HP R100-Series Wireless VPN Routers Configuration and Administration GuideHP Part Number: 5998-5394Published: September 2014Edition: 1
10 Deploying the HP R110/R120
100 NAT configurationNAT settingsThe Settings page includes the global NAT enable for all VLANs on the router. If NAT is disabled on this page, the NA
Virtual server settings 101Use Client ListSelects a computer name or IP address from the list of clients already discovered by the router.Popular Serv
102 NAT configurationDMZ settingsIf you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the c
ALG settings 103Client PC IP AddressThe IP address of the DMZ computer on the local LAN.ALG settingsThe Application-Layer Gateway (ALG) feature enable
104 NAT configurationPort Trigger lets you specify ports to be opened for specific applications to work properly with the Network Address Translation
11 IPv6 configurationIf the attached network uses the IPv6 protocol, you can enable IPv6 support on the router. IPv6 functionality is disabled by defa
106 IPv6 configurationDHCP-PDThe status of the DHCPv6 Prefix Delegation feature.IPv6 settingsThe router supports static, stateless address autoconfigu
IPv6 settings 107fields. Therefore, the same IPv6 address could be written instead as 2001:adca::123a:4567.• Subnet Prefix Length: The length of the I
108 IPv6 configurationSLAACStateless Address Auto Configuration (SLAAC) enables IPv6 hosts to automatically configure themselves when connected to an
IPv6 settings 109• Auto Configuration: Select Stateless (RADVD) or Stateful (DHCPv6). • Disable: Disables the automatic assignment of IPv6 addresses t
2 Using the Wizard SetupOverviewThe Wizard Setup provides an easy way to quickly configure basic settings on the R110/R120 and make the router operati
110 IPv6 configurationVLAN (Default) SettingsSets the IPv6 settings for the local VLAN.• Enable DHCP-PD: Enables the Prefix Delegation feature that au
DHCPv6 client list 111• Username: Enter the name assigned by the ISP. (Do not use characters ` " & ' # \)• Password: Enter the password
112 IPv6 configurationMLD settingsMulticast Listener Discovery (MLD) proxy enables the router to issue MLD host messages on behalf of hosts that the r
12 Q o S c o n fig u ra t i o nThe bandwidth gap between the LAN and WAN may significantly degrade performance of critical network applications, suc
114 QoS configurationTraffic shapingThe Traffic Shaping page enables the bandwidth of the WAN port output queues to be configured. For higher priority
Traffic mapping 115Traffic mappingUp to 16 rules can be defined to classify traffic into DiffServ forwarding groups and outgoing connections. These ru
116 QoS configurationMap to Forwarding QueueMaps the traffic to one of the WAN port forwarding queues. Queue 1 is the lowest priority queue and queue
13 U S B c o n f i g u r a t i o nThe router provides a USB 2.0-compliant port for network-connected users to share files through FTP or File Sharin
118 USB configurationAuthoritySets the file sharing access rights for an FTP user; either Read and Write or Read. An FTP user with Read access can onl
FTP settings 119with Read and Write access can download and upload files to the shared folder, however they cannot delete or modify any existing share
12 Using the Wizard SetupSelect to configure the system time manually or have it automatically configured by an NTP server. You can also enable suppor
120 USB configurationSafe removalTo ensure USB data correctness, this router supports a USB safe removal function. Click Remove before unplugging a US
Viewing tools status 12114 To o l sThe router includes a number af system tools for managing software and configuration files, troubleshooting networ
122 ToolsThis page includes the following settings:Firmware VersionDisplays the software versions installed on the router. • Active Image: The version
Saving configuration settings 123Backup settingsSelect to backup the router’s settings. Select HTTP or TFTP as the transfer method (TFTP requires the
124 ToolsPingPing is a network tool that sends ICMP ECHO_REQUEST datagrams to a remote host and elicits an ICMP ECHO_RESPONSE datagrams from the remot
Nslookup 125NslookupNslookup is a DNS client that sends DNS requests to a DNS server to find the corresponding IP address of a target host name, or th
126 ToolsEmail alertThe Email alert feature allows the router to automatically send email messages when an event at or above a configured severity lev
