Apr 02


The use of load balancing with multiple WAN links can provide simultaneous outbound traffic efficiency and optimizing bandwidth. The following is a typical scenario of load balancing that involves all Internet traffic and can dynamically share the WAN links RoundRobin Algorithm.


Step 1 – Login to the DSR using its IP address


Network > WAN Mode


Step 2 – Select “Load Balancing” from the drop-down list and select “Round Robin


Round Robin:

This is when the new Internet connections alternate between WANs available.


This will use a single WAN link for all connections up until the maximum bandwidth limit (pre-configured) has been reached. After that the other WAN link is used for the new connections

Step 3 – For the DSR to check the status of connections WANs have three options to configure WAN health check. They are as follows:


  • WAN DNS Servers (This will use the DNS servers configured in the WAN)
  • DNS Servers (This allows you to enter the addresses you want to use)
  • PingThese IP Addresses (This allows you to enter the public IP address you want)

Once you have selected the verification mode, click “Save



Binding Protocol – Network > Routing > Protocol Binding


This is a key component with regards to “Load Balancing”.

This protocol allows a specific service to be associated with one of the available WAN links.

A description of this can be seen below:

  • Service: The user specifies the service name (choosing from the list of predefined or custom services). Custom services can be configured in the Firewall Menu – Security > Firewall > Custom Services



  • Local Gateway: You can assign a specific WAN link to the service configured above
  • Source Network: The user specifies the LAN hosts assigned to the Protocol-Binding rule. Only those hosts that are linked to the protocol can therefore transmit or receive traffic through the WAN selected, meanwhile the other hosts will transmit traffic via the other WAN port(s). The user may choose to assign the rule for any host or a single machine within the LAN and / or alongside hosts within an IP pool.
  • Destination Network: The user specifies the LAN hosts assigned to the Protocol Binding Rule. The user can choose to assign the rule to any host, a single machine on the LAN or set of hosts within a pools of IP addresses

When a user adds a rule, the device updates the new entry and displays it in the Protocol Bindings List table. The table shows information about the service, the network source and destination and also if the link-up is enabled or not. The user can enable, disable and or edit a binding standard and also remove configured links if and when needed.

Tags: ,

Feb 17

Network Configuration:

This setup consists of two networks separated by two VLANS. This example will use the following setup:

Network 1 – /24 – SSID: NET – Corporate Wireless Network
Network 2 – /16 – SSID: Guest – Wireless Guest Network


Step 1
– Enter the web GUI interface of the DSR using its IP address in a web browser. In our example we have used the IP address of


Accept any certificate warnings you may see, this is perfectly normal and safe

Step 2 – We first now need to create VLANs to separate the traffic

Network > VLAN Settings


Step 3 – Click on “Add New VLAN”


VLAN ID: 100
Name: Guest
Captive Portal: ON
Multi VLAN Subnet
IP Address:
Use the scroll bar to the left to scroll down…


Domain Name: Guest
Starting IP Address:
Ending IP Address:
Primary DNS Server:
Lease Time: 24
Click “Save”

Step 4 – We should see the following summary for our VLANS


Step 5 – We need to create our two profiles, “NET” and “Guest”

Wireless > Profiles


Step 6 – Right-click on “default1” and click “Edit”


Step 7 – Change the default values to your SSID. In our example we are using “NET” as our corporative wireless SSID


Broadcast SSID: ON
Security: WPA+WPA2
Encryption: TKIP+CCMP
Authentication: PSK
WPA Password: (enter a password for this SSID)
Click “Save”

Step 8 – Click on “Add New Profile” to create a profile for our Guest SSID


Profile Name: Guest
SSID: Guest
Broadcast SSID: ON
Security: OPEN (Due to our Guest users will need to authenticate with a user and password we will define later)
Click “Save”

Step 9 – You should have two Wireless Profiles (as per our example)


Step 10 – We now need to add an extra access-point to our configuration to deal with the profile “Guest”

Wireless > Access Points


Step 11 – Click on “Add New Access Point”


AP Name: ap2
Profile Name: Guest (Drop down box to display profiles available)
WLAN Partition: ON
*Active Time: Here you can set a time for from and to you would like the access-point to be available.


