BiPAC 7404V(G)OX BiPAC 7404V(G)PX VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User Manual Version release 5.53.s5.rc3 Last Revised Date 23-10-2008...
Page 2
Table of Contents Chapter 1: Introduction ..............1 Introduction to your Router ..............1 Features ....................1 Chapter 2: Installing the Router ............5 Important note for using this router ............5 Package Contents .................5 The Front LEDs ................6 The Rear Ports ...................7 Cabling....................8 Chapter 3: Basic Installation ............
Page 3
Error Log ...................30 Diagnostic ..................30 Quick Start ....................31 ..................35 LAN - Local Area Network..............36 ................36 ..................37 Ethernet ...................37 IP Alias ................38 Ethernet Client Filter ..................40 ................42 ............45 ....................46 ..................47 Port Setting ..................48 DHCP Server ..............49 ..................49 ..................51 ..................61 System ....................62 ..................62 Time Zone .................63...
Page 4
..................85 Firewall Log VPN - Virtual Private Networks (Only available for BiPAC 7404V(G)OX) ..........86 PPTP (Point-to-Point Tunneling Protocol) ..............95 IPSec (IP Security Protocol) ..........104 L2TP (Layer Two Tunneling Protocol) VoIP - Voice over Internet Protocol ..........116 ..............117 SIP Device Parameters .................120 SIP Accounts ..................121...
Page 5
Appendix: Product Support & Contact ........162...
Chapter 1: Introduction Introduction to your Router ADSL router, combining an ADSL modem, ADSL router and Ethernet network switch functionalities, providing everything you need to get the machines on your network connected to the Internet over and network. Features Express Internet Access The router complies with ADSL worldwide standards.
Page 7
Multi-Protocol to Establish a Connection It s and IPoA (RFC1577) to establish a connection with the ISP. The product also supports VC-based and LLC-based multiplexing. Quick Installation Wizard It s information easily which they get from their ISP, then surf the Internet immediately. Universal Plug and Play (UPnP) and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand-alone devices and PCs from many different vendors.
Page 8
Quality of Service (QoS) the router, ensuring important data like gaming packets, customer information, or management information move through the router ay lightning speed, even under heavy load. The QoS features the speed at which different types of outgoing data pass through the router, to ensure P2P users t bring client web serving to a halt.
Page 9
Firmware Upgradeable Rich Management Interfaces It s Virtual Private Network (VPN) (BiPAC 7404V(G)OX only) It allows user to make a tunnel with a remote site directly to secure the data transmission among supported by this router to make a VPN connection or users can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer.
Chapter 2: Installing the Router Important note for using this router Package Contents CD-ROM containing the online manual RJ-11 ADSL/telephone Cable Ethernet (CAT-5) Cable Console kit Power adapter A detachable antenna Quick Start Guide...
The Front LEDs. Meaning Lit when power is ON. Lit red means system failure. Restart the device Power Lit when one of LAN ports is connected to an Ethernet device. Ethernet Port — (RJ-45 connector) Lit green when a wireless connection is established. Wireless Phone 1x-2x Lit green when phone is off hook.
The Rear Ports Port Meaning Antenna Connect the detachable antenna to this port. Connect this port to the 11 cable (telephone) provided. Line Connect this port to the telephone jack on the wall with RJ-11 cable. (Router with LINE port only) Phone Connect this port to an analog phone set with RJ-11 cable.
Cabling One of the most common causes of problem is bad cabling or ADSL line(s) connected devices are turned on. On the front panel of your router is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify if you are using the proper cables. (e.g.
Chapter 3: Basic Installation eb browser. A web browser is included as a standard etc. The product provides an manuals. There are ways to connect the router, either through an external repeater hub or connect directly to your PCs. However, make sure that your PCs have an Ethernet interface installed properly prior to connecting the router device.
Connecting Your Router Connect this router to a ADSL) net work. Power on the device. Power LED lit steadily and that the LAN LED is lit. Connect your router to the telephone jack on the wall with RJ-11 cable.
Page 16
Go to Start. Click on Network. Then click on Network and Sharing Center at the top bar. Center window pops up, select and tions on the left window column. Select the Local Area Connection, and right click the icon to select Properties.
Page 17
Select Internet Protocol Version 4 select the Obtain an IP address au- tomatically and Obtain DNS Server address automatically radio but- ting. Connection Properties window to...
