A. How to set the most stable router 1?
1. Connect the wireless router. I believe this will not defeat everyone. After connecting, start the router.
2, wireless router parameter settings
3. Connect the wireless router and the computer with a network cable. Of course, you can also use wireless search connection directly, but novices still recommend using network cable to connect directly.
4. After the connection is completed, open the browser, and IE is recommended. Enter 192. 168. 1 in the address bar to enter the wireless router setting interface.
5. You need to log in before you can set other parameters. The default login username and password is admin. Please refer to the instruction manual.
6. After logging in successfully, select the Setup Wizard interface, which will pop up automatically by default.
7. After selecting the Setup Wizard, a window will pop up, through which you can set the basic parameters of the router, and click Next directly.
8. According to the step-by-step setup of the setup wizard, select the Internet access mode. Usually ADSL users choose the first PPPoE. If you use other network service providers, choose the following two items according to the actual situation. If you don't know how to choose, automatically choose the first item, which is convenient for beginners to operate. Select and click Next.
9. Enter the account number and password applied from the Internet service provider, and then go directly to the next step.
10. Finish the operation and see the effect.
Second, the router security ramble
For hackers, it is usually easy to exploit the vulnerability of the router to attack. Router attacks will waste CPU cycles, mislead information flow and paralyze the network. A good router will take good security mechanisms to protect itself, but this alone is not enough. Protecting router security also requires network administrators to take corresponding security measures in the process of configuring and managing routers.
Plug a security hole
Restricting the physical access of the system is one of the most effective ways to ensure the security of the router. One way to restrict physical access to the system is to configure the console and terminal session to automatically exit the system after a short idle time. It is also important to avoid connecting the modem to the auxiliary port of the router. Once the physical access of the router is restricted, users must ensure that the security patch of the router is up to date. Vulnerabilities are often disclosed before the patch is released by the manufacturer, which makes hackers take advantage of the affected system before the patch is released by the manufacturer, which needs to attract the attention of users.
Avoid identity crisis
Hackers often use weak passwords or default passwords to attack. Measures such as extending the password and choosing a password validity period of 30 to 60 days can help prevent such loopholes. In addition, once an important IT employee resigns, users should immediately change their passwords. The user should turn on the password encryption function on the router, so that even if the hacker can browse the configuration file of the system, he still needs to decipher the ciphertext password. Implement reasonable authentication control so that the router can transmit certificates safely. On most routers, users can configure some protocols, such as remote authentication dial-in user service, so that these protocols can be used in combination with authentication servers to provide encrypted and authenticated router access. Authentication control can forward a user's authentication request to an authentication server, which is usually located on the back-end network. The authentication server can also require users to use two-factor authentication to strengthen the authentication system. The former is the token generation part of software or hardware, while the latter is the user identity and token password. Other authentication solutions include transmitting security certificates in Secure Shell (SSH) or IPSec.
Disable unnecessary services
It is a good thing to have many routing services, but many recent security incidents have highlighted the importance of disabling unnecessary local services. Note that disabling CDP on the router may affect the performance of the router. Another factor that users need to consider is timing. Time is critical for effective network operation. Even if users ensure time synchronization during deployment, after a period of time, the clock may gradually lose synchronization. Users can use a service called Network Time Protocol (NTP) to check the effective and accurate time source to ensure the clock synchronization of devices on the network. However, the best way to ensure the clock synchronization of network devices is not through the router, but to place an NTP server in the network part of the demilitarized zone (DMZ) protected by the firewall, and configure the server to only allow time requests to external trusted public * * * time sources. On the router, users rarely need to run other services, such as SNMP and DHCP. Use these services only when absolutely necessary.
Restrict logical access
Restricting logical access mainly depends on the reasonable handling of access control lists. Restricting remote terminal sessions helps prevent hackers from gaining logical access to the system. SSH is the preferred logical access method, but if Telnet cannot be avoided, terminal access control can be used to restrict access to trusted hosts. Therefore, users need to add an access list to the virtual terminal port that Telnet uses on the router.
Control Message Protocol (ICMP) is helpful for troubleshooting, but it also provides information for attackers to browse network devices, determine local timestamps and network masks, and guess OS version. In order to prevent hackers from collecting the above information, only the following types of ICMP traffic are allowed to enter the user network: ICMP network unreachable, host unreachable, port unreachable, packet too large, source suppressed and TTL exceeded. In addition, logical access control should also prohibit all traffic except ICMP traffic.
