here
Contents
1. Gigabit Multi business Router Copyright Statement IP COM isthe registered trademark of IP COM Networks Co Ltd All the products and product names mentioned herein are the trademarks or registered trademarks of their respective holders Copyright of the whole product as integration including its accessories and software belongs to IP COM Networks Co Ltd No part of this publication can be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the prior written permission of IP COM Networks Co Ltd If you would like to know more about our product information please visit our website at www ip com com cn Disclaimer Pictures images and product specifications herein are for references only To improve internal design operational function and or reliability IP COM reserves the right to make changes to the products described in this document without obligation to notify any person or organization of such revisions or changes IP COM does not assume any liability that may occur due to the use or application of the product or circuit layout s described herein Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statements information and recommendations in this document do not constitute the warranty of any kind express or implied Preface Thank you for purchasing this IP COM prod2. Click Save to apply your settings Advertisement This page is used to customize the advertisement push page IP COM word wide wireless Logout Select Image i Edit Box wW System Status Advertisement E Network Settings l Bandwidth Control us Portal Authentication Portal Authentication Advertisement Online User VPN Settings Advanced Settings o System Tools Redirect to page http Awww ip com com cn Save Cancel o Select Image Select image to import to the device for the redirect page The image should be less than 256KB and 800 400px jpeg jpg png gif is recommended e Edit Box Here you can write the message that appears when users log in to the redirect page successfully Up to 400 characters can be input here O Redirect to page Enter the URL you want to redirect to when the User has been successfully authenticated Online User This page allows you to view the account information when you enable portal authentication Click Disconnect to disconnect the connected users Then the user will be required to authenticate again IP COM World Wide Wireless Logout re System Status Online User aes Network Settings laa Bandwidth Control A ID Remark User IP Address MAC Address Active Time online Time Action i Portal Authentication Portal Authentication Advertisement Online User VPN Settings VPN Virtual Private Network is a private network establ
3. Chapter 2 Device Installation Installation Notes To ensure service of this product and for your own personal safety please follow the note below Safety Alert Install the device following static electricity precautions e Wear anti static gloves while installing and connect the device to power after finishing other installation e Use the included power cord to power the device e Make sure the input voltage matches the value which is marked on the device s label e Place the device in a well ventilated and dry environment e Do not open the device case e Cut off the power connection if you want to clean the device Do not clean the device with any liquid cleaner e Position the device away from a strong electrical current There is an IP COM seal on one of the cover screws The seal must remain unbroken The user should not break the seal as this will void the warranty Environmental Requests a Temperature Humidity Item Temperature Humidity Operation Environment 10 C 45C 10 90 RH non condensing Storage Environment 40 C 70 C 5 90 RH non condensing Y Anti static Precautions To protect the device from static electricity harm e Keep the device in a clean and clear environment e Clean the device regularly e Properly ground the device to efficiently dissipate static electricity a Lightning Protection To protect the device from a lightning strike or power surge e Properly grou
4. a web browser Click Advanced Settings gt Remote WAN to enter the configuration page 1 For better security customize a port number between 1024 and 65535 for the remote WAN interface Do not use the number of any common service port 1 1024 in case of conflicts 2 Make sure your WAN IP address Internet IP address is a public IP address Private IP addresses are not routed on the Internet 3 It is unsafe to make your router remotely accessible to all PCs on external network For better security we suggest that only enter the IP address of the PC for remote management To access your router WAN IP address 102 33 66 88 at your home from the PC 218 88 93 33 at your office via the port number 8080 IP COM word wide Wireless Logout Ar System Status Remote WAN E Network Settings Remote Web Access Enable d Bandwidth Control E IP Address o Ho Ho oO AL Portal Authentication Port 8080 VPN Settings Advanced Settings Network Diagnostics Static Routing Port Forwarding Remote WAN WAN Ping DDNS Page Timeout o System Tools Save Cancel Check the Enable box to enable the Remote Web Access function IP Address Specify the IP address for remote management When it is set to 0 0 0 0 the device becomes remotely accessible to all the PCs on Internet or other external networks It 1s not safe In this example enter 218 88 93 33 Port Specify the management port t
5. device All the connections will be disconnected when rebooting Reset If the device or client connected to the device fails to access the Internet due to incorrect configurations and you cannot solve the problem you can reset the device Once you reset your device all your current settings will be lost and you need to reconfigure it To reset your device two methods are available Method 1 Via Web UI Click System Tools gt Maintenance locate the Restore to Factory Default section and click Reset Method 2 Via the hardware RESET button Pressing the RESET button for 5 15 seconds restores this device to its factory defaults Factory Default Settings User Name admin O Password admin Oo IP Address 192 168 0 252 Upgrade If your device is in normal operation it is not advisable to upgrade your device If you want to acquire the latest software version or better value added functions for your device you can access our official website www ip com com cn to download the latest software for upgrading To upgrade your device Launch a web browser and go to www ip com com cn to download the latest firmware Unzip the compressed upgrade file in the corresponding directory Click System Tools gt Maintenance locate the Upgrade Firmware section and click Upgrade Upgrade Firmware Upgrade Click Choose File in Google browser to locate and select the upgrade file in the corresponding directory on y
6. 0 x x can be any number between 2 254 excluding 252 and retry Clear the Web browser cache or try another browser Try another computer to access the configuration screen O Restore the device to factory defaults and retry Confirm there is no device in the same LAN whose IP is 192 168 0 252 and retry Q2 I forgot my login username and password What should I do A2 Try the default settings first Default LAN IP 192 168 0 252 Login username admin password admin If it does not work restore the device to factory defaults and retry with the default settings Q3 How do I restore the device to factory defaults if I cannot access the device configuration screen A3 Power up the device and press the RESET button on the front panel for 5 15 seconds In about one minute the device should restore to its factory defaults 2 Technical Specifications Item Max Connections CPU DDR3 FLASH Max concurrent session Throughput two way Interface LEDs Button Operation Storage temperature Operation Storage humidity AC input Power consumption Dimension Specification 120 Dual core ARM 800MHz processor 256MB 128MB 60000 100Mbps 5 10 100 1000Mbps auto negotiating RJ45 ports Default 2 WAN 3 LAN Max 4 WAN 1 LAN 1 Console port 1 POWER LED 1 SYS LED 5 Link Act LEDs 5 Speed LEDs 1 RESET button 1 ON OFF button 10 C 45 C 40 C 70 C 10 90 RH non conde
7. Sense peer eRe err rere Core E E mprece Tr eure reer ee 15 Network o tesa oer ec ERD a eA a ee OE a ean sa Sea REMC eee 15 LCAN Settinos aa a a me free reenter ee 15 WANS EIAS S e sados 16 EMO RES sad 16 a eee ee eee a 18 Bandwidth C ontok a a E erence rer renee rice ere ce are 19 o A se cre E A ett E em E cree eemance tear meet pmmneet te ace 21 A d e a se preter A rene pene Rory eee Ene nen eer reer rene eee 21 A EE A E aatesteat sack teen ancate ca amen sauteed sack aca ancate ad mans aatesnnat sect Gace cate ca aman saateeneat sania 22 O01 bit oral OSs epee nee E E E E E E E E E E A E 23 IS Sieroter te seme eee ate earn ece ie mec eet ener een ra ena ner ene ce een mene ant ete eee eee aes 24 PETE Serve a errr cre ee rerrer re cnrt intrest rrr tr eenrrrr se mrry cre reenter rerrere reer centr eer cry er rere 24 PETE i tao erm ener ert ee Ce heer te emer arte E t ete ere ener ne re eer E er ener ne renee 26 ESA Tae cs O epee eer rey ETEC OS 28 Apphicatom Example e sal eae 29 IPSec Seine aan E en ewer mee cee eee ee ere 34 Apphcation Example of Ul ed stele seek ne ere Be a ean ents ener emer erate er eke ner era ener 40 O E E A E 46 O Te NO 47 A US Merce ce ence E eneane sete cen enfrene mee 49 Advanced A Sree nec teen een nee ee eee are Pelee teeter ene er eee aie adenine ema see ete rnee ene esas 49 Jo 110 BV v2a 010 1018 eis nearer emer eens cease eres ere eee cret cee errr ere merce eet cer etree eek neer ean erence 49 Satie
