Caập nhật tp-link tl-wr741nd 4.0 như nào năm 2024
Hiện nay, có khá nhiều khách hàng thắc mắc việc truy cập địa chỉ 192.168.1.1 và không thể đổi mật khẩu wifi được. Vì thế chúng tôi xin trình bày một số lời giải đáp với trường hợp cụ thể như sau: Tôi đang sử dụng modem TP-Link: TL-WR741ND có hình ảnh như bên dưới: - Thiết bị lắp đặt cáp quang bao gồm:
- Mô hình: Bước 1: Dây internet cáp quang (còn gọi là dây quang) màu đen, dây này được đấu nối với zắc nối màu vàng như hình bên dưới. Với thiết kế gọn gàng, thân thiện với người dùng, giao diện hiển thị của Touch P5 – Router Gigabit Wi-Fi Cảm ứng AC1900 sử dụng bộ xử lý lõi kép 1GHz cho khả năng xử lý đa nhiệm mạnh mẽ. Với chuẩn wifi không dây AC băng tầng kép cho phép bạn kết nối nhiều thiết bị hơn nhưng vẫn có thể trải nghiệm tốc độ không dây lên đến 1900Mbps. Nghĩa là bạn có thể tận hưởng video độ phân giải cao 4K và trò chơi trực tuyến mượt mà trên băng tần 5GHz, trong khi các công việc khác như kiểm tra email, lướt web có thể được hoàn thành nhanh chóng trên băng tần 2.4GHz. `# Nodogsplash Configuration File# Parameter: GatewayInterfaceDefault: NONEGatewayInterface is not autodetected, has no default, and must be set here.Set GatewayInterface to the interface on your routerthat is to be managed by Nodogsplash.Typically br0 for the wired and wireless lan on OpenWrt White Russian.May be br-lan on OpenWrt Kamikaze.GatewayInterface br-lan FirewallRuleSet: authenticated-usersControl access for users after authentication.These rules are inserted at the beginning of theFORWARD chain of the router's filter table, andapply to packets that have come in to the routerover the GatewayInterface from MAC addresses thathave authenticated with Nodogsplash, and that aredestined to be routed through the router. The rules areconsidered in order, and the first rule that matchesa packet applies to it.If there are any rules in this ruleset, an authenticatedpacket that does not match any rule is rejected.N.B.: This ruleset is completely independent ofthe preauthenticated-users ruleset.FirewallRuleSet authenticated-users { You may want to open access to a machine on a localsubnet that is otherwise blocked (for example, toserve a redirect page; see RedirectURL). If so,allow that explicitly here, e.g:FirewallRule allow tcp port 80 to 192.168.254.254Your router may have several interfaces, and youprobably want to keep them private from the GatewayInterface.If so, you should block the entire subnets on those interfaces, e.g.:FirewallRule block to 192.168.0.0/16FirewallRule block to 10.0.0.0/8Typical ports you will probably want to open up include53 udp and tcp for DNS,80 for http,443 for https,22 for ssh:FirewallRule allow tcp port 53 FirewallRule allow udp port 53 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 FirewallRule allow tcp port 22 } end FirewallRuleSet authenticated-usersFirewallRuleSet: preauthenticated-usersControl access for users before authentication.These rules are inserted in the PREROUTING chainof the router's nat table, and in theFORWARD chain of the router's filter table.These rules apply to packets that have come in to therouter over the GatewayInterface from MAC addresses thatare not on the BlockedMACList or TrustedMACList,are not authenticated with Nodogsplash. The rules areconsidered in order, and the first rule that matchesa packet applies to it. A packet that does not matchany rule here is rejected.N.B.: This ruleset is completely independent ofthe authenticated-users and users-to-router rulesets.FirewallRuleSet preauthenticated-users { For preauthenticated users to resolve IP addresses in their initialrequest not using the router itself as a DNS server,you probably want to allow port 53 udp and tcp for DNS.FirewallRule allow tcp port 53 FirewallRule allow udp port 53 For splash page content not hosted on the router, youwill want to allow port 80 tcp to the remote host here.Doing so circumvents the usual capture and redirect ofany port 80 request to this remote host.Note that the remote host's numerical IP address must be knownand used here.FirewallRule allow tcp port 80 to 192.168.1.1 FirewallRule allow tcp port 443 to 192.168.1.1 } end FirewallRuleSet preauthenticated-usersFirewallRuleSet: users-to-routerControl access to the router itself from the GatewayInterface.These rules are inserted at the beginning of theINPUT chain of the router's filter table, andapply to packets that have come in to the routerover the GatewayInterface from MAC addresses thatare not on the TrustedMACList, and are destined forthe router itself. The rules areconsidered in order, and the first rule that matchesa packet applies to it.If there are any rules in this ruleset, apacket that does not match any rule is rejected.FirewallRuleSet users-to-router { Nodogsplash automatically allows tcp to GatewayPort,at GatewayAddress, to serve the splash page.However you may want to open up other ports, e.g.53 for DNS and 67 for DHCP if the router itself isproviding these services.FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 You may want to allow ssh, http, and https to the routerfor administration from the GatewayInterface. If not,comment these out.FirewallRule allow tcp port 22 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 } end FirewallRuleSet users-to-routerEmptyRuleSetPolicy directivesThe FirewallRuleSets that NoDogSplash permits are:authenticated-userspreauthenticated-usersusers-to-routertrusted-userstrusted-users-to-routerFor each of these, an EmptyRuleSetPolicy can be specified.An EmptyRuleSet policy applies to a FirewallRuleSet if theFirewallRuleSet is missing from this configuration file,or if it exists but contains no FirewallRules.The possible values of an EmptyRuleSetPolicy are:allow -- packets are acceptedblock -- packets are rejectedpassthrough -- packets are passed through to pre-existing firewall rulesDefault