UG - TEW 829DRU (v1) 20200914

TRENDnet User’s Guide Cover Page
TRENDnet User’s Guide Table of Contents
Table of Contents Application layer gateway (ALG) ................................................................................. 26
Product Overview ...........................................................................1 UPnP and NAT-PMP ..................................................................................................... 27
Package Contents .......................................................................................................... 1 Static routes................................................................................................................. 27
Features ......................................................................................................................... 1 Dynamic routing protocols .......................................................................................... 28
Product Hardware Features........................................................................................... 3 Routing Information Protocol (RIP).................................................................................. 28

OSPF (Open Shortest Path First) ...................................................................................... 29
Applications ................................................................................................................... 5
Quality of Service (QoS) ............................................................................................... 30
Router Installation ..........................................................................2 Dynamic DNS ............................................................................................................... 32
Desktop Hardware Installation ...................................................................................... 2 File sharing server........................................................................................................ 33
Rack Mount Hardware Installation ................................................................................ 2
Wake on LAN (WoL)..................................................................................................... 34
Basic Installation and Configuration .............................................................................. 3
Wireless Networking and Security ................................................. 35
Basic Router Settings.......................................................................8 Wireless Settings ......................................................................................................... 35
Access your router management page .......................................................................... 8
Primary SSID ..................................................................................................................... 35
Saving and applying router configuration changes ....................................................... 8 Multiple SSID .................................................................................................................... 37
Change your administrator password ........................................................................... 8 How to choose the type of wireless security............................................................... 38
Set your router date and time ....................................................................................... 9 Secure your wireless network ..................................................................................... 39
Create time schedules ................................................................................................. 10 Guest Network............................................................................................................. 41
Change LAN IPv4 address settings ............................................................................... 11 WiFi client bridge mode .............................................................................................. 42
Configure LAN IPv4 DHCP server settings .................................................................... 12 Connect wireless devices using WPS ........................................................................... 43
Add static DHCP reservations ...................................................................................... 15 Steps to improve wireless connectivity ....................................................................... 45
Add static host name entries ....................................................................................... 15 Firewall & security settings ........................................................... 46
Add static ARP entries ................................................................................................. 16 General settings ........................................................................................................... 46
Configure WAN1 / WAN2 interfaces for Internet connectivity ................................... 17 Port forwarding rules................................................................................................... 47
IPv6 settings ................................................................................................................. 19 Port trigger rules .......................................................................................................... 48
Virtual LANs (VLANs).................................................................................................... 20 IP filtering .................................................................................................................... 49
Create a port-based VLAN ................................................................................................ 20 MAC filtering................................................................................................................ 50
Create a port-based VLAN with 802.1Q tagging .............................................................. 21
Assigning VLAN IDs to Wireless SSIDs .............................................................................. 24 Denial of service (DoS) prevention .............................................................................. 51
DMZ Host ..................................................................................................................... 51
© Copyright 2019 TRENDnet. All Rights Reserved.

i
TRENDnet User’s Guide Table of Contents
One-to-One NAT .......................................................................................................... 52 IPsec ................................................................................................................................. 88

OpenVPN.......................................................................................................................... 89
RADIUS Authentication ................................................................................................ 54
Multiple WAN Configuration ......................................................... 55 Router Maintenance and Monitoring ............................................ 90
Multiple WAN Management Settings .......................................................................... 55 Managing access to the router management interface .............................................. 90
MWAN Status ................................................................................................................... 55 Local Access Management ............................................................................................... 90

Remote Access Management .......................................................................................... 90
Link Tracking .................................................................................................................... 55
Default Traffic Rule .......................................................................................................... 56 Diagnostic tools ........................................................................................................... 91
Web Management System (Router Limits™) .................................. 57 Backup and restore your router configuration settings .............................................. 92
Setup your router with Router Limits .......................................................................... 57 Reboot your router ...................................................................................................... 92
Router Limits Content Management ........................................................................... 59 Scheduled automatic reboot ....................................................................................... 93
Virtual Private Networking (VPN) .................................................. 62 Console access ............................................................................................................. 93
Creating a Virtual Private Network (VPN) .................................................................... 62 Command Line Interface ............................................................................................. 93
PPTP VPN Server .......................................................................................................... 63 Router Default Settings ............................................................................................... 94
Setting up the PPTP VPN server ....................................................................................... 63 Reset your router to factory defaults .......................................................................... 94
Setting up the PPTP VPN client (Windows) ...................................................................... 65 Upgrade your router firmware .................................................................................... 95
L2TP VPN Server .......................................................................................................... 66 Ping Watchdog ............................................................................................................ 97
Setting up the L2TP VPN server without IPsec encryption .............................................. 66 Local Access Management ............................................................................................... 97
Setting up the L2TP VPN server with IPsec encryption (PSK) ........................................... 68
Check the router status information ........................................................................... 98
Setting up the L2TP VPN client (Windows) with IPsec encryption (PSK) ......................... 70
View routing table and ARP entries ........................................................................... 100
IPsec (Internet Protocol Security) ................................................................................ 72
View your router logging ........................................................................................... 101
Setting up IPsec site-to-site VPN (PSK)............................................................................. 72
Setting up IPsec server VPN (PSK with xAUTH) ................................................................ 75 Configure router logging settings and setup external syslog server .............................. 101
Setting up IPsec site-to-site VPN Failover (PSK) ............................................................... 78 Technical Specifications .............................................................. 102
Secure Socket Layer VPN (SSL) / OpenVPN.................................................................. 83
Troubleshooting ......................................................................... 105
SSL VPN Server Setup ....................................................................................................... 83
SSL VPN Client Setup (Windows)...................................................................................... 84 Appendix .................................................................................... 106
Certificate Management .............................................................................................. 88

ii
TRENDnet User’s Guide TEW-829DRU
Product Overview Features

TRENDnet’s AC3000 Tri-Band Wireless Gigabit Dual-WAN VPN SMB Router, model TEW-
829DRU, features three concurrent WiFi bands to maximize device networking speeds:
two separate high performance 802.11ac networks (5GHz1: 1733Mbps / 5GHz2:
867Mbps), and a 400Mbps Wireless N network. It features dual-WAN ports for load
balancing or fail-over modes, and encrypted Virtual Private Network (VPN) access for
remote users. Dual-WAN ports smooth network loading, minimize network downtime,
and allow employees to access your network from the Internet—all with a single router.
This wireless router features advanced management, QoS, VLAN, VPN, and other
capabilities to ensure optimal performance, scalability, and protection of your network.
Intelligently manage your offices’ web access with our advanced contenting filtering
tool, increase employee productivity and finally take control of your internet.
Dual-WAN
Supports up to two separate WAN internet connections for load-balancing or fail-over
modes
Ports
2 x Gigabit WAN ports, 8 x Gigabit LAN ports, 1 x USB 3.0 port, 1 x Console port
TEW-829DRU
Tri-Band WiFi
Three concurrent WiFi bands maximize device networking speeds: two separate high
performance 802.11ac networks 1733Mbps (5GHz1) + 867Mbps (5GHz2) + 400Mbps
Package Contents (2.4GHz) bands
In addition to your router, the package includes:
• Quick Installation Guide Pre-Encrypted Wireless
• 6 x detachable high gain antennas For your convenience the router’s WiFi bands are pre-encrypted with their own unique
• Network cable (1.5 m/5 ft.) passwords
• RJ-45 to RS-232 console cable (1.5m / 5 ft.)
• Power adapter (12V DC, 3 A) VPN
• Rack mount kit Supports IPsec, PPTP, L2TP w/ IPsec, and SSL VPN protocols for encrypted remote access
If any package contents are missing or damaged, please contact the retail store, online to local area network (LAN) resources over the internet
retailer, or reseller/distributor from which the product was purchased.

1
Inter-VLAN Routing
Provides routing capabilities between VLANs
QoS
Intelligently prioritize voice, video, and other data traffic to improve network efficiency
and overall performance
Rack Mount Design

Sturdy metal housing with rack mount brackets included
Wall Mountable
Wall mount ready
Online Firmware Updates

Automatic notification of firmware updates
Management
Supports web browser (HTTP, HTTPS), CLI, SSH and Telnet management

2
Product Hardware Features
Front Panel View Rear Panel View
High Gain
Detachable
Antennas
Reset
Power On(-)/Off(o)
Button
Port Power Switch
Ground
Point USB 3.0 Gigabit WAN1 LED
Port LAN Ports Port Indicators
Security
RJ-45 1-8 WAN2
Slot
Console Port
Port

3
LED Indicators Port/Button Description

LED Description Ports/Buttons Description
Solid Blue – Device is receiving power and turned on. Grounding Point Allows the device chassis to be connected to a known ground
Off – Device is not receiving power or turned off. point for electrical safety and protection possible shock or
surge during device operation and handling. (Grounding wire
Solid Blue – WPS connection process was successful. WPS
and screw not included.)
LED will remain on after successful connection for 2 minutes.
Blinking Blue – WPS is activated and setup process has
Security Slot Allows for an optional cable lock attachment to secure the
started. Within 2 minutes, start the WPS process on your
device to a physical location.
WPS client device to connect.
RJ-45 Console Using the included RJ-45 to RS-232 console cable, this
Off – WPS setup process has stopped or has not been
Port interface provides console/terminal (command line interface)
activated.
access to the device for management and troubleshooting
Solid Blue – 2.4GHz (2-stream) wireless radio is turned on.
purposes.
Blinking Blue – Data transmission on 2.4GHz radio.
Terminal Settings:
Off – 2.4GHz (2-stream) wireless radio turned off.
Baud: 115200 / Data: 8 / Stop: 1 / Parity: None / Flow: None
Solid Blue – 5GHz1 (4-stream) wireless radio is turned on.
USB 3.0 Port Allows for an optional USB storage device (flash drive,
Blinking Blue – Data transmission on 5GHz1 radio.
external HDD, etc.) to be connected and used as a network
Off – 5GHz1 (4-stream) wireless radio turned off.
share through the Samba protocol. (FAT32/NTFS format only)
LAN Interface Connect network devices to the LAN interface ports 1-8 at
Solid Blue – 5GHz2 (2-stream) wireless radio is turned on. Ports 1-8 Gigabit, 10Mbps/100Mbps Full/Half Duplex. By default,
Blinking Blue – Data transmission on 5GHz2 radio.
management access to the GUI and command line interface
Off – 5GHz2 (2-stream) wireless radio turned off.
via default LAN IP address: 192.168.10.1 / 255.255.255.0
WAN1 Interface Connects to your Internet Service Provider (ISP) equipment
LAN 1-8, WAN1 & WAN2 Ports
Port for Internet connectivity such as modem. By default, WAN
Port LEDs
mode is set for failover and WAN1 is configured as the
LED (Right Side)
primary WAN link for Internet connectivity.
Solid Green – Port is connected at 1Gbps link speed.
Off – Port is connected at 10Mbps or 100Mbps link speed. WAN2 Interface Connects to your Internet Service Provider (ISP) equipment
Port for Internet connectivity such as modem. By default, WAN
LED (Left Side) mode is set for failover and WAN2 is configured as the
Blinking Green - Data activity/transmission on port. secondary WAN link for Internet connectivity.
Reset Button Resets device to factory defaults. Using a paperclip, push and
hold the reset button for 15 seconds and release to reset the
device to factory defaults.
Power Port Connects the included power adapter to supply device
power.
On(-)/Off(o) Turns the device power On(-) or Off(o).
Power Switch

4
Applications

5
Router Installation Rack Mount Hardware Installation
The router can be mounted in an EIA standard-size, 19-inch rack, which can be placed in
Desktop Hardware Installation a wiring closet with other equipment. Attach the mounting brackets at the router’s
front panel (one on each side), and secure them with the provided screws.
The site where you install the hub stack may greatly affect its performance. When
installing, consider the following pointers:
Note: The router model may be different than the one shown in the example
illustrations.
• Install the Router in a fairly cool and dry place.
• Install the Router in a site free from strong electromagnetic field generators (such
as motors), vibration, dust, and direct exposure to sunlight.
• Leave at least 10cm of space at the front and rear of the hub for ventilation.
• Install the Router on a sturdy, level surface that can support its weight, or in an
EIA standard-size equipment rack. For information on rack installation, see the
next section, Rack Mounting. Then, use screws provided with the equipment rack to mount each router in the rack.
• When installing the Router on a level surface, attach the rubber feet to the
bottom of each device. The rubber feet cushion the hub and protect the hub
case from scratching.
Note: The look of the router may be different than what is actually displayed.

2
Basic Installation and Configuration 2. Connect a network cable from the WAN1 port of your router to your modem.
Note: It is recommended that you configured the wireless router from a wired computer.
3. Connect a network cable from one of the LAN ports (1-8) of your router to your
computer.
1. Attach the antennas to the front and back of the router and position them for the
best WiFi coverage. It is recommended that you position all antennas vertically as
shown for initial installation and adjust as needed later on. 4. Connect the includes power adapter from a power outlet to your router power port
and push the Power On(-)/Off(o) switch into the On(-) position.

3
5. The Power ( ), 2.4G, 5G1, 5G2 LEDs will turn on solid indicating that the router is 7. Enter the default User Name and Password, then click LOGIN. By default, the pre-
ready. configured user name and password are located on the included preset wireless settings
sticker or device label located on the bottom of the router.
6. Open your web browser on the connected computer and in the address bar, enter
http://tew-829dru or http://192.168.10.1 and press Enter to access the router web
configuration page.

4
8. To change the administrator password for the router configuration, click 10. To change your router’s LAN IPv4 address settings, click on Network and click LAN.
Administrator and click Administration.
Note: By default, the administrator password has been pre-configured for your
convenience and can be located on the included wireless settings sticker or on the device
label located on the bottom of the router. If you are modifying the administrator
password, you will need to log into the router configuration using the new password.
11. Under Common Configuration and General Setup, enter the new LAN IPv4 address
and subnet mas in the IPv4 address and IPv4 netmask fields. Click Apply to save and
commit the changes. Please wait for the new address settings to be applied and log back
into the router web configuration page using the new LAN IPv4 address.
Note: If your computer IP address settings are not automatically updated to the new
settings, you may need to manually renew your computer IP address settings in order
for your to log back into the router web configuration with the new LAN IPv4 address
settings.
9. Enter the new administrator password in the Password field and re-type the new
password in the Confirmation field. Click Apply to save and commit the changes.

5
12. To configure your WAN1 Internet connection settings, click Network and click 14. To configure your wireless network name/SSID and wireless encryption settings,
WAN1. click Network and click the wireless band you would like to configure. Wireless 2.4GHz,
Wireless 5GHz1, or Wireless 5GHz2.
Note: By default, the wireless network name/SSID has been pre-configured for your
convenience and can be located on the included wireless settings sticker or on the device
label located on the bottom of the router. If you are modifying the wireless settings, you
will need to connect to the router with your WiFi clients using the new settings.
13. Under Common Configuration and General Setup, click the Protocol drop-down list
and select the appropriate protocol (Static address, DHCP client, PPTP, PPPoE, L2TP) for
yoru Internet connection. DHCP client is the typical protocol in which the connection
settings are automatically obtained by your ISP (Internet Service Provider). If you are
unsure about the Internet connection settings, please contact your ISP for details. After
you have completed the Internet connection settings, click Apply to save and commit
the changes.

6
15. To change the wireless network name/SSID for the selected wireless band, under 16. To change the wireless encryption key for the selected wireless band, under
Interface Configuration and General Setup, enter the new name in the ESSID field and Interface Configuration Wireless Security, enter the new encryption in the Key field and
click Apply to save and commit the changes. click Apply to save and commit the changes.
Note: The wireless network name/SSID is the name your WiFi clients will need to search Note: WPA2-PSK AES wireless encryption is strongly recommended. The wireless
and discover when connecting to your router wireless network. encryption key is the key your WiFi clients will need to enter when connecting to your
router wireless network.

7
Basic Router Settings Saving and applying router configuration changes

In the router management page, pages may include all, some, or one of the options
below. Some configuration changes may require a device reboot.
Access your router management page
Note: Your router management page URL/domain name http://tew-829dru or IP
address http://192.168.10.1 is accessed through the use of your Internet web browser
(e.g. Internet Explorer®, Firefox®, Chrome™, Safari®, Opera™) and will be referenced • Reset – Clicking this option will reset all settings to their previous configuration
frequently in this User’s Guide. on a specific page.
• Apply – Clicking this option will save and apply the configuration changes on a
specific page which will take effect immediately.
1. Open your web browser and go to URL/domain name http://tew-829dru or IP address
• Save – Clicking this option will temporarily save the changes and allow you to
http://192.168.10.1. Your router will prompt you for a user name and password.
temporarily save multiple configuration changes and apply all configuration
changes at the same time. When a configuration setting has been temporarily
saved, a notification will appear in the top right corner of the router
management page indicated that there are unsaved changes and the number
of pending configuration changes. When you are ready to save and apply the
2. For added security, the router is pre-configured with a unique administrator
configuration changes permanently, click on the notification in the top right
password. You can find the Password on the sticker included in the router package
corner.
contents or on the device label located on the bottom of the router. Enter your
Username and Password, then click LOGIN.
• User Name: admin
• Password: (xxxxxxxx) A list of all pending configuration changes will be displayed. If you are ready to
permanently save all configuration changes, click Apply. Otherwise, to discard
Note: User Name and Password are case sensitive.
changes, click Revert to discard all pending configuration changes.
Change your administrator password

Administrator > Administration
TRENDnet User’s Guide Limited Warranty
By default, the administrator password has been pre-configured a unique password for It is recommended to set the router date and time for scheduling functions and logging
your convenience. You can find the pre-configured administrator password on the functions for monitoring and troubleshooting.
wireless sticker included in your router package contents or also located on the router
device label located on the bottom of the device. This section will allow you to change
1. Log into your router management page (see “Access your router management page”
the default administrator password used to log into your router management page.
on page 8).
2. Click on Administrator and click on System.
on page 8).
3. Review the settings below. Click Apply to save and commit the changes.
2. Click on Administrator and click on Administration.
System Properties
3. Enter the new administrator password in the Password and re-enter the new
password in the Confirmation field. Click Apply to save and commit the changes • Local Time – Displays the current day, date, and time. Clicking the SYNC WITH
BROWSER button will automatically copy the current day, date, and time
Note: The idle timeout setting is used to define the period of inactivity in the router
settings from the web browser and allows the time to be set manually.
management page before automatically logging out.
• Hostname – Modifies the router host name. The host name identifies is the
name used to identify the router to other computer or devices on the network.
Modifying this setting will modify the hostname used when accessing the
router management page using the hostname or when using the Samba USB
share feature.
• Timezone – Click the drop-down list to select the appropriate time zone.
Time Synchronization
• Enable NTP client – Enables the NTP client to configure router to obtain time
and date settings from an external network time server.
o NTP server candidates – Enter the domain name of the network time
server to obtain time and settings. (e.g. pool.ntp.org)
Note: If you change the administrator password, you will need to access the router
Note: You can add multiple time servers by clicking . If one server
management page using the User Name “admin” and the new password instead of the
is not available, your router will try the next available server in the list.
pre-configured default password. If you reset the device to factory defaults, you will
need to access the router management page using the pre-configured settings on the
included wireless sticker in the router package contents or on device label located on the
bottom of the router.
Set your router date and time
Administrator > System

9
Create time schedules

Administrator > Schedule
Your router allows you to create schedules to specify a time period when a feature
should be activated and deactivated. Before you use the scheduling feature on your
router, ensure that your router system time and date settings are configured correctly.
on page 8).
2. Click on Administrator and click Schedule.
3. Review the settings below. Click Add to add the new schedule to the list and Apply to
save and commit the changes.
• Name – Enter a name for the new schedule rule.
• Days – Choosing Daily will set the set the schedule rule to occur at the specified
time every day. Choosing Select Day(s) will allow to manually select which
specific days for the schedule.
• All Day – 24 Hrs – Checking this option will set the schedule to run all 24 hours
instead of manually configured a specified time period.
• Start Time / End Time – Manually define a time period for the schedule.
Note: The time period is specified in 24 hour format.

