to network or IP address into the trust domain and it Trusted Domains will not block items such as Java Activex Cookies contained in the web pages from the trust domains After modification press Apply to save the network settings or press Cancel to keep the settings unchanged 6 2 Access Rule The device has a user friendly network access regulatory tool Administratorrs may define network access rules for different users and conditions Network access rule follows IP address destination IP address and IP communications protocol status to manage the network packet traffic and make sure whether their access is allowed by the firewall They can select to enable disable the network so as to protect all internet access The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default All traffic from the LAN to the DMZ is allowed by default All traffic from the DMZ to the LAN is denied by default All traffic from the WAN to the DMZ is allowed by default All traffic from the DMZ to the WAN is allowed by default Users may define access ru
5. Sent Bytes 27509358 E9820 4454388 0 Total Bytes 55689010 69870 50607246 0 Received Bytes Sec 134 D 354 0 Sent Bieser E 0 KE 0 Error Packets Received d o 0 0 Dropped Packets 5 o J r Recewed Se H 16 0 New Sessions Se g 0 Upateeser Bandwidth s J 5 Usage Downstream Bandwidth o J 5 Usage 7 3 Traffic Statistic Six messages will be displayed on the Traffic Statistic page to provide better traffic management and control Log gt Traffic Statistic Traffic Type Inbound IF Source Address D Source ID 192 168 1 100 bytes sec 20 100 d I me zg J ul LS 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Inbound IP Address The figure displays the source IP address bytes per second and percentage Traffic Type Inbound IF Source Address Source IP bytes sec Dh 192 168 1 100 BS 100 Outbound IP Address The figure displays the source IP address bytes per second and percentage Traffic Type Sutbound IF Source Address Source IP bytes sec e 192 168 1100 D 100 Inbound Service The figure displays the network protocol type destination IP address bytes per second and percentage Traffic Type Inbound IF Service Protocol Dest Port bytes sec SC TCP 447 25 100 Outbound Service Ports The figure displays the network protocol type destination IP address bytes per second and percentage Traffic Type Outbound I
6. all the lines that this user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made until the delay time ends The important services or IPs in a company or business can be configured to be free of the Connection Restriction Rule Select a Service Port to be free of the connection rule Add IP addresses Groups that are free from restriction Activate the added rule Add the rule into the list After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change There are two options for QoS one is Rate Control the other is Priority Control The two kinds of management cannot be used at the same time Network administrators must choose one or the other based on the Intranet needs 23 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Rate Control The network administrator can set up bandwidth or usage limitations for each IP or IP range according to the actual bandwidth The network administrator can also set bandwidth control for certain Service Ports A guarantee bandwidth control for external connections can also be configured if there is an internal server Quality of Service Type Rate Control Priority Interface Mi want kl wane lwana i Treffic TCPRUDP 1 63525 w Service Management
7. it will automatically send out the log mail Set the interval of sending the log and the default is set to 10 minutes Reaching this defined number it will automatically send out the Mail log The device will detect which parameter either entries or intervals reaches the threshold first and send the log message of that parameter to the user Users may send out the log right away by pressing this button Below is two button for log inqury View System Log This option allows users to view system log The message content can be read online via the device They include All System and Firewall Log Click Refresh button for updating new logs and Click Clear button for clearing all log messages which is illustrated as below 64 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life atem log Windows Intemet E ple irer S http 1193 168 1 Tiye Joe bie system Log Current Time Thu Aug 21 20 08 38 2008 at CH Time Event Type Message Jan 1 00 00 08 est Broadband Router System isup FVROBO 1 5 2 03 qno4 dando i KOR 10 dhcoped 1 35 timed out waiting torawalid DHCP Server response Jan 1 00 01 43 ECH Ia connection if up 710231D09 21200 2 255 0 ow 192 168 31 on eth Aug 21 18 09 46 dheped 1 35 terminating on signal 15 f Aug 21 16 09 49 Seen 25 MANT connection is down Aug 21 16 09 50 Svs 129 WAND connection e down Aug 21 16 09 52 EEN WA connection is up 190 168 31299
8. By Session is selected the WAN bandwidth will automatically allocate connections based on session number to achieve network load balance IP Session Balance If By IP is selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve network load balance Note For either session balancing or IP connection balancing collocation with Protocol Binding will provide a more flexible application for bandwidth Users can assign a specific Intranet IP to go through a specific service provider for connection or assign an IP for a specific destination to go through the WAN users assign to connect with the Internet For example if users want to assign IP 192 168 1 100 to go through WAN 1 when connecting with the Internet or assign all Intranet IP to go through WAN 2 when connecting with servers with port 80 or assign all Intranet IP to go through WAN 1 when connecting with IP 211 1 1 1 users can do that by configuring Protocol Binding Attention When the Auto Load Balance mode is collocated with Protocol Binding only IP addresses or servers that are configured in the connection rule will follow the rule for external connections those which are not configured in the rule will still follow the device Auto Load Balance system Please refer to the explanations in 6 2 3 Configuring Protocol Binding for setting up Protocol Binding and for examples of collocating router modes with Protocol
9. field and IP that are currently used by this port will be displayed Source IP 192 166 1100 192 166 1100 192 166 1100 192 166 1100 Protocol TCP TCP TCP TCP Specific Dot status for Port source Port Interface AH 2402 2401 2144 21435 WAN WAM WAR WAN Log gt Specific IP Port status Port 442 Search Dest IP 192 168 3 10 192 168 3 10 192 168 3 10 192 168 3 10 Dest Port 443 443 443 443 Downstream Upstream BytesiSec Bytes Sec 15 4 4 ER 0 T 0 0 70 GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 8 Logout On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the IP address user name and password to log in 71 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Appendix 1 Troubleshooting 1 Block Basic BT Download Method To block BT and prevent downloading by users go to the Firewall gt Content Filter and select Enable Website Block by Keywords followed by the input of torrent This will prevent the users from downloading Firewall gt Content Filter os Ce Block Forbidden Domains O Accept Allowed Domains L Forbidden Domains Enabled h Enable Website Blocking by Keywords Website Blocking by Keywords Keywords Ade torrent Update this Ke
10. for limited network resources Users don t have to spend extra money on getting more bandwidth Also if downloading oppupies the bandwidth administrator can choose rate control or priority for managing the bandwdith Except private and pulic IP translation Network Address Translation NAT can allow many users have Internet access with only one public IP DHCP support Class C IPs Users can plan and manage the network environment by applying IP amp MAC binding In addtion the device includes One to One NAT to meet the demand for intranet server setup Through management tools network administrators can manage the device through Web browsers At the same time from various online system logs administrators can have a clear understanding about network activities have a definite strategy for Internet access rule management This manual describs the settings and details for each feature If you are not sure about connecting the device with Internet please read Quick Installation Guide first so that you can connect the device with Internet quickly You can visit www Qno com tw for online information as well as refer to Appendix 2 Qno Tehcnical Support Information to contact FAE support gt NIC 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 2 Hardware Installation In this chapter we are going to introduce hardware interface as well as physical installation 2 1 Firewall LED Signal LED St
11. gt MAC Clone WAN User Defined WAH 1 MAC Address Jon br be jn be Is Defaut 00 1 7 16 01 FC 2F 4 MAC Address from this PC 99 20 ED 41 CB 90 User Defined WAN 1 MAC Address Users can enter the network card address manually The default MAC is the WAN MAC MAC Address from this PC Current address of MAC that is connected with this PC After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change 4 8 DHCP The device have one DHCP server with Class C IPs The default is Enabled Computers can get IPs automatically 40 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 4 8 1 DHCP Setup DHCP gt Setup M Enable DHCP Server Dynamic IP Dynamic IP 1440 Minutes Dynamic IP Range Range Start 1903 468 4 UU Range End 492 166 1 145 Dynamic IP This setting is the lease time for the IP address The default ____ Minutes is 1 440 minutes which is one day When the lease time arrives PC will ask for IP again Users can also setup the time based on requirement Range Start The default initial IP is 192 168 1 100 Users can change the IP based on requirements Range Eng The default final IP is 192 168 1 149 That is there are total 50 IPs from the default Users can change the setting with the actual requirement After the changes are completed click Ap
12. inquiry except host device B which responds to host device A when receiving this frame The MAC address of 192 168 1 1 is O0 aa 00 62 c6 09 So Host A knows the MAC address of Host B and it can send data to Host B Meanwhile it will update its ARP cache Moreover ARP virus attack can be briefly described as an internal attack to the PC which causes trouble to the ARP table of the PC In LAN IP address was transferred into the second physical address MAC address through ARP protocol ARP protocol is critical to network security ARP cheating is caused by fake IP addresses and MAC addresses and the massive ARP communications traffic will block the network The MAC address from the fake source sends ARP response attacking the high speed cache mechanism of ARP This usually happens to the cyber cafe users Some or all devices in the shop experience temporal disconnection or failure of going online It can be resolved by restarting the device however the problem repeats shortly after Cafe Administrators can use arp a command to check the ARP table If the device IP and MAC are changed it is the typical symptom of ARP virus attack Such virus program as PWSteal lemir or its transformation is worm virus of the Trojan programs affecting Windows 95 98 Me NT 2000 XP 2003 There are two attack methods affecting the network connection speed cheat on the ARP table in the device or LAN PC The former intercepts the gateway data and send
