Archer AX72 V1 User Guide
- About This Guide
- Chapter 1 Get to Know About Your Router
- Chapter 2 Connect the Hardware
- Chapter 3 Log In to Your Router
- Chapter 4 Set Up Internet Connection
- Chapter 5 TP-Link Cloud Service
- Chapter 6 Wireless Settings
- Chapter 7 Guest Network
- Chapter 8 USB Settings
- Chapter 9 HomeShield
- Chapter 10 OneMesh with Seamless Roaming
- Chapter 11 Network Security
- Chapter 12 NAT Forwarding
- Chapter 13 VPN Server
- Chapter 14 Customize Your Network Settings
- Chapter 15 Manage the Router
- FAQ
- Authentication
Chapter 11 Network Security
This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network from cyber attacks, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
It contains the following sections:
•Protect the Network from Cyber Attacks
*For a more comprehensive home network protection system, refer to the HomeShield chapter.
1. Protect the Network from Cyber Attacks
The SPI (Stateful Packet Inspection) Firewall protects the router from cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default.
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > Firewall. It’s recommended to keep the default settings.
Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed devices (Whitelist).
I want to:
Block or allow specific client devices to access my network (via wired or wireless).
How can I do that?
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > Access Control.
3.Toggle on to enable Access Control.
4.Select the access mode to either block (recommended) or allow the device(s) in the list.
To block specific device(s):
1 )Select Blacklist.
2 )Click 
and select devices you want to be blocked and Click ADD.
3 )The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the blacklist.
To allow specific device(s):
1 )Select Whitelist and click SAVE.
2 )Your own device is in the whitelist by default and cannot be deleted. Click 
to add other devices to the whitelist.
•Add connected devices
1 )Click Select From Device List.
2 )Select the devices you want to be allowed and click ADD.
3 )The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the whitelist.
•Add unconnected devices
1 )Click Add Manually.
2 )Enter the Device Name and MAC Address of the device you want to be allowed and click ADD.
3 )The Operation Succeeded message will appear on the screen, which means the device has been successfully added to the whitelist.
Done!
Now you can block or allow specific client devices to access your network (via wired or wireless) using the Blacklist or Whitelist.
IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind network device’s IP address to its MAC address. This will prevent ARP Spoofing and other ARP attacks by denying network access to an device with matching IP address in the Binding list, but unrecognized MAC address.
I want to:
Prevent ARP spoofing and ARP attacks.
How can I do that?
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > IP & MAC Binding.
3.Enable IP & MAC Binding.
4.Bind your device(s) according to your need.
To bind the connected device(s):
1 )Click 
in the Binding List section.
2 )Click VIEW CONNECTED DEVICES and select the device you want to bind. The MAC Address and IP Address fields will be automatically filled in.
3 )Click SAVE.
To bind the unconnected device:
1 )Click in the Binding List section.
2 )Enter the MAC Address and IP Address that you want to bind.
3 )Click SAVE.
Done!
Now you don’t need to worry about ARP spoofing and ARP attacks!
ALG allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer “control/data” protocols such as FTP, TFTP, H323 etc. It is recommended to keep the default settings.
You may need to disable SIP ALG when you are using voice and video applications to create and accept a call through the router, since some voice and video communication applications do not work well with SIP ALG.
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > ALG.