10
Change LAN IPv4 address settings Below is a reference of the additional LAN settings if you choose to make other
configuration changes to these sections.
Network > LAN
Note: The default LAN interface IPv4 address settings is 192.168.10.1 / 255.255.255.0
and also assigned to LAN ports 1-8 by default. If the LAN IPv4 address settings are General Setup
modified, you will need to log into the router management page with the new IPv4 • Status – LAN Interface (br-lan)
address settings. o Uptime – Displays the amount time the LAN interface has been up and
continuously running. This time will reset if the router is powered off
or router is rebooted.
1. Log into your router management page (see “Access your router management page” o MAC-Address – Displays the current MAC address assigned to the LAN
on page 8). interface.
o Rx – Displays the total amount of data received by the LAN interface in
2. Click on Network and click LAN. MB (# of packets) since the start of the currently displayed uptime.
o Tx – Displays the total amount of data transmitted by the LAN
interface in MB (# of packets) since the start of the currently displayed
3. Under the Common Configuration section, you can enter the new LAN interface IP
uptime.
address settings.
o IPv4: Displays the current IPv4 address settings assigned to the LAN
• IPv4 address – Enter the new LAN IPv4 address. (e.g. 192.168.50.1) interface.
• IPv4 netmask – Select or Enter the new LAN IPv4 subnet mask. The drop-down • Mode – Allows you to change the function between NAT mode or Route Only
menu will list class A, B, C, or custom which will allow you to manually enter a (NAT-less).
custom subnet mask. (e.g. 255.255.255.0) o NAT – The default router mode which uses network address
translation between the local internal (LAN/VLAN) interfaces and
external (WAN1/WAN2) interfaces translating public and private IP
addressing.
o Route Only (NAT-less) – This mode disables the NAT function between
internal and external interfaces and may also be known as classical
routing mode. This mode should only be used when the router is using
for local internal IP routing only
Advanced Settings
• Override MAC Address – This parameter allows you to assign a new LAN
interface (br-lan) MAC address. Typically, this parameter does not need to be
modified. (e.g. AA:BB:CC:DD:EE:FF)
• Override MTU – The default MTU (maximum transfer unit) or frame size is set
to 1500 bytes. This parameter allows you to assign a new MTU size. Typically,
this parameter does not need to be modified.
• Use gateway metric – This is automated metric or priority value assigned to the
4. Click Apply to LAN network interface route in the routing table. Typically, this parameter does

11
not need to be modified. (Lower value = Higher priority in route table, 0 being Configure LAN IPv4 DHCP server settings
the highest priority.)
Network > LAN
Note: The internal DHCP server function is enabled by default on the LAN interface to
automatically distribute IP address settings to network devices connected to the LAN and
wireless LAN interfaces. The internal DHCP server only supports only class C IP address
range. The default IP range is 101 – 199 (192.168.10.101 – 192.168.10.199)
on page 8).
2. Click on Network and click LAN.
3. Under the DHCP Server/Relay section, you can modify or enter the new DHCP settings
and click Apply to save and commit the changes.
• DHCP mode – Allows you to set the mode to Enable, Disable, or Relay.
o Enable – Using this setting enables the DHCP server function the LAN
interface.
o Disable - Using this setting disabled the DHCP server function on the
LAN interface.
o Relay – Using this setting allows you to use an external DHCP server
instead of your router’s internal DHCP server to distribute IP address
settings on the LAN interface. If choosing this setting, enter the IP
address of your external DHCP relay server.
• Start – Enter the starting value of DHCP IPv4 address range. (e.g. If your LAN
IPv4 address is 192.168.50.1, entering 120 will define the first IP address of the
DHCP pool is 192.168.50.120)
• End – Enter the ending value of DHCP IPv4 address range. (e.g. If your LAN IPv4
address is 192.168.50.1, entering 200 will define the last IP address of the DHCP
pool is 192.168.50.200)

12
• Lease Time – Enter the lease time in hours (h) or minutes (m) DHCP clients will Below is a reference of the additional DHCP Server/Relay settings if you choose to make
hold their IP address settings before automatically requesting a new lease (IP other configuration changes to these sections.
address settings) from the internal DHCP server. (e.g. To specify 24 hours, enter
24h. To specify 480 minutes, enter 480m.)
• WINS server – Enter the IPv4 address of your WINS (Windows Internet Name
Server) for internal host name resolution on your local network to be
distributed to DHCP clients. The WINS server provides host name to IP address
resolution for the NetBIOS naming service. This parameter is optional. (e.g.
192.168.50.250)
• Primary DNS – Enter the IPv4 address of your primary DNS (Domain Name
System) server for Internet domain name resolution to be distributed to DHCP
clients. By default, the internal DHCP server uses DNS relay and provides the
router LAN IPv4 address as the primary DNS server to DHCP clients. The DNS
server provides Internet domain name to IP address resolution when
computers are accessing or browsing Internet websites. This parameter is
optional. (e.g. If entering 8.8.8.8, this DNS server will be provided DHCP clients
instead of the router’s LAN IPv4 address to resolve Internet domain names such
as trendnet.com )
• Secondary DNS – Enter the IPv4 address of your secondary DNS (Domain Name
System) server for Internet domain name resolution to be distributed to DHCP
clients. If the primary DNS server cannot be reached, the secondary DNS server
will be used. This parameter is optional. (e.g. 8.8.4.4)
• Local domain name – Enter a domain name to distribute to DHCP clients. This
parameter is optional. (e.g. trendnet.com)

13
Advanced Settings
• Dynamic DHCP – Checking this option the enables the DHCP server to
distribute IPv4 address settings dynamically to clients. If this option is
unchecked, IPv4 address settings will only be assigned to DHCP clients with a
static DHCP reservation. Typically, this parameter does not need to be
modified.
• Log Queries – Checking this option will enable generate logging to internal or
syslog of any DNS queries. Typically, this parameter does not need to be
modified.

14
Add static DHCP reservations Add static host name entries

Network > LAN Network > LAN
The router can be used for host name to IP address resolution of computers or network
1. Log into your router management page (see “Access your router management page” devices on your local network similar to a WINS server however, entries will not
on page 8). dynamically populate and each entry must be manually entered. For clients to resolve
the manually entered static entries, DHCP clients must use the router LAN IPv4 address
as the WINS server.
3. Under the Static Leases section, click Add. on page 8).
3. Under the Host Entries section, click Add.
4. Enter the parameters for the static host name entry and click Apply to save and
4. Enter the parameters for the static DHCP reservation and click Apply to save and
commit the changes.
commit the changes.
• Hostname – Enter the host name. (e.g. trendnetpc)
Note: The network device or computer the reservation is created will need to release and
• IPv4-Address – Enter the IPv4 address to resolve to host name. (e.g.
renew the IPv4 address settings in order to obtain the new IP address settings.
192.168.50.150)
• Hostname – Enter a name for the DHCP reservation. (e.g. trendnetpc)
• MAC-Address – Enter the MAC (Media Access Control) address of the
computer or network device to assign to the reservation. You can also click the
drop-down list to select from a list of network devices detected by the router
that have been assigned IPv4 address settings through DHCP. (e.g.
AA:BB:CC:DD:EE:FF)
• IPv4-Address – Enter the IPv4 address to assign to the computer or network
device for the reservation. You can also click the drop-down list to select from
list o of network devices detected by the router through DHCP. (e.g.
192.168.50.150)

15
Add static ARP entries Note: You can specify additional static ARP entries by clicking Add. Delete existing
entries by clicking the Delete button next to the entry to be removed.
Network > LAN
ARP (Address Resolution Protocol) is the protocol responsible for resolve IP addresses to
hardware MAC addresses. Typically, ARP entries are dynamically learned and refreshed
in the ARP table however, in the case where your application requires static ARP entries
to always be present in the router ARP table, you can manually enter and add them to
the router. (ex. applications: WoL (Wake on LAN) or Wake on WAN)
on page 8).
3. Under the Static ARP section, click the MAC-Address drop-down list to select a MAC
address from the list or select customer to manually enter a MAC address (format
example: aa:bb:cc:dd:ee:ff).
4. Click the IPv4-Address drop-down list and select the IPv4 address to assign to the
MAC address ARP table entry or select custom to manually enter an IPv4 address
(format example: 192.168.10.129)
5. Click Apply to save and commit the changes.

16
Configure WAN1 / WAN2 interfaces for Internet connectivity Below is a reference of the additional WAN settings if you choose to make other
Network > WAN1/WAN2
General Setup
By default, the WAN configuration is set to use WAN1 as the primary connection for
Internet connectivity and failover to WAN2 secondary if there is fault in connectivity to • Status – LAN Interface (br-lan)
WAN1. This section will explain how to set up the WAN1 or WAN2 interfaces for o Uptime – Displays the amount time the WAN1/WAN2 interface has
Internet connectivity to your ISP (Internet Service Provider). been up and continuously running. This time will reset if the router is
powered off or router is rebooted.
o MAC-Address – Displays the current MAC address assigned to the
1. Log into your router management page (see “Access your router management page” WAN1/WAN2 interface.
on page 8). o Rx – Displays the total amount of data received by the WAN1/WAN2
interface in MB (# of packets) since the start of the currently displayed
2. Click on Network and click WAN1 or WAN2. uptime.
o Tx – Displays the total amount of data transmitted by the
WAN1/WAN2 interface in MB (# of packets) since the start of the
3. Under the Common Configuration section, click the Protocol drop-down list and currently displayed uptime.
select the Internet connection provided by your ISP. o IPv4: Displays the current IPv4 address settings assigned to the
WAN1/WAN2 interface.
• Dual WAN priority – Displays the current priority assignment for the selected
WAN interface. The WAN priority settings can be configured under Network >
Multiple WAN. By default, the WAN configuration is set to use WAN1 as the
primary connection for Internet connectivity and failover to WAN2 secondary if
there is fault in connectivity to WAN1.
• Hostname to send when requesting DHCP – If your ISP requires to send
specific hostname with the DHCP request for Internet connectivity, enter the
required host name in the field. Applies to DHCP client/PPTP/L2TP WAN
protocols.
• WAN mode – Applies to PPTP/L2TP WAN protocols.
o DHCP client – Using this option will set the WAN to obtain IP address
settings automatically from your ISP for Internet connectivity.
o Static IP – Using this option will require you to manually enter the
WAN IP settings required by your ISP for Internet connectivity.
• Connect mode – Applies to PPPoE/PPTP/L2TP WAN protocols.
o Keep alive – This option will keep the connection on at all times.
4. Complete all of the fields required by your ISP and click Apply to save and commit the o On demand – This option will automatically disconnect after the max.
changes. idle time is reached and will automatically re-establish connection
when Internet access is used.

17
• Access concentrator / Service name – Optional parameters required only if ISP • Vendor Class to send when requesting DHCP – Optional parameter only
requires for Internet connectivity. Applies to PPPoE WAN protocol. required if your ISP requires a specific vendor class to be sent when requesting
• MPPE support– Optional parameter (applies Microsoft Point-to-Point IP address settings for Internet access. Applies to DHCP client WAN protocol.
Encryption) required only if ISP requires for Internet connectivity. Applies to • Override MAC address – Optional parameter used to change the WAN
PPTP WAN protocol. interface MAC address if you are experiencing issues obtaining IP address
• Use DNS servers advertised by peer- If checked, automatically obtains DNS settings from your ISP. This parameter is more commonly known as MAC
service IP address settings from your ISP. If unchecked, allows you to specify address cloning where you can assign a LAN computer MAC address to the
custom DNS server IP addresses. Applies to PPPoE/PPTP/L2TP WAN protocols. WAN interface. Applied to DHCP client WAN protocol.
• Override MTU – The default MTU (maximum transfer unit) or frame size is set
Advanced Settings to 1500 bytes. This parameter allows you to assign a new MTU size. For
• Bring up on boot – The parameter is enabled to bring the WAN1/WAN2 PPPoE/PPTP/L2TP WAN protocols, if you experience issues accessing SSL/HTTPS
interface up during device boot. Typically, this parameter does not need to be secure websites, you can try lower the MTU value to 1492 to decrease the
modified. amount of packet errors. Typically, this parameter does not need to be
• Use builtin IPv6-management – Enables/disables IPv6 protocol on the modified.
WAN1/WAN2 interface. Typically, this parameter does not need to be
modified. WAN VLAN Tagging
• Enable IPv6 negotiation on PPP link – Enables/disables IPv6 when using the
PPPoE/L2TP WAN protocols. Typically, this parameter does not need to be Some ISPs require VLAN tag assignment of a specific VLAN ID when for Internet access
modified. or other services. You can follow the steps below to assign a specific VLAN ID to the
WAN interface.
• Use broadcast flag – Optional parameter if your ISP may requires that DHCP
requests from your device be sent as broadcasts or unicasts for IP address
settings for Internet access. 1. Log into your router management page (see “Access your router management page”
• Use default gateway – This parameter automatically created a default gateway on page 8).
route in the device routing table to access the Internet through the selected 2. Click on Network and click VLAN.
WAN interface. If unchecked, the default gateway route for Internet access
3. Under the VID, you can enter the VID required by your ISP and set the WAN interface
must be entered in manually in the device routing table settings. Typically, this
to tagged or untagged. Click Apply to save and commit the changes.
parameter does not need to be modified.
• Use gateway metric – This parameter is the route priority value assigned to the
default gateway route. Range: 0-9999, 0 being the highest priority. Typically,
this parameter does not need to be modified.
• Use DNS servers advertised by peer- If checked, automatically obtains DNS
service IP address settings from your ISP. If unchecked, allows you to specify
custom DNS server IP addresses. Applies to the DHCP client WAN protocol.
• Client ID to send when requesting DHCP – Optional parameter only required if
your ISP requires a specific client ID to be sent when requesting IP address
settings for Internet access. Applies to DHCP client WAN protocol.

18
IPv6 settings 3. Review the IPv6 Internet Connection settings and enter information settings specified
by your ISP. Complete all of the fields required by your ISP and click Apply to save and
Network > IPv6 commit the changes.
IPv6 (Internet Protocol Version 6) is a new protocol that significantly increases the
number of available Internet public IP addresses due to the 128-bit IP address structure
Note: Please contact your ISP for IPv6 service availability.
versus IPv4 32-bit address structure. In addition, there are several integrated
enhancements compared to the most commonly used and well known IPv4 (Internet
Protocol Version 4) such as:
• Integrated IPsec – Better Security

• Integrated Quality of Service (QoS) – Lower latency for real-time applications
• Higher Efficiency of Routing – Less transmission overhead and smaller routing
tables
• Easier configuration of addressing
Note: In order to use IPv6 Internet connection settings, it is required that your ISP
provide you with the IPv6 service. Please contact your ISP for availability and more
information about the IPv6 service. Select the IPv6 WAN connection type provided by your ISP.
• Static IPv6
on page 8). • Auto-configuration (SLAAC/DHCPv6)
• PPPoE
2. Click on Network and click on IPv6. • Link-Local Only
.

19
Virtual LANs (VLANs) 4. To create a new 802.1Q VLAN, under the VLANs section, click Add.
Network > VLAN
Your router supports port-based 802.1Q VLANs as well inter-VLAN routing. VLANs can
be assigned different IP address interfaces in which the router can route be between 5. Under VID, enter the VLAN ID to assign to the new VLAN (4-4094, VLAN IDs 1-3 are
VLAN IP subnets. reserved for use with the default LAN, WAN1, WAN2 interfaces) and set the untagged
VLAN member ports. Example: In the example below, we will create a new VLAN with
VLAN ID: 50 and assign ports 5 & 6 as untagged member ports.
Create a port-based VLAN
on page 8).
2. Click on Network and click VLAN.
3. Before assigning which untagged and tagged VLAN member ports are assigned to a
new VLAN, the ports must be set to Off in the default VLAN VID: 1 (LAN). Also, click
the Inter VLAN Routing drop-down list and select Enabled to enable communication
between the LAN and other VLAN interfaces. Click Apply to save and commit the 6. Enter the VLAN IP interface configuration under IP Address and Subnet Mask.
changes. Example: We will remove ports 5-8 from the default VLAN VID: 1 (LAN) Example: In the example below, we will enter the VLAN 50 interface IP address as
interface so these ports can be re-assigned as untagged member ports of new VLANs 192.168.50.1 and subnet mask 255.255.255.0.
in example below.

20
7. Under DHCP Server, click the Mode drop-down list and select Enabled to enable the Create a port-based VLAN with 802.1Q tagging
DHCP server on the VLAN. Click Apply to save and commit the changes. Your router supports 802.1Q VLAN tagging/trunking to other 802.1Q VLAN devices such
Example: In the example below, we will enable the DHCP server on VLAN 50 and leave IP as managed switches.
address range and lease defaults. This will assign a DHCP IP range of 101-199 to ensure
any devices connected to this VLAN obtain IP address information via DHCP.
on page 8).
3. Under VLAN VID:1 (LAN), click the Inter VLAN Routing drop-down list and select
Enabled and click Apply to commit and save the changes.
If following the port-based VLAN configuration example, any computers or devices

connecting to ports 5 & 6 will obtain 192.168.50.x/255.255.255.0 address settings and
use the VLAN 50 IP interface 192.168.50.1 as the Internet gateway and gateway to other
local IP subnets.
4. To create a new 802.1Q VLAN, under the VLANs section, click Add.

21
5. Under VID, enter the VLAN ID to assign to the new VLAN (4-4094, VLAN IDs 1-3 are 7. Under DHCP Server, click the Mode drop-down list and select Enabled to enable the
reserved for use with the default LAN, WAN1, WAN2 interfaces) and set the tagged DHCP server on the VLAN. Click Apply to save and commit the changes.
VLAN member port. Example: In the example below, we will create a new VLAN with Example: In the example below, we will enable the DHCP server on VLAN 50 and leave IP
VLAN ID: 50 and assign port 8 as a tagged VLAN member port. address range and lease defaults. This will assign a DHCP IP range of 101-199 to ensure
any devices connected to this VLAN obtain IP address information via DHCP.
6. Enter the VLAN IP interface configuration under IP Address and Subnet Mask.
Example: In the example below, we will enter the VLAN 50 interface IP address as
192.168.50.1 and subnet mask 255.255.255.0.

22
If following the 802.1Q VLAN configuration example, a managed/web smart switch with Example below of multiple VLANs configured and passing traffic through the same
802.1Q VLAN support can be connected and pass VLAN 50 traffic between the router 802.1Q VLAN tag/trunk link.
and switch. Any computers or devices connecting to the untagged VLAN ports (PVID: 50)
on the managed/web smart will obtain 192.168.50.x/255.255.255.0 address settings
and use the VLAN 50 IP interface 192.168.50.1 as the Internet gateway and gateway to
other local IP subnets. Additional VLANs can be created on the router and switch in
which 802.1Q VLAN traffic can pass through the same single 802.1Q VLAN tag/trunk
link.

23
Assigning VLAN IDs to Wireless SSIDs 5. Under VID, enter the VLAN ID to assign to the new VLAN (4-4094, VLAN IDs 1-3 are
Your router supports assigning specific VLAN IDs to wireless SSIDs to extend VLAN traffic reserved for use with the default LAN, WAN1, WAN2 interfaces) and set the tagged
manageability and control to your router wireless network. By default, primary and VLAN member port. Example: In the example below, we will create a new VLAN with
multiple SSIDs are assigned to the LAN (VLAN 1) IP network. VLAN ID: 50 and assign port 8 as a tagged VLAN member port.
on page 8).
3. Under VLAN VID:1 (LAN), click the Inter VLAN Routing drop-down list and select
Enabled and click Apply to commit and save the changes.
6. Enter the VLAN IP interface configuration under IP Address and Subnet Mask.
Example: In the example below, we will enter the VLAN 50 interface IP address as
192.168.50.1 and subnet mask 255.255.255.0.
4. To create a new 802.1Q VLAN, under the VLANs section, click Add.

24
7. Under DHCP Server, click the Mode drop-down list and select Enabled to enable the If following the 802.1Q VLAN configuration example, a managed/web smart switch with
DHCP server on the VLAN. Click Apply to save and commit the changes. 802.1Q VLAN support can be connected and pass VLAN 50 traffic between the router
Example: In the example below, we will enable the DHCP server on VLAN 50 and leave IP and switch and 2.4GHz wireless SSID. Any computers or devices connecting to the
address range and lease defaults. This will assign a DHCP IP range of 101-199 to ensure untagged VLAN ports (PVID: 50) on the managed/web smart will obtain
any devices connected to this VLAN obtain IP address information via DHCP. 192.168.50.x/255.255.255.0 address settings and use the VLAN 50 IP interface
192.168.50.1 as the Internet gateway and gateway to other local IP subnets. Any
wireless computers or devices connecting to the 2.4GHz wireless SSID will also obtain
192.168.50.x/255.255.255.0 address settings while connecting to 5GHz1 or 5GHz2 SSIDs
will remain on the LAN network. Additional VLANs can be created on the router and
switch in which 802.1Q VLAN traffic can pass through the same single 802.1Q VLAN
tag/trunk link. Multiple SSIDs will appear in this section when enabled and configured.
Guest network SSID does not apply.
8. Under Reassign SSID to VLAN, next to the SSID you would like to assign the new VLAN
ID, click the Network/VID drop-down list and select the VLAN ID. Click Apply to save
and commit the changes.

25
Application layer gateway (ALG)

Below is a reference of the additional VLAN settings if you choose to make other Network > ALG
You may want to configure your router to allow computers the use of specific high layer
applications or service sessions to pass through. Application Layer Gateways (ALG)
• VID – The VLAN ID assigned to a specific VLAN. allows you to easily enable or disable these applications to pass through your router.
• Ports 1-8 – Configure port VLAN membership settings. Note: It is recommended to leave these settings enabled.
o Untagged – Default setting. Sets port membership as untagged and
allows connectivity to network devices such as computers. The router
will use the internal port VLAN ID (PVID) to forward VLAN traffic 1. Log into your router management page (see “Access your router management page”
accordingly to these ports based on their untagged VLAN membership. on page 8).
o Tagged – Sets port membership as tagged and used for VLAN tag or 2. Click on Network and click on ALG.
trunk links to other VLAN aware devices such as managed switches or 3. Review the applications. Click Apply to save and commit the changes.
access points.
o Off – Removes port membership from a specific VLAN.
• Inter VLAN Routing – Allows communication between local network
interfaces/IP subnets such as the LAN and VLAN interfaces.
• IP Address/Subnet Mask – The IP address and subnet mask assigned to a
specific VLAN interface.
• Mode – Configures the DHCP server settings for a specific VLAN interface.
o Disabled – Disables DHCP on a specific VLAN interface.
o Enabled – Enables the internal DHCP server on a specific VLAN
interface. Allows you to set the IP address range/pool, lease time,
WINS/DNS servers, and local domain name for the DHCP server.
o Relay – Enables DHCP relay on a specific VLAN interface and forwards
DHCP requests on the VLAN interface to an external DHCP server IP
address (e.g. 192.168.50.20).