In our example, we have chosen not to use this feature

Click “Save”

Step 12 – We now need to associate the Guest SSID to VLAN100

Network > Port VLAN


Step 13 – Right-click on “Guest” and enter for PVID 100 (The VLAN we created in step 3)



Click “Save”

Step 14 – So that our guest users are able to login and authenticate against the local database, we need to add a new Group – Security > Internal User Database > Groups



Step 15 – Click on “Add New Group”


Group Name: CP
Description: Captive Portal
User Type: Network  Captive Portal User: ON
Idle Timeout: 10

Click “Save”

Group List Summary:


Step 16 – We now need to a associate a User to our new Group – Security > Internal User Database > Users


Step 17
– Click on “Add New User”


User Name
: CP
First Name: CP
Last Name: CP
Select Group: CP
MultiLogin: ON
Password: (Enter the password the guest will need to use for authentication)

Click “Save”

Users List Summary:


Login from a Laptop with Window 7:

Step 18 – Open your wireless card adapter and now search for SSID “Guest”


Step 19 – Once connected, open a web browser and try to go to a web site, for example dlink.com


Username: CP (User created in Step 17)

Password: (Password created in Step 17)

Click “Login”


Login from a Windows Phone:


Login from an iPad:


Step 20 – To see the clients connected – Status > Network Information > CaptivePortal Sessions


Step 21 – Within this section you are able to manage ALL connected devices by right-clicking over the session and choose between; “Disconnect” or “Blocking Device”


Disconnect – This will simply disconnect the wireless device from the session and will be forced to login via the portal

Block Device – This will block the wireless device and will automatically be placed into the Firewall Blocked Client List


Tags: ,

Nov 18

Step 1: Log into the DSR interface. The default IP address is (eg.



Step 2: Click the Tools Tab on the top, Click Admin > Remote Management on the left side



Step 3: Enable Remote Management and Click Save Settings



Step 4: Click the Advanced Tab on the top, click Users on the left side and select Groups

Step 5: Click Add


Step 6: Configure your group:

  • Name: The Name of the group (ie. Tech Support)
  • Domain: SSLVPN
  • Idle Timeout: The Timeout value of the group (eg. 10)

Step 7: Select Users on the left and click Users


Step 8: Click Add


Step 9: Create User

  • Username: username for login (eg. tsmith)
  • First Name: Users Name (eg. Tom)
  • Last Name: Users Last Name (eg. Smith)
  • User Type: SSLVPN
  • Select Group: created group (ie. Tech Support)
  • Password: password for VPN login
  • Confirm Password:
  • Idle Timeout: The timeout value of the user (eg. 5)A10120_image9

Step 10: Click Setup on the top and VPN Settings>SSL VPN Server>Resources on the left side


Step 11: Place a Check next to the SSL VPN Resource and click Configure


Step 12: Configure:

  • Object Type: Select the Access for SSL User (ie. Single IP or Network)
  • Object Address: Single IP address or Network (eg.
  • Mask Length: Netmask of network (eg. 24)
  • Port Range: Ports that can be accessed by SSL Users
    • Begin: 0
    • End: 65535

Note: In this example, SSL VPN users can access the entire 192.168.10.x network and have access to all ports.

Step 13:Click Setup on the top and VPN Settings>SSL VPN Server>SSL VPN Policies on the left side

Step 14: Click Add



Step 15: Configure VPN Policy:

  • Policy For: Select who the policy is for (eg. Group)
  • Available Groups: Select the Group to apply this policy (eg. Tech Support)
  • Apply Policy to: Network Resource
  • Policy Name: Enter name for Policy (eg. SSL VPN)
  • Define Resources: Your SSL Resource (Eg. SSL) (From Step 9)
  • Permission: Permit

Connecting to the SSL VPN:

Step 1: Open an internet browser
Step 2: Enter the DSR’s public/WAN address into the address bar and click Go (eg.
Step 3: At the DSR Login Screen, enter your SSL Username and Password and click login



Step 4: Click on the VPN Tunnel Tab at the top
Step 5: Click the SSL VPN Icon to launch the installer


Once the installer launches it will automatically connect to your SSL VPN.


Tags: , ,

Mar 06

This article applies to the D-Link DSR-250N / DSR-500 / 500N / 1000 / 1000N:

Symptom: You cannot access the router‘s web-configuration interface from a PC on your LAN.

Recommended action:

1. Check the Ethernet connection between the PC and the D-Link router.

2. Ensure that your PC‘s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC‘s address should be in the range to

3. Check your PC‘s IP address. If the PC cannot reach a DHCP server, some versions of Windows and Mac OS generate and assign an IP address. These auto-generated addresses are in the range 169.254.x.x. If your IP address is in this range, check the connection from the PC to the firewall and reboot your PC.

4. If your DSR Series router‘s IP address has changed and you don‘t know what it is, reset the router configuration to factory defaults (this sets the firewall‘s IP address to

5. If you do not want to reset to factory default settings and lose your configuration, reboot the router and use a packet sniffer (such as Ethereal™) to capture packets sent during the reboot. Look at the Address Resolution Protocol (ARP) packets to locate the router‘s LAN interface address.

6. Launch your browser and ensure that Java, JavaScript, or ActiveX is enabled. If you are using Internet Explorer, click Refresh to ensure that the Java applet is loaded. Close the browser and launch it again.

7. Ensure that you are using the correct login information. The factory default login name is admin and the password is password. Ensure that CAPS LOCK is off when entering this information.

