Billion BiPAC 4700ZUL User Manual
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Network Router
  5. BiPAC 4700ZUL
  6. User manual

Billion BiPAC 4700ZUL User Manual

4g/lte outdoor router
Hide thumbs Also See for BiPAC 4700ZUL:
Table of Contents

Advertisement

Quick Links

Download this manual
BiPAC 4700ZU
4G/LTE VPN Outdoor Router
BiPAC 4700ZUL
4G/LTE Outdoor Router
User Manual
Version release: 1.04.1.x
Last revised date: November 22, 2017

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the BiPAC 4700ZUL and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Billion BiPAC 4700ZUL

Summary of Contents for Billion BiPAC 4700ZUL

  • Page 1 BiPAC 4700ZU 4G/LTE VPN Outdoor Router BiPAC 4700ZUL 4G/LTE Outdoor Router User Manual Version release: 1.04.1.x Last revised date: November 22, 2017...

  • Page 2: Table Of Contents

    Table of Contents Chapter 1: Introduction ..........................1 Introduction to your Router ........................1 Features & Specifications ........................2 Hardware Specifications ......................... 4 Application Diagram ..........................5 Chapter 2: Product Overview ........................6 Important Note for Using This Router...................... 6 Device Description ..........................
  • Page 3 Dynamic Routing ............................50 NAT ................................52 Static DNS ..............................57 Time Schedule ............................58 Mail Alert ..............................59 VPN (BiPAC 4700ZU only) ..........................60 IPSec ................................. 61 PPTP Server .............................. 71 PPTP Client ............................... 73 L2TP................................82 GRE Tunnel ............................... 92 OpenVPN Server ............................

  • Page 4: Chapter 1: Introduction

    Chapter 1: Introduction Introduction to your Router Integrated with Latest 4G LTE Network and Dual-Polarized MIMO Antenna Technology BiPAC 4700ZU/ 4700ZUL integrates the latest high speed 4G/LTE module enabling support of multiple high bandwidth applications. Areas with a weak or nonexistent wireless signal can benefit from the extended range and reach of the Dual-Polarized MIMO antenna technology for their environment or application whether LOS(Line of Sight) or NLOS(Non-Line of Sight).

  • Page 5: Features & Specifications

    Features & Specifications • 4G/LTE for high speed mobile broadband connectivity • High performance antenna for increased coverage, signal reception and efficiency • Gigabit Ethernet LAN (PoE) • IPv6 ready (IPv4/IPv6 dual stack) • Support to obtain power via 802.3at PoE(Power over Ethernet) •...
  • Page 6 • VRRP(Virtual Router Redundancy Protocol) Firewall • Built-in NAT Firewall • Stateful Packet Inspection (SPI) • DoS attack prevention including Land Attack, Ping of Death, etc • Access control • IP&MAC filter, URL Content Filter • Password protection for system management •...

  • Page 7: Hardware Specifications

    Hardware Specifications Physical interface • One(1) Embeded 4G/LTE module • One(1) mini-SIM(2FF) card slot • One(1) Gigabit Ethernet LAN with PoE, can obtain power via 802.3at PoE - equipped switch or power injector. • Factory default reset button...

  • Page 8: Application Diagram

    Application Diagram BiPAC 4700ZU/ 4700ZUL:...

  • Page 9: Chapter 2: Product Overview

    Chapter 2: Product Overview Important Note for Using This Router  Do not use the router in high humidity or high temperature.  Do not open or repair the case yourself. If the device becomes too hot, turn off the power immediately and have it repaired at a qualified service center.

  • Page 10: Device Description

    Device Description PORT MEANING After the device is powered on, press it 6 seconds or above: to restore to factory default settings (this is used when you cannot login to the router, e.g. forgot your Reset button password) Insert the mini SIM card (2FF) with the gold contact facing down. SIM Card Slot Push the mini SIM card (2FF) inwards to eject it Green...

  • Page 11: The Detail Instruction In Reset Button

    The detail instruction in Reset Button Recovery procedures for non-working devices (e.g. after a failed firmware upgrade flash): Please follow the steps, the router’s emergency-reflash web interface will then be accessible via http://192.168.1.1 where you can upload a firmware image to restore the router to a functional state. Please note that the router will only respond with its web interface at this address (192.168.1.1), and will not respond to ping request from your PC or other telnet operations.

  • Page 12: Chapter 3: Basic Installation

    Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Windows, Linux, Mac OS, etc. The product provides an easy and user-friendly interface for configuration. PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub, and have TCP/IP installed and configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router.