26
UPnP and NAT-PMP Static routes

Services > UPnP Network > Routing
UPnP (Universal Plug and Play) and NAT-PMP (NAT Port Mapping Protocol) allows You may want set up your router to route computers or devices on your network to
devices connected to a network to discover each other and automatically open the other local networks through other routers. Generally, different networks can be
connections or services for specific applications (e.g. instant messenger, online gaming determined by the IP addressing assigned to those networks. Generally speaking and for
applications, etc.) UPnP and NAT-PMP is disabled on your router by default and should the case of this example, your network may have 192.168.10.x IP addressing and
only be enabled to allow specific applications required by your computers or devices to another network may have 192.168.20.x IP addressing and because the IP addressing of
allow connections through your router as they are needed. these two networks are different, they are separate IP networks. In order to
communicate between the two separate networks, static routing needs to be
configured.
on page 8).
on page 8).
2. Click on Services and click on UPnP / NAT-PMP.
2. Click on Network and click on Routing.

3. Under the UPnP / NAT-PMP section, check the Enable UPnP / NAT-PMP functionality
option. Click Apply to save and commit the changes.
3. Review the Routing section. Click Add to add the new static route. Click Apply to save
and commit the changes.
• Interface – Select the interface to assign the route.
• Target Host-IP or Network: Enter the IP network address of the destination
network for the route. (e.g. 192.168.20.0)
• IP4-Netmask: Enter the subnet mask of the destination network for the
route.(e.g. 255.255.255.0)
• IPv4-Gateway: Enter the gateway to the destination network for the route.
(e.g. 192.168.10.2)
• Metric: Enter the metric or priority of the route. The metric range is 0-9999, the
Note: When UPnP/NAT-PMP is enabled, you can check the currently open connections in lowest number 0 being the highest priority.
the UPnP/NAT-PMP entries table..
You can check the current routing table under Status > Routes under Active IPv6-
Routes.

27
Dynamic routing protocols

Network > Routing
You may want set up your router to route computers or devices on your network to
other local networks through other routers. Generally, different networks can be
determined by the IP addressing assigned to those networks. Generally speaking and for
the case of an example, your network may have 192.168.10.x IP addressing and another
network may have 192.168.20.x IP addressing and because the IP addressing of these
two networks are different, they are separate networks. In order to communicate
between the two separate networks, static routing needs to be configured. Below is an
example diagram where routing is needed for devices and computers on your network
to access the other network. If you have other routing devices that support dynamic • RIP enable: Check the option to enable RIP on the specified interface.
routing protocol, you can enable these routing protocols on your router to learn and • RIP version: Click the drop-down list and select the appropriate RIP version v1 or
automatically generate the routes needed between these networks. v2.
Note: If selecting RIP v2, this requires basic password authentication between
Routing Information Protocol (RIP) routing devices using this protocol. The password must match on all routing
devices connected in order successfully exchange routing information.
Network > Routing > RIP
• Redistribute: Select the method used to redistribute dynamic routing
information. The Kernel option should be left on as this option
1. Log into your router management page (see “Access your router management page” advertises/announces that the router can provide network routing information
on page 8). using RIP. The OSPF option allows the router to learn new routing information
using the RIPv1/2 protocols and redistribute the routing information using OSPF
protocol.
2. Click on Network, click on Routing, and click on the RIP tab.
• Send version – Select the RIP protocol version to send.
• Receive version – Select the RIP protocol version to receive.
3. Review the RIP Routing section. To save changes to this section, click Apply to • Authentication – Enables MD5 authentication on all RIP messages sent and
command save your changes. received.
• Key string – If authentication is enabled, enter the authentication key
• RIP enable: Check the option to enable the RIP dynamic routing protocol globally string/password to use for RIP messages sent and received.
on the router. • Plain text password – This option will set the password to be send in clear text
In the Overview table, you can enable and configure RIP for each interface by clicking instead of using the MD5 hash. This setting is not recommended.
Edit next to the interface.
Routes.

28
OSPF (Open Shortest Path First)

Network > Routing > OSPF
on page 8).
2. Click on Network, click on Routing, and click on the OSPF tab.
3. Review the OSPF Routing section. To save changes to this section, click Apply to
commit and save your changes.
In the Overview table, you can enable and configure RIP for each interface by clicking
Edit next to the interface.
• OSPF enable: Check the option to enable OSPF dynamic routing globally on the
router.
• Router ID: Enter the OSPF router ID. • OSPF enable: Check the option to enable OSPF dynamic routing on the specified
interface.
• Network type: Select the OSPF network type. Select only Point to Point or Point
to Multi-point if connecting to your networking using PPP protocol, otherwise
select Broadcast. If only exchanging OSPF routing information to one other
device, select Non-Broadcast and enter in the Neighbor IP address at the bottom.
• Key authentication – Enables MD5 authentication on all OSPF messages sent and
received.
• Key string – If authentication is enabled, enter the authentication key
string/password to use for OSPF messages sent and received.
• Plain text password – This option will set the password to be send in clear text
instead of using the MD5 hash. This setting is not recommended.
• Cost – Enter the OSPF cost value.
• Priority – Enter the OSPF priority value.
• Area - Enter the area id for OSPF.
Routes.

29
Quality of Service (QoS) Classes – The QoS priority classes define the bandwidth maximum limits of total
bandwidth that can be used and total bandwidth that can be shared for a particular
Network > QoS class. Note: Typically, you do not need to modify the QoS priority class percentage
The router supports up to four QoS priority queues for traffic classification and priority. settings.
• Download link share bandwidth (%) – This defines the guaranteed bandwidth
1. Log into your router management page (see “Access your router management page” % from the total download speed defined in the QoS settings. The class setting
on page 8). will attempt to guarantee this bandwidth % minimum limit is allocated.
• Download max bandwidth (%) – This defines the maximum bandwidth %
2. Click on Network and click on QoS.
allowable from the total download speed defined in the QoS settings. This class
3. Under QoS settings, review the settings below. When complete, click Apply to save setting is the maximum bandwidth % limit that can be allocated above the link
and commit your changes. share bandwidth %.
QoS Settings • Upload link share bandwidth (%) – This defines the guaranteed bandwidth %
• Enable: Check the enable option to Enable QoS. from the total upload speed defined in the QoS settings. The class setting will
• Download speed (kbit/s): Enter the maximum download speed provided by your attempt to guarantee this bandwidth % minimum limit is allocated.
ISP in kilobits per sec. It is important to set this value accurately. • Upload max bandwidth (%) – This defines the maximum bandwidth %
Note: If your multiple mode is set to load balancing, you can combine the total allowable from the total upload speed defined in the QoS settings. This class
download bandwidth of both WAN connections. setting is the maximum bandwidth % limit that can be allocated above the link
• Upload speed (kbit/s): Enter the maximum upload speed provided by your ISP in share bandwidth %.
kilobits per sec. It is important to set this value accurately.
• Note: If your multiple mode is set to load balancing, you can combine the total
upload bandwidth of both WAN connections.
• Calculate overhead – Typically, when this option is unchecked/disabled, the
overhead value will not be added to the upload and download speeds entered in
the fields. When this option is checked/enabled, the total overhead calculation is
included in the total upload/download speed specified to ensure the values
entered are the absolute maximum value limits entered.
• Default class – When QoS is enabled, select the default priority class used for all
other traffic when QoS after all specific QoS classification rules have been
applied. You can typically set this to Low or Medium.

30
Classification Rules
Click Add to create a new QoS classification rule. When complete, click Apply to save
and commit your changes.
• Target – Select the QoS priority class to apply to the rule.
• Direction – Select the direction of traffic in which to apply the QoS
classification, Download (Inbound Traffic) or Upload (Outbound Traffic).
• Source Host – Click the drop-down list to select All (any IP address), a specific
source host IP address from the list or select Custom to define a particular
source IP address not listed.
• Destination Host– Click the drop-down list to select All (any IP address), a
specific destination host IP address from the list or select Custom to define a
particular destination IP address not listed.
• Protocol – Click the drop-down to select the type of traffic to apply the QoS
classification rule. All/TCP/UDP/ICMP or custom to specify a particular protocol
not listed.
• Source Port (range) – Enter the source port or source port range to apply the
QoS classification rule.
• Destination Port (range) – Enter the source port or source port range to apply
the QoS classification rule.
•

31
Dynamic DNS
Services > Dynamic DNS
When using a dynamic IP/DHCP WAN type from your ISP where your public IP or
Internet IP address always changes, dynamic DNS provides a method of accessing your
router or network remotely over the Internet for devices such as IP cameras, storage, or
computers hosted on the local LAN side of your router. Dynamic DNS services do thi by
assigning a custom hostname or DNS name for you to reference. Your router will send
updates to the dynamic DNS service provider if the WAN or Internet IP address(es)
change providing the emulation of a virtual fixed IP address that you can always
reference to access your router over the Internet.
Note: First, you will need to sign up for one of the DDNS service providers listed in the
Server Address drop-down list.
1. Sign up for one of the DDNS available service providers list under Server Address.
(e.g. no-ip.com, dyndns.org etc.)
2. Log into your router management page (see “Access your router management page” Below is a reference of the additional Dynamic DNS settings if you choose to make other
on page 8). configuration changes to these sections.
3. Click on Services and click on Dynamic DNS.
4. Review the DDNS settings below. When complete, click Apply to save and commit Timer Settings
your changes. Allows you to configure a specified interval to force your router to send a DDNS update
• Enabled – Check the enabled option to enable dynamic DNS on the selected WAN to your DDNS service provider.
interface. Note: Please note that it is recommended not to set the interval too low and send
• DDNS Provider [IPv4]: Click the drop-down list Select your DDNS service. updates too often as this may not meet the minimum requirements of your DDNS service
• Host Name: Enter the custom hostname or DNS name you created with DDNS provider client update policy.
account. (e.g. trendnet.ddns.net) • Force Interval – Enter a value in days, hours, or minutes.
• Account: The user name needed to login to your Dynamic DNS service account. Note: The smallest interval allowed is 10 minutes. Setting the value to 0 will
force your router to send a DDNS update only once and will not resend any
• Password: This is the password to login to your Dynamic DNS service account.
more DDNS updates for the specified WAN.

32
File sharing server

Services > Network Shares
Your router’s USB port can be used to share files through the network when a USB
storage device is connected on the back USB port. The router supports Samba (SMB) file
sharing protocol and is compatible with SMB/CIFS.
Note: Only FAT32 or NTFS file formats are supported, up to 4TB max. storage size.
After you have connected your USB storage device:

on page 8).
2. Click on Services and click on Network Shares.
3. Review the settings below. When complete, click Apply to save and commit your
changes.
Note: By default, the Samba server name is set to TEW-829DRU or the LAN IP address
Samba Users
may also be used default LAN IP: 192.168.10.1. To change the Samba server name, you
can modify this setting under Administrator > System and edit the Host Name setting. • User Name: Enter the user name to be used to access the USB share.
• Password: Enter the password to be used to access the USB share.
Samba General Settings
• Enable – Check the enable option to enable Samba file sharing.
• Description: Enter a description for the server. Shared Devices
• Workgroup: Enter the workgroup name. It is recommended to keep the standard • Device Name: Displays the USB storage device name.
default “WORKGROUP”. If you change this setting, you will need to change the • Shared Name: Displays the Samba share name used to access the USB share over
workgroup name on all computers in your network that are allowed access to the the network.
USB storage in order to discover it automatically. Otherwise, you will need to Example: You can access the USB share by typing in the path \\TEW-
access the server by IP address. 829DRU\usb_A1 or \\<routerIPaddress>\usb_A1.
• Login Required – Selecting No will not require computers to login when accessing
the USB share. Select Yes will require computers to enter a user name and
password when accessing the USB share and user account can be modified under • Size – Displays the total size of the USB storage device.
the Samba Users list. This user account will have full read/write permissions on
• Used – Displayed the storage space currently used on the USB storage device.
the USB share.
• Available – Displays the storage space currently available on the USB storage
device.
• Eject Device – Clicking the Eject button will allow you to safely remove/dismount
and disconnect the USB storage device.

33
Wake on LAN (WoL)

Services > Wake on LAN
Wake on LAN (WoL) is used to remotely wake up or turn on device that support the WoL
feature from your router.
Note: In order for the WoL feature to work, the device must support the WoL and it must
be enabled configured properly on the device.
on page 8).
2. Click on Services and click on Wake on LAN.
changes.
• Host to wake up: Click the drop-down list to select a computer/device from the
list or manually enter the MAC address of the device. Clicking the WAKE UP HOST
INSTANTLY button will immediately send a wake up message to the WoL device.
• Add new WoL schedule: Allows you to select a schedule when to send a wake up
message to the WoL device.

34
Wireless Networking and Security Note: Modifying the channel settings will force currently
connected wireless client devices to disconnect and reconnect
to your router’s wireless networks.
Wireless Settings
Network > Wireless (2.4GHz or 5GHz1 or 5GHz2)
This section covers the wireless settings of your router such as wireless network names
(SSIDs), channels, 802.11 mode, and other wireless settings.
on page 8).
2. Click on Network and click on the wireless band you would like to configure Wireless
(2.4GHz or 5GHz1 or 5GHz2)
3. Review the settings below. When complete, click Apply to save and commit your o Advanced Settings
changes.  Mode – By default, 802.11b/g/n and 802.11a/n/ac modes are
Primary SSID – This tab involves the configuration parameters for the primary SSID for a configured to ensure the best compatibility with wireless
specific wireless band. client devices. These settings will allow all wireless client
• Device Configuration devices to connect to you router’s wireless networks
o General Setup including devices that support older standards such as
 Status – Displays current information about the wireless 802.11a/b/g.
radio/band such as SSID, BSSID/wireless MAC address, Note: If older slower wireless client devices connect to your
encryption, operating channel, transmit power, bitrate, and wireless network, this may reduce the speed and performance
country/region. of all other wireless client devices connecting to the same
 Enable wireless radio – This option is checked by default to wireless network.
enable the wireless radio/band. Unchecking this option will  HT mode: Select the appropriate channel width for your
disable the wireless radio/band including all additional SSIDs wireless network. For greater 2.4GHz performance/data rate
configured on the specific band. capability, you can select Auto 20/40MHz (Options: 20MHz or
 Turn off wireless radio by schedule – Allows you to assign a Auto 20/40MHz). It is recommended to use the default
time schedule when the band should be turned on and off. channel bandwidth settings.
 Operating frequency – By default, the operating channel is For greater 5GHz performance/data rate capability, you can
set to Auto to automatically scan and use the best channel select Auto 20/40/80MHz (Options: 20MHz, Auto 20/40MHz,
available when the device is powered on. If you are Auto 20/40/80MHz). It is recommended to use the default
encountering interference or connectivity issues on the channel width settings.
current channel, you can select a different wireless channel Note: Please note that the default settings may provide more
for the band to operate. stability than the higher channel bandwidth settings such as
Auto 20/40MHz or Auto 20/40/80MHz for connectivity in busy

35
wireless environments where there are several wireless

networks in the area.
• 20 MHz – This mode operates using a single 20MHz
channel for wireless devices connecting at 802.11n
on both 2.4GHz and 5GHz. This setting may provide
more stability than 20/40MHz (Auto) for connectivity
in busy wireless environments where there are
several neighboring wireless networks in the area.
• Auto 20/40MHz (11n) or Auto 20/40/80MHz (11ac)
o Wireless Security – Allows you to configure the wireless
–When this setting is active, this mode is capable of
encryption/security for the wireless band. See the “How to choose the
providing higher performance only if the wireless
type of wireless security” and “Secure your wireless network” sections
devices support the channel width settings. Enabling for details configuring wireless security.
Auto 20/40MHz or Auto 20/40/80 MHz typically
results in substantial performance increases when
connecting an 802.11ac/n wireless client.
o MAC-Filter – This feature adds additional security to your wireless

• Interface Configuration band by allowing you to enter a list of specific MAC addresses that can
o General Setup either be allowed to connect (Allow listed only) or blocked (Deny
 ESSID – This is wireless network name setting for the primary listed) from connecting to your wireless network. This feature must be
SSID band. This name will differentiate your wireless network specified on each wireless band.
from other neighboring wireless networks so you can identify  MAC-Address Filter
and connect your wireless client devices. Enter the wireless • Disable - Disables MAC address filtering on the
network name to assign to the wireless band. wireless band.
 Hide ESSID – Checking this option will hide your wireless • Allow listed only (Whitelist) – Sets the MAC filter
network name from being discovered by wireless client action to allow only the MAC addresses listed and
devices scanning for available wireless networks. This will not deny all others on the wireless band.
disable the wireless band or network and wireless client • Deny listed (Blacklist) – Sets the MAC filter action to
devices can still connect. It only hides the network name from deny only the MAC addresses listed and allow all
being discovered. others on the wireless band.
 MAC- List – Enter the MAC addresses to allow or deny. For
each additional MAC address entries, click .
(e.g. a1:b2:c3:d4:e5:f6)

36
Multiple SSID - This tab involves the configuration parameters for the additional SSIDs
for a specific wireless band. Up to 7 additional SSIDs can be created per wireless band.
You can view a summarized list of the current operating SSID and channels under Status
> Overview in the Wireless section.
• General Setup
o Enabled – Checking this option will enable the additional SSID on the
o Advanced Settings specific wireless band. Before checking Enabled, click the Multiple SSID
 Separate Clients – By default, this option is left unchecked drop-down and select which index number SSID to configure.
and allows all wireless client devices that are connected to o Multiple SSID – Click the drop-down to select the index number SSID
the same wireless SSID to communicate with other wireless to configure, then check Enabled.
client devices. Checking this option will block communication o ESSID – This is wireless network name setting for the additional SSID
between wireless client devices connecting with other band. This name will differentiate your wireless network from other
wireless client devices. This feature is also known as L2 neighboring wireless networks so you can identify and connect your
isolation or L2 client isolation. wireless client devices. Enter the wireless network name to assign to
 WMM Mode – This feature enables Wi-Fi Multimedia QoS the additional SSID.
prioritization for wireless client devices that support WMM o Hide ESSID – Checking this option will hide your wireless network
using the default priority level settings. Unchecking this name from being discovered by wireless client devices scanning for
option will disable WMM QoS on the wireless band. available wireless networks. This will not disable the additional SSID
 Enable HT20/40 coexistence – Applies to 2.4GHz band only. and wireless client devices can still connect. It only hides the network
This option is enabled by default to ensure connection name from being discovered.
stability on the 2.4GHz band. When this option is enabled, the o Turn off wireless radio by schedule – Allows you to assign a time
radio will attempt to operate at the higher 40MHz channel schedule when the band should be turned on and off.
width mode if there are not too many neighboring wireless
networks. If the current wireless environment is too busy the
radio will automatically operate at the lower 20MHz channel
width mode. Unchecking this option forces the radio to
operate at the higher 40MHz channel which cause instability
if there are too many neighboring 2.4GHz wireless networks.

37
• Wireless Security – Allows you to configure the wireless encryption/security for How to choose the type of wireless security
the additional SSID. See the “How to choose the type of wireless security” and
“Secure your wireless network” sections for details configuring wireless Setting up wireless security is very important. Leaving your wireless network open and
security. unsecure could expose your entire network and personal files to outsiders. TRENDnet
recommends reading through this entire section and setting up wireless security on your
new router.
There are a few different wireless security types supported in wireless networking each
having its own characteristics which may be more suitable for your wireless network
taking into consideration compatibility, performance, as well as the security strength
along with using older wireless networking hardware (also called legacy hardware).
• Advanced Settings It is strongly recommended to enable wireless security to prevent unwanted users from
o Separate Clients – By default, this option is left unchecked and allows accessing your network and network resources (personal documents, media, etc.).
all wireless client devices that are connected to the same wireless SSID In general, it is recommended that you choose the security type with the highest
to communicate with other wireless client devices. Checking this strength and performance supported by the wireless computers and devices in your
option will block communication between wireless client devices network. Please review the security types to determine which one you should use for
connecting with other wireless client devices. This feature is also your network.
known as L2 isolation or L2 client isolation.
o WMM Mode – This feature enables Wi-Fi Multimedia QoS Wireless Encryption Types
prioritization for wireless client devices that support WMM using the • WPA: This encryption is significantly more robust than the older WEP legacy
default priority level settings. Unchecking this option will disable technology. Much of the older 802.11g hardware was been upgraded (with
WMM QoS on the additional SSID. firmware/driver upgrades) to support this encryption standard. Total wireless
speeds under this encryption type however are limited to 54Mbps.
• WPA/WPA2 Mixed Mode: This setting provides the router with the ability to detect
wireless devices using either WPA or WPA2 encryption. Your wireless network will
automatically change the encryption setting based on the first wireless device
connected. For example, if the first wireless client that connects to your wireless
network uses WPA encryption your wireless network will use WPA encryption. Only
when all wireless clients disconnect to the network and a wireless client with WPA2
encryption connects your wireless network will then change to WPA2 encryption.
Note: WPA2 encryption supports 802.11n speeds and WPA encryption will limit
your connection speeds to 54Mbps
• WPA2: This is the most secure wireless encryption available today, similar to WPA
encryption but more robust. This encryption standard also supports the highest
connection speeds. If you find that one of your wireless network devices does not
support WPA2 encryption, then set your router to either WPA or WPA-Auto
encryption. There are two cipher types available which are Temporal Key Integrity
Protocol (TKIP) and Advanced Encryption Standard (AES). AES should be used
whenever possible to ensure the highest level of security.

