Head blueLogoText.gif NCF HelpWiki
Help | StartPage

Difference between revisions of "TP-Link TD-W8961ND Configuration"

From Support
Jump to navigation Jump to search
m
m
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
<div class="ncfrightbox"> {{Template:Modem Links}} </div>
<div class="ncfrightbox"> {{Template:Modem Links}} </div>
[[File:TP-Link TD-W8961ND.jpg|thumb|left|x250px|The TP-Link 8961ND modem]]
[[File:TP-Link TD-W8961ND.jpg|thumb|left|x250px|The TP-Link 8961ND modem]]
This is the procedure NCF uses to configure a TP-Link 8961ND modem out of the box or after a factory reset. To learn more about configuring your particular modem, consult the [[Modem Manuals|manual]].
 
{{Template:Misfortune_Cookie_Upgrade_Firmware}}


= Configure as router=
= Configure as router=
{{Template:Back_to_the_Top}}


This is the procedure NCF uses to configure a TP-Link 8961ND modem out of the box or after a factory reset. To learn more about configuring your particular modem, consult the [[Modem Manuals|manual]].
# Connect power and turn on the modem with the black button on the back.
# Connect power and turn on the modem with the black button on the back.
# Connect an Ethernet LAN cable to one of the yellow rear ports
# Connect an Ethernet LAN cable to one of the yellow rear ports
# In the browser's address bar, enter the IP address for the modem interface page: 192.168.1.1
# In the browser's address bar, enter the IP address for the modem interface page: [https://192.168.1.1 192.168.1.1]
# If the modem is fresh from the factory, use the default user name and password to gain access
# If the modem is fresh from the factory, use the default user name and password to gain access
##'''user:''' admin  
##'''user:''' admin  
Line 14: Line 17:
If the modem was previously configured for someone, the password would be the previous user's [[DSL password]]. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 15 seconds to reset. The user name and password will now be as above.
If the modem was previously configured for someone, the password would be the previous user's [[DSL password]]. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 15 seconds to reset. The user name and password will now be as above.


== Using Quick Start Wizard ==
{{:Template:Quick Facts (TP-Link DSL modem)}}
{{:Template:Quick Facts (TP-Link DSL modem)}}


# When presented with the TP-Link configuration page, select the '''Quick Start''' option at the top left.
# When presented with the TP-Link configuration page, select the '''Quick Start''' option at the top left.
# Select '''Run Wizard''' to proceed.
# Select '''Run Wizard''' to proceed. Now a window pops open and you can begin to set up the details of the interface.
Now a window pops open and you can begin to set up the details of the interface.
# Select '''Next''' to proceed
# Select '''Next''' to proceed
# Set the Time Zone '''Eastern'''
# Set the Time Zone '''Eastern'''
Line 28: Line 31:
# Ensure '''VPI''' is set to '''0''' and '''VCI''' is set to '''35'''
# Ensure '''VPI''' is set to '''0''' and '''VCI''' is set to '''35'''
# Ensure that the encapsulation remains at '''PPPoE LLC''' (default)
# Ensure that the encapsulation remains at '''PPPoE LLC''' (default)
# Click '''Next'''
# Click '''Next'''.
# Continuing now to set the '''Wireless''' configuration
## Ensure '''Access Point''' indicates '''activated'''
## The '''SSID''' is set to NCF plus a random number, such as '''NCF_123456'''. It is recommended you not use your first or last name, or street address as this information is broadcast and other people in your area will be able to associate the signal with which home it is coming from.
## Broadcast SSID remains selected
## '''Auth Type''' - must be set to '''WPA2-PSK'''
##*...wait a moment for it to offer additional field for encryption and password...
## Set '''Encryption Type''' to be '''AES'''
## Set the '''Preshared Key''' to be your DSL-Password
## Click '''Next''' to proceed.
# Click '''Next''' again to Finish the wizard.
 
The modem should now synchronize and connect to your DSL service if the service is operating. You may need to reboot the modem to get it to connect.
 
==Security==
{{Template:Back_to_the_Top}}
 
===Turn on SPI firewalling===
# In '''Advanced Setup''' select '''Firewall'''.
# '''SPI: Enabled'''
 
=== Turn Off UPnP ===
# Click on '''Access Management'''.
# Select '''UPnP'''
# Select '''Deactivated''' for UPnP and Auto-Configured.
# Save the changes with '''Save'''


Continuing now to set the '''wireless''' configuration
===Deactivate ACL===
# Ensure '''Access Point''' indicates '''activated'''
In December 2014 it was revealed that some models of TP-Link modem, including this model, are subject to hacking if they are running out dated firmware and if the remote access (ACL) is set to allow remote access. [[CERT-announced vulnerability of TP-Link modem/router|This web page]] provides more detailed information on the vulnerability. Latest firmware versions can be checked on the [http://www.tp-link.com/us/download/TD-W8961ND.html#Firmware TP-Link website].
# The '''SSID''' is set to NCF plus a random number, such as '''NCF_123456'''. It is recommended you not use your first or last name, or street address as this information is broadcast and other people in your area will be able to associate the signal with which home it is coming from.
# Broadcast SSID remains selected
# '''Auth Type''' - must be set to '''WPA2-PSK'''
#*...wait a moment for it to offer additional field for encryption and password...
# Set '''Encryption Type''' to be '''AES'''
# Set the '''Preshared Key''' to be your DSL-Password
# Click '''Next''' to proceed.
# Click '''Next''' again to Finish the wizard.