  • Page 13: Installation Reference

    Installation Reference IMPORTANT: It is recommended to put the Gigabit PoE Injector on an UPS or Surge Protector. Use the supplied grounding wire to ground your BiPAC 4700ZU/ 4700ZUL ODU is REQUIRED! I. Grounding the BiPAC 4700ZU/ 4700ZUL...
  • Page 14 II. Insert SIM card 1. Unscrew the cap of SIM card slot. 2. Slide the SIM card with the mental contacts (gold plate) facing down to the SIM slot then push it all the way in until you hear the clicking sound. 3.
  • Page 15 Data+Power port. Connect another Ethernet cable (RJ-45) directly to the Data port and the other end of cable to a switch or broadband router. IMPORTANT: It is recommended to put the Gigabit PoE Injector on an UPS or Surge Protector. Use the supplied grounding wire to ground your BiPAC 4700ZUL ODU is REQUIRED!

  • Page 16: Cabling

    Cabling One of the most common causes of problems is bad cabling. Make sure that all connected devices are turned on. On the front panel of the product is a bank of LEDs. Verify that the LAN Link and LEDs are lit.

  • Page 17: Default Settings

    Default Settings Before configuring the router, you need to know the following default settings. Web Interface: (Username and Password) Username: admin Password: admin The default username and password are admin and admin respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds then release it to restore the factory default settings.

  • Page 18: Information From Your Isp

    Information from Your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) what kind of service is provided such as 4G/LTE or EWAN(Dynamic IP address, Static IP address, PPPoE Mode).

  • Page 19: Chapter 4: Device Configuration

    Chapter 4: Device Configuration Login to your Device Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click Go, a user name and password window prompt appears. The default username and password is admin and admin respectively for the Administrator. Congratulations! You have successfully logged on to your Industrial LTE Router ! Once you have logged on to your Industrial LTE Router via your web browser, you can begin to set it up according to your requirements.
  • Page 20 Status(Device Info, System Status, System Log, 4G/LTE Status, Statistics, DHCP Table, IPSec Status, PPTP Status, L2TP Status, GRE Status, OpenVPN Status, ARP Table, VRRP Status) Quick Start (Wizard Setup) Configuration (Interface Setup, Advanced Setup, VPN, Access Management, Maintenance) Please see the relevant sections of this manual for detailed instructions on how to configure your gateway.

  • Page 21: Status

    Status In this section, you can check the router working status, including Device Info, System Status, System Log, 4G/LTE Status, Statistics, DHCP Table, IPSec Status, PPTP Status, L2TP Status, GRE Status, OpenVPN Status, ARP Table, VRRP Status.

  • Page 22: Device Info

    Device Info It contains basic information of the device. Device Information Model Name: Show model name of the router Firmware Version: This is the Firmware version MAC Address: This is the MAC Address Date Time: The current date and time. System Up Time: The duration since system is up.

  • Page 23: System Status

    System Status System status displays the current system (CPU and Memory) loading. CPU Usage: To show the current CPU Usage. Memory Total: To show the total memory of the system in KB. Memory Free: To show the current free memory or avalavle memory in KB. Memory Cached: To show the cache memory in KB.

  • Page 24: System Log

    System Log In system log, you can check the operations status and any glitches to the router. Refresh: Press this button to refresh the statistics. Backup: Back up the current system log file and save it to your computer.

  • Page 25: 4G/Lte Status

    4G/LTE Status This page contains 4G/LTE connection information. Status: The current status of the 4G/LTE connection. Signal Strength: The signal strength bar and dBm value indicates the current 4G/LTE signal strength. The front panel 4G/LTE Signal Strength LED indicates the signal strength as well. Signal Information: Shows important LTE signal parameters such as RSRP (Reference Signal Receiving Power), RSRQ (Reference Signal Receiving Quality), SINR (Signal to Interference plus Noise Ratio).
  • Page 26 Billing period: The lasting days since the biling begins each month(the beginning day counted). Clean: To clear the usage statistics. Save: Press to save the usage statistics to FLASH, else the usage will be cleared after reboot. Refresh: Press this button to refresh the statistics.

  • Page 27: Statistics

    Statistics  4G/LTE Interface: List all available network interfaces in the router. You are currently checking on the physical status of 4G/LTE interface. Transmit Frames of Current Connection: This field displays the total number of 4G/LTE frames transmitted until the latest second for the current connection. Transmit Bytes of Current Connection: This field shows the total bytes transmitted till the latest second for the current connection for the current connection.
  • Page 28  Ethernet Interface: List all available network interfaces in the router. You are currently checking on the physical status of the Ethernet port. Transmit Frames: This field displays the number of frames transmitted until the latest second. Transmit Multicast Frames: This field displays the number of multicast frames transmitted until the latest second.