38
• WPA-PSK/WPA2-PSK vs. WPA-EAP/WPA2-EAP: WPA & WPA2 support two security Secure your wireless network
mechanisms, one using a pre-shared key (PSK) and the other using extensible
authentication protocol (EAP). PSK is much easier to setup and configure and Network > Wireless 2.4GHz / 5GHz1 / 5GHz2
requires manually specifying the encryption key/pre-shared key (PSK) required for By default, your router is pre-configured with wireless network names (SSIDs) and a
all wireless client devices to connect to your wireless network. EAP requires the use wireless encryption key using WPA2-PSK (AES). The predefined wireless network name
of an external authentication server and complex configuration to setup and security can be found on the sticker on the side of the router or on the device label
authentication and authorization your wireless client devices outside the scope of at the bottom of the router. The following sections involve changing the default wireless
the router. Several types of EAP that can be configured from secured password + security settings and encryption key.
certificate that require more in-depth knowledge of security configuration.
Note: Check the specifications of your wireless network adapters and wireless
appliances to verify the highest level of encryption supported. Below is brief
comparison chart of the wireless security types and the recommended configuration
depending on which type you choose for your wireless network.
Security Standard WPA WPA2
802.11a/b/g
(802.11ac/802.11n devices
will operate at
Compatible Wireless 802.11g/802.11a to connect
Standards using this standard) 802.11a/b/g/n/ac
Highest Performance Highest data rate supported
Under This Setting Up to 54Mbps by wireless device 1. Log into your router management page (see “Access your router management page”
on page 8).
Encryption Strength Medium High
2. Click on Network and click on the wireless band you would like to configure, Wireless
TKIP or AES, TKIP or AES, 2.4GHz / 5GHz1 / 5GHz2.
Additional Options
Preshared Key or RADIUS Preshared Key or RADIUS 3. Under Interface Configuration and in the Wireless Security tab, click on the
Encryption drop-down list to select your wireless security type.
TKIP AES
Recommended
Preshared Key Preshared Key
Configuration
8-63 characters 8-63 characters
Note: It is recommended to use WPA2 CCMP (AES) encryption whenever possible as it

the most secure option and supports the highest data rates supported by the wireless
network device.

39
Selecting WPA2-PSK, WPA-PSK / WPA2-PSK Mixed Mode Selecting WPA2-EAP, WPA-EAP / WPA2-EAP Mixed Mode
(WPA2-PSK recommended): The following section outlines options when selecting WPA2-EAP or WPA-EAP / WPA2-
In the Security Mode drop-down list, select WPA2-PSK or WPA-PSK / WPA2-PSK Mixed EAP Mixed Mode (EAP or RADIUS). This security type is also known as EAP (Extensible
Mode. Review the settings below. When complete, click Apply to save and commit your Authentication Protocol) or RADIUS (Remote Authentication Dial-In User Service).
changes. Review the settings below. When complete, click Apply to save and commit your
changes.
Note: This security type requires an external RADIUS server, Pre-Shared Key only requires
you to create a wireless password, pre-shared key, or passphrase.
The following section outlines options when selecting WPA2-PSK, or WPA-PSK / WPA2-
PSK Mixed Mode.
• Cipher: Select a Cipher Type to use.
o When selecting WPA-PSK / WPA2-PSK Mixed Mode security, it is recommended
to use Force TKIP and CCMP (AES).
o When selecting WPA2-PSKsecurity, it is recommended to use Force CCMP (AES).
Key: Enter the pre-shared key or passphrase. (8-63 alphanumeric characters • Cipher: Select a Cipher Type to use.
(a,b,C,?,*, /,1,2, etc.) o When selecting WPA-EAP / WPA2-EAP Mixed Mode security, it is recommended
Note: This is the wireless password, pre-shared key, or passphrase wireless client to use Force TKIP and CCMP (AES).
devices will use to connect to your wireless network. o When selecting WPA2-EAP security, it is recommended to use Force CCMP (AES).
• Radius-Authentication-Server: Enter the IP address of the RADIUS server. (e.g.
192.168.10.250)
• Radius-Authentication-Port: Enter the port your RADIUS server is configured to use
for RADIUS authentication.
Note: It is recommended to use port 1812 which is typical default port used for the
RADIUS service.
• Radius-Authentication-Secret: Enter the shared secret used to authorize your
router with your RADIUS server.

40
Guest Network Guest DHCP – The wireless guest networks are assigned to a different IP address subnet
from the router LAN network for isolation.
Network > Guest Network
• IPv4 Address – Enter the IP address interface for the wireless guest network. The IP
Creating an isolated and separate wireless guest network on each wireless band allows address subnet should be different from any other LAN or VLAN IP networks
wireless clients to connect to your network for Internet access only and keep your local configured on your router.
LAN network safe by restricting guest access to your LAN network resources such as Note: The guest network IP address subnet only supports a class C subnet, subnet
shared documents and media files on your computers, network storage, and printers. mask 255.255.255.0.
• Start – Enter the starting value of DHCP IPv4 address range for the wireless guest
1. Log into your router management page (see “Access your router management page” newtork. (e.g. If your guest network IPv4 address is 192.168.20.1, entering 120 will
on page 8). define the first IP address of the DHCP pool is 192.168.20.120)
• End – Enter the ending value of DHCP IPv4 address range. (e.g. If your LAN IPv4
2. Click on Network and click on Guest Network. address is 192.168.20.1, entering 200 will define the last IP address of the DHCP
pool is 192.168.20.200)
• Lease Time – Enter the lease time in hours (h) or minutes (m) DHCP clients will hold
3. Review the settings below. When complete, click Apply to save and commit your their IP address settings before automatically requesting a new lease (IP address
changes. settings) from the internal DHCP server. (e.g. To specify 24 hours, enter 24h. To
specify 480 minutes, enter 480m.)
First, choose the wireless band guest network you would like to configure, Wireless • Separate Clients – This option allows all wireless client devices that are connected
2.4GHz Guest Network / 5GHz1 Guest Network / 5GHz2 Guest Network. to the guest network wireless SSIDs to communicate with other wireless client
• Enable/Disable Guest Network – Selecting Enable turns on the wireless guest devices. Checking this option will block communication between wireless client
network and selecting Disable turns off the wireless guest network for the specific devices connecting with other wireless client devices. This feature is also known as
wireless band. L2 isolation or L2 client isolation.
• Network Name(SSID) - This is wireless network name setting for the guest network.
This name will differentiate your wireless network from other neighboring wireless
networks so you can identify and connect your wireless client devices. Enter the
wireless network name to assign to the wireless guest network.
• Wireless Security – Allows you to configure the wireless encryption/security for the
wireless band. See the “How to choose the type of wireless security” and “Secure
your wireless network” sections for details configuring wireless security.
Note: You can only select WPA2-PSK or WPA-PSK / WPA2-PSK Mixed Mode. EAP
security cannot be applied to the wireless guest networks.

41
WiFi client bridge mode

4. Select the WiFi network to connect to in the list by clicking on the Select button next
Administrator > Device Mode to the WiFi network name or SSID and click Connect.
The function of client bridge mode is to extend wireless connectivity to multiple wired Note: If you do not find your WiFi network in the list, you can click Rescan to scan again
Ethernet client devices. A typical application where this mode may be used is in your for networks.
home entertainment/media center where multiple network enabled media devices
require Internet or network connectivity such as an HD smart TV, game console, set top
box, or DVR. The device will first establish connectivity (similar to a wireless enabled
client device such as a laptop or mobile phone) to your wireless network (typically
provided by a wireless router or access point) and bridge the connectivity to your
network over to the wired client devices using the LAN switch ports (1-8). After selecting
and applying this mode, click on Wireless > Wireless Network and click Site Survey to
scan for the wireless network to connect and enter the wireless security key (if required)
to establish connectivity to your network. After you have successfully set up the device
to connect to your wireless network, you can plug in the device in the area where you
would like to bridge network connectivity to wired client devices using the LAN switch
ports (1-8). In this mode, the device can only connect to one band at a time (2.4GHz or
5GHz) and will not provide any of the access control features typically provided in router
mode.
5. If the network selected network requires a WiFi password/key, enter the key under
on page 8). WiFi Key/Password and click Apply to save and commit your changes.
Note: The router keep the existing static LAN IP address settings after you have
2. Click on Administrator and click on Device Mode. connected to a WiFi network.
Note: After changing the device mode to client bridge, the router will keep the existing
static LAN IP address. By default, the static LAN IP address: 192.168.10.1 /
255.255.255.0.
3. After the device completely apply the configuration changes and reboots, click
Network and click Site Survey to scan for available wireless networks.

42
Connect wireless devices using WPS 4. The WPS LED on the front panel will flash repeatedly when the WPS process is
activated. The WPS LED will flash for approximately 2 minutes.
Network > WPS
WPS (Wi-Fi Protected Setup) is a feature that makes it easy to connect devices to your
wireless network. If your wireless devices support WPS, you can use this feature to 5. Wait for the status of the wireless client device to inidicate that connection was
easily add wireless devices to your network. successful.
Note: You will not be able to use WPS if you set the Hide ESSID option to enabled under
Network > Wireless 2.4GHz / Wireless 5GHz1 / Wireless 5GHz2 sections. PIN (Personal Identification Number)
If your wireless client device has WPS PIN (typically an 8-digit code printed on the
There are two methods the WPS feature can easily connect your wireless devices to wireless device product label or located in the wireless device wireless software utility),
your network. you can use this method.
• Virtual Push Button Configuration (PBC) method (Recommended)
on page 8).
• PIN (Personal Identification Number) Method - located in router management page
Note: Refer to your wireless client device documentation for details on the operation
of WPS. 2. Click on Network and click on WPS.
3. To add a wireless device to your network, in the Station PIN field, enter the 8-digit
PBC (Software/Virtual Push Button) numeric PIN number of the wireless client device and click ADD ENROLLLE.
In addition to the hardware push button located physically on your router, the router Note: You may need to initiate the WPS PIN on your wireless device first when using this
management page also has push button which is a software or virtual push button you method. Refer to your wireless client device documentation for details on the operation
can click to activate WPS on your router. of WPS.
on page 8).
4. Wait for the status of the wireless client device to inidicate that the connection was
2. Click on Network and click on WPS. successful.
3. To add a wireless device to your network, under WPS Method, next to Push Button,
click the PBC Start button. Then push the WPS button on the wireless device (consult
wireless client device’s User’s Guide for length of time) you are connecting to your
router.

43
Below is a reference of the additional settings if you choose to make other configuration • Network Name(SSID) – Displays the current wireless network name for each
changes to these sections. Review the settings below. When complete, click Apply to wireless band.
save and commit your changes. • Security – Displays the current security used on each wireless band.
• Status – Displays the current configuration status of WPS on the router.
WPS Configuration
• Enable – Check this option to enable WPS or uncheck to disable WPS.
• Band Trigger – Click the drop-down list to select which wireless band to trigger
and activate for WPS connectivity. Select the wireless band and click Apply first
before initiating WPS connection to a wireless client device.
• External Registrar Enable – By default, the router functions in WPS registrar
mode. In WPS client connectivity, one device functions as a registrar and the
other functions as an enrollee. Checking this option will allow the router to
function enrollee mode instead of registrar mode. For security purposes, it is
recommended to leave this settings unchecked/disabled.
WPS Method
• Push Button
o PBC Start/PBC Again – Clicking this button will activate WPS.
o PBC Stop – Clicking this button will stop the WPS process.
• Station PIN – Enter the wireless client device 8 digit WPS PIN number and click
ADD ENROLLEE to activate WPS via PIN.
• Device PIN – This displays the router current WPS PIN. Wireless client devices
may have the ability to enter the PIN of the wireless router/access point you
would like to connect. Instead of entering the wireless client device PIN under
station PIN, you can enter the router device PIN in the wireless client device to
activate WPS via PIN method.
WPS Status
• Current Status – Displays the current WPS process status.

44
Steps to improve wireless connectivity 4. Interference from devices that produce RF (radio frequency) noise can also
impact your signal. Position your wireless devices away from anything that
generates RF noise, such as microwaves, radios and baby monitors.
There are a number of factors that can impact the range of wireless devices. Follow
these tips to help improve your wireless connectivity:
If possible, upgrade wireless network interfaces (such as wireless cards in computers)
from older wireless standards to 802.11n or 802.11ac. If a wirelessly networked device
1. Keep the number of obstructions to a minimum. Each obstruction can reduce uses an older standard, the performance of the entire wireless network may be slower.
the range of a wireless device. Position the wireless devices in a manner that If you are still experiencing low or no signal consider repositioning the wireless devices,
will minimize the amount of obstructions between them. installing additional access points or wireless extenders.
a. For the widest coverage area, install your router near the center of
your home, and near the ceiling, if possible.
b. Avoid placing the router on or near metal objects (such as file cabinets
and metal furniture), reflective surfaces (such as glass or mirrors), and
masonry walls.
c. Any obstruction can weaken the wireless signal (even non-metallic

objects), so the fewer obstructions between the router and the
wireless device, the better.
d. Place the router in a location away from other electronics, motors,

and fluorescent lighting.
e. Many environmental variables can affect the router’s performance, so

if your wireless signal is weak, place the router in several locations and
test the signal strength to determine the ideal position.
2. Building materials can have a large impact on your wireless signal. In an indoor
environment, try to position the wireless devices so that the signal passes
through less dense material such as dry wall. Dense materials like metal, solid
wood, glass or even furniture may block or degrade the signal.
3. Antenna orientation can also have a large impact on your wireless signal. Use
the wireless adapter’s site survey tool to determine the best antenna
orientation for your wireless devices.

45
Firewall & security settings
General settings
Network > Firewall > General Settings
on page 8).
2. Click on Network, click on Firewall, and click on the General Settings tab.
changes.
General Settings
WAN Ping Respond
• Enable – By default, this function is disabled to prevent the WAN port interfaces
from responding to ping/ICMP requests. Enabling this option will set your WAN port
interfaces to respond ping/ICMP requests from the Internet.

46
Port forwarding rules

• External Port – Enter the external port number for the service to allow.
Network > Firewall > Port Forward Note: You can also enter a consecutive range of ports in the following format: 80-90
Port forwarding rules allow to create inbound rules from the WAN interfaces/Internet to
your internal computers or devices for specific services/protocols such as a file server
(FTP), IP camera, web server (HTTP/HTTPS), or remote access, etc.
1. Log into your router management page (see “Access your router management page” • Internal IP address – Click the drop-down list to select a device from the list or
on page 8). enter the local/internal IP address of the device to forward the port/protocol
service.
2. Click on Network, click on Firewall, and click on the Port Forward tab.
3. Review the settings below. When complete, click Add to add the new entry to the list • Internal Port – Enter the internal port number for the service to allow.
and Apply to save and commit your changes. Note: You can also enter a consecutive range of ports in the following format: 80-90
Typically, the internal port or port range is same as the external port or port range.
• Name – Enter a name for the new port forwarding rule.
• Schedule – Allows you to select a schedule when the port forwarding rule should be
• Protocol – Click the drop-down list to select the protocol for the service to allow: enabled or disabled.
TCP, UDP, TCP+UDP, or Other.
• External Interface – Click the drop-down list to select the external WAN interface(s)
to allow: WAN1, WAN2, or WAN1+WAN2. For example, choosing WAN1 will only Note: To restrict access to source IP address, after you have created the port forward
allow the port forward to work on inbound connection requests on WAN1 only and rule, click Edit on the port forwarding entry in the list and enter the IP address in Source
inbound connections requests on WAN2 will be denied. IP address field, then click Apply.

47
Port trigger rules

• Trigger Protocol – Click the drop-down list to select the trigger port protocol for the
Network > Firewall > Port Trigger service to allow: TCP, UDP, or TCP+UDP.
Port triggering is typically used for applications that require a range of ports to be
dynamically opened on request to an internal device on your network. The router will
wait for a request on a specific port or range of ports (trigger port) from a device on
your network and once a request is detected by your router, the router will forward a
port or range of ports (match port) to the device on your network.
• Trigger Port – Enter the match port number for the service to allow.
Note: You can also enter a consecutive range of ports in the following format: 80-90
on page 8).
2. Click on Network, click on Firewall, and click on the Port Forward tab.
• Internal Port – Enter the internal port number for the service to allow.
3. Review the settings below. When complete, click Add to add the new entry to the list Typically, the internal port or port range is same as the external port or port range.
and Apply to save and commit your changes.
• Name – Enter a name for the new port trigger rule.
• Schedule – Allows you to select a schedule when the port trigger rule should be
enabled or disabled.
• Match Protocol – Click the drop-down list to select the match port protocol for the
service to allow: TCP, UDP, or TCP+UDP.
• Match Port – Enter the match port number for the service to allow.

48
IP filtering • Protocol – Click the drop-down list to select the protocol for the service to restrict:
All, TCP, UDP, TCP+UDP, or ICMP.
Network > Firewall > IP Filtering
IP filtering allows you to restrict access to the Internet to specific IP addresses on your
network. You can check the current IP addresses assigned to devices connected to your
router under Status > Overview under the DHCP leases section. You can also lock the IP
address assigned to specific devices connected to your router by adding static DHCP • Src Port – This is the source port number. Enter the source port number for the
leases or reservations. service to restrict.
on page 8).
2. Click on Network, click on Firewall, and click on the IP Filtering tab. • Dst Port – This is the destination port number. Enter the destination port number
for the service to restrict.
3. Review the settings below. When complete, click Add to add the new entry to the list Note: You can also enter a consecutive range of ports in the following format: 80-90
• Name – Enter a name for the new IP filtering rule.
• Schedule – Allows you to select a schedule when the IP filter rule should be enabled
or disabled.
• Src IP – This is the source IP address or device IP address to filter. Click the drop-
down list to select a device from the list or enter the local/internal IP address of the
device to filter or restrict.
• Dst IP – This is the destination IP address for the IP filtering rule. Since the IP
filtering rule only applies to outbound Internet access, this will need to be a public
Internet IP. You can leave this setting blank to set the rule to apply to any public
Internet IP address.

49
MAC filtering 4. Review the settings below. When complete, click Add to add the new entry to the list
Network > Firewall > MAC Filtering
• Name – Enter the name for the MAC filter rule.
Every network device has a unique, 12-digit MAC (Media Access Control) address. MAC
• MAC Address – Click the drop-down list to select a device from the list or enter
filtering allows you to restrict access to the Internet to specific MAC addresses on your
the MAC address manually. (e.g. a1:b2:c3:d4:e5:f6)
network. MAC filtering in this section applies to both wired and wireless devices. To
create MAC filtering rules on your wireless network only, go to the Wireless Settings • Schedule – Allows you to select a schedule when the MAC filter rule should be
section under MAC-filter. You can check the current MAC addresses of devices enabled or disabled.
connected to your router under Status > Overview under the DHCP leases section.
on page 8).
2. Click on Network, click on Firewall, and click on the MAC Filtering tab.
3. Check the Enable option to enable MAC filtering and select Mode.
Note: Please make sure to add the MAC addresses in the list first before clicking Apply.
• Enable – Check this option to enable MAC filtering.
• Mode – Select the mode used for MAC filtering.
o Deny Mode (Blacklist) – Sets the MAC filter action to deny only the
MAC addresses listed and allow all others access to the Internet.
o Allow Mode (Whitelist) – Sets the MAC filter action to allow only the
MAC address listed and deny all others access to the Internet.
Important Note: Please make sure to add the MAC addresses in this
list before applying the setting especially in Allow mode.