8. files which you have stored on your hardware disk previously Click Restore Backup Restore x Backup configurations Backup Administrator This page allows you to change the login username and password of the administrator Click System Tools gt Administrator to enter page below World Wide Wireless Wr System Status Administrator es Network Settings Old User Name admin k Bandwidth Control Od Geen 4 Portal Authentication New User Name VPN Settings New Password Confirm New P d z Advanced Settings ee o System Tools Date amp Time Maintenance Administrator System Log Save Cancel System Log Here you can view the history of the device s actions After 300 entries the previous logs will be cleared automatically IP COM word wide Wireless Logout hr System Status System Log E Network Settings ID Time Type Log t A 1 2015 07 02 11 28 28 system udhcpd_brO Server Start iL Portal Authentication 2 2015 07 02 11 28 25 system System start 3 2015 07 02 11 28 25 system System Start Success VPN Settings Advanced Settings o System Tools Date amp Time Maintenance Administrator System Log Appendix 1 FAQs Q1 I cannot log in to the device configuration screen with 192 168 0 252 during the initial login What should I do A1 Verify that all cables are connected correctly and well Confirm the TCP IP settings on your PC verify it is 192 168
9. for the L2TP client When the L2TP client is a network this is a required option L2TP Client When there is a L2TP server in your network you can connect your router to the L2TP server by configuring the L2TP client function Click VPN Settings gt L2TP Client to enter page below i a C O M World Wide Wireless dr System Status L2TP Client a Network Settings Enable Client il Bandwidth Control WAN Port WANO T iL Portal Authentication L2TP Server VPN Settings Username PPTP Server Password PPTP Client Remote IP Segment L2TP Server Remote subnet mask L2TP Client IPSec Settings Oo Enable Client Check it to enable the L2TP client function WAN Port Select the WAN port on which to enable the L2TP Client o L2TP Server Configure the L2TP server s IP address which is the WAN IP address of the remote router whose L2TP server function is enabled o Username Enter the user name you ve configured on the L2TP server Oo Password Enter the password you ve configured on the L2TP server Oo Remote IP Segment Set the internal IP segment of the remote L2TP server Oo Remote Subnet Mask Set the internal subnet mask of the remote L2TP server Application Example of PPTP L2TP There is a company based in Place A but has a branch office in Place B Staffs both in the headquarters and its branch need to share their internal resources securely Assume that the VPN routers in Place A and Place B are SE3100 and ve
10. of inactivity You can set the length of the inactive period To change the page idle timeout click Advanced Settings gt Page Timeout to set the page timeout you wish to and click Save The default is 5 minutes Page Timeout Page Timeout 5 System Tools This section helps you to better monitor and maintain your device Date amp Time This page assists you in setting the device s current time you can select to either set the time and date manually or obtain the GMT time from the Internet automatically System time can be configured using the following 2 methods Synchronized with the Internet If enabled system automatically connects to NTP server on the Internet to synchronize the time Manual Specify the time and date manually or click Synchronized with local time to automatically copy your current PC s time to the device Method 1 To synchronize with the Internet Click System Tools gt Date amp Time Time Setup Select Synchronized with the Internet Time Interval Select a time interval from the drop down list Time Zone Select your time zone 6 Click Save to apply your changes IP COM work wide Wireless Logout hr System Status Date amp Time E Network Settings Time Setup Synchronized with the Internet Manual i Bandwidth Control Tine Tiival 30 minutes 5 iL Portal Authentication Time Zone GMT 08 00 Beijing Chongqing Hong Kong Urumudi Taipei v VPN Settings a Advanced Se
11. the authentication type of IPsec is X 509 corresponding certificates configurations will be needed Click VPN Settings gt Certificates to configure certificates settings IP COM World Wide Wireless Logout hr System Status Certificates Network Settings a J Local Certificates k Bandwidth Control Generate Certificate Import certificate Save to Device Delete 2 Portal Authentication ID Name Title Type Specification Status Action VPN Settings 1 test CN test emailAddress wang Certificate 1024 Disabled i PPTP Server 2 z CN tenda emailAddress 112 Certificate 1024 Disabled y T PPTP Client LOTP Server Remote Certificates L2TP Client Import certificate Save to Device Delete IPSec Settings ID Name Title Type Specification Status Action Certificates y l x 1 test 30 CN test emailAddress test Certificate 1024 Disabled Jt Thy VPN Clients 5 ec 2 z CN tenda emailAddress 112 Certificate 1024 Disabled tt Thy VPN Passthrough Y On the local router generate a local certificate click Save to Device and click to download the certificate Meanwhile import the certificate to Remote Certificates of the remote router and click Save to Device On the remote router generate a local certificate and click Save to Device and click to download the certificate Meanwhile import the certificate to Remote Certificates of the local router and click Save to Device How to generate a local certifica
12. value at the other end of the tunnel Application Example of IPsec There is a company based in Place A but has a branch office in Place B Staff both in the headquarters and its branch need to share their internal resources securely Assume that the VPN routers in Place A and Place B are SE3100 and verify that the two SE3100 can access the Internet successfully Internet IPsec Client WANO IP 1 1 1 3 IPsec Server WANO IP 1 1 1 20 Server Pcl PC2 PC3 PC4 PCS Intranet in the Headquarters LAN in the Branch 192 168 20 0 24 192 168 30 0 24 Configurations on the SE3100 in the headquarters Click VPN Settings gt IPsec Settings and click Add to configure IPsec parameters Assume that the negotiation type is Auto and the authentication type is Shared Key Check Enable and select WANO as the WAN port on which to enable the IPsec server 6 Set a connection name say Server Specify the remote gateway say 1 1 1 30 Specify the remote IP segment say 192 168 30 0 24 And the Local IP Segment will be displayed as 192 168 20 0 24 automatically Set a pre shared key say 12345678 Check PES Verify that other parameters on both the IPsec server and IPsec client are identical Click Save to apply your changes 1 When the negotiation type is Auto and the authentication type is X 509 set corresponding Local Certificate and Remote Certificate and keep other parameters the same
13. wide Wireless Logout We System Status IPSec Settings E Network Settings j Add Delete l Bandwidth Control ID WAN Connection Name Tunnel Protocol Remote Gateway Status Action iL Portal Authentication 1 WANO test ESP 1 1 1 1 Enabled S 2 T VPN Settings PPTP Server PPTP Client L2TP Server L2TP Client IPSec Settings Certificates Two negotiation types are available here for IPsec settings Auto and Manual When Auto is selected the SPI value is obtained via auto negotiation When Manual is selected you need to specify a value manually Negotiation Type Auto IPsec Settings Enable WAN WAND T Connection Name Tunnel Protocol ESP T Remote Gateway Local IF Segment 192 168 0 0 24 Remote IP Seqment Negotiation Type Authentication Type Shared Key Pre shared key Enable check it to enable the IPsec function WAN Specify the local WAN port for this Policy The Remote Gateway of the remote router should be set to the IP address of this WAN port Connection Name Set a name for IPsec connection for identification Tunnel Protocol Select the corresponding tunnel protocol ESP AH or ESP AP Remote Gateway IP address or domain name of the remote router Local IP Segment Internal IP segment of the local router Remote IP Segment Internal IP segment of the remote router Negotiation Type Select Auto If Manual is selected see Negotiation Type Manual Authentication Type Select the
14. 255 255 255 0 Click Save to apply your changes MPPE PPTP User User test Password Remark test Address Type Dynamic IP T Network segment F Remote IP Segment 192 168 30 0 Remote subnet mask 255 1255 1255 10 Save Cancel Configurations on the SE3100 in the branch El On the web UI of SE3100 in the branch click VPN Settings gt PPTP Client to configure PPTP client settings Check Enable Client 6 Select WANO as the port for PPTP client Enter the WAN IP address of the PPTP server say 1 1 1 20 Enter the PPTP user name say test Enter the PPTP password say test Enter the IP segment of the remote PPTP server say 192 168 20 0 Enter the subnet mask of the remote PPTP server say 255 255 255 0 Click Save to apply your changes PPTP Client Enable Client F WAN Fort WANO 7 PPTP Server 1 1 1 20 Username test Password _ Remote IP Seqment 192 168 20 0 Remote subnet mask 255 4255 1255 10 Verification Method 1 On the web UI of SE3100 in the headquarters click VPN Settings gt VPN Clients to view the PPTP Client List If the PPTP client negotiates with the PPTP server successfully PPTP client info will be displayed here IP COM wond wide Wireless Logout hr System Status VPN Clients En Network Settings PPTP Client List laa Bandwidth Control ID Remark Account IP Address Online Action pq Portal Authentication VPN Settings L2TP Client Lis
15. 55 255 255 0 O Gateway It is recommended to enter the IP address of the LAN port of the device Oo Primary Alternate DNS Enter the DNS server address provided by your ISP If you are not clear please consult your ISP Lease time It s the length of time for the IP address lease After the IP address has expired the client will be automatically assigned a new one Load Balance This page allows you to configure the sharing traffic statistics of the WAN ports to optimize resource utilization When Load Balance is enabled the device will use sessions or users automatically allocate connections to achieve load balance for corresponding WAN connections Click Network Settings gt Load Balance to enter page below i ja a C O M World Wide Wireless Ar System Status Load Balance GS Network Settings Default WAN Port WANO T LAN Settings Load Balance Policy e Disable WAN Settings Based connected users Based connection sessions DHCP Server Load Balance o Based connected users If Based connected users is selected the WAN bandwidth will automatically allocate connections based on users to achieve network load balance o Based connection sessions If Based Connection Sessions is selected the WAN bandwidth will automatically allocate connections based on session numbers to achieve network load balance Bandwidth Control This section will assist in prioritizing your network bandwidth usage to assu
