HP R100 User's Guide

HP R100-Series Wireless VPN Routers Configuration and Administration GuideHP Part Number: 5998-5394Published: September 2014Edition: 1

10 Deploying the HP R110/R120

100 NAT configurationNAT settingsThe Settings page includes the global NAT enable for all VLANs on the router. If NAT is disabled on this page, the NA

Virtual server settings 101Use Client ListSelects a computer name or IP address from the list of clients already discovered by the router.Popular Serv

102 NAT configurationDMZ settingsIf you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the c

ALG settings 103Client PC IP AddressThe IP address of the DMZ computer on the local LAN.ALG settingsThe Application-Layer Gateway (ALG) feature enable

104 NAT configurationPort Trigger lets you specify ports to be opened for specific applications to work properly with the Network Address Translation

11 IPv6 configurationIf the attached network uses the IPv6 protocol, you can enable IPv6 support on the router. IPv6 functionality is disabled by defa

106 IPv6 configurationDHCP-PDThe status of the DHCPv6 Prefix Delegation feature.IPv6 settingsThe router supports static, stateless address autoconfigu

IPv6 settings 107fields. Therefore, the same IPv6 address could be written instead as 2001:adca::123a:4567.• Subnet Prefix Length: The length of the I

108 IPv6 configurationSLAACStateless Address Auto Configuration (SLAAC) enables IPv6 hosts to automatically configure themselves when connected to an

IPv6 settings 109• Auto Configuration: Select Stateless (RADVD) or Stateful (DHCPv6). • Disable: Disables the automatic assignment of IPv6 addresses t

2 Using the Wizard SetupOverviewThe Wizard Setup provides an easy way to quickly configure basic settings on the R110/R120 and make the router operati

110 IPv6 configurationVLAN (Default) SettingsSets the IPv6 settings for the local VLAN.• Enable DHCP-PD: Enables the Prefix Delegation feature that au

DHCPv6 client list 111• Username: Enter the name assigned by the ISP. (Do not use characters ` " & ' # \)• Password: Enter the password

112 IPv6 configurationMLD settingsMulticast Listener Discovery (MLD) proxy enables the router to issue MLD host messages on behalf of hosts that the r

12 Q o S c o n fig u ra t i o nThe bandwidth gap between the LAN and WAN may significantly degrade performance of critical network applications, suc

114 QoS configurationTraffic shapingThe Traffic Shaping page enables the bandwidth of the WAN port output queues to be configured. For higher priority

Traffic mapping 115Traffic mappingUp to 16 rules can be defined to classify traffic into DiffServ forwarding groups and outgoing connections. These ru

116 QoS configurationMap to Forwarding QueueMaps the traffic to one of the WAN port forwarding queues. Queue 1 is the lowest priority queue and queue

13 U S B c o n f i g u r a t i o nThe router provides a USB 2.0-compliant port for network-connected users to share files through FTP or File Sharin

118 USB configurationAuthoritySets the file sharing access rights for an FTP user; either Read and Write or Read. An FTP user with Read access can onl

FTP settings 119with Read and Write access can download and upload files to the shared folder, however they cannot delete or modify any existing share

12 Using the Wizard SetupSelect to configure the system time manually or have it automatically configured by an NTP server. You can also enable suppor

120 USB configurationSafe removalTo ensure USB data correctness, this router supports a USB safe removal function. Click Remove before unplugging a US

Viewing tools status 12114 To o l sThe router includes a number af system tools for managing software and configuration files, troubleshooting networ

122 ToolsThis page includes the following settings:Firmware VersionDisplays the software versions installed on the router. • Active Image: The version

Saving configuration settings 123Backup settingsSelect to backup the router’s settings. Select HTTP or TFTP as the transfer method (TFTP requires the

124 ToolsPingPing is a network tool that sends ICMP ECHO_REQUEST datagrams to a remote host and elicits an ICMP ECHO_RESPONSE datagrams from the remot

Nslookup 125NslookupNslookup is a DNS client that sends DNS requests to a DNS server to find the corresponding IP address of a target host name, or th

126 ToolsEmail alertThe Email alert feature allows the router to automatically send email messages when an event at or above a configured severity lev

Email alert 127To E-mail AddressThe recipient email address of the alert messages.SMTP Server AddressThe IPv4 or IPv6 address of the mail server.SMTP

128 ToolsSchedulingThe Scheduling feature enables the scheduling of access control and LAN server rules. Each access control or LAN server rule can be