50
Denial of service (DoS) prevention DMZ Host

Network > Firewall > DoS Prevention Network > Firewall > DMZ Host
The router supports prevention against common denial of service (DoS) attacks. You may want to expose a specific computer or device on your network to the Internet
Malicious users use denial of service attacks to temporarily or permanently disrupt the to allow anyone to access it. Your router includes the DMZ (Demilitarized Zone) feature
availability of services from network resource such as your router. Typically, DoS attacks that makes all the ports and services available on the WAN/Internet side of the router
are achieved by flooding a specific network resource by excessively sending unnecessary and forwards all ports to a single IP address (computer or network device) on your
requests which can cause the network device or resource to stop functioning. network. The DMZ feature is an easy way of allowing access from the Internet however,
it is a very insecure method and will open your local area network to greater threats
from Internet attacks. It is recommended to use port forwarding instead to limit rules to
specific ports/services only.
on page 8).
2. Click on Network, click on Firewall, and click on the DoS Prevention tab.
on page 8).
3. Review the settings below. When complete, Apply to save and commit your changes.
2. Click on Network, click on Firewall, and click on the DMZ Host tab.
Choose the DoS prevention type to enable, TCP SYN flood, UDP flood, or ICMP flood.
• Enable – Check this option to enable DoS prevention.
3. Review the settings below. When complete, Apply to save and commit your changes.
• Rate (times per second) – This value limits the amount of packets that can be
received by the router per second for a specific session.
• Burst – This value limits the total amount of packets that can be received and • Enable – Check this option to enable DMZ host.
stored in buffer memory for a specific session. • DMZ Host IP Address - Enter the IP address you assigned to the computer or
network device to expose to the Internet. (e.g. 192.168.10.250)

51
One-to-One NAT • External Interface – Click the drop-down list to select the external WAN interface(s)
to allow: WAN1, WAN2, or WAN1+WAN2. For example, choosing WAN1 will only
Network > Firewall > One-to-One NAT allow the port forward to work on inbound connection requests on WAN1 only and
If you have multiple static public WAN/Internet IP addresses assigned by your ISP, you inbound connections requests on WAN2 will be denied.
can map the additional public IP addresses to a local computer or device on your
network and allow all or specific ports or services similar to port forwarding but using
different public IP addresses through your router. Please check with your ISP if you have
multiple static public IP addresses available that can be used to map to devices on your
local network.
Note: This feature will only work when using a static IP address WAN type/protocol. • Forwarding Mode - Select DMZ to forward all ports/protocols or Port Forwarding
to specify which ports/protocols to allow.
on page 8).
2. Click on Network, click on Firewall, and click on the One-to-One NAT tab. o DMZ – Selecting this option will set the rule to forward all
ports/protocols to the device internal private IP address.
3. Review the settings below. When complete, click Add to add the new entry to the list  Schedule – Allows you to select a schedule when the port
and Apply to save and commit your changes. forwarding rule should be enabled or disabled.
• Name – Enter a name for the new one-to-one NAT rule.

o Port Forward – Selecting this option will allow to set the specific
ports/protocols to allow for the rule.
 Protocol – Click the drop-down list to select the protocol for
the service to allow: TCP, UDP, TCP+UDP, ICMP, or Custom.
• Private IP address – Click the drop-down list to select a device from the list or enter
the local/internal IP address of the device to forward the port/protocol service.
 External Port – Enter the external port number for the service
to allow. Note: You can also enter a consecutive range of
ports in the following format: 80-90
• Public – Enter the additional static public Internet IP address you would like to map
to the local/internal IP address.  Internal Port – Enter the internal port number for the service
to allow. Note: You can also enter a consecutive range of
ports in the following format: 80-90
Typically, the internal port or port range is same as the
external port or port range.

52
 Enable NAT Loopback – Checking this option will allow

devices to resolve the additional public static IP addresses
from the local interfaces (e.g. LAN, VLAN). Unchecking this
option will not allow to devices to resolve the additional
public static IP addresses from the local interfaces. (e.g. LAN,
VLAN)
 Schedule – Allows you to select a schedule when the port

forwarding rule should be enabled or disabled.

53
RADIUS Authentication
Network > Administrator > RADIUS
For additional security, the RADIUS authentication feature will allow you use an external
RADIUS server to access the router management configuration page instead of using the
internal administrator user account.
Note: This feature requires an external RADIUS authentication server to be set up and
configured prior to enabling the feature on your router.
on page 8).
2. Click on Administrator and click on RADIUS.
changes.
• RADIUS Authentication – Check this option to enable RADIUS authentication.

• Server IP Address – Enter the IP address of the external RADIUS server.
• Server Port – Enter the port used for the RADIUS service.
Note: The default port used for RADIUS server authentication is 1812.
• Server Secret – Enter the shared secret used to authorize the router for use with
the external RADIUS server.
• Confirm Secret – Re-enter the shared secret for confirmation.
• Timeout – Enter the RADIUS server authentication timeout value in seconds. This is
the number of seconds between transmissions for authentication requests.
Note: If you encounter issues with repeated authentication attempts, it is
recommended to increase this value.
• Retries – Enter the number of retries allowed before RADIUS server will deny
authentication requests for a specific user.
• Allow local account login – Checking this option will still allow login to the router
configuration page using the internal administrator account.

54
Multiple WAN Configuration MWAN Status

• Interface Live Status – This section displays the current status of the WAN
interfaces of your router. Tracking is enabled using physical link status and L2 based
methods but the tracking status displayed refers to the status of IP based link
tracking which can be configured under the Link Tracking section.
Link Tracking – Allows you to setup WAN link tracking by pinging Internet IP addresses.
• Enable Tracking – Checking this option enables IP based WAN link tracking on the
specific WAN interface.
• Tracking IP – Enter an Internet IP address to send ping requests used to verify the
link status of a specific WAN interface. You can add additional IP address by clicking
.
Multiple WAN Management Settings • Ping Interval – Click the drop-down list to set the time interval between
Network > Multiple WAN consecutive ping requests.
The section provides an overview of the multiple WAN management settings and the • Fail Count – Click the drop-down list to set the maximum number of failed ping
dual WAN mode functionality. requests before interface status is considered to be down or failed.
on page 8).
2. Click on Network and click on Multiple WAN.
changes.
Note: Multiple WAN diagnostics can be used under Administrator > Diagnostics under
the MWAN Interface Diagnostics section.

55
Default Traffic Rule

• Policy – This setting controls the default WAN mode for Internet connectivity access
for all local interface such as LAN, wireless LAN, and VLAN interfaces.
o WAN1 (Failover to WAN2) – This is the default WAN mode. In this

mode, the primary WAN interface is set to WAN1 and secondary WAN
interface is set to WAN2. All traffic will be routed only through WAN1
and will only route to WAN2 for Internet connectivity if the WAN1
primary interface link status fails. If WAN1 connectivity is restored, all
Internet traffic will revert back to the primary WAN1 interface.
o WAN2 (Failover to WAN1) –In this mode, the primary WAN interface o Load Balance – In this mode, Internet traffic will be routed to both
is set to WAN2 and secondary WAN interface is set to WAN1. All traffic WAN1 and WAN2 interfaces based on weighted percentage. Traffic
will be routed only through WAN2 and will only route to WAN1 if the will be distributed to WAN1 and WAN2 based on the total of sessions
WAN2 primary fails or is disconnected. If WAN2 connectivity is and weighted % assignment. For example: If selecting a weight of 60%
restored, all Internet traffic will revert back to the primary WAN2 : 40% (WAN1:WAN2), 60% of all Internet sessions will be sent to
interface. WAN1 and the remaining 40% will be sent to WAN2.
o WAN1 (Fixed) – In this mode, all Internet traffic will only be routed to o Default (Use main routing table) – Selecting this option will use the
the WAN1 interface. The WAN2 interface is not used. internal routing table to make routing decisions between WAN1 and
o WAN2 (Fixed) – In this mode, all Internet traffic will only be routed to WAN2 and allow you to device custom policies under the Advanced
the WAN2 interface. The WAN1 interface is not used. tab.

56
Web Management System (Router Limits™) 4. Wait until the Current Status is Ready and your Pairing Code has been generated.
Then click Sign Up & Activate.
Router Limits web management system allows you to easily setup and monitor the
content accessed by devices on your network to maximize Internet bandwidth usage,
control, and productivity. Sign up today for your free account.
Note: Please make sure to set your router date and time settings correctly to ensure
proper functionality of the Router Limits feature. Subscription based web management
filtering content services are available with account sign up. Additional upgrades may be
available with an additional cost. Services may be subject to change without notice.
Setup your router with Router Limits 4. At the signup page, click Yes, activate my hardware.
Network > VPN
on page 8).
2. Click on Services and click on Router Limits™.
3. Choose which mode to enable for Router Limits.

• Enabled without bandwidth monitoring – Enables the standard Router Limits
services.
• Enabled with bandwidth monitoring (reduces LAN > WAN performance) –
Enables Routers Limits functionality with the additional bandwidth monitoring
function.
Note: Enabling the option with bandwidth monitoring will significantly decrease
LAN to WAN performance.

57
5. At the welcome page, enter your email address to use for account creation and sign 6. At the pair hardware page, the pairing code displayed should match the pairing code
up and click Submit. Follow the remaining steps to create your Router Limits account. displayed in your router management page. If the pairing code does not match, you can
click Auto Detect to automatically copy the router pairing code into the field or you can
manually enter the correct pairing code. After you have verified the correct pairing code
is entered, click Pair.
7. After your Router Limits account has been created and your router paired, you will
automatically be brought to your web management dashboard. The Current Status on
your router will display Online that the content management service is running and
paired with your online account.

58
Router Limits Content Management

This section will provide a basic overview of the content management pages of your • Limits – Content filtering rules and scheduling are configured on this
online Router Limits account. page. By default, all web content is allowed without restrictions. You can define
new custom limits with a specific schedule along with a set of different
restrictions or configuration options. Each template can be assigned to a
specific group.
• Dashboard – This page displays an overview of the service status and
the devices connected to your network.
• Devices and Groups – This page displays the groups and devices
assigned to each group. Content filters and scheduling can be assigned for each
group. By default, new devices are assigned to the Guest group. New groups
can be created and devices reassigned to new groups for easy management.

59
Restrictions Options
o Block Everything – Enabling this setting will completely block all o Safe-Search – Enables this setting enforces the use safe search to be
Internet access. (Blacklist) enabled for Google and Bing search engines.
o Categories – Enabling this setting will block content based on o YouTube Restricted Mode – Enabling this setting enforces YouTube
categories such as social media, sports, shopping, and proxy websites, safety mode. (Currently not supported on mobile devices)
etc. o Block Unknown Traffic – Enabling this setting blocks all unknown IP
o Sites – Enabling this setting will block access to popular websites such addresses (specifically those used with VPN services or proxy services).
as Facebook, Instagram, Youtube, Vimeo, Netflix, etc. It is recommended to leave this setting off unless explicitly required.
o URLs – Enabling this setting will allow you manually enter in specific
domain names/URLs to block access.
• History – This page will display the Internet access history through
your router. This page will also displays timestamps of when websites were
accessed and which devices access each site.
Exceptions – This setting allows you to configure exceptions and allow access.

60
• Settings – This page will display the current status of service account
and router as well as allow you to set the time zone settings.
• Support – This page will display provide support on information on the

Router Limits web management system and allow you to submit support
tickets if needed.
You can access and manage your Router Limits account configuration settings through
https://routerlimits.com and logging in.
If behind your router, you can also access your account by going to Services > Router
Limits™ in your router management page and clicking Manage Account.

61
Virtual Private Networking (VPN) Tunneling methods supported by your router:
• SSL (Secure Socket Layer) VPN – This type of VPN can be used for Client-Server
Creating a Virtual Private Network (VPN) VPN only. There is support for both Layer 3 and Layer 7 network access with
Network > VPN SSL VPN but your router only supports Layer 3 access. Additionally, your router
utilizes the use of OpenVPN® for SSL VPN. The third party software client is
available for free download using the following link for both Windows® and
What is a VPN? Linux operating systems https://openvpn.net/index.php/open-
A VPN provides secure communications typically over the Internet by creating a secure source/downloads.html.
tunnel between two or more VPN routers (gateways) also known as a site-to-site VPN or
between a single client computer and a VPN router (gateway) also known as a client- • IPsec (Internet Protocol Security) VPN – This type of VPN can be used for
server VPN. either Site-to-Site VPN or Client-Server VPN, however, the most common
application for this type is a Site-to-Site VPN. This type of VPN can provide
highest degree of security. For a Client-Server VPN, typically, a third party VPN
On your router, the following types of tunnels can be created: client software is required to be installed and configured and can be difficult
• Site-to-Site VPN – Connects two or more VPN routers (gateways) allowing the when installing and configuring on VPN client computers. This VPN type can
LAN network from each router to securely communicate to each other over the provide the highest degree of security.
Internet. Tunneling Methods: IPsec
• PPTP (Point-to-Point Tunneling Protocol) VPN – This type of VPN can be used
for Client-Server VPN only however both server mode and client mode are
supported on your router. Most computer operating systems already include a
pre-installed PPTP VPN client software that can be easily configured which
eliminates the need for an additional third party VPN client software to be
purchased and installed. Since it provides less security overall than IPsec VPN, it
is not recommended for a Site-to-Site VPN.
• Client-Server VPN – A single client computer or device with VPN client software • L2TP (Layer 2 Tunneling Protocol) VPN – This type of VPN is very similar to
installed connects to a VPN router (gateway) allow the single client computer PPTP VPN as it is most commonly used for a Client-Server VPN, pre-installed on
or device to securely communicate to the LAN network of the VPN router over most computer operating systems and easy to configure, and provides less
the Internet. Tunneling Methods: IPsec/SSL(OpenVPN)/PPTP/L2TP/L2TP with overall security than IPsec VPN. Most of the current operating systems with
IPsec L2TP VPN client software pre-installed use L2TP VPN in conjunction with IPsec
VPN to improve the overall security provided. This router does not support the
L2TP over IPsec VPN method.
Important Note: For any tunneling or VPN method used, to avoid IP address conflict and
to ensure connectivity, it is required that each end (LAN IP network or single client) of the
VPN tunnel is configured with a different IP network or subnet.

62
PPTP VPN Server 5. In the Client IP field, enter an IP address range (within the same LAN IP subnet range)
to assign to PPTP VPN clients. By default, the router LAN DHCP server pool is
Network > VPN > PPTP Server 192.168.10.101-192.168.10.199, therefore, we will assign a range that does not conflict
You can enable and configure the PPTP VPN server on your router to allow remote with the DHCP server range such as 192.168.10.10-192.168.10.20.
computers or mobile devices with PPTP VPN support to connect securely over the
Internet and access the company LAN network.
6. Click the Authentication drop-down list and select MS-CHAPv2.
7. Under the User Account section, enter a profile name for the new user account and
click Add. (e.g. User1)
Setting up the PPTP VPN server
on page 8).
8. Check the Enable option and enter a User name and Password for the new user
account. (e.g. User name: user1 / Password: user1)
2. Click on Network, click VPN, and click the PPTP Server tab.
3. Under Service Setting, check the Enable option to enable the PPTP server.
4. In the Local IP field, enter the LAN IP address. (Default LAN IP: 192.168.10.1)
Note: Entering the LAN IP address as the Local IP of the PPTP server ensures your PPTP 9. Click Apply and the bottom of the page so save and commit the changes.
VPN clients are able to access the Internet and the router LAN network via full tunneling.
If an IP address different from the LAN IP is entered, PPTP VPN clients will be allowed to
access router LAN and not the Internet.
10. Click on the Status > Overview page and under the Network section, make note of
your WAN IPv4 addresses to configure the PPTP VPN clients. You can also configure
dynamic DNS to use a dynamic DNS hostname instead of dynamic WAN IP address.

63
Note: For the VPN client computer, you will require a third party PPTP VPN software to Below is a reference of the additional PPTP VPN server settings if you choose to make
be installed configured matching the PPTP VPN settings on your router. Typically, PPTP other configuration changes to these sections.
VPN software is pre-installed with most operating systems. Please refer to your
operating system or mobile device User’s Guide/Manual for configuring the VPN
• Enable – Check this option to enable the PPTP VPN server.
settings.
• Local IP – Enter an IP address for the PPTP VPN server. This should be the same
as your LAN IPv4 address to allow both access to LAN network and Internet to
VPN clients via full tunneling. (e.g. 192.168.10.1)
• Client IP – Enter the IP address pool to distribute to your PPTP VPN clients after
they establish VPN connectivity. This should be in the same IPv4 subnet used as
your Local IP address. If using the same as the router LAN IP address, make sure
to assign a range different from your LAN DHCP server IP range. (e.g.
192.168.10.10-192.168.10.20)
• MS-DNS 1 – Enter the IPv4 address of the primary DNS server to distribute to
PPTP VPN clients after they establish VPN connectivity. This parameter is
optional. (e.g. 8.8.8.8)
• MS-DNS 2 – Enter the IPv4 address of the secondary DNS server to distribute to
• MS-WINS 1 – Enter the IPv4 address of the primary WINS server to distribute to
optional. (e.g. 192.168.10.32)
• MS-WINS 2 – Enter the IPv4 address of the secondary WINS server to distribute
to PPTP VPN clients after they establish VPN connectivity. This parameter is
optional. (e.g. 192.168.10.33)
• Authentication – Click the drop-down list and select the authentication
protocol to use for PPTP VPN authentication, PAP/CHAP/MS-CHAPv1/MS-
CHAPv2. It is strongly recommended to use MS-CHAPv2 since it offers the
highest degree of security from these options and is supported by most
modern computers and mobile devices.

64
Setting up the PPTP VPN client (Windows) 5. Click the VPN provider drop-down list and select Windows (built-in).
Note: This procedure provides a basic example how to setup PPTP VPN and establish
connectivity using a Windows® 10 client computer. If you are using a different operating
system or mobile device, please refer to the user’s guide/manual of the third party
operating system or device on configuring PPTP VPN. The PPTP VPN settings must match
with the settings configured on the router.
6. Enter a name in the Connection name field.
1. Click the Start button and click the Settings icon.
Start Button Settings icon
7. Enter the Internet WAN IP address, DNS, or dynamic DNS hostname of your router to
2. Click Network & Internet.
connect over the Internet. In the example below, the Internet WAN IP address of the
router is 10.10.10.10. In your router, you can check the WAN IP address under Status
> Overview, under Network in the IPv4 status section.
3. Click VPN in the left panel.

8. Click the VPN type drop-down list and select Point to Point Tunneling Protocol
(PPTP).
4. Under VPN, click Add a VPN connection.
9. Click the Type of sign-in info drop-down list and select User name and password.

65
10. You can choose to enter the account credentials in the fields provide for L2TP VPN Server
authentication or if not, you will be prompted when attempting to establish PPTP VPN
connection to your TEW-829DRU router. Click Save. Network > VPN > L2TP Server
You can enable and configure the L2TP VPN server on your router to allow remote
computers or mobile devices with L2TP support to connect securely over the Internet
and access the company LAN network. It is strongly recommended to enable L2TP VPN
server with IPsec instead of L2TP VPN only due to the higher degree of security offered
and supported on most modern computers and mobile devices.
11. Under VPN, the new VPN connection will be listed. Click Connect.
Setting up the L2TP VPN server without IPsec encryption
on page 8).
2. Click on Network, click VPN, and click the L2TP Server tab.
3. Under Service Setting, check the Enable option to enable the L2TP server.
12. The status will display Connected if the PPTP VPN connection was successful.
Note: Entering the LAN IP address as the Local IP of the L2TP server ensures your L2TP
If an IP address different from the LAN IP is entered, L2TP VPN clients will be allowed to
access router LAN and not the Internet.

66
5. In the Client IP field, enter an IP address range (within the same LAN IP subnet range)
to assign to L2TP VPN clients. By default, the router LAN DHCP server pool is
192.168.10.101-192.168.10.199, therefore, we will assign a range that does not conflict
with the DHCP server range such as 192.168.10.10-192.168.10.20.
6. Check the Access LAN option to ensure VPN clients can access the router LAN
interface. Note: If VLANs interfaces are created, they will available under Access vlan.
7. Click the Authentication drop-down list and select MS-CHAPv2.
click Add. (e.g. User1)
10. Click Apply and the bottom of the page so save and commit the changes.

67
Setting up the L2TP VPN server with IPsec encryption (PSK) 7. Remove any settings for DNS Server 1 & 2. These are optional parameters.
1. Log into your router management page (see “Access your router management page” 8. Click the Authentication drop-down list and select MS-CHAPv2.
on page 8).
2. Click on Network, click VPN, and click the L2TP Server tab.
3. Under Service Setting, check the Enable option to enable the L2TP server. click Add. (e.g. User1)
Note: Entering the LAN IP address as the Local IP of the L2TP server ensures your L2TP
If an IP address different from the LAN IP is entered, L2TP VPN clients will be allowed to
access only the router LAN and not the Internet.
11. Click Apply and the bottom of the page so save and commit the changes.
5. In the Client IP field, enter an IP address range (within the same LAN IP subnet range)
to assign to L2TP VPN clients. By default, the router LAN DHCP server pool is
192.168.10.101-192.168.10.199, therefore, we will assign a range that does not conflict
with the DHCP server range such as 192.168.10.10-192.168.10.20.
12. Click on Network, click VPN, and click the IPsec tab.
13. Under Overview, enter a tunnel name and click Add. (e.g. L2TPwIPsec)
6. Check the Access LAN option to ensure VPN clients can access the router LAN
interface. Note: If VLANs interfaces are created, they will available under Access vlan.

68
143. Click the Connection type drop-down list and select Remote Access (Roadwarrior). Below is a reference of the additional L2TP VPN server settings if you choose to make
other configuration changes to these sections.
• Enable – Check this option to enable the L2TP VPN server.

14. Click the Authentication type drop-down list and select L2TP/IPSec PSK. • Local IP – Enter an IP address for the L2TP VPN server. This should be different
from your LAN IPv4 address and any other VLAN IPv4 addresses you are using
on your router. (e.g. 192.168.0.1)
• Client IP – Enter the IP address pool to distribute to your L2TP VPN clients after
they establish VPN connectivity. This should be in the same IPv4 subnet used as
your Local IP address. (e.g. 192.168.0.100-192.168.0.254)
15. In the Local field enter the local WAN1 IP address and click Apply. (e.g. 10.10.10.10)
• Access lan - Checking this option will allow L2TP VPN clients to access the
router LAN IPv4 interface network.
• Access vlan – If VLAN IPv4 interfaces are created on your router, they will be
displayed and you can allow L2TP VPN clients access to specific VLAN
interfaces.
• DNS Server 1 – Enter the IPv4 address of the primary DNS server to distribute
to L2TP VPN clients after they establish VPN connectivity. This parameter is
16. Under Authentication Key, enter the Pre-Shared Key (PSK) for the IPsec VPN tunnel
• DNS Server 2 – Enter the IPv4 address of the secondary DNS server to
and click Apply. (e.g. 1234567890)
distribute to L2TP VPN clients after they establish VPN connectivity. This
parameter is optional. (e.g. 8.8.4.4)
• Authentication – Click the drop-down list and select the authentication
protocol to use for L2TP VPN authentication, PAP/CHAP/MS-CHAPv1/MS-
CHAPv2. It is strongly recommended to use MS-CHAPv2 since it offer the
highest degree of security from these options and is supported by most
modern computers and mobile devices.
Note: For the VPN client computer, you will require a third party L2TP with IPsec VPN
software to be installed configured matching the L2TP with IPsec VPN settings on your
router. Typically, L2TP with IPsec VPN software is pre-installed with most operating
systems. Please refer to your operating system or mobile device User’s Guide/Manual for
configuring the VPN settings.

