Advanced Help for the Dlink DIR-657Router Sceenshot
D-LINK CORPORATION, INC | WIRELESS ROUTER | HOME : DIR-657 : A1 : 1.00NA SETUP ADVANCED TOOLS STATUS SUPPORT MENU SETUP ADVANCED TOOLS STATUS SUPPORT MENU Virtual Server Port Forwarding Application Rules QoS Engine Network Filter Access Control Website Filter Inbound Filter Firewall Settings Routing Advanced Wireless WISH Wi-FI Protected Setup Advanced Network GUEST ZONE IPv6 IPv6 FIREWALL IPv6 ROUTING Virtual Server The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a public port on your router for redirection to an internal LAN IP Address and LAN port. Example: You are hosting a Web Server on a PC that has LAN IP Address of 192.168.0.50 and your ISP is blocking Port 80. Name the Virtual Server (for example: Web Server ) Enter the IP Address of the machine on your LAN (for example: 192.168.0.50 Enter the Private Port as  Enter the Public Port as  Select the Protocol (for example TCP ). Ensure the schedule is set to Always Click Save to add the settings to the Virtual Servers List Repeat these steps for each Virtual Server Rule you wish to add. After the list is complete, click Save Settings at the top of the page. With this Virtual Server entry, all Internet traffic on Port 8888 will be redirected to your internal web server on port 80 at IP Address 192.168.0.50. Virtual Server Parameters Name Assign a meaningful name to the virtual server, for example Web Server . Several well-known types of virtual server are available from the "Application Name" drop-down list. Selecting one of these entries fills some of the remaining parameters with standard values for that type of server. IP Address The IP address of the system on your internal network that will provide the virtual service, for example 192.168.0.50 . You can select a computer from the list of DHCP clients in the "Computer Name" drop-down menu, or you can manually enter the IP address of the server computer. Traffic Type Select the protocol used by the service. The common choices -- UDP, TCP, and both UDP and TCP -- can be selected from the drop-down menu. To specify any other protocol, select "Other" from the list, then enter the corresponding protocol number ( as assigned by the IANA ) in the Protocol box. Private Port The port that will be used on your internal network. Public Port The port that will be accessed from the Internet. Inbound Filter Select a filter that controls access as needed for this virtual server. If you do not see the filter you need in the list of filters, go to the Advanced→Inbound Filter ). screen and create a new filter. Schedule Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules, go to the Tools→Schedules screen and create a new schedule. 24 -- Virtual Servers List Use the checkboxes at the left to activate or deactivate completed Virtual Server entries. Note: You might have trouble accessing a virtual server using its public identity (WAN-side IP-address of the gateway or its dynamic DNS name) from a machine on the LAN. Your requests may not be looped back or you may be redirected to the "Forbidden" page. This will happen if you have an Access Control Rule configured for this LAN machine. The requests from the LAN machine will not be looped back if Internet access is blocked at the time of access. To work around this problem, access the LAN machine using its LAN-side identity. Requests may be redirected to the "Forbidden" page if web access for the LAN machine is restricted by an Access Control Rule. Add the WAN-side identity (WAN-side IP-address of the router or its dynamic DNS name) on the Advanced→Web Filter screen to work around this problem. Port Forwarding Multiple connections are required by some applications, such as internet games, video conferencing, Internet telephony, and others. These applications have difficulties working through NAT (Network Address Translation). This section is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. You can enter ports in various formats: Range (50-100) Individual (80, 68, 888) Mixed (1020-5000, 689) Example: Suppose you are hosting an online game server that is running on a PC with a private IP Address of 192.168.0.50. This game requires that you open multiple ports (6159-6180, 99) on the router so Internet users can connect. Port Forwarding Fields Name Give the rule a name that is meaningful to you, for example Game Server . You can also select from a list of popular games, and many of the remaining configuration values will be filled in accordingly. However, you should check whether the port values have changed since this list was created, and you must fill in the IP address field. IP Address Enter the local network IP address of the system hosting the server, for example 192.168.0.50 . TCP Ports To Open Enter the TCP ports to open (for example 6159-6180, 99 ). UDP Ports To Open Enter the UDP ports to open (for example 6159-6180, 99 ). Inbound Filter Select a filter that controls access as needed for this rule. If you do not see the filter you need in the list of filters, go to the Advanced→Inbound Filter screen and create a new filter. Schedule Select a schedule for the times when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools→Schedules screen and create a new schedule. With the above example values filled in and this Port Forwarding Rule enabled, all TCP and UDP traffic on ports 6159 through 6180 and port 99 is passed through the router and redirected to the Internal Private IP Address of your Game Server at 192.168.0.50. Note that different LAN computers cannot be associated with Port Forwarding rules that contain any ports in common; such rules would contradict each other. 