  • Page 29: Dhcp Table

    DHCP Table DHCP table displays the devices connected to the router with clear information. Index: The index identifying the connected devices. Host Name: Show the hostname of the PC. IP Address: The IP allocated to the device. MAC Address: The MAC of the connected device. Expire Time: The total remaining interval since the IP assignment to the PC.

  • Page 30: Ipsec Status (Bipac 4700Zu Only)

    IPSec Status (BiPAC 4700ZU only) Index: The IPSec tunnel index number. Action: Connect or Drop the connection. Connection Name: User-defined IPSes VPN connection name. Active: Show if the tunnel is active for connection. Connection State: Show the IPSec phase 1 and phase 2 connecting status. Statistics: Display the upstream/downstream traffic per session in KB.

  • Page 31: Pptp Status (Bipac 4700Zu Only)

    PPTP Status (BiPAC 4700ZU only) Index: The PPTP server tunnel index number. Connection Name: Show user-defined PPTP VPN connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Connection Type: Remote Access or LAN to LAN. Assigned IP Address: Show the IP assigned to the client by PPTP Server.

  • Page 32: L2Tp Status (Bipac 4700Zu Only)

    L2TP Status (BiPAC 4700ZU only) Index: The L2TP tunnel index number. Connection Name: Display the user-defined L2TP connection name. Active: Show if the tunnel is active for connection. Connection State: Show the connecting status. Connection Mode: The L2TP mode is dialin or dialout. Connection Type: Remote Access or LAN to LAN.

  • Page 33: Gre Status (Bipac 4700Zu Only)

    GRE Status (BiPAC 4700ZU only) Index: The GRE tunnel index number. Connection Name: Display the user-defined GRE connection name. Active: Show if the tunnel is active for connection. Remote Gateway IP: The IP of the remote GRE gateway. Remote Network: Display the remote network. Refresh: Click this button to refresh the connection status.

  • Page 34: Openvpn Status (Bipac 4700Zu Only)

    OpenVPN Status (BiPAC 4700ZU only) Index: The index to identify the OpenVPN connection/rule. Connection Name: User-defined name to mark the connection/rule. Active: Yes or no to demosntrate the rule is active or not. Service Port: Show the service port/protocl. Tunnel Network: The virtual tunnel subnet of the server. Status: The status of the rule.

  • Page 35: Arp Table

    ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of IP addresses to Ethernet MAC addresses. Index: The Index of the ARP rule item. IP Address: Shows the IP Address of the device that the MAC address maps to. MAC Address: Shows the MAC address that is corresponded to the IP address of the device it is mapped to.

  • Page 36: Vrrp Status

    VRRP Status Show the VRRP status. Current Status: Show VRRP current status, Master or Backup. Current Master: Show the IP address of current master.

  • Page 37: Quick Start

    Quick Start This is a useful and easy utility to help you to setup the router quickly and to connect to your ISP (Internet Service Provider) with only a few steps. It will guide you step by step to setup password, time zone, and WAN settings of your device.
  • Page 38 Input all relevant 3G/4G-LTE parameters from your ISP. 3.2 If selected EWAN If selected PPPoE, please enter PPPoE account information provided by your ISP. Click Next to continue. Or, others protocol assigned by your ISP. If selected Dynamic IP Address, click Next to continue. Or, others protocol assigned by your ISP. Step 4 –...

  • Page 40: Configuration

    Configuration Click to access and configure the available features in the following: Interface Setup, Advanced Setup, VPN, Access Management, and Maintenance. These functions are described in the following sections.

  • Page 41: Interface Setup

    Interface Setup Here are the features under Interface Setup: Internet, LAN and Loopback.

  • Page 42: Internet

    Internet  4G/LTE Status: Choose Activated to enable the 3G/4G-LTE connection. Usage Allowance: to control 4G/LTE flow, click it to further configure about 4G/LTE flow control, refer to the following Usage Allowance for more information. LTE PCI Lock: Choose whether to lock to a specified PCI(Physical Cell Identifier). Users must know the target PCI or else ignore this setting.
  • Page 43 APNs varies between different service providers. Most service providers have an internet portal which they use to connect to a DHCP Server, thus giving you access to the internet i.e. some 3G operators use the APN ‘internet’ for their portal. The default value is internet. PDN Type: Select the supported IP version, IPv4, Both IPv4/IPv6 or IPv6 only.
  • Page 44 LTE PCI Lock: If an advanced user wants to lock to a designated PCI, please set the physical cell ID here. PLMN Selection: PLMN(Public Land Mobile Network) is a network that is established and operated by a mobile service provider. Each operator providing mobile services has its own PLMN identified by PLMN ID( MCC / MNC, digital sequence, no more than 6 digits) which is made up of MCC(Mobile Country Code) and MNC(Mobile Network Code).