Email alert 127To E-mail AddressThe recipient email address of the alert messages.SMTP Server AddressThe IPv4 or IPv6 address of the mail server.SMTP
128 ToolsSchedulingThe Scheduling feature enables the scheduling of access control and LAN server rules. Each access control or LAN server rule can be
Support file 129Support fileThis function allows you download the router's information for support assistance. The file is saved on your local co
Wizard Setup 13DHCP IP AddressA dynamic connection type is the most common method used with cable modems. In many cases, setting the connection type t
130 Tools
15 Support and other resourcesOnline documentationYou can download documentation from the HP Support Center website at:www.hp.com/support/manuals. Sea
132 Support and other resourcesConventionsThe following conventions are used in this guide.Management toolThis guide uses specific syntax when directi
A Resetting to factory defaultsFactory reset proceduresTo force the router into its factory default state, follow the procedures in this section.Cauti
B Factory default settingsFeature Parameter DefaultMode System Mode RouterAdmin General Settings System Name HP-R110 / HP-R120System Location NullSyst
136System logs System Log Level INFORMATIONALMax Size 256Log Prefix NullRemote Syslog Configuration DisabledRemote IP Address NullRemote Port 514Remot
137DDNS Enable DDNS DisabledDDNS Server DynDNS.orgDomain Name NullUsername NullPassword NullMAC Clone MAC Address Use router MACLAN Settings IP Addres
138R110 Wireless, Basic Enabled Radio EnabledRadio Band 2.4GHzRadio Mode 11b/g/n MixedChannel AutoBandwidth 20 MHzEnable Schedule Rules DisabledVAP 1
139R120 Wireless 5GHz, BasicEnabled Radio EnabledRadio Mode 11ac/n/aChannel AutoBandwidth 20/40/80 MHzEnable Schedule Rules DisabledVAP 1 SSID Enabled
14 Using the Wizard SetupPPPoEThe Point-to-Point Protocol over Ethernet (PPPoE) is a common WAN protocol that provides a secure “tunnel” connection be
140MAC Authentication Filter Block all stations in listSSID HP1MAC Address None configuredVPN Enable IPSec DisabledEnable L2TP over IPSec DisabledEnab
141IPv6 IPv6 Connection DisabledMLD Proxy DisabledDHCP-PD EnabledQoS QoS EnabledTraffic Mapping DisabledUSB User Account DisabledFile Sharing Disabled
Wizard Setup 15L2TPThe Layer 2 Tunneling Protocol (L2TP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tun
16 Using the Wizard SetupEnable RadioEnables the 2.4 GHz or 5 GHz wireless section of your LAN. When disabled, no wireless computers can gain access t
Wizard Setup 17Configure the primary SSIDThe R110 allows you to create up to four wireless communities, and the R120 allows you to create up to eight
18 Using the Wizard SetupWPA and WPA2: Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP, replacing WEP
Wizard Setup 19• Key Type:Hexadecimal (characters 0-9, a-f, and A-F)ASCII (characters 0-9, a-z, and A-Z)• Key 1-4 String: Enter encryption keysHexadec
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties f
20 Using the Wizard Setup• Secondary RADIUS Server: Enter the IPv4 address for a backup RADIUS server. If authentication fails with the primary server
Wizard Setup 21Enable RadioShows if the router’s wireless radio is enabled. The R120 includes a radio setting for 2.4 GHz and 5 GHz.Radio BandThe oper
22 Using the Wizard Setup
3 Managing the HP R110/R120 systemThe HP R110/R120 is managed via its web-based management interface using Microsoft Internet Explorer 8 or later, Goo
24 Managing the HP R110/R120 systemThe Status page includes these items:Device InformationShows the router's software version, hardware serial nu
General administration settings 25General administration settingsThe Admin page configures the following settings for the router:System information (G
26 Managing the HP R110/R120 systemHTTP ServerHTTPS ServerThe router software includes HTTP and HTTPS functionality to enable communication with your
System time settings 27Set system timeThis section displays the current system time. You can configure the time manually or have it automatically conf
28 Managing the HP R110/R120 systemDaylight savingUse this section to enable support for daylight saving time, if required for your location. When you
Managing system logs 29get or set SNMP information on the router. By default, the name is set to private. (Do not use characters ` " & '
3Contents1 Deploying the HP R110/R120 ...72 Using the Wizard Setup ...
