Page 1: User Manual
BiPAC 7404VNOX /VNPX 3G/VoIP/802.11n ADSL2+ (VPN) Firewall Router User Manual Version release: 1.24 (6.24b.dm2) Last Revised: July 04, 2012...
Page 2: Table Of Contents
Table of Contents Chapter 1: Introduction ........................1 Introduction to your Router ......................1 Features ............................1 Chapter 2: Installing the Router ......................5 Important note for using this router....................5 Package Contents .........................5 Device Description.........................6 The Front LEDs ........................6 The Rear Ports........................7 Cabling ............................8 Chapter 3: Basic Installation ........................9 Connecting Your Router ......................10 Network Configuration .........................11...
Page 3 Wi-Fi Network Setup .......................52 Port Setting ........................65 DHCP Server ........................66 WAN - Wide Area Network....................67 WAN Interface.........................67 WAN Profile ........................70 ADSL Mode........................90 System ..........................91 Time Zone........................91 Remote Access.......................92 Firmware Upgrade ......................92 Backup / Restore ......................93 Restart Router.........................94 User Management ......................95 Mail Alert .........................97 Firewall and Access Control....................98 General Settings ......................99...
Page 4: Chapter 1: Introduction
Chapter 1: Introduction Introduction to your Router Welcome to the 3G/VoIP/ 802.11n ADSL2+ (VPN) Firewall Router. The router is an “all-in-one” ADSL router, combining an ADSL modem, ADSL router and Ethernet network switch functionalities, providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection.
Page 5 Multi-Protocol to Establish a Connection It supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation overATM (bridged or routed), PPP over Ethernet (RFC 2516), and IPoA (RFC1577) to establish a connection with the ISP. The product also supports VC-based and LLC-based multiplexing. Quick Installation Wizard It supports a WEB GUI page to install this device quickly.
Page 6 IPv6 supported Internet Protocol version 6 (IPv6) is a version of the Internet Protocol that is designed to succeed IPv4. IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2128 (about 3.4×1038) addresses.
Page 7 It supports flexible management interfaces with local console port, LAN port, and WAN port. Users can use terminal applications through the console port to configure and manage the device, or Telnet, WEB GUI, and SNMP through LAN or WAN ports to configure and manage the device. Virtual Private Network (VPN) It allows user to make a tunnel with a remote site directly to secure the data transmission among the connection.
Page 8: Chapter 2: Installing The Router
Chapter 2: Installing the Router Important note for using this router Package Contents 3G/VoIP/802.11n ADSL2+ (VPN) Firewall Router CD-ROM containing the online manual RJ-11 ADSL/telephone cable Ethernet (RJ-45) cable PS2-RS 232 console cable Power adapter Three 2dBi detachable antennas Quick Start Guide Splitter / Micro-filter (optional)
Page 9: Device Description
Device Description The Front LEDs Meaning Both red and green LEDs lit together when power is ON. Lit red means system failure. Power Restart the device or contact support. Lit green when the device is ready. Lit when one of the LAN ports is connected to an Ethernet device. Ethernet Lit green when transmission rate hits 1000Mbps, 1x - 4x...
Page 10: The Rear Ports
The Rear Ports Port Meaning Antenna Connect the detachable antenna to this port. Connect this port to the ADSL/telephone network with the RJ- 11 cable (telephone) provided. Line Connect this port to the telephone jack on the wall with RJ-11 cable.
Page 11: Cabling
Cabling One of the most common causes of problem is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front panel of your router is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify if you are using the proper cables. Make sure that all devices (e.g.
Page 12: Chapter 3: Basic Installation
Chapter 3: Basic Installation The router can be configured through your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 7/98/NT/2000/XP/Me/Vista, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC network components.
Page 13: Connecting Your Router
Connecting Your Router 1. Connect this router to a LAN (Local Area Network) and the ADSL/telephone (ADSL) net work. 2. Power on the device. 3. Make sure the Power LED lit steadily and that the LAN LED is lit. 4. Connect your router to the telephone jack on the wall with RJ-11 cable. 5.
Page 14: Network Configuration
Network Configuration Configuring PC in windows 7 1. Go to Start. Click on Control Panel. Then click on Network and Internet. 2. When the Network and Sharing Center window pops up, select and click on Change adapter settings on the left window panel.
Page 15 4. Select Internet Protocol Version 4 (TCP/IPv4), then click Properties. 5. In the TCP/IPv4 properties window, select the Obtain an IP address automatically Obtain Server address automatically radio buttons. Then click OK to exit the setting. 6. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Page 16: Configuring Pc In Windows Vista
Configuring PC in Windows Vista Go to Start. Click on Network. Then click on Network and Sharing Center at the top bar. 3. When the Network and Sharing Center window pops up, select and click Manage network connections on the left window column.
Page 17 Select Internet Protocol Versio4 (TCP/IPv4) then click Properties. 6. In the TCP/IPv4 properties window, select the Obtain an IP address automatically and Obtain DNS Server address automatically radio but- tons. Then click OK to exit the set- ting. 7. Click OK again in the Local Area Connection Properties window to apply the new configuration.
Page 18: Configuring Pc In Windows Xp
Configuring PC in Windows XP Go to Start > Control Panel (in Classic View). In the Control Panel, double-click on Network Connections. Double-click Local Area Connection. 3. In the Local Area Connection Status window, click Properties. Select Internet Protocol (TCP/IP) and click Properties.
Page 19: Configuring Pc In Windows 2000