16. 56 bit key 3DES Triple DES encrypts a plain text with 168 bit key AES 128 Use the AES Advanced Encryption Standard algorithm and 128 bit key for encryption AES 192 Use the AES Advanced Encryption Standard algorithm and 192 bit key for encryption AES 256 Use the AES Advanced Encryption Standard algorithm and 256 bit key for encryption ESP Encryption Key Set the ESP encryption key Keys on both sides should be identical o ESP AH Authentication Algorithm When ESP is selected set ESP authentication algorithm When AH is selected set AH authentication algorithm The following authentication algorithms are supported on this router MDS MDS Message Digest Algorithm generates a 128 bit message digest and prevents the message from being tampered SHA1 SHA Secure Hash Algorithm generates a 160 bit message digest and it is more difficult to be cracked than MDS o ESP AH Authentication Key Set the ESP AH authentication key Keys on both sides should be identical o ESP AH Outcoming SPI Specify the Outcoming SPI Security Parameter Index manually SPI remote gateway and tunnel protocol identify an IPsec alliance The Outgoing SPI here must match the Incoming SPI value at the other end of the tunnel o ESP AH Incoming SPI Specify the Incoming SPI Security Parameter Index manually SPI remote gateway and tunnel protocol identify an IPsec alliance The Incoming SPI here must match the Outgoing SPI
17. 86 755 2765 3089 Email info 1p com com cn Contents Chapter I Product Overy lew coc ce cc ccec sete once se sess cece ocecceee SASEAR EAA AASA SASEA ETA EEA A ESAR ESSEE eee 1 a E 1 A a l Picke Contents a l O De o a O ON 2 IB AC Kale ANC lems deca arate oat casntet a tan tad vee Gsca ncaa E a tentad nes Soca arate oad casnanat ac tantad dees Gad acaae saa aasnten a tena seas eeg 3 Bloc Een Perr ie ane rte ere Tee er ree ee Pree ene ee a ree io 4 Chapter 2 Device Imstall grimy s c c c cscc cescncassccescoesesoresesescacscsssesucsscccsveeseserecccescsesesecescacscscstesteccsesevesess 5 a 5 Sane VAE a ee cian erat stan rye aernr dv na hs Weary resto rene ned tenner eee 5 EN ronne MIr Rete Wat reece reer erent ey tet id 5 A ROOMS a O 6 A da 7 A rer ery ree eran ee re eae ened Were rere wee eee ee eee i BD MOU a ante eeececer nenencer E nr cre Or femeniecy ene cece heen nar eonencc rete Eater 7 Play Sie al CO mie Gl o 8 Chapter SE ocine aaae E EEE ea EEE ae EEE 11 Losintothe Device a tarts sate ct eee ements erst etn ate eee a ccr nernn amine ger tee ae 11 A Beir vurern tel learner secre erence ere E ice rer nr ae reer Seon ery anne error nearer Pernnce nee 13 OO rater eee eee ee mer eT ere err ee eRe ne hee ee eee reer ere reer eer one reer on ee 13 SESS E caan es cea anaaeenanmenCaa seit 14 Devic TiO E a E E E 14 WAN SASIE a ee en ee gc em ae eS ee en ee ate eee are Tetra ee eee Tn re aa eee etree eee AO 14 En 1 6c 100s
18. F7 90 Subnet Mask 255 255 255 0 WAN Info WAN Statistics Click System Status gt WAN Statistics to enter page below where you can view traffic statistics on WAN port s IP COM world wide Wireless Logout hr System Status WAN Statistics Device Info mE Interface Sessions Uplink Downlink Total Uplink Traffic Total Downlink Traffic WAN Statistics a wan0 0 00KB s 1 62 KB s 2 12 KB 225 96 KB Clients Statistics wanl 0 00KB s 0 00 KB s 0 00 KB 0 00 KB E Network Settings k Bandwidth Control Clients Statistics Click System Status gt Clients Statistics to enter page below where you can view real time traffic Statistics of connected hosts IP C OM word wide Wireless Logout hr System Status Clients Statistics Device Info AN ID User IP Address Sessions Uplink Downlink Total Uplink Traffic Total Downlink Traffic WAN Statistics J E 1 192 168 0 106 228 2 46 KB s 17 26 KB s 7 67 KB 53 84 KB Clients Statistics HES Network Settings Network Settings This section instructs you on setting up your device to the Internet LAN Settings To configure the LAN IP address for the device click Network Settings gt LAN Settings to enter page below P COM word wide Wireless Logout Ar System Status LAN Settings D Network Settings IP Address 192 168 0 252 LAN Settings Subnet Mask 255 255 255 0 WAN Settings DHCP Server Load Balance k Bandwidth Control y Portal Authentication VPN S
19. Mask Gateway Primary DNS Status Action brO 192 168 20 100 192 168 20 255 255 255 0 192 168 20 252 8 8 8 8 Enabled S 2 T DHCP Server Load Balance l Bandwidth Control B Portal Authentication VPN Settings Advanced Settings t System Tools Item Description a Here you can select function menus The results will be displayed on Navigation Bar l l configuration zone Configuration Zone Here you can set the device and view the configuration Close the current screen or click on the top right corner Follow the onscreen instructions to log off Closing the current device Web tab will not force current user to log off Chapter 4 More Functions System Status This section can help you get to know more about device info WAN statistics and client statistics Device Info Click System Status gt Device Info to enter page below where you can view the device info including interface status system status LAN info and WAN info IP COM word wide Wireless Logout hr System Status Device Info Interface Status WAN Statistics Clients Statistics ey ey my my my Seer LANO LAN1 LAN2 WAN1 WANO dfs Network Settings i Bandwidth Control System Info E Portal Authentication e Device Name SE3100 VPN Settings System Time 2015 07 01 10 25 13 3 44 Advanced Settings Running time 1 hour 4 min Firmware Version V1 0 0 5 CPU Memory o System Tools LAN Info LAN IP 192 168 0 252 LAN MAC 00 B0 2C 0B
20. O M World Wide Wireless Ar System Status PPTP Client Gis Network Settings Enable Client di Bandwidth Control WAN Port WANI 7 i Portal Authentication PPTP Server 5 VPN Settings Username PPTP Server Password Remote IP Segment L2TP Server Remote subnet mask L2TP Client IPSec Settings Oo Enable Client Check it to enable the PPTP client function o WAN Port Select the WAN port on which to enable the PPTP Client o PPTP Server Configure the PPTP server s IP address which is the WAN IP address of the remote router whose PPTP server function is enabled o Username Enter the user name you ve configured on the PPTP server O Password Enter the password you ve configured on the PPTP server Oo Remote IP Segment Set the internal IP segment of the remote PPTP server Oo Remote Subnet Mask Set the internal subnet mask of the remote PPTP server MPPE is not supported for the PPTP Client function of this router If this router works as the PPTP client please disable MPPE on the PPTP server L2TP Server The Layer 2 Tunneling Protocol L2TP is a layer 2 VPN tunneling protocol to encapsulate packets and add extra header to packets by using PPP Point to Point Protocol Click VPN Settings gt L2TP Server to enter page below 1P COM World Wide Wireless Logout dr System Status L2TP Server de Network Settings L2TP Server Disable Enable If Bandwidth Control WAN Port WANO AL Portal Authenticati
21. ROUNE Nm oe PEE O em tee mT ae een eee eae ee ee eer er eer ere 52 Por Korwin e e eee eer rere Orc ren nee a tree eee mre 55 Remote WAN a a A A A E uaa ant asisaa eansaaetaaas 57 WA NEPS a E eee eae ee eee et tes ene steal A nminteenc to Crane nance teins ee 58 DO eeantne rae tee 59 Rase Timeout a a a eee enter coker ee erecta o eee ere 61 115100100 Doo Le 5 cerca te E inte a eae 61 DA caos 62 Maintenance a aatestect nace cena cate ca aman anteenngd A caecum ca aman saatesntatsaaaaer 63 Adminis tEato else a Nene te sere eerie Herren tae rar tere een A tn ere ence ener terror reer mreny a oeerer 66 SN OE r renra eerste eer cerry coe rere am Teen eee cee eran re err Ree neem ee 67 AAE ooh E E E E E A 68 PENAOS T ere eens E E E E E E vere rere 68 EMS Meet el OTS a a o 69 So Regulatory Compliance UiniormmatO macnn cescace es E a E cen cece ne eearene semen 70 Chapter 1 Product Overview Overview IP COM SE3100 is a Gigabit business class router that has integrated multi WAN capability load balance bandwidth control portal authentication and VPN settings There are three LAN WAN multiplexing ports which can be configured as LAN ports or WAN ports to suit your needs Features e Supports load balance and DHCP server e Supports bandwidth control static routing and portal authentication e Supports DDNS and remote device management e Supports VPN settings Package Contents Open the box and verify the following package conte
22. T Common Service FTP 21 External Port 21 Internal host 192 168 0 101 Internal Port 21 Protocol TCP UDP TCP UDP Save Cancel Check the Enable box to enable the port forwarding function External Interface Specify the WAN port you want to configure port forwarding settings External Internal Port Specify the external port and internal port Generally the port number in both External and Internal port fields are the same say 21 for FTP Contact the corresponding service provider or google it if you don t know the port number of the service to use Internal host Specify the internal host s IP address In this example enter 192 168 0 101 Protocol Specify the protocol required for the service utilizing the port s Select TCP UDP if you are not sure Click Save to apply your changes Now your friends only need to enter ftp xxx xxx xxx xxx 21 in their browsers to access your FTP server XXX XXX XXX XXX is the router s WAN IP address In this example it is 192 35 244 22 and then your friends need to enter ftp 192 35 244 22 21 in their browsers If you use the port number 80 here you must set the port number for remote WAN Click Advanced Settings gt Remote WAN to any port number excluding 80 to avoid conflicts Otherwise the port forwarding feature may not be effective Remote WAN The Remote WAN allows the device to be configured and managed remotely from the Internet via