13. operation pining the LAN ip to see the packet loss Enter the ping 192 168 1 1 Gateway IP address as illustrated eply from 192 168 1 1 bhytes 32 timetims TTL 64 eply from 192 168 1 1 bhytes 32 timetims TITL 64 equest timed out equest timed out equest timed out equest timed out eply From 192 168 1 1 bytes 32 time lt ims eply From 192 168 1 1 bytes 32 time lt ims If there are cases of packet loss of the ping LAN IP and If later there is connection it is possible that the system is attacked by ARP To verify the situation we may judge by checking ARP table Enter the ARP a command as illustrated below Interface 192 168 1 72 Ax Internet Address Physical Address 192 168 Wl IN LU Wat Ir ki EK bg bg 19 2 168 1 43 HH 13 d3 ef h2 fc 192 168 1 252 H BF 3d 83 74 28 SWINDOWS Sustems2 gt arp a It is found that the IP of 192 168 1 1 and 192 168 252 points to the same MAC address as 00 Of 3d 83 74 28 Evidently this is a cheat by ARP 3 ARP Solution Now we understand ARP ARP cheat and attack as well as how to identify this type of attack What comes next is to find out effective prevention measures to stop the network from being attacked The general solution provided by Qno can be divided into the following three options 77 d WING 3WAN 1LAN Small Scale Multi WAN QoS Router a Enable Prevent ARP Virus Attack Enter the device IP address to log in the
14. s all connection for 1 minuts Exempted Service Port or IP Address amr rerfeses Service Management Source IP bas pes p 1 P va fics ft fe Enable _ Service Add to list elete seleeted application Disable Disable Session Control function Single IP cannot This option enables the restriction of maximum exceed session external connections to each Intranet PC When the number of external connections reaches the limit to allow new connections to be built some of the existing connections must be closed For example when BT or P2P is being used to download information and the connections exceed the limit the user will be unable to Zo d s d T em 5 D WW hi If f P Qi J Ri E 9 your future life When Single IP exceed session Exempted Service Port or Address Service Source IP Enable Add to list IP 3WAN 1LAN Small Scale Multi WAN QoS Router connect with other services until either BT or P2P is closed block this IP to add new session for 7 minuts If this function is selected when the user s port connection reach the limit this user will not be able to make a new connection for five minutes Even if the previous connection has been closed new connections cannot be made until the setting time ends Cc block this IP s all connection for minuts If this function is selected when the user s port connections reach the limit
15. users may enter www abc com and press Go to start the test The result will be displayed on this page DHS Hame Lookup Cc Ping Look up the name Gel Ping Packet Delivery Reception Test DHS Name Lookup fe Ping Ping host or IP address Gel This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192 168 5 20 Press Go to start the test The result will be displayed on this screen 5 2 Restart Click Restart Router to start it again This operation message will then be recorded in system log Press Reset on the device panel to reset manually Press Reset and hold for 5 seconds and the device will restart after the yellow light flickers 5 times 48 Q GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Tool gt Restart Restart Eouter 5 3 Factory Default Select Return to Factory Default Setting to reset all the settings and restart the device We recommend that users should back up the current configuration first before returning to default After the firmware upgrade users can return to factory default to make sure the stability Then import the backup configuration to the device Please refer to Setting Backup for exporting and importing device configuration Tool gt Fa
16. 166 1700 00 20 ed 41 cho AU Hours 11 Minutes 34 Seconds il 46 d a 1 gg F A a LA your future life DHCP Server Dynamic IP Used Static IP Used DHCP Available Total Client Host Name IP Address MAC Address Leased Time Delete 3WAN 1LAN Small Scale Multi WAN QoS Router DHCP IP address The amount of dynamic IP leased by DHCP The amount of static IP assigned by DHCP The amount of IP still available in the DHCP server The total IP which the DHCP server is configured to lease The name of the current computer The IP address acquired by the current computer The actual MAC network location of the current computer The lease time of the IP released by DHCP Remove a record of an IP lease After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change 47 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 5 gt Tool Setting This chapter introduces tools for managing the router and testing network connection 5 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Domain Name Inquiry Test and Ping Packet Delivery Reception Test DNS Name Lookup On this test screen please enter the host name of the network users want to test For example
17. 2 192146510101 OO 25 20 te 19 192 4681102 DUT tSc Oe 1873 16810 100 DO doses 40 75 56 Now the bound options will display on the IP and MAC binding list and click Apply to 81 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life finish binding SIP amp MAC binding chow mew IF user Static IP Address ha fies fi bus MAC Address oo fir _fie Jon jee bn Hame Econ Enable M Update this Entry 192 166 1 105 gt OO 17 16 01 fe so gt PCOOL gt Enabled Delete selected Entrr Hdd Hew C Block MAC address on the list with wrong IP address C Block MAC address not on the list Though these basic operations can help solve the problem but Qno s technical engineers suggest that further measures should be taken to prevent the ARP attack 1 Deal with virus source as well as the source device affected by virus through virus killing and the system re installation This operation is more important because it solves the source PC which is attacked by ARP This can better shelter the network from being attacked 2 Cyber caf administrators should check the LAN virus install anti virus software Ginshan Virus Reixin must update the virus codes and conduct virus scanning for the device 3 Install the patch program for the system Through Windows Update the system patch program critical update security update and Service Pack 82 d fm i eg F A Sa L
18. 255 255 248 Issued 16 static IP addresses 255 255 255 240 Defaule Gateway Address Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP address As for optical fiber users please input the optical fiber switching IP DNS Server Input the DNS IP address issued by ISP At least one IP group should be input The maximum acceptable is two IP groups After the changes are completed click Apply to save the configuration or click Cancel to leave without making any changes PPPoE This option is for an ADSL virtual dial up connection Input the user connection name and password issued by ISP Then use the built in PPP Over Ethernet software to connect with the Internet If the PC has been installed with the PPPoE dialing software provided by ISP please remove it This software will no longer be used for network connection l1 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life WAN Connection Type WAH PPPoE User Name Password Connect on Demand Max Idle Time F Mumm e Keep Alive Redial Period bo Sec User Name Input the user name issued by ISP Password Input the password issued by ISP Connect on Demand This function enables the auto dialing PPPoE connection When Max Idle the client port attempts to connect with the Internet the device Time Min will automatically make a dial connection If the line has been idle for
19. 55 255 255 0 gw 19216634 oner Aug 21 1809 39 na dhepstart bind Address already in use Aug 21 19120 timed out waiting for valid DHCP server response Clear Log Now This feature clears all the current information on the log 7 2 System Statistic The device has the real time surveillance management feature that provides system current operation information such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent Bytes Sec total number of error packets received total number of the packets dropped number of session number of the new Session Sec and upstream as well as downstream broadband usage 65 d ONO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router LAN WANI WAN O WANS Device Name athd zth1 eth eth atuz TT Enabled Connect H Enabled P Address 192 168 19 1 0 0 0 0 1921883123 0 0 0 0 MAC Address 00 0E A0 12 34 55 O0 0E A0 12 3457 00 DE A0 12 24 58 00 0E A0 12 34 59 Subnet Mask O 9553557550 0 0 0 0 285 255 255 0 255 255 255 0 Default Gateway 00 00 19216831 0 0 00 Ss 192 168 3 10 ps 8 SS 0 0 0 0 192 168 3 16 0 0 0 0 a SS Tes Failed Test Succeeded Test Failed Received Packets 134028 0 253087 0 Sent Packets ES 118 35045 p Total Packets 172660 118 298130 f Received Bytes 38159652 0 46152355 D
20. AC Name Enable Edit 4921681 100 O0 20 ede41 ch Sd PEOD Enabled Edt E 4 8 3 DNS amp WINS Server Setting DNS Server IP This is for checking the DNS from which an IP address has been leased to a PC port Input the IP address of this server directly DNs DAS Server Required 1 0 fo fo fo zp kk fo P Wins WHS Server fo jo jo a jo 45 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life DNS Server 1 Input the IP address of the DNS server The default is 0 DNS Server 2 Input the IP address of the DNS server The default is 0 WINS Server If there is a WIN server in the network users can input the IP address of that server directly WINS Server Input the IP address of WINS The default is 0 After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 4 8 4 DHCP Status This is an indication list of the current status and setup record of the DHCP server The indications are for the administrator s reference when a network modification is needed The content of the Introduction list is as follows DHCP gt Status ee M Status DHCP Server 192 168 1 1 Dynamic IP Used U Static IP Used 1 DHCP Available 49 Total 50 Client Table Client Host Name IP Address MAC Address Leased Time Delete qno yan 192
21. Binding 13 your future life Network Service Detection 3WAN 1LAN Small Scale Multi WAN QoS Router WA h Defaut Gateway Enable Network Service Detection Retry count Retry timeout When Fail Network Service Detection Enable Hetwork Service Detection Retry count E Retry timeot Er Second Vuen Fail Remove the Connection WAH hd Defaut Gateway ISP Host ISP Host IT Remote Host IT Remote Host T DNS Lookup Host DNS Lookup Host If this option is selected information such Retry Count or Retry Timeout will be displayed If two WANs are used for external connection be sure to activate the NSD system so as to avoid any unwanted break caused by the device misjudgment of the overload traffic for the WAN This selects the retry times for network service detection The default is five times If there is no feedback from the Internet in the configured Retry Times it will be judged as External Connection Interrupted Delay time for external connection detection latency The default is 30 seconds After the retry timeout external service detection will restart 1 Generate the Error Condition in the System Log If an ISP connection failure is detected an error message will be recorded in the System Log This line will not be removed therefore the some of the users on this line will not have normal connections This option is sui
