Archer C8

AC1750 Wireless Dual Band Gigabit Router

- 75 -



VPN -

VPN Passthrough must be enabled if you want to allow VPN tunnels using VPN

protocols to pass through the router.



PPTP

Passthrough

- Point-to-Point Tunneling Protocol (PPTP) allows the

Point-to-Point Protocol (PPP) to be tunneled through an IP network. To allow PPTP

tunnels to pass through the router, click

Enable

.



L2TP Passthrough

- Layer Two Tunneling Protocol (L2TP) is the method used to

enable Point-to-Point sessions via the Internet on the Layer Two level. To allow L2TP

tunnels to pass through the router, click

Enable

.



IPSec Passthrough

- Internet Protocol security (IPSec) is a suite of protocols for

ensuring private, secure communications over Internet Protocol (IP) networks, through

the use of cryptographic security services. To allow IPSec tunnels to pass through the

router, click

Enable

.



ALG -

It is recommended to enable Application Layer Gateway (ALG) because ALG allows

customized Network Address Translation (NAT) traversal filters to be plugged into the

gateway to support address and port translation for certain application layer "control/data"

protocols such as FTP, TFTP, H323 etc.



FTP ALG

- To allow FTP clients and servers to transfer data across NAT, click

Enable

.



TFTP ALG

- To allow TFTP clients and servers to transfer data across NAT, click

Enable

.



H323 ALG

- To allow Microsoft NetMeeting clients to communicate across NAT, click

Enable

.



RTSP ALG

- To allow some media player clients to communicate with some streaming

media servers across NAT, click

Enable

.

Click the

Save

button to save your settings.

5.11.2

Advanced Security

Choose menu “

Advanced

→

Security

→

Advanced Security

”, and then you can protect the router

from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood in the screen as shown in

Figure 5-59.

Archer C8

AC1750 Wireless Dual Band Gigabit Router

- 76 -

Figure 5-59 Advanced Security



Packets Statistics Interval (5~60) -

The default value is 10. Select a value between 5 and

60 seconds from the drop-down list. The Packets Statistics Interval value indicates the time

section of the packets statistics. The result of the statistics is used for analysis by SYN Flood,

UDP Flood and ICMP-Flood.



DoS Protection -

Denial of Service protection. Check the Enable or Disable button to

enable or disable the DoS protection function. Only when it is enabled, will the flood filters be

enabled.



Note:

Dos Protection will take effect only when the

Traffic Statistics

in “

Advanced

→

System Tool

→

Statistics

” is enabled.



Enable ICMP-FLOOD Attack Filtering

-

Enable or Disable the ICMP-FLOOD Attack

Filtering.



ICMP-FLOOD Packets Threshold (5~3600)

-

The default value is 50. Enter a value

between 5

~

3600. When the current ICMP-FLOOD Packets number is beyond the set value,

the router will startup the blocking function immediately.



Enable UDP-FLOOD Filtering

-

Enable or Disable the UDP-FLOOD Filtering.



UDP-FLOOD Packets Threshold (5~3600)

-

The default value is 500. Enter a value

between 5

~

3600. When the current UPD-FLOOD Packets number is beyond the set value,

the router will startup the blocking function immediately.

Archer C8

AC1750 Wireless Dual Band Gigabit Router

- 77 -



Enable TCP-SYN-FLOOD Attack Filtering

-

Enable or Disable the TCP-SYN-FLOOD

Attack Filtering.



TCP-SYN-FLOOD Packets Threshold (5~3600)

-

The default value is 50. Enter a value

between 5

~

3600. When the current TCP-SYN-FLOOD Packets numbers is beyond the set

value, the router will startup the blocking function immediately.



Ignore Ping Packet From WAN Port

-

Enable or Disable Ignore Ping Packet From WAN

Port. The default setting is disabled. If enabled, the ping packet from the Internet cannot

access the router.



Forbid Ping Packet From LAN Port

-

Enable or Disable Forbid Ping Packet From LAN Port.