23. as shown above For settings of certificates see Certificates 2 When the negotiation type is Manual please verify that encryption key and authentication keys on both the IPsec server and IPsec client are identical and outcoming SPIs and incoming SPIs are opposite IPsec Settings Enable id WAN WANO Connection Name Server Tunnel Protocol ESP Remote Gateway 1 1 1 30 Domain Local IP Seqment 192 168 20 0 24 1 0 24 Remote IP Segment 192 168 30 0 24 A Negotiation Type Auto Authentication Type Shared Key Pre shared key 12345678 Period 1 Mode Main Mode Encryption Algorithm IDES Integrity Verification MDS Algorithm Diffie Hellman Group 768 bit Key Life Cycle 3600 Min 600s Period 2 PFS A Encryption Algorithm 3DES T Integrity Verification MDS T Algorithm Diffie Hellman Group 768 bit Key Life Cycle 3600 Save Cancel When configurations are completed the following actions are allowed O Click the button to disable IPsec settings and click the button y to enable IPsec settings O Click the button to edit IPsec settings O Click the button ii to delete IPsec settings When IPsec negotiation completes you cannot directly edit IPsec settings If necessary click the button 8 to disable IPsec settings first and then edit it IPSec Settings Add Delete ID WAN Connection Name Tunnel Protocol Remote Gateway Status Action 1 WANO Server ESP 1 1 1 30 Enabled Q 2 Thy Configurat
24. authentication type Shared Key or X 509 When Shared Key is selected please set a key for mutual authentication Pre shared keys of the local router and the remote router must be the same Authentication Type Shared Key T Pre shared key When X 509 is selected please ensure that certificates of the local router and the remote router are the same For settings of the certificate see Certificates Authentication Type x 509 T Local Certificate test T Remote Certificate test T When the Negotiation Type is Auto the entire negotiation process will be divided into 2 periods In Period 1 the two sides will negotiate to exchange security proposals like integrity verification algorithm and encryption algorithm and establish an ISAKMP Internet Security Association and Key Management Protocol SA Security Association so that more info in Period 2 can be exchanged securely In Period 2 it will establish IPsec SA by using ISAKMP SA created in Period 1 to protect communication data between two sides Period 1 Period 1 Mode Main Mode T Encryption Algorithm IDES T Integrity Verification MDS T Algorithm Diffie Hellman Group 768 bit T Key Life Cycle 3600 Mode Set the exchange mode for the negotiation in Period 1 The exchange mode must be identical with its remote one Two modes are available here In Main mode the two sides exchange packets a lot As this mode provides identification protection it is suitable for higher
25. correct the interference at his own expense FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment NOTE 1 The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment 2 To avoid unnecessary radiation interference it is recommended to use a shielded RJ45 cable
26. d IP address Internet SE3100 WAN IP 192 35 244 22 PC 2 IP 192 36 244 96 ew LAN IP 192 168 0 252 3100 PC 1 FTP Server IP 192 168 0 101 Application Example As shown in the diagram above your PC PC1 192 168 0 101 connects to the router and runs an FTP server on port number 21 Your friend PC2 192 36 244 96 wants to access the FTP server on your PC 1 Make sure your WAN IP address Internet IP address is a public IP address Private IP addresses are not routed on the Internet 2 Make sure that the service port number you entered on the router and the service port number you configured on the PC are identical 3 To ensure that your server computer always has the same IP address assign a static IP address to your PC 4 Operating System built in firewall and some anti virus programs may block other PCs from accessing resources on your PC So it is advisable to disable them before using this feature IP COM word wide Wireless Logout Ar System Status Port Forwarding En Network Settings Add l Bandwidth Control ID WAN Interface External Port Internal host Internal Port Protocol Status Action A a Portal Authentication O VPN Settings L Advanced Settings Network Diagnostics Static Routing Port Forwarding Click Advanced Settings gt Port Forwarding to enter the page as shown above and click Add Port Forwarding x Enable x External Interface WANO
27. d wide Wireless Logout hr System Status Network Diagnostics ais Network Settings laa Bandwidth Control IP Address Domain 2 192 168 0 252 iL Portal Authentication VPN Settings Traceroute Result 3 IP Address Time Advanced Settings 2 192 168 0 252 0 525 ms 0 017 ms 0 011 ms Network Diagnostics Static Routing Static Routing Static routing provides additional routing information to your router Typically you do not need to add static routes However when there are several routers in the network you may want to set up static routing Static routing determines the path of the data in your network You can use this feature to allow users on different IP segments to access the Internet via this device It is not recommended to use this setting unless you are familiar with static routing IP COM word wide wireless Logout Ar System Status Static Routing a Network Settings Add l Bandwidth Control ID Destination Interface Next hop Subnet Mask Remark Status Action A Portal Authentication VPN Settings Advanced Settings Network Diagnostics Oo Destination The destination network segment Oo Interface Select the port you wish to configure the static routing rule o Next Hop Enter the gateway to which the packet should be sent next Oo Subnet Mask Enter the Subnet Mask used on the destination network O Remark Give a brief description for the rule O Add Click it to create a static routing r
28. device stays on standby e Press this button for five fifteen seconds and release it in approximately one minute the device will reboot and restore to its factory defaults e Press this button for at least sixteen seconds and release it in approximately one minute the device will reboot and clear its internal storage S TP Erasing internal storage NAND flash will not restore the device to factory defaults 1 1 E ee ee ee ee ee eee a Interface e This device provides five 10 100 1000Mbps auto negotiating RJ45 ports three of which are LAN WAN multiplexing ports e Console port is specially designed for developers or testers to maintain the connected clients or debug the device Back Panel AC Input 100 240V 50 60Hz a AC Input Power input port Please use the included power cord to connect the device to the power supply Y ON OFF button Power button turn the device on off Label Made in China WwWwWw ip com com cn Gigabit Multi business Router solar OModel SE3100 Ore IP http 192 168 0 252 User admin Password admin FC C E Power AC 100 240V 50 60Hz 0 3A y Serial No 1 Model No of the device 2 LAN IP of the device used to access the device s Web management interface 8 Username and password to log in to the device 4 AC input requirement 5 Serial number SN of the device This is required if the device is sent back for maintenance
29. estination computer To implement Ping action click Advanced Settings gt Network Diagnostics and finish settings as shown below Network Diagnose Select Ping from the drop down menu IP Address Domain Specify an IP address or domain name you wish to diagnose 6 Packet s Set the number of Ping packets within the range from 1 to 10000 Packet Size Set the packet size within the range from 1 to 60000 bytes 6 Click Start to Ping the network Then you can view the Ping info in the ping result box below Network Diagnostics IP Address Domain2 192 168 0 252 Ping Result Min 0 34 ms Device IP 192 168 0 252 192 168 0 252 192 168 0 252 Avg 0 375 ms Time 0 425ms 0 340ms 362ms Max 0 425 ms 3 packets received 0 00 loss 3 total TTL 64 64 64 Traceroute Traceroute 1s a computer network diagnostic tool for displaying the route path and measuring whether network connection is available or not When malfunctions occur to the network you can locate trouble spot of the network with this traceroute test To implement Traceroute action click Advanced Settings gt Network Diagnostics and finish settings as shown below Network Diagnose Select Traceroute from the drop down menu Enter the destination IP or domain name of the destination host 6 Click Start to traceroute the network Then you can view the traceroute info in the traceroute box below IP COM wor
30. ettings Advanced Settings x System Tools 1 To ensure a normal communication between the host and the Internet the default Gateway of the host should be set to the LAN IP address of this device 2 If the LAN IP address is changed please use the new IP address to login the device WAN Settings This page allows you to select the total number of WAN ports you prefer to use and configure the WAN Network for the device By default only WAN 0 is the WAN port Note that WAN1 LAN3 WAN2 LAN2 WAN3 LANI are LAN WAN multiplexing ports You can select the number of WAN ports from the WAN ports drop down menu Up to 4 WAN ports are supported on this device Click Network Settings gt WAN Settings to enter page below IP COM word wide Wireless Logout re System Status WAN Settings E Network Settings WAN ports 1 LAN Settings LAN3 WAN1 LAN WAN WAN Settings LAN2 WAN2 LAN WAN DHCP Server LAN1 WAN3 LAN WAN Load Balance k Bandwidth Control WANO ng Portal Authentication VPN Settings g Internet Connection Type PPPoE Dynamic IP Static IP Three Internet connection types are available for the WAN port s PPPoE Dynamic IP and Static IP o PPPoE Select PPPoE if you ve been provided the ISP user name and password o Dynamic IP Select Dynamic IP if you need neither account info nor additional settings for Internet access o Static IP Select Static IP if you ve been provided by your ISP w
