1 open the web browser
2 type in the ip address of the router (http://192.168.0.1)
if you have changed the default ip address assigned to the di-624, make sure to enter the correct ip address.
1 type admin in the user name field
2 leave the password blank
3 click ok
the home]wizard screen will appear.
please refer to the quick installation guide for more information regarding the setup wizard.
these buttons appear on most of the configuration screens in this section. please click on the appropriate button at the bottom of each screen after you have made a configuration change.
using the configuration menu (continued)
ssid-service set identifier (ssid) is the name designated for a specific wireless local area network (wlan). the ssid’s factory default setting is default. the ssid can be easily changed to connect to an existing wireless network or to establish a new wireless network.
channel-6 is the default channel. all devices on the network must share the same channel. (note: the wireless adapters will automatically scan and match the wireless setting.)
wep-wired equivalent privacy (wep) is a wireless security protocol for wireless local area networks (wlan). wep provides security by encrypting the data that is sent over the wlan. select enabled or disabled. disabled is the default setting. (note: if you enable encryption on the di-624+ make sure to also enable encryption on all the wireless clients or wireless connection will not be established.)
wep encryption-select the level of encryption desired: 64-bit, or 128-bit
key type-select hex or ascii
keys 1-4-input up to 4 wep keys; select the one you wish to use.
using the configuration menu (continued)
dynamic ip address-choose dynamic ip address to obtain ip address information automatically from your isp. select this option if your isp does not give you any ip numbers to use. this option is commonly used for cable modem services.
host name-the host name is optional but may be required by some isps. the default host name is the device name of the router and may be changed.
mac address-the default mac address is set to the wan’s physical interface mac address on the broadband router. it is not recommended that you change the default mac address unless required by your isp.
clone mac address-the default mac address is set to the wan’s physical interface mac address on the broadband router. you can use the “clone mac address” button to copy the mac address of the ethernet card installed by your isp and replace the wan mac address with the mac address of the router. it is not recommended that you change the default mac address unless required by your isp.
primary/secondary dns address-enter a dns address if you do not wish to use the one provided by your isp.
mtu enter an mtu value only if required by your isp. otherwise, leave it a the default setting.
using the configuration menu (continued)
static ip address-choose static ip address if all wan ip information is provided to you by your isp. you will need to enter in the ip address, subnet mask, gateway address, and dns address(es) provided to you by your isp. each ip address entered in the fields must be in the appropriate ip form, which are four octets separated by a dot (x. x.x.x). the router will not accept the ip address if it is not in this format.
ip address-input the public ip address provided by your isp
subnet mask-input your subnet mask. (all devices in the network must have the same subnet mask.)
isp gateway address-input the public ip address of the isp to which you are connecting
primary dns address-input the primary dns (domain name server) ip address provided by your isp
secondary dns address-this is optional
mtu-enter an mtu value only if required by your isp. otherwise, leave it at the default setting.
using the configuration menu (continued)
pppoestatic
pppoe-you have an assigned (static) ip address.
choose this option if your isp uses pppoe. (most dsl users will select this option.)
dynamic pppoe- receive an ip address automatically from your isp.
user name- your pppoe username provided by your isp.
service name- enter the service name provided by your isp (optional).
retype password- re-enter the pppoe password
ip address-this option is only available for static pppoe. enter the static ip address for the pppoe connection.
(continued on the next page)
primary dns address-primary dns ip address provided by our isp
secondary dns address-this option is only available for static pppoe. enter the static ip address for the pppoe connection.
using the configuration menu (continued)
home ] wan ] pppoe continued
mtu- maximum transmission unit-1492 is the default setting-you may need to change the mtu for optimal performance with your specific isp.
auto-reconnect- if enabled, the di-624+ will automatically connect to your isp after your system is restarted or if the pppoe connection is dropped.
home ] lan
lan is short for local area network. this is considered your internal network. these are the ip settings of the lan interface for the di-624+. these settings may be referred to as private settings. you may change the lan ip address if needed. the lan ip address is private to your internal network and cannot be seen on the internet.
ip address- the ip address of the lan interface. the default ip address is:192.168.0.1
the default subnet mask is 255.255.255.0
local domain-this field is optional. enter in the local domain name.subnet mask-the subnet mask of the lan interface.
using the configuration menu (continued)
dhcp stands for dynamic host control protocol. the di-624+ has a built-in dhcp server.
the dhcp server will automatically assign an ip address to the computers on the lan/private network. be sure to set your computers to be dhcp clients by setting their tcp/ip settings to “obtain an ip address automatically.” when you turn your computers on, they will automatically load the proper tcp/ip settings provided by the di-624+. the dhcp server will automatically allocate an unused ip address from the ip address pool to the requesting computer. you must specify the starting and ending address of the ip address pool.
dhcp server-select enabled or disabled. the default setting is enabled.
starting ip address-the starting ip address for the dhcp server’s ip assignment
ending ip address-the ending ip address for the dhcp server’s ip assignment
lease time-the length of time for the ip lease. enter the lease time. the default setting is one hour
using the configuration menu (continued)
the di-624+ can be configured as a virtual server so that remote users accessing web or ftp services via the public ip address can be automatically redirected to local servers in the lan (local area network).
the di-624+ firewall feature filters out unrecognized packets to protect your lan network so all computers networked with the di-624+ are invisible to the outside world. if you wish, you can make some of the lan computers accessible from the internet by enabling virtual server. depending on the requested service, the di-624+ redirects the external service request to the appropriate server within the lan network.
the di-624+ is also capable of port-redirection meaning incoming traffic to a particular port may be redirected to a different port on the server computer.