Symptom: D-Link Router does not save configuration changes.

Recommended action:

1. When entering configuration settings, click Apply before moving to another menu or tab; otherwise your changes are lost.

2. Click Refresh or Reload in the browser. Your changes may have been made, but the browser may be caching the old configuration.

Symptom: Router cannot access the Internet.

Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP.
Recommended action:

1. Launch your browser and go to an external site such as www.google.com.

2. Access the firewall‘s configuration main menu at

3. Select Monitoring > Router Status.

4. Ensure that an IP address is shown for the WAN port. If is shown, your firewall has not obtained an IP address from your ISP. See the next symptom.

Symptom: Router cannot obtain an IP address from the ISP.

Recommended action:

1. Turn off power to the cable or DSL modem.

2. Turn off the router.

3. Wait 5 minutes, and then reapply power to the cable or DSL modem.

4. When the modem LEDs indicate that it has resynchronized with the ISP, reapply power to the router. If the router still cannot obtain an ISP address, see the next symptom.

Symptom: Router still cannot obtain an IP address from the ISP.

Recommended action:

1. Ask your ISP if it requires a login program — PPP over Ethernet (PPPoE) or some other type of login.

2. If yes, verify that your configured login name and password are correct.

3. Ask your ISP if it checks for your PC’s hostname.

4. If yes, select Network Configuration > WAN Settings > Ethernet ISP Settings and set the account name to the PC hostname of your ISP account.

5. Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet, and therefore checks for your PC‘s MAC address.

6. If yes, inform your ISP that you have bought a new network device, and ask them to use the firewall‘s MAC address.

7. Alternatively, select Network Configuration > WAN Settings > Ethernet ISP Settings and configure your router to spoof your PC‘s MAC address.

Symptom: Router can obtain an IP address, but PC is unable to load Internet pages.

Recommended action:

1. Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation.

2. On your PC, configure the router to be its TCP/IP gateway.

Tags: , , ,

Feb 14

It is assumed that the user has a machine for management connected to the LAN to D-Link DSR Series the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN. Access the router‘s graphical user interface (GUI) for management by using any web browser, such as Microsoft Internet Explorer or Mozilla Firefox:

The D-Link DSR Series default IP address:

Default login credentials for the management GUI:

Username: admin
Password: admin

Note:If the router‘s LAN IP address was changed, use that IP address in the navigation bar of the browser to access the router ‘s management UI.

D-Link DSR Series Network Settings:

By default, the router functions as a Dynamic Host Configuration Protocol (DHCP) server to the hosts on the WLAN or LAN network. With DHCP, PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers, Windows Internet Name Service (WINS) servers, and the default gateway. With the DHCP server enabled the router‘s IP address serves as the gatewa y address for LAN and WLAN clients. The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN.

For most applications the default DHCP and TCP/IP settings are satisfactor y. If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs, set the DHCP mode to ‗none‘ .DHCP relay can be used to forward DHCP lease information from another LAN devi ce that is the network‘s DHCP server; this is particularly us eful for wireless clients.

Instead of using a DNS server, you can use a Windows Internet Naming Service (WINS) server. A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve hostnames. The router includes the WINS server IP
address in the DHCP configuration when acknowledging a DHCP request from a DHCP client.

You can also enable DNS proxy for the LAN. When this is enabled the router then as a proxy for all DNS requests and communicates wit h the ISP‘s DNS servers. When disabled all DHCP clients receive the DNS IP addresses of the ISP.

To configure LAN Connectivity, please follow the steps below:

1. In the LAN Setup page, enter the following information for your router:

IP address (factor y default:

If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router‘s LAN subnet) before accessing the router via changed IP address.

• Subnet mask (factor y default:

2. In the DHCP section, select the DHCP mode:

• None: the router‘s DHCP server is disabled for the LAN
• DHCP Server. With this option the router assigns an IP address within the specified range plus additional specified information to any LAN device that requests DHCP served addresses.

• DHCP Relay: With this option enabled, DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet. Specify the Relay Gateway, and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address.

• If DHCP is being enabled, enter the following DHCP server parameters:

• Starting and Ending IP Addresses: Enter the first and last continuous addresses in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address in this range. The default starting address is The default ending address is These addresses should be in the same IP address subnet as the router‘s LAN IP
address. You may wish to save part of the subnet range for devices with statically assigned IP addresses in the LAN.

• Primary and Secondary DNS servers: If configured domain name system (DNS) servers are available on the LAN enter their IP addresses here.

• WINS Server (optional): Enter the IP address for the WINS server or, if present in your network, the Windows NetBios server.

• Lease Time: Enter the time, in hours, for which IP addresses are leased to clients.

• Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and communicate with the ISP‘s DNS servers, click the checkbox.

3. Click Save Settings to apply all changes.


Tags: , ,

Prev 1 2