Configuring PC in Windows 2000 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and Dial-up Connections. 2. Double-click Local Area Connection. 3. In the Local Area Connection Status window click Properties. 4. Select Internet Protocol (TCP/IP) and click Properties.
Page 20: Configuring Pc In Windows 95/98/Me
Configuring PC in Windows 95/98/Me 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network choose Configuration tab. 2. Select TCP/IP > NE2000 Compatible, name your Network Interface Card (NIC) in your PC. 3. Select the Obtain an IP address automatically radio button.
Page 21: Configuring Pc In Windows Nt4.0
Configuring PC in Windows NT4.0 1. Go to Start > Settings > Control Panel. In the Control Panel, double-click on Network and choose the Protocols tab. 2. Select TCP/IP Protocol and click Properties. 3. Select the Obtain an IP address from a DHCP server radio button and click...
Page 22: Factory Default Settings
Factory Default Settings Before configuring your router, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. Device LAN IP settings IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 ISP setting in WAN site PPPoE...
Page 23: Information From Your Isp
Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) or PPPoE. Gather the information as illustrated in the following table and keep it for reference.
Page 24: Configuring With Your Web Browser
Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin” and “admin” respectively. (See Figure 3.14) Figure 3.14: User name &...
Page 25: Chapter 4: Configuration
Chapter 4: Configuration At the configuration homepage, the left navigation column provides you the link to each configuration page. The category of each configuration page is listed as below. Status ADSL Table 3G Status EWAN Status iBurst Status ARP Table DHCP Table Routing Table NAT Sessions...
Page 26: Status
Status ADSL Status This section displays the ADSL overall status, which shows a number of helpful information such as DSP firmware version.
Page 27: 3G Status
3G Status This section displays the 3G Card’s overall status, which shows you a number of helpful information such as the current signal strength and statistics on current and total bytes transferred and received. Status: The current status of the 3G card. Signal Strength: The signal strength bar indicates current 3G signal strength.
Page 28: Ewan Status
Total Connection Time: The cumulative connection time. Amount used: Show the traffic or hours has been used. Billing period: The day from which the fee is charged. Note: Only after you have checked to enable Usage Allowance , the following information will be shown.
Page 29: Iburst Status
iBurst Status Displays additional information of the 3G status when iBurst function is enabled in the 3G configuration such as its signal strength, card name, connection status and port class Ethernet. Card Name: The name of the card. Signal Strength: The signal strength bar indicates the current signal strength. Current TX Bytes / Packets: The statistics of data transmission in bytes / packets during a call.
Page 30: Arp Table
ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall –...
Page 31: Leased Table
Leased Table IP Address: The IP address that assigned to client. MAC Address: The MAC address of client. Client Host Name: The Host Name (Computer Name) of client. Expiry: The current lease time of client.
Page 32: Routing Table
Routing Table Routing table displays information of both the routing table and the RIP Routing table in terms of the destination of the network ID, the cost of the path the ID is to be sent, the gateway information and the netmask information. Routing Table Valid: It indicates a successful routing status.
Page 33: Nat Sessions
NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN). UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play. See Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options.
Page 34: Pptp Status
PPTP Status This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active. Tunnel Connected: Whether the VPN Tunnel is currently connected.
Page 35: Ipsec Status
IPSec Status This shows details of your configured IPSec VPN Connections. Name: The name you assigned to the particular VPN entry. Active: Whether the VPN Connection is currently Active. Connection State: Whether the VPN is Connected or Disconnected. Statistics: Statistics for this VPN Connection. Local Subnet: The local IP Address or Subnet used.
Page 36: Voip Status
VoIP Status This table shows the status of the phone ports after they are being used for the VoIP feature. It will display some information such as domain name, display name & phone number of the VoIP device. VoIP Call Log The call log records the data from your VoIP devices such as the date/time of dial out calls, the duration of the calls, information about the missed calls and also incoming calls.
Page 37: Event Log
Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable Firewall logging.
Page 38: Error Log
Error Log Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window. IDS Log Any records about hacker attacks and intrusion attempts from the Internet are logged to this window. Diagnostic It tests the connection to computer(s) which is connected to the LAN ports and also the WAN Internet connection.
Page 39: Quick Start
Quick Start The step “Quick start” provides users do some primary and necessary configuration of your Router. Click Quick Start. Select the connect mode you want. There are 3 options to choose from: ADSL、3G or EWAN. Select ADSL mode from the drop down menu and click Continue. If your ADSL line is not ready, you need to check whether your ADSL line has been set or not.
Page 40 The list below has different mode applied for your choice. Choose 0/33/PPPoE(Recommended) and click Apply. Please enter “Username” and “Password” as supplied by your ISP (Internet Service Provider) and click Apply to continue. Profile Port: Select the connection mode. There is ADSL. Protocol: Select the protocol mode.
Page 41 IP Address: Your WAN IP address. Leave this at 0.0.0.0 to obtain automatically an IP address from your ISP. Obtain DNS automatically: Click to activate DNS and to enable the system to automatically detect DNS. Primary DNS / Secondary DNS: Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the netmask.
Page 42 Set up VoIP. SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable. Region: This selection is a drop-down box, which allows user to select the country for which the VoIP device must work. When a country is selected, the country parameters are automatically loaded.
