Archer VR300 V1.2 User Guide

Chapter 10 Network Security

This chapter guides you on how to protect your home network from unauthorized users by implementing these network security functions. You can block or allow specific client devices to access your wireless network using MAC Filtering, or using Access Control for wired and wireless networks, or you can prevent ARP spoofing and ARP attacks by using IP & MAC Binding and you can protect your IPv6 network by preventing access from the internet using IPv6 Firewall.

Firewall & DoS Protection

Service Filtering

Access Control

IP & MAC Binding

IPv6 Firewall

1. Firewall & DoS Protection

The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection protect the router from cyber attacks.

The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default, and it’s recommended to keep the default settings.

DoS Protection can protect your home network against DoS attacks from flooding your network with server requests. Follow the steps below to configure DoS Protection.

1.Visit http://tplinkmodem.net, and log in with your TP-Link ID or the password you set for the router.

2.Go to Advanced > Security > Firewall & DoS Protection.

3.Enable DoS Protection.

4.Set the level (Low, Middle or High) of protection for ICMP-Flood Attack Filtering, UDP-Flood Attack Filtering and TCP-Flood Attack Filtering.

ICMP-Flood Attack Filtering - Enable to prevent the ICMP (Internet Control Message Protocol) flood attack.

UDP-Flood Attack Filtering - Enable to prevent the UDP (User Datagram Protocol) flood attack.

TCP-Flood Attack Filtering - Enable to prevent the TCP (Transmission Control Protocol) flood attack.

5.Click Save.

Tips:

1.The level of protection is based on the number of traffic packets. Specify the level at DoS Protection Level Settings.

2.The protection will be triggered immediately when the number of packets exceeds the preset threshold value, and the vicious host will be displayed in the Blocked DoS Host List.

2. Service Filtering

With Service Filtering, you can prevent certain users from accessing the specified service, and even block internet access completely.

1.Visit http://tplinkmodem.net, and log in with your TP-Link ID or the password you set for the router.

2.Go to Advanced > Security > Service Filtering.

3.Toggle on Service Filtering.

4.Click Add.

5.Select a Service Type from the drop-down list and the following four fields will be auto-populated. Select Custom when your desired service type is not listed, and enter the information manually.

6.Specify the IP address(es) that this filtering rule will apply to.

7.Click Save.

Note: If you want to disable this entry, click the icon.

3. Access Control

Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed devices (Whitelist).

I want to:

Block or allow specific client devices to access my network (via wired or wireless).

How can I do that?

1.Visit http://tplinkmodem.net, and log in with your TP-Link ID or the password you set for the router.

2.Go to Advanced > Security > Access Control and enable Access Control.

3.Select the access mode to either block (recommended) or allow the device(s) in the list.

To block specific device(s)

1 )Select Blacklist and click Save.

2 )Select the device(s) to be blocked in the Devices Online table.

3 )Click Block above the Devices Online table. The selected devices will be added to Devices in Blacklist automatically.

To allow specific device(s)

1 )Select Whitelist and click Save.

2 )Click Add.

3 )Enter the Device Name and MAC Address. (You can copy and paste the information from Devices Online table if the device is connected to your network.)

4 )Click OK.

Done!

Now you can block or allow specific client devices to access your network (via wired or wireless) using the Blacklist or Whitelist.

4. IP & MAC Binding

IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind a network device’s IP address to its MAC address. This will prevent ARP spoofing and other ARP attacks by denying network access to a device with a matching IP address in the Binding list, but an unrecognized MAC address.

I want to:

Prevent ARP spoofing and ARP attacks.

How can I do that?

1.Visit http://tplinkmodem.net, and log in with your TP-Link ID or the password you set for the router.

2.Go to Advanced > Security > IP & MAC Binding and enable IP & MAC Binding.

3.Bind your device(s) according to your needs.

To bind the connected device(s)

1 )Select the device(s) to be bound in the ARP List.

2 )Click Bind to add to the Binding List.

To bind the unconnected device

1 )Click Add.

2 )Enter the MAC address and IP address that you want to bind.

3 )Select the check box to enable the entry and click OK.

Done!

Enjoy the internet without worrying about ARP spoofing and ARP attacks.

5. IPv6 Firewall

IPv6 Firewall protects your IPv6 network by preventing access from the internet. However, when you are hosting a service, such as a file sharing server in your local network, you can choose to allow access to the server from the internet by adding entries on this page. This feature is available only when you’ve set up an IPv6 connection.

1.Visit http://tplinkmodem.net, and log in with your TP-Link ID or the password you set for the router.

2.Go to Advanced > Security > IPv6 Firewall.

3.Click Add.

4.Select an interface name from the drop-down list. Interface names are names of the internet connections you have set up.

5.Click Scan to select a service from the list to automatically populate the Port field with an appropriate port number. It is recommended to keep the default Port if you are unsure about which one to use. If the service is not listed, manually enter the Service Type and the Port number (e.g., 21 or 21-25).

6.Click Scan to select the local host device running the service. If the device is not listed, enter its global IPv6 address in the Global IPv6 Address field

7.Select a protocol for the service from the drop-down list.

8.Select Enable This Entry and click Save.

Note: If you want to disable this entry, click the icon.

 
Feedback