Comtrend WAP5813n Router Manual PDF (Setup & Configuration Guide)

Page 66 / 76 Scroll up to view Page 61 - 65

65

8.7

Save and Reboot

To save the current configuration and reboot the router, click

Save/Reboot

.

NOTE:

You may need to close the browser window and wait for 2 minutes before

reopening it.

It may also be necessary, to reset your PC IP configuration.

Page 67 / 76

66

Appendix A

– Firewall

STATEFUL PACKET INSPECTION

Refers to an architecture, where the firewall keeps track of packets on each

connection traversing all its interfaces and makes sure they are valid. This is in

contrast to static packet filtering which only examines a packet based on the

information in the packet header.

DENIAL OF SERVICE ATTACK

Is an incident in which a user or organization is deprived of the services of a

resource they would normally expect to have. Various DoS attacks the device can

withstand are ARP Attack, Ping Attack, Ping of Death, Land, SYN Attack, Smurf

Attack, and Tear Drop.

TCP/IP/PORT/INTERFACE FILTER

These rules help in the filtering of traffic at the Network layer (i.e. Layer 3).

When a Routing interface is created,

Enable Firewall

must be checked.

Navigate to Advanced Setup

Æ

Security

Æ

IP Filtering.

OUTGOING IP FILTER

Helps in setting rules to DROP packets from the LAN interface. By default, if the

Firewall is Enabled, all IP traffic from the LAN is allowed. By setting up one or more

filters, specific packet types coming from the LAN can be dropped.

Example 1

:

Filter Name

: Out_Filter1

Protocol

: TCP

Source IP address

: 192.168.1.45

Source Subnet Mask

: 255.255.255.0

Source Port

: 80

Dest. IP Address

: NA

Dest. Subnet Mask

: NA

Dest. Port

: NA

This filter will Drop all TCP packets coming from the LAN with IP

Address/Subnet Mask of 192.168.1.45/24 having a source port of 80

irrespective of the destination. All other packets will be Accepted.

Example 2

:

Filter Name

: Out_Filter2

Protocol

: UDP

Source IP Address

: 192.168.1.45

Source Subnet Mask

: 255.255.255.0

Source Port

: 5060:6060

Dest. IP Address

: 172.16.13.4

Dest. Subnet Mask

: 255.255.255.0

Dest. Port

: 6060:7070

This filter will drop all UDP packets coming from the LAN with IP Address /

Subnet Mask of 192.168.1.45/24 and a source port range of 5060 to 6060,

destined to 172.16.13.4/24 and a destination port range of 6060 to 7070.

INCOMING IP FILTER

Helps in setting rules to Allow or Deny packets from the WAN interface. By default,

all incoming IP traffic from the WAN is Blocked, if the Firewall is Enabled. By setting

up one or more filters, specific packet types coming from the WAN can be Accepted.

Page 68 / 76

67

Example 1

:

Filter Name

: In_Filter1

Protocol

: TCP

Policy

: Allow

Source IP Address

: 210.168.219.45

Source Subnet Mask

: 255.255.0.0

Source Port

: 80

Dest. IP Address

: NA

Dest. Subnet Mask

: NA

Dest. Port

: NA

Selected WAN interface : br0

This filter will ACCEPT all TCP packets coming from WAN interface “br0” with IP

Address/Subnet Mask 210.168.219.45/16 with a source port of 80, irrespective

of the destination. All other incoming packets on this interface are DROPPED.

Example 2

:

Filter Name

: In_Filter2

Protocol

: UDP

Policy

: Allow

Source IP Address

: 210.168.219.45

Source Subnet Mask

: 255.255.0.0

Source Port

: 5060:6060

Dest. IP Address

: 192.168.1.45

Dest. Sub. Mask

: 255.255.255.0

Dest. Port

: 6060:7070

Selected WAN interface : br0

This rule will ACCEPT all UDP packets coming from WAN interface “br0” with IP

Address/Subnet Mask 210.168.219.45/16 and a source port in the range of

5060 to 6060, destined to 192.168.1.45/24 and a destination port in the range

of 6060 to 7070. All other incoming packets on this interface are DROPPED.

MAC LAYER FILTER

These rules help in the filtering of Layer 2 traffic. MAC Filtering is only effective in

Bridge mode. After a Bridge mode connection is created, navigate to Advanced

Setup

Æ

Security

Æ

MAC Filtering in the WUI.

Example 1

:

Global Policy

: Forwarded

Protocol Type

: PPPoE

Dest. MAC Address

: 00:12:34:56:78:90

Source MAC Address

: NA

Src. Interface

: eth1

Dest. Interface

: eth2

Addition of this rule drops all PPPoE frames going from eth1 to eth2 with a

Destination MAC Address of 00:12:34:56:78:90 irrespective of its Source MAC

Address. All other frames on this interface are forwarded.

Example 2

:

Global Policy

: Blocked

Protocol Type

: PPPoE

Dest. MAC Address

: 00:12:34:56:78:90

Source MAC Address

: 00:34:12:78:90:56

Src. Interface

: eth1

Dest. Interface

: eth2

Addition of this rule forwards all PPPoE frames going from eth1 to eth2 with a

Destination MAC Address of 00:12:34:56:78 and Source MAC Address of

00:34:12:78:90:56. All other frames on this interface are dropped.

Page 69 / 76

68

DAYTIME PARENTAL CONTROL

This feature restricts access of a selected LAN device to an outside Network through

the WAP-5813n, as per chosen days of the week and the chosen times.

Example

:

User Name

: FilterJohn

Browser's MAC Address : 00:25:46:78:63:21

Days of the Week

: Mon, Wed, Fri

Start Blocking Time

: 14:00

End Blocking Time

: 18:00

With this rule, a LAN device with MAC Address of 00:25:46:78:63:21 will have

no access to the WAN on Mondays, Wednesdays, and Fridays, from 2pm to 6pm.

On all other days and times, this device will have access to the outside

Network.

Page 70 / 76

69

Appendix B

– Pin Assignments

ETHERNET Ports (RJ45)

Definition

1

Transmit data+

5

NC

2

Transmit data-

6

Receive data-

3

Receive data+

7

NC

4

NC

8

NC

Rate

Popular Comtrend Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share