Head blueLogoText.gif NCF HelpWiki
Help | StartPage

Difference between revisions of "TP-Link TD-W8950ND Configuration"

From Support
Jump to navigation Jump to search
m
m
Line 13: Line 13:
##'''user:''' admin  
##'''user:''' admin  
##'''password:''' admin
##'''password:''' admin
{{:Template:Quick Facts (TP-Link DSL modem)}}
 
If the modem was previously configured for someone, the password would be the previous user's [[DSL password]]. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 20 seconds to reset. The user name and password will now be as above.
If the modem was previously configured for someone, the password would be the previous user's [[DSL password]]. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 20 seconds to reset. The user name and password will now be as above.
== Using Quick Setup Wizard ==
[[File:TP-Link TD-W8950ND Interface.jpg|thumb|right|The main interface page of the TP-Link TD-W8950ND modem]]


# When presented with the configuration page, proceed with the '''Quick Setup''' option at left.  
# When presented with the configuration page, proceed with the '''Quick Setup''' option at left.  
Line 40: Line 43:


It is typical for some browsers to receive an '''Unable to Connect''' screen after the reset. Simply re-select the configuration page IP address to re-display the configuration menu.
It is typical for some browsers to receive an '''Unable to Connect''' screen after the reset. Simply re-select the configuration page IP address to re-display the configuration menu.
Proceed with Disabling the QSS feature and Protecting the Admin interface.
==Security ==
=== Disable QSS wireless feature ===
The QSS feature is disabled as it does not work and presents a minimal security risk.
# Click on the '''QSS''' feature button on the left side menu.
# Select '''Disable QSS'''
# Select Reboot to apply the change.


Proceed with Disabling the QSS feature and Protecting the Admin interface.
===Switch on the SPI Firewall===
[[File:TP-Link TD-W8950ND Interface.jpg|thumb|right|The main interface page of the TP-Link TD-W8950ND modem]]
The SPI firewall is by default off and should be turned on for better security.
 
#Go to '''Advanced Setup''' → '''LAN'''
#Check the box marked '''Enable SPI Firewall'''


== Password protect the Admin Role ==
=== Protect Admin Role ===
# Click on '''Management''' in the left side menu.  Below it other options appear.
# Click on '''Management''' in the left side menu.  Below it other options appear.
# Select '''Access Control''' and then below that '''Passwords'''
# Select '''Access Control''' and then below that '''Passwords'''
Line 54: Line 69:
# Save the changes.
# Save the changes.


==Switch on the SPI Firewall==
=== Disable ICMP Ping Response ===
The SPI firewall is by default off and should be turned on for better security.
Disabling the ICMP Ping response allows the modem to operate on the internet in "true stealth mode" without replying to ping requests from outside sources.


#Go to '''Advanced Setup''' → '''LAN'''
# Click on '''Mangement''' on the left side menu.
#Check the box marked '''Enable SPI Firewall'''
# Select '''Access Control'''
# Uncheck WAN: '''ICMP enable'''.


==Set the Internet Time==
==Set the Internet Time==
Line 65: Line 81:
#Set '''First NTP time server''' to '''clock.fmt.he.net''' and '''Second NTP time server''' to '''clock.nyc.he.net'''
#Set '''First NTP time server''' to '''clock.fmt.he.net''' and '''Second NTP time server''' to '''clock.nyc.he.net'''
#Click '''Save/Apply'''
#Click '''Save/Apply'''
== Disable QSS wireless feature ==
The QSS feature is disabled as it does not work and presents a minimal security risk.
# Click on the '''QSS''' feature button on the left side menu.
# Select '''Disable QSS'''
# Select Reboot to apply the change.
== Disable ICMP Ping Response ==
Disabling the ICMP Ping response allows the modem to operate on the internet in "true stealth mode" without replying to ping requests from outside sources.
# Click on '''Mangement''' on the left side menu.
# Select '''Access Control'''
# Uncheck WAN: '''ICMP enable'''.