22. Enable Activate the rule Add to list Add this rule to the list Move Up amp Move The QoS rules will be executed from the bottom of the list to the top Down of the list In other words the lower down the list the higher the priority of execution Users can arrange the sequence according to their priorities Usually the service ports which need to be restricted such as BT e mule etc will be moved to the bottom of the list The rules for certain IPs would then be moved upward Delete selected Remove the rules selected from the Service List Application Show Tables This will display all the rules users made for the bandwidth Click Edit to modify After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change Priority Users can choose the service priority as planned The device will allocate the bandwidth for High 60 and Low 10 If user set Port 8 for High the device will allow 60 of the total bandwidth for Port 80 packets If users set FTP Port 21 for Low the device will allow 10 of the total bandwidth for FTP service Un identified services will share 30 of the total bandwidth 26 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life BB ouality of Service Type Rate Control Priority Interface want Mwana M wans Service Direction Priority Enable Servite Management Interface Choose
23. F Service Protocol Dest Port bytes sec To TCP 445 a0 100 Inbound Session The figure displays the source IP address network protocol type source port destination 67 d e gt ae IW LS your future life 3WAN 1LAN Small Scale Multi WAN QoS Router IP address destination port bytes per second and percentage Trattic Type Inbound IP Session D Source IP Protocol 192 165 1100 TCP 192 168 1100 TCP 192 166 1 100 TCP 192 168 1100 TCP Outbound Session Source Port Dest IP Dest Port bytes sec 2402 192 166 3 10 445 596 2401 192 1668 3 10 443 Si 2146 207 46 106 Op 1863 SE 2144 192 1668 3 10 445 S The figure displays the source IP address network protocol type source port destination IP address destination port bytes per second and percentage Traffic Type Outbound IF Session e Source ID Protocol 192 168 7100 TCR 192 168 1 100 TCR 7 4 Specific IP Port status Source Port Dest IP Dest Port bytes sec 2401 192 166 5 10 443 ER 2402 192 1668 35 10 445 4 DA 15 The device allows administrators to inquire a specific IP or from a specific port about the addresses that this IP had visited or the users source IP who used this service port This facilitates the identification of websites that needs authentication but allows single WAN port rather than Multi WAN Administrators may find out the destination IP for protocol binding to solve this login problem For example when certain
24. S 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 4 Provide system administrators with a sophisticated and strong password for different accounts It would be best if the password consists of a combination of more than 12 letters digits and symbols Forbid and delete some redundant accounts 5 Frequently update anti virus software virus data base and set the daily upgrade that allows regular and automatic update Install and use the network firewall software Network firewall is important for the process of anti virus It can effectively avert the attack from the network and invasion of the virus Some users of the pirate version of Windows cannot install patches successfully Users are advised to use network firewall and other measures for protection 6 Close some unnecessary services and some unnecessary sharing if the condition is applicable which includes such management sharing as C and D Single device user can directly close Server service 7 Do not open QQ or the link messages sent by MSN online chatting tools in a causal manner Do not open or execute any strange suspicious documents and procedures such as the unknown attachment enclosed in E mail and plug in 4 Summary ARP attack prevention is a serious and long term undertaking The above methods can basically resolve the network problems caused by ARP virus attack Moreover clients who adopted similar methods witness good results Howev
25. TN ONO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Load Balance Bandwidth Management and Network Security English User s Manual d your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Product Manual Using Permit Agreement Product Manual hereafter the Manual Using Permit Agreement hereafter the Agreement is the using permit of the Manual and the relevant rights and obligations between the users and Qno Technology Inc hereafter Qno and is the exclusion to remit or limit the liability of Qno The users who obtain the file of this manual directly or indirectly and users who use the relevant services must obey this Agreement Important Notice Qno would like to remind the users read the clauses of the Agreement before downloading and reading this Manual Unless you accept the clauses of this Agreement please return this Manual and relevant services The downloading or reading of this Manual is regarded as accepting this Agreement and the restriction of clauses in this Agreement 1 Statement of Intellectual Property Any text and corresponding combination diagram interface design printing materials or electronic file are protected by copyright of our country clauses of international copyright and other regulations of intellectual property When the user copies the Manual this statement of intellectual property must also be copied and indicated Otherwise Qno regar
26. a period of time the system will disconnect the link automatically The default time for automatic disconnection when there is no packet transmissions is five minutes Users can enter the time frame by themselves Keep Alive Redial This function enables the PPPoE dial connection to keep Period Sec connected and to automatically redial if the line is interrupted It also enables a user to set up a time for redialing The default is 30 seconds After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change 3 3 2 Multi WAN Setting Users must choose Dual WAN from Dual WAN DMZ mode in the general setting before proceeding the setting CS Mode Auto Load Balance Mode By Session By P 12 d LINCI 3WAN 1LAN Small Scale Multi WAN QoS Router your future life This device provides two load balance by sessions or by IP The WAN bandwidth automatically allocate connections to achieve load balancing for external connections The network bandwidth is set by what users input for it For example if the upload bandwidth of both WANs is 512Kbit sec the automatic load ratio will be 1 1 if one of the upload bandwidths is 1024Kbit sec while the other is 512Kbit sec the automatic load ratio will be 2 1 Therefore to ensure that the device can balance the actual network load please input real upload and download bandwidths Session Balance If
27. ains Acd Add to list Delete selected dentin Forbidden Domain Click to enable this feature The default setting is Enavied Disabled Forbidden Domains Content filter list Add Enter the websites to be controlled such as www playboy com 59 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Website blocking by keyword If users enter the string sex any websites containing sex will be blocked Firewall gt Content Filter Ce Block Forbidden Domains O Accept Allowed Domains T Forbidden Domains Enabled MW Enable Website Blocking by Keywords Website Blocking by Keywords Keywords add Add ta list Delete seleeted Eet E Enable Website Blocking by Keywords Click to activate this feature The default setting is disabled Add Enter the keywords 60 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Accept Allowed Domains The purpose for this feature is to set websites allowed to be visited In some companies or schools only some specific websites are allowed for employees or students Firewall gt Content Filter C Block Forbidden Domains Ce Accept Allowed Domains Jh Allowed Domains Enabled Allowed Domains Allowed Domains Acd Add to list Delete celected dani Allowed Domains Enabled Click to activate this feature The default setting is disabled Add Enter the w
28. are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 37 d LINCI 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Attention The One to One NAT mode will change the firewall working mode If this function has been set up the Internet IP server or PC which is mapped with a LAN port will be exposed on the Internet To prevent Internet users from actively connecting with the One on One NAT server or PC please set up a proper denial rule for access as described in Firewall setting 4 6 DDNS DDNS supports the dynamic web address transfer for QNODDNS org cn 3322 org and DynDNS org This is for VPN connections to a website that is built with dynamic IP addresses and for dynamic IP remote control For example the actual IP address of an ADSL PPPoE time based system or the actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can be applied from www 3322 org or www dyndns org and these are free Also to solve the unstable situation in DDnS server each WAN will have dynamic IP update for DDNS services 38 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Advanced Setting gt DDNS want DDHS Service San OYE User name o Passwo
29. ateway have its own public IP each these intranet computers have private IP in intranet and after One to One NAT mapping these computer have public IPs when visiting Internet If there are more than two WEB servers in the intranet you can use the function for mapping external IPs with internal server IPs Example If you have 5 available IPs which are 210 11 1 1 6 and 210 11 1 1 has been configured as WAN1 Users can respectively configure the other four real IPs for One to One NAT as follows 210 11 1 2 gt 192 168 1 3 210 11 1 3 gt 192 168 1 4 210 11 1 4 gt 192 168 1 5 210 11 1 5 gt 192 168 1 6 Attention The device WAN IP address can not be contained in the One to One NAT IP configuration 36 d WING 3WAN 1LAN Small Scale Multi WAN QoS Router ae sting gt One to One One to One NAT Enable M Add Range Private Range Begin Public Range Begin Range Length 192 168 1 O oi idl la Add to Fist DS S E eis Fae One to One NAT Enable Activate or close the One to One NAT function Private Range Begin Input the Private IP address for the Intranet One to One NAT function Public Range Begin Input the Public IP address for the Internet One to One NAT function Range Lengeh The numbers of final IPs of actual Internet IPs Add to list Add this configuration to the One to One NAT list Delete selected range Remove a selected One to One NAT list After the changes
30. atus Color Description DIAG Amber Amber LED on System self test is running Amber LED off System self test is completed successfully Link ACT Green Green LED on Ethernet connection is fine Green LED blinking Packets are transmitting through Ethernet port 100Mbps 10Mbps Amber Amber LED on Ethernet is running at 100Mbps Amber LED off Ethernet is running at 10Mbps Connect Green Green LED on WAN port is connected and got an IP address Green LED off WAN port does not get an IP address Reset Action Description Press Reset Button For 5 Secs Warm Start DIAG indicator Amber LED flashing slowly Press Reset Button Over 10 Secs Factory Default DIAG indicator Amber LED flashing quickly d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 2 2 Router Network Connection SX gt Hub Switch PC Hub Switch Server Internet WAN connection A WAN port can be connected with xDSL Modem Fiber Modem Switching Hub or through an external router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering through the port after Physical Port Mangement configuration is done d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 3 Quick Connection Settings This chapter introduces setting screens Homepage messages and basic conne