69
Setting up the L2TP VPN client (Windows) with IPsec encryption (PSK) 5. Click the VPN provider drop-down list and select Windows (built-in).
Note: This procedure provides a basic example how to setup L2TP with IPsec VPN and
establish connectivity using a Windows® 10 client computer. If you are using a different
operating system or mobile device, please refer to the user’s guide/manual of the third
party operating system or device on configuring L2TP with IPsec VPN. The L2TP with
IPsec VPN settings must match with the settings configured on the router.
6. Enter a name in the Connection name field.
1. Click the Start button and click the Settings icon.
Start Button Settings icon
2. Click Network & Internet. 7. Enter the Internet WAN IP address, DNS, or dynamic DNS hostname of your router to
connect over the Internet. In the example below, the Internet WAN IP address of the
router is 10.10.10.10. In your router, you can check the WAN IP address under Status
> Overview, under Network in the IPv4 status section.
3. Click VPN in the left panel.

8. Click the VPN type drop-down list and select L2TP/IPsec with pre-shared key.
4. Under VPN, click Add a VPN connection.
9. Enter the IPsec pre-shared key (PSK).
10. Click the Type of sign-in info drop-down list and select User name and password.

70
10. You can choose to enter the account credentials in the fields provide for
authentication or if not, you will be prompted when attempting to establish PPTP VPN
connection to your TEW-829DRU router. Click Save.
11. Under VPN, the new VPN connection will be listed. Click Connect.
12. The status will display Connected if the PPTP VPN connection was successful.

71
IPsec (Internet Protocol Security) VPN Router A Configuration
Setting up IPsec site-to-site VPN (PSK)

Network > VPN > IPsec
To configure and IPsec site-to-site VPN tunnel with pre-shared key (PSK) between two
routers:
• Ensure that your router is connected to the Internet and computers and
devices are able to access the Internet through your router and make note of 1. Log into your router management page (see “Access your router management page”
the WAN (Internet) IP assigned to both routers under the Status > Overview on page 8).
page.
Example: 2. Click on Network, click VPN, and click the IPsec tab.
VPN Router A WAN1 (Internet) IP Address: 10.10.10.10
VPN Router B WAN1 (Internet) IP Address: 10.10.10.20 3. Under Overview, enter a tunnel name and click Add. (e.g. Tunnel1)
• Make sure the LAN IP network on each VPN router is a different IP subnet.
Note: Changing the LAN IP address of your router will change the LAN IP
network of your router.
Example: 4. Click the Connection type drop-down list and select Site-to-Site.
VPN Router A LAN IP Settings: 192.168.10.1 / 255.255.255.0
VPN Router B LAN IP Settings: 192.168.100.1 / 255.255.255.0
5. Click the Authentication type drop-down list and select IPSec IKEv2 PSK.

72
6. In the Local field, enter the local WAN1 IP address. (e.g. 10.10.10.10) This can also be Based on the example, the network settings will be the following:
a domain name (ex: dynamic DNS host name)
7. In the Local subnet field, enter the local LAN IP subnet. (e.g. 192.168.10.0/24) You
can add additional local subnets by click the add icon (e.g. 192.168.20.0/24)
8. In the Remote field, enter the remote WAN1 IP. (e.g. 10.10.10.20) This can also be a
domain name (ex: dynamic DNS host name)
9. In the Remote subnet field, enter the remote LAN IP subnet. (e.g. 192.168.100.0/24) and click Apply. (e.g. 1234567890)
and click Apply. You can add additional local subnets by click the add icon (e.g.
192.168.120.0/24)

73
VPN Router B Configuration 6. For the Local field, enter the local WAN1 IP address. (e.g. 10.10.10.20) This can also
be a domain name (ex: dynamic DNS host name)
7. For the Local subnet field, enter the local LAN IP subnet. (e.g. 192.168.100.0/24) You
8. For the Remote field, enter the remote WAN1 IP. (e.g. 10.10.10.10) This can also be a
domain name (ex: dynamic DNS host name)
on page 8).
9. For the Remote subnet field, enter the remote LAN IP subnet. (e.g. 192.168.10.0/24)
3. Under Overview, enter a tunnel name and click Add. (e.g. Tunnel1)
192.168.20.0/24)
4. Click the Connection type drop-down list and select Site-to-Site.
5. For the Authentication type drop-down list and select IPSec IKEv2 PSK.

74
Based on the example, the network settings will be the following: Setting up IPsec server VPN (PSK with xAUTH)
on page 8).
3. Under Overview, enter a tunnel name and click Add. (e.g. IPsec_Server)
4. Click the Connection type drop-down list and select Remote Access (Roadwarrior).
5. For the Authentication type drop-down list and select IPSec XAUTH PSK.

75
6. For the Local field, enter the local WAN1 IP address. (e.g. 10.10.10.10) This can also 10. Under XAUTH Account, enter the User name and Password for the account, then
be a domain name (ex: dynamic DNS host name) click Add. Click Apply to save and commit the changes.
can add additional local subnets by click the add icon (e.g. 192.168.20.0/24) Note: For the VPN client computer, you will require a third party IPsec VPN software to
be installed configured matching the IPsec VPN settings on your router. Please refer to
your third party IPsec VPN User’s Guide/Manual for configuring the VPN settings.
8. In the Assign IP range field, enter the IP address subnet to assign the IPsec VPN client
devices upon connectivity and click Apply. (e.g. 192.168.30.0/24). The IP address
range/subnet should be different from the local LAN IP subnets and also different
from the remote client side.
9. Under Authentication Key, enter the Pre-Shared Key (PSK) for the IPsec VPN tunnel.
(e.g. 1234567890)

76
Below is a reference of the additional IPsec VPN settings if you choose to make other o PFS exchange – The Perfect Forward Secrecy group used for IPsec
configuration changes to these sections. phase 2. PFS adds additional security to the IPsec tunnel by forcing re-
negotiation of phase 1 keys for every new pair of phase 2 SAs (security
associations) established. Group 14 (2048 bit) offers the highest
• Certificate List – Used for IPsec tunnels requiring the RSA authentication type.
degree of security.
You can create or import IPsec certificates under Administrator > Certificate
• DPD (Dead Peer Detection) – DPD implements a keep alive/monitoring
Management.
function to the IPsec tunnel to check if IPsec peers are still active and
• Local ID/Remote ID – This parameter is only required for IPsec tunnels with the
responding.
RSA authentication type. If not using RSA, this additional parameter can be
o DPD action - Sets the action when IPsec peers do not respond to DPD
added for extra security in identification of the IPsec peers. (e.g. Local ID
messages within the DPD delay interval. Clear will automatically close
assigned CN=vpnsite1.trendnet.com and Remote ID CN=vpnsite2.trendnet.com)
the IPsec connection and will not attempt to re-negotiate the
• Authentication Key – This is the PSK (pre-shared key) used for IPsec tunnels
connection, Hold will keep the connection and will attempt to re-
requiring the PSK authentication type.
negotiate the connection on-demand only when new traffic is sent
• XAUTH Account – This parameter provides an additional layer of security by through the tunnel, Restart will immediately force re-negotiation of
requiring a user name and password for authentication of the IPsec tunnel and the connection.
required for IPsec XAUTH PSK tunnel type. o DPD delay – Sets the time interval when DPD messages are sent o
• EAP Account – This parameter provides an additional layer of security by IPsec peers to check the alive status.
requiring a user name and password for authentication of the IPsec tunnel and o DPD timeout – Sets the maximum timeout interval when IPsec
required for IPsec IKEv2 RSA EAP_MS_CHAPv2 tunnel type. connections are completely deleted due to inactivity.
Phase 1 settings
• Phase 1 auto configure – Checking this option automatically configures the
IPsec Phase 1 parameters for the tunnel. Unchecking this option allows you to
manually set the IPsec Phase 1 parameters.
o Cipher algorithm – The encryption/cipher algorithm used for IPsec
phase 1. AES 256-bit offers the highest degree security.
o Hash algorithm – The authentication/hash algorithm used for IPsec
phase 1. SHA2 256-bit offers highest degree of security.
o DH exchange – The Diffie-Hellman group used for IPsec phase 1 key
exchange. Group 14 (2048 bit) offers the highest degree of security.
Phase 2 settings
• Phase 2 auto configure – Checking this option automatically configures the
IPsec Phase 2 parameters for the tunnel. Unchecking this option allows you to
manually set the IPsec Phase 2 parameters.
o Transform algorithm – The encryption/cipher algorithm used for IPsec
phase 2. AES 256-bit offers the highest degree security.
o Hash algorithm – The authentication/hash algorithm used for IPsec
phase 2. SHA2 256-bit offers highest degree of security.

77
Setting up IPsec site-to-site VPN Failover (PSK) VPN Router A Configuration

Note: IPsec VPN failover is only supported on firmware 1.0.0.33 or above. This
configuration will only work when multiple WAN configuration is set to WAN1 (Failover
to WAN2), WAN2 (Failover to WAN1), Load Balance (weight cannot be set to 50%:50%).
Network > VPN > IPsec
VPN failover configuration allows you to add redundancy/fault tolerance to your IPsec
VPN tunnel connectivity.
To configure and IPsec site-to-site VPN tunnel failover with pre-shared key (PSK)
between two routers:
on page 8).
• Ensure that your router is connected to the Internet and computers and
devices are able to access the Internet through the WAN1 and WAN2 interfaces
on your router and make note of the WAN1 and WAN2 IP addresses assigned 2. Click on Network, click Firewall, and click the General Settings tab.
to both routers under the Status > Overview page. In this example, we will
assume the following static IP WAN info. and LAN IP settings below.
3. Check the Enable under WAN Ping Respond and click Apply to save and commit the
Example: configuration changes.
VPN Router A WAN1 (Internet) IP Address: 10.10.10.85 / 255.255.255.192
VPN Router A WAN2 (Internet) IP Address: 10.10.10.130 / 255.255.255.192
VPN Router B WAN1 (Internet) IP Address: 172.16.0.1 / 255.255.255.192
VPN Router B WAN1 (Internet) IP Address: 172.16.0.62 / 255.255.255.192
• Make sure the LAN IP network on each VPN router is a different IP subnet.
Note: Changing the LAN IP address of your router will change the LAN IP
network of your router.
Example:
VPN Router A LAN IP Settings: 192.168.200.1 / 255.255.255.0
VPN Router B LAN IP Settings: 192.168.210.1 / 255.255.255.0

78
4. Click on Network and click on Multiple WAN. 9. Click the Failover drop-down list and select Enable.
5. Under the Link Tracking section, check Enable Tracking on both WAN1 and WAN2,
and enter an IP address or IP addresses on the Internet to check for connectivity and 10. Click the Authentication type drop-down list and select IPSec IKEv2 PSK.
quickly determine if the WAN interface is up or down (e.g. 8.8.8.8). Set the Ping
Interval to 3 seconds, and Fail Count to 1 for both WAN1 and WAN2 and click Apply
to save and commit the configuration changes.
11. In the Local field, enter the local WAN1 IP address. (e.g. 10.10.10.85) This can also
be a domain name (ex: dynamic DNS host name)
12. Click to add an additional IP address and enter the local WAN2 IP address (e.g.
10.10.10.130).
6. Click on Network, click VPN, and click the IPsec tab. 14. In the Remote field, enter the remote WAN1 IP address. (e.g. 172.16.0.1) This can
also be a domain name (ex: dynamic DNS host name)
7. Under Overview, enter a tunnel name and click Add. (e.g. Tunnel1)

15. Click to add an additional IP address and enter the remote WAN2 IP address
(e.g. 172.16.0.80).

79
Based on the example, the network settings will be the following:
16. In the Remote subnet field, enter the remote LAN IP subnet. (e.g. 192.168.210.0/24)
192.168.30.0/24)

80
VPN Router B Configuration
on page 8).
2. Click on Network, click Firewall, and click the General Settings tab. 6. Click on Network, click VPN, and click the IPsec tab.
3. Check the Enable under WAN Ping Respond and click Apply to save and commit the 7. Under Overview, enter a tunnel name and click Add. (e.g. Tunnel1)
configuration changes.
4. Click on Network and click on Multiple WAN.
5. Under the Link Tracking section, check Enable Tracking on both WAN1 and WAN2, 9. Click the Failover drop-down list and select Enable.
and enter an IP address or IP addresses on the Internet to check for connectivity and
quickly determine if the WAN interface is up or down (e.g. 8.8.8.8). Set the Ping Interval
to 3 seconds, and Fail Count to 1 for both WAN1 and WAN2 and click Apply to save and
commit the configuration changes.
10. Click the Authentication type drop-down list and select IPSec IKEv2 PSK.

81
11. In the Local field, enter the local WAN1 IP address. (e.g. 172.16.0.1) This can also be
a domain name (ex: dynamic DNS host name) Based on the example, the network settings will be the following:
12. Click to add an additional IP address and enter the local WAN2 IP address (e.g.
172.16.0.80).
14. In the Remote field, enter the remote WAN1 IP address. (e.g. 172.16.0.1) This can
also be a domain name (ex: dynamic DNS host name)
15. Click to add an additional IP address and enter the remote WAN2 IP address
(e.g. 172.16.0.80).
16. In the Remote subnet field, enter the remote LAN IP subnet. (e.g. 192.168.200.0/24)
192.168.20.0/24)

82
Secure Socket Layer VPN (SSL) / OpenVPN

Network > VPN > OpenVPN 7. In the Local Name field, enter the city name. (e.g. Torrance)
8. In the Organization Name field, enter your company name (e.g. TRENDnet)
9. In the Org. Unit field, enter the section, group, or department. (e.g. IT)
SSL VPN Server Setup
1. Log into your router management page (see “Access your router management page” 10. In the Email Address field, enter the email address used for the certificate. (e.g. tew-
on page 8). 829dru@trendnet.com)
2. Click on Administrator and click Certificate Management.
3. Enter a name for the certificate to use for SSL VPN and click Add. (e.g. SSL-VPN) 11. In the Validity Days field, enter the number of days the certificate will be valid and
click Apply to save and commit the changes.. (e.g. 100)
4. Click the Used for drop-down list and select OpenVPN.

12. Click on Network, click VPN, and click the OpenVPN tab.
13. Check the Enable option to enable the SSL VPN server.
5. In the Country Code field, enter the two letter country code. (e.g. US) Note: You may receive a notification if Dynamic DNS is not configured on your router. If
you are using VPN, it is not required however, strongly recommended to setup the
Dynamic DNS feature on your router to prevent any issues with VPN connectivity if
your public (WAN) Internet IP address dynamically changes.
6. In the State or Province Name field, enter the full name of the state or province. (e.g.
California)

83
14. In the Certificate List drop-down list, select the name of the OpenVPN certificate SSL VPN Client Setup (Windows)
you created and click Apply to save and commit the changes. (e.g. SSL-VPN) 1. Make sure to copy or move the configuration files downloaded from your router to
the VPN client computer and that your client computer has access to the Internet.
2. Download the appropriate OpenVPN software version for your operating system from
15. Next to Client configuration file, click Export to download the configuration files for the following URL: https://openvpn.net/index.php/open-source/downloads.html
the VPN client computer.
Note: Please note there is also a link in the description in the router management page
Note: Please do not change the filename for Windows installation. If installing in Linux, under Advanced > Setup > VPN.
the .ovpn extension must be changed to .conf.
3. Once you have downloaded the software, navigate to the location where you
Folder paths for SSL VPN client configuration files: downloaded the file and double click to start the installation.
Windows: C:\Program Files\OpenVPN\config
Linux: /etc/openvpn
Below is a reference of the additional SSL VPN settings if you choose to make other 4. If prompted to run the file, click Run.
Note: Changing any settings will require you to export a new client configuration file.
• Port – Used to change the default SSL VPN server port.
• Server – Used to change the default IP address subnet and IP address range to
distribute to SSL VPN clients.
• Proto – Used to change the default protocol. UDP or TCP.
• Connect Type – Changing this setting will change the access level of your SSL
VPN clients.
o LAN Access – This setting will allow your SSL VPN clients access to your
LAN network and the Internet.
o Internet Redirect – This setting will allow your SSL VPN clients access
only the Internet only via full tunneling but no access to your LAN
network
• Cipher – Select the cipher/encryption algorithm used for SSL VPN client
connections. AES-256-CBC offers the highest degree security.
• Auth – The authentication/hash algorithm used for SSL VPN client connections.
SHA256 offers highest degree of security.
• Enable client authentication – Checking this option will require additional
security by means of user name and password authentication in addition to the
standard encryption/authentication protocols. You will need to add a user
name and password under Client Authentication Account.

84
5. At the installation window, click Next. 7. At the choose components window, click Next.
8. At the install location window, click Install.

6. At the license agreement window, review the license agreement and click I Agree.

85
11. Make sure to uncheck the “Show Readme” and “Start OpenVPN GUI” options and
click Finish.
9. At the prompt to install the TAP-Windows adapter, click Install.
10. At the installation completion window, click Next.
12. Copy the client configuration file(s) (client.ovpn) downloaded from the router to the
following path without any sub-folders.
C:\Program Files\OpenVPN\config

86
16. If the VPN connection is successful, you will receive the notification below in the
13. Double-click on the OpenVPN GUI shortcut on your desktop to start the OpenVPN bottom right corner. You will be able to access resources securely from your router LAN
Client software. network over the Internet such as shared folders, media, files, etc.
14. The OpenVPN system tray icon will appear in the bottom right corner. Right-click the
icon to display the configuration menu. Note: To disconnect your VPN client connection, right click OpenVPN system tray icon
and select Disconnect.
15. After right-clicking the icon, the menu will appear. Click Connect to establish your
VPN connection to your router.

87
Certificate Management IPsec – Below are the parameters you can set for the certificate. The only required
parameters for an IPsec RSA certificate are Common Name (Server), Common Name
Administrator > Certificate Management (Client), and Valid Days.
The certificate management allows you to create, import, and export security • Certificate Name – Enter the name for the certificate.
certificates used for IPsec RSA and SSL VPN (OpenVPN) identification and authentication
• Used for – Click the drop-down list and select IPsec.
in IPsec RSA or SSL VPN (OpenVPN) configuration.
• Country Code – Enter the 2 letter country code for the certificate. (e.g. US)
Note: Setting this parameter is optional for IPsec VPN RSA.
• State or Province Name – Enter the name of the state or province for the
1. Log into your router management page (see “Access your router management page” certificate. (e.g. California)
on page 8). Note: Setting this parameter is optional for IPsec VPN RSA.
• Local Name – Enter the name of the city for the certificate. (e.g. Torrance)
2. Click on Administrator and click on Certificate Management. • Organization Name – Enter the company name for the certificate (e.g. TRENDnet)
3. Under Local Certificates, enter a name for the certificate and click Add. (e.g. IPsecVPN
or OpenVPN) • Org. Unit – Enter the department or group name for the certificate (e.g. IT)
• Email Address – Enter the email address contact for the certificate (e.g.
4. Click the Used for drop-down list and select the appropriate VPN method the
xxxxx@trendnet.com
certificate will be used for, IPsec or OpenVPN.
Note: Setting this parameter is optional for IPsec VPN RSA
• Common Name (Server) – Enter the host + domain name of first site/IPsec tunnel
5. Review the settings below. When complete, click Apply to save and commit your endpoint. (e.g. site1.ipsecvpn.local)
changes. After you have created the appropriate VPN certificate, the certificate will be Note: Setting this parameter is required for IPsec VPN RSA
available under the IPsec or Open VPN configuration settings under Network > VPN. • Common Name (Client) – Enter the host + domain name of the second site/IPsec
tunnel endpoint. (e.g. site2.ipsecvpn.local)
Note: Setting this parameter is required for IPsec VPN RSA
• Valid Days – Enter the amount of days the certificate will be valid before expiration.
The first day will be set as the day the certificate was created. (e.g. 100)
Note: Setting this parameter is required for IPsec VPN RSA
• SAN (Server) – Enter the IP address, email, or domain name of the SAN (storage
array network server) of the first site/IPsec tunnel endpoint. (e.g. 192.168.10.20)
• SAN (Client) - Enter the IP address, email, or domain name of the SAN (storage
array network server) of the second site/IPsec tunnel endpoint. (e.g.
192.168.100.20)
Note: Setting this parameter is optional for IPsec VPN RSA
• Password – Enter the import/export password for the certificate.