Page 43 Wait for the configuration. When ADSL is synchronic, it will appear “check”.
Page 44: Configuration
Configuration When you click this item, the column will expand to display the sub-items that will allow you to further configure your ADSL router. LAN, WAN, System, Firewall, VPN, VoIP, QoS, Virtual Server, Wake on LAN, Time Schedule and Advanced. The function of each configuration sub-item is described in the following sections.
Page 45: Ethernet
Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order. Bridge Interface VLAN Port (Always starts with) ethernet P1 / P2 / P3 / P4 / Wireless ethernet1 P2 / P3 / P4 / Wireless ethernet2 P3 / P4 / Wireless ethernet3...
Page 46: Ip Alias
IP Alias This function creates multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. In this case, an internal router is not required. IP Address: Specify an IP address on this virtual interface. SubNetmask: Specify a subnet mask on this virtual interface Security Interface: Specify the firewall setting on this virtual interface.
Page 47: Ipv6 Autoconfig
IPv6 Autoconfig The IPv6 address composes of two parts, thus, the prefix and the interface ID. BiPAC 7404VNO(P)X dynamically configure IPv6 address on host with Stateless auto-configuration mode. Stateless auto-configuration requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers.
Page 48: Ethernet Client Filter
Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules; you can add the filter rules to meet your requirements.
Page 49: Wireless
Active PC in LAN: Active PC in LAN displays a list of individual Ethernet device’s IP Address &MAC Address which connecting to the router. You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table.
Page 50 Mode: The default setting is 802.11b+g+n (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode. From the drop-down manual, you can select 802.11g if you have only 11g card. If you have only 11b card, then select 802.11b. And if you have 11n card, you can select 802.11n.
Page 51 In addition, WDS enhances its link connection security in WEP mode, WEP key encryption must be the same for both access points. WDS Service: The default setting is Disabled. Check Enable radio button to activate this function. Peer WDS MAC Address: It is the associated AP’s MAC Address. It is important that your peer’s AP must include your MAC address in order to acknowledge and communicate with each other.
Page 52: Wireless Security
Wireless Security WPA-PSK / WPA2-PSK Security Mode: You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is Disable. WPA Algorithms: There are two types of the WPA-PSK and WPA2-PSK. The WPA- PSK adapts the TKIP (Temporal Key Integrity Protocol) encrypted algorithms, which incorporates Message Integrity Code (MIC) to provide protection against hackers.
Page 53 WEP Authentication: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers secure data encryption, known as WEP. If you require high security for transmissions, there are two options to select from: Open System, Share key. WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers highly secure data encryption, known as WEP.
Page 54: Wireless Client / Mac Address Filter
Wireless Client / MAC Address Filter The MAC Address supports up to 16 wireless network machines and helps you manage your network control to accept traffic from specific authorized machines or to restrict unwanted machine(s) to access your LAN. There are no pre-define MAC Address filter rules; you can add the filter rules to meet your requirements.
Page 55: Wps
Associate Wireless Client: Displays a list of individual wireless device’s MAC Address that currently connects to the router. You can easily by checking the box next to the MAC address to be blocked or allowed. Then, Add to insert to the Wireless Client (MAC Address) Filter table. The maximum Wireless client is 16. WPS feature is follow Wi-Fi Alliance WPS standard and it easily set up security-enabled Wi-Fi networks in the home and small office environment.
Page 56 3. Launch the wireless client’s WPS utility (eg. Ralink Utility). Set the Configure Mode as Enrollee, press the WPS button on the top bar, select the AP (eg. wlan-ap) from the WPS AP List column. Then press the PIN button located on the middle left of the page to run the scan.
Page 57 4. The client’s SSID and security setting will now be configured to match the SSID and security setting of the registrar. PIN Method: Configure AP as Enrollee 1. In the WPS configuration page, change the Role to Enrollee. Then press Start. 2.
Page 58 3. Launch the wireless client’s WPS utility (eg. Ralink Utility). Set the Config Mode as Registrar. Enter the PIN number in the PIN Code column then choose the correct AP (eg. wlan-ap) from the WPS AP List section before pressing the PIN button to run the scan.
Page 59 4. The router’s (AP’s) SSID and security setting will now be configured to match the SSID and security setting of the registrar.
Page 60 5. Now to make sure that the setup is correctly done, cross check to see if the SSID and the security setting of the registrar setting match with the parameters found on both Wireless Configuration and Wireless Security Configuration page.
Page 62 PBC Method: 1. Press the PBC button of the AP. 2. Launch the wireless client’s WPS Utility (eg. Ralink Utility). Set the Config Mode as Enrollee. Then press the WPS button and choose the correct AP (eg. wlan-ap) from the WPS AP List section before pressing the PBC button to run the scan.
Page 63 3. When the PBC button is pushed, a wireless communication will be established between your router and the PC. The client’s SSID and security setting will now be configured to match the SSID and security setting of the router.
Page 64 Wi-Fi Network Setup with Windows Vista WCN: 1. Jot down the AP PIN from the Web (eg. 25879810). 2. In your Vista operating system, access the Control Panel page, then select Network and Internet > View Network Computers and Devices. Double click on the router icon and enter the AP PIN in the column provided then press Next.
Page 65 3. Enter the AP SSID then click Next. 4. Enter the AP SSID then click Next.
Page 66 5. When you have come to this step, you will have completed the Wi-Fi network setup using the built-in WCN feature in Windows Vista.
Page 67 6. When you have come to this step, you will have completed the Wi-Fi network setup using the built-in WCN feature in Windows Vista.
Page 68: Port Setting
Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network. Port # Connection Type: There are Six options to choose from: Auto, disable, 10M half-duplex, 10M full-duplex, 100M half-duplex, 100M full-duplex and Disable.
Page 69: Dhcp Server
DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.
Page 70: Wan - Wide Area Network
WAN - Wide Area Network WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the WAN section: Interface, WAN Profile ADSL Mode. WAN Interface ADSL The default setting for Connection Mode is ADSL and for Protocol is PPPoE. 3G Mode Choose 3G as main mode represents that user will use 3G to connect to Internet.
Page 71: Dual Wan
EWAN EWAN is another way of getting connected to the Internet, the router offers its Ethernet port 1 as a WAN port to be used to connect to Cable Modems and fiber optic lines. This alternative, yet faster method to connect to the internet will provide users more flexibility to get online. When the above two mode is not valid, the way can be adopted.
Page 72 Time Schedule: A self defined time period. You may specify a time schedule for failover/failback functioning. For setup and detail, refer to Time Schedule section. Keep Backup Interface Connected: Select Enable this function, the backup WAN port will connect always. Connectivity Decision: Set how many times of probing failed to switch backup port.
Page 73: Wan Profile
WAN Profile ADSL PPPoE Connection PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection.
Page 74 Auth. Protocol: Default is Auto. Your ISP should advise you on whether to use Chap or Pap. Connection: Always on: If you want the router to establish a PPPoA session when starting up and to automatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet requesting access to the Internet (i.e.
Page 75 PPPoA Connection Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Username: Enter the username provided by your ISP.
Page 76 Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time. Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer. MTU: Maximum Transmission Unit.
Page 77: Mpoa Connection
MPoA Connection Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
Page 78 addresses. DNS helps to find the IP address for the specific domain name. Check the checkbox to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS. Default Route: Check to enable default route. IPv6: check to enable IPv6 service. If enabled, please set the IPv6 Address, Ipv6 DNS, similar as IPv4.
Page 79: Ipoa Connection
IPoA Connection Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
Page 80 addresses. DNS helps to find the IP address for the specific domain name. Check the checkbox to obtain DNS automatically. Primary DNS: Enter the primary DNS. Secondary DNS: Enter the secondary DNS. Default Route: Check to enable default route.
Page 81: Pure Bridge
Pure Bridge Profile Port: Select the profile port as ADSL. Protocol: The ATM protocol will be used in the device. Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encap.
Page 82 Multiple Session Profile Port: Select the profile port as ADSL. Protocol: The Multiple Session protocol will be used in the device. Description: A given name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Username: Enter the username provided by your ISP.
Page 83 Internet). Idle Timeout: Auto-disconnect the router when there is no activity on the line for a predetermined period of time. MTU: Maximum Transmission Unit. The size of the largest datagram (excluding media-specific headers) that IP will attempt to send through the interface. RIP: RIP v1, RIP v2, and RIP v2 Multicast.
Page 84 Profile mode: Select 3G as the profile port. iBurst: Check the check box to determine whether to enable the iBurst function. Usage Allowance: Check to enable usage allowance function. Click Usage Allowance to continue the detailed configuration. In order to query online time or volume used, you can set the following options.
Page 85 Mode: Two methods are provided, that is, Volume-based and Time-based. Volume-based: The volume amount you can use per month. Only Download: Only make statistics of Download Traffic. Only Upload: Only make statistics of Upload Traffic. Download and Upload: Make statistics of both Download and Upload Traffic. Time-based: The hours you can use per month.
Page 86 will give you an option of Keep Alive. Keep Alive: Set Enable to allow the router automatically reconnects the connection when ISP disconnects it. Connect to Demand: If you want to make UMTS/GPRS call only when there is a packet requesting access to the Internet (i.e.
Page 87 EWAN...
Page 88: Obtain An Ip Address Automatically
Obtain an IP Address Automatically When connecting to the ISP, This router also functions as a DHCP client. It can automatically obtain an IP address, netmask, gateway address, and DNS server addresses if the ISP assigns this information via DHCP. Profile Port: Select the profile port as EWAN.
Page 89: Fixed Ip Address
Fixed IP Address Select this option to set static IP information. You will need to enter the Connection type, IP address, netmask, and gateway address, provided to you by your ISP. Each IP address entered in the fields must be in the appropriate IP form, which are four IP octets separated by a dot (x.x.x.x). The Router will not accept the IP address if it is not in this format.
Page 90 PPPoE PPPoE (PPP over Ethernet) provides access control in a manner which is similar to dial-up services using PPP. Profile Port: Select the profile port as EWAN. Username: Enter the username provided by your ISP. You can input up to 128 alphanumeric characters (case sensitive).
Page 91 mode. IPv6 Address: type the IPv6 address from your ISP, or get it automatically. ” ::” means to obtain IPv6 address automatically. Obtain IPv6 DNS: check Automatic to obtain DNS automatically. If not, please type the concrete ones in the Primary and secondary fields.
Page 92 Pure Bridge Profile Port: Select the profile port as EWAN. Protocol: Select Pure Bridge. Acceptable Frame Type: Specify which kind of traffic goes through this connection, all traffic or only VLAN tagged. Filter Type: Specify the type of ethernet filtering performed by the named bridge interface. Allows all types of ethernet packets through the port.
Page 93: Adsl Mode
ADSL Mode Connect Mode: This mode will automatically detect your ADSL line code, ADSL2+, ADSL2, AnnexM2 and AnnexM2+, ADSL, All. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem. Modulation: It will automatically detect capability of your ADSL line mode. Please keep the factory setting unless ADSL is detected as the symptom of synchronization problem.