24 -- Port Forwarding Rules Enable or disable defined rules with the checkboxes at the left. Application Rules An application rule is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. An application rule applies to all computers on your internal network. Parameters for an Application Rule Example: You need to configure your router to allow a software application running on any computer on your network to connect to a web-based server or another user on the Internet. Name Enter a name for the Special Application Rule, for example Game App , which will help you identify the rule in the future. Alternatively, you can select from the Application list of common applications. Application Instead of entering a name for the Special Application rule, you can select from this list of common applications, and the remaining configuration values will be filled in accordingly. Trigger Port Enter the outgoing port range used by your application (for example 6500-6700 ). Trigger Traffic Type Select the outbound protocol used by your application (for example Both ). Firewall Port Enter the port range that you want to open up to Internet traffic (for example 6000-6200 ). Firewall Traffic Type Select the protocol used by the Internet traffic coming back into the router through the opened port range (for example Both ). Schedule Select a schedule for when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools→Schedules screen and create a new schedule. With the above example application rule enabled, the router will open up a range of ports from 6000-6200 for incoming traffic from the Internet, whenever any computer on the internal network opens up an application that sends data to the Internet using a port in the range of 6500-6700. 24 -- Application Rules This section is where you define application rules. Enable or disable defined rules with the checkboxes at the left. QoS Engine The QoS Engine feature helps improve your network performance by prioritizing applications. Automatic Classification This option is enabled by default so that your router will automatically determine which programs should have network priority. For best performance, use the Automatic Classification option to automatically set the priority for your applications. Dynamic Fragmentation This option should be enabled when you have a slow Internet uplink. It helps to reduce the impact that large low priority network packets can have on more urgent ones by breaking the large packets into several smaller packets. QoS Engine Rules A QoS Engine Rule identifies a specific message flow and assigns a priority to that flow. For most applications, automatic classification will be adequate, and specific QoS Engine Rules will not be required. The QoS Engine supports overlaps between rules, where more than one rule can match for a specific message flow. If more than one rule is found to match the rule with the highest priority will be used. Name Create a name for the rule that is meaningful to you. Priority The priority of the message flow is entered here -- 1 receives the highest priority (most urgent) and 255 receives the lowest priority (least urgent). Protocol The protocol used by the messages. Local IP Range The rule applies to a flow of messages whose LAN-side IP address falls within the range set here. Local Port Range The rule applies to a flow of messages whose LAN-side port number is within the range set here. Remote IP Range The rule applies to a flow of messages whose WAN-side IP address falls within the range set here. Remote Port Range The rule applies to a flow of messages whose WAN-side port number is within the range set here. 10 -- QoS Engine Rules This section is where you define QoS Engine Rules. Enable or disable defined rules with the checkboxes at the left. MAC Address Filter (Network Filter) The MAC address filter section can be used to filter network access by machines based on the unique MAC addresses of their network adapter(s). It is most useful to prevent unauthorized wireless devices from connecting to your network. A MAC address is a unique ID assigned by the manufacturer of the network adapter. 