  • Page 45: Lan

    A Local Area Network (LAN) is a shared communication system to which many computers are attached and is limited to the immediate area, usually the same building or floor of a building.
  • Page 46 IPv4 Parameters IP Address: Enter the IP address of Router in dotted decimal notation, for example, 192.168.1.254 (factory default). IP Subnet Mask: The default is 255.255.255.0. User can change it to other such as 255.255.255.128. Alias IP Address: This is for local networks virtual IP interface. Specify an IP address on this virtual interface.
  • Page 47 Physical Ports: To determine which port(s) is/are subject to the DHCP address assignment by DHCPv4 server. DNS Relay Select Automatically obtained or Manually set (if selected. Please set the exactly information). Primary DNS Server: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask.
  • Page 48 link, while hosts generate an interface identifier that uniquely identifies an interface on a subnet. An address is formed by combining the two. When using stateless configuration, you needn’t configure anything on the client. Stateful configuration, for example using DHCPv6 (which resembles its counterpart DHCP in IPv4.) In the stateful auto configuration model, hosts obtain interface addresses and/or configuration information and parameters from a DHCPv6 server.

  • Page 49: Loopback

    Loopback Lookback interface is a widely known virtual interface on routers which is highly robust and always up, not like physical interfaces which disconnect every now and then. The lookback interface can have its own IP and subnet mask. It is often used for router management as Telnet management IP and involved in BGP as BGP Update-Source, involved in OSPF as Router ID.

  • Page 50: Advanced Setup

    Advanced Setup Advanced Step provides advanced features including Firewall, Routing, Dynamic Routing, NAT, VRRP, Static DNS, Time Schedule and Mail Alert for advanced users.

  • Page 51: Firewall

    Firewall Your router includes a firewall for helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation) the router acts as a natural Internet firewall, since all PCs on your LAN use private IP addresses that cannot be directly accessed from the Internet. Firewall: To automatically detect and block Denial of Service (DoS) attacks, such as Ping of Death, SYN Flood, Port Scan and Land Attack.

  • Page 52: Routing

    Routing This is static route feature. You are equipped with the capability to control the routing of all the traffic across your network. With each routing rule created, user can specifically assign the destination where the traffic will be routed to. Index: Item number Destination IP Address: IP address of the destination network Subnet Mask: The subnet mask of destination network.

  • Page 53: Dynamic Routing

    Dynamic Routing OSPF Open Shortest Path First (OSPF) is a most widely used interior gateway protocil (IGP) for Internet Protocol (IP) networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF allows collections of rotuers to be grouped together.
  • Page 54 Border Gateway Protocol (BGP) is a standardized exterior gateway protocol (an uniquely TCP basded inter-Autonomous System routing protocol) designed to allow setting up an inter-domain dynamic routing system that automatically updates routing tables of devices running BGP in case of network topology changes.

  • Page 55: Nat

    The NAT (Network Address Translation) feature transforms a private IP into a public IP, allowing multiple users to access the internet through a single IP account, sharing the single IP address. NAT break the originally envisioned model of IP end-to-end connectivity across the internet so NAT can cause problems where IPSec/ PPTP encryption is applied or some application layer protocols such as SIP phones are located behind a NAT.
  • Page 56 Note: This feature disables automatically if WAN connection is in BRIDGE mode. The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.
  • Page 57 Virtual Server Note: This feature disables automatically if WAN connection is in BRIDGE mode. The device can be configured as a virtual server so that remote users accessing services such as Web or FTP services via the public (WAN) IP address can be automatically redirected to local servers in the LAN network.
  • Page 58 Examples of well-known and registered port numbers are shown below. For further information, please see IANA’s website at http://www.iana.org/assignments/port-numbers Well-known and Registered Ports Port Number Protocol Description FTP Control TCP & UDP SSH Remote Login Protocol Telnet SMTP (Simple Mail Transfer Protocol) TCP &...
  • Page 59 Example: How to setup Port Forwarding for port 21 (FTP server) If you have a FTP server in your LAN network and want others to access it through WAN. Step 1: Assign a static IP to your local computer that is hosting the FTP server. Step 2: Login to the Gateway and go to Configuration / Advanced Setup / NAT / Virtual Server.