Proceed with four more steps - Setting administrator access, and wireless locale setting
#To be sure your modem is secure, click on  By default the '''ACL''' tab will be active.
#Ensure your '''ACL''' page looks like the screen shot below. If not, choose '''WAN''' from the '''Interface''' drop-down box.
#Select '''Deactivated'''.
#Click '''Save'''.
[[File:TP-Link modem with ACL deactivated.jpg|TP-Link modem with ACL deactivated]]


== Password protect the Admin Role==  
=== Protect Admin Role ===  
# Click on '''Maintenance''' in the menu along the top of the page.  Below it other options appear.
# Click on '''Maintenance''' in the menu along the top of the page.  Below it other options appear.
# Select '''Administration'''  
# Select '''Administration'''  
Line 52: Line 76:
A pop-up log-in screen appears, and asks for sign-in. Use the User-ID '''admin''' and the DSL-Password just set. Return to the same configure page you were just at.
A pop-up log-in screen appears, and asks for sign-in. Use the User-ID '''admin''' and the DSL-Password just set. Return to the same configure page you were just at.


==Set daylight savings time==
==Set Daylight SavingsTime==
{{Template:Back_to_the_Top}}
 
# In '''Maintenance''' select '''Time Zone'''.
# In '''Maintenance''' select '''Time Zone'''.
# Daylight Saving: Enabled
# '''Daylight Saving: Enabled'''


==Turn on SPI firewalling==
== Final Area Setting and Check==
# In '''Advanced Setup''' select '''Firewall'''.
{{Template:Back_to_the_Top}}
# SPI: Enabled


== Final area setting and check==
# Click '''Interface Setup''' in the top-of-page menu
# Click '''Interface Setup''' in the top-of-page menu
# Now select '''Wireless''' in the menu below that.
# Now select '''Wireless''' in the menu below that.
Line 74: Line 98:
# Ensure that PPPoE credentials are set properly for your user name and password.
# Ensure that PPPoE credentials are set properly for your user name and password.


The modem should now synchronize and connect to your DSL service if the service is operating. You may need to reboot the modem to get it to connect.
=See also=
 
{{Template:Back_to_the_Top}}
==Security==
== Turn Off UPnP ==
# Click on "Access Management".
# Select "UPnP
# Select De-activated for UPnP and Auto-Configured.
# Save the changes with "Save"
 
==ACL==
In January 2014 it was revealed that some models of TP-Link modem, including this model, are subject to hacking if they are running out dated firmware and if the remote access (ACL) is set to allow remote access. [[CERT-announced vulnerability of TP-Link modem/router|This web page]] provides more detailed information on the vulnerability. Latest firmware versions can be checked on the [http://www.tp-link.com/us/download/TD-W8961ND.html#Firmware TP-Link website].
 
#To be sure your modem is secure, click on  By default the "ACL" tab will be active.
#Ensure your ACL page looks like the screen shot below. If not, choose "WAN" from the "Interface" drop-down box.
#Select "deactivated".
#Click "Save".
[[File:TP-Link modem with ACL deactivated.jpg|TP-Link modem with ACL deactivated]]


=See also=
*[http://www.tp-link.com/us/products/details/cat-5512_TD-W8961ND.html TP-Link 8961ND home page]
*[http://www.tp-link.com/us/products/details/cat-5512_TD-W8961ND.html TP-Link 8961ND home page]
*[https://www.ncf.ca/ncf/support/w/images/b/bc/About_Your_TP-Link_TD-W8961ND.pdf About your new TP-Link TD-W8961N]
*[[CERT-announced vulnerability of TP-Link modem/router]]
*[[CERT-announced vulnerability of TP-Link modem/router]]
*[[Dynamic DNS]]
*[[Dynamic DNS]]

Latest revision as of 11:30, 26 September 2019

The TP-Link 8961ND modem

⚠ Vulnerable to Misfortune Cookie: Upgrade Firmware ⚠

In December 2014 it was revealed that some versions of this TP-Link model are subject to hacking if they are running outdated firmware and if the remote access (ACL) is set to allow remote access. We documented this vulnerability on the Misfortune Cookie Vulnerability page.