31. bed in the following 18 d GINO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Service Mame Protocol TCF e Port Range Service Name Protocol Port Range Add to list Delete selected Service Apply Cancel Exit IHS UDP 53 53 FTF TCP 21721 HITF TCF so so HITF Secondary TCF 80808080 HITFS TCF 443443 HITFS Secondary TCF 8443 d4 TFTP Dmp eaeal IMAF TCF 143143 tol HHTF TCP 1197114 FOFS TCF 1i10 7110 Cup UDF 1617161 SMTP TCP 25 25 TELHET TCP 2323 TELHET Secondary TCP 80238023 Add to list Delete selected Seririce In this box input the name of the Service Port which users want to activate such as BT etc This option list is for selecting a packet format such as TCP or UDP for the Service Ports users want to activate In the boxes input the range of Service Ports users want to add Click the button to add the configuration into the Services List Users can add up to 100 services into the list Remove the selected activated Services Click the Apply button to save the modification Click the Cancel button to cancel the modification This only works before Apply is clicked To quit this configuration window 19 d WING 3WAN 1LAN Small Scale Multi WAN QoS Router 3 3 4 Quality of Service QoS QoS is an abbreviation for Quality of Service The main functio
32. ce ratio will be 1 1 If one WAN upstream bandwidth is 1024Kbit sec while the other is 512Kbit sec the automatic balance ratio will be 2 1 Therefore to ensure the load can be really balanced please input the actual upstream and downstream bandwidth In addition the data users input will also affect the QoS configuration Please refer to QoS Configuration 3 3 3 Protocol Binding Users can assign traffic for specific IPS or services go out from the assigned WAN ports The remaingin IPs or service will follow the original load balance mechanism 16 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Protocol Binding Service All Traffic TCPRUDP 1 65535 e Service Management source IP 192 166 1 id to 0 Destination IP bh hh Ew Interface TAHI Enable IT Add ta list elete celected application Service This is to select the Binding Service Port to be activated The default such as ALL TCP amp UDP 0 65535 WWW 80 80 FTP 21 to 21 etc can be selected from the pull down option list The default Service is All 0 65535 Service Management Click the button to enter the Service Port configuration page to add or remove default Service Ports on the option list Source IP Users can assign packets of specific Intranet virtual IP to go through a specific WAN port for external connection In the boxes here input the Intranet virtual IP address range for example
33. ceaselessly a series of wrong MAC messages to the device which sends out wrong MAC address The PC thus cannot receive the messages The later is ARP attack by fake gateways A fake gateway is established PC which is cheated sends data to this gateway and doesn t go online through the normal device From the PC end the situation is disconnection For these two situations the device and client setup must be done to prevent ARP virus attack which is to guarantee the complete resolution of the issue The device selection is advised to take into consideration the one with anti ARP virus attack Qno products come squarely with such a feature which is very user friendly compared to other products 2 ARP Diagnosis If one or more computers are affected by the ARP virus we must learn how to diagnose and take appropriate measures The following is experience shared by Qno technical engineers with regard to the ARP prevention 76 d Sai KI i your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Through the ARP working principle it is known that if the ARP cahe is changed and the device is constantly notified with the series of error IP or if there is cheat by fake gateway then the issue of disconnection will affect a great number of devices This is the typical ARP attack It is very easy to judge if there is ARP attack Once users find the pc point where there is problem users may enter the DOS system to conduct
34. ction 3 1 Login Open webpage browser IE for example and key in 192 168 1 1 in the website column The login window will appear as below 8 1 1 User name e Password Remember my password Firewall router default username and password are both admin Users can change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to VPN Firewall Press Reset button for more than 10 sec all the setting will return to default 3 2 Home Page In the Home page all firewall router parameters and status are listed for users reference d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 3 2 1 System Information system Information Serial Mumber Firmware version CPU High Speed Network Processor System active time 0 Days 0 Hours U Minutes 24 Seconds Current time Thu Jan 1 1970 00 00 37 Serial Number This number is the device serial number Firmware version Information about the device current software version CPU Information abou the device current CPU System active time Indicates how long the device has been running Current time Indicates the device present time Please note To have the correct time users must synchronize the device with the remote NTP server first 3 2 2 Port Statistics Port Statistics Po
35. ctory Default EKeturn to Factory Default Setting 5 4 Firmware Upgrade Users may directly upgrade the device firmware on the Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Attention 49 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Before firmware upgrade please read the notes in the screen carefully During the firmware upgrade please do not exit the upgrade screen or it might cause router upgrade failure Tool gt Firmware Upgrade E Fireware Upgrade Eight How Warning 1 When choosing previous firmware versions all settings will restore back to defaut value 2 Upgrading firmware may take four minutes or more please dont turn off the power or press the reset button 3 Please dont close the window or disconnect the link during the upgradeprocess 4 Please use EU or above for on line firmyvare upgrade 50 Q GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 5 5 Setting Backup Tool gt Setting Backup import configuration File o E Import Export configuration File Export Import configuration File This feature allows users to integrate all backup content of parameter settings into the device Before upgrade confirm all in
36. ds it as tort and relevant duty will be prosecuted as well 2 Scope of Authority of Manual The user may install use display and read this Manual on the complete set of computer 3 User Notice If users obey the law and this Agreement they may use this Manual in accordance with Agreement If the users violate the Agreement Qno will terminate the using authority and destroy the copy of this Manual The hardcopy or softcopy of this Manual is restricted using for information non commercial and personal purpose Besides it is not allowed to copy or announce on any network computer Furthermore it is not allowed to disseminate on any media It is not allowed to modify any part of the file Using for other purposes is prohibited by law and it may cause serious civil and criminal punishment The transgressor will receive the accusation possibly 4 Legal Liability and Exclusion d your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 4 1 Qno will check the mistake of the texts and diagrams with all strength However Qno distributors and resellers do not bear any liability for direct or indirect economic loss data loss or other corresponding commercial loss to the user or relevant personnel due to the possible omission 4 2 In order to protect the autonomy of the business development and adjustment of Qno Qno reserves the right to adjust or terminate the software Manual any time without informing t
37. dvanced Setting gt UPnP UPnP Function ves Mo Service IP Address Enable pHs UIF 5353 IT Service Management Hdd to list Delete selected application Service Select the UPnP service number default list here for example WWW is 80 80 80 FTP is 21 21 Please refer to the default service number list IP Address Input the Intranet virtual IP address or name that maps 33 d oj CS 3WAN 1LAN Small Scale Multi WAN QoS Router your future life with UPnP such as 192 168 1 100 Enable Activate this function Service Management Add or remove service ports from the management list Add to list Add to active service content Delete selected application Remove selected services Show Tables displays the list ofr current active UPnP functions After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change 4 4 Routing Static routing enables the packet route by manual routing table There is two applications one is connecting different network or routers in intranet and the other is identifying the route for specific destination IP address For example there might be different ISP lines for different WANs in one router To avoid the connection issue such as mail servers or game servers are in different ISP lines and ISP can not connect eash other mail servers or game se
38. e converted into 192 168 1 50 by Port 80 to access the web page In the same way to set up other services please input the server TCP or UDP port number and the virtual host IP addresses 30 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Advanced Setting gt Forwarding Say Port Range Forwarding Service IP Address Enable fall Traffic TCPEVDP 1 65535 sl 192 163 1 RB Service Management Add to List Pete Set eoten Sy nol ton Service Select from this option the default list of service ports of the virtual host that users want to activate Such as All TCP amp UDP 0 65535 80 80 80 for WWW and 21 21 for FTP Please refer to the list of default service ports IP Address Input the virtual host IP addresses For example 192 168 1 100 Enable Activate this function Service Management Add or remove service ports from the list of service ports Add to list Add to the active service content After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 31 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Port Triggering For some special application software the Internet accessing port numbers are unsymmetrical Therefore the port numbers for this special software must be input in the Port Triggering as in th
39. e following fig Port Triggering Application Hame Trigger Port Range Incoming Port Range fo wl wl add to list Delete seleeted application Application Name Users can define names for special application software This is to make management simple Trigger Port Range Input the port numbers for data going from the device to the Internet For example 9000 10000 Incoming Port Range Input the port numbers for data coming in from the Internet to the device For example 2004 2005 Add to list Add the service to the active service list Delete selected application Remove selected services Show Tables Show all the setting paratemters by pressing the button After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 32 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 4 3 UPnP Universal Plug and Play UPnP Universal Plug and Play is a protocol set by Microsoft If the virtual host supports UPnP system such as WindowsXP users could also activate the PC UPnP function to work with the device UPnP function includes UPnP Forwarding If you would like to setup virtual servers in intranet you could foolow the Forwarding setting in the previous chaptor or confige the setting in UPnP Forwarding However please not not enter the setting repeatedly to avoid conflicts A
40. eam Means the upload bandwidth for Intranet IP Downstream Means the download bandwidth for Intranet IP Server in LAN Upstream If a Server for external connection has been built in the device this option is to control the bandwidth for the traffic coming from outside to this Server Server in LAN Downstream If there are web sites built in the Intranet this option is to control the upload bandwidth for the connections from outside to this Server For example game servers have been built in many Internet caf s This rule can be used to control the bandwidth for connections from outside to the game server of a caf to update data In this way game players inside the caf will not be affected Mini Rate The rule is to guarantee minimum available bandwidth Max Rate This rule is to restrict maximum available bandwidth The maximum bandwidth will not exceed the limit set up under this rule Sharing total bandwidth with all IP addresses If this option is selected all IPs or Service Ports will share the bandwidth range from minimum to maximum bandwidth Assign bandwidth for each IP address If this option is selected every IP or Service Port in this range can have this bandwidth minimum to maximum For example If the rule is set for the IP of each PC the IP of each PC will have the same bandwidth 25 d s ic oA y e Ei Ti RN ik JL ZE H il KE Stee 3WAN 1LAN Small Scale Multi WAN QoS Router