Use inbound access control to direct specific services to the appropriate servers. For example, only SMTP traffic is allowed to enter the mail server; DNS traffic enters DSN server; HTTP(HTTP/S) traffic enters the Web server through Secure Sockets Protocol Layer (SSL). In order to prevent the router from becoming the target of DoS attack, users should reject the following traffic: packets without IP address, packets with local host address, broadcast address, multicast address and any forged internal address. Although users cannot stop DoS attacks, they can limit the harm of DoS. Users can take measures such as increasing the length of SYN ACK queue and shortening ACK timeout to protect routers from TCP SYN attacks.
Users can also use outbound access control to restrict traffic within the network. This control can prevent internal hosts from sending ICMP traffic and only allow valid source address packets to leave the network. This helps to prevent IP address spoofing, and reduces the possibility of hackers using user systems to attack another site.
Monitor configuration changes
Users need to monitor the router configuration after the change. If users use SNMP, they must choose a powerful * * * string, and it is best to use SNMP that provides message encryption. If the device is not remotely configured through SNMP management, it is best for users to configure the SNMP device as read-only. By denying write access to these devices, users can prevent hackers from changing or closing interfaces. In addition, users need to send system log messages from the router to the designated server.
In order to further ensure security management, users can use SSH and other encryption mechanisms to establish encrypted remote sessions with routers. In order to strengthen protection, users should also restrict SSH session negotiation and only allow the session to communicate with several trusted systems that users often use.
An important part of configuration management is to ensure that the network uses a reasonable routing protocol. Avoid using Routing Information Protocol (RIP), it is easy to be tricked into accepting illegal routing updates. Users can configure protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First Protocol (OSPF) to verify each other by sending MD5 password hashes before accepting routing updates. The above measures help to ensure that any routing updates accepted by the system are correct.
Implement configuration management
Users should implement configuration management strategy to control the storage, retrieval and update of router configuration, and properly save configuration backup documents on the security server in case users need to replace, reinstall or restore the original configuration when they encounter problems with the new configuration.
There are two ways for users to store configuration documents on router platforms that support command line interface (CLI). One way is to run a script, which can establish an SSH session between the configuration server and the router, log in to the system, turn off the controller log function, display the configuration, save the configuration to a local file and exit the system. Another method is to establish an IPSec tunnel between the configuration server and the router, and copy the configuration file to the server through TFTP in this secure tunnel. Users should also know who can change the router configuration, when and how. Before making any changes, please make a detailed reverse operation procedure.
Third, how to set up the most stable router.
Under the wan menu, * * * has five sub-items: connection type, dynamic ip, static ip, pppoe and dns. Click on each sub-item to make corresponding settings. The function of each subitem will be explained in detail below.
1 connection type.
You can choose the appropriate Internet connection type according to your online mode, including dynamic ip address, static ip address and pppoe. Select the appropriate connection type and click the Save button to go to the appropriate configuration page. The configuration parameters of each page are described as follows. Refer to the Alpha Router Manual!
2 dynamic ip, this page is an item that can be set when surfing the Internet in dynamic ip mode.
(1) Obtain ip address: Since the dynamically obtained ip address changes frequently, if you obtain the same ip address from a fixed address, you can enter it here.
(2) Maximum transmission unit: the router dynamically obtains the maximum transmission unit value when the ip address is connected, and generally can keep the default value.
(3)mac cloning: mac address cloning. Select Enable if you need this feature.
(4)mac address: mac address. In the input box of the mac address to be cloned, click the Clone mac Address button.
3 static ip, this page is an item that can be set when surfing the Internet in static ip mode.
(1) ip address assigned by ISP: ip address of router wan interface, provided by ISP.
(2) Subnet mask: the subnet mask of the router wan interface, which is provided by isp and is generally 255.255.255.0.
(3)isp gateway ip: the gateway address of the router, provided by the isp.
(4) Maximum transmission unit: the router dynamically obtains the maximum transmission unit value when the ip address is connected, and generally can keep the default value.
(5) When do ISPs need more ip addresses? : This router supports the wan interface to bind multiple ip addresses. If you need this function, select the "Yes" check box, and the dialog box for adding ip address will pop up. Enter your ip address, click Add to add an ip address, and then click Save to save and complete the settings. Refer to the Alpha Router Manual!