Read more on the Misfortune Cookie as reported in http://www.kb.cert.org/vuls/id/561444.

NCF Recommendation for this modem:

  • Upgrade the Firmware to the lastest version if available.
  • Also, Deactivate ACL from Access ManagementACL.
  • If there is no firmware update for your version, replace the modem.

Configure as router

This is the procedure NCF uses to configure a TP-Link 8961ND modem out of the box or after a factory reset. To learn more about configuring your particular modem, consult the manual.

  1. Connect power and turn on the modem with the black button on the back.
  2. Connect an Ethernet LAN cable to one of the yellow rear ports
  3. In the browser's address bar, enter the IP address for the modem interface page: 192.168.1.1
  4. If the modem is fresh from the factory, use the default user name and password to gain access
    1. user: admin
    2. password: admin

If the modem was previously configured for someone, the password would be the previous user's DSL password. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 15 seconds to reset. The user name and password will now be as above.

Using Quick Start Wizard

DSL Quick Configuration Info

(TP-Link DSL modems)

Modem Web Interface http://192.168.1.1
Modem login Username: admin

Password: (see 'password' below)

VPI / VCI (ADSL) 0.35
VLAN (VDSL) 35
Protocol PPPoE
DSL username (eg. aa999@ncf.ca)
DSL Password Starts with 'ncf' (not the same

as your NCF Start Page login)

Firewall Enabled by default (recommended)
Wireless If enabled, WPA-PSK (WPA2)
  1. When presented with the TP-Link configuration page, select the Quick Start option at the top left.
  2. Select Run Wizard to proceed. Now a window pops open and you can begin to set up the details of the interface.
  3. Select Next to proceed
  4. Set the Time Zone Eastern
  5. Click Next
  6. Set the connection type of PPPoE/PPPoA
  7. Click Next
  8. PPP username in the form ab123@ncf.ca (NOTE the "@ncf.ca" part! - it will not work without that!)
  9. PPP Password uses DSL Password (This is not your NCF account password, but your DSL password and was provided to you when you signed up for service, it starts with "ncf...")
  10. Ensure VPI is set to 0 and VCI is set to 35
  11. Ensure that the encapsulation remains at PPPoE LLC (default)
  12. Click Next.
  13. Continuing now to set the Wireless configuration
    1. Ensure Access Point indicates activated
    2. The SSID is set to NCF plus a random number, such as NCF_123456. It is recommended you not use your first or last name, or street address as this information is broadcast and other people in your area will be able to associate the signal with which home it is coming from.
    3. Broadcast SSID remains selected
    4. Auth Type - must be set to WPA2-PSK
      • ...wait a moment for it to offer additional field for encryption and password...
    5. Set Encryption Type to be AES
    6. Set the Preshared Key to be your DSL-Password
    7. Click Next to proceed.
  14. Click Next again to Finish the wizard.

The modem should now synchronize and connect to your DSL service if the service is operating. You may need to reboot the modem to get it to connect.

Security

Turn on SPI firewalling

  1. In Advanced Setup select Firewall.
  2. SPI: Enabled

Turn Off UPnP

  1. Click on Access Management.
  2. Select UPnP
  3. Select Deactivated for UPnP and Auto-Configured.
  4. Save the changes with Save

Deactivate ACL

In December 2014 it was revealed that some models of TP-Link modem, including this model, are subject to hacking if they are running out dated firmware and if the remote access (ACL) is set to allow remote access. This web page provides more detailed information on the vulnerability. Latest firmware versions can be checked on the TP-Link website.

  1. To be sure your modem is secure, click on By default the ACL tab will be active.
  2. Ensure your ACL page looks like the screen shot below. If not, choose WAN from the Interface drop-down box.
  3. Select Deactivated.
  4. Click Save.

TP-Link modem with ACL deactivated

Protect Admin Role

  1. Click on Maintenance in the menu along the top of the page. Below it other options appear.
  2. Select Administration
  3. For the admin user use your DSL-Password or another strong password.
  4. Enter it once and again below to confirm
  5. Save the changes with Save

A pop-up log-in screen appears, and asks for sign-in. Use the User-ID admin and the DSL-Password just set. Return to the same configure page you were just at.

Set Daylight SavingsTime

  1. In Maintenance select Time Zone.
  2. Daylight Saving: Enabled

Final Area Setting and Check

  1. Click Interface Setup in the top-of-page menu
  2. Now select Wireless in the menu below that.
  3. Choose Canada for the Channel Setup
  4. Click SAVE

Still on this page, Verify:

  1. The SSID in the form NCF_XXXXX or as you set.
  2. The Auth Type is WPA2-PSK
  3. The Encryption Type is AES and key is DSL-Password
  4. Click on the Internet tab
  5. Ensure that PVC2 has VPI/VCI set at 0/35
  6. Ensure that PPPoE credentials are set properly for your user name and password.

See also