38

Chapter 9 °

Bandwidth Control

1 )

IP Range:

Enter the IP address. The field can be single IP address or IP address range according

to your demands. When you configure the single IP address, the computer with this IP

address will get independent given bandwidth. When you configure the IP address range, all

computers in the range will share the given bandwidth.

2 )

Port Range:

Keep the default settings. The default port range of TCP protocol or UDP protocol

is from 1 to 65535.

3 )

Protocol:

Keep the default setting. Or you can choose the TCP protocol or UDP protocol or

both of them.

4 )

Priority:

Keep the default setting. You can change the value if you want to first guarantee the

bandwidth for one computer. The smaller value has the higher priority.

5 )

Upstream/Downstream:

Enter the bandwidth according to your division.

6 )

Check to enable this entry and click

OK

to save the settings.

6. Follow the steps above to add a rule for the other computer. And then you will get the following

table.

Now you and your roommate have an independent bandwidth.

Done!

39

Chapter 10 °

Network Security

Network Security

This chapter guides you on how to protect your home network from cyber

attacks and unauthorized users by implementing these three network security

functions. You can protect your home network against DoS (Denial of Service)

attacks from flooding your network with server requests using DoS Protection,

block or allow specific client devices to access your network using Access

Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC

Binding function.

This chapter contains the following sections:

•

Protect the Network from Cyber Attacks

•

Access Control

•

IP & MAC Binding

10. 1.

Protect the Network from Cyber Attacks

The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection

protect the router from cyber attacks.

The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the router based on the protocol. This

function is enabled by default, and it’s recommended to keep the default setting.

DoS Protection can protect your home network against DoS attacks from flooding your network with server requests. Follow

the steps below to configure DoS Protection.

1.

Visit

http://tplinkwifi.net

, and log in with the username and password you set for the router.

2.

Go to

Advanced

>

Security

>

Settings

.

3.

Enable

DoS Protection

.

4.

Set the level (

Off

,

Low

,

Middle

or

High

) of protection for

ICMP-FLOOD Attack Filtering

,

UDP-FlOOD Attack Filtering

and

TCP-SYN-FLOOD Attack Filtering

.

•

ICMP-FLOOD Attack Filtering

- Enable to prevent the Internet Control Message Protocol (ICMP) flood attack.

•

UDP-FlOOD Attack Filtering

- Enable to prevent the User Datagram Protocol (UDP) flood attack.

•

TCP-SYN-FLOOD Attack Filtering

- Enable to prevent the Transmission Control Protocol-Synchronize (TCP-SYN) flood attack.

10

40

Chapter 10 °

Network Security

Tips:

The level of protection is based on the traffic packets number. The protection will be triggered immediately when the

number of packets exceeds the preset threshold value (the value can be set on

Advanced

>

System Tools

>

System

Parameters

>

DoS Protection Level Settings

), and the vicious host will be displayed in the

Blocked DoS Host List

.

5.

Select

Forbid Lan Ping

if you want to ignore the ping packets from LAN port.

6.

Select

Forbid Wan Ping

if you want to ignore the ping packets from WAN port.

7.

Click

Save

to make the settings effective.

10. 2.

Access Control

Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of

blocked devices (Blacklist) or a list of allowed devices (Whitelist).

Block or allow specific client devices to access my network (via wired or wireless).

1. Visit

http://tplinkwifi.net

, and log in with the username and password you set for the router.

2. Go to

Advanced

>

Security

>

Access Control

.

3. Enable

Access Control

.

4. Select the access mode to either block (recommended) or allow the device(s) in the list.

To block specific device(s)

1 ) Select

Blacklist

.

2 )

Select the device(s) to be blocked in the

Devices Online

table.

3 )

Click

Block

above the

Devices Online

table. The selected devices will be added to

Devices in

Blacklist

automatically.

I want to:

How can I

do that?

41

Chapter 10 °

Network Security

To allow specific device(s)

1 )

Select

Whitelist

and click

Save

.

2 ) Click

Add

.

3 )

Enter the

Device Name

and

MAC Address

(You can copy and paste the information from the

following list if the device is connected to your network).

4 ) Click

OK

.

Now you can block or allow specific client devices to access your network (via wired or wireless)

using the

Blacklist

or

Whitelist

.

10. 3.

IP & MAC Binding

IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind network device’s IP address to its MAC

address. This will prevent ARP Spoofing and other ARP attacks by denying network access to an device with matching IP

address in the Binding list, but unrecognized MAC address.

Prevent ARP spoofing and ARP attacks.

1. Visit

http://tplinkwifi.net

, and log in with the username and password you set for the router.

2. Go to

Advanced

>

Security

>

IP & MAC Binding.

Done!

I want to:

How can I

do that?

42

Chapter 10 °

Network Security

3. Enable

IP & MAC Binding

.

4. Bind your device(s) according to your need.

To bind the connected device(s)

1 )

Select the device(s) to be bound in the

ARP List

.

2 )

Click

Bind

to add to the

Binding List

.

To bind the unconnected device

1 ) Click

Add

.

2 )

Enter the

MAC address

and

IP address

that you want to bind.

3 )

Select the checkbox to enable the entry and click

OK

.

Now you don’t need to worry about ARP spoofing and ARP attacks.

Done!