=See also=
=See also=
*[[CERT-announced vulnerability of TP-Link modem/router]]
*[[Misfortune Cookie Vulnerability]]
*[[Modem Configuration]] - for a complete list of instructions for all NCF modems
*[[Modem Configuration]] - for a complete list of instructions for all NCF modems
*[[VOIP]]
*[[VOIP]]

Revision as of 11:47, 26 September 2019

The TP-Link 8950ND modem

This is the procedure NCF uses to configure a TP-Link 8950ND modem out of the box or after a factory reset. To learn more about configuring your particular modem, consult the manual.

Note that the interface for the TD-W8950ND is quite different from the TD-8816, TD-W8901G, TD-W8951ND and the TD-W8961ND. The set-up procedure is also quite different.

Configuring as a Router

  1. Connect power and turn on the modem with the black button on the back.
  2. Connect an Ethernet LAN cable to one of the yellow rear ports
  3. In the browser's address bar, enter the IP address for the modem interface page: http://192.168.1.1
  4. If the modem is fresh from the factory, use the default user name and password to gain access
    1. user: admin
    2. password: admin

If the modem was previously configured for someone, the password would be the previous user's DSL password. If it is unknown then do a reset to factory default, using a paper-clip in the reset hole on the back. Hold for 20 seconds to reset. The user name and password will now be as above.

Using Quick Setup Wizard

The main interface page of the TP-Link TD-W8950ND modem
  1. When presented with the configuration page, proceed with the Quick Setup option at left.

Now set the technical details of the interface:

  1. Ensure VPI is set to 0 and VCI is set to 35
  2. Click Next
  3. Verify that PPPoverEthernet PPPoE is selected
  4. Ensure that the encapsulation remains at LLC/Snap (default)
  5. Click Next

Now set the credentials

  1. PPP username in the form ab123@ncf.ca (NOTE the "@ncf.ca" part! - it will not work without that!)
  2. PPP Password uses DSL Password (This is not your NCF account password, but your DSL password and was provided to you when you signed up for service, it starts with "ncf...")
  3. PPPoE Service name can remain blank
  4. Auth Method - leave as the default Auto
  5. The checkboxes below should all be left unselected, except the last which is Bridge PPPoE Frames
  6. Click Next
  7. No change required here - both options IGMP and WAN are left selected and service name as is.
  8. Click Next
  9. The SSID is set to NCF plus the 3 numeric characters of your ID, such as NCF_123. It is recommended you not use your first or last name or your street address as this information is broadcast and other people in your area will be able to associate the signal with which home it is coming from.
  10. Ensure the WPA2-PSK security option remains selected, and use your DSL Password or another strong password for the Network Key.
  11. Click Next

Look through the summary to ensure you have a sane configuration and commit with Save/Reboot

It is typical for some browsers to receive an Unable to Connect screen after the reset. Simply re-select the configuration page IP address to re-display the configuration menu. Proceed with Disabling the QSS feature and Protecting the Admin interface.

Security

Disable QSS wireless feature

The QSS feature is disabled as it does not work and presents a minimal security risk.

  1. Click on the QSS feature button on the left side menu.
  2. Select Disable QSS
  3. Select Reboot to apply the change.

Switch on the SPI Firewall

The SPI firewall is by default off and should be turned on for better security.

  1. Go to Advanced SetupLAN
  2. Check the box marked Enable SPI Firewall

Protect Admin Role

  1. Click on Management in the left side menu. Below it other options appear.
  2. Select Access Control and then below that Passwords

This unit supports several roles. For personal use just add protection for the Administrator role.

  1. Select the admin user from the pulldown list
  2. Under Old Password enter admin unless it was previously set to something else.
  3. Use the member's DSL password for the password, and confirm.
  4. Save the changes.

Disable ICMP Ping Response

Disabling the ICMP Ping response allows the modem to operate on the internet in "true stealth mode" without replying to ping requests from outside sources.

  1. Click on Mangement on the left side menu.
  2. Select Access Control
  3. Uncheck WAN: ICMP enable.

Set the Internet Time

  1. Go to ManagementInternet Time
  2. Check Automatically synchronize with Internet time servers
  3. Set First NTP time server to clock.fmt.he.net and Second NTP time server to clock.nyc.he.net
  4. Click Save/Apply

See also