  • Page 60: Static Dns

    Static DNS The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

  • Page 61: Time Schedule

    Time Schedule The Time Schedule supports up to 16 timeslots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board;...

  • Page 62: Mail Alert

    Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occurred to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained.

  • Page 63: Vpn (Bipac 4700Zu Only)

    (BiPAC 4700ZU only) A Virtual Private Network (VPN) is a private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures such as encryption.

  • Page 64: Ipsec

    IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
  • Page 65 IPSec Connection Setting Connection Name: A given name for the connection (e.g. connection to office). Active: Select Yes to activate the tunnel. Interface: Select the set used interface for the IPSec connection, when you select 3G/4G-LTE interface, the IPSec tunnel would via this interface to connect to the remote peer. Remote Gateway IP: The WAN IP address of the remote VPN gateway that is to be connected, establishing a VPN tunnel.
  • Page 66  Subnet: The subnet of the local network, for establishing an IPSec tunnel between a pair of security gateways (network-to-network), If the remote peer is a network, select Subnet. IPSec Phase 1(IKE) IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations(SA).
  • Page 67 Use ESP for greater security so that data will be encrypted and the data origin be authenticated but using AH data origin will only be authenticated but not encrypted. Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options: DES and AES (128, 192 and 256).
  • Page 68 Please be noted, it must be enabled on the both sites. PING to the IP: It is able to IP Ping the remote PC with the specified IP address and alert when the connection fails. Once alter message is received, Router will drop this tunnel connection. Reestablish of this connection is required.
  • Page 69 Example: How to establish an IPSec Tunnel 1. LAN-to-LAN connection Two VPN router want to setup a secure IPSec VPN tunnel Note: The IPSec Settings shall be consistent between the two routers.
  • Page 70 Head Office Side: Item Description Connection Name H-to-B Name for IPSec tunnel Remote Secure Gateway 69.121.1.30 IP address of the Branch office gateway Access Netork Local Access Range Subnet Head Office network Local Netwrok IP Address 192.168.1.0 Local Netwrok Netmask 255.255.255.0 Remote Access Range Subnet...
  • Page 71 Branch Office Side: Item Description Connection Name B-to-H Name for IPSec tunnel Remote Secure Gateway 69.121.1.3 IP address of the Branch office gateway Access Netork Local Access Range Subnet Head Office network Local Netwrok IP Address 192.168.0.0 Local Netwrok Netmask 255.255.255.0 Remote Access Range Subnet...
  • Page 72 2. Host to LAN Router servers as VPN server, and host should install the IPSec client to connect to head office through IPSec VPN.
  • Page 73 Head Office Side: Item Description Connection Name H-to-H Name for IPSec tunnel Remote Secure Gateway 69.121.1.30 IP address of the Branch office gateway Access Netork Local Access Range Subnet Head Office network Local Netwrok IP Address 192.168.1.0 Local Netwrok Netmask 255.255.255.0 Remote Access Range Signal IP...

  • Page 74: Pptp Server

    PPTP Server The Point-to-Point Tunneling Protocol (PPTP) is a Layer2 tunneling protocol for implementing virtual private networks through IP network. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, and Microsoft CHAP V1/V2 . The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2.
  • Page 75 Username: Please input the username for this account. Password: Please input the password for this account. Connection Type: Select Remote Access for single user, Select LAN to LAN for remote gateway. Private IP Address Assigned to Dial-in User: Specify the private IP address to be assigned to dialin clients, and the IP should be in the same subnet as local LAN, but not occupied.

  • Page 76: Pptp Client

    PPTP Client PPTP client can help you dial the PPTP server to establish PPTP tunnel over Internet. A total of 4 sessions can be created for PPTP client. Rule Index: The Index to mark the session. Connection Name: User-defined name for the PPTP connection. Active: Select Yes to activate the account.
  • Page 77 Active as Default Route: Check to select the tunnel as the default route for traffic. If selected, all outgoing traffic will be forwarded to this tunnel and routed to the next hop. Click Save button to save your changes.
  • Page 78 Example: PPTP LAN-to-LAN connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly. Note: Both office LAN networks must be in different subnets with the LAN-LAN application.
  • Page 79 Configuring PPTP server in the head office The IP address 192.168.1.2 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Description Connection Name HS-LL Give a name of PPTP conneciton Authentication Type MPPE 128bit...
  • Page 80 Configuring PPTP client in the branch office The IP address 69.121.1.33 is the public IP address of the router located in head office. Item Description Connection Name BC-LL Give a name of PPTP conneciton Authentication Type MPPE 128bit Authentication type Username test Dial in authenticate user name...
  • Page 81 Example: PPTP Remote Access Dial-in connection A remote worker establishes a PPTP VPN connection with the head office using Microsoft's VPN Adapter. The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 82 Configuring PPTP server(dial-in) in the office The input IP address 192.168.1.2 will be assigned to the remote worker. Please make sure this IP is not used in the office LAN. Item Description Connection Name HS-RA Give a name of L2TP conneciton Authentication Type MPPE 128bit Authentication type...
  • Page 83 Example: PPTP Remote Access Dial-out connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
  • Page 84 Configuring PPTP client(dial-out) in the office The IP address 61.121.1.33 is the public IP address of the router located in head office. Item Description Connection Name HC-RA Give a name of PPTP conneciton Authentication Type MPPE 128bit Authentication type Username test Dial in authenticate user name Passwrod...