30 Managing the HP R110/R120 system• Notice indicates normal but significant conditions.• Informational indicates informational messages.• Debug indic
Proxy ARP settings 31Proxy ARP settingsProxy ARP (Address Resolution Protocol) is a mechanism that enables a computer in a network connected to a rout
32 Managing the HP R110/R120 systemTo configure Proxy ARP, set the following options: Enable ARP ProxyEnables the feature on the router.Name A text na
Rebooting the router 33Rebooting the routerFor maintenance purposes or as a troubleshooting measure, you can reboot the HP R110/R120 by selecting Rebo
34 Managing the HP R110/R120 systemInterface StatisticsDisplays a summary of traffic statistics for the WAN and LAN ports.Set the poll interval for up
4 WAN configurationThe WAN pages are used to configure the parameters for your Internet connection. The information necessary to set up a connection c
36 WAN configurationDDNSThe status of a dynamic DNS service.MAC CloneIndicates if the WAN port MAC address has been copied from a LAN computer.Setting
Settings 37This page includes the following information:Connection TypeSelect Static IP Address as the router’s method of connecting to the ISP.IP Add
38 WAN configurationThis page includes the following information:Connection TypeSelect PPPoE as the router’s method of connecting to the ISP.UsernameE
Settings 39MTU Sets the size of the Maximum Transmission Unit (MTU) for the largest packet that the network protocol can transmit.Manual Connection: Y
4DHCP client list...
40 WAN configurationServer IPEnter the PPTP server IPv4 address as assigned by your ISP. UsernameEnter your ISP-assigned user name. (Do not use charac
DDNS 41PasswordEnter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \)Confirm PasswordEnter the password
42 WAN configurationThe DDNS related parameters are described as follows:Enable DDNSSelect to use a Dynamic DNS service. DDNS ServerThis is the name o
5 LAN configurationThe HP R110/R120 router is equipped with a DHCP server that automatically assigns IP addresses to each computer on your network. Th
44 LAN configurationThis page includes the following information:LANDisplays current settings for the default VLAN.• MAC address: The Ethernet base MA
LAN Settings 45This page includes the following settings:IP AddressThe IPv4 address of the router for the default VLAN.Subnet MaskThere should be no n
46 LAN configurationDHCP relayDynamic Host Configuration Protocol (DHCP) can dynamically allocate IP addresses and other configuration information to
DHCP client list 47DHCP client listThe DHCP Clients List displays the IP address, host name, MAC address, and client type of each client that has requ
48 LAN configurationOn the Add VLAN page, you can set the parameters to configure the behavior of VLANs.This page includes the following settings:Name
IGMP settings 49Enable IGMP SnoopingEnables the feature that blocks unnecessary IP multicast traffic from flooding VLAN ports without a specific multi
5DHCPv6 client list ...
50 LAN configuration
6 Wireless configurationThe wireless settings section displays configuration settings for the access point functionality of the router. The sections i
52 Wireless configurationThis page includes the following information:WirelessDisplays the basic radio settings and the status of other features.• Rad
Basic wireless settings 53This page includes the following settings:Enable RadioEnables the wireless section of your LAN. When disabled, no wireless c
54 Wireless configuration• 11b/g/n Mixed: (Compatibility mode.) Up to 11 Mbps for 802.11b, 54 Mbps for 802.11g, and 450 Mbps for 802.11n. If support f
Basic wireless settings 55Configuring virtual access point interfacesThe router supports up to four virtual access point (VAP) interfaces per radio; a
56 Wireless configurationConfiguring wireless securityThe router’s wireless interface is configured by default as an open system, which broadcasts a b
Basic wireless settings 57• WPA2: The Enterprise mode of WPA2 using AES encryption. If all clients in the network are WPA2 compatible, select this opt
58 Wireless configurationWEP security includes the following settings:Authentication ModeLeave as OPEN to configure WEP security. The static WEP secur
Basic wireless settings 59Re-Key IntervalWhen using 802.1X dynamic WEP keys, enter the interval at which the router refreshes the keys for each associ
60 Wireless configurationSession Key IntervalEnter the interval at which the router refreshes session (unicast) keys for each client associated with t
Basic wireless settings 61WPA/WPA2 enterpriseIf you have a mix of wireless clients, some of which support WPA2 (AES) and others which support only the
62 Wireless configurationWPA/WPA2-PSK security includes the following settings:Authentication ModeSelect WPA/WPA2-PSK Mixed to display all settings fo
Basic wireless settings 63The RADIUS server configuration includes the following settings:Primary RADIUS ServerEnter the IPv4 address for the primary
64 Wireless configurationAdvanced wireless settingsThe Advanced wireless settings page includes additional parameters concerning the wireless network.