Page 18
Go to Start > Control Panel (in Classic View). In the Control Panel, double-click on Network Connections Double-click Local Area Connection. In the Local Area Connection Status window, click Properties. click Properties. Select the Obtain an IP address auto- matically and the Obtain DNS server address automatically radio buttons.
Page 19
Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and Dial-up Connections. Double-click Local Area Connection. In the Local Area Connection Status window click Properties. click Properties. Select the Obtain an IP address auto- matically and the Obtain DNS server address automatically radio buttons.
Page 20
Go to Start > Settings > Control Panel. In the Control Panel, double-click on tab. or the name of your Network Interface Card (NIC) in your PC. Select the Obtain an IP address auto- matically radio button. Select the Disable DNS radio button...
Page 21
Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and choose the Protocols tab. erties. Select the Obtain an IP address from a DHCP server radio button and click...
Factory Default Settings router, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin admin admin Device LAN IP settings IP Address: 192.168.1.254 ISP setting in WAN site PPPoE DHCP server DHCP server is enabled. Start IP Address: 192.168.1.100 IP pool counts: 100 LAN and WAN Port Addresses...
Information from your ISP out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) or PPPoE. Gather the information as illustrated in the following table and keep it for reference. PPPoE(RFC2516) Name, and Domain Name System (DNS) IP address (it can be automatically assigned by your ISP when you connect or be set manually).
Page 24
Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, Congratulations! You are now successfully logon to the 3G/VoIP/(802.11g) ADSL2+ (VPN) Firewall Router!
Page 25
Status ADSL Table ARP Table DHCP Table Routing Table NAT Sessions UpnP Portmap PPTP Status IPSec Status L2TP Status Email Status VoIP Status VoIP Call Log Event Log Error Log Diagnostic Quick Start System Firewall VoIP Virtual Server Time Schedule Advanced Language (provides user interface in English and French languages)
Status ADSL Status This section displays the ADSL overall status, which shows a number of helpful information such Status: The current status of the 3G card. Signal Strength: The signal strength bar indicates current 3G signal strength. Network Name: The network name that the device is connected to.
ARP Table feature. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). MAC Address: Interface: The interface name (on the router) that this IP Address connects to. Static: Static status of the ARP table entry: DHCP Table Leased: The DHCP assigned IP addresses information.
Leased Table IP Address: The IP address that assigned to client. MAC Address: Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client.
Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination Netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route. RIP Routing Table Destination: The IP address of the destination network.
PPTP Status Name: Type: The type of connection (dial- -out). Enable: e connection is currently enabled. Active: Tunnel Connected: Tunnel is currently connected. Call Connected: If the Call for this VPN entry is currently connected. Encryption: The encryption type used for this VPN connection.
IPSec Status Name: The name you assigned to the particular VPN entry. Active: Connection State: Statistics: Statistics for this VPN Connection. Local Subnet: The local IP Address or Subnet used. Remote Subnet: The Subnet of the remote site. Remote Gateway: The Remote Gateway IP address. SA: The Security Association for this VPN entry.
Error Log Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window. Diagnostic It tests the connection to computer(s) which is connected to the connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your...
Quick Start Click Quick Start. Select the connect mode you want. There are 2 options to choose from: ADSL or 3G. Select ADSL mode from the drop down menu and click Continue. If your ADSL line is not ready, you need to check your ADSL line has been set or not. If your ADSL line is ready, the screen appears ADSL Line is Ready.
Page 37
and click Apply to continue. Select the connection mode. There is ADSL. Protocol: Select the protocol mode. The default mode is PPPoE. VPI/VCI: Enter the VPI and VCI information provided by your ISP. Username: Enter the username provided by your ISP. Password: Enter the password provided by your ISP.
Page 38
WLAN Service: Default setting is set to Enable. If you want to use wireless, both 802.11g and 802.11b device in your network, you can select Enable. ESSID: The ESSID is the distinguished from another. For security which is already built-in to .
Page 39
SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable. Region: This selection is a drop-down box, which allows user to select the country for which the loaded. SIP Service Provider: is done, respective parameters below are automatically displayed. Phone Number: This parameter holds the registration ID of the user within the VoIP SIP registrar.
Page 40
LAN, WAN, System, Firewall, VoIP, QoS, Virtual Server, Time Schedule and Advanced...