41. ebsites to be controlled such as www playboy com Scheduling Select Always to apply the rule on a round the clock basis Select from and the operation will run according to the defined time For example if the control time runs from 61 d WING 3WAN 1LAN Small Scale Multi WAN QoS Router 8 a m to 6 p m Monday to Friday users may control the operation according to the following illustrated example S scheduling Apply the rule alwars tol 24 Hour Format IT Everyday F sun won ft Tue D wea D mut Fri D Sat Always Shows the rules is activated for 24 hours __to This control rule has time limitation The setting method is in 24 hour format such as 08 00 18 00 8 a m to 6 p m Day Control Everyday means this period of time will be under control everyday If users only certain days of a week should be under control users may select the desired days directly After modification push Apply button to save the network setting or push Cancel to keep the settings unchanged 62 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 7 Log From the Log management and look up you can see the relevant operation status which is convenient for us to facilitate the setup and operation 7 1 System Log System Log offers two options system log and E mail alert Log gt System Log syslog T Enable Syslog Syslog Serv
42. ed Setting Status Advanced Setting Status DMA Host Disabled Working Mode Gateway CONS OTT d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life DMZ Host Identifie if DMZ function is enabled Users can click the hyper link to enter the setting directly System default is Disabled Working Mode Identifies the current working mode could be either NAT Gateway or Router mode Users can click the hyper link to enter the setting directly System default is NAT Gateway mode DDNS Show if the DDNS function is enabled Users can click the hyper link to enter the setting directly System default is Disabled 3 2 5 Firewall Setting Status Firewall Setting Status SPI statetul Packet Inspection On Dos Denial of Service On Block VAN Request On Remote Management Ott SPI Stateful Packet Inspection Indicates whether SPI Stateful Packet Inspection is on or off The default configuration is On DoS Denial of Service Indicates if DoS attack prevention is activated The default configuration is On Block WAN Request Indicates that denying the connection from Internet is activated The default configuration is On Remote Management Indicates if remote management is activated on or off Click the hyperlink to enter and manage the configuration The default configuration is Off 3 2 6 Log Setting Status Log Setting Stat
43. eecesasseesecseassaeeeeseassansesseassaesenseages 6 3 2 4 Advanced Setting KOCH TEE 6 3 2 5 Firewall Setting SLAC EEN 7 3 2 6 Log Setting e EC 7 3 3 Basic E ee gie in Ee gl EE 8 3 3 1 General e d Le EEN 8 3 3 2 DUG WAN Setting WE 12 33 9 Protocol BING ING E 16 3 3 4 Quality of wl le Hale KOHN 20 Po PAS SWO 8 ee me ee A eee 27 Faro en TEEN 28 d Advanced Setting 0 00 0 ccccccceeceeeeesseeeeenneeeeenneeeeeenseeeeanseesoanseesonnseseonaseeseonseeseoaneess 30 Aet DMZ TO RE 30 le SEENEN 30 4 3 UPnP Universal Plug And bla 33 SE MON gn ee 34 Q your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 4 5 ONE TO Olam WEE 36 e EIB KE 38 4 7 MAC 0 0 ce 40 BO DACP eee a A 40 4 0 1 DACP Setup WE 41 40 2 IP Se MAC Un e Le ME 41 4 8 3 DNS amp WINS Server Setting ccc cc cccccccseeeeeeeeeeeeeseeceeseeeeeesseaeceessaeeeessaeees 45 e DACP CAO EE 46 5 Tool Setting wssssiiscetenacevninwetannceveisnsteiwtsvedsratensdasannnedannensninsnentecuswoesadaeneasseusadeansenneesans 48 eae RE el 6 Te 48 e e os e E 48 5 3 Factory Default 0 cccccccsessseeeseeeseeeeeueuseeueueeeseeeeuseseueeeecuveneneuaneneees 49 54 Firmware Beie TC 49 ed IG TOD E 51 ER Ve UE 53 6 1 Firewall General Gettnmg 53 eZ RECESS RUIG ee 55 6 3 Content Filter 58 Ds MOG EE 63 Fe Me OY SS ee WE 63 VP EE EE eee ee eee eee nee eee eee 65 K Wen deeg 66 7 4 Specific IP POrt status 68 S E e Te TT E 71 App
44. endix 1 TrouDleShoOotinng cccescceseeceseeceneeceneeceneeceseecaneeeeneeenneeeaseseeneseans 72 1 Block Basic BT Download Method 2 00 00 eccecceceeeseeeeeeeeseeeeaeeeens 72 MI Q your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 2 Prevention of Shock Wave and Worm Virus 72 3 ARP virus attack prevention 0 oc ccccc cesses sceeseseesseeseeaeenseeseeeenanens 75 Appendix 2 Qno Technical Support Information ccceseeeeseeeeneeeeneeeees 84 VII d JIN CS 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 1 Introduction 3WAN 1LAN Small Scale Multi WAN QoS Router The device is designed for small internet caf enterprise communities and schools which is economical and effective The device has three WAN ports with load blance function The WAN capatabilities can meet most bandwidth market spec The device also has one 10 100 Base T TX Ethernets RJ45 embedded for LAN use LAN port can be linked to additional swithes in order to connect more network equipments Built in Firewall can fulfill most enterprise requirements for preventing external network attacks Firewall utilizes Prevent Arp Attack Denial of Service and SPI Stateful Packet Inspection Access rule setting can allow or forbid network access services limit intranet user network usage Unique bandwidth management ensures administrators to have reasonable and effective allocation
45. er Mame or IF Address E mail Enable E Mail Aert Mail Server Mame or D Address send E mail ta E mail Address Log Cueue Length 50 entries Log Time Threshold p 0 minutes Email Loe Hair View System Log Clear Loge How Syslog Enable Syslog If this option is selected the System Log feature will be enabled 63 d ec fe H eg 4 gt Of H me RR in ik JL ts A ql Pome your future life Syslog Server E mail Alert Enable E Mail Alert Mail Server Send E mail to Log Queue Length Log Time Threshold E mail Log Now 3WAN 1LAN Small Scale Multi WAN QoS Router The device provides external system log servers with log collection feature System log is an industrial standard communications protocol It is designed to dynamically capture related system message from the network The system log provides the source and the destination IP addresses during the connection service number and type To apply this feature enter the system log server name or the IP address into the empty system log server field If this option is selected E mail Warning will be enabled If users wish to send out all the logs please enter the E mail server name or the IP address for instance mail abc com This is set as system log recipient email address such asabc mail abc com Set the number of Log entries and the default entry number is 50 When this defined number is reached
46. er it is important that network administrators pay special attention to this problem rather than overlooking the issue It is suggested that the above measures can be adopted to prevent ARP attack reduce the damage enhance the work efficiency and minimize economic loss 83 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Appendix 2 Qno Technical Support Information For more information about the Qno s product and technology please log onto the Qno s bandwidth forum refer to the examples on the FTP server or contact the technical department of Qno s dealers as well as the Qno s technical center Qno Offical Website http www Qno com tw Taiwan Tehcnical Center E mail QnoFAE qno com tw 84
47. es 3WAN 1LAN Small Scale Multi WAN QoS Router authentication of each connection the program will perform an alarming function Meanwhile firewalls of the packet authentication type may decline the connection to non standard communications protocol This averts DoS attacks such as SYN Flooding Smurf LAND Ping of Death and IP Spoofing If set as Enabled then device will shut down outbound ICMP to connect to machines with abnormal packet responses If you try to ping the device WAN IP from the external this will not work because the default value is set as activated in order to decline the outbound responses To enter the device web based UI by connecting to the remote Internet this feature must be activated A valid external IP address WAN IP for the device should be filled in and the modifiable default control port should be adjusted the default is set to 80 modifiable There are many audio and visual streaming media on the network Broadcasting may allow the client end to receive this type of packet message format This feature is off by default MTU is an acronym for Maximum Transmission Unit The default value is 1500 But in different network environments different values can be applied ADSL PPPoE is the most common condition ADSL PPPoE MTU Size 1492 Generally the default value of Auto is good enough and further settings are not necessary It supports the block that is connected through
48. fe Host Name Broadband Router Required by some ISPs Domain Name Erosdband_Router Required by some ISPs LAN Setting MAC Address 00 0E AD 12 34 56 Device IP Address Subnet Mask Pee es ee 255 255 255 0 a WAN Connection Type VAN Obtain an IF automatically EI WW Use the Following DONS Server Addresses DNS Server Required 1 7 a fa m mem d m dei ce lal Bei a inl f H Host Name and Domain Name Device name and domain name can be input in the two boxes Though this configuration is not necessary in most environments some ISPs in some countries may require it Host Name Broadband_Router Required by some ISPs Domain Name Froadband_ Router Required by come ISPs LAN Setting This is configuration information for the device current LAN IP address The default configuration is 192 168 1 1 and the default Subnet Mask is 255 255 255 0 It can be changed according to the actual network structure LAN Setting MAC Address 00 17 16 01 FC 2E Device IP Address Subnet Mask ba fies fp ft 255 255 255 Ju 3WAN 1LAN Small Scale Multi WAN QoS Router WAN and the Internet Connection Configuration Obtain an IP automatically This is the device system default connection mode This mode is often used in the connection mode to obtain an automatic DHCP IP such as cable modem or DHCP cl
49. formation about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the file Export configuration File This feature allows users to backup all parameter settings Click Export and select the location to save the config exp file 51 3WAN 1LAN Small Scale Multi WAN QoS Router 5 6 SNMP SNMP Enabled System Name No More SNMP System Contact No More SNMP system Location Yo More SNMP Get Community Namen Kore IMMF Set Community Name co More SNMP Trap Community Name Yo More SSxPF Send SNMP Trap to vn More SNMP Enabled System Name System Contact System Location Get Community Name Set Community Name Trap Community Name Send SNMP Trap to Apply Cancel Activate SNMP feature The default is activated Set the name of the device such as QVM1000 Set the name of the person who manages the device i e John Define the location of the device i e Taipei Set the name of the group or community that can view the device SNMP data The default setting is Public Set the name of the group or community that can receive the device SNMP data The default setting is Private Set user parameters password required by the Trap receiving host computer to receive Trap message Set one IP address or Domain Name for the Trap receiving host computer Press Apply to save the sett