Advanced wireless settings 65The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Support of the 400ns interval is opti
66 Wireless configurationWDS settingsThe router supports WDS (wireless Distribution System). WDS enables one or more access points to rebroadcast rece
WPS settings 67WPS settingsWi-Fi Protected Setup (WPS) is designed to be a convenient method to securely add new clients to a wireless network. WPS ha
68 Wireless configurationEnter the 8-digit PIN number and click Start to activate the PIN method. If the WPS function is working correctly, you should
WMM settings 69Enable Power SavingThe WMM-Power Save feature enables mobile client devices to save a significant amount of battery life by going into
1 Deploying the HP R110/R120In a small office, the HP R110/R120 can be directly connected to a broadband modem (DSL or cable) to provide secure wirele
70 Wireless configurationMAC authentication settingsFor a more secure wireless network, you can specify that only certain wireless computers can conne
Viewing the client list 71Viewing the client listThe Client List page allows you to view all the wireless clients currently associated with the router
72 Wireless configuration
7 VPN configurationThe router includes a Virtual Private Network feature to provide a secure link between remote users and the corporate network by es
74 VPN configurationVPN settingsThe VPN Settings page allows you to add and edit IPSec, L2TP over IPSec, and PPTP connections for the router. When cre
VPN settings 75This page includes the following settings:VPN Tunnel Parameters• Tunnel Type: Select IPSec as the tunnel type.• Tunnel Name: Enter a de
76 VPN configurationIf ID_FQDN or ID_USER_FQDN (fully qualified domain name) is selected, enter the name for the Remote Party ID in the text box next
VPN settings 77L2TP over IPSec settingsThe Layer 2 Tunneling Protocol is a common connection method used for VPN connections. You can specify the deta
78 VPN configuration• Enable Auto Reconnect: For L2TP client connections, you can automatically reconnect when there is activity after a disconnection
VPN passthrough settings 79This page includes the following settings:VPN Tunnel Parameters• Tunnel Type: Select PPTP as the tunnel type.• Tunnel Name:
8 Deploying the HP R110/R120In the following scenario, HP R110/R120 #1 provides wireless network services to the employees in the main office, while H
80 VPN configuration
8 Routing configurationRouting configuration allows a static and dynamic methods to set up routing between networks. The network administrator configu
82 Routing configurationThis page includes the following information:Status• RIP: The current status of RIP on the router.• RIPng: The current status
IPv4 Dynamic route settings 83InterfaceThe VLAN interface used to route data to the network specified by the destination network address.MetricA numbe
84 Routing configuration• Enable: RIP is enabled for the interface. The router will transmit and receive RIP update information to and from other RIP-
Viewing the IPv6 routing table 85DestinationEnter the IP address of the destination host or network to which the route leads.Subnet MaskEnter the IPv4
86 Routing configurationInterfaceThe VLAN interface used to route data to the network specified by the destination network address.MetricA number used
IPv6 Static route settings 87Prefix LengthEnter the IPv6 prefix length for the destination host or network. GatewayEnter the IP address of the gateway
88 Routing configuration
9 Firewall configurationYour router is equipped with a firewall that will protect your network from a wide array of common hacker attacks, including D
9In the following scenario, four HP R110/R120s provide a virtual private network (VPN) across the Internet between a headquarters and three branch off
90 Firewall configurationSecurity settingsThe Security page allows you to configure global security parameters for the router.This page includes the f
Security settings 91“telling” the router which way it needs the firewall configured. The router ships with the UPnP feature disabled. If you are using
92 Firewall configurationClient filteringThe router can be configured to restrict access to the Internet, email, or other network services on specific
MAC filtering 93MAC filteringYou can deny traffic from certain known machines or devices. Use its MAC address to identify a computer or device on the
94 Firewall configurationURL filteringThe URL Filter feature blocks access to websites based on matching a specified URL address or specific keywords
Content filtering 95URL Filtering Deny ListThe list of URL text and keywords that match blocked websites for computers on the LAN.Exclusion ListThe li
96 Firewall configurationThis page includes the following settings:EnableEnables the SPI features on the router.Connection Policy• Fragmentation half-
SPI settings 97DoS Detect Criteria• Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished sessions that cause the software to
98 Firewall configuration
10 NAT configurationNetwork Address Translation (NAT) is a commonly used IP translation and mapping technology. It is a technology that allows your ne
Comments to this Manuals