  • Page 85: L2Tp

    L2TP L2TP, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide. Note: 8 sessions for dial-in connections and 8 sessions for dial-out connections Rule Index: The Index to mark the session.
  • Page 86 server. The IP should be in the same subnet as local LAN, and should not be occupied. Connection Mode: Choose Dial Out if you want your router to operate as a client (connecting to a remote L2TP Server, e.g, your office server). Server IP Address: Enter the IP address of your VPN Server.
  • Page 87 Active as Default Route: Enabled to let the tunnel to be the default route for traffic, under this circumstance, all packets will be forwarded to this tunnel and routed to the next hop. L2TP over IPSec IPSec: This enables L2TP tunnel over IPSec IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations(SA).
  • Page 88 Example: L2TP LAN-to-LAN connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Note: Both office LAN networks must be in different subnets with the LAN-LAN application.
  • Page 89 Configuring L2TP Dial-in in the head office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Description Connection Name HS-LL Give a name of L2TP conneciton Connection Mode Dial in...
  • Page 90 Configuring L2TP Dial-out in the branch office The IP address 69.1.121.33 is the Public IP address of the router located in head office. Item Description Connection Name BC-LL Give a name of L2TP conneciton Connection Mode Dial out Operate as L2TP client Server IP 69.121.1.33 Dialed server IP...
  • Page 91 Example: L2TP Remote Access Dial-in connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter. The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 92 Configuring L2TP VPN Dial-in in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Item Description Connection Name HS-RA Give a name of L2TP conneciton Connection Mode Dial in Operate as L2TP server...
  • Page 93 Example: L2TP Remote Access Dial-out connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
  • Page 94 Configuring L2TP VPN Dial-out in the office Item Description Connection Name HC-RA Give a name of L2TP conneciton Connection Mode Dial out Operate as L2TP client Server IP 61.121.1.33 Dialed server IP Authentication Type Chap/Pap Authentication type Username test Dial out authenticate user name Passwrod test Dial out authenticate user password...

  • Page 95: Gre Tunnel

    GRE Tunnel Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocol packets inside virtual point-to-point links over an IP network. Note: up to 16 tunnels can be added. Rule Index: The Index to mark the session. Connection Name: User-defined name for the connection.
  • Page 96 Keepalive Interval: Set the keepalive Interval, unit in seconds. Default is 5 seconds. MTU: Maximum Transmission Unit. Active as Default Route: Select if to set the GRE tunnel as the default route. GRE over IPSec IPSec: This enables GRE tunnel over IPSec IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters and keys between IPSec peers to establish security associations(SA).
  • Page 97 Example: GRE VPN Connection The branch office establishes a GRE VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Note: Both office LAN networks must be in different subnets with the GRE VPN connection.
  • Page 98 Configuring GRE connection in the head office The IP address 69.1.121.30 is the Public IP address of the router located in branch office. Item Description Connection Name HS-LL Give a name of GRE conneciton Remote Gateway IP 69.121.1.30 Authentication type Tunnel Local IP Address The local virtual interface IP address for 192.168.100.11...
  • Page 99 Configuring GRE connection in the branch office The IP address 69.1.121.3 is the Public IP address of the router located in head office. Item Description Connection Name BC-LL Give a name of GRE conneciton Remote Gateway IP 69.121.1.3 Authentication type Tunnel Local IP Address The local virtual interface IP address for 192.168.100.10...

  • Page 100: Openvpn Server

    OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
  • Page 101 Netmask: Set the tunnel virtual subnet mask. Local Access Range IP Address: Set the local network address. Netmask: Set the local subnet mask. Protocol: OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports. Select the protocol. Local Certificate Index: Select the local certificate.