24 -- MAC Filtering Rules Configure MAC Filtering When "OFF" is selected, MAC addresses are not used to control network access. When "ALLOW" is selected, only computers with MAC addresses listed in the MAC Address List are granted network access. When "DENY" is selected, any computer with a MAC address listed in the MAC Address List is refused access to the network. MAC Address Enter the MAC address of the desired. Computers that have obtained an IP address from the router's DHCP server will be in the DHCP Client List. Select a device from the drop down menu, then click the arrow to add that device's MAC address to the list. Clear Click the Clear button to remove the MAC address from the MAC Filtering list. Access Control The Access Control section allows you to control access in and out of devices on your network. Use this feature as Parental Controls to only grant access to approved sites, limit web access based on time or dates, and/or block access from applications such as peer-to-peer utilities or games. Enable By default, the Access Control feature is disabled. If you need Access Control, check this option. Note: When Access Control is disabled, every device on the LAN has unrestricted access to the Internet. However, if you enable Access Control, Internet access is restricted for those devices that have an Access Control Policy configured for them. All other devices have unrestricted access to the Internet. Policy Wizard The Policy Wizard guides you through the steps of defining each access control policy. A policy is the "Who, What, When, and How" of access control -- whose computer will be affected by the control, what internet addresses are controlled, when will the control be in effect, and how is the control implemented. You can define multiple policies. The Policy Wizard starts when you click the button below and also when you edit an existing policy. Add Policy Click this button to start creating a new access control policy. Policy Table This section shows the currently defined access control policies. A policy can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the Policy Wizard starts and guides you through the process of changing a policy. You can enable or disable specific policies in the list by clicking the "Enable" checkbox. Website Filter This section is where you add the Web sites to be used for Access Control. The Web sites listed here are used when the Web Filter option is enabled in Advanced→Access Control . Website Filter Parameters Website URL/Domain Enter the URL (address) of the Web Site that you want to allow; for example: google.com . Do not enter the http:// preceding the URL. Enter the most inclusive domain; for example, enter dlink.com and access will be permitted to both www.dlink.com and support.dlink.com . Note: Many web sites construct pages with images and content from other web sites. Access will be forbidden if you do not enable all the web sites used to construct a page. For example, to access my.yahoo.com , you need to enable access to yahoo.com , yimg.com , and doubleclick.net . 40 -- Website Filtering Rules The section lists the current denied or allowed web sites. Inbound Filter When you use the Virtual Server, Port Forwarding, or Remote Administration features to open specific ports to traffic from the Internet, you could be increasing the exposure of your LAN to cyberattacks from the Internet. In these cases, you can use Inbound Filters to limit that exposure by specifying the IP addresses of internet hosts that you trust to access your LAN through the ports that you have opened. You might, for example, only allow access to a game server on your home LAN from the computers of friends whom you have invited to play the games on that server. Inbound Filters can be used for limiting access to a server on your network to a system or group of systems. Filter rules can be used with Virtual Server, Gaming, or Remote Administration features. Each filter can be used for several functions; for example a "Game Clan" filter might allow all of the members of a particular gaming group to play several different games for which gaming entries have been created. At the same time an "Admin" filter might only allows systems from your office network to access the WAN admin pages and an FTP server you use at home. If you add an IP address to a filter, the change is effected in all of the places where the filter is used. Add/Update Inbound Filter Rule Here you can add entries to the Inbound Filter Rules List below, or edit existing entries. Name Enter a name for the rule that is meaningful to you. Action The rule can either Allow or Deny messages. Remote IP Range Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges. Add/Update Saves the new or edited Inbound Filter Rule in the following list. Clear Re-initializes the Add/Update area of the screen, erasing any changes that you may have made prior to clicking the Add/Update button. Inbound Filter Rules List The section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Update Inbound Filter Rule" section is activated for editing. In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied: Allow All Permit any WAN user to access the related capability. Deny All Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.) Firewall