31. fication In this way IPsec communication will not be affected However NAT passthrough only applies to ESP As the IP header is included in AH verification AH and NAT cannot co exist Click VPN Settings gt VPN Passthrough to configure VPN Passthrough settings i ES C oO M World Wide Wireless hr System Status VPN Passthrough as Network Settings PPTP Passthrough Enable Disable ai wic Ws 7 l Bandwidth Control L2TP Passthrough 9 Enable Disable i Portal Authentication Ipsec Passthrough Enable Disable E VPN Settings PPTP Server PPTP Client L2TP Server L2TP Client IPSec Settings Certificates VPN Clients Advanced Settings Network Diagnostics This page allows you to test your network connection If your network is malfunctioning click Advanced Settings gt Network Diagnostics to use the ping or Traceroute utility to test your network and find out where the problem 1s IP C OM work wide Wireless Logout hr System Status Network Diagnostics E Network Settings Network Diagnose Ping A e m tied Be CO B g k Bandwidth Control dia Dora de Portal Authentication Packet s E VPN Settings Packet size Advanced Settings Start Network Diagnostics ca Static Routing Ping Ping a computer network administration utility is used to test the reachability of a host on an Internet Protocol IP network and to measure the round trip time for messages sent from the original host to a d
32. grity Verification MDS 7 Algorithm Diffie Hellman Group 768 bit 7 Key Life Cycle 3600 Save Cancel PFS Select the PFS Perfect Forward Security to enhance security PFS configurations on both sides should be identical With PFS function IPsec Server and Client negotiate to create a new key in Period 2 As it is independent of the key created in Period 1 this key can be secure even when the key in Period 1 is de encrypted Without PFS the key in Period 2 is created based on the key in Period 1 and thus once the key in Period 1 1s de encrypted the key in Period 2 is easy to be de encrypted in this case the communication security is threatened As for descriptions of other parameters see Period_1 Negotiation Type Manual IPsec Settings Enable WAN WANO Connection Name Tunnel Protocol ESP T Remote Gateway Local IF Segment 192 768 0 0 24 Remote IP Seqment Negotiation Type Manual T As for descriptions of parameters on the page above see Negotiation Type Auto ESP Encryption Algorithm 3DES ESP Encryption Key ESP Authentication MDS T Algorithm ESP Authentication Key ESP Outcoming 5PI ESP Incoming 5PI Cancel ESP Encryption Algorithm Select ESP encryption algorithm for ESP security protocol The following encryption algorithms are supported on this router DES DES Data Encryption Standard encrypts a 64 bit the last 8 bit of 64 bit is used for parity check block of plain text with a
33. hould be displayed successively as the following All LEDs POWER Link Act and Speed LEDs except SYS LED will light up and the system will start a self test POWER LED will remain solid other LEDs will turn off After initialization completes the POWER LED remains solid SYS blinks and the Link Act and Speed LEDs will display their working status respectively Chapter 3 Login Log in to the Device If you are setting up the device for the first time the default parameters are needed for you to log in to the device s Web manager The default parameters are Item Details LAN IP Address 192 168 0 252 Username admin Password admin To log in to the device s Web manager Connect your PC to a LAN port on the device using an Ethernet cable IP COM SE3100 aN LL o aiis e a oO v1 Be PC Set your PC as Obtain an IP address automatically and Obtain DNS server address automatically Or configure your local PC IP address as 192 168 0 x x can be any number between 2 254 excluding 252 subnet mask as 255 255 255 0 Internet Protocol Version 4 TCP IPv4 Properties 2 General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings You can get IP settings assigned automatically if your network supports this capability Otherwise you need t
34. identification protection In Aggressive mode also called Active mode the two sides exchange just a few packets and negotiate quickly It does not provide identification protection eo Encryption Algorithm Select the encryption algorithm for IPsec session The following encryption algorithms are supported on this router DES DES Data Encryption Standard encrypts a 64 bit the last 8 bit of 64 bit is used for parity check block of plain text with a 56 bit key 3DES Triple DES encrypts a plain text with 168 bit key AES 128 Use the AES Advanced Encryption Standard algorithm and 128 bit key for encryption AES 192 Use the AES Advanced Encryption Standard algorithm and 192 bit key for encryption AES 256 Use the AES Advanced Encryption Standard algorithm and 256 bit key for encryption o Integrity Verification Algorithm Select the verification algorithm for IPsec session The following verification algorithms are supported on this router MDS5 MDS Message Digest Algorithm generates a 128 bit message digest and prevents the message from being tampered SHA1 SHA1 Secure Hash Algorithm generates a 160 bit message digest and it is more difficult to be cracked than MDS o Diffie Hellman Group Select the DH Diffie Hellman group to be used in generating session key of Psec tunnel O Key Life Cycle Set the living time of IPsec SA Period 2 Period 2 PFS Encryption Algorithm 3DES Inte
35. ions on the SE3100 in the branch Click VPN Settings gt IPsec Settings and click Add to configure IPsec parameters Assume that the negotiation type is Auto and the authentication type is Shared Key Check Enable and select WANO as the WAN port on which to enable the IPsec server Set a connection name say Client Specify the remote gateway say 1 1 1 20 Specify the remote IP segment say 192 168 20 0 24 And the Local IP Segment will be displayed as 192 168 30 0 24 automatically Set a pre shared key say 12345678 Check PES Verify that other parameters on both the IPsec server and IPsec client are identical Click Save to apply your changes IPsec Settings Enable WAN Connection Name Tunnel Protocol Remote Gateway Local IP Seqment Remote IP Seqment Negotiation Type Authentication Type Pre shared key dl WANO T Client ESF 7 1 1 1 20 192 168 30 0 24 192 163 20 0 24 Auto T shared Key T 12345678 Period 1 Mode Main Mode Encryption Algorithm 3DES Integrity Verification MDS T Algorithm Diffie Hellman Group 768 bit Y Key Life Cycle 3600 Period 2 PFS Fi Encryption Algorithm 3DES T Integrity Verification MDS T Algorithm Diffie Hellman Group 768 bit T Key Life Cycle 3600 Save Cancel When configurations are completed the following actions are allowed O Click the button S to disable IPsec settings and click the button y to enable IPsec settings O C
36. ished via the public network generally via the Internet However the private network is a logical network without any physical links so it is called Virtual Private Network VPN a technology which will not expose the private data to all users on the Internet allows employees to securely access their company s intranet while traveling outside the office VPN adopts the tunneling technology to establish a private connection between two endpoints It 1s a connection secured by encrypting the data and using point to point authentication Tunneling protocols including L2TP PPTP and IPsec are supported on this router The following diagram is a typical VPN topology _ Internet e VPN Server ol a MAA Intranet Remote LAN PPTP Server The Point to Point Tunneling Protocol PPTP is a layer 2 VPN tunneling protocol to encapsulate packets and add extra header to packets Click VPN Settings gt PPTP Server to enter page below IP COM word wide wireless Logout Ar System Status PPTP Server as Network Settings PPTP Server O Disable Enable laa Bandwidth Control WAN Port wano AL Portal Authentication Authentication Type Y Mschap1 Y Mschap2 Chap PAP MPPE VPN Settings IP Pool 20 20 20 100 20 20 20 200 PPTP Server PPTP Client Add Delete L2TP Server ID User Address Type Network segment Remark Action L2TP Client IPSec Settings o PPTP Server Check Enable to enable the PPTP se
37. ith static IP info like IP address subnet mask default gateway etc for Internet access DHCP Server This page allows you to modify the DHCP server parameters Click Network Settings gt DHCP Server to enter page below IP C OM worl wide Wireless Logout Ar System Status DHCP Server E Network Settings Add LAN Settings WAN Settings ID Interface DHCP Pool Subnet Mask Gateway Primary DNS Status Action DHCP Server 1 brO 192 168 0 100 192 168 0 200 255 255 255 0 192 168 0 252 8 8 8 8 Enabled Load Balance To disable the DHCP server click the icon directly to delete the DHCP parameters you ve created click the icon i if you have deleted the DHCP parameters click Add to add the only one rule for its DHCP server to edit the DHCP parameters click the icon to enter page below DHCP Setting x DHCP Server F Enable Interface bro 7 Start IF 192 168 0 100 End IP 192 168 10 200 Subnet Mask 255 1255 255 0 Gateway 192 168 0 J 252 Primary DNS 8 WHR We 8 Alternate DNS 8 18 JA 14 Lease Time 1 Day T Save Cancel eo DHCP Server Check Uncheck the Enable box to enable disable the DHCP server on your device Oo Start IP Enter the start IP address to make a range for the DHCP server to assign dynamic IPs O End IP Enter the end IP address to make a range for the DHCP server to assign dynamic IPs Oo Subnet Mask Enter the Subnet Mask The default subnet mask is 2
38. lick the button a to edit IPsec settings O Click the button ii to delete IPsec settings When IPsec negotiation completes you cannot directly edit IPsec settings If necessary click the button to disable IPsec settings first and then edit it IPSec Settings Add Delete ID WAN Connection Name Tunnel Protocol Remote Gateway Status Action 1 WANO Client ESP 1 1 1 20 Enabled S 4 Ty Verification Method 1 On the web UI of SE3100 in the headquarters click VPN Settings gt VPN Clients to view the IPsec Client List If the IPsec client negotiates with the IPsec server successfully IPsec client info will be displayed here IP COM word wide Wireless Logout hr System Status VPN Clients as Network Settings i 3 PPTP Client List k Bandwidth Control ID Remark Account IP Address Online Action i Portal Authentication VPN Settings L2TP Client List PPTP Server ID Remark Account IP Address Online Action PPTP Client L2TP iz IPSec Client List L2TP Client ID Account SPI Direction Tunnel Data Flow Security Protocal IPSec Settings Certificates Method 2 When staffs in the headquarters and the branch can PING each other s internal IPs successfully or when they can visit each other s internal resources successfully like FTP server file server etc IPsec negotiation has been achieved successfully Certificates The function of Certificates should be used together with the IPsec function When