  • Page 102: Openvpn Client

    OpenVPN Client The settings of the OpenVPN client should match what’s set on the server side. Note: up to 4 tunnels can be added. Rule Index: The index to identify the OpenVPN connection/rule. Connection Name: user-defined name to mark the connection/rule. Active: Select Yes to activate the rule.
  • Page 103 Cipher: OpenVPN uses all the ciphers available in the OpenSSL package to encrypt both the data and channels. Select the encryption method. Hash: To establish the integrity of the datagram and ensures it is not tampered with in transmission. There are options: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5.
  • Page 104 Example: OpenVPN VPN Connection The branch office establishes a OpenVPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Note: Both office LAN networks must be in different subnets with the OpenVPN connection.
  • Page 105 Configuring OpenVPN server in the head office The IP address 69.1.121.30 is the Public IP address of the router located in branch office. The OpenVPN tunnel netwrok virtual interface is 192.168.100.0/24. Item Description Connection Name HS-LL Give a name of GRE conneciton Tunnel Network 192.168.100.0/ The network for tunnel virtual interface.
  • Page 106 Configuring OpenVPN client in the branch office The IP address 69.1.121.3 is the Public IP address of the router located in head office. Item Description Connection Name BC-LL Give a name of GRE conneciton Server IP Address 69.121.1.3 The IP address of OpenVPN server. 192.168.0.0/ Remote Subnet The remote network.

  • Page 107: Access Management

    Access Management Access Management equipments the users with the ability of maintaining the access management, including Device Management, SNMP, Remote Syslog, Universal Plug & Play, Dynamic DNS, Access Control, Packet Filter, CWMP(TR-069) and Parental Control.

  • Page 108: Device Management

    Device Management Device Host Name: Host Name: Set the hostname for the device. Embedded Web Server: HTTP Port: The HTTP Port number, change if needed. HTTPS Port: The HTTPS Port number, change if needed. HTTPS Server Certificate Index: Choose the server security certificate. Users need to upload the certificate for the https server.

  • Page 109: Snmp

    SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. M100 serves as a SNMP agent which allows a manager station to manage and monitor the router through the network.

  • Page 110: Remote Syslog

    Remote Syslog Remote System Log is designed to keep remote administrators informed of the system-operating information. Administrator can set up a remote system log server for receiving and monitoring the system information by enabling remote system log feature on the router. Remote System Log: Select whether to activate Remote System Log.

  • Page 111: Universal Plug & Play

    Universal Plug & Play UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.

  • Page 112: Dynamic Dns

    Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your internet connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
  • Page 113 Example: How to register a DDNS account Note: First users have to go to the Dynamic DNS registration service provider to register an account. User test1 register a Dynamic Domain Names in DDNS provider http://www.dyndns.org/ DDNS: www.hometest.com using username/password test/test...

  • Page 114: Access Control

    Access Control Access Control Listing allows you to determine which services/protocols can access M100 interface from which computers. It is a management tool aimed to allow IPs (set in secure IP address) to access specified embedded applications (Web, etc, user can set) through some specified interface (LAN, WAN or both).
  • Page 115 By default, the Access Control has two default rules. Default Rule 1: (Index 0), a rule to allow only clients from LAN to have access to all embedded applications (Web, FTP, etc). Under this situation, clients from WAN cannot access the router even from Ping.

  • Page 116: Packet Filter

    Packet Filter You can filter the packages by MAC address, IP address, Protocol, Port number and Application or URL.  Packet Filter - IP & MAC Filter Packet Filter Filter Type: There are three types IP & MAC Filter and URL Filter that user can select for this filter rule.
  • Page 117 Source Subnet Mask: Enter the subnet mask of the source network. Source Port Number: The source port number of packets to be monitored. 0 means Don’t care. Destination IP Address: The destination IP address of packets to be monitored. 0.0.0.0 means Don’t care.
  • Page 118  Packet Filter - URL Filter URL Filter: Select Activated to enable URL Filter. URL Filter Rule Index: This is item number. Individual Active: To give control to the specific URL access individually, for example, you want to prohibit access to www.yahoo.com, please first press Activated in URL Filter field, and also Yes in Individual Active field;...

  • Page 119: Cwmp (Tr-069)

    CWMP (TR-069) CWMP, short for CPE WAN Management Protocol, also called TR069 is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. It defines an application layer protocol for remote management of end-user devices.
  • Page 120 Periodic Inform Config Periodic Inform: Select Activated to authorize the router to send an Inform message to the ACS automatically. Interval(s): Specify the inform interval time (sec) which CPE used to periodically send inform message to automatically connect to ACS. When the inform interval time arrives, the CPE will send inform message to automatically connect to ACS.