The default setting is disabled. If enabled, the ping packet from LAN cannot access the router.

This function can be used to defend against some viruses.

Click the

Save

button to save the settings.

Click the

Blocked DoS Host List

button to display the DoS host table by blocking.

5.11.3

Local Management

Choose menu “

Advanced

→

Security

→

Local Management

”, and then you can configure the

management rule in the screen as shown in Figure 5-60. The management feature allows you to

deny computers in LAN from accessing the router.

Figure 5-60 Local Management

By default, the radio button “

All the PCs on the LAN are allowed to access the router's

Web-Based Utility

” is checked. If you want to allow PCs with specific MAC Addresses to access

the Setup page of the router's Web-Based Utility locally from inside the network, check the radio

button “

Only the PCs listed can browse the built-in web pages to perform Administrator

tasks

”, and then enter each MAC Address in a separate field. The format for the MAC Address is

XX-XX-XX-XX-XX-XX (X is any hexadecimal digit). Only the PCs with MAC address listed can

Archer C8

AC1750 Wireless Dual Band Gigabit Router

- 78 -

use the password to browse the built-in web pages to perform Administrator tasks while all the

others will be blocked.

After click the

Add

button, your PC's MAC Address will be placed in the list above.

Click the

Save

button to save your settings.



Note:

If your PC is blocked but you want to access the router again, use a pin to press and hold the

WPS/Reset

button

(hole) on the back panel for about 5 seconds to reset the router’s factory

defaults on the router’s Web-Based Utility.

5.11.4

Remote Management

Choose menu “

Advanced

→

Security

→

Remote Management

”, and then you can configure the

Remote Management function in the screen as shown in Figure 5-61. This feature allows you to

manage your router from a remote location via the Internet.

Figure 5-61 Remote Management



Web Management Port -

Web browser access normally uses the standard HTTP service

port 80. This router's default remote management web port number is 80. For greater security,

you can change the remote management web port to a custom port by entering that number

in the box provided. Choose a number between 1 and 65534 but do not use the number of

any common service port.



Remote Management IP Address

-

This is the current address you will use when accessing

your router from the Internet. This function is disabled when the IP address is set to the

default value of 0.0.0.0. To enable this function change 0.0.0.0 to a valid IP address. If set to

255.255.255.255, then all the hosts can access the router from internet.



Note:

1.

To access the router, you should type your router's WAN IP address into your browser's

address (in IE) or Location (in Navigator) box, followed by a colon and the custom port

number. For example, if your router's WAN address is 202.96.12.8, and the port number used

is 8080, please enter http://202.96.12.8:8080 in your browser. Later, you may be asked for

the router's password. After successfully entering the username and password, you will be

able to access the router's web-based utility.

2.

Be sure to change the router's default password to a very secure password

.

Archer C8

AC1750 Wireless Dual Band Gigabit Router

- 79 -

5.12 Parental Control

Choose menu “

Advanced

→

Parental Control

”, and then you can configure the parental control in

the screen as shown in Figure 5-62. The Parental Control function can be used to control the

internet activities of the child, limit the child to access certain websites and restrict the time of

surfing.

Figure 5-62 Parental Control Settings



Parental Control -

Check

Enable

if you want this function to take effect; otherwise, check

Disable

.



MAC Address of Parental PC -

In this field, enter the MAC address of the controlling PC, or

you can make use of the

Copy To Above

button below.



MAC Address of Your PC -

This field displays the MAC address of the PC that is managing

this router. If the MAC Address of your adapter is registered, you can click the

Copy To

Above

button to fill this address to the MAC Address of Parental PC field above.



Website Description -

Description of the allowed website for the PC controlled.



Schedule

-

The time period allowed for the PC controlled to access the Internet. For detailed

information, please go to “

Advanced

→

Access Control

→

Schedule

”.



Status

- Check to enable the corresponding entry.



Modify

-

Here you can edit or delete an existing entry.

To add a new entry, please follow the steps below.

1.

Click the

Add New…

button and the next screen will pop-up as shown in Figure 5-63.