Support file 129Support fileThis function allows you download the router's information for support assistance. The file is saved on your local co

Wizard Setup 13DHCP IP AddressA dynamic connection type is the most common method used with cable modems. In many cases, setting the connection type t

130 Tools

15 Support and other resourcesOnline documentationYou can download documentation from the HP Support Center website at:www.hp.com/support/manuals. Sea

132 Support and other resourcesConventionsThe following conventions are used in this guide.Management toolThis guide uses specific syntax when directi

A Resetting to factory defaultsFactory reset proceduresTo force the router into its factory default state, follow the procedures in this section.Cauti

134

B Factory default settingsFeature Parameter DefaultMode System Mode RouterAdmin General Settings System Name HP-R110 / HP-R120System Location NullSyst

136System logs System Log Level INFORMATIONALMax Size 256Log Prefix NullRemote Syslog Configuration DisabledRemote IP Address NullRemote Port 514Remot

137DDNS Enable DDNS DisabledDDNS Server DynDNS.orgDomain Name NullUsername NullPassword NullMAC Clone MAC Address Use router MACLAN Settings IP Addres

138R110 Wireless, Basic Enabled Radio EnabledRadio Band 2.4GHzRadio Mode 11b/g/n MixedChannel AutoBandwidth 20 MHzEnable Schedule Rules DisabledVAP 1

139R120 Wireless 5GHz, BasicEnabled Radio EnabledRadio Mode 11ac/n/aChannel AutoBandwidth 20/40/80 MHzEnable Schedule Rules DisabledVAP 1 SSID Enabled

14 Using the Wizard SetupPPPoEThe Point-to-Point Protocol over Ethernet (PPPoE) is a common WAN protocol that provides a secure “tunnel” connection be

140MAC Authentication Filter Block all stations in listSSID HP1MAC Address None configuredVPN Enable IPSec DisabledEnable L2TP over IPSec DisabledEnab

141IPv6 IPv6 Connection DisabledMLD Proxy DisabledDHCP-PD EnabledQoS QoS EnabledTraffic Mapping DisabledUSB User Account DisabledFile Sharing Disabled

142

Wizard Setup 15L2TPThe Layer 2 Tunneling Protocol (L2TP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure “tun

16 Using the Wizard SetupEnable RadioEnables the 2.4 GHz or 5 GHz wireless section of your LAN. When disabled, no wireless computers can gain access t

Wizard Setup 17Configure the primary SSIDThe R110 allows you to create up to four wireless communities, and the R120 allows you to create up to eight

18 Using the Wizard SetupWPA and WPA2: Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP, replacing WEP

Wizard Setup 19• Key Type:Hexadecimal (characters 0-9, a-f, and A-F)ASCII (characters 0-9, a-z, and A-Z)• Key 1-4 String: Enter encryption keysHexadec

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties f

20 Using the Wizard Setup• Secondary RADIUS Server: Enter the IPv4 address for a backup RADIUS server. If authentication fails with the primary server

Wizard Setup 21Enable RadioShows if the router’s wireless radio is enabled. The R120 includes a radio setting for 2.4 GHz and 5 GHz.Radio BandThe oper

22 Using the Wizard Setup

3 Managing the HP R110/R120 systemThe HP R110/R120 is managed via its web-based management interface using Microsoft Internet Explorer 8 or later, Goo

24 Managing the HP R110/R120 systemThe Status page includes these items:Device InformationShows the router's software version, hardware serial nu

General administration settings 25General administration settingsThe Admin page configures the following settings for the router:System information (G

26 Managing the HP R110/R120 systemHTTP ServerHTTPS ServerThe router software includes HTTP and HTTPS functionality to enable communication with your

System time settings 27Set system timeThis section displays the current system time. You can configure the time manually or have it automatically conf

28 Managing the HP R110/R120 systemDaylight savingUse this section to enable support for daylight saving time, if required for your location. When you

Managing system logs 29get or set SNMP information on the router. By default, the name is set to private. (Do not use characters ` " & '

3Contents1 Deploying the HP R110/R120 ...72 Using the Wizard Setup ...