Settings The router provides a tight firewall by virtue of the way NAT works. Unless you configure the router to the contrary, the NAT does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to Internet cyberattackers. However, some network applications cannot run with a tight firewall. Those applications need to selectively open ports in the firewall to function correctly. The options on this page control several ways of opening the firewall to address the needs of specific types of applications. See also Advanced→Virtual Server , Advanced→Port Forwarding , Advanced→Application Rules , and Advanced→Network (UPnP) for related options. Firewall Settings Enable SPI SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks by tracking more state per session. It validates that the traffic passing through that session conforms to the protocol. When the protocol is TCP, SPI checks that packet sequence numbers are within the valid range for the session, discarding those packets that do not have valid sequence numbers. Whether SPI is enabled or not, the router always tracks TCP connection states and ensures that each TCP packet's flags are valid for the current state. NAT Endpoint Filtering The NAT Endpoint Filtering options control how the router's NAT manages incoming connection requests to ports that are already being used. Endpoint Independent Once a LAN-side application has created a connection through a specific port, the NAT will forward any incoming connection requests with the same port to the LAN-side application regardless of their origin. This is the least restrictive option, giving the best connectivity and allowing some applications (P2P applications in particular) to behave almost as if they are directly connected to the Internet. Address Restricted The NAT forwards incoming connection requests to a LAN-side host only when they come from the same IP address with which a connection was established. This allows the remote application to send data back through a port different from the one used when the outgoing session was created. Port And Address Restricted The NAT does not forward any incoming connection requests with the same port address as an already establish connection. Note that some of these options can interact with other port restrictions. Endpoint Independent Filtering takes priority over inbound filters or schedules, so it is possible for an incoming session request related to an outgoing session to enter through a port in spite of an active inbound filter on that port. However, packets will be rejected as expected when sent to blocked ports (whether blocked by schedule or by inbound filter) for which there are no active sessions. Port and Address Restricted Filtering ensures that inbound filters and schedules work precisely, but prevents some level of connectivity, and therefore might require the use of port triggers, virtual servers, or port forwarding to open the ports needed by the application. Address Restricted Filtering gives a compromise position, which avoids problems when communicating with certain other types of NAT router (symmetric NATs in particular) but leaves inbound filters and scheduled access working as expected. UDP Endpoint Filtering Controls endpoint filtering for packets of the UDP protocol. TCP Endpoint Filtering Controls endpoint filtering for packets of the TCP protocol. Formerly, the terms "Full Cone", "Restricted Cone", "Port Restricted Cone" and "Symmetric" were used to refer to different variations of NATs. These terms are purposely not used here, because they do not fully describe the behavior of this router's NAT. While not a perfect mapping, the following loose correspondences between the "cone" classification and the "endpoint filtering" modes can be drawn: if this router is configured for endpoint independent filtering, it implements full cone behavior; address restricted filtering implements restricted cone behavior; and port and address restricted filtering implements port restricted cone behavior. Anti-Spoof checking This mechanism protects against activity from spoofed or forged IP addresses, mainly by blocking packets appearing on interfaces and in directions which are logically not possible. DMZ Host DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer. When a LAN host is configured as a DMZ host, it becomes the destination for all incoming packets that do not match some other incoming session or rule. If any other ingress rule is in place, that will be used instead of sending packets to the DMZ host; so, an active session, virtual server, active port trigger, or port forwarding rule will take priority over sending a packet to the DMZ host. (The DMZ policy resembles a default port forwarding rule that forwards every port that is not specifically sent anywhere else.) The router provides only limited firewall protection for the DMZ host. The router does not forward a TCP packet that does not match an active DMZ session, unless it is a connection establishment packet (SYN). Except for this limited