  • Page 121: Parental Control

    Parental Control Parental Control provides Web content filtering offering safer and more reliable web surfing for users. Please get an account and configure at the selected Provider “www.opendns.com” in advance. If activated, the Parental Control has the top priority as DNS when accessing internet. Host Name, Username and Password: Enter your registered domain name and your username and password at the provider website www.opendns.com.

  • Page 122: Maintenance

    Maintenance Maintenance equipments the users with the ability of maintaining the device as well as examining the connectivity of the WAN connections, including User Management, Certificate Management, Time Zone, Firmware & Configuration, System Restart, Auto Reboot and Diagnostic Tool.

  • Page 123: User Management

    User Management User Management controls the Router Web GUI permission to the specific account. In factory setting, the default accounts are admin/admin. The default root account admin has been authorized to web access of router.
  • Page 124  Admin / Admin admin/admin is the root account provided by our router. Login using the Administrator account, you will have the full accessibility to manage & control your gateway device and can also create user accounts for others to control some of the open configuration settings.
  • Page 125  Adding additonal user accounts User Setup Index: User account index. User Name: Users can create account(s) to give it (them) access to router. New Password: Type the password for the user account. Confirmed Password: Type password again for confirmation. Web GUI Permission Guest Account: A pre-set guest account setting granted with Interface Setup, Advanced Setup, Access Management and Maintenance access.

  • Page 126: Certificate Management

    Certificate Management OpenVPN mutually authenticate each other based on Local Certificate and Trusted CA. Local Certificate Listing Edit certificate: Click , move to Local Certificate editing page. Index: To identify the local certificate. 2 certificates supported. Certificate Name: User-defined certificate name. PKCS12: Every certificate is accompanied by a private key.
  • Page 127 (Upload the certificate file.) Certificate File: Browse to locate the target certificate file on PC before uploading it. (Upload the private key file.) Private Key File: Browse to locate the target file on PC before uploading it. Click Save to submit the settings. Trusted CA Listing Edit certificate: Click , move to Trusted CA editing page.

  • Page 128: Time Zone

    Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone. After a successful connection to the Internet, the router will retrieve the correct local time from the SNTP server you have specified.

  • Page 129: Firmware & Configuration

    Firmware & Configuration Firmware is the software that controls the hardware and provides all functionalities which are available in the GUI. This software may be improved and/or modified; your M100 provides an easy way to update the code to take advantage of the changes. . To upgrade the firmware of M100, you should download or copy the firmware to your local environment first.
  • Page 130 DO NOT turn off / power off the device or interrupt the firmware upgrading while it is still in process. Improper operation could damage your Industrial LTE Router.

  • Page 131: System Restart

    System Restart Click System Restart with option Current Settings to reboot your router. If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to restore to factory default settings.

  • Page 132: Auto Reboot

    Auto Reboot Auto reboot offers flexible rebooting service (reboot with the current configuration) of router for users in line with scheduled timetable settings Enable to set the time schedule for rebooting. For example, the router is scheduled to reboot at 22:00 every single weekday, and to reboot at 9:00 on Saturday and Sunday.

  • Page 133: Diagnostics Tool

    Diagnostics Tool The Diagnostic Test page shows the test results for the connectivity of the physical layer and protocol layer for both LAN and WAN sides. 4G/LTE: Click Start to begin to diagnose the connection. Click Start Trace Route to begin to trace routing path.

  • Page 135: Chapter 5: Troubleshooting

    Chapter 5: Troubleshooting If your M100 is not functioning properly, you can refer to this chapter for simple troubleshooting before contacting your service provider support. This can save you time and effort but if symptoms persist, consult your service provider. Problems with the Router Problem Suggested Action...
  • Page 136 - The front LEDs display incorrectly Before starting recovery process, please configure - Still cannot access to the router the IP address of the PC as 192.168.1.100 and management interface after pressing the proceed with the following step-by-step guide. RESET button. 1.

  • Page 137: Appendix: Product Support & Contact

    Appendix: Product Support & Contact If you come across any problems please contact the dealer from where you have purchased the product. Contact Billion WORLDWIDE http://www.billion.com/ MAC OS is a registered Trademark of Apple Computer, Inc. Windows XP/ Vista/ 7/ 8/ 8.1/ 10 are registered Trademarks of Microsoft Corporation.
  • Page 138 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

This manual is also suitable for:

Bipac 4700zu

Table of Contents