50. he users There will be no further notice regarding the product upgrade or change of technical specification If it is necessary the change or termination will be announced in the relevant block of the Qno website 4 3 All the set parameters are examples and they are for reference only You may also purpose your opinion or suggestion We will take it as reference and they may be amended in the next version 4 4 This Manual explains the configuration of all functions for the products of the same series The actual functions of the product may vary with the model Therefore some functions may not be found on the product you purchased 4 5 Qno reserves the right to change the file content of this Manual and the Manual content may not be updated instantly To know more about the updated information of the product please visit Qno official website 4 6 Qno and or distributors hereby declares that no liability will be born for any guarantee and condition of the corresponding information The guarantee and condition include tacit guarantee and condition about marketability suitability for special purposes Ownership and non infringement The name of the companies and products mentioned may be the trademark of the owners Qno and or the distributors do not provide the product or software of any third party company Under any circumstance Qno and or distributors bear no liability for special indirect derivative loss or any type of loss
51. he same way to enter the IP and MAC address of the corresponding device to complete the binding work However if this act restarts the computer the setting will be cancelled Therefore this command can be regarded as a batch of processing documents placed in the activation of the operation system The batch processing documents can be put in this way echo off arp d arp s Router LAN ID Router LAN MAC For those internal network attacked by Arp the source must be identified Method If the PC fails to go online or there is packet loss of ping in the DOS screen input arp a command to check if the MAC address of the gateway is the same with the device MAC address If not the PC corresponding to the MAC address is the source of attack Solutions for other device users are to make a two way binding of the IP address and MAC address from both of the PC and device ends in order to carry out the prevention work However this is more complicated because the search for the IP and address and MAC increases the workload Moreover there is greater possibility of making errors during the operation 79 Q ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life P amp MAC binding Show mew IF user Static IP Address 192 bes fi bo MAC Address oo hr be Joke Je Hame peoot Enable M Update this Entry 192 163 1 101 K l Lef den Cl Lie Eet WECKER AECH HEEN Delete selected Entry Add Hew C B
52. ient connection If having a different connection mode please refer to the following introduction for selection of appropriate configurations Users can also set up their own DNS IP address Check the options and input the user defined DNS IP addresses WAN Connection Type WAH Obtain an IP automatically D l Use the Following DHS Server Addresses DAS Server Required 1 p fo fo In KEE zb Use the Following DNS Server Address Select a user defined DNS server IP address DNS Server Input the DNS IP address set by ISP At least one IP group should be input The maximum acceptable is two IP groups After the changes are completed click Apply to save the configuration or click Cancel to leave without making any changes Static IP If ISP issue a static IP Such as one IP or eight IPs etc please select this connection mode and follow the steps below to input the IP numbers issued by ISP into the relevant boxes 10 3WAN 1LAN Small Scale Multi WAN QoS Router your future life WAN Connection Type WAH Static IP Specify WAN IP Address 0 Jh Subnet Mask ju bh Default Gateway Address 0 bb DNS Server Required 1 0 bh ze fo ict 1717 AA Specify WAN IP Address Input the available static IP address issued by ISP Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255
53. if 192 168 1 100 150 is input the binding range will be 100 150 If only specific Service Ports need to be designated while specific IP designation is not necessary input 0 in the IP boxes 17 d a fe H ag e D 8 J f a ff d 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Destination IP In the boxes input an external static IP address For example if connections to destination IP address 210 11 1 1 are to be restricted to WAN1 the external static IP address 210 1 1 1 210 1 1 1 should be input If a range of destinations is to be assigned input the range such as 210 11 1 1 210 11 255 254 This means the Class B Network Segment of 210 11 x x will be restricted to a specific WAN If only specific Service Ports need to be designated while a specific IP destination assignment is not required input O into the IP boxes Interface Select the WAN for which users want to set up the binding rule Enable Activate the rule Add to list Add this rule to the list Delete selected Remove the rules selected from the Service List application After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes Service Management If the Service Port users want to activate is not in the list users can click Add or Remove Service Ports from Service Management to arrange the list as descri
54. in the lawsuit caused by usage or information on the file no matter the lawsuit is related to agreement omission or other tort 5 Other Clauses 5 1 The potency of this Agreement is over any other verbal or written record The invalidation of part or whole of any clause does not affect the potency of other clauses 5 2 The power of interpretation potency and dispute are applicable for the law of Taiwan If there is any dissension or dispute between the users and Qno it should be attempted to solve by consultation first If it is not solved by consultation user agrees that the dissension or dispute is d your future life 3WAN 1LAN Small Scale Multi WAN QoS Router brought to trial in the jurisdiction of the court in the location of Qno In Mainland China the China International Economic and Trade Arbitration Commission is the arbitration organization IR Q your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Content 1 Introduction EEN 1 2 Hardware FoStalatottsugegresgegegeeeg eege EES 2 Zak TVS VG Al Ree TN 2 2 2 Router Network Conpnechon ccc cecceeseeeeeceeeeeeeeeeseeeeeeeueeeeeeeeseeneeeenenes 3 3 QUICK CONNECTION SCCCINGS cc ccc eeseeeeeeeeeeneeeeeneeeceneeseenseeeaseesoaseeseaneesoasessoneees 4 ie OG a E E E E E E E atenaanaonaateetutecanear 4 3 2 Home Page EE 4 3 2 1 System Information EE 5 E Ae POTC CS e 5 3 2 3 General Setting Status ssceeecssssseeeecesessee
55. ingle IP address or an IP address within a session Select the destination IP range such as Any Single Range or preset IP group name If Single or Range is selected please enter a single IP address or an IP address within a session Select Always to apply the rule on a round the clock basis Select to__ and the operation will run according to the defined time Shows the rules is activated for 24 hours Default Users might also choose time and day control This control rule has time limitation The setting method is in 24 hour format such as 08 00 18 00 8 a m to 6 p m Everyday means this period of time will be under control everyday If users only certain days of a week should be under control users may select the desired days directly After modification press Apply to save the network settings or press Cancel to keep the settings unchanged 6 3 Content Filter The device supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected 58 Q ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Block Forbidden Domains Fill in the complete website such as www sex com to have it blocked Firewall gt Content Filter Ce Block Forbidden Domains Accept Allowed Domains M Forbidden Domains Enabled Forbidden Domains Forbidden Dam
56. ings Press Cancel to keep the settings unchanged 52 d INO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 6 Firewall This chaptor introduces firewall setting uptions as well as network control settings 6 1 Firewall General Setting From Firewall gt General users can enable or disable the functions enabled and disable other unnecessary responses Default is Firewall Firewall gt General Firewall SPI Stateful Packet Inspection DoS Denial of Service Block WAN Request Remote Management Multicast Pass Through Prevent ARP Virus Attack MTU Restrict WEB Features Block IT Access to HTTP Proxy Servers Enable Disable Enable C Disable De Enable Disable e Enable Disable Enable Disable Port 2080 Enable Disable Enable Disable Router sends ARP i times per second Auto C Manual i500 bytes C Java T Cookies Activex Don t block Java ActiveX Cookies Proxy to Trusted Domains Firewall SPI Stateful Packet Inspection Enable or disable the function This enables the packet to actively detect the authentication technology The Firewall operates mainly on a network level By executing the dynamic d ep o gt E zl Ti ee ik kt aS WM WM es your future life DoS Denial of Service Block WAN Request Remote Management Multicast Pass Through MTU Restrict WEB Featur
57. les and do more than the default rules However the following four extra service items are always on and are not affected by other user defined settings HTTP Service from LAN to Device is on by default for management DHCP Service from LAN to Device is set to on by default for the automatic IP retrieval DNS Service from LAN to Device is on by default for DNS service analysis 55 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Ping Service from LAN to Device is on by default for connection and test Firewall gt Access Rule ina Jump to oF 4 page 5 entries per page T l SOURCE beans Priorty Enable Action Service SOLUCE Destination Time Day Delete Interface EI Allow Al Traffic 1 LAM Any Any Always EI Deny All Tratfic 1 WAN Anny Any Always Ri Deny All Traffic 1 VVAN2 Ary Any Always hdd Hew Rule Restore to Default Rules In addition to the default rules all the network access rules will be displayed as illustrated above Users may follow or self define the priority of each network access rule Edit define the network access rule item Trash Can Icon remove the item Add New Rule create a new network access rule Restore to Default Rules restore all settings to the default values and delete all the self defined settings 56 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Add New Access Rules
58. lock MAC address on the list with wrong IP address C Block MAC address not on the list After an item is added to the list the corresponding message will be displayed in the white block on the bottom However such method is not recommended because the inquiry of IP MAC addresses of all hosts creates heavy workload Another method to bind IP and MAC is more recommended because of easy operation reduced workload and time efficiency It is described in the following Enter Setup under the DHCP page and look for IP and MAC binding On the right there is an option of Show new IP user and click to enter 80 Q GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life SIP amp MAC binding Show new IF user IP amp MAC binding Static IP Address ITT MAC Address III Hame fC c Enable Add to list Delete selected Entry C Block MAC address on the list with wrong IP address C Block MAC address not on the list Click to display IP and MAC binding list dialog box In this box the unbinding IP and MAC address corresponding to the PC are displayed Enter the Name of the computer and click on Enabled with the display of the V icon and push the option on the top right corner of the screen to confirm IP amp MAC binding List Windows Internet Explorer e hitpy 220 190 188 43 Dhep_tablel him IP amp MAC binding List 1921684 4105 EECH 192 168 1100 O0 e0 81 2e e8 0