protection, the DMZ host is effectively "outside the firewall". Anyone considering using a DMZ host should also consider running a firewall on that DMZ host system to provide additional protection. Packets received by the DMZ host have their IP addresses translated from the WAN-side IP address of the router to the LAN-side IP address of the DMZ host. However, port numbers are not translated; so applications on the DMZ host can depend on specific port numbers. The DMZ capability is just one of several means for allowing incoming requests that might appear unsolicited to the NAT. In general, the DMZ host should be used only if there are no other alternatives, because it is much more exposed to cyberattacks than any other system on the LAN. Thought should be given to using other configurations instead: a virtual server, a port forwarding rule, or a port trigger. Virtual servers open one port for incoming sessions bound for a specific application (and also allow port redirection and the use of ALGs). Port forwarding is rather like a selective DMZ, where incoming traffic targeted at one or more ports is forwarded to a specific LAN host (thereby not exposing as many ports as a DMZ host). Port triggering is a special form of port forwarding, which is activated by outgoing traffic, and for which ports are only forwarded while the trigger is active. Few applications truly require the use of the DMZ host. Following are examples of when a DMZ host might be required: A host needs to support several applications that might use overlapping ingress ports such that two port forwarding rules cannot be used because they would potentially be in conflict. To handle incoming connections that use a protocol other than ICMP, TCP, UDP, and IGMP (also GRE and ESP, when these protocols are enabled by the PPTP and IPSec ALGs ). Enable DMZ Note: Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort. DMZ IP Address Specify the LAN IP address of the LAN computer that you want to have unrestricted Internet communication. If this computer obtains its address Automatically using DHCP, then you may want to make a static reservation on the Setup→Network Settings page so that the IP address of the DMZ computer does not change. Non-UDP/TCP/ICMP LAN Sessions When a LAN application that uses a protocol other than UDP, TCP, or ICMP initiates a session to the Internet, the router's NAT can track such a session, even though it does not recognize the protocol. This feature is useful because it enables certain applications (most importantly a single VPN connection to a remote host) without the need for an ALG. Note that this feature does not apply to the DMZ host (if one is enabled). The DMZ host always handles these kinds of sessions. Enable Enabling this option (the default setting) enables single VPN connections to a remote host. (But, for multiple VPN connections, the appropriate VPN ALG must be used.) Disabling this option, however, only disables VPN if the appropriate VPN ALG is also disabled. Application Level Gateway (ALG) Configuration Here you can enable or disable ALGs. Some protocols and applications require special handling of the IP payload to make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol or application. A number of ALGs for common applications are enabled by default. PPTP Allows multiple machines on the LAN to connect to their corporate networks using PPTP protocol. When the PPTP ALG is enabled, LAN computers can establish PPTP VPN connections either with the same or with different VPN servers. When the PPTP ALG is disabled, the router allows VPN operation in a restricted way -- LAN computers are typically able to establish VPN tunnels to different VPN Internet servers but not to the same server. The advantage of disabling the PPTP ALG is to increase VPN performance. Enabling the PPTP ALG also allows incoming VPN connections to a LAN side VPN server (refer to Advanced→Virtual Server ). IPSec (VPN) Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try disabling this option. Check with the system administrator of your corporate network whether your VPN client supports NAT traversal. Note that L2TP VPN connections typically use IPSec to secure the connection. To achieve multiple VPN pass-through in this case, the IPSec ALG must be enabled. RTSP Allows applications that use Real Time Streaming Protocol to receive streaming media from the internet. QuickTime and Real Player are some of the common applications using this protocol. Windows/MSN Messenger Supports use on LAN computers of Microsoft Windows Messenger (the Internet messaging client that ships with Microsoft Windows) and MSN Messenger. The SIP ALG must also be enabled when the Windows Messenger ALG is enabled. FTP Allows FTP clients and servers to transfer data across NAT. Refer to the Advanced→Virtual Server page if you want to host an FTP server. H.323 (Netmeeting) Allows H.323 (specifically Microsoft Netmeeting) clients to communicate across NAT. Note that if you want your buddies to call you, you should also