EmptyRuleSetPolicies are set as follows:EmptyRuleSetPolicy authenticated-users passthroughEmptyRuleSetPolicy preauthenticated-users block EmptyRuleSetPolicy users-to-router blockEmptyRuleSetPolicy trusted-users allowEmptyRuleSetPolicy trusted-users-to-router allowParameter: GatewayNameDefault: NoDogSplashSet GatewayName to the name of your gateway. This valuewill be available as variable $gatewayname in the splash page sourceand in status output from ndsctl, but otherwise doesn't matter.If none is supplied, the value "NoDogSplash" is used.GatewayName Wifi Login Parameter: GatewayAddressDefault: Discovered from GatewayInterfaceThis should be autodetected on an OpenWRT system, but if not:Set GatewayAddress to the IP address of the router onthe GatewayInterface. This is the address that the Nodogsplashserver listens on.GatewayAddress 192.168.1.1Parameter: ExternalInterfaceDefault: Autodetected from /proc/net/routeThis should be autodetected on a OpenWRT system, but if not:Set ExtrnalInterface to the 'external' interface on your router,i.e. the one which provides the default route to the internet.Typically vlan1 for OpenWRT.ExternalInterface eth0 Parameter: RedirectURLDefault: noneAfter authentication, normally a user is redirectedto their initially requested page.If RedirectURL is set, the user is redirected to this URL instead.RedirectURL http://www.ilesansfil.org/Parameter: GatewayPortDefault: 2050Nodogsplash's own http server uses GatewayAddress as its IP address.The port it listens to at that IP can be set here; default is 2050.GatewayPort 2050Parameter: MaxClientsDefault: 20Set MaxClients to the maximum number of users allowed toconnect at any time. (Does not include users on the TrustedMACList,who do not authenticate.)MaxClients 50 ClientIdleTimeoutParameter: ClientIdleTimeoutDefault: 10Set ClientIdleTimeout to the desired of number of minutesof inactivity before a user is automatically 'deauthenticated'.ClientIdleTimeout 300 Parameter: ClientForceTimeoutDefault: 360Set ClientForceTimeout to the desired number of minutes beforea user is automatically 'deauthenticated', whether active or notClientForceTimeout 3600 Parameter: AuthenticateImmediatelyDefault: noSet to yes (or true or 1), to immediately authenticate userswho make a http port 80 request on the GatewayInterface (that is,do not serve a splash page, just redirect to the user's request,or to RedirectURL if set).AuthenticateImmediately noParameter: MACMechanismDefault: blockEither block or allow.If 'block', MAC addresses on BlockedMACList are blocked fromauthenticating, and all others are allowed.If 'allow', MAC addresses on AllowedMACList are allowed toauthenticate, and all other (non-trusted) MAC's are blocked.MACMechanism blockParameter: BlockedMACListDefault: noneComma-separated list of MAC addresses who will be completely blockedfrom the GatewayInterface. Ignored if MACMechanism is allow.N.B.: weak security, since MAC addresses are easy to spoof.BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0DParameter: AllowedMACListDefault: noneComma-separated list of MAC addresses who will not be completelyblocked from the GatewayInterface. Ignored if MACMechanism is block.N.B.: weak security, since MAC addresses are easy to spoof.AllowedMACList 00:00:12:34:56:78Parameter: TrustedMACListDefault: noneComma-separated list of MAC addresses who are not subject toauthentication, and are not restricted by any FirewallRuleSet.N.B.: weak security, since MAC addresses are easy to spoof.TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0DParameter: PasswordAuthenticationDefault: noSet to yes (or true or 1), to require a password matchingthe Password parameter to be supplied when authenticating.PasswordAuthentication noParameter: PasswordDefault: noneWhitespace delimited string that is compared to user-suppliedpassword when authenticating.Password ratlabimatParameter: UsernameAuthenticationDefault: noSet to yes (or true or 1), to require a username matchingthe Username parameter to be supplied when authenticating.UsernameAuthentication yesParameter: UsernameDefault: noneWhitespace delimited string that is compared to user-suppliedusername when authenticating.Username wifiParameter: PasswordAttemptsDefault: 5Integer number of failed password/username entries beforea user is forced to reauthenticate.PasswordAttempts 5Parameter: TrafficControlDefault: noSet to yes (or true or 1), to enable traffic control in Nodogsplash.TrafficControl noParameter: DownloadLimitDefault: 0If TrafficControl is enabled, this sets the maximum downloadspeed to the GatewayInterface, in kilobits per second.For example if you have an ADSL connection with 768 kbitdownload speed, and you want to allow about half of thatbandwidth for the GatewayInterface, set this to 384.A value of 0 means no download limiting is done.DownloadLimit 384Parameter: UploadLimitDefault: 0If TrafficControl is enabled, this sets the maximum uploadspeed from the GatewayInterface, in kilobits per second.For example if you have an ADSL connection with 128 kbitupload speed, and you want to allow about half of thatbandwidth for the GatewayInterface, set this to 64.A value of 0 means no upload limiting is done.UploadLimit 64Parameter: GatewayIPRangeDefault: 0.0.0.0/0By setting this parameter, you can specify a range of IP addresseson the GatewayInterface that will be responded to and managed byNodogsplash. Addresses outside this range do not have their packetstouched by Nodogsplash at all.Defaults to 0.0.0.0/0, that is, all addresses.GatewayIPRange 0.0.0.0/0Parameter: ImagesDirDefault: imagesSet the directory from which images are served.Use $imagesdir in HTML files to reference this directory.ImagesDir imagesParameter: BinVoucherDefault: NoneEnable Voucher Support.If set, an alphanumeric voucher HTTP parameter is acceptedand passed to a command line call along with the clients MAC:$
|