59. management webpage of the device Enter Firewall gt General and find the option Prevent ARP Virus Attack to the right of the page Click on the option to activate it and click Apply at the bottom of the page see illustrated Firewall gt General r Firewall Dr Enable Disable SPI Stateful Packet Inspection Enable Disable Dos Denial of Service Enable O Disable Block WAN Request Enable Disable Remote Management Enable Disable Port 29 Multicast Pass Through Enable e Disable Prevent ARP Virus Attack Ce Enable Disable Router sends ARP ICH times per second MTU Auto Manual 1500 bytes b Bind the Gateway IP and MAC address for each PC This prevents the ARP from cheating IP and its MAC address First find out the gateway IP and MAC address on the device end LAN Setting MAC Address foo hr he foo Je Jr Default OO 1 16 00 c6 8 Device IP Address EA bes bn bh Subnet Mask 255 Jess Jess fo On every PC start or operate cmd to enter the dos operation Enter arp s 192 168 10 1 00 17 16 00 c6 87 so as to finish the binding of pc0O1 As illustrated in Figure 7 78 d deg INES 3WAN 1LAN Small Scale Multi WAN QoS Router ey CVA N DO Ws ewslem 32 yond ese Microsoft Windows 8P Rz 5 1 2600 KC Copyright 1785 201 Microsoft Corp C Documents and Settings PNA1l gt arp s 192 168 18 1 HH 17 16 88 c6 87_ For other host devices within the network follow t
60. mp MAC binding chow mew IF user Static P Address POT MAC Address Hame Enable _ Add to list Delete selected Enrrs M Block MAC address on the list with wrong IP address M Block MAC address not on the list Static IP Address There are two ways to input static IP 1 If users want to set up a MAC address to acquire IP from DHCP but the IP need not be a static IP input 0 0 0 0 in the boxes The boxes cannot be left empty 2 If users want DHCP to assign a static IP for a PC every single time users should input the IP address users want to assign to this computer in the boxes The server or PC which is to be bound will then acquire a static virtual IP whenever it restarts MAC Address Input the static real MAC the address on the network card for the server or PC Name Input the name or address of the client for identification The maximum acceptable characters are 12 Either 43 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Chinese or English can be accepted Enable Activate this configuration Block MAC address on the When this option is activated MAC addresses which are list with wrong IP not included in the list will not be able to connect with the address Internet Block MAC address noton When this option is checked user modified IP or IP which the list is not configured in the list will not be able to connect with the Internet Afte
61. n is to restrict bandwidth usage for some services and IPs to save bandwidth or provide priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth efficiency network administrators should take account of the practical requirements of a company a community a building or a caf etc and modify bandwidth management according to the network environment application processes or services rte Maximum Bandwidth provided by ISP Upstream Downstream Kbitisec Kbitsec WANA 512 522 WANZ S12 ES Wa EE ES CR Session Control ei Disable O Single IP cannotexceed 29 Session LC When single IP exceed 200 Session block this IP to add new session for 3 minutes block this IP s all connection for 3 minutes The Maximum Bandwidth provided by ISP Sine Maximum Bandwidth provided by ISP Upstream Downstream Interface e WAN aus WANZ 512 a WAN3 az Eeer In the boxes for WAN1 WAN2 WAN3 bandwidth input the upstream and downstream bandwidth which users applied for from bandwidth supplier The bandwidth QoS will make 20 d LINCI 3WAN 1LAN Small Scale Multi WAN QoS Router your future life calculations according to the data users input In other words it will guarantee a minimum rate of upstream and downstream for each IP and Service Port based
62. on the total actual bandwidth of WAN1 and WAN2 For example if the upstream bandwidths of both WAN1 and WAN2 are 512Kbit Sec the total upstream bandwidth will be WAN1 WAN2 1024Kbit Sec Therefore if there are 50 IPs in the Intranet the minimum guaranteed upstream bandwidth for each IP would be 1024Kbit 50 20Kbit Sec Thus 20Kbit Sec can be input for Mini Rate Downstream bandwidth can be calculated in the same way Attention The unit of calculation in this example is Kbit Some software indicates the downstream upstream speed with the unit KB 1KB 8Kbit Session Limit Session management controls the acceptable maximum simultaneous connections of Intranet PCs This function is very useful for managing connection quantity when P2P software such as BT Thunder or emule is used in the Intranet causing large numbers of connections Setting up proper limitations on connections can effectively control the connections created by P2P software It will also have a limiting effect on bandwidth usage In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of connection requests session control will restrict that as well 21 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life session Control Ce Disable Single IP cannot exceed 2 Session When single IP exceed Lo Session block this IP to add new session for F minuts C block this IP
63. ord Input the new user name Confirm New Password Input the new password again for verification After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change 3 3 6 Time A function to calculate the correct time is available with the device Users can either select the embedded NTP Server synchronization function or set up a time reference This function enables users to know the exact time of event occurrences that are recorded in the System Log and the time of closing or opening access for Internet resources Set the local time using Network Time Protocol NTP automatically Firewall router has built in NTP server which will update time automatically 28 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life General Setting gt Time DG Set the local time using Network Time Protocol NTP automatically Set the local time Manually Time Zone Hone Kong GAT 08 00 e Set the local time Manually Enter the correct time General Setting gt Time Set the local time using Network Time Protocol NTP automatically DG Set the local time Manually i T Hours 25 Minutes jE Seconds E Month 21 Day 2005 ear After the changes are completed click Apply to save the configuration or click Cancel to leave without making any changes 29 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Rou
64. ply to save the network configuration modification or click Cancel to leave without making any change 4 8 2 IP amp MAC Binding In many enterprise and community networks administrator can setup the IP amp MAC binding feature to ensure that users can not add additional computer or change IPs Through this feature computers will have the same IP addresses every time 41 Q GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life User have two options for the setting Block MAC address not on the list The main purpose for this feature is that only the computers which MAC addresses are on the list have the access to Internet Computers which MAC addresses are not shown can not get IPs When the feature is enabled please fill out the IP column in 0 0 0 0 as well as enable Block MAC address as shown in the following fig S iP amp MAC binding Show new IF user SOSS Hame Enable Add to list Static IP Address lk MAC Address Delete seleered Enters C Block MAC address on the list with wrong IP address IP amp MAC Binding The main purpose for this feature is that the computer with the assigned MAC will alwayshave the same IP Also if Block MAC address on the list with wrong IP address is enabled the computer with assigned IP won t have access to Internet 42 Q GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life P a
65. port software is denied inquiring about the IP address of this specific software server port may apply this feature Moreover to find out BT or P2P software users may select this feature to inquire users from the port 68 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Log gt Specific IP Port status s Specific Dot status for TE IP address fo fo jo jo search Downstream Upstream BytesiSec Bytesihec Source IP Protocol Source Port Interface VvaAn Dest IP Dest Port 69 d INO your future life Specific IP Status 3WAN 1LAN Small Scale Multi WAN QoS Router Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Source IP 192 169 1100 192 166 1100 192 166 1100 192 166 1100 192 168 1 100 192 165 1 100 Protocol TEF TCP TCP TCP TEF TEF Specific IPPort status for Ire Source Port Interface WAH arag 24032 2401 2146 2144 2143 WAMI WAMI LAM WAR WAM WAMI Log gt Specific IP Port status Dest IP 207 658 179 219 192 165 3 10 192 165 3 10 207 46 106 96 192 165 3 10 192 165 3 10 IP address ba fes p bau Search Dest Port 50 443 443 1863 443 443 Downstream Upstream BytesiSec Bytesijec T T D Oo Oo OA D Oo A O Specific Port Status Enter the service port number in the
66. r the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change Show New IP User The main purpose for this feature is to reduce the effort for network administrators It is time consuming to check every computer MAC address and bind the IP and MAC address Moreover manual MAC address keyin also causes errors By looking up the table administrators can see all the MAC addresses which are not binded and apply the binding directly on the table In addition if administrators find that the same MAC address which is already binded is shown on the list it represents that the user is trying to change the IP for Internet access fo TP amp MAC binding List Windows nemet Explorer ca IP amp MAC binding List EnA IP MAC i 192 166 1100 UU ated AT sob Se Name Input the name or address of the client for identification The maximum acceptable characters are 12 Enable Activate this configuration 44 Q WING 3WAN 1LAN Small Scale Multi WAN QoS Router Apply Bind the chosen IP into the binding list Select All All the IP shown on the list will be binded Refresh Update the list Close Close the list Show Tables The list will show all the IP MAC binding and cureent status Users can click Edit for revision LC TP amp MAC binding List Windows Internet Explorer Il IP amp MAC bind ing List IP M
67. rd C Host Hame TT IT Internet IP Address 0 0 0 0 Status Mot Updated D WAN2 DOHS Service 3322 OYE Password Host Hame l l internet IP Address 0 0 0 0 Status DONS function i disabled or Mo Internet connection DDNS Service Check either of the boxes before DynDNS org 3322 org and QnoDDNS org cn Can be applied at the same time User Name The name which is set up for DDNS eInput a complete website address such as abc qnoddns org cn as a user name for QnoDDNS Password The password which is set up for DDNS Host Name Input the website address which has been applied from DDNS Examples are abc dyndns org or xyz 3322 org 39 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Internet IP Address Input the actual dynamic IP address issued by the ISP Status An indication of the status of the current IP function refreshed by DDNS After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 4 7 MAC Clone Some ISPs require a fixed MAC address network card address for ISP verification which is mostly used in cable modem users If required input the network card address MAC Address 00 xx xx xx xXx xx here and the router will use this specific MAC address for verification Please note Only WAN1 can use this setting Advanced Setting