set up a virtual server for NetMeeting. Refer to the Advanced→Virtual Server page for information on how to set up a virtual server. SIP Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices. If you are having trouble making VoIP calls, try turning this ALG off. Wake-On-LAN This feature enables forwarding of "magic packets" (that is, specially formatted wake-up packets) from the WAN to a LAN computer or other device that is "Wake on LAN" (WOL) capable. The WOL device must be defined as such on the Advanced→Virtual Server page. The LAN IP address for the virtual server is typically set to the broadcast address 192.168.0.255. The computer on the LAN whose MAC address is contained in the magic packet will be awakened. MMS Allows Windows Media Player, using MMS protocol, to receive streaming media from the internet. ROUTING Enable Specifies whether the entry will be enabled or disabled. Destination IP The IP address of packets that will take this route. Netmask One bits in the mask specify which bits of the IP address must match. Gateway Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: WAN. Metric The route metric is a value from 1 to 16 that indicates the cost of using this route. A value of 1 is the lowest cost, and 15 is the highest cost. A value of 16 indicates that the route is not reachable from this router. When trying to reach a particular destination, computers on your network will select the best route, ignoring unreachable routes. Interface Specifies the interface -- WAN -- that the IP packet must use to transit out of the router, when this route is used. Advanced Wireless Transmit Power Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area. By reducing the power of the radio, you can prevent transmissions from reaching beyond your corporate/home office or designated wireless area. Beacon Period Beacons are packets sent by a wireless router to synchronize wireless devices. Specify a Beacon Period value between 20 and 1000. The default value is set to 100 milliseconds. RTS Threshold When an excessive number of wireless packet collisions are occurring, wireless performance can be improved by using the RTS/CTS (Request to Send/Clear to Send) handshake protocol. The wireless transmitter will begin to send RTS frames (and wait for CTS) when data frame size in bytes is greater than the RTS Threshold. This setting should remain at its default value of 2346 bytes. Fragmentation Threshold Wireless frames can be divided into smaller units (fragments) to improve performance in the presence of RF interference and at the limits of RF coverage. Fragmentation will occur when frame size in bytes is greater than the Fragmentation Threshold. This setting should remain at its default value of 2346 bytes. Setting the Fragmentation value too low may result in poor performance. DTIM Interval A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages. When the wireless router has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Wireless clients detect the beacons and awaken to receive the broadcast and multicast messages. The default value is 1. Valid settings are between 1 and 255. 802.11d Enable Enables 802.11d operation. 802.11d is a wireless specification for operation in additional regulatory domains. This supplement to the 802.11 specifications defines the physical layer requirements (channelization, hopping patterns, new values for current MIB attributes, and other requirements to extend the operation of 802.11 WLANs to new regulatory domains (countries). The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable this option if you are operating in one of these "additional regulatory domains". --> WLAN Partition Enabling WLAN Partition prevents associated wireless clients from communicating with each other. WMM Enable Enabling WMM can help control latency and jitter when transmitting multimedia content over a wireless connection. Short GI Using a short (400ns) guard interval can increase throughput. However, it can also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. WISH WISH is short for Wireless Intelligent Stream Handling, a technology developed to enhance your experience of using a wireless network by prioritizing the traffic of different applications. WISH Enable WISH Enable this option if you want to allow WISH to prioritize your traffic. Priority Classifiers HTTP Allows the router to recognize HTTP transfers for many common audio and video streams and prioritize them above other traffic. Such streams are frequently used by digital media players. Windows Media Center Enables the router to recognize certain audio and video streams generated by a Windows Media Center PC and to prioritize these above other traffic. Such streams are used by systems known as Windows Media Extenders, such as the Xbox 360. Automatic When enabled, this option causes the router to automatically attempt to prioritize traffic streams that it doesn't otherwise recognize, based on the behavior that the streams exhibit. This acts to deprioritize streams that exhibit