39. nd the device rack and workbench e Properly cable the device and if you need to cable outdoors incorporate lightning arresters into the setup Y Mounting Standards Regardless of rack mounting or desktop mounting confirm the following e Hardware which supports the device is stable e Position the device in a well ventilated environment and keep it at least 10cm free on all sides for cooling e Do not place any heavy objects on the device e Keep a vertical distance of at least 1 5cm between components for rack mount installations Installation Tools Things you ll need Antistatic gloves Phillips screwdriver Ethernet Cable Installation The device can be installed either in a rack or a flat surface desktop workbench A Rack mounting You can install the device in a standard 19 inch rack with the accessories L shaped brackets and screws that come in the box Install the rack in a location ensuring it is both stable and level Install the L shaped brackets to the device with screws as shown in the figure below LT C os e MALAA a Ie cc Prepare four screws to install the device into the rack as shown in the figure below 1P COM sails 7 Hang A a m ih a a 5E3100 Cipebet Mulli dusisess Aost B Desktop mounting You can install the device on a desktop 1f the rack is not available Place the device bottom up on a stable and flat de
40. nsing 5 90 RH non condensing 100 240V AC 50 60Hz lt 24W 294mm 178mm 44mm 3 Regulatory Compliance Information CE CE Mark Warning This is a Class B product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures For Pluggable Equipment the socket outlet shall be installed near the equipment and shall be easily accessible WARNING The mains plug is used as disconnect device the disconnect device shall remain readily operable The Product is designed for IT Power Distribution System NOTE 1 The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment 2 To avoid unnecessary radiation interference it is recommended to use a shielded RJ45 cable FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to
41. nts e SE3100 1 e Power cord 1 e Ethernet cable 1 e Screw 6 e L shaped bracket 2 e Rubber footpad sticker 4 Install Guide 1 If any of the items are missing or damaged please contact your dealer for replacement as soon as possible Appearance Front Panel SYS LED Console port Link Act LED Speed LED IP COM sYsO SE3100 Enei s i Em a a e i Gigabit Multi business Router Gigabit Multi business Router business Router Consol LANO WAN3 LAN1 WAN2 LAN2 WANI1 LAN3 WANO s E POWER LED RESET button 10 100 1000Mbps auto negotiation RJ45 port a LED Color Status a u ENS The device is receiving electrical power POWER aen The device is malfunctioning or not connected to the power supply Slow flashing Device system is working properly Flashing Fast flashing The system is starting up or erased internal storage NAND flash Green ENS Device system is working improperly om th device is not yet ready ENS The corresponding port is connected Flashing The corresponding port is transmitting data Link Act Orange The corresponding port is connected improperly or not connected The connectivity speed of corresponding port is up to 1000Mbps Speed Green Off The corresponding port is disconnected or connectivity speed is up to 10 100Mbps Y RESET button Press this button to restore the device to factory default or to erase internal storage NAND flash When the
42. nts When IP is selected you need to specify the IP range start IP and end IP When Account is selected you have to enable portal authentication Shared Uplink The total upload bandwidth shared by all selected accounts or IPs within the designated IP range Single Uplink The upload bandwidth that each account or each IP within the IP range can get to Shared Downlink The total download bandwidth shared by all selected accounts or IPs within the designated IP range Single Downlink The download bandwidth that each account or each IP within the IP range can get to o Time amp Date Enter the effective time and date of the policy Portal Authentication In this section you can configure portal authentication settings for your device Portal Authentication This page allows you to enable the portal authentication function and create the accounts for portal authentication Once this function is enabled when clients want to connect to the network via this device clients have to be authenticated first IP COM word wide Wireless Logout lr System Status Portal Authentication E Network Settings Portal Authentication AMI JC jwi C O k Bandwidth Control White List i Portal Authentication Portal Authentication Advertisement Online User Add Import Export Delete Settinas VPN Settings ID User Time Type Active Time Share users Time To Offline min Remark Action gt Advanced Settings t System To
43. o ask your network administrator for the appropriate IP settings Obtain an IP address automatically Obtain an IP address automatically gt Use the following IP address Use the following IP address IP address 192 168 0 6 Subnet mask 255 255 255 0 Default gateway a Obtain DNS server address automatically O Use the following DNS server addresses Use the following DNS server addresses Preferred ONS server Preferred DNS server Alternate DWS server Alternate DNS server Validate settings upon exit Validate settings upon exit ori Launch your Web browser Google Chrome is recommended type 192 168 0 252 in the address bar and hit Enter This will direct you to the device login page prompting you to enter the username default admin and password default admin and hit Enter Username admin ri SE3100 Multi business Password foe Gateway Router Different Internet browsers may show different screen details Input the correct username and password in their proper fields O When you see the configuration screen set up or modify your configuration settings as desired For more functions see Chapter 4 More Functions Web Management IP COM word wide Wireless Logout Navigation Bar Configuration Zone Ar System Status DHCP Server D Network Settings Add LAN Settings WAN Settings ID Interface DHCP Pool Subnet
44. o be open to outside access The default setting is 8080 This can be changed Click Save to apply your changes Type http 102 33 66 88 8080 into your browser s address or location field and you can access the router at your home remotely WAN Ping This page is used to enable ping response from WAN port Click WAN Ping to enable the ping response from WAN port Then when remote host ping the IP of WAN port the device will response IP COM wort wide Wireless Logout We System Status WAN Ping E Network Settings i WAN Ping l Bandwidth Control iL Portal Authentication VPN Settings Advanced Settings Network Diagnostics Static Routing Port Forwarding Remote WAN WAN Ping DDNS Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System DNS name servers We use a numeric IP address allocated by Internet Service Provider ISP to connect to Internet the address may either be stable static or may change from one session on the Internet to the next dynamic However a numeric address is inconvenient to remember an address which changes unpredictably makes connection impossible The DDNS provider allocates a static host name to the user whenever the user is allocated a new IP address this is communicated to the DDNS provider by software running on a computer or network device at that address the provider distributes the association between the host name and
45. ols Portal Authentication Enable or disable the portal authentication for the device White List Add IP addresses that won t be required to authenticate when portal authentication is enabled O Add Click it to add accounts for portal authentication e Export Click it to export the accounts information e Import Click it to import the accounts information it will re write the accounts information To add an account for portal authentication click Add Portal Authentication User Password Time Type Time Duration Time Duration Time Duration Share users Time To Offline Remark Save Cancel User Create the login user account here Password Set the login password for the user account you ve created Time Type Select the time type for your account When you select Time Point please enter a time point such as 2016 10 10 18 00 in the field below When the account is authenticated the account will expire at 2016 10 10 18 00 When you select Time Duration please enter the time duration such as 60 minutes in the field below When the account is authenticated the account will expire after 60 minutes Share Users Specify the number of users to login with this account Time to Offline Enter the time duration if no traffic statistics is generated during this time duration the account will require to be authenticated again Give some additional descriptions for the account optional
46. on Authentication Type Y Mschap1 M Mschap2 MChap PAP VPN Settings IP Pool 20 20 20 100 120 20 20 200 PPTP Server PPTP Client Add Delete L2TP Server Kn ID User Address Type Network segment Remark Action L2TP Client IPSec Settings L2TP Server Check Enable to enable the L2TP server WAN Port Select the WAN port on which to enable the L2TP server This port s IP address is the L2TP server address of the L2TP client o Authentication Type Select the encryption type for the L2TP server eo IP Pool Set the IP pool for the L2TP server To set an L2TP user click Add to enter page below L2TP User x User Password Remark IP Address Dynamic IP T Network segment Remote IP Segment Remote subnet mask Save Cancel o User Set the account name of L2TP tunnel o Password Set the password of L2TP tunnel O Remark Descriptions of the L2TP user optional o IP Address Do not change the default setting Dynamic IP unless necessary When Dynamic IP is selected the L2TP client will obtain an IP address automatically from the L2TP server When Manual is selected you need to specify an IP address manually for the L2TP client o Network Segment If the L2TP client is a network check this option Otherwise do not check it Oo Remote IP Segment Set the internal IP segment for the L2TP client When the L2TP client is a network this is a required option Oo Remote Subnet Mask Set the internal subnet mask