each virtual service that is created will be listed at the bottom of the screen in the virtual servers list. there are pre-defined virtual services already in the table. you may use them by enabling them and assigning the server ip to use that particular virtual service.
using the configuration menu (continued)
advanced ] virtual server continued
virtual server- select enabled or disabled
name- enter the name referencing the virtual service
private ip- the server computer in the lan (local area network) that will be providing the virtual services.
protocol type- the protocol used for the virtual service
private port- the port number of the service used by the private ip computer
public port- the port number on the wan (wide area network) side that will be used to access the virtual service.
schedule- the schedule of time when the virtual service will be enabled.
the schedule may be set to always, which will allow the particular service to always be enabled. if it is set to time, select the time frame for the service to be enabled. if the system time is outside of the scheduled time, the service will be disabled.
example #1:if you have a web server that you wanted internet users to access at all times, you would need to enable it. web (http) server is on lan (local area network) computer 192.168.0.
25. http uses port 80, tcp.
name: web server private ip: 192.168.0.25 protocol type: tcp private port: 80 public port: 80 schedule: always
using the configuration menu (continued)
advanced ] virtual server continued
example #2:
if you have an ftp server that you wanted internet users to access by wan port 2100 and only during the weekends, you would need to enable it as such. ftp server is on lan computer 192.168.0.30. ftp uses port 21, tcp.
name: ftp server
private ip: 192.168.0.30
protocol type: tcp
private port: 21
public port: 2100
schedule: from: 01:00am to 01:00am, sat to sun all internet users who want to access this ftp server must connect to it from port 2100. this is an example of port redirection and can be useful in cases where there are many of the same servers on the lan network.
using the configuration menu (continued)
some applications require multiple connections, such as internet gaming, video conferencing, internet telephony and others. these applications have difficulties working through nat (network address translation). special applications makes some of these applications work with the di-624+. if you need to run applications that require multiple connections, specify the port normally associated with an application in the “trigger port” field, select the protocol type as tcp or udp, then enter the public ports associated with the trigger port to open them for inbound traffic.
the di-624+ provides some predefined applications in the table on the bottom of the web page. select the application you want to use and enable it.
only one pc can use each special application tunnel.
name: this is the name referencing the special application.
trigger port: this is the port used to trigger the application. it can be either a single port or a range of ports.
trigger type: this is the protocol used to trigger the special application.
public port: this is the port number on the wan side that will be used to access the application. you may define a single port or a range of ports. you can use a comma to add multiple ports or port ranges.
public type: this is the protocol used for the special application.
using the configuration menu (continued)
ip filters:use ip filters to deny lan ip addresses from accessing the internet. you can deny specific port numbers or all ports for the specific ip address.
ip: the ip address of the lan computer that will be denied access to the internet.
port: the single port or port range that will be denied access to the internet.
protocol type: select the protocol type
schedule: this is the schedule of time when the ip filter will be enabled.
using the configuration menu (continued)
url blocking is used to deny lan computers from accessing specific web sites by the url. a url is a specially formatted text string that defines a location on the internet. if any part of the url contains the blocked word, the site will not be accessible and the web page will not display. to use this feature, enter the text string to be blocked and click apply. the text to be blocked will appear in the list. to delete the text, just highlight it and click delete.
filters-select the filter you wish to use; in this case, url blocking was chosen.
url blocking- select enabled or disabled.
keywords- block urls which contain keywords listed below.enter the keywords in this space.
using the configuration menu(continued)
use mac (media access control) filters to allow or deny lan (local area network) computers by their mac addresses from accessing the network. you can either manually add a mac address or select the mac address from the list of clients that are currently connected to the broadband router.
filters-select the filter you wish to use; in this case, mac filters was chosen.
mac filters- choose disable mac filters; allow mac addresses listed below;or deny mac addresses listed below.
name- enter the name here.
mac address- enter the mac address.
dhcp client- select a dhcp client from the pull-down list; click clone to copy that mac address.
using the configuration menu(continued)
domain blocking is used to allow or deny lan (local area network) computers from accessing specific domains on the internet. domain blocking will deny all requests to a specific domain such as http and ftp. it can also allow computers to access specific sites and deny all other sites.
filters-select the filter you wish to use; in this case, domain blocking was chosen.
domain blocking-disabled-allow-deny-select disabled to disable domain blocking allows users to access all domains except blocked domains denies users access to all domains except permitted domains
permitted domains-enter the permitted domains in this field
blocked domains-enter the blocked domains in this field
using the configuration menu (continued)
firewall rules is an advanced feature used to deny or allow traffic from passing through the di-624+. it works in the same way as ip filters with additional settings.
you can create more detailed access rules for the di-624+. when virtual services are created and enabled, it will also display in firewall rules. firewall rules contain all network firewall rules pertaining to ip (internet protocol).
in the firewall rules list at the bottom of the screen, the priorities of the rules are from top (highest priority) to bottom (lowest priority.)
the di-624+ mac address filtering rules have precedence over the firewall rules.
firewall rules- enable or disable the firewall
name- enter the name
action- allow or deny
source- enter the ip address range
destination- enter the ip address range; the protocol;and the port range
schedule- select always or enter the time range.
using the configuration menu (continued)
if you have a client pc that cannot run internet applications properly from behind the di-624+, then you can set the client up for unrestricted internet access. it allows a computer to be exposed to the internet. this feature is useful for gaming purposes.
enter the ip address of the internal computer that will be the dmz host. adding a client to the dmz (demilitarized zone) may expose your local network to a variety of security risks, so only use this option as a last resort.
dmz- enable or disable the dmz. the dmz (demilitarized zone) allows a single computer to be exposed to the internet. by default the dmz is disabled.
ip address- enter the ip address of the computer to be in the dmz