88
OpenVPN – Below are the parameters you can set for the certificate. All parameters are
required for the SSL VPN (OpenVPN) certificate.
• Certificate Name – Enter the name for the certificate.
• Used for – Click the drop-down list and select OpenVPN.
• Country Code – Enter the 2 letter country code for the certificate. (e.g. US)
• State or Province Name – Enter the name of the state or province for the
certificate. (e.g. California)
• Local Name – Enter the name of the city for the certificate. (e.g. Torrance)
• Organization Name – Enter the company name for the certificate (e.g. TRENDnet)
• Org. Unit – Enter the department or group name for the certificate (e.g. IT)
• Email Address – Enter the email address contact for the certificate (e.g.
xxxxx@trendnet.com
• Valid Days – Enter the amount of days the certificate will be valid before expiration.
The first day will be set as the day the certificate was created. (e.g. 100)

89
Router Maintenance and Monitoring
Managing access to the router management interface

Administrator > Access Management
This section will allow you to restrict access router management access to specific
interfaces. By default, management access to the web interface (HTTP) is restricted only
to the LAN interface.
on page 8).
2. Click on Administrator and click on Access Management.

Remote Access Management
3. Review the settings below. When complete, click Apply to save and commit your • Limit access by interface – Checking this option will allow you to select specific
changes. WAN interfaces (e.g. WAN1, WAN2) that are allowed access to the router
management interface over the Internet.
Local Access Management o Allowed interfaces – The WAN1 and WAN2 interfaces will be in this
section. (e.g. Selecting WAN1 will only allow management access from
• Limit access by interface – Checking this option will allow you to select specific local the WAN1 interface and will deny management access on the WAN2
interfaces (e.g. LAN, VLAN) that are allowed access to the router management interface.
interface. • Enable HTTPS – Checking this option will enable secure HTTPS (SSL) access to the
o Allowed interfaces – The available local interfaces will be in this router management page on the selected WAN interfaces.
section. (e.g. Selecting LAN will only allow management access from
• Enable Telnet – Checking this option will enable command line interface access via
the LAN and all other VLAN interfaces will be denied.)
Telnet on the selected WAN interfaces.
• Enable HTTPS – Checking this option will enable secure HTTPS (SSL) access to the
• Enable SSH – Checking this option will enabled secure command line interface
router management page on the selected local interfaces.
access via SSH (Secure Shell) on the selected WAN interfaces.
• Enable Telnet – Checking this option will enable command line interface access via
Telnet on the selected local interfaces.
• Enable SSH – Checking this option will enabled secure command line interface
access via SSH (Secure Shell) on the selected local interfaces.

90
Diagnostic tools  WAN1/WAN2 – You can select either WAN1 or WAN2 to

conduct the connectivity test through a specific WAN
Administrator > Diagnostics interface for troubleshooting.
This section includes network tools and utilities for testing connectivity and o Protocol – Select the IP protocol version for the connectivity test, IPv4
troubleshooting. or IPv6.
o Host – Enter the host IP address or domain name to test connectivity.
1. Log into your router management page (see “Access your router management page” • Nslookup – This tool conducts a test to check domain name resolution to an IP
on page 8). address. After entering in the domain name to resolve, click NSLOOKUP to start the
resolution test and the results will appear at the bottom of the page.
o Host – Enter the host IP address or domain name to test resolution.
2. Click on Administrator and click on Diagnostics.
3. Review the settings below.
Network Utilities
• Ping – This tool conducts a basic ping/connectivity test to a host IP address or
domain name. After selecting and entering all of the required parameters, click
PING to start the connectivity test and the results will appear at the bottom of the
page. MWAN Interface Diagnostics – This section allows to conduct connectivity testing on
o Interface – Select the interface used to run the connectivity test. the multi-WAN configuration.
 Default – Uses the internal loopback interface to conduct the • Interface – Select the WAN interface to conduct testing.
connectivity test. o Ping Default Gateway – This will conduct a ping connectivity test to
 WAN1/WAN2 – You can select either WAN1 or WAN2 to the default gateway IP address of the selected WAN interface.
conduct the connectivity test through a specific WAN o Ping Tracking IP – This will conduct a ping connectivity test to the
interface for troubleshooting. tracking IP configured under Network > Multiple WAN in the Link
o Protocol – Select the IP protocol version for the connectivity test, IPv4 Tracking section for the selected WAN interface.
or IPv6. o Check IP Rules – This will display the current IP rules configured for
o Host – Enter the host IP address or domain name to test connectivity. the selected WAN interface.
• Traceroute – This tool conducts a test to check the routing path taken to reach a o Check Routing Table – This will display the current default route
specific destination host IP address or domain name. After selecting and entering all configured for the selected WAN interface.
of the required parameters, click TRACEROUTE to start the connectivity test and the
results will appear at the bottom of the page.
o Interface – Select the interface used to run the connectivity test.
 Default – Uses the internal loopback interface to conduct the
connectivity test.

91
Backup and restore your router configuration settings Reboot your router
Administrator > Backup / Flash Firmware Administrator > Reboot
You may have added many customized settings to your router and in the case that you You may want to restart your router if you are encountering difficulties with your router
need to reset your router to factory defaults, all your customized settings would be lost and have attempted all other troubleshooting.
and would require you to manually reconfigure all of your router settings instead of There are two methods that can be used to restart your router.
simply restoring from a backed up router configuration file.
• Turn the router off for 10 seconds using the router On/Off switch located on the
To backup your router configuration: rear panel of your router or disconnecting the power port, see “Product
1. Log into your router management page (see “Access your router management page” Hardware Features” section.
on page 8). Use this method if you are encountering difficulties with accessing your router
2. Click on Administrator, then click on Backup / Flash Firmware management page. This is also known as a hard reboot or power cycle.
OR
3. Next to Download backup, click Generate Archive.
• Router Management Page – This is also known as a soft reboot.
4. Depending on your web browser settings, you may be prompted to save the on page 8).
configuration file (specify the location) or the file may be downloaded automatically 2. Click on Administrator, then click on Reboot.
to the web browser settings default download folder. (Default Filename: backup-TEW- 3. Next to Reboots the operating system, click Perform Reboot.
829DRU-YYYY-MM-DD.dat)
To restore your router configuration: 4. Wait for the device to reboot.

on page 8).
2. Click on Administrator, then click on Backup / Flash Firmware.
3. Next to Restore backup, click Browse or Choose File.
4. A separate file navigation window should open.

5. Select the router configuration file to restore and click Upload Archive (Default
Filename: backup-TEW-829DRU-YYYY-MM-DD.dat). If prompted, click Yes or OK.
6. Wait for the router to restore settings.

92
Scheduled automatic reboot Console access

Administrator > Reboot > Setting Using the includes RS-232 to RJ-45 console cable, you can access the router console
The scheduled automatic reboot feature allows you to set a daily or weekly schedule for command line interface management through the console port for debugging and
the router to initiate an automatic reboot in an attempt to resolve any connectivity troubleshooting if necessary.
issues or intermittent problems that may occur with your device. Before using the You can access the command line interface management of router using the terminal
scheduled automatic reboot feature, please ensure your Time settings are configured emulation program settings below.
correctly and you have already created a time schedule for this function.
Baud Rate (bps) 115200

on page 8). Data Bits 8
Parity Bits None
2. Click on Administrator, click on Reboot, and click on Setting tab. Stop Bits 1
Hardware Flow Control Off
3. Click the Automatic reboot by schedule drop-down list and select the schedule used
for the automatic device reboot function. Click Apply to save and commit the changes.
Command Line Interface
The router firmware is based on OpenWRT which is based on Linux and command usage
can be refererenced from the web links below.
https://busybox.net/downloads/BusyBox.html
https://wiki.openwrt.org/doc/howto/user.beginner.cli
https://wiki.openwrt.org/doc/uci

93
Router Default Settings Reset your router to factory defaults

Administrator > Backup / Flash Firmware
Administrator User Name admin You may want to reset your router to factory defaults if you are encountering difficulties
with your router and have attempted all other troubleshooting.
Administrator Password Please refer to sticker or device
label
There are two methods that can be used to reset your router to factory defaults.
Router Default URL http://tew-829dru
• Reset Button – Located on the rear panel of your router, see “Product Hardware
Router IP Address 192.168.10.1 Features”. Use this method if you are encountering difficulties with accessing
your router management page.
Router Subnet Mask 255.255.255.0
OR
DHCP Server IP Range 192.168.10.101-192.168.199 • Router Management Page
Wireless 2.4GHz/5GHz1/5GHz2 Enabled
Wireless 2.4GHz/5GHz1/5GHz2 Please refer to sticker or device 1. Log into your router management page (see “Access your router management page”
Network Name/Encryption label on page 8).
Wireless 2.4GHz/5GHz1/5GHz2 Disabled

Guest Network 2. Click on Administrator, then click on Backup / Flash Firmware.
WAN1/WAN2 Mode WAN1 Primary / WAN2 Secondary

Failover 3. Next to Reset to defaults, click Perform Reset. When prompted to confirm this action,
click OK.
4. Wait for the router to settings to factory default.

94
Upgrade your router firmware If a new firmware version is available, the details of the new version will appear such as
the firmware version, firmware file size, and release notes about the new firmware.
To start the online firmware upgrade process, click Apply. At the verification page, click
TRENDnet may periodically release firmware upgrades that may add features or fix Proceed. Please wait for the online firmware upgrade procedure to complete
problems associated with your TRENDnet router model and version. To check if there is successfully.
a firmware upgrade available for your device, please check your TRENDnet model and
version using the link. http://www.trendnet.com/support Note: The Keep Settings option will upgrade the firmware version and preserve your
existing configuration settings. Unchecking the Keep Settings option will upgrade the
In addition, it is also important to verify if the latest firmware version is newer than the firmware version and reset the device to factory defaults.
one your router is currently running. To identify the firmware that is currently loaded on
your router, log in to the router, check the Administrator > Backup / Flash Firmware
under Online Firmware Upgrade or Status > Overview section under System.
Online Firmware Upgrade (requires router to be connected to Internet)

When your router has detected a new firmware available online, a notification will
appear at the top of the router management page. You can click the link or go to
Under the Online Firmware Upgrade section, it will list the current firmware version
loaded on your router. Click Check to manually check if there is a new firmware
available online.

95
Manual Firmware Upgrade 1. Log into your router management page (see “Access your router management page”
1. If a firmware upgrade is available, check the router model on our website on page 8).
http://www.trendnet.com/support and download the firmware to your computer.
2. Click on Administrator and click on Backup / Flash Firmware.
2. Unzip the file to a folder on your computer.
3. Depending on your web browser, in the Flash new firmware image section, click
Please note the following: Browse or Choose File.
• Do not interrupt the firmware upgrade process. Do not turn off the device or
press the Reset button during the upgrade.
• If you are upgrade the firmware using a laptop computer, ensure that the laptop
is connected to a power source or ensure that the battery is fully charged.
• Disable sleep mode on your computer as this may interrupt the firmware upgrade
process.
• Do not upgrade the firmware using a wireless connection, only using a wired
network connection. 4. Navigate to the folder on your computer where the unzipped firmware file (.bin) is
• Any interruptions during the firmware upgrade process may permanently located and select it.
damage your router. Note: The Keep Settings option will upgrade the firmware version and preserve your
existing configuration settings. Unchecking the Keep Settings option will upgrade the
firmware version and reset the device to factory defaults.
5. At the verification page, click Proceed. Please wait for the online firmware upgrade
procedure to complete successfully.

96
Ping Watchdog
Administrator > Ping Watchdog
The Ping Watchdog feature allows you configure your router to monitor connectivity to
a specific host IP address. If connectivity is lost to the specified host IP address, the
router will automatically initiate a device reboot in an automatic attempt to re-establish
previously lost connectivity.
on page 8).
2. Click on Administrator and click on Ping Watchdog.
changes.
Local Access Management

• Enable – Check this option to enable the ping watchdog feature.
• Ping Host / Interface – Enter the IP address to monitor and send ping requests to
check connectivity.
Note: You can additional host IP address entries to monitor by clicking .
o ALL – Check all local and WAN interfaces for the specified host IP
address.
o WAN1 – Check only the WAN1 interface for the specified host IP
address.
o WAN2 – Check only the WAN2 interface specified host IP address.
o Import Default Gateway – Clicking this option will automatically
attempt to copy both WAN interfaces default IP gateway to an
available entry.
• Ping Interval – Enter interval time for the router to send ping and connectivity
check. Ex: Setting the interval to 5 Minutes will configure to send a ping and check
connectivity every 5 mintes.
• Fail Count to Perform Reboot – Once ping/connectivity check fails, this sets the
maximum amount of attempts the router will attempt to check connectivity before
initiating an automatic reboot.

97
Check the router status information • Memory

o Total Available – Displays the total amount of RAM memory available
Status > Overview on the router regardless of usage.
You may want to check the system information of your router firmware, S/N, uptime, o Firmware Version – Displays the total amount of free space RAM
available memory, active connection, WAN interface information, wireless interface memory available on the router.
information, DHCP clients, connected wireless clients, dynamic DNS and active UPnP o Buffered – Displays the total amount of RAM memory used for buffer
entries. memory.
on page 8).
2. Click on Status and click on Overview.

• System
• Network
o Hostname – Displays the currently assigned hostname of the router.
o WAN1/WAN2 – Displays the current configuration of the WAN
The name other network devices identify the router on the network.
interfaces along with the IPv4/IPv6 address information and
o Firmware Version – Displays the currently loaded firmware version
connected uptime.
and date.
o Active Connections – Displays the current amount of active Internet
o Serial Number – Displays the device serial number.
sessions.
o Local Time – Displays the current device time and date.
o Uptime – Displays the total amount of time the router has been up
and running without reboot.
o Load Average – Displays the CPU load average of the device over the
following time intervals. (one minute load avg., five minute load avg.
fifteen minute load avg.)

98
• DHCP/DHCPv6 Leases – Displays the currently active DHCP and DHCPv6 • Dynamic DNS – Displays the current DDNS configuration for each WAN and
address leases. status information.
• MWAN Interface Live Status - Displays the current multiple WAN tracking and
interface status.
• Wireless –Displays the current configuration of the wireless bands such as SSID,
Channel, Bitrate, BSSID (wireless MAC), encryption, and multiple SSID status.
• Activate UPnP Redirects – If UPnP is enabled, displays the currently active

UPnP connections.
• Associated Stations – Displays the currently connect wireless client devices.

99
View routing table and ARP entries • Active IPv6-Routes – Displays the current IPv6 active routing table.
Status > Routes
You may want to check the current routing table and ARP entry information for
troubleshooting or monitoring purposes.
on page 8).
2. Click on Status and click on Routes.
• ARP – Displays the router ARP table.
• IPv6 Neighbors – Displays currently discovered/detected IPv6 neighbor

devices.
• Active IPv4-Routes – Displays the current IPv4 active routing table.

100
View your router logging Log. Debug displays all logging messages and selecting another log level type
will only display those specific log messages along with any other levels above
Status > System Log it.
Your router system log can be used to obtain activity information on the functionality of • Cron Log Level – This setting allows you to change the type of logging send to
your router or for troubleshooting purposes. the external syslog server.
on page 8).
2. Click on Status and click on System Log.

Note: The router system log will display the most recent entries in the list.
Configure router logging settings and setup external syslog server

Administrator > System > Logging
You can adjust specific log settings to set what type of logging is displayed in the system
log and log buffer size.
on page 8).
2. Click on Administrator, click on System, and click on the Logging tab.

• System log buffer size – You can increase or decrease the router buffer size.
Enter the buffer size in KB.
• External system log server – This setting allows to send router logging to an
external syslog server. Enter the IP address of the external syslog server.
• External system log server port – If sending logging to external syslog server,
enter the syslog port to use. By default, the syslog port is 514.
• Log output level – This setting allows you to change the type of logging
displayed in the internal system log of router displays under Status > System

101
Technical Specifications VPN

• SSL VPN Server (Up to 4 tunnels)
Standards
• OpenVPN Encryption: BF-CBC, AES-128-CBC, AES-256-CBC
• IEEE 802.3
• IEEE 802.3u • OpenVPN HMAC Authentication: SHA1, SHA256
• IEEE 802.3x • SSL VPN Certificate: RSA
• IEEE 802.3ab • IPsec VPN Server / Site-to-Site (Up to 8 tunnels)
• IEEE 802.1Q • IPsec Encryption: DES, 3DES, AES-128/256
• IEEE 802.1X • IPsec Authentication: MD5, SHA1, SHA2-256, Certificate: X.509v3
• IEEE 802.11a • IPsec Key Exchange: IKE: IKEv1/2, Main Mode, RSA, Pre-shared Key, DH Groups
• IEEE 802.11b 1/2/5/14
• IEEE 802.11g • IPsec Protocols: ESP (Transport/Tunnel), PFS DH Groups 1/2/5/14, DPD,
• IEEE 802.11n (up to 400Mbps @ 256QAM)* Local/Remote ID: IP Address, FQDN
• IEEE 802.11ac (5GHz1: up to 1733Mbps, 5GHz2: up to 867Mbps @ 256QAM)* • IPsec NAT Traversal
• IPsec VPN failover support
Device Interface
• PPTP/L2TP VPN Server (Up to 8 tunnels)
• 8 x Gigabit LAN ports
• L2TP with IPsec VPN Server (Up to 8 tunnels shared with L2TP)
• 2 x Gigabit WAN ports (WAN failover / Load balancing)
• PPTP/L2TP Encryption: MPPE 40-bit, 128-bit, IPsec
• 1 x USB 3.0 (Samba)
• 1 x RJ-45 console port • PPTP/L2TP Authentication: MS-CHAPv1/2
• Power switch
Networking
• Reset button
• WAN Modes: NAT, Classical Routing
• LED indicators
• NAT Modes: NAT, PAT, One-to-One NAT
Performance • WiFi client bridge mode
• NAT (LAN-to-WAN) throughput: 900Mbps • ISP IPv4 WAN Modes: DHCP, Static IP, PPPoE, PPTP, L2TP
• Routing performance: 900Mbps • ISP IPv6 WAN Modes: Static, Auto-configuration (SLAAC/DHCPv6), Link-Local,
• Maximum concurrent sessions: 32,000 PPPoE
• Maximum number of VLANs: 8 (ID: 1-4094) • VLAN ID assignment on WAN interface
• IPsec VPN (AES-256/SHA-256/LAN-to-LAN) throughput: 90Mbps • Routing: Static, RIPv1/v2, OSPFv/2, routing policies (Up to 20 entries)
• SSL VPN (OpenVPN®) Throughput (Blowfish/SHA-1/Bridge): 15Mbps • Static ARP (Up to 32 entries)
• Inter-VLAN Routing (Up to 8 VLANs, 8 IP interfaces)
• SSID per VLAN assignment

102
• DHCP Server/Relay Frequency

• Dynamic DNS: dyn.com, no-ip.com • 2.412 - 2.472GHz
• WAN Failover • 5.180 – 5.825GHz
• WAN Load Balancing
Modulation
• VPN passthrough: IPsec, PPTP, L2TP
• 802.11b: CCK, DQPSK, DBPSK
• 802.11a/g: OFDM with BPSK, QPSK and 16/64-QAM
Access Control
• Wireless encryption: WPA/WPA2-PSK, WPA/WPA2-RADIUS • 802.11n: BPSK, QPSK, 16-QAM, 64-QAM, 256-QAM with OFDM
• NAT, virtual server/port forwarding, port triggering, firewall traffic rules, DMZ • 802.11ac: OFDM with BPSK, QPSK and 16/64/256-QAM
host, UPnP/NAT-PMP, allow/deny ping on WAN interfaces
Media Access Protocol
• ALG: PPTP/L2TP/IPsec VPN passthrough, FTP/TFTP/SIP/RTSP/IRC/H.323
• CSMA/CA with ACK
passthrough
• MAC & IP filtering Antenna Gain
• Custom scheduling for access control rules • 2.4GHz: 2 x 2.9 dBi (max.) / 5GHz: 4 x 4.4 dBi detachable/external
• Wireless client isolation
• DoS prevention Wireless Output Power (max output power without antenna gain)
• 802.11a: FCC: 25 dBm (max.) / IC: 23 dBm (max.)
Quality of Service • 802.11b: FCC: 26 dBm (max.) / IC: 26 dBm (max.)
• User defined classification rules with 4 priority queues • 802.11g: FCC: 23 dBm (max.) / IC: 23 dBm (max.)
• WMM • 802.11n (2.4GHz): FCC: 23 dBm (max.) / IC: 23 dBm (max.)
• 802.11n (5GHz): FCC: 23 dBm (max.) / IC: 23 dBm (max.)
Management/Monitoring
• 802.11ac: FCC: 23 dBm (max.) / IC: 23 dBm (max.)
• CLI (Console/Telnet/SSH) command line management
• HTTP/HTTPS web based management
• Scheduled automatic reboot Receiving Sensitivity (per chain)
• Scheduled Wake-on-LAN (WoL) • 802.11a: -70 dBm (typical) @ 54Mbps
• View ARP and routing table entries • 802.11b: -83 dBm (typical) @ 11Mbps
• View CPU load, traffic/wireless usage, and NAT sessions • 802.11g: -70 dBm (typical) @ 54Mbps
• Internal system logging • 802.11n (2.4GHz): -59 dBm (typical) @ 400Mbps
• Manual or online firmware upgrade and notification
• 802.11n (5GHz): -59 dBm (typical) @ 800Mbps
• Backup and restore configuration
• 802.11ac: -55 dBm (typical) @ 1733Mbps
• Internal logging
• Ping watchdog
• Diagnostic tools: Built-in ping, traceroute, and ns-lookup network utilities

103
*Disclaimers*
Wireless Channels *Maximum wireless signal rates are referenced from IEEE 802.11 theoretical
specifications. Actual data throughput and coverage will vary depending on
• 2.4GHz: FCC: 1–11 interference, network traffic, building materials, and other conditions. For
• 5GHz: FCC: 36, 40, 44, 48, 149, 153, 157, 161, 165 maximum performance of up to 1.733Gbps, use with a 1.733Gbps 802.11ac
wireless adapter. For maximum performance of up to 867Mbps, use with an
Power 867Mbps 802.11ac wireless adapter. For maximum performance of up to
• Input: 100 – 240 V AC, 50 – 60 Hz, 1A 400Mbps, use with an 400Mbps 802.11n wireless adapter. Multi-User MIMO
(MU-MIMO) requires the use of multiple MU-MIMO enabled wireless
• Output: 12V DC, 3A external power adapter
adapters.
• Max. Consumption: 17.4W
Operating Temperature
• 0° – 50° C (32° – 122° F)
Operating Humidity
• Max. 95% non-condensing
Certifications
• FCC
• IC
Dimensions
• 280 x 170 x 44.45mm (11 x 6.7 x 1.75 in.)
• Rack mountable 1U height
Weight
• 1.24kg (2.74 lbs.)