47. our hard disk Upgrade Firmware x Current Version V1 0 0 5 Select a File Choose File No file chosen Upgrade While upgrading please don t disconnect the power supply or it will damage the device QO Click Upgrade 1 While upgrading please verify that your PC is connected to the device with an Ethernet cable and power is delivered on this device And the upgrading process will take several minutes please be patient 2 When the upgrading is completed your device will be restored to factory default settings automatically and you need to reconfigure your device Backup Restore If you configure many settings on this device which will make this device work in good status and suitable environment it s suggested to backup settings for this device which will be convenient for troubleshooting and saving time for next time s configuration To backup your configurations Click System Tools gt Maintenance locate the Backup Restore section and click Backup Restore Click Backup on the pop out window and follow on screen instructions to save your configurations in a directory on your hard disk Backup Restore x Backup configurations Import configuration Choose File No file chosen Restore To restore your configurations Click System Tools gt Maintenance locate the Backup Restore section and click Backup Restore Click Choose File in Google browser to load configuration
48. re a smooth streaming experience for surfing the Internet and online gaming Click Bandwidth Control to enter page below IP COM word wide wireless Logout We System Status Bandwidth Control Network Settings i ahs etwork Settings Egress Bandwidth k Bandwidth Control Uplink 0 Mbps iL Portal Authentication Downlink 0 Mbps VPN Settings aa Advanced Settings Add Delete o System Tools ID Control Type Shared Uplink Single Uplink Shared Downlink Single Downlink Time Remark Action Total Egress Bandwidth Config Total egress bandwidth is the bandwidth you have introduced It is used as the basis of bandwidth division when there is no flow policy For instance you ve been provided with 12M ADSL broadband service Set the total egress downlink to 12Mbps and the total egress uplink to 1Mbps Tip 1Mbps 1024Kbps 128KB yte s Bandwidth Control Config For a better and reasonable network bandwidth experience here you can configure the bandwidth to limit the speed of users with different IPs or accounts Click Add to enter page below Bandwidth Control x Remark Control Type e IF Account Start IP End IP Shared Uplink KBytes T Single Uplink KBytes T Shared Downlink KBytes T Single Downlink KBytes T Time oo i 00 Y 00 vw OO F Date Mon Tues Wed Thur Fri Sat Sun Everyday Cancel Remark Description of the group of IPs or accounts Control Type The device support bandwidth control based on IP range and accou
49. rify that the two SE3100 can access the Internet successfully Internet PPTP L2TP Server WANO IP 1 1 1 20 PPTP L2TP Client Server PCl PC2 PC3 PC4 PCS Intranet in the Headquarters LAN in the Branch 192 168 20 0 24 192 168 30 0 24 Configurations on the SE3100 in the headquarters As configurations of L2TP and PPTP are similar next we will take PPTP as an example Step 1 Click VPN Settings gt PPTP Server to configure basic parameters Enable the PPTP server function Select WANO as the port for PPTP server 6 Select authentication type for the PPTP server Configure PPTP IP pool Click Save to save your settings 1 In this example SE3100 as the PPTP client does not support MPPE Thus do not check the MPPE option If a windows operation system is used as the PPTP client you can check MPPE 2 As L2TP does not support MPPE you don t have to take MPPE into consideration PPTP Server PPTP Server Disable e Enable WAN Port WANO T Authentication Type Y Mschap1 Mschap2 Chap PAP IP Poo 20 120 W20 100 I 20 220 120 1 200 Step 2 Click Add to add a PPTP user Set the PPTP user name say test Set the PPTP password say test Give a remark for the PPTP user Select the address type Recommended Dynamic IP Check Network Segment Set the Internal IP segment of the PPTP client say 192 168 30 0 Set the subnet mask of PPTP client say
50. rnet access VPN Settings Username Advanced Settings Password w System Tools WAN1 Internet Connection Type Dynamic IP Static IP IP Address 92 168 80 137 Subnet Mask 255 255 255 1 For internal network Default Gateway 92 168 180 of the company Primary DNS Alternate DNS Save Cancel Step 2 Add a static route to WAN 1 As the default WAN port is WAN O in this example you only have to add a staic route to WAN 1 Click Advanced Settings gt Static Routing and click Add to create a static routing rule Static Routing x Port WANT T Destination Segment 172 W16 100 0 Subnet Mask 255 4 255 4255 40 Next hop 192 168 80 1 Remark intranet Save Cancel Port Select WAN 1 from the drop down menu Destination Segment Enter the destination segment here In this example it is 172 16 100 0 Subnet Mask In this example enter 255 255 255 0 O Next Hop Enter the gateway of WAN 1 here In this example it is 192 168 80 1 Remark Give a description for this rule Click Save to apply your settings Then your PCs in the LAN can access both the internal network of your company and the Internet Port Forwarding Port forwarding is useful for web servers ftp servers e mail servers gaming and other specialized Internet applications When you enable Port Forwarding the communication requests from the Internet to your router s WAN port will be forwarded to the specifie
51. rver WAN Port Select the WAN port on which to enable the PPTP server This port s IP address is the PPTP server address of the PPTP client Authentication Type Specify the encryption type for PPTP tunnel IP Pool Specify the IP Pool for PPTP clients To set a PPTP user click Add to enter page below PPTP User x User Password Remark Address Type Dynamic IF T Network segment Remote IP Segment Remote subnet mask Save Cancel o User Set the account name of PPTP tunnel o Password Set the password of PPTP tunnel O Remark Descriptions of the PPTP user optional O Address Type Do not change the default setting Dynamic IP unless necessary When Dynamic IP is selected the PPTP client will obtain an IP address automatically from the PPTP server When Manual is selected you need to specify an IP address manually for the PPTP client o Network Segment If the PPTP client is a network check this option Otherwise do not check it Oo Remote IP Segment Set the internal IP segment for the PPTP client When the PPTP client is a network this is a required option Oo Remote Subnet Mask Set the internal subnet mask for the PPTP client When the PPTP client is a network this 1s a required option PPTP Client When there is a PPTP server in your network you can connect your router to the PPTP server by configuring the PPTP client function Click VPN Settings gt PPTP Client to enter page below if E C
52. sktop Attach the four rubber footpad stickers to the corresponding four corners of the bottom OMe AA EWA AA ENTERA LITA Pi 18100 sseui Eb AL LIDAD NO 3 1 Gently place the device upright on the desktop 1P COM sys SE3100 POWER Em ey Ej ii Fa ai a Consstn LANO WANI LANI Gigabit Multi business Router WAN AN WANT LAN wane _ Physical Connection Plug the Internet access cable from your ISP into the WAN port on the device Internet or dl Al L IP COM o it n Si a L e sys O f i j se3100 Me MANDO A Gigabit Multi business Router g m vr WANS LANT WANZILAN WANT LANA Wane Connect the device to a switch via LAN port using an Ethernet cable Internet 1P COM o 1 f mo SE3100 rower O a Siga Stuts ducinece Roster gt iam AMIA WANANE AMIA Wane F l ae Switch dd ESOO mm Connect other devices such as APs servers or PCs to the switch Inspect your cabling referring to the connection topology below Connect the device to the power supply with the included power cord Internet 1P COmM ove j g F SE3100 romo 0 J e A A A A ag En Switch Wireless AP Wireless AP Cea as z Server After the device is rebooted the device will initialize its default settings Check LEDs status which s
53. t PPTP Server ID Remark Account IP Address Online Action PPTP Client ae Sener IPSec Client List L2TP Client y ID Account SPI Direction Tunnel Data Flow Security Protocal IPSec Settings Certificates Method 2 When staffs in the headquarters and the branch can PING each other s internal IPs successfully or when they can visit each other s internal resources successfully like FTP server file server etc PPTP negotiation has been achieved successfully IPSec Settings IPsec IP Security is a set of services and protocols defined by IETF Internet Engineering Task Force to provide high security for IP packets and prevent attacks To ensure a secured communication the two IPsec peers use IPsec protocol to negotiate the data encryption algorithm and the security protocols for checking the integrity of the transmission data and exchange the key to data de encryption IPsec has two important security protocols AH Authentication Header and ESP Encapsulating Security Payload AH is used to guarantee the data integrity If the packet has been tampered during transmission the receiver will drop this packet when validating the data integrity ESP is used to check the data integrity and encrypt the packets Even if the encrypted packet is intercepted the third party still cannot get the actual information Click VPN Settings gt IPSec Settings to enter page below and click Add to configure IPsec settings IP COM word