30 Managing the HP R110/R120 system• Notice indicates normal but significant conditions.• Informational indicates informational messages.• Debug indic

Proxy ARP settings 31Proxy ARP settingsProxy ARP (Address Resolution Protocol) is a mechanism that enables a computer in a network connected to a rout

32 Managing the HP R110/R120 systemTo configure Proxy ARP, set the following options: Enable ARP ProxyEnables the feature on the router.Name A text na

Rebooting the router 33Rebooting the routerFor maintenance purposes or as a troubleshooting measure, you can reboot the HP R110/R120 by selecting Rebo

34 Managing the HP R110/R120 systemInterface StatisticsDisplays a summary of traffic statistics for the WAN and LAN ports.Set the poll interval for up

4 WAN configurationThe WAN pages are used to configure the parameters for your Internet connection. The information necessary to set up a connection c

36 WAN configurationDDNSThe status of a dynamic DNS service.MAC CloneIndicates if the WAN port MAC address has been copied from a LAN computer.Setting

Settings 37This page includes the following information:Connection TypeSelect Static IP Address as the router’s method of connecting to the ISP.IP Add

38 WAN configurationThis page includes the following information:Connection TypeSelect PPPoE as the router’s method of connecting to the ISP.UsernameE

Settings 39MTU Sets the size of the Maximum Transmission Unit (MTU) for the largest packet that the network protocol can transmit.Manual Connection: Y

4DHCP client list...

40 WAN configurationServer IPEnter the PPTP server IPv4 address as assigned by your ISP. UsernameEnter your ISP-assigned user name. (Do not use charac

DDNS 41PasswordEnter your password (usually assigned by your ISP). (Do not use characters ` " & ' # \)Confirm PasswordEnter the password

42 WAN configurationThe DDNS related parameters are described as follows:Enable DDNSSelect to use a Dynamic DNS service. DDNS ServerThis is the name o

5 LAN configurationThe HP R110/R120 router is equipped with a DHCP server that automatically assigns IP addresses to each computer on your network. Th

44 LAN configurationThis page includes the following information:LANDisplays current settings for the default VLAN.• MAC address: The Ethernet base MA

LAN Settings 45This page includes the following settings:IP AddressThe IPv4 address of the router for the default VLAN.Subnet MaskThere should be no n

46 LAN configurationDHCP relayDynamic Host Configuration Protocol (DHCP) can dynamically allocate IP addresses and other configuration information to

DHCP client list 47DHCP client listThe DHCP Clients List displays the IP address, host name, MAC address, and client type of each client that has requ

48 LAN configurationOn the Add VLAN page, you can set the parameters to configure the behavior of VLANs.This page includes the following settings:Name

IGMP settings 49Enable IGMP SnoopingEnables the feature that blocks unnecessary IP multicast traffic from flooding VLAN ports without a specific multi

5DHCPv6 client list ...

50 LAN configuration

6 Wireless configurationThe wireless settings section displays configuration settings for the access point functionality of the router. The sections i

52 Wireless configurationThis page includes the following information:WirelessDisplays the basic radio settings and the status of other features.• Rad

Basic wireless settings 53This page includes the following settings:Enable RadioEnables the wireless section of your LAN. When disabled, no wireless c

54 Wireless configuration• 11b/g/n Mixed: (Compatibility mode.) Up to 11 Mbps for 802.11b, 54 Mbps for 802.11g, and 450 Mbps for 802.11n. If support f

Basic wireless settings 55Configuring virtual access point interfacesThe router supports up to four virtual access point (VAP) interfaces per radio; a

56 Wireless configurationConfiguring wireless securityThe router’s wireless interface is configured by default as an open system, which broadcasts a b

Basic wireless settings 57• WPA2: The Enterprise mode of WPA2 using AES encryption. If all clients in the network are WPA2 compatible, select this opt

58 Wireless configurationWEP security includes the following settings:Authentication ModeLeave as OPEN to configure WEP security. The static WEP secur

Basic wireless settings 59Re-Key IntervalWhen using 802.1X dynamic WEP keys, enter the interval at which the router refreshes the keys for each associ

6

60 Wireless configurationSession Key IntervalEnter the interval at which the router refreshes session (unicast) keys for each client associated with t

Basic wireless settings 61WPA/WPA2 enterpriseIf you have a mix of wireless clients, some of which support WPA2 (AES) and others which support only the

62 Wireless configurationWPA/WPA2-PSK security includes the following settings:Authentication ModeSelect WPA/WPA2-PSK Mixed to display all settings fo

Basic wireless settings 63The RADIUS server configuration includes the following settings:Primary RADIUS ServerEnter the IPv4 address for the primary

64 Wireless configurationAdvanced wireless settingsThe Advanced wireless settings page includes additional parameters concerning the wireless network.