LAN - Local Area Network Here are the items within the LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Wireless, Wireless Security, Wireless Client Filter, WPS, Port Setting DHCP Server. Bridge Interface two VLAN groups need to be created. Ethernet: P1 (Port 1) Ethernet1: Note: You should setup each VLAN group with caution.
Ethernet Primary IP Address IP Address: The default IP on this router. Subnet Mask: The default subnet mask on this router. RIP: IP Alias This function creates multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote n IP Address: Specify an IP address on this virtual interface.
Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage machine(s) to access your LAN. Ethernet Client Filter: Default setting is set Disable. Allowed: Blocked: hexadecimal characters. The number 0 - 9 and letters a - f are acceptable. Note: Follow the MAC Address Format xx:xx:xx:xx:xx:xx.
Page 44
You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table. The maximum Ethernet client is 16.
Page 45
Wireless Parameters WLAN Service: Default setting is set to Enable. If you do not have any wireless, both 802.11g and 802.11b, device in your network, select Disable. Mode: 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card.
Page 46
Note: Wireless performance may degrade if select ID channel is already being occupied by other AP(s). TX PowerLevel: It is a function that enhances the wireless transmitting signal strength. User may adjust this power level from minimum 1 up to maximum 127. Note: The Power Level maybe different in each access network user premises environment and choose the most suitable level for your network.
Wireless Security The default mode of wireless security is disabled.
Page 48
WPA-PSK / WPA2-PSK Security Mode: default mode of wireless security is Disable. WPA Algorithms: encrypted algorithms, which incorporates Authentication Code Protocol) of the AES (Advanced Encryption Security) algorithms. WPA Shared Key: The key for network authentication. The input format is in character style and key size should be in the range between 8 and 63 characters.
Page 49
Passphrase: This is Default Used WEP Key: Select the encryption key ID; please refer to Key (1~4) below. Key (1-4): the same as the router. There are four keys...
Page 50
Wireless Client / MAC Address Filter control to accept to restrict unwanted machine(s) to access your LAN. rules to meet your Wireless Client Filter: Default setting is set to Disable. Allowed: Blocked: The maximum client is 16. addresses are 6 bytes long; they are presented only in hexadecimal characters.
Page 51
connects to the router. maximum easily It is reduced by half the user steps to network and enable security.
Port Setting This section ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network. Port # Connection Type: There are Six options to choose from: A full-duplex there are Ethernet compatibility problems with legacy Ethernet devices, and y...
DHCP Server network, and set the default gateway for each PCs to the IP address of the router (by default this is 192.168.1.254). parameters of the DHCP Server including the IP pool (starting IP address and ending IP address to be allocated to PCs on your network), lease time for each assigned IP address (the period of time the IP address assigned will be valid), DNS IP address and the gateway IP address.
WAN - Wide Area Network the Internet. Here are the items within the ADSL Mode. WAN Interface WAN Connection-ADSL Mode Main Port: User can select either ADSL or 3G mode. Failover / Failback: Backup Port: Connectivity Decision: Set how many times of probing failed to switch backup port. Failover Probe Cycle: Set the time duration for the Failover Probe Cycle to determine when the router will switch to the backup connection (backup port) once the main connection (main port) fails.
Page 55
Rule 1. ADSL Down Rule 2. Ping Fail No Ping: It will not send any ping packet to determine the connection. It means to disable the ping fail detection. Ping Gateway: It will send ping packet to gateway and wait response from gateway in every Ping Host: The host must be an IP address.
Page 56
PPPoE Connection PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Username: Enter the username provided by your ISP. You can input up to 128 alphanumeric Password: Enter the password provided by your ISP.
Page 57
Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap. Connection: Always on: If you want the router to establish a PPPoA session when starting up and to au- tomatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet the Internet).
Page 58
PPPoA Connection Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Username: Enter the username provided by your ISP. You can input up to 128 alphanumeric Password: Enter the password provided by your ISP. You can input up to 128 alphanumeric characters (case sensitive).
Page 59
Detail: MTU: headers) that IP will attempt to send through the interface. RIP: TCP MSS Clamp: This option helps to discover the optimal enabled. Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses.
Page 60
MPoA Connection Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.
Page 61
Obtain DNS: A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS.
Page 62
IPoA Routed Connection Protocol: Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.
Page 63
Pure Bridge Protocol: Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: Encap. mode: Choose whether you want the as bridged packet or routed packet. Acceptable Frame Type: only VLAN tagged. Filter Type: Allows all types of ethernet packets through the port.