Page 94: System
System Here are the items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart, User Management and Mail Alert. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network.
Page 95: Remote Access
Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI.
Page 96: Backup / Restore
Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore from a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes. It is advisable to backup your router’s settings before making any significant changes to your router’s configuration.
Page 97: Restart Router
Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.
Page 98: User Management
User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Add new users who are able to access the device’s configuration interface.
Page 99 When you create a user account, check Valid box and fill in the respective information for User, Comment, Password and Confirm Password in the blanks provided. Then click the Add button to add your new user account. To delete a user account, click on the Delete radio button on the right column of the account you wish to delete and then click the Edit/Delete button on the top to confirm your deletion.
Page 100: Mail Alert
Mail Alert Mail alert is designed to keep system administrator or other relevant personnel alerted of any unexpected events that might have occured to the network computers or server for monitoring efficiency. With this alert system, appropriate solutions may be tackled to fix problems that may have arisen so that the server can be properly maintained.
Page 101: Firewall And Access Control
Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. Besides, when using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.
Page 102: General Settings
Listed are the items under the Firewall section: General Settings, Packet Filter, Intrusion Detection, Filter, IM/P2P Blocking Firewall Log. General Settings You can choose not to enable Firewall and still able to access to URL Filter, Intrusion Detection and IM/P2P Blocking or enable the Firewall using preset filter rules and modify the port filter rules as required.
Page 103: Packet Filter
Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detail information.
Page 104 Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured. Table 1: Predefined Port Filter Port Firewall - Low...
Page 105 Inbound: Internet to LAN Outbound: LAN to Internet YES: Allowed NO: Blocked N/A: Not Applicable Packet Filter – Add TCP/UDP Filter Rule Name Helper: Users-define description to identify this entry or click “Select” drop-down menu to select existing predefined rules. The maximum name length is 32 characters. IP version: select IPv4 or IPv6.
Page 106 Packet Filter – Add Raw IP Filter Go to “Type” drop-down menu, select “Use Protocol Number”. Rule Name Helper: Users-define description to identify this entry or choosing “Select” drop-down menu to select existing predefined rules. IP version: select IPv4 or IPv6. Time Schedule: It is self-defined time period.
Page 107 Example: Configuring your firewall to allow a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
Page 108 Configuring Packet Filter: 1. Click Packet Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own.
Page 109 Example: Application: Cindy_HTTP Time Schedule: Always On Source / Destination IP Address(es): 0.0.0.0 (I do not wish to active the address-filter, instead I use the port-filter) Type: TCP (Please refer to Table1: Predefined Port Filter) Source Port: 0-65535 (I allow all ports to connect with the application)) Redirect Port: 80-80 (This is Port defined for HTTP) Inbound / Outbound: Allow The new port filter rule for HTTP is shown below:...
Page 111: Intrusion Detection
Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
Page 112 Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING). For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.
Page 113 Table 2: Hacker attack types recognized by the IDS Type of Block Drop Intrusion Name Detect Parameter Blacklist Show Log Duration Packet Ascend Kill Ascend Kill data Src IP TCP Port 135, WinNuke Src IP 137~139, Flag: ICMP type 8 Victim Smurf Des IP is...
Page 114 Src IP: Source IP Src Port: Source Port Dst Port: Destination Port Dst IP: Destination IP...
Page 115: Url Filter
URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http:// www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
Page 116 Domains Filtering: This function checks the whole URL not the IP address, in URLs accessed against your list of domains to block or allow. If it is matched, the URL request will be sent (Trusted) or dropped (Forbidden). For this function to be activated, both check-boxes must be checked. Here is the checking procedure: Check the domain in the URL to determine if it is in the trusted list.
Page 117 Example: Andy wishes to disable all WEB traffic except for ones listed in the trusted domain, which would prevent Bobby from accessing other web sites. Andy selects both functions in the Domain Filtering and thinks that it will stop Bobby. But Bobby knows this function, Domain Filtering, ONLY disables all WEB traffic except for Trusted Domain, BUT not its IP address.
Page 118: Im / P2P Blocking
IM / P2P Blocking IM, short for Instant Message, is required to use client program software that allows users to communicate, in exchanging text message, with other IM users in real time over the Internet. A P2P application, known as Peer-to-peer, is group of computer users who share file to specific groups of people across the Internet.
Page 119: Firewall Log
Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.
Page 120: Vpn - Virtual Private Networks
VPN - Virtual Private Networks Virtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network): PPTP, IPSec and L2TP. PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported;...
Page 121 you wish to connect to. When configuring your router as a server, enter the Private IP Address assigned to the Dial in User. Sever IP Address(or Domain Name):Enter the Server IP Adress or Domain Name. Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial-In user (server), enter your own username.
Page 122 Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