Advanced wireless settings 65The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Support of the 400ns interval is opti

66 Wireless configurationWDS settingsThe router supports WDS (wireless Distribution System). WDS enables one or more access points to rebroadcast rece

WPS settings 67WPS settingsWi-Fi Protected Setup (WPS) is designed to be a convenient method to securely add new clients to a wireless network. WPS ha

68 Wireless configurationEnter the 8-digit PIN number and click Start to activate the PIN method. If the WPS function is working correctly, you should

WMM settings 69Enable Power SavingThe WMM-Power Save feature enables mobile client devices to save a significant amount of battery life by going into

1 Deploying the HP R110/R120In a small office, the HP R110/R120 can be directly connected to a broadband modem (DSL or cable) to provide secure wirele

70 Wireless configurationMAC authentication settingsFor a more secure wireless network, you can specify that only certain wireless computers can conne

Viewing the client list 71Viewing the client listThe Client List page allows you to view all the wireless clients currently associated with the router

72 Wireless configuration

7 VPN configurationThe router includes a Virtual Private Network feature to provide a secure link between remote users and the corporate network by es

74 VPN configurationVPN settingsThe VPN Settings page allows you to add and edit IPSec, L2TP over IPSec, and PPTP connections for the router. When cre

VPN settings 75This page includes the following settings:VPN Tunnel Parameters• Tunnel Type: Select IPSec as the tunnel type.• Tunnel Name: Enter a de

76 VPN configurationIf ID_FQDN or ID_USER_FQDN (fully qualified domain name) is selected, enter the name for the Remote Party ID in the text box next

VPN settings 77L2TP over IPSec settingsThe Layer 2 Tunneling Protocol is a common connection method used for VPN connections. You can specify the deta

78 VPN configuration• Enable Auto Reconnect: For L2TP client connections, you can automatically reconnect when there is activity after a disconnection

VPN passthrough settings 79This page includes the following settings:VPN Tunnel Parameters• Tunnel Type: Select PPTP as the tunnel type.• Tunnel Name:

8 Deploying the HP R110/R120In the following scenario, HP R110/R120 #1 provides wireless network services to the employees in the main office, while H

80 VPN configuration

8 Routing configurationRouting configuration allows a static and dynamic methods to set up routing between networks. The network administrator configu

82 Routing configurationThis page includes the following information:Status• RIP: The current status of RIP on the router.• RIPng: The current status

IPv4 Dynamic route settings 83InterfaceThe VLAN interface used to route data to the network specified by the destination network address.MetricA numbe

84 Routing configuration• Enable: RIP is enabled for the interface. The router will transmit and receive RIP update information to and from other RIP-

Viewing the IPv6 routing table 85DestinationEnter the IP address of the destination host or network to which the route leads.Subnet MaskEnter the IPv4

86 Routing configurationInterfaceThe VLAN interface used to route data to the network specified by the destination network address.MetricA number used

IPv6 Static route settings 87Prefix LengthEnter the IPv6 prefix length for the destination host or network. GatewayEnter the IP address of the gateway

88 Routing configuration

9 Firewall configurationYour router is equipped with a firewall that will protect your network from a wide array of common hacker attacks, including D

9In the following scenario, four HP R110/R120s provide a virtual private network (VPN) across the Internet between a headquarters and three branch off

90 Firewall configurationSecurity settingsThe Security page allows you to configure global security parameters for the router.This page includes the f

Security settings 91“telling” the router which way it needs the firewall configured. The router ships with the UPnP feature disabled. If you are using

92 Firewall configurationClient filteringThe router can be configured to restrict access to the Internet, email, or other network services on specific

MAC filtering 93MAC filteringYou can deny traffic from certain known machines or devices. Use its MAC address to identify a computer or device on the

94 Firewall configurationURL filteringThe URL Filter feature blocks access to websites based on matching a specified URL address or specific keywords

Content filtering 95URL Filtering Deny ListThe list of URL text and keywords that match blocked websites for computers on the LAN.Exclusion ListThe li

96 Firewall configurationThis page includes the following settings:EnableEnables the SPI features on the router.Connection Policy• Fragmentation half-

SPI settings 97DoS Detect Criteria• Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished sessions that cause the software to

98 Firewall configuration

10 NAT configurationNetwork Address Translation (NAT) is a commonly used IP translation and mapping technology. It is a technology that allows your ne