104
Troubleshooting Note: If you are experiencing difficulties, please contact your computer or operating
system manufacturer for assistance.
Q: I typed http://tew-829dru in my Internet Browser Address Bar, but an error

Q: I am not sure what type of Internet Account Type I have for my Cable/DSL
message says “The page cannot be displayed.” How can I access the router
connection. How do I find out?
management page?
Answer:
Answer:
Contact your Internet Service Provider (ISP) for the correct information.
Access the router using the default IP address 192.168.10.1.
http://192.168.10.1
Q: The Wizard does not appear when I access the router. What should I do?
Answer:
Q: I typed http://192.168.10.1 in my Internet Browser Address Bar, but an error
1. Click on Wizard on the left hand side.
message says “The page cannot be displayed.” How can I access the router
2. Near the top of the browser, “Pop-up blocked” message may appear. Right click on
management page?
the message and select Always Allow Pop-ups from This Site.
Answer:
3. Disable your browser's pop up blocker.
1. Check your hardware settings again. See “Router Installation” on page 8.
2. Make sure the LAN and WLAN lights are lit.
Q: I went through the Wizard, but I cannot get onto the Internet. What should I do?
3. Make sure your network adapter TCP/IP settings are set to Obtain an IP address
Answer:
automatically or DHCP (see the steps below).
1. Verify that you can get onto the Internet with a direct connection into your modem
4. Make sure your computer is connected to one of the router’s LAN ports
(meaning plug your computer directly to the modem and verify that your single
5. Press on the factory reset button for 15 seconds, the release.
computer (without the help of the router) can access the Internet).
Windows 7/8/8.1
2. Power cycle your modem and router. Unplug the power to the modem and router.
a. Go into the Control Panel, click Network and Sharing Center. Wait 30 seconds, and then reconnect the power to the modem. Wait for the modem to
b. Click Change Adapter Settings, right-click the Local Area Connection icon. fully boot up, and then reconnect the power to the router.
c. Then click Properties and click Internet Protocol Version 4 (TCP/IPv4). 3. Contact your ISP and verify all the information that you have in regards to your
Internet connection settings is correct.
d. Then click Obtain an IP address automatically and click OK.
Windows Vista Q: I cannot connect wirelessly to the router. What should I do?
a. Go into the Control Panel, click Network and Internet. Answer:
b. Click Manage Network Connections, right-click the Local Area Connection 1. Double check that the WLAN light on the router is lit.
icon and click Properties. 2. Power cycle the router. Unplug the power to the router. Wait 15 seconds, then plug
c. Click Internet Protocol Version (TCP/IPv4) and then click Properties. the power back in to the router.
d. Then click Obtain an IP address automatically and click OK. 3. Contact the manufacturer of your wireless network adapter and make sure the
Windows XP/2000 wireless network adapter is configured with the proper SSID. The preset SSID is
a. Go into the Control Panel, double-click the Network Connections icon TRENDnet(model_number).
b. Right-click the Local Area Connection icon and the click Properties. 4. To verify whether or not wireless is enabled, login to the router management page,
c. Click Internet Protocol (TCP/IP) and click Properties. click on Wireless.
d. Then click Obtain an IP address automatically and click OK. 5. Please see “Steps to improve wireless connectivity” on page 28 if you continue to
have wireless connectivity problems.

105
Appendix
Note: If you are experiencing difficulties, please contact your computer or operating
How to find your IP address? system manufacturer for assistance.
Note: Please note that although the following procedures provided to follow for your
operating system on configuring your network settings can be used as general
guidelines, however, it is strongly recommended that you consult your computer or How to configure your network settings to obtain an IP address automatically or use
operating system manufacturer directly for assistance on the proper procedure for DHCP?
configuring network settings. Note: Please note that although the following procedures provided to follow for your
operating system on configuring your network settings can be used as general
guidelines, however, it is strongly recommended that you consult your computer or
Command Prompt Method operating system manufacturer directly for assistance on the proper procedure for
Windows 2000/XP/Vista/7/8/8.1/10 configuring network settings.
1. On your keyboard, press Windows Logo+R keys simultaneously to bring up the Run
dialog box. Windows 7/8/8.1/10
2. In the dialog box, type cmd to bring up the command prompt. a. Go into the Control Panel, click Network and Sharing Center.
3. In the command prompt, type ipconfig /all to display your IP address settings. b. Click Change Adapter Settings, right-click the Local Area Connection icon.
MAC OS X c. Then click Properties and click Internet Protocol Version 4 (TCP/IPv4).
1. Navigate to your Applications folder and open Utilities. d. Then click Obtain an IP address automatically and click OK.
2. Double-click on Terminal to launch the command prompt. Windows Vista
3. In the command prompt, type ipconfig getifaddr <en0 or en1> to display the wired a. Go into the Control Panel, click Network and Internet.
or wireless IP address settings. b. Click Manage Network Connections, right-click the Local Area Connection
Note: en0 is typically the wired Ethernet and en1 is typically the wireless Airport icon and click Properties.
interface. c. Click Internet Protocol Version (TCP/IPv4) and then click Properties.
d. Then click Obtain an IP address automatically and click OK.
Windows XP/2000
Graphical Method a. Go into the Control Panel, double-click the Network Connections icon
MAC OS 10.6/10.5 b. Right-click the Local Area Connection icon and the click Properties.
1. From the Apple menu, select System Preferences. c. Click Internet Protocol (TCP/IP) and click Properties.
2. In System Preferences, from the View menu, select Network. d. Then click Obtain an IP address automatically and click OK.
3. In the Network preference window, click a network port (e.g., Ethernet, AirPort, MAC OS 10.4/10.5/10.6
modem). If you are connected, you'll see your IP address settings under "Status:" a. From the Apple, drop-down list, select System Preferences.
b. Click the Network icon.
MAC OS 10.4 c. From the Location drop-down list, select Automatic.
1. From the Apple menu, select Location, and then Network Preferences. d. Select and view your Ethernet connection.
2. In the Network Preference window, next to "Show:", select Network In MAC OS 10.4, from the Show drop-down list, select Built-in
Status. You'll see your network status and your IP address settings displayed. Ethernet and select the TCP/IP tab.

106
In MAC OS 10.5/10.6, in the left column, select Ethernet. How to connect to a wireless network using the built-in Windows utility?
e. Configure TCP/IP to use DHCP. Note: Please note that although the following procedures provided to follow for your
In MAC 10.4, from the Configure IPv4, drop-down list, select Using operating system on configuring your network settings can be used as general
DHCP and click the Apply Now button. guidelines, however, it is strongly recommended that you consult your computer or
In MAC 10.5, from the Configure drop-down list, select Using DHCP operating system manufacturer directly for assistance on the proper procedure for
and click the Apply button. connecting to a wireless network using the built-in utility.
In MAC 10.6, from the Configure drop-down list, select Using DHCP
and click the Apply button.
f. Restart your computer. Windows 7/8/8.1/10
1. Open Connect to a Network by clicking the network icon ( or ) in the

Note: If you are experiencing difficulties, please contact your computer or operating notification area.
system manufacturer for assistance. 2. In the list of available wireless networks, click the wireless network you would like to
connect to, then click Connect.
How to find your MAC address? 4. You may be prompted to enter a security key in order to connect to the network.
In Windows 2000/XP/Vista/7/8.1/10, 5. Enter in the security key corresponding to the wireless network, and click OK.
Your computer MAC addresses are also displayed in this window, however, you can type
getmac –v to display the MAC addresses only. Windows Vista
1. Open Connect to a Network by clicking the Start Button. and then click Connect
In MAC OS 10.4, To.
1. Apple Menu > System Preferences > Network 2. In the Show list, click Wireless.
2. From the Show menu, select Built-in Ethernet. 3. In the list of available wireless networks, click the wireless network you would like to
3. On the Ethernet tab, the Ethernet ID is your MAC Address. connect to, then click Connect.
4. You may be prompted to enter a security key in order to connect to the network.
In MAC OS 10.5/10.6, 5. Enter in the security key corresponding to the wireless network, and click OK.
1. Apple Menu > System Preferences > Network
2. Select Ethernet from the list on the left. Windows XP
3. Click the Advanced button. 1. Right-click the network icon in the notification area, then click View Available
3. On the Ethernet tab, the Ethernet ID is your MAC Address. Wireless Networks.
2. In Connect to a Network, under Available Networks, click the wireless network you
would like to connect to.
3. You may be prompted to enter a security key in order to connect to the network.
4. Enter in the security key corresponding to the wireless network, and click Connect.

107
Federal Communication Commission Interference Statement Industry Canada Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, INDUSTRY CANADA RADIATION EXPOSURE STATEMENT
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable This equipment complies with IC radiation exposure limits set forth for an uncontrolled
protection against harmful interference in a residential installation. This equipment generates, environment. This equipment should be installed and operated with minimum distance
uses and can radiate radio frequency energy and, if not installed and used in accordance with of 20 cm between the radiator and your body.
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation. If this equipment does
This device and its antennas(s) must not be co-located or operating in conjunction with
cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by any other antenna or transmitter except in accordance with IC multi-transmitter
one of the following measures: product procedures.
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver. This radio transmitter (IC: 6337A-TEW829DRU) has been approved by Industry Canada
• Connect the equipment into an outlet on a circuit different from that to which to operate with the antenna types listed below with the maximum permissible gain and
the receiver is connected. required antenna impedance for each antenna type indicated. Antenna types not
• Consult the dealer or an experienced radio/TV technician for help. included in this list, having a gain greater than the maximum gain indicated for that
FCC Caution: Any changes or modifications not expressly approved by the party responsible type, are strictly prohibited for use with this device.
for compliance could void the user's authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cause harmful interference, and (2) this device must accept
This device has been designed to operate with cellular antennas having a maximum gain
any interference received, including interference that may cause undesired operation.
of 3 dBi. Antennas having a higher gain are strictly prohibited per regulations of Industry
Canada. The required antenna impedance is 50 ohms.
IMPORTANT NOTE:
These devices have been designed to operate with WiFi antennas having a maximum
Radiation Exposure Statement: gain of 5 dBi. Antennas having a higher gain are strictly prohibited per regulations of
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled Industry Canada. The required antenna impedance is 50 ohms.
environment. This equipment should be installed and operated with minimum distance
20cm between the radiator & your body.
This transmitter must not be co-located or operating in conjunction with any other antenna
DÉCLARATION D’INDUSTRIE CANADA
or transmitter.
Le présent appareil est conforme aux CNR d'ISED applicables aux appareils radio
Country Code selection feature to be disabled for products marketed to the US/CANADA
exempts de licence. L'exploitation est autorisée aux deux conditions suivantes : (1)
l'appareil ne doit pas produire de brouillage, et (2) l'utilisateur de l'appareil doit
accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en
compromettre le fonctionnement.
Pour les produits disponibles aux États-Unis / Canada du marché, seul le canal 1 à 11
peuvent être exploités. Sélection d'autres canaux n'est pas possible.

108
les dispositifs fonctionnant dans la bande 5150-5250 MHz sont réservés uniquement
pour une utilisation à l’intérieur afin de réduire les risques de brouillage préjudiciable
aux systèmes de satellites mobiles utilisant les mêmes canaux.
NOTE IMPORTANTE (POUR L’UTILISATION DE DISPOSITIFS MOBILES): DÉCLARATION

D’EXPOSITION AUX RADIATIONS
Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies
pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec
un minimum de 20 cm de distance entre la source de rayonnement et votre corps.
Cet appareil et son antenne (s) ne doit pas être co-localisés ou fonctionnement en
association avec une autre antenne ou transmetteur.
Le présent émetteur radio (IC: 6337A-TEW829DRU) a été approuvé par Industrie Canada
pour fonctionner avec les types d'antenne énumérés ci-dessous et ayant un gain
admissible maximal et l'impédance requise pour chaque type d'antenne. Les types
d'antenne non inclus dans cette liste, ou dont le gain est supérieur au gain maximal
indiqué, sont strictement interdits pour l'exploitation de l'émetteur.
Ce dispositive a ete concu pour fonctionner ave une antenna cellulaire ayant un gain
maximal de 3 dBi. Une antenne a gain plus eleve est strictement interdite par les
reglemnets d’Industrie Canada. L’impedance d’antenne requise est de 50 ohms.
Ce dispositive a ete concu pour fonctionner ave une antenna WiFi ayant un gain
maximal de 5 dBi. Une antenne a gain plus eleve est strictement interdite par les
reglemnets d’Industrie Canada. L’impedance d’antenne requise est de 50 ohms.

109
Limited Warranty In the event that, after evaluation, TRENDnet cannot replace the defective product or
there is no comparable model available, we will refund the depreciated value of the
TRENDnet warrants only to the original purchaser of this product from a TRENDnet product.
authorized reseller or distributor that this product will be free from defects in material
and workmanship under normal use and service. This limited warranty is non-
If a product does not operate as warranted during the applicable warranty period,
transferable and does not apply to any purchaser who bought the product from a
TRENDnet shall reserve the right, at its expense, to repair or replace the defective
reseller or distributor not authorized by TRENDnet, including but not limited to
product or part and deliver an equivalent product or part to the customer. The
purchases from Internet auction sites.
repair/replacement unit's warranty continues from the original date of purchase. All
products that are replaced become the property of TRENDnet. Replacement products
Limited Warranty may be new or reconditioned. TRENDnet does not issue refunds or credit. Please
TRENDnet warrants its products against defects in material and workmanship, under contact the point-of-purchase for their return policies.
normal use and service. Specific warranty periods are listed on each of the respective
product pages on the TRENDnet website. TRENDnet shall not be responsible for any software, firmware, information, or memory
• AC/DC Power Adapter, Cooling Fan, and Power Supply carry a one-year data of customer contained in, stored on, or integrated with any products returned to
warranty. TRENDnet pursuant to any warranty.
Limited Lifetime Warranty

There are no user serviceable parts inside the product. Do not remove or attempt to
TRENDnet offers a limited lifetime warranty for all of its metal-enclosed network
switches that have been purchased in the United States/Canada on or after 1/1/2015. service the product by any unauthorized service center. This warranty is voided if (i) the
product has been modified or repaired by any unauthorized service center, (ii) the
• Cooling fan and internal power supply carry a one-year warranty product was subject to accident, abuse, or improper use, or (iii) the product was subject
to conditions more severe than those specified in the manual.
To obtain an RMA, the ORIGINAL PURCHASER must show Proof of Purchase and return
the unit to the address provided. The customer is responsible for any shipping-related
costs that may occur. Replacement goods will be shipped back to the customer at Warranty service may be obtained by contacting TRENDnet within the applicable
TRENDnet’s expense. warranty period and providing a copy of the dated proof of the purchase. Upon proper
submission of required documentation, a Return Material Authorization (RMA) number
Upon receiving the RMA unit, TRENDnet may repair the unit using refurbished parts. In will be issued. An RMA number is required in order to initiate warranty service support
the event that the RMA unit needs to be replaced, TRENDnet may replace it with a
for all TRENDnet products. Products that are sent to TRENDnet for RMA service must
refurbished product of the same or comparable model.
have the RMA number marked on the outside of return packages and sent to TRENDnet
prepaid, insured and packaged appropriately for safe shipment. International customers

110
shipping from outside of the USA and Canada are responsible for any return shipping CONTRACT OR TORT (INCLUDING NEGLIGENCE), FOR INCIDENTAL, CONSEQUENTIAL,
and/or customs charges, including but not limited to, duty, tax, and other fees. INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE OR
PROFITS, LOSS OF BUSINESS, LOSS OF INFORMATION OR DATE, OR OTHER FINANCIAL
LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION,
Refurbished product: Refurbished products carry a 90-day warranty after date of
MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF THE POSSIBILITY
purchase. Please retain the dated sales receipt with purchase price clearly visible as
OF SUCH DAMAGES, AND LIMITS ITS LIABILITY TO REPAIR, REPLACEMENT, OR REFUND
evidence of the original purchaser's date of purchase. Replacement products may be
OF THE PURCHASE PRICE PAID, AT TRENDNET'S OPTION. THIS DISCLAIMER OF LIABILITY
refurbished or contain refurbished materials. If TRENDnet, by its sole determination, is
FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL
unable to replace the defective product, we will offer a refund for the depreciated value
OF ITS ESSENTIAL PURPOSE.
of the product.
Governing Law: This Limited Warranty shall be governed by the laws of the state of
WARRANTIES EXCLUSIVE: IF THE TRENDNET PRODUCT DOES NOT OPERATE AS
California.
WARRANTED ABOVE, THE CUSTOMER'S SOLE REMEDY SHALL BE, AT TRENDNET'S
OPTION, REPAIR OR REPLACE. THE FOREGOING WARRANTIES AND REMEDIES ARE
EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, Some TRENDnet products include software code written by third party developers.
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING These codes are subject to the GNU General Public License ("GPL") or GNU Lesser
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. General Public License ("LGPL").
TRENDNET NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR
IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
Visit http://www.trendnet.com/gpl or the support section on
MAINTENANCE, OR USE OF TRENDNET'S PRODUCTS.
http://www.trendnet.com and search for the desired TRENDnet product to access to
the GPL Code or LGPL Code. These codes are distributed WITHOUT WARRANTY and are
TRENDNET SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND subject to the copyrights of the developers. TRENDnet does not provide technical
EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST support for these codes. Please visit http://www.gnu.org/licenses/gpl.txt or
OR WAS CAUSED BY CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT, http://www.gnu.org/licenses/lgpl.txt for specific terms of each license.
IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR OR PWP07172015v3 2020/09/14
MODIFY, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: TO THE FULL EXTENT ALLOWED BY LAW, TRENDNET ALSO
EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY, WHETHER BASED IN

111

UG - TEW 829DRU (v1) 20200914

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

UG - TEW 829DRU (v1) 20200914

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

UG - TEW 829DRU (v1) 20200914

Uploaded by

Copyright:

Available Formats

TRENDnet User’s Guide Cover Page

TRENDnet User’s Guide Table of Contents

Table of Contents Application layer gateway (ALG) ................................................................................. 26

Product Overview ...........................................................................1 UPnP and NAT-PMP ..................................................................................................... 27

Package Contents .......................................................................................................... 1 Static routes................................................................................................................. 27

Features ......................................................................................................................... 1 Dynamic routing protocols .......................................................................................... 28

Product Hardware Features........................................................................................... 3 Routing Information Protocol (RIP).................................................................................. 28

© Copyright 2019 TRENDnet. All Rights Reserved.

One-to-One NAT .......................................................................................................... 52 IPsec ................................................................................................................................. 88

MWAN Status ................................................................................................................... 55 Local Access Management ............................................................................................... 90

Virtual Private Networking (VPN) .................................................. 62 Console access ............................................................................................................. 93

PPTP VPN Server .......................................................................................................... 63 Router Default Settings ............................................................................................... 94

© Copyright 2019 TRENDnet. All Rights Reserved.

Product Overview Features

© Copyright 2019 TRENDnet. All Rights Reserved.

Rack Mount Design

Online Firmware Updates

© Copyright 2019 TRENDnet. All Rights Reserved.

Product Hardware Features

Front Panel View Rear Panel View

© Copyright 2019 TRENDnet. All Rights Reserved.

LED Indicators Port/Button Description

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

Router Installation Rack Mount Hardware Installation

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

Basic Router Settings Saving and applying router configuration changes

Change your administrator password

© Copyright 2019 TRENDnet. All Rights Reserved.

Create time schedules

2. Click on Administrator and click Schedule.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

2. Click on Network and click LAN.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

Add static DHCP reservations Add static host name entries

2. Click on Network and click LAN.

3. Under the Host Entries section, click Add.

© Copyright 2019 TRENDnet. All Rights Reserved.

2. Click on Network and click LAN.

5. Click Apply to save and commit the changes.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

© Copyright 2019 TRENDnet. All Rights Reserved.

• Integrated IPsec – Better Security

© Copyright 2019 TRENDnet. All Rights Reserved.

Network > VLAN

2. Click on Network and click VLAN.

© Copyright 2019 TRENDnet. All Rights Reserved.

2. Click on Network and click VLAN.