68. ribes how to prevent such virus attack First let us get down to the definition of ARP Address Resolution Protocol In LAN what is actually transmitted is frame in which there is MAC address of the destination host device So called Address Analysis refers to the transferring process of the target IP address into the target MAC address before the host sends out the frame The basic function of ARP protocol aims to inquire the MAC address of the target equipment via the IP address of the target equipment so as to facilitate the communications The Working Principle of ARP Protocol Computers with TCP IP protocol have an ARP cache in which the IP address corresponds to the MAC address as illustrated IP Dt MAC rt 192 168 1 1 00 Of 3d 83 74 28 192 168 1 2 00 aa 00 62 c5 03 192 168 1 3 03 aa 01 75 c3 06 For example host A 192 168 1 5 transmits data to Host B 192 168 1 1 Transmitting data Host A searches for the destination IP address from the ARP Cache If it is located MAC address is known Simply fill in the MAC address for transmission If no corresponding IP address is found in ARP cache Host A will send a broadcast The MAC address is FF FF FF FF FF FF which is to inquire all the host devices in the same network session about 75 d IWIN CS 3WAN 1LAN Small Scale Multi WAN QoS Router your future life What is the MAC address of 192 168 1 1 Other host devices do not respond to the ARP
69. rt ID q Internet Internet Internet Interface LAN WAND WAN WAN Status Connected Enabled Connected Enabled The status of all system ports including Connected Enabled and Closed will be shown d INO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router 3 2 3 General Setting Status Buer Setting Status LAN IP 192 168 191 WANA IP iNi R WAN IP 192 168 3423 WANE ID Dpnnn Demut Gateway WANI 0 0 0 0 WANZ 192168431 MWANG 0 000 DNS CWVAN 0 0 0 0 VIe 18216830 192 488 4315 MWANG 0 0 0 0 LAN IP Indicates the LAN port current IP configuration The default IP is 192 168 1 1 Click the hyperlink to enter and manage the configuration WAN 1 WAN2 WANS IP Indicates the WAN1 WAN2 and WANS current IP configuration Click each hyperlink to enter and manage the configuration When Obtain an IP automatically is selected two buttons Release and Renew will appear on the right of the page Click Release to release the IP that is issued by the ISP and click Renew to refresh the IP that is issued by the ISP If a WAN connection such as PPPoE or PPTP is selected Disconnect and Connect will appear on the page Default Gateway Indicates the current Gateway IP configuration Click the hyperlink to enter and manage the configuration DNS Indicates the current DNS IP configuration Click the hyperlink to enter and manage the configuration 3 2 4 Advanc
70. rvers should go with different WANs 34 d ONO your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Destination IP Defarult Gateway Hop Count Interface Add to list Delete selected IP Advanced Setting gt Routing Static Routing Destination IP 3 LS i Subnet Mask L H ISS iT Default Gateway e Se Hop Count zm interface Lan l Add to List Delege selected Tr Input the remote network IP locations and subnet that is to be routed The default gateway location of the network node which is to be routed This is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 This is to select WAN port or LAN port for network connection location Add the rule into the list Delete the selected IP in the list 39 d gt mg i i S I d your future life 3WAN 1LAN Small Scale Multi WAN QoS Router Show Rounting Display the current routing list Table Apply Save the parameter changes by pressing Apply Cancel Clear the parameter changes by pressing Cancel Will be effective before pressing Apply 4 5 Ont To One NAT If ISP provides several IP addresses you can map the other available IPs with intranet computers Except the device WAN and fiber switch or ATU R G
71. such as the IP address of an ADSL router will be input automatically by the device Therefore users just need to check the option if this function is needed This is the detected location for the ISP port such as the DNS IP address of ISP When configuring an IP address for this function make sure this IP is capable of receiving feedback stably and speedily Please input the DNS IP of the ISP port This is the detected location for the remote Network Segment This Remote Host IP should better be capable of receiving feedback stably and speedily Please input the DNS IP of the ISP port This is the detect location for DNS Only a web address such as www hinet net is acceptable here Do not input an IP 15 d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life address In addition do not input the same web address in this box for two different WANs After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any change Bandwidth Bandwidth WANT Upstream 712 Kbit sec Downstream 12 Kbit sec WAN Upstream 312 Kbit sec Downstream 512 Kbitsec WANS Upstream 312 Kbit sec Downstream 512 Kbit sec Firewall Router will decide the automatic load balance ratio according to the upstream bandwidth users input for the two WAN ports For instance if the upstream bandwidth for both WANs is 512Kbit sec the automatic balan
72. table under the condition that one of the WAN connections has failed the traffic going through this WAN to the destination IP cannot shift to another WAN to reach the destination For example if users want the 14 d s d T em e ie F i LE Kul A A WW L your future life 3WAN 1LAN Small Scale Multi WAN QoS Router traffic to 10 0 0 1 10 254 254 254 to go only through WAN1 while WAN2 is not to support these destinations users should select this option When the WAN1 connection is interrupted packets for 10 0 0 1 10 254 254 254 cannot be transmitted through WAN 2 and there is no need to remove the connection when WAN 1 is interrupted 2 Remove the Connection If an ISP connection failure is detected no error message will be recorded in the System Log The packet transmitted through this WAN will be shifted to the other WAN automatically and be shifted back again when the connection for the original WAN is repaired and reconnected This option is suitable when one of the WAN connections fails and the traffic going through this WAN to the destination IP Should go through the other WAN to reach the destination In this way when any of the WAN connections is broken other WANs can serve as a backup traffic can be shifted to a WAN that is still connected Detecting Feedback Servers Defaule Gateway ISP Host Remote Host DNS Lookup Host The local default communication gateway location
73. ter your future life 4 Advanced Setting This chaptor introduces advanced settings including virtual server routing IP mapping and DDNS 4 1 DMZ Host When you keyin the private IP into this DMZ ption public IPs for WAN1 and WAN will be applied for this computer only That is packets for WAN will be sent to this computer Advanced Setting gt DMZ Host DM Private IP Address 192 168 1 fa If the DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be disabled After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 4 2 Forwarding Setting up a Port Forwarding Virtual Host If the server function which means the server for an external service such as WWW FTP Mail etc is contained in the network we recommend that users use the firewall function to set up the host as a virtual host and then convert the actual IPs the Internet IPs with Port 80 the service port of WWW is Port 80 to access the internal server directly In the configuration page if a web server address such as 192 168 1 50 and the Port 80 have been set up in the configuration this web page will be accessible from the Internet by keying in the device actual IP address such as http 211 243 220 43 At this moment the device actual IP will b
74. us E mail cannot be sent because you have not specified an outbound SMTP server address The E Mail hyperlink will be connected to Syslog page 1 If the e mail server has not been configured in the log setting the information will appear as E MAIL can not be sent because you have not specified an outbound SMTP server address d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life 2 If the e mail server has been configured in the log setting but e mail transmission conditions are not reached the threshold the information will appear as E MAIL settings have been configured 3 If the e mail server has been configured in the log setting and the log has been transmitted to the e mail server the information will appear as E MAIL settings have been configured and sent out 4 Ifthe e mail server has been configured in the log setting but the log is not able to be sent to the e mail server the information will appear as E MAIL cannot be sent out probably use incorrect settings 3 3 Basic Connection Settings This General Setting page contains the basic settings For most users completing this general setting is enough for connecting with the Internet However some users need advanced information from their ISP Please refer to the following descriptions for specific configurations 3 3 1 General Setting d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future li
75. which WAN will be applied for the priority setting Service Choose the service port for the priority rule For example if the service is FTP choose FTP Port21 21 Direction Upstream Control the service for upstream traffic Downstream Control the service for downstream traffic Priority High This grarantees the service port with 60 bandwidth Low This limits the service port with 10 bandwidth Enable Activate the rule Add to list Add the rule to the list Delete selected Remove the rules selected from the Service List Application Show Tables This will display all the rules users made for the bandwidth Click Edit to modify After the changes are completed click Apply to save the configuration or click Cancel to leave without making any change 3 3 5 Password This is an advanced management tool for the device The default password of the host is 2l WN 3WAN 1LAN Small Scale Multi WAN QoS Router future life admin For safety concern we strongly recommend that changing the password after the first time login is required Please keep the password or you might not login the firewall router You will have to retrun the factory default if the password is lost General Setting gt Password User Hame admin Old Password New Password Confirm New Password User Name The default is admin Old Password Input the original password New Passw
76. yword Delete selected keywords Hdd Hew 2 Prevention of Shock Wave and Worm Virus Since many users have been attacked by Shock Wave and Worm viruses recently the internet transmission speed was brought down and the Session bulky increase result in the massive processing load of the device The following guides users to block this virus corresponding port for prevention 2 d ONO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life a Add this TCP135 139 UDP135 139 and TCP445 Port LC service Management Windows Intemet Explorer 2 htp7220 130 188 43 senvicell him BE Service Name IMAP HTP TCP 1197119 PoPa TCP iio07110 SHAE UDF 161 161 Protocol SKIP TCP 25 25 ITELHET TCF 2333 TCP TELNET Secondary TCE s023 8023 EE ITELHETSSL TCP 9927992 Port Range lnuce upp eT 67 tol jLeTP vDP1 r01 Lol FETE TCP 1T23 1723 iFsec UD hdd to list L ES LI ERR mm b Use the Access Rule in the firewall and set to block these three ports Services Action Deny Service TCRITCE 1357139 D Log Hot log Source Interface in source F in Destination IP Je Service Management d GINO 3WAN 1LAN Small Scale Multi WAN QoS Router your future life Use the same method to add UDP UDP135 139 and TCP 445 445 Ports c Enhance the priority level of these three to the highest Firewall
Download Pdf Manuals
Related Search