54. tatic Routing Port Forwarding Remote WAN WAN Ping DDNS Page Timeout o System Tools Save Cancel DDNS Check the DDNS box to enable this function Domain Service Select your DDNS service provider from the drop down menu Here in this example select dyndns org Username Enter the DDNS user name registered with your DDNS service provider Here in this example enter 1p com Password Enter the DDNS Password registered with your DDNS service provider Here in this example enter 123456 6 Domain Enter the DDNS domain name with your DDNS service provider Here in this example enter ipcom dyndns org Click Save to save your settings Click Advanced Settings gt Remote WAN to enable the Remote WAN function enter 218 88 93 33 in the IP Address field and 8090 in the Port field then click Save to save your settings IP COM word wide Wireless Logout Wr System Status Remote WAN dE Network Settings Remote Web Access Enable PY idth Contr fe Bandwidth Control ale ds IP Address 0 0 0 40 AL Portal Authentication Port 8080 VPN Settings Advanced Settings Network Diagnostics Static Routing Port Forwarding Remote WAN WAN Ping DDNS Page Timeout o System Tools Save Cancel Now you can access the router from the Internet by entering http ipcom dyndns org 8090 in your browser Page Timeout You are automatically logged out of the web manager after a period
55. te you can click Generate Certificate to generate one or you can click Import Certificate to import the certificate and key generated in other ways VPN Clients When you configure a PPTP L2TP server or IPsec settings on the local router and its corresponding client has been negotiated successfully the corresponding client info will be displayed on the VPN Client page IP CO M World Wide Wireless Ar System Status ais Network Settings VPN Clients PPTP Client List Logout l Bandwidth Control ID Remark Account IP Address Online Action iL Portal Authentication VPN Settings L2TP Client List PPTP Server ID Remark Account IP Address Online Action PPTP Client E l s L2TP Server IPSec Client List L2TP Client ID Account SPI Direction Tunnel Data Flow Security Protocal IPSec Settings Certificates VPN Clients PPTP Client List L2TP Client List e ID Sequence number of the PPTP L2TP client O Remark User identification of the connected PPTP L2TP client O Account User name of the connected PPTP L2TP client o IP Address The IP address that the connected PPTP L2TP client has obtained Oo Online Online duration of the PPTP L2TP client o Action Click Disconnect will disconnect the corresponding client s connection and the client will connect to it actively IPsec Client List e ID Sequence number of the IPsec client Oo Account Connection name of the IPsec client SPI The SPI
56. the address to the Internet s DNS servers so that they may resolve DNS queries Thus uninterrupted access to devices and services whose numeric IP address may change 1s maintained Click Advanced Settings gt DDNS to enter the DDNS page TIP 1 To use the DDNS feature you need to have an account with one of the domain service providers in the drop down menu first 2 This router supports 4 DDNS service providers 881p cn 3322 org dyndns and no ip com PE a aaa aaa a aa a aa a a aal Application Example If your ISP gave you a dynamic changing public IP address you want to access your router remotely but you cannot predict what your router s WAN IP address will be and the address can change frequently In this case you can use a commercial Dynamic DNS service It lets you register your domain to their IP address and forwards traffic directed at your domain to your frequently changing IP address Assume that you obtain the following account from your dyndns org service provider User Name ip com Password 123456 Domain Name ipcom dyndns org And you want to use the PC at 218 88 93 33 to remotely access this router on port number 8090 IP COM word wide Wireless Logout Ar System Status DDNS a Network Settings DDNS k Bandwidth Control Domain Service 3322 0rg v Go register AL Portal Authentication Username VPN Settings Password Advanced Settings Domain Network Diagnostics S
57. ttings t System Tools Maintenance Administrator System Log Save Cancel Method 2 To set date and time manually Click System Tools gt Date amp Time Time Setup Select Manual Specify the time and date manually or click Synchronized with local time to automatically copy your PC s time to the device Click Save to apply your changes IP C OM world wide Wireless Logout Ar System Status Date amp Time ees Network Settings Time Setup Synchronized with the Internet Manual as E rn k Bandwidth Control Date amp Time 2015 Yearo7 Monthoi Day16 h29 m49 s a q Portal Authentication Synchronized with local time VPN Settings Advanced Settings w System Tools Maintenance Administrator System Log Save Cancel Maintenance Here you can reboot reset upgrade your device and backup restore settings for your device click System Tools gt Maintenance to enter page below IP C OM word wide Wireless Logout We System Status Maintenance Fa Network Settings laa Bandwidth Control Reboot Reboot iA Portal Authentication a Restore to Factory Default Reset VPN Settings EN Advanced Settings Upgrade Firmware Upgrade System Tools Date amp Time Backup Restore Backup Restore Maintenance Reboot When some settings you have configured cannot be activated or your device is functioning improperly you can reboot your device Locate the Reboot section and click Reboot to reboot the
58. uct Reading this User Guide will be helpful for configuring managing and maintaining this product Intended Readers This User Guide is intended for those who have basic technical knowledge related to the Internet and network terminology Conventions This User Guide applies to SE3100v1 0 If not specifically indicated the device or this product mentioned in this User Guide stands for this Gigabit multi business router Symbols in this User Guide Item Meaning This format is used to highlight information of importance or special A NOTE interest Ignoring this may result in ineffective configurations loss of data or damage to the device This format is used to highlight a procedure that will save time or resources TIP Structure of this User Guide Contents of all chapters in this User Guide are arranged as below Chapter Chapter 1 Product Overview Chapter 2 Device Installation Chapter 3 Login Chapter 4 More Functions Appendix Content Introduces device appearance package and main features Introduces the device installation installation notes etc Introduces device login and logout Introduces how to set up the device s advanced functions Introduces FAQs Technical Specifications and Regulatory Compliance Information Data Download Go to our IP COM website www ip com com cn to download the latest data and manual Technical Support Website www ip com com cn Tel
59. ule 1 Gateway must be on the same IP segment as WAN or LAN segment of the router 2 Subnet Mask must be entered 255 255 255 255 if destination IP address 1s a single host I 1 EococsororooororosororoosoroceooorocooonocooooocosoonocooooocooonococonoocooooorooroocooooorooroocooooocoonoosororoosooroosooroososorocsoVorocsoronocsoonorsoorocsoonocsoorocsosoeoceoosorocoosorocooorocecal Router IP COM AAA A LAN IP 192 168 80 1 SE3100 WAN 1 IP 192 168 80 137 cta a a Eb da ea a Server in office LAN IP 192 168 0 252 WAN OIP 192 35 244 30 172 16 100 0 Switch coM iisi Internet PCi PC 2 IP 192 168 0 100 IP 192 168 0 101 For example your company s internal network and Internet are on different IP net segments and you want PCs on your LAN to access the Internet and your company internal network via this device You can simply configuring static routes on this Router The figure above depicts this application scenario Configuration Steps Step 1 Click Network Settings gt WAN Settings to set 2 WAN ports and configure corresponding WAN settings for this device For specific steps see WAN Settings Ar System Status WAN Settings E Network Settings WAN ports 2 v LAN Settings LAN3 WAN1 LAN WAN WAN Settings LAN2 WAN2 LAN WAN DHCP Server LAN1 WAN3 LAN WAN Load Balance k Bandwidth Control WANO a Portal Authentication Internet Connection Type Dynamic IP Static IP For Inte
60. value is obtained via manual setup or auto negotiation SPI remote gateway and tunnel protocol identify an Psec alliance Oo Direction In or Out In remote router to local router Out local router to remote router o Tunnel If the direction is In the tunnel will be displayed as the WAN IP address of the remote router first and then the WAN IP address of the local router If the direction 1s Out the tunnel will be displayed as the WAN IP address of the local router first and then the WAN IP address of the remote router o Data Flow The direction of data flow If it is In the data flow will be from the internal network of the remote router to the internal network of the local router If it is Out it is the opposite o Security Protocol Display the tunnel security protocols after the IPsec negotiation ESP AH or ESP AH VPN Passthrough In actual VPN application NAT gateway may exist on its physical link When packets pass by the NAT gateway its IP address or port number will change Thus after the remote VPN tunnel has received packets authentication failure occurs and packets will be dropped directly VPN Passthrough can avoid this problem by adding new IP header and UDP header to packets of ESP protocol Then format of the packet will be New IP UDP Header ESP Header IP Header Data As the NAT gateway will only change the IP header of the outermost layer and the IP header is not included in ESP veri
Download Pdf Manuals
Related Search
here hereditary heretic heredity here movie heretic definition hereinafter heresy definition hereditary meaning here comes the sun here\u0027s johnny hereby here comes the guide hereditary hemochromatosis hereditary angioedema here i am to worship lyrics here comes the sun lyrics heretic movie hereditary spherocytosis herencia hereditary movie here to slay hereditary hemorrhagic telangiectasia heredia costa rica here come the mummies here comes the bus