Page 123 Configuring the PPTP VPN in the Office Click Configuration/VPN/PPTP. Choose Remote Access from Connect Type drop-down menu. You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Function Description Name VPN_PPTP Given name of PPTP connection Remote Access Select Remote Access from the Connection Type drop-down Connection Type...
Page 124 PPTP Connection - LAN to LAN Click Configuration/VPN/PPTP. Choose LAN to LAN from Connect Type drop-down menu. Name: A given name for the connection (e.g. “connection to office”). Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPNserver, e.g.
Page 125 Mode: You may select Stateful or Stateless mode. The key will be changed every 256 packets when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet. Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet;...
Page 126 Example: Configuring a Remote Access PPTP VPN Dial-out Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch offices accordingly.
Page 127 Configuring the PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Function Description Name HeadOffice Given name of PPTP connection LAN to LAN Connection...
Page 128 Configuring the PPTP VPN in the Head Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
Page 129: Ipsec (Ip Security Protocol)
IPSec (IP Security Protocol) Active: This function activates or deactivates the IPSec connection. Check Active checkbox if you want the protocol of tunnel to be activated and vice versa. Note: When the Active checkbox is checked, the function of Edit and Delete will not be available.
Page 130 IPSec VPN Connection Name: A given name for the connection (e.g. “connection to office”). Local Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host. Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask 255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e.
Page 131 Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer.
Page 132 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method.
Page 133 xxx.xxx.xxx.xxx(A valid IP Address) 2000 Yes, activate it in every 2000 second. Disconnection Time after no traffic: It is the NO Response time clock. When no traffic stage time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-establish it base on the Reconnection Time set.
Page 134 Example: Configuring an IPSec LAN to LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 69.1.121.30 69.1.121.3 Local Router IP 192.168.1.0/24 192.168.0.0/24 Remote Network ID Remote Router IP 69.1.121.3 69.1.121.30 12345678 12345678 IKE Pre-shared Key...
Page 135 Configuring IPSec VPN in the Head Office Function Description Name IPSec_HeadOffice Give a name of IPSec Connection Local Network Subnet Select Subnet from Local Network drop-down menu. IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Remote Secure 69.121.1.30 IP address of the head office router (in WAN Gateway IP (or side) Hostname)
Page 136 Configuring IPSec VPN in the Branch Office Function Description Name IPSec_BranchOffice Give a name of IPSec Connection Local Network Subnet Select Subnet from Local Network drop-down menu. IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0 Remote Secure 69.121.1.3 IP address of the head office router (in WAN Gateway IP (or side) Hostname)
Page 137 Example: Configuring an IPSec Host to LAN VPN Connection...
Page 138 Configuring IPSec VPN in the Office Function Description Name IPSec Give a name of IPSec Connection Local Network Subnet Select Subnet from Local Network drop-down menu. IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 69.121.1.30 Remote Secure IP address of the head office router (in WAN Gateway IP (or side) Hostname)
Page 139: L2Tp (Layer Two Tunneling Protocol)
L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Fill in the blank with information you need and click Add to create a new VPN connection account. Active: This function activates or deactivates the PPTP connection.
Page 140 Connection Type: Remote Access or LAN to LAN Name: A given name for the connection (e.g. “connection to office”). Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g.
Page 141 SHA1: A one-way hashing algorithm that produces a 160−bit hash. Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency.
Page 142 Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
Page 143 Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Function Description Name VPN_L2TP Give a name of L2TP Connection Connection Type Remote Access Select Remote Access from the Connection Type...
Page 144 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers.
Page 145 Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Function Description Name VPN_L2TP Give a name of L2TP Connection Connection Type Remote Access Select Remote Access from the Connection Type...
Page 146 L2TP Connection - LAN to LAN L2TP VPN Connection Name: A given name for the connection Connection Type: Remote Access or LAN to LAN. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g.
Page 147 Active as default route: Commonly used by the Dial-out connection which all packets will route through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance. Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier from the Remote VPN device matches with the Remote hostname provided.
Page 148 Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly.
Page 149 Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Function Description Name HeadOffice Give a name of L2TP Connection Connection Type LAN to LAN Select LAN to LAN from the Connection Type...
Page 150 Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
Page 151: Voip - Voice Over Internet Protocol
VoIP - Voice over Internet Protocol VoIP enables telephone calls through existing Internet connection instead of going through the PSTN (Public Switched Telephone Network). It is not only cost-effective, especially for a long distance telephone charges, but also toll-quality voice calls over the Internet. Here are the items within the VoIP section: SIP Device Parameters,...
Page 152: Sip Device Parameters
SIP Device Parameters This section provides easy setup for your VoIP service. Phone port 1 and 2 can be registered to different SIP Service Provider. SIP Device Parameters SIP: To use VoIP SIP as VoIP call signaling protocol. Default is set to Disable. Silence Suppression (VAD): Voice Activation Detection (VAD) prevents transmitting the nature silence to consume the bandwidth.