bulk transfer characteristics, such as file transfers, while leaving interactive traffic, such as gaming or VoIP, running at a normal priority. WISH Rules A WISH Rule identifies a specific message flow and assigns a priority to that flow. For most applications, the priority classifiers ensure the right priorities and specific WISH Rules are not required. WISH supports overlaps between rules. If more than one rule matches for a specific message flow, the rule with the highest priority will be used. Name Create a name for the rule that is meaningful to you. Priority The priority of the message flow is entered here. Four priorities are defined: BK: Background (least urgent). BE: Best Effort. VI: Video. VO: Voice (most urgent). Protocol The protocol used by the messages. Host 1 IP Range The rule applies to a flow of messages for which one computer's IP address falls within the range set here. Host 1 Port Range The rule applies to a flow of messages for which host 1's port number is within the range set here. Host 2 IP Range The rule applies to a flow of messages for which the other computer's IP address falls within the range set here. Host 2 Port Range The rule applies to a flow of messages for which host 2's port number is within the range set here. 24 -- WISH Rules This section is where you define WISH Rules. Enable or disable defined rules with the checkboxes at the left. Wi-Fi Protected Setup Wi-Fi Protected Setup Enable Enable the Wi-Fi Protected Setup feature. Lock Wireless Security Settings Locking the wireless security settings prevents the settings from being changed by any new external registrar using its PIN. Devices can still be added to the wireless network using Wi-Fi Protected Setup. It is still possible to change wireless network settings with Manual Wireless Network Setup , Wireless Network Setup Wizard , or an existing external WLAN Manager Registrar. PIN Settings A PIN is a unique number that can be used to add the router to an existing network or to create a new network. The default PIN may be printed on the bottom of the router. For extra security, a new PIN can be generated. You can restore the default PIN at any time. Only the Administrator ("admin" account) can change or reset the PIN. Current PIN Shows the current value of the router's PIN. Reset PIN to Default Restore the default PIN of the router. Generate New PIN Create a random number that is a valid PIN. This becomes the router's PIN. You can then copy this PIN to the user interface of the registrar. Add Wireless Station This Wizard helps you add wireless devices to the wireless network. The wizard will either display the wireless network settings to guide you through manual configuration, prompt you to enter the PIN for the device, or ask you to press the configuration button on the device. If the device supports Wi-Fi Protected Setup and has a configuration button, you can add it to the network by pressing the configuration button on the device and then the on the router within 60 seconds. The status LED on the router will flash three times if the device has been successfully added to the network. There are several ways to add a wireless device to your network. Access to the wireless network is controlled by a Registrar A registrar only allows devices onto the wireless network if you have entered the PIN, or pressed a special Wi-Fi Protected Setup button on the device. The router acts as a registrar for the network, although other devices may act as a registrar as well. Add Wireless Device with WPS Start the wizard. Advanced Network UPnP UPnP is short for Universal Plug and Play, which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. This router has optional UPnP capability, and can work with other UPnP devices and software. Enable UPnP If you need to use the UPnP functionality, you can enable it here. WAN Ping Pinging public WAN IP addresses is a common method used by hackers to test whether your WAN IP address is valid. Enable WAN Ping Respond If you leave this option unchecked, you are causing the router to ignore ping commands for the public WAN IP address of the router. WAN Port Speed Normally, this is set to "auto". If you have trouble connecting to the WAN, try the other settings. Multicast Streams The router uses the IGMP protocol to support efficient multicasting -- transmission of identical content, such as multimedia, from a source to a number of recipients. Enable Multicast Streams This option must be enabled if any applications on the LAN participate in a multicast group. If you have a multimedia LAN application that is not receiving content as expected, try enabling this option. : : : : : : : : : : : Ipv6 IPv6 : : : : : : : : : IPv6 IPv6 FIREWALL For each rule you can create a name and control the direction of traffic. You can also allow or deny a range of IP Addresses, the protocol and a port range.In order to apply a schedule to a firewall rule, your must first define a schedule on the Tools → Schedules page Copyright © 2004-2011 D-Link Corporation, Inc.