4 pppoe, this page is a project that can be set when pppoe virtual dial-up Internet access.
(1) User Name: Your adsl account name.
(2) Password: the password of your adsl account.
(3) Password confirmation: Enter the password of your adsl account repeatedly.
(4) Server name: Some ISPs need this name, so you can consult the ISP.
(5) Maximum transmission unit MTU (546-1492): the maximum transmission unit value of the router in PPPoE dial-up connection, which is generally kept as the default value.
(6) Maximum idle time: set the maximum idle time value of the router. In the meantime, if there is no data flow, the pppoe connection will be automatically disconnected. After the network is disconnected, if any computer sends a connection request, the router will automatically dial up the Internet.
(7) Connection mode: The router has three connection modes: * * Keep active, connect automatically and connect manually.
① Keep active: After successful dialing, the router stays online and will not automatically disconnect.
② Automatic connection: The router automatically dials up to connect to the Internet after disconnecting in the maximum idle time. Refer to the Alpha Router Manual!
③ Manual connection: The router will not connect automatically after being disconnected during the maximum idle time or manually, and needs to be connected manually.
5 dns, this page manually specifies the ip address of your local dns server.
(1) ip address of the main domain name server: provided by isp and can be consulted.
(2) ip address of the slave domain name server: provided by isp and available for consultation. Refer to the Alpha Router Manual!
Fourth, router settings
Go to the computer desktop, right-click Network and select Properties.
Go to the Web and Internet page and click "Ethernet".
Then click "Details".
Find the gateway address, mine is192.168.5438+0.6438+0.
Open a browser, type 192. 168. 1 in the address bar, and press enter.
After entering the website, the login box pops up, and you can enter the user name and password, generally a unified user name and password admin. If you don't know, you can look at the back of the router. It says.
After entering, click the Setup Wizard in the wizard on the left.
Click Next in the installation wizard.
Select the Internet access method and click Next.
Just follow the guide step by step.
Verb (abbreviation for verb) The function of router.
(1) Protocol conversion: you can convert the protocols of the network layer and its lower layers.
(2) Routing: When a packet arrives at the router from the Internet, the router can select the best route to forward the packet according to the destination address of the packet, and can automatically adjust the routing table with the change of network topology.
(3) Routing can support multiple protocols: Routers are related to protocols, and different routers have different router protocols and support different network layer protocols. If the interconnected LAN adopts two different protocols, such as TCP/IP protocol and SPX/IPX protocol (that is, the transport layer/network layer protocol of Netware), they are distributed on TCP/IP (or SPX/IPX) hosts in the Internet and can only be connected to other Internet through TCP/IP (or SPX/IPX) routers. Multiprotocol routers can support multiple protocols, such as IP, IPX and X.25 protocols, and can establish and maintain different routing tables for different types of protocols. This can not only connect the same type of network, but also connect different types of networks with it. Although this function makes the router more adaptable, it also reduces the overall performance of the router. Now IP protocol is more and more dominant in the network, and the next generation router (such as switched router) only needs to support IP protocol.
(4) Traffic control: The router not only has buffering, but also can control the data traffic of the sender and the receiver, so that the two can be more matched.
(5) Segment assembly function: When multiple networks are interconnected through routers, the packet size transmitted by each network may be different, which requires the router to segment or assemble the packet. That is, the router can package the received large packets into small packets and forward them, or assemble the received small packets into large packets and forward them. If the router does not have the segmentation assembly function, then the whole Internet can only transmit according to a certain allowable shortest packet, which greatly reduces the efficiency of other networks.
(6) Network management function: The router is the intersection point connecting various networks, and all inter-network data packets pass through it, so it is convenient to monitor and manage the data packets and devices in the network. Therefore, high-end routers are equipped with network management functions to improve the operating efficiency, reliability and maintainability of the network.
The router must have a network interface greater than or equal to 2 to have routing function. Otherwise, if there is only one interface, there will be no "pathfinding"! The network interface mentioned here is not necessarily a physical interface, such as a network card or others, but also a virtual interface, such as a tunnel entrance.
As mentioned above, the routing information running on the router can be configured statically or generated dynamically. The former is completed by manual configuration, and the latter dynamically changes the routing table in the kernel according to the network state by running programs running related routing protocols on the router. Here are some configurations of these two types of routers in detail. Usually, a router has both static configuration and dynamic configuration, and the two are combined.