TP-Link TL-R470T Plus Router Manual PDF (Setup & Configuration Guide)

Page 71 / 118 Scroll up to view Page 66 - 70

-67-

Choose the menu

Advanced

→

Routing

→

Static Route

to load the following page.

Figure 4-35 Static Route

The following items are displayed on this screen:

¾

Static Route

Destination:

Enter the destination host the route leads to.

Subnet Mask:

Enter the Subnet Mask of the destination network.

Next Hop:

Enter the gateway IP address to which the packet should be sent next.

Interface:

Select the physical network interface, through which this route is

accessible.

Metric:

Defines the priority of the route. The smaller the value is, the higher the

priority is. The default value is 0. Keep the default value if unnecessary.

Description:

Give a description for the entry.

Status:

Activate or inactivate the entry.

¾

List of Rules

You can view the information of the entries and edit them by the Action buttons.

Page 72 / 118

-68-

The first entry in Figure 4-35 indicates: If there are packets being sent to a device with IP address of

211.162.1.0 and subnet mask of 255.255.255.0, the Router will forward the packets from WAN1 port to

the next hop of 211.200.1.1.

Application Example

There is a network topology as the following figure shown:

If the LAN port of TL-R470T+

（

with Non-NAT or Classic system mode

）

is connected to LAN1 with

subnet of 192.168.0.0/24, while the LAN port of another Router R1 is connected to LAN2 with network

of 192.168.2.0/24. Meanwhile, the WAN ports of the two routers are interconnected and within the

same network. Now a host under TL-R470T+ and within network of LAN1 desires to communicate with

the host within network of LAN2.

You can set a Static Route entry: Enter the WAN IP address of R1 (116.31.88.16) in the Next Hop field

on the Static Route page of TL-R470T+ as the following figure shown, then click the <Add>

button to

save the entry.

Page 73 / 118

-69-

4.6 Firewall

4.6.1

Anti ARP Spoofing

ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding

MAC addresses so that packets can be delivered to their destinations correctly.

ARP functions to translate the IP address into the corresponding MAC address and maintain an ARP

Table, where the latest used IP address-to-MAC address mapping entries are stored. ARP protocol

can facilitate the Hosts in the same network segment to communicate with one another or access to

external network via Gateway. However, since ARP protocol is implemented with the premise that all

the Hosts and Gateways are trusted, there are high security risks during ARP Implementation

Procedure in the actual complex network.

The attacker may send the ARP spoofing packets with false IP address-to-MAC address mapping

entries, and then the device will automatically update the ARP table after receiving wrong ARP

packets, which results in a breakdown of the normal communication. Thus, ARP defense technology is

generated to prevent the network from this kind of attack.

4.6.1.1

IP-MAC Binding

IP-MAC Binding functions to bind the IP address, MAC address of the host together and only allows the

Hosts matching the bound entries to access the network.

Choose the menu

Firewall

→

Anti ARP Spoofing

→

IP-MAC Binding

to load the following page.

Figure 4-36 IP-MAC Binding

The following items are displayed on this screen:

Page 74 / 118

-70-

¾

General

It is recommended to check all the options. You should import the IP and MAC address of the host to

List of IP-MAC Binding and enable the corresponding entry before enabling “Permit the packets

matching the IP-MAC Binding entries only”.

When suffered ARP attack, the correct ARP information will be sent to the device suffering attack

initiatively by GARP (Gratuitous ARP) packets, thus the error ARP information of the device will be

replaced. You can set the packets sending rate in the Interval field.

Check the box before

Enable ARP Logs

, and the Router will send ARP logs to the specified server.

The IP address of server is the Server IP set on

4.8.6 Logs

.

¾

IP-MAC Binding

IP Address:

Enter the IP Address to be bound.

MAC Address:

Enter the MAC Address corresponding to the IP Address.

Description:

Give a description for the entry.

Status:

Activate or inactivate the entry.

¾

List of Rules

You can view the information of the entries and edit them by the Action buttons.

The first entry in Figure 4-36 indicates: The IP address of 192.168.1.101 and MAC address of

00-19-66-83-53-CF have been bound and this entry is activated.

Note:

If all the entries in the binding list are disabled and “Permit the packets of IP-MAC Binding entries only”

option is selected and saved, the WEB management page of the Router cannot be login. At the

moment, you should restore the Router to factory default and login again.

4.6.1.2

ARP Scanning

ARP Scanning feature enables the Router to scan the IP address and corresponding MAC address

and display them on the List of Scanning Result.

Choose the menu

Firewall

→

Anti ARP Spoofing

→

ARP Scanning

to load the following page.

Page 75 / 118

-71-

Figure 4-37 ARP Scanning

Enter the start and the end IP addresses in the Scanning IP Range field. Then click the <Scan> button,

the Router will scan all the active hosts within the scanning range and display the result in the list.

The entries displayed on the List of Scanning Result do not mean the IP and MAC addresses are

already bound. The current status for the entry will display in the “Status” field.

---

Indicates that the IP and MAC address of this entry is not bound and may be

replaced by error ARP information.

Indicates that this entry is imported to the list on IP-MAC Binding page, but not

effective yet.

Indicates that the IP and MAC address of this entry is already bound.

To bind the entries in the list, check these entries and click the <Import>

button, then the settings will

take effect if the entries do not conflict with the existed entries.

Note:

If the local hosts suffered from ARP attack, you cannot add IP-MAC Binding entries on this page.

Please add entries manually on

4.6.1.1 IP-MAC Binding

.

4.6.1.3

ARP List

On this page, the IP-MAC information of the hosts which communicated with the Router recently will

be saved in the ARP list.

Choose the menu

Firewall

→

Anti ARP Spoofing

→

ARP List

to load the following page.

Rate

Popular TP-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share