Page 64
TEL No.: mobile service provider. APN: internet portal which they connect a DHCP Server to, giving you access to the internet i.e. Some Username: Enter the username provided by your service provider. Password: Enter the password provided by your service provider. Authentication Type: Authentication Protocol) or PAP (Password Authentication Protocol) if you know which type the server is using (when acting as a client), or else the authentication type you want clients...
Page 65
Connection: Always On: Keep Alive: Set Enable to allow the router automatically reconnects the connection when ISP disconnects it. Connect to Demand: Internet). In this mode, you must set Idle Timeout value at same time. Enabling Connect on Demand will give you an option of Idle Timeout. Idle Timeout: Auto-disconnect the connection when there is no activity on this call for a pre- determined period of time.
ADSL Mode Connect Mode: the symptom of synchronization problem. Modulation: It will automatically detect capability of your ADSL line mode. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem. Please keep the factory settings unless ADSL is detected as the symptom of low link Activate Line: Aborting (false) your ADSL line and making it active (true) again for taking effect Coding Gain: It reduces router s transmit power which will effect to router s downstream performance.
System Here are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.
Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minute. Firmware Upgrade this software may be improved and revised, and your router allows you to upgrade the software it runs to take advantage of these changes.
Page 69
Backup / Restore to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router.
Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved factory default settings. You may also reset your router to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your router. Caution: After pressing the RESET button for more than 6 seconds, to be sure you power cycle the device again.
User Management to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Add interface. Once you have clicked on Edit, you are shown the following options: valid, as well as add a comment to each user account.
Page 72
create a user account add your new user account. To delete a user account, click on the Delete radio button on the right column of the account you...
Firewall and Access Control from your LAN, as well as helping to prevent attacks from hackers. when using NAT, the that cannot be directly accessed from the Internet. Firewall: Prevent outsiders from accessing your local network. The router provides three levels of security support: Firewall Security and Policy (General Settings): Inbound direction of Packet Filter rules to prevent unauthorized computers or applications to access your local network from the Internet.
Listed are the items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking Firewall Log. General Settings You can There are four options when you enable the Firewall, they are: all inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users High/Medium/Low security level: security are displayed in Port Filters of Packet Filter.
Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is preset more detail information.
Page 76
Example: Table 1: Port Firewall - Low Firewall - Medium Firewall – High Number Protocol Port Filter Start End Inbound Outbound Inbound Outbound Inbound Outbound Application HTTP(80) TCP(6) DNS (53) UDP(17) 53 DNS (53) TCP(6) FTP(21) TCP(6) Telnet(23) TCP(6) TCP(6) POP3(110) TCP(6) (Network...
Page 77
Inbound: Internet to LAN Outbound: LAN to Internet YES: Allowed N/A: Not Applicable Packet Filter – Add TCP/UDP Filter Rule Name Helper: Select drop-down menu Time Schedule: prioritization policy. For setup and detail, refer to Time Schedule section Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or the Address-Filter rule.
Page 78
Packet Filter – Add Raw IP Filter Go to Type drop-down menu, select Use Protocol Number . Rule Name Helper: choosing Select drop-down menu Time Schedule: prioritization policy. For setup and detail, refer to Time Schedule section Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or the Address-Filter rule.
Page 79
HTTP to your router is not allowed. Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet.
Page 80
this case for the low security level), shown below: delete the existing HTTP rule. Inbound and Outbound.
Page 81
Example: Application: Cindy_HTTP Time Schedule: Always On Source Port: 0-65535 (I allow all ports to connect with the application)) port 80 will be forwarded to the PC running your web server:...
Intrusion Detection attempts or other connections that the router determines to be suspicious. Blacklist: If the router detects a possible attack, the source IP or destination IP address will be Intrusion Detection: If enabled, IDS will block Smurf attack attempts. Default is false. Block Duration: Victim Protection Block Duration: This is the duration for blocking Smurf attacks.
Page 84
cannot protect against such attacks. Table 2: Hacker attack types recognized by the IDS Type of Block Drop Intrusion Name Detect Parameter Blacklist Show Log Duration Packet Ascend Kill Src IP Port 135, WinNuke Src IP 137~139, Flag: Victim Smurf Des IP is Dst IP Protection...
Page 85
ICMP Flood sec) ICMP Echo Src IP: Source IP Src Port: Source Port Dst Port: Destination Port Dst IP: Destination IP...