Page 153 Advanced – Parameters VoIP through IP Interface: IP Interface decides where to send/receive the voip traffic; it includes: ipwan and iplan. Easy way to select the interface is to check the location of the SIP server. If it locates some where in the Internet then select ipwan. If the VoIP SIP server is on the local Network then select iplan.
Page 154 PSTN dialtone, not your VoIP dialtone. Wait several seconds and then press Check Level. You should check the OFFHOOK value for each telephone you have connected to this device. Set the OFFHOOK voltage to the lowest setting registered for all your telephones, e.g. if your telephones return values of 4, 5 and 7 then you should set your OFFHOOK voltage to 4.
Page 155: Sip Accounts
SIP Accounts This section reflects and contains basic settings for the VoIP module from selected provider in the Wizard section. Fail to provide correct information will halt making calls out to the Internet. Profile Name: User-defined name is for identifying the Profile. Registrar Address (or Hostname): Indicate the VoIP SIP registrar IP address.
Page 156: Phone Port
Phone Port This section displays status and allows you to edit the account information of your Phones. Click Edit to update your phone information. Port: It allows you to change the phone port setting for specify FXS port. *69 (Return Call): Dial *69 to return the last missed call. It is only available for VoIP call(s). *20 (Do not Disturb ON): Dial *20 to set the No Disturb on.
Page 157 Codec Preference Codec is known as Coder-Decoder used for data signal conversion. Set the priority of voice compression; Priority 1 owns the top priority. G.729: It is used to encoder and decoder voice information into a single packet which reduces the bandwidth consumption.
Page 158: Pstn Dial Plan (Router With Line Port Only)
PSTN Dial Plan (Router with LINE port only) This section enables you to configure “VoIP with PSTN switching” on your system. You can define a range of dial plans to make regular call from VoIP switching to PSTN line. Prefix numbers is essential key to make a distinguishing between VoIP and Regular phone call.
Page 159 Note: The actual dialed number of valid digits length MUST NOT exceed in the Number of Digits filed.
Page 160 PSTN Dial Plan Examples: Dial with Prefix If you dial 01223 707070, number 01223707070 will be dialed out via FXO to make a regular phone call. Dial without Prefix If you dial 9102, the number 102 will only be dialed out via FXO port to make a regular phone call. Dial at Timeout If you only dial 01223 7070 and no more numbers, after the timeout activates, 012237070 will be dialed to make a regular call via FXO port.
Page 161 Even though 7070 (only 4 digits) does not match with number of digits 6 defined in the filed, 7070 is still a valid phone number since it has not exceeded 6 digits. Dial at Timeout no Prefix If you only dial 97070 and no more numbers, after the timeout activates, 7070 will be dialed without prefix to make a regular call via FXO port.
Page 162: Voip Dial Plan
VoIP Dial Plan This section helps you to make a telephony number dialed as making a regular call via VoIP. You no longer need to memorize a long dial string of number for making a VoIP call. Go to Configuration > VoIP >...
Page 163 Main Digit Sequence: The call(s) can be called out via SIP or PSTN or ENUM. x: Any numeric number between 0 and 9. . ( period ): Repeat numeric number(s) between 0 and 9. * (asterisk sign): It is normal character ‘*’ on phone key pad. Please check if special service(s) is provided by your VoIP Service Provider or your Local Telephone Service Provider.
Page 164 Starting with ‘** sign’ + any two digit numbers between 0 + any **xx*x. number (0-9) in variable length. Maximum length is 16. Starting with ‘# sign’ + any digit number (0-9) in variable length #xx. but no shorter than 1 digits. Maximum length is 16. Starting with ‘## sign’...
Page 165: Call Features
Call Features VoIP has all the basic features of a traditional phone. Besides the provided basic features, VoIP also comes with several enhanced features that allows you to further customize their settings to suit your personal needs such as call forwarding setting, call waiting time length, conference call feature, anonymous call feature and incoming no answer timer.
Page 166: Ring & Tone
Ring & Tone This section allows advanced user to change the existing or newly defined parameters for the various ring tones (dial tone, busy tone, answer tone and etc.) Country Specific Ring & Tone Region: Select a country ring-tone, from the drop-down list, where you are located. This VoIP router provides default parameter of ring tones according to different countries.
Page 167 Tone Parameters You may need to check with your local telephone service provider for such information. Also, it is recommended that this option be configured by advanced user unless you are instructed to do so. Click Apply to apply the settings.
Page 168: Qos - Quality Of Service
QoS - Quality of Service QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream. Here are the items within the QoS section: Prioritization, Outbound IP Throttling...
Page 169: Outbound Ip Throttling (Lan To Wan)
Destination IP address Range: The destination IP address or range of packets to be monitored. Destination Port: The destination port of packets to be monitored. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to assign specific application traffic to be executed in priority by the next Router based on the DSCP value.
Page 170 Time Schedule: Scheduling your prioritization policy. Refer to Time Schedule for more information. Protocol: The name of supported protocol. Rate Limit: To limit the speed of outbound traffic Source IP Address Range: The source IP address or range of packets to be monitored. Source Port(s): The source port of packets to be monitored.
Page 171: Inbound Ip Throttling (Wan To Lan)
Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Name: User-define description to identify this new policy/application. Time Schedule: Scheduling your prioritization policy.
Page 172 Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC...
Page 173 Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100...
Page 174: Voice Application
Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth. Voice application Voice is latency-sensitive application.
Page 175 files by using FTP. With above settings that help to limit utilization of upstream of FTP. Time schedule also help you to only limit utilization at daytime. Advanced setting by using IP throttling With IP throttling you can specify more detail for allocating bandwidth; even the applications are located in the same level.
Page 176 Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application.
Page 177: Virtual Server
Virtual Server In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”.
Page 178: Porting Forwarding
Porting Forwarding Because NAT can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NAT, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network.
Page 179 Example: If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (Web/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.168.1.254. Since port number 80 has already been predefined, next to the Application click Helper.
Page 180: Edit Dmz Host
Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.
Page 181: Edit One-To-One Nat (Network Address Translation)
Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses. Go to Configuration >...
Page 182 Application: Users-defined description to identify this entry or click drop-down menu to select existing predefined rules. : 20 predefined rules are available. Application, Protocol and External/Redirect Ports will be filled after the selection. Protocol: It is the supported protocol for the virtual server. In addition to specifying the port number to be used, you will also need to specify the protocol used.
Page 183 Table 5: Well-known and registered Ports Port Number Protocol Description FTP Data FTP Control TCP & UDP SSH Remote Login Protocol Telnet SMTP (Simple Mail Transfer Protocol) TCP & UDP DNS (Domain Name Server) TFTP (Trivial File Transfer Protocol) World Wide Web HTTP POP3 (Post Office Protocol Version 3) NEWS (Network News Transfer Protocol) NTP (Network Time Protocol) / SNTP (Simple Network...
Page 184: Wake On Lan
Wake on LAN Wake on LAN (WOL, sometimes WoL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up remotely by a network message. Select: Select MAC address of the computer that you want to wake up or turn on remotely. Add: After selecting, click Add then you can perform the Wake-up action.
Page 185: Time Schedule
Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board;...
Page 186: Configuration Of Time Schedule
Configuration of Time Schedule Edit a Time Slot Choose any Time Slot (ID 1 to ID 16) to edit, click Edit radio button. Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s). A detailed setting of this Time Slot will be shown.
Page 187 Delete a Time Slot Click on the Delete radio button of the Time Slot you wish to delete under the Time Slot section, and then click the Edit/Delete button to confirm the deletion of the selected Time profile, i.e. erase the Day and back to default setting of Start Time / End Time.
Page 188: Advanced
Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. Here are the items within the Advanced section: Static Route,...
Page 189: Dynamic Dns
Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.
Page 190: Device Management
Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Device Host Name Host Name: Assign it a name. (The Host Name cannot be used with one word only. There are two words should be connected with a ‘.’...
Page 191 Management IP Address: You may specify an IP address allowed to logon and access the router’s web server. Setting the IP address to 0.0.0.0 will disable IP address restrictions, allowing users to login from any IP address. Expire to auto-logout: Specify a time length for the system to auto-logout user from the configuration session.
Page 192 SNMP V3: Specify a name and password for authentication. And define the access right from identified IP address. Once the authentication has succeeded, users from this IP address will be able to view and modify the data. SNMP Version: SNMPv2c and SNMPv3 SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security.
Page 193: Igmp
IGMP IGMP, known as Internet Group Management Protocol, is used to manage hosts from multicast group. IGMP Proxy: Enables or disables the router’s IGMP Proxy. Upstream Interface: When IGMP Proxy enabled, sets one of the router’s existing IP interfaces as the upstream interface;...
Page 194 multicast packets will be forwarded to ports set according to the MLD Snooping below. MLD Snooping: similar to IGMP snooping, listens in on the MLD conversation between hosts and routers by processing MLD packets sent in a multicast network, and it analyzes all MLD packets between hosts and the connected multicast routers in the network.
Page 195: Vlan Bridge
VLAN Bridge This section allows you to create VLAN group and specify the member. Edit: Edit your member ports in selected VLAN group. Create VLAN: To create another VLAN group.
Page 196: Chapter 5: Troubleshooting
Chapter 5: Troubleshooting If your router is not functioning properly, please refer to the suggested solutions provided in this chapter. If your problems persist or the suggested solutions do not meet your needs, please kindly contact your service provider for support. Problems with the router Problem Suggested Action...
Page 197 Problem with LAN interface Problem Suggested Action Cannot PING any PC on LAN Check the Ethernet LEDs on the front panel. The LED should be on for the port that has a PC connected. If it does not lit, check to see if the cable between your router and the PC is properly connected.
Page 198: Logout
Logout To exit the router web interface, choose Logout. Please save your configuration setting before logging out of the system. Be aware that the router configuration interface can only be accessed by one PC at a time. Therefore when a PC has logged into the system interface, the other users cannot access the system interface until the current user has logged out of the system.
Page 199: Appendix: Product Support & Contact
However if your problems persist or you come across other technical issues that are not listed in the Troubleshooting section, please contact the dealer from where you purchased your product. Contact Billion http://www.billion.com/ MAC OS is a registered Trademark of Apple Computer, Inc.

This manual is also suitable for:

Bipac 7404vnpx

Billion BiPAC 7404VNOX User Manual

Chapter 1: Introduction

Chapter 2: Installing the Router

Chapter 3: Basic Installation

Chapter 4: Configuration

Chapter 5: Troubleshooting

Appendix: Product Support & Contact

Quick Links

User Manual

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Billion BiPAC 7404VNOX

Summary of Contents for Billion BiPAC 7404VNOX

This manual is also suitable for:

Table of Contents